From nobody Mon May 6 01:48:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79427+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79427+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629208032348948.3076188807833; Tue, 17 Aug 2021 06:47:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id l0e3YY1788612xt40Ngtnqu0; Tue, 17 Aug 2021 06:47:11 -0700 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.54]) by mx.groups.io with SMTP id smtpd.web09.39334.1629208030070082466 for ; Tue, 17 Aug 2021 06:47:11 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g32oP80NltRzjCa+S6NXTWcyIc2zcVgWSedCsxj0/bZ2xclEKuALBOWt6bYcq7CXTJNSKbLVp13p1ARI0FOKREM0krMrqp5FU4pEQ5wk4plEN1Mp9mvyeCRDPLXpAeWTjyUMdGekpfuuyWOPHjeq0dnD333jlGvgehbw2udVZMKoHbYTal1LTYnfadAwuJt5XsHuTh/MnAQQ+1ByXFYetBU0TZWiTe7cnZ9SFuVq7Pom/fw276N+VyNezkzherGZ+aVxwdwHx91Q7ZCb0hvmcqplpbvkiNg4OIOPLhtNxAXDLNrE8LeRfWQMlxLG8jhijyZd0m1wnoJLwVNvQauH+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gle9WufOikdy5bqhTV/JnLkf4ma4MxlMVPGf8kV7eBA=; b=gsagdgCmU8Yr6/QOLjOUS3mcWe0Otl16fG3wmtrcRjYekGZxzbL8gwMKQmpyaIhcBeJRuOcmRzb/+sHwC2fJ+jC72USGmCtjfyYRqXhHnS34S27nGHxe0EfFgtNtfXqM2SF79uSQVheaR+tsk3NQvEHJJq+PPj/QB2PNIrCa9kuQorOjqDrXjsqnb4Awwp/kN4Auo1Q2LOkFSQsnuknt6/KfW5jcCiLoMV9jOE+PV5tDIjhTGNwt/Qrqj4lSAoJUQ6XuPbUuU6ucmv0niQ9C52lsmv5ETToS5/aiKeKsbzrbJ48h5OaY7w1NQiuVtxfGCMll69QoR7U9xP/juf1tHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2541.namprd12.prod.outlook.com (2603:10b6:802:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.18; Tue, 17 Aug 2021 13:47:08 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021 13:47:08 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Brijesh Singh Subject: [edk2-devel] [PATCH v3 1/3] OvmfPkg: introduce a common work area Date: Tue, 17 Aug 2021 08:46:49 -0500 Message-ID: <20210817134651.20444-2-brijesh.singh@amd.com> In-Reply-To: <20210817134651.20444-1-brijesh.singh@amd.com> References: <20210817134651.20444-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16 via Frontend Transport; Tue, 17 Aug 2021 13:47:07 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 060656dc-27f1-4abc-70c6-08d96185816f X-MS-TrafficTypeDiagnostic: SN1PR12MB2541: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: UY/OTu/B7Qg7vD+i6ybuQOERFO06NmdwR6iSY3iWKJYdGvXiQEo3IW2KJe6z85JYLgJ+s/Af1IyClHFYnZViE7g1TbjDGqIF/SXbt3RrU5efbadlRBn19Cd2OTGB/haYAaaxBWLVzTNQKhOmRZ+O+5L6WuLOo1wqj+rx9KkvlRE+eUM7XwaM758RmdKnIIO0WGJRC6G4ObtMuAIko9JCSm+AtynVbXGCtEljtdC8fiAllj6/ciChoxx+rpsohiRxiyLqsnklgYbQL6A9llk1oHyoRc9v8aaG5dBVfd3cGw996Xl9vsVmoFuxhbtksOoD0fgxTZeGwq3q8/9P/ROKWpQ4B89kWWIRc0nRH+3UhEodYNBX885fE5TNANhHfe1aJSvMl25AW0jEGBz7AhrDCS73Nsh02Vq/NZaS3cErNve03U25aTKPDQaqIvyRzXujghZgQbzP477LN01h4bM3QCmnAXfpAHpM6ZHdxqMR48GkWhzpsP14duFm7FXs2vipm6ArghVFM/eLQ3BsGGgIdDC64QHC5vLzJh0sIq5BAGkTLrxjXBUk/KTVIFSVLSg+FnNXbxSzDBhgtDHu2HwODimyNErrFzb0K+kyQzq1F3aGZuhFzEa7sW8hwXkkz4n9GcGaG97+wuSD/51Rnngasb4bnAUsEFn+pNwSZiMeoAUbjJfPXmdoEXDqeykklC66ZJfInSgHtLdY+gFUKBNAH/k14wm21SmmFpU0p3Tys0qPYbSsOamExNSoHwD0JduFZQkLQSTUIJCoyr5ZDGk4DzYZHv3WpNilJi+dXlaKbAM= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?WvqlCztqXzLWfyKaN2RoQsQw4HpwlYZKhwKy9mwyPF0fkqlBBkQl2bB4Jr6s?= =?us-ascii?Q?ngj3LRv6RsMtBBUv+IEDUdge6fXgLLP5c17kW/M5pyCLq4ysskycUYr+EriD?= =?us-ascii?Q?JRLIb+WKuk6NZXsQbptkIH4n9/wBNCUNBZZ9n2t37s6Ht+nLncoCV6MiK6Gp?= =?us-ascii?Q?sjI/iluTM0lRMNiQsDP220tToIsLJpNA+4UMVf/Vop9UfcwHbsKg9FRvJP0t?= =?us-ascii?Q?2dBlIvMt8h5chIbMmNMdeAF8+UtJTG3t07ApRLpoaBu1vkgSZG7tAlA7MZCy?= =?us-ascii?Q?yFa4ePAMVxpDoqSkuB1qu0otAHXvmUjF6xyKxNjfhn5DnXCMz8m8PfgRtitm?= =?us-ascii?Q?CuXrECs7VOHJ8OzI3KdDUHlA+9wBPGIJpLr1dK35zVrXvin6urm19BQuVZof?= =?us-ascii?Q?C9A/m26Xx5MJaikZYG4ODEVy4a0mIIajqHFdfaaQ4umfoCWTtLIfJu8mh/1E?= =?us-ascii?Q?5tm3uoizTKdr0Ix/tY1EMAPJepnT3Elzbe6GQQCQ++TLSxeodO9xsbXpvRkA?= =?us-ascii?Q?aTChEmuGCf8GSazukDVuoTCm0UWQnu5DwZIgnWrlmx+hRNS/LGBhSMI2K45C?= =?us-ascii?Q?JI6tzkb5D8uJQE3xLSSDkFt92Iy91KzDrhbUyLWsrFFBHhyH6nucnzSZ0oeV?= =?us-ascii?Q?EtcCfduCP4DlhdGoIzqbkup/8wymyUrXzmbrv+bOf091CZR72SMRIt/so4MQ?= =?us-ascii?Q?F1254GZ/WSHg8TuDAIygv/5YNAn2fYXw9yz7PhKo+94/aNyGsWDN46LWoxeE?= =?us-ascii?Q?jWeGxHDUmQBLOx4K7DbjMIORmBsFl/rncI/rSs7hsVm+76U5VJEENMe9sFbF?= =?us-ascii?Q?mx+Ffw63Oxa2grYLXNhfhsav2gHIGOXcYXYt/Vbq7MabNctEICK6vghEwxbL?= =?us-ascii?Q?9AJRIAS3Rnq7ILX/NmOQnw/ZbqQB/DsZvTXymDdM50f8X2F9KhrgLeewHpfw?