From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75717+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75717+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070703374211.38006321867897; Wed, 26 May 2021 16:11:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id aIPPYY1788612x9vYX3vgEc7; Wed, 26 May 2021 16:11:43 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.53]) by mx.groups.io with SMTP id smtpd.web09.39.1622070701830167716 for ; Wed, 26 May 2021 16:11:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZAzaUyGaJSVhS3dfh61a2GFHlbX/dqxQEzoaS04nfaz4cw1LL3fM3cqtZOO0fLwdei1GCbG72CdEfGaBAa1ycwVbF5Vz1lUCE9v5YRUGp0S6SxHZd//3O7h+grZWwDV/NoFt0dGBhr0ftDjmGmaF18nLZod6TmAsoNsYixIEfkmzbLZWOpwi3y9uyupXnXC44iVdGKL7XLWnHGFKOU+bO/86p4gLxbUiHpLWtzKw1ANpLJHaaGGYrOHzVUpnQboIC7rgcypVWiW2lxREVGx2/Mfg8t1Y2UgXfJ2taNViNmmOuwEqxXqdMv+cebZtGighKI93k449VuT8eJVLJ2LelQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4FUaAMM7+o5lc4Mpg9ztQGH/324P5Dl3xOX2uW1of30=; b=Y3r9ip79EctRisu/AH0u0jZHEVJObfbxf6iEyrTa9zCgGCFv7VGIZvex/OcdRm4nNq7g/ADVnq70+/FaDY8NPC3BWVAeuJLhW8W6v/s/DSu20/nalyDrtth1sJ1ppNe13U0wCyGi8WN8FIH7YOAHcJDN6iQ+WI5ulSTeVhgTuAvTEgnBbiuwD7syXyBmN38P8rcjBcFd/9BlwmIOgWCM7YRoINNSmAbNbTdNtD35xMdlBBCp+OIpyHSutfFTf6DbFTgJp0L5YCO9orM+x2WUfWZwiXYf1TxJbhR5u2ltDGXEOrls5KRzzsoBsa+mrWDRbhz++HujhLoMG4f0Ii8cWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:37 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:37 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 01/22] UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs Date: Wed, 26 May 2021 18:10:57 -0500 Message-ID: <20210526231118.12946-2-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: df18a7ad-d3a7-49c0-b085-08d9209b9c78 X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 3yt/oRyhJW2I9fy7Lbp/ZIOunPgcBbcOi/ZKIDwHzrIPDtswpRBPHAq/oLr47aqfOIm4S3dGU0JcKXizeiZt2UPYpjSIn8JgNldq+Plc6gpuiN3vR1Y9S0tAaAvw51TMXrPmx7zZQvnzUpWncqwO6MZA7zbwJUjKFDFN5KnzzeqrWxNZCzc2dxuSp7Iv42/f0I9sbHGNs4iDK4frBfXxFS9goy6nMGJdkQZ+aSUESC6A+t1GqNSVPIZeNOiPmdQKyXD14SEIf77rxWZDMP9AwIuDvf+S/l8uDIqBQXV1Zpr1WYkL6mKATRV42O13lAr+yeHkfPrrCwAQLFyGIowSrcJq2qdVVBG+8EX5N0oB8fTGbSYZ79iCjpvCdQi9o1tQW/Xu2YskX15HZPuuJO5N+zz+uq1UiqynzUxImM79/HP5amcoe+d/D2vVKBd14fcUp3trFr9O5yJfGI/Tei5AuSeaASYLYy7dr5uMjkV/fTYbq/TISBsiorwmQi0ZIJCsEIkeZllH0dZDXFuEbruCSPQotrIJvQG3cSO/CjrTXIoUsKXHVs+rFf78IHw4rFgvzU3tFdSRGPZAdeoUWgf6lXH7e/cPzCjRGUjHYU7jEG0tfUxfBSuB9S/yjdh1XxuhDWrEYGK2+XaCnHb8km4XMA/VLNWMjxoX8NjH5Kk5x6+XVsolHIsbC62fSf0PyAlDhBRVgYERSHipUTVrw0PLgP0oK9j1wSiuScIcRKdpQ7r2L8XC3JKg7csxpAYzeHHV/gA3RrdrhsMXS+cnkSK95LUn5Pmxr9KppKwTPSuh71Q= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?Sl0EPeG/MnUCyzvWVR9sk8RTJM1T8fpuTmXX8urODXWVDn20UvYbNk9R/LOg?= =?us-ascii?Q?oJAVyK/Y+KRl9iTTx3aTe6odClUA16ei1gJldj4aM9W1BWc42jeQ01tg0z88?= =?us-ascii?Q?jexlBjEL9d4vPAd64Tg+O4UyHs20MMQbCRIr2c19Bg6c/2rol6jEeKHVzMjI?= =?us-ascii?Q?//Y62yi0W6v5h4t0BtA3xujxRM1K5GyX52lQKxZUZjKRxSzyqGZKSrIXrgCU?= =?us-ascii?Q?kR/LbnaeW2EWw08wwLpdafWHFmXBOqMRBWq9PFiVOk7dM3TuzYaLz2Fc1Fm1?= =?us-ascii?Q?tCBtKh2l4hdcT9nSXKOd3FJm+b2gixjAp0aTbIIcFn60yDMDG62hgjCKc1ae?= =?us-ascii?Q?cxQRJCX3w9kd50gDYayCmQuRhAnsIgwhewfSKm1ke9ULHaHikr1p3f8EcUp5?= =?us-ascii?Q?FMqkIXGTlb1Dvp6VKha1oBqi+T2lAMCpsdx1iZL+o1U9cVRJOlq2nIlld/2N?= =?us-ascii?Q?W2mIoS0vH+NQnqZNtmu0zFtSJqUFwTK+lpOza87u57Fes7zC5ygDdB6qKGvA?= =?us-ascii?Q?E8+0IVs5bo1IMllB9LkERugaE1Ld4i76yM0IinLSICCKQ9epCzmyv/a3nEJW?= =?us-ascii?Q?jcWk5a1HuZbdG29uy67y5/tW+NFnG4FM0NhbH1PsNDfLsWlnXMaX0MlBksKG?= =?us-ascii?Q?sGoxSKRPBhgqTe5/NFhuRihiKcDsdXtDsc5L/LvJb9p9FxcW+x/gdkKkXKZQ?= =?us-ascii?Q?5qtE+Ymq+DYYFbD0kiWAStsLRR7H0bFRJbXxOloCaTP1eSgXIGy2GkAL5ozv?= =?us-ascii?Q?YGtRJmfuTXA5m1w1MzffjyrkpZPbjmWpcqerDaoZPtglqiFqHwUeAy9FT5T6?= =?us-ascii?Q?WyD3/BNhDuMFG4O/E63BYCIKX2L33nTn9R+gsaQvkLDuD50a9I/SjvUY4zUL?= =?us-ascii?Q?/IZ89y4dFBYymgpv1tXOq1bx/ZdvDKPdf0TMEntBZxfi3buz0j+ERdRyicTm?= =?us-ascii?Q?KpyZlc1I0bEVQn37sZqBN1t69U2JueNkjCztWznpO2uu3wd5OhQyhn9F6Ndd?= =?us-ascii?Q?fbadszDpdgGXK8FmiJaUHpghdmsOHmMEEq5KcWjT5wO2v7Fkx6XAb9rvhKGG?= =?us-ascii?Q?GefwFBknPvgwhmZAT4rzy5SI8xzmGJ+d3AeUMgA2FJcC8dHf/PvcZwiInXVH?= =?us-ascii?Q?vftI1BXs7F7fDvudKjlYz37F784kViE6l2/pEgO8mhTIUtUZtSHv4FT9WLjl?= =?us-ascii?Q?61HbtXtzdSdVEBOQ88Bct5hhqqjvoq60XE7ZH2teW/8kqW3rXwbLj0NCZzHV?= =?us-ascii?Q?ciJwjnmEbg3/AdHpCkO72jVkX64CjznTYKR8S2vCVKKyqjU/SuWLhFqJ1/gY?= =?us-ascii?Q?DrYtm8qcsEGiPqa9pFwJ+RO0?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: df18a7ad-d3a7-49c0-b085-08d9209b9c78 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:36.9179 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kNmRUgSbTRAUmlSPru80J7PFayIAn95geRhvzm7b5+Sp608VwZwrp186maYl+r7WMvF7O5UmDzx+X2Tf9Ac1HA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: UyekkPBlLNrhKKLHl4kVmWvMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070703; bh=3PaOxfEgh91vcOwybzOgTuwQeSIcHfWYAezwEC1P1aU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=U3Mb3qvbwFBs2EzBGZCago01r1g7/oqgEX9zTTk7v8WTGzQFZW71h6LuBn9JA/CC4Od +I263LM2DLjPZcWBus+wbJ7nSdv/lqi7f29Nz9ld0vBD6TU8imzlAdfyH+5T+LtJ1SyEj T2ZLdQKJW/aYd1O30Ad4xLzIyKh+mTbeatE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Define the PCDs used by the MpLib while creating the AP when SEV-SNP is active in the guest VMs. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Laszlo Ersek --- UefiCpuPkg/UefiCpuPkg.dec | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 62acb291f309..0ec25871a50f 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -396,5 +396,16 @@ [PcdsDynamic, PcdsDynamicEx] # @Prompt SEV-ES Status gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|FALSE|BOOLEAN|0x60000016 =20 + ## This dynamic PCD indicates whether SEV-SNP is enabled + # TRUE - SEV-SNP is enabled + # FALSE - SEV-SNP is not enabled + # @Prompt SEV-SNP Status + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled|FALSE|BOOLEAN|0x60000017 + + ## This dynamic PCD contains the hypervisor features value obtained thro= ugh the GHCB HYPERVISOR + # features VMGEXIT defined in the version 2 of GHCB spec. + # @Prompt GHCB Hypervisor Features + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures|0x0|UINT64|0x60000018 + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75717): https://edk2.groups.io/g/devel/message/75717 Mute This Topic: https://groups.io/mt/83113762/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75718+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75718+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070708761322.9501397836084; Wed, 26 May 2021 16:11:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Lue4YY1788612xnmKnvU9dD4; Wed, 26 May 2021 16:11:48 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.39.1622070701830167716 for ; Wed, 26 May 2021 16:11:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TKnsBgDxMitksPZ9vNh+SY/2zFtiWcw6I3CLUpNwpLpq50dcS5+Q4YlotMqgD/qdqzyLYnJrJXYuRjxwXvU802LJMU+e8pVTr7m9xOVvHPhge3TnNLAtkUPiPWuhGtax5iOlgIe1DOFW0YXU8kAksUNF3bJjXPLVPjS7A/YZJcXSnlHydSr8MpEQj6AWeILh2lNlCPW2H5kUoR5pTkUK4xXCGZe2sCfVzPbm0ZZahtmiA2JAwZIHMGkjBiVyhNOS2W+vIjkLFqQyngcI+3x+2DGtPwrWyj99bCaYoHJlYuXRRO2jwT4BlQ3xqsESzAtGBe6TNL+IILW3EcexldCr1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPv8YfpGhCBRXdslNfACTg5q1VaJCohOC88+QdWyUx8=; b=Hv8WI5XUcUuWAAgXxopVAnsLniIVurrxZ4upVqo/cZa0/JkN+Lq9S9D8umziqZMM8DLQROTerjzgJsspb5AHSMIybDkYs1aimFLkkliAp8rKd4rCKte2cuFLc2jue+JSYpupWexA2IrsBewGujskiii44RM30Cp2fzbxiY9MK6G8Ts62/zB24yq/o5gyiRQ7pU0Ep4NHMmFfx6ufw4iU5oKYWAA6l94esEri/aLFCYWatHt3b6Tb/XyojbWIZWJr2v48gR8OE/DKojgg6Ya0YwGWCYI7SfASVTYA639rNtx3Ujci3Trz0wGvN2rSnHyGOzwHENAhy+7XC2Ot1CNJhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:37 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:37 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 02/22] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Date: Wed, 26 May 2021 18:10:58 -0500 Message-ID: <20210526231118.12946-3-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b2c1ccc5-3c2c-4c7a-85b4-08d9209b9ceb X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:196; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: dYqHO0WdlxF91h8DqK4s83xMq8YEMuXNsrvL/sMu22lZJA61cXWaxHSjdx+As8DcJjxBZE+0CGfmZ0C0c24D3WnBY0xuIuYcnq1167Hf0ixBwC3QeUpwQv5yw/nADyUtpYG/s8supziOAr3ZRoclrTy1rTHV4jG+pDY4czyrv8schK7dBmV1etPlP5/un/AbZC804JLxPKeywzFiubtUVKoe+tLMx7GuHUNLONy3Y3bkkgxlMGXZ35Zw+glqd1mXH/xH4C2jV3D2o+SBIz8CMkUnkxG+n2+87j6KfsmIsftEMhdnSwqJ2hFojScsDrTgZIBtA5Kqo6OmBDvxeJ/b1swQ95DxGiexUl+awFmZ7To69q9IlJvw1BRfFH4YaFh98psx18QkRfRyXto/EwlMOvZlvQVyCWn2tnnUYP4WLS4JCiytx1IvFVaFyqA5ef46ytXxy8Nmpmt+i5jTa1473GnT5V6EZyXjwyKurwf6TmBMvxyCPkaL/CCF1YjyyVTu9rLmv5q1liYGpsyRLvkd5Tl739lmgGyI3m1cESWujqFgi0rHDeeAGk4IhKjxXWMFQhY//jfntt7BrZGoi1mEe958RX/fklqeFbRphZ6xCiZjk9/BvTaICZpZ18yt7suNhD/cSN9ImMkyd1jYdV7HMfzNkEpzBOuvLlNz4oC4rPr/Soq5/A50JBwsW1Gi3/IcrBF+OS53c4/zFS29hSJc4VhehEN8w/1/8crsw0cfq9Vuw+FqmdrUguSMZJW6zqPSOMUjY+wHjNKnmzyc0vDgqgElY/OrXyMTNGbcVfXh7XTXYxy3CE6iM0BBDt0xPYvp X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?D85dxJOh3ArWTC3s4b6TBnLl/NAjNa6K8oC2YH46h5NtnvSBmSIHKdAdPF8b?= =?us-ascii?Q?T+/22LuQrR8ND2G+d/7nAu5REdpn+jMG6MQHPcMV+XazmvE3mgCYT0D13BEV?= =?us-ascii?Q?eJvz+Di/P29SwBQfwGmlwSIOjrHx4dR/ZFvIJouplyudWDNovu0BIdaE2ZOj?= =?us-ascii?Q?v6XbasfKZP7yDJhQ6gsmb9pPMWOlV2dEgU2rUrXgAmCSD6vqT8y7yEM4DFzu?= =?us-ascii?Q?ubzTQaoH63oS5DdXLi8lK0vjsvCLwcPTeeDOnjt0vry+9J8ul7ADX4/a+2aZ?= =?us-ascii?Q?Uu4wnid9uFNzEW8UV0nqKKRu3DVcJfBYMZXL5u9FnWUofM53Hu/xw+r/e6ma?= =?us-ascii?Q?FyHX4d5honnwsSgmdHltuq5AnuLbd18/pn1IVoS/18t50w9EWDVl1EnIHHl2?= =?us-ascii?Q?KbVaBKFA3mHbjKB6VXo0yTkfS20RY26odMY6uuPwOx6sVz9qh6/Pz6PfMG/Z?= =?us-ascii?Q?ZTmUQlfsGjQaY68rxe8Q1VLNXnslRA4JDLsjQ4WQWO66VHMnylrvtWWyrIzn?= =?us-ascii?Q?DeTaehmTAk+JksNnmR05QrJ1UvTJjpl+qlBBfanlo9+KY9ndsGoqhq3l+exn?= =?us-ascii?Q?7AWoe/gV2nZ90sZ6Da336qvirBtsAtLdF/I2/G+q5/UzhvXnwGHpoKvk2fhr?= =?us-ascii?Q?0rGrTAyNTReqJHBjnpYtxDntz8mPoHDrclCwhopOe3TUL/iIuiU5WBNgLjRI?= =?us-ascii?Q?5ZaGukSt8Ilh/OtHIcAq3rIv/tb1Klhn531lvN3D0U9Fof5xzy8dE8nd7gyk?= =?us-ascii?Q?sGQq0yQYvjMiV2T7jGzo7mmCla5QrQJMdX5h+ycUoy6yrj7fFg0CF/ZU97B7?= =?us-ascii?Q?HVWZ2VlcUG7oh9S8KcdtgTjKZllgtfTADx+oqU63T8snaVR3KkSnkCF5F4Gu?= =?us-ascii?Q?kwuNVgWnPqe8L54nWkrU+DMRyv4wI8yr3+n5vHfn1Xo1U88viibWoam+wxeF?= =?us-ascii?Q?w4MfGH3LD9GksmKgcqiSpcbkyTviXtuP3urOThE6aIsPyqfS23HsRKwUd6Ho?= =?us-ascii?Q?8A6VSfwmMZis9CmNtf2eQ18mNqxjShEjnsPldxoRn9mRytmPV9a5+7H6GlM3?= =?us-ascii?Q?1Xtl/jtOIbY1TV5eBMPNwpUH8IYeSJrlX0Qf+12GxZr8JKysVjIzrY6+//l5?= =?us-ascii?Q?Lr8dKHZC6jiqBfGchBk/Z8KrarLvWrWRxmAcSV5/qGXbShS2F5fOxcIZpqRz?= =?us-ascii?Q?nBWtegEkVditAhs/aC30c+Vf5cj0QXiDlZIXBytp3V/E6d90qWx0ZqeIIi6n?= =?us-ascii?Q?Uu0KVk+hsqx/ZGUpd3FHKmxmDH+osEBoZjPFH8NQiVUjsdW+ue+L6Q85cPxZ?= =?us-ascii?Q?rF7GAYP09aRDn9Zyccgsaoy+?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b2c1ccc5-3c2c-4c7a-85b4-08d9209b9ceb X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:37.6615 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wsXxMOoAbg2Szxx95tTXWwtmtvJ1peO5/FKxfQKm13we9u/s+U03oSlr2JcNhiJBokzmoKB3coSHaoQGxXlnQg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: LBxU7fgMXViUSVKtmq6juNQTx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070708; bh=Z5etyYFZ6UzVo3YiIW/GBktdIUZtVbGFSL7ulOkCBeE=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=owpIit3GTK9cc55UuZoK7IsFh8bYxTl8PBs5O3pvr1oygmZyjtK9+FTdqAPy5Ak/3KV ida0xm2E+TkUFLnjL7LYiFlM+elnj26AtDDuOChl2L9aMe3cb91aJt4yAe9Amdn/ri4HE igCODTTC1iH8EpBCoqI1M6dOYan3iFudA3k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Create a function that can be used to determine if VM is running as an SEV-SNP guest. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Laszlo Ersek --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++++++++ .../DxeMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../PeiMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../SecMemEncryptSevLibInternal.c | 19 +++++++++++++ 4 files changed, 85 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 76d06c206c8b..2425d8ba0a36 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -66,6 +66,18 @@ typedef enum { MemEncryptSevAddressRangeError, } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE; =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ); + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 2816f859a0c4..057129723824 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d120f..b561f211f577 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f3183f..69852779e2ff 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -62,6 +62,25 @@ InternalMemEncryptSevStatus ( return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 =3D InternalMemEncryptSevStatus (); + + return Msr.Bits.SevSnpBit ? TRUE : FALSE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75718): https://edk2.groups.io/g/devel/message/75718 Mute This Topic: https://groups.io/mt/83113763/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75719+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75719+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070704587831.4882497216806; Wed, 26 May 2021 16:11:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 3MypYY1788612xsLvxaDWmD1; Wed, 26 May 2021 16:11:44 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.39.1622070701830167716 for ; Wed, 26 May 2021 16:11:43 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ccnE7hQx1GkfLVNxkL01s8TyFqkcEZe6Shlhc7ddDtGBr8u35IzFHMiMJJIYeSgk0pm8XK8+50EAcp5RQdjihJdHyLplus9GBCz4r4iJVWyL4RWxlFbQnSvTPcyNyhOBxvisR9cLkGya3zWop76dL5y/q837eG32XYMIHRaFN72Mfbjo3ocK2VDIEVwOP3ND7Hwk8PY7sDtgfTQOAuBLStue0fvgZ3C3cwSnxSj7Yoa+nMCuQz6va51AV5zo0yR8wePliet+S1wcupede2tWvb1pfAEqN805/TU+p6Z4lacXa0N169Ov/ldonk+sMTpTgKcLD8e/8p+awIbTQsLcvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tRs6C7x84I8qa/3N7DQFAcguvFDY/Gwxd+5tBnTXOQM=; b=MsjOLo9H6zkgTalDFppVukxFjhCY85VfuXbWjH0LxY4O+KDhdVXaBZm/2VZtA9XF5kaNq2Bxg1irjFhzQFw7Daycofvr9l8VsONX16kgv98D0VBhn6sS7829c9n/HCVVSZgujuipn+QKHhChKr2d7UYLOgqFTEYzxlLttaLWBYJ3OmN4g0d48wxouojw5kznVcnEuvkAtxq4goEVXyLx1ukNVehl9ntSk8gRukmcLA1jvV5WIP34/BD+fWzFhR0JCA9jT7vTZkCewu4+3lHYufFLxcmq17msyOa2f0raFaUEzzLLKsa45OGMOQv8Jj/qAGDqu99Ovg/CDadJdRD4ew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:38 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:38 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 03/22] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field Date: Wed, 26 May 2021 18:10:59 -0500 Message-ID: <20210526231118.12946-4-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8d597fb3-1d18-4219-acc7-08d9209b9d65 X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2043; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: DFv5O3UY4yWGDeysKuEVEaKC+O764nNfxUjK5M8pVybQPtJXpQBR1aobbi71j+/XZYQwwZimFZ4ycsT5zCIKMU1nNBouFuMoU4BsxRbcXNAvscoVdWNx552uMhV72JUosIsmqavdXHbzL8s37+pOXBeoavh56GIUFFackkn9mJ5J9xIuQYUITQOVWqZQPomiM6TeICPm2Ee7YGC7lujI4GDm7B5b4eimW/RWGscW7cBHY0cMZXTiMbfms2sJOuaQgUFNcfQiGnjc75e86YlSUXAmj33pkh+UtXAK5qSAQmAdKuGltMoHX0SPPz6y7U47cAyYCiT01ZC+O0DVjTMBbwDBrQTyoeW56NdJNi7g6ovmscvFc+RNYd8rpM6ZIFaeLGocotW50fTXQowVhoQKu1w1v/Q0bZRGpejyrrrqZthOXxlwjikes3dtbuF9t5Ldl7um1+5132KRbiUCNUPjq5ScWj2lCo5VFTU5cjqiBtDLinu8XHVqLDTG3Krb+DFhhTjHWZBuUY370NE5Id5RO/Idu+5Ceh2G/A4FhgJd8qcv25HSdhhO4geJReBadY9pE2NR9wgi5C1FPt+6jJnuaVd9IF03OvkzllAE7wKjCMn5/YZcglsMFYhFUhOR0RjpDEdDys6ZJMJ1po8O2AEeX3m0qo3PTAaEZvw33B33AKta55cN2zLkgNV0C76/K1m2ewh3N8nHzxQG4SP3uxAbBQPE4EhZffV2+frgVdApJU8dlpifcBSsafkEhCdKXKageltCjBaDglji4ADzQL3HBvE9HBQUIs8U++ByDwKAggs= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?kfHg6Tau9tSjAUxSb/Odn1TNU9sYx1lAoK1CwGNz1PkcDPTO2bJi0ADNHVvS?= =?us-ascii?Q?PjenSNfFPV4cqBWvnlMhwRobboG20JwKAgJlhvXxw8LqWXsNcXgooGtzgldN?= =?us-ascii?Q?tTJ0VnRGwfKNsVGmS4EFdPplvfsfEyoEQ+hJuc4UWY+7QQdKTBK9vMi4XCIP?= =?us-ascii?Q?/qX5BPJjCqGNz6BwCLOP4TEeJWPmqgcpEuGwG6ZOmxfZB+P8o+HlnhQ0ZSlT?= =?us-ascii?Q?3ePVLiwONXEwIM0d0vIU65NMNEzSOUDXQU/vnPf6WzpC204osliydU+DVuUA?= =?us-ascii?Q?T1ilsh3EA8z6J6sVmqtvySNfHoDsxeOEw+EXmlBMTpM4v5oKK3zhBoJg9CFq?= =?us-ascii?Q?ZYQa6aAwQX5HPssaMMkGUmyZVC3L9OYnEVEfuxg1u6wm4WN7CoqEnrxxvWLz?= =?us-ascii?Q?NQE6bbb6sHHdw6lG06m2PzUPZ2gt4R70/w3o9Lypt+ISd67RLec7WiRVU7pE?= =?us-ascii?Q?buOuOge9y9VZSbQqaQmvf+AyAUwYUrOY0BDmz1MgUZ4UkzP/ayIWdtE8dery?= =?us-ascii?Q?8ESlAi55pJiaMUBBgWLu5QE/IzQBlLFaIjSrkbfdb/sn3++feZHkjhWpH+x6?= =?us-ascii?Q?TPMotgQ6JxUj/I39hY9BrYFSPRN/p+VZ1Yh1hehx1qrlQn439D2uf9fUSEjK?= =?us-ascii?Q?JPR0UWOYmtixVhQruKdVbPI3xebBOBmouwux9amy3hi3luBeZf/rpFUfR3dE?= =?us-ascii?Q?NqBXrU4DKX9TrvwlAhn3EPTvKo6iJvq1boXCikRS90V4YEb9ismJ6/kP5Gdt?= =?us-ascii?Q?hcB5MgC2qIybUfc58/RkJWHQe2JfaxaV+uQAPPbLY0tPqFPFDODrgTkSpkSX?= =?us-ascii?Q?Rt4a5wUV6lMXzVxvCDV3Pv7r+3Zqh/tvT0VB6xxe1Y7EAEkQ11MQno0kfnNT?= =?us-ascii?Q?+m44RC7N5YyamI2NbtGHUmy7vodOrYoMqHwyMu5E2u52AXJDfe6Oa6lnqdy5?= =?us-ascii?Q?v9lKZc/GRmgVfqDio5BW+zsruzc0hVezkN4lp1E1ow1FyWKB7TiJnP0XMhWj?= =?us-ascii?Q?4myApJrtFKnqzp0clwKJJNC1cRaV2wk2v3OMRr2YHAjioZwo1GDelc246nan?= =?us-ascii?Q?cJYICE95R9acgwmLzPBufaMGzArAI2roJ1hi/kuvYeTU1uyiGgVw9O65riJY?= =?us-ascii?Q?95b+yZDM/KrZ8JSWhs74xWj4WQ3cDQARoGdATBzzSwnDR75jZYEn4AVuHnxO?= =?us-ascii?Q?n5mym8Fc5bcHydccQWKHfdpFHDpie3VyhHVHEYaW0AwWTnBSMVNcohmtOf9I?= =?us-ascii?Q?+DrsWfR/gNb8AG7GknasQUA3OriDXTjSO2ckhTxldwZJLViTQ0dmS2wLHGuj?= =?us-ascii?Q?NL5qNu95l1BukSriPaUSCyfC?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8d597fb3-1d18-4219-acc7-08d9209b9d65 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:38.4710 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WP8qA65Xb5/uRNVQO+ohQRhmVS+nNqm4wquJmi7OgvFevf52dMBN9vTzggOHaPX3RW10qq4k8AMAk33R6XrbTA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: WfigB5r05Pj7FLngzkYMKxFcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070704; bh=OQZ76ihU7kD3zEWJLF8/caWqxXLQvwOktGpzKFT8iSg=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Mi+unWo8LMiDJMPQIpFOFtyVJSoaAEyWA2wFS1LMD1VLhgedFQmHW15sHwxwD4KyfpR BCRETPWsFXN5sEz5vanoBoQE/LMQzfBCq+0oST0YLTBe1+2PSRheECzkU0BuvUcQczOE+ GPfQ5wRMXkltICDzfKfvXO0QH0lg0C4REGQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Extend the workarea to include the SEV-SNP enabled fields. This will be set when SEV-SNP is active in the guest VM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Laszlo Ersek --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/Include/Library/MemEncryptSevLib.h | 3 ++- OvmfPkg/PlatformPei/AmdSev.c | 26 ++++++++++++++++++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 12 ++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 6ef77ba7bb21..bc1dcac48343 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -110,6 +110,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 2425d8ba0a36..24507de55c5d 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -49,7 +49,8 @@ typedef struct { // typedef struct _SEC_SEV_ES_WORK_AREA { UINT8 SevEsEnabled; - UINT8 Reserved1[7]; + UINT8 SevSnpEnabled; + UINT8 Reserved2[6]; =20 UINT64 RandomData; =20 diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022ba..67b78fd5fa36 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -22,6 +22,27 @@ =20 #include "Platform.h" =20 +/** + + Initialize SEV-SNP support if running as an SEV-SNP guest. + + **/ +STATIC +VOID +AmdSevSnpInitialize ( + VOID + ) +{ + RETURN_STATUS PcdStatus; + + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -209,4 +230,9 @@ AmdSevInitialize ( // Check and perform SEV-ES initialization if required. // AmdSevEsInitialize (); + + // + // Check and perform SEV-SNP initialization if required. + // + AmdSevSnpInitialize (); } diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 5fae8986d9da..6838cdeec9c3 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -81,6 +81,11 @@ CheckSevFeatures: ; the MSR check below will set the first byte of the workarea to one. mov byte[SEV_ES_WORK_AREA], 0 =20 + ; Set the SevSnpEnabled field in workarea to zero to communicate to th= e SEC + ; phase that SEV-SNP is not enabled. If SEV-SNP is enabled, this funct= ion + ; will set it to 1. + mov byte[SEV_ES_WORK_AREA_SNP], 0 + ; ; Set up exception handlers to check for SEV-ES ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for @@ -136,6 +141,13 @@ CheckSevFeatures: ; phase that SEV-ES is enabled. mov byte[SEV_ES_WORK_AREA], 1 =20 + bt eax, 2 + jnc GetSevEncBit + + ; Set the second byte of the workarea to one to communicate to the SEC + ; phase that the SEV-SNP is enabled + mov byte[SEV_ES_WORK_AREA_SNP], 1 + GetSevEncBit: ; Get pte bit position to enable memory encryption ; CPUID Fn8000_001F[EBX] - Bits 5:0 diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 5fbacaed5f9d..1971557b1c00 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -73,6 +73,7 @@ %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) + %define SEV_ES_WORK_AREA_SNP (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 1) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75719): https://edk2.groups.io/g/devel/message/75719 Mute This Topic: https://groups.io/mt/83113764/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75720+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75720+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070711524316.99293551319306; Wed, 26 May 2021 16:11:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id uyQtYY1788612x7BJTObKCJH; Wed, 26 May 2021 16:11:51 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.86]) by mx.groups.io with SMTP id smtpd.web10.40.1622070704029626349 for ; Wed, 26 May 2021 16:11:45 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LzFTo5d7F0Uw+2KLF3H5lipfTaflhlpYOsGPArFZcmcuGC7nffC9+5l+PfJ+GrWlvPv65TEhY25nOqepbbvwpiXW+SeQicBOpQnBoOyWNng5pzYOa6nryzh2vly8o87o3xGXb3z0yX6cDfEIGivuqlLS0mn8XXdbnfz6IchbdsVhGYRljnj6dnId/2RLAaP+kjVGHFx+0zXVbAb2JG4sEPaN2gVDVbr7MaCSjHMJX1EoCswmdmUP+EZerX6HVFkgmXeC42CIUqH5wtjoyNgW4TElSAvhpGWQc6Nkkcw1+TIRTRHwG59St54MI0CBy7VjBoB5S9TY5Rb+u7usQbpe+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QsEHEEmCZOehGwvAJ8nS5BJisyxJH7YMi8RTTXkdRlE=; b=lUMmLNeS5fwdRnsA/9DEORw8w8NaLaJF0w4sbDdhtk44wMYg/Qg2RVxkLRMr+uptgKqitt6HFIb4FgYAv72hdfrMHps6DZcoBPp3dor6ifIODP1V5rWO7T2GbkcNQmturc0R0ebfYMLTbHadU1ehJnNqyzFwCTFCArwtMW0DQcFkw90N//Zy01oRYBpODRPfJDyGa/NfQtRnxgKg0WugLyMWMjEQu4TN/Col8c/o/rf5IIpdi0d1kecY2keEsOGdNw/Yp3fTsjbPiliycHWjFE5XcK2V5rLu3qpinOwpbc4GArzlXO5qZqQncyuGc6bsT7yojyw7Swq18i8TJMtrFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:41 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:39 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 04/22] OvmfPkg/MemEncryptSevLib: extend Es Workarea to include hv features Date: Wed, 26 May 2021 18:11:00 -0500 Message-ID: <20210526231118.12946-5-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 97d05875-8b5c-4762-700d-08d9209b9de0 X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 3UHk9nOJHophOFEMQQf98j2AWfiI1yhqiuJHZp70SRZfCMg4wDJdDUri7yJtX9AMa1n2QKsCKlvCLtGfBH8S2mk0mkhsr6ewf1Mq+VWIJ0A3POO1XKlsdrZGnE/P1cVuax2yTkPR3vP/I3AlL9eeyYZIwCUIW0jbK695z5v93imD2EKebCylV2CBujPirfNc9APd+o/NY3CJ/1/Syeb11TmrTBC9q3TPFZJElw16LymfV3zTioc4+YmjksIhpDezg27LOFeiYD3dG4WTceowNz/SwvHRJJbIevxQYaaWk26I9Am8Hwn4LqEgJK7KyomnbnCFnH2kgQqTFCfKL8EgcGMfCjC1AN5Bc2rNHr91b/7FfX6iMUtS32Z/4MvR3i/A1NWdtFwsSIVbCZqN3Cx6TEN0wIedQPhy4fziGotnuXznLyPO3QIrUQLIESpGSS2yHe4f8/JAV06hhh9YDBztlPQRB0AzjLCsa7VHwRnzEsovUpGhJaAqcv5rNiFSaoAlJu5tHgkE83YiAkukSMb1Tc0fIhJaiFOppC6xmmf7LTXdQdylQML8etzG3I4GzD3yih67dR0gkeCohco2Zh5c4R7Z+uekFwpcUxwhoGRwE2SaCbbfFYxOsQe17+aXzGKIjwpIObxWBvFrNKNmQCdNuhRF9ez2UbRxMGeOzVUYuQqEUNVP2DHfbAcMlDX7j7wkbeHvP1wQAa7Byh3dwuGc0yKlnsKxhlFzs9J5EUwcZIOAN5nULFF4AmR3LQ4R+j7Nk/nNRgo5fnXGR1ibXCGJq7LwcOYxELYpE9lgqtZkUbM= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?9h5ccJcuY7gfmPgyXzLMvUE9UdbwlPbeiYnwxhUK7Gi/wE43MTlfWbzAoQs2?= =?us-ascii?Q?H7c+caotlOJ+RZEql05zwRLg+bA0SiNEhdIOesQuLOlPFm18TKdiRBTQ9jzf?= =?us-ascii?Q?pK+53WJVx1rXOF+qOcbtLJ8VoYx84AuVnETWOGm+QZPeqQS1pBK5NjGgcNoT?= =?us-ascii?Q?6UEC69c2WFmXa9XA7MTLp2G2S3N9zGqU9Jp9L0xDWJPo2S41GrIkzr7hzyxW?= =?us-ascii?Q?Taa7KOA6rvbgbF+pgtKus+F9mV516K6wKeJQqBIAxEgMz8oKVNcQD3V2hEEG?= =?us-ascii?Q?WdKnK5Wx9Ufh+WGa81jDAGCs9arE9Gvle2MKc5WtPYAy2KUbk/jv+/BJx9RL?= =?us-ascii?Q?tSP4XnyitpABRWkeV4WAB9emQfAPMb3v+O52swfYw/hu0ujAqFIo63vT8iEU?= =?us-ascii?Q?KpHa8DWcZbKlB/7e1dOCnPc9twtFW5aDUw9iwayY5LhBkyLY4jMPKYdDTBsY?= =?us-ascii?Q?CWpgrvWcF3T3QiiqXZJRIDcmSNXQuC7Al34jx+JrfPSJvUMFG1J1shGk9H5k?= =?us-ascii?Q?1+eMeGuiC4pZzXq1kYaKO/GJWq3/KEM7o61dExvx4/IaVn7ks+Py/8aL9RcZ?= =?us-ascii?Q?cevh856fuirkAHyntnVYflayy3R6VbExUk7piAOnPjY/A78mkrJ0HaO0aoC/?= =?us-ascii?Q?wvrsM/YL90RAtur4Hf72d4wy/uZ9bg/z0jrZN2/WfhiLjoDO017oW6UjGDK8?= =?us-ascii?Q?K9X1RTcb48fXj0+gItUGQw7/AOszNg7EHahItDsF+BvvSCC5klife3H69Ci3?= =?us-ascii?Q?D6nXGG7Vc9J7sQmoSaJIv4JLamz1aiV7suVviHrChPe+WuvbAjV1AoT0z5x9?= =?us-ascii?Q?t4eRKO/U0XvcefZN2/2ikWrc/Cm3wSYzsdhpIHZ7bKL9EVdMzbkTzfb50IEd?= =?us-ascii?Q?scRkuo0pz8MVNTdDyJnCPX/kfFA2klccHapx2/SN1uxv5f26nMbR6d7jaM7f?= =?us-ascii?Q?nT2njyoR4weGjnPgTdIB7a9YKACj21IIrmJVFSly64oo1NXHsrkJkjmj9Ixy?= =?us-ascii?Q?79qDIUJzpFSY8urTIbOewMBlnhfI0+byuOZxPIrnyP5MixS9XdQJpxtYHRzD?= =?us-ascii?Q?3trFxBf6dWxQDmlM1sKGcfxVyn4rjBVvbVu6usbUPepjTt7SfOYJykAEKTb4?= =?us-ascii?Q?Nu9Ze0+AEoF4CrY6B2XgIsFh2L0q7oq7K/+RD1ZuSJgshVXgWlLwnz/W6b4U?= =?us-ascii?Q?mwuosyT+t32iv4xC5mHuxmvu0s9SV9nm+Vj8a775Z8QMrvC4cOffpKe47D9+?= =?us-ascii?Q?YQgTeOpDdCvGn8yG+qiNTwXT0pgRfr81vxRvZi50Ycgn+xE7MtmVxuD4Sq+B?= =?us-ascii?Q?AGk1JmF3sJOWgjsSsk34hakl?