From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77191+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77191+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902218860889.9542264838942; Mon, 28 Jun 2021 10:43:38 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id NpjBYY1788612xHMyHGSOhkX; Mon, 28 Jun 2021 10:43:38 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a8TDnjWPrAMD3KIVkatG+icbvd+emEsCEtRcZhRaeMATbf9xFUTtVbLei5Zy0wj1XtlETMellX10K4wQQTjFhp9swNCnVq3gVgq4XsIYKXvI4aqDgcGgO4NrAiI+48R8HkpbKu0SbZkXFqXPwDYpIGtpr+UueElPLwVJwbk28gHN91GCbqatBKAIQxwHS0a1DpVWHtwj0LlhMSKrqXKhYo6b3UANMY/ZB52E+BWIGc0fMKTEwWSALoLtZ64WoXFbnLPLUYNjo3qnVQ6IwVu+AUyxIO95DlKvKgXQOXwlZFOCV9wYQ/Vpuiwhn29C5n+vhs8lFbS8OqICDwRDjPiz5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LSvqNuT0TDYhkD3uCrZhTz5JCpcSwLVH2r97WDIr1S4=; b=AhOcRoVOivUgYGXWW7B0itODCMBpeRKMilAh2adJkXrbiQH92fKxR0gTm6MxguzLEawtPb1a/V/9koa+Dyc5/hD0mkQ+2PhykaeFktsdaiZhvDu9Gpc7D/YIgcyCUx5x0EdgXWRcGHJToE0PlxH5/0xXGqOcSrzZ0cBQx/sI8PE3TApLbznvrxq86Dp1Vklf/tpmjnJLkhdC4EpxU1SLXI+1CH05v5MJ37JQeJY1sNvtpTeZPw1lJY90pILvyoXNu8aYpZDgXworQu5bV8Ini0Yd/M3MAAbs+paJAmyQAmr9tZmAxt5EsrUp7E+lbXPL+pazH7tgeMSL4hws5aUUKw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:21 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:21 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 01/27] OvmfPkg/ResetVector: move SEV specific code in a separate file Date: Mon, 28 Jun 2021 12:41:57 -0500 Message-ID: <20210628174223.1302-2-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fe1865b9-0ce1-42fe-ae02-08d93a5c38f6 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: OuaPAmR/aJrttEoU9wQr83QVlkHY6f1HL5gU0S78S0vog8Gre6febXboSIUBM1HzGbenhc6+40HSL1uH7os45ocwKGtv3+UXH0Y2d73iTmrZPMgi+R2uRCBSv9CzHr9f3E5CP4e2ivaJyDmR+Ombif0irRzroNPOBIYUT9FVbOL1midy/UHYGHiJ7HJwEB4S4m1oKvpa5uJyR8GfDdpwfFo22FLEv0cy+uLT6rPBjI3czgyLnX9pk7VH0wituNvl+P4tC45mk5tg3JBSsKyAuTIVCRWchhw6D6/Yqt62GVl6IeW8ZHVUS/wTNEL6LB7u/QIfi0z/ix4swdxdfNglNPBI1KE1EVADKf4SqHfsAmkcWToIVud16QqGkp6NU7N6uGtPrrsjzGgg1F0qIGgRAYSRlVzzOkxtYOhc9KKsM4NMlYe1tORCoU5fZLTOf3qr2gLvtEEncP+jJ7XbyZYYlRWpw78R5cLn6WTB8lUtT8vF+jllYFT/qRaRlLpMh6X0FwCxW8EFNE0ZlVG573v5oZN9bTblAyVBd+W4tMj6CQOGPjWIoTg438RyRb0ZA7fQIMRgxP861mETDhMfWerkamWOMn5BP1/QRDxd/PoygLQlu4I+LUZgv0UhUkiZMYlC1L3Ncd+Tq6PcbdPQepIUirTXWUD0Sy999P6DfEh5Q0JmZ/T/8jkH6R4na2KSZ+lOBBKY/6Ls2ENfPCt/BXwcY2s5oARV8G3S8sX0dVGtbkF2OpB5GhBAaomDatUvCRNXoCctuPTf9bmmSE7xUSXY/nfQqAMfPgnuhyYZrczCEAulIzS0TaPCBzP5jknYrShB X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?YHXU59TS/ZXUsuNwYkiWutORNqyAFu8lKD7kfDP8A3WR0qfE9LH4LDLRe7QR?= =?us-ascii?Q?OLR9ivq8ZJzzPoPWPaS8J3gDTVIK/mIPNILRNSUDu4mdJ2++2dU2OCma8j9P?= =?us-ascii?Q?v7f2qEwF4RTIm+dZmHiaa6tmnATp4O9FilyTdOb4YoP7gTI76ScZ/caakHJc?= =?us-ascii?Q?LSQj5F4MNuKf9n/Kf1bQ38osZRftiJOD+HYI97Z4IqgrluJlZVngrh6scMrJ?= =?us-ascii?Q?ZSACj7FzEipOI7lEc4dGDDWDJKkt3mqjIpxfti2Cc6/uZH8dAUAdZiUKbCr2?= =?us-ascii?Q?ui+LnvHge/em56zd/FkH1blFWJ7VcmKtsV1i9+hgfJPPiFQr2gj5OP9TEBG2?= =?us-ascii?Q?KsO/g5qIqU8Lv1v1U3Tu9qU9IkHG2A9iGMcxPELX6KreL7vCyY9ioMvFBnl3?= =?us-ascii?Q?pV6foUW6/sXi4nlBj2vNxu9KbMIYFER9UAfIUim6e6lL9md9uX1BCYpAghmC?= =?us-ascii?Q?Q+XigL8H/lI+p3vkowgrqqQxzs9rTnKQkczNNjIYW4aYjZ69izjuDeN8Q6/e?= =?us-ascii?Q?AX7F/QSIrKvA4Zd4nhENnWMCW7qYVIvh5qSqkTxmkQWMB4nVIFtIvhCnYsCy?= =?us-ascii?Q?O/u6cvzHO0W8Xa+2wvqwunmz+iK9sc5sW/sm8Ylhej5lEGeDHCWJBvLc6N12?= =?us-ascii?Q?46ThI/L3NxlLYbw5hqXumbduzwpJgHiqSLRRGX3VH1AlofqEsABcR6vtdmQN?= =?us-ascii?Q?SdzvtSZDnimvkXUqHNQc1/JwTxSVQS/Z2jSsPUa4v4wkc6RA7XJ1by9s5QIh?= =?us-ascii?Q?bMvNNkKzSIDNRYj/eZl2NYZ2XP9hLW0SB89ShLbsWQ9LIhiU3TBD4yT8topL?= =?us-ascii?Q?lh3XIRLv13bBEIhojY3rW6Aj12oRevEuhWZyz5Ebxz9WlC6e5vJAdmHT7Jfn?= =?us-ascii?Q?rYBOxpjNwEEMT2B7s1KrhB494zt3uj/Y2oZAnl2IwaRXxdgOr+af3yYbQdgU?= =?us-ascii?Q?wDOgmX2Xw07JTa838Om0IXxuQ9zQulRATXPrSR/Fr4S42LoXx2JMhFye6hS+?= =?us-ascii?Q?ojUIXVfe9jMIW5uOozmIpF3sMEf1UeWowBB3EV8VjsC6B2wZs/EqloYUkEdo?= =?us-ascii?Q?EmwsptlT2p06tExhTxMoYVabB/DF8eGLhg7CEqv9A3leXtL+rtCZSpZngbsN?= =?us-ascii?Q?JkOHHrns+XAHVmJUbr7YowpSSnMC+rBViGulMpZw9YHcrtFulfiN2C+GoEin?= =?us-ascii?Q?PTN3jfmOIqZOjqFsCgn2JoN/5KkkJEaAiI/t+GI5uBrzmS82BA06u5v/qwwk?= =?us-ascii?Q?csvowRIYWSzqIwUp740+5fKFlBEfRP9rfWahx/NcGEpPJtk59qhLTnSAC9Rh?= =?us-ascii?Q?uytjZoEiRAmcdSu+hyzs6/Wr?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: fe1865b9-0ce1-42fe-ae02-08d93a5c38f6 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:21.8397 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qThkmrIMAAAVEC6Q8VnTTlDOf3pqlqFS4t2F1pXli+71lWZsAkp1QxYdsTpjNzQoXm4F5ttF+IMM0Jyfz2dlwQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: fBUaWzvgxoRmttOQjLtkUpOSx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902218; bh=VydVLd71afvqrRAWe5Ty9RpqWG6o9HmTftZUmdcGWlE=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=tARmb+ehFe7/gYZKZT5FjK1XHPsbvJwSFFIKH7dba7K0fkenLjPpyLKd+vgzl/JgZeV 5CW4yt1B2SoJdXlO6EMSZ/gaQbsuei+4QGFmmCiCuOTQ90yWpuNEHr21Rq7x9sSv55mxR eny0apnUs1P490EXZ6lNInPAgt/rASEN3qs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The PageTables64.asm was created to provide routines to set the CR3 register for 64-bit paging. During the SEV support, it grew to include a lot of the SEV stuff. Before adding more SEV features, let's move all the SEV-specific routines into a separate file. No functionality change intended. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- .../Ia32/{PageTables64.asm =3D> AmdSev.asm} | 140 ------- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 391 ------------------ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 3 files changed, 1 insertion(+), 531 deletions(-) copy OvmfPkg/ResetVector/Ia32/{PageTables64.asm =3D> AmdSev.asm} (71%) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/AmdSev.asm similarity index 71% copy from OvmfPkg/ResetVector/Ia32/PageTables64.asm copy to OvmfPkg/ResetVector/Ia32/AmdSev.asm index 5fae8986d9da..b32dd3b5d656 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -10,33 +10,6 @@ =20 BITS 32 =20 -%define PAGE_PRESENT 0x01 -%define PAGE_READ_WRITE 0x02 -%define PAGE_USER_SUPERVISOR 0x04 -%define PAGE_WRITE_THROUGH 0x08 -%define PAGE_CACHE_DISABLE 0x010 -%define PAGE_ACCESSED 0x020 -%define PAGE_DIRTY 0x040 -%define PAGE_PAT 0x080 -%define PAGE_GLOBAL 0x0100 -%define PAGE_2M_MBO 0x080 -%define PAGE_2M_PAT 0x01000 - -%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \ - PAGE_DIRTY + \ - PAGE_READ_WRITE + \ - PAGE_PRESENT) - -%define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \ - PAGE_ACCESSED + \ - PAGE_DIRTY + \ - PAGE_READ_WRITE + \ - PAGE_PRESENT) - -%define PAGE_PDP_ATTR (PAGE_ACCESSED + \ - PAGE_READ_WRITE + \ - PAGE_PRESENT) - ; ; SEV-ES #VC exception handler support ; @@ -213,119 +186,6 @@ IsSevEsEnabled: SevEsDisabled: OneTimeCallRet IsSevEsEnabled =20 -; -; Modified: EAX, EBX, ECX, EDX -; -SetCr3ForPageTables64: - - OneTimeCall CheckSevFeatures - xor edx, edx - test eax, eax - jz SevNotActive - - ; If SEV is enabled, C-bit is always above 31 - sub eax, 32 - bts edx, eax - -SevNotActive: - - ; - ; For OVMF, build some initial page tables at - ; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000). - ; - ; This range should match with PcdOvmfSecPageTablesSize which is - ; declared in the FDF files. - ; - ; At the end of PEI, the pages tables will be rebuilt into a - ; more permanent location by DxeIpl. - ; - - mov ecx, 6 * 0x1000 / 4 - xor eax, eax -clearPageTablesMemoryLoop: - mov dword[ecx * 4 + PT_ADDR (0) - 4], eax - loop clearPageTablesMemoryLoop - - ; - ; Top level Page Directory Pointers (1 * 512GB entry) - ; - mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR - mov dword[PT_ADDR (4)], edx - - ; - ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB) - ; - mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR - mov dword[PT_ADDR (0x1004)], edx - mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR - mov dword[PT_ADDR (0x100C)], edx - mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR - mov dword[PT_ADDR (0x1014)], edx - mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR - mov dword[PT_ADDR (0x101C)], edx - - ; - ; Page Table Entries (2048 * 2MB entries =3D> 4GB) - ; - mov ecx, 0x800 -pageTableEntriesLoop: - mov eax, ecx - dec eax - shl eax, 21 - add eax, PAGE_2M_PDE_ATTR - mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax - mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx - loop pageTableEntriesLoop - - OneTimeCall IsSevEsEnabled - test eax, eax - jz SetCr3 - - ; - ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. - ; This requires the 2MB page for this range be broken down into 512 4KB - ; pages. All will be marked encrypted, except for the GHCB. - ; - mov ecx, (GHCB_BASE >> 21) - mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR - mov [ecx * 8 + PT_ADDR (0x2000)], eax - - ; - ; Page Table Entries (512 * 4KB entries =3D> 2MB) - ; - mov ecx, 512 -pageTableEntries4kLoop: - mov eax, ecx - dec eax - shl eax, 12 - add eax, GHCB_BASE & 0xFFE0_0000 - add eax, PAGE_4K_PDE_ATTR - mov [ecx * 8 + GHCB_PT_ADDR - 8], eax - mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx - loop pageTableEntries4kLoop - - ; - ; Clear the encryption bit from the GHCB entry - ; - mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 - mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 - - mov ecx, GHCB_SIZE / 4 - xor eax, eax -clearGhcbMemoryLoop: - mov dword[ecx * 4 + GHCB_BASE - 4], eax - loop clearGhcbMemoryLoop - -SetCr3: - ; - ; Set CR3 now that the paging structures are available - ; - mov eax, PT_ADDR (0) - mov cr3, eax - - OneTimeCallRet SetCr3ForPageTables64 - -; ; Start of #VC exception handling routines ; =20 diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 5fae8986d9da..eacdb69ddb9f 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -37,182 +37,6 @@ BITS 32 PAGE_READ_WRITE + \ PAGE_PRESENT) =20 -; -; SEV-ES #VC exception handler support -; -; #VC handler local variable locations -; -%define VC_CPUID_RESULT_EAX 0 -%define VC_CPUID_RESULT_EBX 4 -%define VC_CPUID_RESULT_ECX 8 -%define VC_CPUID_RESULT_EDX 12 -%define VC_GHCB_MSR_EDX 16 -%define VC_GHCB_MSR_EAX 20 -%define VC_CPUID_REQUEST_REGISTER 24 -%define VC_CPUID_FUNCTION 28 - -; #VC handler total local variable size -; -%define VC_VARIABLE_SIZE 32 - -; #VC handler GHCB CPUID request/response protocol values -; -%define GHCB_CPUID_REQUEST 4 -%define GHCB_CPUID_RESPONSE 5 -%define GHCB_CPUID_REGISTER_SHIFT 30 -%define CPUID_INSN_LEN 2 - - -; Check if Secure Encrypted Virtualization (SEV) features are enabled. -; -; Register usage is tight in this routine, so multiple calls for the -; same CPUID and MSR data are performed to keep things simple. -; -; Modified: EAX, EBX, ECX, EDX, ESP -; -; If SEV is enabled then EAX will be at least 32. -; If SEV is disabled then EAX will be zero. -; -CheckSevFeatures: - ; Set the first byte of the workarea to zero to communicate to the SEC - ; phase that SEV-ES is not enabled. If SEV-ES is enabled, the CPUID - ; instruction will trigger a #VC exception where the first byte of the - ; workarea will be set to one or, if CPUID is not being intercepted, - ; the MSR check below will set the first byte of the workarea to one. - mov byte[SEV_ES_WORK_AREA], 0 - - ; - ; Set up exception handlers to check for SEV-ES - ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for - ; stack usage) - ; Establish exception handlers - ; - mov esp, SEV_ES_VC_TOP_OF_STACK - mov eax, ADDR_OF(Idtr) - lidt [cs:eax] - - ; Check if we have a valid (0x8000_001F) CPUID leaf - ; CPUID raises a #VC exception if running as an SEV-ES guest - mov eax, 0x80000000 - cpuid - - ; This check should fail on Intel or Non SEV AMD CPUs. In future if - ; Intel CPUs supports this CPUID leaf then we are guranteed to have ex= act - ; same bit definition. - cmp eax, 0x8000001f - jl NoSev - - ; Check for SEV memory encryption feature: - ; CPUID Fn8000_001F[EAX] - Bit 1 - ; CPUID raises a #VC exception if running as an SEV-ES guest - mov eax, 0x8000001f - cpuid - bt eax, 1 - jnc NoSev - - ; Check if SEV memory encryption is enabled - ; MSR_0xC0010131 - Bit 0 (SEV enabled) - mov ecx, 0xc0010131 - rdmsr - bt eax, 0 - jnc NoSev - - ; Check for SEV-ES memory encryption feature: - ; CPUID Fn8000_001F[EAX] - Bit 3 - ; CPUID raises a #VC exception if running as an SEV-ES guest - mov eax, 0x8000001f - cpuid - bt eax, 3 - jnc GetSevEncBit - - ; Check if SEV-ES is enabled - ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) - mov ecx, 0xc0010131 - rdmsr - bt eax, 1 - jnc GetSevEncBit - - ; Set the first byte of the workarea to one to communicate to the SEC - ; phase that SEV-ES is enabled. - mov byte[SEV_ES_WORK_AREA], 1 - -GetSevEncBit: - ; Get pte bit position to enable memory encryption - ; CPUID Fn8000_001F[EBX] - Bits 5:0 - ; - and ebx, 0x3f - mov eax, ebx - - ; The encryption bit position is always above 31 - sub ebx, 32 - jns SevSaveMask - - ; Encryption bit was reported as 31 or below, enter a HLT loop -SevEncBitLowHlt: - cli - hlt - jmp SevEncBitLowHlt - -SevSaveMask: - xor edx, edx - bts edx, ebx - - mov dword[SEV_ES_WORK_AREA_ENC_MASK], 0 - mov dword[SEV_ES_WORK_AREA_ENC_MASK + 4], edx - jmp SevExit - -NoSev: - ; - ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred. - ; - cmp byte[SEV_ES_WORK_AREA], 0 - jz NoSevPass - - ; - ; A #VC was received, yet CPUID indicates no SEV-ES support, something - ; isn't right. - ; -NoSevEsVcHlt: - cli - hlt - jmp NoSevEsVcHlt - -NoSevPass: - xor eax, eax - -SevExit: - ; - ; Clear exception handlers and stack - ; - push eax - mov eax, ADDR_OF(IdtrClear) - lidt [cs:eax] - pop eax - mov esp, 0 - - OneTimeCallRet CheckSevFeatures - -; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat= ure -; is enabled. -; -; Modified: EAX -; -; If SEV-ES is enabled then EAX will be non-zero. -; If SEV-ES is disabled then EAX will be zero. -; -IsSevEsEnabled: - xor eax, eax - - ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if - ; SEV-ES is enabled. - cmp byte[SEV_ES_WORK_AREA], 1 - jne SevEsDisabled - - mov eax, 1 - -SevEsDisabled: - OneTimeCallRet IsSevEsEnabled - ; ; Modified: EAX, EBX, ECX, EDX ; @@ -324,218 +148,3 @@ SetCr3: mov cr3, eax =20 OneTimeCallRet SetCr3ForPageTables64 - -; -; Start of #VC exception handling routines -; - -SevEsIdtNotCpuid: - ; - ; Use VMGEXIT to request termination. - ; 1 - #VC was not for CPUID - ; - mov eax, 1 - jmp SevEsIdtTerminate - -SevEsIdtNoCpuidResponse: - ; - ; Use VMGEXIT to request termination. - ; 2 - GHCB_CPUID_RESPONSE not received - ; - mov eax, 2 - -SevEsIdtTerminate: - ; - ; Use VMGEXIT to request termination. At this point the reason code is - ; located in EAX, so shift it left 16 bits to the proper location. - ; - ; EAX[11:0] =3D> 0x100 - request termination - ; EAX[15:12] =3D> 0x1 - OVMF - ; EAX[23:16] =3D> 0xXX - REASON CODE - ; - shl eax, 16 - or eax, 0x1100 - xor edx, edx - mov ecx, 0xc0010130 - wrmsr - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 - - ; - ; We shouldn't come back from the VMGEXIT, but if we do, just loop. - ; -SevEsIdtHlt: - hlt - jmp SevEsIdtHlt - iret - - ; - ; Total stack usage for the #VC handler is 44 bytes: - ; - 12 bytes for the exception IRET (after popping error code) - ; - 32 bytes for the local variables. - ; -SevEsIdtVmmComm: - ; - ; If we're here, then we are an SEV-ES guest and this - ; was triggered by a CPUID instruction - ; - ; Set the first byte of the workarea to one to communicate that - ; a #VC was taken. - mov byte[SEV_ES_WORK_AREA], 1 - - pop ecx ; Error code - cmp ecx, 0x72 ; Be sure it was CPUID - jne SevEsIdtNotCpuid - - ; Set up local variable room on the stack - ; CPUID function : + 28 - ; CPUID request register : + 24 - ; GHCB MSR (EAX) : + 20 - ; GHCB MSR (EDX) : + 16 - ; CPUID result (EDX) : + 12 - ; CPUID result (ECX) : + 8 - ; CPUID result (EBX) : + 4 - ; CPUID result (EAX) : + 0 - sub esp, VC_VARIABLE_SIZE - - ; Save the CPUID function being requested - mov [esp + VC_CPUID_FUNCTION], eax - - ; The GHCB CPUID protocol uses the following mapping to request - ; a specific register: - ; 0 =3D> EAX, 1 =3D> EBX, 2 =3D> ECX, 3 =3D> EDX - ; - ; Set EAX as the first register to request. This will also be used as a - ; loop variable to request all register values (EAX to EDX). - xor eax, eax - mov [esp + VC_CPUID_REQUEST_REGISTER], eax - - ; Save current GHCB MSR value - mov ecx, 0xc0010130 - rdmsr - mov [esp + VC_GHCB_MSR_EAX], eax - mov [esp + VC_GHCB_MSR_EDX], edx - -NextReg: - ; - ; Setup GHCB MSR - ; GHCB_MSR[63:32] =3D CPUID function - ; GHCB_MSR[31:30] =3D CPUID register - ; GHCB_MSR[11:0] =3D CPUID request protocol - ; - mov eax, [esp + VC_CPUID_REQUEST_REGISTER] - cmp eax, 4 - jge VmmDone - - shl eax, GHCB_CPUID_REGISTER_SHIFT - or eax, GHCB_CPUID_REQUEST - mov edx, [esp + VC_CPUID_FUNCTION] - mov ecx, 0xc0010130 - wrmsr - - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 - - ; - ; Read GHCB MSR - ; GHCB_MSR[63:32] =3D CPUID register value - ; GHCB_MSR[31:30] =3D CPUID register - ; GHCB_MSR[11:0] =3D CPUID response protocol - ; - mov ecx, 0xc0010130 - rdmsr - mov ecx, eax - and ecx, 0xfff - cmp ecx, GHCB_CPUID_RESPONSE - jne SevEsIdtNoCpuidResponse - - ; Save returned value - shr eax, GHCB_CPUID_REGISTER_SHIFT - mov [esp + eax * 4], edx - - ; Next register - inc word [esp + VC_CPUID_REQUEST_REGISTER] - - jmp NextReg - -VmmDone: - ; - ; At this point we have all CPUID register values. Restore the GHCB MS= R, - ; set the return register values and return. - ; - mov eax, [esp + VC_GHCB_MSR_EAX] - mov edx, [esp + VC_GHCB_MSR_EDX] - mov ecx, 0xc0010130 - wrmsr - - mov eax, [esp + VC_CPUID_RESULT_EAX] - mov ebx, [esp + VC_CPUID_RESULT_EBX] - mov ecx, [esp + VC_CPUID_RESULT_ECX] - mov edx, [esp + VC_CPUID_RESULT_EDX] - - add esp, VC_VARIABLE_SIZE - - ; Update the EIP value to skip over the now handled CPUID instruction - ; (the CPUID instruction has a length of 2) - add word [esp], CPUID_INSN_LEN - iret - -ALIGN 2 - -Idtr: - dw IDT_END - IDT_BASE - 1 ; Limit - dd ADDR_OF(IDT_BASE) ; Base - -IdtrClear: - dw 0 ; Limit - dd 0 ; Base - -ALIGN 16 - -; -; The Interrupt Descriptor Table (IDT) -; This will be used to determine if SEV-ES is enabled. Upon execution -; of the CPUID instruction, a VMM Communication Exception will occur. -; This will tell us if SEV-ES is enabled. We can use the current value -; of the GHCB MSR to determine the SEV attributes. -; -IDT_BASE: -; -; Vectors 0 - 28 (No handlers) -; -%rep 29 - dw 0 ; Offset low bits 15..0 - dw 0x10 ; Selector - db 0 ; Reserved - db 0x8E ; Gate Type (IA32_IDT_GAT= E_TYPE_INTERRUPT_32) - dw 0 ; Offset high bits 31..16 -%endrep -; -; Vector 29 (VMM Communication Exception) -; - dw (ADDR_OF(SevEsIdtVmmComm) & 0xffff) ; Offset low bits 15..0 - dw 0x10 ; Selector - db 0 ; Reserved - db 0x8E ; Gate Type (IA32_IDT_GAT= E_TYPE_INTERRUPT_32) - dw (ADDR_OF(SevEsIdtVmmComm) >> 16) ; Offset high bits 31..16 -; -; Vectors 30 - 31 (No handlers) -; -%rep 2 - dw 0 ; Offset low bits 15..0 - dw 0x10 ; Selector - db 0 ; Reserved - db 0x8E ; Gate Type (IA32_IDT_GAT= E_TYPE_INTERRUPT_32) - dw 0 ; Offset high bits 31..16 -%endrep -IDT_END: diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 5fbacaed5f9d..8a3269cfc212 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -77,6 +77,7 @@ %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) %include "Ia32/Flat32ToFlat64.asm" +%include "Ia32/AmdSev.asm" %include "Ia32/PageTables64.asm" %endif =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77191): https://edk2.groups.io/g/devel/message/77191 Mute This Topic: https://groups.io/mt/83850700/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77190+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77190+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902219534766.4475742176245; Mon, 28 Jun 2021 10:43:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Ps5sYY1788612xEBBHFQaUgr; Mon, 28 Jun 2021 10:43:39 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ebKyxN2WswCZ6Z9s/GYt6K0RVlM3fuDXj5/koQokwSaxztwNS2UFPo0SMY8rDpOkZClo+XSXw+CG0pf3RHlXkmlaMxOWofSjbF95ZJC88Q9D0BRxraW8s6eZ3aFjELsZy1ak/7ooFNjxtuAFpY4OdC/5AKniv8Jt8kquvF0+9gNXQqloAZfnUNQnMHc+evH+oM140FtFfcZt9aexFH+02ALEjleNEZGQUjzlDnietqO8VJ6mQJz6Qx4RkxyXHy4mJD6paQR8qp5xgQvuTMGD0xe82BSxd6moDdRFEr9RaoYTxo7H5PvFuHtZMrR/mQdMNRXfGtMgqDY6UV3LdoN+zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XuGDdo4nRtiKIJMh6twLe345MbLMT6z5nHDI0aQkPNo=; b=VHW3DiwjlKqlrHL9GHhINBr9vEhXa4V9wBROJAwc3HCatEYkN22GnIDv1CSRbfOXT4EqeQqKHyukPqpZK4Sr7HpqEtq81PhWjNNAm0q5YMIw+coLyi8DmRcPBW0vf/n/F/k1Bl6d8aMr2Ukj9f1dBG8JCYwRZD+zNx6R57klBMWKKhuvfoMEqCpptNZFDY3RnFpjlUYfsI1lgEgrdtVnulEp/5bPfMY2ShZ6o5EbEb0O3zMEdITl10EmL11y4KiSEakWfVoQjOREyVa2O9loHnMm1kyPdp8K7Yq7F0OXCE+/yVCa0RaJVqk0T9kEpN4Gsyao+V4tI5JwpjuQnBU66g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:23 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:23 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 02/27] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT Date: Mon, 28 Jun 2021 12:41:58 -0500 Message-ID: <20210628174223.1302-3-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0b0cea32-1bec-4174-76af-08d93a5c39ac X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: QCylDxgFaUO0v3tP1AHwvfv6NfBRXfOZirkvubbqnqcy4HhIBSbMjmarlw9nDUDd2HpLgGmOy4gZ8XMbO463apfgjnu63fEl1inJg3FV87pXPZwA6Pn2FVaUdzosdylpo76441qTcSsSszkEqK+tbVVzEsh8Ngp2Jw56BbN6FHmkjm6MkC8/pxpcCLrTy408TW/c7kA7tHiex7KLnxAr/FFWYmt3yD27Cr5hqV6TgMApR5qmj6+nLyvH9Cqhg6Xy+gpsc61q46FnTeautdQvT30GHg4CEUdKwPsaZYwA3pXyLPUlYMFhVFW2SoccQ/ZYxw0OmUoA32XRoS1QpykkbvORByyiWZHQ4lCWJZcswECfT3DeWs1aviwiksjQTadk2dC+3+UB6uhsvJEB/Unb4Brb3Kd54aiUD2ZY3btSqt5vtIXfXMHH1MsQinmBe45zmoj1X0GbTWEuf3wy51HpbfqlZAHOIgOsDtnrDcS3Z85OYg3PN+FYiJMsbX6DNolog3U3JS1F26nXHTn1FFpB/UBpTJ9vLzSz1SW0pKv/W/TCX4zUe4vnazI/wI0dWHV+DujhI/pOsdI3XQ+7aWsAF4vIcBbRlRkZO+nmijKe8yOIvrdbDWOm1AqHViy4BQ8tnrwWg/LWl09SDw0BM4Ldybtq24n+b0nbwtdktmrrQvmZgNdtvsMsAFkVECQzuio/YEwjsbGGAWSljWpoTLmB4c/Skr2jP0LB7GgaxqPTLvrsYSfxMCzC+CQDiohyP9F3rnbGdZG4czagFOKJ0pN5QJit5n3jXYuEWqu98yP17laFJesXTHbv5hmZu3h3g2HZuoflH27tBOF1Ba0q+Dan5w== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?uMGuvm22qFRKtDIF76neu6gR82e71a299HoDyYjUu2c+02/FzC5PVP9PUFiX?= =?us-ascii?Q?ur03BzcLf3L6ItdiwGTV/kszVTwkJe+e8LZyj9XOQHZl2OhDRkdf/euX9VzD?= =?us-ascii?Q?N3RBZH+jva60fCy/27O75q3YNygUK9EbivJQGhzsvaN24VQlN4x78JnRH6gO?= =?us-ascii?Q?07nu7Q04yzq8ydV2Zplo3qh4juMwQ7Doc5iZJfHdTMvns7rgGcVIiEi1gmRm?= =?us-ascii?Q?6SLWjiuG0AETqdP2iDiJkNOubr44d/XYI7s7XPXBgIeJUX2wjSoa3vxaeI/3?= =?us-ascii?Q?LHYnkQcjTPIB6cFMPD7bfl1Mc/aF9oqM2IAt517n/pCqkvS/obal6MyyFTa3?= =?us-ascii?Q?oULe6SwZUsydD4mdiHIk+GMNvHiRn/7ZhJMsh1qYeEjFWbuFvJL5nNMAcZD9?= =?us-ascii?Q?Vwip3G6Zutbxbqg+Ny4gL5/ujtuMCDsx5Zu1XGw7bE6kj+FveeywiFHaFaas?= =?us-ascii?Q?Xbx62d5Be2bGpEcs61YthQ77hR7ygyx0EOwL8pryiJnnDi0ndBrWa6opaul/?= =?us-ascii?Q?NWItd78bF8GNyo/7I3kOs7VUJGqbbhVK4vPkuKubv17BMi4zaZQoZYlhbQ5o?= =?us-ascii?Q?Jg8y9WlW7J+2r74QOqy5DrBssLV8m38D6+zb/UtKcW3lASk8nL8dljmWxNn5?= =?us-ascii?Q?jbyI+W7EbFsv8riugKsoNlftPNVGrDVg25LZj7wEoBNfVUAxtvM/Ojdrg3mt?= =?us-ascii?Q?1HeEZ53rAf66f4K8bOOZFSKzGgHYv8N6djsw9i00F8qBJpBT8aBw0B3B05n/?= =?us-ascii?Q?wPTRNlAF6sQ/Kx0E4ykT0LdrCYkIlVtZ7xSGp3jxAC6vFb0esvF8s3c70zau?= =?us-ascii?Q?GdDP07Z+b2LnHRkskgD9INtRPj+EBQZKIXQrfWA/+ZeEFuDrnFUH9yUj6NvA?= =?us-ascii?Q?bBpq0RZPJrLU0aFF/wTGUmXNjouOjIwSKqlYmnNMNiNtdlvRMiFFfjRIgMjD?= =?us-ascii?Q?aoe/nX2BzhZAauPat2bzsOf9B5XsOO5QNyumhWcTXV8AYa6535VE/phmyrIR?= =?us-ascii?Q?1FvLlkPav3OYUWnwf1VZNp+FTwc0TfObyHIAy20aHRRwYuRfwdkXAxKEib65?= =?us-ascii?Q?A1Qxk2kC+E5sQN7hSnEXXKSyA7XqHfSUR29R5HLo9Bsm3qhMiWJ9ZF2Djdqa?= =?us-ascii?Q?olEP3/u8FuMR4urE0QCi9sVzgCFA6QFk4kAbQc9uE6MkamocrirWVE0TvVvg?= =?us-ascii?Q?hPfxkeyeRwE7E3eTnvS1OkNXF93m1Ej4l6NlsQBwg7GioP4pi0349H7CiRjE?= =?us-ascii?Q?GRn/oYItcB2c//K5jy2QMovOpfrqgKANWrTTuv6H+nnfbw0o3vaBHvY8DC5b?= =?us-ascii?Q?rBNZ3dDn4SvGhmxNoO+RwSDz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0b0cea32-1bec-4174-76af-08d93a5c39ac X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:23.0111 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: d0UROF0Tp9d1EioEEcLs5ucMjvgWgmbuFyH9VytHw89SkigrE1l9H/vg9QFsDHBTicCW6XUpWsCv4VafbAplNw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: FAZIjOCSeqRyPTkj6FUuftS1x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902219; bh=lMsTmYqVmDPsHhZSOP8eJq4WceRVWgarfI9K+4oYveA=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=cxTubz5FhDph1uFijKgU+NFGlsQ5a4e7dbl41U7KRPZvdAyGog3EUR00+/o+MMfLI0n AtGm1sanq0JGet6HylIxN8IHkzTdJqhUbxuCGY/6q4Q0I1ys1w6ZngmmtT7eBCUAxU4md aS2bCGede4FaSXhR1trtJ85tEie2mD3u18I= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional MSR protocol based VMGEXIT's. Add a macro that wraps the common setup and response validation logic in one place to keep the code readable. While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS MSR instead of open coding it. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 69 +++++++++++++++++++---------- 1 file changed, 45 insertions(+), 24 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index b32dd3b5d656..c3b4e16bf681 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -35,6 +35,42 @@ BITS 32 %define GHCB_CPUID_REGISTER_SHIFT 30 %define CPUID_INSN_LEN 2 =20 +%define SEV_STATUS_MSR 0xc0010130 + +; Macro is used to issue the MSR protocol based VMGEXIT. The caller is +; responsible to populate values in the EDX:EAX registers. After the vmmca= ll +; returns, it verifies that the response code matches with the expected +; code. If it does not match then terminate the guest. The result of reque= st +; is returned in the EDX:EAX. +; +; args 1:Request code, 2: Response code +%macro VmgExit 2 + ; + ; Add request code: + ; GHCB_MSR[11:0] =3D Request code + or eax, %1 + + mov ecx, SEV_STATUS_MSR + wrmsr + + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + mov ecx, SEV_STATUS_MSR + rdmsr + + ; + ; Verify the reponse code, if it does not match then request to termin= ate + ; GHCB_MSR[11:0] =3D Response code + mov ecx, eax + and ecx, 0xfff + cmp ecx, %2 + jne SevEsUnexpectedRespTerminate +%endmacro =20 ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; @@ -85,7 +121,7 @@ CheckSevFeatures: =20 ; Check if SEV memory encryption is enabled ; MSR_0xC0010131 - Bit 0 (SEV enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 0 jnc NoSev @@ -100,7 +136,7 @@ CheckSevFeatures: =20 ; Check if SEV-ES is enabled ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 1 jnc GetSevEncBit @@ -197,10 +233,10 @@ SevEsIdtNotCpuid: mov eax, 1 jmp SevEsIdtTerminate =20 -SevEsIdtNoCpuidResponse: +SevEsUnexpectedRespTerminate: ; ; Use VMGEXIT to request termination. - ; 2 - GHCB_CPUID_RESPONSE not received + ; 2 - Unexpected Response is received ; mov eax, 2 =20 @@ -216,7 +252,7 @@ SevEsIdtTerminate: shl eax, 16 or eax, 0x1100 xor edx, edx - mov ecx, 0xc0010130 + mov ecx, SEV_STATUS_MSR wrmsr ; ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it @@ -276,7 +312,7 @@ SevEsIdtVmmComm: mov [esp + VC_CPUID_REQUEST_REGISTER], eax =20 ; Save current GHCB MSR value - mov ecx, 0xc0010130 + mov ecx, SEV_STATUS_MSR rdmsr mov [esp + VC_GHCB_MSR_EAX], eax mov [esp + VC_GHCB_MSR_EDX], edx @@ -293,31 +329,16 @@ NextReg: jge VmmDone =20 shl eax, GHCB_CPUID_REGISTER_SHIFT - or eax, GHCB_CPUID_REQUEST mov edx, [esp + VC_CPUID_FUNCTION] - mov ecx, 0xc0010130 - wrmsr =20 - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 + VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE =20 ; - ; Read GHCB MSR + ; Response GHCB MSR ; GHCB_MSR[63:32] =3D CPUID register value ; GHCB_MSR[31:30] =3D CPUID register ; GHCB_MSR[11:0] =3D CPUID response protocol ; - mov ecx, 0xc0010130 - rdmsr - mov ecx, eax - and ecx, 0xfff - cmp ecx, GHCB_CPUID_RESPONSE - jne SevEsIdtNoCpuidResponse =20 ; Save returned value shr eax, GHCB_CPUID_REGISTER_SHIFT @@ -335,7 +356,7 @@ VmmDone: ; mov eax, [esp + VC_GHCB_MSR_EAX] mov edx, [esp + VC_GHCB_MSR_EDX] - mov ecx, 0xc0010130 + mov ecx, SEV_STATUS_MSR wrmsr =20 mov eax, [esp + VC_CPUID_RESULT_EAX] --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77190): https://edk2.groups.io/g/devel/message/77190 Mute This Topic: https://groups.io/mt/83850699/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77188+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77188+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902208489123.34820867107874; Mon, 28 Jun 2021 10:43:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 09qrYY1788612x3Zp6cJWSvJ; Mon, 28 Jun 2021 10:43:27 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.61]) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:27 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jdFnHbzuPj7+CvbesHdS5DUK7mkzhlCJ4oFfIRjIgaWLcmRiBmGb3a9FqaAMNOiSks+1Nb+ce/AVjQhSufTTserRXZHMxqnj7ITcqAvOCb+XWXXFpvF9jJHoaBiJtkE/E+MMBN3Gmce9x7Fb/vrni96bW7cPUII4AufA1AJToTxDeftMOaooAkcEv/n2StiA+NnppgB+LCNG/jEB9BNhIyCh6bUE40tlIyHsubnay6mYZWunMecqQTJuIJdYx+jjbXUPPWqbDv6l76LngakzMxb8knq7/ADfTEh6yOAMUTgCfIrLQmVszexV+HimlURkRFKjRofCXduJ+5Om9aF/sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ieoGfIdjnHdG3XottkUrhN9keTS18s+KBSorU/QpvCk=; b=DOXpsp8kJrEvliRGicNOwCYS5Cw5KyP5VCyl/N7ggTtU80VZ6iMB2oH8zRbmbhU8NjJ6o4ylwGd0pnybS4z/X1viDCkPYakduxGgM/pyKMU79KFJjFBMTSXDLYhgQvJmFzFm0kCI32+4wo15VIlTPt+Ji1PQSITdlb5gu+R/fVjSuGrVqQO0fKfL0Wd/SWXQ+rSnGNJp9i7qvk42CTAFTNcUBdCvznQEiGNMJR3e6QbECjyMGuRwXqL6ySv7zzYh1PbQa7PqCEelNS6+q1zxNvr8UzNrZeKMGeh65XLmH41BSS0Ajbd07nToJ29If5IoRmSnzW4KBvli9PY9Ju1Aug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:24 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:24 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 03/27] OvmfPkg/ResetVector: add the macro to request guest termination Date: Mon, 28 Jun 2021 12:41:59 -0500 Message-ID: <20210628174223.1302-4-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a8d9ce7c-98f8-418d-7b85-08d93a5c3a6a X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: MRX2nyEgdtERjfjdr9egFSnozcC3FfdA2jFqrZDNKQ3YnlJKNuV7CWrmbX3kg+JjRuE8gCrKqR9Gl4ye/mM/MH5NP7I2lZMzaWSL9r5YU7E+M4soyLwo+sE5pn3RX/YnKTm0u0R+tUW/PX+Xd4oDyd0DVm0b5rOsuNcTcy3/c7ZCFZP9cpEVmdxV6lWqViftxS27W6xUktAG/KBztO00vh2boWSXoBXSFOxGyilV+Y4mQfZEoG8ed44AClUqalWJdpPziz5VE8BiEp5H7TpkMHDBn0xoyXd9oyI5995hVHC69hinUICXPSBTZG91L5FMwbJfdxmxQ/vtSMYXIG74JwvkzA0QeuOFG1rJgC5yhp0KXY/N/iLfWTMzyuhR6SVS/jb4kfycDjL7MblZSAqB0kOt+x3pmDck2e16EWPSA/P/PumIo7myT7zTV6ymioBdeOL/5zeMCJIBa2CZId29a3xjA3l1r7QM0dvOGOhe2mTK+PqB3mqIFVeumaT7MxWy/WWWNVJZPomBtIuZFJGrKvFTEGu2BROt9RhKHUDBYhAxKxH56A7bJM+QPiOh3D/PP0ri+NpO1HQb5w5O+VaxSd16wwbIQgW+sl0vxpdOvz2z023bqep00GcsM7VmmCHT4WGY2CIk6Q1J6kC44/Kisbg8c8mC2iAujtKMEaeaxE+/d/24lmn5wkMTzYGOFoISwor9yaYQOBkM8S2P0pNHyh7Cm7mv+U799Sw5Pr338c6kJWWY6VUhfwvbgFlbtTrObBX/6YCnqDHb8sG8cZmVB9k/S5j2VexrS/+zJkwOo6IvQfXq23kP2XWxM1DTx7xdxCr//JtPv+qLLk9DIk59wg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?fucTO7Rajw9rc/NUXQKxCQqk4ahFzYWGZV6sGlxjNQKzxdS22RLNdCAjoAPA?