From nobody Wed Nov 5 19:29:22 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80087+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80087+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630513069678625.1062634927688; Wed, 1 Sep 2021 09:17:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id dDdDYY1788612x1Lp44DTXZX; Wed, 01 Sep 2021 09:17:49 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.61]) by mx.groups.io with SMTP id smtpd.web10.176.1630513061970038126 for ; Wed, 01 Sep 2021 09:17:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PqZuotBfCqghDLc+QtWci/2OHfZrfLZyer9WJzCC5kBp3i1yx+x0Epes/J0/0aNAAy2JDx4ssoKyuu15qUc/njRrhvD6IfRnC5u1jU7m0lQ+te+yd3Fshe4Wc+W0cXf99zfQbi4r1HiKGt64jRDrBhAzsWj1dHxjJxmQb+ziYcbkNEWE6sC+UhLJcnxvPnbQDqU0ip1n4n28FAuMxvWM4jl/giU5qvrbgCt5xPn0/MGqRzr8of0DGzTH68YJISTVtOC0t1J6kDP7mw8qLGbQ2WmbhlS1DRtfZaHJMZYsGcGxlmt9D6lnY8jrE3zigGxL8+P5MqL4Kwh2WrFr2QRxeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WPvt287+uBijKTQV9IOneZeVURnXj6LsXUCPBmBTZ0U=; b=M5FOdxSxvpfCvKvIbJAFsqfpf4/0ZfwIXNa6DS6FzmeMPlMUMyT3pFgv/uW2rorxTxwRnebwMuCG+H4B5RFmFF/fK7CuLEHgENVAGq2NkVxnVGpsp1a76m1Z7zGsrosXI/rnpWr0NvtjKFpZWPWLsKe0DHfxl+my6HWnP6YKQnp2JI3j/aTR6QXj9jWFMir8r77ZGjsKD6FaETZGz2g/AI3ULtEFvmGBjRr46Z1ZNoJJKL+i37K00I+kVrL8UYrQE20O1KI19+nseIyKdrxDldGuh9y4KKYwOznLAIa1rzyfEn0+/Q3hCLRLIA1/NsTaO15R8imbmlWxWnugiUgGAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Wed, 1 Sep 2021 16:17:42 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:42 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth Subject: [edk2-devel] [PATCH v6 11/29] OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest Date: Wed, 1 Sep 2021 11:16:28 -0500 Message-ID: <20210901161646.24763-12-brijesh.singh@amd.com> In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d80aebdf-27a9-4126-e70f-08d96d6406b2 X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: /RWnkVmXFbSuO99+i2dRm1LAgwT0YN60Jc+j784I5cYAVbWPHGJuix2T1i08tno8iZU97CTKs5bt+Mg/Grx1t32+mTejVzIcY8JXvNsoDuji7SbY4VI+RXYZlpsHtVXwG/XYNHrqsM5k05rBnalmZ0fUIDY9dfwh8szoTd7+S0FXVnUK7pSJV8cJvdOzJ17Hv1LX3Q3mFmUfBfzfhh28ap+GDD/NR286VaLkTE18+rxaUpWkdnoi7ICHxyqfUUgSXhVo05+YGB+WbYg89CgWUU12K2eyYuEgNAcZ7Ht7VPsMo08+spFOQ5vs+RxqFoHjXr1NJfEJL9+eZ8aoJl1hVMsXZSLUtAKFlQjIP3P50UbrK920JqwhAi3FDoAid2ZuVN8ye8tGp0TMnSsOXKd19cz62BqISWx3Hm8S/Vw0ywCRWBN07eQrfHGhiBNFUU5mHsVzfYei37MbSKsrgqxzRTYQrUMjy7BpnCEYQP+ijmtwvq28x/sDPK58BN40jWhufv5iAm8n0EpJlVcPHQ8T+4vDnlNvPedhFBY3Cj+1c2y5VUgFEW60kkdDFQCy4FKKQKAsH1Zme/MpCuYi4ad9Ey9v97j/CssunrjXWVq1lhohgk1GK/ITpsIgsc1urx9P+VhaWMvv2V3FBbp44rB/c1DhTKTMTVU0E2IW2Xn6WbWz1NIa62dES8bGYs0xSfkZ3ec9WW9BmM3xKGysVBLsTyvE9FETFnIHuGsUVho7JYc8/VEBWkndgCicWdkyrDowdPtSdPrbsZrmI6v3nIRusDbx1ouhyji4mtL4exCcY74= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?bGet4rpd4zbGSCMR37ZzCj84Xqbj16BEI+pVKnuv5aEB5iYudzxFgLosk9Os?= =?us-ascii?Q?L2qRZ/Dn6hTbAQBgRx5Vq8FnB7mpL4rruEsgAJEe4nyOkDyDjZl5lAWGZKbx?= =?us-ascii?Q?/Op23xDVWJtACD+s4tFbs9rEMN/wxAyXQQ+kV0aeOTFw1HvyIQ1pfAKIGavK?= =?us-ascii?Q?fqFzG5dCdld/Ht8pSCbyhWjApnA6/ac4i70filLhSUXUDf5Em1L5EaEf0onR?= =?us-ascii?Q?am1sYy51u5+gdFqzU2h6gCnB04mfaT7JO1erZsvR2ZQwVMIYO/qkxVDc/4Ux?= =?us-ascii?Q?mX1JpXYD/Zu1Bm+TLDUPhues+17EYCHkQmBhQ2z8shiiCKk325gW46Rf95oA?= =?us-ascii?Q?Y1UhPGJMQ85oQPU7+r4/kshiz/CEaNuUMsYun0QTk1tqOGTEUkMc0+Qe10BC?= =?us-ascii?Q?rvvFNmxrA86y84Ufzg0KNMwQrJ0VnxPTyuqgnAWmvLYXfshWnuS3AaGiURWv?= =?us-ascii?Q?fhddFCozytckvBuHOHH7Lw9e4S5r/jxWufAFJVwtuDyhBAt5+P4nMDb2IbkU?