From nobody Wed Feb 11 06:35:04 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+80589+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+80589+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1631557208047150.4661987262815;
 Mon, 13 Sep 2021 11:20:08 -0700 (PDT)
Return-Path: <bounce+27952+80589+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 4RHbYY1788612xz12pcVvVMH;
 Mon, 13 Sep 2021 11:20:07 -0700
X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com
 (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.65])
 by mx.groups.io with SMTP id smtpd.web12.850.1631557206541372964
 for <devel@edk2.groups.io>;
 Mon, 13 Sep 2021 11:20:07 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=D+8nYnt4bJstL2flAxaZABByEwaBYzxn6QUU9Fp68NvUKF4ZHXYpaM3qjpaS+yJli3TO3omZKp1Y4tLnPbRxEejpys49X/Lb3gWCd3N8NR4iODcyjUR1k1l+jB7nlUyN6vw2Azx8Xq7RJaaYZs4pPbKvbSXMqCKqtWblavBLA9NbidGscvOUZ6ADW7Ub4KrsbRcSeZ9vbWLQbFlHHVIv3tb3gFLb+D5EhDXVPBHn6A2zsF73AMlf8f0od3KjONo7JiW8WKS00W3e1zdaHIGsJCGWpFx05aFYTehTIXum+34Yt8YXiQeHGznWy46o2KdqeO8GgoD2Tu++ma8cOdQjmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=e0yTdgHy/6t7S3UaIcgNa9kmjCoziI5MdyJBVBWSttQ=;
 b=aoj9SjQyNkA9Vh7VrsRbNjqL5NkzCvB++xpoFHrUvkGvgaoHgQQd3gMf08wSR7obLuQ0XVhW5nwPk33nmcyDb/gYYjiK54d9+av92pZrP/UcA5pYIksfvYNc5z4tCZcx6nz7eGzLqvz5Xxd0IAUQCr2mnbhtLzQqQDgCq+61w2KPBzEacncUUVzC07hSn6+udv6r/8u/pF4XI5RTqBNsVPJxwwt3Mz/kQl6YjsSNp+REDgTdw/hME7rldSeze6ekUt1SppUG8hlKdxXwnvTJj9tYAd38TyDtTDah6K8VcorTPMbg8Tp2BoaymhFZXQVpmulhX4yqXgZVrTZpaLtl8g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
 by SN1PR12MB2512.namprd12.prod.outlook.com (2603:10b6:802:31::14) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14; Mon, 13 Sep
 2021 18:20:05 +0000
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4500.019; Mon, 13 Sep 2021
 18:20:05 +0000
From: "Brijesh Singh via groups.io" <brijesh.singh=amd.com@groups.io>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [PATCH v7 09/31] OvmfPkg/SecMain: register GHCB gpa for
 the SEV-SNP guest
Date: Mon, 13 Sep 2021 13:19:19 -0500
Message-ID: <20210913181941.23405-10-brijesh.singh@amd.com>
In-Reply-To: <20210913181941.23405-1-brijesh.singh@amd.com>
References: <20210913181941.23405-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM
 (2603:10b6:806:25::17) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
MIME-Version: 1.0
X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by
 SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::17) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14 via Frontend
 Transport; Mon, 13 Sep 2021 18:20:05 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0f5b374f-a5b2-4f68-642e-08d976e31c56