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 97d05875-8b5c-4762-700d-08d9209b9de0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:39.3715 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: TEsQVKvJvpC/HMRkRN/+P+3v5Wvus51JU0O49tyBHv9kgKIuclfA17APbCfjW4Zsuzs+bEHtBy6eaXs55wbjBQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: R2WhNdhlhNcZL6KrRNyOa7gRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070711; bh=oQrKc1JKgknZWmhdyUreypWO6q6XMx3JYyjSzizdtRQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Nc8s6Mi4kKgGKvUJ/H0Jr1rjmW2N8+ZJRpgHjmKdMqppRnvO36dPiNJMlG2hH4qRVZ9 BYfrHvlQwlgDUJaRW77d31nqBCj8vOt7Y7ybKsQchq/FQA3yFhsDQLbh8iwtMXPJqn05G 1h8mGav/Oghn24IvVuRJAsTeGhYxEOsEkAY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The GHCB Version 2 introduces advertisement of features that are supported by the hypervisor. The features value is saved in the SevEs workarea. Save the value in the PCD for the later use. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/Include/Library/MemEncryptSevLib.h | 2 + OvmfPkg/PlatformPei/AmdSev.c | 26 +++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 122 +++++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 5 files changed, 152 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index bc1dcac48343..3256ccfe88d8 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -111,6 +111,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 24507de55c5d..dd1c97d4a9a3 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -55,6 +55,8 @@ typedef struct _SEC_SEV_ES_WORK_AREA { UINT64 RandomData; =20 UINT64 EncryptionMask; + + UINT64 HypervisorFeatures; } SEC_SEV_ES_WORK_AREA; =20 // diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 67b78fd5fa36..81e40e0889aa 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -43,6 +43,27 @@ AmdSevSnpInitialize ( ASSERT_RETURN_ERROR (PcdStatus); } =20 +/** + + Function to set the PcdHypervisorFeatures. +**/ +STATIC +VOID +AmdSevHypervisorFeatures ( + VOID + ) +{ + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + RETURN_STATUS PcdStatus; + + SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); + + PcdStatus =3D PcdSet64S (PcdGhcbHypervisorFeatures, SevEsWorkArea->Hyper= visorFeatures); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG ((DEBUG_INFO, "GHCB Hypervisor Features=3D0x%Lx\n", SevEsWorkArea-= >HypervisorFeatures)); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -73,6 +94,11 @@ AmdSevEsInitialize ( PcdStatus =3D PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); =20 + // + // Set the hypervisor features PCD. + // + AmdSevHypervisorFeatures (); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6838cdeec9c3..75e63d2a0561 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -62,6 +62,16 @@ BITS 32 %define GHCB_CPUID_REGISTER_SHIFT 30 %define CPUID_INSN_LEN 2 =20 +; GHCB SEV Information MSR protocol +%define GHCB_SEV_INFORMATION_REQUEST 2 +%define GHCB_SEV_INFORMATION_RESPONSE 1 + +; GHCB Hypervisor features MSR protocol +%define GHCB_HYPERVISOR_FEATURES_REQUEST 128 +%define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 + +; GHCB request to terminate protocol values +%define GHCB_GENERAL_TERMINATE_REQUEST 255 =20 ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; @@ -86,6 +96,13 @@ CheckSevFeatures: ; will set it to 1. mov byte[SEV_ES_WORK_AREA_SNP], 0 =20 + ; Set the Hypervisor features field in the workarea to zero to communi= cate + ; to the hypervisor features to the SEC phase. The hypervisor feature = is + ; filled during the call to CheckHypervisorFeatures. + mov eax, 0 + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES], eax + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES + 4], eax + ; ; Set up exception handlers to check for SEV-ES ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for @@ -225,6 +242,106 @@ IsSevEsEnabled: SevEsDisabled: OneTimeCallRet IsSevEsEnabled =20 +; The version 2 of GHCB specification added the support to query the hyper= visor features. +; If the GHCB version is >=3D2 then read the hypervisor features. +; +; Modified: EAX, EBX, ECX, EDX +; +CheckHypervisorFeatures: + ; Get the SEV Information + ; Setup GHCB MSR + ; GHCB_MSR[11:0] =3D SEV information request + ; + mov edx, 0 + mov eax, GHCB_SEV_INFORMATION_REQUEST + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; SEV Information Response GHCB MSR + ; GHCB_MSR[63:48] =3D Maximum protocol version + ; GHCB_MSR[47:32] =3D Minimum protocol version + ; GHCB_MSR[11:0] =3D SEV information response + ; + mov ecx, 0xc0010130 + rdmsr + and eax, 0xfff + cmp eax, GHCB_SEV_INFORMATION_RESPONSE + jnz TerminateSevGuestLaunch + shr edx, 16 + cmp edx, 2 + jl CheckHypervisorFeaturesDone + + ; Get the hypervisor features + ; Setup GHCB MSR + ; GHCB_MSR[11:0] =3D Hypervisor features request + ; + mov edx, 0 + mov eax, GHCB_HYPERVISOR_FEATURES_REQUEST + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; Hypervisor features reponse + ; GHCB_MSR[63:12] =3D Features bitmap + ; GHCB_MSR[11:0] =3D Hypervisor features response + ; + mov ecx, 0xc0010130 + rdmsr + mov ebx, eax + and eax, 0xfff + cmp eax, GHCB_HYPERVISOR_FEATURES_RESPONSE + jnz TerminateSevGuestLaunch + + shr ebx, 12 + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES], ebx + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES + 4], edx + + jmp CheckHypervisorFeaturesDone +TerminateSevGuestLaunch: + ; + ; Setup GHCB MSR + ; GHCB_MSR[23:16] =3D 0 + ; GHCB_MSR[15:12] =3D 0 + ; GHCB_MSR[11:0] =3D Terminate Request + ; + mov edx, 0 + mov eax, GHCB_GENERAL_TERMINATE_REQUEST + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + +TerminateSevGuestLaunchHlt: + cli + hlt + jmp TerminateSevGuestLaunchHlt + +CheckHypervisorFeaturesDone: + OneTimeCallRet CheckHypervisorFeatures + ; ; Modified: EAX, EBX, ECX, EDX ; @@ -328,6 +445,11 @@ clearGhcbMemoryLoop: mov dword[ecx * 4 + GHCB_BASE - 4], eax loop clearGhcbMemoryLoop =20 + ; + ; It is SEV-ES guest, query the Hypervisor features + ; + OneTimeCall CheckHypervisorFeatures + SetCr3: ; ; Set CR3 now that the paging structures are available diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 1971557b1c00..5beba3ecb290 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -76,6 +76,7 @@ %define SEV_ES_WORK_AREA_SNP (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 1) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) + %define SEV_ES_WORK_AREA_HYPERVISOR_FEATURES (FixedPcdGet32 (PcdSevEsWor= kAreaBase) + 24) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/PageTables64.asm" --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75720): https://edk2.groups.io/g/devel/message/75720 Mute This Topic: https://groups.io/mt/83113765/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75721+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75721+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070712256104.77943576972416; Wed, 26 May 2021 16:11:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id HsWCYY1788612xmzQjcUavVB; Wed, 26 May 2021 16:11:51 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.58]) by mx.groups.io with SMTP id smtpd.web10.41.1622070706274569273 for ; Wed, 26 May 2021 16:11:46 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J3fHgNEzFg6iBiAWoWHqaks5vLiXSnCvc7DPJVOE8mjJe9o2896ZFlS5AhWL8M+BOqKFBa0WWIelhPVoafyUlkWIUfh8mb7gBiTQosKwQtuDAD3J7XW9cUYoAdKjW5L5uMNzAKnef0VMOz7+zrABbLKy3esc7jFJ7vfmCRGmZKV47FVems2Qas/nKOKS9udpAVCJJRl7ls6Fz8fF92aMmRkQ+SD3Y3BF7YWg/N9jXRMfPPOa7GDrEJPSiHyovACJx4JFXBSXj8Wnbg+ADlnYUlqJG792vBIHClpsx8GQrZdBqmYCglJwr7uPmSS98+Ev2A18FF4fhHEw6u28wzTXOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AUGxfujD1fPykjpHUud7OIC8C7+gJUXjLwvi33a11z4=; b=cUFd1Y14XMX82ZPs2hvZymbdp48D0vseph9A/zPQycwnqEfIbhn+100aFTgk/etz5nESGC9WsOx1iWqJTxK5bPx1SSkzzQdRuJr76ZieX+9DgQHMKFRMRCIUJORBz9g/1qiVl+3quZ6vorOI3tqGN/F5ZGZVPafHUOXCaKudzTe+L9yxJqyF7idOXTIaaoazPU3xq+x7aOx9B7tA7QgFv9vhdZPDsU4zWSzMcrdW3DyDtk/9jg1YbR+0FaSb+6ZwldAAcOm8ptG7Z7hTBRapnC5qhLC3ukhWizWeCrxZnRo+y1UU41JwP23W0tO6GkrTzQQrO8TldXAONYq9NmT7Tw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:42 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:42 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 05/22] OvmfPkg: reserve Secrets page in MEMFD Date: Wed, 26 May 2021 18:11:01 -0500 Message-ID: <20210526231118.12946-6-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:40 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: dc07fc8f-fee0-42ab-d5e2-08d9209b9eb8 X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: e0F3yBkWlJjaHKpkYFKvNCfuOf2Ij4z4PhvlTZiZjLezG4yYjbksP2Wb+2rh3uTEqpbT4tdp/J8518UQpL3vfkRYZPzqOkzNBMPaYKXKpLoy0TduDTcPsQpxErzlV++Sm1Hzha8sxrZGX+eHNuhLmzDaAhqDFbcwD8BVkcMhtPU1KewFLz9ThjozKIk8x7pk9BQcQrg2Fj0BpLvnZsukcL9fqPTmcCo0uC941tAK5FnhH1xaAJZXGINbKBz1sRtWSdTljmpksi58J7U8c7YNVquPfq3OS/IgQzs9P4rAr1KX80hMmU8qtno/qvtZZ6cxmTBzirsmgxoMkH+MZTaJILjbxmeVXQ/mzlHDuSsewS3/vkmmJr7FIpB4ehHPB4NXG3paVhL3+4MhiLe6LYrFLBxo/hvmPbBd4DBGqL+56UpgOxnECs8zvLEeggwHg0kml0ZrIAs1+LhWoPTV68CnCz/G1kKUmaAQ1By4o98ABsqlQjeBwrcx+c/IQofHGqBKOQlopFT+eysEpHm202ww+uZrIYgFpfUQfa+0sIkOkuyev/RqF2/VcgtoP2PZekua9VTOAbfB1NWFMVKRlTMArD8srOYFOAVyWMPpgFijVo1Xchgf+mtWHdvdWsIRT+Ukz/jRxg/lBr+TVjdzqnYYrSffXvWg5aTCegiq+vzGyuA58J6+AoxaXVQ2/D0FXClo4NoYrnNAT6j+od/XIUEus0+BsVaJbNYvC3FKtqbOQQikJpmhjPM4LhCFurL7ElnHxc+sQws+7R6mXuyqtvsnWxNPWRRiQOHUcZ3/WtVw1fo= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?0t8fpdia7n2ri4NFyxGP5fWKSMqemaYgw8mPfWZJQaxTL6zVqNGrD9nNUrvF?= =?us-ascii?Q?Inz8bm8U7St2Cck6xmVkg7Cuj0YTs0dmzKAdWSM1GBOjMWeaXbXLJQDzN5j/?= =?us-ascii?Q?dygtDjB/H4j41Z32K5YIj3c1m6D36/x9fRUP1xhvw+6I5O/z0S6OPUpVmw7T?= =?us-ascii?Q?GTi+LSW7aofe/5gLVgNW8jatF82nMmUKJIQ2s4BpJmMx52Ji0tHcMX4LZEFQ?= =?us-ascii?Q?ndb3qrP5JWjtFrPptcUIAE1peHEqDgBHWKGEquLKUlKLPRRz4eZROV1bKAGL?= =?us-ascii?Q?ZQdPYspsx9mi0Z6W4X+dLLcvrp2ltSfHVb9TkI7KHXFN8id7UygRig3ULWJl?= =?us-ascii?Q?y9h4W1mWfTAV/aGAqIPd/6PFoVN5B4gBUZxmdlMR5EU60pcxRYWlhnHJ9kSt?= =?us-ascii?Q?7D8ZyLgM/njLlKumq/cTta8jdztt4omGpVUrWu3U6u4dTs+cqJ4JBgH7XwX2?= =?us-ascii?Q?a5Pn925NOTLAhCejDUF9AFrzOw0riybJ6su/yYRkqstHbbRVy70bFTlg3XUN?= =?us-ascii?Q?kNRowNtf4DOPiJB7sSlfa3z40sgPxmoy39pZvbCQ8eQeseRTMWOtAAfiNqbJ?= =?us-ascii?Q?dG0z6Urr/qZaUZdvix1Ak9Nud10Bmkh5jNf6veL23d/omcfByr7G/OoBN+hS?= =?us-ascii?Q?cPU7D+aNxxK4H3I3SRB6fnzgmH7fxwzTZYPERmZ3LORwYzBLfx9rHH9ciJa5?= =?us-ascii?Q?0wpCKrCqKUDXH9uscc7tAs5oBG4Kow5XWbzmyDJBDtl/GHIBi3qnSmNu/Etd?= =?us-ascii?Q?5KMwqIIg/Y58yaTceTGt+x4E1LkG6KeN5oAGi23V6fvZuemuQmIFb+kpwLzM?= =?us-ascii?Q?z/lS+ZnuWgC7P4fWLX5H8PDIhdQNEIOltQNuuU02vj53gEOVgXPfgK5ZYYZG?= =?us-ascii?Q?5douMGCNUNQs2k3KwXBJ51GKuX6oGBMjcj7BGZzmqA4alq97eD39prydnvi1?= =?us-ascii?Q?8ih1U+fb6AQ+RbxxuIR5Olp2HFHpio3OJAqWr6wV/rr4fOPLLR+KlujWeJRs?= =?us-ascii?Q?4LUTINlhs5AKzCUIO7ET2uSnlMvVntIy52tBsq/UsLl37T3iIVh9xqYUozIn?= =?us-ascii?Q?YsRwbvRtUPHzpbPv/x4UG0I+h9rbCou3TI+yEjYk0yZmmUTVKUhRAWZCA6W8?= =?us-ascii?Q?gHcTB9X6vyTOMirJeS5oyCq7mIEuUEP+fxwZEmc78CmA69fy+U1SMl5zQ8ZR?= =?us-ascii?Q?O9l3OvMbCfZKEBIySTVjzjjxUn7qZbs3pb9AwBn8M0JOzxc9oHXTC9CROm34?= =?us-ascii?Q?Go72Emtk3Gw+dfxBjLt7waFFFGoG/YghRKuRBzrF1/QIzGgehe2k/XGtWQ8K?= =?us-ascii?Q?v/dWQfVW7vTzZwJucksdjs8w?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: dc07fc8f-fee0-42ab-d5e2-08d9209b9eb8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:40.8956 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: W8TwqdRKO4Vor7VkQFZEE09VkgZupUbD8Vq+N7Xn5iYHn2Kkr2aev7Zxt/BmblVxzoZGY2GVmfs61sd8u/AWIQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: d74RGGkE5uYlxh4cThChmHHJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070711; bh=QVcpjdX9JrGBPS2maGqe7ghsKug6A52HBbvzvpqsgs8=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=RFbeizhrLWGN6yoxUwpjGQN8BrzU9pY47Bgx8M0xvtsunhPAal1yPdmTN3pvM/W9MHT tFhyFM1q0oQnn45X0XkVRWufwAHjP1Ym0blNZuZEKrgUadn9CRBQtWpUlMdiYbHjag7cI ruIst790CAfISEd8hfrpez88E4CsQqYGptg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 When AMD SEV is enabled in the guest VM, a hypervisor need to insert a secrets page. When SEV-SNP is enabled, the secrets page contains the VM platform communication keys. The guest BIOS and OS can use this key to communicate with the SEV firmware to get attesation report. See the SEV-SNP firmware spec for more details for the content of the secrets page. When SEV and SEV-ES is enabled, the secrets page contains the information provided by the guest owner after the attestation. See the SEV LAUNCH_SECRET command for more details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.fdf | 5 +++++ OvmfPkg/AmdSev/SecretPei/SecretPei.inf | 1 + OvmfPkg/AmdSev/SecretPei/SecretPei.c | 15 ++++++++++++++- 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 999738dc39cd..ea08e1fabc65 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -716,6 +716,7 @@ [Components] OvmfPkg/SmmAccess/SmmAccessPei.inf !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf + OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf @@ -966,6 +967,7 @@ [Components] OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf + OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index d6be798fcadd..9126b8eb5014 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ [FD.MEMFD] 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 @@ -179,6 +182,7 @@ [FV.PEIFV] INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif +INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 ##########################################################################= ###### =20 @@ -314,6 +318,7 @@ [FV.DXEFV] INF ShellPkg/Application/Shell/Shell.inf =20 INF MdeModulePkg/Logo/LogoDxe.inf +INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf =20 # # Network modules diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf b/OvmfPkg/AmdSev/Secret= Pei/SecretPei.inf index 08be156c4bc0..9265f8adee12 100644 --- a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.inf @@ -26,6 +26,7 @@ [LibraryClasses] HobLib PeimEntryPoint PcdLib + MemEncryptSevLib =20 [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPe= i/SecretPei.c index ad491515dd5d..51eb094555aa 100644 --- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c @@ -7,6 +7,7 @@ #include #include #include +#include =20 EFI_STATUS EFIAPI @@ -15,10 +16,22 @@ InitializeSecretPei ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + UINTN Type; + + // + // The location of the secret page should be marked reserved so that gue= st OS + // does not treated as a system RAM. + // + if (MemEncryptSevSnpIsEnabled ()) { + Type =3D EfiReservedMemoryType; + } else { + Type =3D EfiBootServicesData; + } + BuildMemoryAllocationHob ( PcdGet32 (PcdSevLaunchSecretBase), PcdGet32 (PcdSevLaunchSecretSize), - EfiBootServicesData + Type ); =20 return EFI_SUCCESS; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75721): https://edk2.groups.io/g/devel/message/75721 Mute This Topic: https://groups.io/mt/83113766/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75723+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75723+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070713048641.316434733412; Wed, 26 May 2021 16:11:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id e8lBYY1788612xsDwmF4ReLY; Wed, 26 May 2021 16:11:52 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web10.41.1622070706274569273 for ; Wed, 26 May 2021 16:11:47 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZmY3KnkoKmJ5eTjdGEUrcz0hkIr/EM2cahotxNTevPAaIUYcEuEogVF0+Nwy44iC9xUDMy7JVmB6G29upf6OZhgJ/t2KpphIsEUSxYmamXRbsQKSMtzrXaGuMwhwmEagYwVP33FClKinnWsxPw3L5PZCYVKKjzENEL+/JMf8W06J9ImZpAmHJZGLF4PZZDEZ3VSPJFxRkMJsFsd3jPTfzGhi8kRujuqufc8/Ie+9UhTNdo/a8fAnWP5N6YyyxFNA1vDQ0P3NE4F7ZOCjsnk25kA1jOjK0i626sH+p6Ii9Xy9jsNWhKe0DmDFTwAq1DEAZLId0/bhU393K+n+CoFsQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3e93D5CJUEglR2wdh1cbHZyo+ozmwbTp9xiugIBDMaA=; b=Ed1nybya1pzEswj9BVo9tUerWVFA1xrqqfrgOsMGlYgvgRR7hUgseHHsp/gliJKS/bgdUbTJ5FUjh3j6TSFQGMkIXtnu6XpcrVYGEs/zPCk85ND3BosHUvRzx/M3Jsugw28OVPUkU6jb0/1vr0dh/xKx4tkkcO/NI+OC0cYJLEKu9Ld3f4JLBQfv7Bv4PKpCab3T/RrUVx+P9XAimsg/oSZsiX8D/0mUMBfD4k5Egtmqrph10xAymkB3iVHB3aVTam9qiyqFwvF0pdhs8vECNzQOhfBVT5xrqoWKLGckg/6dJS7KQv9/HjdGO44tUsQpawq+pPeRkn0p8XYQeOPSTg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:42 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:42 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 06/22] OvmfPkg: reserve CPUID page for the SEV-SNP guest Date: Wed, 26 May 2021 18:11:02 -0500 Message-ID: <20210526231118.12946-7-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: db73885b-4537-4793-5ee6-08d9209b9f4d X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: lHcYfG2ptjKIFf9elJVl4ypU4eOp4x/CSMeVnKP03VcD2YEttEhCV9YomNX048YA7gfFkimwtVtn/NJ71Cq5g+uPL3H989G43QcTP/c/N85u5vlY9xDvczQECD/smUxeUzpAoza6pMAdfdoFBaf5owgQyKM+5h+GnMfXqHS5nO6iujpajneBknLVN6e9Ormu6S1csIs2zAFYeE0wZmy+QhcGHTSggt3DzGcRDPsUmlrGD0Wo7BbPB5dOq0yz7hYa/VVs9acqbbYE869MpF+O4Op7B3XFIdH631WWfDCAhHq0Ldj2FVoI2mglT6nOJbEw7iVzGpBbUzHZquWxLvT+GjKV884c8JfhpJVrz5vr1UA826LcYwlhZInRWOnTNtQjfAX0qu5U1a7nkL3Xv0NKx2sjh74DM+9Qf/3W0iqb+I3w9o0DH44ZAiE9SgBQVoYG+3O++ljZWuFy9zA96Lo/FihGoS+YCB6ndXxdHDnje0CPZyumrK3d6Vh350iEj+z7FsL6N827aaFhlMIULnWci63gDoy/a/IMhGeOQ+8mHw+eQO3TNAF5WTPfjAWX2gl/lfnfI8gWw/IBNKgQOVMG3MLcHRPGB5Fr4DvDEALsJPM8oPUA/8OdGWtgeX0HOpLRbPjQzOqyIDfimn/2ZbrJND7HNaqF/WRn+J1iYORqjSLMb2TaJXOW+QhWNdFmrvUPXcyXxM1aFgPeea4bygMrdKq5e18LQVVI2edumqzEaj9rEPvKITISA22Bb7IokXzxUlqH5UNZWyyrJlhtgNf3c+42f96lFbcE7uJkQ5ar7Wg= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?2g9ywZAOmJP9LbWvABplsTv53vBaQlccn8AEkqnTEGwuNIZZgeXKFDbp/GN2?= =?us-ascii?Q?AUuUxNgVxJz8RCgvvxDV1OtuCTk7yhxiXEUBaU2xs/sYNGAyyR3FzTWpnACL?= =?us-ascii?Q?dhK06a+Idd/JMfrRm/wLsh6kdC2SeUmbW54O6fb4OFuWE5b23SqhAYD6Un7/?= =?us-ascii?Q?2b9IXY+oE4qlUlc3Sx1+H8Etcc7X4zPqVO0IWKsdKCGCUwibjooXKqUL40ZW?= =?us-ascii?Q?ldeXv9Qejk1NDcAH/5J0DbjbhFufp+cdp/rsKKl919PCRF6vqh3+oBr5QPsk?= =?us-ascii?Q?S9lcQZ3GFUhp7JXhas5ocF0/fPwWPhfhsrxL6Ihzhrh0dhEDxbX+VjV/Wj0W?= =?us-ascii?Q?xYY6cYwpI8eNYScG1/KIcx/cMWySsTXZgno/xxtfRQQuLDCk8EIBzfenHBOo?= =?us-ascii?Q?P5AZ+B1VjJlJMAwwfosbq1QwVzT6lXJKDhKMJhxbuPH/Jf9Lg8fadF5zSmfo?= =?us-ascii?Q?BkzaerwpTGvo/qE5EH3duUIsuNBzTG8CcMdQ9vOndazjHTNZtB3OBk7vHtsR?= =?us-ascii?Q?HMEp7hWL/UnNqdTvFSDoSseY59ByssdhT07DoJnmIWbv0nK5ReDKPOwl3C2Q?= =?us-ascii?Q?QSeJMKKIjHZxJDWQ7BwL/jV9sQTegHS0co1+ryT7xJdVdctwrBXJjW3MGQoK?= =?us-ascii?Q?a+ynwNB6mNIfmXqONPM8rniaEhI8913aUn/lCpapiXGAD+h/7hTMHQgsZ1Nv?= =?us-ascii?Q?gfJH9s/uiXsTFtTQJAs6DcyepZkzpPy2I+OxUfEzY+Hsb0tmvz05u+57Hoij?= =?us-ascii?Q?CNiJ5a74tkZbRcbh8U8rimvd2Mycp+luG9XBiZE/ZChc93kf7Ao6v3dSQ8qE?= =?us-ascii?Q?UHrtN0OecQOLVMmmadqhUzZT3lDmc/sfOsAV1p+EoPopw372a76eSbmYXo6c?= =?us-ascii?Q?aoR66jvAKQsENwhLgH04uzE8TplYxDfoiT0N1hC3t3XM7wMyfJbayhppLpGk?= =?us-ascii?Q?3In4AiNeMbwELP0Mc0Qme9j9ALLEKOjKb4Wv5eQJXkvInv3kKiGukJ3jHnd0?= =?us-ascii?Q?sNETutA7COjrf1QYmjI5BGyLoVTHZe1Zewnn4bQmVlTy6LUl2WGZlAKzUG5D?= =?us-ascii?Q?970cWfbyuP7fsMVPG5tcvmmnMhj35Gl+yms596/WTQUP6g8S4r6ZPOLQoEz5?= =?us-ascii?Q?9lRe2WaRgpGLes6C4voAOdILL6YOB72g4qDR/kfPYowx6J7ZA380fYFjb3XX?= =?us-ascii?Q?96zGDnHT5k6uK/Xr8bHXujg3jq2tLqr21/3pwjlJw7vG614tJkmIMPFM2UAA?= =?us-ascii?Q?uobf37SFtk8/PutSLmIQGdIIMa0grKleH79coL8ufNixHeG//6OcMJgEujFA?= =?us-ascii?Q?yGT/mEqFkZ9nkQZZ4l4+IJa0?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: db73885b-4537-4793-5ee6-08d9209b9f4d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:41.6142 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KBIHaD04D8EkATduZQzg4OQTTGOvQ+FpwwmOVGWZBtJlR1WRuy/R8ySG2SLhO1dtZEWZ7xdr9nyJ5Q39mVfDfg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: BGpEmKaWrERYHBVx3ubYSkMax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070712; bh=kaFr989Yw4qA8m3BUGeEmgWY1yblhmdDE+jNeBmtpOU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=U9kmVzZcidoHDa8pjDw5Womm86BINb6IGi45w90QzrnsI30D1UyhVbK8+ONgtLhCRXw JICeHBP5ew1BEfU+WT9svfOEa6xsha33c6ejbh/RSv9RD2oGaAUHVOShOvM2dJDcF3Hpg jfG+D4CgyJIP0vF0LSCOi76f1kTt1w72h/g= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 During the SEV-SNP guest launch sequence, two special pages need to be inserted, the secrets and CPUID. The secrets page, contain the VM platform communication keys. The guest BIOS and/or OS can use this key to communicate with the SEV firmware to get the attestation report. The CPUID page, contain the CPUIDs entries filtered through the AMD-SEV firmware. OvmfPkg already reserves the memory for the Secrets Page in the MEMFD. Extend the MEMFD to reserve the memory for the CPUID page. See SEV-SNP spec for more information on the content layout of the secrets and CPUID page, and how it can be used by the SEV-SNP guest VM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/PlatformPei/MemDetect.c | 12 ++++++++++++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 18 ++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ 7 files changed, 45 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6ae733f6e39f..fdb5dacdc7fa 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -321,6 +321,12 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 =20 + ## The base address and size of the SEV-SNP CPUID Area provisioned by the + # SEV-SNP firmware. If this is set in the .fdf, the platform + # is responsible for protecting the area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0x0|UINT32|0x47 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0x0|UINT32|0x48 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 9126b8eb5014..1300af666c49 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -91,6 +91,9 @@ [FD.MEMFD] 0x00D000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize =20 +0x00E000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfSnpCpuidSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 3256ccfe88d8..89c8e9627c86 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -120,6 +120,8 @@ [FixedPcd] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index dc38f68919cd..8e52265602c3 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -45,5 +45,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize =20 [FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec= t.c index c08aa2e45a53..483e92af8219 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -894,6 +894,18 @@ InitializeRamRegions ( EfiACPIMemoryNVS ); } + + if (MemEncryptSevSnpIsEnabled ()) { + // + // If SEV-SNP is enabled, reserve the CPUID page. The memory range s= hould + // not be treated as a RAM by the guest OS, so, mark it as reserved. + // + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpCpuidBase), + (UINT64)(UINTN) PcdGet32 (PcdOvmfSnpCpuidSize), + EfiReservedMemoryType + ); + } #endif } =20 diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 9c0b5853a46f..05c7e32f46a0 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -47,6 +47,24 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart = + 15) % 16)) DB 0 ; guidedStructureStart: =20 +; +; SEV-SNP boot support +; +; sevSnpBlock: +; For the initial boot of SEV-SNP guest, a CPUID page must be reserved by +; the BIOS at a RAM area defined by SEV_SNP_CPUID_BASE. A hypervisor will +; locate this information using the SEV-SNP boot block GUID. +; +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 +; +sevSnpBootBlockStart: + DD SNP_CPUID_BASE + DD SNP_CPUID_SIZE + DW sevSnpBootBlockEnd - sevSnpBootBlockStart + DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 + DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 +sevSnpBootBlockEnd: + ; ; SEV Secret block ; diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 5beba3ecb290..36739096e7e1 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -90,5 +90,7 @@ %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) + %define SNP_CPUID_BASE FixedPcdGet32 (PcdOvmfSnpCpuidBase) + %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75723): https://edk2.groups.io/g/devel/message/75723 Mute This Topic: https://groups.io/mt/83113768/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75724+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75724+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070708340933.624248072738; Wed, 26 May 2021 16:11:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 2HCUYY1788612xsEkIuAPQxM; Wed, 26 May 2021 16:11:47 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web10.41.1622070706274569273 for ; Wed, 26 May 2021 16:11:47 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ti1MXDLYYzCro67SZ1I34SapsvbYgFVv2yEyWVbwnBcoGVOLsUzyUKcmE9I1TrjcKgRT6Nz+IYM8bIDs/5P2eZU10TLJgKFJu4eibtiednYfyu1Sx7GLget0pL6FnEmvK1QcVI6kkn1b5lVtRgnNBT/hGUG9H9vbGbmivl4P6a/Le8QVvqq2ESj5oENY1p3wYsyZH7Q8SzOf2rfJaijtej4+qRNXZc8RajegUYVNbMHQnF4F16otbues50DvZvS+RxNnIe73iKO1jtOSTpQSrK6y/5uznx3vAvEYDT+ZsYsWcQNaQgGWf5eBh/z7CScpfbscQ8PyCNNWSPqdmjvUew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ed4gOqlBLaaXfQhL5HyEJ8JMnY70SgJWTuToJ1IHAjo=; b=iRb0OUQm76fpFC1mdAMnunfqCMhlacdqNd5slRRQoPvq10REZ2E1sQ1FmLbbmTdvzYOKISYcC1Lyr//v20uPH7h7UphSb1ufDhldRBl1T7DziqEjHhx4lCwtcVjdlaRwcGqSMH/5VELJiGYU7R4sS8nkGxo+FZD6wdNVzKDtRKGzt2fhW5cZfIOclwZ41Jmcrvc3kkqrnrqS65yNgi2rMg6FDba45/THjPuzebmeR2/H01jZg6E4rnLi1WZTNhQKvLQkZv99wK1KhHulzREYotTC4P93gMy9yk6Oeo3i1aM9Hu1Pr9gs5vsA/oQLHGxPHFmOm882zGxM+FSC3HFcnA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:42 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:42 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 07/22] OvmfPkg/ResetVector: validate the data pages used in SEC phase Date: Wed, 26 May 2021 18:11:03 -0500 Message-ID: <20210526231118.12946-8-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ff522322-2ffc-45e5-8e53-08d9209b9fcc X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: gHp3q8q+qEmzCUTDl6ZI3+1UUohmaHDeSx4VjlnBue/SOuS1lwzvK+OtwxjChZLHDeytUbYbswpshi7yp9tG2+h+3uRaDhwTBUDCRdAFYNFX68/44Il/A10xlUvTdxK+5Ff/DvXZF5ZL21A/g9qcw+uAN1XNW9mfdhxQYKgJ4jBX3OLUo+T1+VhZxWPTSj6uamodBC/Yq4mA9DCeMIlDei4Pkg9BK7JepTe15hCByBtKoxQnAIhkFpl/N/zaz4JdlAPbL1LZbkUxAFauG/FYLouGHLRIsKdb7ycFJv1kOWzvU8oUnCT7eYnGKN6V9QVC5A2e7bX43OxWM4yQbZpg348r0Rk/gDZWgPdV++vwOKC14GCAGEQVW0kZJ4/TXqt67p8JYwzqgLorXT/Ze9im4LnljTjbZzTXEeez8J5USSxOgSfBZoBW8ZXDamUSOPHVIU4fFv0yea0dt29aB5RmY2H28H2RbXnujYp1LbFOfAAekzzrgMwiNDy/9Ku2cY4uLbtuJos7+4Y6lIEO8Ht3woedA2l1vrmybqvYAK8mr3OpG1kLg5OxGwAymE/v9xMvNidgrYkuwnIviNf8bML4kMbzxP1w+L1bOGumLG9fVC2RKLs7RPEvio/ieHr0NS3KszrUHRKuv/tD8J0TEr0zs2hFG4kfno588I440IIOpWs/V181Gt7hjQqqkozfh4yVj8oZwQmlSFrA+qIfzhDwCw1X9zgBHO+SuBS5cLYFWT+S5JwQreERwTQBQImjqrqI6VLtS9UkAXldZoI5++YaQRshvWl37eJ++RL9hPd11kQ= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?cUVNuOckDrU4moyM4Vlmml88zJnrG+vshaJ6C7R+MMVYZ6FmT4a9FzB8/KHa?