From nobody Sun May 5 16:20:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+78752+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+78752+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1628196155357823.5716766958769; Thu, 5 Aug 2021 13:42:35 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4MiJYY1788612xFjAV8C0mFt; Thu, 05 Aug 2021 13:42:35 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.86]) by mx.groups.io with SMTP id smtpd.web11.296.1628196153424961839 for ; Thu, 05 Aug 2021 13:42:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JqNd3pSZuY8u+GyAzElxsj1LA48aGYEwJRGMc52HNc5jxz7d+zqnBqG97AcDOuJUbjadj7+HIO81AxTvFu5TUsKqFSGS3vz+O1uFssDrVd0+b+jIojiN4cgX3Mt2aRtkjVGaliGd1BgawmCeDa5Cy+KAVLNo2Yh0x1EXYcOe3A650DCWKQAZ8g9qAeT0Y51mtzeZGeAT/vTsNxd95FQHfSaXfqwMiGj0JtxE1uIvrWo4BvSFw/kDi0RbWop78Szdfjy4lV+hTMir/vssyFw9i7epdMZ5OKCykB/xcBfYE6yeguzt1IMM54x6IWgblhCsB+Aj5yjGCYima2tNmm5zCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zZlkBaiV1jh0HJwM6l3qx3eBNzldwBvXH81oox6KavE=; b=L7T1DrNe6XExdo5XqGHk6eSRIEPRkbXSTeqVbQH7j1DLvgvmYQLeLTXzvfMT0qhRsC5UxlmP6wHE3bgJpymOFrDE/JazEadOSrxF9F+jg5d421U9FqEnUr8AG3sbqbMfAtmNDRDP8h9bHyXDqZSyzlclydeu2XCd4Xn4VRPIhBWD0VMb9ourI07HpL6+HUO4LAJ2gjuf6JkUPkp6tM4J/FWpRVMuhqClk0SOvHh2glps2PIVb9rITCflnnKBHo6jYhpbiaV4reF8Nhv5/OyVuOw8GwlWEmbEK/elosse/ZJVxkO45+eIBseonB37dCK4CysJ50zYDIcMIwc+KmOoEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Thu, 5 Aug 2021 20:42:30 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4394.017; Thu, 5 Aug 2021 20:42:30 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Brijesh Singh Subject: [edk2-devel] [PATCH v2 1/3] OvmfPkg: introduce a common work area Date: Thu, 5 Aug 2021 15:42:12 -0500 Message-ID: <20210805204214.27792-2-brijesh.singh@amd.com> In-Reply-To: <20210805204214.27792-1-brijesh.singh@amd.com> References: <20210805204214.27792-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.5 via Frontend Transport; Thu, 5 Aug 2021 20:42:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b4849019-7037-4c5f-28e8-08d958518a8e X-MS-TrafficTypeDiagnostic: SN6PR12MB4751: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: IObBYhqYrveVJo3F8KaEbguwAtkYSJvkAxhDplnaACR5ubC+/rcWbXnW+TvB7M89763CFHCc/jvodxw/cp2nZr2VjCHbeefVUXo7760763mWS9vNROCS8WDWg7v17z4GF07fHnEZVLzI7XlXq0dFBknkFIZHM1yPzg8kWD36hGbBUIQzJurFXIiTEfEDDedWFH/eam6vL10GGl3AY3qy+sGAIo+m+YAi6owrJC9kixbPoh5lbfXstn23Rj/XAhCMO2PgPyNxUx6SSzPToYQvnxDMhS67pHS9aqvT5pZMi7NcFJtpZ2AqyKwrWsZveKU8M13sVjQM3jveamn+nscNY4RT4Y1BOXjNKo2QOMyfhGhrjMzbowkDosOpr9hicSjMW5nFsFST9vTp+RTSENeeVD+gcer12o4DQFnyHR/Oa6pavQytrXZiphA8DYsBEdX0tgf7MylvQKwnBSToKTnmmDZ8q++0CfKLqD+UeRyB3tvpei5QEBBjY9vxKkkeFx8IGNYVkwWZIo0W+w8pu8G8nDoPSN224IfkOwWZAv+mHSRwo0dddhWNd3qUhgPFGwdFf5rtshGmSaa05t+uhpzrtlc8IP7bvxk1BnC1/aN8f7fun7gLmESsst9haJI/TS+iFVyqaGlXM/y7zt+lD+hflBfN7H62WaOBt4FRfe9v9ORLHa7Z2xDpn7zNItk2eR5mv37r2SlZGx0QZkNPbxn3aDZY9gRqKCPMZsYzF4TSj2EfXL/BIu+nYGyYMpqiEA668r9grLZ0bD20SNmwioFhDYMm5I2TbGB9Kll/cplFt7I= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?9TJ5iO9pUJ0xSFLaGFyX0hCX5A2xuZmI/JTk1DS9qVOQOdeDjQ1JWK75edMG?= =?us-ascii?Q?E4oxE61MAgdNJIww5IARAHYCVMjScAAHm6dKDTMnICSaqBzd8yUV4mhhX+9a?= =?us-ascii?Q?mffb4yCs44aOwLoGh7+q58D1x5K9ierXtxtxKOFov8xEP9OhDWtk07jcerzy?= =?us-ascii?Q?G1t9Q62ZOPNaAbllFu6Xqov8LXBeiIby3XzWdak7ry24gkCwKV92Q9aTYjZL?= =?us-ascii?Q?6yzg8fXp0mAQZNl+QiRXdMxglbryNQXK7DHONBByEFl/10UnJhFJzW06RYyr?= =?us-ascii?Q?bGkMopi7g9B5KR/5bKElzhhWhX2OnKqfk+8HmDNdTQ8MfpwfBPbdqg+OpUs7?= =?us-ascii?Q?lj460yiILz75RnmfJySBgnXfA7Bxrs7sozQGWUJdHvbb3O2zZRPK0wUaZjtq?= =?us-ascii?Q?SjRGPMRo6TmuiaSaDHi4zYyw2tEzZ/CPmRDl5Gdcp2X90p4BGWvUPpyYMMT4?= =?us-ascii?Q?0g3g7kKJEJcJDob1WW7jrigufYCbAhASBs2qHv3420z7cVme7cu5Jo5m2/t+?= =?us-ascii?Q?xI32rvqKCuVzMTzhwjW/wpVAPcGPclDSFZfWGxtgWsaq9GwIxPucA3MxtulC?= =?us-ascii?Q?Ko4u81jABSAsM53YsgD7jSxdXT3nmpzcKwuKS6hL+QtDQNrDzLLHSEpd8PzN?= =?us-ascii?Q?6/Syw69wek24i6giqZ9F+53vd39gksF+KAIocuWFPwqpNzofiCTO4f3GfGR3?= =?us-ascii?Q?NqRy6FNRfTfhyVkGS7bV34mOWUzV40b4Su1fBVT18MJ3hBLUkFYm8n0ts3BN?= =?us-ascii?Q?r/TUx3lIaJH/8OllLlhEyrTy5Q5nzZKizyM+AKSUeURMrkTjVDTshnVlrMCG?= =?us-ascii?Q?Ui0n1u9fb3HG3b00ONY7mjrboQ4OdNhIBxPu6+B87NT5n0zyQvoGbYG83yzO?= =?us-ascii?Q?KaIHSPinMnGxYQhzGepgSQ/jLUXNtqHddoepuq6v3gbp9VFIQXAnWvxL+v+m?= =?us-ascii?Q?xwOjUQ1iEm3X89PL0/3gF7qJU7L6fCzS0Vay4UihXK/WCWKaoHT9lzmjKKRY?= =?us-ascii?Q?OUQXn9VHCknGShAzo+YzI1GFRbg9BMO5jHT0884Sqpb/sctB+lUxckGSUeBK?