= =?us-ascii?Q?aI5L/3pjOtmXi5sjqB0SdPnp6YDPCEQhCZrifa262rK5zG+AAKWspI1XLKA+?= =?us-ascii?Q?Nf7j6XlAqQR40ezrQCx5Df6dVIcRDS+Mf5iurKqNK4nKOtoIzUCkqAn3rO7P?= =?us-ascii?Q?n7tAh587HDi/WoYBsEv0jAfHIwfahTOAEZiunGMTpVXltk5sLAtu7XJ+VnZt?= =?us-ascii?Q?FrIw35Ae2Pyz54bCkdmvE6eBmy9P46q1ABOLVDRrG9ECwszlnzlwpV58cxro?= =?us-ascii?Q?ISOUYqu1b3aTwOHfY0bCBFHFPr9O6rT0q390w56E1iIjJBzbBlsGh1m4wONt?= =?us-ascii?Q?EetOG0qJv+mpZZXMKj0BPoG9cW3RjDP2sNMCTbm2yxvBLSOpN0aGPSSoL0Bc?= =?us-ascii?Q?lkcxBO3JYyAoabQsYYPW/pcb?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 060656dc-27f1-4abc-70c6-08d96185816f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 13:47:08.3152 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fykCeXDoao5pfBYjt0yjqXV/4B+NxdK1LUwHoC/X0s7mN1ZGew7C0EEIiUtalKCe3bHKBZUXosRndhOmQiWJuw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2541 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: rIx9doxYveSqejHr2P1vUp4fx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629208031; bh=2LULFEu9NneqzytuBZ94VY+788C2SE3Vgxb9qb/b6Nc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=TvCQ0pJXN180jbK7m9Umo1czy1c8sfOcTd0cu/L8Zf9abyNy6b1k7acZcYKcAf+idnv hUKQWwgAadMYbCtI1Z3KszzJD3OpCmC0coCP+GxE0xBK7pWZunCHWF6oX0cixPO0eYcu0 sQiJvvxTVh4b3YYd9uOUqNpnOG0/wq5F+m0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629208032724100006 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Both the TDX and SEV support needs to reserve a page in MEMFD as a work area. The page will contain meta data specific to the guest type. Currently, the SEV-ES support reserves a page in MEMFD (PcdSevEsWorkArea) for the work area. This page can be reused as a TDX work area when Intel TDX is enabled. Based on the discussion [1], it was agreed to rename the SevEsWorkArea to the OvmfWorkArea, and add a header that can be used to indicate the work area type. [1] https://edk2.groups.io/g/devel/message/78262?p=3D,,,20,0,0,0::\ created,0,SNP,20,2,0,84476064 Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Jiewen Yao Reviewed-by: Min Xu --- OvmfPkg/OvmfPkg.dec | 12 ++++ OvmfPkg/OvmfPkgX64.fdf | 9 ++- OvmfPkg/PlatformPei/PlatformPei.inf | 4 +- OvmfPkg/Include/Library/MemEncryptSevLib.h | 21 +------ OvmfPkg/Include/WorkArea.h | 67 ++++++++++++++++++++++ OvmfPkg/PlatformPei/MemDetect.c | 8 +-- OvmfPkg/OvmfPkgDefines.fdf.inc | 6 ++ 7 files changed, 100 insertions(+), 27 deletions(-) create mode 100644 OvmfPkg/Include/WorkArea.h diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 8fb6f257e8e8..c37dafad49bb 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -329,6 +329,18 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 =20 + ## The base address and size of the work area used during the SEC + # phase by the SEV and TDX supports. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|0|UINT32|0x49 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize|0|UINT32|0x50 + + ## The work area contains a fixed size header in the Include/WorkArea.h. + # The size of this header is used early boot, and is provided through + # a fixed PCD. It need to be kept in sync with any changes to the + # header definition. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|0|= UINT32|0x51 + + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 5fa8c0895808..23936242e74a 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -83,7 +83,7 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize =20 0x00B000|0x001000 -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P= cdSevEsWorkAreaSize +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfWorkAreaSize =20 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize @@ -99,6 +99,13 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 +##########################################################################= ################ +# Set the SEV-ES specific work area PCDs +# +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader +##########################################################################= ################ + ##########################################################################= ###### =20 [FV.SECFV] diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 89d1f7636870..67eb7aa7166b 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -116,8 +116,8 @@ [FixedPcd] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 76d06c206c8b..adc490e466ec 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -12,6 +12,7 @@ #define _MEM_ENCRYPT_SEV_LIB_H_ =20 #include +#include =20 // // Define the maximum number of #VCs allowed (e.g. the level of nesting @@ -36,26 +37,6 @@ typedef struct { VOID *GhcbBackupPages; } SEV_ES_PER_CPU_DATA; =20 -// -// Internal structure for holding SEV-ES information needed during SEC pha= se -// and valid only during SEC phase and early PEI during platform -// initialization. -// -// This structure is also used by assembler files: -// OvmfPkg/ResetVector/ResetVector.nasmb -// OvmfPkg/ResetVector/Ia32/PageTables64.asm -// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm -// any changes must stay in sync with its usage. -// -typedef struct _SEC_SEV_ES_WORK_AREA { - UINT8 SevEsEnabled; - UINT8 Reserved1[7]; - - UINT64 RandomData; - - UINT64 EncryptionMask; -} SEC_SEV_ES_WORK_AREA; - // // Memory encryption address range states. // diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h new file mode 100644 index 000000000000..c16030e3ac0a --- /dev/null +++ b/OvmfPkg/Include/WorkArea.h @@ -0,0 +1,67 @@ +/** @file + + Work Area structure definition + + Copyright (c) 2021, AMD Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef __OVMF_WORK_AREA_H__ +#define __OVMF_WORK_AREA_H__ + +// +// Guest type for the work area +// +typedef enum { + GUEST_TYPE_NON_ENCRYPTED, + GUEST_TYPE_AMD_SEV, + GUEST_TYPE_INTEL_TDX, + +} GUEST_TYPE; + +// +// Confidential computing work area header definition. Any change +// to the structure need to be kept in sync with the +// PcdOvmfConfidentialComputingWorkAreaHeader. +// +typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER { + UINT8 GuestType; + UINT8 Reserved1[3]; +} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER; + +// +// Internal structure for holding SEV-ES information needed during SEC pha= se +// and valid only during SEC phase and early PEI during platform +// initialization. +// +// This structure is also used by assembler files: +// OvmfPkg/ResetVector/ResetVector.nasmb +// OvmfPkg/ResetVector/Ia32/PageTables64.asm +// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm +// any changes must stay in sync with its usage. +// +typedef struct _SEC_SEV_ES_WORK_AREA { + UINT8 SevEsEnabled; + UINT8 Reserved1[7]; + + UINT64 RandomData; + + UINT64 EncryptionMask; +} SEC_SEV_ES_WORK_AREA; + +// +// The SEV work area definition. +// +typedef struct _SEV_WORK_AREA { + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; + + SEC_SEV_ES_WORK_AREA SevEsWorkArea; +} SEV_WORK_AREA; + +typedef union { + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; + SEV_WORK_AREA SevWorkArea; +} OVMF_WORK_AREA; + +#endif diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec= t.c index 2deec128f464..2c2c4641ec8a 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -939,9 +939,9 @@ InitializeRamRegions ( } =20 #ifdef MDE_CPU_X64 - if (MemEncryptSevEsIsEnabled ()) { + if (FixedPcdGet32 (PcdOvmfWorkAreaSize) !=3D 0) { // - // If SEV-ES is enabled, reserve the SEV-ES work area. + // Reserve the work area. // // Since this memory range will be used by the Reset Vector on S3 // resume, it must be reserved as ACPI NVS. @@ -951,8 +951,8 @@ InitializeRamRegions ( // such that they would overlap the work area. // BuildMemoryAllocationHob ( - (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase), - (UINT64)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaSize), + (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaBase), + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaSize), mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData ); } diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.inc index 35fd454b97ab..3b5e45253916 100644 --- a/OvmfPkg/OvmfPkgDefines.fdf.inc +++ b/OvmfPkg/OvmfPkgDefines.fdf.inc @@ -82,6 +82,12 @@ SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + gEfiMdeModulePk= gTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D $(VAR= S_SPARE_SIZE) =20 +# The OVMF WorkArea contains a fixed size header followed by the actual da= ta. +# The size of header is accessed through a fixed PCD in the reset vector c= ode. +# The value need to be kept in sync with