= =?us-ascii?Q?p3+m/faQDRuW9KyunzBknNB8CBlBrY2nshAbkBjNN3TSo2/zqsMVMJL1CNw/?= =?us-ascii?Q?SIMfOWB02ZROSDT/EbhuiAx4ETmHARtfZdfeau5LLk5D/mUfc+XUoLAawXwz?= =?us-ascii?Q?ypEvxMiFtuprTTSK6Z90gOai5dK+vAgG+5cDFaACrn11hDcIwJLl75d5NuAt?= =?us-ascii?Q?7UWJupsaguFE1/rdGxvvKhdAcYoUZU6jY+h4NNCusuC5isyTmzVXBCRLLBDk?= =?us-ascii?Q?Q5GIvGF9naPmlEVhQEr1XR2wS+PAPhCd6iIF98942hqe3xziFbmhV+Jjhjf3?= =?us-ascii?Q?fNgcg9KWMEII4CkZJILo8wQTHv7CluclKKDCLdBMDSP5gMlJYHaFZRfs9/ct?= =?us-ascii?Q?aVqs+sluuL8wkOd0GU1+gtm+eTQG4Htj++YKM0E2A5cGLJFahfEXuWIgoWNn?= =?us-ascii?Q?xzcpWRTbh7ZzHa5l+QFNSD3t35dWzXdRRDB1zEiTMX/FFAV8llDL8Sp8JGSY?= =?us-ascii?Q?XGs1T4xrPxM79XszLPJaHaxBbq3m4/6s82vGHeLushnK1RsEWL47FxqwrfYE?= =?us-ascii?Q?K+UWCRYmhHOVEpUqc+nbMbNheq8SBRMGF3GZSEmAY4T6zw+wwCq9GcZLTVnm?= =?us-ascii?Q?+RuQQqaspciRBD7XwcF8IScOBUJINg0hY/alsK3KPcyKAJocJmLtwbpLLgkx?= =?us-ascii?Q?/qRQqsy+CnR5F47mAGWo6OI97qzkGVOUph/bGGfTN6iWye6UfuEF8CQYZSMe?= =?us-ascii?Q?Rm3pBGEswcim6h94L6AA+5YY8AMO6y1vc3Qgde5U6g9erjtv/pkkzMk6P9nE?= =?us-ascii?Q?TwG0lt8gOjtIMOH7mpxcnlqS+baIJ7wFT4Xn1UC4gnAIMJyzY4kicsIoQL8W?= =?us-ascii?Q?RbXKjqjId8k1SimLi01erW0/wmCxGQhRjlg8r9il8Zfztvtfd8LW8xOQXMxz?= =?us-ascii?Q?7lmWVix5VBwYN11Z7Y6HATLE6SQZHeCEwBETehcYwMP2WS1g/QVU1iigbynN?= =?us-ascii?Q?9JySVahBNiejTAwOzJUdOKFZiXJ1rRtkafyPpV3uWWQib2eMfAZD0e/T+tCJ?= =?us-ascii?Q?CkRYY5UhoxVhjuNNHT4IILtr5kcj31CTsgHl/irXkl6qO+m5BhiRK2rXMbW6?= =?us-ascii?Q?wft7cwO/cTuiJfIkwCa1WnobMQHCm888Fs+1CjzVqsJh3FZL7NsISBqkB7gv?= =?us-ascii?Q?77NPDmJ6B34PXudIyXWKLUOymaeIlbdSRst53SAHzrXDG8ozm9cZs6tdhCwz?= =?us-ascii?Q?BhyKnFTY7d04xiizLHEY/MxugMBoAIkG/uTCgpVuGFamo6IzZnxO167ttlVg?= =?us-ascii?Q?tcvfzUO2MyvLmQ2QpdfaSn3Z?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a8d9ce7c-98f8-418d-7b85-08d93a5c3a6a X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:24.2614 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7dhfhZbDeCey6bj5ComOYbFcchG86tFEPNZxQihg2bHOv3w+2QSmr7bSt62UdsQlMFqau8Ta2LeYWJeA6Oa8Sg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: nKKGEjOvuXQU1UpoYZyS9dLPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902207; bh=4HEPeO0sQ68pOzcVRlFttkZYGDYcHOjCXwGM9BkVk9Y=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=SnvpgZqhUVAkP+2/22DhN9wnh6EXYuan3vBx5Z0XcRm1grODwafw15ZIN3H+xuLUEyt chPQF098GkugEWsrVKXRpjpnNQlU41k35eFunY9Y9ypEzYKZ7a3eLur+hUw6l3eVDlP59 PAaXTupVlBK4O8PDNiDCpMUoyZNDFF2FjKI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional guest termination requests depending on the failure type. Let's move the logic to request the guest termination into a macro to keep the code readable. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 87 +++++++++++++++-------------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index c3b4e16bf681..7465f7086449 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -37,6 +37,13 @@ BITS 32 =20 %define SEV_STATUS_MSR 0xc0010130 =20 +; The #VC was not for CPUID +%define TERM_VC_NOT_CPUID 1 + +; The unexpected response code +%define TERM_UNEXPECTED_RESP_CODE 2 + + ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll ; returns, it verifies that the response code matches with the expected @@ -72,6 +79,43 @@ BITS 32 jne SevEsUnexpectedRespTerminate %endmacro =20 +; Macro to terminate the guest using the VMGEXIT. +; arg 1: reason code +%macro TerminateVmgExit 1 + mov eax, %1 + ; + ; Use VMGEXIT to request termination. At this point the reason code is + ; located in EAX, so shift it left 16 bits to the proper location. + ; + ; EAX[11:0] =3D> 0x100 - request termination + ; EAX[15:12] =3D> 0x1 - OVMF + ; EAX[23:16] =3D> 0xXX - REASON CODE + ; + shl eax, 16 + or eax, 0x1100 + xor edx, edx + mov ecx, SEV_STATUS_MSR + wrmsr + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; We shouldn't come back from the VMGEXIT, but if we do, just loop. + ; +%%TerminateHlt: + hlt + jmp %%TerminateHlt +%endmacro + +; Terminate the guest due to unexpected response code. +SevEsUnexpectedRespTerminate: + TerminateVmgExit TERM_UNEXPECTED_RESP_CODE + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -226,48 +270,7 @@ SevEsDisabled: ; =20 SevEsIdtNotCpuid: - ; - ; Use VMGEXIT to request termination. - ; 1 - #VC was not for CPUID - ; - mov eax, 1 - jmp SevEsIdtTerminate - -SevEsUnexpectedRespTerminate: - ; - ; Use VMGEXIT to request termination. - ; 2 - Unexpected Response is received - ; - mov eax, 2 - -SevEsIdtTerminate: - ; - ; Use VMGEXIT to request termination. At this point the reason code is - ; located in EAX, so shift it left 16 bits to the proper location. - ; - ; EAX[11:0] =3D> 0x100 - request termination - ; EAX[15:12] =3D> 0x1 - OVMF - ; EAX[23:16] =3D> 0xXX - REASON CODE - ; - shl eax, 16 - or eax, 0x1100 - xor edx, edx - mov ecx, SEV_STATUS_MSR - wrmsr - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 - - ; - ; We shouldn't come back from the VMGEXIT, but if we do, just loop. - ; -SevEsIdtHlt: - hlt - jmp SevEsIdtHlt + TerminateVmgExit TERM_VC_NOT_CPUID iret =20 ; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77188): https://edk2.groups.io/g/devel/message/77188 Mute This Topic: https://groups.io/mt/83850697/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77189+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77189+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16249022184171003.9961622206888; Mon, 28 Jun 2021 10:43:38 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id nYQUYY1788612xj1BxH0ULIn; Mon, 28 Jun 2021 10:43:38 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:27 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=el8yTFUcBfPzpVtNgKvwkLBCVRKQNnz6Qa68B94VXb0W+e5nyrMjqKJ/ZbzvFrNWgL8YlqZ2CRQk/i1a1sfI7wrGSNOMBxZw8RfOzt9jYzok1gK15onQ0VgoEh/3HECIQ5l0WnqWSRITjTz/hgmqae9Gv5nuUvpNlFyya8PMj9UjpvbShCFGp1g2CLn5Af8VUpgPXjeTv7xFheoWlx13jO58+XEi1r7nF6e5oY+uyEHtaeM9LiSHf2ojKjsj9QlMAUW0BLI3XXUooaMRcKRi5rVcUHs4qfYY2+Ij2a3NACy7YngOWzfQ88kX/19Xmx0EqzKSd/xZuklV2qD/PPSL5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DwI0k7bbuQTBk5WMJRFb3b6AcIO8XigRDcbmGemQzjE=; b=D8GKn2fQec0a/6wMiX/vbs1Eqjqw5HYTbcFpLSj8VULF0SOCKIvFyBngZegW80QiDs8mBpDesn7NILY8XegG6HiwEhgQSQFr7xdLiSe+4O4vXDJHk1omuhq1M5s2Fs6O54cfIHPebBYP2XpWes9zSY+PgBbwuYSd1iuTcFvCQdtznDV7t80A4eHJzSy7EvmIlBqv7TqcS+WPEK3/XmCoiuOP49Vn52d8T8krall6wduZSNZl7TY8jrxqpiIb7bEe+RcKoJ8cCeQOFJc/cmvJkRYPRAuCCrPEbTZ1zQKrr91hcGxEOT6N4o8R5UHyDlmOBhyXzJUvA9oLgP6mZlbZmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:25 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:25 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 04/27] OvmfPkg: reserve SNP secrets page Date: Mon, 28 Jun 2021 12:42:00 -0500 Message-ID: <20210628174223.1302-5-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:24 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e54a1557-d5b7-42c6-c4ef-08d93a5c3b35 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: lgApbdSg0t5B4d3kKIMuxgMgSl20nxmjJfEgPDn9K7w8jg9gpYj+LNDOoc3u5KiXBcPFV1ETWEsXo5Jq3GKcgru1V/yWhCOP1UAS/om+Hpsm4vb4kj5zdyRxxMW42r3T51D6RLdZuV7oTVk4EyAw7Gv+MKUWj3lpb051PY20y5ykkRP7JhabR7CKxtl5NmvSXUWlmACHLLD7T13cA2QYjaR8nlOAU02uapY4lS80EYA6Bd2xocv9jmHQZa063AklUy8rivj5mie2XqpHsobWggCcPU1lfZ8N+p8TzTBQ+6ZzMFtMA6Emz+exObLvlDDAfjvhLpLLrMxCyRi86ds84zD62VhEwDnnW5smpgCDewBp2wQMDTaNuuuskq/rx+eEDznxp8kA0UAmZ+0t93wZBUcICs651a0QsHpCFS2U7fnNcWWpiQEFwYIv7Eum9XSCxNY7yVKJehpLyGakugRjV1qnaF+KmFbKR0NbhFtpL9LYtDwvg3iiCNoRJLXDrRHKUArJ16T4Vz2JGSLg/lKmftNoz4JJZ3cO7LLwvZLiXFFnXPks3hn8yQgW4lXbTtvL/MbaoFTGYZiUEjtw55e5247B9zKV10wfa3ivujEBjuN9dGkn8cPN63K4w7RaMg7xLlQ/NUEjtCFfQm0coCK9FkpoSFi8t3T9ZOea47haGdxCH1N8k5n0v6PZmXq1c2j7TskZNrlt0+9A8LjxyKgfqqRpgQdK56m0IJtjhtXtxgzwwPOA8UNWDGVjRPo7IcbKtXSCdlquW8Vg/841ElY3HI4qMr4M4MMsixX+0IkJmiGz3uXn53i4+IuA7WNfu3nRYpDObc0jVwgYXWyezDbX+w== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?yYAxDrZDH5lvnEpDgkH64upV7manFwyjKI61jKL6TpmIYFfbdz3z1EHWVrPm?= =?us-ascii?Q?9X8Fi95vv2Kz7R5yq+yURYw5Tui7qaPhlvLivue+RhHShrh3YrEKa6PDGjYC?= =?us-ascii?Q?P0JlQWLT6alI4kZOoRefcdkekb9fA+qySlg/w1r02iXgwuYeTZlJXxGlBD7O?= =?us-ascii?Q?BsQoKTagjxME/uPbACT+rXC9JKeJ4LyIW0F3JTZMqsQVHspqZ6OR76TQIEZK?= =?us-ascii?Q?u2rAVgvsFDsJgoHOadzgYag56xrh7YcNQJhsfyun06FrLPV/0iEJtdrZlpuz?= =?us-ascii?Q?3zusg1ykm4TrMNY17b0fPB/tph9a1LgHBUmEC2TkF5tWgZB6P+Dz5jW9yTxC?= =?us-ascii?Q?/n4BqeQ5xKjRXdAnRRFXr8+0lMmaEjkVtZnPjhYWwUKwfl+/OTWHF8h+tVUj?= =?us-ascii?Q?mdjtaRhiCqzgGP7K+S00KREYJhXaiZC/xTIGLUnLhXTUwifQ7uqMArrW+3C9?= =?us-ascii?Q?pkvIAYsJk4EJfIK6twbHrohKG6r40qlQzDFD1Zv0K5zh5k9ka1WgqXJoAkCi?= =?us-ascii?Q?/A2dzMayqtNIVXCdJEAMKBN+JDEJg6SBKk+LI4L5jLfMYV9aIiokytHcPgbc?= =?us-ascii?Q?cTUWNnACEfMfSl7gPJaMZMkuBVGzATjb4i394qZ6qOX9UwPONObRPGT97ush?= =?us-ascii?Q?svSVytuiY8OuC7zJqDyybcQ6WD0rwbte0qErAymwKlsHbgP45jYigGIVJcHd?= =?us-ascii?Q?Z0CcUGKugQcJyNiO7WmkQFPJ+Q/72VU5ANGfkMWmhGyDhe5ixWh19p1ZXxKE?= =?us-ascii?Q?R6fKx5mePPe1HStV+FWOPOuuPyLEuM2qwx/SmR6beqiubjYUboa5RiSA6I57?= =?us-ascii?Q?jFRG6VWgAG4boXKcJcggwRZlU2kV3nr2fMWVGtfTJjnxXo6wrL6GohgW+RBs?= =?us-ascii?Q?sYNvnpBOB1BLltJSCSPA++JOHoLJxmHcRFMkCEE2mFsoDBcpHqoUuzzcIthW?= =?us-ascii?Q?S2MrlfFYvTGhiauOl1MyULSLSp153CINryDQv+yy8NAPlRTy1jQ1CVoqlJk1?= =?us-ascii?Q?CI99Wma3EDE7/c/lp+poj1A1lYFCA2eHyVZCB3JwjFn4NrYpKyVURyBP0WTu?= =?us-ascii?Q?TwXBB8TC2u8AoG8SkmaqC7C/HNf2/RcdqRruiOqRFJh2OW3irck9aIc0VDix?= =?us-ascii?Q?w6Ax6kUs28KauvLF3BtFPuXDdg+zO+vsaQW7fyrXG93tXXFmVbvW8QglCkas?= =?us-ascii?Q?Gd9FrsJjlYNrCJQ2bgVkDebmBy8Q9jAM/tYEpGY7tuz5RUGKlAbNeOw3jg2y?= =?us-ascii?Q?AxmSExeAifnzP//ngMGvCLTr6VFhm+CyRdb/PqwREhwBA+2JiwvLQL4TurYd?= =?us-ascii?Q?FlgBMQiG557G56djrdGXGv1k?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e54a1557-d5b7-42c6-c4ef-08d93a5c3b35 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:25.6136 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4lLKlW0R9k9iRTYvqbCAPStez90Se/yIm0NXPxIvDnpMCJFMf6sSEBjzhGiB01o66J6kLx1FKNjk+2fPViZBYw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: HEmsNFIY9JBullQ9h7IMa2Ggx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902218; bh=19PSXfPZ4eWlyeqDv5FoxCq8UHAB1BooFiWPJX9OzuQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=ap7v2rTcWgcC/0IszKrSjZHcEyhOYY25zgJKRNC7oerC4JktxsJDGKeGaA1Hdmmhe4O R+QnIh3C4SgV7yY8N02e7jclxoYtMKO3ujjmJcyELMlB68v6k0S93YZosWuNut4eNgZ0v uMAZOTLL5sxHisBrpr+EAJzmFgMi+sHdn88= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 During the SNP guest launch sequence, a special secrets page needs to be inserted by the VMM. The PSP will populate the page; it will contain the VM Platform Communication Key (VMPCKs) used by the guest to send and receive secure messages to the PSP. The purpose of the secrets page in the SEV-SNP is different from the one used in SEV guests. In SEV, the secrets page contains the guest owner's private data after the remote attestation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 7 +++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ 2 files changed, 10 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6ae733f6e39f..106a368ec975 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -321,6 +321,13 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 =20 + ## The base address and size of the SEV-SNP Secrets Area that contains + # the VM platform communication key used to send and recieve the + # messages to the PSP. If this is set in the .fdf, the platform + # is responsible to reserve this area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 5fa8c0895808..902c6a4e9ea1 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ [FD.MEMFD] 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77189): https://edk2.groups.io/g/devel/message/77189 Mute This Topic: https://groups.io/mt/83850698/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77192+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77192+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162490221933928.957203084693333; Mon, 28 Jun 2021 10:43:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Uo5NYY1788612xxcVG8mpB3x; Mon, 28 Jun 2021 10:43:39 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:29 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HFV+1AxwICiGgikwxZLVLu51/FoXceICVHXBBNmk2cgDJPfyLVOfUr/P89tF1+tKqlt75qwJD2Nh+2eN86NtFoc0rsYDN1wT9CgdLnmOtJQW4GNQpddTPCi14N3T8wPp1UGBbr0ZTfpMvFHPKKGTuKDdhGo6QJErOORFo9WNJthsSV4/50qT63rd/dqw02rCUO+y4VvoIWCUf4t7v3pwPgy6JIlyYUDJyDBl3dq3bfBVk8ms7vwhXQ/ERPoj5+dNDyIot8G/WzGcmtnE97vgmd4nLe+W0S5VYc+WpmG+SQEE875cKnC3PP5Vy+XYo0ggq7Y40+dI58NdjvKRgUKrtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xVPCjq8ZN6ppI7DW/FpyKan0V0ikfo5VLzIJjxBKN2A=; b=E2zaVXtj2HviR0FHvNWMZ/46TzYaaHMLKQl+kHMmK7UwipGa3SruKKUAAY1PpCTpEmv9ppODwtYO3zOhfwgjtVcVeg5LOAQdc1rjiBtRqrH1nM7oUVOB/YS28sMxJDjgu3I6Z5J2xHTEgFOftGEZKNDIPPThY2S6cnnATuml/puZoQML5hypWFGonn3TLvTJIgV3UscPq5CVc2un2I1pXJ8oNuS8dGXV+tPiFVGf6FNHQhV6cdcszsp0vJJz2bi4Dc8MpeQJpeqGK62BCiyRJGQfc8VK786QB6okNF/Sora5Dcl5lxSOQbEtUmNKarrCaEqd5C0jADCjX48wpVL76Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:27 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:26 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 05/27] OvmfPkg: reserve CPUID page for SEV-SNP Date: Mon, 28 Jun 2021 12:42:01 -0500 Message-ID: <20210628174223.1302-6-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 29143d42-1099-4a86-76a1-08d93a5c3bfe X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: cCbNUcq9qD5iKiOYBIySCa480VZnku67nnzSrNuY+EoDfdfhImQVfd+M2HJL5KQsV+Nd4hSZAhZOZeAA8ytwHYUR+KcWlgy6gjXCcrMsMo7235xelgu7vIUDxw3x/oQw6nh9UpodU8UaqpGc7+naVnUc0+TT2gGsTk9YPQPVNNcP+5kFcFtKbj8159wH3lk9qzem4xle8JHydGk/mMA4opaC73YP4/s/pi02ELK3+qD+oSV8XcixsQzeOlY59zLeCpjdlpsmKcI+ckD4MgJoiB/W+26wdrJyx7KVZrifnAia53nrnqyDuYdCRZu/pPvtjLL0BzTgrVyolgHyZGuzhOUZ3FzBwB6siMwTRu8oke2EcxZ1l0gstJKxvPBcOL+k+xijBvlFNFMYxjuEgnwA2ZMx4ehM31IdR0mhd80RmcD6Kry18EMxz6UBJfi8reNxLVMbNGajhDiJxhE3bsR/QchUAx9h0tFGK1/XBSLTQO5qMI3DtTh4B/ITSdXPDvBfuw11cxt5Cjsfb7uLMRPLPmelpv01qRTP3yFRaJde9itGTmupZDExtko4FVJLFJjRa0EEiEERQFu0p4h6aFK99kfLVuigQpWJpZGbF2awyelyogQ7iuhkcnOlAFeqrZa+PYI1Ojp7toGyTAMSTATo7NS+XARrkMfezfbeMtuOl7JzpS1lKyAvn5eb/kJle/nDmVltVKCQ9lBWLD3nZovShTePtbwvwz0B/18KeHoqfcPWz1MPoPSGq9t21xIqZfrKXTm0XnPGFLzEEnjAa/hM7gsh5S8D+6U6+toqdlVfYO70gaoEB6Lrz7aJRlcXCT2vls6WEdeVw+p8oaLHZCgvig== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?8Ix+Ksy+VY4HxdmVGuoQKSmAe79H9lKS3YbphAaTxY9XJoejr75/KVqgag4V?= =?us-ascii?Q?Jw7yFzroPI3RI4s3JNnFbjiELxO+FfWPG6YHxiYmKw7aV9EDgN+bCP7EbBSO?= =?us-ascii?Q?JIp2O+LgR5UubHsQUKdSc+SPkcZzqQSlfDLw9aJC4Dt+koGmfh98Vwo+W1QV?= =?us-ascii?Q?EuVPHXl1A1cgXRewkCXEZw11+NxO74eX5MI9OG5NM68zu7P0SjAPeFTR0nf7?= =?us-ascii?Q?sPw34aDuhZr7HKGmHNjHZY9/GbiG92HWmGf7lOtzuzCUOqM78dWAwd9ltyFx?= =?us-ascii?Q?A1X2nsSF+8cnCfGdpJGX738+axmXq9UTRHlcQ4WJKkBAg5eROZuvdbdnRsmo?= =?us-ascii?Q?/gyMdp2xZgERAVjGX9nEQPHEbTu+A61tW6bHdEXD0HlJlkbeJfglxIceIYhY?= =?us-ascii?Q?3oYFKzC0uOLblmjqhUM1P6mtwAz54bjfOQdHiaN8dKabzBYNyMx6a/hroOkB?= =?us-ascii?Q?UaB/feZ0BsWsxSj4Vr9KnZJcuaq1Wvjk24UM18CfBYglya6sijHh/FnIjmQk?= =?us-ascii?Q?Nfzlvr0pZpbbP66oQtl0Y+rTIAertV0M/3Nujo2eWwHGgqI6fvd2tST95x40?= =?us-ascii?Q?HbeDgrbuNB6OOwmKJvXkNSgWGyf+yJM1NbkbHkpdGPr9iIBgDoF/7r9scZow?= =?us-ascii?Q?oXz6zElKCFiP0fNkWGKFih7sU2xVu3FOBcFeZuD2BjwIdVc9fFxhiHj8rfCB?= =?us-ascii?Q?hoNcVUsVBhPHt3syQZ6nmQ2uB8AzqQauDeajZFMNCsT+ZuYkS4/zDWHKVMhe?= =?us-ascii?Q?69itfOGw48Dbrf5NUZETNSIhKeN8waZkoPUFYRAcxEpb+8Wo1uusqDtqp+hB?= =?us-ascii?Q?/uXuPN+KvlqxEY9U6ARhTACmUbL8I6YIW7JDuFZfjuqCuNjDYbLnEf51HG4s?= =?us-ascii?Q?yHmguo5/OBNZW4uZaKj0zRPiRgZpbAGVeSpkA9WRbjNENhbFqWkfjtQ0ZRp9?= =?us-ascii?Q?sks/S5j3B5eVqOlQEZ8J+gZpw2eG1a8Lw/Thdd/QEPW/HvZ8s6yTlgn1Tif1?= =?us-ascii?Q?XnR8l0cciBuKTxQv88Jfjm6yy7Etl/D9TkW1aTKfABK8kbXH3RjJcpGjAQHe?= =?us-ascii?Q?G0iCr8Co/+lBRQuTU5G1ghtzl8DJARsqzhBH0JNAWAoJCPsbk0Ulpg4UnxKV?= =?us-ascii?Q?1mzE1A3wMnL3CojBdR33tLh3VA9+7UjUGxzLmymYawX2LfrGXnTm2KkRykA1?= =?us-ascii?Q?ryQSd7ZGYV8+r7XQJAMjfZVIMqRvS9ksM0aSayo96DihuShZ40JQ7QRwwoAd?= =?us-ascii?Q?1vcGdf7Dkx0ycINcurpSgLyiI6uEf7pA0mid7qiTYZujqjyb9ou/SJQuZ41E?= =?us-ascii?Q?Y9kLZ9DaaUZlJj8rpHntdwoj?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 29143d42-1099-4a86-76a1-08d93a5c3bfe X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:26.8909 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: R9k8V6dvpYN9R+bXzz3ctHN9ubfv0MeDfcLx+Eb2vDfsu5cewLqw9CH+3S5UuacXEIKsSlqmDBnpGEEWDNg7bw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: xMJFAFVNC29gDbW5cl6pubGLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902219; bh=2D/xHC8295RqH8euhcOo6ZVpRkotb/bk4L//KSdzNmc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=oHHzfA3ti9MiCI8zSaKrVKU3cfeZ1rTQq3TeahmmwPRN42rqUzU6BX6yk2Jg5dTo/MT vPQJIbfuG0tPSbbMO0iNRbvrcvQjB7GCs/6EKvWiJa60d/hRteZ3Ntl+Ns0d7T68FgPjS d2aztrqjJep0BHfUPso0ur3Ta62CH+1SPpw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Platform features and capabilities are traditionally discovered via the CPUID instruction. Hypervisors typically trap and emulate the CPUID instruction for a variety of reasons. There are some cases where incorrect CPUID information can potentially lead to a security issue. The SEV-SNP firmware provides a feature to filter the CPUID results through the PSP. The filtered CPUID values are saved on a special page for the guest to consume. Reserve a page in MEMFD that will contain the results of filtered CPUID values. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ 2 files changed, 9 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 106a368ec975..93f759534ade 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -328,6 +328,12 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48 =20 + ## The base address and size of the SEV-SNP CPUID Area that contains + # the PSP filtered CPUID results. If this is set in the .fdf, the + # platform is responsible to reserve this area from DXE phase overwrite= s. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x49 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x50 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 902c6a4e9ea1..3e257aaf72bd 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -91,6 +91,9 @@ [FD.MEMFD] 0x00D000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize =20 +0x00E000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfSnpCpuidSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77192): https://edk2.groups.io/g/devel/message/77192 Mute This Topic: https://groups.io/mt/83850702/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77193+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77193+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902220022387.49310633896937; Mon, 28 Jun 2021 10:43:40 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id NUeyYY1788612xrgX0htFXDr; Mon, 28 Jun 2021 10:43:39 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.83]) by mx.groups.io with SMTP id smtpd.web11.14798.1624902209456317478 for ; Mon, 28 Jun 2021 10:43:29 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PjPWT0jeJUsmxzDM6U0fIg2gk4GQMMrol6FwyyM0Ta9AfRUCl02jicbhTuq/ixklkVpierRtNu1YPR+mhItmbGVrMYiVeAlTsgx0AvCNEQa59g9T7GjItzIGZpG7PJO2VUrPAuGQPwWiXxIjeWhE/J08wOWML6XSsXHE/osFC09DvSF09ffSG1vYYYjYTDnXCqzkQoExB/sk7vQXiUnaSQ/XW/CkdiiVfB5QNyeQMrHr49Vm9aPVEifTuTJDGOUojAz2OfEU8THHfc3ucDCrpXveqEZPi9ZYXCuL1G2ATMbI7bqPLGNTdj+ov4wikrcagJpG7Tj7RzFFIk+598RHTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XMZgBd3Jh+HxouexIvwCfYStIy9Rx+WpDBJ4osztmWI=; b=LhOzMfGa4vogM6mMT/Z/HMX6lVO7eTkqe9b9RtoAyL6UbjhZQyPHERHtIM766wLg8pqd1eSaioZxh8Fv5NMerOpbzRWUs7d6xwGURkG9wKBUCWl7bBqyo+4CTCQHEmka0B5/6mLt020P0Gpzmg76y6zeJz3NKT1V2UuSPluBPDQEiqpE7htFWC+0PGFeBuU0v2ZHSJ8PRXuvTeDefT5jvCRWfwL3NjPn4mzM7ugFYWkTWShs1njpl+gK4aceHkv75+qcIpaIxQ1n9fesO8/8dAtGejt3mVyTgG70M7/Aq92siRN0r5VacPw8x1OhvnDHyiems2eGFzGBnFNGLesg9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:28 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:28 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 06/27] OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID Date: Mon, 28 Jun 2021 12:42:02 -0500 Message-ID: <20210628174223.1302-7-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ddd5b0f7-f55d-4419-36e9-08d93a5c3caf X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1728; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: ZScQtCxnP0SiqsSKlNvVgDg4td/7MhedfvfAqsfjjeB4oPno0y7QS9r/izGFSBL2UHVxmJQuz3RA7AIRNBZQc2Z5EPBef64cAi9tSwaKfKI5qgTUHkfh0fWLi/6THSnUSIGVBYVa/0JYCW7p85obi+UxTvwDHIxAbUadXykKOP19l2zNAJn2AA86YMQtQBsPHtMb/Y96oGn6nWFaQ81Jyr5LtcyuPIRA12vbd1bEKhvIcJZvES0Pa/oDn4u2A0miZs2/dX3EfXO9b82lFJ1bHvnd5pMI8hHxUVG5bD8XwG3zVjzFZorbuFrONtIi5BQnS8JJW6+U/JCgn2rpjS9FM5r5lTzVWwNavavwyuITYuMOqB10azsYhIhmqLijvWDwFsLKTDR0sOjXNztazQTI9xP8ksPt3s+G1EZGDf5X6zRaQCRwmlsBFiVRn2BHT9YrSAKjSglH7DU4Nni8m4xNCPWFyYye3XdvCsXUebU/vxmlrRkHUW45wIsMGvpwzrW9B/iJ1aFVQGd6bbp69tGZoWmsi5dwuqlFEHleoMme0JXVA642rrNje+YKLNUELyOuGtBJ3UUaCP9Qym6x4dO7svv2YT9BcXz9gdch0XrcLV2Sorx6gJ+I2lDAnMqtkYKNatHp6vjHqsnrMfvxe6np+CSm7OdrFFkPzACIszNa0OdxvhcXSQKK7bobwG/sJHftD/SMn8uzTUxP/td81d/j+zQPHO6hAf+Um1bVSooxqc/0NDX+uS7bkeZ4hIrFcBPcn52NbmiFlvSaVYl5nH4J7i8wOXhUd93ldYrsDCXE7qlmvbp4uEYZ6Frir6G0rjaXloFE8Dv3qYLRtrKyfG+Tgg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?sALah0tjxewZl6Ceo+UMswne3eM3BFzF/dax0goyeUvzDwNaVtOcdOkFHAbq?= =?us-ascii?Q?PsWqL5QCi4uJAnna+cnrEBimYFx7a6RdHaobGlb9L+jrQcVYimAeJbb7afBQ?= =?us-ascii?Q?RVj1k86Ggl0m0Hd8CSaVuNflg51zArnXyEvglWJSlrkC6dYB3GBrczysRt0w?= =?us-ascii?Q?msA7hBngx1HNXPH7ckjbPi8ZiUlDa8i4/f/mkCR1xdF7LBx4xY948bP5MH+d?= =?us-ascii?Q?ieBIJBsAb6lKoFmElt4x2+WBbgBiKQhOSt5GklK31g2iVY1m0m9UO5WbdJ3/?= =?us-ascii?Q?aIfRs23ptHFYqO82ZMc5Pn9yf+7KWd7aqxTNu2ldupXUpIpUJwvjXj8Ii8nn?= =?us-ascii?Q?hHaPEgpckyYb40Y0PELcvGYuICPY2lT5if4ySdVLtfYM6/RfuOn/D+OXUmON?= =?us-ascii?Q?fisnYemecVOcwZwHALCAbLNplfrunnwuoJnw+wsCe/HgmxBg64wWRv9yYx58?= =?us-ascii?Q?SOKvwfT3BBDLBAPGNyWg2uIhUrbU1ZEPP2vM5DU7yFCET+ylHsAl6zdZUqTX?= =?us-ascii?Q?TU2IL2wGn5+D8MXSZlS1A2zK3xFDg1pDPAFGSSVKNaWHsp5X8geNmB77UsLb?= =?us-ascii?Q?gXoQibcOejUTiUHJGiKzNAZyKKmoh4wyWRiPKQd8XayGwN0+H70cdqwcn75S?= =?us-ascii?Q?W+omOP4tllniiqkB2jxZttUwP1fnKZo39EsUUJO1jzCvnF4RQqxN7RoxyvNe?= =?us-ascii?Q?9nkozo7h8wVpRlqrfvQb9a227k3mgQZPSgKkzv015switguOsRq4Dk5ZI9AE?= =?us-ascii?Q?i2b01JSOWfL3GlZEzAC8645gbsinNqiJ01e7dHzKhp+zS7QzahDmnKcIt6HE?= =?us-ascii?Q?u5udLiuLW753M+7lIWjvu45CPcnq7HMS0lOFhlgwrxzXDuE2CjX1dk8/8/uC?= =?us-ascii?Q?UxkogedR/g6M37uwOCPVBwiVuHxyaNRDJRNAZMLGdi/be7B2YrFUwEgd4R8Z?= =?us-ascii?Q?Stcyx7GaovG99g+GRhKDZjEow39E38CJI2hWtpCmivGc+mPr/+14rwbI6QQq?= =?us-ascii?Q?MWDHX7OYPBaJ8GbSZJ0dU6y68Jpf1Rwcp8ICu83C/fwh9Idf37SOpzUR7SzM?= =?us-ascii?Q?W+zH0MJO4vkplmgKNHbFjt7zykZ6W2NaL4PNUcGgWRLnwUBSLxkZbsqJzt/T?= =?us-ascii?Q?vsSAAy64rhzdwTEMg6qfdNxv4W+5xZ336LxB1WvaECVmkc8jZYk8i8Ltyw5O?= =?us-ascii?Q?oXxEietPJHEJAmTd53nE+tV8vMbeuu6r+q1yd+06VYiGH9YFAmWEpXFZEU9w?= =?us-ascii?Q?hx/ArBwWe06QgeXteV0xzkTq/VbL270wWUcQrFgyJe49+f15lcl5S1YAD1PJ?= =?us-ascii?Q?CSvP9lEMPUV+f59vHjeRYjnO?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ddd5b0f7-f55d-4419-36e9-08d93a5c3caf X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:28.0503 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cxhq84xQhWzHSGIDIqVMzGqSJ1fP+SGOmntzX8OYjGkv/XUJOkTyFU+SKBK/+y2c1wXM22twFPe+MoOSHyUMXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: b7LYfTwkzLuk3J8fGKAJ4BqKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902219; bh=AI/HhgE8vOSwf8AbumRUH63j0D3x/VrZKoFLa4JVY+o=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=AjSt9X6b2rqjorZjg74/N14XoaEom7ANjisrR8T75Gx+V2sgjE7Jz/13SH/P43ZbG3H BCc1bTtCPTJWHP65CSVkGyxSyaIQm5HJPeHoIpRWewnE3azsmCXvA5AJeyBBfwsFdhbBb 02+0X4CBKDVx+MS0KSZhinGa9MTMidiXwmI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Introduce a new SEV-SNP boot-specific GUID block. The block is used to communicate the secrets and cpuid memory area reserved by the guest BIOS. When SEV-SNP is enabled, the hypervisor will locate the SEV-SNP boot block to get the location of the Secrets and CPUID page and call the PSP firmware command to populate those memory areas. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/ResetVector.inf | 4 ++++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 22 ++++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 4 ++++ 3 files changed, 30 insertions(+) diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index dc38f68919cd..9a95d8687345 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -47,3 +47,7 @@ [Pcd] [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 9c0b5853a46f..ecf1dbcc2caf 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -47,6 +47,28 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart = + 15) % 16)) DB 0 ; guidedStructureStart: =20 +; +; SEV-SNP boot support +; +; sevSnpBlock: +; For the initial boot of SEV-SNP guest, a CPUID and Secrets page must +; be reserved by the BIOS at a RAM area defined by SNP_CPUID_BASE and +; SNP_SECRETS_BASE. A hypervisor will locate this information using the +; SEV-SNP boot block GUID and provide the GPA to the PSP to populate +; the memory area with the required information.. +; +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 +; +sevSnpBootBlockStart: + DD SNP_SECRETS_BASE + DD SNP_SECRETS_SIZE + DD SNP_CPUID_BASE + DD SNP_CPUID_SIZE + DW sevSnpBootBlockEnd - sevSnpBootBlockStart + DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 + DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 +sevSnpBootBlockEnd: + ; ; SEV Secret block ; diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 8a3269cfc212..247f4eb0dc5e 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -89,5 +89,9 @@ %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) + %define SNP_CPUID_BASE FixedPcdGet32 (PcdOvmfSnpCpuidBase) + %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) + %define SNP_SECRETS_BASE FixedPcdGet32 (PcdOvmfSnpSecretsBase) + %define SNP_SECRETS_SIZE FixedPcdGet32 (PcdOvmfSnpSecretsSize) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77193): https://edk2.groups.io/g/devel/message/77193 Mute This Topic: https://groups.io/mt/83850703/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77194+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77194+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902220626546.3584783611221; Mon, 28 Jun 2021 10:43:40 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id x8gGYY1788612xiGVIqO2NpX; Mon, 28 Jun 2021 10:43:40 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.86]) by mx.groups.io with SMTP id smtpd.web11.14799.1624902210672354438 for ; Mon, 28 Jun 2021 10:43:30 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kXsGgMTWNpW/tWkTaCP/Os0lYxJQ4BuToMoe7WbH2xIza4E6iZtPo5KWUEMWuBFtFIjPWnXfin9upI5AovQTv4ufX7IhfXthnPK5PwM/YFFvN/gLbrx9A1S0Y/gkmETCG0injRNp6Yo2yoxaqCfLuD2LDe7GxFQj50cjvDcWpAaRVFBuHQFOZ3UJTwpsQVvfxwE/SbM8weBlEQa/S0XSYYry/vrPkumFF5IOXrwLOZX+zg3/0EgS2vz+cC2eCIgkeylBw8oQko1hpMd9n/xuXbSXmE4lt6yxWEYKOIEMgKxRWdiEfnTnPmF32j1mUFIbl+IKKLQ1iascrW7esg0X7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EyF469i1fK36kxEkwQaUTvsnVLjjCxsukAs2dbStmIQ=; b=NrlE4YgpFPBDl6vmHGghBrFSaOVOuRFdLY3yEpxtieIm+mgIkH89ZqXS7i6uTyeC2stuGSyjE4McHPqjfAO5W5mro6zeM2cyRju27ZG8ZL3N4L37nKNTnq3DGwc+2kHBsy1XM3APndYnbSAP49V+qsZJG2IOwsdzzsk+NheCND1a5HBg0X84PCZddK3WvDlkmY+UvzxeDSLX/our7cTgntMKC2rfPDcbc2i/IMOCA6iq+55gF4isKIS1L2BOR/FyQDvLsT9BVGbw9nWAiGNzujuVgfkKvx841AlFd7ApKIARdB39SsVTa/atEHWKp5cc31fXO+gWVkt16TNsvzy9GA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:29 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:29 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 07/27] OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase Date: Mon, 28 Jun 2021 12:42:03 -0500 Message-ID: <20210628174223.1302-8-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0398f2a9-b212-48be-a88a-08d93a5c3d68 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: AoiCJqgh4K8Zq8GHvASbAwxOFk6F3RXIjY3TJk9eh6xN+kblcpYq7HvlNCG6kQP1W6Us47mnyC9KGA/7aNYoTN4lGj4rSaqW3TLutZRLOCZdSv7Lz4lzypUFi+oLg8Y8hd1OcGVBgY01/8T4jzLBWyauwlZv8fwOisAeftSTOLzOLKDJNoJTVuX7N1DliGx/IDGJ9q8wIlmAaahhjH72rQt2rdKdNq+m0nn2A3rLb4+plFg//VFyag0TMt6XIo62uL/FjWiXvRfLP5gb9kqThcougZcTWHPwr+p1XHO4/7IFdpvp74tnNZmx1RXxW7Qd3t5J5oAVn+q8gbGZzec7s9VeHUfN200nqkPJHm+XTkXWs0CZ2xr4y4jHcyaL+joA7gS2deSrMD8lo0th67vgZC/I+Ycxsl/Nb9U5vTttWsbgf8L96OGQ2ulnhFs1caaiGkLFRFgl1hWMFKmQMR0EEI2j9VgQODy31QIN0+o4Mpw+eis6++KKFs7WdAgPxvhtCImiji9PgW6B7XIZ3AdAZHWkCP5ZdQ289uBleX9FYhKHHJgHY58t81pQN2FZIMfgweof4jhr7MOVM35o/phPT0/6GgGO+WGw4V6d6wB01Pb4+hR42c7iK6qUq+MuD0O8g35PaU3WJiDY+ix+PU7MpYViPxaIn42/0uRfu90aZVfqhz7J1z/xH4i4CuQrvOtr2ONl+J9B4Tgx9M3ggoNxK2xJuhCinsGefDPOZs18e9L0Yjl26Qm9+/l2YySf3hAS4wViyYHUqive7ChxHZYG0dqpQtUSJDcOPT/K5nEK0qtjr6qLAyLK7B7SbSjdamPX3/sBri843VSi/kzemNXisQ== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?DIeB6q/t5oSy2HS/NoIY+EJlFXewqYK4K8AWrNTnfUfuPOOU+Vrq+zicth7E?= =?us-ascii?Q?gCPfMhLDytMeKx24wBHiYfybka4jW9qrp3YybrMkUSnEIuA+lfcDJDqbBR+f?= =?us-ascii?Q?pnUYo4/yv7Emkv5fJoN18QsYWDmH/NWRMrT1vmru7DZFJB9QCG+YJJ5Ao1+Z?= =?us-ascii?Q?D87okK0GvoFkS2LTOB582QpQeuOahdxcE9quOJkZB+3QoxLibRZVGJ7tIYaK?= =?us-ascii?Q?U0Vkx7Yw9EGQNY2rKio1mA8WaR8yaTO4xcY8CKzL3c2hZq15qeA+YQ6uC9ix?= =?us-ascii?Q?uWS2jxO3m72DVq26uRxOSAmxEK4lcVh+wlpRa6Rc+W5HDk1OIReRWvaPWnNc?= =?us-ascii?Q?SXuQCLd0W2ODs/ZapXiS5RRFukrXPg3IuOXPQaKKiHEY2gXKADJtWsdJxWSQ?= =?us-ascii?Q?6sLEJZAV81xrJsBCO0VXXKA0ik1KExQIPnWT10iY1uXr+Ro7KZEdaDOxyggq?= =?us-ascii?Q?0Os8QFy1qTrFVHOTeYP95o48vc1B0zwwCdiG7+wpalh0lk+uvhF1VGgLzRIw?= =?us-ascii?Q?R+fUZnmaw+ZQTPxM9S6hUiJd7YLRIp2CLHA134PlqcAP5OMIJcQ6iRP3ZUUj?= =?us-ascii?Q?Bows9E3Qlwfmj3K2xsQCG2MEcy7ZGGitLI15Yec8y/xlkaZLRUIAkEor3PzO?= =?us-ascii?Q?FHyVp2va6Xf4HoRCbAb1WZdLKuMvcNm9B3wocdokY4M307LF/6QlgjJRzvfd?= =?us-ascii?Q?RLBDfxPi/pPxDbIuhEj3JWzeaa8A7f48TB0RD4PdL9qterTNqjI2ZbVsOYcq?= =?us-ascii?Q?MlQn/uQjSZCocBXN3GlRjouHWMvRzPs91BW8J8VOMwUiVJFLBPpfFz0gOAvP?= =?us-ascii?Q?8OQHEzxxSjv+TpQNxOvYhb6/F7EKFDs1MslcEocwlgU7ax4YVcCeihwPckhn?= =?us-ascii?Q?Ibd0tFY2LCBTzrn7lWXICFhMFUyBwXsamo811DIYaGQoOM8QQZvhR6eqI5u3?= =?us-ascii?Q?aLRsiHZl0O8JhQ28pRHrU/QyBbY7Z2TVMEyHfgmRnYctfeSeE8TWzfj5qFCV?= =?us-ascii?Q?1UFJWU+sgn8dz+Kfvekpnt3gAuEsQERcCNXOFdWs4pZvxLgXHvWCD/fsF5AY?= =?us-ascii?Q?XVc/2lJ8lVUASG7m+5Ys0Vylgua3zNt5qBFVfYK603wKT09hWyDd+6CvoB13?