From nobody Mon Feb 9 11:06:18 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80889+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80889+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=pass(p=none dis=none) header.from=groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1632163586732921.0523165341328; Mon, 20 Sep 2021 11:46:26 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id dwAoYY1788612xQkSrfeeOa4; Mon, 20 Sep 2021 11:46:26 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.41]) by mx.groups.io with SMTP id smtpd.web10.1352.1632163583824013575 for ; Mon, 20 Sep 2021 11:46:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hLLthZFjkDoYDeFdk/XdR8gYpU6dtGkA1MKOch7+NitZTN5gJWIt9mAEP6q+Mc5E4xEr0wzW5t76/bhnOLf9mv4Q5fFmVDZEs76mZoQyBw5p6XfS6Q3Nq0so8kufPuHaxH6mDp8TtAaa8t/XYL5aJGxEOIRgxRMMj+fvUY4EGbOWHuhGB+Wqi2jAtfXjKf7eAySD8SI8fcRuMISwdZtuzOId+6t8Y6vi8IQaKwx4zkRLq48aMgKSFYFl5BP5f6C8J4z+R1VMWEcd7I5fglXhP++YH16MkRVXuE9XypWHc0C8OVwiSaqJcIUe4bXnL1AqO4cMJIL295sC9654b0UhlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yMBCs7ggNQAsLpCTdzbEVR8VRTBv3UPMNupaGb+7VGs=; b=CJyHXe3DZ9osiFwgDLRD8/pj1h9OMleti9BnAp+baWWZ2FYSglabdBtQ35S3BG9H2DFDKpC7VGAYVWG/mdUtUGZDleZV0logPZmbojQd9ZtxlyjbjE0ZUlUVmmgaNRL2M3Tpc+jaP4p9KmlWF2vPqq2mcxwqHPelOh0LFfIMSQ95wpCkWLXGTvgWhJY0zL1n325TuNafim0jOLvaf1/oGGempFtAx2/IpqvMewbZdAok4GVfo08KO1inUl+7Qyb9UlxsuY5Swy0+q37vqpX3LQ5ngYKDnThBaRRk97wWfuxIMZ+dFImqN6ajOjnpGzzFovIcAmz4r6E8BFLqkL/vCw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4512.namprd12.prod.outlook.com (2603:10b6:806:71::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Mon, 20 Sep 2021 18:46:23 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4523.018; Mon, 20 Sep 2021 18:46:23 +0000 From: "Brijesh Singh via groups.io" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth , Jiewen Yao Subject: [edk2-devel] [PATCH v8 05/32] OvmfPkg: reserve SNP secrets page Date: Mon, 20 Sep 2021 13:45:37 -0500 Message-ID: <20210920184604.31590-6-brijesh.singh@amd.com> In-Reply-To: <20210920184604.31590-1-brijesh.singh@amd.com> References: <20210920184604.31590-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0201CA0034.namprd02.prod.outlook.com (2603:10b6:803:2e::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0201CA0034.namprd02.prod.outlook.com (2603:10b6:803:2e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Mon, 20 Sep 2021 18:46:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a17e2865-3156-421c-0d29-08d97c66f152 X-MS-TrafficTypeDiagnostic: SA0PR12MB4512: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: ToHPcZ6XsPDaGkSP4my6ISGS5c1mvkRLRJ6mlQxOxfOgJMLsSH5rwpb9j3ZX9+6+jap3cecT4k7gvvGboD7Dctu6I99MUKMM2zuIh82Qz4GvcCRRU0dt3ILFTGT/wSLHKY4UWoGsWvY3NzUbTd1jjDn5igq4pys3TrleXf4AWB3eqHpKxgaoWPYGUBD/AXBw+02cBoMrek7GBkzWEHHFesKWGsSuaftLYyblfaZ9qzQwrZ7yafy+0Zhxs7k+XPP7q9TvwmsKaEl/A3NJTqnGg8QTXJcpOL2c0PaaFk5bG/RAH+Wk967h1pumpzlVAcFmix0/uu0VhjgnOLl7Iitr1Z293yDk1uqb7VA6oXQNLLzvTXuFve25nQsdgiNg66mctWF4YH3EZHXzUJ29rw3TLt98sSR6kEt5myv1BIrozMPlZ4T2H0/AgLhjzgE24tGw1GqDIAe3z8LaGVq3nT6nxgAqP/sKChndObhK3FMFkAkonU3X4XDn+UG3jE+pafDhbSiW44gJPMpDR1TqYJPHW05YjLrCrRydW+nu2MPeNkgI6tVMz6aO+a8CZ/oqWJj9kT4lHKtnZ6+meb+VFOXqWswHzUBUs9Z+6MnjvdCLndYUNG00T9m63vq0n1itGivBPIsA+13xGZoudECfLn4CpC8hiE3IyicvIB3sHTPpHtE4XwiaUxwxZQkWbFBxqYnZPBtFMqQxabhCNqyIT6VaiiP5oLpNq935Rif+tMUNd3doQcXNIxZvl1CNssVwxAbHzPrg0KO2VXjKZhf7WjSTDEt/1xv1WeroRTIBJaMKoek= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?pGbyLpp46H5jtIyZ0xz43kWGogx89PG5A/v5aq7W0+CE6VKHaA+NdCjczVS6?