From nobody Thu May  2 19:17:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+78242+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+78242+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1627409459608975.8041433230527;
 Tue, 27 Jul 2021 11:10:59 -0700 (PDT)
Return-Path: <bounce+27952+78242+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 5uJTYY1788612x03y8Dj1hKy;
 Tue, 27 Jul 2021 11:10:59 -0700
X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com
 (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.64])
 by mx.groups.io with SMTP id smtpd.web12.5354.1627409458599534602
 for <devel@edk2.groups.io>;
 Tue, 27 Jul 2021 11:10:58 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Fi4S97TLs9dy0OXoyAfh7u9gIOqsdVFuUH8gmLlKrXdjWkV07SCc21XjHqTjutfZpoTmHb0lw9tqF7ECDSjtpcyjmimTxj+VpI/V8pBsOnIjHBP9d2qPPm4OznRHFI4yy80WwCp1Xs/fQK7SA9+YmTTOtcitf4gnXgGwZH0TvR+m9prBmcAEB+NyoRAZCDOjOsBZHxZAvSz8qK+rUJmCLQMCKezeRFZ+ht+RjeBtwodW6C6i2BX4phmu9Zg1sdAbMvsMtLcqJItmw7Yq/h+xU21Kl1GpmljDWFZfcc7pEQ4TMHGWYCTqEj8WqSjSJNBAivBLsrkPuaoGEwXYSR2Z8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bOPKG7JiKafe1qVJsZi/Q2izihbfC8LwZGn92X5PiBw=;
 b=A7WLneb1JZvT7CWG9il/gAqAB03MjxgzRAqbUpTFg0Fgo7G5TwJ61BepV0YvjxImLTCy5DZU1Jl48f7I8CGfw13zWIfVz1X4nfxBI+h9ZGMQifRJjB3rL57rYC2i7gf8XYKV92xxqJ2vmRloZk2ssEhnHMfQETNdEanS9IJQmrGrTe5XvmPbvPvWoPqCIazCYKhUUvsB0no+UjTVuRb1T7HqgO4zWFul3j3kRxPnvMxe/YIA/oLlIlRnlPpWvoEhAbPsntm8vS1aXRKQlfExhl5V6li0Y7pbZRMVWW9FEPmO/DcnyrEW2yL1BBuMX0HQZGny3tsKkp+6HZYcbgiXSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
 by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18; Tue, 27 Jul
 2021 18:10:57 +0000
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4352.031; Tue, 27 Jul 2021
 18:10:57 +0000
From: "Brijesh Singh via groups.io" <brijesh.singh=amd.com@groups.io>
To: devel@edk2.groups.io
CC: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>
Subject: [edk2-devel] [PATCH v2 1/3] OvmfPkg/ResetVector: move SEV specific
 code in a separate file
Date: Tue, 27 Jul 2021 13:10:22 -0500
Message-ID: <20210727181024.28770-2-brijesh.singh@amd.com>
In-Reply-To: <20210727181024.28770-1-brijesh.singh@amd.com>
References: <20210727181024.28770-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA9PR13CA0162.namprd13.prod.outlook.com
 (2603:10b6:806:28::17) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by
 SA9PR13CA0162.namprd13.prod.outlook.com (2603:10b6:806:28::17) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.7 via Frontend
 Transport; Tue, 27 Jul 2021 18:10:56 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6f8f2dc1-d471-430a-4f63-08d95129e16b
X-MS-TrafficTypeDiagnostic: SA0PR12MB4349:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <SA0PR12MB43497C0151C1B315B5A7F134E5E99@SA0PR12MB4349.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6108;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 fxBEZ/lhhLoD5Wf6+NJap39dA9Q40PdVU69Xt8IbGEaIpiN8v6MCw9FUNnqcOYp0kWVHp1PRd8VKdMx17Z/xbS80gj7+9JoCko5g1+qpKF9olZBPUYFKeSON3Ze0w4idgGhFHsk4H3Fq2mCSHfZn7XdzXPOmVslAI7Ok9xTcapWQwNQf1YULkV1K94QpTSJDGb0hD3ItE2V2JSTF0S2J9POCgUFfLUet32MKXdmhQM7Dvr2L2A43jma3NaVGqLLAxf2iPBH0SgpFuuk818T7KrnP7ROGKOsLlLyOuDRMxqCMGpdFDc9XWLu+1oYErTXoNcpMu5OnO/wI8KA/c7ZseZLJmsmfrZgFyX06mYyY2lwNMfoBZaS8nAptz4D2ByKi//qWtV0/IgqW7efncT7l+JekjOMKLW4qjRJW0PyxrRrMTilD1BaKpDfGIJCqVW4hxnWfkZfHZLQsHtukW28BrYd864dLKV0sHJzmYHG9HC6Gaxge8pqF6lEfr63U6BcOOK/OGvahHHM6qhxS4o06KZUVHU7PB20H5db+fbAsHn2fBfX1wf3VxgByCtP9USsVv+DWIk5BJTXRoGooY4gnzWhtd7Me701heycJCZkKyVj/tuxS7km84YdANvsinizWUKZ7GC8ai8cQhcBAiu3A1XQKDwThrF+47lHiUtPFRG5g3x+BpmqBPPx7MDR0/jZ7kwWmsk9m5AWePrSn9FXZxYnKrQemDiDAEnVH6LyQBGqZ4HME5iXC3furiEy0v9y5wPe0vKEUnvklGao091uLUV1gzkNcjFvCnU6uJXPvRCs=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?LVul5oe9hg+tS4wm+gxfHduhOQuoufPz8t7/5IMjAgJm0mMHbRJHogF+teKL?=
 =?us-ascii?Q?HmUz0fPJ297uJmwbBS+oPM4MU6r6nx2WOo9TyLWUKZfgI310RJ2LcrWL5jvm?=
 =?us-ascii?Q?m8LGMBg7tecuiPzfRFShjkONm74medn6uN0b4H2WxmvIiT+3ckGNvjbN62cS?=
 =?us-ascii?Q?MZAy/zXdf1k98/0cw69dUbKMd+GakrPdPUVz0JYMElShsmI0OZjSxSrdmYCD?=
 =?us-ascii?Q?J/krxo68YwBSF6WEPYpWuTgD+/+3j5wxhSasRTqsXMoR9Nw7y00EEioT2hZH?=
 =?us-ascii?Q?ArfhTwTBVZvbPO4P3dPMZ7XG3fxxUfWT9XD5uga8bz15B0OwDHX3ZBn2DmZ/?=
 =?us-ascii?Q?W8VXrUznPnIv7VErPd9yBDgWkwrGmgnzp/YSPjQ5qw60Ia0mIVJGHhoTvOhn?=
 =?us-ascii?Q?Cz/IiV69lKvmP0bv03xXvBllQrX+civrYRjDffYAk+lp7iyHWi6kZcwi5Yyw?=
 =?us-ascii?Q?5WRHNiccG6a0ZA5u4R9E8gdwtdwmglL1Wt8Zv3RrDHUPev9I2Vp57mjDDel+?=
 =?us-ascii?Q?csW7PiIQOEOg28mZe2EhGC6eCwW9PQJWunVCdEq1zhE7bIV3AT0Fttsjzb9U?=
 =?us-ascii?Q?3L8a59QiGto3bpP/BLkeO41LKdo5/3iu7A+sZ4yVqomcBtSPPdhFb1fCWdo8?=
 =?us-ascii?Q?ojz+AvEmfyOQdD1c/PCFqhOi3sfn+EUcE0IDPwrk6NjXlCSmysFUQD9tjamO?=
 =?us-ascii?Q?q8DcvDZ5ZQR2E5N2I9JVpOxHvtwfIIOaI98qjIRks4KRdxXF2CwnG15qEb1w?=
 =?us-ascii?Q?t3F8quCbCWxyoai10thLJfIMDXZ/LQFqnpO4lMPsuOIITQwUnw9z4OEpy1jS?=
 =?us-ascii?Q?RHg4AzqufYqpERDKnnyUqDMPWt1EMzwMBG3oQf/ziYv+eYwPBJ6VkvoBKdYA?=
 =?us-ascii?Q?uuL6B8jdWtObJfiOPzMgyVaseViXGfFUTEM5TkAPDweX1vQxHkswVOnYQWFi?=
 =?us-ascii?Q?y8xEkXRE4WFZwZIqa+FqfQHvEyLt0SoJ0RBjbtWUxiReG8SAUllUbhKwt2bl?=
 =?us-ascii?Q?Hdusckeb9+8flrQ5r+iX/EWDxdmKjlV0g2MmYPT5mLk8qBRRIIH2zvj1o+J3?=
 =?us-ascii?Q?uyakI7mtVL56OW66/zSJqXKx/hd7imxXnrStvuSNQcD2w7ALgYq8XGEL//Yo?=
 =?us-ascii?Q?fdQawBopR1nqowyTJsYrWRS/JJHOMJVc9H5dzKkk7BXIO7h+lgswipO4JlRN?=
 =?us-ascii?Q?rsWGJvIFFXt1CziTVJ74DnND8IQ3u0kkPpJx5SP2LPmyk//An9IQmKvQ4kov?=
 =?us-ascii?Q?6mbpAOS3T/TwwCPp05lS7d4muNEb1Cmf7lzSpAYfGv2dJfxaqMLltej9RaA8?=
 =?us-ascii?Q?P48M2iprdHmmN/ZLRDDgh6Or?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6f8f2dc1-d471-430a-4f63-08d95129e16b