= =?us-ascii?Q?yhj2N/qrb0Tuai1H/e5sp6f8RHh0m0CZh1QwjyckQRzkvQsP7rfi8u4qIlIR?= =?us-ascii?Q?xOT4OD11Rmc9vi/jVMZEBLHyAhVBbgUT2zUPmG7yojCK+HO2IgDqu68+mjzK?= =?us-ascii?Q?dYABBDKfBEFpWgYRBx9xO7BNjmHPFsB4NJ+i+6p0dvCjEC4Wh36mQ6TlXYP5?= =?us-ascii?Q?PG4xaSsiPV2rxWPrw/Qwbs22?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0398f2a9-b212-48be-a88a-08d93a5c3d68 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:29.2486 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /IfVPiD6seKliHaOT6AmF8XZCuEZ7+39sw3/klcLp6Q25bg1xXFoxB6ZPWtg0eXIXkfQto1ZW1M2memPt17evA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: VwiZllRRnIEzsvpUs31qAZLXx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902220; bh=s4mIChJOUhaqY2qfWrozYxLHcXLp3J2SVR2Uj0YjYaM=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=wuyzkt+yfCyK5AdI8VdWmgoGnUgwS6qIFHJDphyPdxXvSKXPYlp5F9dz7KbrTBhcjde dPsl8nRLxtufIXz+us8W3czEoF+1FGf+l3lEODDqHVi8/jEbZeKCfGixr3Hf4VREyIvn/ tHa8mDpnX4DtC6HhWHrYnfCM0+ZDz/lM4Xo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that private memory (aka pages mapped encrypted) must be validated before being accessed. The validation process consist of the following sequence: 1) Set the memory encryption attribute in the page table (aka C-bit). Note: If the processor is in non-PAE mode, then all the memory accesses are considered private. 2) Add the memory range as private in the RMP table. This can be performed using the Page State Change VMGEXIT defined in the GHCB specification. 3) Use the PVALIDATE instruction to set the Validated Bit in the RMP table. During the guest creation time, the VMM encrypts the OVMF_CODE.fd using the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In addition to encrypting the content, the command also validates the memory region. This allows us to execute the code without going through the validation sequence. During execution, the reset vector need to access some data pages (such as page tables, SevESWorkarea, Sec stack). The data pages are accessed as private memory. The data pages are not part of the OVMF_CODE.fd, so they were not validated during the guest creation. There are two approaches we can take to validate the data pages before the access: a) Enhance the OVMF reset vector code to validate the pages as described above (go through step 2 - 3). OR b) Validate the pages during the guest creation time. The SEV firmware provides a command which can be used by the VMM to validate the pages without affecting the measurement of the launch. Approach #b seems much simpler; it does not require any changes to the OVMF reset vector code. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 5 +++++ OvmfPkg/OvmfPkgX64.fdf | 8 +++++++- OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 5 +++++ OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 93f759534ade..d0ec14ca2318 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -334,6 +334,11 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x49 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x50 =20 + ## The start and end of pre-validated memory region by the hypervisor + # through the SEV-SNP firmware. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UIN= T32|0x51 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT3= 2|0x52 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 3e257aaf72bd..6bce3369e10d 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -105,7 +105,13 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 -##########################################################################= ###### +##########################################################################= ################ +# +# The range of the pages pre-validated through the SEV-SNP firmware. +# +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart =3D $= (MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd =3D $(M= EMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase +##########################################################################= ################ =20 [FV.SECFV] FvNameGuid =3D 763BED0D-DE9F-48F5-81F1-3E90E1B1A015 diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index 9a95d8687345..32206855193f 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -51,3 +51,5 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index ecf1dbcc2caf..c5a062e69b26 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -57,9 +57,14 @@ guidedStructureStart: ; SEV-SNP boot block GUID and provide the GPA to the PSP to populate ; the memory area with the required information.. ; +; In order to boot the SEV-SNP guest the hypervisor must pre-validated t= he +; memory range from SNP_HV_VALIDATED_START to SNP_HV_VALIDATED_END. +; ; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 ; sevSnpBootBlockStart: + DD SNP_HV_VALIDATED_START + DD SNP_HV_VALIDATED_END DD SNP_SECRETS_BASE DD SNP_SECRETS_SIZE DD SNP_CPUID_BASE diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 247f4eb0dc5e..645e949845f9 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -93,5 +93,7 @@ %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) %define SNP_SECRETS_BASE FixedPcdGet32 (PcdOvmfSnpSecretsBase) %define SNP_SECRETS_SIZE FixedPcdGet32 (PcdOvmfSnpSecretsSize) + %define SNP_HV_VALIDATED_START FixedPcdGet32 (PcdOvmfSnpHypervisorPreVal= idatedStart) + %define SNP_HV_VALIDATED_END FixedPcdGet32 (PcdOvmfSnpHypervisorPreValid= atedEnd) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77194): https://edk2.groups.io/g/devel/message/77194 Mute This Topic: https://groups.io/mt/83850704/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77195+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77195+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902217993277.5170764965344; Mon, 28 Jun 2021 10:43:37 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id auWTYY1788612xiuhLWyjefz; Mon, 28 Jun 2021 10:43:32 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.72]) by mx.groups.io with SMTP id smtpd.web08.14866.1624902212022850324 for ; Mon, 28 Jun 2021 10:43:32 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KDBc0wM7F52hjlQnGzjOqSZR3G9tu4R/XomChwFUH8Mt6D+coRR2yR0DMUbApzNPNjyyZaOPwidWESNa3ZHAArUrqmuAZPhjskVY4tQIzkTVxsD6cy2QvH98eMPLrSfM6aRtNqxksZsEx70D7LRk6DNXD9TXlBcLCfJB8EyZbMLFBWY/aIah2IUqDycJLp/xigs7nzOkYLUqUrmJAms7usdP6ESGt5lZTmU7uX+szlmErVMUBccFEueoDcf5aeWajzqIdKuPB9MOh3F23FYCi1wDGkzVcneGQLhWKDmuLMpRMNZNZ5A7VQC/Z3PRz6vXKBt0wTilYzlF7qMAnS1srg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gkeUQqRrqGbEcg1iCZA12j4JnLIrU1JF69J5kIjQrzU=; b=LSLWFMU1joVeDFeKh3MOmm7Tvq6pIhw+O0ERKDKvHz7xVSf0KjWyJkYm/l8OC2B8pBbMe1NGCbZxC9Vq08rBbuGWDmKXY1sI4kHaYhW5yg0iKPVPWN63cw1dGzTOwTYllXVLxA3t58b3VZqV1qfvGg7Vyhrf+I+Ig/63HNGTq+iw916BzH6kuvMpJ7ux8w6+O/7AGUaRJK4UaTQyfTnOP1UMBG4+V5rVd82mhTDkENCixlgu/dNm2oy7Od9ZAiupXcGanfd/EhMlu5fNF9c7NwGiPZd3cdG2yK+bUNBw1YyjFW9qyJO7ShdmlkoH+qU8JN1Opmb9K/4kdEE7fdAX0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:30 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:30 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 08/27] OvmfPkg/ResetVector: invalidate the GHCB page Date: Mon, 28 Jun 2021 12:42:04 -0500 Message-ID: <20210628174223.1302-9-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2c531e16-4766-4085-097d-08d93a5c3e18 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 36NmT/jTrqltq3gMQS/fAteCJ0ZHDaWWlgU99NUBaqtRN4+bk8RRzqBcETtzxs0inlbYEMU+/NFpSKBGDT7mBcS6yJbUh+YQg/sg29X8YrI3McyDJtF4Xwm7+tyMc964IzCO5aHbjr09yKBjh+a5DrrZEm1MNm0P+yEWIaoK8eu91gkwNLR+XR3jH92+jwffav6vvVDW6AlPC9bB6GO7EcDz1tvf363qV/Uw5ZMT7+y7ZrSTsjdTGIvIVGIf+5lnMJD8V5e/qG6KZTABFO7xr1AxkfVLpIOQIVn8HYURLgARkmFf8jLPvkeCuVsVMbwzhaF1N8EL7130lHfqGevXq6uZvusWO5nnwl1qyd9vHG4RyVqzb5rm7EoPki3zhdEI2yOHakSNGhmvSer3fQccaiu0rP0nUc5y10kv3nJHv0dKp3VgdhHDjzpGnAAnTfL9fNV3WPTjwZjLCZJFJDIFr1dZG6taMvv9ILsOOKFcpDNNr4FUlKNEkN7ZYpZzWmAVTC8gaQbKt3LKqVtwhZ9nGed+AhmV2C+0rg05dzdWjCypHKwZvFkg1rDEYSUIQm1JnBkCGwHeCK8AioUIVJyJBpIcrMwChkzyIyElPxauqECW4kIQPrw+VZ1n+2omTXrCBkQ+YW5DPGiK7HxpGl55LhYWno27SAQ+uztOTjHZDOAV8kMLRAtUxwbjsu70ZK4Mu4hOUp+Le8dTWpX2hoz8/PfsJPSe0CHOqypxJtl/fN8UUZJT4lVPDzCfOl8xUPaZUlqWe1kiXnS9AbaGYVe0PyUfzj+qR6tbycNSJNAysu+DnNiS6uUlk6N7wGEq5T58ho7wKnDPhuV3U3Be4AeXIA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?U25DJyEqyayCSlP6CsU50sgFePKrlli2/oQKmKyzeeGrWHNokbSkIlr6cTcO?= =?us-ascii?Q?j9eFDQo3IF/T+WLl9vtDG12EP8XgWuyeybzhIldVckRvOremReitRFeY8vhE?= =?us-ascii?Q?f+SBzr4O0PauF9NwublZwhoFl5w6Zv81/mRZaLh5wjwy0F1W1Xwozu/rdKq6?= =?us-ascii?Q?76tdKw2lZ0QPA56LdPWRt6hySazqyZiTdYJ7BcnpNTD/qES584dkhWj8CHyC?= =?us-ascii?Q?QWNV3vd5/0U8sWxJ9Wpcl8CixZdYXnQ0FbQ5nnXi/wPf5U282SqSzNFZvGPa?= =?us-ascii?Q?whYrhU8Mut6n/e3qzuzFII/fgKdlfP+TZKe6AQ0bxjjO8vcFj75G5Nay/1Ce?= =?us-ascii?Q?X+rDwWQCoXV0tAnVvg/tyH1nwPGVyYjlhn4jNYgfl/0hIBf6x1SHal4LSiQK?= =?us-ascii?Q?zlkxn3MlcV0+L664XZfrdOFvIf+Q+2C5og7cRaZ7EUqj3F4P71ZF0FtgywNe?= =?us-ascii?Q?SMK6CXnYwNsoqmGuKjGN0xKNu5KYwJnd7BC2UQHuk8IqBnABu/5o8Q3aPtFS?= =?us-ascii?Q?MeOY3LhVsAwwaItmpoZ/IW2HGV5TZCCOUh3bgP0CrTxIMsy4wYLhBLwWE90i?= =?us-ascii?Q?e0Z/GitwQuCi9W8ILvLr+oJCKowx014Cf/6jpAfUMcznj0hZRD/euR0JsrLN?= =?us-ascii?Q?O8o4yu4eAYbLGouCb9kCZby9DD0onbhHB6B/w22rBWj5I/iRH5IWLtMLnLcY?= =?us-ascii?Q?4HNjM94OITAsZNWEfXjF0UVdmi3wgWYhOXuMLN1iwqhjx3WwYaLtXO8coa8H?= =?us-ascii?Q?qnvuif1nzuGKUL5o6cmhgx2C6nlwWiB8Xc22HHXDdA2LXd3K1WSdo4gHG5Rd?= =?us-ascii?Q?Gonuj6echu8gZ51eIb0zsPU31WpGH+1oRcz5n5m0PXsfbxnOHA5P40G8cZbH?= =?us-ascii?Q?/WZ73E8DDGVopaPjZ6VnuAyJdSiLkrLWhni3WJpP+xeayb0sRKGEq4kCT9Mg?= =?us-ascii?Q?xKu1ZXzQYoTFERCPN/yhY1nJB0vbHlDCypgXBs3+jjXSbYRrvfieTjeGWswm?= =?us-ascii?Q?IPdbjVTWmb8HfMsJvef83vSJkdcWDUyr6cEIfdCXAkGbQwnKj7NOa17ULkUE?= =?us-ascii?Q?CC41QoB6pJ4v/LWzjkfvplLFfmIYtNGnwteMQn6raE/Zi59mFE6yo4QuSCYY?= =?us-ascii?Q?8kbRBiMAn21HByieMaxHqaS1mKoezMKCZJKt34D/KS9EH9vlJqtfDrTYeGlr?= =?us-ascii?Q?djHR5ni/j3EaYTzXuPYB8dwpU2kJtcEfV7NOJ13/xPLzsKUPHaLz01+r/yXN?= =?us-ascii?Q?hQG6nXhn4NYRPdE8ez+N2SSEmc751Ubb8pAP7sEO/5sChyVpDe8GDF26LRb+?= =?us-ascii?Q?hEDPqQYanNcNP1iZgX8gCgSk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2c531e16-4766-4085-097d-08d93a5c3e18 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:30.4050 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: W6bxSo8D0sPZl/574jEoJ9wf9IkQZ8Cbk7lRi0gVCPtpmpA7IVzaY7Gj/OQMX6pHqvoQgVKcSRin0obtOedGPw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: qt4cI8Lk7Kc8nc08pr58Xfmnx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902212; bh=AJ5tDlRuscfUOS2tcS64cyZuczDyqo05JgBAqTb0JFc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=sxHwTimRN6CSPWV0lkdKWZE+mdnbs5UcoI6YkTGGJSjZe5FmnPN9rKLkJaG2SFX17Cv uCIND+kygf5J0U+YQcciOPEO6t7PTbafgC2IDjTv2MrZh6yodvBoRJWxuc3NXTy7cIv98 3MRpMMblyy2WCTZa2dR98ezDe1A8rz5d/Qw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The GHCB page is part of a pre-validated memory range specified through the SnpBootBlock GUID. When SEV-SNP is active, the GHCB page is pre-validated by the hyperivosr during the SNP guest creation. On boot, the reset vector maps the GHCB page as un-encrypted in the initial page table. Just clearing the encryption attribute from the page table is not enough. To maintain the security guarantees, the page must be invalidated. The page invalidation consists of two steps: 1. Use the PVALIDATE instruction to clear Validated Bit from the RMP table. 2. Use the Page State Change VMGEXIT to ask hypervisor to change the page state to shared in the RMP table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 125 ++++++++++++++++++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 13 +++ 2 files changed, 138 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 7465f7086449..78888dbf29cd 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -8,6 +8,8 @@ ; ;-------------------------------------------------------------------------= ----- =20 +%include "Nasm.inc" + BITS 32 =20 ; @@ -43,6 +45,25 @@ BITS 32 ; The unexpected response code %define TERM_UNEXPECTED_RESP_CODE 2 =20 +; SNP page state change failure +%define TERM_PAGE_STATE_CHANAGE 3 + +; Hypervisor does not support SEV-SNP feature +%define TERM_HV_UNSUPPORTED_FEATURE 4 + +; GHCB SEV Information MSR protocol +%define GHCB_SEV_INFORMATION_REQUEST 2 +%define GHCB_SEV_INFORMATION_RESPONSE 1 + +; GHCB Page Invalidate request and response protocol values +; +%define GHCB_PAGE_STATE_CHANGE_REQUEST 20 +%define GHCB_PAGE_STATE_CHANGE_RESPONSE 21 +%define GHCB_PAGE_STATE_SHARED 2 + +; GHCB Hypervisor features MSR protocol +%define GHCB_HYPERVISOR_FEATURES_REQUEST 128 +%define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 =20 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll @@ -245,6 +266,110 @@ SevExit: =20 OneTimeCallRet CheckSevFeatures =20 +; The version 2 of GHCB specification added the support to query the hyper= visor +; features. If the GHCB version is >=3D2 then read the hypervisor features= and +; verify that SEV-SNP feature is supported. +; +CheckSnpHypervisorFeatures: + ; Get the SEV Information + xor eax, eax + xor edx, edx + + VmgExit GHCB_SEV_INFORMATION_REQUEST, GHCB_SEV_INFORMATION_RESPONSE + + ; + ; SEV Information Response GHCB MSR + ; GHCB_MSR[63:48] =3D Maximum protocol version + ; GHCB_MSR[47:32] =3D Minimum protocol version + ; + shr edx, 16 + cmp edx, 2 + jl SevSnpUnsupportedFeature + + ; Get the hypervisor features + xor eax, eax + xor edx, edx + + VmgExit GHCB_HYPERVISOR_FEATURES_REQUEST, GHCB_HYPERVISOR_FEATURES_RES= PONSE + + ; + ; Hypervisor features reponse + ; GHCB_MSR[63:12] =3D Features bitmap + ; BIT0 =3D SEV-SNP Supported + ; + shr eax, 12 + bt eax, 0 + jnc SevSnpUnsupportedFeature + +CheckSnpHypervisorFeaturesDone: + OneTimeCallRet CheckSnpHypervisorFeatures + +; If its an SEV-SNP guest then use the page state change VMGEXIT to invali= date +; the GHCB page. +; +; Modified: EAX, EBX, ECX, EDX +; +InvalidateGHCBPage: + ; Check if SEV-SNP is enabled + ; MSR_0xC0010131 - Bit 2 (SEV-SNP enabled) + mov ecx, SEV_STATUS_MSR + rdmsr + bt eax, 2 + jnc InvalidateGHCBPageDone + + ; Verify that SEV-SNP feature is supported by the hypervisor. + OneTimeCall CheckSnpHypervisorFeatures + + ; Use PVALIDATE instruction to invalidate the page + mov eax, GHCB_BASE + mov ecx, 0 + mov edx, 0 + PVALIDATE + + ; Save the carry flag to be use later. + setc dl + + ; If PVALIDATE fail then abort the launch. + cmp eax, 0 + jne SevSnpPageStateFailureTerminate + + ; Check the carry flag to determine if RMP entry was updated. + cmp dl, 0 + jne SevSnpPageStateFailureTerminate + + ; Ask hypervisor to change the page state to shared using the + ; Page State Change VMGEXIT. + ; + ; Setup GHCB MSR + ; GHCB_MSR[55:52] =3D Page Operation + ; GHCB_MSR[51:12] =3D Guest Physical Frame Number + ; + mov eax, (GHCB_BASE >> 12) + shl eax, 12 + mov edx, (GHCB_PAGE_STATE_SHARED << 20) + + VmgExit GHCB_PAGE_STATE_CHANGE_REQUEST, GHCB_PAGE_STATE_CHANGE_RESPON= SE + + ; + ; Response GHCB MSR + ; GHCB_MSR[63:12] =3D Error code + ; + cmp edx, 0 + jnz SevSnpPageStateFailureTerminate + +InvalidateGHCBPageDone: + OneTimeCallRet InvalidateGHCBPage + +; Terminate the SEV-SNP guest due to the page state change failure +SevSnpPageStateFailureTerminate: + TerminateVmgExit TERM_PAGE_STATE_CHANAGE + +; Terminate the SEV-SNP guest because hypervisor does not support +; the SEV-SNP feature +SevSnpUnsupportedFeature: + TerminateVmgExit TERM_HV_UNSUPPORTED_FEATURE + + ; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat= ure ; is enabled. ; diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index eacdb69ddb9f..f587ef912e4c 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -140,6 +140,19 @@ clearGhcbMemoryLoop: mov dword[ecx * 4 + GHCB_BASE - 4], eax loop clearGhcbMemoryLoop =20 + ; + ; The page table built above cleared the memory encryption mask from t= he + ; GHCB_BASE (aka made it shared). When SEV-SNP is enabled, to maintain + ; the security guarantees, the page state transition from private to + ; shared must go through the page invalidation steps. Invalidate the + ; memory range before loading the page table below. + ; + ; NOTE: the invalidation must happen after zeroing the GHCB memory. Th= is + ; is because, in the 32-bit mode all the access are considered p= rivate. + ; The invalidation before the zero'ing will cause a #VC. + ; + OneTimeCall InvalidateGHCBPage + SetCr3: ; ; Set CR3 now that the paging structures are available --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77195): https://edk2.groups.io/g/devel/message/77195 Mute This Topic: https://groups.io/mt/83850706/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77196+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77196+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902221117705.0869413193698; Mon, 28 Jun 2021 10:43:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 569AYY1788612x9FSxCnvXgJ; Mon, 28 Jun 2021 10:43:40 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.40]) by mx.groups.io with SMTP id smtpd.web12.14894.1624902213036203009 for ; Mon, 28 Jun 2021 10:43:33 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yql1pul3myGTUr0qxzr+xaTnXpJrAJBEtkfplfMS0rJF/RMSrPq1Llu2Y1aMnMde56Mu43do+Xd3Y5nuNT6gyk0QAq+xqJmyMwpB7TrZgd4rl4xcScoja1WtakVBQOrcQVlJ2LgjDXRIKEM+vo8lUc4EnLSHH8CXb7SOQhHzGLQuhr4tvTy5/ErdvbKzBb5rQ3ZF5dRJnnfY1fFVrosigGkUErkLOGdH2b4Dzf/pETpd2yQXrpBOxdjt55jQUih9uCYIgBnOfQLV7yrfMWvSi59FWZ5/ZMoHMkgtSCLHQydNDp0WnZV7EVxqJ60HCrnXEP+O04TpVM7rXOBYxa+QQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WttPWIeqydim111YSyO9AqbiZ0/Wl1pBHdiPbk966mA=; b=F2D0I8YOHmNcxQWT6RE8weaQTZlm2eDvB2m69M4CvY7AvH3HVmudPxW6OIpIUpqq1p5S4V6K5rzq7I2G3a9pTbUg/ZMjSOQ0pz4wgbt8BS9FnFmbxhoWOVm/58ATVFTxJYXxtWwCXInsw7HierbYBQX3UapXXEfON94U8pAnuB3anGLjV45deA81X6I7h48e2XzS2/tIK3aMkZnY//u6pj32tphjArcb20f1hVOYJBZHxKqlcMw9QYpz74XiccM9iid7QeancLM13e9KzTfgMCZE5Xn/0xny+dxN4S0aycAE1Qua5LoxnSOeF6mZfRnLrU4n+tPzxxKxoFjTm6vZVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:31 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:31 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 09/27] UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs Date: Mon, 28 Jun 2021 12:42:05 -0500 Message-ID: <20210628174223.1302-10-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f537f9f3-24ac-4956-021c-08d93a5c3eca X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 3JoI+HcaLWtvgju06r2frduUU9QsJTM7Twc7zRhoTlscHNWGXJhLmzZtYaOu2KT6jlA8lp8SpmvRa71fu6p52mnL75pf45+SylcG2du634sdAvvnY2tVEEtktm/Nkcq08Z9ngBuoKWufdvXMH8PVi06/nlBg9nB2ZQAedHxUGheSmRXy5ZQWzsu2vxrniNXItTMl5jdGMt7UjHK5RH9fkdbtFCsuRJEFq2L1qT2pH3JrfAac4RpPDD5qmV3xxFYL73gZzVrq7biw43MWJY/tKfRQggbog+9fJuVXLgcwzuyFBl6aTX4EPso9Z0GQiDEHlJXQWlTv48f1+xxqedTdRGg74Kgwq5AIzn4U05oz4y4n2Iq4wEw8yN2QhPUtB5MAw3DIQSRD97SN14tMry/A1Sn1fn41+C/q4SLIKKvTBGrdAcp1+NGDodL4a8kZGMqhZAX1Aj3mERh/LQWlX8h6YFjK4b6e3mJankGcoXU8mUuNfxYvaUKG0+x1PlAyd4qnNfXKqHvJQQUC0MTm7REeglqelY5+RMWAjJUy1U1PmH0MJlu4z5OecCHsn2QzT+wfXl1BdtFEkYB8Km/ZR/kE7B6WX2/WVwsp81qqtFteZNdF2MHLHg0hABAa5JbKyAEWGmhzECsf3rxQE2tNO//UKJrYSRwnyiUccj6JDYWzqL86zagdAxp+pyetH7Kznu5b60aknJGZmJSBBnkEAwnDfedj1E5SSBUYSYcF4VFiYdxxotBtDR6IxzOotVGsMac0pfRLQazK+L7qxfgREOIH0A+YO/vtjUbJXQNbDSB8wEQqjM2Qco//UnrxijchYGADWhK1UDCooPR3PkZ21+i1gg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?iqZ2jbD2us+9199OQZ6iNLippjKSUz5rMGwk2GdYZeopxx1J/uErUf5Ivc+/?= =?us-ascii?Q?FoidmkZoKbIAT7ue2ya+yDADyzZIdIKsNN8DRsVHVbM2fTsIAg6pnUfGQenS?= =?us-ascii?Q?WH9Tu/N7TD6cMLAKw9GCbDVoHea9mFggvKpr+UKuvhZbYgzTxv/KLvqITV5N?= =?us-ascii?Q?oweI1Nw1aWQ2z1LFoUS2R7uCd9QKPDzN/5VdC5DUywezH7iKCXt2WC4S51Pa?= =?us-ascii?Q?YU8eULVPwdxmn+180XFhbvSDe9ZW31ODPkZaxRXfMUuBuBPqgnaXzIazOSjX?= =?us-ascii?Q?BQlPt9UaaNwzATy9WPz0V84yEyzDl7sfSloz2BeuvRPcEcmvIf2gTWgnJCEO?= =?us-ascii?Q?5EzjwikIW74JW03QVGoWF2DyBkfWeVQ5BKXz8o+coMK7/kRu7oSUwS982SM1?= =?us-ascii?Q?3uKJC4a+kqfsA35RXpstgFWfXJ9FDooHlQwMeK5vihwXBvgZx59gFJ6068qN?= =?us-ascii?Q?n90gE6CtjgFdxvJfCw7becFcCeobzhD716ik7IqpE8Gsb1qur++Xf++GDsEV?= =?us-ascii?Q?vXp1U9ACbpTEVEfBqz1t+kICtFqlkNSxJqVDzZci/iPwShnO5WE8evorBvmZ?= =?us-ascii?Q?XhZ87V5gh0tAyjlqGQLq0x+7+aT2gGsNN/AKa04FUgcotuB21byUX578smok?= =?us-ascii?Q?zo3JhbN7JiF8egI1l0dwSqBslU3pNC92HjDgSX4LUkAylZSI9EKh16uAxEF/?= =?us-ascii?Q?1mWB1FiXzw4zlcoWHkTUrWTvMCcGUcbJnXsT9hySVTAhIm4w0LsBmgFCh9KY?= =?us-ascii?Q?VpnvLOcANdJm66ENIuXlIzoqbPx9JdSDS2VU0KOlSBIjBQrQkGWoYn2BmlXq?= =?us-ascii?Q?LWa1EOTgilDpmuNM0VPOkvNljtkel7bvUqSH/hBrL+lBngy/klTQGEKxVwnN?= =?us-ascii?Q?skhILbUXsmuc5gDmZgnJlNHI7IgZVALlFrwHOmQMDf7PMKXGQK7nxJ18eA8Z?= =?us-ascii?Q?JQWVPwVl7mEkvWinsumAIG5z3GMLR22W1n7dX5dQDRVkdrROSp1BGL18LkGS?= =?us-ascii?Q?NLHh3Qf7w87dkv316ElrcMp1a7SEZJWXNgeMVMLq3Im61anb1+Hx1XCi18LA?= =?us-ascii?Q?ZVg5MhWkS+KUAAhIeByXdGtS2TvhcE6bx+EtDH4vQjcx0jGyTB2jjkv1phCp?= =?us-ascii?Q?uclsytLjMtG4Sn6hWqYiwQ5lZC3F37B2PPJ3NS0vKRVgTFwWxxCVlLQf2UKH?= =?us-ascii?Q?P1H4QJ3DIRWCqTS9boeGaQ0pto5GN6mCkf9ZBNu87kLZu+qtU09g25xNJc4h?= =?us-ascii?Q?wXeTskFTMK/gMSFKTknLxjH0Zrx3ZXPJd1clHJq9iDqKjrIwFczxZvUnTPDD?= =?us-ascii?Q?ZKnUFInab323T7T9jYDz+f87?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f537f9f3-24ac-4956-021c-08d93a5c3eca X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:31.5913 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3u/gj/kEYzfF/10W7c0BeHprjGFJg/nhBb/S8uYFBkcBLI+PaN8R69kxaAlikzeQRnhTrYco4V1czlhfi4Xjhg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: SxxOK4hrIyAHJPBRY8Q6pW82x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902220; bh=arCyGjqT3C11nMh+QsGBs3X1NeYm1WjlAQm7Rss0+hA=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=QuSpmtjghK86fT2h+29hPkqdFxmR2A752OqEuaTwb/JL1YblFMdfwswtL3fGFjNuvWC KMlY+1/UmUYioNnZb6TrriEmBFNBMdv/gJ2KDM/9tmBVbZX2RVAjp7VwrCWGheKuPE4RE sH9wTzetOmeUHUiTbgnn1Pp6KNSQiNo9NOo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Define the PCDs used by the MpInitLib while creating the AP when SEV-SNP is active in the guest VM. Cc: Ray Ni Cc: Rahul Kumar Cc: Eric Dong Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/UefiCpuPkg.dec | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 62acb291f309..0ec25871a50f 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -396,5 +396,16 @@ [PcdsDynamic, PcdsDynamicEx] # @Prompt SEV-ES Status gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|FALSE|BOOLEAN|0x60000016 =20 + ## This dynamic PCD indicates whether SEV-SNP is enabled + # TRUE - SEV-SNP is enabled + # FALSE - SEV-SNP is not enabled + # @Prompt SEV-SNP Status + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled|FALSE|BOOLEAN|0x60000017 + + ## This dynamic PCD contains the hypervisor features value obtained thro= ugh the GHCB HYPERVISOR + # features VMGEXIT defined in the version 2 of GHCB spec. + # @Prompt GHCB Hypervisor Features + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures|0x0|UINT64|0x60000018 + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77196): https://edk2.groups.io/g/devel/message/77196 Mute This Topic: https://groups.io/mt/83850707/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77197+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77197+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16249022216201013.8961022059482; Mon, 28 Jun 2021 10:43:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mnMVYY1788612xPY4JkSLPoL; Mon, 28 Jun 2021 10:43:41 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.53]) by mx.groups.io with SMTP id smtpd.web12.14896.1624902214261590736 for ; Mon, 28 Jun 2021 10:43:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e0y4i7l7Zx3wI8vYGrKEfUUo+SlBG48RO4d6he3bBUD9Rd1hvfpjQFHB5A2ob5dUHqUBsoNLtPTSSUEsgJuy1SJ7fyaK/L1ZTxCiQcTXV1F4GQd23wtBzszvVosGmRSkEMkifQuKSD1XYI1hkfDb5F1yyGkimlkemtfI3hlQgBv0xoYh7yzmEDYPAjVbGICQsJaBaC7e5YtQ2V3NWK4amaQINh+A1g+tK9oNySPucYMb38Smxex/yjwxKFfbZkNsqkrbTfid1udlDZjafkISVKhmtnnaetvRjlITyNj7bhFih7vjXhjP0pz88HShOS6mEiwUFmRtKQeOrlWHcpnGDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPv8YfpGhCBRXdslNfACTg5q1VaJCohOC88+QdWyUx8=; b=adPt5oPA6YC8TNdz3j5viltGnSFYFMAtw7+0FthPe+peTjkrP3s6z/7dvTsryjlARcEk4hqav0ARB55VhypA+MiF+nf/jJcKl0jR5SIZGCZA1WwWip4Jil8KoPjB/zfXsrk+ZflX/TACar/j/Jlmue+/IFfmBKrOiKa1F7WxeHc1T+h8Pjg25ntcGamfYXkPPRZO5S8j7qwjzDTkrAKyqZbYn6OviivlICRKoR6QOtIsfakUP5gXX5/5BrbwH/YBZfR6uxm4//Fzs32xCYbN+s8znBjucRQZG2FfGuAA7rfgTR+1a9zM5BYK4WNydFeD8RtrIwVbwuFAvp/bL+EUAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:32 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:32 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 10/27] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Date: Mon, 28 Jun 2021 12:42:06 -0500 Message-ID: <20210628174223.1302-11-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f187d058-05bc-4e61-1d46-08d93a5c3f7e X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:196; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: VM960aOT1yA72JgVAXDC5qJzRJwJP9XUps39ZaA1r1Wan1EII7J/lKFTJ09tV3R15159Wq8wXYA0+1QAN39OD6x7zcixjTQxxMWTQ+/iuDP/1tfoMB9zMKdg7RpN+pa3KX6J6RNTCWMmJAYuUq+XD6aicq+tKFFeLNptN+nBmvZ15e0TIEl2TPuKMyKnqb6Iw6acYd3Q1ZseNrok46N0AJ45dOZ/eY9TJfbblFSo+0yTX7K4a2bUaJnMoIgtJhl/x8YFayw5+1Ebh5KC42t1HfE4LVtJiu2ytA3FC0fRcZ73hVJax8SNjwey0j/+1ANzIXPItW2TRi066LoCHJS6VWtKitesGpE7jCzlwCGAAyIllhcTB5lWy5SckbmTFugLPNqxrc3sVdaAZ9NDt9icOcC1L1TW26ngCDxw1EQkxy0UxzH/8ZK4k+JH1N0XFnEsnVf4Gzdl8jOE9ky7Jmzs8ZnYQLB7Zs60B82UjGdzEJ0wdigbBvKAZVPJOAr5MJ8wWWNT5y3X7BQfgBiQKgvrpjeDUFxkZ3ylCFZ+Z6B9qN5CCz+tk1lgYJeQ+OLqsIjq5P9Mg0a+rngXoArGCr5W13X9ZkvRmpj3kyH4Xxa5TU+JE/qYtu+/RI0kkpUrt5FFYmYk/tZ4vzjzrozB1MO65pA+sZk2Fahs+LagCzyjKSoFPE4BSBRca+AYKyc1yJ8jZrLRAy2MMO5iv1FfmpQOFSW2ZVNPD8x+/vZG+30AkDQqb6mzhZA35507bBZW06+SlBDPcH5EemF43Azf7aL8vFqmW4Qh98xNeOcxY3J+csOdiRSur7HK9Gn2bp6ONBiqNTC1gow7r/x1QIh36nuVp7OOlC8etjmN9LbRQ8EyvSQ= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?fofrhNVnjbk5mnyWGmZVmThv0+n45wANhfkef+0PCIFTaM67j8bKzSXmhbfU?= =?us-ascii?Q?Adyv3EozC/ganwKSDUSfy72k2imTqauZWsAQD55n1KACwjBRI/Yv/5f4h/x/?= =?us-ascii?Q?a/R1pIYnZIX3eDHehd3rWuqFC7aJEhnDUDmT6CIUIMIptQTXO0T22JUWUgv+?= =?us-ascii?Q?cUBGtgLxKUQvqbRf4nUfGij+KyhYUmP9tocHOOo73C75VjvxWhXuALqyrqus?= =?us-ascii?Q?lBq9V9UPBGMSD70QCKjkt8rvwRsIcHx/E5sXghyGLDsQY8CVPk3jsawl0azr?= =?us-ascii?Q?VaQHAtmxq4yNUxYygY9fD6xFejgJwuPBzxC/uqLAkwYAs11MCzL8B4HxhzAs?= =?us-ascii?Q?X3wumJz5pRo3FiKTX4SvKkIYa8q68+yM8dNJR1C2VCRkBdQqCcFkhXzuMR8V?= =?us-ascii?Q?i4a8Fd+IUuX7e/swXHxQG9D5c4l1lterS9nGHF2gEcebCjPsvUa6tK35ASt6?= =?us-ascii?Q?6Jr4fyuuIVYPd4DUrvdj0Qs3R1+UioZ2qQmXhl9sYebSEnE1Z78Pwx3qqSO6?= =?us-ascii?Q?j2naHvQFOVgve9RRP83qvg1vbzgUfJiwNlXJ+a6oZbcz9kzACJciXR5HR0Ua?= =?us-ascii?Q?p46qQcTVEIBlY6rQW4XzN8uEf6KxNlkDwpbYJlwGTaUNZbrkt6xbedGQvyyO?= =?us-ascii?Q?oPoFkDN9Jjl8BQ1oDHKTc+sSpuU9GbNTwoKQuT5Lz50kFfR44tyz/SxK+DjU?= =?us-ascii?Q?Suo65d86KewRxui56d6dI6Jd8FkqTnANSdN1ZgjSfiHzOOELmPFTSBstvtGj?= =?us-ascii?Q?QxgGwPZiaORWHmv/uLEyVvQKIDfXgrqFXzzxcUodTbYXI/76xkO2BL/jf7xS?= =?us-ascii?Q?QcagODKFw691ci+g/JQ6/cZ4WSgNutHmSHhnNJ7k9xm3ayrSYo3O6uWYQ/Xy?= =?us-ascii?Q?V/fcaR1MDhp5Q44zbpxpbOhMEBfgOtfQnaxSU9lA1eSwU3hcxSSaxGH3Dsi7?= =?us-ascii?Q?saTfz/V5umqLrzoF/1NQrq4/pnykzYdjojFl55VtJrAyomh6EGDV/LNuZNJE?= =?us-ascii?Q?9bgGINgm2f2qtclSHp0Ji1UjL0Prp/XZgPYJOloJZr/pcuyLS5dJxVzKiHWg?= =?us-ascii?Q?t17Pdv9nxzZWIibOJxS2KfsI6Bq1fbicMPp2dUkqt4pscxJQlXgRHtqnSqJa?= =?us-ascii?Q?J3HCM6BP+m048RZST+fQjaFjOWcro6+/oJZ4AJLNAZbiPi5WoXEk8BbZXO79?= =?us-ascii?Q?BH8HmFGe8SXpdf9QPRcTs50Iv+6Q5YCjJ3uiZD1KeuE2eqIdd1zBnA5vSiKP?= =?us-ascii?Q?U8S3mD5V5hC5A5k8NibwDkWG1CWVf0VchFzc5Fyc6H6KvKU2F9z4nKhv6BIi?= =?us-ascii?Q?PtHJTuRjAkXdEtOOU6KQFeg/?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f187d058-05bc-4e61-1d46-08d93a5c3f7e X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:32.8186 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EGC4Ar6FPifLzzhf3VDloMW88q56OFym5wJfwtRBfr3oM/nnDlmI6lICEHHZmJ9hTp5vZ9LpYugbFBrX5CgVDg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: slXZDGvtCNCr8EtHZjzWg3Nsx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902221; bh=yenReSTGkrcLmychXCahaOX2Vug0XqHlELljSLX8iuE=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=rn4jpPC0K6BjvhPOgefUz3w73AHkZBzXOrHiGNS6jVaxccpjprpUCwV6sORWmS/Es5m KedWA5tWMNVhT4nE5BaTpIEyfGpQh5Pv22duIYIEemJR09iT6BLjSNZ+734ilHI0VJ2iD Pzp9M9qpOnIOYLoZ/5VU52o+PBoqHWfnsHo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Create a function that can be used to determine if VM is running as an SEV-SNP guest. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++++++++ .../DxeMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../PeiMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../SecMemEncryptSevLibInternal.c | 19 +++++++++++++ 4 files changed, 85 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 76d06c206c8b..2425d8ba0a36 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -66,6 +66,18 @@ typedef enum { MemEncryptSevAddressRangeError, } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE; =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ); + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 2816f859a0c4..057129723824 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d120f..b561f211f577 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f3183f..69852779e2ff 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -62,6 +62,25 @@ InternalMemEncryptSevStatus ( return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 =3D InternalMemEncryptSevStatus (); + + return Msr.Bits.SevSnpBit ? TRUE : FALSE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77197): https://edk2.groups.io/g/devel/message/77197 Mute This Topic: https://groups.io/mt/83850709/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77198+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77198+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902221708364.7300870362799; Mon, 28 Jun 2021 10:43:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 85U7YY1788612xDAVUw38FAH; Mon, 28 Jun 2021 10:43:41 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.64]) by mx.groups.io with SMTP id smtpd.web12.14897.1624902215592079336 for ; Mon, 28 Jun 2021 10:43:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OrDh8lzWvog4LzMex/oNrLEs99xoarbHvs2bfEQE0RhwTb8y9mOaAm6jzbfDDET9u/IX/WImBTaaoGlvFGxQ/YN9+8JVgB0rTq4sn2e6N7JbobBRDjD1wh9uIIW/s/TzzxZosZfATxznKHNE9aEvuFJQGrNFvHeCjUMccNojDMjMfYWBdpvWYD/JugT2qyvZmaDxw0NY6TJpinxBrNDVpFEtFq46sxo10npC2bmCZ0i4LUGDXmz4UZXf5D8BjGGvvJc1VRBXwX4bqe0LYQTSVrVT1HaqLYmoVw+DQeAA+ReV01CVesMwi6yrRudHN3u8wlq2gzyr9qRK4qEgSxutnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WVGp0Oa2Zfjw4vyKQPpZbKR8L1k0ZEJkZuoTYYbozfI=; b=enshCOTpwwLQTaQhxHQ93vR3n9zQXp87ykYzI979EdP0ACNe6bB0+T/g/nuuXj1cqigGWJ4G2k9Cq8f7xSyVETJ0nRBbqwOQ4qJ/ukPw0B5CHau8SXTqwoW9gGGui3bHLmbx2r/fZorUPO54w/r/D/AEOxkNgqlB3v2PdFhBeW2yb9/cFy5jDSlGiipaWW1ASlX0bl/rVQyWPKVPsDofpcdWrsH2UcycCBcTvhY26Co5oeqiGpWuofar8/SsK3gbfZMNTJouJLUW66hjliw5zNWgrI98cc86dpyfLg8IvwJu1Qkm5qq+x1oDslHD1petFmx1TGU77+4mV7MeErQnNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:34 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:34 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 11/27] OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest Date: Mon, 28 Jun 2021 12:42:07 -0500 Message-ID: <20210628174223.1302-12-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f3542c6e-ba6f-4a91-9bb7-08d93a5c403a X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: iPCPDOLk13xrbs/eiwSsxi2lZ3sgJ4ShNEo+WvTQMIKZ4CtDSaHC2+ySNu6/EoF5dwPP9BnDBmI/+ZJlRkbx+rfC/TIDI72AIle0UqSuEzF8ObqUSWy08J+PvwcWu2zMEb+lIzvuOJIzLsOzD5lso+hHKMw367KQc+EAb2v8X3tSUMX5Y6vcpiNUpcI24zaL9/w+40LYu54vhiBvV/fgmoplhnoJvuAP3QNBZjvToI4wuS2a7neEGRbjfpGnLzN2p2S0VeJnhjnLFzJcE6SOChGlyKLpUDW8dKn1cpuOU83/vPuVWqtWNSaFgB/74Z622HCteqqY5dQu9eJGlzLQub5kxP6ZnFoc3c0FcKrLHB1P2PjE6afJazq100RiIDb5S9xvBCIjr9nL/rZQZEGYLnSkgrAWICldF+IOQ9CHqjBfrSxfDw/n+BS5W/TimS1QrXDfNT2WAO03PBw0mn34aF4uqEXXWyKZFbT0gDtbW39n6kxJk4n1dlDP/mkJ0iRFzxbEFNT1y9YcqExXOnhA5lfWCLnb3xHZeoYsR/Ky4OKe8I7Ojy8gAXJG5jbjt7UwG2gVWwnYBvBF5NARcXUo2YiAEwMWS2ZPJuVrg6vDhkG37kZYWUmchGluFUQmTWLo2IdHfV1DMv8EEfFQUXdVIxdSmN2cb5c6Qm33k5eAZN8vf20N73v0c2SdbYiXiUogz7MgZq8CULgl5ZqIpd7R4Ocg/83obBKr98uWnUCzzk+9RzjzP1DAoPeO/KeswdV43wseLKQ8W0HB45+7Kchy5pXacrcSR9osRDN7320oDpA07Kjn6+hSTwmnBihQ3KUsnyzFtywiOue/FvMHMp3ovw== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?vu4wcEW6T4NDE+3sRWkjGEKrFCV6gDLrpbyJIA2U3chodhP6WgyRdQtLYWGv?