1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH 0/2] work area fixes
  4. View patch

[edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD

Brijesh Singh via groups.io posted 2 patches 4 years, 3 months ago
[edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD
Posted by Brijesh Singh via groups.io 4 years, 3 months ago 
The commit 80e67af9afca added support for the generic work area concept
used mainly by the encrypted VMs but missed update the AmdSev package.

Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Dov Murik <dovmurik@linux.ibm.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 542722ac6b37..56626098862c 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -57,7 +57,7 @@ [FD.MEMFD]
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
 
 0x00B000|0x001000
-gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
 
 0x00C000|0x000C00
 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
@@ -79,6 +79,13 @@ [FD.MEMFD]
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
 FV = DXEFV
 
+##########################################################################################
+# Set the SEV-ES specific work area PCDs
+#
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+##########################################################################################
+
 ################################################################################
 
 [FV.SECFV]
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82047): https://edk2.groups.io/g/devel/message/82047
Mute This Topic: https://groups.io/mt/86321277/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD
Posted by Gerd Hoffmann 4 years, 3 months ago 
On Thu, Oct 14, 2021 at 01:17:11PM -0500, Brijesh Singh wrote:
> The commit 80e67af9afca added support for the generic work area concept
> used mainly by the encrypted VMs but missed update the AmdSev package.
> 
> Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82086): https://edk2.groups.io/g/devel/message/82086
Mute This Topic: https://groups.io/mt/86321277/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD
Posted by Dov Murik 4 years, 3 months ago 
[+Tobin]


On 14/10/2021 21:17, Brijesh Singh wrote:
> The commit 80e67af9afca added support for the generic work area concept
> used mainly by the encrypted VMs but missed update the AmdSev package.
> 
> Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")

Thanks Brijesh.

The fix does allow me to launch SEV-ES guests, which is good news.
However, the guest's measurement has changed, so I wonder what this
change causes.

The details:

I tested 3 commits (always building the AmdSevX64 target):

1. commit 7b4a99be8a39 - edk2-stable202108

I successfully launch SEV and SEV-ES guests and my measurement check
script verifies the digest correctly (including the "measured linux
boot" hashes table added by QEMU).

2. commit f10a112f08f3 - master (Oct 14)

I successfully launch SEV guests, but SEV-ES guests crash with "error:
kvm run failed Invalid argument". The measurement check verifies digest
correctly.

3. master + this AmdSevX64.fdf patch

I successfully launch SEV guests and measurement calculation is OK. As
far SEV-ES guests, the measurement check doesn't match what I expect. If
I ignore the mismatched measurement and continue the launch, the guest
runs OK with SEV-ES.


So this patch fixes the problem (SEV-ES guest crashes on launch) but
shows another problem (bad guest measurement).


Note that for this test, my measurement calculation script automatically
takes the OVMF image I'm using to boot the VM.  From my reading of the
QEMU code, the only pieces that should affect the measurement is the
OVMF image, the hashes table, and the VMSAs for each vcpu.  The OVMF
image is updated on every check, and the rest shouldn't have changed
between those 3 revisions that I tested.


It might be an issue with my measurement checking script which was
assuming something that has changed with the introduction of the new
work area, but I can't think of something like that. Note again that
plain SEV measurement is still working OK.


Do you encounter similar issues with VM measurement?