= =?us-ascii?Q?DgzDoJ/4u7Gcr78fesChBARYjiGRYhIyBg70jy20Yfn1U+ad3D0J06DsP8av?= =?us-ascii?Q?Z6f3L4wDh5lUlcpvRzYRCEjRjHckkKsLTQ/3EM486PnUUMWeUJsiichRg6LA?= =?us-ascii?Q?uaa1THkE3hEPEuPoYfzY0o7YmV/HTv/8b5rLiI1I8JRl+Q3FQYRmqZ3eW+Pu?= =?us-ascii?Q?L2Zb+jAgXcrHfIS2XFAjoCdHi6FSC3EEGtL3fdxchZ/frFIzNsz4e/hCyA5Z?= =?us-ascii?Q?IJe5as729zgQZcjl1qCTsdItuafFEmoEBokSOTO02ueFlrkWH4KcPOTrw1TR?= =?us-ascii?Q?PFzV7YJDWAu7sCFTtap5TpRKax/iTM3X1OCeMfb0qYRnKWzsJ7PZfoEIg/vy?= =?us-ascii?Q?sAH8WTDzZqeoB+CzN+qI9SIruTi7knD3RRwhoLzC/KocRJnEGXaqpcVqUJHL?= =?us-ascii?Q?2JgPwxxX6CNOEFUUTE/dPJsMovD8yc94rnf8QUeHkzDp2UWVlQPOC9MllPnW?= =?us-ascii?Q?+AXT4mhfsix4s+UUVUIL4CBnrqzuUvTgnEr2TWxzfAdHNZZDHwVT0dkKU2oF?= =?us-ascii?Q?AE1N7Q0qQR3rG07HzcXnUzKaXcNFUs7UTbVVeHGiOS5Mu6Dw3ddycn2ArXXv?= =?us-ascii?Q?3NzS5wfHPiMGrRwz1TXfLL4iRCX23+g3zgYSSSt/rr5J0BX8F1CJFxkYRQl9?= =?us-ascii?Q?bnpCRzHK47XlIsW4kryVlldSgkjT2wqq97kqtLXWVZQHfyka4XbFPKnJOme8?= =?us-ascii?Q?uzSXcS5C/DWkYfcaQoih9nFDLT5RnHdILLJxGk98ViRMt2gUXQ1rRz6LRuTC?= =?us-ascii?Q?ZiMMDQv5cI+qj8YRonFQveB8k3mVJcwPIaohxl1XB1wvBl0+xhYi4Uas4DnY?= =?us-ascii?Q?H9pmz0W4sony6XJ+EeVbvgNSBsls1ajfNjnM+MWVk4k4jUoQ2R1I9nM8y6lL?= =?us-ascii?Q?yGC0poqRQ1WE6OJsGeZoope8zBZwnW/+jGAM7CJg7+v6F2VAWVTK5lxhJoJC?= =?us-ascii?Q?EJUPBPjslbeyETwzNNXsr4rGvzMeiZS82R/kkZ22BLkg2aXwVA3lcbXuPqJA?= =?us-ascii?Q?oYuTgBuPytLpOlsAXYMmwtr3Os0C5BqFyXCRR6xbqKn+GSnJeWdfxL7xT3m7?= =?us-ascii?Q?VvNLHZZ2bJOVbG2g+Y3tTyMRtNs8/FIS73XN8+KEk9g2Xy96sDjsVnfvnuNs?= =?us-ascii?Q?tPk7W0ZGNrfS2BUCGEx/9GQAoOdm/H0b+o3b5i7QMMv969K0veH3MzGnfecL?= =?us-ascii?Q?QutJKRjDja3WrKVHwos/tuMHTbvUdHzVKTinYaIXaItUIkaAEHxbyUhyj/Iq?= =?us-ascii?Q?RLBRPUaP6Nt1c+PuPijQY3mJ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ff522322-2ffc-45e5-8e53-08d9209b9fcc X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:42.4527 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: e7X3dPovhDgDiWdE3b2nY5BPfrA2zinyciM6qD9bf63YtOcSjKjZjTQZNMaYIlhWi2Eh73ZK7vbbYHL/NTDNkw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: hKHyQIhPLn0gG6N9gEPs9Sw3x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070707; bh=uTDk4LCuXVspB2sF3opPwv9Q2BqThoaMyuY+ee1sxjU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Qs+dGwAXaATI2jG+ZgfvzNrkpK5PVv8PFtcTi5FZHOw1Iiv+C6B2NLRrbf1UHwb4A6K vErogNSbU3JKOrBdVfe8PDyT0B0jeFnDhHN6zY8x/3uLHoqo544dvON+3BfQsdmpINwax d77A4RfccNIEA7L9cSW+9JSuUAidroNBqdU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that private memory (aka pages mapped encrypted) must be validated before being accessed. The validation process consist of the following sequence: 1) Set the memory encryption attribute in the page table (aka C-bit). Note: If the processor is in non-PAE mode, then all the memory accesses are considered private. 2) Add the memory range as private in the RMP table. This can be performed using the Page State Change VMGEXIT defined in the GHCB specification. 3) Use the PVALIDATE instruction to set the Validated Bit in the RMP table. During the guest creation time, the VMM encrypts the OVMF_CODE.fd using the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In addition to encrypting the content, the command also validates the memory region. This allows us to execute the code without going through the validation sequence. During execution, the reset vector need to access some data pages (such as page tables, SevESWorkarea, Sec stack). The data pages are accessed as private memory. The data pages are not part of the OVMF_CODE.fd, so they were not validated during the guest creation. There are two approaches we can take to validate the data pages before the access: a) Enhance the OVMF reset vector code to validate the pages as described above (go through step 2 - 3). OR b) Validate the pages during the guest creation time. The SEV firmware provides a command which can be used by the VMM to validate the pages without affecting the measurement of the launch. Approach #b seems much simpler; it does not require any changes to the OVMF reset vector code. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 5 +++++ OvmfPkg/OvmfPkgX64.fdf | 9 ++++++++- OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 5 +++++ OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index fdb5dacdc7fa..e00f8159f317 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -327,6 +327,11 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0x0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0x0|UINT32|0x48 =20 + ## The start and end of pre-validated memory region by the hypervisor + # through the SEV-SNP firmware. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UIN= T32|0x49 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT3= 2|0x50 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 1300af666c49..4c59001fb750 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -105,7 +105,14 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 -##########################################################################= ###### +##########################################################################= ################ +# +# The range of the pages pre-validated through the SEV-SNP firmware while = creating SEV-SNP guest +# +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart =3D $= (MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd =3D $(M= EMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase +##########################################################################= ################ =20 [FV.SECFV] FvNameGuid =3D 763BED0D-DE9F-48F5-81F1-3E90E1B1A015 diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index 8e52265602c3..2a75e909c769 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -49,3 +49,5 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 05c7e32f46a0..769dd0bccfd9 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -55,11 +55,16 @@ guidedStructureStart: ; the BIOS at a RAM area defined by SEV_SNP_CPUID_BASE. A hypervisor will ; locate this information using the SEV-SNP boot block GUID. ; +; In order to boot the SEV-SNP guest the hypervisor must pre-validated t= he +; memory range from SNP_HV_VALIDATED_START to SNP_HV_VALIDATED_END. +; ; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 ; sevSnpBootBlockStart: DD SNP_CPUID_BASE DD SNP_CPUID_SIZE + DD SNP_HV_VALIDATED_START + DD SNP_HV_VALIDATED_END DW sevSnpBootBlockEnd - sevSnpBootBlockStart DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 36739096e7e1..465038e39de3 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -92,5 +92,7 @@ %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) %define SNP_CPUID_BASE FixedPcdGet32 (PcdOvmfSnpCpuidBase) %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) + %define SNP_HV_VALIDATED_START FixedPcdGet32 (PcdOvmfSnpHypervisorPreVal= idatedStart) + %define SNP_HV_VALIDATED_END FixedPcdGet32 (PcdOvmfSnpHypervisorPreValid= atedEnd) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75724): https://edk2.groups.io/g/devel/message/75724 Mute This Topic: https://groups.io/mt/83113769/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75725+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75725+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070713848646.4611262282414; Wed, 26 May 2021 16:11:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id iNT3YY1788612xYrSi5n62in; Wed, 26 May 2021 16:11:53 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web10.41.1622070706274569273 for ; Wed, 26 May 2021 16:11:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FGqpotuXDPJamVjSRnC7Uc6AU0txhW3q3JcNMBZvMSiUe8/Fdf2fj9xfBxApruVQoF0KVzfAF1KY9OSl+Kpo+8OFTPENIgMMBqfKr1exulKyhV6VK0vgGcWUBdZtWh2bVgzKKkm+bg8ZMhNN8PEjAkFN+7AMlrAeZptBn142zm7GrX75orTlEx97NxD/Bx4pB9YwfICN9Jp2swuqWwv8D4+FfC7Y7oH4/vRwRH2zYgU+/ncevrSFFnQSUanjtU4nhoneyJbG7I9sOiJkglqX1qj5No4cHDxoKUvyiy8Tp9odd62MwKhbTDQjekUPehXUUx9FVYQZePI7fz2SRyFRAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E3VYLE4jrBZtCfYhHoklmMxjrDGWUuZh8ZWXa6SylWQ=; b=RcL9NPiIsu7GYJ3X2y+Lc88Sw29YOhqe8vrS+uwUfx0OTCtMi170GQgt3QADXmflHasQbO2wX9lUGQD7/UcrKA+j5CU+iEC4FJ/qD1oU3PEEOp3iLzhG587PnFrJzPZ4djcntRkPFDXgIBYTZRzVosiqx/c1Pb/i7vl+YQMznrJJOYRTN1sALa1mQ9yTlPfHVAX3zWiSGhYSJ5hDqvncF59LhNlJugaXlqEZ2Dp+Hx31swRSXsjsWedB5Qh7lI1399oxtffarc/eT7VDNMG17PUYeznN38y7q3EhSaVPH4RAc5WAZw3ix0LHkeVf08NUPe0piZxln69kvCyRCAmwcg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:43 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:43 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 08/22] OvmfPkg/ResetVector: invalidate the GHCB page Date: Wed, 26 May 2021 18:11:04 -0500 Message-ID: <20210526231118.12946-9-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 85ed536e-6593-4fa5-d048-08d9209ba03a X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 960N9tPqdGl+WIBdhSk0oDcNAGsMJ5etUJ+208DlDibKiuzOMGaLt/mHbAGZuLE5urqYWhM1+6atkFm0PwZ6ebkCh4YbksFIOjFWwKD4teAAiCQw/t3iTaFMQKO6qYf2yVtOGOyMJzru1ydqc9dWYJrnh6XKeiseKEsloWpo7X9mUY9eNONWBtHaE3w/6dHb6jeMIf3GVX5kN1X99tlwgIxcUz0h5qTl0vXXSC/Raq2BoKqSMrRLedyt3KaDoYS6v+JLQWnL94Uk4/IAK7Shyf5PpAHoITVs03NjqntQbliPCQsX10QjvYn1DGHsVW7QN4P5oGSCYBGCtzEWso2RVOQqbm3laMLG/2T1K9+WHMspN3IAgNaHWrorKQWwCn6JcDS6Qc9ITpdqVtYzU+wUcAsDCVrAV/LMy9PsHMPV9y6gPaDn5Q51rG40v5vOP/0F4m7OMm0D29Qp3iHwmLcndFv5rkIw8GGvm++vRrS9xbdmi6Ueht61FEOq4GyVFWKbEKuM2yKGIvUITzrgmdZZtXWEX+jQiV12wnF+Etrf2JaCNRYV96JbefKlZtntD2rjJdZHDFrQiP9GflqR+S6cufXdeETAUQsL5THMa7NuCSy82BHkx8p/4wY2vydA1dicrgyxzzsINRmjN8Bx4CLZpQRXWtF2+8LC0UFZeIC8+nfWyjvZIFqnYViL70NpGnRThgxKIQTzYJpIbpkN21c9DvpL1yuwhgwLzZk8nJXhGJwBej6mAzpjUuvX9zazi2wo9ge62hCjRGMrOIVj5gqeAp2i0PiKBZftC+43OE2nF3Q= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?tlKAL/o1BnKaulIKsXU1oFU7XIUf15Y4NHT7lF0CqE4Jz6s+bdVSK/K3+uM1?= =?us-ascii?Q?2sgLajjIB6kDa7nP03xqkdgec/F8LN7ZRBDnDD9JfOp4vb6KUpTxU4tID3yY?= =?us-ascii?Q?DUgZ4aNsy0V9e7iLm5f+PHIy/zk/rtTTIA4yphTuVRhKH+wB8k9z1dFr2wXb?= =?us-ascii?Q?/ULNuG9qUnlzBBv63VRz8WtFJR2SMGoFlSOK7/qW/JJ38IxeF7M589gCuwnB?= =?us-ascii?Q?OEzOmIfL8WIMkErcXjU06sajrRTanoZTAvFLDSDKu1apCSKxtY2KFxBIxxow?= =?us-ascii?Q?sXOUrwT7s4GFxOa5d98S0/sN4qnvCVVcxl/pcUIm4C35IhPmlFMdy1lRqubB?= =?us-ascii?Q?FTg/TbITV+eWbuipmV0JDNCS+r6LCpBTnyJV7dgo/8TlW1JxI/vAN9xiKW4N?= =?us-ascii?Q?vZpK2RVjlvPD77sYB2bJ2EWgh4Dz79/Z3vjT5tR80bOHBX/efL65JHomfjJt?= =?us-ascii?Q?hYyI4HjDHUNcL6tZkJZ7gMYUxhANGZXkSORKT6vTNuT32f2BbQpjK0GAqR7g?= =?us-ascii?Q?xofpAjTwiwNrOFm/BFX8p1GlZh+X5XD7B/1UYWxFJFt6PCXMhp/ESuzyws3Q?= =?us-ascii?Q?9+RhvujsfqC6MprYm5tEX5fghVDLg22WXWd7EDUcsSMf4A78GPUWerM7Qf/R?= =?us-ascii?Q?2ejvMnu0X1atKfRmKT8IH6H9j4CEq8k1XHV0wyJNSiq6v2aBGk+hI5pz8cNI?= =?us-ascii?Q?3hMAZbvLkc+CuhlZdadPdPBBPoIvTnZeK0UTwTkUzNCEBA0Apm/X4HcWz7Zc?= =?us-ascii?Q?GJ2BvJOFbtqVAZKhReTEYcmNm7i5z54xsACIei3lQf5nqnH42ns/Ga9hT05J?= =?us-ascii?Q?0xtxZTByfocPZwsNCCFYRhgIK4JlB5pkZuIkTtlyfVmO119dOOX6TyQmn0nW?= =?us-ascii?Q?gdecLoRwl6luxFHxfNtZU3Nzjs/vBfFpmDctcCxogptspRE1FgVZ9dsPtVqB?= =?us-ascii?Q?vHV8BJBS9/W4KvHzb/dCUrhAiLMkXyA+xI1L6Ryh1fTN2oc/+dMRHkwU+qLE?= =?us-ascii?Q?VopQlGj4iML1vcNmSUfBZHlSIcqjSb0bulI0DOz/hgs5g8aFrjg7/TlmcSoi?= =?us-ascii?Q?qrw7cGg4HIJQvWSCMJfOMG0aG6xV9owAfRnZc9ogJDASa3kGx+Edy1Vb9UuW?= =?us-ascii?Q?EjbgRk+Ghp71zpNCtEBjFecpS0/QVu3hdUqeDBOyP6I2kHBrWV28Dcs2Wv20?= =?us-ascii?Q?UW1vFcDJYC6kKNFUbGOTP2ri9wff5CH3PDJmFffkyfl428aWhjQr4w/YzM2L?= =?us-ascii?Q?7IaGV+7f4HKqiWu9lMRs8opg7QHHT2H9Pu4f70NlWs9G15ZAaCI324ZH8Ld8?= =?us-ascii?Q?9/5EAA2iqnA4bKO31YZv6ukg?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 85ed536e-6593-4fa5-d048-08d9209ba03a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:43.2093 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BCY2HcvJGM8s8hid9RZLNRDjKADPyel8t+sPfyvo/TKB42Cewpgi4yIL1n8KPrd1n17hJD6uPrfknEVBRHuNdw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 9nbMkHTiYHUpqE34DnKaetS5x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070713; bh=nnHLdEs38FLn1IIQbl0tPysDAY4ODzBDX+SIr0WzwkU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=HtXKjBIfctB7nQ+PVBStIUWTGzq2VS9vJ0+uE2QFPFMOE49IAApQYmDJ9eJBDNLwDty K3CHiIrOt0JJgPT9oap0GXynFk0/Hbdo0TvgndvvAb46BNNINlDIeS35TKzPUu3cWQUsn Eqm9taUe5SeseQiVBRf+74r/NnfwNAxgguk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 When SEV-SNP is active, the GHCB page is mapped un-encrypted in the initial page table built by the reset vector code. Just clearing the encryption attribute from the page table is not enough. The page also needs to be added as shared in the RMP table. The GHCB page was part of the pre-validated memory range specified through the SnpBootBlock GUID. To maintain the security guarantees, we must invalidate the GHCB page before clearing the encryption attribute from the page table, and add the page shared in the RMP table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 93 +++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 75e63d2a0561..f764825755f0 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -10,6 +10,8 @@ =20 BITS 32 =20 +%include "Nasm.inc" + %define PAGE_PRESENT 0x01 %define PAGE_READ_WRITE 0x02 %define PAGE_USER_SUPERVISOR 0x04 @@ -70,9 +72,87 @@ BITS 32 %define GHCB_HYPERVISOR_FEATURES_REQUEST 128 %define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 =20 +; GHCB Page Invalidate request and response protocol values +; +%define GHCB_PAGE_STATE_CHANGE_REQUEST 20 +%define GHCB_PAGE_STATE_CHANGE_RESPONSE 21 +%define GHCB_PAGE_STATE_SHARED 2 + ; GHCB request to terminate protocol values %define GHCB_GENERAL_TERMINATE_REQUEST 255 =20 +; If its an SEV-SNP guest then use the page state change VMGEXIT to invali= date +; the GHCB page. +; +; Modified: EAX, EBX, ECX, EDX +; +InvalidateGHCBPage: + ; Check if it is SEV-SNP guest. + cmp byte[SEV_ES_WORK_AREA_SNP], 1 + jne InvalidateGHCBPageDone + + ; Check whether hypervisor features has SEV-SNP (BIT0) set to indicate= that + ; hypervisor supports the page state change. + mov eax, dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES] + bt eax, 0 + jnc TerminateSevGuestLaunch + + ; Use PVALIDATE instruction to invalidate the page + mov eax, GHCB_BASE + mov ecx, 0 + mov edx, 0 + PVALIDATE + + ; Save the carry flag to be use later. + setc dl + + ; If PVALIDATE fail then abort the launch. + cmp eax, 0 + jne TerminateSevGuestLaunch + + ; Check the carry flag to determine if RMP entry was updated. + cmp dl, 0 + jne TerminateSevGuestLaunch + + ; Ask hypervisor to change the page state to shared using the + ; Page State Change VMGEXIT. + ; + ; Setup GHCB MSR + ; GHCB_MSR[55:52] =3D Page Operation + ; GHCB_MSR[51:12] =3D Guest Physical Frame Number + ; GHCB_MSR[11:0] =3D Page State Change Request + ; + mov eax, (GHCB_BASE >> 12) + shl eax, 12 + or eax, GHCB_PAGE_STATE_CHANGE_REQUEST + mov edx, (GHCB_PAGE_STATE_SHARED << 20) + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; Response GHCB MSR + ; GHCB_MSR[51:12] =3D Guest Physical Frame Number + ; GHCB_MSR[11:0] =3D Page State Change Response + ; + mov ecx, 0xc0010130 + rdmsr + and eax, 0xfff + cmp eax, GHCB_PAGE_STATE_CHANGE_RESPONSE + jnz TerminateSevGuestLaunch + cmp edx, 0 + jnz TerminateSevGuestLaunch + +InvalidateGHCBPageDone: + OneTimeCallRet InvalidateGHCBPage + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -450,6 +530,19 @@ clearGhcbMemoryLoop: ; OneTimeCall CheckHypervisorFeatures =20 + ; + ; The page table built above cleared the memory encryption mask from t= he + ; GHCB_BASE (aka made it shared). When SEV-SNP is enabled, to maintain + ; the security guarantees, the page state transition from private to + ; shared must go through the page invalidation steps. Invalidate the + ; memory range before loading the page table below. + ; + ; NOTE: the invalidation must happen after zeroing the GHCB memory. Th= is + ; is because, in the 32-bit mode all the access are considered p= rivate. + ; The invalidation before the zero'ing will cause a #VC. + ; + OneTimeCall InvalidateGHCBPage + SetCr3: ; ; Set CR3 now that the paging structures are available --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75725): https://edk2.groups.io/g/devel/message/75725 Mute This Topic: https://groups.io/mt/83113770/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75722+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75722+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070707332138.22887579098324; Wed, 26 May 2021 16:11:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id MjYEYY1788612xPkZdWbzVCR; Wed, 26 May 2021 16:11:47 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.69]) by mx.groups.io with SMTP id smtpd.web12.41.1622070706319079661 for ; Wed, 26 May 2021 16:11:46 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CREqDtdSPUf42JYcLWtVHWkCeLbgqiXupjUGIu7pZnR7uVY6K63c2k0zb98ChgsSaMj8H94cNaVlInCgbG4rX0LYC+X4XtSbQEyd/eeVqRdiAZN5fPI6aowNg6TOnSryGgY+JptHYMPA/QntxYaz6xUWXx4Byxg153mwwUXI8IU2Nev3GN1O8YBhmZx9C8zr2odhruNR65nKlgQVsksH/gucIyltlzxVJPJlToakNe+GRSlyMDQO09tIZokZFEhiGJYCpMOcjSRiFEruKXkpAOtOsbm1L15lg4lqX2gwxQkA/S94UGtf5uoL1K5OcuyPwp3+a0jcxSy1AtXsMXpeVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11ypd/mbF07B2Wof0lf+pDoF3GZewoY1P3P3R+DTz6w=; b=ocqtgwsgaufPp5D7GVU6qG6Y4Ktk/xDHJF4hBV/TOIJgu/R9mcl9UazVVQy1rIp6c2/dFy7LXoWi5HC9eop1UUhPRSVJXavMEvNcB7dAUJFWvG7gUnUmCyyyILCHfDmRmC8wSi1boU3AVcqOL1oAlpeeY0fDQKSTYLSSSglNFQHB+5vBBfXjwCEKs8321PUqEU7XBABmptU5K6prAb5rc5qBIIgePmhGZ086uXCS2FfHN8XPZSADt466BmMUVTGnvc3N+Fi7H7/4GH3JesbfeEhfhEiujXJ1W4pfXDg5aIo8xFWXf8Sq2PwNrOffbSfSgtb8k3DnmgMxVaXnwHCuEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4512.namprd12.prod.outlook.com (2603:10b6:806:71::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21; Wed, 26 May 2021 23:11:44 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:44 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 09/22] OvmfPkg: add library to support registering GHCB GPA Date: Wed, 26 May 2021 18:11:05 -0500 Message-ID: <20210526231118.12946-10-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:43 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a612d546-4e34-42c4-d2e9-08d9209ba0cd X-MS-TrafficTypeDiagnostic: SA0PR12MB4512: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: T+Gc18Yol8ZUEf8cTGa/hEQpEn9zYOTg1j1G9smT+e5k3lXzHYxx+vNo6fyRJJDk4ah08TIr9L7lWS5PFyIzhEH8ZWEq4A7s9Mb7tRzw2w8rd5FVtOXsCeRAm1b2nVT/qLqHv0uuJtxexDa0h72j7ldoHErHXyEg7oPzPYKWkdGp4kbxdyeBhy6fS59aWJpc4r55+KHRTzKFDjdpgstuaKwsbkAkYrQldQ0RNZyTJCQHrsXmCbiG39+6xhzaABFG0IKfqGCYvM3spj0L8Ob5CveLJpLBrsZW3Uumg2FKkNfVIjjybgps5V0rMJtLbC/qGrIUrL8Mm7C8W+tcoDu7TQN8cx0BshXkseVdK05xGm9IKSob0YTo1BmDYRSpw+TWxeHzwbyVSd/gMjOcY0y4DI538cXYoB6xR0fefTAW3DCDfjO7ybh7w0PLhqf2wLUa/R1nXbFY8rUFixqdGfm170A55uTYKVKurfqMv/Lt2ujySJOAtCwU+OrveV0VjUhXJaZSL5h6fn3rQd8iu0HWvgpjFM1+aU+wtdoBG/cpAOSlW6dz4xrN2H1Vxq2zdz923eATfoj4wQFCRguP6/8qIemLPbxZ3ft0VS4XmBfIwCyBFI06neKb8tsL0EO8OTnZP9k4bPIvC9knR3zOIsG2Ssd20IRTH1JQFgjhnLN4iAMbE9EVx129lmjyuU+v0gKJSJCvve+7XIZli3t4e8hKPtJYc2bK1edX/89guM1v/MrxlyD/dy8vLG78lOWNiAuJnjkuGekfJ98Ev/Y+aQLTUdKg3M2iO/lQIDsXajooaeY= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?zF5M5OfV8ckfWdBcPLKUc5/HnuUcZjKMBbFY6UsO0FS968CVCSZTIWRwPVeL?= =?us-ascii?Q?4E7A/8nphvESHAOw+6HmONv8SZDuYt2SvvKhPN3EoHTOj2o1rKfeyFFhRE/7?= =?us-ascii?Q?4jnTiT70P9DZnI/3AEnzRICHBg4oYUn9UUoARNiDkO1KUF2QqQa5YYIVBEEx?= =?us-ascii?Q?xTGAHL+KZc4iuHAm1Qbz9jrZ50+AhwFnza9duPnOCiGSf1Mu+hBquZiiR0SV?= =?us-ascii?Q?dy1tFqFMcspJ9KCKqhjzY4ARAHLr7/2kObfRCFZv3piEpBGa4Y+0BYdWLxDz?= =?us-ascii?Q?60IMKK2OOiy/d0TsmSVgfc7LpDJAtqfuEn/vcyOvr4kCDGKwOwgFgpMxROEe?= =?us-ascii?Q?rXFo6rv1PGje4T+B3FdLZDIsz00NYR/G+3GhldcyTTFjdN3YNkKcXKr9fPjs?= =?us-ascii?Q?iBOcqOm/cRywlXueEv2NwplBkxB/PfA33Gcq42ir47gGnFD7XT/1vd+QdMUX?= =?us-ascii?Q?3I0TWTH66jVM8GT4+cYNnaWFe35re10IP2BsxsFaHYC1JrWoNKdQ1bIGgIxh?= =?us-ascii?Q?m17E8bduapspqZi/9+h3+uKy9Joo25yOUBzhqLdtUSCuzVS1W89A86IDbNRn?= =?us-ascii?Q?iEThflGav6QaY38wQ3LCXgEfGopvb3161ZhaUHhsQkghxwm8c01zXalQyPEF?= =?us-ascii?Q?h/8TAPdb107YbNvTT4UVUBht5x5oz+IPY8zl0yf+AR3bQxGY/h1/rrGBTBGk?= =?us-ascii?Q?Khkgi6eBPVDKtiHOPVb4SQ29Em5dWBnYvfjglK0Zh8tk7lENQgfia+58Ldqt?= =?us-ascii?Q?yvC8+6UHs5iIozr+LLSSWwSV0Z1hLBUcOUqfby5OSBvAqZ+xMR7fw+Dc7F+O?= =?us-ascii?Q?LS9fF6N4nS2tX5OiUGEHCEpdC6eflTjqEMWZoY8lyTrdukLSR+eBvCOkDtpa?= =?us-ascii?Q?oOhDkANc3u2kAcwNhtBMSffJIK14eSAKLXNgexVUZ92rW2BxY5pw6fpLYKXu?= =?us-ascii?Q?1WM4++YtK2serWpQWFqaw6y4ySzD2YiBCL8QE0cQE4eQXngxcSDwgVpigt+6?= =?us-ascii?Q?ZGZTUYURTDrwlFJytYJ4JzJDzDWopbdRfIX4lUsUDMQCa8SxQ/JMJwP9+QOA?= =?us-ascii?Q?wj7mPalTGELNDBnO9LzW7QSA8Z/Sc2HFpDJ3ahHagHu8fzTny43zqscEcmeV?= =?us-ascii?Q?R2ap+bT45lTK3i+m7GPYohCUA8+NSh2qK99Ia02cknhIFNQWiHrmSANft1bR?= =?us-ascii?Q?WLFT6mHYX1NehnIhIlcRjGq1i7wryaOjNk12iGUkGEsx4MXP8LE3H0Lqu3+m?= =?us-ascii?Q?jpMXGRiMqcjYw0Qy+sS4tcwlQL6zBmQS30gEOsoidg2DGYP/pTHouuBQYlHm?= =?us-ascii?Q?5Ap7g/HGRT7pOtiDS4QZRYNc?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a612d546-4e34-42c4-d2e9-08d9209ba0cd X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:44.1557 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RnuHNizM8v4SuHQOMzcsqhL9pwdePC7cA1ZTgd8xdhiE6Qbg/gkjw0aJ0pxpE1BRAkzIJim5gJufBo9lGXgK2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4512 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: nGSXMXv7Xcncd8FBsi20J74zx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070707; bh=MA60XKgdJjhHcOasitOs5Ai5Npy49En3gMIdCgTZKto=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=rXRtj1I3cyc4A6/L5DFioA2Tdh77b9gr3jr0ZwpDofqZInGEn0mfNJg/8/MSQkLNwUi dWMVd+bmWKxRKtbgxV04MJun+fha9jha7Ens1aAIk6F/6hfCNRC8u/QQqXrqYBIBe12wD iDoxkNBzGZDFti3DdxgX/x5Yyr8JjbBbw7s= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest us required to perform GHCB GPA registration before using a GHCB. See the GHCB spec section 2.5.2 for more details. Add a library that can be called to perform the GHCB GPA registration. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 4 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + .../GhcbRegisterLib/GhcbRegisterLib.inf | 33 +++++++ OvmfPkg/Include/Library/GhcbRegisterLib.h | 27 ++++++ .../Library/GhcbRegisterLib/GhcbRegisterLib.c | 97 +++++++++++++++++++ 7 files changed, 164 insertions(+) create mode 100644 OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf create mode 100644 OvmfPkg/Include/Library/GhcbRegisterLib.h create mode 100644 OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index e00f8159f317..3886d43bd3de 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -106,6 +106,10 @@ [LibraryClasses] # XenPlatformLib|Include/Library/XenPlatformLib.h =20 + ## @libraryclass Register GHCB GPA + # + GhcbRegisterLib|Include/Library/GhcbRegisterLib.h + [Guids] gUefiOvmfPkgTokenSpaceGuid =3D {0x93bb96af, 0xb9f2, 0x4eb8, {= 0x94, 0x62, 0xe0, 0xba, 0x74, 0x56, 0x42, 0x36}} gEfiXenInfoGuid =3D {0xd3b46f3b, 0xd441, 0x1244, {= 0x9a, 0x12, 0x0, 0x12, 0x27, 0x3f, 0xc1, 0x4d}} diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 33fbd767903e..7cbef8e82282 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -243,6 +243,7 @@ [LibraryClasses] [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + GhcbRegisterLib|OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf =20 [LibraryClasses.common.SEC] TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index b13e5cfd9047..6b0bc02bd536 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -247,6 +247,7 @@ [LibraryClasses] [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + GhcbRegisterLib|OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf =20 [LibraryClasses.common.SEC] TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index ea08e1fabc65..8d9a0a077601 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -247,6 +247,7 @@ [LibraryClasses] [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf + GhcbRegisterLib|OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf =20 [LibraryClasses.common.SEC] TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf diff --git a/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf b/OvmfPkg/= Library/GhcbRegisterLib/GhcbRegisterLib.inf new file mode 100644 index 000000000000..8cc39ef7153b --- /dev/null +++ b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf @@ -0,0 +1,33 @@ +## @file +# GHCBRegisterLib Support Library. +# +# Copyright (C) 2021, Advanced Micro Devices, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D GhcbRegisterLib + FILE_GUID =3D 0e913c15-12cd-430b-8714-ffe85672a77b + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D GhcbRegisterLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D X64 +# + +[Sources.common] + GhcbRegisterLib.