= =?us-ascii?Q?JFdXP1W2yZpNmZx+F4CyLoG0nWiC9VCVVF09IW7itDyPO7R/caPKM9ecvq8F?= =?us-ascii?Q?36TJk514LKjqu89hFW2fYdioHFzjH+rHY4MiFndWb23qmdtGwvShn5ZnWS9D?= =?us-ascii?Q?Ynahq/Qn56IMGeh+ZVWhnaLkn134Z8PFjoSewj7Iu/ac/XAvnJ3A2y6/RuAF?= =?us-ascii?Q?I9Sx43iuIH90wPrTqn12SPPhWVVO28VttZUyoqGho/8zbZ35LxjwNKROPJ7n?= =?us-ascii?Q?E2dWOwGNqVofM0L2kMHEnm6ARE+CJEx0hN+nBnghi9qNXlx+be7tu3p8V3+e?= =?us-ascii?Q?l6IDlv4sW8Ld1IZiKUVZebuDtbNJ7+IOvDUOz53JlFPiCzpDFW9/iV/5iNX9?= =?us-ascii?Q?AhwqTeT9zjz0YH+9EVv+4gOsJqz+IJe+lDTZRWftjk7xFVa3H6Lx1HKEQ82w?= =?us-ascii?Q?vtPqXqiWVlP3gdGoGtv1WDCz6adJ2Gi95wmkzC/K/0rujKOeQ8rvRr/BE6y5?= =?us-ascii?Q?ZPnhVOy2qLxrhYgAbpBKZ2Ay8mLPZTwuJqxnS45fzvcpgzRaOsnwg78dK/Ez?= =?us-ascii?Q?mZgsKZ3YT7nhR3auY7xZuvZMvUeWI/9ssRI0kkHspo7gSztWhJ46lUcudyWM?= =?us-ascii?Q?Oy/U0Vn8WJnEyLprlHLavi87YaHXxOKGp6Z7Tb/JJIgR2wgycTutfpFX+iSK?= =?us-ascii?Q?yNuokYtphydnz0D0UlnM4a8ewxw513+/4N4RmKL5Ph3TkcntyRdYH0mZ4mKJ?= =?us-ascii?Q?BO133mx0+0VMv3jslcaJ4nkHozqOnVE9l4Z/lApO4Ghi3hQeE7RSeGool8l7?= =?us-ascii?Q?PcxbDLA99ekfiKxADtIP4ABeljZ7mxUlt+HJNje6IGu8V7xYSDrYCnqzGb1F?= =?us-ascii?Q?EZtI4DDVzkXspQFc2pyUvCShtg6Bsnunn/0t6F9Kp7IKiRVXxtsjC549acic?= =?us-ascii?Q?OvGrG8gvN/kxDxAFGc9YJEfkSyXUF8MhAnVeHI7oLRaQ+6mymQaP+rDCQKjK?= =?us-ascii?Q?lUDWOULF8NTcVJWGz8pJJQp2ZKZGTisHAzkEaMaEUoZtALKr4Meo9RHIOImv?= =?us-ascii?Q?W8ZXXQuhegesAPbP1Je2k1uPab+nqFhrJywgdNO/1o9p2tkgKnqNWL/uGfOi?= =?us-ascii?Q?/c0CLRTfDNXp9Zu6HxiuZOARrv4VpLAlfxUhS3nKbxSFKEkanM8pDBjSbCA0?= =?us-ascii?Q?DBVDvRbBLyGDGQhfzna0f1qnRUhevLlJ+/Ckkp5Oi33vFTV7vrAoYt5tYSh4?= =?us-ascii?Q?Y01l34ivsgQmoC9xp3w3darEx/VK+ppn2ZZUo0awU0tuzvnYEFfV9MqUYX03?= =?us-ascii?Q?K2G/hQt/xhN80TVa9kNQuWMD?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f3542c6e-ba6f-4a91-9bb7-08d93a5c403a X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:34.0439 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Hk9M4wk901oF7+GpvoT5n0VkuptBnty78F1YZFoz2i+ezoJk9XHEL2S42mONrqGCSkk1yyEb9Nx7Xi3Y/aQrUw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: L7XLYoFu0uGMlmdHwltro5QRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902221; bh=TE7nMj6VK+5tSIyjwtMKnLuwgasRIXsOUyHxi27Eyyg=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=EScwDdgiZm/kRd5pQxyBZvdsd3jC6wDWZY66AJGCCzJUDH2dZihfgQkr4ZqLP4B1uu1 bJJ8Sw+56KTJx3XWtrKucJBcbtVdMYZA5CRwOUWKDDoMJO4ukr5uMdg69RbDnKZI5QOCJ G+u3y0HKnfB0Ay2fjW9VyojMpPK812W8h48= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Sec/SecMain.c | 84 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 9db67e17b2aa..c10441ddf472 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -750,6 +750,79 @@ SevEsProtocolFailure ( CpuDeadLoop (); } =20 +/** + Determine if SEV-SNP is active. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled + +**/ +STATIC +BOOLEAN +SevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + // + // Read the SEV_STATUS MSR to determine whether SEV-SNP is active. + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + return TRUE; + } + + return FALSE; +} + +STATIC +VOID +SevSnpGhcbRegister ( + UINTN Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** Validate the SEV-ES/GHCB protocol level. =20 @@ -791,6 +864,17 @@ SevEsProtocolCheck ( SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); } =20 + // + // We cannot use the MemEncryptSevSnpIsEnabled () because the + // ProcessLibraryConstructorList () is not called yet. + // + if (SevSnpIsEnabled ()) { + // + // SEV-SNP guest requires that GHCB GPA must be registered before usin= g it. + // + SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase)); + } + // // SEV-ES protocol checking succeeded, set the initial GHCB address // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77198): https://edk2.groups.io/g/devel/message/77198 Mute This Topic: https://groups.io/mt/83850710/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77199+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77199+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902222709311.5955637467405; Mon, 28 Jun 2021 10:43:42 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Z1GiYY1788612xZHmWM58Gjq; Mon, 28 Jun 2021 10:43:42 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.51]) by mx.groups.io with SMTP id smtpd.web10.14862.1624902216714063553 for ; Mon, 28 Jun 2021 10:43:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TqEbl2mXbDVyYi4Te60yRU13eCVLM1Z6V8uThOi7Ov9OMNDCUITaAgZKzLoL0cFrt/UXtYCKtwFeSBU4tEWqMAQrpvsL3/wEZKoqYc2Qv6k6h3jFfLB+Wr6T6nUNxR/Khn4WQDtqtgwFteWqfyB2qKKTukB4oAOHGvP+4MZidmxyr4ayuythDNwLLMqT0U6A92L6nVMdOcLEdnxpsk+CANg8R4zR0faadjtXqr2i2LcMJ5G+wCVaWriCwiKDiQLaMHU9XqtNfSOfdH5Ftt6h1OvjVEFUDkeOpVic7UEgxNd7D5mh1Yt+7NlR5/MbZffg6iU8EPUPR15E+MNY0/qGYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=80UEoPaOgJSfw6CUClOElvdZAMG3H7UjcoEf4OwPWi4=; b=SAWYCVQtEFrN3Oz4tUcBFtTfs+4KJ0sXaulCnHBPaFRMNlIlmItRDAbVUgXSc7sIoxylndkJFPEmYvL0T7wbahVXb5idmg+urYfhSViC2bVqvcMO+AA0Zyau3zXb4c1UqppxBM7TzaB8I9FJGGSM/u7SkRXK9ofgaFX2ENTO9D+ctEgby5V12FR2mmsK+/vl1mKJDW/hGwbHf5xrjUPWEnL1pXUcaH1MuRHDTmzeZlbriQCEQidtioWS+xvd0k41enoSJBafyUd9CB0Ze1Mt7lcetAoQFDU5LitLCv2xjxvv5Zdjf6kS9Oxw4c1FZbFszEwm8ddlID3xJeDRvzKAUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:35 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:35 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 12/27] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest Date: Mon, 28 Jun 2021 12:42:08 -0500 Message-ID: <20210628174223.1302-13-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:34 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bf8b253d-121e-4efd-8276-08d93a5c40f4 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: qTXT3oFHbd2AQ+QVei6R6W1QZ0t/PcaGCMKRbNKNfq9CdYIs1Jc8uG3Rc4oZnTr8UvTtdyNzES8r4XG6nuXSbcaY6pqHsQ+ubdgsFLoTVKKWgKmVbBgZ1UbRasndCT7cNat3ojIL99ikP1SIbXrtFrIe3g4kW0SsRXX0Dmr2dGRUBgiSG+R7lWTsYmwKADcMMUfjjqJheQyrRR2LLKzuvm0Oh0jt5UnKGyA7E5Y1awHzaM9aLytdnZucimnJPxA84L5HqS+xGHcdhfMAXoD3z1HwVQgBLPjOV5bc++mR2sr/jqoROk5f2E2PDQRU0pTyuf1mIJbRn9Z4u30NM6MwIuM8ffR4H5qWCyFdkbd62B6HEfLBT8vB28IQWB+ZpkZgXTletJxcieTdhjh/TRsIdqA+kiCKQ8LGRDkbCGeDmP4Navj26rP8VzbJVoWiWt8CAqjGAy/+D12ikVz4PY//2iTygKmjeyv0ZucQn4a/UWE/3nchsCu+pSaUWQlCeM6vM58LNKwOgglaGkqkHnD8fiNe++yriPhPLhb/Dz+o2rZstDNcg+1XtTApkYXXTVvewoeuSNHHjjPQOJ6JqDF5vJQH1LQ9hr7KOGThRlds00p1Jd1BzCce7zO61Ka+Q3/k1vxIxYByK70LK6Q5G5Ip+mad8n8Otg8rgPT3TJNQOot7+hR8zlKKUXhMbHTeDZM2gncLcbmMJe0+4XFvkHucLG5QGyyAsYza/4QHmvB90aJr3LkUw6Hvn1VoavoBitjqTq0FV+fKb1qr5c3GTFlsxWLk2RAL3Uk2GdU9nZm0WTiGQa/1vcJoW0x3R+9OAYr7 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?HPtUl10bSD/P5iB107lJEECCUWOzSlnpcFTmMZcm/UjnMX6zLdpxU1KAZFGB?= =?us-ascii?Q?O6Nit2tba3UgARX0dfefd3wjhZX/bqxicrcL1feCvyNqNnGaGw/5y81zN9Jp?= =?us-ascii?Q?btbgpUo5/JDFI5wZl8JleSlC+YDHFU2VzXvxx4peDGziTqarXA/dKhaTV3Hg?= =?us-ascii?Q?b8uV1CyJPfRp4blWggMvPn/0Sb0ETleMXZjxDlU/cPMjoujdjIyRzct6MlvP?= =?us-ascii?Q?IsJoi08QdNOfNTMz+iUqdt26UHSeD8dcH3eEMKwyN01ZO70otDhElQV0MIPF?= =?us-ascii?Q?okyU1O9cIAlj4nhAUSGm4Pki1BR5FCm5D87UYqdSCS9wGMyQLb9gp/SQellt?= =?us-ascii?Q?E8cvY5fCSOPAR8gawBF7z7uh7wIBEfOWo4S9jUPrxICAusMHfLjZPZ4NKSei?= =?us-ascii?Q?zjYz8psCrSvsKB1VgoVayRAby/v9K1ABGpiEFSNHLivQd88HJFLGi9H4HjXQ?= =?us-ascii?Q?M2BxC4YVxPlrjRa1DF+F0SDH5rTvQMugLJUmMdv3cj/Vm2C5OdQn8TRlUqJ3?= =?us-ascii?Q?Lwbidpi+oW1fbDXxsZjx3vmmGFBou0OdCWx9fUmjchfPEqGbR9yBihRlf2QV?= =?us-ascii?Q?AFe/c+wyF7B3hDKlkuUzsawXkJHqlyKsS4HgBkPXpMk6PU2egafLhXwhiRbK?= =?us-ascii?Q?UY8Yl9LfVpqlK2VuwqcGioytDN1DOWAjUWzoYVOwi2yCyymi2ZBhYgIFugnT?= =?us-ascii?Q?cvKYDUpIq/nFVXy5KP28y7cA6LZ7w59DK8KOoKNyETyGZsDGaRQ0SWQw9wRR?= =?us-ascii?Q?JbfAVgO1BoTE6aW0Qhlyglvsg07vxBNZL9gOi1KP9vAjrzzA/wJsCQe444Ea?= =?us-ascii?Q?TOKR6bgKlPWRO3btEAnGkFFJMK9tU2etghEqR3KpkzCDmvZZfCpTemP755+s?= =?us-ascii?Q?mjjWMJRHH354ieE3vHKlA5nXKPS5Z03MzIEsgzulAmoB/hNfZwNPDj416GxC?= =?us-ascii?Q?O/Y63WBj4ow/u/ZcYh/1s+ziZaepnKJvGF65olL/lzO5mQraLY+XtdPHw5x1?= =?us-ascii?Q?W5xjZrsF4SVZ3UIdBQWVUEP1lgBlvxeLUvISrujHWQojlxL1Qx/74/uete6N?= =?us-ascii?Q?mtwkKZzh4CaouYDfi09VxbkhuRDkuX4L3/8s6OBh/75LuyUO2crZwfhFTlTo?= =?us-ascii?Q?lhlZS348ecaG5B1X+Lg2sqtr/cshGxSbgMiJGx4xh6ipidFGr724NSGoY5g0?= =?us-ascii?Q?enjKYqIktxcXLLQhRsf3miDC0vyR6XaWqUbOP9JRHLyeoYL1sE/TWFa9FXZh?= =?us-ascii?Q?dMirW3xsp7k3XnaypNGLiUj2eK5hX1PqdIYUoTi9mTSdue3KMNmj8OtAEp2M?= =?us-ascii?Q?qFX+MeT67Gu8YH9F/1WrAwAW?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bf8b253d-121e-4efd-8276-08d93a5c40f4 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:35.2393 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ig4kf75ug0d088EpEH6fJ8+shTEtrqkUKOXq8rGcZlmqceLbnsVNc77QX25aFbWLqxuujtcA33gunj1FAEtNOg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: oZdbrs72FbA82qPB8Fst0c9Zx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902222; bh=olos/IcUKdge5mjBA7/22f+P1osC8ODutdjfypnq8LA=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=vJle4oMDl2gnjZjEngpGxeAdi7C+ENAn2dZivrMtWvMK79oAjDTENLNAhD1ehcP6IH1 HUxiiQNtNkDU6KCMdkKffeMQ9acY2s4/Sfbul9FYrh6A5082Sy4H4WOibUJElMXSwEKOh KMMniAq6hwqviTZ+dY2bLCpc6X9g6XCnhhA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 91 ++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022ba..de876fdb478e 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -19,9 +19,93 @@ #include #include #include +#include =20 #include "Platform.h" =20 +/** + Handle an SEV-SNP/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue= st + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to be registered. + +**/ +STATIC +VOID +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -109,6 +193,13 @@ AmdSevEsInitialize ( "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n= ", (UINT64)GhcbBackupPageCount, GhcbBackupBase)); =20 + // + // SEV-SNP guest requires that GHCB GPA must be registered before using = it. + // + if (MemEncryptSevSnpIsEnabled ()) { + GhcbRegister (GhcbBasePa); + } + AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); =20 // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77199): https://edk2.groups.io/g/devel/message/77199 Mute This Topic: https://groups.io/mt/83850713/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77200+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77200+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902224034974.0554316247726; Mon, 28 Jun 2021 10:43:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id O91JYY1788612x5dfklZHJMH; Mon, 28 Jun 2021 10:43:43 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.70]) by mx.groups.io with SMTP id smtpd.web10.14863.1624902217988413196 for ; Mon, 28 Jun 2021 10:43:38 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hjoOksjAAAYjZ3/Hgq+T4phVktI8bi5dydA37ovLbyn1j1jJvD5LxiOmmlB8KIE/g+pdozlX1qDTav+zk74zzO44IM3xxf2SBwEOwHztZsA9B4mx0LD5z8xOY031gDEqDWkG/X0DcTnXQI5d17+cxyTuuGA46/mtgq0y+cwQw8OxXMlqkZVUlLv860a0G4w99pmaFGYzYgZLfRgEN7JJ1yyCp2RM3C/3frrmB6OsPbyV1nxEmNB0m1jDlPl/E+EZKmuvQPx7xhugF+5XMPis5XgkCgJAIkYUP00hh6vlBncuWvh+3fsCxM6qYjRTdcXqAN6UR7fPYl6bpmWYFGtD/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oi68z2wD8/2V4B85XwZKA2/OtChrfx6Q/wv17/CWhio=; b=SwHeSAo4zf93THROCzACW0IfVZbTnyy4SZWSpj62lqXmr+Awhapk1361BgNIjKH7dNw6lYtezDnMMwgX/lleThXYX40ZUAgm/6rMmtRrU/wTUmISfAFBFzAhU7MEEnaEcF9/AQsuz1hPMwQeNoeS1/GEfgwYJ87s73zOEOA3udVBFjm9cvrdjVr7zF/fQKp2QViyfzUA9bsneRwe8n2IK5GXgvW1IKPV/5QWR6eTYXgtwp/20uLxLJm4/vKRjObpRoBq7V09DT0AS1JnNBlKHoFVT55sVRZeNDp5+iTxxOhfe28Z06Md5zwkxpFulGUmEMIL0tJG+QbSb9j1jscl+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:36 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:36 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 13/27] OvmfPkg/AmdSevDxe: do not use extended PCI config space Date: Mon, 28 Jun 2021 12:42:09 -0500 Message-ID: <20210628174223.1302-14-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a0f09426-3b9f-4348-240b-08d93a5c41aa X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:773; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 6D/mFUW/6eclQf0wy8s9gdUEXo8KSV/8LyG4H/vyL6XnC58/rsRrpckEJg2v0o73liplCNtzE3kgdN+Mp/waPmhYMVmM9sy6JdAJZoztc+GaOLMSTXwng4lzvFVOuHhvoFrtimi2XHf5obSoxqkENAAdk3o7hXPctEJwZr3bpb8hn4aNtKZYWeA1LTmacNBVqK+iWNReDYw4nwbr1cXrvKytXX8V8gjDkg1qrBUW0Wo9NI6gEde5gyjGlaJZBjrhQzjK1lbt8HZYQ/Oty1FVlfnoT+BMRvPJfc8dLyujzV5l7/MwzHPiShTsGLqReg1gLB0MbYJ4oRIPYxbGtajS9A4MNSOEDB19+x73lbEKOF+88MJV0P4JVVmWqi5Zqriq+BU16bZ+TQ/lj3wYSEjgwd8qLcDHshheP9s3dQdbwrLzGCY2htQZAClv+slO9p5lLX/SuXAzcsBmpB36uQm/n252g/TEGYA6JcRgqWd5190WpFLuf6POiqwuPLGaveS88r2u8gVvdO2L0sT0wTtvfzTDtVcSvuawqkLJZcOBJDDVHCyP0K1hjljqoMBCRGpUr6TBVz4MAA3VDd0Ji33FN05j6Qzxf8exTUKFZuGErdl9VczX+zCZ3lUx31tNXC1MXgR13IFJUia6jg+JFGhQVKPM1/R3sl2jWDsNFL80yvVjDja7WEUuga20hW0iJOkNy6h9pe+GuEsiSi315TfEOF2Yst4vXHZ+DZERL3Rzm6OsosdU1SJB7sWYpCp3f4AIlrAtIOsKULPcKSvjMKQmy9pigIyUEtMUTBY2N1pUe55zreuYdpsGgNqV1sVpmQiH X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?kZmzt2jKI74rfWtqpy1kystGxgiorScrxGiQz4H7xip7QGOubGThv3Znvp2y?= =?us-ascii?Q?kjfySdxRBmFvDeebM5Ld0X5BRZ7t8IJEBzgXiUiKpMhIf/X/XFgWmuDlQRfq?= =?us-ascii?Q?H3puLeg2q91lHWAlpO9+EQ05lQYAcZGWOVFzMvGm1J2zRvo31JZtR0Z0e4+a?= =?us-ascii?Q?9rMoGsYIC811XiOOX/AJr3JQ+37lOW7y917vAoghHwKJVk82xgFWbwgVae+d?= =?us-ascii?Q?+qFZg5P40araSXLjMaRjKsehAQgBaOHIZAJb5UOwCAITNiEZWvbTfhj9VAlC?= =?us-ascii?Q?viWK1jUMqtPbWNhQycaiowIw3g4LD5vEuhnvm4J9gd477tD1L33Av/qlxL0U?= =?us-ascii?Q?UpBJgLwelk+k3tNctPWapqSH/liy4GHl02l2EmF/KPYlpDJnZVEa6vkUiPTx?= =?us-ascii?Q?Fat4ES7JqIQGt39GNoOA80hWRPwMt1i8ANhi78C+dexsI+pJN8nkixPKlMxo?= =?us-ascii?Q?kyCQdmv9RyuAteKakwlsgeGrojRrTCeBRLAWipIttvRzPQQTmRuhu5ptayJS?= =?us-ascii?Q?tMTglCN48SbncFWMXxcdh9VdXGIzGyNF4aASkrdEfq1ZHjank9TDd3SdWk+g?= =?us-ascii?Q?xK9cHaAR3iHPCNYkgY5xkhOr9g/t7FNaaw+/GWN1oWrJ3TPSCAx+vW0CyVVo?= =?us-ascii?Q?dK39BO80WnZ0rdHS9oe+olAuVOdUblYHBMqe17k2Pw0dQpsDNqbsndVApA8S?= =?us-ascii?Q?plxMUc0XxIczmMHMREOBMFZxIjPpm//ceoWCyrr+8FDc8xVD0nFXw/1r4jaP?= =?us-ascii?Q?YI02mrATBDfI/NfzclzfcrxcraenynGFG2WIRxy5gRDX64wOoPWQ8cptuz0S?= =?us-ascii?Q?FQVgt37Mhckf7+DltS5eDhwF3yADzsG3pvjOmzhfgtH4IbhOPyMWnixX1Ix5?= =?us-ascii?Q?KvNE9kv2TS7lI+25e3fEs6scaZLhy+t5pOzEilh5G5oVLlvpaMFtKR8KTPx2?= =?us-ascii?Q?qgRrk4BVVybpmDWG5/MEdT/9fQjLU11nXO3TqgpjDEU1eqUtJx1/bA7fCBkb?= =?us-ascii?Q?sCBE7UCQmEuu2By+Pa1ohta8eKwzN+tQbZ6RJcSOnU3qAqSgs7K3oeIZfusR?= =?us-ascii?Q?QxQVG5td3+zUc8bZtYUPxQ82HvxRwCj6mLmRp2z6gJ/D2Eb6hv9FUla/2txP?= =?us-ascii?Q?lIt33uCY0RvNs2mcZYSUpyJjLOWPpnY4zJoteXsOPTQ/GW9WqkUpiQwsFxaU?= =?us-ascii?Q?lrNhuAC5RRwb6s1Z6gPQCBsuaoJl6VKJ915az8U5YkYJIhmhYf+HeTYZdNT4?= =?us-ascii?Q?no/762Ngb4tBAyeEizC0kstp8WBYi9RFOLP5dwZn+k+48vLKn9Gk+6Xa0QpP?= =?us-ascii?Q?jiQ4Ue+sO8RXaWsXokeMEfmK?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a0f09426-3b9f-4348-240b-08d93a5c41aa X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:36.4176 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pMfheGrgUwDDoqm1HbHh8dRLfazzJ/N+hnxbuNqKdBBbXjc2Sw/Fg8eaBMzS/60YiHjuo/pa2kBJx+N67szhWQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: fH36u8U1YZeNTl32TXzUat4Dx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902223; bh=ebkgVrXcO2hjZHp04so9WmVX7bhwzQNzimISFvnlZbo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=mt4uDGwsMwKHDJlbv7M0iHOWaDpbbeDpnXqh/RzbdDvPXnckB86GFMaNPcWh9kul26/ OhIqkfrEqtEpwtrIQMNSZEil+Vm1YZSghHp7U9Atc+PDMQcRlCHChp+6y/9xyDnng1pbi jitqTPOa3AKZvM3Fl7m80CrHopPnnIi1Q0w= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure that MMIO is only performed against the un-encrypted memory. If MMIO is performed against encrypted memory, a #GP is raised. The AmdSevDxe uses the functions provided by the MemEncryptSevLib to clear the memory encryption mask from the page table. If the MemEncryptSevLib is extended to include VmgExitLib then depedency chain will look like this: OvmfPkg/AmdSevDxe/AmdSevDxe.inf Suggested-by: Laszlo Ersek -----> MemEncryptSevLib class -----> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance -----> VmgExitLib class -----> "OvmfPkg/VmgExitLib" instance -----> LocalApicLib class -----> "UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf" instance -----> TimerLib class -----> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf" instance -----> PciLib class -----> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf" instance -----> PciExpressLib class -----> "MdePkg/BasePciExpressLib/BasePciExpressLib.inf" instance The LocalApicLib provides a constructor that gets called before the AmdSevDxe can clear the memory encryption mask from the MMIO regions. When running under the Q35 machine type, the call chain looks like this: AcpiTimerLibConstructor () [AcpiTimerLib] PciRead32 () [DxePciLibI440FxQ35] PciExpressRead32 () [PciExpressLib] The PciExpressRead32 () reads the MMIO region. The MMIO regions are not yet mapped un-encrypted, so the check introduced in the commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 raises a #GP. The AmdSevDxe driver does not require the access to the extended PCI config space. Accessing a normal PCI config space, via IO port should be sufficent. Use the module-scope override to make the AmdSevDxe use the BasePciLib instead of BasePciExpressLib so that PciRead32 () uses the IO ports instead of the extended config space. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++- OvmfPkg/Bhyve/BhyveX64.dsc | 5 ++++- OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- OvmfPkg/OvmfPkgX64.dsc | 5 ++++- OvmfPkg/OvmfXen.dsc | 5 ++++- 5 files changed, 20 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 1d487befae08..f1cf2e916a10 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -807,7 +807,10 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 # diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index cbf896e89bd2..75d4b196057f 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -779,7 +779,10 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 =20 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index b3662e17f256..783622c61ac5 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -960,7 +960,10 @@ [Components.X64] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0a237a905866..f2b13f7228a1 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -958,7 +958,10 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 3c1ca6bfd493..d9619ac5a050 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -725,7 +725,10 @@ [Components] } =20 OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 # --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77200): https://edk2.groups.io/g/devel/message/77200 Mute This Topic: https://groups.io/mt/83850714/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77201+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77201+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902227635982.9002814201501; Mon, 28 Jun 2021 10:43:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id dmDOYY1788612xGLtxzMKnBA; Mon, 28 Jun 2021 10:43:47 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.77]) by mx.groups.io with SMTP id smtpd.web11.14803.1624902221596454123 for ; Mon, 28 Jun 2021 10:43:41 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RfJZr/kzQwq6kKUNnmUwSBd4r6hHmuXTfAM2sPr/iKrYHK4nzV5/68YUf/NKY5UZJjMsKyioof5FEhIIgYuvhtqySunWvc7+FuJMqMbFI/3CKaaPepyuufoDJvK95yo0D0PkXWs8v2r5Q6o37Szb3vQ+W1HHl3vXl/j+d+6pEt4uZm48wn1wZRcBiomONoIcrUlmZiANm4Bfd10inFcKZ61Jf+6tW8JszsqqOWcLGeY42iXbhRcZYm4ekgKfA5jyz3Y3gOdr0LigM5oa/RcOerX4lYr8+Z2o0JnBTkdGZTG0IreDOOfYrwT7hXZFnROMjna7OrL0+3HwVGRnfjkpmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e3flGlPrPFWdbmhSaAV4kqR8JzZmtUR+j9AK5n7Um9o=; b=S/Wm13glSz7BAkIvkGkbgWSuyXJqfkdNoQZK9o0wRVjRAcoqO1GPaFnW8SoAkM2Lki2Sj3OXeRgK3An1Z6xR1ZEbpxU6JwsG3mJjVRNGYMw8zKoCMc/0C4orDRJV4QeiA8laAqYvMAU2TTVAQtdHpcbFlvuBYPs6mLXulmuKmPDAgxtF5RGd8+Hpd55VBJvqnOdQyKpz36Wb5lXgt10EY0G31fpflN0KdTI9RzZGgqEQ2RXevaU3lZRrR9+FEiEd1kUxqoqd8oh0zOfD2g2mltTeHYSrBkTawWC9GAfmurcOzNMf6n7FmDKQSyi2XDpEXzSHPO+lRY6b8qmTa2lN5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:37 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:37 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 14/27] OvmfPkg/MemEncryptSevLib: add support to validate system RAM Date: Mon, 28 Jun 2021 12:42:10 -0500 Message-ID: <20210628174223.1302-15-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 23b5d153-bd40-4ae6-db66-08d93a5c425e X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: n4BHBGpQ8FnfrpQdKC/h/ZUWqQz9hfg5syxqu5uUjjJikhQrjZW0Wmdn92AP5UA+qOZ/l1CAMtGR4w9SRC1AzdJTawmSQPr+Dq3qpvmDw9buoB5qAV+YBlJx1A80BwB6KyX8JYqVVb6n/N+HL6Hxx8/kqkkW3xeIMMm91RWh0QllBxOp20KNNrwK9cPALMC1XM+1HTVqKwt28rf0iAT3LFDdiM4EfV0B5o8gZFEHOMryh4GtCy8BAwbKm3anV9M3C3PDhy4OeNfXO/Wc0iRIERiN6ir/0pTn5jpiE5LWkG2eSXOhoYUEWbJNstDkb6znfN8EA8a7EaN/h5th/b0l9AVKvsG/wunJcSbl5UiLmP9SN9/AX8oP4dXnvU5Bf0dMR9suQ3knVTl8nFj0+X9ZjNLaWfPkb0c8oXqTvWl0ZNMHH+TsquxLVilrdi/85pY9XEVbZDOeVPXjllm7Suk32b53hJD7GqDqxyvbBhjcCJbxxqxVIHAsOy2u5djdzHHPorZUbvUXxrtue5uJOU/h7/cKRT1yTkYCHpkoGgjVzdpmxD7uvSmMPe4xuRqLh8a1OZkBf4KRyfxpWxo7PRCL70yPLVKbtIeJj86rQuHVXS/gOVdWPzh2ckid7T8M8yEfJP0b8BdxSr8OIds7hpZ5bg0AUHKzG+OiwJV5FTzV0Lr+bEUa8tlqxA0jO+cXL3D2dSG+Cs5iaX5rae2I1o7HeisQQiHcNMMj4xATFipnwUS+JE8x6C9Mku94FdTEbMQrw4KzybaVVFotB7W4Fq49wf3+TQTJ/zUUuimzbSS1YIIPyqyIBSanvtHnISZ8gemD X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?tSb60T34EkU8vQYk2NFARYDZf3ZuzyBgTL0cPDJ/Osl2kXqidDj8dp7UTi3A?= =?us-ascii?Q?d4vqAfnqIUgLAWOk3k24zBCtxc2r3fm7fVPzgWcmVfOCHVr97/avdbJDX4Cb?= =?us-ascii?Q?d0lOEudzY9q5W7ENHo2TY7epftnhAEJNcqIWbaUJjY4baQdVrLnRKhNMP51u?= =?us-ascii?Q?z9tw/D7gIM3REvhir8Ow240cz1ZQYGLEUk4kP2GFjgDozS+KzSLYaBIIfaPL?= =?us-ascii?Q?yYV2P3ZFMBS+nsxSlioA+aDfXuGOuEYi6Yz61lgxA9s8Z0ezV9hweS45N9Bt?= =?us-ascii?Q?bk6DlUX8GEOr3hzfEYm4awuUi0GkrO43/LFvqW4wzH0kY/tb/XtLXqRUXBEx?= =?us-ascii?Q?1gN50afAFjfjvTH1BYn5OXsYSkThqaicKbbSaz740jXiuVMoV+4qLGyra/Kf?= =?us-ascii?Q?np9VbQZgP/8+I8TmZVqx9DTuuu0Ldu1/CnGQ2wxbtl/SBknc8uCd9L8luOQB?= =?us-ascii?Q?9UTaJYqBZ00ddEM1AOexSXaptSv1AwlgMTp30D666C7FQKcbdOQ4LU3or1I5?= =?us-ascii?Q?gajS+rSOL9AIBdBl65WohUOu/TW+44hhDxqkTAqGCBn8kgQZLLZEl4qeedUn?= =?us-ascii?Q?TwtKnCySwby/74dUWKKV8WbBGhJV0O6UYirVloZ4xCwCAf15ERc4okDGmRCv?= =?us-ascii?Q?+bIUMrIVhiqGEygxhC2pedQ/XTmszoP+INOQ4i1pvKmXfPo9QUrtK9r6Ch+d?= =?us-ascii?Q?vhn1sr71dKuhR/4CJqKIPGh5oiwl1T+GNlVfAzllmTCqQDNYNuYpqzjvo4rc?= =?us-ascii?Q?YXUIf+ULVN8THK9+n6X/QVb5GYaclXDXKZ9hLyZUhJhS+JCvhmtXrzvi+tDL?= =?us-ascii?Q?oroUwCuMbI+eH8rm+PFhHoeP7MiwR9PS1ApqSa0b92Oq4ldFpug7U+lyQ5PV?= =?us-ascii?Q?e8mGG83SZUR3U8GzJqOZ5eBb8UfcJ3nyD1jCK/obzfyogQ3Qzc91ONO4FgFS?= =?us-ascii?Q?SFIQL7s4Dc4yO3UjjXorXYKgHve/qpC3npjBp7WNPGMwu80k2NeacsTKBfPl?= =?us-ascii?Q?0nOT8SiQQ9PdYXcVjUlM77EPOeznvrxxyvsWCMSuYBsmejiwHGynV0zFmg0e?= =?us-ascii?Q?BRqgtTHaZlu2M7BkGFNIPpKt6pxlJQ5mnG7ZXz0FYEXBUkdEFnibnuVTiA3X?= =?us-ascii?Q?4FRng751HYuHMyVnuDNFcDy9pVF/1DdgGe/EEtDUENBOYAqHYFbwnEpNlMV3?= =?us-ascii?Q?Wzts8axqrTMuv4Im/pH7XrJeqXFk/z4LBf9EB+YEm4oeL1+qiI1FQj3poifg?= =?us-ascii?Q?+Kx9+6pB37knTr9rq3mcnG/VFHxFTcjiDWQQrogB+GcrBlrH7pvaMCOehnL4?= =?us-ascii?Q?Si7l6XKsIhCwTfPOUl6N6S84?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 23b5d153-bd40-4ae6-db66-08d93a5c425e X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:37.6199 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: z1bY4rBtHwx+OJGJzjeWaAHGLwoIzDkFLf7w01hrWyBV2CHNt5KEK2q/i2DwAe59357LL33UQGUC9RkjXllr/A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: U4cKLUsCjWvmS7Wt04RSKVBPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902227; bh=iXG4S4CXj/uqFQNBucK1YdhUS7EUwMTXIhr+iaXj0i8=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=WJ+Nb4kC087y0KHLZR77LaCm2y3xPbtcLu45d/B0XXMwcfAUQi+co02XLC/RprjgeMW 8e0LAdJ5PAnPwetVj2pjXFGucx1GspM8y26AdBOXczz2m6QBrOfLX2rndK0F4tXX2fSjD OdtJhm2wVs5Utlf16ct0OdLcosteZ2ZKhDE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Many of the integrity guarantees of SEV-SNP are enforced through the Reverse Map Table (RMP). Each RMP entry contains the GPA at which a particular page of DRAM should be mapped. The guest can request the hypervisor to add pages in the RMP table via the Page State Change VMGEXIT defined in the GHCB specification section 2.5.1 and 4.1.6. Inside each RMP entry is a Validated flag; this flag is automatically cleared to 0 by the CPU hardware when a new RMP entry is created for a guest. Each VM page can be either validated or invalidated, as indicated by the Validated flag in the RMP entry. Memory access to a private page that is not validated generates a #VC. A VM can use the PVALIDATE instruction to validate the private page before using it. During the guest creation, the boot ROM memory is pre-validated by the AMD-SEV firmware. The MemEncryptSevSnpValidateSystemRam() can be called during the SEC and PEI phase to validate the detected system RAM. One of the fields in the Page State Change NAE is the RMP page size. The page size input parameter indicates that either a 4KB or 2MB page should be used while adding the RMP entry. During the validation, when possible, the MemEncryptSevSnpValidateSystemRam() will use the 2MB entry. A hypervisor backing the memory may choose to use the different page size in the RMP entry. In those cases, the PVALIDATE instruction should return SIZEMISMATCH. If a SIZEMISMATCH is detected, then validate all 512-pages constituting a 2MB region. Upon completion, the PVALIDATE instruction sets the rFLAGS.CF to 0 if instruction changed the RMP entry and to 1 if the instruction did not change the RMP entry. The rFlags.CF will be 1 only when a memory region is already validated. We should not double validate a memory as it could lead to a security compromise. If double validation is detected, terminate the boot. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + .../DxeMemEncryptSevLib.inf | 3 + .../PeiMemEncryptSevLib.inf | 3 + .../SecMemEncryptSevLib.inf | 3 + OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 + .../X64/SnpPageStateChange.h | 31 ++ .../Ia32/MemEncryptSevLib.c | 17 + .../X64/DxeSnpSystemRamValidate.c | 40 +++ .../X64/PeiSnpSystemRamValidate.c | 36 +++ .../X64/SecSnpSystemRamValidate.c | 36 +++ .../X64/SnpPageStateChangeInternal.c | 295 ++++++++++++++++++ 12 files changed, 480 insertions(+) create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateCh= ange.h create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRa= mValidate.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRa= mValidate.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRa= mValidate.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateCh= angeInternal.c diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index f53efeae7986..bdb35c20e17e 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -264,6 +264,7 @@ [LibraryClasses.common.SEC] !else CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLi= b.inf =20 [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 783622c61ac5..882a96d8710a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -268,6 +268,7 @@ [LibraryClasses.common.SEC] !else CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLi= b.inf =20 [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index f2e162d68076..f613bb314f5f 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -34,8 +34,10 @@ [Sources] PeiDxeMemEncryptSevLibInternal.c =20 [Sources.X64] + X64/DxeSnpSystemRamValidate.c X64/MemEncryptSevLib.c X64/PeiDxeVirtualMemory.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -49,6 +51,7 @@ [LibraryClasses] DebugLib MemoryAllocationLib PcdLib + VmgExitLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 03a78c32df28..0402e49a1028 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -36,6 +36,8 @@ [Sources] [Sources.X64] X64/MemEncryptSevLib.c X64/PeiDxeVirtualMemory.c + X64/PeiSnpSystemRamValidate.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -49,6 +51,7 @@ [LibraryClasses] DebugLib MemoryAllocationLib PcdLib + VmgExitLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf index 279c38bfbc2c..939af0a91ea4 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf @@ -35,6 +35,8 @@ [Sources] [Sources.X64] X64/MemEncryptSevLib.c X64/SecVirtualMemory.c + X64/SecSnpSystemRamValidate.