1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH v9 00/32] Add AMD Secure Nested Paging (SEV-SNP) support
  4. View patch

[edk2-devel] [PATCH v9 20/32] UefiCpuPkg: Define ConfidentialComputingGuestAttr

Brijesh Singh via groups.io posted 32 patches 4 years, 4 months ago
There is a newer version of this series
[edk2-devel] [PATCH v9 20/32] UefiCpuPkg: Define ConfidentialComputingGuestAttr
Posted by Brijesh Singh via groups.io 4 years, 4 months ago 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

While initializing APs, the MpInitLib may need to know whether the
guest is running with active AMD SEV or Intel TDX memory encryption.

Add a new ConfidentialComputingGuestAttr PCD that can be used to query
the memory encryption attribute.

Cc: Michael Roth <michael.roth@amd.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 UefiCpuPkg/UefiCpuPkg.dec                     |  4 +++
 .../Include/ConfidentialComputingGuestAttr.h  | 25 +++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 62acb291f309..9dbaa407c399 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -396,5 +396,9 @@ [PcdsDynamic, PcdsDynamicEx]
   # @Prompt SEV-ES Status
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|FALSE|BOOLEAN|0x60000016
 
+  ## This dynamic PCD indicates the memory encryption attribute of the guest.
+  # @Prompt Memory encryption attribute
+  gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0|UINT64|0x60000017
+
 [UserExtensions.TianoCore."ExtraFiles"]
   UefiCpuPkgExtra.uni
diff --git a/UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h b/UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h
new file mode 100644
index 000000000000..495b0df0ac33
--- /dev/null
+++ b/UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h
@@ -0,0 +1,25 @@
+/** @file
+Definitions for Confidential Computing Attribute
+
+Copyright (c) 2021 AMD Inc. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
+#define CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
+
+typedef enum {
+  /* The guest is running with memory encryption disabled. */
+  CCAttrNotEncrypted = 0,
+
+  /* The guest is running with AMD SEV memory encryption enabled. */
+  CCAttrAmdSev      = 0x100,
+  CCAttrAmdSevEs    = 0x101,
+  CCAttrAmdSevSnp   = 0x102,
+
+  /* The guest is running with Intel TDX memory encryption enabled. */
+  CCAttrIntelTdx    = 0x200,
+} CONFIDENTIAL_COMPUTING_GUEST_ATTR;
+
+#endif
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81906): https://edk2.groups.io/g/devel/message/81906
Mute This Topic: https://groups.io/mt/86292904/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v9 20/32] UefiCpuPkg: Define ConfidentialComputingGuestAttr
Posted by Gerd Hoffmann 4 years, 3 months ago 
  Hi,

> +  ## This dynamic PCD indicates the memory encryption attribute of the guest.
> +  # @Prompt Memory encryption attribute
> +  gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0|UINT64|0x60000017

See discussion in parallel thread.  This is probably not the best place
for the PCD due to dependency problems which make the PCD less useful
than it should.  There is more code than just cpu which must be tsx/sev
aware.

Move to MdePkg?

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81993): https://edk2.groups.io/g/devel/message/81993
Mute This Topic: https://groups.io/mt/86292904/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v9 20/32] UefiCpuPkg: Define ConfidentialComputingGuestAttr
Posted by Brijesh Singh via groups.io 4 years, 3 months ago 
On 10/14/21 1:38 AM, Gerd Hoffmann wrote:
>   Hi,
>
>> +  ## This dynamic PCD indicates the memory encryption attribute of the guest.
>> +  # @Prompt Memory encryption attribute
>> +  gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0|UINT64|0x60000017
> See discussion in parallel thread.  This is probably not the best place
> for the PCD due to dependency problems which make the PCD less useful
> than it should.  There is more code than just cpu which must be tsx/sev
> aware.
>
> Move to MdePkg?

Yes, I think that will work. For SEV case so far there was no need for
to move in MdePkg so I kept in UefiCpuPkg but I am good with moving.


> take care,
>   Gerd
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82052): https://edk2.groups.io/g/devel/message/82052
Mute This Topic: https://groups.io/mt/86292904/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.