= =?us-ascii?Q?bRtjbkO0MKOKGIggSv9MO1jv0avsZUKyI89Jfs8CxbvXCfyp2/uQjVtIZ0v0?= =?us-ascii?Q?q7dUYWeH0lmFpo7Jt5RQBJ1xx//GOMWW/UKH4Gh9Yqzgn55FAgJp5GQfOua+?= =?us-ascii?Q?7Inc11OVOwM6vwrduRkOt/9XJ0QM9BV4f84uzQvbZ6Bq4NoEylfPlGnR3G0D?= =?us-ascii?Q?fZLEQxuyb2UYf/S6tsr6bHxPInrYLfPmLAxuo3SXPHGxkKazVB9xZOV4Al+1?= =?us-ascii?Q?aBNv5AgbTLWBH3Z/Q8pVO2ee?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b4849019-7037-4c5f-28e8-08d958518a8e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2021 20:42:29.1072 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lY0RDhMHUJsliXlvf9Hn0FtJz6gRE9EIAOuKCHvkkdMKYGThehSxprr8JQ00QWh8rUbre/4pjE4XAMdWkuNYvQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 6IjFJhgDVLZ9834c0DSFAvdmx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1628196155; bh=pLCKSe31XgSNDKHY3BMjKmg+DjGK8V2Cu/h+Zp0gCe0=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=B7OuT75hfbYqDHUDKQF29uwwsN4JH6OxAcu3pOpwIlaL5VSDvSwv+cmyfmrapMxdaEt 692Y57JvtIIruU7uoWM7K/axWFXsB5t+TA24MDWEgKRsNJ2H9I7vFMOr2qYLg/UsIVfUc bdtDy/P1br1JstxHoOwfF1yW5bE9FuvgBRU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1628196156731100004 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Both the TDX and SEV support needs to reserve a page in MEMFD as a work area. The page will contain meta data specific to the guest type. Currently, the SEV-ES support reserves a page in MEMFD (PcdSevEsWorkArea) for the work area. This page can be reused as a TDX work area when Intel TDX is enabled. Based on the discussion [1], it was agreed to rename the SevEsWorkArea to the OvmfWorkArea, and add a header that can be used to indicate the work area type. [1] https://edk2.groups.io/g/devel/message/78262?p=3D,,,20,0,0,0::\ created,0,SNP,20,2,0,84476064 Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 12 ++++ OvmfPkg/OvmfPkgX64.fdf | 9 ++- OvmfPkg/PlatformPei/PlatformPei.inf | 4 +- OvmfPkg/Include/Library/MemEncryptSevLib.h | 21 +------ OvmfPkg/Include/WorkArea.h | 67 ++++++++++++++++++++++ OvmfPkg/PlatformPei/MemDetect.c | 32 +++++------ OvmfPkg/OvmfPkgDefines.fdf.inc | 6 ++ 7 files changed, 111 insertions(+), 40 deletions(-) create mode 100644 OvmfPkg/Include/WorkArea.h diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 2ab27f0c73c2..550a58ebcd81 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -330,6 +330,18 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 =20 + ## The base address and size of the work area used during the SEC + # phase by the SEV and TDX supports. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|0|UINT32|0x49 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize|0|UINT32|0x50 + + ## The work area contains a fixed size header in the Include/WorkArea.h. + # The size of this header is used early boot, and is provided through + # a fixed PCD. It need to be kept in sync with any changes to the + # header definition. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|0|= UINT32|0x51 + + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 5fa8c0895808..23936242e74a 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -83,7 +83,7 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize =20 0x00B000|0x001000 -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P= cdSevEsWorkAreaSize +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfWorkAreaSize =20 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize @@ -99,6 +99,13 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 +##########################################################################= ################ +# Set the SEV-ES specific work area PCDs +# +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader +##########################################################################= ################ + ##########################################################################= ###### =20 [FV.SECFV] diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 89d1f7636870..67eb7aa7166b 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -116,8 +116,8 @@ [FixedPcd] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 76d06c206c8b..adc490e466ec 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -12,6 +12,7 @@ #define _MEM_ENCRYPT_SEV_LIB_H_ =20 #include +#include =20 // // Define the maximum number of #VCs allowed (e.g. the level of nesting @@ -36,26 +37,6 @@ typedef struct { VOID *GhcbBackupPages; } SEV_ES_PER_CPU_DATA; =20 -// -// Internal structure for holding SEV-ES information needed during SEC pha= se -// and valid only during SEC phase and early PEI during platform -// initialization. -// -// This structure is also used by assembler files: -// OvmfPkg/ResetVector/ResetVector.nasmb -// OvmfPkg/ResetVector/Ia32/PageTables64.asm -// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm -// any changes must stay in sync with its usage. -// -typedef struct _SEC_SEV_ES_WORK_AREA { - UINT8 SevEsEnabled; - UINT8 Reserved1[7]; - - UINT64 RandomData; - - UINT64 EncryptionMask; -} SEC_SEV_ES_WORK_AREA; - // // Memory encryption address range states. // diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h new file mode 100644 index 000000000000..c16030e3ac0a --- /dev/null +++ b/OvmfPkg/Include/WorkArea.h @@ -0,0 +1,67 @@ +/** @file + + Work Area structure definition + + Copyright (c) 2021, AMD Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef __OVMF_WORK_AREA_H__ +#define __OVMF_WORK_AREA_H__ + +// +// Guest type for the work area +// +typedef enum { + GUEST_TYPE_NON_ENCRYPTED, + GUEST_TYPE_AMD_SEV, + GUEST_TYPE_INTEL_TDX, + +} GUEST_TYPE; + +// +// Confidential computing work area header definition. Any change +// to the structure need to be kept in sync with the +// PcdOvmfConfidentialComputingWorkAreaHeader. +// +typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER { + UINT8 GuestType; + UINT8 Reserved1[3]; +} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER; + +// +// Internal structure for holding SEV-ES information needed during SEC pha= se +// and valid only during SEC phase and early PEI during platform +// initialization. +// +// This structure is also used by assembler files: +// OvmfPkg/ResetVector/ResetVector.nasmb +// OvmfPkg/ResetVector/Ia32/PageTables64.asm +// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm +// any changes must stay in sync with its usage. +// +typedef struct _SEC_SEV_ES_WORK_AREA { + UINT8 SevEsEnabled; + UINT8 Reserved1[7]; + + UINT64 RandomData; + + UINT64 EncryptionMask; +} SEC_SEV_ES_WORK_AREA; + +// +// The SEV work area definition. +// +typedef struct _SEV_WORK_AREA { + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; + + SEC_SEV_ES_WORK_AREA SevEsWorkArea; +} SEV_WORK_AREA; + +typedef union { + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; + SEV_WORK_AREA SevWorkArea; +} OVMF_WORK_AREA; + +#endif diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec= t.c index 2deec128f464..4c53b0fdf2fe 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -939,23 +939,21 @@ InitializeRamRegions ( } =20 #ifdef MDE_CPU_X64 - if (MemEncryptSevEsIsEnabled ()) { - // - // If SEV-ES is enabled, reserve the SEV-ES work area. - // - // Since this memory range will be used by the Reset Vector on S3 - // resume, it must be reserved as ACPI NVS. - // - // If S3 is unsupported, then various drivers might still write to t= he - // work area. We ought to prevent DXE from serving allocation reques= ts - // such that they would overlap the work area. - // - BuildMemoryAllocationHob ( - (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase), - (UINT64)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaSize), - mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData - ); - } + // + // Reserve the work area. + // + // Since this memory range will be used by the Reset Vector on S3 + // resume, it must be reserved as ACPI NVS. + // + // If S3 is unsupported, then various drivers might still write to the + // work area. We ought to prevent DXE from serving allocation requests + // such that they would overlap the work area. + // + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaBase), + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaSize), + mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData + ); #endif } } diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.inc index 35fd454b97ab..3b5e45253916 100644 --- a/OvmfPkg/OvmfPkgDefines.fdf.inc +++ b/OvmfPkg/OvmfPkgDefines.fdf.inc @@ -82,6 +82,12 @@ SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + gEfiMdeModulePk= gTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D $(VAR= S_SPARE_SIZE) =20 +# The OVMF WorkArea contains a fixed size header followed by the actual