From nobody Sat Feb  7 06:55:28 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+82577+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one);
	dmarc=pass(p=none dis=none)  header.from=groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1634962473517515.851906754117;
 Fri, 22 Oct 2021 21:14:33 -0700 (PDT)
Return-Path: <bounce+27952+82577+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id U8meYY1788612xoxO0yTVGEx;
 Fri, 22 Oct 2021 21:14:33 -0700
X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com
 (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.86])
 by mx.groups.io with SMTP id smtpd.web08.2775.1634962472503210699
 for <devel@edk2.groups.io>;
 Fri, 22 Oct 2021 21:14:32 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=G9jIlT+w995/JOoVNUpu3v8gMPX43mnwNFx69G70ier3ckD4p2aCa4DrDSJ2oTbrpZ6A+ZzqqjGprYhJwsoPsGI3nls1OsybNdPrSmtgZ6JBqkP/xRaezr2YguIT1gGkRT7acRm12tQo/4lAu4uZBYo5QSL4BOsnPYeODLkj+shpwb1kLQ0wH9TgEyhc7D4ckFtSx4tW4ze4MK3DJehePhIuZ1jl23MWPQ7D7SmypBJH9xnxTmeyvf1+2e0bZd0IP4mNhpeU0vfvKIyERh1Y3RaWbsIa1L+2e8hiIzO9qnnRpgQySxNzKg8FpWV80le9Xcj0J1mJhSgjBddppI7kpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=BwmJhnqvTds5tO5aEnJH3O/TNjCJ5n+UJoYRfAP85j0=;
 b=E+BmsEcir+zFdb+/HCBY16PfijNHXlffo1+htJqKOdKD0jrzYLxR6OOSOLviqOTukJl/0X7fjaweV+87nhCbfixPL2BAF42egVD+aybiZ18kiJ6WJ2WuEZfEmx4fRQti1itWVk63foUj5Adi14hpD9U6v81fZHRUbfRwlCa+xL9Sv3s3KefNvm+VEHFS3UALmCreDPvNnT2Ls1EKCAEizD/fvDRojij/uJuqvoCeOEtL/WkCKDpNke1j4DmVxoHUEyK+tC4EyimU0/l5m4WI9STjFS22dkLKewjNJp12NsbLo+0K8Of/uYHP3x6MMwe0aijOBVomD1KbjyKoZghhQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
X-Received: from DM6PR01CA0008.prod.exchangelabs.com (2603:10b6:5:296::13) by
 BL0PR12MB4724.namprd12.prod.outlook.com (2603:10b6:208:87::23) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4628.15; Sat, 23 Oct 2021 04:14:28 +0000
X-Received: from DM6NAM11FT004.eop-nam11.prod.protection.outlook.com
 (2603:10b6:5:296:cafe::25) by DM6PR01CA0008.outlook.office365.com
 (2603:10b6:5:296::13) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16 via Frontend
 Transport; Sat, 23 Oct 2021 04:14:28 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+82577+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com;
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 DM6NAM11FT004.mail.protection.outlook.com (10.13.172.217) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.4628.16 via Frontend Transport; Sat, 23 Oct 2021 04:14:27 +0000
X-Received: from sbrijesh-desktop.amd.com (10.180.168.240) by
 SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 22 Oct
 2021 23:14:26 -0500
From: "Brijesh Singh via groups.io" <brijesh.singh=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>, "Jiewen
 Yao" <jiewen.yao@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, "Jordan
 Justen" <jordan.l.justen@intel.com>, Ard Biesheuvel
	<ardb+tianocore@kernel.org>, Erdem Aktas <erdemaktas@google.com>, "Michael
 Roth" <Michael.Roth@amd.com>, Gerd Hoffmann <kraxel@redhat.com>, Brijesh
 Singh <brijesh.singh@amd.com>, Michael Roth <michael.roth@amd.com>, Jiewen
 Yao <Jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v11 12/32] OvmfPkg/PlatformPei: register GHCB gpa
 for the SEV-SNP guest
Date: Fri, 22 Oct 2021 23:13:29 -0500
Message-ID: <20211023041349.1263726-13-brijesh.singh@amd.com>
In-Reply-To: <20211023041349.1263726-1-brijesh.singh@amd.com>
References: <20211023041349.1263726-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 10f55eda-b9ef-41b5-af30-08d995db9afd
X-MS-TrafficTypeDiagnostic: BL0PR12MB4724:
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB472480F7B524D310FB028183E5819@BL0PR12MB4724.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 tnf73viSwhwpQG4mjRohroThVBXcT+jbedJDR45Nd3yVMiy7R0WNY91Bak+OZZSdmAyGMKt8UT/OjzatOI5NQa/25t9QP6y34+2esor8eLMbkndMhVc25p+FoDW0Cqv1IuK67+TldJjQavpD5YJh3dhV+LajXeYfteqBIH86pbo9/9aZtm3G6aO7w8iSPqTa4nJWT36HbOUL23oniFSKAvFXAYwuREeuVh/bSOzqIfC0FB6A3txtNiG4ep8H1DMNaJPyZSo9n/9TKoLjtDdKH5IZAY98W0PvK7UloXxda/pSahuqkI70oh14/B/oGFR7/7kRn4xiNCdBkcAUlp0TruDl6ZvNfa3HCdIlAuUdXJBx4GrG0JpqB9GEWgy5II9UhYbjQnwv0gMVZSJiDK21sRQbg/TFI6qXaFF2RSJCEEW/COjovDv4Xwd9G3udJGDIhTVJnS9I2R88F933HyQvX5vHTQiFycs74x0hPVlruvFh4IgUxw2YfoOS/hRRwH0VuGzJOL15nSviWpIRIw/cq6yCc5zb9M5p9u54a7/LVuPZKu7VwqfsnEim+qz5cmyqN8Ez39rdxEWkSwngtdtt7Z9IL6uqFTNSoorRyAV8rnp/j/MpPAvLjKDFRfyAVsDW3HBHT7rhDBx+AzkI3V2WDZcIkjoIziM8N4vJlXkPddZBvHZIMJJZS1wYctQ8CkGIR+7gazJ4C4PtQcwYJjoyT2cbg7ZedunHgn/SzlcMYVFBtVGdAd36SWUwCdUgWvbq8MZkm3TBhUeIL5/2m3HYQDtSc8VZIxnqGv+E68MFgv3dfiHBXtMr1cBkIUtuO0h+
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2021 04:14:27.9519
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 10f55eda-b9ef-41b5-af30-08d995db9afd
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT004.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB4724
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: rzPN0nl4r4LF3Nv7Y4Yphx5vx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1634962473;
 bh=7IJvD19U3bafOomasmFl2XKVNULaBqvgozQ8qJF6vGU=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=U6I6TKWTtTajR1ak4A+JKJgPqurmKFAYOiqzqdaE1ZR4WfozuJ8Ncq23nkuLnXXC6th
 pQxcm8HYF0+R5c7gcx/LXNJKZZUgNe0c8viRvV1+y/IUYaImJyanrWPXcoLWsncNLLv9j
 tS5zT8m6xywn8IrYT3Q7/XEwJStZ+XfPXyA=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1634962474971100048
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 87 ++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022ba..ba69f581893b 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -19,9 +19,89 @@
 #include <PiPei.h>
 #include <Register/Amd/Msr.h>
 #include <Register/Intel/SmramSaveStateMap.h>
+#include <Library/VmgExitLib.h>
=20
 #include "Platform.h"
=20
+/**
+  Handle an SEV-SNP/GHCB protocol check failure.
+
+  Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue=
st
+  wishes to be terminated.
+
+  @param[in] ReasonCode  Reason code to provide to the hypervisor for the
+                         termination request.
+
+**/
+STATIC
+VOID
+SevEsProtocolFailure (
+  IN UINT8  ReasonCode
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+
+  //
+  // Use the GHCB MSR Protocol to request termination by the hypervisor
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST;
+  Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB;
+  Msr.GhcbTerminate.ReasonCode =3D ReasonCode;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
+
+/**
+
+  This function can be used to register the GHCB GPA.
+
+  @param[in]  Address           The physical address to be registered.
+
+**/
+STATIC
+VOID
+GhcbRegister (
+  IN  EFI_PHYSICAL_ADDRESS   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D Address & ~EFI_PAGE_MASK;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      ((Msr.GhcbPhysicalAddress & ~EFI_PAGE_MASK) !=3D Address)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
=20
   Initialize SEV-ES support if running as an SEV-ES guest.
@@ -109,6 +189,13 @@ AmdSevEsInitialize (
     "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n=
",
     (UINT64)GhcbBackupPageCount, GhcbBackupBase));
=20
+  //
+  // SEV-SNP guest requires that GHCB GPA must be registered before using =
it.
+  //
+  if (MemEncryptSevSnpIsEnabled ()) {
+    GhcbRegister (GhcbBasePa);
+  }
+
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
=20
   //
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82577): https://edk2.groups.io/g/devel/message/82577
Mute This Topic: https://groups.io/mt/86530723/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-