From nobody Sat Apr 20 02:44:49 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+74646+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+74646+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one);
	dmarc=fail(p=none dis=none)  header.from=amd.com
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1619783560405475.2716593358351;
 Fri, 30 Apr 2021 04:52:40 -0700 (PDT)
Return-Path: <bounce+27952+74646+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id saeHYY1788612xb5KK9QQ8Oc;
 Fri, 30 Apr 2021 04:52:40 -0700
X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com
 (NAM10-BN7-obe.outbound.protection.outlook.com [])
 by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009
 for <devel@edk2.groups.io>;
 Fri, 30 Apr 2021 04:52:32 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SmixlN/lszU8vk4C/NjIysOYY+EkFPH4hs9ccMp0BGaalYjkyOEwu63TT+zXi3j6YYGs4tg6LTBXoBD2wobWiCRqDh7YHKnWQIjxXN/bXTT5fFnYT4gdL/s6KGLq/gzCs3Lv+nYTH7i/iJyLDEO/su5dcDU3d6M6Ri9ju4v1XW/1rgQX7EXrza2oXWolEqDKYzmlhE9tfsDxEjtG83W235dyxs90dMQpZ5B6yuQTsjx7x7xn6L7VzhmvG5snMg6Cn2/pr2CUm5Mu+4djcnMyqsM8rc9i9NyqzDLeHraT1eZfXVeizXTHpiqKXQfZKR00+WjP8EvQe0tpQqCYQ5sQig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Kp1ZI7VXktWhJCqnyfDWwUVLAAiWWI0we+IoMq8ybZU=;
 b=msQAnC9/zAiDucyOV4uB1v8/iCFBaEel/LlnHCB/+CVFyUUdA8x78dsttZ3OnAc499hffzEnh5iDwtqrZksrHttHtkSgL5RHLTPRCJYHCetltCCaqVT7AtvqtFkyx81vTIbExllUGubcrGI8jKhT3Hmr+e87k1/8ENrK8OkIUiDMMFnXCnlohXZrVtIJjflv1LpiseAPeeHD8dcRGGczzBltq0sgfmw2HXRPfXMTZJf7ipinntnHVK0PobnWZwSqNdxzNgOTI885vUQKNZet+2rWOm1Vj1av6qKLkikFhFFljKJT8XinjTHEBpQaz1/A63LnZ1+AZdayYQoRA6Y2IA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
 by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr
 2021 11:52:28 +0000
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021
 11:52:28 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>
Subject: [edk2-devel] [PATCH RFC v2 19/28] OvmfPkg: register GHCB gpa for the
 SEV-SNP guest
Date: Fri, 30 Apr 2021 06:51:39 -0500
Message-Id: <20210430115148.22267-20-brijesh.singh@amd.com>
In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com>
References: <20210430115148.22267-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com
 (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by
 SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend
 Transport; Fri, 30 Apr 2021 11:52:27 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ba0e433c-a3fe-4516-968e-08d90bce6d89
X-MS-TrafficTypeDiagnostic: SN6PR12MB2783:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <SN6PR12MB27839E447C5273CDF207748AE55E9@SN6PR12MB2783.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 
