From nobody Sat Feb 7 06:55:34 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82568+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=pass(p=none dis=none) header.from=groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1634962465940556.513360471412; Fri, 22 Oct 2021 21:14:25 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ZNtxYY1788612xeA9hvCqi4M; Fri, 22 Oct 2021 21:14:25 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.67]) by mx.groups.io with SMTP id smtpd.web10.2750.1634962464867947771 for ; Fri, 22 Oct 2021 21:14:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QkgQGqoKs2s+dtpnQrPrXaO9ohAZoTTNovixwkqKrFKp7iwPHzq4ME+ZOWwVQdHlU6n/8xvl41umQprf7W1Rr723ejUb/sNBuK4jOho8lz/OkM0s4E7V3B2z1H5/JxqCCG7+Oc7ZksZG4Nqx4VC2tFDt5IokZYdkFOxuMVDmbjRjzdUqNJjb8Z8cPLraN+KVogbsdSB2WNhqMT9IB57/1C7twgu37EbMoe5qz1+g/N52NjoYQ3fT7tzWvb0Ykdrd1jluK4PohYVGiVIo5vbyrDlie0jcVmt6agxZUkCI5aJXKrkZB6IkeXQT5iFeoxsj/ddBWcCmrvpnD4J6uXwQqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lTPv7LYLTVWw6DiLLNZXtcCr2mEM5dWmZcYRbo4JicE=; b=C6nAMqj5T+qP1nvjg/w5qOUN+tsFfeIxr5nxuIS3Mrkcxwv8Zlx6eQQs6CEYn/FNtLMncFl/tarsfiPzjHQhfvX4ZQtTLuQkyLNVXfdQ9sQCkC2kgjPLkbeBWQwwFYUFxprKmOM+FN0nZkD5ZsD4pKvfHdcsTtOl8ocDUov+Sm6SqE2pua3caf25nqPW/ToyQWuehVwK0FZf1ZwS5H9nHHjPx4zGT88WBqQaUZZv54wpR7bjbGBc4dJD2QB6/eDQN8WfAE3MJrSOuaQNP2kTp5aDl3yf2ASaCcSxhZeikOf5kH0yVluNhnrGgTCyAIIuR7fotKlNznKVxuGjro4NDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none X-Received: from DM5PR04CA0051.namprd04.prod.outlook.com (2603:10b6:3:ef::13) by BN9PR12MB5162.namprd12.prod.outlook.com (2603:10b6:408:11b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Sat, 23 Oct 2021 04:14:22 +0000 X-Received: from DM6NAM11FT027.eop-nam11.prod.protection.outlook.com (2603:10b6:3:ef:cafe::ed) by DM5PR04CA0051.outlook.office365.com (2603:10b6:3:ef::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18 via Frontend Transport; Sat, 23 Oct 2021 04:14:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+82568+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT027.mail.protection.outlook.com (10.13.172.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4628.16 via Frontend Transport; Sat, 23 Oct 2021 04:14:21 +0000 X-Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 22 Oct 2021 23:14:20 -0500 From: "Brijesh Singh via groups.io" To: CC: James Bottomley , Min Xu , "Jiewen Yao" , Tom Lendacky , "Jordan Justen" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , Brijesh Singh , Michael Roth , Jiewen Yao Subject: [edk2-devel] [PATCH v11 05/32] OvmfPkg: reserve SNP secrets page Date: Fri, 22 Oct 2021 23:13:22 -0500 Message-ID: <20211023041349.1263726-6-brijesh.singh@amd.com> In-Reply-To: <20211023041349.1263726-1-brijesh.singh@amd.com> References: <20211023041349.1263726-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e66a8f93-0146-4cb8-61cf-08d995db9771 X-MS-TrafficTypeDiagnostic: BN9PR12MB5162: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4502; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: yuybEiaWB/u6Ad9M7rJhgTLHH9Aibnr2Qji7n6iO7Qapa/9wlMfLkgrDAInoYimFFtLy+ZWcwiAKhIPfN3IV55PUhU0Zg7NzNqGzrPaU869ua3oYUGDkn6x6yBbRaXXVxgMh8sr/X/fdLCag9fPY1qIi1kugT69bbwiwlYVDc/aODVBa4NiUZIpkQdIaizDm4kCXAh9SKuKoEd5/h7azoXqzUMOLsSMxPOp1NwIHzw7ljPO6Uy6TBDfy3jlus8jEOhmOFMzFP39TsOsXjxODAwfyBRBu95aKB939V32NKE4Ned+Tj/wr1M5y79z0fHdXboJaqxkOQHEmqa6ut9uyYIKfSJKHi0PzL34A/5dpXN9mJcFEhIaqkowX2yd6k3oz5+lpWZA0Oo/JyagclDmI2CcJdkwRv+CriX666XI+XFc+3Cv0/czc6DW1KhmyDCn9LkTy2Bomq6sy6rDleV+ATpQpaJeex0XiSI88TvhvvPVQlkKu1py+6yRo0vDOhX2K2L8ZfNu8xrWGrFdSQ8205070z3ZwI0cnMtHatXXu5+MVcvsrWhOe78yVrjIVGTm7QAQVMB7T4aeot2YBVrIPXOivGynn+XBhDkVaQ7oi3Iwe1Pnim9A+HRUOFqxqX0506XObCwGCQqZWp9MK0UsWtdTrMBN7dwKeS71UvNd6S+fKGVs55LI9eqKtqTWgckZN5kOPwtP1ylPjaXhdlllk4QhrjYG7UAxK5A6aKzFoQX+qG+Uk7IIs6OXJawXhD584dtNkFGCXVdL/qZn94nKvxUqzOHC0EKoJ4L/A5KhkxA5GnbfmtZDDwxk0yhop2Yru X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2021 04:14:21.9932 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e66a8f93-0146-4cb8-61cf-08d995db9771 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT027.