From nobody Fri Dec 19 00:02:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79520+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79520+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321678; cv=none; d=zohomail.com; s=zohoarc; b=Gg0hgAIQwQ3zvo45gDrO3jy03E5jm2ZiokFDPHCQiUQFhgsyBCPk/4pbpqLkrF0srDkp1lVtcv2SzsFyNXNgq1T5rnej73a56Dw/MatpQJZJumu7r/ePXxf0ExohmYfLVLAZqI4wvjuSGPcQi0ShAs78KQSjWjQHppDDxjs0q90= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321678; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hEiC+WsLGZMJ/d9CTzUuGnRUkXgEEqUSRrvkuE9eEac=; b=bzLMErLP0MDJx3nJoJ4g/2Lq4h2SGAio4a0DQs8/UY7aBbewwX3uKB6g7vgG/O6r6YaFWVsS+Qp13z+2TffybpVeVRqiOkPwMDFiXB7QPxqSXa1ExbWuohz0UaJFy2742rCc8ALrVZ0r56lvmKGAZYhXsQFSH7BJ/L9enG2gRxw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79520+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321678385310.484761406428; Wed, 18 Aug 2021 14:21:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id BmhGYY1788612xeXNjEm6qrk; Wed, 18 Aug 2021 14:21:18 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web09.61049.1629321677078319078 for ; Wed, 18 Aug 2021 14:21:17 -0700 X-Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL3RRM020554; Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcf6uap3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL7g8p034788; Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcf6uank-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILIJpv012814; Wed, 18 Aug 2021 21:21:10 GMT X-Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma01wdc.us.ibm.com with ESMTP id 3ae5fdn7y3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:10 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILL9E214745898 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:09 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 551FDBE056; Wed, 18 Aug 2021 21:21:09 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4A64DBE05A; Wed, 18 Aug 2021 21:21:08 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:08 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 3/9] OvmfPkg/AmdSev: Setup Migration Handler Mailbox Date: Wed, 18 Aug 2021 17:20:42 -0400 Message-Id: <20210818212048.162626-4-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 1L_Ka9OvYWbGF-FVTHuuLICuftnA8kwf X-Proofpoint-GUID: Tg4NceNYBPaY2oBMXM20Jx8AjosgYNma Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: dG4UVfPuxA40TFQleoPGtE3Rx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321678; bh=hH9G+eI0iQ6B6/U+2OZG069VF4st/KA9epRUDDtnuVw=; h=Date:From:Reply-To:Subject:To; b=ozefc01qodk6byWaCb7Zd//pz1d22tCcfmRTSCMI0YY4L9JGwfUeLPb+7abooDuVuYA a6YUsr3ThGF/f/JZbCBWPqS9zvdfvCoKVgxxLQd5zuXedVoBDEjZFvtj8gN3lR0cHiTZO ID6TPOPTOem6GtcpYlLoKeHP0r+O1M374D4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321679906100001 Content-Type: text/plain; charset="utf-8" The migration handler communicates with the hypervisor using a special mailbox, a page of shared memory where pending commands can be written. Another shared page is used to pass the incoming or outgoing guest memory pages. These pages are set aside in MEMFD, which this patch expands, and reserved as runtime memory in ConfidentialMigrationPei, which this patch introduces. Signed-off-by: Tobin Feldman-Fitzthum --- OvmfPkg/OvmfPkg.dec | 5 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 12 ++++--- .../ConfidentialMigrationPei.inf | 35 +++++++++++++++++++ .../ConfidentialMigrationPei.c | 25 +++++++++++++ 5 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionPei.inf create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionPei.c diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index cfc645619d..1252582c99 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -331,6 +331,11 @@ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 =20 + ## Area used by the confidential migration handler to communicate with + # the hypervisor. + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|0x0|UINT3= 2|0x4b + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize|0x0|UINT3= 2|0x4c + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 982ecaf70e..cd6189f330 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -623,6 +623,7 @@ UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf UefiCpuPkg/CpuMpPei/CpuMpPei.inf OvmfPkg/AmdSev/SecretPei/SecretPei.inf + OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 9bf17b8d51..a8e296e641 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -36,10 +36,10 @@ FV =3D SECFV =20 [FD.MEMFD] BaseAddress =3D $(MEMFD_BASE_ADDRESS) -Size =3D 0xD00000 +Size =3D 0xE00000 ErasePolarity =3D 1 BlockSize =3D 0x10000 -NumBlocks =3D 0xD0 +NumBlocks =3D 0xE0 =20 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize @@ -71,11 +71,14 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUe= fiOvmfPkgTokenSpaceGuid.P 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 -0x020000|0x0E0000 +0x020000|0x003000 +gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|gUefiOvmfPk= gTokenSpaceGuid.PcdConfidentialMigrationMailboxSize + +0x120000|0x0E0000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfPeiMemFvSize FV =3D PEIFV =20 -0x100000|0xC00000 +0x200000|0xC00000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 @@ -148,6 +151,7 @@ INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf +INF OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf new file mode 100644 index 0000000000..918cf22abd --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf @@ -0,0 +1,35 @@ +## @file +# PEI support for confidential migration. +# +# Copyright (C) 2021 IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D ConfidentialMigration + FILE_GUID =3D a747792e-71a1-4c24-84a9-a76a0a279878 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeConfidentialMigrationPei + +[Sources] + ConfidentialMigrationPei.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + HobLib + PeimEntryPoint + PcdLib + +[FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c new file mode 100644 index 0000000000..ce304bc07b --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c @@ -0,0 +1,25 @@ +/** @file + Reserve memory for confidential migration handler. + + Copyright (C) 2020 IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include + +EFI_STATUS +EFIAPI +InitializeConfidentialMigrationPei ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + BuildMemoryAllocationHob ( + PcdGet32 (PcdConfidentialMigrationMailboxBase), + PcdGet32 (PcdConfidentialMigrationMailboxSize), + EfiRuntimeServicesData + ); + + return EFI_SUCCESS; +} --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79520): https://edk2.groups.io/g/devel/message/79520 Mute This Topic: https://groups.io/mt/84982982/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-