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2021 18:10:56.9349
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 0wA4HDL+EqyR2bDus7Q/z86E6Nk8eOUSbbmXwvkALfHwHjKUuo/IUoBc2fQWrDcznsTGCQw1rydpLcRBYPeHew==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: Dwnsbp2KL8I2fAOdLHaBSSSzx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1627409459;
 bh=2vVmVy72xeuPZpDCJ/dve5R34dFDBGQonuTNNVCwea4=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=WrJa8J9QM4WROlcXCApnkAwFMgZ2cHqKb9plQT9wWCZUlP1g7Ra/jlhMZskkrX3JyKX
 PyyNtMFOlmGCmbbO3+dmaVBeMEf6Txqyi6gAgxwWBJ18L0P0iiobEpfh9Q1Dn/YX682EY
 IFh0FaE/hjJz6S+Hsz9qaTXWKHcZtymi4Wo=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1627410363559100001
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The PageTables64.asm was created to provide routines to set the CR3
register for 64-bit paging. During the SEV support, it grew to include a
lot of the SEV stuff. Before adding more SEV features, let's move all
the SEV-specific routines into a separate file.

No functionality change intended.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 .../Ia32/{PageTables64.asm =3D> AmdSev.asm}     | 145 +------
 OvmfPkg/ResetVector/Ia32/PageTables64.asm     | 391 ------------------
 OvmfPkg/ResetVector/ResetVector.nasmb         |   1 +
 3 files changed, 3 insertions(+), 534 deletions(-)
 copy OvmfPkg/ResetVector/Ia32/{PageTables64.asm =3D> AmdSev.asm} (70%)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/AmdSev.asm
similarity index 70%
copy from OvmfPkg/ResetVector/Ia32/PageTables64.asm
copy to OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 5fae8986d9da..2c9d990af55f 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -1,42 +1,14 @@
 ;-------------------------------------------------------------------------=
-----
 ; @file
-; Sets the CR3 register for 64-bit paging
+; Provide the functions to check whether SEV and SEV-ES is enabled.
 ;
-; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.<BR>
-; Copyright (c) 2017 - 2020, Advanced Micro Devices, Inc. All rights reser=
ved.<BR>
+; Copyright (c) 2017 - 2021, Advanced Micro Devices, Inc. All rights reser=
ved.<BR>
 ; SPDX-License-Identifier: BSD-2-Clause-Patent
 ;
 ;-------------------------------------------------------------------------=
-----
=20
 BITS    32
=20
-%define PAGE_PRESENT            0x01
-%define PAGE_READ_WRITE         0x02
-%define PAGE_USER_SUPERVISOR    0x04
-%define PAGE_WRITE_THROUGH      0x08
-%define PAGE_CACHE_DISABLE     0x010
-%define PAGE_ACCESSED          0x020
-%define PAGE_DIRTY             0x040
-%define PAGE_PAT               0x080
-%define PAGE_GLOBAL           0x0100
-%define PAGE_2M_MBO            0x080
-%define PAGE_2M_PAT          0x01000
-
-%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \
-                          PAGE_DIRTY + \
-                          PAGE_READ_WRITE + \
-                          PAGE_PRESENT)
-
-%define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \
-                          PAGE_ACCESSED + \
-                          PAGE_DIRTY + \
-                          PAGE_READ_WRITE + \
-                          PAGE_PRESENT)
-
-%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
-                       PAGE_READ_WRITE + \
-                       PAGE_PRESENT)
-
 ;
 ; SEV-ES #VC exception handler support
 ;
@@ -213,119 +185,6 @@ IsSevEsEnabled:
 SevEsDisabled:
     OneTimeCallRet IsSevEsEnabled
=20
-;
-; Modified:  EAX, EBX, ECX, EDX
-;
-SetCr3ForPageTables64:
-
-    OneTimeCall   CheckSevFeatures
-    xor     edx, edx
-    test    eax, eax
-    jz      SevNotActive
-
-    ; If SEV is enabled, C-bit is always above 31
-    sub     eax, 32
-    bts     edx, eax
-
-SevNotActive:
-
-    ;
-    ; For OVMF, build some initial page tables at
-    ; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000).
-    ;
-    ; This range should match with PcdOvmfSecPageTablesSize which is
-    ; declared in the FDF files.
-    ;
-    ; At the end of PEI, the pages tables will be rebuilt into a
-    ; more permanent location by DxeIpl.
-    ;
-
-    mov     ecx, 6 * 0x1000 / 4
-    xor     eax, eax
-clearPageTablesMemoryLoop:
-    mov     dword[ecx * 4 + PT_ADDR (0) - 4], eax
-    loop    clearPageTablesMemoryLoop
-
-    ;
-    ; Top level Page Directory Pointers (1 * 512GB entry)
-    ;
-    mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR
-    mov     dword[PT_ADDR (4)], edx
-
-    ;
-    ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB)
-    ;
-    mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR
-    mov     dword[PT_ADDR (0x1004)], edx
-    mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR
-    mov     dword[PT_ADDR (0x100C)], edx
-    mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR
-    mov     dword[PT_ADDR (0x1014)], edx
-    mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR
-    mov     dword[PT_ADDR (0x101C)], edx
-
-    ;
-    ; Page Table Entries (2048 * 2MB entries =3D> 4GB)
-    ;
-    mov     ecx, 0x800
-pageTableEntriesLoop:
-    mov     eax, ecx
-    dec     eax
-    shl     eax, 21
-    add     eax, PAGE_2M_PDE_ATTR
-    mov     [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
-    mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
-    loop    pageTableEntriesLoop
-
-    OneTimeCall   IsSevEsEnabled
-    test    eax, eax
-    jz      SetCr3
-
-    ;
-    ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted.
-    ; This requires the 2MB page for this range be broken down into 512 4KB
-    ; pages.  All will be marked encrypted, except for the GHCB.