the any changes to the Confidenti= al +# Computing Work Area header defined in the Include/WorkArea.h +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader = =3D 4 + !if $(SMM_REQUIRE) =3D=3D TRUE SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79427): https://edk2.groups.io/g/devel/message/79427 Mute This Topic: https://groups.io/mt/84947965/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 01:48:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79426+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79426+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629208032229372.26536882526614; Tue, 17 Aug 2021 06:47:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id L0ltYY1788612x3V5YM5x0rb; Tue, 17 Aug 2021 06:47:11 -0700 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.57]) by mx.groups.io with SMTP id smtpd.web11.39027.1629208030648607891 for ; Tue, 17 Aug 2021 06:47:10 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AATybwakx8fjAive3ONRTwyFvi3T4Ad3CxDlGoLBU2WEl6mCAwyQB87tBTVJGXXl9JqkioRvhYXO5eXtIWrXQWrUAXwct5hqNqStq/GjhDoqHZoMLip4vBeJREa/EjLwHQHRUrFBJq62bjD+6viJjHOuox8tgJytbc7B1UMIaIBmfsjKVIpUmJpT5lo6krpl4BGEI1/bdzd9eyQaouPgpkgYiKkNv5jUZ5Mv/UdbP/0bYI3KI2TntO+t2roEAOJ1O9rexifjzmDr4drIrvWZaErSohzbHGbH2emBIeU3XVnz1m1K1Lcl3lVON9+LFHLb3pGB9GERgfiBwsalgtg6ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yaRxyLzr5PQGguxoR5PgXkb9je60WAv1H2AsmkqkzQc=; b=YOy+cpdcJzIVreWFwicyjihBkgYhsQuRblOlGi5dqrPIZadL0Y6MGQRFgkU35dMGFvGmWr3t7OLsjy8jANE3FodKA9naSAP1x9vDkKgiupYEUlRrLK+J0lXWLMUaN7XcGpPEJZa3rVt3UrkvIeIA6SDHTaFyQh0s9YuRA4yBYKgXsNLBtb0nhjKy8X2cXIHGuGav/cf/XA+uf9qlCD62Ulpb8CffeNtepG1MLG55bGUjPv+VDKIy+YWzRnThtx49O2/HkRj1UYfWUgHntWeJU9Em26LShu2M6C0eVF7PckVV6I0K1mqj3zY906CRQUWH/jJp1aXAQzCDV4PMZnPu2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.15; Tue, 17 Aug 2021 13:47:09 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021 13:47:09 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Brijesh Singh Subject: [edk2-devel] [PATCH v3 2/3] OvmfPkg/ResetVector: update SEV support to use new work area format Date: Tue, 17 Aug 2021 08:46:50 -0500 Message-ID: <20210817134651.20444-3-brijesh.singh@amd.com> In-Reply-To: <20210817134651.20444-1-brijesh.singh@amd.com> References: <20210817134651.20444-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16 via Frontend Transport; Tue, 17 Aug 2021 13:47:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 89491a0c-c3a4-41f6-b17a-08d9618581ef X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: PAtnOgwnIFR7hlxOVKqGNlLEhum+bje9N+fXxM8/op7k7VVnqwuMRht/ZmtWc0Noh+dpwCMA0NmsZYeua4sgEmt1S9WN1WRx3KDGzlW5tahrN9Z2Kw/i+n+uaKPx+26iiVHEzFUKeZ0jBhLW8MhwnoiIAFWDVaZABuLm1O8RNSOXpY0eug4+9zGfycfkRFTgom5PRsVbTF83hS84rlAcLVBJSdC+DUHKYxzPt4WEqafmOCPsE8F/5kPbks5PAhhTZnN6unTPgLl2WCJw/s7Z+OO6xSS2zaUii7+ddQ97R1GBDY+mE2TLuCEW5TCj3vVRwV4VA3MYMsKzO3B0JUx6gkpzIdsL7P9FFznjGSt8REgipACUE6pTa+sVRn30pmV3E+T7C3XsqbHTpYCo98yRn1jKAqMPy7JplX9AsaIyRULmyvHBlWudkyGaEARQd5qt1Gb3gZXxQK9rPSrbfYXwIjqhznlIh8NZZ9jl3iMlNu0QJSbYMIgiU4r7UGORjKo+f9hRu/c1Vgul2J7oKaToY4E/KtZsgU836jQKkx/751+ztzx7QAoNbCelJLe0UbNI0Knx6OQH7RtYuUUaviIagEAO6V8OEBSRZzhsgKER1KrAWL1UKwg8qsRzutTm87FaDL485I6nI1UKfRkuqmrfrJ+3ZpT4tSdJGQdT0JBxF07CU11HgTfKkc+Zl0cZauL86V75vINz//K7IUEGae/4BP0KKSJTWtyBPYNfJjQodupI523XNsToLKMJF1DYCOB6uuP1JjnkB2Q1u/54ln0FNRq0J5UGV1AklBADrR4kmwA= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?CXoV/eGg/v9StWY8rpzYlEfXEwBPvw9tXC09vWmKASVgyAMERiOFw3Sb+s1+?= =?us-ascii?Q?RpA72ZkqN+waXPdRXXRk5rGM3j8UhzXXM8X9cF/adQQjVJllSKTX+lMTM74O?= =?us-ascii?Q?MUFErAnid52bgq6Q2lUMpnkiBQP/0QwFpmRysYtmJGD7kmlSWbv/8OAeBn2D?= =?us-ascii?Q?TJBbugFNKqUrIFKaw3M1w2JU4V7SAzvJXrLT+1Fx3JPCuH+YwAoDbpQjm3N2?= =?us-ascii?Q?bhX4Djkohjq3WyGUTsr/Zt9c9zEfioLeeMTKMKXqK2WAABkjK/etcRIUo1lQ?= =?us-ascii?Q?ycIegyi004zuVv5B+5s6tNBiqJYcHRP6mKxbeWJvDxyuxYAyCacmandxwJNO?= =?us-ascii?Q?p5BV9x3hYozEr91qtqnjdnxS58va5I+41nkYbmT9QGOeJclgV0q3mw5/k9XP?= =?us-ascii?Q?iLnQ+O/ObjjOQqd9zkhM+4gGbLNtz/kEIbNVHB+qOYZP84jrpGgbk3jrIPzk?= =?us-ascii?Q?OVLfvqK4FqO6N1k1FfXDI0ZLtaCpGKrE60ou2inpB1FL15x3SmtFzjkEmhF0?= =?us-ascii?Q?ebM2Jmw10VUX03KrHaL786rrkexQsoDPYn4PLR5pJWemanJMeGcCHJuJEBdz?= =?us-ascii?Q?tXuMUtXlj0b+rqszu/+b4kKwNDtIinNC3dB1Z6WPVuFluz9fRboeJMSArlgy?= =?us-ascii?Q?kjHYPr/v8sT87hvoVDeMuyVxKUISzbAS/T0xBAdmuv6FtDfF5i6qgPIvzPSC?