-Dov



> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Reported-by: Dov Murik <dovmurik@linux.ibm.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
> index 542722ac6b37..56626098862c 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.fdf
> +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
> @@ -57,7 +57,7 @@ [FD.MEMFD]
>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
>  
>  0x00B000|0x001000
> -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize
> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
>  
>  0x00C000|0x000C00
>  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
> @@ -79,6 +79,13 @@ [FD.MEMFD]
>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
>  FV = DXEFV
>  
> +##########################################################################################
> +# Set the SEV-ES specific work area PCDs
> +#
> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
> +##########################################################################################
> +
>  ################################################################################
>  
>  [FV.SECFV]
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82179): https://edk2.groups.io/g/devel/message/82179
Mute This Topic: https://groups.io/mt/86321277/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD
Posted by Brijesh Singh via groups.io 4 years, 3 months ago 
On 10/16/21 1:38 PM, Dov Murik wrote:
> [+Tobin]
>
>
> On 14/10/2021 21:17, Brijesh Singh wrote:
>> The commit 80e67af9afca added support for the generic work area concept
>> used mainly by the encrypted VMs but missed update the AmdSev package.
>>
>> Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")
> Thanks Brijesh.
>
> The fix does allow me to launch SEV-ES guests, which is good news.
> However, the guest's measurement has changed, so I wonder what this
> change causes.
>
> The details:
>
> I tested 3 commits (always building the AmdSevX64 target):
>
> 1. commit 7b4a99be8a39 - edk2-stable202108
>
> I successfully launch SEV and SEV-ES guests and my measurement check
> script verifies the digest correctly (including the "measured linux
> boot" hashes table added by QEMU).
>
> 2. commit f10a112f08f3 - master (Oct 14)
>
> I successfully launch SEV guests, but SEV-ES guests crash with "error:
> kvm run failed Invalid argument". The measurement check verifies digest
> correctly.
>
> 3. master + this AmdSevX64.fdf patch
>
> I successfully launch SEV guests and measurement calculation is OK. As
> far SEV-ES guests, the measurement check doesn't match what I expect. If
> I ignore the mismatched measurement and continue the launch, the guest
> runs OK with SEV-ES.
>
>
> So this patch fixes the problem (SEV-ES guest crashes on launch) but
> shows another problem (bad guest measurement).
>
>
> Note that for this test, my measurement calculation script automatically
> takes the OVMF image I'm using to boot the VM.  From my reading of the
> QEMU code, the only pieces that should affect the measurement is the
> OVMF image, the hashes table, and the VMSAs for each vcpu.  The OVMF
> image is updated on every check, and the rest shouldn't have changed
> between those 3 revisions that I tested.
>
>
> It might be an issue with my measurement checking script which was
> assuming something that has changed with the introduction of the new
> work area, but I can't think of something like that. Note again that
> plain SEV measurement is still working OK.
>
I assume you are including the IP for the APs during your VMSA hash
computation. The IP for the AP is obtained through the SevEsResetGuid
[1]. It points to Fixed(PcdSevEsWorkArea). After we introduced the
generic Ovmf workarea concept the PcdSevEsWorkArea no longer start from
the beginning of the workarea. See the hunk below

+##########################################################################################
+# Set the SEV-ES specific work area PCDs
+#
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+##########################################################################################
+

[1]
https://github.com/tianocore/edk2/blob/master/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm#L109

Make sure you are using the correct value for the AP IP in your
computation. If you have hard coded AP IP in your script then I would
recommend to update the script to  retrieve the value from the OVMF_CODE.fd.

Hope this helps.

> Do you encounter similar issues with VM measurement?
>
>
> -Dov
>
>
>
>> Cc: James Bottomley <jejb@linux.ibm.com>
>> Cc: Min Xu <min.m.xu@intel.com>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Erdem Aktas <erdemaktas@google.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>> Reported-by: Dov Murik <dovmurik@linux.ibm.com>
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>> ---
>>  OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++++-
>>  1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
>> index 542722ac6b37..56626098862c 100644
>> --- a/OvmfPkg/AmdSev/AmdSevX64.fdf
>> +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
>> @@ -57,7 +57,7 @@ [FD.MEMFD]
>>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
>>  
>>  0x00B000|0x001000
>> -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize
>> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
>>  
>>  0x00C000|0x000C00
>>  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
>> @@ -79,6 +79,13 @@ [FD.MEMFD]
>>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
>>  FV = DXEFV
>>  
>> +##########################################################################################
>> +# Set the SEV-ES specific work area PCDs
>> +#
>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
>> +##########################################################################################
>> +
>>  ################################################################################
>>  
>>  [FV.SECFV]
>>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82180): https://edk2.groups.io/g/devel/message/82180
Mute This Topic: https://groups.io/mt/86321277/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD
Posted by Dov Murik 4 years, 3 months ago 

On 17/10/2021 1:32, Brijesh Singh wrote:
> 
> On 10/16/21 1:38 PM, Dov Murik wrote:
>> [+Tobin]
>>
>>
>> On 14/10/2021 21:17, Brijesh Singh wrote:
>>> The commit 80e67af9afca added support for the generic work area concept
>>> used mainly by the encrypted VMs but missed update the AmdSev package.
>>>
>>> Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")
>> Thanks Brijesh.
>>
>> The fix does allow me to launch SEV-ES guests, which is good news.
>> However, the guest's measurement has changed, so I wonder what this
>> change causes.
>>
>> The details:
>>
>> I tested 3 commits (always building the AmdSevX64 target):
>>
>> 1. commit 7b4a99be8a39 - edk2-stable202108
>>
>> I successfully launch SEV and SEV-ES guests and my measurement check
>> script verifies the digest correctly (including the "measured linux
>> boot" hashes table added by QEMU).
>>
>> 2. commit f10a112f08f3 - master (Oct 14)
>>
>> I successfully launch SEV guests, but SEV-ES guests crash with "error:
>> kvm run failed Invalid argument". The measurement check verifies digest
>> correctly.
>>
>> 3. master + this AmdSevX64.fdf patch
>>
>> I successfully launch SEV guests and measurement calculation is OK. As
>> far SEV-ES guests, the measurement check doesn't match what I expect. If
>> I ignore the mismatched measurement and continue the launch, the guest
>> runs OK with SEV-ES.
>>
>>
>> So this patch fixes the problem (SEV-ES guest crashes on launch) but
>> shows another problem (bad guest measurement).
>>
>>
>> Note that for this test, my measurement calculation script automatically
>> takes the OVMF image I'm using to boot the VM.  From my reading of the
>> QEMU code, the only pieces that should affect the measurement is the
>> OVMF image, the hashes table, and the VMSAs for each vcpu.  The OVMF
>> image is updated on every check, and the rest shouldn't have changed
>> between those 3 revisions that I tested.
>>
>>
>> It might be an issue with my measurement checking script which was
>> assuming something that has changed with the introduction of the new
>> work area, but I can't think of something like that. Note again that
>> plain SEV measurement is still working OK.
>>
> I assume you are including the IP for the APs during your VMSA hash
> computation. The IP for the AP is obtained through the SevEsResetGuid
> [1]. It points to Fixed(PcdSevEsWorkArea). After we introduced the
> generic Ovmf workarea concept the PcdSevEsWorkArea no longer start from
> the beginning of the workarea. See the hunk below
> 
> +##########################################################################################
> +# Set the SEV-ES specific work area PCDs
> +#
> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
> +##########################################################################################
> +
> 
> [1]
> https://github.com/tianocore/edk2/blob/master/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm#L109
> 
> Make sure you are using the correct value for the AP IP in your
> computation. If you have hard coded AP IP in your script then I would
> recommend to update the script to  retrieve the value from the OVMF_CODE.fd.
> 
> Hope this helps.
> 