-    ;
-    mov     ecx, (GHCB_BASE >> 21)
-    mov     eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
-    mov     [ecx * 8 + PT_ADDR (0x2000)], eax
-
-    ;
-    ; Page Table Entries (512 * 4KB entries =3D> 2MB)
-    ;
-    mov     ecx, 512
-pageTableEntries4kLoop:
-    mov     eax, ecx
-    dec     eax
-    shl     eax, 12
-    add     eax, GHCB_BASE & 0xFFE0_0000
-    add     eax, PAGE_4K_PDE_ATTR
-    mov     [ecx * 8 + GHCB_PT_ADDR - 8], eax
-    mov     [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx
-    loop    pageTableEntries4kLoop
-
-    ;
-    ; Clear the encryption bit from the GHCB entry
-    ;
-    mov     ecx, (GHCB_BASE & 0x1F_FFFF) >> 12
-    mov     [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0
-
-    mov     ecx, GHCB_SIZE / 4
-    xor     eax, eax
-clearGhcbMemoryLoop:
-    mov     dword[ecx * 4 + GHCB_BASE - 4], eax
-    loop    clearGhcbMemoryLoop
-
-SetCr3:
-    ;
-    ; Set CR3 now that the paging structures are available
-    ;
-    mov     eax, PT_ADDR (0)
-    mov     cr3, eax
-
-    OneTimeCallRet SetCr3ForPageTables64
-
-;
 ; Start of #VC exception handling routines
 ;
=20
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index 5fae8986d9da..eacdb69ddb9f 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -37,182 +37,6 @@ BITS    32
                        PAGE_READ_WRITE + \
                        PAGE_PRESENT)
=20
-;
-; SEV-ES #VC exception handler support
-;
-; #VC handler local variable locations
-;
-%define VC_CPUID_RESULT_EAX         0
-%define VC_CPUID_RESULT_EBX         4
-%define VC_CPUID_RESULT_ECX         8
-%define VC_CPUID_RESULT_EDX        12
-%define VC_GHCB_MSR_EDX            16
-%define VC_GHCB_MSR_EAX            20
-%define VC_CPUID_REQUEST_REGISTER  24
-%define VC_CPUID_FUNCTION          28
-
-; #VC handler total local variable size
-;
-%define VC_VARIABLE_SIZE           32
-
-; #VC handler GHCB CPUID request/response protocol values
-;
-%define GHCB_CPUID_REQUEST          4
-%define GHCB_CPUID_RESPONSE         5
-%define GHCB_CPUID_REGISTER_SHIFT  30
-%define CPUID_INSN_LEN              2
-
-
-; Check if Secure Encrypted Virtualization (SEV) features are enabled.
-;
-; Register usage is tight in this routine, so multiple calls for the
-; same CPUID and MSR data are performed to keep things simple.
-;
-; Modified:  EAX, EBX, ECX, EDX, ESP
-;
-; If SEV is enabled then EAX will be at least 32.
-; If SEV is disabled then EAX will be zero.
-;
-CheckSevFeatures:
-    ; Set the first byte of the workarea to zero to communicate to the SEC
-    ; phase that SEV-ES is not enabled. If SEV-ES is enabled, the CPUID
-    ; instruction will trigger a #VC exception where the first byte of the
-    ; workarea will be set to one or, if CPUID is not being intercepted,
-    ; the MSR check below will set the first byte of the workarea to one.
-    mov     byte[SEV_ES_WORK_AREA], 0
-
-    ;
-    ; Set up exception handlers to check for SEV-ES
-    ;   Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for
-    ;   stack usage)
-    ;   Establish exception handlers
-    ;
-    mov       esp, SEV_ES_VC_TOP_OF_STACK
-    mov       eax, ADDR_OF(Idtr)
-    lidt      [cs:eax]
-
-    ; Check if we have a valid (0x8000_001F) CPUID leaf
-    ;   CPUID raises a #VC exception if running as an SEV-ES guest
-    mov       eax, 0x80000000
-    cpuid
-
-    ; This check should fail on Intel or Non SEV AMD CPUs. In future if
-    ; Intel CPUs supports this CPUID leaf then we are guranteed to have ex=
act
-    ; same bit definition.
-    cmp       eax, 0x8000001f
-    jl        NoSev
-
-    ; Check for SEV memory encryption feature:
-    ; CPUID  Fn8000_001F[EAX] - Bit 1
-    ;   CPUID raises a #VC exception if running as an SEV-ES guest
-    mov       eax, 0x8000001f
-    cpuid
-    bt        eax, 1
-    jnc       NoSev
-
-    ; Check if SEV memory encryption is enabled
-    ;  MSR_0xC0010131 - Bit 0 (SEV enabled)
-    mov       ecx, 0xc0010131
-    rdmsr
-    bt        eax, 0
-    jnc       NoSev
-
-    ; Check for SEV-ES memory encryption feature:
-    ; CPUID  Fn8000_001F[EAX] - Bit 3
-    ;   CPUID raises a #VC exception if running as an SEV-ES guest
-    mov       eax, 0x8000001f
-    cpuid
-    bt        eax, 3
-    jnc       GetSevEncBit
-
-    ; Check if SEV-ES is enabled
-    ;  MSR_0xC0010131 - Bit 1 (SEV-ES enabled)
-    mov       ecx, 0xc0010131
-    rdmsr
-    bt        eax, 1
-    jnc       GetSevEncBit
-
-    ; Set the first byte of the workarea to one to communicate to the SEC
-    ; phase that SEV-ES is enabled.
-    mov       byte[SEV_ES_WORK_AREA], 1
-
-GetSevEncBit:
-    ; Get pte bit position to enable memory encryption
-    ; CPUID Fn8000_001F[EBX] - Bits 5:0
-    ;
-    and       ebx, 0x3f
-    mov       eax, ebx
-
-    ; The encryption bit position is always above 31
-    sub       ebx, 32
-    jns       SevSaveMask
-
-    ; Encryption bit was reported as 31 or below, enter a HLT loop
-SevEncBitLowHlt:
-    cli
-    hlt
-    jmp       SevEncBitLowHlt
-
-SevSaveMask:
-    xor       edx, edx
-    bts       edx, ebx
-
-    mov       dword[SEV_ES_WORK_AREA_ENC_MASK], 0
-    mov       dword[SEV_ES_WORK_AREA_ENC_MASK + 4], edx
-    jmp       SevExit
-
-NoSev:
-    ;
-    ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred.
-    ;
-    cmp       byte[SEV_ES_WORK_AREA], 0
-    jz        NoSevPass
-
-    ;
-    ; A #VC was received, yet CPUID indicates no SEV-ES support, something
-    ; isn't right.
-    ;
-NoSevEsVcHlt:
-    cli
-    hlt
-    jmp       NoSevEsVcHlt
-
-NoSevPass:
-    xor       eax, eax
-
-SevExit:
-    ;
-    ; Clear exception handlers and stack
-    ;
-    push      eax
-    mov       eax, ADDR_OF(IdtrClear)
-    lidt      [cs:eax]
-    pop       eax
-    mov       esp, 0
-
-    OneTimeCallRet CheckSevFeatures
-
-; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat=
ure
-; is enabled.
-;
-; Modified:  EAX
-;
-; If SEV-ES is enabled then EAX will be non-zero.
-; If SEV-ES is disabled then EAX will be zero.
-;
-IsSevEsEnabled:
-    xor       eax, eax
-
-    ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if
-    ; SEV-ES is enabled.
-    cmp       byte[SEV_ES_WORK_AREA], 1
-    jne       SevEsDisabled
-
-    mov       eax, 1
-
-SevEsDisabled:
-    OneTimeCallRet IsSevEsEnabled
-
 ;
 ; Modified:  EAX, EBX, ECX, EDX
 ;
@@ -324,218 +148,3 @@ SetCr3:
     mov     cr3, eax
=20
     OneTimeCallRet SetCr3ForPageTables64
-
-;
-; Start of #VC exception handling routines
-;
-
-SevEsIdtNotCpuid:
-    ;
-    ; Use VMGEXIT to request termination.