= =?us-ascii?Q?orPX7ChM7H93kwpr0kUdInrC9Sdg3ZU2vMKYjduKMaqyMc/owu7H7/jpXKZI?= =?us-ascii?Q?TqVfmqfb/SwOopbN6hfGqDKc06CcW3DQaAXtQDKNtY/Hks2s1f0eoZARYFQS?= =?us-ascii?Q?oNJidMwYuNbSRLSolmL8kc63VQAxJ5P4Mc5uJEvs8YKUon2ySB368zi65dBs?= =?us-ascii?Q?BEoKF89eEl8Gy5ToYQxV3apz/447zlXQcy1l1Kd3RaanzrQ+y0JqGeNqptNN?= =?us-ascii?Q?ciQZ5DItSObpX0xvHZCuamC4vwLGEV3HIgrLTflIU1wiEy6ovKCWV8LdvNuV?= =?us-ascii?Q?O1SUDzt/1QXPvB9S5eotTVB+zL9cdsqzI/6K3t/nvmHEnxShc5OK2d0bgO53?= =?us-ascii?Q?d+P6bge8hf88FgCjD0gA+VbcI4D+vDywVDUzcO0Tbgczzqx5XAO7qrtwOhGs?= =?us-ascii?Q?NUTr9hcBR2gIgvyVld5vP2LnzCU8WgfrGMCUxAcCA1Hp5IaldG8DM8CAvSAZ?= =?us-ascii?Q?ZtxmM0cfcn1/wJDHcg27IUsL7+0ruPBUsmR+7bmchlci2CyaFRFjbYkqYAcj?= =?us-ascii?Q?MqpKAAzdpAZtl4Jed4jvAdfe99/uXVvFqpGv7vJWbvpQ4hO/nqqq2cq2o+nW?= =?us-ascii?Q?Km0XkYo0JNUDaGbN1c8LSsq3?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 89491a0c-c3a4-41f6-b17a-08d9618581ef X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 13:47:08.9669 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lBWtKmP6GQCvmWb1ZYCGGpMEPrm7XEdS2WOtRYkT6xf8PZFqkvK9UOFBJ0xo3zx1SqhKbe76Z96OPHIcjfobAQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: eLbdD9vtZijmCG6KOY9fY9t8x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629208031; bh=Ygn4OQms6Xe8avTxbNvxJp/VazywNfM/bostYBco9/g=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=SnRlyinZvh2NjWlQlfQiwnd1k7EMZbhfTTske9CjtZ87NEdYEA+Q2CJLytGyMYzv2OB LdNZ6qVax7UTNZixUpRUCjW6wI0O03yvPkjHe5PbUe/faDaZFZhLEieFwKVW/29IVqozt AkgIkUAJ2eDYME4pftgDuzPN1mKE5gFpABo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629208032686100005 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Update the SEV support to switch to using the newer work area format. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Jiewen Yao Reviewed-by: Min Xu --- OvmfPkg/ResetVector/ResetVector.inf | 1 + OvmfPkg/Sec/SecMain.inf | 2 ++ OvmfPkg/Sec/SecMain.c | 36 ++++++++++++++++++++++- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 8 +++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 4 +++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 6 files changed, 51 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index d028c92d8cfa..a2520dde5508 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -43,6 +43,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase =20 [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 7f78dcee2772..ea4b9611f52d 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -70,6 +70,8 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 9db67e17b2aa..707b0d4bbff4 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -807,6 +807,36 @@ SevEsProtocolCheck ( Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE; } =20 +/** + Determine if the SEV is active. + + During the early booting, GuestType is set in the work area. Verify that = it + is an SEV guest. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + +**/ +STATIC +BOOLEAN +IsSevGuest ( + VOID + ) +{ + OVMF_WORK_AREA *WorkArea; + + // + // Ensure that the size of the Confidential Computing work area header + // is same as what is provided through a fixed PCD. + // + ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeade= r) =3D=3D + sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER)); + + WorkArea =3D (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase); + + return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D GUEST= _TYPE_AMD_SEV)); +} + /** Determine if SEV-ES is active. =20 @@ -826,9 +856,13 @@ SevEsIsEnabled ( { SEC_SEV_ES_WORK_AREA *SevEsWorkArea; =20 + if (!IsSevGuest()) { + return FALSE; + } + SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); =20 - return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D 0= )); + return (SevEsWorkArea->SevEsEnabled !