da= ta. +# The size of header is accessed through a fixed PCD in the reset vector c= ode. +# The value need to be kept in sync with the any changes to the Confidenti= al +# Computing Work Area header defined in the Include/WorkArea.h +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader = =3D 4 + !if $(SMM_REQUIRE) =3D=3D TRUE SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78752): https://edk2.groups.io/g/devel/message/78752 Mute This Topic: https://groups.io/mt/84694276/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 16:20:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+78753+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+78753+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1628196155715619.5484506106031; Thu, 5 Aug 2021 13:42:35 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id b8NXYY1788612xJ20gm9mjkH; Thu, 05 Aug 2021 13:42:35 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.86]) by mx.groups.io with SMTP id smtpd.web11.296.1628196153424961839 for ; Thu, 05 Aug 2021 13:42:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IFQU8YHVCWin9cQOzEzyl6b17yfhZCvE1VNolY1T8e1p4H1UUTSVW/RVlkjiTsv3eKSNwHIIf74rW7ykqac8GKMKaBvd4Ix2GUS4JVFhLsXlTytkQJsSKXahgD+IOgA0H4tbzTM/p4KwM0CBMldmm7R6+XaJrC7MmZ7YA/A3y3xTLDCy2NtNkZvyu2rQhz86S6rR47Bb78ARv4H3kaVInXFG8nqXqwenDkzMtW7hj1FIjb0QBS9fBopn2tAzgiDtX0uOYCzftfTbdNsqZ5FLwAtWXPSF4s354XBM3jSG/4N/i0GOx4KM6mPpG9lAEkguEoqh2dhaSITNLv7bBMleBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GwVtVbL27i+qrb3Z42N2ULWY8ovAL4SHRnYM+sAxrLs=; b=jmyETQMUre6zCMtx9CVUNj9ICHLlGKLL8HhbWNsmQHWlmW33iq+mWGxtkVkuiPix4K28AY8ROpLUhDwvsr3bT1Q6agSyMdwB1E1ohMsNS70uutbvSOGPF1fL8Q2DAdXvBHZTA54M4yrZ1wODpdMQQc1mmSNVPyb0Et/f0fSzH/8RcSJFEMVc+9NeGTVopNOWuePnDP57aFyrdaQVdB56w6yC9y5Uv/hNnCUvg8nwavohov9ZScq7f0AZxhTvI90rd6U3N3Nkqr6IgKbG5p3hK4g/3qbkOsHfxFQ7CAu9m3djH9K69ULHsYkdmHL5oJlVkUn1WmHtYehl1W4eDAb3Hg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Thu, 5 Aug 2021 20:42:31 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4394.017; Thu, 5 Aug 2021 20:42:31 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Brijesh Singh Subject: [edk2-devel] [PATCH v2 2/3] OvmfPkg/ResetVector: update SEV support to use new work area format Date: Thu, 5 Aug 2021 15:42:13 -0500 Message-ID: <20210805204214.27792-3-brijesh.singh@amd.com> In-Reply-To: <20210805204214.27792-1-brijesh.singh@amd.com> References: <20210805204214.27792-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.5 via Frontend Transport; Thu, 5 Aug 2021 20:42:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b3c8dda4-a63d-42b2-fb9f-08d958518ae7 X-MS-TrafficTypeDiagnostic: SN6PR12MB4751: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: j8SpDOV+MvgTKpkRUCri/3Ir8YS57NTsuZj+tPQ6LacTe/upeTcL8JHv8wbE2g8Gi++eyY2+/GUD/RgIOclkiF72xz8D5g4oM7OxCsa9MrIYt2VxOvpM2BtSbtO+/ybo/pz1avm/9vnIaU7u8WrGmVzEF3WEhtNGz2QPp/kIBJwIdT0NH0jHUSXPPLuExKALb3kc9SwQnYlLb14qghkOze/M/jbuYJxOObIogRcP58cQsmhOPKn0uHg+P3QO6qziPgyRfZqm/+lkgU44wCHAubHdahXb2Gdua2pHTzfw7P1TOKxiTU9/I0fl8Qh6o3bwjh2A8i1CPFczh3bQs2lIx9oi5mFimYdmICb0WzC4CdKeLGsp7locRyRrks1vEZfQQhjpkw8PEEONvZieWUSWqJQzY7BEKVaHgRbAAnL8RsaXXmRurcWCLLKzmmLiAacAkNyLQSylfhgeVSmtadQOZgM1WTUHwVS1CMdoROqFEl7M6mCRwUeIcUQC/BdvzdLgYd4Dv1A1V9PdQwK4lpiBxZjaVeg9f1FFPOG5EufpEfxs6uFW/QVwk9G5vPmjXxuLV4QJDNrtlPx3eM/mcFVZTne18Oy5ReSID5sCExJusB11ore2W8OSzwlB9rls5pkg9wjECf4TzcYKMTzs/JkfiOTVs5H1EKZt1rEklOzsKBZvmsBdoQGmNckZbt5jEC0j/kUgeZ0MrVHmXvEottXVEPUqD5ZH0rkiJlidrSbGWqt9ztDNs4cQmE8ZIEzXAW6gg6xTkCmL0A52bZX0Zh2m/nHQTXvv/VAQljo7YW+c3po= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?eZ5KFo7/SJPwXGLcI3toGUOWwthK7QTy40cU1ZSW+WLn8vpmBbcPzxisIST2?= =?us-ascii?Q?9RizCml6BBJfGHcmJAfTaYvKWqXncmhsi51NjvJ0kH1CR40Mh6Tb3+Rwy+BC?= =?us-ascii?Q?t6nzGgHOGVQIAQDy6bPGlvf9xbFICw5PUysMLiyvA6pLR+ETqaf5OmDDCzxk?= =?us-ascii?Q?JjqL7HEyrEiz6X0IKF0mDTLNxb0mvs/TbRcD5Y3OGVAVqtaBYxjtqrrZm5O/?= =?us-ascii?Q?V+dVy8o/9FQdFmDaOiF/lMKXZMjNI3ZLPrW5VSJqEuWA4cdjNlbnBmF6GXqs?= =?us-ascii?Q?NZEykXKg+N1E7QH4T0THsUiPq6hu5UJHAkOJ9EMX+T7S5+nTQ7nHOAosv4QT?= =?us-ascii?Q?puBs6fPv4U+1S6SNmVQccQJv5/edxrQ51m7UVsqtzEZxV2JAUe0/DIHIL8u1?= =?us-ascii?Q?OdBeDSv0Zfq0upiqA0cb45LINjsEiJzlg2xzAafH6GMw8UMTQ2iRXZDBmtnj?= =?us-ascii?Q?8jhTwvGE/qZ2lsy9xB7RVOHvStPAKtjMDCHSeo5VC6v/mmSKsTaUTkrAgYm9?= =?us-ascii?Q?9ddAS4w3Vvux3JWNjsTuhLI1JZe6y/xqAS8jarBTMYVCk0WAWI82gr8p3BOT?