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -46,6 +48,7 @@ [LibraryClasses] CpuLib DebugLib PcdLib + VmgExitLib =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 2425d8ba0a36..dbfa526dd67a 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -234,4 +234,18 @@ MemEncryptSevClearMmioPageEncMask ( IN UINTN NumPages ); =20 +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h = b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h new file mode 100644 index 000000000000..8bbdf06468b9 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h @@ -0,0 +1,31 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SNP_PAGE_STATE_INTERNAL_H_ +#define SNP_PAGE_STATE_INTERNAL_H_ + +// +// SEV-SNP Page states +// +typedef enum { + SevSnpPagePrivate, + SevSnpPageShared, + +} SEV_SNP_PAGE_STATE; + +VOID +InternalSetPageState ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN SEV_SNP_PAGE_STATE State, + IN BOOLEAN UseLargeEntry + ); + +#endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index be260e0d1014..df5e4d61513d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -136,3 +136,20 @@ MemEncryptSevClearMmioPageEncMask ( // return RETURN_UNSUPPORTED; } + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c new file mode 100644 index 000000000000..ad8d8b388dc8 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -0,0 +1,40 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + // + // All the pre-validation must be completed in the PEI phase. + // + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c new file mode 100644 index 000000000000..64aab7f45b6d --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -0,0 +1,36 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c new file mode 100644 index 000000000000..64aab7f45b6d --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -0,0 +1,36 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern= al.c new file mode 100644 index 000000000000..506df12d4e51 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c @@ -0,0 +1,295 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2021 AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "SnpPageStateChange.h" + +#define IS_ALIGNED(x, y) ((((x) & (y - 1)) =3D=3D 0)) +#define PAGES_PER_LARGE_ENTRY 512 + +STATIC +UINTN +MemoryStateToGhcbOp ( + IN SEV_SNP_PAGE_STATE State + ) +{ + UINTN Cmd; + + switch (State) { + case SevSnpPageShared: Cmd =3D SNP_PAGE_STATE_SHARED; break; + case SevSnpPagePrivate: Cmd =3D SNP_PAGE_STATE_PRIVATE; break; + default: ASSERT(0); + } + + return Cmd; +} + +STATIC +VOID +SnpPageStateFailureTerminate ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D GHCB_TERMINATE_GHCB_GENERAL; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + This function issues the PVALIDATE instruction to validate or invalidate = the memory + range specified. If PVALIDATE returns size mismatch then it retry validat= ing with + smaller page size. + + */ +STATIC +VOID +PvalidateRange ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info, + IN UINTN StartIndex, + IN UINTN EndIndex, + IN BOOLEAN Validate + ) +{ + UINTN Address, RmpPageSize, Ret, i; + + for (; StartIndex <=3D EndIndex; StartIndex++) { + // + // Get the address and the page size from the Info. + // + Address =3D Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT; + RmpPageSize =3D Info->Entry[StartIndex].PageSize; + + Ret =3D AsmPvalidate (RmpPageSize, Validate, Address); + + // + // If we fail to validate due to size mismatch then try with the + // smaller page size. This senario will occur if the backing page in + // the RMP entry is 4K and we are validating it as a 2MB. + // + if ((Ret =3D=3D PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize =3D=3D Pv= alidatePageSize2MB)) { + for (i =3D 0; i < PAGES_PER_LARGE_ENTRY; i++) { + Ret =3D AsmPvalidate (PvalidatePageSize4K, Validate, Address); + if (Ret) { + break; + } + + Address =3D Address + EFI_PAGE_SIZE; + } + } + + // + // If validation failed then do not continue. + // + if (Ret) { + DEBUG (( + DEBUG_ERROR, "%a:%a: Failed to %a address 0x%Lx Error code %d\n", + gEfiCallerBaseName, + __FUNCTION__, + Validate ? "Validate" : "Invalidate", + Address, + Ret + )); + SnpPageStateFailureTerminate (); + } + } +} + +STATIC +EFI_PHYSICAL_ADDRESS +BuildPageStateBuffer ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN EFI_PHYSICAL_ADDRESS EndAddress, + IN SEV_SNP_PAGE_STATE State, + IN BOOLEAN UseLargeEntry, + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ + EFI_PHYSICAL_ADDRESS NextAddress; + UINTN i, RmpPageSize; + + // Clear the page state structure + SetMem (Info, sizeof (*Info), 0); + + i =3D 0; + NextAddress =3D EndAddress; + + // + // Populate the page state entry structure + // + while ((BaseAddress < EndAddress) && (i < SNP_PAGE_STATE_MAX_ENTRY)) { + // + // Is this a 2MB aligned page? Check if we can use the Large RMP entry. + // + if (UseLargeEntry && IS_ALIGNED (BaseAddress, SIZE_2MB) && + ((EndAddress - BaseAddress) >=3D SIZE_2MB)) { + RmpPageSize =3D PvalidatePageSize2MB; + NextAddress =3D BaseAddress + SIZE_2MB; + } else { + RmpPageSize =3D PvalidatePageSize4K; + NextAddress =3D BaseAddress + EFI_PAGE_SIZE; + } + + Info->Entry[i].GuestFrameNumber =3D BaseAddress >> EFI_PAGE_SHIFT; + Info->Entry[i].PageSize =3D RmpPageSize; + Info->Entry[i].Operation =3D MemoryStateToGhcbOp (State); + Info->Entry[i].CurrentPage =3D 0; + Info->Header.EndEntry =3D i; + + BaseAddress =3D NextAddress; + i++; + } + + return NextAddress; +} + +STATIC +VOID +PageStateChangeVmgExit ( + IN GHCB *Ghcb, + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ + EFI_STATUS Status; + + // + // As per the GHCB specification, the hypervisor can resume the guest be= fore + // processing all the entries. Checks whether all the entries are proces= sed. + // + // The stragtegy here is to wait for the hypervisor to change the page + // state in the RMP table before guest access the memory pages. If the + // page state was not successful, then later memory access will result + // in the crash. + // + while (Info->Header.CurrentEntry <=3D Info->Header.EndEntry) { + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + + Status =3D VmgExit (Ghcb, SVM_EXIT_SNP_PAGE_STATE_CHANGE, 0, 0); + + // + // The Page State Change VMGEXIT can pass the failure through the + // ExitInfo2. Lets check both the return value as well as ExitInfo2. + // + if ((Status !=3D 0) || (Ghcb->SaveArea.SwExitInfo2)) { + SnpPageStateFailureTerminate (); + } + } +} + +/** + The function is used to set the page state when SEV-SNP is active. The pa= ge state + transition consist of changing the page ownership in the RMP table, and u= sing the + PVALIDATE instruction to update the Validated bit in RMP table. + + When the UseLargeEntry is set to TRUE, then function will try to use the = large RMP + entry (whevever possible). + */ +VOID +InternalSetPageState ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN SEV_SNP_PAGE_STATE State, + IN BOOLEAN UseLargeEntry + ) +{ + GHCB *Ghcb; + EFI_PHYSICAL_ADDRESS NextAddress, EndAddress; + MSR_SEV_ES_GHCB_REGISTER Msr; + BOOLEAN InterruptState; + SNP_PAGE_STATE_CHANGE_INFO *Info; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + DEBUG (( + DEBUG_VERBOSE, "%a:%a Address 0x%Lx - 0x%Lx State =3D %a LargeEntry = =3D %d\n", + gEfiCallerBaseName, + __FUNCTION__, + BaseAddress, + EndAddress, + State =3D=3D SevSnpPageShared ? "Shared" : "Private", + UseLargeEntry + )); + + while (BaseAddress < EndAddress) { + UINTN CurrentEntry, EndEntry; + + // + // Initialize the GHCB + // + VmgInit (Ghcb, &InterruptState); + + // + // Build the page state structure + // + Info =3D (SNP_PAGE_STATE_CHANGE_INFO *) Ghcb->SharedBuffer; + NextAddress =3D BuildPageStateBuffer (BaseAddress, + EndAddress, + State, + UseLargeEntry, + Info + ); + + // + // Save the current and end entry from the page state structure. We ne= ed + // it later. + // + CurrentEntry =3D Info->Header.CurrentEntry; + EndEntry =3D Info->Header.EndEntry; + + // + // If the caller requested to change the page state to shared then + // invalidate the pages before making the page shared in the RMP table. + // + if (State =3D=3D SevSnpPageShared) { + PvalidateRange (Info, CurrentEntry, EndEntry, FALSE); + } + + // + // Invoke the page state change VMGEXIT. + // + PageStateChangeVmgExit (Ghcb, Info); + + // + // If the caller requested to change the page state to private then + // validate the pages after it has been added in the RMP table. + // + if (State =3D=3D SevSnpPagePrivate) { + PvalidateRange (Info, CurrentEntry, EndEntry, TRUE); + } + + VmgDone (Ghcb, InterruptState); + + BaseAddress =3D NextAddress; + } +} --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77201): https://edk2.groups.io/g/devel/message/77201 Mute This Topic: https://groups.io/mt/83850717/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77203+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77203+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902223966431.4940888060447; Mon, 28 Jun 2021 10:43:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id CErPYY1788612xkNFZ0dszSN; Mon, 28 Jun 2021 10:43:43 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web11.14803.1624902221596454123 for ; Mon, 28 Jun 2021 10:43:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EZkPWom0wYRxhFlnGlH6e17Xm3q5Fq9dHxVo9ViYGrNANj6OIGGboicSvS5u20APJtAaZfqew3mZe2KPsaG5SYSuz0QTN+Eab9Nav8GN+6DWawRfDYbNFmSIL2R+d2OOGDVpfPdmggj+X47w1s11ueanpReNJzKzC0V1EZTGKxJS9K6Hk14qVrR0egpIracwKACvYS1Chw3ihI5CFBN5d/qFFPUIHst4rWFPRVIVhpM5d///zXMgTVze8N2RArK4Rtx5qtqDoaSxkdkhSXkft1hytoGZI+uA/3RJwKZZQQIMYyNoOv6UUUv1e7xuxhfG/MsB3lOgk5aKhuVB9XvxaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=Wg6fK91xmB5wlqYJN7jS7dXI7fDOMTGlor1MOR1e9tWC3kZCRtT0tCvV1SdjxcHsPfSRKOc2slLQ5gPia+QPpnR5qTruQh5OTplhchYW4FRso0EI/ADKGZSbXRGwOoA6eTzoUvUBSmtQugt7UWNZx7Fmuf7gxCXx3jMmhH4zfOzXvFxUZXXSNbAdnZQDxW0mQv87ldHM4ThB/zFaATEMW43k9LZMQXKT1wpUoLAvLz0ev49AHLCQylHUjuaqH1qjSSAUk5ZwpD2e/n6dOnZb/fOU4/AtGu7QeClAvSRB65QQ5kzHFDDBr4L617jJ0hAPaNp03EzHl5i2Joqet35P0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:39 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:38 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 15/27] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM Date: Mon, 28 Jun 2021 12:42:11 -0500 Message-ID: <20210628174223.1302-16-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 16eef5fe-eb4b-43c8-c22a-08d93a5c4318 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: h63M2c4hOmlqH6Pknz/N16WpxeCXGGaGoI1mkRocNpNkR8WCZhEPGiqNNbf6eAC9/qyM4Kp/7gp9Q7zPQTEtn+2iA2jOy0yXdeQM/r1rSHFBkB+ET7hkVmZ6ofMZxZnHBiy1IPZaBISDqdTtCEqq8gdMUTovS/ClmMJ1Imw6L2acQ8rP88DF8rKCUpkgtD8earoHSAygG7FioicAUE9tiHJwcXsP99J65HO023d12AEolh6wmkaBfJE3llVkh6JGtPRAMBBvpzvsTFgM94NRkmI4lOpnNJQH9gfaNSOJa923QkpktKa/pEK9RcsXY3VLov+Esbv2oiGrzxgGI/z2dMfR53J64fSvsvT8KYf3Ib9W0bsFXmn2rB1eTdheIJ6LnvWgBeifMCIVKA7nUkxHe8d+xvRLk9T60XdOZ+1yZRhE+BZhmsxV72jRygUHQByORWEv6kirrSJJu7Ido70KIBi8CVKq9oIOdUU4UE/UF6ml1XJsxUtzyMsM/+mQOP2cIVOnXiOf8PUEJ2JxzrHq27Zc0pKmIM2vRc+PB+jWXZcGIFi+Ya6O9UHKrpHg3s5mjvZbZH/5c5zpd6g7NX0dhJ3gN9OQ9Vu/LALJ85NSv6qq/YU6QFGFvQ4gOlfpCTnYkYsYGrMAUSYAAmg4EWV7T9z3KmE7waQeZCQeId8oVyFEh8TJpTs3oBpjQV+zPw33fBF7/WA9G4n2U8+aiDgURpB2Uf2IlI8pvRlgfyCnE/eWS//E2CuH3y0lXcUC9XO5k3QAFwON+STI+DHBI7gUiz7kQMvFYvUfzlbGhkQoRg9nbddBlh9pmYfkc0eVzs489k8bHUezx3sYN+rpMGRBu05+rtap/C0fEA+2GD8U+QQ= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?G2RPzA/R77cZ25npr0IHJZe/YSeuvah0/mf8NSC2woWCP1JG529prvuSVL5U?= =?us-ascii?Q?C5wpgKvZ1N/nwLjbj8XdPs5MAB6ZC5+HgSnJKi0RRu7wftuJFb+KKazKz2Gc?= =?us-ascii?Q?7kxpMOlWyMvaYrdKT7mJ3EzoSTuv1ffzpFFL0O4KTY/2owA9sKoTZrUVt/WD?= =?us-ascii?Q?kmnt0Oe4snYakbT4GboQe2m1I1IkRYiTYHYv1LAC90MDmGycuYei+b/DLqoQ?= =?us-ascii?Q?luZzdvACredRcQ7hdvWyXcH5V6ihZ9sT//mJYenB2cEFwGMDFDzOqvKOSY/2?= =?us-ascii?Q?xEDfIZCwQMY90G7rrKZZn8iNs+CcoCKWPzaxcDgCYHfh/x+K85o0P7FB9yxa?= =?us-ascii?Q?FkXZLxDNGFqlExNFibczjAOe3mFSQImrDTjoBSOU57uDaTlDp0IrmzN7YONU?= =?us-ascii?Q?ddkdlzzDyWYZYDRq9k24tfznhu2yFkjJjxineBJCerIzVRD00blYiv+s8+Ci?= =?us-ascii?Q?maS7086rEg+7WdNw+cjxgmXs/c78spY/a9TEaHkaScStNl688Y225vp2ZYxc?= =?us-ascii?Q?MY3ZixnNGPrI+BRMqHbHWwYKZBUvWJDPdF7wmyUEDhiMWmYiqNqso1r5juCQ?= =?us-ascii?Q?V7Ord1VZ8NVDPdVzYt9qt6bSCFOjsKKysfb1b4B0S4wT8tbYxB3BqfdzdwJH?= =?us-ascii?Q?lWiq/S9+0vNtrDkvVY2D4t/FLeraokj9uh1wTRy/KwulMTdBoM0pBNLUGEJV?= =?us-ascii?Q?H66t1mLHdUw6pzYpGGPJrcSeIqndj45tmKPhG3vTPOWrvlaodpJD/gydyygj?= =?us-ascii?Q?JMZFB/y0iWYmYdxcWlzxJmSQnO+wmdvnnXLtx/tuLLn2CgUX1V4zZtJZOZqX?= =?us-ascii?Q?6rmoZC+uk8pJ9+eMangcr+78YxfJXxR3fwBWKQ40H+2IB2ngtQ5fbYXEeZmb?= =?us-ascii?Q?4hpKs6q5a/Y3by1X+J21GrRr+/pe5nlECacF8a39b2tsBNkPWiTRG8XPqh4h?= =?us-ascii?Q?RBcYaKQ4LLknbDOLgNrGbyHF7+qtsszvdscaUlx5Q0iDGUfKdHwXVzVIDmL3?= =?us-ascii?Q?f+rnt2EMbUtwn6hIomKjP4JmnGatuUbRDAPF8+piH+me7VhHAOm4eSKmUHH6?= =?us-ascii?Q?EIymcbrScNXVvPP37oHaaGZLosSHy4YPKp7hi++3nNrDxfyohCAR0p+3iTcW?= =?us-ascii?Q?xmoM/Gtzgy2BVOI+RA1Riy00YmuS1oBuFYXsXTEQZGHEtDk2eiXLM7sIlpf4?= =?us-ascii?Q?VPGiQRSvnKbOC9wRK2hiIuzAGe4aXzA9zUonMHYToy0MfZsc8MpuyuFw97AV?= =?us-ascii?Q?qWGCcfF5Ou/Z2JUfLLNANLsxUd6vFrNwqdNqufmD0z+sT+/SdJGZSya3d1Yq?= =?us-ascii?Q?A0yqG3SSTFjGWHSjNJuScuUr?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 16eef5fe-eb4b-43c8-c22a-08d93a5c4318 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:38.8113 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vfjkbwDN9781VeUPV2YlB9/fcKq+uMj7xv4+A0jpzqRIWq3ske1uLlL82958K0TC17zgQtXbTkphjFI34AkPnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: qbSiwpfQxBjntiB3F6xeSXjfx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902223; bh=5rELMSN4bUw88zV57IPimc4GHauz7zCKDyXAVqyQKFQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=f6sS/mYNqScMh3bsMi03ETMvgWUzw8XdRg4B8kk6+J6wQNkwhtPYFC38qje7Wv4+h6p SWZfpueOBKRjBK4sz/CKkMcHAjXlWBtQF9GmOB76u1bxDQxbesUf5UmI8yKs/eslVbeWx a2JvGRREbz74DYTTZLncvSTSdZUOYjRa7w0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../PeiMemEncryptSevLib.inf | 2 + .../X64/PeiSnpSystemRamValidate.c | 65 ++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a1028..f4058911e7b6 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 64aab7f45b6d..3e692a3b869d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ =20 #include "SnpPageStateChange.h" =20 +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i =3D 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress =3D mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress =3D mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)= ) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + } + + BaseAddress =3D OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress =3D EndAddress; + } } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77203): https://edk2.groups.io/g/devel/message/77203 Mute This Topic: https://groups.io/mt/83850719/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77202+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77202+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902227905438.1523980372035; Mon, 28 Jun 2021 10:43:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id kUeXYY1788612xRxCASuKc69; Mon, 28 Jun 2021 10:43:47 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.54]) by mx.groups.io with SMTP id smtpd.web09.14607.1624902221778448138 for ; Mon, 28 Jun 2021 10:43:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+6anpM2C0m5HiHmXnDo8e9/J28uwyc3WWymR8TQ9+qX7NTIsPGxDsbt81cJ4laG3CqvE+FPz/3XZ3qIyiv5RTaZ7YAk1ApgsrwSPiMHScUZlKKm1otKksKRUzuYN8G1jYfBJKYjF2H5ky/JUuv/PEX+jnEKLbkoxk2QvVuP7EzWZt5Lur3LLzFfifQPfR8NQGx5zlI4iIXUmDQIm++OuYIJrOkFZbDRfaKW+wRQ+HTEwGFnFSW9hgs2T5dHWyZUTukOrbuLqdXCkhAaqc0asbmWJCo1T0KlIvR+vcqXa4k5CWiFmnfE2H7PdO71QSt2ZH0Laa6x9DR0FRhgSxosWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X4x7TaASwfTqzc0ULE5Yhp7i1E9LcUSyA6138RpOmq0=; b=UY29KComBnemgmqJmiUsaMrrXCS4jH0bC87xbVhGy0KOTlxLjyXr3iOB6ZTYxqBujK/za8raS8Xxg63T0yWu1vYpVYGQ/cGuwB1Xs9KYtXt93fRYwWdn/ZBS5sdjZf87LBi+TpFERYlkMdoLhB6WjVNtn7TfoQWaIhcl7rWTAh5/OiLv6fvcTSeCJy1XULhVpYQi1m09UDvY4P2uRM0+we9QpqKPlA/CQxKUZsoNfJk/gCPFg8hlC/OmjvrdCahUiSs+HqQSa/PmqEaaci71Y7eJzVzQA/8g0fPr6xXivc6QfRiPI8hs9u9oxUYSccpAbHqHEupUbRa017BvCjvpNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:40 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:40 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 16/27] OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase Date: Mon, 28 Jun 2021 12:42:12 -0500 Message-ID: <20210628174223.1302-17-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:39 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 95c03355-240d-4455-5b6a-08d93a5c43c9 X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: A6851QQFMo0rstfBBM5qGeJgF++lYm41Jer9B/A6JFVDhaC6r/mCqMG4Us1P7/jsKYEeVhFJVT1C6rYsEMXsRWtBdeM3lln9I3cOoYncEI6V+0oQJ3HALdhgFZC/EUzLSZlH3IzzUR8devqe9JVBbAkluxPZK1D0ivL87RC3HujFVOK7GZpmL9+e4PMrMVCVx6tQb4o0m423cuOZTTxXQQ6t4pY3V5NA0aFaQv9j8N6C8jomBuXWtN6v9nZJUTJ8Pd29BgK21Fp0wAz5YewqDroS5EeOwobMcrN3MlTuduA6FQYLPagbXNevP5TutvFXP34L5SaR1o/xARCFVyce6argi/qzoo4cEUIUcCfQNxrMGs+uoaRVqPrMLfScOtPxHtmeLF1hm7b9Lr8oLgP8BbGMDZZuCi/ZGmPz3/dKedByMx61MLFH8LluAJXEUtYTR4MfhB0YrH9owR+yiTkhzXiQGi+gBCmdmDO/YYkgJSpYCfkFbygMEPIgaIuUXOMLBdcuw2POh1h3gaIrqfAZh95itmNcjY6IBNIcvjuSJhFDJ9lnLnpuM1NXQHSvUlJdtHrfXYFF62msgLBHCA18s5e3uICj6xtf4gedTmwB/xJGNKc4iuZwMgS+6+CL4CgEzmGaJZgWqkx6FYNo4E0sjIK1kQfa027E60FZVIzKL2VZ6VaK84mBeyhU6KAVQ4DDtXeP+VqtPZhF83AZxM/I3y3ybX/ftt9jw7FLVLxAMNuG/0bo98JHGZsEdqDHR57O1ZNMbsWDHLfEPjV28zZEVaI4QaDx8v3jQoTQjS3pzZkKO84wzXj/o95B6+Cgm00a X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?M0cxiU81osARlrbzXcKu22H8d6ryaVwb6KtwT3GKW1+JWNtg4FYeQW7+HpfM?= =?us-ascii?Q?FothnQj1Mz3j69LcKAeeE1HtM9it/MCPiEvlKoxoaQRdBdOdOwVKvKiCmZqS?= =?us-ascii?Q?TUoRRrPQGRH8D9JOZt5wmkjl9XB7TTHn8h9IJifWmGG0kxp7BE/0evnOpvv9?= =?us-ascii?Q?IwNoluPr+K8J9jY6rbjqlzraqQyeKSmP1Vuxbz0E6IJoDen2XT/Z0VljvqO+?= =?us-ascii?Q?pK23756K3qCbedfst52P8Xy7VmTx39wOXAHn1ITM0HjdMVTIDQjM5SebRQTL?= =?us-ascii?Q?sQI4WOFMmo3eV/18mvKy6v98nEQiaE8weW6CzhXnmbik9O7bik6p6/qyIj2J?= =?us-ascii?Q?tNtWcMg14K2k8janY0joOUJ90r7O09YtEcK9rNTq0siFOcZsGehutWlUepa/?= =?us-ascii?Q?Tyq1JduParFnHh6gzbJH1qv0/YwKn8DQfzGPx77I1I2Kh4+TEwHHvkGBI8+I?= =?us-ascii?Q?T5MwIET619MXXLZlP0spmIDE30XjBM/yOIlwJ/mObszXGiTjdGO5dFA1Kpo1?= =?us-ascii?Q?q/BxrxFxeANvjL4C5dUFzcDmQm2K2cBLla11OXMS9b08bU44xjKNVt1s8MqK?= =?us-ascii?Q?AnjtHfiXM8JQAQz3q0QBdlBGeVAjp3siy/xhGqL0vehMEmYgw6m66F+TtupQ?= =?us-ascii?Q?UxsXuAzRuqYfbKWbpvZJkQjPCxEo0pwJTXguZumVz3Q40/GgVBtT1NSU90Nm?= =?us-ascii?Q?ReerCOKB1Vi/fYxulG47eyXQdeWo59iCO+YJJHZp0s1QPRI4OfcNYqMN+Whi?= =?us-ascii?Q?CZKilA/k7kEByi+uFK416LG4rhsyPXSimK4Fd8b4aBAhqosL61/DXMEDtGmn?= =?us-ascii?Q?R2U5MLv2VMxAOrJ91TNNjZ+rohqlv+7qRHlD45UAhJbF/j9B8E+YSAexoOQa?= =?us-ascii?Q?iLJYLNk3WhXXqcAlS0ayXXSM7amqwGxP0lw6rlKTJ3i43NF4qNAFVK3/T2/E?= =?us-ascii?Q?I8S/XqvbY8osuDKvDu5MBe1pPVBqILqJ9iX2uHSYipmXJQwqurWuImXGBNEQ?= =?us-ascii?Q?VhnODIq+gApxJWabNTg3kFrX5jVgvCGFIUUNW4vu+qXeEuAya4R7eBstDwUP?= =?us-ascii?Q?xUKl3TzbIAK30FtGcYxWy8WJxhBlgQte+3g9gng5WGys25iJXR6lvbD+2FLx?= =?us-ascii?Q?k1bm4mBX63kXJl0u+pEZmvqBCtVXSWpLPGE5+1gdCU2hBJdBIjHFfJBOe0rZ?= =?us-ascii?Q?F9pJSXaPJiXNThzm5wwsl47A7tNX2q+QWYQLPpXJR0R4NubjqNgEEAtbMpPN?= =?us-ascii?Q?jxU+ZGdW840yif/fI91Y8vKZzvjqe+lDXGE6fIUl7g6gbbhkDwuJHYoZNGpO?= =?us-ascii?Q?LPNrlq3YvD2pdL29bBqUhJgF?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 95c03355-240d-4455-5b6a-08d93a5c43c9 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:39.9556 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: q/WB69QrsXKGn0QgFxK4UbChxeKOvXMk0HiUbjAWj8g2erSwpIr8jhutJWTRiWCWNTrZZ4uxy8gaz/lfj/AC+Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: L03gYG2z9WBkKeShZXitIoN7x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902227; bh=z+n0M4cq9C5JKCy/Dlj6twIPM/okl8UCDJLvvfDy0+o=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=uW+WZ5y6ATjytH8fceGDxxL+tS66c4WpvO/MuNP8npiOfJrpTlwp9UOdxVJDTeDqtQ8 zev4bxED4QSmTtBMEWwnqy5YTgfHl3H15uDSIp/epBjcH31+PzWenSzSn1vmG0V2AZIyN UuVGdWegiDQ0aFb5UrrdyZSLhIkGX0eoC78= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The initial page built during the SEC phase is used by the MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The page validation process requires using the PVALIDATE instruction; the instruction accepts a virtual address of the memory region that needs to be validated. If hardware encounters a page table walk failure (due to page-not-present) then it raises #GP. The initial page table built in SEC phase address up to 4GB. Add an internal function to extend the page table to cover > 4GB. The function builds 1GB entries in the page table for access > 4GB. This will provide the support to call PVALIDATE instruction for the virtual address > 4GB in PEI phase. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 +++ .../X64/PeiDxeVirtualMemory.c | 115 ++++++++++++++++++ .../X64/PeiSnpSystemRamValidate.c | 22 ++++ 3 files changed, 156 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h index 21bbbd1c4f9c..aefef68c30c0 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h @@ -143,4 +143,23 @@ InternalMemEncryptSevClearMmioPageEncMask ( IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length ); + +/** + Create 1GB identity mapping for the specified virtual address range. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] VirtualAddress Virtual address + @param[in] Length Length of virtual address range + + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + +**/ +RETURN_STATUS +EFIAPI +InternalMemEncryptSevCreateIdentityMap1G ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ); #endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index c696745f9d26..f146f6d61cc5 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -536,6 +536,121 @@ EnableReadOnlyPageWriteProtect ( AsmWriteCr0 (AsmReadCr0() | BIT16); } =20 +RETURN_STATUS +EFIAPI +InternalMemEncryptSevCreateIdentityMap1G ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ) +{ + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; + UINT64 PgTableMask; + UINT64 AddressEncMask; + BOOLEAN IsWpEnabled; + RETURN_STATUS Status; + + // + // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnin= gs. + // + PageMapLevel4Entry =3D NULL; + + DEBUG (( + DEBUG_VERBOSE, + "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx\n", + gEfiCallerBaseName, + __FUNCTION__, + Cr3BaseAddress, + PhysicalAddress, + (UINT64)Length + )); + + if (Length =3D=3D 0) { + return RETURN_INVALID_PARAMETER; + } + + // + // Check if we have a valid memory encryption mask + // + AddressEncMask =3D InternalGetMemEncryptionAddressMask (); + if (!AddressEncMask) { + return RETURN_ACCESS_DENIED; + } + + PgTableMask =3D AddressEncMask | EFI_PAGE_MASK; + + + // + // Make sure that the page table is changeable. + // + IsWpEnabled =3D IsReadOnlyPageWriteProtected (); + if (IsWpEnabled) { + DisableReadOnlyPageWriteProtect (); + } + + Status =3D EFI_SUCCESS; + + while (Length) + { + // + // If Cr3BaseAddress is not specified then read the current CR3 + // + if (Cr3BaseAddress =3D=3D 0) { + Cr3BaseAddress =3D AsmReadCr3(); + } + + PageMapLevel4Entry =3D (VOID*) (Cr3BaseAddress & ~PgTableMask); + PageMapLevel4Entry +=3D PML4_OFFSET(PhysicalAddress); + if (!PageMapLevel4Entry->Bits.Present) { + DEBUG (( + DEBUG_ERROR, + "%a:%a: bad PML4 for Physical=3D0x%Lx\n", + gEfiCallerBaseName, + __FUNCTION__, + PhysicalAddress + )); + Status =3D RETURN_NO_MAPPING; + goto Done; + } + + PageDirectory1GEntry =3D (VOID *)( + (PageMapLevel4Entry->Bits.PageTableBaseAddres= s << + 12) & ~PgTableMask + ); + PageDirectory1GEntry +=3D PDP_OFFSET(PhysicalAddress); + if (!PageDirectory1GEntry->Bits.Present) { + PageDirectory1GEntry->Bits.Present =3D 1; + PageDirectory1GEntry->Bits.MustBe1 =3D 1; + PageDirectory1GEntry->Bits.MustBeZero =3D 0; + PageDirectory1GEntry->Bits.ReadWrite =3D 1; + PageDirectory1GEntry->Uint64 |=3D (UINT64)PhysicalAddress | AddressE= ncMask; + } + + if (Length <=3D BIT30) { + Length =3D 0; + } else { + Length -=3D BIT30; + } + + PhysicalAddress +=3D BIT30; + } + + // + // Flush TLB + // + CpuFlushTlb(); + +Done: + // + // Restore page table write protection, if any. + // + if (IsWpEnabled) { + EnableReadOnlyPageWriteProtect (); + } + + return Status; +} =20 /** This function either sets or clears memory encryption bit for the memory diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 3e692a3b869d..69ffb79633c4 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -10,9 +10,12 @@ =20 #include #include +#include +#include #include =20 #include "SnpPageStateChange.h" +#include "VirtualMemory.h" =20 typedef struct { UINT64 StartAddress; @@ -68,6 +71,7 @@ MemEncryptSevSnpPreValidateSystemRam ( { PHYSICAL_ADDRESS EndAddress; SNP_PRE_VALIDATED_RANGE OverlapRange; + EFI_STATUS Status; =20 if (!MemEncryptSevSnpIsEnabled ()) { return; @@ -75,6 +79,24 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); =20 + // + // The page table used in PEI can address up to 4GB memory. If we are as= ked to + // validate a range above the 4GB, then create an identity mapping so th= at the + // PVALIDATE instruction can execute correctly. If the page table entry = is not + // present then PVALIDATE will #GP. + // + if (BaseAddress >=3D SIZE_4GB) { + Status =3D InternalMemEncryptSevCreateIdentityMap1G ( + 0, + BaseAddress, + EFI_PAGES_TO_SIZE (NumPages) + ); + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); + } + } + while (BaseAddress < EndAddress) { // // Check if the range overlaps with the pre-validated ranges. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77202): https://edk2.groups.io/g/devel/message/77202 Mute This Topic: https://groups.io/mt/83850718/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77204+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77204+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162490222446683.01597669645992; Mon, 28 Jun 2021 10:43:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IrUnYY1788612xUzohuIQBPH; Mon, 28 Jun 2021 10:43:44 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.71]) by mx.groups.io with SMTP id smtpd.web11.14804.1624902222913694564 for ; Mon, 28 Jun 2021 10:43:43 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lubyrenVdxbJOYNRXU6tYhk3d5R4/4URW2qrrE4goNSHUForQCntImvLkJN82CULmkAS679CnEmK5gsR+vTDL9JM0R9kgNwMhX3FddawL73m0a8C8Q+9p0Cf6721X6WzF1uQWLC8rn1eH+12MyBu9/jgLEAkQ1fLmKdRyjhz3NHIi7KohFFo/RLz/iuOOU+b+6VBoNIv5WUQ4zVldW/en8bCQ3VhVSVNxNJJx+eWfci/MQ2MUKI57oFuc2ye2PU79Q83QHksWDC/+oS015T4Ejiri0+bck4jE3Bza+ytugL8dtm5ppxmQpndE+EUyUK4VMPqPSbtc+18MFniwFpgdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mrktsuZR9NLJoc0+A+8C6Zq8mLrEDd31HpfENKOZcZU=; b=Xj0YUjT/QZsKxdiTGMaRMCDOhFBn5rU2g40jujkiPV1BGWWllxRV4Atsfr3yM3TjDQzBE9BiXdWokw/o7at4Ge9fBA+CLDQqIkWvXcs/oAgGjYfTUIXVPjmSRmsZD3rTFEtFO9De23/VGip/AX6KQeklkvurqYtM2SxwPM5WHMdDAp0unVQKDBaWXEI6sD+3nlnbOtGF8nO1HLiIoe0xvdDLKw3WG5iVW3T8pvAngevj48ozlvmwXLDTmGOfHHFV8ms9CMhh1U4ZJ9p6k2Xd8otBgz8u+PgX8aeDvKXcIrNG03zjwBf2bZyO01Wxlyfzz+ivh3308yIVrvnAaD0frA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:41 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:41 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 17/27] OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv Date: Mon, 28 Jun 2021 12:42:13 -0500 Message-ID: <20210628174223.1302-18-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:40 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7ddabc48-a322-45a3-30db-08d93a5c4482 X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: Ns0F+J4D6IkkNsm9Ab67+l9wfCDtlB0emNAz60vKW0uR16AY2fqBZ5i1pHJwmN/ufGgzk7umXYYAEMqZvMP6EUNeS7CUqfnyblf4z0hITfwXDlJaNF13ZzbV8ok80MnmyxCVTB4iCQxrWRctA74QiLO3/L5imKb63M33KZNdOaGr/G3tAWKCHlghqh6HdfUPucVNpiCJfcM/Eb88SFQGvWi5XMn8Kwpo0CxYLRQKobTwIn+I7Kec4KjwL1VbLexdujB1caURYc3aDWSxPzEbXOHG3N+pkxo3jKMe5AOrkgorvAC6QrcV7YgJSwHEPb/blaqOkD/UUWLNBTofrX71IrsZJQ9BOCyfj9+cTBr9BRL52fbn/WhJxQ88SD6IO8dtzn00SyIZ5BAcpAqfKt9lFPUg0z1GFsRG/cuzKXK7UVo1xUQuxYq+RlcE/sPti9Z+5oGGqEyVQ6yyNG8fBo5HKFURzwRWUpia9EEja+P2z3nHu7BGWyTUPmnwcWFDtZCDCpLGqvF0PVI0liiAfLmaPXzYRcvMTee8wpENSEyIAih4HotMC7jWuNxN1unfbcdRUlDrww3ZhiAOj4F9IGjI6GlVCAizCT7WHITtpJBYi0Bc/6HYNg19broaserVDyg76vmodLb8D/PrlAljkCC0QD7Uluyybim5r1+Z5DIsAsOMDTvZwm8+mOR22Cip2v1tk4+noyMPcKudn27OgbewBu6pCTQfsfGRUU+AyVZVS8vt5ClStZ48ssdYbLz2vRsaEAY8hV4F3irtNent88uCf7hlVNpdpAFqlWxAKNLYIbiJv6y1i2IHnVJ+edelPz2z X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?hbvFQaFQWR0I82qq6Yu+R8Y+SfWXmNsLHvfluxzx2l7wTJRcXFBPWkzK5nyg?= =?us-ascii?Q?DPcMeQk7WZMF1zfQWUGiYfGsrPtXy1yR4thGanrSoiwczPqCgbHFw2dEwr8W?= =?us-ascii?Q?rk1eU3qz7CTVclWIrhDO0oyrXDBTfmgiQlD8Ggzqqzub2ZNUu42lz06f8jiN?= =?us-ascii?Q?8YwHLI7RVAnk5aVPKIyBXnf9zXyZYk4vQqyBtGvNTS03ePB5yfeNekpi8Bhl?= =?us-ascii?Q?trQja37QGQY8HKVh7ZsNS0YJf66ZCZivXZtuywmehaQhcPjtUNVY7Nh2C7H9?= =?us-ascii?Q?IrqY93A6H/3Y3+dqc+AyxwxoLVQuBVfjvye7SUmb+8LeITBD6StikQcUCFLK?= =?us-ascii?Q?9IzRO7fHGW36NVVmcMWeOgFhw6hIe5Vf1QGXWU3hQBnnM1LGY3PwSxDtaeb8?= =?us-ascii?Q?+5RAeb1LxE4ZZeB8FCcDMIkCdmDFPLgNOHVxYFr/a0GpZaOuY6GgbHPQmyZt?= =?us-ascii?Q?np0k97s//9nhFOhuhQQ88quHKwCunKWXW2A1R3L9R+JSaRnx/NTjGlwtM06D?= =?us-ascii?Q?b70JC8gRICYihCTo7V9e8IIaFdpBjivOABKUK8ZhsnpS9QKKgqSV2G5kCq5v?= =?us-ascii?Q?m+E7JRw/29hpZcvRSIyq8VhuEi2PIokvKzCf9vN35XP+DwL5i4ITaXY9rwLL?= =?us-ascii?Q?8AN+eWyDibqUzc+Gl8t1UMWLdlYWB20saDFWVnbHZsO9OUS6DNZ3TDUudDfy?= =?us-ascii?Q?Npd6832GtQ/8LaD38RONqV/epdTWydM1uE54hU8wZe4rlUP1u+5oZIB08n57?= =?us-ascii?Q?W1frG76dhSQjlJ6yi/FoaeRxvsDT3JXWIP7xA52H0bNKIz3kfM9g69B4MoRr?= =?us-ascii?Q?Uy+GYpcykc1T2Ly7BsA1IfIwKiBmpYtdvUtPLWi3dQRFoQ3CzNf1N9IRHN9C?= =?us-ascii?Q?ilLDXukkK0nH/+MML11blJjYzt1R1kZZNrl7Fatmnw0MT2lJA95QmRBIiH+H?= =?us-ascii?Q?k1iP9cwrWl1q8YmVimrr6wz16D3oFjigyksiRgBLqqWqBjO+mG551s6/4atZ?= =?us-ascii?Q?dTzw8LNE14yEaPVvK+TlpkGQD59uRC5Zx1VCaDejkEYSY2jQTCqZjZA+tWUB?= =?us-ascii?Q?CiDVm4cT/0zFGpXlrwY5BHIXIfCvmvRorvH6uXbdb1dyGJiO7TvlkCu/WO/A?= =?us-ascii?Q?p40dIpb0cF3s8stq/odZ/pnBLMpYfbSYq27AgdcFJEPgxRjGEb5g+pMMFOfz?= =?us-ascii?Q?1hJ00uYilxWYXwrQbbUhMhkyQTfyObiXjXXY02iACJl078dxjpwMuyS4AiR0?= =?us-ascii?Q?qKweVtCiWxLl9gAQmAoL3KriuLTlXnFu5U/haJPh7iTD5Mrv7snOdbjeypsH?= =?us-ascii?Q?0OYR4z9cNxAwk2qW31NMNS9R?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7ddabc48-a322-45a3-30db-08d93a5c4482 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:41.1860 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: t8mfjb5bzFqGgS6cOR4L0No1nfk9P+adPgjwuNqnaOWAyK7bviTzocILgZ5w47xDaorgWY8ZteUoRaG/EUR2XQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: hAs8Kq2SuEGkaHE8cXBNe9gcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902224; bh=dyBVUHsqovR/AQa4hqfSlsvjDragA+HCQBAT4NKVN2o=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=LjHY23Sqix/SGYc0VWx9S66aQXrKGPfWhKE2bpOpTJF71pQoZU6q/S/Xz/HUv/h3gzU CCeYwSL5tjzltvpitgO+AywhyStick71sqO67nagx74vWqdJuAtbal26M5+wYTbNdLD77 XYNUpmWSaS5BUtlU7ic9DGRhZL2LHOhsmE8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The VMM launch sequence should have pre-validated all the data pages used in the Reset vector. The range does not cover the data pages used during the SEC phase (mainly PEI and DXE firmware volume decompression memory). When SEV-SNP is active, the memory must be pre-validated before the access. Add support to pre-validate the memory range from SnpSecPreValidatedStart to SnpSecPreValidatedEnd. This should be sufficent to enter into the PEI phase. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 5 ++++ .../PeiMemEncryptSevLib.inf | 2 ++ OvmfPkg/Sec/SecMain.inf | 3 +++ .../X64/PeiSnpSystemRamValidate.c | 5 ++++ OvmfPkg/Sec/SecMain.c | 27 +++++++++++++++++++ OvmfPkg/FvmainCompactScratchEnd.fdf.inc | 5 ++++ 6 files changed, 47 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index d0ec14ca2318..afc559d74335 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -339,6 +339,11 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UIN= T32|0x51 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT3= 2|0x52 =20 + ## The range of memory that need to be pre-validated in the SEC phase + # when SEV-SNP is active in the guest VM. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart|0|UINT32|0x53 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd|0|UINT32|0x54 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index f4058911e7b6..2b60920f4b25 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,5 +58,7 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 7f78dcee2772..8144b1d115cf 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -50,6 +50,7 @@ [LibraryClasses] PeCoffExtraActionLib ExtractGuidedSectionLib LocalApicLib + MemEncryptSevLib CpuExceptionHandlerLib =20 [Ppis] @@ -70,6 +71,8 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 69ffb79633c4..253d42073907 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -27,6 +27,11 @@ STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { { FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + }, + // This range is pre-validated by the Sec/SecMain.c + { + FixedPcdGet32 (PcdOvmfSnpSecPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpSecPreValidatedEnd) } }; =20 diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index c10441ddf472..f949a9b0349e 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -915,6 +915,26 @@ SevEsIsEnabled ( return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D 0= )); } =20 +/** + Pre-validate System RAM used for decompressing the PEI and DXE firmware v= olumes + when SEV-SNP is active. The PCDs SecPreValidatedStart and SecPreValidated= End are + set in OvmfPkg/FvmainCompactScratchEnd.fdf.inc. + +**/ +STATIC +VOID +SevSnpSecPreValidateSystemRam ( + VOID + ) +{ + PHYSICAL_ADDRESS Start, End; + + Start =3D (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfSnpSecPreValidatedStar= t); + End =3D (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfSnpSecPreValidatedEnd); + + MemEncryptSevSnpPreValidateSystemRam (Start, EFI_SIZE_TO_PAGES (End - St= art)); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -1046,6 +1066,13 @@ SecCoreStartupWithStack ( SecCoreData.BootFirmwareVolumeBase =3D BootFv; SecCoreData.BootFirmwareVolumeSize =3D (UINTN) BootFv->FvLength; =20 + if (SevSnpIsEnabled ()) { + // + // Pre-validate the System RAM used in the SEC Phase + // + SevSnpSecPreValidateSystemRam (); + } + // // Make sure the 8259 is masked before initializing the Debug Agent and = the debug timer is enabled // diff --git a/OvmfPkg/FvmainCompactScratchEnd.fdf.inc b/OvmfPkg/FvmainCompac= tScratchEnd.fdf.inc index 46f52583297c..b560fb0b8e4f 100644 --- a/OvmfPkg/FvmainCompactScratchEnd.fdf.inc +++ b/OvmfPkg/FvmainCompactScratchEnd.fdf.inc @@ -63,3 +63,8 @@ DEFINE DECOMP_SCRATCH_BASE =3D (($(DECOMP_SCRATCH_BASE_UNALIGNED= ) + $(DECOMP_SCRATCH_BASE_ALIGNMENT)) & $(DECOMP_SCRATCH_BASE_MASK)) =20 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd =3D $(DECOMP= _SCRATCH_BASE) + $(DECOMP_SCRATCH_SIZE) + +# +# The range of pages that should be pre-validated during the SEC phase whe= n SEV-SNP is active in the guest VM. +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart =3D $(MEMFD_= BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd =3D $(DECOMP_S= CRATCH_BASE) + $(DECOMP_SCRATCH_SIZE) --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77204): https://edk2.groups.io/g/devel/message/77204 Mute This Topic: https://groups.io/mt/83850720/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77205+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77205+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902230083718.679830351302; Mon, 28 Jun 2021 10:43:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KpE4YY1788612xawujaLOXbU; Mon, 28 Jun 2021 10:43:49 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.59]) by mx.groups.io with SMTP id smtpd.web08.14873.1624902223862746787 for ; Mon, 28 Jun 2021 10:43:43 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YKme9SjiALZ7i6J8i28FsG8m8Eu/y8OhJC318Drs7pcdmrOvAeIvK3sIwkhAaX/khc9i3n4tFpqUHv22rNvorDDDXyi8OFdAGGiWfrO+F9SjAayhWgLPzcnVHMaZOS20MFKj3Y9xxoxgT/+Ss7EOiXH7KWHHaCJgivzgfzh1Dk1JdZEMbTwbnx1gt+3fTMOoeIVKNj0UPA/HMmJXjuovJPuoazNMAk3dsGKqRSb3KYJDLypjmWq5ivr1u2R8JFKgvJYMlpGRHzqE6DbzMcsypk4eLvctJCLypLt3ALUk2EXAdpHSphnE1z7MZa0Yy+9nE/0Fg5pOXnMV/tdeIyZvPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k8PA7SKKahmuKpHvarLKbC7f/Zd8MKgYAF2Vu7dDjZ0=; b=TqlVOoCbq6CSTaWrzaMKsEYSOgTyE9I2qVPHtCkmRiB3Fr+AAZP6ASPb31kuehg7uSgqkmB5b+MezftPrkOFfzL53Lkss+QRF1Dg7J4u+lKDocSGObT1JHXEoN94X9t868aStr2I+4A5yVutl/RQY3KSGgCe+3poJk3e67RfKPjvvjRkqCwVouZqhtjIlkCYgQ95PSWJoL5/lk8cOwgCOCNE6Z9Q+ncnvYGFopldyK1LvHLADTySgPbB/SxVMg9EySJDK0XE5PaY8S1Eccwl/ogJO5zBRFSqlkk7QpMRd+rXLuXh7vIsSwvrD7OnfegH9KKrsIzxOyebLchJY4sMzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:42 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:42 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 18/27] OvmfPkg/PlatformPei: validate the system RAM when SNP is active Date: Mon, 28 Jun 2021 12:42:14 -0500 Message-ID: <20210628174223.1302-19-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9747cb57-479c-4469-9512-08d93a5c4541 X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: rQLQ31e1KmRH5Wwb3hSy0cYGJPIHWGJcVHAO7jDjuTTiqSYlkBNH3QEGGHN8YnXATH/7f/OyF/BIP9NJYVhdULd5wnTMjHpfSVI0WXvBjb9N6d4GXXUHKPevGXSg5csPDbkwdPznxEp3/ArY7305LF4H7BJ4pqR3mumuvKobEnw/IOHztIy7m7eJkkmU2n4WM1zQijzEjUzaSi4EmDk5MocPT4e4DaJ6s2Kd8F3rh743hcNp6FhOnp2Wo58FIMorbDjb8A9HVPeCpuN7Pn74bIP1PoTzWJK0uJmx7Y4tgQX4ZxrStYJ6siB3QoTc8IXzktsds1TErXLMLyuLyZRJkphdW+4lKn5Pv/51PbcaWipC1EVy1Ohl1pNPOkLWoWBUB8xXPYst9A1NECrGHAxPE1AYrUyfvPfSY/Tac8uUt2ZZEABkNV/s7cozXAUg2zzSZES/ejJ/QD2ga6AmePE78OeVbIMPwRlH2qfRwj1NP18MkIea0OjoFp7i8cLGftVuNb76nCCBCqoUvzq55FI7BmB1u1MP7C0bbYjZD+9IHQvdtUx81PRBiRhV0mK/vlQWBx+hTSp7rBvQ6LCUU+909z53cbp4+eSwHg8gTnvSpXQhX13rv+4LkTHgSRHnvdyPRTvhyslzL7nVT89DFKqlpTUIpNbQjB3SVXr9qUvQB4q2+Ch84+RVbbhQNWcoR6U0xj3XPePNjJ7uWopHwA+YvL/HbkDl4j/dfJf6Cg0ctbamvtSJRZ+6W/bheUtnq/Qm6zzIddk3iF/TGNa0PMm59qeaGTnjJkhObsz97BCBPJGHcib0D7FKgGzl706FLLS0 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?xSBdSC3WxEYuIQNehPZFirGQ+YyN2Ch/6ZE1JQKamdVZ0lFgTi/rPAuZ2Xd5?= =?us-ascii?Q?u6zygTv7uEh15FUpEO/aIpDVkb221m6sRCosVW5ntDVxohtpus2qi/WLP5Q1?= =?us-ascii?Q?OI+H3fe2IPJ/slEMmRpHt2fgLDQldSSxVLoKSSLXFLfSayKUNybzOh0/2HJo?= =?us-ascii?Q?KNNq793MwpcrCsP8yLSGW5Jmjhh0WZUfQRkiDtk+7bc/2LdMGlu8QmWh4eLe?= =?us-ascii?Q?3hyqRe6+Stpey2IW36RXCsrj+wmZgWbcWhLR8aE01yIZn3CFWvqlEoMUidBM?= =?us-ascii?Q?3xi4B8T0i8dApnIuk4GLdEuEo9SlrpWMi6jXP7Lcb+Qmz6z2sBSGOd9aQ7dE?= =?us-ascii?Q?CidOrE0kTzoAo95ZN958KFwMkMGv5ygIQ6Tlc5sDYVxAGvb+BgtvhCHN7FFj?= =?us-ascii?Q?/CGWQH4LJn64NdBzscPaGnP4Wj8jJYzOx2Kt/HCufOQYPTsLEtk4oQhNUj+5?= =?us-ascii?Q?ZO89FetZ3BU9WfJrviVUt6PJpPIQyD9k7Mu2HVhblhwFXrvPoiXDphi20GiV?= =?us-ascii?Q?FtYZkgAXahdE32tKRkVfSn/+9QwQaX3s9EI/qg7jw67Uf57X3M/FYfrFQVEX?= =?us-ascii?Q?DaYdrcBKfhvzEoT3nAwD82+VXUiRtwkLFsjIC69Srh4XRUutxC6pyDrQ/Qbz?= =?us-ascii?Q?8FPRhuVXcnHvr5ILn3xQha1ilbhFCcXRxK03onQO5g0vHytph4aDtqVLBewa?= =?us-ascii?Q?Bhie53sPwfhebNuKGHyl8EmrJtjvC6FLoVmTP8uQ7hLH4bll1XNQ6TDcPsXg?= =?us-ascii?Q?5QMlLIZCWCOW5+ZUeH4x5eoz91n4dV/82toMv/VdTsSywzgU3gVaBp1ZgKUE?= =?us-ascii?Q?RBhiekp0q2SrNgJpW9K0NyDoJiDbOwxkf12qVoa2eJ+9ftoMY0+o84drhoRS?= =?us-ascii?Q?cMvICG+NH5fHUV3yKC9XelwK4fFCE0Mr2rwZN4HXSTOgo4H8Pql1kkJZF/3Z?= =?us-ascii?Q?DzWSmXx7Bcrfjjd7XEkq/5GDaagQQMdPIPkXS0ZRde6ZeRbshG8wLLjc9b4f?= =?us-ascii?Q?FJg6g1hrAZkwoSsYzjuhxhfNIcStLYdJNAQmrEhZLywCwmtxYgoAY1oBcGDD?= =?us-ascii?Q?SJuNzXL+Q0cbFP78gRal4SZjbojWZFJXSR3DY3W1PWwRJME8Jo6kD1awL8zi?= =?us-ascii?Q?MvVxoULEDX51abPNAzklNCFrVO8sxwQ07Ze8z5Qdh96F3XKeLnJbf+uAm2n0?= =?us-ascii?Q?VRgePrAM5aFrgVLjp5s67CxHwXANTNqjauGDkmMtVDqxxkb++Fa8/hD+uLjf?= =?us-ascii?Q?D7j4PfXJNRMDDRRYNQWB4FzaN8MVhX4cb2Ho7ne1YjEKGtOqTY64XjH+4vAB?= =?us-ascii?Q?LPL7gnmq1nR32YJje5v/V1cj?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9747cb57-479c-4469-9512-08d93a5c4541 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:42.4872 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dwNh08Ad0BfIEEZKSGImexaA5Xh3IYMJOJ1kowiGgGj++YnPNKRxxAGcOateD1MVo8ee4QECpRs2fSqLxfXeew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: UR85Qc15QPZBykM25EE0xhFgx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902229; bh=1UYsdHA/hiuDANmWElu0grYcSEEUztWfdZfhepHp9HY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=NwqGP1PsKSdOBL64uOy9eoIEcM7efh/1pcJ75f3rynGAA/g/b3+dq+vDsZQUY051wd1 xApHaLj9pjn2C2dufUb3GNR9xGNpmvPUx7492GSYTthnNMKK9JfCZC0NpsbKr5H2ffu9R D2je9O+Bl5N/DrdSB+WlbTYEq6uNdxupOeU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 When SEV-SNP is active, a memory region mapped encrypted in the page table must be validated before access. There are two approaches that can be taken to validate the system RAM detected during the PEI phase: 1) Validate on-demand OR 2) Validate before access On-demand =3D=3D=3D=3D=3D=3D=3D=3D=3D If memory is not validated before access, it will cause a #VC exception with the page-not-validated error code. The VC exception handler can perform the validation steps. The pages that have been validated will need to be tracked to avoid the double validation scenarios. The range of memory that has not been validated will need to be communicated to the OS through the recently introduced unaccepted memory type https://github.com/microsoft/mu_basecore/pull/66, so that OS can validate those ranges before using them. Validate before access =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Since the PEI phase detects all the available system RAM, use the MemEncryptSevSnpValidateSystemRam() function to pre-validate the system RAM in the PEI phase. For now, choose option 2 due to the dependency and the complexity of the on-demand validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index de876fdb478e..391e7bbb7dbd 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -23,6 +23,40 @@ =20 #include "Platform.h" =20 +/** + Initialize SEV-SNP support if running as an SEV-SNP guest. + +**/ +STATIC +VOID +AmdSevSnpInitialize ( + VOID + ) +{ + EFI_PEI_HOB_POINTERS Hob; + EFI_HOB_RESOURCE_DESCRIPTOR *ResourceHob; + + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + // + // Iterate through the system RAM and validate it. + // + for (Hob.Raw =3D GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw =3D GET_= NEXT_HOB (Hob)) { + if (Hob.Raw !=3D NULL && GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_RESOUR= CE_DESCRIPTOR) { + ResourceHob =3D Hob.ResourceDescriptor; + + if (ResourceHob->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_MEMORY) { + MemEncryptSevSnpPreValidateSystemRam ( + ResourceHob->PhysicalStart, + EFI_SIZE_TO_PAGES ((UINTN) ResourceHob->ResourceLength) + ); + } + } + } +} + /** Handle an SEV-SNP/GHCB protocol check failure. =20 @@ -240,6 +274,14 @@ AmdSevInitialize ( return; } =20 + // + // Check and perform SEV-SNP initialization if required. This need to be + // done before the GHCB page is made shared in the AmdSevEsInitialize().= This + // is because the system RAM must be validated before it is made shared. + // The AmdSevSnpInitialize() validates the system RAM. + // + AmdSevSnpInitialize (); + // // Set Memory Encryption Mask PCD // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77205): https://edk2.groups.io/g/devel/message/77205 Mute This Topic: https://groups.io/mt/83850721/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77209+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77209+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162490223628814.809124121438003; Mon, 28 Jun 2021 10:43:56 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id dNhBYY1788612xte1y1XI7et; Mon, 28 Jun 2021 10:43:54 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.65]) by mx.groups.io with SMTP id smtpd.web08.14879.1624902229328779815 for ; Mon, 28 Jun 2021 10:43:49 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bqQpgxYfK5lkdNoIWtVYQGtm5KKf4nY58OMWmq0tAxO1LxRw5HQSspzHlE8e3JcfZQacNn0h+Uy5uI20dL0vs9Nm9PE8KHykTVhnqljhNCxRf8mfuEx6PO64ii6jbgni1EefKXaKjoscmr3KHHguTq3/xVgwidHLOq/Xcj/Ot0PKm0vlURL9bzlvMGL6IDwZWunDZZc0VyFCBN1ZeBTwcfcjamxZYs4MJ39lyfxuNLn+GLIDjMsDyb0D2j4ogkUiWZ3XPjVtqdZyYDzxfl4ytdFWD/zAi7C0zfGV68Px2Yz3rZaFRUdjGEotWB/CsTzBm17bM8KN/xBjHh1coRzRLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X8iJK0RA6H7zy7+jojiEXmYOCznUQhp9pLOxxxw1hJw=; b=YHt8CS4YP7XthKiWdl1p/W94P+PxJ7Gjw9IJt38y/OCvNhYVSezw9Cvz8y/sdoQL5TEwSxu//WQI+XyupPtQdzVXlekhpWmWsx3X7H39RgeK6MNm3m9h4ziIamjS8VNaVN2F3CRNKcz9F9n3oOF30ntoudDwYZZhQEqEXlzgkCOx/gVNBObUca9NLLGpHKPYSWJl2sDnM1OM4WvbJWE/5sCEPaF+vVnbuqRRw/8dmSHSM2y2Vj4Fsb76teC0RDhHsAXMLa1ajJfT8nGqFbD5hFSLUwTkJORfEyH6Rcq4TyE3bSLFZIyyjsGbSzvZ9yc/hJSpvKhJplq8zkT/ZgpdOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4761.namprd12.prod.outlook.com (2603:10b6:5:75::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:43 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:43 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 19/27] OvmfPkg/PlatformPei: set the SEV-SNP enabled PCD Date: Mon, 28 Jun 2021 12:42:15 -0500 Message-ID: <20210628174223.1302-20-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 78b6a8e8-8928-4955-0615-08d93a5c4604 X-MS-TrafficTypeDiagnostic: DM6PR12MB4761: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: sWvycFpJnhW0z24YhoMbDtVSUjq8z2WUfKDqsmWFnL24/rXU6tLJLt9kZ4gAceyBPhnLuaNc7rkRquPM0qrzIy3dWM2aNJVjIVIcEG7gkPVr+PzU7dsEG0rRMU0fW8pyAqQfJGbWgGxIeIPMNDFN37l4q6iPAjc4CrHQUs4NHsJCKw5HRhPZHMez+CdP2FoOVVpKuUCc9FJi1ZhYJB657KPl09SMYJlxzp8jamSJ/1MuiCx+cHk26O2Gej82WfnpPrZge7yOw3SwWvij68pXipEnunlXgN9nNdr2zkiON+HhB5FP/+O2JCwuIkdo8k5vKX97WPCvrOnfV+1SfgpeCbokQxB/FD5tgaOE6pcTR4L3VzANTSv200gfO/HH5enNmFzLGZsmiqE7XwfFTJi94LKX8ytPtsytAvQ2aSJ8xwQEQ7KYEb6TCftU3s4QS0vb0ypSJX+8woRFVlCX1EbOGSglMpiEK0wSAxe9ADy6JMCz+qACpTFSeeiYF/pbiqkh1QX4/TfxLhc8Oly4Zn1uAFx1tfbNLCO0FD32qq5Zjo6o+4YsIDf5aF6eyLQeFAQ2XybR8mn65Lmt/2F0dEkH0gogtZISEaR9tBkqPiCiFr6TK1waBvdNXJ/+JIjRpbrkPOUbhDhyAE8KcfRerWbBLNKCeEygqxb0a3EqvxrvuMJzSNDJSqDGPQirq08JZ/6+PbauPkdPj8O9d9cETcv4h4+gl89ySUwXJlmlGeDbi5uFphhrJUngX9/9StuO+g3CxDcyE3x7G84cRutV773VI3TdjLHXTOVqgyVKOJdqhF86rwJlWUEPTeQjfM2G2KYh X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?KM1YHJM1gKX4zLSnn5ZNgIm/BN2b6gAlqbNf/I467GqYi8jAZmD0SPT2oBir?= =?us-ascii?Q?p153DHVxbalcijlvpcYru5ZsSVZajkSDHWs58Agzkq34oVrXX5foao0sBxuc?= =?us-ascii?Q?s/4FQ2epb9fZmK0HjK+c/sAyo035QVuhl7TUTesyC9QX/k9pjmt/k/+Eq+6r?= =?us-ascii?Q?MDnJe8SynjanwX9GpCRhh/uLy1JHPDzIxBcqy0IazdJzVYCqhY/KVAXyYANt?= =?us-ascii?Q?ct9UNddNrhSjiyu4+dp/XpqYpWk8ePDunXGlNTy+bdFtrP+VzBGFohQhpCT1?= =?us-ascii?Q?1Y0sLFgomyzYP1oVMtONOY9qz9TrP32ZekQcrDKRusnq97DTS5darS19vXFF?= =?us-ascii?Q?Sx9c3YrunFFMTy446Mi6ADHFGpoenEVFhEyfKoyms2JstUBvh8V3jekDEjwy?= =?us-ascii?Q?C09fvc5uw1Qew/jWksa1vAadLtuiLhv5XYS80NqA9EJjGzAQDjXqPCmrG6jj?= =?us-ascii?Q?kFm1GiXi24ExhPAealWQqyi9C+h6/tkjZsrkUnlCd8wSG5Y929yuwvATMtTp?= =?us-ascii?Q?DzxZRg2IUyEofkEf6dTE+z/+DqnYG5RYU6UVrKXoj/31E+r0UBgrDk5SoBqL?= =?us-ascii?Q?zkdkVp0tAf07gX8JAG/Z8WuLm7IyiJHUjel/lSS37UP111ffJ3nl+GkHykaJ?= =?us-ascii?Q?CyyPHu9K5BCcqUicEDCnbTXHmuVUT3d/DouFnWaLi5xJ2kHQp8zP7iEOEzSA?= =?us-ascii?Q?E87wgwUitkZTxFBT//WkILL1DCujvK/FU6YHWx16XF53BWdbWKaY8+D4yiXC?= =?us-ascii?Q?UtkeuJDTWG0w2o/bpAhDqPxFUWwcPR91IMcPd3Go0xl6kmONQ/PvbLrSq3Wd?= =?us-ascii?Q?ZTyk3cwNrQK67eQy12xMl55s3WlKtqyW2y291EH6iuJ71633QkftFcXUXpAn?= =?us-ascii?Q?IzRFhXVfoxglmt2/bUdpiSVwQQ35BrMxap4aS/NSeaa9yfXsTDTXKy06ZtRD?= =?us-ascii?Q?wpXaSXvFUTmz2UnmJkH6HO7UTKi9lQJibg99m0hbCSs7BQw0GRBByLpRVl0U?= =?us-ascii?Q?SmIvxSz1GNSAprRTMxW+FTMM8J+FqfI89KJsYznZ2t78v1BGbi1bF6PSF5W0?= =?us-ascii?Q?vFihZVsjQJLIjJ/lYKHyhrXqwQHJdhR3kwJFhsIeT9cM3dL3eZiStzaa6pd/?= =?us-ascii?Q?ieKWMpaBRJ6zyMu63RQArOrhOfzYGiK2/oBpB4MsDp7ce5SuFh24DEv1mtnV?= =?us-ascii?Q?RvzJZNeIgHONaYgnKDSwIdQ22/KqmlglQ6WmQpshaX30CKaemi0VemqypzKS?= =?us-ascii?Q?0k7ZrR80MPhE4Ef1z0acZlvl96UtpyBAyLr88RcMiYGLV5nOLr/9ORfwNU9h?= =?us-ascii?Q?FbHkFwI9ishCWJzOpjnC7m7s?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 78b6a8e8-8928-4955-0615-08d93a5c4604 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:43.7256 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xp9Kttp2ZTaWqvHTkMhGQGGnAj4Yy82Kw0dPbJI4Ujg9xSXEWn3AjUrL62FIs+X2xlXc61DB8mCzAP8DJJsfSg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4761 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: bGg6OEGkiEE7UpiofKJ2HSHfx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902234; bh=5MQLXiOm/FZTUFzGxJwwZaC5TsLAOUPgg3Ec8iVLER4=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=YpecfqBaB824SBRm66YPJgeZaZdFuK+P5lrRtzYjd34YbiMqOEMiNa9di6sdH4U/nyz tmD445zOo6rbtWq1ZWKNrE3qBZwIDO4IwLrbrK/RAGgyIpbYt8lC81tmMGpKFCssGOWTR X7PiD0/6gB28rzPklH20i7g1kIKpSMjIPSM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MpInitLib uses the PcdSevSnpIsEnabled to determine whether the SEV-SNP is active. If the SEV-SNP is active, then set the PCD to TRUE. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 89d1f7636870..041b3262ff3b 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -106,6 +106,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 391e7bbb7dbd..ec577ef3efcc 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -33,6 +33,7 @@ AmdSevSnpInitialize ( VOID ) { + RETURN_STATUS PcdStatus; EFI_PEI_HOB_POINTERS Hob; EFI_HOB_RESOURCE_DESCRIPTOR *ResourceHob; =20 @@ -40,6 +41,9 @@ AmdSevSnpInitialize ( return; } =20 + PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); + // // Iterate through the system RAM and validate it. // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77209): https://edk2.groups.io/g/devel/message/77209 Mute This Topic: https://groups.io/mt/83850726/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77206+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77206+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902227155592.6302165066957; Mon, 28 Jun 2021 10:43:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Y1KTYY1788612x3i2Zu1PdtQ; Mon, 28 Jun 2021 10:43:46 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.88]) by mx.groups.io with SMTP id smtpd.web12.14900.1624902226236465703 for ; Mon, 28 Jun 2021 10:43:46 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cbv9W/QcALpW14t1jXPpoW7k0N6YQEely4PVle2SY3nQeJV+Z+WUfJHXl+s7P40Tc8Wtp+yLuqB3SeCsQOZjEQzs9rSkRc5XIsoA9+mm+i7wUm+2X4rMmpa18hC+2vCfdomib9MSOxyfL2rIrqpnttvXXVPcuJj6xu5rL0m0FqKoPAbHeEnKZ0NgZx5G9G+KiQUaH8JvYjJNqtGe/ap4Z0deu+dsESabVEYnfe+XC2GlSMm+yE+UxAEJHr0siSvVcKLum8tnKitOPSqDoTeOmGaOxi839ijcHPGsvjLRNL/zkiOZQv5Hx80/HEtt2fj4pD7QowN4DB7F2JfXawwKoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HarEirsAlWxBPkdouOrEXW02GvfNEf8OJefmxvRVBBc=; b=DhBvin9XbKL9I8v3v4/GIWLDGiDUllgSNIUd9suO9T5W5xWB4nXAgEOTGLpyuFUHF+sLefs3rHJXvQDAfhny8r6wfNBunwUIdoj/3wReWPew9BdGFjmZop+EzyF9Zk6depBcrhuKQv2kQC+IdmdFwNcJ7RkKGF/N+B8vXXtqxjTVWBfSw3DySyp03dCVVOesbiKCEK/74u8U7+F9mmdLetkHSDgNsH0GRob0b1/xEiJ8fDVbkVqh2y67EQVtizNKX7+PkjQZBD+gbQrHr4RFvcH2Y5M2VJUyYvV2DNfpBNS6WmZAjmE/nSiOu/99psoCb8MHvmhFinfGhO+bJ+3PKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:45 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:44 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 20/27] OvmfPkg/PlatformPei: set the Hypervisor Features PCD Date: Mon, 28 Jun 2021 12:42:16 -0500 Message-ID: <20210628174223.1302-21-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:43 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7cad8306-4a70-42f2-b004-08d93a5c46be X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3276; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: gJRf4fIN5CWeIf1iljNoo6atgM61NFxF0iJanIBzi0pXtYc2Xtf/Vi/uLbPHRunGjIvM2QxZQR10qVJkHGbPkyC9BX5UeYhQGICRNA+QUSp2zXkJPZv/fFYDtOknkOfi76bz8A+baGfPCHJuFVs8YGVOMG8STa93LMwNx55B5Tn3Px9QoZxPeLomnu4gtsHQ4KT028JtSvaHWAQyj50UtE73MsPNxQkycHQppC7UW+Vng651bKQtIZfVvU2PW6bmCPRVD0dwJWicp4d105G+Wh1nOqTORJvszpku8IY8kjAYxp1Jkcy0afJe2GcXcIY8VWYnt5DufBg4KidBtErxDpfCa2ThjtnekB+2JwKeRX+omU0B1IixXxmvla7T6FDGHYzTU1NmMwlaxXxK3S4LcSGeEVIxXQK/X0t2udDHM/1/beDDFCL6AZhC4OgW0cy+iLJctnw/aZWa4l6bauNO8LG6cKWKKnN0dXizswyJkle3USvXt5noYJZn4tBD5bQOxWbRs24xOX27WVX4iaTVYJrtITdtR5LP0AQYyK0GOsodmAPNheK2Hsm4+yeXEQOsqjxf+lEEEiWJ6xwSKXLUEpYnkCJtu/7JIyzQMy3Z8JliOiMmIc0TZQWYIpc7ohvBsybWsAD2Jr59sqxw2OaV5tSLbefr4A7lgw6sKknJ5yUCw2Fap472DqXvHpPHLCtIRG+2Yl1DWcefcJj4lUdPsAJpcWryA/YSK9yEjkxm6OCGlvCv2j2dpZwcp4xpAxaZ8hG/zfI0B+zOBO6QpzU3w4aHXAdvhQRzuPeIKJ9TVFvWJIbDzXh0RjDCJy5dF6G6 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?5D3asPh+wauy7PVuJAfC2O4ezAcGw0/XrPDfYbNVXLbKElp1EGBvSNg2lVqJ?= =?us-ascii?Q?y9y9o8b8wCV+UxmjpvXDAQSpuAXNy+TPG/nfRgbdAzSYBVp7HgfpgMIpE+GT?= =?us-ascii?Q?Pma/7EqkBJYRubcnxOXL+XHK7Rtd74ppz/HVMetEraIQgJ0vw3c1MP+2588m?= =?us-ascii?Q?7OUVf4V3VCAWlqoXbl9bUcCFIKKpuT0WXlLRsKgJV3ndk2fXVJjfxL2aaPlZ?= =?us-ascii?Q?WM9lutLmZ14Nph5RX3q2cyb77EHX7E0obQi8pTWpZQWBaUmrhZEaKyxXhyEY?= =?us-ascii?Q?jXWZyf8Vr5OPLmwW6XA7mHHXyJGu5VY+UMW5y554oIahbT84iKBMeEXYa1qJ?= =?us-ascii?Q?P5CIyrEWZXnjxJ1guuav7J7wZmoWgxyz80kn620xymgDzRIAacq9QjcuvZ9e?= =?us-ascii?Q?JM7iXcJxCk7rcVv4a4Pj9lzvskt9pCn2Y9/n3IN/V5KP8wlx5/FMlEq/YVQM?= =?us-ascii?Q?k8mV4sPngv7XYsytL5OqQi0rkugsGB/a+lKQ64Y7C06O4H/WCc8ZLk62fIyd?= =?us-ascii?Q?DxK3sbuLKdC1aTF5WODYiw9da64Y0wdslBNrEt38hGV+TnRGqBHyJjb1/iWP?= =?us-ascii?Q?ZM/9opxsbBSC7xUlN5OYK+43SQFyYxAeBCYzbakzqPIv6GOfF6vsz4Fa/Gl4?= =?us-ascii?Q?x/S+waXkl02T1qQRsnp+bUcA7YMncWrIYGbGlfnClvB5lWPJ8yzQrpMFxkHo?= =?us-ascii?Q?mZFoPN5C50VYxpCwBd/RrwlnttY1gHhjxqnOvXzdSbkmQm3psvzY5Twof0Ou?= =?us-ascii?Q?i4rHRz1g8Qqi3XLddctXwI3nDE5CtWMc6RH4qFtAS/OFImi2xubYKSEAzUYy?= =?us-ascii?Q?ZuUnRZ8njcR5T7TdZcuFU0jMjsLXxE2sfoLd8QJH6wHvgwm5/WsiHwn1y1jm?= =?us-ascii?Q?bWAsV4XAQ7DyRQYC9Cd4LvUVqWSZnXHrTytvU0MCPd2P7QPf4dL/Vrmwm4X2?= =?us-ascii?Q?6ejhURtVYN+qE3EMgGagEyvnUkoI3oTVNtmhocTz/hnUfjlqMguzstLDSb4G?= =?us-ascii?Q?42cT9DfTwELdS64GO3/OH8IK8VDPC1S9e8cmpfObLL/Z4OVY/Ccisg+ShpNY?= =?us-ascii?Q?g0DS1Oaan69NKjxYSOVcLqusDdM1LrjBcfXcfmRlFEmy7BJ+wRcGGRJJe2ez?= =?us-ascii?Q?wFijSlz48z+MlPxh0pLK84uRcUYsJAhLcCxvoAlX5yqFy2NCvNnDzWcAplfy?= =?us-ascii?Q?kTs3RUfuhxX0sRI2eK6FOJhpdoSobDMnB5spxeVt/uZ552LeFJIYYTzru8GN?= =?us-ascii?Q?zXdVcmIuhcBGFMYEOQ7RhMTPh611VYd5TftoMFO3cgOJNtO8SDAeBsQ1ieaK?= =?us-ascii?Q?3RTMxozoJCbz2WxuM0A2snBA?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7cad8306-4a70-42f2-b004-08d93a5c46be X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:44.9209 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: W/YX6JErLdTIzpvKtV8/9hn3kBX0OBhMfOs7iImOrMAaLdvBWleFVQrRn5YR/ZwsMuVRYhzCDrGiIQqgKOpd1A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: Yf6Fw8mxLtA2EpCGEeTFP3CGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902226; bh=ZbMRmhvzf8ztWPEF2MreUV+aGLa0uG9VJ6RDmLkbzwU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=kzMmiIhqHH3q8Xz9cFWxqUZ19Xx/IL6YQoUjPYB2tesfwdWRrmsUbOhFfVswOm/kiGm 4z2ZLpjCRgtUT6nubeShhM7tRCG8SoVhPQITFSp3uLAy57xhQm4t+35PCfQOnXgfSROdG tviDhGswWEt/K5TU8nO42noJSawe4VRo2/A= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Version 2 of the GHCB specification added the support to query the hypervisor feature bitmap. The feature bitmap provide information such as whether to use the AP create VmgExit or use the AP jump table approach to create the APs. The MpInitLib will use the PcdGhcbHypervisorFeatures to determine which method to use for creating the AP. Query the hypervisor feature and set the PCD accordingly. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/PlatformPei.inf | 3 ++ OvmfPkg/PlatformPei/AmdSev.c | 55 +++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 041b3262ff3b..bd0ade9f33d7 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -62,6 +62,7 @@ [LibraryClasses] MtrrLib MemEncryptSevLib PcdLib + VmgExitLib =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase @@ -107,6 +108,8 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures + =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index ec577ef3efcc..b488cd5aed9b 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -23,6 +23,12 @@ =20 #include "Platform.h" =20 +STATIC +UINT64 +GetHypervisorFeature ( + VOID + ); + /** Initialize SEV-SNP support if running as an SEV-SNP guest. =20 @@ -36,6 +42,7 @@ AmdSevSnpInitialize ( RETURN_STATUS PcdStatus; EFI_PEI_HOB_POINTERS Hob; EFI_HOB_RESOURCE_DESCRIPTOR *ResourceHob; + UINT64 HvFeatures; =20 if (!MemEncryptSevSnpIsEnabled ()) { return; @@ -44,6 +51,15 @@ AmdSevSnpInitialize ( PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); =20 + // + // Query the hypervisor feature using the VmgExit and set the value in t= he + // hypervisor features PCD. + // + HvFeatures =3D GetHypervisorFeature (); + PcdStatus =3D PcdSet64S (PcdGhcbHypervisorFeatures, HvFeatures); + ASSERT_RETURN_ERROR (PcdStatus); + + // // Iterate through the system RAM and validate it. // @@ -94,6 +110,45 @@ SevEsProtocolFailure ( CpuDeadLoop (); } =20 +/** + Get the hypervisor features bitmap + +**/ +STATIC +UINT64 +GetHypervisorFeature ( + VOID + ) +{ + RETURN_STATUS Status; + GHCB *Ghcb; + MSR_SEV_ES_GHCB_REGISTER Msr; + BOOLEAN InterruptState; + UINT64 Features; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + // + // Initialize the GHCB + // + VmgInit (Ghcb, &InterruptState); + + // + // Query the Hypervisor Features. + // + Status =3D VmgExit (Ghcb, SVM_EXIT_HYPERVISOR_FEATURES, 0, 0); + if ((Status !=3D 0)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + Features =3D Ghcb->SaveArea.SwExitInfo2; + + VmgDone (Ghcb, InterruptState); + + return Features; +} + /** =20 This function can be used to register the GHCB GPA. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77206): https://edk2.groups.io/g/devel/message/77206 Mute This Topic: https://groups.io/mt/83850723/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77207+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77207+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902233251354.95600017841696; Mon, 28 Jun 2021 10:43:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id T5YdYY1788612xzZuX50Fsxa; Mon, 28 Jun 2021 10:43:52 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.64]) by mx.groups.io with SMTP id smtpd.web09.14610.1624902227397063874 for ; Mon, 28 Jun 2021 10:43:47 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XVGgQdQXe7CXqNMj2PwEA3gxvE/bM6aFYkJDZBrOjKPPDxMNIpzLpzj1LEWVZKyTSikZs71sMmDr1BF36tfAAgM0FLDUyWZuYnJRP2+vId6NeSzNZva/fEHD5wbOhhSNWESy7XTvNsJp76E5kQ0cM7U68Gc9Gs0mxXC3Q7OeII4v2DQeW+IOs5PS0yhKlvQK0WnBQeap4P6JThCnQiOZTKH2IUprmN6EMp6KEPgYxX/DBo6BVAXoc0DkukZaQekeeCMcFZPQSQFuStM03aFa0ZfV8Ldf6QXlh/gCOV/g+2JuakLikUHDIZJJHiJ0fjJGWJnOHOvsnYf3A6NXPu9w/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UHKHJe4XyUZ04UvQeupSApbDJ4OYsY5WmHCS7X+qyDI=; b=NWVxXSmqQg/J7dITXOZBFVYUFjkXIb2cbHr12h6N/s945TqxaezBeQU0hOzEwBXZV7DJkBVbgBx0e6tWclBnGvUc71D4Y3SLMts1MhhZLqrX3Xp+ZlWiqWjnWvZK12XmHPOvt7jMMNs/Eq1NSurimAV+diRfMTD7BBlbl2vn2beHncRO6Q25+VUxxnizkCyyPwWkjxa7VzjP2JervUz8BrhbYiR7Pk1rIEv2TBtMUVF6Xan0uBjGcRYFhT8C9DUUXFWeBm9ISSqZy9iWsNTjYrVWNrNw3zMBlFirt8DwPYnzKFFQXQIJS9u7DZKI+Hzda3wzLN64UCsu/c0QcOfNxA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:46 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:46 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 21/27] MdePkg/GHCB: increase the GHCB protocol max version Date: Mon, 28 Jun 2021 12:42:17 -0500 Message-ID: <20210628174223.1302-22-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:45 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cf050183-2f81-4d3d-10f1-08d93a5c476e X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1060; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: T0gbdTPXgtBdbTl6p/rC+v+Gcs5HYuQFkQ/rpnseZmmN8d665d9hI/wMAmAA+4Iny0Jrk0bswci+Es3CoklquSVNUJ2Ihe/bp8+HQJ8xeCc2F69EahCcO87eDtfksO6iJzKNcOgx9AbVrze6m1xdSAIxD8GGEilbZKV68N/rusT1L0F2VoUxf9QUjrWQbCBfQjSOGfcfiUQ9LvXONGX2aKukEZ52wubDdLYfJER9uosdL5Spp7a+pL/9UCK9zf51gryzXlnCDebMpBeyezwVNLxljAmSW8q3rcdd3jsyVNZlJ215YdGkrtAFJWSgrcazFFCY3EhgOYJTscBwpe4uQrWqThyd2JIdtDT+w5lmTRtldvuhhPjo+4DiYVe/HyG1bKfSk2ApfPv/eO7gsztXJdkc9NPeS1If+ypQhNtu33NaaoIRbcKeKb5QdGqvaHtzreskaxyEBd+g7alvMG8San/Oqf9YTPOh4JOqogTA0uSB00WOtb1z2RyyAjdb4HzNjmLRYLQcYtKA91EEm/+suudAVzyLWLskwwb5LGssyQ2F3jgqeewwUX1mNNebPWX60yuJvxS8NMgnx4qEiarw7WQuZyxOgQb7mnMHgItFLFwRVua1ODNfrc40z0n1R6lcmxucrJct2CEngJOUQCuuXPAO5hDCdDgKeFMICDS18p/f+xq2LXHWzMPH5lE0A52GBA4KQwLoJyWtop7+n7cTKyFrTiiGRspb10EP8GTL6jWYI7AbtL1hffINNIszknI5rigUry8qTmPa4QyN3ZNgjbDffGBjOQmoYCHMBxvzQ9MMpT5NQAx/+rwb0hVYChcX X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?f0N7y5/IjRDZMXBYJHwRwS9gyCnm7Vo8N6gC+ql7+4AtRMq9q3bCAnbeW8wz?= =?us-ascii?Q?Ze1pTlttjtbgfylQKhDcyvrQBpoVHCcNkoZ5RY/CWv+ME3iXX/SbIjiu4AJB?= =?us-ascii?Q?Nq4Zd4HTox9tYUBmyYEpm0uwPkTtgAKz1M++WJgu0OIp6OF9eUQKZgtUoVz4?= =?us-ascii?Q?eGtwBA0Q2+rBk9a12kcvti0fPbu5pYk4JBH6sBwhorxa3V1niWIIsz6a4D7M?= =?us-ascii?Q?+XOnjc0wJbc4EOhxZv4ZBfWsvginxX3QPM5Cgji0qcUQVOr+lo3XpKJHhLku?= =?us-ascii?Q?Xatz40jN19mYuq7jdslqcxAW3c3G/bOC+yakCRaQ3AztlyPHMkXEsYivoS2v?= =?us-ascii?Q?GenJfmSqdJQYVe/yc4HRer4PzSQ9UefsmDnFZ98Ji7bqEj/bKuZXPmsUNlZI?= =?us-ascii?Q?2QiA9DwLdI23RMWfyDg7PbNEJwCP1zv17H8Ms+/ogAE4PI4o6yN3uDGGdSlc?= =?us-ascii?Q?ly2QvXR8uCyVw8eHSbIxKJ5SjPPghz9bgH7ONgXreFhtB1CJ6Y6HdTghWIf1?= =?us-ascii?Q?Ep3Hk8vEAZ95zWtT1Y7B4vKfJ1QNULSkCaWYEtWniXFCM4ESjIBa/fXvy95u?= =?us-ascii?Q?vgNxaCBf5S1IGiQ9d6kxJeRt1lAulZQfV3MYsc7c121daejKo0iik+jnSIVQ?= =?us-ascii?Q?/nomt9iSC3imXf6NPkiQtitIxhuGk1fJMZhsVec5Ic+4+HmdpAt9aqmH2hk4?= =?us-ascii?Q?JEPpnlZsbXR5Kn7PIFbwQoC/7Uk7wR3byC+7+DjK6GA+pA7ffVzcwIOcDc7B?= =?us-ascii?Q?/zWwt7OUObOMCeUUuZQu39eJoOApXzot37cqHjBtht32XqkzXdNwVibl3FIU?= =?us-ascii?Q?hqTftzJh/FUWG3fUdaVHrMF2R+hxus1cRpUDcuHmJvld4hLWvEsoPwHFSvTK?= =?us-ascii?Q?t6sr3cpLqKZYgS2FsZ/vV8letFLiwwE+Gbl1gEeCdUdd4vQMJnFZAVKb+eJ5?= =?us-ascii?Q?JVeDH2LJPXVYqXQ7mQvrYbvU9yY3OhHR093OnuAXZkKYL/sTe8A7+88xkVal?= =?us-ascii?Q?S4aD0dvpNSmjHdbaFNX+lQPKyUj7fnjnotFcVfGS0tY5J7GkVvRwghDOznRd?