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib diff --git a/OvmfPkg/Include/Library/GhcbRegisterLib.h b/OvmfPkg/Include/Li= brary/GhcbRegisterLib.h new file mode 100644 index 000000000000..7d98b6eb36f8 --- /dev/null +++ b/OvmfPkg/Include/Library/GhcbRegisterLib.h @@ -0,0 +1,27 @@ +/** @file + + Declarations of utility functions used for GHCB GPA registration. + + Copyright (C) 2021, AMD Inc, All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _GHCB_REGISTER_LIB_H_ +#define _GHCB_REGISTER_LIB_H_ + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to registered. + +**/ +VOID +EFIAPI +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ); + +#endif // _GHCB_REGISTER_LIB_H_ diff --git a/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c b/OvmfPkg/Li= brary/GhcbRegisterLib/GhcbRegisterLib.c new file mode 100644 index 000000000000..7fe0aad75a1a --- /dev/null +++ b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c @@ -0,0 +1,97 @@ +/** @file + GHCBRegister Support Library. + + Copyright (C) 2021, Advanced Micro Devices, Inc. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +/** + Handle an SEV-SNP/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue= st + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to be registered. + +**/ +VOID +EFIAPI +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75722): https://edk2.groups.io/g/devel/message/75722 Mute This Topic: https://groups.io/mt/83113767/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75726+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75726+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070709721952.2322126737723; Wed, 26 May 2021 16:11:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IynlYY1788612xN0rTz0BhRL; Wed, 26 May 2021 16:11:49 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.83]) by mx.groups.io with SMTP id smtpd.web08.32.1622070708723236284 for ; Wed, 26 May 2021 16:11:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l7DkibWgJdzQ9RxglFj5JHBv2W3KfC6sFEWFQnsvbjkl5nJ7twPS7RvQ1PqGnOm+iK5/rM9+0+QNH8PY08Jgoh0e+uO9XuSQhN5G0zOn7LAtyNFBZtsVqAq73nOXp0Phrv4Xin8hJjNQv5K7I3qe1RaYfeeBDc5pVOx9GR0bYgbNfnfvGagkUzxP3nojjpIKvQkxTh9Le/S3c6WAPFV3g6Bl9yniGRvP+R5ufxIGn+FZBH+ftFG8AvXJs5osQ+XWmyj5WO7OqsgfTNKtneseJh0F/qsPFgAqWK5QgrzYTSd1WakTBGXTinEapiV9p5wcSS9GB0AnNa4HJkldxlyvpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gZZJpJXOCG0t4thBbKI14/4nJziR3EiQEPoMGduvyZ8=; b=eMk5VhvMOOTS/WiFJYBqlcK60dB+3hFtI9CaUgI+ug2DH3VMURwHbpLdDmRTAzOX4MyqpbrPHIYAUX9Cue9Yo7GQrx71tHOebzT/WKDd881ttIVAcvRDqH6LDDrJdpARGXmp4rbmYevv2WH7Yw2CoofqL+ag4ogFNsdMhheJb8jdCJ+wfSo+AlKTWlzaAAT5Ws9VQdH7jwzOjX+DrH7MQtIH+p+FwjPN9dVQWQ2laMrFu6VRbhI/H/XK7NmvVI/BOdaxUn9R81Udr4+wwWGsUdZcNrp8CKhzZgjXeg4vMR3sKBDbpGjo+lTfuXywOSPXv7c1BbN5OtzC9SzxPQaahw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:45 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:45 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 10/22] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest Date: Wed, 26 May 2021 18:11:06 -0500 Message-ID: <20210526231118.12946-11-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 54e9d86a-4b05-4403-843e-08d9209ba150 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: vvXKbD957MWKjwyZ4b1n2H0TDAPT6iCRc8Gy/aaNfyHErexB1tzIHnoxL9q4NwRRLTWYMWD771Ea4EG/NaAoQUj74NHBxY/xR1t3+LuHFQkCXKgWQM5BC8CMJkMZoHq9FHab4TJGTgIrDswR2KmhpVbRgXK70zjTLsakCMOXLLcieklTmxHTP4i0OrfaDj8bK3JZ7eJA2sI6HrMo0Vha5KUU332uxI9QhgA/3czxtRfIjlVgIPu2CJIPmip6Nn1zW4tkP+NBf8G8z1uAZ1l+IzBRkXiFVm2EY4vBDv/VJNg60wTZg0eeCKnmyamvgpYDyPeK+li3lGdvVGHgigwB6xGrFN36X5NQUWLBw0HLcpvecFxz6p9HLTABMMx9BoDrGzr7yyqf/4qVXpcnkNL3MMCNHgf435GZWOq08xyNJoZ6vu4NdFG5RTJ5FwxSaVjPGzghcs7A9XUsLzuLxqSZqkrkxlJc/pKBTkPZ/7XYtSpzL4jdv5UdIwGNAuonNur08QZmwhYbZMDaXjUcuZVMok87+/UWh4rClw39QcGMOsjX5LXeFvXRskcuFycHn8uQ3b76/r1oLxeU5UiEnxTJc8ijrzpP07XBgjyLdstqXlWq85WVK002hxAbv/hxeEQor22nVs8wrTl1uAGzQVetD1c64kMK5xIxCTMwSRx+vzrz5Q8uhCxp6JszrJ9txgOPymHRPQ+V/FwXS8yrHyDNZHOQd0ihqTbgGFTNXgTiM0D+IMlVsxbvvA0Fel7pOS1NJfHIcSVbyIqkfr0lCOza6NR74otJTB1NbmFyBDKeIig= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?DC8SWWgkFeoMwzxDuZpUEOGFu7tOu90yQHfZv9rm2YICm5UCKDhvJbvs1GjI?= =?us-ascii?Q?049y4lY6nu1w79kVwzfJPxgCOfI+XsyNAMshD91lzfTCY/D6FiAChbWYwZyT?= =?us-ascii?Q?mKvVrg0K0jTLdnrl5nPUTzp/uWgsG5295GQYOVri056RyKoNQuQprdKW/O0R?= =?us-ascii?Q?n6NOownD+haFgz49rpn7HjBum2b2aDX/RIysuHi5x9E3Wz7gZjslJamJ02LQ?= =?us-ascii?Q?lc5I5JpOl0aVM6gcz3S4Tb6ZbDsJTNPGxyagIuh8KN7IOsHIFDD8E+6SPh/6?= =?us-ascii?Q?854gqL6KbGWcUAruTq8rtWwmYK/jOoYO7MOAooPR1B9G1humGiE0YOu8jAHd?= =?us-ascii?Q?aqDJHoyXqBlbpwdQ4FBmhRhyNUzqvbT7R0uBJNiGH2vMooBAuKU7iEfUYOYS?= =?us-ascii?Q?ry6XJdHL2Z4ewHDjWP7PycPm5X2HItg/HMZA2ELzlezo3MVZfEPjn6VrvjkU?= =?us-ascii?Q?XjwVTOXKIhHNDQEqezLt3t+ZRP2sDIPr5qWrVlnLp/bik+pGBDxBNBSvYd0i?= =?us-ascii?Q?QbiyoyXB1ydt04SUk+ZZSC4GjJohTGTm5Ljq3qnFn84m/+Iw6neSkOcVfmzB?= =?us-ascii?Q?Z00pHihq+KHrfgvtiWjIzlTvwSM0zk9qyzsk13g6DsJsYUxNrtRacrQEid04?= =?us-ascii?Q?WUrJDZb1mFXwMhrzzhzEQry2vsdHywxim+dSV229xSogPaXY04fdGJ6XdQb0?= =?us-ascii?Q?ad4tBEOGeF5ZremcZJ6D9k4HI0r6H9NYpszyW87pk2HTYxfs2kjwqkcGLO8c?= =?us-ascii?Q?Sxnka5pX1HxqeRnNzG3c5161IW9nQ0xzXkDU4bHTItjB8c2Y7lv56IT8JDwv?= =?us-ascii?Q?K6VmaEIgPrLi0kzdOEtkAawIQ9JJ1R7p5gOaGLdIdrWQ5oSkYxzhdpoNmuN/?= =?us-ascii?Q?KY/fa6bA8Nb9x/IUEbfIR+a2A+tfwPS3YgjTB10Xqm1gxGAAG2WXeQ6Uz8Yi?= =?us-ascii?Q?yHCbXQ0AVzVaVJ7hO0Hz7GhnbK/+haADmLUASScJn+tj05DK8HH7kougf81s?= =?us-ascii?Q?oahpt98HNxpH8diCqjUJ4SzMC3eLILmKP2mFIoGcYnWt3veGC4wduuJEAv8l?= =?us-ascii?Q?NV+7wcgC1XQ+hoB9ZbRMhwaM0JbXEj0WWYAEBsobmesySYH3gmrq94tqv29e?= =?us-ascii?Q?s3ZTLkzyL1cpjbfC0qNokJ8XMbL/pQghMSkV3NTPA2ySJb7ZG9O4dO4flghF?= =?us-ascii?Q?Z3TK9yIsLOI3nMfjR6hyLOqhqqFBqhSutKT+pn+U721XisZxkO1+JeSfoB7h?= =?us-ascii?Q?uB0JV/d4j388ade/sXg6nP/mlUPnlBt0uuNzrFemzbMwt/DQYBbp8rywo6SK?= =?us-ascii?Q?Poe3V72EP0y/GPf33jSHuGht?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 54e9d86a-4b05-4403-843e-08d9209ba150 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:44.9493 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: m/2U3wQtFMqesxf3C9hUKPeWhw0NWSvuSG8H0+dAPUqFevARSUMJHxGVK5EGH1mCNEHe+qPepehC+Kt+krZZ2g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: pEr1zmekKrWwLQjVf6nsKYC7x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070709; bh=Pv/Yd71sVNf3JyxvdlnaTagWPDxT1kjIye2i6OtWB54=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=vjuUGINmKhWDHKXVEk1ZdS/ZN6jYtrQQyQk9dNuyl7hlsVVhLNInZwTBMmnbQ5Ab8oy FAaL16NaBlFBLYqrsnwQIWWorARxFQkP6HXVg7NSj/0yTJjivNei6pVzfCV6vBQMg70C0 ALp6bvp7lB/ug3Rv1CH4W5PbieeApFb8fps= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. The GHCB GPA can be registred using the GhcbGPARegister(). Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 8 +++ OvmfPkg/Sec/SecMain.c | 79 +++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 89c8e9627c86..e9a10146effd 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -52,6 +52,7 @@ [LibraryClasses] BaseLib CacheMaintenanceLib DebugLib + GhcbRegisterLib HobLib IoLib PciLib diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 81e40e0889aa..54b07622b4dd 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -156,6 +157,13 @@ AmdSevEsInitialize ( "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n= ", (UINT64)GhcbBackupPageCount, GhcbBackupBase)); =20 + if (MemEncryptSevSnpIsEnabled ()) { + // + // SEV-SNP guest requires that GHCB GPA must be registered before usin= g it. + // + GhcbRegister (GhcbBasePa); + } + AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); =20 // diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 9db67e17b2aa..faa6891cca79 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -750,6 +750,74 @@ SevEsProtocolFailure ( CpuDeadLoop (); } =20 +/** + Determine if SEV-SNP is active. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled + +**/ +STATIC +BOOLEAN +SevSnpIsEnabled ( + VOID + ) +{ + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + + SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); + + return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevSnpEnabled !=3D = 0)); +} + +/** + The GHCB GPA registeration need to be done before the ProcessLibraryConst= ructorList() + is called. So use a local implementation instead of including the GhcbReg= isterLib. + + */ +STATIC +VOID +SevSnpGhcbRegister ( + UINTN Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** Validate the SEV-ES/GHCB protocol level. =20 @@ -791,6 +859,17 @@ SevEsProtocolCheck ( SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); } =20 + // + // We cannot use the MemEncryptSevSnpIsEnabled () because the + // ProcessLibraryConstructorList () is not called yet. + // + if (SevSnpIsEnabled ()) { + // + // SEV-SNP guest requires that GHCB GPA must be registered before usin= g it. + // + SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase)); + } + // // SEV-ES protocol checking succeeded, set the initial GHCB address // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75726): https://edk2.groups.io/g/devel/message/75726 Mute This Topic: https://groups.io/mt/83113771/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75727+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75727+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070710178135.98375958185898; Wed, 26 May 2021 16:11:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 9PWGYY1788612xJA1scRnPSM; Wed, 26 May 2021 16:11:49 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.32.1622070708723236284 for ; Wed, 26 May 2021 16:11:49 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CHnchzRvZhqeJpgSTtZEgqOhbFLo3tCQogpOYBVpKaT7olODQqukQjTGdXkPAnNxOCOT2V4vNk+Y57WPqLa9kVQGv8lAloJ0Zs4MFgspDk2kB1AAbnjhJHyFMWjJSg7/wf+d8z4ruKG30VE364YRH96iXqbjG0u2Pfqr6dZlMxApTWvthYkJJzvIwNarkNM+gfOBdHvBBFkXzTj7Mw9NfRs7/AIsPhgFBd+/UZqY0M7eMoHtEJfq8TApz8RVChFFqHFvC37JsJGGwvgqAyqkbztiB8PyezeOOGZ8aZ0TwXyNGGIlDBvA+XocYGb+l3bqwR6/sNjXFYqJLu+v3WJGhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ru3iyh812CZKTApGTuY+hLZG3ngHxulr7V9rnhD6J/w=; b=giMWLclBaY1gJre4YmG80JnIRq3wGIgcsbVmQSwbcsVaad5ewWhpZJZMvJRCLf8OUHjiDlPgVQJdne+vQl/KrwuApcEts+LfbMak0RxudJepCAPrAPHMfbGY2SfE8siaVN/YRZs5T6U3QqcImpYR6gF2v2lDd0chlFDf0b/EjHKzkzfeqnf+b/SfWRoG5HAYXYn/nsyr5PTmDYNSJq+KRqi4NyuoTJM4wQOnEs3YA31vL8hhPdPONobWaC3j1/b3kdCNR37mHFvVgu/UT9YMS9JXI5fF/Y3jMIOv8ICLee7oCt1Oo4kitZAAyfmAcLPwz+gyqvnlVYmyt057FUsREQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:46 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:46 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 11/22] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Wed, 26 May 2021 18:11:07 -0500 Message-ID: <20210526231118.12946-12-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:45 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 17e2ac83-3b35-4d59-13a9-08d9209ba1c8 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: YgN4iacZfvbScYaqTwJMNvA4GG6KEfkdGJGiWwoyooJ2/1sEn0l3bVVd94qcl7WA6DP6th2wTpivwwC6l+8DclJUELELO/nayY9Kd5X3sVCOZqaFSgZONYiibPTQojCSnJidh3F2iice8+jbNQmITulDBE+wvF4VnTlCYajebyfuiZ+Kk+73Uv50/Qv2em4CHlhgQvhmrK21EfspnJr6ft1aWyHwM3/D9H6GsITUHNAWarFWSA17JyQJAYrGc7Cyz6m+C14bmBXAbI86Abf7Udj2qfAjOdfN/jXH5FuakkcsPVsqEBxs90phJxNJewf7FjPDXZbmtc3Qm+Z7HRcBoY4ga84D7dtnhKgW4lMG1HWvWughyRCxHO9krrcKoYKA1aAjvhn2Q7MhxPhMTnAQ7X3nUkFHg16TLNZVuzM3n8R/2X1AwaEMXOGqwCQ/wYTkTZvaelzqq0HRhnTLfWFtxJejpBcRwUxTaKs66ZVmxULRTSpXvZatHfe1fQcIVN6URTzrc5OJ+agaT5THypYGmGKjLMmMHgCzml7kWPbMBXHhTfA6id6afHDwpqo2a9dvEbLQm438vPlMboYnOv+hLBFroaJaLzf+BwzTLN6W+0ltSvAuwKbxdyXngEQRe8yTMdqUVtVlNVdrgwqrUSL3SGbHdOl8ta993iOdKqVBqdZHwifcQci6Zh2RmoDk+GCvGzf3CiUedHTuvRJ9DZxlbbfjAR7q2p915K456gFwnQO9cnEp35iULye5OgugkTYxXOQ9lloIEGkE6IsnKQgGmdR7RmatXlmcQy3ivV5Tnrc= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?p3nzNnneU2BpNd/cXLxff0M2dtbzAOBsF8IeiPqD7ihwLqFKwFrakp7dP7lL?= =?us-ascii?Q?RchncjGlahKaQOlIlppOrlA2igC+dpRpZBy7sDz+z1EFMPKJouz3QNJHAgdu?= =?us-ascii?Q?oXu1ErzR4CB5I9xSkYJA4Wo+1+M2ShVmpcnDmd+pwlvYqwUtPHwwQPOfg0XA?= =?us-ascii?Q?Fcyel9j40eTsjEPw3BvtyJFOImOIwqJY/XZzxREQS2rDdiauUDeEhpFFRPD+?= =?us-ascii?Q?qPp2Kj17bKoj+L8DZVzKdRtpey8t+q+qxMa9D51JBThBlhFHLEY1iFYPaCpm?= =?us-ascii?Q?e/m0qOaC/AMuPHjFTMcfqvdG9lytYbRPqC0sPFOZjWECQZWyAK7GA84cMPCD?= =?us-ascii?Q?1jg/0XcNNMNcGMKOEmVtalhEb6evWC4X9dJt+d81M/iJzwdcFAwgFRXchsaw?= =?us-ascii?Q?3S41Q+GHd0bKnrdTW8O/8+tBpnGbgIwktC1EE4jUCI+k/voUmWPgv2AIeox9?= =?us-ascii?Q?r9UvMBrRb9NZMILvCFqdfZ3uGiQcFH9c7Pb8YNvnUbkVMCXdCqgb8gCSqgYA?= =?us-ascii?Q?434KTqjgErqfajZQkC4jldl2lRdaVjCJud6Ibdrr9cdFu/zP9C/KYe9E2G1C?= =?us-ascii?Q?tI+hiYVlhCfpAb7ltITmAC6ME0v5iWCz0/j9tvBTO4WuwQPIX2/6T0TIwvWP?= =?us-ascii?Q?VZ4EavZbC7wqidiIxPBfQstZZcc96RfVq0MinbU/WNKvjqq1JS5LFb1Yv7gw?= =?us-ascii?Q?mX5Rvf8MrUwfGedyqhL0dL87je+esfUTJ4048ahwzWIAjHB+wracP0ZGcfc3?= =?us-ascii?Q?JWJ7TqvrCCY10tRubZeWdUzxrTxvfvbrfxSxaMGqF4xyR1zLB6EJMCJ7pgpQ?= =?us-ascii?Q?xPDSB0EGh7bF4pJMGMhoFBwh7tjOP5URsDLa/Rpxk0elbR/DpM1uxqQfsyGY?= =?us-ascii?Q?Xkq2tvyNwkynBSmLqZeOMM9eb1cex+ab/hZfXDZm3e8TVDziDRY1zj56UUA0?= =?us-ascii?Q?Kv1hlL05bTwpudz1oWWsXrJVScrT4ddtcxxVr9IaISb7KivDagQ6V1LS0f+K?= =?us-ascii?Q?ye8UmCxnq8mZYYe0kriIXvyxHhCr20VCrCr8CyhK9k9iu3aBmF5SMKcGlyei?= =?us-ascii?Q?+7oX/77X0w+mJxBhflJSWtJu2sv+klPmnRfUWZKRb/bXDE+ANrQnwVHH9dd8?= =?us-ascii?Q?Jr505q33QJ6IDU4cdlLwfFXx5On8qEuM7TlyiglQeNtasKouPHo5MprLKlul?= =?us-ascii?Q?9qVX4USmFvfn8HCR+MeKRD+PQ1Yh+5IZzbsv6c6DEwU5vsztbld2+HoMbSCl?= =?us-ascii?Q?qQxbJ61rRMDTvFxGUX1lPGLnkH0XWC6bMC0f01VPRDZtG+Wls8nO/yL80FHQ?= =?us-ascii?Q?7/vrKWqoMY7tolXA3IJEPRFp?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 17e2ac83-3b35-4d59-13a9-08d9209ba1c8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:45.8927 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oAWonV0GpUE/lIpBuWszYZmYpeuHkeHymAiQH41YMyLpCkACwobxJS2ELveMG0tflAt/PDWCZadfOZ/GFBI2gg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: go9QdJ4N89NKPlP0DQMwTrtYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070709; bh=xbZuRA4X0Iq9oAuYcGJUXM1zh+YXtE2bZ+5x8iJ554M=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=X+oD8kuXAX/E3+d5QtscYYxDKMEclsHFOHxPhcK+2bLWcMCW3OVYQrRZgmTTszukDMP stU3PSYLjkdbycnISKF5p/vZLU/6RjthN6O9eg6IaXImSskyDBmq9FnIyqZpAZl6Jhl3l xgQvyE9YxfJ3Y4KvBPlwSyc7/gf54b7mUTw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification for the futher detail. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a524..48d7dfa4450f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b5852..ab8279df596f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c983..4abaa2243d0a 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index dc2a54aa31e8..7cbcce101414 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2016,6 +2017,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..19939c093d2e 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke =20 + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75727): https://edk2.groups.io/g/devel/message/75727 Mute This Topic: https://groups.io/mt/83113772/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75728+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75728+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070711551492.55268700776344; Wed, 26 May 2021 16:11:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ltyFYY1788612x2X2S0kYEOd; Wed, 26 May 2021 16:11:51 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.45]) by mx.groups.io with SMTP id smtpd.web12.43.1622070710472126111 for ; Wed, 26 May 2021 16:11:50 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V25b4B9UmOwzngd4ZseGL1Hzd3OqezF06WnLiBpsxd0vggiU+NEVNdNpukfZH+9n6UHy+oqUs0NSzgpzBtbPMzccRcxBSPCNO4IaZZvZcKrsAyV1fmUxCs58iHaT2Hf8oej3lSYOepp5/Ve/LmdvZa1MyzFpbxKCMkBU8Sxx0WRNB+imcPQJi1TtUXlH4Vbl1Q+EU77gx6SJcNRWcECzgfCDwk/RfrAjHMkd7lRQAtb2Yd9OkwHmVVNOQEVeOWI+MF9gSvCdXPJu35qHuTzvEarS8ShWXMWt++gBsu2+sOdSyzP/awFrLymLBCZ0J2NHlgZfwkag8wRBJ987SIvk5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=05jxyx9l/E194xuRwQGmDQmK7gfBFntI1Itu/qASJ4Y=; b=MNBR7N9IqrXA/eZJyBZwYEYtjhYiU9w3Cdmf2xp8b4/Wwnl2U/mH4VzY3OpJ8k1X815H8yKcyfh2v2Jwmr1d/YaENxvO9DTQUurEuBVR3It7NWSCrnI5i+NEAZV4YEftjS2kNUc4CQKV04RQZi22tWvpd5fTOch+Pji1kQaPm6mAm5ebFEDOlbSqibAdyG6lzJ+KqrjZFPi+j7pB1ozOF5aZZp1q3s6pLZKv1UFffmkyNjc1DsS4lH4EVoPKfkiNDpbebWjf27iQklb4ZqAeqqndszWHJ3jNb0yMEaR6ssRVm6mWrDDAdhkblXs+kU+8Mw9z931H80GO5KYCdsHqzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:46 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:46 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 12/22] OvmfPkg/AmdSevDxe: do not use extended PCI config space Date: Wed, 26 May 2021 18:11:08 -0500 Message-ID: <20210526231118.12946-13-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 739dd410-95ff-41da-7a1c-08d9209ba25a X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:773; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: PihpNHXK4D6teEgR795mPFZto/ot8l9MrOdTJYrGSIZ7SxXxEfTHvOABwVoYtRSisjwk599cMF1q/ZbcCNI4p3YAfSRER1lO551oIKiM4nUYQVJHkVwKldfx1vTJyyMfSyn1hdY7MwQeegHUEgpZ7poJ3EHVXKdc74ZWRy82gcv375wcpajXQRTQGoKtw2NqKBfOabS7OGWG6bmHTmRhUenphNcCORjC3OA2N4g1ZqpK8kOqMgB+LOghYWHDZ5x/o2cc3SdRzZ7rB+lShpcv+mkHBUozDW8I3dlCdAB2h19nldpbMWXmgCEQF5MJPbatvi3AkgirqaiHPFcPSzfZSLZEvpDMkkjrn9Ao9HRaMKekh4A7Ng92G4NQVieMvceHrK0wglWUOrSBFpDClyTPcAKW7Me+wp3WNbsJ20g2H7Laam8ArywKlwd3EgSdYuNeizThlS07l7Fh3vZJf3jLq2PWSgvYQpbJoh0oAxzPEwxVEa5HCvq9OUXc4LM4KDotojWS1mKawiGLEF/kx0VcXqpc017rF9CRGOrCYXEDbvdRHlzQSACqXkyc2xrVzMdhDh9uHbNADlw/pc0tDq1wnInLaXCvcrsyGvtUEBzXj0xqaG+Fg5suH10G/cmKDT/BPNAWUM6pUy1BLiIM7ZnO42Mti3tNAHnRMUt/YIAdAit+dsmqRYgiG/7WEWKSZbFUbOKj0nL1tnX+faBBT1sOgNsYbgMXR1fhf4HmEvWS6HDpLV7LE4oDTWd0kaxIvPZLAa7nkDWaz1MhQJya333D7oFTFlz3XwnHc7Ejnw3NVUE= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?tW85RjkIIe3ZyXi6TKgywUyqmysPbfNQamQOtV2o+znxkwv6QKeIxF9M47k2?= =?us-ascii?Q?/rS4uOH6BM7g2OBP2bJ8vmm3m7QtLbz4EaY2nOjPPgyCpeyegIG1g9mipfbi?= =?us-ascii?Q?ag9Gwe75wJLZEZ8EE+ew9oHx9i3v0pwXh/w7t9NxFrMXGFwBLlXjR84xlRqk?= =?us-ascii?Q?nlGfgQfxqykViZs6jLfFDNbI3iWj6/4M8IVxT0oQ4nOXcX63Z5Xb48JgZqx0?= =?us-ascii?Q?98MYATRGBuMhUMlspopTELmG8rtaOpSsl5HIr/FEsqGDpADImn58cGzK6EcP?= =?us-ascii?Q?fphN9FnF9WmTnaSk8jp5lGNvnwiibGw5UrMktsGRQeFP4CSMAvF7Acd5dqAx?= =?us-ascii?Q?Ox8z2fmCOhkXgssXrGoaBk9P82w4IHHhtcw6lW7C57QigtNS0mSAOFoWp3l7?= =?us-ascii?Q?kL99EI5yivzfp481HUENYnsHfJaVlwpoO0KhTS4uC5/UunjVOxZqIJkp3wSt?= =?us-ascii?Q?uzdMXaamdfRG72xaLbCWRjj2M3gj63l8EoBrtfMf0aHLkX/Nj+jmEOuUmlkt?= =?us-ascii?Q?LbNkjxR5XnKUDCBmPE1WXuH/sVDCZ4VhV/OiDVkXefoqGbGT/KjRdcI8yaGN?= =?us-ascii?Q?y8C4OY8wCSK++hXOx8q+aW6Xj2GaFJEEDhxewfUIOwIrkZGdSBGjteXVQ8j1?= =?us-ascii?Q?WxLC4RT77aqzApkyx4rVKkTjE9a28HAxdl63Nj1HO2oizY2sEOxfH3yB1Grk?= =?us-ascii?Q?F0+eMxL6EBcJAftBMcMxhsQLjkK6bASDzquJ5N1hYIwhXgr0N6EXsBVG9kUw?= =?us-ascii?Q?1HMW+5ZR7ucUxt36IS8McRp2+gqQFiF4LKfRBZUpu3uWAz2Kq8AP3/Kzf4Hd?= =?us-ascii?Q?p5MRfjCItHmJyCHjVeLReqXCgyB98V4uEYRJANT9aKP2LQpOEPv8YCFVqMVs?= =?us-ascii?Q?4VXO1+pu3wONkhopRzr+1YbRxAniKhYDxewya8vpUUuGT7oKIpHYSdj1zAZL?= =?us-ascii?Q?I7JnA53na1CKzNS2GVMZbFqIMtzSxyOj909SzXZ5C8EzcwYPMyEmtrmBj+XW?= =?us-ascii?Q?cR77bqdxb6bPWoa8LP6qbZQ2+84KIagQQjfrogjvhgOZJMAW6MtNgw/rfHEk?= =?us-ascii?Q?vnkppKf0z8MSjl6FA7I99uP5glOUfcoZCgasPiklUz96qJJXM0bQW5KF9U6x?= =?us-ascii?Q?3IeP8gmozcg4TnCCY9S95teo92GZEL+Elxr2RerT2uZ1sHcaSO3sp+lFqTXD?= =?us-ascii?Q?9gwupTbMVbCZTWmC2xtutdr/3g0LBpKf1hz+IBUFPG+y7i/ZLXCxvSE3vIgP?= =?us-ascii?Q?IR97B9UVd8rtqhVmFOAFcfld1YnxnYXVYoX+liwoRIP687MH89LzwXH7PLSQ?= =?us-ascii?Q?nkR6qdj++ynmRkh0QK1rms2K?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 739dd410-95ff-41da-7a1c-08d9209ba25a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:46.7123 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JvZvd9owT8GIDUMvP4U5vsurKYOfg0iwEp+UTlMFuJx+oUNl/QUakSG1ePdxKEj4e43aZtfh0ZbbqaCa9Rygfg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: MBOR5DCussd8hWnCjhvBXGhGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070711; bh=IBgcjeSx2OFFy+0UPVhpHAukGPiR+U/ynBJ1ruZxqoM=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=TOsyJmTfdGaOxsy7PnX8M5Nq8u/Ly4M1WpDnVQ0DwKgLyQju1AVqiZsjrTTqAWLpE2c UHCVdTjWlXPbFLH34T5p55QROSCxNyyc3FnWakLfF41Gisioao4Q/q1qHWZ3voN77eQny 97LhX8U7WIPAfgidzhx4aGcUcuZR6IS6gCg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure that MMIO is only performed against the un-encrypted memory. If MMIO is performed against encrypted memory, a #GP is raised. The AmdSevDxe uses the functions provided by the MemEncryptSevLib to clear the memory encryption mask from the page table. If the MemEncryptSevLib is extended to include VmgExitLib then depedency chain will look like this: OvmfPkg/AmdSevDxe/AmdSevDxe.inf Suggested-by: Laszlo Ersek -----> MemEncryptSevLib class -----> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance -----> VmgExitLib class -----> "OvmfPkg/VmgExitLib" instance -----> LocalApicLib class -----> "UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf" instance -----> TimerLib class -----> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf" instance -----> PciLib class -----> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf" instance -----> PciExpressLib class -----> "MdePkg/BasePciExpressLib/BasePciExpressLib.inf" instance The LocalApicLib provides a constructor that gets called before the AmdSevDxe can clear the memory encryption mask from the MMIO regions. When running under the Q35 machine type, the call chain looks like this: AcpiTimerLibConstructor () [AcpiTimerLib] PciRead32 () [DxePciLibI440FxQ35] PciExpressRead32 () [PciExpressLib] The PciExpressRead32 () reads the MMIO region. The MMIO regions are not yet mapped un-encrypted, so the check introduced in the commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 raises a #GP. The AmdSevDxe driver does not require the access to the extended PCI config space. Accessing a normal PCI config space, via IO port should be sufficent. Use the module-scope override to make the AmdSevDxe use the BasePciLib instead of BasePciExpressLib so that PciRead32 () uses the IO ports instead of the extended config space. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++- OvmfPkg/Bhyve/BhyveX64.dsc | 5 ++++- OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- OvmfPkg/OvmfPkgX64.dsc | 5 ++++- OvmfPkg/OvmfXen.dsc | 5 ++++- 5 files changed, 20 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 66bbbc80cd18..4ef3d71877fa 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -814,7 +814,10 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 # diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 7d9e88040000..b8a7128b310e 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -824,7 +824,10 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 =20 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 6b0bc02bd536..75f87d311454 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -967,7 +967,10 @@ [Components.X64] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8d9a0a077601..7f72f4150440 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -966,7 +966,10 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf =20 diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index e535503e385d..d549f1b14378 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -727,7 +727,10 @@ [Components] } =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 # --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75728): https://edk2.groups.io/g/devel/message/75728 Mute This Topic: https://groups.io/mt/83113773/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75729+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75729+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070717623950.2210392319363; Wed, 26 May 2021 16:11:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id lN4WYY1788612xEAG8At8wLk; Wed, 26 May 2021 16:11:57 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.65]) by mx.groups.io with SMTP id smtpd.web09.40.1622070711612080194 for ; Wed, 26 May 2021 16:11:51 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IljAsPK/LNDdmEw9Fmjze2CKugFn/i6yZYl621i2Lo1zQiB9SV4PGhloTSGB4ywuk//SA9qmfUFX2GMotE1Hxg+q63GUqLqyEzCuuhBf+RwKMydvpV9fIwmANHIVnDC/exjvG5aJzwpr8uZ7X3ZIAUS+SYRKYFCZ1yNJ0aONBHZXTBLR7lfFjemVlEJ3e0Ua2ncq/sbeLzyr12xZfhAcZAdkRLs0DV0rvxln8AvtLD+BrLV7G1vsAnaJDevtt6ELyGNPN1m7HmmRmn0H5ZXxtlUZ+2Eo+Em5Anqpy1doFzTxkwhNqCuMFefMZ5H5JThHEc9BxUPgmC0FTX9WH6q83w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4jGOWhaF6bbDYEDdSalKIT1GuyJPT/FO9IMR0IsPCao=; b=bAqM3kRzhzjz23uCz235CxEJ6qOG/neKYsP1I6+dg/+bit7SlC0/jwGyOhrS3Vv3raxrwsCWYg72o/yR8LiyP3bAH49S7ZsELtHMCMAmlgWXKLh9w9yYJymz7gUUuDcDuBp/muPX1yNq9fFhwvzAw+Yp8gFMDe4C9wN1UFjniFIx64UCvYKv+tjG6K5Z1lPrbJn+rpvLYtmLg4oufnZ5T5VBlfcBdo055dcokFKr526ht4b1GLRyMIQXpBLWJXnYrCyf5wqFWRhASmVvXRKQvBMlxoHfOeTQhc1+2aXmJcV2s74nGRGX+ivAIbs6q9EAVps7EkVysfoDsUjWzbjzlg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:47 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:47 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 13/22] OvmfPkg/MemEncryptSevLib: add support to validate system RAM Date: Wed, 26 May 2021 18:11:09 -0500 Message-ID: <20210526231118.12946-14-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: dfc8c8c6-394d-43c6-e798-08d9209ba2c6 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: A8C9tnK3J7OG/MrqII8Dtv/1AHphA6skCNSM/QQ/0sHtyNtktxWguMvHDa0LcW2FriR+bIBuzMSUMK/7HjPJm9ypUuabm8g6bjdZdhkE82DRt0N+9jHU8BMduwI22Ty14AMF8F+rA2uLGo55XKNixY8dKbifsrSv4JL6KwpScY0/mAZPl8rCd3FqXgJrWiNspP8FxtE1aLnIgOwvx94R2F3IZiP2gSzn0S8KqLU20wB7owN9kco2RdRgcpzhyVt8FcDo+Nk5Mq5S2G3uP8ZCy6wHHCwe1TpjEXF+aIypjMYNQqLwGP/hmQpv/BACjlTC+A1I0qgz62KmeWKvG5+trFLa2t6rh5QhU7WePAia/x1MzzU6eKqSEHmm0jZR0dasP8O+Sl/l3bIOE8eFS5NYDtQp9f2T2PgCN/BQELQygDGl9MVj45AAB7Kea+0SL/kVFsm2uKst5H+9dXsFHR/7h+3PUz7Z02gpEzjqtm1S92799PyVHR25kCLF8C7OwuCYAi+uz3G4WhLMairnfoorLxdNuU1ae7FrTIpszHkkD5cZWTZDXmKNs93XSFt3mFcWY5dIhuv61Cb2q9vdT7CJqr0b5UD+P3Oy+zCNSGNvAlBgTW9aQBjvaZWT6i360Qwap7ow177TkpeX2/8TJn+apgkEHVArcZea4wCMzkFtYHUhTiKjAUJLpoflCOu6RRmxHV1QoL1iPe7JMjGbohjxn3Nox62qCBz3sq/qppCK7cDsPh0QO3G5I9pt/y0aD1yvEqAmJkh+Zuq+WZHh2oecFUYAP/op2VuRMypW31ByvWY= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?2cCOcJ/RFRgAPZrDat2PS9SvTLNQqcobALdylC6ElzUI8oCPJLgNSjvzshFZ?