-    ;   1 - #VC was not for CPUID
-    ;
-    mov     eax, 1
-    jmp     SevEsIdtTerminate
-
-SevEsIdtNoCpuidResponse:
-    ;
-    ; Use VMGEXIT to request termination.
-    ;   2 - GHCB_CPUID_RESPONSE not received
-    ;
-    mov     eax, 2
-
-SevEsIdtTerminate:
-    ;
-    ; Use VMGEXIT to request termination. At this point the reason code is
-    ; located in EAX, so shift it left 16 bits to the proper location.
-    ;
-    ; EAX[11:0]  =3D> 0x100 - request termination
-    ; EAX[15:12] =3D> 0x1   - OVMF
-    ; EAX[23:16] =3D> 0xXX  - REASON CODE
-    ;
-    shl     eax, 16
-    or      eax, 0x1100
-    xor     edx, edx
-    mov     ecx, 0xc0010130
-    wrmsr
-    ;
-    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
-    ; mode, so work around this by temporarily switching to 64-bit mode.
-    ;
-BITS    64
-    rep     vmmcall
-BITS    32
-
-    ;
-    ; We shouldn't come back from the VMGEXIT, but if we do, just loop.
-    ;
-SevEsIdtHlt:
-    hlt
-    jmp     SevEsIdtHlt
-    iret
-
-    ;
-    ; Total stack usage for the #VC handler is 44 bytes:
-    ;   - 12 bytes for the exception IRET (after popping error code)
-    ;   - 32 bytes for the local variables.
-    ;
-SevEsIdtVmmComm:
-    ;
-    ; If we're here, then we are an SEV-ES guest and this
-    ; was triggered by a CPUID instruction
-    ;
-    ; Set the first byte of the workarea to one to communicate that
-    ; a #VC was taken.
-    mov     byte[SEV_ES_WORK_AREA], 1
-
-    pop     ecx                     ; Error code
-    cmp     ecx, 0x72               ; Be sure it was CPUID
-    jne     SevEsIdtNotCpuid
-
-    ; Set up local variable room on the stack
-    ;   CPUID function         : + 28
-    ;   CPUID request register : + 24
-    ;   GHCB MSR (EAX)         : + 20
-    ;   GHCB MSR (EDX)         : + 16
-    ;   CPUID result (EDX)     : + 12
-    ;   CPUID result (ECX)     : + 8
-    ;   CPUID result (EBX)     : + 4
-    ;   CPUID result (EAX)     : + 0
-    sub     esp, VC_VARIABLE_SIZE
-
-    ; Save the CPUID function being requested
-    mov     [esp + VC_CPUID_FUNCTION], eax
-
-    ; The GHCB CPUID protocol uses the following mapping to request
-    ; a specific register:
-    ;   0 =3D> EAX, 1 =3D> EBX, 2 =3D> ECX, 3 =3D> EDX
-    ;
-    ; Set EAX as the first register to request. This will also be used as a
-    ; loop variable to request all register values (EAX to EDX).
-    xor     eax, eax
-    mov     [esp + VC_CPUID_REQUEST_REGISTER], eax
-
-    ; Save current GHCB MSR value
-    mov     ecx, 0xc0010130
-    rdmsr
-    mov     [esp + VC_GHCB_MSR_EAX], eax
-    mov     [esp + VC_GHCB_MSR_EDX], edx
-
-NextReg:
-    ;
-    ; Setup GHCB MSR
-    ;   GHCB_MSR[63:32] =3D CPUID function
-    ;   GHCB_MSR[31:30] =3D CPUID register
-    ;   GHCB_MSR[11:0]  =3D CPUID request protocol
-    ;
-    mov     eax, [esp + VC_CPUID_REQUEST_REGISTER]
-    cmp     eax, 4
-    jge     VmmDone
-
-    shl     eax, GHCB_CPUID_REGISTER_SHIFT
-    or      eax, GHCB_CPUID_REQUEST
-    mov     edx, [esp + VC_CPUID_FUNCTION]
-    mov     ecx, 0xc0010130
-    wrmsr
-
-    ;
-    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
-    ; mode, so work around this by temporarily switching to 64-bit mode.
-    ;
-BITS    64
-    rep     vmmcall
-BITS    32
-
-    ;
-    ; Read GHCB MSR
-    ;   GHCB_MSR[63:32] =3D CPUID register value
-    ;   GHCB_MSR[31:30] =3D CPUID register
-    ;   GHCB_MSR[11:0]  =3D CPUID response protocol
-    ;
-    mov     ecx, 0xc0010130
-    rdmsr
-    mov     ecx, eax
-    and     ecx, 0xfff
-    cmp     ecx, GHCB_CPUID_RESPONSE
-    jne     SevEsIdtNoCpuidResponse
-
-    ; Save returned value
-    shr     eax, GHCB_CPUID_REGISTER_SHIFT
-    mov     [esp + eax * 4], edx
-
-    ; Next register
-    inc     word [esp + VC_CPUID_REQUEST_REGISTER]
-
-    jmp     NextReg
-
-VmmDone:
-    ;
-    ; At this point we have all CPUID register values. Restore the GHCB MS=
R,
-    ; set the return register values and return.
-    ;
-    mov     eax, [esp + VC_GHCB_MSR_EAX]
-    mov     edx, [esp + VC_GHCB_MSR_EDX]
-    mov     ecx, 0xc0010130
-    wrmsr
-
-    mov     eax, [esp + VC_CPUID_RESULT_EAX]
-    mov     ebx, [esp + VC_CPUID_RESULT_EBX]
-    mov     ecx, [esp + VC_CPUID_RESULT_ECX]
-    mov     edx, [esp + VC_CPUID_RESULT_EDX]
-
-    add     esp, VC_VARIABLE_SIZE
-
-    ; Update the EIP value to skip over the now handled CPUID instruction
-    ; (the CPUID instruction has a length of 2)
-    add     word [esp], CPUID_INSN_LEN
-    iret
-
-ALIGN   2
-
-Idtr:
-    dw      IDT_END - IDT_BASE - 1  ; Limit
-    dd      ADDR_OF(IDT_BASE)       ; Base
-
-IdtrClear:
-    dw      0                       ; Limit
-    dd      0                       ; Base
-
-ALIGN   16
-
-;
-; The Interrupt Descriptor Table (IDT)
-;   This will be used to determine if SEV-ES is enabled.  Upon execution
-;   of the CPUID instruction, a VMM Communication Exception will occur.
-;   This will tell us if SEV-ES is enabled.  We can use the current value
-;   of the GHCB MSR to determine the SEV attributes.
