From nobody Fri Dec 19 08:04:06 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80089+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80089+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630513070987932.8123346986843; Wed, 1 Sep 2021 09:17:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id APLrYY1788612x9LZXxdi2IP; Wed, 01 Sep 2021 09:17:50 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.61]) by mx.groups.io with SMTP id smtpd.web10.176.1630513061970038126 for ; Wed, 01 Sep 2021 09:17:50 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b38Qp7Uvy0QlvvZUERAj20KL/3PnztczE9wSC035FRTar9mHq5uOsuoyIy/9FjYTyWDE7eYIWBypQPZ9TiHDErwIlln6r9ZDVw/YwLGFNdTjSS5uK31nB/UH25bLVt5Y3qADn4Qf3ILzImiDH/lwhoKpM7KPme7tWkfh7IeSq2HlnNj94eoVSakAl5whwwdxNzKz4XxAlc6NkMuQiWVrzpFb5Y4V8JpO3sbYk/YIsOGGi0O8gyAohXa8mP4yr9HUy2DZ0X5iPzu7Rb8CkitG4yyQt9qpCjnkZUjngb4LUXPXCq/ZTaPlETLsf10wPeYR0XGbh7Rye6GUQdgZ8u3gBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VP5cvLMmaWE4UfhsfQLIakbLAemleNRF2jPTdqSM2MM=; b=UCvrGOSHUAjcFdJE9IEhXIkkXIEFoDcGrw6mfztE/E0swl1a1P4RSycXsHuCTmWD23zzrByv/fYpnlfpLGbEPvqbCuORVz/vAEnOMKCRB4pIMk5Fzl1NKPe1eDc6tBKTLXx6kNVf03ow8YN6jbyfQfzCelbs8GaUyOOXoyh103TWq7pdmwc8hcKOIfv8kcI1UsZFtCORlYXTfgdz5/zmE8nNEauUG7a9Nh+VjKYwKO454zUCqIfuL4v/4TtTo2pbi1fTrdVwdUJ0yy6rTUqzsRG1H01vTO8lCQJnA29hmAZR/5VZtzp1Ce84Hw52dLWD5GDhRPTmd51wJKF3Y1JFmg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Wed, 1 Sep 2021 16:17:44 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:44 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth Subject: [edk2-devel] [PATCH v6 13/29] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest Date: Wed, 1 Sep 2021 11:16:30 -0500 Message-ID: <20210901161646.24763-14-brijesh.singh@amd.com> In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5029d713-2d9d-4ed5-bd93-08d96d6407ca X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: HUKF1JJoF824OOJCfxM/v9AyQaJl7Ji6LgNAd95cZyEKT3v8al5TBsdnjSKUVQ4m/zNzEeCuPc9WkSCJjJdEnpCp76E9iVf4k68lbJtkRU1MJmSPwnDen5DzhkJFjcN3L9qFI8KNR9hn7nKVi71p2xv1uFF5/Xr6ZXwLsMwIANADFy6ykoZRebV8ZwBKUTQo3PEbbxRmVcwO7pmyC6Ab51HpeCsd/AvtAuUjxFdVx/JOBNZv4wyUoWqR2uBh4CXVndBL5Ho08YMWBA9tgeWgDgCfgeRDM0qVbnXzkd4uZojBFhf7G3O3IqB3cew1A0LUCVm3jia4oBqGG1kQnCAwg1Tr/ZgDSpQIbcsPwr2tVrpnDTq7AwERmZHfpScmAmbX6u5eDXclBTjIKzZ3vCnBYTgw6aKQ0UM5lbx9cKDsLP38uX3Yo+C7GYEc3m+9wSV8MU9h2LvMNp7nB/3NgAsARfVKmAkAQkw3CVXbwLs6I9NeMZtlvurjOPPDc5TzT5IQJ4jw9/1GF92blg6EzKUjTyULbS6Zr4W+idmR41T5T4kUrMdrbUeQ8IsWV3XhVi4KKoEiFGPeaQq3VHI177aI8pSuiz+5DPPFQeNMwf0vjT57jBX04Omfg/5z7SKvpJMZMpQRJOaGrV7KBp6ULq65kxl/p1mRajMRMVrI0dUbUZq0kqJaP3ZhlF+fj8VyHK9oNWEjCSYTGxFJ+qcbvFcUT20xJQu8nSFfsK4cWuaa68uTn0Kmzvfp6ngHdX/iQZjO/0xreI5kHwxOIcYrwQphMmb5rQrimTQsppguMUu/pKA= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?TXq2DzVegvE3ZboyPT52JIRfeMgg2nRgXdlupew2oKk1+IuruOxJ9GJGN8ZL?= =?us-ascii?Q?04FYv6QPS/RM5NulCMSWKSvKCzDpT3K07uJl13ANcASDpECf74chdMufLtzY?= =?us-ascii?Q?+6198Bx/OsVYMltJHUiPOfIfQ1t26zIfP7DZ9CQKovNTJFbZKfA4QmZP23iq?= =?us-ascii?Q?3rX22yZnOqVS5ypmc/ZLsr6VaCgOkgPH8kKFLGAQ+bF7dYXlD4oeQ0p0O+Rf?= =?us-ascii?Q?4X1ydjeHrGqQPpwfMBxfWDNqn4txr7VSHlC53h4A1z5YR3dWBvJ47usQSLvL?= =?us-ascii?Q?rW25a5RtLHyDD/hD1wxoR9DZKsfvOgJDpu+T8BsESV8MfeEwEflcvy0MzX+R?