From nobody Mon Feb 9 11:06:16 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77198+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77198+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624902221708364.7300870362799; Mon, 28 Jun 2021 10:43:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 85U7YY1788612xDAVUw38FAH; Mon, 28 Jun 2021 10:43:41 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.64]) by mx.groups.io with SMTP id smtpd.web12.14897.1624902215592079336 for ; Mon, 28 Jun 2021 10:43:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OrDh8lzWvog4LzMex/oNrLEs99xoarbHvs2bfEQE0RhwTb8y9mOaAm6jzbfDDET9u/IX/WImBTaaoGlvFGxQ/YN9+8JVgB0rTq4sn2e6N7JbobBRDjD1wh9uIIW/s/TzzxZosZfATxznKHNE9aEvuFJQGrNFvHeCjUMccNojDMjMfYWBdpvWYD/JugT2qyvZmaDxw0NY6TJpinxBrNDVpFEtFq46sxo10npC2bmCZ0i4LUGDXmz4UZXf5D8BjGGvvJc1VRBXwX4bqe0LYQTSVrVT1HaqLYmoVw+DQeAA+ReV01CVesMwi6yrRudHN3u8wlq2gzyr9qRK4qEgSxutnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WVGp0Oa2Zfjw4vyKQPpZbKR8L1k0ZEJkZuoTYYbozfI=; b=enshCOTpwwLQTaQhxHQ93vR3n9zQXp87ykYzI979EdP0ACNe6bB0+T/g/nuuXj1cqigGWJ4G2k9Cq8f7xSyVETJ0nRBbqwOQ4qJ/ukPw0B5CHau8SXTqwoW9gGGui3bHLmbx2r/fZorUPO54w/r/D/AEOxkNgqlB3v2PdFhBeW2yb9/cFy5jDSlGiipaWW1ASlX0bl/rVQyWPKVPsDofpcdWrsH2UcycCBcTvhY26Co5oeqiGpWuofar8/SsK3gbfZMNTJouJLUW66hjliw5zNWgrI98cc86dpyfLg8IvwJu1Qkm5qq+x1oDslHD1petFmx1TGU77+4mV7MeErQnNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:34 +0000 X-Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:34 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [edk2-devel] [RFC PATCH v4 11/27] OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest Date: Mon, 28 Jun 2021 12:42:07 -0500 Message-ID: <20210628174223.1302-12-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f3542c6e-ba6f-4a91-9bb7-08d93a5c403a X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: iPCPDOLk13xrbs/eiwSsxi2lZ3sgJ4ShNEo+WvTQMIKZ4CtDSaHC2+ySNu6/EoF5dwPP9BnDBmI/+ZJlRkbx+rfC/TIDI72AIle0UqSuEzF8ObqUSWy08J+PvwcWu2zMEb+lIzvuOJIzLsOzD5lso+hHKMw367KQc+EAb2v8X3tSUMX5Y6vcpiNUpcI24zaL9/w+40LYu54vhiBvV/fgmoplhnoJvuAP3QNBZjvToI4wuS2a7neEGRbjfpGnLzN2p2S0VeJnhjnLFzJcE6SOChGlyKLpUDW8dKn1cpuOU83/vPuVWqtWNSaFgB/74Z622HCteqqY5dQu9eJGlzLQub5kxP6ZnFoc3c0FcKrLHB1P2PjE6afJazq100RiIDb5S9xvBCIjr9nL/rZQZEGYLnSkgrAWICldF+IOQ9CHqjBfrSxfDw/n+BS5W/TimS1QrXDfNT2WAO03PBw0mn34aF4uqEXXWyKZFbT0gDtbW39n6kxJk4n1dlDP/mkJ0iRFzxbEFNT1y9YcqExXOnhA5lfWCLnb3xHZeoYsR/Ky4OKe8I7Ojy8gAXJG5jbjt7UwG2gVWwnYBvBF5NARcXUo2YiAEwMWS2ZPJuVrg6vDhkG37kZYWUmchGluFUQmTWLo2IdHfV1DMv8EEfFQUXdVIxdSmN2cb5c6Qm33k5eAZN8vf20N73v0c2SdbYiXiUogz7MgZq8CULgl5ZqIpd7R4Ocg/83obBKr98uWnUCzzk+9RzjzP1DAoPeO/KeswdV43wseLKQ8W0HB45+7Kchy5pXacrcSR9osRDN7320oDpA07Kjn6+hSTwmnBihQ3KUsnyzFtywiOue/FvMHMp3ovw== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?vu4wcEW6T4NDE+3sRWkjGEKrFCV6gDLrpbyJIA2U3chodhP6WgyRdQtLYWGv?= =?us-ascii?Q?JFdXP1W2yZpNmZx+F4CyLoG0nWiC9VCVVF09IW7itDyPO7R/caPKM9ecvq8F?= =?us-ascii?Q?36TJk514LKjqu89hFW2fYdioHFzjH+rHY4MiFndWb23qmdtGwvShn5ZnWS9D?= =?us-ascii?Q?Ynahq/Qn56IMGeh+ZVWhnaLkn134Z8PFjoSewj7Iu/ac/XAvnJ3A2y6/RuAF?= =?us-ascii?Q?I9Sx43iuIH90wPrTqn12SPPhWVVO28VttZUyoqGho/8zbZ35LxjwNKROPJ7n?= =?us-ascii?Q?E2dWOwGNqVofM0L2kMHEnm6ARE+CJEx0hN+nBnghi9qNXlx+be7tu3p8V3+e?= =?us-ascii?Q?l6IDlv4sW8Ld1IZiKUVZebuDtbNJ7+IOvDUOz53JlFPiCzpDFW9/iV/5iNX9?= =?us-ascii?Q?AhwqTeT9zjz0YH+9EVv+4gOsJqz+IJe+lDTZRWftjk7xFVa3H6Lx1HKEQ82w?