X-MS-TrafficTypeDiagnostic: SN1PR12MB2512:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <SN1PR12MB2512649894431D4AEEEFF5C4E5D99@SN1PR12MB2512.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 a/ZV/fDdS5s0jaCc9JGCxsX7Wf7HGHa01Ttkc9NNSu2+brvGAUgheNIaFTCK8fT2voSVoQC87hn2pJ9WnpkdGHZ3qfHGCNgOfv9fhrQQfyrDroo449dWClFOk1AjMUbLzBos9ghtGch1Y+EijPjEx3Zpgsph2+W2Xl6FoPYbK5C/eBEOqPSj2Wj7Z/F9brK3HUtFntHMHS4Wb5NKgwtUcbkkEUcCxnodGfzmihwABvyRrvXCF73+kMCZ2gGJypvJCNqcdAbWv9WXb93VG/bw3nEbbznHZMvBVpGsWPcIPRRPwhcUaZzyeqm4AB2zGjCV1lFeo2JxXdF+JmG64sHXnx/zmeHBnDAItntlSgiHrMd3yV7R0Sd5AUYw7i16O4DkhM24UagJerWg2CXDnPdCMTFDUiFiKVdmsptHjuic+AY1Fbug/Hp0ohiJI2HG24L5BcYvKJ6ofq8pB6FAAhWmRe2txJvVeeq1Wk9+n4lusCAYgowTr8gtQp17rxrMRN/SaGKBInsTmTiL6uE3AUNlVDkKJ2i2ZL0wsl8jNOrUpkmpVMRvFqqx9KbtgYyEmw9mZNVC6CX/2Vmvy63e5EBtwN11hVcJgRSASCDB+VyQa4KO1eTxmL/jiKHYeMIoJIrmFxP7ZCCMYtIEy+WaZ/nUSaxUQvaiJlofsAlfblefyth4XkRlR1U30yZSBqWuldXlMu1odlE7fjIVApp6bd9BzToeNo7e7ZzHXeVT+M8JtouyWWWsRm806b9BisnS5qGT/nCyMeQdQoDgBx2M2wEaCx/q0S8YmeE4nwT5JVhit1w=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?d7KNbJqsMBfdeOxqkWR3VO6Cwm7IpjGIKjnUnfPCIGMcwThAJQIi1yz/hfbX?=
 =?us-ascii?Q?/fybtkAlBEJZtG+y7AADRQLc35/AlpToSoerTAngtoUR7EwubRl069Hvd6ZO?=
 =?us-ascii?Q?/BUbuVPWM1JDpfLHLmdKaMc/pGN4pRyR8tLDs4gIzhzM073w3r/cllzkefpC?=
 =?us-ascii?Q?o6btc632HTw/adocR5lNo9ZYWLH8EA8+gfuaNjwpZMbI1KkM3wkC9PiIuENg?=
 =?us-ascii?Q?4nb2tdh+QSWKiMW7o6LZp4NF8XY5xo/vm/5fhKwU2HZGOhvHD2WinDBhWDlJ?=
 =?us-ascii?Q?1+YrA0EGu4/ReP43HWhxLkytpMGQOQavJ+CX8fakRVt4tOV7poGgQJozUgi5?=
 =?us-ascii?Q?KR/Bg2uP5zRo0o+hsiQEWhnM5K87Tfd4o3LnJyb602bDNlVXKgLOaus6OpqW?=
 =?us-ascii?Q?Fzy1M0TF5L2R/IMGb1clSmzWi4tM62kxVQNB+Pb7JAY/JgJmDdfmxuEHi1SC?=
 =?us-ascii?Q?92ulavUn69jBhKN6wX34r+kvk9Bz4AwnRt7/cWe4/RNCd4+TSK/7yWhTXdRc?=
 =?us-ascii?Q?8Y8jlBe1ObMSJLCsBXVMOZ0rkOgnkITI1MCEwbuQNMQ8Dvr8/9e339tnFLTH?=
 =?us-ascii?Q?Pk+SGXdK/G3cwHaFvoGapWhzK8ReV4LOEAW0Rl16Evo11JOqSSKK4QzLglNR?=
 =?us-ascii?Q?rwTOgPSxbWdu71W4e4rapnNbxRrZqcdPL6KwnuV5z+CRY96mjOJ/UaWlZiyn?=
 =?us-ascii?Q?wdta47Waj/uIeNrYBJa+4dOcGMaqPaSB9DJj2lC61XHpcxcwzC7PGyAsgvvg?=
 =?us-ascii?Q?c6Sxp01tv/LTCwEQ3U5D1khXGDPIWT3jFUPo9s4L6vghb5w4RGe327t2wPXC?=
 =?us-ascii?Q?mbYs/FcfX6zJVpUkKs/TOTjA9aOzXUhZfb4HcxccAlHyW8uLSh0xL8IcG6Rr?=
 =?us-ascii?Q?eRHxbENNMcDhw7raEmKx5c+J1c8BdNtw9Q+NqsU11pOmURD1YwrOC4GajutI?=
 =?us-ascii?Q?yp8POlrpOjl0TfseuB/ElVB/eu660Jj8KyculsR4QGvF5zr9ZUN58ScZEGBD?=
 =?us-ascii?Q?utPIZv9iD5654IPeraFDNTqXyNv8RYVOD0g8wTP2JsraxpG5/ljILIIPXM9w?=
 =?us-ascii?Q?K9l9+izEwB64v2JSlqs/dXTuqbJRrkCB8UV2QvIpcv3hqnrQ7B+3MxEv1Am3?=
 =?us-ascii?Q?jkIYkqoUANu8jMnzynn/vmOXJnLK3oxU8Xd5AsASwdxc9ubpixIj/6bdZZzO?=
 =?us-ascii?Q?oRHpeu1yYVYa6ZzjwBZmCsI+t1aBytSR1BTMsl02s63Z5QsBQ7ODNTK+hYkx?=
 =?us-ascii?Q?Qmx+aYYG1zCAN0AuduNAb471vaTkUj5Ol64p1XKQ7rKRlHzAFqGxkMz94GTV?=
 =?us-ascii?Q?JWAFi5oWTXVEop9XldFSpbNt?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0f5b374f-a5b2-4f68-642e-08d976e31c56
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2021 18:20:05.6052
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 Wr0MrtTQI6XPpzikOoOgzf8ttus67Dy/UBIANRqsEni5dM+mWHZcPJQEKm0Ri1LCxGKDhYYVDXU02trEpIde+Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2512
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: fZoS3skX9iYmC5wu1TmHGXgux1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1631557207;