= =?us-ascii?Q?eiRUnwDWu3ztt9vvrejcd6BO99ZlvHo1n73CzOcuNvQOl8h8y7dvl0r5olEF?= =?us-ascii?Q?pv3k57V/TE/AWM4Puk10r016qDCUccRs97GP6sSk0Yx/RPLw/Q8icLAXWNKX?= =?us-ascii?Q?1TRWBoZUQ+gh+IiIBEB77+ON7dUReIduyea1aItakNF1NxndlDUKFmvfCafV?= =?us-ascii?Q?iRJ7WDqCwv/u/SMpqlF8uksqQ5fM4+kqa55HlhJJUrSIlTDNa51Hstm/2yZw?= =?us-ascii?Q?m55pgQneOWgtYsHwWjg0R+/XAFSle2oRqK+1atK54H/gouJOjm7F4RA/gM1K?= =?us-ascii?Q?NSmz913HyTyEc6QSbHOObT0XG3fiH/yTg7MQ6FY41eBitVSbCEj0aEPs3LMx?= =?us-ascii?Q?/fvsTEMW3bf9hA+Qp7ytad93W1rVj7Csqx0/bIYn9mYh8tTeafYdfRQPG6LE?= =?us-ascii?Q?HbhfhDG+5vlVj+kvIxPQULmDH0GyXlTaFMk5UUT40nDMTOl5Ajbi7qcB/don?= =?us-ascii?Q?Z5+/l3qFyniIRdZjN1wJ7IUxjAUbWedjJDr+cY8LJnAgM0y0BYLTzv3uP25t?= =?us-ascii?Q?RTfyuH9iwfxQJvUOBD7eDvTNxjt9QocjsjRHJ73QgMx0Li1/NNM86o4ykKJC?= =?us-ascii?Q?5LZTYZRY6TGYY1epDolRCkoGchpUG+Kup8tcMN3sn1k8UhmM3x2DHkmPV+uY?= =?us-ascii?Q?rrGwmNbfSZuUFzzAEXumn/zKCds6h1bk/LbaajWplMMOOUoKUId1sVkdHeEj?= =?us-ascii?Q?Fxm+1+51kYdijsAvCo2CHxK2?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b3c8dda4-a63d-42b2-fb9f-08d958518ae7 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2021 20:42:29.6789 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CduovCpQMUf96+7tcwmHZnaqlOI0mGHq/sbEIJbje1mcYc9ouoEVZffasshGqT0kXJIJ5NWivA04gQTTnZ2pQg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: hRcbfVzP5ewBTvsQSRakSvssx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1628196155; bh=uT7f6Xm8DMG2gWZpK8XzEMBUI+T99an3lhxRfaIIJZc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=pqPFeiemorPg6IKjEUEMu58SSw0jEvOvN2evyDT8M6HaDPrcUxvL/tDMLydGMgl4vFE pxkyQp/tmyXF++urWFRXwF8b4JHVfMm3MxB2hmveOikeiYzf15k7qHEIeX/nqw591Q9oQ 41cUW4M06codVl+XMau7w1t/K4wNwp05Y+M= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1628196156750100005 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Update the SEV support to switch to using the newer work area format. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/ResetVector.inf | 1 + OvmfPkg/Sec/SecMain.inf | 2 ++ OvmfPkg/Sec/SecMain.c | 32 ++++++++++++++++++++++- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 8 ++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 4 +++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 6 files changed, 47 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index d028c92d8cfa..6ec9cca40c3a 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -34,6 +34,7 @@ [BuildOptions] *_*_X64_NASMB_FLAGS =3D -I$(WORKSPACE)/UefiCpuPkg/ResetVector/Vtf0/ =20 [Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 7f78dcee2772..b650345770f2 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -56,6 +56,7 @@ [Ppis] gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED =20 [Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize @@ -70,6 +71,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 9db67e17b2aa..27a1a4af0e4a 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -807,6 +807,36 @@ SevEsProtocolCheck ( Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE; } =20 +/** + Determine if the SEV is active. + + During the early booting, GuestType is set in the work area. Verify that = it + is an SEV guest. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + +**/ +STATIC +BOOLEAN +IsSevGuest ( + VOID + ) +{ + OVMF_WORK_AREA *WorkArea; + + // + // Ensure that the size of the Confidential Computing work area header + // is same as what is provided through a fixed PCD. + // + ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeade= r) =3D=3D + sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER)); + + WorkArea =3D (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase); + + return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D GUEST= _TYPE_AMD_SEV)); +} + /** Determine if SEV-ES is active. =20 @@ -828,7 +858,7 @@ SevEsIsEnabled ( =20 SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); =20 - return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D 0= )); + return (((IsSevGuest()) && SevEsWorkArea !=3D NULL) && (SevEsWorkArea->S= evEsEnabled !