 r3kNdlFcCWRo45iTrGVzf2ZTAL+WdxdUXEikmvi/AhFTnlHS3watIgElV/77AqNaERJnBKz2roMMZaqldN3LjwCGaURHWQDphVfkMTw6Ed7t4Ej+rUzF/XnFyUmNE1qx6GP8V9PUumP3Z/3aJOFDKixTpmWsMIAfRItkaX+F+VohU2E3tgFw9Y2PtHzRQ22kN4NY7W/HnZPtFJ5/KYx0NuJkECHUi0sUuVMMukseSbtliCEhogN5HBxGcAkcTSOBUp7F1yk/QSGgo1DU0EsDpTnw0ApvLRjW88PX7R+fiN5FTACm/Ch+2+PbIoEBiR4q2mp2Zk2hCJBnfadElxyRaMJ0uj34W543NG9RIQnv2YWrEWNBi2E+ExiMuLX/JzKDMW39VSrSCDejYaZZwugYKjWMLfhQlH8FHLciblr2so++EdrlicqJJ7KeFgqaQp4I114d0kYrUQybWRtBFmu9nRawxyljGX+3lzY3wIg8qDjLNj2JeHXMq/PjM3MeVSoeKNNtMgyvwO2Aq2x34Ytq2V3yoOUeHE6S8lDJoDkPi6O2e4tiAcLK2y5tYPOK7t+K0rfF71RqJtBZMPxxxqKOoki/vdCx1dsAQgYU0vgfHtgiRx0umDv2NFAbOxbVoZUkEInYxBmTr/VXjvqGtJlFMv+hc9PIck9Y2G4zJ0wWwQWwgyw3zSSh8u81DdRLQbjeqn97zjpeYt18x+RkRwntgc74O1Xm+csPIFh3tRKnHSE=
X-MS-Exchange-AntiSpam-MessageData: 
 =?us-ascii?Q?XHOweRLDatikK2y7NhMLuXlHkDBY91FybmUzJ/75giTQRGEwF25ZKEpPlJDK?=
 =?us-ascii?Q?WsEXDg/wo27e8t+ZV6Kw2RhTyBMy908L4+1IxLYOSEBLGsHEm5TINNbNrxL+?=
 =?us-ascii?Q?rC4ljVMA0/b+LEN+cjoIt93rEAmjFvzj4Z3dlRCqK7dD+FAix52f8ysryvBT?=
 =?us-ascii?Q?EbVNdOmckoDm2KJHXJZv4uYNZCppl6BADaqZ+S1Coeroad3iHodXsYfqL+MY?=
 =?us-ascii?Q?Asgs81Z2quAn8Z/FIKQHf4uLMIMP5eHMNyJ1cfopzeRZ7vdyLAQVnDHNHk6v?=
 =?us-ascii?Q?HJmyaEmH2h6hgVb9b78S4NivFjVk7h+J6S0NK2rgbZnC1hIW29Z3xq/cKWXz?=
 =?us-ascii?Q?p3ly3uHTtf8C3c5ygo+2g33qj9KHWcjxAoCBoHhFyiJY/l7wh5ceEZzCiDCg?=
 =?us-ascii?Q?6g9+zidWaViI3YNhFmNg8VvWbahxthtr4o8IkPuQvxMz9ODVnhbet+Dea5WK?=
 =?us-ascii?Q?5KHKiS55UObTyd6ac08JLqipgIpdj6imwESRlTRBT7y3BGoOQ+J/A8q8Ly4e?=
 =?us-ascii?Q?IyLtzQmZNtCJesXPoQv1uFJmhMcrnzlxPUcfuIJZbY4QpmHykDWwC/XaiGZ6?=
 =?us-ascii?Q?yjpZEzmx+CifQc58Z2MR+uo134Bvma24+C8No8Orx9brfA/rOe7XY4WDopTw?=
 =?us-ascii?Q?TLccqCv4ea4QiN5mF95D7T9sFdZrIh1+mP1eQ0gnpSVnEAmEOrTrsWIrlHwt?=
 =?us-ascii?Q?ntu4AhOSulpaLgsqUbfLvlrBk2WtofMZ8LqR2gFKNm7zj9CbyHo9nJHKf1c5?=
 =?us-ascii?Q?OXAwg0WM4W64fDc5tIdxPeKJN+YdCCwc2one4XhRIgWzkukaFXxXCM8dtZdc?=
 =?us-ascii?Q?wHYxRmCSzc7zhi6t5+jR9oFPYNibLBdQZ4pEgupSQpq9CzQkUq13VHVx3R3r?=
 =?us-ascii?Q?Djm7MnJG7DKtv2Qkb09/2paxcicHVPZLG8SA+8j9AtYQFP7qlVw6lWQWkv36?=
 =?us-ascii?Q?KE36rXGIGQex8r0JdEHfn0Z6ZkTnKGpT2heMfMJlZOSC8MslJccIFRqdWxs3?=
 =?us-ascii?Q?xmDFzSe1Ev3xvxwmPpppFclaPwWF9BGKy4/bjqMBO8vF97BfWkUnMTFyDNn7?=
 =?us-ascii?Q?8VafDaPxlebMdow9P51QAkM6q6Rgf/6Rf0i+KfJ64ZI4aBPB27Dv7ezgqbg8?=
 =?us-ascii?Q?JnNls4a4xaalP9s8f9xA83NlS1RZbTn0FmNAEoWObrDYCGAPC/hM0ym8vor0?=
 =?us-ascii?Q?o2p+IXn/WcggeuMYHE6EBFjlNkKRdOUf2UjcWj/+bxg7kgrcv+gNwzdLGqDV?=
 =?us-ascii?Q?9OuIIhEPMr815eBYC/SvrAERR9SHLlQ8gJNM+kwkkixJ931sJvt5raTAbKXB?=
 =?us-ascii?Q?K3m5e+JK1BlLDCksIi0h6tLU?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 ba0e433c-a3fe-4516-968e-08d90bce6d89
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:27.9777
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 cB2FZGTz4PRimRGGqOmUiiNvVeKryIrqmlqiM6oCLaZghfuNasH7Che4LFbUhvgg0HNvrSDSyO7M8KVtOU7ofA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: izTKgXB8mz8qrLAmBfdv1xVvx1787277AA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1619783560;
 bh=AlDVW0yRREjst3XsGDBe548jMvwweXaoMgSWlYjItxk=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=Po8gHN305BlmFIALm6us8eu2TWcvOaQlANBKZrM3Hh6v+o8QyF+B8cIc+RIZnqOyuGC
 wQlmalSUo7KBf22vUT27DzuiTrU9IYq3/HyuIJ76b/QysC5npoMUUcAG2h6JL9+XNq1hB
 A1tXdY7y7zt6hKKZSh6+or4/tVNjeBsoGs4=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