=3D 0); } =20 VOID diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index aa95d06eaddb..87d81b01e263 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -171,6 +171,9 @@ CheckSevFeatures: bt eax, 0 jnc NoSev =20 + ; Set the work area header to indicate that the SEV is enabled + mov byte[WORK_AREA_GUEST_TYPE], 1 + ; Check for SEV-ES memory encryption feature: ; CPUID Fn8000_001F[EAX] - Bit 3 ; CPUID raises a #VC exception if running as an SEV-ES guest @@ -257,6 +260,11 @@ SevExit: IsSevEsEnabled: xor eax, eax =20 + ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set + ; to 1 if SEV is enabled. + cmp byte[WORK_AREA_GUEST_TYPE], 1 + jne SevEsDisabled + ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if ; SEV-ES is enabled. cmp byte[SEV_ES_WORK_AREA], 1 diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index eacdb69ddb9f..f688909f1c7d 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -42,6 +42,10 @@ BITS 32 ; SetCr3ForPageTables64: =20 + ; Clear the WorkArea header. The SEV probe routines will populate the + ; work area when detected. + mov byte[WORK_AREA_GUEST_TYPE], 0 + OneTimeCall CheckSevFeatures xor edx, edx test eax, eax diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index acec46a32450..d1d800c56745 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -72,6 +72,7 @@ %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) + %define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase)) %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79426): https://edk2.groups.io/g/devel/message/79426 Mute This Topic: https://groups.io/mt/84947964/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 01:48:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79428+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79428+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629208032746313.858412874741; Tue, 17 Aug 2021 06:47:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 7Tj2YY1788612xzxPYzpqO6N; Tue, 17 Aug 2021 06:47:12 -0700 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.57]) by mx.groups.io with SMTP id smtpd.web11.39027.1629208030648607891 for ; Tue, 17 Aug 2021 06:47:11 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E/WpSnkitfrbocqk4I3g/f6tX3epoWopGHjdlMQ8k0zqFJWf78EMSAOwqtmLPfc747ijQJjXH2Y+YTCycoSztearMelPCUs7+rQTojAJLEwltjKtlVAxBgAJ9k/CGsh3IDUyR9Ef/XYvfguXH0qB0zijxE61naUvy+j4hz1Ftw2R57nWkzrBLW59y3CjJJPqnj918rXWnbFT77PoTBi2sms0N+h3F4Qb+Qqgmgduy9mKLLCQ+o4gj+viu0qM7wxgzwFLIIoRFE9BkjP0jCJpknoKx/k8mw7oovkwGV1I9BWae/gc8oPwRIJLAi3biIICHK6r0vb2Ul7WTGg7dgNxjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6+sMArgEo+8BWaeD72MNf4fLb65773SBCeAFn0KBGpw=; b=LkDQr5xOitlyoBt+tOtg0YuqnJy+6gKlkA+OhyyBX1ZUKWpp81mpDIPYm1mHNiOKlMmCIoxeR5EsEO9y+l2/bYQo5ib+/0uYQ/joSYFojeccEZmPCZu4NbFnA/OO/guZXPYJas7Gg3Bm6dQurwmS3ub2DwFaBRqbfBLfUKpqI3Z7fUWKkB6UWR+c7IFem/8reQRNIkOgrqGFuS7ayX71SUKxBYeLfCzK5SS0D7MZE3kPwJUYBjFsCfrgWjt1qI8Rdz93TdC/Bf6/hftNvBSg6jSLIyfTs5s7FPXQzr8nqGE2EbZIqSKhcmffYFiYpuVQ7bY65Br8BJCzwcmS6KZh9Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.15; Tue, 17 Aug 2021 13:47:09 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021 13:47:09 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Brijesh Singh Subject: [edk2-devel] [PATCH v3 3/3] OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm Date: Tue, 17 Aug 2021 08:46:51 -0500 Message-ID: <20210817134651.20444-4-brijesh.singh@amd.com> In-Reply-To: <20210817134651.20444-1-brijesh.singh@amd.com> References: <20210817134651.20444-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16 via Frontend Transport; Tue, 17 Aug 2021 13:47:09 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cb24b475-a2b0-408b-3daf-08d961858257 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4714; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: mqA6M3krbh4EnV7iCgvymbAXyJc1f5x1moEwDao6TDm/xwxpj3qA5C/7ObpSngn4ENC+zo6idUIBHlo7/kLxspOsbQCZI3GQ+BOy6FM4Ha/y5ilMlJjexejyt+F2tRX6klJSpq9jUEBsp4cnhpZuLA2V3081k1HCRk5+CO/x/zs9Ne5nEBvsrTWxaQ+SvRbaj4nLqsRNyRy5dF4xKuqYtJMz+8r4JAW/xU+zZvHlR2ig9Yf2AOOy7FCjtu7NGfeyEhuFN6PL/mGMOhbL62iW5wbBGoCsfg9R8Waox3N/7t9eG+hudFLsu4gbni8jMuanGLy7gO55m4/q3Xa9VMEW51HUjJ2tFS6PG81bqVE7KkhZKqxYoTd3WCDRMq+GSslouzRAsmE1535/j1ur9qh2nIOljuV6eGBoiz7VC/RJAl11SwTWOdlPSK+R6XY5aYIw+TvsfCbFRgs7I6J8XZNvYTZb+ShXynw4Y4/PG0sb75kBwhwOMBDgiVqfsxQ0TIGFsJls7DJ3+x0Zq/+2TusoFIpct9FiPSf4O+C98/fMzKDdjrBGfnxnV2umhfrGLo/09M9sqcc8fHm5D2Dagth2ucDWEUoUX18fBlU3pm1vLPZnrv0XdDtuMWbUWt4cbQAmEY3Z74FoUUzs5M+j8JEfBUvjqdFzfDwOdsf9Gifi2P7Y1McLB0PQGl1NNojlm5WS0yD1HuFnBSVgmRXey1FNwsKVdfGVx3XyyNEhFE8lAPxktCxyzt8SmOhae9BLrr0Gmgmp/s0edALzUW0QjvLayPEIABfKtny+JgLUZCoaBFU= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?drm5bSmqLjbSTZr/fAlD7oy670z2zG0TkksEKeYYZXz5i911OF5MOFwqqr5D?= =?us-ascii?Q?DUK+Qj/NBugImY8fHGIqGW+1A0tqniw0aSjh8i8K6DiHshyUQYIqDJXEW8Km?