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR12MB5162 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 8vJVLcLj8YkgT7QnJAJub6dOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1634962465; bh=MkUqGFkV5zJd6d5SFv9HfhjJ7UnSMhl4aGk//2pSZmU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=nTmcamLCbA7dGrXXnzx5F2vAhQCQ4LpfuHNVxtylBB7hkJInYA9CVOmo/96loEqYui6 TTPsxe9vxS6Pu8FcmkWg47anvjNNgJCmyHp0YD+3xOiqdzHJUpbuGrLcTAgJ6RTXuqEiB pLC5zoRF2ePGfYBNk2aexaWV3nDWGbR6JXw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1634963368176100002 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 During the SNP guest launch sequence, a special secrets page needs to be inserted by the VMM. The PSP will populate the page; it will contain the VM Platform Communication Key (VMPCKs) used by the guest to send and receive secure messages to the PSP. The purpose of the secrets page in the SEV-SNP is different from the one used in SEV guests. In SEV, the secrets page contains the guest owner's private data after the remote attestation. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Acked-by: Jiewen Yao Acked-by: Gerd Hoffmann Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 9 +++++++++ 5 files changed, 22 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 1be8d5dccbc7..3e4e80a1e5a0 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -340,6 +340,12 @@ [PcdsFixedAtBuild] # header definition. gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|4|= UINT32|0x51 =20 + ## The base address and size of the SEV-SNP Secrets Area that contains + # the VM platform communication key used to send and recieve the + # messages to the PSP. If this is set in the .fdf, the platform + # is responsible to reserve this area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x52 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x53 =20 [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index b6cc3cabdd69..1313c7f016bf 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ [FD.MEMFD] 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index a2520dde5508..09454d0797e6 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -50,3 +50,5 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 6a3b1b73cf53..e6a868730897 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -78,6 +78,8 @@ %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) + %define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase)) + %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize)) %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/AmdSev.asm" %include "Ia32/PageTables64.asm" diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVec= tor/X64/OvmfSevMetadata.asm index c42ad779be49..eba861129333 100644 --- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm +++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm @@ -14,6 +14,9 @@ BITS 64 ; The section must be accepted or validated by the VMM before the boot %define OVMF_SECTION_TYPE_SNP_SEC_MEM 0x1 =20 +; AMD SEV-SNP specific sections +%define OVMF_SECTION_TYPE_SNP_SECRETS 0x2 + ALIGN 16 =20 TIMES (15 - ((OvmfSevGuidedStructureEnd - OvmfSevGuidedStructureStart + 15= ) % 16)) DB 0 @@ -30,5 +33,11 @@ _Descriptor: DD OVMF_SEV_METADATA_VERSION ; Version DD (OvmfSevGuidedStructureEnd - _Descriptor - 16) / 12 ; Number of secti= ons =20 +; SEV-SNP Secrets page +SevSnpSecrets: + DD SEV_SNP_SECRETS_BASE + DD SEV_SNP_SECRETS_SIZE + DD OVMF_SECTION_TYPE_SNP_SECRETS + OvmfSevGuidedStructureEnd: ALIGN 16 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82568): https://edk2.groups.io/g/devel/message/82568 Mute This Topic: https://groups.io/mt/86530711/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-