= =?us-ascii?Q?kAphWaRR9jk7mdTmCheKprfg5PqRxO/rAhgwwOzqkZP/vKYMa1pSnCYIJREq?= =?us-ascii?Q?QTaWlHj92p3XbM02YCIIpQYKPlZyzYkaR9ck4Qp0hwAXnGmL8aWZ8MkM7EOW?= =?us-ascii?Q?T8xT4yCmnwypCEC1oYd08kqOWLWf+j/AvnQtkm0xolXpRlMABR0q1O9XizM/?= =?us-ascii?Q?5Q5UTIAcWun3P9iqEKkvy8p72Tto9dTWo+sy4HhhHL93RvY7H6s1no20G/o2?= =?us-ascii?Q?6RI2XW3OXEXJWsbGDihtKF4r?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cf050183-2f81-4d3d-10f1-08d93a5c476e X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:46.1012 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HAUhaSZ+Bli0w/jhi2R1ELmmGQQWhK6Iq/UVeuf8IYEjvcliuSYo18KSwYjo7IaFL7NN1DUNlBd8cYTl0l0epA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: CaENUtI1LoXWooUP8z5We5x9x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902232; bh=PyNz6cM0gPXWXYrYVeqIGMjjXcTLqv3eksczIq6Fevc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=bIaVvBAjsOnUuxxjQWKNKkLf2x/rejBt9gmEmgDvYD2IdOgJGgIkGlvFnPOcjMTmPt1 aE4TMAJA7Td7nJT+EPTR5hCx7phtMfmYx6UAs4dPkQQT8tNbDDO03F9zhzk7AnRETmTgp VKlO2swGZpL1s6Qi7BvLJ31tEvbgr46SWoQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Now that OvmfPkg supports version 2 of the GHCB specification, bump the protocol version. Cc: Ray Ni Cc: Rahul Kumar Cc: Eric Dong Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- MdePkg/Include/Register/Amd/Ghcb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index 8c5f46e4bb53..071aae0c9e09 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -24,7 +24,7 @@ #define VC_EXCEPTION 29 =20 #define GHCB_VERSION_MIN 1 -#define GHCB_VERSION_MAX 1 +#define GHCB_VERSION_MAX 2 =20 #define GHCB_STANDARD_USAGE 0 =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77207): https://edk2.groups.io/g/devel/message/77207 Mute This Topic: https://groups.io/mt/83850724/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77208+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77208+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16249022296291015.7150612078916; Mon, 28 Jun 2021 10:43:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id yETIYY1788612xgWUt2d8Rkf; Mon, 28 Jun 2021 10:43:49 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.44]) by mx.groups.io with SMTP id smtpd.web08.14877.1624902228671586510 for ; Mon, 28 Jun 2021 10:43:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WLtorzXBQGhB2PDwpcCywjWuq14dkdSiudgM+/67gbo5Zbgy3Bk1wdDLwJUocvylLI1dcJLE/Z6iYDZnDkJR8TXcT0hYmom9D+FggBZojFww2Mb4AtY1YRHgaTrowpkCdWeZBXwTMZEf6KaKlz3XeISZbBFw6OQ45yHm+wuAVYHJ3d+mbZGznkXtGTFatsGkSjnZLWhHitHR3Q+dAst3kGthxHCs/pEi9mX6I/YyNxWoa5cEaV/Ta5i2iLwleYE7tmx/F0Qc+RlC8zE2MkIe/nPVZuIQBFc1TxoEnnZUkFZ5WIX4VN5B9sNit62VcIL7RhuXgfe6mLiNy1Gg5pJdjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jnV4wx21PfZMW9co7YNih0oU4CYUYbvSzhQbQWiairo=; b=R2DL73upmzSwJLiFehWaL4BOinTYEDCnmAZFKhI4Fv/W8FF6dq5gLa1Gccd3WJdObiQJbvfTX/+40czVZE61439gpxRESTB5hLYWzr0B5BOfuOji4F9FdnxVrKPubq1nnl5fQ6XRtxtwCYLN/z6V/kYwKIkW6PWZhEBO0KBoJNDblfCMVqXMyI1Zu86+S1kDeUnsfGoYsXusK0XAqOf9U1rE0OZlOZ2rpxad62YQmL/fCrX1ScjYbYNM6iAxxIg66vn/yU4R0v6w6nHfkGp6t7soJYrAMR3JRBVqPqqPsZ+Mvy8tug89y8EC3zyh9MLbUgXY/sao+ChryrCK2O8EpQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:47 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:47 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 22/27] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Mon, 28 Jun 2021 12:42:18 -0500 Message-ID: <20210628174223.1302-23-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3b4eb0a7-3b1f-41fa-bb78-08d93a5c481f X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: zKGgY6SmG+ByBC1wpg6CMDoHxV7sOj4dh9hiQs4WFn0YGmeNId1KTipiKL1EyzuYlVtaHCNydLvUuUOzcUmn5NeSxJlmf9OP9U6WdFIN0xO3Ap6158KlmqXV0fk+kQHjiFvs73SlZ93tQXRhx9yo63riUmn+lo2ylpryLndYRnGsvZqkG8IKd/S3jVeqQMEJkfUZb1TPtl2F9Z3YOlbvmRE0PNkmauP0b5vYx851e1BWtPOAf3eSlswDmecmpLVg7dzGe9BtPOvZw37zjyymp5NJ8aXKeuxH81qtqZnrSFYCs4LGx4PF3C/6Oi+0WkSPFlKMn0dzO/I/wS4wzSFvsy3N4vv8zQsV5+d/TSl6C1H2HX4ok5G88ThAB1US44BBbhfCySjNQyozDx5nAomkipsevRGY4DaBRcF8sbirIJ1Trw/Az5Q6PrvZoU4aVo/VXVU4/4ChuHXc7yxVfZPRQypTMZilRzXawiXfzP/cDK63r5jKxxwJU6Gp3i5wIRG2qTFgiBYtUu3t3yJMcKert9O5tJcP7RpTf9SjQtv3nL/n8u4Ln636yospZ/4Wkn5Ylpyh5qa71tyzGaWkE/FeABkBiKOOhT9WF3O3EAxNMrWtALz8TXQFuUuPWIc/URmPu8bocXOqQoMzjaw9n17HGzDBkwb5ixUTBAbDPTUe9Kkj8P6pOzU7QCmrInBVRJr/GZCyEX+l65bdGdGyKN5JBdvRmnfKz7d0kjhABSkCaZqSLTU2Sl8WvOIdEoiF9fKeGcpwWQUxRQsqet21rtVOJX72dq0qm3h6bsRPum/B3HI/3dL0rUme3vvo9v7GXgiy X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?1qXDpkY/RM+SgxYS0t0C59rvO72e+mQrKZXooHpoLLfwVHjBUzR6ys38SRFg?= =?us-ascii?Q?74eW/aySqD7IqvDCW4rU2mPktO6SnmvyqGC09Ex5MyQFxcpRgEe1oL2Yqjde?= =?us-ascii?Q?u1TPO61NNskRBnEsNhILy5CZmcHRRU8eXEk+t7uMZfuoTWJlMx6ChgVcdcDr?= =?us-ascii?Q?qyQWGf8p7dh/iOkl9FjYmi3SN+2UyvnuZUCRdC2IWiXRzMj9ubIGXihs+/K5?= =?us-ascii?Q?VjBrWYUeFYIQ+ZJKkkX6SL9bArk2ajhXMrrHuAJwGi3Ywj50c8+6T1q22UFJ?= =?us-ascii?Q?CBiXq7CUtwggfPVoQ2fqlrz1D1E2YUDwYHhR9GqXxB+1ACP+s28KBTDfg7+o?= =?us-ascii?Q?cjPkqeU2x82255WgL6cOuwtuoqTgWlIjC9+zSBEhMgnDcCn+mpcwp11NTGBe?= =?us-ascii?Q?h7QE8Sn9WX/guhX/2RmuHvXk4RPJUI51C4ZSlT9S3c/LzvbgfY0DC7GHgxYy?= =?us-ascii?Q?8hpEKRArqQslSdledRgtqc8r3nxC2U0sdMJevjZFgXWuOR/tVlU9WmXlHswF?= =?us-ascii?Q?SpTmVfXOBb0DmwXCY+USsHWLbfz/Bbr2OC42Hdg6isSpD45AFJH1jchnODgn?= =?us-ascii?Q?+kxVOArZWtkyLHvrs9OtGJuW7y+wvl3KKjQ8bii0Zodo+3n1dKTz0pyNxGWY?= =?us-ascii?Q?Xjf47cUtmJ4VNbznkCSFRXFIXlXI0CvwoxEPRlSDoVv2VA6v4T1zqpeORNAu?= =?us-ascii?Q?inJhihL2fRhQlQeoKk8ed6/BWzY2Sd4HBw9yVcwsqtaYo1BUB5e4fD0baQEL?= =?us-ascii?Q?1gjCY0uqRPD/nlb8V6OW093pN6WS4E1PVVuVTzK0JqWlJrUXd9xSMQmjHnFN?= =?us-ascii?Q?XwpcecHzy7qvsjT6TfumY0lrEVS21mrYwBbLlyT8hh7TzAJC2sSXnbbhgjbL?= =?us-ascii?Q?1vLYrB6IVPxavpOLrT9onMueoIICoRvCA0GSw709uLhTh7uc7ksH4mmLcvRE?= =?us-ascii?Q?TkD8pQQHxTdn1dYDRfaeQbIkBfWBhT+6I4S38hUsayEfwQYSR/h4CZxOTEgb?= =?us-ascii?Q?0pHkhqfv6qzF8x3y4NlLJJFtpB2+aCZi7y2zIqCc8ahbXplUgnQkmsGApL7v?= =?us-ascii?Q?KPYTYXfA/HwkJfI4+qXhgcJ2na0jfHo164cBHo+V+38hhoLAMeVWKfezzBSU?= =?us-ascii?Q?cCU9AFmQeXiWpgW0mSQemTBS9SUFYBBa542rKpAu4/XjyS1wfUxzDvwONdlN?= =?us-ascii?Q?Wm9A32zl7Qx+hVWarVfudHSvdgxf92WhG3lbvvBOwj2Tsh3yowavxeZXoe7X?= =?us-ascii?Q?p1mBokB1426eeo1pdIBuysuQd0peN+wus6EZ8Giw74r6d+ubINvUMUMnk9Yf?= =?us-ascii?Q?VaS1uQFQlKvKINzGM6X7c8J3?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3b4eb0a7-3b1f-41fa-bb78-08d93a5c481f X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:47.2226 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jZjzAyfLDS5HV3UmjYK8iozBn1cKH6M1XyezkCa9dVe///cF5CiG/iCwvB3Rc//8/LTwofEkKFSpgl1CxVDSVA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: v85VVhrETXtgZonrG0QlNAisx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902229; bh=o8w3eEd8ne+04ML30pyGrzJ+cxfx1Fyha0vFrwqzpdo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=QkLGy8lIuTlpvqMhMSP9mx8eAizE7uAbIY9ijtFv67zqgS9BWD85oacp2ZhSEPPOIjG q0cSCJMqsiptVv3i9ailPa6/eSxTAGY2l6UZRTT2eI30Om7iVNQufWshPnzuK2PCWzoSi 3Fed3y2HC4FQdGLm9t+Ln+7ftO8evbhqnOQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification section 2.3.2 for more details. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a524..48d7dfa4450f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b5852..ab8279df596f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c983..4abaa2243d0a 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index b9a06747edbf..586cff2f6813 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2033,6 +2034,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..19939c093d2e 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke =20 + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77208): https://edk2.groups.io/g/devel/message/77208 Mute This Topic: https://groups.io/mt/83850725/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77210+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77210+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162490223074860.041754814379715; Mon, 28 Jun 2021 10:43:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wf2vYY1788612xULnDxXuAMq; Mon, 28 Jun 2021 10:43:50 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.54]) by mx.groups.io with SMTP id smtpd.web10.14866.1624902229709037231 for ; Mon, 28 Jun 2021 10:43:49 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kUz4txwoMQjxl2Ag3LE5iFPqPJl6+zM68iKqIIqQm6jjCfqt903J/DhUPNkQtU4V0MYruYn8kOAZxnIodI4Q7PPMxHe84PdtCzsaSmDv8sZSL6ji7AQSPt661bSLVFaCSqOiEKAgm9Axv1m6E7nQRCyxw09kZepqGMR4mThMzPxIXKUKj4tb2RbVHkLB9lt0Zq3jglrG0bWHujJdqL/iUOhJ6u4pqYmzOG2XJgCFOuNYuiceCOpqS9a+G3IPIQo8XjiuJKKRslnXZ5GV9O3Ure9w5woYbDzVjDbHooHgVLK1Tj6KH5avS4347wnXalt+uoqy4JiIMBjnc3tR8didpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a+xem6I8wVE9lFVXOhZPkFdzZ1K5q1JQN1L3V/Xariw=; b=IrHk4QeEBoGHOdhUNHzdQVvHwlm3JLtZG1Qx/louln7vrUb4HUnpqZCcEWCl8kMFInnhdD1BmlxghoA8EUHUQlPYikcFH/40rzdXJTeAmC+hf85xQWuYtUu0kBYKRLOalqECV6fTAcjImDoeVFFnVTPCi1QZlOxzy7nLSVih39A+0OAkwh8bjBLca7UA+iupVZaKiAD+dmnB9cMd7boQcYNY9ofwLJQjX6MAaCrr3ggJAe30sG1D/+qsNgDyboto0gmTRSXUQqSu75XWW+H5Hv7ThD35pZVYeOFL0WaxZK4hw8l2dplMXGyTiN2i4E6S/iRxWm8hCawiN+SUtx5JPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:48 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:48 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 23/27] OvmfPkg/MemEncryptSevLib: change the page state in the RMP table Date: Mon, 28 Jun 2021 12:42:19 -0500 Message-ID: <20210628174223.1302-24-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:47 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ddadd8ee-623a-476b-b036-08d93a5c48ca X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 6DC+tLC2UkYc0zbokeQwWMbQiflqUHsDhmc2BahoOlI6JAuNTNWUhcoXiWZF6eoumiK6sxo7QfVQLtsrAJiwsFR2mIT3/LntXgANoWTkXlNCpC0XlTFTiCNiqFGJJZA7E4wQVuZ8A9ImO3ePROmT6piXmrDBEocGAuTggHuda5d5cmYUrWVSL0c6X/cEJQadL68yKwK/Ft5pW/KooJj+kl53SZQZRpiMSdJonbB6kuqrcvaR2XCmyOre4V8VMNgkx6hZhmYKBES2l3VXnUIiw/CXy+A+x/d1TkYB7qW4T7+2XHpWTBiiliiAHI7kBr0QgpK0msqIde2+qHZEiMhBRulivbP/bZ2LMS+5Oy1Cd4ImcktbzQwih9Fw5XQsTbK8A4gyah4w5hYOfiKza33VrRoh9cDpafzm1SDhl3H4kWMOpVGmrMaVCdcmV44KLIYcUNVtbocntHSNxw7AoZ0GjBJNeuVPBswnlVoLZlFP4CN2AnDwDnA+VyubBOel6/OHJx7+yfj09+9RO7CVtAJMY1J0GozRwA2CAMm+tUf8EDe1kExUytvvx5gGxf8mvHl6McaomXZRH0kS5TlWinZRzdtUbt7g8/wh2EzNbDZrqa78yVRgJ1l4SWxD4gRXxZzbX8mjRCArjtC2cuH4Sl/+rJm/pxE/4X7bbaKI8c8b4EMjJQiJ2sc4tAH/3Geph1U6UlkuDBIbZsA7VsfNG4wGcNxTN413XRB6yRFV1N7xe1koKRINE7QS0C2zIlHpjv610GrbWtrPHQpmXRueEXdPPdOL2KtBhf5w4RgW45Nh4nJNZduAETz8lm5ySJrnb5KA X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?3oSnSstHmSFy+yVeSEQ59z/e/THoftXBGODZuzlHT82KsyXvztfc1LHYd+A7?= =?us-ascii?Q?FFfvZcaadDIwQIzIOkUqpjsF80O9qr7F6bTsvsv6GPpyeKt7ojE7GzI6xfwk?= =?us-ascii?Q?W9wBidAq+MRDMejz5UXSEbW9GDuTF+DOmT46iBf/zfHSseJDSJs4TlZRE07O?= =?us-ascii?Q?uLc4IdK2pZUQdQ8vbGMNaUYx/0EyaCzIygCTtnoXNopYzEMDr8+O4lHq4zjK?= =?us-ascii?Q?yC1uetCYQM9zJteQXCPkALBXesm8bBT1hkAbqOADyJNZxrPXxpvYzquA9HFA?= =?us-ascii?Q?pxg9lxSxT+FLHuMT+pm+nWwHRS+gbBv9uk3W5Y5XmWvlmyXPkPqeIhNyB98j?= =?us-ascii?Q?LzKz3AQbnKxXi28WEYJbMMP0ZB7vmr7tipzh4+xtpEVnxNtpMiO/90f/ufTN?= =?us-ascii?Q?9kECf/vG3tnQ4zVBvdUhej8JNaxcLHx53deV1UlQhychJNCaRu95/X6+fm7Q?= =?us-ascii?Q?uK6H5dQeMvVMoc5EdLKf0vhpZPsCqjYUFep73NlyyDt3kgZ+SDQE+fWoyv5z?= =?us-ascii?Q?+e5f0R4psRE4oAIPvbNK7UE0wapHmy+7kYRTuh/51FtkriKhjnzWw3fym5JJ?= =?us-ascii?Q?ChhUMOkJRffktub7JcX/TDw685m16omS7R23Tpg3JfA3cBamK3XKdtf/dRPd?= =?us-ascii?Q?lVXdOLtOFF9wmwhGNYtyH/K3DW8Ru6y6/KcNQjl6ngaqtiqhAHqom17yyq8x?= =?us-ascii?Q?8GcAlDgiAtpVZhWb7psnqEpARkjj13LclsRQN8zW7pl7lY7WnXjm+8Ro6Fr9?= =?us-ascii?Q?sJLlYuemSRgXY7UoKqizRMpADzNN+XU+bMYLqdyataH3uMl2HHX/dRTIyblh?= =?us-ascii?Q?aiI3nFVL+f5RG97FA29va267fR2zpyhXqB+usQ+jUGj+ExmkBhSN91lWx/Fm?= =?us-ascii?Q?5eXeMLxeylI0Y6xjA14OCibliS57fVe6PWtuQ/41a4D9g7ltjJYo6ygwFNA6?= =?us-ascii?Q?eg42MB6ORN37lb1rrZUl+BLdLo0vUZ5Q/i2Pyog6C/nD+OPLLg71x0ZvkhHb?= =?us-ascii?Q?GBi69DHG/wSfi0/MCtOhTtp1P0YPPzjswfPyhBKM0bHXOgt6KN2eZRGD9o3A?= =?us-ascii?Q?T0Ryk7w1fvIfyWq6v57xaysliVXQklEDFRYBwYeZGt3F21jZvlp1BzpdEcO4?= =?us-ascii?Q?rNQvY2hFaWXaGvFbMCGuT6YXxbeCti7AUjaDqonNKgC43hfZFdJ4ltHY2PBd?= =?us-ascii?Q?e44yKRBVG7Hphy0Tw1jac7y7hpBNo6NxeQOXEHxm9SX7oYEl+4X0zqma6MCI?= =?us-ascii?Q?Lcd3nBPsYJb6Z+QpeLiUNk0tPz1QmVOUxEwqZAwlonnPpphoXhIBoqziuG0f?= =?us-ascii?Q?+HoTLTROHnlKMaRa+RCCyvy5?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ddadd8ee-623a-476b-b036-08d93a5c48ca X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:48.3720 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nO9aJKMHz90EFbWiALeG4PKKT4IFIT2BKMhUI1P7Sczk3mIgdV8KsP9KMFbxdDYP71kD13sMRr/T73uLO3Yhbg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: qkNsASz9j7sqWM1lCRCoCieix1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902230; bh=qf7z8BzwAND/+divahEZomEvNQSk4lJHmqF5drcw7DQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=jbR2D8ZXCAza3OI3dWdUVM1oGHXMoqqnC8oMEGhf/AVvqJ1xcYFnZK3kFu1YnPUEs/s V2PfwzkeUADTogHVKKd2BGxvnOB4rDM44SCvYYP2PXOIvbogZavnS3YEwqayrvQl4dkCd 4CEfTmeuAxHAA7s2wHA/iYV5xONB0vfPB34= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or clear the memory encryption attribute in the page table. When SEV-SNP is active, we also need to change the page state in the RMP table so that it is in sync with the memory encryption attribute change. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../X64/PeiDxeVirtualMemory.c | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index f146f6d61cc5..56db1e4b6ecf 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -17,6 +17,7 @@ #include =20 #include "VirtualMemory.h" +#include "SnpPageStateChange.h" =20 STATIC BOOLEAN mAddressEncMaskChecked =3D FALSE; STATIC UINT64 mAddressEncMask; @@ -695,10 +696,12 @@ SetMemoryEncDec ( PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry; PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; PAGE_TABLE_ENTRY *PageDirectory2MEntry; + PHYSICAL_ADDRESS OrigPhysicalAddress; PAGE_TABLE_4K_ENTRY *PageTableEntry; UINT64 PgTableMask; UINT64 AddressEncMask; BOOLEAN IsWpEnabled; + UINTN OrigLength; RETURN_STATUS Status; =20 // @@ -751,6 +754,22 @@ SetMemoryEncDec ( =20 Status =3D EFI_SUCCESS; =20 + // + // To maintain the security gurantees we must set the page to shared in = the RMP + // table before clearing the memory encryption mask from the current pag= e table. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if ((Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev= SnpPageShared, FALSE); + } + + // + // Save the specified length and physical address (we need it later). + // + OrigLength =3D Length; + OrigPhysicalAddress =3D PhysicalAddress; + while (Length !=3D 0) { // @@ -923,6 +942,21 @@ SetMemoryEncDec ( // CpuFlushTlb(); =20 + // + // SEV-SNP requires that all the private pages (i.e pages mapped encrypt= ed) must be + // added in the RMP table before the access. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if ((Mode =3D=3D SetCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState ( + OrigPhysicalAddress, + EFI_SIZE_TO_PAGES (OrigLength), + SevSnpPagePrivate, + FALSE + ); + } + Done: // // Restore page table write protection, if any. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77210): https://edk2.groups.io/g/devel/message/77210 Mute This Topic: https://groups.io/mt/83850727/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77211+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77211+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902237184717.8316757699843; Mon, 28 Jun 2021 10:43:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Q82eYY1788612xZlHuTbjGZm; Mon, 28 Jun 2021 10:43:56 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.80]) by mx.groups.io with SMTP id smtpd.web12.14901.1624902231284358566 for ; Mon, 28 Jun 2021 10:43:51 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=So09t68duKzNdYbv1SxOOg5DcaswyktrwbwJMaFMNN+ch6Kzi08OMFDNa6YnkamySzJKYjJAyH+TJy2gtc7h52LQ9yliKIfHhNzbwZAKIzewj0fVRZ1y0CHX5xTt9n5echkbJGcbUyu1dD9wJwxKFzJg9Nfl++Inkl8lGfj2rl1/qXMIH7Hg4+8Ioo14i2ex350BygHR6lGtKTOemTthCarow40IoldU+/b3cWylCuE4eBeOq1+Z/VKwxXod8WoJEkboJios2P8pL7y0uDz2oE1Fog0YeuNRJw5tGJAtA9HpBozOhCEYheNN2oAW04lkKniErv2IXXBupfCmDBB6IQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=feKMnXykpClFn+Z1vy3jA1qLSrIH3miIPsLQ6vxuftw=; b=gS9omktqFgbmR1uhu4ZIqyN0iyvMJmbok96cxeIaJd9bwzghP6jK4XzguuzUENrlZNtq3Cb8kbtfdUEbYR6huXksfZ41je1wMiMCwebQvyRAB7zSg3H+8ngLsx1FrBS0COldUyIxGwdiK42EKMuo9IpoFNxKs6yjU1OMPRr0keQCm0nswImNgMWUxd437EKskpH/GE9ikTvKxnPxAkrA6X/EJMbjlXoIM7iRVE7BrE2+0wgpPwo+5fouJNF29Wsuefeo/G5iHCmztl9Iqzniv0r2jNVyhGDsLFaalX6Ln+zykxCAETAklRAWMWdICx9Cin0h202cuMVlSA4tpNo/0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4761.namprd12.prod.outlook.com (2603:10b6:5:75::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:49 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:49 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 24/27] OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address Date: Mon, 28 Jun 2021 12:42:20 -0500 Message-ID: <20210628174223.1302-25-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: da9831c2-a768-48a7-a8cc-08d93a5c497c X-MS-TrafficTypeDiagnostic: DM6PR12MB4761: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4502; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 4X5RFDOj8Qo1VwFyoZMf7geauS73oCdM4Ep0X9CUTeqMFnAqDSx+T0lWQDs8lfBy9Zp2Nu7HKjTkUivi5aLGwzeSfrRQKSDrK5QQ5LIKalhjIUyoH9dZzBcw9kemOFskKGdnjl3xnxOQeLDobciRmC43gozh2+FtB8IPQa03F5Ona63wxj6MC1DrOETDPkVW1PZxrTXO2jcPDGKJeBcc/QbPpoL+xREQMA3ObosY44M+92wq6U9z3i/oUBJTDIoTtTVc9rWa3miL/YI7SuqDY/wVR8VdP60ruNDzflT4FgGxg07g4Ej724TslRdoKyRsdNQUOzrQgA12mLHj/1sz/EOWnPYQfFhZLYrYWFNGkyMhZSRrgC+rEEXfni/x1xOKQiiZhbs+fX6jPRbcA1qm2/ukaWzDrlN8zWRzBFxnMSNJjMKoNASMdBohAcn9iBJg2U9ADBWOSuTJatbMKcTkeDD5ucXiLZE9GzEUZYi0d3MLt8ive49PAMIH0VTzqkzkBzdF/03aG3bzmiYJhjOk4Kc54x0pgXzlrRMMbUZXlkulbxSQHQTw6FlDNRqpscQ74gYSR7j5GwQXdzrqolXIckZd+DY6xMSjXEQyYVCjFkrKofoZgK/cmZ5dJYIssfqBfCb22hX83/n+MRmCMGB+pcgZZlJoTA6ECtp4ijIb6+8eN5KR7UNSQAIJcbGsgckG1xLUoMWWSg74M8Nq4oa6cg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Bg4m3Fm0sEsFwPvedb96/mGNWqXY0eIyVa8qYkgJj9+0MFd+vLxS4gaF3w9L?= =?us-ascii?Q?CndRVa6vZK4graelfnKY3K0qteBNeSxwhQWlHeD8kL3mZp8u9yobeyRa0qKh?= =?us-ascii?Q?TvKElU3wucRQVn8BfsiS1aieVhAMVvQDvadHum5powubDfEMPWyP7XOSOuWC?= =?us-ascii?Q?hZPlc/p4OXsa2Eno3HCIlWDcJnwYy4YnB2S5sv2D6/phJvhAyJg81Slmneln?= =?us-ascii?Q?AK0/RkJs2QYoWCgprM9Wg/Olx8HQ4UPAVm8Z9oSMdDLD0bI8aUGn8wul/4IN?= =?us-ascii?Q?oBxux2WobgkUp7A52bQki1G4bmuA7c3SUrm6x2GxUZeyRnszaJ2lVHVpeFeO?= =?us-ascii?Q?mmXFvp8JaH35VfBId1TR0tJmbYc8uw2y3KSvUR/S59mO8vFgqdKhtqLPWlJh?= =?us-ascii?Q?dyTZG2Q1obizxMCaGo1qpCIwgxSUuQc+WnoZe+zkJcOyB3E96Ljbj1V8jFLq?= =?us-ascii?Q?/asXFwdPEfMh/Xu5Y5+YFknWaoho2nJ4OW8WAEuNK/EG8GJ9JPhty0LHrTz9?= =?us-ascii?Q?QHBfluSgnOFgbi43sXiG/AFUZb2sAh4SNm/9bFatVZjxrxub3EAUzSpe7It6?= =?us-ascii?Q?dsXkGPCETxLsoOPO9oR8fJL6cRX0KCQiBuCK+rF5tiZy0sPK9MxxKQPboofI?= =?us-ascii?Q?X7iT/m0D+TNcNVzEvfSN/+tAv9aC+Q4JWEqYJ59KaRL8C+w9I4oUjDpt8h/g?= =?us-ascii?Q?pYpGrs0cwUalN0GDdJN6JFOOft5E3a90s0GEXECETRlSuIIZf/yTyXta3EAh?= =?us-ascii?Q?+renFH9lfjk5cEn7FtQmxxrLP8imBd/NLhh61k0KvxV41k/U1ESkcTdXa0kg?= =?us-ascii?Q?HmkiUnn8+olUpnf6BlCVRGLXAYrgEAa6J1bqhAW64IJFGDYptJZkPrM+r3wY?= =?us-ascii?Q?GtoxQO4e8oVTGKyLNURgnccUWUUBoumXzBRklfW0/gGOF6PVLhE3i551hrml?= =?us-ascii?Q?jFzZEUErD7SeDJjo9VegTkiI9aUEYQaR8pr6EJxQt1QfqwjWCEyLk0b25Lmn?= =?us-ascii?Q?TYMCmDQvKv9pGmPWIDasxM0YEUhHNYgbf0sIFJ3A6TTvoSBFbxuQMhNnONOl?= =?us-ascii?Q?IufeHFe15BfVBUGZ9tjCDRRXgX7RDjVBtwx4gUIMaEeOf5X5z7Kc+YXm57AC?= =?us-ascii?Q?t5mjAradihpbR7KhAp/Pc262ixkgVzbH6eoy2vyRUpjbDDn0OFe20HPUmnup?= =?us-ascii?Q?N9T++/iXdb4ZK2OaMHSNEZuVTUE2GetXG4bNfZADUP/kq4HykseHXyjQ8VYl?= =?us-ascii?Q?36gbHjoKlCwhVTkzHA+v4wd6thQVxRYu9J+A4Lj+FLUgJkG1DPMxbU008bM1?= =?us-ascii?Q?kf9qK5WRXsq/TxTqwGNWr8uJ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: da9831c2-a768-48a7-a8cc-08d93a5c497c X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:49.5583 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8hkflphrp/YqINhsEaRG0YF/IzkNVYEO77dogbgJSpR6F7hMGesForOcgUNh/D4UwYupms/GfUfr39QkPAlEtA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4761 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: gkjzeNRVinRemMcAawXZqTs2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902236; bh=jyiHvSwvC32UPqRSHNKdu5SZVTuSmxfI1b7acJnp2nQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Mp7Tu7M1tKGe3A9+C8SONYAc6nnpmrisUZoag32sm+UnC2Tg1OqIRQaEg64u+rJOInV /SjBjw5CFPFv6g0z+xJVCsO53a0zP6swFL+psE1hW/SY0n52LFnxU1ux4rhJaT2Md8+be lh88BjwvPvaydf3R7dbhuGYIi7s6j+t0l9I= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The SetMemoryEncDec() is used by the higher level routines to set or clear the page encryption mask for system RAM and Mmio address. When SEV-SNP is active, in addition to set/clear page mask it also updates the RMP table. The RMP table updates are required for the system RAM address and not the Mmio address. Add a new parameter in SetMemoryEncDec() to tell whether the specified address is Mmio. If its Mmio then skip the page state change in the RMP table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../X64/PeiDxeVirtualMemory.c | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index 56db1e4b6ecf..0bb86d768017 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -673,6 +673,7 @@ InternalMemEncryptSevCreateIdentityMap1G ( @param[in] Mode Set or Clear mode @param[in] CacheFlush Flush the caches before applying the encryption mask + @param[in] Mmio The physical address specified is Mm= io =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -688,7 +689,8 @@ SetMemoryEncDec ( IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length, IN MAP_RANGE_MODE Mode, - IN BOOLEAN CacheFlush + IN BOOLEAN CacheFlush, + IN BOOLEAN Mmio ) { PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; @@ -711,14 +713,15 @@ SetMemoryEncDec ( =20 DEBUG (( DEBUG_VERBOSE, - "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx Mode=3D%a Cach= eFlush=3D%u\n", + "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx Mode=3D%a Cach= eFlush=3D%u Mmio=3D%u\n", gEfiCallerBaseName, __FUNCTION__, Cr3BaseAddress, PhysicalAddress, (UINT64)Length, (Mode =3D=3D SetCBit) ? "Encrypt" : "Decrypt", - (UINT32)CacheFlush + (UINT32)CacheFlush, + (UINT32)Mmio )); =20 // @@ -760,7 +763,7 @@ SetMemoryEncDec ( // // The InternalSetPageState() is used for setting the page state in the = RMP table. // - if ((Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { + if (!Mmio && (Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev= SnpPageShared, FALSE); } =20 @@ -998,7 +1001,8 @@ InternalMemEncryptSevSetMemoryDecrypted ( PhysicalAddress, Length, ClearCBit, - TRUE + TRUE, + FALSE ); } =20 @@ -1031,7 +1035,8 @@ InternalMemEncryptSevSetMemoryEncrypted ( PhysicalAddress, Length, SetCBit, - TRUE + TRUE, + FALSE ); } =20 @@ -1064,6 +1069,7 @@ InternalMemEncryptSevClearMmioPageEncMask ( PhysicalAddress, Length, ClearCBit, - FALSE + FALSE, + TRUE ); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77211): https://edk2.groups.io/g/devel/message/77211 Mute This Topic: https://groups.io/mt/83850728/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77212+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77212+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902238385496.632714166553; Mon, 28 Jun 2021 10:43:58 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xWerYY1788612xIAYIlZ3gxI; Mon, 28 Jun 2021 10:43:58 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.52]) by mx.groups.io with SMTP id smtpd.web08.14881.1624902232425368023 for ; Mon, 28 Jun 2021 10:43:52 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CLWHV/x3AtuXOGoWMGrYkmR1CM5wor+CGng2cf7iy6cgf8JkM+Lt5+XLvZRnXtwFkx6h/tFhFmP8XYfYN2cTdGPRUoYjaDP06y3wcM/FjdZ5WcXnKRPJO/Z2zPAEpaYQLr3yB/JzuJbL1iQtKZVOffg4vfdVosnYkBR30pNZe+qBCMVoTSzuqKRaEwrvz8csBW/sab29Gc+SF21kIbyA2UkBJfeXteCPSGBYcYtPsopUEH3VOXmbnOxZpq+9Lb7yTJypX5As42gBhgw1jxDS9Vs7xFCOCUGkscr4MVXIRGDvMdgTT7no9cWZgSVGZR+EC51FwnnNaVGlkRbL+FO32Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BR7YpjInSENcfZRQyrKHNEkqUXuh5DNCo0LdiiQgD80=; b=jmFKIysysRIKZCwvzfRtvY9WhTXPQv7X4lQcbYSEn+RqIyxs+A2rYA8bHI447Kk9g1tofyLRmuOJ4IeOc1m0F7zcL7QqjlIByTORL8VtXh+AeKXQ45a8b/9EyJr0eOCwuAosEC48z6kEnMxloI14QtbTY3heBOVdNTqEvoORin8i2Gn8JbsWJOulubnUMY58C85d/3LCXmOFDsgZ/4jFuQEWdfbVktkjsgTbwxWwBZtlZTfs3BmvfBcnpii6iauoqnAgmIjRg8odwe7dGoR1h8p/G2QrHm48GafXElfL0JN2R8JoShtWPunm5zcTjeFbciciaio+4HUlkhMB2a4Zhg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:50 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:50 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 25/27] UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs Date: Mon, 28 Jun 2021 12:42:21 -0500 Message-ID: <20210628174223.1302-26-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:49 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c084ad1a-18d8-48d1-1687-08d93a5c4a2f X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: J/xjZtz/POcWrPo//bJXsxlxebexJqtvjdRqzVQCFOs8gAZENmYMoVSvXAHwa5QdiGlxb1frUHTRMFd/VthtfwaYjo2y7l4oCrP9dk3MgYwMeNgfkYAOFqbO7pvXVh3dGLp815r99MRWezjXIRlF80yKKDftPffIGKgYRQlskPYShPcKjyr8/EBpe+1eaIhZVDGkx/PqxbgM6cJKZfvuGOjcRnPzkEcpBw8SMXA35NWyiAR58TbIwKE4z+G/IeswaV8GMN4nNTQfSsikSDZaFna1jMKc3vly1Mn06i+N4aBx8MX/mdIORow3bEO0heJIvmM3j3uyEDfhM08+JoNq+72qTooGuYZt636ORafnSAt8bUPxPh2eX0tJjKsgdoLq8e2u3TVUy31541pV/An4NbWc9HoWpoGO9dRrf69Bx07WJJZfsP2PpQO6PkH0Y7HMeQ+iMsXqW7BLF49e/4+9T8P31j/ideVkCVdrMP6xKl264pFSh1dZP1f3NKFIMqxNAq9rb3WT6VaLxeSeWVHr9AesK/CB2WYWlyCYOcYQ70n0nYEz+db1ZG73AhEzN4yCAGyiH4OpMpB5tC21hlPdoushMa8e9YNP8RbgzLiR6/gA88iFvEQZgYY8vvzOpuVG9NL6sU5PyEl6IHvUcCzRQaprUyiPIv0agBjXY93YrYKOdKWpQjagkO8JXchW3kehQnb3/bKw7VsI9j3mKsKLL8T66LrCjho/TFfYHtD/LpiUGVwn97rcEYFdn91jcOarRv0H2qF4JMKSKGE1s+BVhDbImVj6oi1xqkGIl1EB4tLUfPUvPDd3/CvLn5h4oqKU X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?rDvRx0PCSHAirsxiBjIby1/6LeyvhOeH5p74rvFqMYCQIPplqq9rYuPzEeWU?= =?us-ascii?Q?+6tKUfPsvNJT7U++jwg6cT8EO3WStqCl5UX1jTTiC7cQDU0P49Gk/9slO3aP?= =?us-ascii?Q?WO0cb5PE43UqibIzqwIMxIt8wdOsj/WipYjOz7CQydwz9GTVMHpU08JJZutu?= =?us-ascii?Q?HVR2xwY+Zs6tP6b5aqcKFTKerqFLdYZ9HX742lWfJMZbnYNh4NgQcrr5fo0M?= =?us-ascii?Q?IvfASUfslBLpOG57zV8pKrYp/fdYAPNhSzAZhAqgifdHXRjnML3wD+/gl2yU?= =?us-ascii?Q?pDf0hZm2yB9YE1tR+TuBXnpyCqUrD5K/nfsbSiwfgIIMDAomJTea6B0uPMAo?= =?us-ascii?Q?7NoSACefrZu1gITwoLMPHWsi7Z9z4S0iAOPi9CIYnJ3XEEgAjDjVZe2ugz0h?= =?us-ascii?Q?rIET8MwQ1M8FAR1ABeJxfIWo0HW7QwGyBYih+dzf1PUklUFC9IDUQc1jKVZk?= =?us-ascii?Q?sQKOyyiUfFzaf+SAAtRhAViU/v0ZWswg09Jso5TSBTs0eS6ukFSJL+ezwIfI?= =?us-ascii?Q?44FjME8TMrLt9l32Y+/hfRVsDXntq2D0vAq2SG5ozAGFq82tv6qX3K5KlENw?= =?us-ascii?Q?CqvotntwiNIi6rf0r2Pfi7OrPSGclzKXuFccBbOjJUVWcSE87e0bQsjAZlhR?= =?us-ascii?Q?X/Q9V/gvk2/fubZdAhdvFyvQiz5P1vqF+TIEUNnA5nH01NafZPi0hQKdN1RI?= =?us-ascii?Q?zzX6DGJiyIboTtBgmQ8VTevMcC+ePpW9d++mbX0QfWLeS9WKoIZDskk705Um?= =?us-ascii?Q?eyE5w1w5QPcx/U1LgmjZaJ8vWubtYlFp1YNAZwLddW4p93DHY3+hws27FjC5?= =?us-ascii?Q?W6ZxlvbvsNP8IlGlMhkbCggrkmU339H35MOpoqLo8M+I7FIj+fHYqAsQw0PW?= =?us-ascii?Q?clrj1uF5yyFftdizJnhXF6weqCc8fsjfCwJI/1ghkf2I/1hmXkD2MVpVvBGm?= =?us-ascii?Q?QIzE/tt78V0cPGY2y2SHBDPS7oqBPS3ZIAirRMBmGkr17mOmONnG3aNaEA4Q?= =?us-ascii?Q?BQLQBhq8soWJivOCfOGsS5mjSiZRXtC59MTYcJXkTSOQUCxkRYhc+aBgVmu3?= =?us-ascii?Q?p338nZpMmkNJCp/YMi62ar6J2sBJFkoITr5yKf7wNuB45IzU2WoMQ0AMWNzs?= =?us-ascii?Q?mu742likDaa05nMaV82jCVHYK+TiPUjWRerebLkTCAwrD66afAfF9PO+0doK?= =?us-ascii?Q?0fP26F3y589fcYsqt9vMaQF83XRTICb+E6lYjC6jLUSO3kwor2Ftqk0VsCaL?= =?us-ascii?Q?QTBRE7yzg4thR3Fkl6HVkI+saExJGg/fvuS8urRuma4Ud/ZoRbhP3HgM0TJM?= =?us-ascii?Q?nNGn4LTaZIrqM8Kg4WMKlr/B?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c084ad1a-18d8-48d1-1687-08d93a5c4a2f X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:50.7137 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vH5pA+0IVnn6lFrZMwnfxBqcPnlfqD6QZWQLWQ5dA05GBvpQ2cUAB6x7g1tVbCT6duarYo5YrUGhoINJvghkgA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: mrvDWg6AgMUrsYhJNPAMOPbRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902238; bh=Byie4+pZQt+o6oErN4HQo1z8h8+K7a/K07gcnvyJC2Y=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=YPI7hlpuWFJZh9Oo4Y56HyLaiZRoNJVGOeONGbws4ycCWkKc4HwpkyZpWwOsa+pZHBW 2vxal9lzX5IP+VbQxsv2Cysqv9WjLp9H8/5Ph1mmC0DU5HjOZa50+WTcpp+tF0gYFoa8m SYEj4UKQk/8F6FhOCtPZcV7EkHIlEkjG/xY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Use the SEV-SNP AP Creation NAE event to create and launch APs under SEV-SNP. This capability will be advertised in the SEV Hypervisor Feature Support PCD (PcdSevEsHypervisorFeatures). Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 5 +- UefiCpuPkg/Library/MpInitLib/MpLib.h | 17 ++ UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 11 +- .../MpInitLib/Ia32/SevSnpRmpAdjustInternal.c | 31 ++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 275 ++++++++++++++++-- .../MpInitLib/X64/SevSnpRmpAdjustInternal.c | 44 +++ 7 files changed, 361 insertions(+), 25 deletions(-) create mode 100644 UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustIntern= al.c create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInterna= l.c diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 48d7dfa4450f..b9ce05e81b54 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -23,9 +23,11 @@ [Defines] =20 [Sources.IA32] Ia32/MpFuncs.nasm + Ia32/SevSnpRmpAdjustInternal.c =20 [Sources.X64] X64/MpFuncs.nasm + X64/SevSnpRmpAdjustInternal.c =20 [Sources.common] MpEqu.inc @@ -72,6 +74,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## = SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index ab8279df596f..35057ac07cbb 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -23,9 +23,11 @@ [Defines] =20 [Sources.IA32] Ia32/MpFuncs.nasm + Ia32/SevSnpRmpAdjustInternal.c =20 [Sources.X64] X64/MpFuncs.nasm + X64/SevSnpRmpAdjustInternal.c =20 [Sources.common] MpEqu.inc @@ -62,10 +64,11 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 4abaa2243d0a..bb463d59256e 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -15,6 +15,7 @@ =20 #include #include +#include #include #include #include @@ -146,6 +147,7 @@ typedef struct { UINT8 PlatformId; UINT64 MicrocodeEntryAddr; UINT32 MicrocodeRevision; + SEV_ES_SAVE_AREA *SevEsSaveArea; } CPU_AP_DATA; =20 // @@ -289,6 +291,7 @@ struct _CPU_MP_DATA { =20 BOOLEAN SevEsIsEnabled; BOOLEAN SevSnpIsEnabled; + BOOLEAN UseSevEsAPMethod; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; @@ -743,5 +746,19 @@ PlatformShadowMicrocode ( IN OUT CPU_MP_DATA *CpuMpData ); =20 +/** + Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. + + @param[in] PageAddress + @param[in] VmsaPage + + @return RMPADJUST return value +**/ +UINT32 +SevSnpRmpAdjust ( + IN EFI_PHYSICAL_ADDRESS PageAddress, + IN BOOLEAN VmsaPage + ); + #endif =20 diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M= pInitLib/DxeMpLib.c index 93fc63bf93e3..15e797cd0990 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -93,7 +93,12 @@ GetWakeupBuffer ( EFI_PHYSICAL_ADDRESS StartAddress; EFI_MEMORY_TYPE MemoryType; =20 - if (PcdGetBool (PcdSevEsIsEnabled)) { + // + // An SEV-ES-only guest requires the memory to be reserved. SEV-SNP, whi= ch + // is also considered SEV-ES, uses a different AP startup method, though, + // which does not have the same requirement. + // + if (PcdGetBool (PcdSevEsIsEnabled) && !PcdGetBool (PcdSevSnpIsEnabled)) { MemoryType =3D EfiReservedMemoryType; } else { MemoryType =3D EfiBootServicesData; @@ -373,7 +378,7 @@ RelocateApLoop ( MpInitLibWhoAmI (&ProcessorNumber); CpuMpData =3D GetCpuMpData (); MwaitSupport =3D IsMwaitSupport (); - if (CpuMpData->SevEsIsEnabled) { + if (CpuMpData->UseSevEsAPMethod) { StackStart =3D CpuMpData->SevEsAPResetStackStart; } else { StackStart =3D mReservedTopOfApStack; @@ -422,7 +427,7 @@ MpInitChangeApLoopCallback ( CpuPause (); } =20 - if (CpuMpData->SevEsIsEnabled && (CpuMpData->WakeupBuffer !