1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support
  4. View patch

[edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP

Brijesh Singh via groups.io posted 29 patches 4 years, 3 months ago
There is a newer version of this series
[edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP
Posted by Brijesh Singh via groups.io 4 years, 3 months ago 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/OvmfPkg.dec    | 6 ++++++
 OvmfPkg/OvmfPkgX64.fdf | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6266fdef6054..afe9b7135560 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -347,6 +347,12 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x52
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x53
 
+  ## The base address and size of the SEV-SNP CPUID Area that contains
+  #  the PSP filtered CPUID results. If this is set in the .fdf, the
+  #  platform is responsible to reserve this area from DXE phase overwrites.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x54
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x55
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 5b871db20ab2..1e292d11ace3 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -91,6 +91,9 @@ [FD.MEMFD]
 0x00D000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
 
+0x00E000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize
+
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
 
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80078): https://edk2.groups.io/g/devel/message/80078
Mute This Topic: https://groups.io/mt/85306655/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP
Posted by Gerd Hoffmann 4 years, 3 months ago 
On Wed, Sep 01, 2021 at 11:16:19AM -0500, Brijesh Singh wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
> 
> Platform features and capabilities are traditionally discovered via the
> CPUID instruction. Hypervisors typically trap and emulate the CPUID
> instruction for a variety of reasons. There are some cases where incorrect
> CPUID information can potentially lead to a security issue. The SEV-SNP
> firmware provides a feature to filter the CPUID results through the PSP.
> The filtered CPUID values are saved on a special page for the guest to
> consume. Reserve a page in MEMFD that will contain the results of
> filtered CPUID values.

Is the format of the page documented somewhere?
Is this snp-specific?  Or could this also be used without snp?

thanks,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80149): https://edk2.groups.io/g/devel/message/80149
Mute This Topic: https://groups.io/mt/85306655/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP
Posted by Brijesh Singh via groups.io 4 years, 3 months ago 
Hi Gerd,

On 9/2/21 3:04 AM, Gerd Hoffmann wrote:
> On Wed, Sep 01, 2021 at 11:16:19AM -0500, Brijesh Singh wrote:
>> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&amp;data=04%7C01%7Cbrijesh.singh%40amd.com%7C13c81a39aa2e4f22430e08d96de85a69%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637661666978547521%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4b22Sv6xoUGQ3xutPYdsqb4cNh1SS9Z8MOQG7dHiqYU%3D&amp;reserved=0
>>
>> Platform features and capabilities are traditionally discovered via the
>> CPUID instruction. Hypervisors typically trap and emulate the CPUID
>> instruction for a variety of reasons. There are some cases where incorrect
>> CPUID information can potentially lead to a security issue. The SEV-SNP
>> firmware provides a feature to filter the CPUID results through the PSP.
>> The filtered CPUID values are saved on a special page for the guest to
>> consume. Reserve a page in MEMFD that will contain the results of
>> filtered CPUID values.
> Is the format of the page documented somewhere?

Yes, it is documented in the SEV-SNP spec [1] section 7.1 and the checks
performed by the SEV-SNP firmware are documented in the PPR [2] section
2.1.5.3. I will document these link in the commit message.

[1] https://www.amd.com/system/files/TechDocs/56860.pdf

[2]
https://www.amd.com/en/support/tech-docs/processor-programming-reference-ppr-for-amd-family-19h-model-01h-revision-b1


> Is this snp-specific?  Or could this also be used without snp?