= =?us-ascii?Q?8P22Hs619nP3x6XiTQ58v11/oyi1yw4Qsz1lMYRHRLXQS/MV/KO4XvHImPaE?= =?us-ascii?Q?ZweXabPePupIHvMI3K70QxNEJ+Xjk6IHsyDNtbA5/R0YRY1+OX6bhUJcZDiI?= =?us-ascii?Q?u5pdA47VTDDCadj6DESo6g63ea8k+QMxaZWiqkPAq6OWsmiG4jCnjgeCvl0m?= =?us-ascii?Q?Y6XCHcZLpiEEQ5Bb4jBE7sETLsjPo2kY+2uFxEoaCGm+uuwAXq3EjZ/Emooi?= =?us-ascii?Q?ZXytJ8Xk5pkV41VAo0izUJnD+FuCFzkETylTVDdb84aqi4PM14bOlEwfNOh9?= =?us-ascii?Q?u7kBSrXXlrcHqqS/MMvE/xMvSmAVzk7Crp2ip2uz5q8PzcLWMwdL1zYVIso7?= =?us-ascii?Q?GkxsWyR/qdWuiqu3bOAAWvimESlFMGawJsWYXskxlvhkg+6S5NklomjIR7ar?= =?us-ascii?Q?wi4r5lyuSn40aZWIRsSEbFH6U/h32IQuo+mS2fL96j8TmWc+CGlWp94wI8kX?= =?us-ascii?Q?YVg3ZrXE17sNS4cngR4GxiCoZ0Pr9t0hXyGJPnXSEuwsXNt/LS8isC5+pbTZ?= =?us-ascii?Q?2VO4gzQCmDwxOmyH0jWbkLoE3fwUUAqKyHxoo3jvumHZ3nAdo/2FtldnErHp?= =?us-ascii?Q?MlOCEOuXNODn+MP79YRe1G0hX50ADs4nWgCOts3J8HMktUXK5oegSWP7EJ8E?= =?us-ascii?Q?CzIe2nztRISgFEG+TKo9oQ2Gcq8QcgXRnT1hPrcf4oqHb/s+9i9EXGSsQMoq?= =?us-ascii?Q?uOm29eVy4a6g7Rpn2s34L1nidlB+MdDRYBSmvlI7fTxmOYMyYODCgoBQ9346?= =?us-ascii?Q?rVoWB7PV+DHEEteuhErTnIPC1QlXsHul9qZ5V6EGH1mLM7YDEt8KGU0DDfUW?= =?us-ascii?Q?a+MpSgceUX+yXC08OqFUi/ixSldCuKpoEGEdXWontOmKyNrc9leGK34nZ2SF?= =?us-ascii?Q?lFEcKaKF8ooRqCb13Hr0mYNtEganjZSXCEGcrb2wDChL6leTy+LAceqd8oBP?= =?us-ascii?Q?bMQrvz1/GuADApgGlMiqL5q38ajNnKzsNLVUK05yWvNJh4/KBqUELP4uNvOG?= =?us-ascii?Q?JmA5Z9A2AxVRzQPdJ5QLIQNwU5y8HmImzbkhTcMbV5/LFaBayAhMuOvbHWp3?= =?us-ascii?Q?vYtp2G7XZOaY0dbr7cOfuyNzkcJpQ0+IePhgyp6Ra5KF8M43/Yh0XMza+9sD?= =?us-ascii?Q?IGk72/62B1mBE2ILfWyGFl2ifWZkNYQjDtoUy8LdvTlsmX7uno3bhNzwrjyC?= =?us-ascii?Q?W7lO1N3zWUc7egt0lNRahBLDyi+/q0fBo1C+y7lBNwBbtGesG1QcA8FBQfCA?= =?us-ascii?Q?Hd/NiHxwNmkZioHdO7gg+GOF?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: dfc8c8c6-394d-43c6-e798-08d9209ba2c6 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:47.4898 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nUHWLQvZUoyMaQmvYYUzy/YPNie7pt6NmKcuB9JyiC2tRmjEEk5hDbKG2a2PavBulJO4ZruKle3mC56DK+HPbg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 5Sb4W9szjwSswAUOmWdzppB6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070717; bh=HGTEtkqezIaMP6iAz4yLmcRcT7uyyLZl6LqBIiFzljU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=QQN/DNH3Hr9jgSM8d0Ij/bNCzhPS9q3GcZ1I+O4qtPpBG98JH7NeZJrNNOE0tiJkVIi VjOMi83eGyTNbOnGq7HuwLok/HRSYBqVVnctkcaBrmLwEkpRmtcXhpimrrnzUqVSjvHJ3 SbeMpOYa2CAP7v/ihb0x4+Z96T8zLRCusDE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Many of the integrity guarantees of SEV-SNP are enforced through the Reverse Map Table (RMP). Each RMP entry contains the GPA at which a particular page of DRAM should be mapped. The guest can request the hypervisor to add pages in the RMP table via the Page State Change VMGEXIT defined in the GHCB specification section 2.5.1 and 4.1.6. Inside each RMP entry is a Validated flag; this flag is automatically cleared to 0 by the CPU hardware when a new RMP entry is created for a guest. Each VM page can be either validated or invalidated, as indicated by the Validated flag in the RMP entry. Memory access to a private page that is not validated generates a #VC. A VM can use the PVALIDATE instruction to validate the private page before using it. During the guest creation, the boot ROM memory is pre-validated by the AMD-SEV firmware. The MemEncryptSevSnpValidateSystemRam() can be called during the SEC and PEI phase to validate the detected system RAM. One of the fields in the Page State Change NAE is the RMP page size. The page size input parameter indicates that either a 4KB or 2MB page should be used while adding the RMP entry. During the validation, when possible, the MemEncryptSevSnpValidateSystemRam() will use the 2MB entry. A hypervisor backing the memory may choose to use the different page size in the RMP entry. In those cases, the PVALIDATE instruction should return SIZEMISMATCH. If a SIZEMISMATCH is detected, then validate all 512-pages constituting a 2MB region. Upon completion, the PVALIDATE instruction sets the rFLAGS.CF to 0 if instruction changed the RMP entry and to 1 if the instruction did not change the RMP entry. The rFlags.CF will be 1 only when a memory region is already validated. We should not double validate a memory as it could lead to a security compromise. If double validation is detected, terminate the boot. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + .../DxeMemEncryptSevLib.inf | 3 + .../PeiMemEncryptSevLib.inf | 3 + .../SecMemEncryptSevLib.inf | 3 + OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++ .../X64/SnpPageStateChange.h | 31 +++ .../Ia32/MemEncryptSevLib.c | 17 ++ .../X64/DxeSnpSystemRamValidate.c | 40 +++ .../X64/PeiSnpSystemRamValidate.c | 36 +++ .../X64/SecSnpSystemRamValidate.c | 36 +++ .../X64/SnpPageStateChangeInternal.c | 230 ++++++++++++++++++ 12 files changed, 415 insertions(+) create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateCh= ange.h create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRa= mValidate.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRa= mValidate.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRa= mValidate.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateCh= angeInternal.c diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 7cbef8e82282..9ffe9e3159d4 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -267,6 +267,7 @@ [LibraryClasses.common.SEC] !else CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLi= b.inf =20 [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 75f87d311454..aeb603d87f13 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -271,6 +271,7 @@ [LibraryClasses.common.SEC] !else CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLi= b.inf =20 [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index f2e162d68076..f613bb314f5f 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -34,8 +34,10 @@ [Sources] PeiDxeMemEncryptSevLibInternal.c =20 [Sources.X64] + X64/DxeSnpSystemRamValidate.c X64/MemEncryptSevLib.c X64/PeiDxeVirtualMemory.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -49,6 +51,7 @@ [LibraryClasses] DebugLib MemoryAllocationLib PcdLib + VmgExitLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 03a78c32df28..0402e49a1028 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -36,6 +36,8 @@ [Sources] [Sources.X64] X64/MemEncryptSevLib.c X64/PeiDxeVirtualMemory.c + X64/PeiSnpSystemRamValidate.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -49,6 +51,7 @@ [LibraryClasses] DebugLib MemoryAllocationLib PcdLib + VmgExitLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf index 279c38bfbc2c..939af0a91ea4 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf @@ -35,6 +35,8 @@ [Sources] [Sources.X64] X64/MemEncryptSevLib.c X64/SecVirtualMemory.c + X64/SecSnpSystemRamValidate.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -46,6 +48,7 @@ [LibraryClasses] CpuLib DebugLib PcdLib + VmgExitLib =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index dd1c97d4a9a3..eec80474c8fb 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -237,4 +237,18 @@ MemEncryptSevClearMmioPageEncMask ( IN UINTN NumPages ); =20 +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h = b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h new file mode 100644 index 000000000000..8bbdf06468b9 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h @@ -0,0 +1,31 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SNP_PAGE_STATE_INTERNAL_H_ +#define SNP_PAGE_STATE_INTERNAL_H_ + +// +// SEV-SNP Page states +// +typedef enum { + SevSnpPagePrivate, + SevSnpPageShared, + +} SEV_SNP_PAGE_STATE; + +VOID +InternalSetPageState ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN SEV_SNP_PAGE_STATE State, + IN BOOLEAN UseLargeEntry + ); + +#endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index be260e0d1014..df5e4d61513d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -136,3 +136,20 @@ MemEncryptSevClearMmioPageEncMask ( // return RETURN_UNSUPPORTED; } + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c new file mode 100644 index 000000000000..ad8d8b388dc8 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -0,0 +1,40 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + // + // All the pre-validation must be completed in the PEI phase. + // + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c new file mode 100644 index 000000000000..64aab7f45b6d --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -0,0 +1,36 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c new file mode 100644 index 000000000000..64aab7f45b6d --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -0,0 +1,36 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern= al.c new file mode 100644 index 000000000000..fb8b50eab661 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c @@ -0,0 +1,230 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "SnpPageStateChange.h" + +#define IS_ALIGNED(x, y) ((((x) & (y - 1)) =3D=3D 0)) +#define PAGES_PER_LARGE_ENTRY 512 + +STATIC +UINTN +MemoryStateToGhcbOp ( + IN SEV_SNP_PAGE_STATE State + ) +{ + UINTN Cmd; + + switch (State) { + case SevSnpPageShared: Cmd =3D SNP_PAGE_STATE_SHARED; break; + case SevSnpPagePrivate: Cmd =3D SNP_PAGE_STATE_PRIVATE; break; + default: ASSERT(0); + } + + return Cmd; +} + +STATIC +VOID +SnpPageStateFailureTerminate ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D GHCB_TERMINATE_GHCB_GENERAL; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + This function issues the PVALIDATE instruction to validate or invalidate = the memory + range specified. If PVALIDATE returns size mismatch then it retry validat= ing with + smaller page size. + + */ +STATIC +VOID +PvalidateRange ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info, + IN UINTN StartIndex, + IN UINTN EndIndex, + IN BOOLEAN Validate + ) +{ + UINTN Address, RmpPageSize, Ret, i; + + for (; StartIndex < EndIndex; StartIndex++) { + // + // Get the address and the page size from the Info. + // + Address =3D Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT; + RmpPageSize =3D Info->Entry[StartIndex].PageSize; + + Ret =3D AsmPvalidate (RmpPageSize, Validate, Address); + + // + // If we fail to validate due to size mismatch then try with the + // smaller page size. This senario will occur if the backing page in + // the RMP entry is 4K and we are validating it as a 2MB. + // + if ((Ret =3D=3D PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize =3D=3D Pv= alidatePageSize2MB)) { + for (i =3D 0; i < PAGES_PER_LARGE_ENTRY; i++) { + Ret =3D AsmPvalidate (PvalidatePageSize4K, Validate, Address); + if (Ret) { + break; + } + + Address =3D Address + EFI_PAGE_SIZE; + } + } + + // + // If validation failed then do not continue. + // + if (Ret) { + DEBUG (( + DEBUG_ERROR, "%a:%a: Failed to %a address 0x%Lx Error code %d\n", + gEfiCallerBaseName, + __FUNCTION__, + Validate ? "Validate" : "Invalidate", + Address, + Ret + )); + SnpPageStateFailureTerminate (); + } + } +} + +/** + The function is used to set the page state when SEV-SNP is active. The pa= ge state + transition consist of changing the page ownership in the RMP table, and u= sing the + PVALIDATE instruction to update the Validated bit in RMP table. + + When the UseLargeEntry is set to TRUE, then function will try to use the = large RMP + entry (whevever possible). + */ +VOID +InternalSetPageState ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN SEV_SNP_PAGE_STATE State, + IN BOOLEAN UseLargeEntry + ) +{ + EFI_STATUS Status; + GHCB *Ghcb; + EFI_PHYSICAL_ADDRESS NextAddress, EndAddress; + MSR_SEV_ES_GHCB_REGISTER Msr; + BOOLEAN InterruptState; + SNP_PAGE_STATE_CHANGE_INFO *Info; + UINTN i, RmpPageSize; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + DEBUG (( + DEBUG_VERBOSE, "%a:%a Address 0x%Lx - 0x%Lx State =3D %a LargeEntry = =3D %d\n", + gEfiCallerBaseName, + __FUNCTION__, + BaseAddress, + EndAddress, + State =3D=3D SevSnpPageShared ? "Shared" : "Private", + UseLargeEntry + )); + + for (; BaseAddress < EndAddress; BaseAddress =3D NextAddress) { + // + // Initialize the GHCB and setup scratch sw to point to shared buffer. + // + VmgInit (Ghcb, &InterruptState); + Info =3D (SNP_PAGE_STATE_CHANGE_INFO *) Ghcb->SharedBuffer; + + SetMem (Info, sizeof (*Info), 0); + + // + // Build page state change buffer + // + for (i =3D 0; (EndAddress > BaseAddress) && i < SNP_PAGE_STATE_MAX_ENT= RY; + BaseAddress =3D NextAddress, i++) { + // + // Is this a 2MB aligned page? Check if we can use the Large RMP ent= ry. + // + if (UseLargeEntry && IS_ALIGNED (BaseAddress, SIZE_2MB) && + ((EndAddress - BaseAddress) >=3D SIZE_2MB)) { + RmpPageSize =3D PvalidatePageSize2MB; + NextAddress =3D BaseAddress + SIZE_2MB; + } else { + RmpPageSize =3D PvalidatePageSize4K; + NextAddress =3D BaseAddress + EFI_PAGE_SIZE; + } + + Info->Entry[i].GuestFrameNumber =3D BaseAddress >> EFI_PAGE_SHIFT; + Info->Entry[i].PageSize =3D RmpPageSize; + Info->Entry[i].Operation =3D MemoryStateToGhcbOp (State); + Info->Entry[i].CurrentPage =3D 0; + } + + Info->Header.CurrentEntry =3D 0; + Info->Header.EndEntry =3D i - 1; + + // + // If the request page state change is shared then invalidate the page= s before + // adding the page in the RMP table. + // + if (State =3D=3D SevSnpPageShared) { + PvalidateRange (Info, 0, i, FALSE); + } + + // + // Issue the VMGEXIT and retry if hypervisor failed to process all the= entries. + // + while (Info->Header.CurrentEntry <=3D Info->Header.EndEntry) { + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + + Status =3D VmgExit (Ghcb, SVM_EXIT_SNP_PAGE_STATE_CHANGE, 0, 0); + if ((Status !=3D 0) || (Ghcb->SaveArea.SwExitInfo2)) { + SnpPageStateFailureTerminate (); + } + } + + // + // If the request page state change is shared then invalidate the page= s before + // adding the page in the RMP table. + // + if (State =3D=3D SevSnpPagePrivate) { + PvalidateRange (Info, 0, i, TRUE); + } + + VmgDone (Ghcb, InterruptState); + } +} --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75729): https://edk2.groups.io/g/devel/message/75729 Mute This Topic: https://groups.io/mt/83113774/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75730+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75730+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070713239518.289724746001; Wed, 26 May 2021 16:11:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id pPzaYY1788612xnbxf7Qz6v1; Wed, 26 May 2021 16:11:52 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.40.1622070711612080194 for ; Wed, 26 May 2021 16:11:52 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=luMuXTMDDsLrN2STW71iOH4W5y8NJkft0DXr6gND1n5Tb1Uy6j5vK3fUD4v9GX3jW1niKy3azNrtOSp3ZcceKlI3W7GgVOCXgivvtDtLBPK5sGzeOUQ6Ni41y5QqBn2PJSioHOK3MLa+Qj5D1LCmSU9FGzsX8B8mXOw+vEAEyMOpTCufcH9utTWyhur57ejkaX27w0In6XoDstPEU2eRHz/DNHjkPT94WsGDef6uP+or7GxSuIirjaO4EFIzjkLaqXZr3P1uQXF8Da6UWkd7BpW7I75MmaoQknGncgnrP8Qq4bdEvBQKDoOzbNEaQJ+gv6n24BN+iFTNbZiXuqkyLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=OBBXnGQF36NnSTzzwGCOUC/SId3BMtcQYScwCGIBAkLz3y2RmzSByJGV1IrPWhCEARpuHfDmw02n2EO8OXgPcjRGfeJ6UKGrpaiZwL8rUoGMeFYthBvm5fjdBTa/0YD8BgVMjp5ncL47gcnowTCH66rApQ0yTGmeNsICsU4UAB+KkkSALcZBJ/oOUXzxOCthHAZFaov0kBbxhVmUD7A1lwrUFwAXcetXeXu07Fo2nc+p1PFmdeZsNYVOHAKHdzvE79CfLQ2KRnpjiDjkIXnjaMUXqXoBjGuhIlolKEi1LVhvdRQ1bDH5Qut1KefwA2a6kuO2uBYWqxW1yg2Rtq/Z3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:48 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:48 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 14/22] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM Date: Wed, 26 May 2021 18:11:10 -0500 Message-ID: <20210526231118.12946-15-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:47 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cd3560a6-7e5a-4860-c140-08d9209ba337 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: XNDGHF2GkQsV9s+4VH1069UaxlpsVOa2z0N+UP8eZN9F8GG/mC/W4sB7cXCjXhzPqFGS1U5hIhmSPSyvtARLafGqpNTyzTzFsA9SJ9E/XngC86/aKH6+HtZLgwu/MGpRhnrlJgU821g6u7IDtWBOgzYHUfLuYXxgYYgW2fhsBzvuX8CKzSPRsxzGx7bvg5HPN7OHUxIjluUCnR31zdfqQrA3XgvIOHAqQyosqvzJZl4vx5GyxXyJ+MJQXjIhHfTzyTvPo010tkiSa2/k9puvchroie83XXfqyUJ9KVuSo5jtT7iDiUDToikWO6ryXkyYdPeNN2BoOiq2UE9fVBlebGbYmRBgc2Qgim1RT0l+A43DBUDdpKj+KPazpevilYuZheak9jBmuRfta55TZI/UPsJPUC14o2VXnqKyyLltfI4RJ5kluki6jEz1XfcfBNBTM58vzjfsAspCxLteYOk7VjihAE7zTF6wqc/LC9mOarlq1Kg1LMqeEr86EXRSjKZSjO67jVu6DuIKJy3LfhykuJI2o3uNagThEFQwIikgDQK/9W2AR2rKtanvJQkcTeXVCkmsZgNHURJObWhGxBrAZ55Nrot0JXHndiSRX4B8DFV2UTIjHTFSBe/VqmML8uSeWh6wSmCYX6jt5p3vJ1u91lKzXynJBqnch6u0vTrpBYrL0LiDId2tFDfKF8IcYqJ/NHpoLpzyK5DGVOLD0JjV0Gxu/sgpw8J58HpC2dGfO1I0OqBNzv1W04WHUCeWmaPzVWSMheYREAKipaVDkwrk1K7SlLNlH9gj+7tgrTWrnxg69zfn5rjhQs1CZLT83bZv X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?f0JDdNTgR+UEDgNO7ljV9MFzOn+6I7B8PE5olPv07aC9K2szY4PIAmApuggr?= =?us-ascii?Q?w3ZNWVkSSzkNfXY+9oV0FzKemXE9O5pNw5IJXVAxVRDE+MGMxp1sGxbn//2O?= =?us-ascii?Q?KC/9ev/O1U1B+pTtXEB1E/6ii4mFFlA8SLEAs1eL47fhxGHcwAS6Fo0EXMQR?= =?us-ascii?Q?HqZ/SGtGy4GdWDmjQZTRt3yea+szAm9PEP7CKbtuQxgS8JYIE0SJs+4TLqXd?= =?us-ascii?Q?T95qFOA3RXJateo/6t9sTeohXnG/n2bmTFvyGXFBfBZQpUyapUTNnRwaxpHn?= =?us-ascii?Q?2f7esdNa0lFkC+YnvzmGjVlNUBLpMS2Zlmumu55QWzXEyg9pj/CFvxy1J4qG?= =?us-ascii?Q?aPKxjnhDK2LzYALg4teKMTNwVipj3Hcy6ll0ywSBLzziIm9mVkpXz+fOCVY6?= =?us-ascii?Q?ZshPYYlLuBXVCvftBQaF+BFducBn4xuOD7xV7Opi9NTOrk2ykRI6mWfXPeUL?= =?us-ascii?Q?htF4RW0Vscg4SCDWEyYZKhgrzH+RWOartnq0cdhwy6foczuf2/M4aHWzIO7K?= =?us-ascii?Q?r6zAPcIZyZ8iCz0nxiPNKdMrQ4p+i8NvfcMPOCFD1rhMp0upGV398lm6q+E0?= =?us-ascii?Q?Gvmwc6tgPNAhXAgXoQUGLflMB3/JugSCx6TF9/XeGHQXS7UtwoClUicdUAe7?= =?us-ascii?Q?N12C10qiSBgKGxnAcJV17N8L75f4nEEIIy7U2SQt9B0+l0/bGdzCxybdIRoJ?= =?us-ascii?Q?n9JW98Reb3kJ7Zn93ETWi5hj74XIt//2QJUtK6Y8upv1RwwiepymLZk0vUS7?= =?us-ascii?Q?iR/hHqSezd0ndzXYIzBkYAEft6Mj86wPx7erTrQyfCgSAaHpU1xUQrSq5FNW?= =?us-ascii?Q?7JVh0LQz5G0r2Ng24/gjiu/MXHjstEDwj5XSC7taQkpCdy8jL6EHSAhJIsC0?= =?us-ascii?Q?U55iuaiLVIv3E5orZrEHi0kzN7gwkHrcIwLzrz+kKNtOJtqa0If3fGR64hTD?= =?us-ascii?Q?++8S3Mv1Z7eX9d0Y7vnklG3jSKq8vSMB/5HbST70OwhCUloqNloeGsyO4jx/?= =?us-ascii?Q?5Hb6zGXPCIl/iXOvygO3lR6sjlVd9sNbsxQcUwrwGZA/Ri6ZWJfaDPevHibO?= =?us-ascii?Q?i0miAAIaN0fD6ZHe3b0WCULAOZW/wwAOUVZndat0qylAR9TuF8uje8Fg/bCO?= =?us-ascii?Q?HXvlwvA9Lq/vsBCjnVgAcXpmkrvvQ3eYSiKnsZVpc8fyi0QLxuaDoGMDrk0K?= =?us-ascii?Q?x7Zv9c8Mp5ENO363jHNYYDnV8/pntLgO1t/9xLCPf2umfnCVxVOnz149Bl/Y?= =?us-ascii?Q?j5AO3cH9RLbdBxkc32kYAy/VQ5OMVotLwkWE2CN5SVxSFwuo8w8FWmHvkmMl?= =?us-ascii?Q?meQFyfwmN/iAx27NhqlEG3uz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd3560a6-7e5a-4860-c140-08d9209ba337 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:48.1604 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wiYfhlTacXg4Hg5GuvAAi/2nqTpZJJ8hzKKV8iQEt/vXxUjtFnRU0LSg7iB1/kloZ0T2/ILEQgPHIAL3RmJ/rA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: U24f9bQeVQWfhGDV126ojhm7x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070712; bh=NVlkWmVy9nvxRU4Kg5yYol2iMWUQT4LH3U5ALN6jUrw=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=qj9FcZ0BXbIkOknYKv/9nk5Jw+5JUAvBhgc2ZsmN5Vi6J3YapOiIAAY3BOK5m38PQTx O39a1WY0jLal0MB36TfQo61ErGtSatL09NamOEek3qMF7R4Fa3WjfwLnRXtaOSoQh9Z7r 17kvpiXB3Uogs5ywXMKg+BIqAYsVjJdHq3Y= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../PeiMemEncryptSevLib.inf | 2 + .../X64/PeiSnpSystemRamValidate.c | 65 ++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a1028..f4058911e7b6 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 64aab7f45b6d..3e692a3b869d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ =20 #include "SnpPageStateChange.h" =20 +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i =3D 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress =3D mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress =3D mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)= ) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + } + + BaseAddress =3D OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress =3D EndAddress; + } } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75730): https://edk2.groups.io/g/devel/message/75730 Mute This Topic: https://groups.io/mt/83113776/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75731+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75731+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070719490524.9103861981705; Wed, 26 May 2021 16:11:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mM88YY1788612xvcFhgeLXbf; Wed, 26 May 2021 16:11:59 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.51]) by mx.groups.io with SMTP id smtpd.web11.43.1622070713334336839 for ; Wed, 26 May 2021 16:11:53 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SXuL/qKbwElUQyaVe1OlEMZSNJFVzypT91+yvDJsZw9atFoHx678x56M+NiflwFMuAin12OnsTgUAzXKUXiG0kK3puSljQNYgmT0MN0BMzQzuBKdYtaaaJHCcUhQ2XhUHXjdnABkhkuvvsvE4XZO5bxqLzr+Jq9y4Fu9So5/E5bzah8N478863OLu34/U/xx8NG1Y5uHe5ogT0szKewYekwve3wALYE5BIPDyjIdOUuHa7iqplXS8g9sOOoihyuvQhT1il5oG2ZmNq8kTafCeYr/3KTGW7jRvKgjCbURCNAfZwljFI5GIpVneU7V25P5nvvnWutjH9jNh8eBTgJEaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X4x7TaASwfTqzc0ULE5Yhp7i1E9LcUSyA6138RpOmq0=; b=Zp+bc11HNcUhK+FPTJrL6a35CzffWp/M6hDKvFu/P5wK/trXFd5VnBcTtaOotQHDVHCVByAXzGRmK0KX3DjqkIDPggYkvBTE24zZOpVJ3w9p6KIVwESbeJGuG9u5xzRQ5zcz0mjACN29OaXDb9DoXricW1WqX9SxqO1FLqYrmLyUCM9BqXj24n9EBCqxov2N/gG4nDaFmXZeEDXitJp1U2NEW1LLPY+17eSeOfYPxNqZoXPmVgTaFHYtNgnjg1not7CVBeRyYgol4YeM0fV8getJ4yNnGCgKlUugkmR+++digN/A2QABRop54kqOzbCMBicANW7klvfc5EwXVzUYzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:49 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:49 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 15/22] OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase Date: Wed, 26 May 2021 18:11:11 -0500 Message-ID: <20210526231118.12946-16-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: addddc1a-d676-4c0d-8a3c-08d9209ba39e X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: wd7BORdQ5AavgFYfLH/gp8/wl9atJq+hmCO3G3fpfMa+Rljjr5Xe07d3FVN/JTMDQGyLK/jc3C0BSHTGKt8LrH8gZK/HrkP019Vk685lQWpwWbqla/VBwOo6iZqEcymXkFuhhndV2EDUSsnqj09HJh0QMetQSZUx3717fxdnEzMGWoqo09BKMhzs3apDiXcheQT33+lK37QcrNwrts123Agmvqh/duIVy9sEL2B9GNsxz2haFSV/4zOIyjvI++3+pUmUoM3k6u78DKnHdOG7q9UjcfwSfodXfCLm5TzCiOylc2qh/z07g6ETyR1os6SexPIcswyMw8Mt2J4RyDL3ESwl9ii+Jq2jaPzx9L0Daf6UIKzW1Ttzqmax7cDjjHRRccmmgv8CVDBNznhhHQMQpOE4MSL/zaXoJXSOIHqrcwaJ3AZ6JHm864VgaZ2D+UOBfajaCU0jjgZZ1WSZVua2e6IHwiRM/JSxyby1LmoL1NRUdccjqnIJBE1CZixXziOJ44soHi39WzOXy/pK+0Zpo8smB0ukLmDY3DAdoyAWU+uqGj6QTvmOh7eIEo+MhII91SiPmoL1Ys6QHGR6noOx7eCjAODQDSREm1jiqfXDf3nrWfanv+22iSzAwZx9ZZnugGwZW+onqMj32n66nuGrNqQTy6IvVcCZ0v2zjDKGXgq/66dL2v1wDfklLe+Gf8srDeVK45BZEgywQK9F17+/Q+aCpBomWbNgAtv73QhEwtSlVEpjC68x+4NwIuu5TLmMRnX5AwDDDcn5AC1Lw1h9KKn1dNMd1HRfst9I7z7VdYs= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?ZUjj6A+LiqqznhOMJlaETwrNdsU97OlXvmZc8mymWB167ZSn7NDrBI5heBC2?= =?us-ascii?Q?JBcHJvoFGcAv/MTXG9C141zcRuvS7QojUVUuzmKtzHE0tWyiaEnv3F5+aLDT?= =?us-ascii?Q?2yFElCd/bFxUEiWe+0Vd5zRL+eI/E8fz1s1+ONCagfEgAxbLsluX5Y4KRRW5?= =?us-ascii?Q?BOqcAtbRq7RAR3O4AvljcK1W5D91aTADy7XWEBmuauB3/zfE81fEHLKaO4Y+?= =?us-ascii?Q?FMPGkOB55PYMw0ir9qaHmBRm7mTon7KnXAM4d47YSJnlckyZEeab51WjHQHb?= =?us-ascii?Q?bznxiYQkR2Xf5yxRxfi2leMLes3Ybhynck3AgPMt0oXXksgk3ZvVbBgUM7Gj?= =?us-ascii?Q?IjtIxyYVbCty3e/FOlBT6Ky6nJbWsuNdjRK97utpXvHA34etspBt0Jp+Bck/?= =?us-ascii?Q?Sh9DyuXGyOIJclnX4HZ2JknkbuPE+4sCpPbE019pgWmBOgBeRJLwenKSdgen?= =?us-ascii?Q?ksLWJGedJXZwv/lLwSdxHRwifLlnZJsQVctkJQhLowLVQQg337yhfGBt4s7S?= =?us-ascii?Q?zm6wEFZhPJTqHezG3/eeRP6VOQ6hWKsTBoJn1zMNfyyh7xMdu39qDG7qeCaI?= =?us-ascii?Q?Zis7VnWbgTPEm5NGhtrqkdb1mbXXeUQzfrQ216oI1B/mL+hJtWKkuvdBxN6b?= =?us-ascii?Q?l47HSz36a4xRVVu7innpF9H63aXrhcFCtkJ4TzhAw+axS+CzVpvRai/FXXBw?= =?us-ascii?Q?CtGOQVr0qH5eU0HLO//u0XBav4zl0fcu2tR1QfTcEUTpJ2yNmFvdUffdLKFY?= =?us-ascii?Q?lPaGx/B6KNC25J5Oi3AnKxaEKHx7OI8cFjLyBq3pIAcxAvoiWIOr6rVn6BSK?= =?us-ascii?Q?cennsobilIE0O+aFVau8M+0WjRrfo/XSzsb/zI1tMuyirfKQKvtVWdJcAh7w?= =?us-ascii?Q?fA4pdPirY8yHkzgZSd3wmSHfLykpqt1vKeWLOBUxVxnRCabJVpwR2eGzdPnO?= =?us-ascii?Q?mkUHPVs1dWvj/mKi+MHZcoEiGHeuwO4zFoQugmzNyybhrlDpGStTEVptP7L+?= =?us-ascii?Q?jKBtpvxRi/ekoHz47vmvl+T7VRY30RBIwcc57KLJQaX/b33EvY9drLGWRV2L?= =?us-ascii?Q?I7TJ4jdb/ENPMVyEKFvmUnWUidGZ9ZYpVhZoR5a+GGjL8r7IxbwyxwlSkRL3?= =?us-ascii?Q?1/uCqlt53minYvwNjJgDCdDe+YHwIbpoY3z2pXAiozmNw8/f5ZGJlLdKlCGa?= =?us-ascii?Q?I6nC5pktWxlpzQ6mydyy4nNpsmciTkZbg/a7vZ/kRSdZY+i3Qs/bprqcQNOI?= =?us-ascii?Q?7AcRfy+qi207z834tOYaDmN2OHgPQJZEkC4oM1+Jic3jZFxmuxJlkiTNHgEr?= =?us-ascii?Q?0B92hkuo05fQwmWsLWBH2Odt?