-;
-IDT_BASE:
-;
-; Vectors 0 - 28 (No handlers)
-;
-%rep 29
-    dw      0                                    ; Offset low bits 15..0
-    dw      0x10                                 ; Selector
-    db      0                                    ; Reserved
-    db      0x8E                                 ; Gate Type (IA32_IDT_GAT=
E_TYPE_INTERRUPT_32)
-    dw      0                                    ; Offset high bits 31..16
-%endrep
-;
-; Vector 29 (VMM Communication Exception)
-;
-    dw      (ADDR_OF(SevEsIdtVmmComm) & 0xffff)  ; Offset low bits 15..0
-    dw      0x10                                 ; Selector
-    db      0                                    ; Reserved
-    db      0x8E                                 ; Gate Type (IA32_IDT_GAT=
E_TYPE_INTERRUPT_32)
-    dw      (ADDR_OF(SevEsIdtVmmComm) >> 16)     ; Offset high bits 31..16
-;
-; Vectors 30 - 31 (No handlers)
-;
-%rep 2
-    dw      0                                    ; Offset low bits 15..0
-    dw      0x10                                 ; Selector
-    db      0                                    ; Reserved
-    db      0x8E                                 ; Gate Type (IA32_IDT_GAT=
E_TYPE_INTERRUPT_32)
-    dw      0                                    ; Offset high bits 31..16
-%endrep
-IDT_END:
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re=
setVector.nasmb
index 5fbacaed5f9d..8a3269cfc212 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -77,6 +77,7 @@
   %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) =
+ 16)
   %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)=
 + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
 %include "Ia32/Flat32ToFlat64.asm"
+%include "Ia32/AmdSev.asm"
 %include "Ia32/PageTables64.asm"
 %endif
=20
--=20
2.17.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78242): https://edk2.groups.io/g/devel/message/78242
Mute This Topic: https://groups.io/mt/84487944/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-


From nobody Thu May  2 19:17:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+78243+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+78243+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 162740946041936.88502963278643;
 Tue, 27 Jul 2021 11:11:00 -0700 (PDT)
Return-Path: <bounce+27952+78243+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id WxxCYY1788612xUogMjmPYD2;
 Tue, 27 Jul 2021 11:11:00 -0700
X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com
 (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.76])
 by mx.groups.io with SMTP id smtpd.web09.5172.1627409459342317126
 for <devel@edk2.groups.io>;
 Tue, 27 Jul 2021 11:10:59 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=PWj8mGE6xrmTWTrnFVZoBQMxI4nehVvJceCPo0O9LLc21JMTPCUhil6nhoGxHBQd2v7R87vs+dPS5F5O89ue9Wi+W9XjsS/DXGW+hHwPJG2yce4frETjh+V/Wiy+IemdOkuGDmrgfoJcbZQ08qMMECEP7pv9EIAzAbBhu5VjwDXr/ANb4yzxR406UIjp360q2C77BYKycvBlwE6cF7kV63NuwS+H3Xqs0+QH5JjBtazBtbKbYaliEkIw1daOeXC9qnDz8a3mLJD5+j1NjXCF3k75X/3jakWUuKGp62+egBzGb1YH9LtqtSegD6ROeygrxfhit9Wrk1l9fZEsjiLXMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=eqTIcz3q7UWf4Pd2koA2L30rghIa4OlEIi0qgeWyZ9o=;
 b=BPMMhPebUCgFit8qkoVZe9hgvgDuaH0tJV6i6KgSNLMvJFXS9bLZUIo9rP6RKfR7QzpeZeCtNFwIXvg+MWFfaFWCOVjGXqxl242rS9PAu939S0J3soUYPJ9zZGw/CU9qHJrBalDm+mEAQJd2MAcSQ1wC4BrNSEUDAWex7jJPg9H60qLDuzrTUnRBkuoCucg9kHfsPjLEFEpjxk6RgFHDB56SbiQyHPBfyHgjx61piXCNPCaWbuCY2bX7ezDr1wyEy9L43kDXxBSAx2Kv5yLP5CViyWhNAIeuswtkOgZ4waRlqw8xfh1qF2i/knl+WPLdMeSR4rYT8GKvd7PGu6hjHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
 by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18; Tue, 27 Jul
 2021 18:10:58 +0000
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4352.031; Tue, 27 Jul 2021
 18:10:58 +0000
From: "Brijesh Singh via groups.io" <brijesh.singh=amd.com@groups.io>
To: devel@edk2.groups.io
CC: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>
Subject: [edk2-devel] [PATCH v2 2/3] OvmfPkg/ResetVector: add the macro to
 invoke MSR protocol based VMGEXIT
Date: Tue, 27 Jul 2021 13:10:23 -0500
Message-ID: <20210727181024.28770-3-brijesh.singh@amd.com>
In-Reply-To: <20210727181024.28770-1-brijesh.singh@amd.com>
References: <20210727181024.28770-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA9PR13CA0162.namprd13.prod.outlook.com
 (2603:10b6:806:28::17) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by
 SA9PR13CA0162.namprd13.prod.outlook.com (2603:10b6:806:28::17) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.7 via Frontend
 Transport; Tue, 27 Jul 2021 18:10:57 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ce8721b0-186f-4d41-501f-08d95129e219
X-MS-TrafficTypeDiagnostic: SA0PR12MB4349:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <SA0PR12MB434953F5D9243FCE40669099E5E99@SA0PR12MB4349.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 KmMxp7V7xOHeKM5QOhmFbekyq0JwW3dAbqGnSCy6FqBPOB7Yaz5wYD5boQUFD67reA3jWxRfAkS3omhDAEq+N8h7fazrgSsfbABxaA06Th7RLPmiCLZzwMBEp+Wjp4H5udRUAzxJkvtvwVEJymOZFQrpUtoOotSVVJ+9JM7rLUIIeLhF3M6nB4sWKskCGSC9QNoTN2Ct+uIyZZZn9/bdLOwHfnDecEQNw8Eih+Vn4wKNzjOniRDb0vJt+zA2LeR3+9wVp1tKt0Nyv+3qLB6V4JDz9xZBGXXi6QyS1ZmI+9cQgMCBwUCrW3aHfLP9ObWCJF4f9neYUJhsk0eHU5UTPERFiLr4ZXikx5b044aA2x5pCd2untWRf/5+bFRd/g+WITKpC/gMR5Lc91fEReugjZLD6zscCNlR9eGctILv+WxsffaQB2goXuAQV3tf95joTWgJrCi3E2jgYnh8qICqkcq0fvy+8oM/qb6/WEGXYjDIhLhHr1OmMM2phIF23VtFU/i3FlqjBjEo/9LJZGQdQ2rp+EQSZ8HHWtMOTLt7tgCKRGhfV3FNJ02u90Carp2DOtBWJkW+ZvqM19dqygpoYSLWQ6YUHtiADLZmgRiUdD4wpeKdNdzBdz2a8iZYQIWv5gZSb4VzyCogznCEMghEmUXUMxe1TXqDQM7weBveiufpI6GSw81WWuKCL45IQTiB7tLZdTd2Qwv2MGlvQBfNwkynYphHUmnxIrcxhrnAKNkZRCrFw8gvVrpHADZWFsKshwPgI7gHJ4FuUvHD3Fe2JOm+YCQNxIT4tFohBzhSX2Q=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?Ot3a63iS0SRcbAApQKUjYD4cmaupD8i76C6oIVQSJV/Hbk43VkyqgWrJNzv0?=
 =?us-ascii?Q?qmzqvNXfrHy0TvwGIi9m0vgZvrflotEG8wlKQqx649yGg/nKQd/jGWl1LHUz?=
 =?us-ascii?Q?jDOknJ+fcgcOGyLsO3sEmOKHZfLBan5yqYmoL/TYNK17quz9qzqO+Y65MqUY?=