=3D 0)); } =20 VOID diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index aa95d06eaddb..87d81b01e263 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -171,6 +171,9 @@ CheckSevFeatures: bt eax, 0 jnc NoSev =20 + ; Set the work area header to indicate that the SEV is enabled + mov byte[WORK_AREA_GUEST_TYPE], 1 + ; Check for SEV-ES memory encryption feature: ; CPUID Fn8000_001F[EAX] - Bit 3 ; CPUID raises a #VC exception if running as an SEV-ES guest @@ -257,6 +260,11 @@ SevExit: IsSevEsEnabled: xor eax, eax =20 + ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set + ; to 1 if SEV is enabled. + cmp byte[WORK_AREA_GUEST_TYPE], 1 + jne SevEsDisabled + ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if ; SEV-ES is enabled. cmp byte[SEV_ES_WORK_AREA], 1 diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index eacdb69ddb9f..f688909f1c7d 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -42,6 +42,10 @@ BITS 32 ; SetCr3ForPageTables64: =20 + ; Clear the WorkArea header. The SEV probe routines will populate the + ; work area when detected. + mov byte[WORK_AREA_GUEST_TYPE], 0 + OneTimeCall CheckSevFeatures xor edx, edx test eax, eax diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index acec46a32450..d1d800c56745 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -72,6 +72,7 @@ %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) + %define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase)) %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78753): https://edk2.groups.io/g/devel/message/78753 Mute This Topic: https://groups.io/mt/84694278/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 16:20:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+78754+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+78754+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1628196156309607.6538832015634; Thu, 5 Aug 2021 13:42:36 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ALb0YY1788612xZSTN3Yr2xz; Thu, 05 Aug 2021 13:42:35 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.86]) by mx.groups.io with SMTP id smtpd.web11.296.1628196153424961839 for ; Thu, 05 Aug 2021 13:42:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MKWvBlbNUJuxCD/eiEdQYPMJ4idlVU6XhsTfgsVNzyzCyW+Jo07gmPNOvAqwgLqWuILO+ieoLNpe+1NVSs98ofnnqfCI+pCOAEBMImZbXY9jzUWXhdaq86GMgKqsFv50aU4oAkJwyZncKUc/XoHyJ+DZQxdiv4hJn5QCFRhQ0Rj6KyYyVeHtFRXa6br/iDTcT3SSAdAUdMgZdrAwcw8b1S+rW7jrBPy8iMkQEUyiLbIT2iDQsBDvb1mQt+n7Bw6z1Si+tYbbgSXKc5Pgn8Iuf4AF66fmebLRC2ZzXy63OdzeYUPNAg3dcMTdnf4GJfDy1IpQQokynf3XP36SrF9+kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L04/tEw5YovWGwXGVQGEC5ZTCQ/7on91k3q8061Kx54=; b=PfcZKdBlYkXdB9M4pzK1mcrcl8mypPbBXMs4IbkMEo84Uw7Ing73nePdqEbya5avzpa3GxrNRIhAvoB8YQjw3Eckv1hfsyqlCvdeU/oYMYd9KeQxtEcbrFhy3Vp12r17QoPkx0LBpi6BqjDX1BI/fGNl5hdHfMd2RTuy5/0TrhADgNoHsZeS9xPlUrVf59AHpTuBL8SuJjeVs9/Tlr2qEPAUWnYUpmod1MAAtV2LTS2Y/Uu4SthYH3noXhgPdGpOzwyOlKkMValDJYuFualdRxTrCl5FBDVt3qrON0cppWBXiO8tYY57RidKm+TzYv7Jo/5sG41IVyISpFztvzGyvg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Thu, 5 Aug 2021 20:42:33 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4394.017; Thu, 5 Aug 2021 20:42:33 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Brijesh Singh Subject: [edk2-devel] [PATCH v2 3/3] OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm Date: Thu, 5 Aug 2021 15:42:14 -0500 Message-ID: <20210805204214.27792-4-brijesh.singh@amd.com> In-Reply-To: <20210805204214.27792-1-brijesh.singh@amd.com> References: <20210805204214.27792-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.5 via Frontend Transport; Thu, 5 Aug 2021 20:42:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b694402b-2515-45f6-0b0f-08d958518b41 X-MS-TrafficTypeDiagnostic: SN6PR12MB4751: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4714; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: l5x/M02g5dIX7KZOnlMQmmnQP0RMnaqByLMcuh7KZuYHBBN6eSlSQhdl9dkM/iiT5y5zPuwW3XgllRv3qsMkxj6luK3lcxa7qAalSzL1lveVD6WnT4zfzZYM3pX12ZT96H+ftRHcrQ2BEzqGwdJejn3+NVJc9wCAHTH9RjKCpSuEmoVLapJhBj8qgjZ/DAWJwNHL+nU3KV0Cfh3/HBsMKj6gRprYH13IFN8lNZnpUg4jvvd/5VBStUlbzEC5B8aD6iQiP2V1f8/SPaHRDVknq82FoKNzrK66vegjbAbhzD4FQDS+xo3PeBXoNkyDAiw17hS1RxZHF/RflVjjRY3D4EIASPey+HdtYXhXLtpMhLeet0eqW3uzFZwlJbLLRTrObhnEmPL4DB3oUbzDiZravm0EE3u4izuzT8qO8APcb0LuEyIZxNFj0TTFoQhqQh7rwl/k4EtH4DYO3/t/DLQV2v3Tr1l2OppYcJQ9Uyw2N0bnndiLW+D1eN6to1jbFW+l/g+SNox+fw5GKyDgXQ6MbGGuzBt1XvDBvzfM3TojWAxiFVrCQmM+GwWRDYeijOLGzeERh/6pMMRGSQor9o1wQvXSFPLW6p5sSUjNVtvTuyDBwUhZX6QyIvEkNv59nOqpJE6is3la9SnUhMoL8tMZg1I8O/kt1UUKn66hgh7ndb3plq4tjySi3pbz/up4K5DoqdxH1HhoLrTtx28uCmCqxgkDlzfoE5aPOxxBt9HHGG6qysAOw0wvaee2R+pSN4lcPA3x5oMx71GLrOVqxOfRQ863SUscb6sq+BSN3bkBi6M= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?LmvCd51yTGvo1lPmq9KeB17OrSQ11zzsRqODrAgJ/Z8rh8IJt3CqyhvYBc6W?