= =?us-ascii?Q?vtPqXqiWVlP3gdGoGtv1WDCz6adJ2Gi95wmkzC/K/0rujKOeQ8rvRr/BE6y5?= =?us-ascii?Q?ZPnhVOy2qLxrhYgAbpBKZ2Ay8mLPZTwuJqxnS45fzvcpgzRaOsnwg78dK/Ez?= =?us-ascii?Q?mZgsKZ3YT7nhR3auY7xZuvZMvUeWI/9ssRI0kkHspo7gSztWhJ46lUcudyWM?= =?us-ascii?Q?Oy/U0Vn8WJnEyLprlHLavi87YaHXxOKGp6Z7Tb/JJIgR2wgycTutfpFX+iSK?= =?us-ascii?Q?yNuokYtphydnz0D0UlnM4a8ewxw513+/4N4RmKL5Ph3TkcntyRdYH0mZ4mKJ?= =?us-ascii?Q?BO133mx0+0VMv3jslcaJ4nkHozqOnVE9l4Z/lApO4Ghi3hQeE7RSeGool8l7?= =?us-ascii?Q?PcxbDLA99ekfiKxADtIP4ABeljZ7mxUlt+HJNje6IGu8V7xYSDrYCnqzGb1F?= =?us-ascii?Q?EZtI4DDVzkXspQFc2pyUvCShtg6Bsnunn/0t6F9Kp7IKiRVXxtsjC549acic?= =?us-ascii?Q?OvGrG8gvN/kxDxAFGc9YJEfkSyXUF8MhAnVeHI7oLRaQ+6mymQaP+rDCQKjK?= =?us-ascii?Q?lUDWOULF8NTcVJWGz8pJJQp2ZKZGTisHAzkEaMaEUoZtALKr4Meo9RHIOImv?= =?us-ascii?Q?W8ZXXQuhegesAPbP1Je2k1uPab+nqFhrJywgdNO/1o9p2tkgKnqNWL/uGfOi?= =?us-ascii?Q?/c0CLRTfDNXp9Zu6HxiuZOARrv4VpLAlfxUhS3nKbxSFKEkanM8pDBjSbCA0?= =?us-ascii?Q?DBVDvRbBLyGDGQhfzna0f1qnRUhevLlJ+/Ckkp5Oi33vFTV7vrAoYt5tYSh4?= =?us-ascii?Q?Y01l34ivsgQmoC9xp3w3darEx/VK+ppn2ZZUo0awU0tuzvnYEFfV9MqUYX03?= =?us-ascii?Q?K2G/hQt/xhN80TVa9kNQuWMD?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f3542c6e-ba6f-4a91-9bb7-08d93a5c403a X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:34.0439 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Hk9M4wk901oF7+GpvoT5n0VkuptBnty78F1YZFoz2i+ezoJk9XHEL2S42mONrqGCSkk1yyEb9Nx7Xi3Y/aQrUw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: L7XLYoFu0uGMlmdHwltro5QRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624902221; bh=TE7nMj6VK+5tSIyjwtMKnLuwgasRIXsOUyHxi27Eyyg=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=EScwDdgiZm/kRd5pQxyBZvdsd3jC6wDWZY66AJGCCzJUDH2dZihfgQkr4ZqLP4B1uu1 bJJ8Sw+56KTJx3XWtrKucJBcbtVdMYZA5CRwOUWKDDoMJO4ukr5uMdg69RbDnKZI5QOCJ G+u3y0HKnfB0Ay2fjW9VyojMpPK812W8h48= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Sec/SecMain.c | 84 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 9db67e17b2aa..c10441ddf472 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -750,6 +750,79 @@ SevEsProtocolFailure ( CpuDeadLoop (); } =20 +/** + Determine if SEV-SNP is active. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled + +**/ +STATIC +BOOLEAN +SevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + // + // Read the SEV_STATUS MSR to determine whether SEV-SNP is active. + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + return TRUE; + } + + return FALSE; +} + +STATIC +VOID +SevSnpGhcbRegister ( + UINTN Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** Validate the SEV-ES/GHCB protocol level. =20 @@ -791,6 +864,17 @@ SevEsProtocolCheck ( SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); } =20 + // + // We cannot use the MemEncryptSevSnpIsEnabled () because the + // ProcessLibraryConstructorList () is not called yet. + // + if (SevSnpIsEnabled ()) { + // + // SEV-SNP guest requires that GHCB GPA must be registered before usin= g it. + // + SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase)); + } + // // SEV-ES protocol checking succeeded, set the initial GHCB address // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77198): https://edk2.groups.io/g/devel/message/77198 Mute This Topic: https://groups.io/mt/83850710/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-