= =?us-ascii?Q?gy7/cIK7Pz4DbHHNhJEbGugBit89XVVsFnSl3rkxORMkvtD1NmMz7N8U3ELe?= =?us-ascii?Q?fvtbeju6R9WvSd+jj5VVnC+5jScTUN1nwZyBw9npmnunkVtYQ6m6wtq+wfEk?= =?us-ascii?Q?9oKGYW/FDCtyL2AiuaQ5abyvIXOaCFP2SqqYqfLB2e6r/YI4GI40d1GTKzGs?= =?us-ascii?Q?fDntBle8/rjHrGAyw4idoyFjoWmePKAKadAbz8o/kPVPK2uv0+Ixd0Qd+sIc?= =?us-ascii?Q?GL21o5LBxZIGUip/V1ZA6LrYJkF7oEog4VAV9L2kWr4oorFlXbvm3nqTjltW?= =?us-ascii?Q?fJLElZEfAVVLjOjJTw9VoRtv3ric30z66JujHhVYzUPgtM9rMESVs/EwCknQ?= =?us-ascii?Q?HgCnxHgvmmLvswTnF5lezqfZiSEsTI1rAWGHncVs5+lYXMIDQRCVaqY6mPdf?= =?us-ascii?Q?mJcPlTRoNtmRxNfatBwnQokeXWcZrV+J9BqCi+k7I8kmuSAVw3awRmbqwu0L?= =?us-ascii?Q?dkptVeDgTZyGVpC27+qnkVVu5xlppA+VyriP+GVlw6QF22b3ZMrj5RxsQhXy?= =?us-ascii?Q?+rXUX+kTGuPDNREeCbl9IgFFUPSgLvnwQZY+Rz7y2yW8gr5x5OW9pRBSR+T/?= =?us-ascii?Q?9vkYMRmsl5S47uCJ5YoHysMBopLA76lNW8pQbX0dHvxE0tVqHpwQtM2lY+LG?= =?us-ascii?Q?EBaYR/shAzJvuo9WTsYA1vHSf6Scgs4xPBun0+BgG1D4I+2Rgcw2gfj7dzEJ?= =?us-ascii?Q?LOArv/pDA3j+YuRL8w5lqVtMM/ev2g1Ke8dE707ymBOTbCCbieDVbF8Ya+df?= =?us-ascii?Q?T47BLsmx18Bj82czdsuUM+3puKA1aRAyPWjo9rdPV6I5xhhtImI7P5U8pC6T?= =?us-ascii?Q?8BoWp7KLMF2vYN1KyTqL/RzK6j05nQJSvQmpwSJgxntcOtlGtVFWVSbBYbLH?= =?us-ascii?Q?rCrWTkSrtWy1Lzx3DeWiA+6H6ayXktaGb8q3l9u73PH2SL9wOzw4ztvoI0NE?= =?us-ascii?Q?BCKaiZPoGsOZvAzGboe1Qfi+x/FVjT7TjNFtjVarYtJTX05ruBjUCp3EEBm0?= =?us-ascii?Q?dmbVOexzIBa64d9lfYszLPmCQWq4nG7g/KD7eEpuJEY1RKaG6o2fYRXU95BP?= =?us-ascii?Q?j7kSeWuQOjDq9XXcpsZ1jO91voYtUN8GD2FRCVN62xwS8KcXmAVtwS1xVCmT?= =?us-ascii?Q?SHOTvasZcZP5uQMSwKqFnngjHXkp5PwZpwA7buEkkh+F8Q5WGsFgHa9VOZZx?= =?us-ascii?Q?5uhw2fGhJC0PAvmmvgJnG2X8?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cb24b475-a2b0-408b-3daf-08d961858257 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 13:47:09.6575 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FkExokFVnslxMXJRsaS8BLyNA25oGrtMv4I4MX1kuu5vNX5EJJXvbzbNYn357UYMD8fNlXhuuvr6er/DeqBGSQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 1hLBFcYrOLDUfM54dZfN3skfx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629208032; bh=AMKXWhHS2WbQGnDUD2/CuPNhxKscqCyzD1U3c+mIxkU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Z54dQ0Mh/wJJM9FZUjDlTMzi5s3ZdUK491Baf9PTFhuy7QxJ77q7/AkuC1VItl6oRqD eLycojlAmNuacPtnG7l9WApOX3m5hSJ2+lomEqqRJlztINw0HaE1Lc7i7y1fuF2NM9/t0 B4k+ZHdG72i6xIgkDPuEJa+pqb98eOuIRos= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629208034706100014 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 While build the initial page table, the SetCr3ForPageTables64 checks whether SEV-ES is enabled. If so, clear the page encryption mask from the GHCB page. Move the logic to clear the page encryption mask in the AmdSev.asm. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Jiewen Yao Reviewed-by: Min Xu --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 111 +++++++++++++++++----- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 53 ++--------- 2 files changed, 92 insertions(+), 72 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 87d81b01e263..250ac8d8b180 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -44,6 +44,27 @@ BITS 32 ; The unexpected response code %define TERM_UNEXPECTED_RESP_CODE 2 =20 +%define PAGE_PRESENT 0x01 +%define PAGE_READ_WRITE 0x02 +%define PAGE_USER_SUPERVISOR 0x04 +%define PAGE_WRITE_THROUGH 0x08 +%define PAGE_CACHE_DISABLE 0x010 +%define PAGE_ACCESSED 0x020 +%define PAGE_DIRTY 0x040 +%define PAGE_PAT 0x080 +%define PAGE_GLOBAL 0x0100 +%define PAGE_2M_MBO 0x080 +%define PAGE_2M_PAT 0x01000 + +%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \ + PAGE_DIRTY + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + +%define PAGE_PDP_ATTR (PAGE_ACCESSED + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + =20 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll @@ -117,6 +138,70 @@ BITS 32 SevEsUnexpectedRespTerminate: TerminateVmgExit TERM_UNEXPECTED_RESP_CODE =20 +; If SEV-ES is enabled then initialize and make the GHCB page shared +SevClearPageEncMaskForGhcbPage: + ; Check if SEV is enabled + cmp byte[WORK_AREA_GUEST_TYPE], 1 + jnz SevClearPageEncMaskForGhcbPageExit + + ; Check if SEV-ES is enabled + cmp byte[SEV_ES_WORK_AREA], 1 + jnz SevClearPageEncMaskForGhcbPageExit + + ; + ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. + ; This requires the 2MB page for this range be