= =?us-ascii?Q?BLBIYHzuwInO2Y7sJhCGX17ETgWPTR2DIzpFwsHjbz7H1HTNjgw10s4Kqsuw?= =?us-ascii?Q?hvL2y7z3IDeOhnZ3n534EG7QgIY0y4dmfdSWGTlibwVDDFNaPdeSBeJT6Z+E?= =?us-ascii?Q?HGXbfQo2UotGZm956ya+einq3/GyuPW0Ig6paibnbN2ilNcxyItOvwbWZtqK?= =?us-ascii?Q?73zHAtLZeZCCqLzcJQq1U/CqVSIN2TSqdpp8fQ7ctX93tepsbmLEpy66wuxl?= =?us-ascii?Q?Sxb8M4fnDH334hwF8hdPAoE8Y0x969nAEsTRaVcXevwTbej/TzlNmlMjIR9X?= =?us-ascii?Q?uDXdpls/fSUl19mWUe7OyOD2JRYyM5ZFgIfbBo9SSJBRKyFVxjDv55vH5Aur?= =?us-ascii?Q?JSN0OH3syhgAJ+9PoSjntRT9bHSBDxGySAobhMpFNQorxwaf0fSoLqVZ6oXn?= =?us-ascii?Q?5fSNpWtByi6GHkgxown3pUiNbjDSXcCTybQiUHtzKJQbtaTo1eKG5P/PaG8+?= =?us-ascii?Q?BQEUKnsSD44MiEdd79edmTQAklUrcpTVBmd7zRJb/kUI5u2rJXTNzWVJ5Ecl?= =?us-ascii?Q?51R7AwsTDCCjtw+rJSAacd+dcjIpHt1e/Pi6mLHLpiAl0atssu+7Z6/whlrM?= =?us-ascii?Q?MXLtudkVd7SJK/KtnkUNKMGTXMK0nmcLqGGzDFxWzUMJASTMhDTeeHq4nsf2?= =?us-ascii?Q?rsGyyKMjvU5aeNcGaqx7ooTKSIcSCl19ofRsbMqRJUBBNHq999a62St5Pt+B?= =?us-ascii?Q?l9uuKIwIG3w7ypDJgMXnHyhFozLW7vCLxhXnJVfblZ45dl+WAeDn6NGfzkX8?= =?us-ascii?Q?uBQMKd1wk290UTN6hcP9tQwwoqIKUxpml0mTRjrnkkJKwJg2mbyeraGckmC4?= =?us-ascii?Q?t36SZk6xHFWJcN5J4f+CQ0q454//ww7Or/KQNxqSAllACAQBazxykp+UI4Og?= =?us-ascii?Q?rSxmuM1FLq2jjPVG3O5TO/kaAAMTw8TQFB5iKdqzobR6fs58TJGldOPXBwd7?= =?us-ascii?Q?9Y9HsUL7xgl4K//1o/zk613F+ksp99zoOU9jmuZ+gOxZMs7DqPaVp3vmqut8?= =?us-ascii?Q?iPSEE8hc/UcfL5Kse+dOLHO0YfcECN1lRTz+F729wtDREWfA1ygbGXGLm4x8?= =?us-ascii?Q?utvPxcG3CKDxvo0/UaogOXF0I0ZDbsvWldGoy3J9HMfjfJsJCMeX7DJ84fzi?= =?us-ascii?Q?8tNZHYF4QQcj1SPOzTmb941BtsYIeVXgzDSSau1UkNCV8lRnbFre4zEMgben?= =?us-ascii?Q?Gt1DIM5bkORD5SanpsIqUhLPP+VGypFu9SLKrKmYhx5uXqGkKL7b6dYwVxhn?= =?us-ascii?Q?5oWHSHG1LwrN1ZH8AT1TwRFl?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a17e2865-3156-421c-0d29-08d97c66f152 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Sep 2021 18:46:22.8879 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OJjIMmq3t12dLKy9tg6iJF619YYdoo161SSlfjgLdu1LVnXiiRJ0Bn0tl6Cymk0GdP0NRVR+eo04zYxNzGaauA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4512 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: W6YOD7jtcN0BLgR5Jt7km9ANx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1632163586; bh=1cnnXKq+WIGvNr2JE7B/qKtNtZrIai8FbkSXLDKriuY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Qxe4PhVhcfvEJRe/lhKmZJpaIesxsBxFUgoUVjhtcQ0tURAsQrJNxDesIU3cOaiWpQ0 2CZ4bzhFERseaDXxjFQ6iSy8Z1i+oWfFPTqUAUF/3KOOAQEswSdjuHYQ7vRtkQlOhAQw8 W+v4Koff/rFIk6hpIbDMhogsAyrIVj+MVds= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1632163588252100023 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 During the SNP guest launch sequence, a special secrets page needs to be inserted by the VMM. The PSP will populate the page; it will contain the VM Platform Communication Key (VMPCKs) used by the guest to send and receive secure messages to the PSP. The purpose of the secrets page in the SEV-SNP is different from the one used in SEV guests. In SEV, the secrets page contains the guest owner's private data after the remote attestation. Add a new section for the secrets page in the OVMF metadata structure so that hypervisor can locate it. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Acked-by: Jiewen Yao Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.nasmb | 3 +++ OvmfPkg/ResetVector/X64/OvmfMetadata.asm | 9 +++++++++ 5 files changed, 23 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index c37dafad49bb..6266fdef6054 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -340,6 +340,12 @@ [PcdsFixedAtBuild] # header definition. gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|0|= UINT32|0x51 =20 + ## The base address and size of the SEV-SNP Secrets Area that contains + # the VM platform communication key used to send and recieve the + # messages to the PSP. If this is set in the .fdf, the platform + # is responsible to reserve this area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x52 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x53 =20 [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 23936242e74a..5b871db20ab2 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ [FD.MEMFD] 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index a2520dde5508..09454d0797e6 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -50,3 +50,5 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index bc61b1d05a24..f7d09acd33ed 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -77,6 +77,9 @@ %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) + %define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase)) + %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize)) + %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/AmdSev.asm" %include "Ia32/PageTables64.asm" diff --git a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm b/OvmfPkg/ResetVector= /X64/OvmfMetadata.asm index a1260a1ed029..bb348e1c6a79 100644 --- a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm +++ b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm @@ -23,6 +23,9 @@ BITS 64 ; The section must be accepted or validated by the VMM before the boot %define OVMF_SECTION_TYPE_SEC_MEM 0x102 =20 +; AMD SEV-SNP specific sections +%define OVMF_SECTION_TYPE_SNP_SECRETS 0x200 + ALIGN 16 =20 TIMES (15 - ((OvmfGuidedStructureEnd - OvmfGuidedStructureStart + 15) % 16= )) DB 0 @@ -41,5 +44,11 @@ _Descriptor: DD OVMF_METADATA_VERSION ; Version DD (OvmfGuidedStructureEnd - _Descriptor - 16) / 12 ; Number of sections =20 +; SEV-SNP Secrets page +SevSnpSecrets: + DD SEV_SNP_SECRETS_BASE + DD SEV_SNP_SECRETS_SIZE + DD OVMF_SECTION_TYPE_SNP_SECRETS + OvmfGuidedStructureEnd: ALIGN 16 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80889): https://edk2.groups.io/g/devel/message/80889 Mute This Topic: https://groups.io/mt/85749018/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-