=3D (UINTN) -= 1)) { + if (CpuMpData->UseSevEsAPMethod && (CpuMpData->WakeupBuffer !=3D (UINTN)= -1)) { // // There are APs present. Re-use reserved memory area below 1MB from // WakeupBuffer as the area to be used for transitioning to 16-bit mode diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c b/= UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c new file mode 100644 index 000000000000..5c9ee08b2117 --- /dev/null +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c @@ -0,0 +1,31 @@ +/** @file + + RMPADJUST helper function. + + Copyright (c) 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "MpLib.h" + +/** + Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. + + @param[in] PageAddress + @param[in] VmsaPage + + @return RMPADJUST return value +**/ +UINT32 +SevSnpRmpAdjust ( + IN EFI_PHYSICAL_ADDRESS PageAddress, + IN BOOLEAN VmsaPage + ) +{ + // + // RMPADJUST is not supported in 32-bit mode + // + return RETURN_UNSUPPORTED; +} diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index 586cff2f6813..9a1119206d98 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -295,10 +295,10 @@ GetApLoopMode ( ApLoopMode =3D ApInHltLoop; } =20 - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (PcdGetBool (PcdSevEsIsEnabled) && !PcdGetBool (PcdSevSnpIsEnabled)= ) { // - // For SEV-ES, force AP in Hlt-loop mode in order to use the GHCB - // protocol for starting APs + // For SEV-ES (SEV-SNP is also considered SEV-ES), force AP in Hlt-l= oop + // mode in order to use the GHCB protocol for starting APs // ApLoopMode =3D ApInHltLoop; } @@ -869,7 +869,7 @@ ApWakeupFunction ( // to allow the APs to issue an AP_RESET_HOLD before the BSP possibly // performs another INIT-SIPI-SIPI sequence. // - if (!CpuMpData->SevEsIsEnabled) { + if (!CpuMpData->UseSevEsAPMethod) { InterlockedDecrement ((UINT32 *) &CpuMpData->MpCpuExchangeInfo->Nu= mApsExecuting); } } @@ -883,7 +883,7 @@ ApWakeupFunction ( // while (TRUE) { DisableInterrupts (); - if (CpuMpData->SevEsIsEnabled) { + if (CpuMpData->UseSevEsAPMethod) { MSR_SEV_ES_GHCB_REGISTER Msr; GHCB *Ghcb; UINT64 Status; @@ -1196,9 +1196,11 @@ AllocateResetVector ( ); // // The AP reset stack is only used by SEV-ES guests. Do not allocate it - // if SEV-ES is not enabled. + // if SEV-ES is not enabled. An SEV-SNP guest is also considered + // an SEV-ES guest, but uses a different method of AP startup, elimina= ting + // the need for the allocation. // - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (PcdGetBool (PcdSevEsIsEnabled) && !PcdGetBool (PcdSevSnpIsEnabled)= ) { // // Stack location is based on ProcessorNumber, so use the total numb= er // of processors for calculating the total stack area. @@ -1248,7 +1250,7 @@ FreeResetVector ( // perform the restore as this will overwrite memory which has data // needed by SEV-ES. // - if (!CpuMpData->SevEsIsEnabled) { + if (!CpuMpData->UseSevEsAPMethod) { RestoreWakeupBuffer (CpuMpData); } } @@ -1265,7 +1267,7 @@ AllocateSevEsAPMemory ( { if (CpuMpData->SevEsAPBuffer =3D=3D (UINTN) -1) { CpuMpData->SevEsAPBuffer =3D - CpuMpData->SevEsIsEnabled ? GetSevEsAPMemory () : 0; + CpuMpData->UseSevEsAPMethod ? GetSevEsAPMemory () : 0; } } =20 @@ -1318,6 +1320,222 @@ SetSevEsJumpTable ( JmpFar->Segment =3D (UINT16) (SipiVector >> 4); } =20 +/** + Create an SEV-SNP AP save area (VMSA) for use in running the vCPU. + + @param[in] CpuMpData Pointer to CPU MP Data + @param[in] CpuData Pointer to CPU AP Data + @param[in] ApicId APIC ID of the vCPU +**/ +STATIC +VOID +SevSnpCreateSaveArea ( + IN CPU_MP_DATA *CpuMpData, + IN CPU_AP_DATA *CpuData, + UINT32 ApicId + ) +{ + SEV_ES_SAVE_AREA *SaveArea; + IA32_CR0 ApCr0; + IA32_CR0 ResetCr0; + IA32_CR4 ApCr4; + IA32_CR4 ResetCr4; + UINTN StartIp; + UINT8 SipiVector; + UINT32 RmpAdjustStatus; + UINT64 VmgExitStatus; + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 ExitInfo1; + UINT64 ExitInfo2; + + // + // Allocate a single page for the SEV-ES Save Area and initialize it. + // + SaveArea =3D AllocateReservedPages (1); + if (!SaveArea) { + return; + } + ZeroMem (SaveArea, EFI_PAGE_SIZE); + + // + // Propogate the CR0.NW and CR0.CD setting to the AP + // + ResetCr0.UintN =3D 0x00000010; + ApCr0.UintN =3D CpuData->VolatileRegisters.Cr0; + if (ApCr0.Bits.NW) { + ResetCr0.Bits.NW =3D 1; + } + if (ApCr0.Bits.CD) { + ResetCr0.Bits.CD =3D 1; + } + + // + // Propagate the CR4.MCE setting to the AP + // + ResetCr4.UintN =3D 0; + ApCr4.UintN =3D CpuData->VolatileRegisters.Cr4; + if (ApCr4.Bits.MCE) { + ResetCr4.Bits.MCE =3D 1; + } + + // + // Convert the start IP into a SIPI Vector + // + StartIp =3D CpuMpData->MpCpuExchangeInfo->BufferStart; + SipiVector =3D (UINT8) (StartIp >> 12); + + // + // Set the CS:RIP value based on the start IP + // + SaveArea->Cs.Base =3D SipiVector << 12; + SaveArea->Cs.Selector =3D SipiVector << 8; + SaveArea->Cs.Limit =3D 0xFFFF; + SaveArea->Cs.Attributes.Bits.Present =3D 1; + SaveArea->Cs.Attributes.Bits.Sbit =3D 1; + SaveArea->Cs.Attributes.Bits.Type =3D SEV_ES_RESET_CODE_SEGMENT_TYPE; + SaveArea->Rip =3D StartIp & 0xFFF; + + // + // Set the remaining values as defined in APM for INIT + // + SaveArea->Ds.Limit =3D 0xFFFF; + SaveArea->Ds.Attributes.Bits.Present =3D 1; + SaveArea->Ds.Attributes.Bits.Sbit =3D 1; + SaveArea->Ds.Attributes.Bits.Type =3D SEV_ES_RESET_DATA_SEGMENT_TYPE; + SaveArea->Es =3D SaveArea->Ds; + SaveArea->Fs =3D SaveArea->Ds; + SaveArea->Gs =3D SaveArea->Ds; + SaveArea->Ss =3D SaveArea->Ds; + + SaveArea->Gdtr.Limit =3D 0xFFFF; + SaveArea->Ldtr.Limit =3D 0xFFFF; + SaveArea->Ldtr.Attributes.Bits.Present =3D 1; + SaveArea->Ldtr.Attributes.Bits.Type =3D SEV_ES_RESET_LDT_TYPE; + SaveArea->Idtr.Limit =3D 0xFFFF; + SaveArea->Tr.Limit =3D 0xFFFF; + SaveArea->Ldtr.Attributes.Bits.Present =3D 1; + SaveArea->Ldtr.Attributes.Bits.Type =3D SEV_ES_RESET_TSS_TYPE; + + SaveArea->Efer =3D 0x1000; + SaveArea->Cr4 =3D ResetCr4.UintN; + SaveArea->Cr0 =3D ResetCr0.UintN; + SaveArea->Dr7 =3D 0x0400; + SaveArea->Dr6 =3D 0xFFFF0FF0; + SaveArea->Rflags =3D 0x0002; + SaveArea->GPat =3D 0x0007040600070406ULL; + SaveArea->XCr0 =3D 0x0001; + SaveArea->Mxcsr =3D 0x1F80; + SaveArea->X87Ftw =3D 0x5555; + SaveArea->X87Fcw =3D 0x0040; + + // + // Set the SEV-SNP specific fields for the save area: + // VMPL - always VMPL0 + // SEV_FEATURES - equivalent to the SEV_STATUS MSR right shifted 2 bits + // + SaveArea->Vmpl =3D 0; + SaveArea->SevFeatures =3D AsmReadMsr64 (MSR_SEV_STATUS) >> 2; + + // + // To turn the page into a recognized VMSA page, issue RMPADJUST: + // Target VMPL but numerically higher than current VMPL + // Target PermissionMask is not used + // + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS) (UINTN) SaveArea, + TRUE + ); + ASSERT (RmpAdjustStatus =3D=3D 0); + + ExitInfo1 =3D (UINT64) ApicId << 32; + ExitInfo1 |=3D SVM_VMGEXIT_SNP_AP_CREATE; + ExitInfo2 =3D (UINT64) (UINTN) SaveArea; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + VmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D SaveArea->SevFeatures; + VmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D VmgExit ( + Ghcb, + SVM_EXIT_SNP_AP_CREATION, + ExitInfo1, + ExitInfo2 + ); + VmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + if (VmgExitStatus !=3D 0) { + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS) (UINTN) SaveArea, + FALSE + ); + if (RmpAdjustStatus =3D=3D 0) { + FreePages (SaveArea, 1); + } else { + DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed, leaking VMSA page\n"= )); + } + + SaveArea =3D NULL; + } + + if (CpuData->SevEsSaveArea) { + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS) (UINTN) CpuData->SevEsSaveA= rea, + FALSE + ); + if (RmpAdjustStatus =3D=3D 0) { + FreePages (CpuData->SevEsSaveArea, 1); + } else { + DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed, leaking VMSA page\n"= )); + } + } + + CpuData->SevEsSaveArea =3D SaveArea; +} + +/** + Create SEV-SNP APs. + + @param[in] CpuMpData Pointer to CPU MP Data + @param[in] ProcessorNumber The handle number of specified processor + (-1 for all APs) +**/ +STATIC +VOID +SevSnpCreateAP ( + IN CPU_MP_DATA *CpuMpData, + IN INTN ProcessorNumber + ) +{ + CPU_INFO_IN_HOB *CpuInfoInHob; + CPU_AP_DATA *CpuData; + UINTN Index; + UINT32 ApicId; + + ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000); + + CpuInfoInHob =3D (CPU_INFO_IN_HOB *) (UINTN) CpuMpData->CpuInfoInHob; + + if (ProcessorNumber < 0) { + for (Index =3D 0; Index < CpuMpData->CpuCount; Index++) { + if (Index !=3D CpuMpData->BspNumber) { + CpuData =3D &CpuMpData->CpuData[Index]; + ApicId =3D CpuInfoInHob[Index].ApicId, + SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); + } + } + } else { + Index =3D (UINTN) ProcessorNumber; + CpuData =3D &CpuMpData->CpuData[Index]; + ApicId =3D CpuInfoInHob[ProcessorNumber].ApicId, + SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); + } +} + /** This function will be called by BSP to wakeup AP. =20 @@ -1349,7 +1567,7 @@ WakeUpAP ( ResetVectorRequired =3D FALSE; =20 if (CpuMpData->WakeUpByInitSipiSipi || - CpuMpData->InitFlag !=3D ApInitDone) { + CpuMpData->InitFlag !=3D ApInitDone) { ResetVectorRequired =3D TRUE; AllocateResetVector (CpuMpData); AllocateSevEsAPMemory (CpuMpData); @@ -1390,7 +1608,7 @@ WakeUpAP ( } if (ResetVectorRequired) { // - // For SEV-ES, the initial AP boot address will be defined by + // For SEV-ES and SEV-SNP, the initial AP boot address will be defin= ed by // PcdSevEsWorkAreaBase. The Segment/Rip must be the jump address // from the original INIT-SIPI-SIPI. // @@ -1400,8 +1618,14 @@ WakeUpAP ( =20 // // Wakeup all APs + // Must use the INIT-SIPI-SIPI method for initial configuration in + // order to obtain the APIC ID. // - SendInitSipiSipiAllExcludingSelf ((UINT32) ExchangeInfo->BufferStart= ); + if (CpuMpData->SevSnpIsEnabled && CpuMpData->InitFlag !=3D ApInitCon= fig) { + SevSnpCreateAP (CpuMpData, -1); + } else { + SendInitSipiSipiAllExcludingSelf ((UINT32) ExchangeInfo->BufferSta= rt); + } } if (CpuMpData->InitFlag =3D=3D ApInitConfig) { if (PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) { @@ -1491,7 +1715,7 @@ WakeUpAP ( CpuInfoInHob =3D (CPU_INFO_IN_HOB *) (UINTN) CpuMpData->CpuInfoInHob; =20 // - // For SEV-ES, the initial AP boot address will be defined by + // For SEV-ES and SEV-SNP, the initial AP boot address will be defin= ed by // PcdSevEsWorkAreaBase. The Segment/Rip must be the jump address // from the original INIT-SIPI-SIPI. // @@ -1499,10 +1723,14 @@ WakeUpAP ( SetSevEsJumpTable (ExchangeInfo->BufferStart); } =20 - SendInitSipiSipi ( - CpuInfoInHob[ProcessorNumber].ApicId, - (UINT32) ExchangeInfo->BufferStart - ); + if (CpuMpData->SevSnpIsEnabled && CpuMpData->InitFlag !=3D ApInitCon= fig) { + SevSnpCreateAP (CpuMpData, (INTN) ProcessorNumber); + } else { + SendInitSipiSipi ( + CpuInfoInHob[ProcessorNumber].ApicId, + (UINT32) ExchangeInfo->BufferStart + ); + } } // // Wait specified AP waken up @@ -2033,10 +2261,15 @@ MpInitLibInitialize ( CpuMpData->CpuData =3D (CPU_AP_DATA *) (CpuMpData + 1); CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); - CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); - CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); - CpuMpData->SevEsAPBuffer =3D (UINTN) -1; - CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); + CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); + CpuMpData->SevEsAPBuffer =3D (UINTN) -1; + CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); + CpuMpData->UseSevEsAPMethod =3D CpuMpData->SevEsIsEnabled && !CpuMpData-= >SevSnpIsEnabled; + + if (CpuMpData->SevSnpIsEnabled) { + ASSERT ((PcdGet64 (PcdGhcbHypervisorFeatures) & GHCB_HV_FEATURES_SNP_A= P_CREATE) =3D=3D GHCB_HV_FEATURES_SNP_AP_CREATE); + } =20 // // Make sure no memory usage outside of the allocated buffer. diff --git a/UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c b/U= efiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c new file mode 100644 index 000000000000..3048742facb5 --- /dev/null +++ b/UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c @@ -0,0 +1,44 @@ +/** @file + + RMPADJUST helper function. + + Copyright (c) 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "MpLib.h" + +/** + Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. + + @param[in] PageAddress + @param[in] VmsaPage + + @return RMPADJUST return value +**/ +UINT32 +SevSnpRmpAdjust ( + IN EFI_PHYSICAL_ADDRESS PageAddress, + IN BOOLEAN VmsaPage + ) +{ + UINT64 Rdx; + + // + // The RMPADJUST instruction is used to set or clear the VMSA bit for a + // page. The VMSA change is only made when running at VMPL0 and is ignor= ed + // otherwise. If too low a target VMPL is specified, the instruction can + // succeed without changing the VMSA bit when not running at VMPL0. Usin= g a + // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error= if + // not running at VMPL0, thus ensuring that the VMSA bit is set appropri= ately + // when no error is returned. + // + Rdx =3D 1; + if (VmsaPage) { + Rdx |=3D RMPADJUST_VMSA_PAGE_BIT; + } + + return AsmRmpAdjust ((UINT64) PageAddress, 0, Rdx); +} --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77212): https://edk2.groups.io/g/devel/message/77212 Mute This Topic: https://groups.io/mt/83850729/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77213+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77213+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902239267647.8709798501093; Mon, 28 Jun 2021 10:43:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 77UZYY1788612x9t4kwwG4id; Mon, 28 Jun 2021 10:43:58 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.77]) by mx.groups.io with SMTP id smtpd.web10.14868.1624902233322573934 for ; Mon, 28 Jun 2021 10:43:53 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cQqBiNROy92SWOZuCBvtrRw457lJPfrcl+Hp6heQarSNfM80D3QJ6sK5hYCTeeHPJzwn0AtSeb73AH+MWJ5UoCoP7luRWw7JQGp/iYEZpAGH97LfpZLzPIoJ+5GSMorg60Oy1RXceToz89Ol4ljT1cjPSTojPEIfb7YO/UfVbwn6Qjxt2oL16TD07vXY7+NEDvWHWQ2voUvQyzR4d7R0+DxY5swmh8UGS2JVdDI4wNRE5jA74J6M3vOmByB/3CbNmIP/wuCjdrMhifhVYOche3GtJM01fyk9mx8TYzo0+Tn/dkXuEEh7LgIrDPuDUPevpdMO5AcxysA3J5MFCgf60g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U+YEdi/UHs5wd3F9ctTTdROdn1n+U82MnLXrb5PCPVU=; b=PHB3EX1Yj6Ee30nOIoCx32Zok+4WG4crBg3it1vmeEprdEl1C9ToW0JyKgvQMvOwMgq63bkfdveqGUmcsejOSOjkmk6Uqbat21fCRetfWvvk3v/SxdHyO8CMoQmqg66jQICcHXlmVMxScXQk2qiJ0ojgjdWPX1seu1F2UabUH9l4sESx5pFUrljTH7u14FcWPQAwbpVBPuG80u+udHZlPEjrFILMhDLDeFdqH35Qmphuebdw4aIVyR0egauUKroThJ10oNiu2vQ10m3HP85/uLrahP0nOOpo6jnBFB0Te3+oOOqlSaRlN+FotuDp0Xb027owTfjYIDO1EBfnSrRffw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:52 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:52 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 26/27] OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map Date: Mon, 28 Jun 2021 12:42:22 -0500 Message-ID: <20210628174223.1302-27-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:51 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f18b934b-7062-4f8e-4268-08d93a5c4aed X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: tlB1Pb/iRSu/JVqQhupIz0pw9fSKOZD+8mdhcXgLtj/rpilYr4H6MiodsElqW/xpnp0D65bqOUXAvsYwaG0ZzbRclibaKKJgDGlubsozYNtbVRQpZ6ZQ+U+NsfWe12RzYnIXc5Ku6aiyb5Mm4DcNZUi40px+Efq0zNXgGn6X5zDUuaJzoMsQ/K+7aPahJeXE2KifVed8Yhx+4dVYgJQmWXEi41f3FEaQNpVeY8PskvKyxC7bXoBoOyFyF05FA3s7eF5+SHdMRdzcZ83RCckJ/LlYD/TQ2SREUCJvnDT/bJRXtG8WECkwDFG0n+GyL9Wf94T9rucWDRyAFvXdSBCfw9+fVpzlYaX2BX24eyN3EUmCx6RY8Ilqv+Xx9HIj71vbocu/I964mwtGyIc6HXJnjwtRqWc0OPxL7MeFwli8snqNKmj4MHnfQhok49Rjav23zZBsLbwW6/fEvdArxG+o/E2hzkGEcxgIczbO9IG8daJVT6ggtcclMquvWyMYJBenXJYEvKyvG0+vpXj6Q5gfcuX+ilUB9kVEyDLZgU/6XPsOE6N44dOxaCjJRDMyytXHKVgKdENwjzYe8S79P9jbAoh1bIRVyjD2NnT07AR0nNq1pLEHAmgxe+dHbFrZ0c8xHtz7OGEYbdX5gBEc4GERUMhsAxcjvrcybRlCBRwxkw5jkUju9f2S1xMaQwe45tr0dUOWVBjmSOr+IAIEnn/6Dg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?AUPIyfdNPBL40Zcv+lmr4CANdmbJzjC4+t5GIv3MCHvuNv03yb7sSMmF9nSY?= =?us-ascii?Q?MCFaQNW0+qBduLoQ7sXfDjT/vnJCbyfr2NeoS6oul9+qPbvtMt31hH6WB4iA?= =?us-ascii?Q?bz8CQSvfE5m7lYltwGfI9zx5Id3Wmoj5c+ydDUBgAkvY6ZVxGzqk35bkCJNa?= =?us-ascii?Q?LtXmZgj+VZ+c6jg0z7lHpnh+/6kECm5XdFYjZrOgfwHr4P5v8IoxySi1S83a?= =?us-ascii?Q?axd2e3VpFiys+r8iDH8y0/Uk3PB0CjPx1gTsrshTkzNP0/ozwY3pmimn64/V?= =?us-ascii?Q?7M+OGa56Rsuttt3yR8IfL1sIZO6yjudQ+eC8trAdAA+pggxY9Lr4waaL9LDy?= =?us-ascii?Q?OB651XbcSqCQNRroYSfY/hFfr1/6ObIJiE60U+QBZg8ptDyEBdERd6oOYT10?= =?us-ascii?Q?8ldNmarTZKWyLgIqX8ZF0d/vkPyem3R++qayA7mWWBye5eZlqRT7gCieFXpU?= =?us-ascii?Q?Ku1pJm+h/u4v27ACWuIhSd58C5qWVPKrIpNpVx9WaUClFS6afUwXK251zpEc?= =?us-ascii?Q?qT2UO2rPhhsuHQiMSMp7BsfohRZVHJPPXPqAfCHXqo0akIGDlt8nqJrPyIEa?= =?us-ascii?Q?u90zlEPYOpl8l1FLJaqk+zqxLm25sYS1iEjP1k4/+pQHBaVP2V/f6oWPPjw6?= =?us-ascii?Q?VbiMNYl8Y8XvIUfdEOEs381ffvpMK0QqqoYBc+T3mKV3NfcGe7gB0q7T8ujm?= =?us-ascii?Q?lRgrByUlFWvFohZOAkpSEgr7O9P+y5NJfi3DzAGiMP65FTZ6bFwBTONKLGsl?= =?us-ascii?Q?E/0NHlSKbELsMtxn3bsTW2I/DLtsWO4qDv69OsYOKkRgSynmsDvzQV32SW/w?= =?us-ascii?Q?UzEvfwY+T9DRxP8qbmOHMiOzPzhPlIXyROwbB7c1MbAW15fSu7x2x7ia21A8?= =?us-ascii?Q?wWaf8oQ/57KN83u0HuMqIIToMUaiLXcblrH8C4Kw1N38YiDIeksKLUU8fXzD?= =?us-ascii?Q?X1GPjQAWemludsK69CZvWy8LYrhs1RuTc0KgjN7VP0YrxzV/IGXDKvbNnx83?= =?us-ascii?Q?cil5OwSlr3ijafvaNL9XYHl4++9JNZ/y9GpElFq34LzIy2jozvS2uOAD84x8?= =?us-ascii?Q?Xph/yvNhFx6ztt98wEdd8YxotmOz4FTOikQohkVE7GQc/8cd1DaDAH5Kvbaw?= =?us-ascii?Q?J0ujp87i/HficnRxXUA+Jfkqw5b4XNQwKHG5/3QkLBJ0uKWaFNaBprex0G83?= =?us-ascii?Q?3a5U3qgJdRQ/L8sPT5Uy0xCQGEDZumJ7wmuodFjsWfQK9FIACFVcXhUKJ942?= =?us-ascii?Q?OTKRn5JWpFjAh2ypb3gQ/4lJs65xnh9WzlXAaklOcX4ZsarmyKUQLYBHT6qH?= =?us-ascii?Q?sKEGuUOAABzjq/G1nIo16G13?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f18b934b-7062-4f8e-4268-08d93a5c4aed X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:51.9400 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BuVWHs2NNdlpImLSbHtosS3LBsSQeub9H8Zy3I9D9jrPHBEHJ2Kzlv0AqGTV2GncL9dlPo6aLgraCppHVkTbDA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: FHKBZRorDaeRzIgg1I0DmVfax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902238; bh=NbDN2NrIhH8Ll1W42NDQEo6F233sUnpE3X2nGRgbEuQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=AKvJPrtiWBs9SzAEwFCy/Fpd3WNRukQ5Uf+MU7r4Gv1v2XhHj09tJL+ENLHw3mVa/2v esL7DSwhfUZBQswcOPEqENpjvHA2f7Dbg+VK7r3fYHzZZxR2pAnnuKVXox7XmAduIWbuR 0HseKI6sI8bCXl5QqEjV9HGlzEt2Bi/Z6bU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" When SEV-SNP is active, the CPUID and Secrets memory range contains the information that is used during the VM boot. The content need to be persist across the kexec boot. Mark the memory range as Reserved in the EFI map so that guest OS or firmware does not use the range as a system RAM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/PlatformPei.inf | 4 ++++ OvmfPkg/PlatformPei/MemDetect.c | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index bd0ade9f33d7..f22a60e7db0e 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -122,6 +122,10 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec= t.c index 2deec128f464..04e0c4e19f97 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -817,6 +817,27 @@ InitializeRamRegions ( { QemuInitializeRam (); =20 + if (MemEncryptSevSnpIsEnabled ()) { + // + // If SEV-SNP is enabled, reserve the Secrets and CPUID memory area. + // + // This memory range is given to the PSP by the hypervisor to populate + // the information used during the SNP VM boots, and it need to persist + // across the kexec boots. Mark it as EfiReservedMemoryType so that + // the guest firmware and OS does not use it as a system memory. + // + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpSecretsBase), + (UINT64)(UINTN) PcdGet32 (PcdOvmfSnpSecretsSize), + EfiReservedMemoryType + ); + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpCpuidBase), + (UINT64)(UINTN) PcdGet32 (PcdOvmfSnpCpuidSize), + EfiReservedMemoryType + ); + } + if (mS3Supported && mBootMode !=3D BOOT_ON_S3_RESUME) { // // This is the memory range that will be used for PEI on S3 resume --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77213): https://edk2.groups.io/g/devel/message/77213 Mute This Topic: https://groups.io/mt/83850731/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 22:43:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77214+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77214+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902241082407.5922603643663; Mon, 28 Jun 2021 10:44:01 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id udMFYY1788612xW4G7dLO0g4; Mon, 28 Jun 2021 10:44:00 -0700 X-Received: from NAM04-MW2-obe.outbound.protection.outlook.com (NAM04-MW2-obe.outbound.protection.outlook.com [40.107.101.55]) by mx.groups.io with SMTP id smtpd.web08.14882.1624902235036224717 for ; Mon, 28 Jun 2021 10:43:55 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EC9SFDNRPPJ5EV2DxY/lNm5STaPIC/1Y3MgphrDpUAhpmwGxq+77LJyJ9L2XVB2eC7A/HJNx+aYZTE3JsMqsmRlrq6sXVSyxK5d3fdSjm4nLpW3sQe69z6TMllz9xd/Bs8BXrVfeH/iOkky7fR1TgHxpboVAsomr9ewL6b9ZA1h7sl8LjDfHdnfR+576UICRpjjWjVpi9Cyb0qFRfE382aAVSKr5ZIcVxB67NVHnwpJ1QBqz4T/zzgPXlu6A/mMectxygu8n4QTe13ge3cbiTXEmHX5OFDp5hGM9P+6EIJT29O+n/FAxWZcidBE+ZjH0ArJoBwv5N8I3XX/qv6JkBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sDn0435vUWKMQxJbw0YukzI00tb18Vtbz+3wBEbKwS0=; b=InGgcgyGScz+wdxq0B9OH+1pFjSkXYCtj4CyfJZdQLIKD8gdOs8B/JaXA7yhVYLAWyy2CuZyHnnVIzU03MfFVOwU/cl5z1lN+qeEPiCKZ3o3HYRuI6SiUNlnDEEz0UvPBDUVCFuulfjMvljQBNcB9x2o4U64gk/ckFQmRw0MyK6NOjy4WIWabxbX7MFGrkWsnYWEELr2zTy8zuitvwPt4KKzHqwniWP0xJk+Vr2k4Hn61HPp0spzPWLaLO0dH9vDpA10MpQUbXj/oAwdlADknprwoEj3a1wDxp3egFCQtY7JKDKpYe105UsK9nlhauM1mj/gwvGVITu4HYfQIznouQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4761.namprd12.prod.outlook.com (2603:10b6:5:75::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:53 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:53 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 27/27] OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table Date: Mon, 28 Jun 2021 12:42:23 -0500 Message-ID: <20210628174223.1302-28-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:52 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cb3a662d-e3fb-468d-aba7-08d93a5c4ba1 X-MS-TrafficTypeDiagnostic: DM6PR12MB4761: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: k7TvsXGGe/daxwRWFf9sw4Jz1pyVEJZ516Dsw0cRsNcL3bWq3kbqzjlxFTkRyTmZhETRlY+403xiJs9ANJ0Jfg15TgqahFKoZ93OzdtF+g9Xt0TIdKMXXdN32PIBahE85tnjmdQu2O5EXbAD/QwJ4LBjMDrJbDCSNNs6uVV9hC03mvTDulT8wVQli3ShMT+EIHVQO/4xyc/lBfdzrw1ZU6U0JBmFh54QarmEWZE8IJr2QFp7xIRoVpGoetfNnKNd4OMfwqVprWPkzNv86+g3qnlAGopG99ZnmJ7E6AM7IQ316k8yD/RcRROJ7/49LCc+1WPFUuybMOmrYDBWhIP50pfl1nwnQ8rFsSWZe57xGZwP3QNfxtvAWLg3GtUuDUqX2G9hKJdYOdNhSkLfsvndq+jwOeR0a49Aea3NTTdiGctPNNO5ykqBFtnvUDnQJp7f7AOCf3pCj+a+/yZ4a6tRo7OiPMEO+1oJHBtaZWnO2jgcfkf0DxeGKRnHAU9P9bzsWnNEivcPqQiRZDcQy0f3oF2m4y/wzV34Lk0gpA+N+tTvnWym4QKcZRz9IXTgyeoX7Rss0R8u4lAD+3EMzypLxl73iYDo9dZVGKlNQ7pkU7a3zppJdHU213mHbEs7X2IY76sbC6C+Vbkxd9fL5drSleg9k8FctaaeLqkf/l25OmtFVlrNFdcTlB3dlqd4vF2A3rV7cpBeU57K5DUM3Ws7YKU979SBPov8cjLhCBbs1f6DXos0yiVSRtQO4vq/0nYs0s9Hv7SDaqQC2UD0GkdI9OUrVNBYT5/K69qVccyhcF1z0U0j5ZU28GrUylAoxT8l X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?e1sNsa8iADjbZcLPA0cIffvDX0g8xf8aN7uTFw8hhCz1fsQMk1lIdCOR3Gyw?= =?us-ascii?Q?h3bfGUdulHj+zDW5iajqPYxXAcoKZsw+rXj7trkFXORfY+s98dKn2Epbqnf0?= =?us-ascii?Q?xGOA/shCC7wf0zjwywFBUmL3Ug+OrPKV35BqUKKtVeT3JDYoPLq0SRwdGzd3?= =?us-ascii?Q?8mS6u7injWmogR6Bk30ROp9y6hBUMTtz4UJuuyMdtX98MSXA4BUd29DQ50KF?= =?us-ascii?Q?1YyD7STLA2mrsv3/v1a8MUe5+KZpMHcAJFLDvrM52F1f0Kpstz24ujz4Y7UQ?= =?us-ascii?Q?baK9BVXFYxuX/grUzkW9sS3fC1M/c7bCdF+5nG1UjBAYsUn//oLy7mOaQ2ES?= =?us-ascii?Q?tqrwb/7sevy04/iHToIogoXEyom5JsbZ5rY8OohqprBhbcYYTewegK/ZjvNc?= =?us-ascii?Q?LGJf3a0jFuHHZ/6PN6X6Ojey5RZnQz48GHU98Pz0tlHn1e9leztrk4F0aZaj?= =?us-ascii?Q?Cn/f+1bnAVDLKEHaKcZdgM72Py0A2gAkYlIsSdqpqqqN0hExz2yzOL/KZn5S?= =?us-ascii?Q?QdStZJH0cnAC8Hr5rpy+Z2JkA3uFWt3tbSo2hh6r97XtXTD0VVlb/16CPejY?= =?us-ascii?Q?tgCIijBtx6x+1xYfJWtthbokbI8vuqMmqu0k2RZcIAWyb6WzGwvYrmcO10rw?= =?us-ascii?Q?qJhethO+CVzq0IQR4gz/xqeOqH9m6rZ6h1cD2xv0U7CisT9jOyjZNsv1lKX8?= =?us-ascii?Q?JW/kpLWJF66EYR90dxrmTWmEE4bxRg8X2noNlOjK8ov1iU0nknzczICIrJVy?= =?us-ascii?Q?cwfM/nsJB3Ebw71Wk0L7srkKfx4O+IyRHBpRJGwZvq7BX1jLEyPEauCc+iLC?= =?us-ascii?Q?hVTwQJFiJlSGplpxQSHiAd//ISTBtAlEMgloficISYXVW+byAD0BkSyBw1eJ?= =?us-ascii?Q?R22uEoAFxY4+B7w4FBU5GYuROZamZBwJdAfJ0u5nNFu0/OgUSnWmC56FJ8fJ?= =?us-ascii?Q?WrmzlBxIjQTfVXYrPXaNMgl2StEe6HVGNAd1wRXIzYPi7XUwRo8aYgnTeRJL?= =?us-ascii?Q?GnojyemWREauFfsJCqn6ICqhu+6M5tuGLCHapDA2oTwAu+nyZfvsqzerK459?= =?us-ascii?Q?kPlEUa8MxRGgvHYvRVyBPN69ctVd5AGWCY5LjqqwATkU5dc6I5MtYHB61NIJ?= =?us-ascii?Q?r3V2P42rBZLz6m3hWuo6vzQ/DLW1yVheE30OgSBYUSN7Fs2MH24dFvnx41P3?= =?us-ascii?Q?VswQ+zWenS/BmZtlex1QN4VYHrwCT+XVnBle5L7fbfB6/3H/EFC3qQkOCvmf?= =?us-ascii?Q?uUscj5DlMP2GX8336snvJk2UGS6m94NrVhyJ/qYjJ825LL1S7Jo76MeA4Lqq?= =?us-ascii?Q?2ol49XEEuw7D9LoH5dDqot8s?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cb3a662d-e3fb-468d-aba7-08d93a5c4ba1 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:53.1523 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6vK0rWIQS8oX/WL2CrXyWVwK+H2AZrfbi6a+/AjYPgzCn44QeCrxPf2XE77iqI9H4B3XvRDeTb3WdmUer3dRlQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4761 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: eaNEcK0rzf8TcOQ8g8P6dfwex1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902240; bh=1TCgxmd3OCEvXD75FF73v6+3o6KQqBH0lpErs8NP4jY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=f4K2fgtE/S8loJi6WYotDGNUuM2a3qo1GdoJ3UAxeQv3WsJp3XRCi+ctzWxCi5+TT3r r0L0yIpL0mWyd0+5jJx/UE1yqUG7j8PMecBQweKCynzMSgqvnXX3Iqzq6dSLDFiRQDycM UYppcWWb0723ouhSbe2Lkb5Ihw5kEt156LE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Now that both the secrets and cpuid pages are reserved in the HOB, extract the location details through fixed PCD and make it available to the guest OS through the configuration table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 1 + OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 7 ++++++ .../Guid/ConfidentialComputingSecret.h | 18 +++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.c | 23 +++++++++++++++++++ 4 files changed, 49 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index afc559d74335..42ad88fc5622 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -122,6 +122,7 @@ [Guids] gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {= 0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {= 0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid =3D {0xadf956ad, 0xe98c, 0x484c, {= 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gConfidentialComputingBlobGuid =3D {0x067b1f5f, 0xcf26, 0x44c5, {= 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 0676fcc5b6a4..ee1f8e4ff09a 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -42,6 +42,13 @@ [FeaturePcd] =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize + +[Guids] + gConfidentialComputingBlobGuid =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId diff --git a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h b/OvmfPkg/I= nclude/Guid/ConfidentialComputingSecret.h index 7026fc5b089f..aa1a3b015437 100644 --- a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h +++ b/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h @@ -18,11 +18,29 @@ { 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \ } =20 +#define CONFIDENTIAL_COMPUTING_BLOB_GUID \ + { 0x067b1f5f, \ + 0xcf26, \ + 0x44c5, \ + { 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42 }, \ + } + typedef struct { UINT64 Base; UINT64 Size; } CONFIDENTIAL_COMPUTING_SECRET_LOCATION; =20 +typedef struct { + UINT32 Header; + UINT16 Version; + UINT16 Reserved1; + UINT64 SecretsPhysicalAddress; + UINT32 SecretsSize; + UINT64 CpuidPhysicalAddress; + UINT32 CpuidLSize; +} CONFIDENTIAL_COMPUTING_BLOB_LOCATION; + extern EFI_GUID gConfidentialComputingSecretGuid; +extern EFI_GUID gConfidentialComputingBlobGuid; =20 #endif // SEV_LAUNCH_SECRET_H_ diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index c66c4e9b9272..c59cc28cf6f5 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -17,8 +17,20 @@ #include #include #include +#include +#include #include =20 +STATIC CONFIDENTIAL_COMPUTING_BLOB_LOCATION mSnpBootDxeTable =3D { + SIGNATURE_32('A','M','D','E'), + 1, + 0, + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfSnpSecretsBase), + FixedPcdGet32 (PcdOvmfSnpSecretsSize), + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfSnpCpuidBase), + FixedPcdGet32 (PcdOvmfSnpCpuidSize), +}; + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -130,5 +142,16 @@ AmdSevDxeEntryPoint ( } } =20 + // + // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_B= LOB. + // It contains the location for both the Secrets and CPUID page. + // + if (MemEncryptSevSnpIsEnabled ()) { + return gBS->InstallConfigurationTable ( + &gConfidentialComputingBlobGuid, + &mSnpBootDxeTable + ); + } + return EFI_SUCCESS; } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77214): https://edk2.groups.io/g/devel/message/77214 Mute This Topic: https://groups.io/mt/83850732/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-