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: addddc1a-d676-4c0d-8a3c-08d9209ba39e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:49.4017 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /gWqy69/20/si172UOPU8qjLZA9RSYKWXWP0b1A9naoYhPli0V8CmYpoMNtLUn5zcRyuC71X7XblWCPNQhqsAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: ATXUIBT2eVh6PQO3cVrIPH5Bx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070719; bh=y1MzGoYzi9xlUOVtgT/xjRQzGA4HRXQ5C6SrZUbifts=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=PQJFANpUqy8r6zagbQMkOHSp7qGSfyA0Jw+RiYIHQGIZ7lLa8ON2OJMaaRRa7qGFSoj cJNgdd/I9xAxPzg78lcTSyCJ8ltrVBuQ2zd/OH6lHcc7Ly7Nj3j+lV+BWuy9vIa7/Uh9H 70g8uDDCYe1crt38lcoAvuuxlyCCz7KMXeg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The initial page built during the SEC phase is used by the MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The page validation process requires using the PVALIDATE instruction; the instruction accepts a virtual address of the memory region that needs to be validated. If hardware encounters a page table walk failure (due to page-not-present) then it raises #GP. The initial page table built in SEC phase address up to 4GB. Add an internal function to extend the page table to cover > 4GB. The function builds 1GB entries in the page table for access > 4GB. This will provide the support to call PVALIDATE instruction for the virtual address > 4GB in PEI phase. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 +++ .../X64/PeiDxeVirtualMemory.c | 115 ++++++++++++++++++ .../X64/PeiSnpSystemRamValidate.c | 22 ++++ 3 files changed, 156 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h index 21bbbd1c4f9c..aefef68c30c0 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h @@ -143,4 +143,23 @@ InternalMemEncryptSevClearMmioPageEncMask ( IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length ); + +/** + Create 1GB identity mapping for the specified virtual address range. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] VirtualAddress Virtual address + @param[in] Length Length of virtual address range + + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + +**/ +RETURN_STATUS +EFIAPI +InternalMemEncryptSevCreateIdentityMap1G ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ); #endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index c696745f9d26..f146f6d61cc5 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -536,6 +536,121 @@ EnableReadOnlyPageWriteProtect ( AsmWriteCr0 (AsmReadCr0() | BIT16); } =20 +RETURN_STATUS +EFIAPI +InternalMemEncryptSevCreateIdentityMap1G ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ) +{ + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; + UINT64 PgTableMask; + UINT64 AddressEncMask; + BOOLEAN IsWpEnabled; + RETURN_STATUS Status; + + // + // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnin= gs. + // + PageMapLevel4Entry =3D NULL; + + DEBUG (( + DEBUG_VERBOSE, + "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx\n", + gEfiCallerBaseName, + __FUNCTION__, + Cr3BaseAddress, + PhysicalAddress, + (UINT64)Length + )); + + if (Length =3D=3D 0) { + return RETURN_INVALID_PARAMETER; + } + + // + // Check if we have a valid memory encryption mask + // + AddressEncMask =3D InternalGetMemEncryptionAddressMask (); + if (!AddressEncMask) { + return RETURN_ACCESS_DENIED; + } + + PgTableMask =3D AddressEncMask | EFI_PAGE_MASK; + + + // + // Make sure that the page table is changeable. + // + IsWpEnabled =3D IsReadOnlyPageWriteProtected (); + if (IsWpEnabled) { + DisableReadOnlyPageWriteProtect (); + } + + Status =3D EFI_SUCCESS; + + while (Length) + { + // + // If Cr3BaseAddress is not specified then read the current CR3 + // + if (Cr3BaseAddress =3D=3D 0) { + Cr3BaseAddress =3D AsmReadCr3(); + } + + PageMapLevel4Entry =3D (VOID*) (Cr3BaseAddress & ~PgTableMask); + PageMapLevel4Entry +=3D PML4_OFFSET(PhysicalAddress); + if (!PageMapLevel4Entry->Bits.Present) { + DEBUG (( + DEBUG_ERROR, + "%a:%a: bad PML4 for Physical=3D0x%Lx\n", + gEfiCallerBaseName, + __FUNCTION__, + PhysicalAddress + )); + Status =3D RETURN_NO_MAPPING; + goto Done; + } + + PageDirectory1GEntry =3D (VOID *)( + (PageMapLevel4Entry->Bits.PageTableBaseAddres= s << + 12) & ~PgTableMask + ); + PageDirectory1GEntry +=3D PDP_OFFSET(PhysicalAddress); + if (!PageDirectory1GEntry->Bits.Present) { + PageDirectory1GEntry->Bits.Present =3D 1; + PageDirectory1GEntry->Bits.MustBe1 =3D 1; + PageDirectory1GEntry->Bits.MustBeZero =3D 0; + PageDirectory1GEntry->Bits.ReadWrite =3D 1; + PageDirectory1GEntry->Uint64 |=3D (UINT64)PhysicalAddress | AddressE= ncMask; + } + + if (Length <=3D BIT30) { + Length =3D 0; + } else { + Length -=3D BIT30; + } + + PhysicalAddress +=3D BIT30; + } + + // + // Flush TLB + // + CpuFlushTlb(); + +Done: + // + // Restore page table write protection, if any. + // + if (IsWpEnabled) { + EnableReadOnlyPageWriteProtect (); + } + + return Status; +} =20 /** This function either sets or clears memory encryption bit for the memory diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 3e692a3b869d..69ffb79633c4 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -10,9 +10,12 @@ =20 #include #include +#include +#include #include =20 #include "SnpPageStateChange.h" +#include "VirtualMemory.h" =20 typedef struct { UINT64 StartAddress; @@ -68,6 +71,7 @@ MemEncryptSevSnpPreValidateSystemRam ( { PHYSICAL_ADDRESS EndAddress; SNP_PRE_VALIDATED_RANGE OverlapRange; + EFI_STATUS Status; =20 if (!MemEncryptSevSnpIsEnabled ()) { return; @@ -75,6 +79,24 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); =20 + // + // The page table used in PEI can address up to 4GB memory. If we are as= ked to + // validate a range above the 4GB, then create an identity mapping so th= at the + // PVALIDATE instruction can execute correctly. If the page table entry = is not + // present then PVALIDATE will #GP. + // + if (BaseAddress >=3D SIZE_4GB) { + Status =3D InternalMemEncryptSevCreateIdentityMap1G ( + 0, + BaseAddress, + EFI_PAGES_TO_SIZE (NumPages) + ); + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); + } + } + while (BaseAddress < EndAddress) { // // Check if the range overlaps with the pre-validated ranges. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75731): https://edk2.groups.io/g/devel/message/75731 Mute This Topic: https://groups.io/mt/83113778/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75732+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75732+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070720415576.5094620451752; Wed, 26 May 2021 16:12:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 5fyNYY1788612xL1zXwItm1v; Wed, 26 May 2021 16:12:00 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.64]) by mx.groups.io with SMTP id smtpd.web09.43.1622070714444189231 for ; Wed, 26 May 2021 16:11:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aQnzrL8t/JUhUX5xzmBv4rcKYQsBHIUluhqLdSW55VeClgsmnftfiCS0oYzkfcsM6vYh022+DoR8hSLfXPAfTE48IjUsXJ68bOSvT7w3AVmH+4heASf+9Ldn3V1MmByQGv5KvT5SZOqVd32wyDUJqnl6QyOsP/vXLNYUIfSxZyvdGDAx73HQfjYXxXr7CT8mCx+8GqYU5jF36vC05XgBIq9kUPuiceoenQTtYMFz47eJV13c9Lhvmwhx5hPjsqsOMsdLJ5Xxt6Yespan94Hnt/MsWsvOpl8rPr0iP0e3slF4nnt5L/KmVZyUAtTzU70Pe2R/y2jgFLKKY5FiornxmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F8BEfoyDZu5Kwxxt9LS1aYA3Ivg85ehfJKOzeYsHNx4=; b=MdaUSfK/U72Nbl1WIK9+PlLafk/OzWB5kgAYQNBFa0UtYUdO//O6zLtFAmI46GQdQpMir8IcgEe1w9iUX9MFhXdqSeNXf6RNDcNk8wXG2ZjRgShi7b4PnqVm4ENZlE6JwfTHz44Ujk4n7Tv16+AI1jpsUaonZ3PH1XKhS2aHUvph6KvUuZJB5I3IQXEABjbkvFiu6SMHUeZmSIqwwXQl7OlYeqz2pL53Ti2JSR8HH4GjFbEk2lHLjLTAeB75/D0o809MHz0OujSSZwObhe9rbiont2v4dUEPdEgbOzPtb2Zbbcly87KTjQLZoPq8HfE7zoopxbKhBe12Ku1EucgD0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:51 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:50 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 16/22] OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv Date: Wed, 26 May 2021 18:11:12 -0500 Message-ID: <20210526231118.12946-17-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:49 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f2b86cc9-b7dd-4e12-d7c9-08d9209ba49b X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 6E2IXUdVAUgLmZiWdjoTaHkpB7fUxImO+8+Vd5IOC0452IoX0Zxm9C/vFbS4TWNbLn1Bz1Ki3RkGwiCuzAZwuVeU707bd2HURX08riM7D9MReCnGjl629cteRCHYOBqv7fpZkSiH5+aHxPaDiQF2gtZwlvpJihiKqk7ghhC4ZragOIrq4CqVVJWIIFBkC3R93afScqN53PW63LMEk69csVJUEbGhN74Yuf/vzufe1AHBdZ3ie8/QxlNGJOculUnLHlm6czkHZaXv3ZAi/2SIuD3sacwFf5dZfW9H6XgJ94xP6IpWxa3WUYzxwOtb+0AKLn1PzCFBMqGNaP2IA8fk752XJ7qvHji80JPlUHCt2JChzNQLRhLVN3N5P8xCPkUaVEBHhcht4NoW/VOOMJ/QmAeCn3F8JFvk9Bq5rrpbZKOCITRF5+kAm7952/cupn0/YtLH94mQTcereMfVQHlDvE4Kh57M57OxxT7gwfZi91LpnqgTehk1YU81apAHrRmj5ihpWQEpZ96/yrK24/V1m1RuSj/qRJSf7nnZyVLEb3sjNg356BYZ3Pnh/Z0RSiI1+8W/fcPG4s0DAiLJW9PA3aH9MOAA3XTg/jMhlAOdOhperztiYteMMYFOB7irj9xM9Nsag6gzeDgsem2Atgt5UHPWst85m+iu99mPSRftklqGldoI26TPIfKgWFUVMO0hFuhdXYl+WLqj/gU4ZfT017pkqdY3YldS1QvztyhP4wv2kXX8gqeiwmDdwUY/JCZwARiKa3j+EZml5ccU7U6+7SGg4Ba3qZ3XCYk45lzkkjg= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?t/a9IPW1AMqEwQtyoYw3b3hapH6ZqpYktkrtSXl+366Zq2H79fNLO9qzXXFf?= =?us-ascii?Q?t9ULe+DW/F2jlsaNUahTl4gJnW3Vv9S629ElX7+ZxvNg6vMV0fujftyxe6rT?= =?us-ascii?Q?Q8U1smFsjoJhknZF6TQboW38ucTlHQy5XnQkMVc6KKHS132G1HdiVxb7BeDc?= =?us-ascii?Q?eDYxvsmMGiylBsdFlvABETyI+zfd+1mD3X37O2A69MF1PMAImfT9wI0lmx0N?= =?us-ascii?Q?2QBKhBvg6Z/10OVshXXgpuOsYx1DJm0au0+eogjAQiCcuY4WvI0dZx/mVrIU?= =?us-ascii?Q?PCUiCEEJla55iKUlOgzJGEyUuXcZOz7aDV0wf6AkRJkBLBZT6M92mY1PSF/E?= =?us-ascii?Q?/vI7bgk8npFQa0lL3o9TSex+6ScUldSHPxK8qvs/hm4TLZl2pZqlovgc6LXL?= =?us-ascii?Q?j/eEvTKb7z1Wki3ebgJREqhRcGfBtFt7+vaYvU29rM3pq43SlvUnvJo+VNph?= =?us-ascii?Q?Y6zfRmHZaK17TKlFW9l4xtngh7clhV7WyEH0Y/sQQm9MK/J+yZYMshQMMK4a?= =?us-ascii?Q?5EHwq9f64ENXYcKTdIWvDRDSwVGqCg5VF/opsHG+RBv2UnEs6oZZdSAEKyMt?= =?us-ascii?Q?sizTOcks4YiP8H/D4uvjWJml32OPGyVbI60++iN87BwC0YAjqpx5gtOgluvv?= =?us-ascii?Q?Z42jywJrfnRGK7viXViiMkM7Zhujf5QabtgGSGJi3KhK2lTHfeVAqhnCrJnD?= =?us-ascii?Q?BBDkdkw9JmNx9rwZPmZIDDFqsXPXkI9jQqR0hyMK4YGkkELXaM7ZnXP2jBtd?= =?us-ascii?Q?qB5MueuyatxrnsxalIIJKfaglcdmMXYOcvQMc0ZFCA/F42GZZsdtbdUMvk0E?= =?us-ascii?Q?Cj0anRmQiJHCi284v7Gqy7TyLGSm4TbByQvyjlR8tvMeaCA4cCx1Q3zaeCN0?= =?us-ascii?Q?SV0uic9Trx3dr7pQcOIUOy1XNkQt7ASlYZalEzNYxGgmo2A4t/wP91Ht5etf?= =?us-ascii?Q?A8XXJMOp6GJJwDfR2IK2xk7BaoQTe02M87CX84IUkq1ulAecOgyvrBu4Tbao?= =?us-ascii?Q?9FJqMaknY3rpXXiRIFCoyBylMTkgb81My1JJ/GrlArEmSKd7fA6ccSJ9j46b?= =?us-ascii?Q?2m3bbmtM+xMs65qzwVGsIhMJrd4tlKPbsyNB9pW8s6BP2OW7nEL19RqJgjOj?= =?us-ascii?Q?r/dbhyh0dzbFVM2rMNnJOOk1TzXbkyp3Iwuym+xikkSX/x+j6QGK1oTPZazw?= =?us-ascii?Q?a5AR5Kw3slf+plxCZlFIIR+6Fxsnw22p6yQbaDQGMyF5vPSZ1nqXoM1sn1hQ?= =?us-ascii?Q?UpTzURt12NHFm7e2AR8Ed80pydN7Z96uv1vnmBSfwAebIAai6g5pmeVXZp0E?= =?us-ascii?Q?esLsOzTk+X6vuC0XhR2atucM?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f2b86cc9-b7dd-4e12-d7c9-08d9209ba49b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:50.6290 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ehKC/sgzFv294GtWOj0eC96wLQ0XZxkkZ8pl6/cl5UaYcMPtwY3zlTdArTJUYIaEsoB+TGJY2qDRcgHB7Nzclw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 64KwuOHWTZ9JEFnGUHvjDrCZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070720; bh=dPfzqjFIcpuy697Dmu2ncElxYme0U0lzjF780dzuWeo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=GXy6PTna5sqFtvQ1dLYG4NS011ue0mAlvXrKtffGXPpZTfnMKVKZhdcZzvYPlAVibSN O4XzfTpig+M/HBLvAj4//vDQ1Q7z/YfzolCWGGPDizP4MumIm/jWwkE+57r+qm/HTeXQC H93uOhutX9/qpOIcMzu3XxR53C6kO8GPokk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The VMM launch sequence should have pre-validated all the data pages used in the Reset vector. The range does not cover the data pages used during the SEC phase (mainly PEI and DXE firmware volume decompression memory). When SEV-SNP is active, the memory must be pre-validated before the access. Add support to pre-validate the memory range from SnpSecPreValidatedStart to SnpSecPreValidatedEnd. This should be sufficent to enter into the PEI phase. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 5 ++++ .../PeiMemEncryptSevLib.inf | 2 ++ OvmfPkg/Sec/SecMain.inf | 3 +++ .../X64/PeiSnpSystemRamValidate.c | 5 ++++ OvmfPkg/Sec/SecMain.c | 27 +++++++++++++++++++ OvmfPkg/FvmainCompactScratchEnd.fdf.inc | 5 ++++ 6 files changed, 47 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 3886d43bd3de..4da2d2de9df0 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -336,6 +336,11 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UIN= T32|0x49 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT3= 2|0x50 =20 + ## The range of memory that need to be pre-validated in the SEC phase + # when SEV-SNP is active in the guest VM. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart|0|UINT32|0x51 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd|0|UINT32|0x52 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index f4058911e7b6..2b60920f4b25 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,5 +58,7 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 7f78dcee2772..8144b1d115cf 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -50,6 +50,7 @@ [LibraryClasses] PeCoffExtraActionLib ExtractGuidedSectionLib LocalApicLib + MemEncryptSevLib CpuExceptionHandlerLib =20 [Ppis] @@ -70,6 +71,8 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 69ffb79633c4..253d42073907 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -27,6 +27,11 @@ STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { { FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + }, + // This range is pre-validated by the Sec/SecMain.c + { + FixedPcdGet32 (PcdOvmfSnpSecPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpSecPreValidatedEnd) } }; =20 diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index faa6891cca79..532574fa3095 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -910,6 +910,26 @@ SevEsIsEnabled ( return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D 0= )); } =20 +/** + Pre-validate System RAM used for decompressing the PEI and DXE firmware v= olumes + when SEV-SNP is active. The PCDs SecPreValidatedStart and SecPreValidated= End are + set in OvmfPkg/FvmainCompactScratchEnd.fdf.inc. + +**/ +STATIC +VOID +SevSnpSecPreValidateSystemRam ( + VOID + ) +{ + PHYSICAL_ADDRESS Start, End; + + Start =3D (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfSnpSecPreValidatedStar= t); + End =3D (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfSnpSecPreValidatedEnd); + + MemEncryptSevSnpPreValidateSystemRam (Start, EFI_SIZE_TO_PAGES (End - St= art)); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -1041,6 +1061,13 @@ SecCoreStartupWithStack ( SecCoreData.BootFirmwareVolumeBase =3D BootFv; SecCoreData.BootFirmwareVolumeSize =3D (UINTN) BootFv->FvLength; =20 + if (SevSnpIsEnabled ()) { + // + // Pre-validate the System RAM used in the SEC Phase + // + SevSnpSecPreValidateSystemRam (); + } + // // Make sure the 8259 is masked before initializing the Debug Agent and = the debug timer is enabled // diff --git a/OvmfPkg/FvmainCompactScratchEnd.fdf.inc b/OvmfPkg/FvmainCompac= tScratchEnd.fdf.inc index 46f52583297c..b560fb0b8e4f 100644 --- a/OvmfPkg/FvmainCompactScratchEnd.fdf.inc +++ b/OvmfPkg/FvmainCompactScratchEnd.fdf.inc @@ -63,3 +63,8 @@ DEFINE DECOMP_SCRATCH_BASE =3D (($(DECOMP_SCRATCH_BASE_UNALIGNED= ) + $(DECOMP_SCRATCH_BASE_ALIGNMENT)) & $(DECOMP_SCRATCH_BASE_MASK)) =20 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd =3D $(DECOMP= _SCRATCH_BASE) + $(DECOMP_SCRATCH_SIZE) + +# +# The range of pages that should be pre-validated during the SEC phase whe= n SEV-SNP is active in the guest VM. +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart =3D $(MEMFD_= BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd =3D $(DECOMP_S= CRATCH_BASE) + $(DECOMP_SCRATCH_SIZE) --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75732): https://edk2.groups.io/g/devel/message/75732 Mute This Topic: https://groups.io/mt/83113781/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75733+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75733+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070722019622.6322516667274; Wed, 26 May 2021 16:12:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id uSN0YY1788612xfT8NnaHrGF; Wed, 26 May 2021 16:12:01 -0700 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.107.212.72]) by mx.groups.io with SMTP id smtpd.web09.45.1622070715669955813 for ; Wed, 26 May 2021 16:11:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oU0uqtVs1wN0BihaowiHnqT3Xz+OXUNFszeVyhr6iUCZXyHzb2M2Pb0hDyHbGY05pJTee89VQIGAcujuCW4X1Q1rd9u36J2olR8Cy3I5STqmTLLmaAMj7rO/PTUFHZpEafTEC+VTCKFkn8j4cLoyslDMJMVNdT2FwPADhigHQeHAM9u27Q0EMmPEzIeBgZMLQSes2AXJR4sLoNwBcntvy4E/+nWEMUU1wejZoJIhyRvsd7AsOygBD7Tl5g7ES/9mG/xU4GuSdC1dBcKM+8k88fZCHXU2LnGHnirGIpygr4Ci8b7k0ItmYSQiIN7k0mm02fG+YM7qLSNlAJn3qhsoGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NHTLMeIvSnebvEmPbUqN3RKVBW2XvrpLAsa2/DXv4DQ=; b=Byqipwbekda/FdgSueXjB3KF/GM9bAXJA8hw80WVyZE/5iTehcx/zQlxAMQw3SjwgeP5blspOtku+f7ASFrn8kLTHqQbOUcdInCzrFq4gQy/nRVrDqvSA5/+Shi2wISFgb8cBkit0D5oOnhPmFt1iesqm5IJYZD+KSkpYqLh8tm3LT1m5EZ+aXbqXxYdXWJywpa1RSdozL3uogOl7n0QzSG1rpA6NPxCNiMmFenuyJp1KuAvkubRfEJVWRiS65EigtKnN2JwCYAXmhjJfzcD4CkK13wJEO8BNExHlRMG87pZSADeSmoq9cIC5Fm788ilYUNlS0Ay3U2GuAjO0gBGKw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:52 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:52 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 17/22] OvmfPkg/PlatformPei: validate the system RAM when SNP is active Date: Wed, 26 May 2021 18:11:13 -0500 Message-ID: <20210526231118.12946-18-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:51 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: af729a4a-1d8b-4464-b7db-08d9209ba569 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: Q4hHFWR4WSvwbl2Uy5UnOAL+rfdPCqHpDVvg6smbXDEBWrnIsChqTvPooZaAmSx4oZMH1Li/qnNUuMWH7qjXXUT9OJKWrCG7qDMtWtVFt6FBbh0ONcRg+uk3BMrQAi4BdLuzh3ZLup2d7DRK7kgnVM+bnMeH/aP0+jJld/X+JAly6WlN3iFBA9glkCXS+iCNkJga1UR7Xggnd+p22euMw3K+cDqksEmWSeiMFeilTQi4qm4aCb9ycJn4fNt64M72xyh9KV22xVdhTUdosduZj/YTfYZqbINnDXO0QWPIpDiC5K4xXyDVioucYtYZ124a42TpUhUSNRFypVWK0j+U6PltmZ3DWYhEFwxhq2dLFnEF8vWh36JxzuTgb3gtRLkockNZVyaoi3tXIgxLTKBNTwvqhxI8hyp8Wair+HiAQdIYfQqOsE19dv2B/mZ9ocBJM6c5okULGUdHUu1ZY8yGU1S/cKzhEmDRWXTUtafvYmmlIiN/4ArOdwhu9cBeWDFPDW0BO0vG2wFm3JhppxnO0z/WwEa4lthtyjdZqYsD8SN1xjaL7ec2LzyJeGM4iVHdc4n6Ef7WHPAlHPG39SVSrjEsVjd+fxOsT1OKbeKcKSydLIjqo/SkVLzJDHtgcnhih5CWojvztFDdf9rr+zFnC3oQi6YhPKbRP9sWQfSxrcFDYmVVwOHAf89KWDB10ySbpz7Q4p889g+UG1qjLTynlPT58Fbju4zAuikOl6iuAZgoD3R2+qNnQaW3ZmwAUFIUDXOUY+hSOQlAmaTOYTXKRpF/RiaEvMvSm1eVj2XZEnM= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?/k/sDAlQEMSqYMuSELNbWPepg5al7yHNQ4IpStZ+EdoEhehdmQsLKhwmQq9D?= =?us-ascii?Q?ksgMsAIv4eWLbYDnMAgNa4h1JaMSJylD+eIesCoVL9bsvyx99mfeQhcGkDVB?= =?us-ascii?Q?a9HOZ+gRyXkj7n/VysbkDkD3821xnVnH+6xYZyr71grouOneMgUfYkDc1Hej?= =?us-ascii?Q?/CEB+tADW5Tsw3rZe/0M3FaUSFBFDFBXGtJ/d63l88tGnqBzOYLdLdMbOtbc?= =?us-ascii?Q?0fgdOfc8dP4dp/ye93X+wFOO2xDO12nnjWKY7fHtQVgCS3Fhrw2RgRuIVfU6?= =?us-ascii?Q?5xvgItmcaoT1/YIQ8HrJMR74fprBBXiq70rAUnobOaYCWzXNy4EYBKEcpSpR?= =?us-ascii?Q?s/ibZD0JknfxNF3Inyv1+erTlS3gf//fmeVvJ3VzcX58pTuZS2kUZwkboaq1?= =?us-ascii?Q?Y1+N6Jj6spo2cJZRGfRKJCczKTnMnN2sF+45L9/C8/3X2SI//lqqGpt2usma?= =?us-ascii?Q?pUFNDPtsBGv3TvN9Bw8oQWW7M3cME9zRsFX4BtgASHjg1JFZCZJp++vGqrP9?= =?us-ascii?Q?T9wqf+0YArDWpva/1Z3/NVaw+fphFLY/1qHx7NQDxwpVdRO8zQJMyG1JJ3Dk?= =?us-ascii?Q?YmqJQkndQ5akk1t+FyG4am88kFcUzAIIuS0wiShPeGg4FjG66oNoLkqDk8wD?= =?us-ascii?Q?EeyjQuFfG75h62aGar2w9V0v1Oi5Qh8N9ysldOw/0A4VKgQsIXD8g5wu45OV?= =?us-ascii?Q?NalqJzDIMVuhmmt1PbaFSObou2fpQeb+5zA0QgK7yLCK1hf7TGVbsAlVzVRt?= =?us-ascii?Q?bwh4wwZVpETbop2yCrrarwhlQrvuOPYBiUwwj1jEu4DeH9yzCzXYmwuUVJFD?= =?us-ascii?Q?bLfkw792jOqH5iLxF6rFLjWvl1CUWvfk+KjNdq8Vv6UibpnMQNLl21J3Luzf?= =?us-ascii?Q?q/XyBc/ZBsyGywFaNh0kkx/vj9g9h3m6OqSL0fjrXA3QJwaZ1kKKAoWLaz/O?= =?us-ascii?Q?7CSDx1jGDxg0yAUtIHrqa5yGgGdYBcebAdERJn62oXI35Z7UGEOouE5lPR3G?= =?us-ascii?Q?mWUpoLkpGlWa0XxRqPaXR0HK/zp46CX4e4WBOUwxAaLeUp1Pw7Dcl2Jnlv2W?= =?us-ascii?Q?eX/3Xx+JphhEU+45SqpiniFKN8+tPFUftQZorCS5iMsDutGLTVzqIE2l6b5g?= =?us-ascii?Q?XHoZ7J0hjosU9DJ+7288QAb0ccX4UVMr2GavlyeC5yztMVUiZDu8IJoIOf+1?= =?us-ascii?Q?AOLrXaRj4Y7y2PbCNLvmTA4GdQUCT2XgkMzKlvb82jcemf9FY5171FYYYghU?= =?us-ascii?Q?dsuJTDQfdfYUrkU1CqIXWLrs2n+Y5OwB+KiSTXs0KUA25XOUlt3Osdo22HfS?= =?us-ascii?Q?t8ix5vuFthLjVjNh6m8/jnyf?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: af729a4a-1d8b-4464-b7db-08d9209ba569 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:51.8423 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ocMoojU2y1leK3SGl6YYUErkq1T5xv1LvNkk1XAQeS6AuC1FvVSCtuCrowOjEhay1f2WqmdVuc1gGbSwgLSQHQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: YGbrjyXy46KSGkjpLPbzKVRbx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070721; bh=7f5pqVcggbd9r0a+KngrhYKLmR+/m2sTuiv1LJraUtQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=MnGRIFxjz8IiyiJG993cLn2I0+FB46ZySuSC59KI9afddx6ejMadEwg+dIOB96a121O wLeS4doWyEQeE7jS/gGBcBZ006UUCZvKEEu8CeggNvLakUKhO4pKKv1N10mwrWgKZtwvO 3bJLaQvT4rRFrQs5LaedqIg4ax6UaEorCYQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 When SEV-SNP is active, a memory region mapped encrypted in the page table must be validated before access. There are two approaches that can be taken to validate the system RAM detected during the PEI phase: 1) Validate on-demand OR 2) Validate before access On-demand =3D=3D=3D=3D=3D=3D=3D=3D=3D If memory is not validated before access, it will cause a #VC exception with the page-not-validated error code. The VC exception handler can perform the validation steps. The pages that have been validated will need to be tracked to avoid the double validation scenarios. The range of memory that has not been validated will need to be communicated to the OS through the recently introduced unaccepted memory type https://github.com/microsoft/mu_basecore/pull/66, so that OS can validate those ranges before using them. Validate before access =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Since the PEI phase detects all the available system RAM, use the MemEncryptSevSnpValidateSystemRam() function to pre-validate the system RAM in the PEI phase. For now, choose option 2 due to the dependency and the complexity of the on-demand validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 54b07622b4dd..9a20165db79e 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -34,7 +34,9 @@ AmdSevSnpInitialize ( VOID ) { - RETURN_STATUS PcdStatus; + RETURN_STATUS PcdStatus; + EFI_PEI_HOB_POINTERS Hob; + EFI_HOB_RESOURCE_DESCRIPTOR *ResourceHob; =20 if (!MemEncryptSevSnpIsEnabled ()) { return; @@ -42,6 +44,22 @@ AmdSevSnpInitialize ( =20 PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + + // + // Iterate through the system RAM and validate it. + // + for (Hob.Raw =3D GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw =3D GET_= NEXT_HOB (Hob)) { + if (Hob.Raw !=3D NULL && GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_RESOUR= CE_DESCRIPTOR) { + ResourceHob =3D Hob.ResourceDescriptor; + + if (ResourceHob->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_MEMORY) { + MemEncryptSevSnpPreValidateSystemRam ( + ResourceHob->PhysicalStart, + EFI_SIZE_TO_PAGES ((UINTN) ResourceHob->ResourceLength) + ); + } + } + } } =20 /** @@ -204,6 +222,14 @@ AmdSevInitialize ( return; } =20 + // + // Check and perform SEV-SNP initialization if required. This need to be + // done before the GHCB page is made shared in the current page table. T= his + // is because the system RAM must be validated before it is made shared. + // The AmdSevSnpInitialize() validates the system RAM. + // + AmdSevSnpInitialize (); + // // Set Memory Encryption Mask PCD // @@ -264,9 +290,4 @@ AmdSevInitialize ( // Check and perform SEV-ES initialization if required. // AmdSevEsInitialize (); - - // - // Check and perform SEV-SNP initialization if required. - // - AmdSevSnpInitialize (); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75733): https://edk2.groups.io/g/devel/message/75733 Mute This Topic: https://groups.io/mt/83113783/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75734+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75734+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070722608611.2911202005039; Wed, 26 May 2021 16:12:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wETFYY1788612xtQ7mW1DU8Q; Wed, 26 May 2021 16:12:02 -0700 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.45.1622070715669955813 for ; Wed, 26 May 2021 16:11:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BaqyeLhr/aIfJwVyLDnMu6FGvRhlDO7bvmVln0iysxrSVZn2ty/HxeIsuCiCfrveglZhTurZpM0KZ2b6df6pLFeat+xFhYHUZjzAlPIkua8sqYR51a+50FJd98C9Nk4rBB6RcxGJVzDnobsq5vvjw25Uv8vD6pDZYtpmKbyFszOVab2sELqfBBWxrKEcCmSpYFBusDpUJW5fAFhiR9rTkYKhNARO2SLWtFO4vAMRbub2jxNKCMqPQLk9fPBid44y3sQc5/bRDZP5lRFlc7aUXhSH6e1IvOcUUwISKhcwLOqv0CUj/ubCSt0j0cPJUIvoKM3oX9nH4jcdaFcL7TpASg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a+xem6I8wVE9lFVXOhZPkFdzZ1K5q1JQN1L3V/Xariw=; b=MkHWnNAMyyV4No+fJWEsy8+jRAZyRQpgxGQ9Q2bkwvy2qZIVElReCeJUiB/X0EZmklM8xLHWVBH6bBCN3wqKWDpeefHYSxdYbr4QtEX7Yj11P1JDzM6Z8wOTRLWsxSxmW4oxJb/ci/e0P/HLsBQu3i8gZ+F03oUUHyQXB9OpfPVqw0ydXrpEzqUv2dlKd4yPAmF0XGA1s7+WlSw3kafIFJNZIGJIEa8IBQIjTWq8GcRCThwMtYO7uWtDNpeLnWXk8xNZGlXQ8au5DMAsYd/bFxkHLkVtqCRjQf/bdf/DqATQIMjZVoLELXFnaNx0q6jatx0S2QVYDaiLgy6/rmScmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:53 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:53 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 18/22] OvmfPkg/MemEncryptSevLib: Change the page state in the RMP table Date: Wed, 26 May 2021 18:11:14 -0500 Message-ID: <20210526231118.12946-19-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:52 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4c8cfde0-5589-496d-5745-08d9209ba5f4 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: IZ86xQp34yXhV1RUX+KZ73IqvE06nb6Qjok0m6XRuDtvmIgEeiO3VSZZC3nw5ZjomUAUpXRjpyNw5R2EGXsG1nIjWHCtjrbykKfDYXbNIkjOpXHI15PalqI8zCfIkuBg6BhBmkvRPOnBqbAVABKrm4rC4tWuy5ZfpddJH0ZOHNvgDP67Z4P8eydpdnlnLJ0do8vCf20FzNh1HBUECLUs0pO4KH6wOLC/5oWPZuBPyoXSGfXtitC6hguzFeeEPk0p5F/oBqjvXL1X8KsFQ2iGlZ5FOyKFh57LSPl4oA82EZM7IhurKbP4u/OsMBUSy6KoJnT/xewJOAPd5ySfkyLZ0ZWH5kJZLoNXk6bAiK/Lkwc9rU/ciMpuOjbVMydWmPm9o4toN0+Rc0/IiwMp/0OgC5+/mHsTXMUYrknILWcm+L64kpSSRleQ3SWPCcUor5dxBbODW7/qaWlC8AsG7VQHAAoUMfNkaNQPYhcdoeQXugm4W7qupQYQp8EFTv6Fnxzfwb9nRD5C/612g+9K/pPEs5m4nH38m0EQis3/uU6x+MefuHpOP0iMgpImz0G/vQdR6Oe7Ji3uTYlrnMNFegxnqK49ZK2ta3YQV4BKpYNqfbo7Dnh8sA7DIDLX7eszWTyBMxq8JSvt4h/Yedi7KZFGotllUBZzPw/cnjqDvhIxum8XXQNVa6bDYi8+ryAd0Ck+wi4TWuUoBuLJ0zDsit0dwGTSNnRvWiXmIff95Meg2//HzrNC4EyO+zLYk/Mkz0pOxZgwMOXfGN1VKNmsvGiuNdzlu8DxKfBxT+aYE/QIY08= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?vNlFY/AxLCglctPqXgtg//Co+g6zRCUejRco2NE8IkLyzkVcZGDmVGoLm6tw?