 =?us-ascii?Q?sVMSb/eepdk/jD7Spzp8i7lSaETv4IWEQChWfm+7UCVUCZx8K5NCUsUBdNIA?=
 =?us-ascii?Q?he0A/OtUcmOrwBn+3QR9tYxT8XP4esEMyBd32+pAFx9p5qscvvET7JFUrhnq?=
 =?us-ascii?Q?CFxW9mC8CUd1XNyWxZ6en0Sfc+GKDkitmv4h5zHjq5T8MJu+em3sTeJWXZPN?=
 =?us-ascii?Q?7mg11//ssTwsKssfhHuU0CeGPuDNPKLf6NnHG1oOSc2tNqjjm4WUZdRJO27U?=
 =?us-ascii?Q?HzFjhIbfD5FNNxZMcCgAd/+yKzMxMTRXa3D6ed89m8Y12rVYTQwxxE64J/6m?=
 =?us-ascii?Q?mGy4JALaTuP/TpjCQlRT0hP0SxeEiHuuAS06imuSE+FkKkei1YK4USeDoEWo?=
 =?us-ascii?Q?iSY6oxKBgoga1vCkOErs0lgOQKrFXN154hgZ39vY4QGJR5y9ugQcHcp3w6Xw?=
 =?us-ascii?Q?YPnB2y7rD55V/w0leG/O5lk5/usbxpx6Cj1URXUHDxFUTXWjt9qYsPGrzGdK?=
 =?us-ascii?Q?zTq2TpSjzfLI998eICtIa79gi7y0EdO+tcOKxk9kkm2BZTSiiAMWZy0uwvwU?=
 =?us-ascii?Q?mAgDCnHXKmxeoCr2F0x/auCshn2lk7YADyUcwv+Kc5xkGol59U4ldXobfli7?=
 =?us-ascii?Q?iG3X6fTONK437pGHThLa9BNXZfcVVUDJ9Ud/dQweBNSXl9lsRNAbp0ozF8Xj?=
 =?us-ascii?Q?ITB0LElzMQ7h004wlDKMq/Imwci8WctfnnIrGsOGiAArHXDsyhFmFGnJ34R9?=
 =?us-ascii?Q?cTfH8rzNJIN1QiChRkaL+ip8hGWvv8VvKUOXFLYUWEaruYVU/KcUB1PDCQqL?=
 =?us-ascii?Q?TZfSITAkq6i9kS1XmA8gwaXoZ02YKdnVxJFOBbwWcykNWjej4ZXO4s3H7pfV?=
 =?us-ascii?Q?5cbXDCHD3OFxGSBBMjb62gD0+QPJJorC/z+4n3fOmzlqmAaoa9gSXlZCCLYt?=
 =?us-ascii?Q?dwLT+OXIoi57XBndyfBL9YRljx5BsX+t0QcH0UWO/ZhBrep+Pb/AhKKa+/3L?=
 =?us-ascii?Q?9E3oxTOcW8ffFOEkkF6JGayOt+AV+Y7D4fOAjaMQbo4sHo853KHLa3NMqBHi?=
 =?us-ascii?Q?xX4byGN1s7/5ze3VW6HbcntLv2HhJ+XrRWvAry60/PWLwlFnzVrAJKMs1k6R?=
 =?us-ascii?Q?JiBvWaJ4pOF0GdK/OPxEajdMArBio9nMJobnCsjhmA0GqnTXzyCGvRuoPGpT?=
 =?us-ascii?Q?NvYXQr2tEbOkA+HsmA4/UkIJ?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 ce8721b0-186f-4d41-501f-08d95129e219
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2021 18:10:58.0013
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 gszjGA0er6LG2X/jMeNjzVF5sZptyubusiON5ezYPacveoukk2Vv+yk0uUxayM/ygxqbZ6E/bj1jnvz/qxt/xQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: IL6SGFJ0yOCgTahHaTpnMYHYx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1627409460;
 bh=J5nwL0g29a+nWYHqS/a9P4PgGuB8bS1TdUAK9uUpQd4=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=Ad/wf9iTQy4waYuGD+ElliI24oz4CtrxOXwRSJnBMyJgHRpwCCbbQSCTDGEKxB0CH0E
 wwp+M6r08h69X+p0zVoRmf/ZUUPJbDdz4czKuyUMx/sdcKps93DtC1G0GLuzYePNA/2c1
 S1Enc9WfYXG/5GPlrcMVEUev2cs5P0YtD4Y=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1627409461303100007
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The upcoming SEV-SNP support will need to make a few additional MSR
protocol based VMGEXIT's. Add a macro that wraps the common setup and
response validation logic in one place to keep the code readable.

While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS
MSR instead of open coding it.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm | 71 +++++++++++++++++++----------
 1 file changed, 47 insertions(+), 24 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index 2c9d990af55f..93ba917f36d2 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -35,6 +35,44 @@ BITS    32
 %define CPUID_INSN_LEN              2
=20
=20
+%define SEV_GHCB_MSR                0xc0010130
+%define SEV_STATUS_MSR              0xc0010131
+
+; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
+; responsible to populate values in the EDX:EAX registers. After the vmmca=
ll
+; returns, it verifies that the response code matches with the expected
+; code. If it does not match then terminate the guest. The result of reque=
st
+; is returned in the EDX:EAX.
+;
+; args 1:Request code, 2: Response code
+%macro VmgExit 2
+    ;
+    ; Add request code:
+    ;   GHCB_MSR[11:0]  =3D Request code
+    or      eax, %1
+
+    mov     ecx, SEV_GHCB_MSR
+    wrmsr
+
+    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
+    ; mode, so work around this by temporarily switching to 64-bit mode.
+    ;
+BITS    64
+    rep     vmmcall
+BITS    32
+
+    mov     ecx, SEV_GHCB_MSR
+    rdmsr
+
+    ;
+    ; Verify the reponse code, if it does not match then request to termin=
ate
+    ;   GHCB_MSR[11:0]  =3D Response code
+    mov     ecx, eax
+    and     ecx, 0xfff
+    cmp     ecx, %2
+    jne     SevEsUnexpectedRespTerminate
+%endmacro
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -84,7 +122,7 @@ CheckSevFeatures:
=20
     ; Check if SEV memory encryption is enabled
     ;  MSR_0xC0010131 - Bit 0 (SEV enabled)
-    mov       ecx, 0xc0010131
+    mov       ecx, SEV_STATUS_MSR
     rdmsr
     bt        eax, 0
     jnc       NoSev
@@ -99,7 +137,7 @@ CheckSevFeatures:
=20
     ; Check if SEV-ES is enabled
     ;  MSR_0xC0010131 - Bit 1 (SEV-ES enabled)
-    mov       ecx, 0xc0010131
+    mov       ecx, SEV_STATUS_MSR
     rdmsr
     bt        eax, 1
     jnc       GetSevEncBit
@@ -196,10 +234,10 @@ SevEsIdtNotCpuid:
     mov     eax, 1
     jmp     SevEsIdtTerminate
=20
-SevEsIdtNoCpuidResponse:
+SevEsUnexpectedRespTerminate:
     ;
     ; Use VMGEXIT to request termination.
-    ;   2 - GHCB_CPUID_RESPONSE not received
+    ;   2 - Unexpected Response is received
     ;
     mov     eax, 2
=20
@@ -215,7 +253,7 @@ SevEsIdtTerminate:
     shl     eax, 16
     or      eax, 0x1100
     xor     edx, edx
-    mov     ecx, 0xc0010130
+    mov     ecx, SEV_GHCB_MSR
     wrmsr
     ;
     ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
@@ -275,7 +313,7 @@ SevEsIdtVmmComm:
     mov     [esp + VC_CPUID_REQUEST_REGISTER], eax
=20
     ; Save current GHCB MSR value
-    mov     ecx, 0xc0010130
+    mov     ecx, SEV_GHCB_MSR
     rdmsr
     mov     [esp + VC_GHCB_MSR_EAX], eax
     mov     [esp + VC_GHCB_MSR_EDX], edx
@@ -292,31 +330,16 @@ NextReg:
     jge     VmmDone
=20
     shl     eax, GHCB_CPUID_REGISTER_SHIFT
-    or      eax, GHCB_CPUID_REQUEST
     mov     edx, [esp + VC_CPUID_FUNCTION]
-    mov     ecx, 0xc0010130
-    wrmsr
=20
-    ;
-    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
-    ; mode, so work around this by temporarily switching to 64-bit mode.