= =?us-ascii?Q?oGLrTav2al1KezbL3rvexElpE0fE7sEry9qBTckgPBxICFUfiNAL0/6MmKwl?= =?us-ascii?Q?nljC/8eMOyLFIHKDQyoRyKJaW8ZX3H1tBzyLBdndoY5h0Q7j53RF3DbIZpn5?= =?us-ascii?Q?ZwDk5goTSZjtIMu+knUyDXnpRtzZ690cXifq6zBV78G+GxxTC5mh2o+psPFS?= =?us-ascii?Q?PJ1Hj19y5fLRkYE2NIuIcyTWanUJzLeYvVNzJNxD09z++HdHU4b2Tn41rrRm?= =?us-ascii?Q?YDhExBzORz+UsotglMAZTgGFyHyVVXGcA9vLrUAIDDd5koWd1Szf/BhzJ/9T?= =?us-ascii?Q?nWFxZUh5Qwj1Cw/cYF54VOF2Mvt7d4m1TEBsKtsJT6ITw8AWJe7WiqgcoCGx?= =?us-ascii?Q?tIvDOG0uM/2OluxgP+jpfVCTkELYJPqnaTFj4DvZUDj8049fH/8yfduzHBHH?= =?us-ascii?Q?OmaxKAKN9Oo7lzJa6FzHLzKFx/W+XR4/CIhoaGHvUONXA6JZ2VIxh5xwCTGy?= =?us-ascii?Q?d7U8iQBUu4VJV4hI7jVtzu6zxWNoUWQekR8ihDqp5zssbAT5zrkdB78rmgjh?= =?us-ascii?Q?iXiQTTKLYhme3i9fcvtVqFWSuP0JzSZA+bu0Otxukir8yWT8Lmdx5SWNU16v?= =?us-ascii?Q?fH6IOrl97VFoB0kx2zTaTXrum7ouURK7qOuc2wG+D77ZUhxt99Ef3qu1uKOE?= =?us-ascii?Q?SmBIhj7Q6FlMFm+ttKDZLrGwSO57cWdDY2u9wu20rEJlAtjPwbK85Vmhwwam?= =?us-ascii?Q?xGBT6jCynA7gjdeIIt+Jg3HLB273RVuXBLnf4NVXDzqlke9xntF8XE3whrpy?= =?us-ascii?Q?9AGcDiWu9zT1FYCyygOxIxrtNL8+n50z41By6WWmIRqIrITjhL3WPI4HKPdr?= =?us-ascii?Q?p4stXfO+qzYdC+jUbmz9SrlIdK8CTCXQmt8pF/RqkAHPnlDTr27qg0dZCbCZ?= =?us-ascii?Q?UWZnC71XW6LWhF87NA16+wqs8lox55oZi3R1xxAfS1ZT/3ULT+3qm08w8bVO?= =?us-ascii?Q?x/fjSEN+f2fjA4B/RZJLdMpInxCzB8/WoxqidF6OLKk1DNEreh/4+x53wFxE?= =?us-ascii?Q?/8SZEaFH4tektFhXTVPGJRAc6AXwyIVDv1C2ef+xSqw2Yf2tnpMyHmbXgy7s?= =?us-ascii?Q?lkbU7zfrUJerl26v1eOhGlzS2dqmxClrfQXsr/6ihlEzgA3DS8oq2XO+kbpa?= =?us-ascii?Q?ocyplSH4lW3qEJEgOcRHKj/hMU3aja0HBzW+kQmSde+4rGDY1fgIXY1sr9fH?= =?us-ascii?Q?Z5p6NxAAYv8la2qOH4mY79M1eign7tw1rsIO2X4MsNy/WtSVNHwYhdGrF7ut?= =?us-ascii?Q?gv9oFZ+0xAZht51UKwKeJ2R4?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b694402b-2515-45f6-0b0f-08d958518b41 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2021 20:42:30.2706 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uZwJi5XWKIyfwm4pPMVi/DL3KAioG6cbexbDhMTR4V6AzmInhihyg+LoZ1YplIK+RHqc8qaoBaFCBXXKuWjFsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 7MkIbZCnMAzGvHCHA7u3yvpYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1628196155; bh=jfdDbEfEM1YfYDbC/Kn4ihYRROw1k/oXLXTNLSMff3o=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=ZECajRco5Yri+Dm7CoO1rsQeHy0cdV26JqvLwOJ3h52CoH/mujf6/4tcd7GwQie+q2y jtTxmh0iKbunwLvp7K4HtCtRNLbJt5tVxNmnaIuJZa3ifXEXo1sX7iJ3c8FlbnP2HiZX7 VmUrQq7OEMxaCll1bcX+CDfFiKA0JZnz5zA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1628196156855100014 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 While build the initial page table, the SetCr3ForPageTables64 checks whether SEV-ES is enabled. If so, clear the page encryption mask from the GHCB page. Move the logic to clear the page encryption mask in the AmdSev.asm. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 113 +++++++++++++++++----- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 53 ++-------- 2 files changed, 94 insertions(+), 72 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 87d81b01e263..fd2e6abcd4a0 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -44,6 +44,27 @@ BITS 32 ; The unexpected response code %define TERM_UNEXPECTED_RESP_CODE 2 =20 +%define PAGE_PRESENT 0x01 +%define PAGE_READ_WRITE 0x02 +%define PAGE_USER_SUPERVISOR 0x04 +%define PAGE_WRITE_THROUGH 0x08 +%define PAGE_CACHE_DISABLE 0x010 +%define PAGE_ACCESSED 0x020 +%define PAGE_DIRTY 0x040 +%define PAGE_PAT 0x080 +%define PAGE_GLOBAL 0x0100 +%define PAGE_2M_MBO 0x080 +%define PAGE_2M_PAT 0x01000 + +%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \ + PAGE_DIRTY + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + +%define PAGE_PDP_ATTR (PAGE_ACCESSED + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + =20 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll @@ -117,6 +138,72 @@ BITS 32 SevEsUnexpectedRespTerminate: TerminateVmgExit TERM_UNEXPECTED_RESP_CODE =20 +; If SEV-ES is enabled then initialize the make the GHCB page shared +SevClearPageEncMaskFromGHCBPage: + ; Check if SEV is enabled + cmp byte[WORK_AREA_GUEST_TYPE], 1 + jnz SevClearPageEncMaskFromGHCBPageExit + + ; Check if SEV-ES is enabled + cmp byte[SEV_ES_WORK_AREA], 1 + jnz SevClearPageEncMaskFromGHCBPageExit + + ; + ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. + ; This requires the 2MB page