= =?us-ascii?Q?G/RvBLyCFFsdhHzk0lDL6i1uGo/Mj92uYDBeoZflcuY1tLpSn3x1mJ1Kyst0?= =?us-ascii?Q?FIFQ0jWFfG1cgyYtZBy51YwUjixQroBbz4uzALfP8EVzqX1DE2PDZ54u6N9I?= =?us-ascii?Q?sluz8LhPh2kchIOOj7sgbXRNdS3yz/PkXXjhFzwl5HeZAvqGkAiWmVZ8eGY7?= =?us-ascii?Q?isYIq70O17WAK5VlFe14hvHpRKNwW+z1YvEFOviZMvBO7V8bKN80fLOW2o9q?= =?us-ascii?Q?/2fccEyQyKPjnfrpnAWlCf5unbX9Qd6HlYJd4Yi5+a5LMW304aKkPT16vHlk?= =?us-ascii?Q?VJzxQpgXZpmjLVjGk/CZOR3GFMMfdFquIlti2VOycFcQ9NQ1Lw71ladWldK7?= =?us-ascii?Q?9MN/twiCl/snXkeMzK7dEF+EeKgWlxZ4YRONeTbHMrutGQRyfg8/79YlXCYq?= =?us-ascii?Q?kyWrIH1taXyPU47lNoV6owGTTSoQhZ1wqUfY9TiQh4pdHiPyBjJytst0njoD?= =?us-ascii?Q?VSAACRvoorShhT2eP1zYS0NIDGQESO7j0Go7oBZoYkLYLWr7y6J1dOpYSkS/?= =?us-ascii?Q?EFp4joahQdJcx3MzWvLMCfXqynylaVtLf/5Evx9IkYnXvuVcwYFaRfNZ3GoZ?= =?us-ascii?Q?/7vVSI94O9/5trHiaGX6xVNfZbHVde+dxiF/kVHW7cGGkr96ANYcwQuVNhce?= =?us-ascii?Q?8+zKKB8tqp42N7DH/GXt2oeqGPmnpY0jbfmGrfs1+nIpc3nvzMFxGa9jvBbD?= =?us-ascii?Q?8ULBEeFGpn2rk0xpOimozCnCN64Fn5RxBPGpVoMkIRmMd/bJpg+2fVsjwaHg?= =?us-ascii?Q?x+gnzRJaKKNr+Pk99sfYW+FzrJ3WCQk+13PedbEm+uZKQEcXuiefe2JJHg8W?= =?us-ascii?Q?ytTaxo6mQHpNrC3sYqKLz45D2IBQ+/uoyaMeOZMG0Li7VlUFSX1SiJqyaReQ?= =?us-ascii?Q?nZ67C9/flngufX9O0b583NPijWECUd49rV50FE6s5YuEfCf4gXRfdCYRh0qP?= =?us-ascii?Q?sQg96u7EuOjohwpdUBMgLXQ8Ve5MptLKaVLdrXbEcPQzQ+12UuDf4VF4VWG9?= =?us-ascii?Q?BU3iE4UI6mx9+Gn5S+F/ykJEbDdMf0U1PuFbccB3/TaAI/BFfAOoCqKc9Nh5?= =?us-ascii?Q?9rqVG5X31bk8LznAG5/4o7DOfRqW0KVJnyk7AsNzEQxxWgNHjc2X8AEIKSb7?= =?us-ascii?Q?/RYjPiArU1t+4WHizd/NpJu96GPjpZu8c3+ZLMNl825DUMZIzIbZYiZPLRUv?= =?us-ascii?Q?iVkq1hCNx4EwznemZyOjRpFbC9rPzcU+hpLw6MHhYwKU+LXA3q45dBbCS9+W?= =?us-ascii?Q?9oWvw6yUaxyYRj46OJ+PJV5v?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4c8cfde0-5589-496d-5745-08d9209ba5f4 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:53.0126 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lxnRydz/obI0hcysLMa9Yp97A69x92sbfc0uWTfQ57B9sMFbATsN01ooNeYhG8lhTeC/U9hD3A6dRyrIXWM0TA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: waWR57Fb7JdcKQPdmpBedDf2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070722; bh=9atC7J3mQ41zTtnhpi1+G3irW9A8gtYvhZsQXq68VIY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=acqvJ9m/9eyqV8MfOLalESihAbZ7D0JtO2twhilpXQn+M0Dq5ePKLChUSTMx9uskehN ORNqZQjY0Avs1EW4HzJzYooa+1+hhwkzsHaWVCw6cp+2sXZSyugqDZVeqSMrireGbA0TQ 7kmgZyvgcMs6LXE5lqAeAVA+mEaHN5UdfBE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or clear the memory encryption attribute in the page table. When SEV-SNP is active, we also need to change the page state in the RMP table so that it is in sync with the memory encryption attribute change. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../X64/PeiDxeVirtualMemory.c | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index f146f6d61cc5..56db1e4b6ecf 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -17,6 +17,7 @@ #include =20 #include "VirtualMemory.h" +#include "SnpPageStateChange.h" =20 STATIC BOOLEAN mAddressEncMaskChecked =3D FALSE; STATIC UINT64 mAddressEncMask; @@ -695,10 +696,12 @@ SetMemoryEncDec ( PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry; PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; PAGE_TABLE_ENTRY *PageDirectory2MEntry; + PHYSICAL_ADDRESS OrigPhysicalAddress; PAGE_TABLE_4K_ENTRY *PageTableEntry; UINT64 PgTableMask; UINT64 AddressEncMask; BOOLEAN IsWpEnabled; + UINTN OrigLength; RETURN_STATUS Status; =20 // @@ -751,6 +754,22 @@ SetMemoryEncDec ( =20 Status =3D EFI_SUCCESS; =20 + // + // To maintain the security gurantees we must set the page to shared in = the RMP + // table before clearing the memory encryption mask from the current pag= e table. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if ((Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev= SnpPageShared, FALSE); + } + + // + // Save the specified length and physical address (we need it later). + // + OrigLength =3D Length; + OrigPhysicalAddress =3D PhysicalAddress; + while (Length !=3D 0) { // @@ -923,6 +942,21 @@ SetMemoryEncDec ( // CpuFlushTlb(); =20 + // + // SEV-SNP requires that all the private pages (i.e pages mapped encrypt= ed) must be + // added in the RMP table before the access. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if ((Mode =3D=3D SetCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState ( + OrigPhysicalAddress, + EFI_SIZE_TO_PAGES (OrigLength), + SevSnpPagePrivate, + FALSE + ); + } + Done: // // Restore page table write protection, if any. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75734): https://edk2.groups.io/g/devel/message/75734 Mute This Topic: https://groups.io/mt/83113784/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75735+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75735+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070722973429.8350876876068; Wed, 26 May 2021 16:12:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wKumYY1788612xPFcpntHSOl; Wed, 26 May 2021 16:12:02 -0700 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.45.1622070715669955813 for ; Wed, 26 May 2021 16:11:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WSfpOTTb/A585BZYUBcYKdL7C08VM+buJJQPmCGXVsd1Uo+d7bRkjTZDr5EFY1TPHJc8+ktZWrLF7YZULNSUAFnDRORunTHO4Kuxyn0qy2cBm91Vq4r+MIA1/VPcpMlu0EkqpbkxKCkxTNQozEBZ7nc43U5ShWZDie2bRjntkrw+7erOv8Gu3xxpD812+g2LopdUIttHA0GF1JmpUPgdSI0yUpys84jiXXAt9MIIoc2t20AAO9KHhdV1nX7+9GufN8GwLIq+peNVWErn7L4vwlUB13vCed52rKg693dOn2g/mF29dZUtphK5/jVgeh4he40jYkNpRDcobUVg3g4USA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=feKMnXykpClFn+Z1vy3jA1qLSrIH3miIPsLQ6vxuftw=; b=N32KKwkbn/mwLfRVllgXAGB/UqU2e5UpbH0XEZ/u6kJ1YY3vv8rLPBfRD2iJuUlwUAihghNu/g6rEObsDG7dEUUdzBxS2sxqiwyX2BCdbZ3ARhka3zsqzfELHJqmYZ0ZW1MvIRj3YVDkUt0XIBtugkYcvXjgAEDPT66pDiUM0vfaZXe6cg+kuwFe6NltHNz7esEgY1R8sYdxfVMhtZofHUFGidc+KGJ/3AYSgjWMUePXOKeCEKpwYquBo0hog/hqkRuoPPxTsQXDDquT3L4hpQZZbmSXv/CkwzBabJltYPaLoc1JTkFHHpitjKm7YP+wwGdHborEB3cC78ty0OhDYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:53 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:53 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 19/22] OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address Date: Wed, 26 May 2021 18:11:15 -0500 Message-ID: <20210526231118.12946-20-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3c56579d-22c9-4d39-4d1b-08d9209ba684 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4502; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: yN+Z+retd6ZB85D/Ql5PTdCGS2V+k4rjKqq3Hu7Ua8MiqnI+eaDbrBSAGvDBBr0an06Ee3M+5IHkcS/bMv9MonnawfEkDEXsJ8DLHrq56Ef0doB8dXTeGKzwDCDJ45pUTAuIyijgFC5hk8j8ProxFN7rnOUPPZIK/eeP7qXqnRM+pMAd4cypuGn/PRsbZuu53u5jVBntv5x7NOiAV4ilHaszZoRMgzV3ao6mNcfYgClzUvkEUvRSjAQX7CilZGSUcB+WHnESnU6ZBAv0Cnq1N34KP+v1B4fX7VnvIDGEnq2DOUm/QyaBcSDwfg9vXXtAuHJMONqhc+UE3uFgN7LElbiPuPpLCGs0fnIK03Yz03C/sWIn8fqJWKQL88NsGCOTH5q2ZhAqx13L2fLn8NA11JlvBzkgn1ti6WtO8Fk+n1z9Ar/lctpGMys8khN4Sg3xse5GQSEk6zyYnoUftfVA63UB/pv1SfQNfAitZb5W/zM826UQbuilWxMpwdAmoX07NcqrFSwDsVXxll8KWuYj+AmEX9XszKYBIjfpBvdbEafjJ9y9L2lcl0EG3IVnXJcvtQIsjd1ND/6APsOU7HRZzkQL+4Of02z9EvzPK/rgjq9gbGzbzagJyzkZlUVjxuPYIUSwqaRcMKTO4FfPOuGp14459R/pSz29HMJUpbz3CIw= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?j8B54/MBO6qxEfdzrg2r+Gtn04OFqaN/3ZrkNZaQbaJqxNfgtayUuBEKnnZe?= =?us-ascii?Q?lDpDhexCpqq8hccCQGiAeNSjyDyXZz5zESupHteLoYRcRexmYAGLxl2zMS/5?= =?us-ascii?Q?ldDZhEiYHrDQdNjKKC5xgIelRYHykcaDVVRWGNLv+GpZJ53PAGlKCP0M64l2?= =?us-ascii?Q?8mQJkqmb6dPvqtXO7JxKat0DfWI5+XSnjL0r/hIJtuR9seBfOsBr6k7PeNBS?= =?us-ascii?Q?UBD1W+knsGTpa2TNfJkHu5iGOPJnTHdTw9K5yjxoESKTr11vlNEr9LP9cvMQ?= =?us-ascii?Q?QGix3grrirEpOIGV5N8/DpMmAmUm6ryAdjTS4BRZQazrvrhm04EzWeCl9JGH?= =?us-ascii?Q?rT3IJpualwyrA+iEsfv10DbPv5fLJ+dKEJs7s9HsblcmLBCRgil87VEs+QgQ?= =?us-ascii?Q?+owItahqbd7oR9GpkPD3G4flHWy04aQCsNhE+GYFcttIJ4/b22BhYAhNj01S?= =?us-ascii?Q?uI7mRaMS0Y3PWf6LOa77qMxOHoz8MiqFGbg/Oa2byWersucO/GOmYFPasamI?= =?us-ascii?Q?3IFXcv6i27XOyLKE7VXv7Q2AXUMcjBmYDIwENeChIF3raYthJAHr+Ae1jm/X?= =?us-ascii?Q?SYG9aoRcPBY1J9pdNaT1S4XzKQB+RhD295OsFWUrx8/dnX1Gd8odsEQo3ReB?= =?us-ascii?Q?qD86C3VOLo93MnsmEa2olI7Rmowk9WjCQb73ZUSJ7OV1asIr4l4wNc2sUeyS?= =?us-ascii?Q?JlRim/d7BQ95GAFpSbEj5Dd8oz+egh84NPT9YmzmIj4fx5BRvUWAHm9HwLtU?= =?us-ascii?Q?B42tJMKpucEZQgblmaZ8kIEviEy23ppfC7MXjOSYney4tjJripczW76fC7NI?= =?us-ascii?Q?u3MQWBJvj+fZNf3t8KLlwM4YNq3YrwJJZl6wnWgX+dAyvf9NDNfKCj+2wvND?= =?us-ascii?Q?OhJZC/xEuLhR9sC/LVkVx3S4qRbgqCMpmRxU/y9ZphAEYRRPj3GjbvhOnheD?= =?us-ascii?Q?W3RSx8J1mk384gRHMGXoI5JNIZFXLesbIg3/0T7ZEzuCuaNmJTWgcYCghPv8?= =?us-ascii?Q?JBRjxGatRSTb4PQ9kI0nnWpZ/UKOkrTgTozpUGZ51QbaRB56aQlErAnF1YDn?= =?us-ascii?Q?YeEa/olGzXIYYSZr+UymtgeF/VTO/jvptw0OsK8VCWYsBEXc/e0Gsc+rWCmc?= =?us-ascii?Q?MCVRTCqFZ2zto0E7ycImsoIcBxmP2lhtvoHcDI46PABwomxl33GO6E7PqFhE?= =?us-ascii?Q?wP/S80sP/ff2BHnQS2j3CkOeSDGGEeKBMWf4dTA6cVz7Qcl3MoCSp5IR9Q0m?= =?us-ascii?Q?BsjzG2wwAd6/JGmAIKuwl4WR9licO7AXwD7ITyRfxG9jp1fc+FoVwPYngp3e?= =?us-ascii?Q?JkDb8BXvFlhW5I9RdrPPwvgM?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3c56579d-22c9-4d39-4d1b-08d9209ba684 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:53.6623 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rY50z9mjR7tbpk1eLnmcwYGgn+Q0YdbdY+po5CFoXi4QW8z5mTh9uppvUEDZKuMUETB6GpQgp6jFxyMnrYPdBA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 9UGOiPuhPufunYLHzQ1eYsvJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070722; bh=fRAnDXi2YPErVlh5i3+JZeCiWEOBJV7eJ/fVFdW8j9o=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Qy429ekdBzoqVVcn94H90uMLNG8bqSo+QxdG0kIaQjq6aCdbobbWF+/ag/LCW5JuJBs 4Fbven18Hf7l/cpveHo8RGtlj/dTQAERonSytMSPxKdilNnalWyG2Z9p9FIska+6hy6Lv T6p/z2dPu7VMMdCVUMZIDc2GdDQocdA+Q+w= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The SetMemoryEncDec() is used by the higher level routines to set or clear the page encryption mask for system RAM and Mmio address. When SEV-SNP is active, in addition to set/clear page mask it also updates the RMP table. The RMP table updates are required for the system RAM address and not the Mmio address. Add a new parameter in SetMemoryEncDec() to tell whether the specified address is Mmio. If its Mmio then skip the page state change in the RMP table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../X64/PeiDxeVirtualMemory.c | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index 56db1e4b6ecf..0bb86d768017 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -673,6 +673,7 @@ InternalMemEncryptSevCreateIdentityMap1G ( @param[in] Mode Set or Clear mode @param[in] CacheFlush Flush the caches before applying the encryption mask + @param[in] Mmio The physical address specified is Mm= io =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -688,7 +689,8 @@ SetMemoryEncDec ( IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length, IN MAP_RANGE_MODE Mode, - IN BOOLEAN CacheFlush + IN BOOLEAN CacheFlush, + IN BOOLEAN Mmio ) { PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; @@ -711,14 +713,15 @@ SetMemoryEncDec ( =20 DEBUG (( DEBUG_VERBOSE, - "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx Mode=3D%a Cach= eFlush=3D%u\n", + "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx Mode=3D%a Cach= eFlush=3D%u Mmio=3D%u\n", gEfiCallerBaseName, __FUNCTION__, Cr3BaseAddress, PhysicalAddress, (UINT64)Length, (Mode =3D=3D SetCBit) ? "Encrypt" : "Decrypt", - (UINT32)CacheFlush + (UINT32)CacheFlush, + (UINT32)Mmio )); =20 // @@ -760,7 +763,7 @@ SetMemoryEncDec ( // // The InternalSetPageState() is used for setting the page state in the = RMP table. // - if ((Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { + if (!Mmio && (Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev= SnpPageShared, FALSE); } =20 @@ -998,7 +1001,8 @@ InternalMemEncryptSevSetMemoryDecrypted ( PhysicalAddress, Length, ClearCBit, - TRUE + TRUE, + FALSE ); } =20 @@ -1031,7 +1035,8 @@ InternalMemEncryptSevSetMemoryEncrypted ( PhysicalAddress, Length, SetCBit, - TRUE + TRUE, + FALSE ); } =20 @@ -1064,6 +1069,7 @@ InternalMemEncryptSevClearMmioPageEncMask ( PhysicalAddress, Length, ClearCBit, - FALSE + FALSE, + TRUE ); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75735): https://edk2.groups.io/g/devel/message/75735 Mute This Topic: https://groups.io/mt/83113785/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75736+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75736+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070719072671.5623950136509; Wed, 26 May 2021 16:11:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id p2jmYY1788612xkDDJ1JkkBE; Wed, 26 May 2021 16:11:58 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.79]) by mx.groups.io with SMTP id smtpd.web10.46.1622070718013463087 for ; Wed, 26 May 2021 16:11:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ju+GqgBo6bsVtMoAmpOLOs+XB/2Gh6nD+obzgohVA0pDPaXY03WVhAQseMwJEEkp6pTRkhXkK+h99L9WGlkSh0pkMyQlztFrr1BbFIasDMG1370mJbR3UN/dyFLRkAX54xy8cpIXntOdVluZgJ63IvTHvIdvQSTL4r0UxarhcB6lmGWMtzgD/rDVbog+NEZLKEVHg33s0IS7mjzgPAPv55XVkX7souUHr4IGkzzkD3ANi5rS4aKbhSq05a1JpGgzs1Tfcp07zeVVaUGFoAW9wBg4jUi4MvBSWtwYhb9iDDcPTmPuuopTJ5LVyarBTonEG2gYbF9EoMm89oDknm7ZVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uW7PdDpTfjUcWQlqxiCR/N9BaHq1oPUa3FWHu/iVvnE=; b=jK8juueIY3bfFx8M8dVZYeW8Po6EQUw9QKNp3t52rRRqYthS+8+tR1UZN9POvizLYPfBicdvsPc48oLajUE6bodpVmYTsGp5RvbYp8rG0LhD++oybiCJatwQINx7EPms+ep5BYc+YdH5V8Cw6MMdwwBTt5yTIeyqyxM6uzgRS98iNwQbcwFww/btj2rNcvICgExTyQs/6v3yfvwxbsEEWaew4FiSp1pkHJN0pAGGVHXSIKdeb0hpSLo6zseTpgeYExPh7/sHwvxs4XYpz0VL121PQvO+3exD4cMmM9L+XuzdL7BUnjR4uDUQO5ts49VmdHMmWTkS9xxA8njBh7GKTA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:54 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:54 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 20/22] OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table Date: Wed, 26 May 2021 18:11:16 -0500 Message-ID: <20210526231118.12946-21-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3aa30ec1-c964-40ed-6436-08d9209ba6eb X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: zmLpGN/bLXkQ4tK5CNxdCHyCpB0SVvYkfLGQAMrUdbV0Hf+Y/SA3snJBS3NzOSk0Nldd0F2OjUIO3Nt/sQ9SXTCZUGoVDGJ6CG6YY1v6Hjhli/1Az8yx6Q+InrhqCQK071YtavzNOyxzJWynWSRoXuBXJfqZUry6XzMq1FIZA71P9NALfQpg37+cX6O/B0weooNtwzDY809LIQ05uOzgJ4Z9+JOshOV/+8lQBSBXZFM2+nFsUNipTMRaWsL5zjORzqySMijX4wMGNr+gZQUwLe/lE2tscX04ekj3ZZ7MWAgN1gQtFPNgJqThHyjalYkjHpTrSqRzH4sjRNd6YAr+QzE8IFq+G+8v5wBsgPhi5Z5RKidvBgQtnqy+quOiNLwpthTkJMQX++Nai0LkOJzczX+w7pgb5bol413cXnQCXVD+EanggmBtqJci33tIKv0ZP4IsFnwY1p9CeGlN38/19f+6eCOTghNun3TlJNbuByXKy5vNuOzToBCZw3LpxqxHHwkNt0dkijIAS6FWWLSxjVMoDCl9uO1q2mVR5A6Vxq//5jncKyuhJQDMVXb0jODFyTesBOjSN3XROGJPaaAsKNFzsb1jcEEV3wXONF0UUZRhGJXCirr6LePZXolyObfxexD39JDXzhYfIjrqJDbYuQfn+u033BBGMKbwp0aO6DN0oxnaFOv4wQ7FIhmfVV+sixbE/q+jvYc/XplXsF69g3Jv9gZiHoeweT1y6ElHGzcAFv3Oflp+CwrbgaqaKsk1CEYEJJtDRYQHTR1usmLB58UPCmYMiM4jJmezBYoNCmA= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?yUXMs1mSPFBJ58MVU4/xET88BTQHzOd1vwZywaKcyZrzgJS6HXpAd2tZMGya?= =?us-ascii?Q?WGTwK7BChdVsUnIyDBprTUoBox+EDU7pjvs2SPZ6UZ1RmDG+r+B7z6HwuJwI?= =?us-ascii?Q?T1fdCxqmI/g5ZSXHKru+9gYAJ1OJ4VX607tYeqsidREe5ezU6F4ctIXqKNRi?= =?us-ascii?Q?Ni4T5PdvaSjA5BK1MZc+6sJR5Hs2Vy4zuocPv1jpRShy7QWQLeT3F7ycU5kO?= =?us-ascii?Q?1nRPZ8bKiPzCyC8yDkoKWIW/24idzZyHExsjTQxPQjWqnIUPaV6pG7jLjVPq?= =?us-ascii?Q?N4BULLjnwL+XUMTrr6/voYhM/GnWiJMfNwhnmJW6DQ+7+uELgt4dNhMc5MDy?= =?us-ascii?Q?LOQUobFWehmAK4KTljTQx3EcmJO+OglZ8DrClhc+2EKzM+UFVJFjsH2f0Y9N?= =?us-ascii?Q?QzTACYqT8bCbbdRjTm6vHQquJsBxkIdxUJ6QiaZ0XnLre0pyTxhDVnFxB3n8?= =?us-ascii?Q?buagfJpt/EW1IEOGhNj+e257SY3qGPfWmtHmWNH0fZh8HrkmVwjcGbTYudPT?= =?us-ascii?Q?2MY8ub8wmpTF1U4HPwzGVs3PgPw21VatlksWfUbMmo8dlNjjBMu0Evb2EgC9?= =?us-ascii?Q?rGPp7vklvNx9EncjWeFDUkdNS/S4jG1tTzR5fo2SwArQgMWfyjGiDDoaSHYA?= =?us-ascii?Q?JJgcQzozqfmqla63g4Zy9uURbnSjfHQGzQvoKEb1FiEeI5uq7rMi40KQA7AA?= =?us-ascii?Q?a2UUwdWr2/1LyRbNMliA8edaL6+2YUnBHAU6iNOVDhfN2IKtFX/AHblH7394?= =?us-ascii?Q?CArO00k2I3qK39/y8jZ3u+1iNbbcAqCfyg7siME8lSeDOrwgKuc7iREDipWD?= =?us-ascii?Q?fJ0ljMltClwPuj/57+DgNG4Np4djGFlJ0y5Kc83PWAJ7ylQ+zdbjDTFXAkcS?= =?us-ascii?Q?lsRhWCMnrxAtTN5dRFndO3zgM2KfII5uOTFDG1EvvkvQYJGvuAx1e6+3XH7b?= =?us-ascii?Q?IAwH2pENHRkLFUcav5Qu99z7N0Ap4ArI3kU9bgnoCWu1vgfL98UpoBP1l2eS?= =?us-ascii?Q?Fr2THaUy9H4IWA1euZmggQMlFGr4khTb5WZPtzbA1913KNhfQM5yaLZnIjg3?= =?us-ascii?Q?w5n1ZSebP+N4L34zPC3zU1MuX0ZcwoYUS4a50a4o7/ARj1feN5L6XnHb7sfV?= =?us-ascii?Q?TiGpPhIkYtoNUKTUmEEbS+pMJZHCdDibSgUbPqt6OU7uVhDKzxxuiDgjhpU2?= =?us-ascii?Q?VGVd+SnCVrQN3UvtxP3SaW92oEkK64Czf5TmPO1fNB/tHm2ooK2WkQcjnb5X?= =?us-ascii?Q?nklCvjP9048siIUErha3GVuv4blUyD8NAQAdb7FS8MJKCLd5qOhMFCXCKnun?= =?us-ascii?Q?DDZm+AtMjDOEw9sbm+RqbpiQ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3aa30ec1-c964-40ed-6436-08d9209ba6eb X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:54.3099 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cCOPR6Guq7Eb52SxuKXtWExD2iPB2IvPvR/JmjvTbF6jlDwM3HLwvE/A5QHSam3g9suiMIr9JyT1TjaUh/E51Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: aEO4nQcLoa0CQ7PFretmZ4fCx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070718; bh=wRDxwwTJWDxLyN1BqUi/6Qm8aLAL9xkhDQthWFfA7ec=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=nQ3WYTxg4owHTWvwORW2wGPqxgjNpuTkB/d3xw8VMtl8DbZDXnYwmW8ymANxDG5ria5 xDZnSzt9XHWGqDhj72gXEB6xgeE6n+RQXvW1zqBQzWunmx8S1Ed0Ac3teYFK9CygE1XeJ PCpPsze+8qvCMfXhjkE3NGialfJPiuCYbdk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Now that both the secrets and cpuid pages are reserved in the HOB, extract the location details through fixed PCD and make it available to the guest OS through the configuration table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 1 + OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf | 4 ++++ .../Guid/ConfidentialComputingSecret.h | 18 +++++++++++++++ OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 22 +++++++++++++++++++ 4 files changed, 45 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 4da2d2de9df0..89476c6a68d2 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -126,6 +126,7 @@ [Guids] gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {= 0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {= 0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid =3D {0xadf956ad, 0xe98c, 0x484c, {= 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gConfidentialComputingBlobGuid =3D {0x067b1f5f, 0xcf26, 0x44c5, {= 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf b/OvmfPkg/AmdSev/Secret= Dxe/SecretDxe.inf index 40bda7ff846c..d15194b368f5 100644 --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf @@ -23,13 +23,17 @@ [Packages] MdePkg/MdePkg.dec =20 [LibraryClasses] + MemEncryptSevLib UefiBootServicesTableLib UefiDriverEntryPoint =20 [Guids] gConfidentialComputingSecretGuid + gConfidentialComputingBlobGuid =20 [FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize =20 diff --git a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h b/OvmfPkg/I= nclude/Guid/ConfidentialComputingSecret.h index 7026fc5b089f..aa1a3b015437 100644 --- a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h +++ b/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h @@ -18,11 +18,29 @@ { 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \ } =20 +#define CONFIDENTIAL_COMPUTING_BLOB_GUID \ + { 0x067b1f5f, \ + 0xcf26, \ + 0x44c5, \ + { 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42 }, \ + } + typedef struct { UINT64 Base; UINT64 Size; } CONFIDENTIAL_COMPUTING_SECRET_LOCATION; =20 +typedef struct { + UINT32 Header; + UINT16 Version; + UINT16 Reserved1; + UINT64 SecretsPhysicalAddress; + UINT32 SecretsSize; + UINT64 CpuidPhysicalAddress; + UINT32 CpuidLSize; +} CONFIDENTIAL_COMPUTING_BLOB_LOCATION; + extern EFI_GUID gConfidentialComputingSecretGuid; +extern EFI_GUID gConfidentialComputingBlobGuid; =20 #endif // SEV_LAUNCH_SECRET_H_ diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx= e/SecretDxe.c index 308022b5b25e..0c0f511d4ca0 100644 --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c @@ -6,6 +6,7 @@ **/ #include #include +#include #include =20 STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION mSecretDxeTable =3D { @@ -13,6 +14,16 @@ STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION mSecretDxe= Table =3D { FixedPcdGet32 (PcdSevLaunchSecretSize), }; =20 +STATIC CONFIDENTIAL_COMPUTING_BLOB_LOCATION mSnpBootDxeTable =3D { + SIGNATURE_32('A','M','D','E'), + 1, + 0, + (UINT64)(UINTN) FixedPcdGet32 (PcdSevLaunchSecretBase), + FixedPcdGet32 (PcdSevLaunchSecretSize), + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfSnpCpuidBase), + FixedPcdGet32 (PcdOvmfSnpCpuidSize), +}; + EFI_STATUS EFIAPI InitializeSecretDxe( @@ -20,6 +31,17 @@ InitializeSecretDxe( IN EFI_SYSTEM_TABLE *SystemTable ) { + // + // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_B= LOB. + // It contains the location for both the Secrets and CPUID page. + // + if (MemEncryptSevSnpIsEnabled ()) { + return gBS->InstallConfigurationTable ( + &gConfidentialComputingBlobGuid, + &mSnpBootDxeTable + ); + } + return gBS->InstallConfigurationTable ( &gConfidentialComputingSecretGuid, &mSecretDxeTable --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75736): https://edk2.groups.io/g/devel/message/75736 Mute This Topic: https://groups.io/mt/83113786/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75737+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75737+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070719975820.0923759008983; Wed, 26 May 2021 16:11:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id yopUYY1788612x7Tooq4a2UO; Wed, 26 May 2021 16:11:59 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.73]) by mx.groups.io with SMTP id smtpd.web08.34.1622070718821521219 for ; Wed, 26 May 2021 16:11:59 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=leXblx0aVC9HqZIL1jT9Bslub5usY5TB5/nwbwnAFEArJ4R5rxS51zGcW7PgfwQl+cpdWKBsrSBRfAUvLa+VAf/0aEx3QCVeTDtAkvbOSAfH8WEcEha1/bNYv1VNnCBDUjAWvUry16mg8ZuFRkCe9rwIGqZwrAPcltDTxvqlD164d71wUdO1iTgpv0/FC1LDvf6nEaTMf9TMCmYrFtuHvM81YbNrbquSfkO5ip4ms8/C0RzQyJfnXLueY+VYmM9Mk8a9G+mTYTk0OicPUJYpNSbmoMmjGYbztfLcFTCfPiHUaB0O29mQeB2XMQdezQ8tDiED3o2vLsZRsZ1+Z5l/KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BkBBod/N+0UUX05SAZqFFEc0aPxtbhbGqaApRQAw5Vs=; b=BBwgoIzGzLb9YUOXVS2pCHS9+1Pgz1ZtQswrYvCKQyH5/5eJusGgGguV0vk196ECNk60vXHYS6UoB6blM+38I46l+txcnf/nXh0mMUQxPhhHrUIflH+ahejEAeBaWbolDgRXXBDeRMgTEDCLdOxinJIiJG1k1kYSnsiJGkhz9Bu57aV5PMVQAJ9bB2nDeKy+6gG4Yj9JUeQX82P6zIxngi3DSoFuPRm0utRDry/vPBV2nlV/OJ/EFZlsTzK+9TZVajX+8C31wRGqk7Hnf2ZiJjJt9l2YQ+A3tW3VhGPWzyWyhYeGNYO6CgfAHtd4kf2B3JeWfvoqn31u4r7QIBGQtA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:55 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:55 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io Subject: [edk2-devel] [PATCH RFC v3 21/22] UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs Date: Wed, 26 May 2021 18:11:17 -0500 Message-ID: <20210526231118.12946-22-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: aedaf9e3-881a-43cc-895b-08d9209ba743 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: o+kUbVcFBJjTB+juJbMmXGGssmMpOpI5nsw/LFOOJiZbh1EZfyKJmb1prpjQoXbmZaHHlttZu4fSaCRtpkvlIdE4pChinXeyNNYok79V+FcBfSzIvjQd/t62/IS+92bGk3F6i1nKKMXFrVLQJ6mHIb3OEbZQB1v7kuNHP2M7vshzmVid5ZNNMnU9mlJXdqnBuVwiGUJTTbW4py7v/1sW5/6DLRZEptoHb6YZJjHvaECw6IGb1kVl4kNGohZaWMWrB5/APFSX1X1J/lMquHP3WllZqpPO5tkuF3EOVlSaYEXN+qOQz9v1Lmr9OfyLzeo/43M5pSsWBzV2FuMcgNpK3Zo0lL2U1E1bOZzqK1QURwPsqTlK98naNftbIvWjMZJd2HvsYUClGFoW+XzoT+/Ud38MLyuvVn7kWTc4ywJX6ZhZh4wej7dukuUPxnZQz5Q2jdtqKe8eLCoUi1BoJv1y1wpkV7Vp7N9n3VCx52YOaKL+WpsJE/ALkLtpXGUg8UJW+aM3Z+bwsyNbRDYYbl1HzG1pJldDYOqlSVh+H04Kx7o2/e0ATqlAA33hQ9CoNMlDKiloqC/RNHoL2GWVc89cwCWl8ZBH3SzDcqtd6oPID3pxPVUwORmaaFqYTerq9dTQqi6JvJeE+GDshvqqS9Efd+OVftp7HHU2eIUaIX+bngYXbLNmEvAHBRW4GR14t7k8DiXynHTpo2t+9Oco5m4/atEUS6jdLBeTaI2RR1DWX0JN+gVRPeQmKt8tGtYkCF2NXTrtnIntYyefK9pnz7a5A+7fL3X4Ch/EUZ+YTomNN2Q= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?qsCVdPvFx6i9eFcNNbE/S4WruMPaRRftlcwM71AKGgbLu/DNb0yM9PJGX8vh?