broken down into 512 4KB + ; pages. All will be marked encrypted, except for the GHCB. + ; + mov ecx, (GHCB_BASE >> 21) + mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR + mov [ecx * 8 + PT_ADDR (0x2000)], eax + + ; + ; Page Table Entries (512 * 4KB entries =3D> 2MB) + ; + mov ecx, 512 +pageTableEntries4kLoop: + mov eax, ecx + dec eax + shl eax, 12 + add eax, GHCB_BASE & 0xFFE0_0000 + add eax, PAGE_4K_PDE_ATTR + mov [ecx * 8 + GHCB_PT_ADDR - 8], eax + mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx + loop pageTableEntries4kLoop + + ; + ; Clear the encryption bit from the GHCB entry + ; + mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 + mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 + + mov ecx, GHCB_SIZE / 4 + xor eax, eax +clearGhcbMemoryLoop: + mov dword[ecx * 4 + GHCB_BASE - 4], eax + loop clearGhcbMemoryLoop + +SevClearPageEncMaskForGhcbPageExit: + OneTimeCallRet SevClearPageEncMaskForGhcbPage + +; Check if SEV is enabled, and get the C-bit mask above 31. +; Modified: EDX +; +; The value is returned in the EDX +GetSevCBitMaskAbove31: + xor edx, edx + + ; Check if SEV is enabled + cmp byte[WORK_AREA_GUEST_TYPE], 1 + jnz GetSevCBitMaskAbove31Exit + + mov edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4] + +GetSevCBitMaskAbove31Exit: + OneTimeCallRet GetSevCBitMaskAbove31 + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -249,32 +334,6 @@ SevExit: =20 OneTimeCallRet CheckSevFeatures =20 -; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat= ure -; is enabled. -; -; Modified: EAX -; -; If SEV-ES is enabled then EAX will be non-zero. -; If SEV-ES is disabled then EAX will be zero. -; -IsSevEsEnabled: - xor eax, eax - - ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set - ; to 1 if SEV is enabled. - cmp byte[WORK_AREA_GUEST_TYPE], 1 - jne SevEsDisabled - - ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if - ; SEV-ES is enabled. - cmp byte[SEV_ES_WORK_AREA], 1 - jne SevEsDisabled - - mov eax, 1 - -SevEsDisabled: - OneTimeCallRet IsSevEsEnabled - ; Start of #VC exception handling routines ; =20 diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index f688909f1c7d..07b6ca070909 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -46,16 +46,13 @@ SetCr3ForPageTables64: ; work area when detected. mov byte[WORK_AREA_GUEST_TYPE], 0 =20 + ; Check whether the SEV is active and populate the SevEsWorkArea OneTimeCall CheckSevFeatures - xor edx, edx - test eax, eax - jz SevNotActive =20 - ; If SEV is enabled, C-bit is always above 31 - sub eax, 32 - bts edx, eax - -SevNotActive: + ; If SEV is enabled, the C-bit position is always above 31. + ; The mask will be saved in the EDX and applied during the + ; the page table build below. + OneTimeCall GetSevCBitMaskAbove31 =20 ; ; For OVMF, build some initial page tables at @@ -105,44 +102,8 @@ pageTableEntriesLoop: mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 - OneTimeCall IsSevEsEnabled - test eax, eax - jz SetCr3 - - ; - ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. - ; This requires the 2MB page for this range be broken down into 512 4KB - ; pages. All will be marked encrypted, except for the GHCB. - ; - mov ecx, (GHCB_BASE >> 21) - mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR - mov [ecx * 8 + PT_ADDR (0x2000)], eax - - ; - ; Page Table Entries (512 * 4KB entries =3D> 2MB) - ; - mov ecx, 512 -pageTableEntries4kLoop: - mov eax, ecx - dec eax - shl eax, 12 - add eax, GHCB_BASE & 0xFFE0_0000 - add eax, PAGE_4K_PDE_ATTR - mov [ecx * 8 + GHCB_PT_ADDR - 8], eax - mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx - loop pageTableEntries4kLoop - - ; - ; Clear the encryption bit from the GHCB entry - ; - mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 - mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 - - mov ecx, GHCB_SIZE / 4 - xor eax, eax -clearGhcbMemoryLoop: - mov dword[ecx * 4 + GHCB_BASE - 4], eax - loop clearGhcbMemoryLoop + ; Clear the C-bit from the GHCB page if the SEV-ES is enabled. + OneTimeCall SevClearPageEncMaskForGhcbPage =20 SetCr3: ; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79428): https://edk2.groups.io/g/devel/message/79428 Mute This Topic: https://groups.io/mt/84947966/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-