for this range be broken down into 512 4KB + ; pages. All will be marked encrypted, except for the GHCB. + ; + mov ecx, (GHCB_BASE >> 21) + mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR + mov [ecx * 8 + PT_ADDR (0x2000)], eax + + ; + ; Page Table Entries (512 * 4KB entries =3D> 2MB) + ; + mov ecx, 512 +pageTableEntries4kLoop: + mov eax, ecx + dec eax + shl eax, 12 + add eax, GHCB_BASE & 0xFFE0_0000 + add eax, PAGE_4K_PDE_ATTR + mov [ecx * 8 + GHCB_PT_ADDR - 8], eax + mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx + loop pageTableEntries4kLoop + + ; + ; Clear the encryption bit from the GHCB entry + ; + mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 + mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 + + mov ecx, GHCB_SIZE / 4 + xor eax, eax +clearGhcbMemoryLoop: + mov dword[ecx * 4 + GHCB_BASE - 4], eax + loop clearGhcbMemoryLoop + +SevClearPageEncMaskFromGHCBPageExit: + OneTimeCallRet SevClearPageEncMaskFromGHCBPage + +; Check if SEV is enabled, and get the C-bit mask above 31. +; Modified: EDX +; +; The value is returned in the EDX +GetSevCBitMaskAbove31: + ; Check if SEV is enabled + cmp byte[WORK_AREA_GUEST_TYPE], 1 + jnz NoCbitValue + + mov edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4] + jmp GetSevCBitMaskAbove31Exit + +NoCbitValue: + xor edx, edx + +GetSevCBitMaskAbove31Exit: + OneTimeCallRet GetSevCBitMaskAbove31 + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -249,32 +336,6 @@ SevExit: =20 OneTimeCallRet CheckSevFeatures =20 -; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat= ure -; is enabled. -; -; Modified: EAX -; -; If SEV-ES is enabled then EAX will be non-zero. -; If SEV-ES is disabled then EAX will be zero. -; -IsSevEsEnabled: - xor eax, eax - - ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set - ; to 1 if SEV is enabled. - cmp byte[WORK_AREA_GUEST_TYPE], 1 - jne SevEsDisabled - - ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if - ; SEV-ES is enabled. - cmp byte[SEV_ES_WORK_AREA], 1 - jne SevEsDisabled - - mov eax, 1 - -SevEsDisabled: - OneTimeCallRet IsSevEsEnabled - ; Start of #VC exception handling routines ; =20 diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index f688909f1c7d..0e8ba4dde534 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -46,16 +46,13 @@ SetCr3ForPageTables64: ; work area when detected. mov byte[WORK_AREA_GUEST_TYPE], 0 =20 + ; Check whether the SEV is active and populate the SevEsWorkArea OneTimeCall CheckSevFeatures - xor edx, edx - test eax, eax - jz SevNotActive =20 - ; If SEV is enabled, C-bit is always above 31 - sub eax, 32 - bts edx, eax - -SevNotActive: + ; If SEV is enabled, the C-bit position is always above 31. + ; The mask will be saved in the EDX and applied during the + ; the page table build below. + OneTimeCall GetSevCBitMaskAbove31 =20 ; ; For OVMF, build some initial page tables at @@ -105,44 +102,8 @@ pageTableEntriesLoop: mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 - OneTimeCall IsSevEsEnabled - test eax, eax - jz SetCr3 - - ; - ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. - ; This requires the 2MB page for this range be broken down into 512 4KB - ; pages. All will be marked encrypted, except for the GHCB. - ; - mov ecx, (GHCB_BASE >> 21) - mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR - mov [ecx * 8 + PT_ADDR (0x2000)], eax - - ; - ; Page Table Entries (512 * 4KB entries =3D> 2MB) - ; - mov ecx, 512 -pageTableEntries4kLoop: - mov eax, ecx - dec eax - shl eax, 12 - add eax, GHCB_BASE & 0xFFE0_0000 - add eax, PAGE_4K_PDE_ATTR - mov [ecx * 8 + GHCB_PT_ADDR - 8], eax - mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx - loop pageTableEntries4kLoop - - ; - ; Clear the encryption bit from the GHCB entry - ; - mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 - mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 - - mov ecx, GHCB_SIZE / 4 - xor eax, eax -clearGhcbMemoryLoop: - mov dword[ecx * 4 + GHCB_BASE - 4], eax - loop clearGhcbMemoryLoop + ; Clear the C-bit from the GHCB page if the SEV-ES is enabled. + OneTimeCall SevClearPageEncMaskFromGHCBPage =20 SetCr3: ; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78754): https://edk2.groups.io/g/devel/message/78754 Mute This Topic: https://groups.io/mt/84694279/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-