 bh=7RAEMqCm4XcHhpdAnjgeBhNQ60s/Bqhq2kEUU/HsKMY=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=o+kjU4qwd2DGDz5yD1WDszFHGCiYt0ysaQKWgHCqcFU7pHDknQAQjuhJkWft8gHttN+
 MMJv04jpoUGuEQ2IJRI8oN1L44uE8Ko2eP3GZ4wEYFi0pYIJDJaqTnwG5p7WnK/jS28T3
 gxMkarltGcbUWUjgUsswXnMmC15S0kj9CJ0=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1631557208933100033
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/Sec/AmdSev.c | 137 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)

diff --git a/OvmfPkg/Sec/AmdSev.c b/OvmfPkg/Sec/AmdSev.c
index 7f74e8bfe88e..7d4d7cc8a07c 100644
--- a/OvmfPkg/Sec/AmdSev.c
+++ b/OvmfPkg/Sec/AmdSev.c
@@ -48,6 +48,125 @@ SevEsProtocolFailure (
   CpuDeadLoop ();
 }
=20
+/**
+  Determine if SEV-SNP is active.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+
+**/
+STATIC
+BOOLEAN
+SevSnpIsEnabled (
+  VOID
+  )
+{
+  MSR_SEV_STATUS_REGISTER           Msr;
+
+  //
+  // Read the SEV_STATUS MSR to determine whether SEV-SNP is active.
+  //
+  Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);
+
+  //
+  // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+  //
+  if (Msr.Bits.SevSnpBit) {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+ Register the GHCB GPA
+
+*/
+STATIC
+VOID
+SevSnpGhcbRegister (
+  UINTN   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
+/**
+ Verify that Hypervisor supports the SNP feature.
+
+ */
+STATIC
+BOOLEAN
+HypervisorSnpFeatureCheck (
+  VOID
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to query the hypervisor capabilities
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbHypervisorFeatures.Function =3D GHCB_HYPERVISOR_FEATURES_REQUEST;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  if ((Msr.GhcbHypervisorFeatures.Function !=3D GHCB_HYPERVISOR_FEATURES_R=
ESPONSE) ||
+      (!(Msr.GhcbHypervisorFeatures.Features & GHCB_HV_FEATURES_SNP))) {
+    return FALSE;
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+
+  return TRUE;
+}
+
 /**
   Validate the SEV-ES/GHCB protocol level.
=20
@@ -88,6 +207,24 @@ SevEsProtocolCheck (
     SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
   }
=20
+  //
+  // We cannot use the MemEncryptSevSnpIsEnabled () because the
+  // ProcessLibraryConstructorList () is not called yet.
+  //
+  if (SevSnpIsEnabled ()) {
+    //
+    // Check if hypervisor supports the SNP feature
+    //
+    if (!HypervisorSnpFeatureCheck ()) {
+      SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
+    }
+
+    //
+    // SEV-SNP guest requires that GHCB GPA must be registered before usin=
g it.
+    //
+    SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase));
+  }
+
   //
   // SEV-ES protocol checking succeeded, set the initial GHCB address
   //
--=20
2.17.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80589): https://edk2.groups.io/g/devel/message/80589
Mute This Topic: https://groups.io/mt/85582697/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-