-    ;
-BITS    64
-    rep     vmmcall
-BITS    32
+    VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE
=20
     ;
-    ; Read GHCB MSR
+    ; Response GHCB MSR
     ;   GHCB_MSR[63:32] =3D CPUID register value
     ;   GHCB_MSR[31:30] =3D CPUID register
     ;   GHCB_MSR[11:0]  =3D CPUID response protocol
     ;
-    mov     ecx, 0xc0010130
-    rdmsr
-    mov     ecx, eax
-    and     ecx, 0xfff
-    cmp     ecx, GHCB_CPUID_RESPONSE
-    jne     SevEsIdtNoCpuidResponse
=20
     ; Save returned value
     shr     eax, GHCB_CPUID_REGISTER_SHIFT
@@ -334,7 +357,7 @@ VmmDone:
     ;
     mov     eax, [esp + VC_GHCB_MSR_EAX]
     mov     edx, [esp + VC_GHCB_MSR_EDX]
-    mov     ecx, 0xc0010130
+    mov     ecx, SEV_GHCB_MSR
     wrmsr
=20
     mov     eax, [esp + VC_CPUID_RESULT_EAX]
--=20
2.17.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78243): https://edk2.groups.io/g/devel/message/78243
Mute This Topic: https://groups.io/mt/84487945/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-


From nobody Thu May  2 19:17:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+78244+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+78244+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1627409461472587.6021605984356;
 Tue, 27 Jul 2021 11:11:01 -0700 (PDT)
Return-Path: <bounce+27952+78244+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id HirdYY1788612xLezp0JDSca;
 Tue, 27 Jul 2021 11:11:01 -0700
X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com
 (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.57])
 by mx.groups.io with SMTP id smtpd.web10.5163.1627409460555145906
 for <devel@edk2.groups.io>;
 Tue, 27 Jul 2021 11:11:00 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=jj67wxtkGUCBbWMANoGfRyD5iyw+XgRljr8W2WeViO/QdolklH93tuQPbhqE1Gwh1zgjulyZOWQi+D3T/318UTt+ls7ML9IqVpg6eNCH+kSUvSfpw5FDFYYTpfKvmA2vl0fq5OY1mcNiu2UiNO+4JBllfRYBRdbVwL6IDkgqBX0H0yP1vk8ckUUVApwq5eDeL0MCH3oM03MvCoyyP9O5kvn8a3RQ9Arqo2MJrCdQabsEmZnYXFZ6GSoQlD83PtTUFhiK792pfyuiEX5vR2vkqNQ8Sa1xVjtL3AAJI62YVsBHy8rAfaP0Y/DRUQs23KiOAdI98F4Ax3jexmM+MEfukw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=oN/iUWvki7bolhpvf2WQsRii1SorLJh6R6K6oXoigW0=;
 b=VVDOeHmqnhFXhiBEJJswtBHlm83mtpG1fd+ddVwwVh9uiI2IDPx5maMEfTUZjjXX8aKTElRx2K5Z3Wt36bKvdVe2HUkpRqkd9QIc3poTG3XXrGyAmcBfcVWGkhcjUIjwoL0CVy4y2rJitw6ZuPdSKEWgs7gPC8TwoaZG9b/rVpW+zSxiQK7IDYRFOrvembhW4gOZyRPrSCEHwbKDOghPZ+N258W470Nnyzm8Nvo8uxNlZ17qCEiXIO08cTrLv+ZQwSb9KjVcTLAkMYJ/Cv1SmM7JMeSohQCCer3QB5GDb0awD6MIQpfuIjqmicvlJiCGlsVIfVpy3hqOV1nuM8JNVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
 by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18; Tue, 27 Jul
 2021 18:10:59 +0000
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4352.031; Tue, 27 Jul 2021
 18:10:59 +0000
From: "Brijesh Singh via groups.io" <brijesh.singh=amd.com@groups.io>
To: devel@edk2.groups.io
CC: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>
Subject: [edk2-devel] [PATCH v2 3/3] OvmfPkg/ResetVector: add the macro to
 request guest termination
Date: Tue, 27 Jul 2021 13:10:24 -0500
Message-ID: <20210727181024.28770-4-brijesh.singh@amd.com>
In-Reply-To: <20210727181024.28770-1-brijesh.singh@amd.com>
References: <20210727181024.28770-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA9PR13CA0162.namprd13.prod.outlook.com
 (2603:10b6:806:28::17) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by
 SA9PR13CA0162.namprd13.prod.outlook.com (2603:10b6:806:28::17) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.7 via Frontend
 Transport; Tue, 27 Jul 2021 18:10:58 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: df6ccb24-901f-482c-07e0-08d95129e2bc
X-MS-TrafficTypeDiagnostic: SA0PR12MB4349:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <SA0PR12MB4349C7C6E0F52FA4BBE15703E5E99@SA0PR12MB4349.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 LwIoCr1+9Y5AY2a8g0KudFh5Uz0wg+FCStpzPmzGjMdn6w1mgrJmr0DyqhA9yyJbI/l2+lPSBRdMs4yWDK5KN+/W4jIf6GXTnKqRmP1j9VNBuB+HK4ePp2wqxAJNZzTLfeeekesnNgx8PeYSh9vOzbiiTYdgY6SK1NBs1zJaVd4w/dlvSUfo30006ggsOl/O+p4CAzIBQT5VFxmHZaVB1sZRgV/OO7waW4tZA1kTfoeQVt/wrzIiBAnrZ/9eAHKX1ImbMW3yLYjxKd//I2tJpGNcd7IgktPwHdWYgJLo9UsK6BIUsN71LgIlVL5Xxj0jrbD6bcU6QyhbGewmNLmojDhaUUwj/s/39msT78qCMbnNrBjzvScOvZ1sio/v2t4Fm8LlhOABbr+QnYEF2xr/Wls/p2fMEOCZEPhQDw4pPtqjwY4Qk44530rW/+OKbG+eINx+m1yodg1FBgvkB7riPPgZUlC81TUQOo7VZ2K5mchOtRcttP5mM33O1JLvVXTUCSQItSD7zxmPEV7YiX3LiB3XkYu92n1D5v04l+4E//hkqTECO0Z88jXcm/UIAT2CUyXDpgwUB97xDeJUidP4e4w1bCyRruIAqI08ucepEH/Rq0M9bn2jCPSwtWFIRu9C+eVZv5eDlOW0TXCdDKpCF6gaJB20x711qH9mMBDMJOQfyjRjj+a06zimXS/ALD/NG/swztH2kUe/TrYPscT3oJPbvOB5qVfZN4uIn8m45z3m2I0rI7f9Q1FweeW9YqgGtTGA37KNpLDAA509DBd4gasGF2AaWQp22lq2mrsL2tk=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?VHFaGhjZux/uacz8mz9BQCUPBbmxaDbojgR5QaWQ//R8qiz08O1mavmu9jpu?=
 =?us-ascii?Q?dezrYLMkM9agThoShtdsb9D0utVR7rWqEZvJC1Ro8Mx5SthoDa4Drgr7pCjh?=
 =?us-ascii?Q?fCmNtHIwTyngxgVB6QlqBdlV0DjC3ELU86jnFhBtJnf6+eGbtHr2fx7Kh6PA?=
 =?us-ascii?Q?Bi89E8FDpBEG9gEZo1IYfXpROwt9SjF8NkiKzXMc60zdSdkAeDGok6udQbW5?=
 =?us-ascii?Q?ghA/kEgXKX5NPlP7skZ4FglgP45h1jAkUZG8kIHKlAjQkh7+8CWVTAUFIkmX?=
 =?us-ascii?Q?PCIpTB1qX0bA+r6SKX++a1NJkstoyYDWEFWGCMs7fhV9U5DlrXJ++fdU3q20?=
 =?us-ascii?Q?79JNj3VLH94DvvoSJj78H/Bud6cjj43DxIi17sCmUnvsvFG93Qc8juJ3wBbB?=
 =?us-ascii?Q?omhOhFxq0p/pUQBWl6dS/nVboJscEnRF6gYxscTz5EidAOQtBXjYxhzbINer?=
 =?us-ascii?Q?zwfTYJv5FF7LynR5vk3Me5Qd54i8kU04HKdtt0eq/eXeofdj3+A8ckfZtYPO?=