= =?us-ascii?Q?BJZFGNTb7lav17HCz34jhJsiak6AOHN7ZV52oszrUb89G8XoPTrEpakoRlEB?= =?us-ascii?Q?psetdcgce3dLDvpDAp+3OQhZF8KOzpH7emBG7Vl/s34+KBSAYacojAaz9GsO?= =?us-ascii?Q?8oCY8PyMTZbb1kUxiRxXqyvprC9bMz5hjsHWcHoTn5P+3F8Jf9gchym43HuZ?= =?us-ascii?Q?Bz1thM1DPQCy3CuUH04B+Ei5S3Afp8QJKvK0IP0WPMQBVmiKCOCrsPgjI3Ik?= =?us-ascii?Q?ewBlINU/hL61WRfMDKAtGu8AZT7hICSuA8mLTk074RIdBiNvh0HqlnlhiuM4?= =?us-ascii?Q?Z77p0nhOlmUSvyOPFMYD23iu0kWC3uUpap14HXbzWvLE1JxRF9JG/xQRYJg0?= =?us-ascii?Q?Kw1YreQ4XFaJdxMnXurI22SRQ2ItxsYSH/4gtRMJJiVFPCI56yprdEh454XZ?= =?us-ascii?Q?E/x/rhXyBIgu25ag1a6Tue5HjDp/cimB5jEJ4gLgc9eA6SRVOCe6P/ks3VV5?= =?us-ascii?Q?YHmNuWKOFIwRDoT//1lD7KrZg2HSYsJ6+/ciYtDyAlknRoEXiEwJ1bf0OxwB?= =?us-ascii?Q?yjaNjFQtF+MWgimqGjHgKPo4O2Uo6w7KOVdimuON+4NUgXX9YQo9uXGmWMjs?= =?us-ascii?Q?2yD6+8y4bKj216HvhhGu3xG7LfCbsj3SGXHYQEt2eO7LA7caLRcUWRw3Jbed?= =?us-ascii?Q?q8IiBY91uckX3+iovEELyj0aTXRfcN8LpehJqAVT2xbB9lx55pi/8q/9j5cR?= =?us-ascii?Q?nwCLoame7SO30FDu2Nu3VSc2YPIVesNYkoz00NN3K30dR1of5RdSBXsSB4AT?= =?us-ascii?Q?6NXxITE1qSSpCd4WQahkIAruzfK0rJnKHfCqA+vbhEL5o457StRz00teqY/s?= =?us-ascii?Q?gxE7O2YTLs/aANU1ytegGatxT9W6LnM0f2Pwv2ysW5imysT+7rN1uls9oUCv?= =?us-ascii?Q?7hMBzXu0zpRxqVfuHesvLzNicCAFEkatE0JdvK9449cdjq8LNbIN7ptVIEpR?= =?us-ascii?Q?/IanqBxpBtwRwt2HRY9obkOQrsuo7IzQ/PzYLobivlCT0r4IAGywHNHM+GI8?= =?us-ascii?Q?k2x4eL2N+d4QjCFLYC1qxkmiZCRcfv6cc3CnH00o2ZVUTuYn5gQQ4ozT9HGX?= =?us-ascii?Q?zUWbFRzZoOIhEktc1FFvlwMAArxPaJlHJNDBwduNKwijuXXghV84JF0nzNZ+?= =?us-ascii?Q?y+ha7HQM+7XV8WH7VSffXQ7BjyW0r+BYqHXSsUrdYfL+OYX16WE1uHPkohQK?= =?us-ascii?Q?ejOZxNntM9uQn3uvzU6coIpOM45kFTNj6QS45r4vuRppTXF258pqgrG/am+z?= =?us-ascii?Q?qBvx9GCZwsWBGbclUWKXJFSo?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: aedaf9e3-881a-43cc-895b-08d9209ba743 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:55.0045 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kQGF5orGD2PUpY1YxeDvihOjm69eT2vcscscVR8UbTAEKHTevhycl+CDk2kHhmL7Wo6iko7yBhGai4XjonznnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: dOMQVlh2EfAE6y0sB0ACVUDXx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070719; bh=VXQP525RNWz0J1TwGhdkwyEGdPbis8XFHQFgXfEI6yw=; h=Content-Type:Date:From:Reply-To:Subject:To; b=p6RR4h+V7L4xHKK97rJwvRWnheGgQ+5fwj31N4OAGjT9F61ZZkUFSkVA5vjhzLXj4N1 y48mlRMHl+9xA88J3NgPyHQmzsu2Fzl9xtSKVEUGzkjIKanW9TQRc8ybMwjYdr7OH2Ens iM5obUWs5S55hgVlJb1Up9AXZ5CENTIO85k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Use the SEV-SNP AP Creation NAE event to create and launch APs under SEV-SNP. This capability will be advertised in the SEV Hypervisor Feature Support PCD (PcdSevEsHypervisorFeatures). Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Rahul Kumar Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 5 +- UefiCpuPkg/Library/MpInitLib/MpLib.h | 17 ++ UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 11 +- .../MpInitLib/Ia32/SevSnpRmpAdjustInternal.c | 31 ++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 274 ++++++++++++++++-- .../MpInitLib/X64/SevSnpRmpAdjustInternal.c | 44 +++ 7 files changed, 360 insertions(+), 25 deletions(-) create mode 100644 UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustIntern= al.c create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInterna= l.c diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 48d7dfa4450f..b9ce05e81b54 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -23,9 +23,11 @@ [Defines] =20 [Sources.IA32] Ia32/MpFuncs.nasm + Ia32/SevSnpRmpAdjustInternal.c =20 [Sources.X64] X64/MpFuncs.nasm + X64/SevSnpRmpAdjustInternal.c =20 [Sources.common] MpEqu.inc @@ -72,6 +74,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## = SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index ab8279df596f..35057ac07cbb 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -23,9 +23,11 @@ [Defines] =20 [Sources.IA32] Ia32/MpFuncs.nasm + Ia32/SevSnpRmpAdjustInternal.c =20 [Sources.X64] X64/MpFuncs.nasm + X64/SevSnpRmpAdjustInternal.c =20 [Sources.common] MpEqu.inc @@ -62,10 +64,11 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 4abaa2243d0a..b49a60ac0ce5 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -15,6 +15,7 @@ =20 #include #include +#include #include #include #include @@ -146,6 +147,7 @@ typedef struct { UINT8 PlatformId; UINT64 MicrocodeEntryAddr; UINT32 MicrocodeRevision; + SEV_ES_SAVE_AREA *SevEsSaveArea; } CPU_AP_DATA; =20 // @@ -289,6 +291,7 @@ struct _CPU_MP_DATA { =20 BOOLEAN SevEsIsEnabled; BOOLEAN SevSnpIsEnabled; + BOOLEAN UseSevEsAPMethod; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; @@ -743,5 +746,19 @@ PlatformShadowMicrocode ( IN OUT CPU_MP_DATA *CpuMpData ); =20 +/** + Issue RMPADJUST to adjust the attributes of an SEV-SNP page. + + @param[in] PageAddress + @param[in] VmsaPage + + @return RMPADJUST return value +**/ +UINT32 +SevSnpRmpAdjust ( + IN EFI_PHYSICAL_ADDRESS PageAddress, + IN BOOLEAN VmsaPage + ); + #endif =20 diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M= pInitLib/DxeMpLib.c index 7839c249760e..1e3e71766611 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -88,7 +88,12 @@ GetWakeupBuffer ( EFI_PHYSICAL_ADDRESS StartAddress; EFI_MEMORY_TYPE MemoryType; =20 - if (PcdGetBool (PcdSevEsIsEnabled)) { + // + // An SEV-ES-only guest requires the memory to be reserved. SEV-SNP, whi= ch + // is also considered SEV-ES, uses a different AP startup method, though, + // which does not have the same requirement. + // + if (PcdGetBool (PcdSevEsIsEnabled) && !PcdGetBool (PcdSevSnpIsEnabled)) { MemoryType =3D EfiReservedMemoryType; } else { MemoryType =3D EfiBootServicesData; @@ -356,7 +361,7 @@ RelocateApLoop ( MpInitLibWhoAmI (&ProcessorNumber); CpuMpData =3D GetCpuMpData (); MwaitSupport =3D IsMwaitSupport (); - if (CpuMpData->SevEsIsEnabled) { + if (CpuMpData->UseSevEsAPMethod) { StackStart =3D CpuMpData->SevEsAPResetStackStart; } else { StackStart =3D mReservedTopOfApStack; @@ -405,7 +410,7 @@ MpInitChangeApLoopCallback ( CpuPause (); } =20 - if (CpuMpData->SevEsIsEnabled && (CpuMpData->WakeupBuffer !=3D (UINTN) -= 1)) { + if (CpuMpData->UseSevEsAPMethod && (CpuMpData->WakeupBuffer !=3D (UINTN)= -1)) { // // There are APs present. Re-use reserved memory area below 1MB from // WakeupBuffer as the area to be used for transitioning to 16-bit mode diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c b/= UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c new file mode 100644 index 000000000000..167628b696f2 --- /dev/null +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c @@ -0,0 +1,31 @@ +/** @file + + RMPADJUST helper function. + + Copyright (c) 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "MpLib.h" + +/** + Issue RMPADJUST to adjust the attributes of an SEV-SNP page. + + @param[in] PageAddress + @param[in] VmsaPage + + @return RMPADJUST return value +**/ +UINT32 +SevSnpRmpAdjust ( + IN EFI_PHYSICAL_ADDRESS PageAddress, + IN BOOLEAN VmsaPage + ) +{ + // + // RMPADJUST is not supported in 32-bit mode + // + return RETURN_UNSUPPORTED; +} diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index 7cbcce101414..5a06e21a2830 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -15,7 +15,6 @@ =20 EFI_GUID mCpuInitMpLibHobGuid =3D CPU_INIT_MP_LIB_HOB_GUID; =20 - /** The function will check if BSP Execute Disable is enabled. =20 @@ -297,8 +296,8 @@ GetApLoopMode ( =20 if (PcdGetBool (PcdSevEsIsEnabled)) { // - // For SEV-ES, force AP in Hlt-loop mode in order to use the GHCB - // protocol for starting APs + // For SEV-ES (SEV-SNP is also considered SEV-ES), force AP in Hlt-l= oop + // mode in order to use the GHCB protocol for starting APs // ApLoopMode =3D ApInHltLoop; } @@ -869,7 +868,7 @@ ApWakeupFunction ( // to allow the APs to issue an AP_RESET_HOLD before the BSP possibly // performs another INIT-SIPI-SIPI sequence. // - if (!CpuMpData->SevEsIsEnabled) { + if (!CpuMpData->UseSevEsAPMethod) { InterlockedDecrement ((UINT32 *) &CpuMpData->MpCpuExchangeInfo->Nu= mApsExecuting); } } @@ -883,7 +882,7 @@ ApWakeupFunction ( // while (TRUE) { DisableInterrupts (); - if (CpuMpData->SevEsIsEnabled) { + if (CpuMpData->UseSevEsAPMethod) { MSR_SEV_ES_GHCB_REGISTER Msr; GHCB *Ghcb; UINT64 Status; @@ -1167,9 +1166,11 @@ GetApResetVectorSize ( =20 // // The AP reset stack is only used by SEV-ES guests. Do not add to the - // allocation if SEV-ES is not enabled. + // allocation if SEV-ES is not enabled. An SEV-SNP guest is also conside= red + // an SEV-ES guest, but uses a different method of AP startup, eliminati= ng + // the need for the allocation. // - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (PcdGetBool (PcdSevEsIsEnabled) && !PcdGetBool (PcdSevSnpIsEnabled)) { // // Stack location is based on APIC ID, so use the total number of // processors for calculating the total stack area. @@ -1231,7 +1232,7 @@ FreeResetVector ( // perform the restore as this will overwrite memory which has data // needed by SEV-ES. // - if (!CpuMpData->SevEsIsEnabled) { + if (!CpuMpData->UseSevEsAPMethod) { RestoreWakeupBuffer (CpuMpData); } } @@ -1248,7 +1249,7 @@ AllocateSevEsAPMemory ( { if (CpuMpData->SevEsAPBuffer =3D=3D (UINTN) -1) { CpuMpData->SevEsAPBuffer =3D - CpuMpData->SevEsIsEnabled ? GetSevEsAPMemory () : 0; + CpuMpData->UseSevEsAPMethod ? GetSevEsAPMemory () : 0; } } =20 @@ -1301,6 +1302,222 @@ SetSevEsJumpTable ( JmpFar->Segment =3D (UINT16) (SipiVector >> 4); } =20 +/** + Create an SEV-SNP AP save area (VMSA) for use in running the vCPU. + + @param[in] CpuMpData Pointer to CPU MP Data + @param[in] CpuData Pointer to CPU AP Data + @param[in] ApicId APIC ID of the vCPU +**/ +STATIC +VOID +SevSnpCreateSaveArea ( + IN CPU_MP_DATA *CpuMpData, + IN CPU_AP_DATA *CpuData, + UINT32 ApicId + ) +{ + SEV_ES_SAVE_AREA *SaveArea; + IA32_CR0 ApCr0; + IA32_CR0 ResetCr0; + IA32_CR4 ApCr4; + IA32_CR4 ResetCr4; + UINTN StartIp; + UINT8 SipiVector; + UINT32 RmpAdjustStatus; + UINT64 VmgExitStatus; + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 ExitInfo1; + UINT64 ExitInfo2; + + // + // Allocate a single page for the SEV-ES Save Area and initialize it. + // + SaveArea =3D AllocateReservedPages (1); + if (!SaveArea) { + return; + } + ZeroMem (SaveArea, EFI_PAGE_SIZE); + + // + // Propogate the CR0.NW and CR0.CD setting to the AP + // + ResetCr0.UintN =3D 0x00000010; + ApCr0.UintN =3D CpuData->VolatileRegisters.Cr0; + if (ApCr0.Bits.NW) { + ResetCr0.Bits.NW =3D 1; + } + if (ApCr0.Bits.CD) { + ResetCr0.Bits.CD =3D 1; + } + + // + // Propagate the CR4.MCE setting to the AP + // + ResetCr4.UintN =3D 0; + ApCr4.UintN =3D CpuData->VolatileRegisters.Cr4; + if (ApCr4.Bits.MCE) { + ResetCr4.Bits.MCE =3D 1; + } + + // + // Convert the start IP into a SIPI Vector + // + StartIp =3D CpuMpData->MpCpuExchangeInfo->BufferStart; + SipiVector =3D (UINT8) (StartIp >> 12); + + // + // Set the CS:RIP value based on the start IP + // + SaveArea->Cs.Base =3D SipiVector << 12; + SaveArea->Cs.Selector =3D SipiVector << 8; + SaveArea->Cs.Limit =3D 0xFFFF; + SaveArea->Cs.Attributes.Bits.Present =3D 1; + SaveArea->Cs.Attributes.Bits.Sbit =3D 1; + SaveArea->Cs.Attributes.Bits.Type =3D SEV_ES_RESET_CODE_SEGMENT_TYPE; + SaveArea->Rip =3D StartIp & 0xFFF; + + // + // Set the remaining values as defined in APM for INIT + // + SaveArea->Ds.Limit =3D 0xFFFF; + SaveArea->Ds.Attributes.Bits.Present =3D 1; + SaveArea->Ds.Attributes.Bits.Sbit =3D 1; + SaveArea->Ds.Attributes.Bits.Type =3D SEV_ES_RESET_DATA_SEGMENT_TYPE; + SaveArea->Es =3D SaveArea->Ds; + SaveArea->Fs =3D SaveArea->Ds; + SaveArea->Gs =3D SaveArea->Ds; + SaveArea->Ss =3D SaveArea->Ds; + + SaveArea->Gdtr.Limit =3D 0xFFFF; + SaveArea->Ldtr.Limit =3D 0xFFFF; + SaveArea->Ldtr.Attributes.Bits.Present =3D 1; + SaveArea->Ldtr.Attributes.Bits.Type =3D SEV_ES_RESET_LDT_TYPE; + SaveArea->Idtr.Limit =3D 0xFFFF; + SaveArea->Tr.Limit =3D 0xFFFF; + SaveArea->Ldtr.Attributes.Bits.Present =3D 1; + SaveArea->Ldtr.Attributes.Bits.Type =3D SEV_ES_RESET_TSS_TYPE; + + SaveArea->Efer =3D 0x1000; + SaveArea->Cr4 =3D ResetCr4.UintN; + SaveArea->Cr0 =3D ResetCr0.UintN; + SaveArea->Dr7 =3D 0x0400; + SaveArea->Dr6 =3D 0xFFFF0FF0; + SaveArea->Rflags =3D 0x0002; + SaveArea->GPat =3D 0x0007040600070406ULL; + SaveArea->XCr0 =3D 0x0001; + SaveArea->Mxcsr =3D 0x1F80; + SaveArea->X87Ftw =3D 0x5555; + SaveArea->X87Fcw =3D 0x0040; + + // + // Set the SEV-SNP specific fields for the save area: + // VMPL - always VMPL0 + // SEV_FEATURES - equivalent to the SEV_STATUS MSR right shifted 2 bits + // + SaveArea->Vmpl =3D 0; + SaveArea->SevFeatures =3D AsmReadMsr64 (MSR_SEV_STATUS) >> 2; + + // + // To turn the page into a recognized VMSA page, issue RMPADJUST: + // Target VMPL but numerically higher than current VMPL + // Target PermissionMask is not used + // + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS) (UINTN) SaveArea, + TRUE + ); + ASSERT (RmpAdjustStatus =3D=3D 0); + + ExitInfo1 =3D (UINT64) ApicId << 32; + ExitInfo1 |=3D SVM_VMGEXIT_SNP_AP_CREATE; + ExitInfo2 =3D (UINT64) (UINTN) SaveArea; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + VmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D SaveArea->SevFeatures; + VmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D VmgExit ( + Ghcb, + SVM_EXIT_SNP_AP_CREATION, + ExitInfo1, + ExitInfo2 + ); + VmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + if (VmgExitStatus !=3D 0) { + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS) (UINTN) SaveArea, + FALSE + ); + if (RmpAdjustStatus =3D=3D 0) { + FreePages (SaveArea, 1); + } else { + DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed, leaking VMSA page\n"= )); + } + + SaveArea =3D NULL; + } + + if (CpuData->SevEsSaveArea) { + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS) (UINTN) CpuData->SevEsSaveA= rea, + FALSE + ); + if (RmpAdjustStatus =3D=3D 0) { + FreePages (CpuData->SevEsSaveArea, 1); + } else { + DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed, leaking VMSA page\n"= )); + } + } + + CpuData->SevEsSaveArea =3D SaveArea; +} + +/** + Create SEV-SNP APs. + + @param[in] CpuMpData Pointer to CPU MP Data + @param[in] ProcessorNumber The handle number of specified processor + (-1 for all APs) +**/ +STATIC +VOID +SevSnpCreateAP ( + IN CPU_MP_DATA *CpuMpData, + IN INTN ProcessorNumber + ) +{ + CPU_INFO_IN_HOB *CpuInfoInHob; + CPU_AP_DATA *CpuData; + UINTN Index; + UINT32 ApicId; + + ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000); + + CpuInfoInHob =3D (CPU_INFO_IN_HOB *) (UINTN) CpuMpData->CpuInfoInHob; + + if (ProcessorNumber < 0) { + for (Index =3D 0; Index < CpuMpData->CpuCount; Index++) { + if (Index !=3D CpuMpData->BspNumber) { + CpuData =3D &CpuMpData->CpuData[Index]; + ApicId =3D CpuInfoInHob[Index].ApicId, + SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); + } + } + } else { + Index =3D (UINTN) ProcessorNumber; + CpuData =3D &CpuMpData->CpuData[Index]; + ApicId =3D CpuInfoInHob[ProcessorNumber].ApicId, + SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); + } +} + /** This function will be called by BSP to wakeup AP. =20 @@ -1332,7 +1549,7 @@ WakeUpAP ( ResetVectorRequired =3D FALSE; =20 if (CpuMpData->WakeUpByInitSipiSipi || - CpuMpData->InitFlag !=3D ApInitDone) { + CpuMpData->InitFlag !=3D ApInitDone) { ResetVectorRequired =3D TRUE; AllocateResetVector (CpuMpData); AllocateSevEsAPMemory (CpuMpData); @@ -1373,7 +1590,7 @@ WakeUpAP ( } if (ResetVectorRequired) { // - // For SEV-ES, the initial AP boot address will be defined by + // For SEV-ES and SEV-SNP, the initial AP boot address will be defin= ed by // PcdSevEsWorkAreaBase. The Segment/Rip must be the jump address // from the original INIT-SIPI-SIPI. // @@ -1383,8 +1600,14 @@ WakeUpAP ( =20 // // Wakeup all APs + // Must use the INIT-SIPI-SIPI method for initial configuration in + // order to obtain the APIC ID. // - SendInitSipiSipiAllExcludingSelf ((UINT32) ExchangeInfo->BufferStart= ); + if (CpuMpData->SevSnpIsEnabled && CpuMpData->InitFlag !=3D ApInitCon= fig) { + SevSnpCreateAP (CpuMpData, -1); + } else { + SendInitSipiSipiAllExcludingSelf ((UINT32) ExchangeInfo->BufferSta= rt); + } } if (CpuMpData->InitFlag =3D=3D ApInitConfig) { if (PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) { @@ -1474,7 +1697,7 @@ WakeUpAP ( CpuInfoInHob =3D (CPU_INFO_IN_HOB *) (UINTN) CpuMpData->CpuInfoInHob; =20 // - // For SEV-ES, the initial AP boot address will be defined by + // For SEV-ES and SEV-SNP, the initial AP boot address will be defin= ed by // PcdSevEsWorkAreaBase. The Segment/Rip must be the jump address // from the original INIT-SIPI-SIPI. // @@ -1482,10 +1705,14 @@ WakeUpAP ( SetSevEsJumpTable (ExchangeInfo->BufferStart); } =20 - SendInitSipiSipi ( - CpuInfoInHob[ProcessorNumber].ApicId, - (UINT32) ExchangeInfo->BufferStart - ); + if (CpuMpData->SevSnpIsEnabled && CpuMpData->InitFlag !=3D ApInitCon= fig) { + SevSnpCreateAP (CpuMpData, (INTN) ProcessorNumber); + } else { + SendInitSipiSipi ( + CpuInfoInHob[ProcessorNumber].ApicId, + (UINT32) ExchangeInfo->BufferStart + ); + } } // // Wait specified AP waken up @@ -2016,10 +2243,15 @@ MpInitLibInitialize ( CpuMpData->CpuData =3D (CPU_AP_DATA *) (CpuMpData + 1); CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); - CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); - CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); - CpuMpData->SevEsAPBuffer =3D (UINTN) -1; - CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); + CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); + CpuMpData->SevEsAPBuffer =3D (UINTN) -1; + CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); + CpuMpData->UseSevEsAPMethod =3D CpuMpData->SevEsIsEnabled && !CpuMpData-= >SevSnpIsEnabled; + + if (CpuMpData->SevSnpIsEnabled) { + ASSERT ((PcdGet64 (PcdGhcbHypervisorFeatures) & GHCB_HV_FEATURES_SNP_A= P_CREATE) =3D=3D GHCB_HV_FEATURES_SNP_AP_CREATE); + } =20 // // Make sure no memory usage outside of the allocated buffer. diff --git a/UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c b/U= efiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c new file mode 100644 index 000000000000..0716a4623e38 --- /dev/null +++ b/UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c @@ -0,0 +1,44 @@ +/** @file + + RMPADJUST helper function. + + Copyright (c) 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "MpLib.h" + +/** + Issue RMPADJUST to adjust the attributes of an SEV-SNP page. + + @param[in] PageAddress + @param[in] VmsaPage + + @return RMPADJUST return value +**/ +UINT32 +SevSnpRmpAdjust ( + IN EFI_PHYSICAL_ADDRESS PageAddress, + IN BOOLEAN VmsaPage + ) +{ + UINT64 Rdx; + UINT8 Vmpl; + UINT8 PermissionMask; + + // + // Use the highest VMPL level. + // + PermissionMask =3D 0; + Vmpl =3D RMPADJUST_VMPL_MAX; + + Rdx =3D (Vmpl & RMPADJUST_VMPL_MASK) << RMPADJUST_VMPL_SHIFT; + Rdx |=3D (PermissionMask & RMPADJUST_PERMISSION_MASK_MASK) << RMPADJUST_= PERMISSION_MASK_SHIFT; + if (VmsaPage) { + Rdx |=3D RMPADJUST_VMSA_PAGE_BIT; + } + + return AsmRmpAdjust ((UINT64) PageAddress, 0, Rdx); +} --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75737): https://edk2.groups.io/g/devel/message/75737 Mute This Topic: https://groups.io/mt/83113787/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 07:48:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75738+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75738+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1622070722444371.473551792645; Wed, 26 May 2021 16:12:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IxaQYY1788612x9Bkb9FabqR; Wed, 26 May 2021 16:12:02 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.85]) by mx.groups.io with SMTP id smtpd.web10.49.1622070721146746750 for ; Wed, 26 May 2021 16:12:01 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QfZYjQ5lFL0LzeIdsBjYWE07uL76e+wt3QyYQ824G7PRs2JE9HVoKJ1ux4ztvYe0xWzXTJwOTqipZjyj/wlss51xbazYPK14ofvjO6T2FJoVKfwdMuwW5QmRdWNB6AhMkymtNhtyt1Yy9W4lPYnkji1EwMxJQdSqU8dsVbTO4fk70aRKHB3OXdo8ctUHfme/p6V4uitfMiCXl2x0mcArK92r84/DLuVzeHxLjK0itxIFd5ywZotmcT/BU75OTum7wThWSNJkf7b8iFXACq21nQxHfiz38jV55/WG9Ws3IpeA5FIMIP5xtd/gAJkCXNxUya7O0OtuRmddIvhrzehY9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GOlMVNoaNWKZI24xZOVSadSUfNNV7TPKF6UacMkGnYk=; b=USYORyro85hGpINQEaRhtJhn5hVD20MRLIDvA2ctTUzT2ChyC3tFGWCpDnyp+bWSx/8Iptd2YcAIdyJc/XAG3SqUR0sx+pf2YkeMf4ZyHcX2eoTHTtac9XkbqlPgpWjXK0X+Wc+RHlQ8+HBvYWXBzbqHW57bUyxRW9txoI6/7RTKpjliFlnXLbj8bp/VE9szOtkyA46s/Da7qdyOvyGTkTeY7hBTONdFiMQ26KO3EY7HnDsmzINKkRWQeBNycBosorHrtCBVJglU0zyzkZ3L6QWtgUit+f0UJIF3kW0ZTyo4SDkYHzk1ITndOB2g+HhsJkB+007ttiSN6fKIe4EFLg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:58 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:58 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [edk2-devel] [PATCH RFC v3 22/22] MdePkg/GHCB: increase the GHCB protocol max version Date: Wed, 26 May 2021 18:11:18 -0500 Message-ID: <20210526231118.12946-23-brijesh.singh@amd.com> In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: caba3a72-2f49-4da9-258e-08d9209ba7be X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1060; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: Voclbipo+/BSBSQTK4OPVTh0yC8FDrkpB0z8g7yxwLU/k4klGuU29BwAoGcBsLLmd8MP37JFfgMCQ3n8W5gwpduJgFgcqDlunFxDzqI1f+yA0buLFHoCv3+1TIkaPv8xXul5aFbE/Bt/lspT2u1HSLhZBXGVdBnk4a/P2EpLWxhCCdU64uCev2tdRHsE7PQocKcAFsSin3FTGMxsq66t7e6PkLjy7vXoTzsUD8+MnARYUWvr+TdjZS56Tydy2rCUvgKYq8QonQCbTgQC0gG3+NJNA/BVLKoA6rwQncmWCQ0+1HAjXQuRtcXjsFnW6+qfmTUMkYiBTb2MGYfj/OTppS9WJiTZmOlNWyl/jVn5TL9LLqXzpGi5rfdNn0dVX9rKH3WwO31snrIPWcsgyDGwTtOgbr6ECZPEUZCT11pBw+H4O7lLivGnHbH96wIT0nGe+lkMuOzpxvPeIEmQXJM9gBrplng1GIAOsKEWdzLH9HIFIIrt4xvzTzx31UWCRkTe1N1f4qiHGLCfcB3GSPdte0pQheN1bxS6fVqOkDqPYMdeoEh9EhpF41dkDiSsxZS/trqWAVQ6UZJux74eQ2ht9J2+L7MEwQ9T0QQtmZ4keuq6uj9LsE92zm8f+xlBvcAcPAXff9ESaZ0bq02DQcb7YW3KTOrkaKWwyrNrFLhb7U6eJTOWzXaFN6VwkP3UcyczTTJBvGwLkM1UE4qn2y/0A4tQFWW/YJqEfOnQz/LeAUydiGv3QH0Z6BMm3K9fArU0ORJv/GIFZd34w/+30R7w8/gfpvylsfmZVLraMyrrryw= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?hsWRZmbE3kZX61r5+/hRXBo1zFrh/Eyz6pMFklRRYUp3p7DiknduIubdmare?= =?us-ascii?Q?CdWz7g4fZA7du1Bjqd//c7rJG/DjjOZPYeZd8qcNcCSz67lmkZzH1Yz532Mz?= =?us-ascii?Q?cOO7mvojV0cV9W+gd0H9KP/m1Q/SmfZkHUN5d18wZeXLabOZWFwwZa+0j24R?= =?us-ascii?Q?KkWrBZN7HdDWWv0dmlM609SFVQWkvgJyFh0F9feLZ3oPUfsWvmrxQB++/ClY?= =?us-ascii?Q?HpSEZtkVIJ+8lacVpeiFV82z1CJpslMMKc2v8twdG7wrN74EGkVhUh1z3mk3?= =?us-ascii?Q?aju4QaMt4G2e8ZqWBp5vzEYJjMK3a2flrWqbIT1P+wWu5Nb/nmPdv68P2Yxh?= =?us-ascii?Q?1F4oXy+xtyHQ2PB2EINoGDYJW8FfIoqZm3gFHvHJDQV4SLsfsCj4RyRmB0+E?= =?us-ascii?Q?0dUZ8zFA9FDMC6uFuVxih5wtMWzrJn8pW1BrERy4aoLrK5IJOxKgGS50lmjU?= =?us-ascii?Q?ywJAeMjpdq5UKNFncFXYkTe5/68tFfXsE+ouOZqoVnpkZZutsHcBTakAKJFt?= =?us-ascii?Q?YGGzlDQUeqPFT7lS+StBACflEPQFPmt4OPKmIGV+ED0UVolf5PO3GErXZVJR?= =?us-ascii?Q?YuKw28nE7RlOW9G2bNmJH4sPKUnkz5HKg2wrEisdM+6Gn8Njf81bJwIbmKnp?= =?us-ascii?Q?YO9/NehnlkfCBls+8trpw75La9QcTIjloR/51V4ea6t2wR7tOF7sE5d04ZI+?= =?us-ascii?Q?xUj3rfbL3lW30Kun0e360JurGqWg6bjDQx1yyHNNMI0/RCDb/wTx/SlmyUMs?= =?us-ascii?Q?2AN3gJ3YZrnQ/mdSMM0SaXDmRdfCCk0JcneHOcH1ajRpb3XHJNJuj5QE1yPE?= =?us-ascii?Q?3z/ApUJxMFoR91LHg4EEz30mFilr538ZWKEN1Yn9qrKv/4ExkW1xwh+M2jLm?= =?us-ascii?Q?CHipCGESBo5RMNqHAJry8UzHEIfSb7uJ+x0DiRZM6XOSLPJobK3OtQxkiiSn?= =?us-ascii?Q?mm/iySsfVvGj0Fo9N+LpUIATiiEFMZ7yqc9IFTOE5pv+YPQIb5wjK0Fd3TXG?= =?us-ascii?Q?n8GmK8mwz1nljpr03ua9eExURBTPp+JyKDwKgPRx/m1gP3U8kgB7oiQyQVUt?= =?us-ascii?Q?grZ7HwLOG1jk9Y8EVG3UGIJzEu44SE+OEGAd6SmdQ/JsvG+5Gjlz3gMsV7Iy?= =?us-ascii?Q?eO47aVmneRdfe0quEA7PcuFRZBLxo4yUWaPz+IO59Wl3BvSWfrPNTcxGNANI?= =?us-ascii?Q?AZrwbZQPxMrLBGesGZxHWeLBNyov3KsphqRlUne2OvDvcvv5Tnfwfurs8n1x?= =?us-ascii?Q?puSVPcW0L//41X/Olz4E4Z6jZHDiZrmpzSBG50EfuxV11JhjPHQWSnBBp6xd?= =?us-ascii?Q?AA0Cp4cES1+znsVmgZ4QRs+1?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: caba3a72-2f49-4da9-258e-08d9209ba7be X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:57.9428 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 0Y3yUHJT6dV/eLgojDZNX/4GWV/MjeJFe/i72jtZuzZbtZTNwzE529GRZcuuVROurlBZTddoi+qLEKWnaJNHcg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 2lE2UOgwbTGTX1jWcZsrG7Evx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1622070722; bh=BPX+gCU5FsWL8s0B9J1XXCcLxHvV732WMGRvprE1k64=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=OER/rnJGEciK9CYMmpUeRo6Y8+oxukb3JOAlMvwffd6rB6WudtDybBiDyUPVmR2vEQI bhQTlqwLf3jOADAMFf8FyifSh7mWHyY3YCmfp4ctluFekxtuAVLLzl2N8gYI6VOaHyguQ na/hEuLarPe2n37LLLPAozLqQYOagwih2TU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Now that OvmfPkg supports version 2 of the GHCB specification, bump the protocol version. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Liming Gao --- MdePkg/Include/Register/Amd/Ghcb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index 4d1ee29e0a5e..191fd0876060 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -24,7 +24,7 @@ #define VC_EXCEPTION 29 =20 #define GHCB_VERSION_MIN 1 -#define GHCB_VERSION_MAX 1 +#define GHCB_VERSION_MAX 2 =20 #define GHCB_STANDARD_USAGE 0 =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75738): https://edk2.groups.io/g/devel/message/75738 Mute This Topic: https://groups.io/mt/83113789/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-