This is SNP specific format and cannot be used without SNP.

thanks

Brijesh



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80156): https://edk2.groups.io/g/devel/message/80156
Mute This Topic: https://groups.io/mt/85306655/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP
Posted by Brijesh Singh via groups.io 4 years, 3 months ago 
On 9/2/21 7:28 AM, Brijesh Singh wrote:
> Hi Gerd,
>
> On 9/2/21 3:04 AM, Gerd Hoffmann wrote:
>> On Wed, Sep 01, 2021 at 11:16:19AM -0500, Brijesh Singh wrote:
>>> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&amp;data=04%7C01%7Cbrijesh.singh%40amd.com%7C13c81a39aa2e4f22430e08d96de85a69%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637661666978547521%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4b22Sv6xoUGQ3xutPYdsqb4cNh1SS9Z8MOQG7dHiqYU%3D&amp;reserved=0
>>>
>>> Platform features and capabilities are traditionally discovered via the
>>> CPUID instruction. Hypervisors typically trap and emulate the CPUID
>>> instruction for a variety of reasons. There are some cases where incorrect
>>> CPUID information can potentially lead to a security issue. The SEV-SNP
>>> firmware provides a feature to filter the CPUID results through the PSP.
>>> The filtered CPUID values are saved on a special page for the guest to
>>> consume. Reserve a page in MEMFD that will contain the results of
>>> filtered CPUID values.
>> Is the format of the page documented somewhere?
> Yes, it is documented in the SEV-SNP spec [1] section 7.1 and the checks
> performed by the SEV-SNP firmware are documented in the PPR [2] section
> 2.1.5.3. I will document these link in the commit message.
>
> [1] https://www.amd.com/system/files/TechDocs/56860.pdf
>
> [2]
> https://www.amd.com/en/support/tech-docs/processor-programming-reference-ppr-for-amd-family-19h-model-01h-revision-b1
>
>
>> Is this snp-specific?  Or could this also be used without snp?
> This is SNP specific format and cannot be used without SNP.


I should clarify the statement, the format itself does not contain
anything  SNP specific. However, the CPUID page format is documented in
the SNP specific spec. Are you thinking about using it for non SEV guest
to avoid the VM exit ? If so, it should be very much possible. For that
we should define the format outside of SNP specific spec and make it a
generic so that guest and HV's can implement it consume it in the
non-SNP guest. 

thanks




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80182): https://edk2.groups.io/g/devel/message/80182
Mute This Topic: https://groups.io/mt/85306655/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP
Posted by Gerd Hoffmann 4 years, 3 months ago 
  Hi,

> >> Is this snp-specific?  Or could this also be used without snp?
> > This is SNP specific format and cannot be used without SNP.
> 
> I should clarify the statement, the format itself does not contain
> anything  SNP specific. However, the CPUID page format is documented in
> the SNP specific spec.

Who populates the page?  qemu?  sev-snp firmware?

> Are you thinking about using it for non SEV guest
> to avoid the VM exit ? If so, it should be very much possible.

Yes, that is the background.  Avoiding vmexits would be one advantage.
Being able to test the code without SNP-capable hardware (for example
in CI) would be another one.

> For that
> we should define the format outside of SNP specific spec and make it a
> generic so that guest and HV's can implement it consume it in the
> non-SNP guest. 

I think that would be useful.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80204): https://edk2.groups.io/g/devel/message/80204
Mute This Topic: https://groups.io/mt/85306655/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP
Posted by Brijesh Singh via groups.io 4 years, 3 months ago 
On 9/3/21 1:28 AM, Gerd Hoffmann via groups.io wrote:
>   Hi,
>
>>>> Is this snp-specific?  Or could this also be used without snp?
>>> This is SNP specific format and cannot be used without SNP.
>> I should clarify the statement, the format itself does not contain
>> anything  SNP specific. However, the CPUID page format is documented in
>> the SNP specific spec.
> Who populates the page?  qemu?  sev-snp firmware?

The page is populated by the QEMU and filtered by the SEV-SNP firmware.
At the end of SNP launch flow, a CPUID page will be encrypted, and
measurement of the page metadata is included in the attestation report
so that the guest owner can validate whether the hypervisor used the
CPUID page during the launch.

thanks


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80212): https://edk2.groups.io/g/devel/message/80212
Mute This Topic: https://groups.io/mt/85306655/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.