 =?us-ascii?Q?r5CU7thgo53bpRJevsHbPJY0S4HbiM/THrxBCYCm+Lx3/WpsGl50dl4cjHYv?=
 =?us-ascii?Q?fE7c8ajsbvArsmbEAugYuV7agUVaRXIcsIUN44eWMa1fsTnoViWGgC2r4Cvs?=
 =?us-ascii?Q?ylVH7bcyv1diQc1YWwaG4ptN0T/Qv9f8y+kup2UR3FN+zktVfBbRoWpEge2G?=
 =?us-ascii?Q?JweURMj0FxVsDBDv3sF8ZX+d6cba22WTj4vIDhGm8WwGMiy5hDLAONPuvtLD?=
 =?us-ascii?Q?kma75hjfNScz6XjD+WsgLJ6Gl+c2d/xyMYWFn8Dc8xk/u92OuLjOcktqA7jq?=
 =?us-ascii?Q?w6HgDPPXVF24ZRWCkKqywfua2K3JfusMMv44f99rc9QAnG7zih9EXHmwOPFn?=
 =?us-ascii?Q?n8Xc3iJxV+Bw9l3HR53YZLWgo/YDqiXq46usfexR2/j9nkBdDCJt65TYH0aw?=
 =?us-ascii?Q?CF+GUDO3Dy46xH/oWRUS8B816HMj6XW3pJmsQgFHKFJsl4+fxZjnrb/Th76w?=
 =?us-ascii?Q?xsiLXuQCt6cO1k5DKnM766rkZjG4ScHVaOAyIqc2z+YmZX/QbBbwhWyQWw4q?=
 =?us-ascii?Q?wQPgSks3sruTnGfDD8TILe4rwhjDw9SfQkzOGyD2ogIQ3Ali3YqqV5WPfAp2?=
 =?us-ascii?Q?pzoSqx6j9basXqQzXUPvOCp2X0q+lBtk4MVGeBgw7wl8Be9n/RiPHBEFMmzZ?=
 =?us-ascii?Q?Hn3SvD9rOKjXMhuFVnTZclYRTdRwyI4KccapAvJ1mX7Nx5hmjAPd4RIt9bVJ?=
 =?us-ascii?Q?n80IatCpItsrdROmhwPGp4c+gWO0gWFgbtN+7fW4cglkxKAnYgLMumKf1BXd?=
 =?us-ascii?Q?hm1dMSlvE7Z+AdR1hNo/zUH6?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 df6ccb24-901f-482c-07e0-08d95129e2bc
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2021 18:10:59.0807
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 m+5L7VkBoW9Xc5QNGDl+rdhwg03dx/rVRj0HGlAB3XvxkM2hZnW+xejnBWNxYmIl9t9FtO7DsuOUERlqyFOfKQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: Dvto98F3MehQAvlcckxwIwscx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1627409461;
 bh=tWsZQi/5AaZR08EBbyX4lSYZywQlIYwSkErXNjS+vgk=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=NzXrn4xC80cE2NIr8HQ7HFZF2WpDEfDYwoGoGU/QLN4+ShMXg2bxecXUfwSR593lD9d
 xd5WRwrBo3bLMumaokF6OTEEM45UiSGlywI9ErueS4gc/tx6V5J6zazlEThfENRpgCocv
 9HT+BkIxAs8dxy0OMZRfjhQ8YW7DYSkMJHU=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1627409463458100014
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The upcoming SEV-SNP support will need to make a few additional guest
termination requests depending on the failure type. Let's move the logic
to request the guest termination into a macro to keep the code readable.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm | 87 +++++++++++++++--------------
 1 file changed, 45 insertions(+), 42 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index 93ba917f36d2..aa95d06eaddb 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -38,6 +38,13 @@ BITS    32
 %define SEV_GHCB_MSR                0xc0010130
 %define SEV_STATUS_MSR              0xc0010131
=20
+; The #VC was not for CPUID
+%define TERM_VC_NOT_CPUID           1
+
+; The unexpected response code
+%define TERM_UNEXPECTED_RESP_CODE   2
+
+
 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
 ; responsible to populate values in the EDX:EAX registers. After the vmmca=
ll
 ; returns, it verifies that the response code matches with the expected
@@ -73,6 +80,43 @@ BITS    32
     jne     SevEsUnexpectedRespTerminate
 %endmacro
=20
+; Macro to terminate the guest using the VMGEXIT.
+; arg 1: reason code
+%macro TerminateVmgExit 1
+    mov     eax, %1
+    ;
+    ; Use VMGEXIT to request termination. At this point the reason code is
+    ; located in EAX, so shift it left 16 bits to the proper location.
+    ;
+    ; EAX[11:0]  =3D> 0x100 - request termination
+    ; EAX[15:12] =3D> 0x1   - OVMF
+    ; EAX[23:16] =3D> 0xXX  - REASON CODE
+    ;
+    shl     eax, 16
+    or      eax, 0x1100
+    xor     edx, edx
+    mov     ecx, SEV_GHCB_MSR
+    wrmsr
+    ;
+    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
+    ; mode, so work around this by temporarily switching to 64-bit mode.
+    ;
+BITS    64
+    rep     vmmcall
+BITS    32
+
+    ;
+    ; We shouldn't come back from the VMGEXIT, but if we do, just loop.
+    ;
+%%TerminateHlt:
+    hlt
+    jmp     %%TerminateHlt
+%endmacro
+
+; Terminate the guest due to unexpected response code.
+SevEsUnexpectedRespTerminate:
+    TerminateVmgExit    TERM_UNEXPECTED_RESP_CODE
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -227,48 +271,7 @@ SevEsDisabled:
 ;
=20
 SevEsIdtNotCpuid:
-    ;
-    ; Use VMGEXIT to request termination.
-    ;   1 - #VC was not for CPUID
-    ;
-    mov     eax, 1
-    jmp     SevEsIdtTerminate
-
-SevEsUnexpectedRespTerminate:
-    ;
-    ; Use VMGEXIT to request termination.
-    ;   2 - Unexpected Response is received
-    ;
-    mov     eax, 2
-
-SevEsIdtTerminate:
-    ;
-    ; Use VMGEXIT to request termination. At this point the reason code is
-    ; located in EAX, so shift it left 16 bits to the proper location.
-    ;
-    ; EAX[11:0]  =3D> 0x100 - request termination
-    ; EAX[15:12] =3D> 0x1   - OVMF
-    ; EAX[23:16] =3D> 0xXX  - REASON CODE
-    ;
-    shl     eax, 16
-    or      eax, 0x1100
-    xor     edx, edx
-    mov     ecx, SEV_GHCB_MSR
-    wrmsr
-    ;
-    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
-    ; mode, so work around this by temporarily switching to 64-bit mode.
-    ;
-BITS    64
-    rep     vmmcall
-BITS    32
-
-    ;
-    ; We shouldn't come back from the VMGEXIT, but if we do, just loop.
-    ;
-SevEsIdtHlt:
-    hlt
-    jmp     SevEsIdtHlt
+    TerminateVmgExit TERM_VC_NOT_CPUID
     iret
=20
     ;
--=20
2.17.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78244): https://edk2.groups.io/g/devel/message/78244
Mute This Topic: https://groups.io/mt/84487946/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-