Yep, that was indeed the issue. The VMSA for vcpu0 is identical to the
previous version, but there was a 4-byte shift in the IP field in VMSA
for the AP vcpus.

Thanks for your help debugging this.

So, FWIW:

Reviewed-by: Dov Murik <dovmurik@linux.ibm.com>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>


-Dov

>> Do you encounter similar issues with VM measurement?
>>
>>
>> -Dov
>>
>>
>>
>>> Cc: James Bottomley <jejb@linux.ibm.com>
>>> Cc: Min Xu <min.m.xu@intel.com>
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>> Cc: Erdem Aktas <erdemaktas@google.com>
>>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>>> Reported-by: Dov Murik <dovmurik@linux.ibm.com>
>>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>>> ---
>>>  OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++++-
>>>  1 file changed, 8 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
>>> index 542722ac6b37..56626098862c 100644
>>> --- a/OvmfPkg/AmdSev/AmdSevX64.fdf
>>> +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
>>> @@ -57,7 +57,7 @@ [FD.MEMFD]
>>>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
>>>  
>>>  0x00B000|0x001000
>>> -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize
>>> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
>>>  
>>>  0x00C000|0x000C00
>>>  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
>>> @@ -79,6 +79,13 @@ [FD.MEMFD]
>>>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
>>>  FV = DXEFV
>>>  
>>> +##########################################################################################
>>> +# Set the SEV-ES specific work area PCDs
>>> +#
>>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
>>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
>>> +##########################################################################################
>>> +
>>>  ################################################################################
>>>  
>>>  [FV.SECFV]
>>>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82188): https://edk2.groups.io/g/devel/message/82188
Mute This Topic: https://groups.io/mt/86321277/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD
Posted by Min Xu 4 years, 3 months ago 
On October 15, 2021 2:17 AM, Brijesh Singh wrote:
> The commit 80e67af9afca added support for the generic work area concept
> used mainly by the encrypted VMs but missed update the AmdSev package.
> 
> Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Reported-by: Dov Murik <dovmurik@linux.ibm.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf
> b/OvmfPkg/AmdSev/AmdSevX64.fdf index 542722ac6b37..56626098862c
> 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.fdf
> +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
> @@ -57,7 +57,7 @@ [FD.MEMFD]
> 
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpac
> eGuid.PcdOvmfSecGhcbSize
> 
>  0x00B000|0x001000
> -
> gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpace
> Guid.PcdSevEsWorkAreaSize
> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenS
> paceGu
> +id.PcdOvmfWorkAreaSize
> 
>  0x00C000|0x000C00
> 
> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenS
> paceGuid.PcdSevLaunchSecretSize
> @@ -79,6 +79,13 @@ [FD.MEMFD]
> 
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenS
> paceGuid.PcdOvmfDxeMemFvSize
>  FV = DXEFV
> 
> +################################################################
> #######
> +################### # Set the SEV-ES specific work area PCDs # SET
> +gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =
> $(MEMFD_BASE_ADDRESS)
> ++  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase +
> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHead
> er
> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =
> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize -
> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHead
> er
> +################################################################
> #######
> +###################
> +
> 
> #################################################################
> ###############
> 
>  [FV.SECFV]
> --
> 2.25.1
> 
Reviewed-by: Min Xu <min.m.xu@intel.com>

Thanks.
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82212): https://edk2.groups.io/g/devel/message/82212
Mute This Topic: https://groups.io/mt/86321277/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.