= =?us-ascii?Q?5hxfTtAna5iQU5qWqRhwmPyggdoZev7k9lTg5Ww3XMfqhKdJ9xAk0M2ri9iy?= =?us-ascii?Q?dyvZMSmBEkRVPWegU3+HCEmln244CdWGdqLB+fWYmBLnkPrIAo5ImwU6fdhH?= =?us-ascii?Q?zESPpgiD8XzqaEAgsPUDb+S0T3NtuQFJZ0CI8evORP/4I9m0a1x2YRogYVCU?= =?us-ascii?Q?kYLevmm77FvdrbbdTSDhlQiJbwjYk1szTf0Xi7kA0p/ggrECGnrA4MpPosn3?= =?us-ascii?Q?IzBAXlKUpw7WWFZv7UDvL+LZj3KexX7T28QG+Ad0T3AK8hqdGm8YtJrvo3BO?= =?us-ascii?Q?c5eHpbb2hhdhE12BEnpllBMXn8BwLPHiLHiDwIwg8AIT+4M6eYRVo3YPpqzJ?= =?us-ascii?Q?gKi2K8PBX5/FDHeKf3lugQ2TjAmCxJmk/qG1lbe2+d7D0wbPaaFotIvvtEF5?= =?us-ascii?Q?bXDk4DkTO30O9b/SQITtb/8B3UsSeVcqp+OAblDXIuNSWT9uh1lMLHI2D+4h?= =?us-ascii?Q?qCWtLjQwOUofOFAxxgNXc/E1NsZ+ISvKnrrkWRa7ao1YEk7SliFn8tzl08LB?= =?us-ascii?Q?zVPzl24/ZOeU0B2oWmKi5353Y7JdiQF27yQO5xbaoVDzWtTU22VgcTqWQ+75?= =?us-ascii?Q?x3F1S76w19VCjhN38/5lVtCiJLOgZWMvCsIDp45YX94QwliJIil7VuEE5sQj?= =?us-ascii?Q?bM00X9Dt/b/KzCvblLE3e+DN71hqQIg26fY74g3WOjSiZUbajN/nT77QCs0D?= =?us-ascii?Q?aFKpqD0lYMf4JwvFjxPt54IuKs0FZpL4XB5y5vF63EG9+0dzLPKl9SjdDeLv?= =?us-ascii?Q?uLZdumH7xIhoWQi47zR3DMugHKe+lOFKNE4mwcdnC5db0xhRd3/C0y6K1Fmy?= =?us-ascii?Q?2DKz9UoRQzoxeU7+0rhIB5OA9o40GqAhw1nBRZLfbeaeYi38bzh6MnlztlaT?= =?us-ascii?Q?6fGfPusUpkXTHV8YzPOunNE4A5LL8rA3CUQlKAqw1tkGLb+iVdojbjrlCwwP?= =?us-ascii?Q?HsWXi1gu8QR6Zwkj4dXovOxb?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5029d713-2d9d-4ed5-bd93-08d96d6407ca X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:44.6039 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tT81gh5eU6aoBBUyWdzYntGLDGj7CdA+h8Ym43s1tPciKZuuyG6xaVlO49hKdLsexxh0JT9NKBePShmEMER+Uw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: ajvLAMd46Slr3MdnRUpCLvoax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630513070; bh=DfovQFc0kCA+H3oTWwnSf+lp94q87iPS7LTVcTcPkvc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=M6E+UXRkDXL06zbgQwQSqfe8+/1CtM4w7Ai3mWjanMv08w0mpSSShM63w5oPI1+pMQS DyNAbClFWSt16bSiFFPER2174bNmfKilKsymZ6FEGBu0UOjKSfFj3h4YMFiHuOgJiXu20 iuIZGf13B4p70MhRDgHa0b8ZGis1VXP9zsw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630513072928100014 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 91 ++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022ba..de876fdb478e 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -19,9 +19,93 @@ #include #include #include +#include =20 #include "Platform.h" =20 +/** + Handle an SEV-SNP/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue= st + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to be registered. + +**/ +STATIC +VOID +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -109,6 +193,13 @@ AmdSevEsInitialize ( "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n= ", (UINT64)GhcbBackupPageCount, GhcbBackupBase)); =20 + // + // SEV-SNP guest requires that GHCB GPA must be registered before using = it. + // + if (MemEncryptSevSnpIsEnabled ()) { + GhcbRegister (GhcbBasePa); + } + AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); =20 // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80089): https://edk2.groups.io/g/devel/message/80089 Mute This Topic: https://groups.io/mt/85306670/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-