= =?us-ascii?Q?ZbG83R1CoIykXpTNaNcpAelIf9aikDqtYpYYu8dYRMaOp2xnBSwteMvIaAUX?= =?us-ascii?Q?6pp7j3ktFRNWtDHpx8Uhql9tAIIY+hzGiFY7p61bpWh4FwnG69pThFsaZ+ZN?= =?us-ascii?Q?nl9vI0DyHocVzGzvYdByb5mGUiXwNnmSCiFL+U/1LKxD5qZQRO1yk9yUKmTD?= =?us-ascii?Q?uhpgjLwV/SX/BsMLsx0HKzu24W10imXAg/YT5RrRP7XqRJGofnNB+K4/fhJY?= =?us-ascii?Q?1L6S0MIp9MuDUMg3ehNdNLa9CDNWyHlRw6CpAMbyNPOqX3ig0mLN4+B9oX4C?= =?us-ascii?Q?9Hg7lM5tIPEjxxePjylnZcSlipi5vm8k+byKP/A2JBvyBIHz6CfFGpTGkZgT?= =?us-ascii?Q?DBvz7AZV363zsnUKtlOs56bLj16Xp/p29oifORq+W1cngMwDZ7Y8dyYBh408?= =?us-ascii?Q?Ou+zFlEKSl3CogntGoACMLdBY1m6YY6PwIYyqTLwfG8AmOQ7qClkSGw+8A9h?= =?us-ascii?Q?ft5G9ugA0YjwSf17fSQyA6GhbJlHKfnKL4Li8TaT2QAswWLs4HU7H5LfC+nv?= =?us-ascii?Q?hix0mhrX6Q/XR7cIczN2HZoLNwfopB3/io1J0B1T2voq0/nUK9L7j1u/C7YP?= =?us-ascii?Q?dxuR1UpyEYJQKWq8JRF4VRd+NXm4ovSnYvziKDaUfQQQHuG9AZo/AzwuN2ME?= =?us-ascii?Q?ob5oGkyGH1In45WQ82X06OaRMLnhKRcSmcj4kV3ZsQZfVcuBsh6cLwiP24I/?= =?us-ascii?Q?6tueJuAeOhFWOVeHMwbJp69kk7Ri4bQaeDnfQ3/ZJ4qZofGy8oyZAWX9HxGG?= =?us-ascii?Q?gPTyDBViYPKWWvqgAufsiLis?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d80aebdf-27a9-4126-e70f-08d96d6406b2 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:42.7969 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cnfd0LYm4tdE26wsBqTqCYFIkIkdL6xIBiASIWkUHVtO8eX+vAiCWKsS37Sa3vdlgcFCOJ28jLFKp/Ffe0FnTQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 7YRVAUhlTQ0oyVlWAWWDErnrx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630513069; bh=scGh0AUACaIsz3VW9mCrkugQ4LmcHah/B9xvKF9pgvw=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=JTGWijizjxZJ52PQkPm1dAZ7S8Qs3sf2qkCrR30URsbrSFz3jXTLpausFEriYB8fWdy c3nQdnVp/6J8jyagqZp7qScgGrXJCkhrCAlfG/SmtWDjyF10PC1abqe1YCk4Igr8Em133 HKcw+vUMnbvGu0WplrR5Hw/OkgRBBYYPA4I= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630513070784100004 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Sec/AmdSev.c | 88 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/OvmfPkg/Sec/AmdSev.c b/OvmfPkg/Sec/AmdSev.c index 3b4adaae32c7..054f19216f1e 100644 --- a/OvmfPkg/Sec/AmdSev.c +++ b/OvmfPkg/Sec/AmdSev.c @@ -48,6 +48,83 @@ SevEsProtocolFailure ( CpuDeadLoop (); } =20 +/** + Determine if SEV-SNP is active. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled + +**/ +STATIC +BOOLEAN +SevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + // + // Read the SEV_STATUS MSR to determine whether SEV-SNP is active. + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + return TRUE; + } + + return FALSE; +} + +/** + Register the GHCB GPA + +*/ +STATIC +VOID +SevSnpGhcbRegister ( + UINTN Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** Validate the SEV-ES/GHCB protocol level. =20 @@ -88,6 +165,17 @@ SevEsProtocolCheck ( SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); } =20 + // + // We cannot use the MemEncryptSevSnpIsEnabled () because the + // ProcessLibraryConstructorList () is not called yet. + // + if (SevSnpIsEnabled ()) { + // + // SEV-SNP guest requires that GHCB GPA must be registered before usin= g it. + // + SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase)); + } + // // SEV-ES protocol checking succeeded, set the initial GHCB address // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80087): https://edk2.groups.io/g/devel/message/80087 Mute This Topic: https://groups.io/mt/85306668/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-