The GHCB GPA can be registred using the GhcbGPARegister().

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c        |  8 +++
 OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
 OvmfPkg/Sec/SecMain.c               | 76 ++++++++++++++++++++
 3 files changed, 85 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 81e40e0889..54b07622b4 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -14,6 +14,7 @@
 #include <Library/DebugLib.h>
 #include <Library/HobLib.h>
 #include <Library/MemEncryptSevLib.h>
+#include <Library/GhcbRegisterLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PcdLib.h>
 #include <PiPei.h>
@@ -156,6 +157,13 @@ AmdSevEsInitialize (
     "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n=
",
     (UINT64)GhcbBackupPageCount, GhcbBackupBase));
=20
+  if (MemEncryptSevSnpIsEnabled ()) {
+    //
+    // SEV-SNP guest requires that GHCB GPA must be registered before usin=
g it.
+    //
+    GhcbRegister (GhcbBasePa);
+  }
+
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
=20
   //
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat=
formPei.inf
index 89c8e9627c..e9a10146ef 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -52,6 +52,7 @@
   BaseLib
   CacheMaintenanceLib
   DebugLib
+  GhcbRegisterLib
   HobLib
   IoLib
   PciLib
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 9db67e17b2..7c9650ba8f 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -750,6 +750,76 @@ SevEsProtocolFailure (
   CpuDeadLoop ();
 }
=20
+/**
+  Determine if SEV-SNP is active. There is a MemEncryptIsSnpEnabled() in M=
emEncryptSevLib
+  but we can not use it because the SEV-SNP check need to be done before t=
he
+  ProcessLibraryConstructorList() is called.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+
+**/
+STATIC
+BOOLEAN
+SevSnpIsEnabled (
+  VOID
+  )
+{
+  SEC_SEV_ES_WORK_AREA  *SevEsWorkArea;
+
+  SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr=
eaBase);
+
+  return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevSnpEnabled !=3D =
0));
+}
+
+/**
+ The GHCB GPA registeration need to be done before the ProcessLibraryConst=
ructorList()
+ is called. So use a local implementation instead of including the GhcbReg=
isterLib.
+
+ */
+STATIC
+VOID
+SevSnpGhcbRegister (
+  UINTN   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
   Validate the SEV-ES/GHCB protocol level.
=20
@@ -791,6 +861,12 @@ SevEsProtocolCheck (
     SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
   }
=20
+  if (SevSnpIsEnabled ()) {
+    //
+    // SEV-SNP guest requires that GHCB GPA must be registered before usin=
g it.
+    //
+    SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase));
+  }
   //
   // SEV-ES protocol checking succeeded, set the initial GHCB address
   //
--=20
2.17.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74646): https://edk2.groups.io/g/devel/message/74646
Mute This Topic: https://groups.io/mt/82479069/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-