From nobody Sat Feb 7 06:55:52 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82573+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=pass(p=none dis=none) header.from=groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1634962468747830.0706296844631; Fri, 22 Oct 2021 21:14:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 6Ef4YY1788612x2wh4iuaGrZ; Fri, 22 Oct 2021 21:14:28 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.73]) by mx.groups.io with SMTP id smtpd.web11.2837.1634962467703232205 for ; Fri, 22 Oct 2021 21:14:27 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DEDWQsKz8S5fUHfoRzOKoDLHs7WtNmCmjzWZqaHOcgkxO4uZsvcKGI3oqLPTESS6RKamJbXJ6EgTaU34mLvBDp7kw3boZrV4QzG/G3avE6ZCYuHdgGOo5QImyN3UzrOIMGT43Dbo8YsaP8YAVYDMY9N1I4lc13/3EKRqGM78V90X8BBRooAOCcQe+IWuzjmUV3LUhvHPbggBq4owrxxui9LNYtKct2TPreja8L9p8A/pq4yghaDl9b0sQ/s40ORvxuQmNZJRrNqmL8QQHdtJ668KZmHZ3h1ycJ5iJRpCJq2SnA+t2W0/dcWjh0tAws52MjAhuLEjeJTJfWrGzUyIwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=19UpFsAojMNItsCb+HCNBgIG05cw1PHsY58EmIKvSfI=; b=h76II28PTk0nsZxdHblMof8XY8MAJf3ZrX4uAS3rXWvnKjVihWXVsRTOWLDNh0/8WuWDaqCbp1vpDMJLRWPCn/Wnczp9nN/tlJOerV5bkKTrpn8+0LRIdpNabRljn84Wxx0grbyjr22SyqdBSjVvep6dl3SjWRhGyKM29aIBUH5gIODMnL3IvefLu3nWcRTKTmseuq+awRZHIz2koXqfLlvscBWsK7VYk+xEdwPubbQu/8UO4wiqqhiF7/A/JCD9CaNoetS1Bt27rTjjFcKCkjAa5n612zRvijZG0GOf9umz3BzSnFLRp4QQ8lsH3a1f1XJkVJ+Mo8Tue7SS41DoEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none X-Received: from DM6PR08CA0060.namprd08.prod.outlook.com (2603:10b6:5:1e0::34) by MN2PR12MB3773.namprd12.prod.outlook.com (2603:10b6:208:164::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Sat, 23 Oct 2021 04:14:25 +0000 X-Received: from DM6NAM11FT035.eop-nam11.prod.protection.outlook.com (2603:10b6:5:1e0:cafe::fa) by DM6PR08CA0060.outlook.office365.com (2603:10b6:5:1e0::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16 via Frontend Transport; Sat, 23 Oct 2021 04:14:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+82573+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT035.mail.protection.outlook.com (10.13.172.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4628.16 via Frontend Transport; Sat, 23 Oct 2021 04:14:24 +0000 X-Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 22 Oct 2021 23:14:22 -0500 From: "Brijesh Singh via groups.io" To: CC: James Bottomley , Min Xu , "Jiewen Yao" , Tom Lendacky , "Jordan Justen" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , Michael Roth , Jiewen Yao , Brijesh Singh Subject: [edk2-devel] [PATCH v11 08/32] OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values Date: Fri, 22 Oct 2021 23:13:25 -0500 Message-ID: <20211023041349.1263726-9-brijesh.singh@amd.com> In-Reply-To: <20211023041349.1263726-1-brijesh.singh@amd.com> References: <20211023041349.1263726-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 81e377fa-2ec6-4a6f-e29f-08d995db98ee X-MS-TrafficTypeDiagnostic: MN2PR12MB3773: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: eDxVpPp6y+dFtdWGplOf4xAmFY2d/EgbdqrTxQnsS36hjosGCR8dH0Y1aoLobtcyKQ4FNI1yUFXYW3vsW0G7pCd2hfIC5dwA1Kn51GCQAPTkI8djHn0sbyG2f/ggawiC9wMjyaUFOnUizfpSkqjP5lwsaegfDgJ1HKswm/chCgmPHPOZtI5KwF4oh2KIHTaw2P2BV3NTg/cnQcG+N0Zq0llRitruIpk0rTWd8yFUjvoY1H0zLGl2MH97sm24DDtklKtA9JLoKK2riTsVTPtoQTpCYopQKTluVFshl8ETnxTDFgJi13y4RiCLk07nyNFvI0aCA2N3RwnjgaQ0A/xOcaCR74B2+VfHEwGQVEhUsHivLOrA4SRkga+xcrSzoFcxGHdNgYiJOLkdeVzk+OcSH8VNsO/httNSBHQW80xw3z26q1okLU9s/NrDLaNHOjWB8K7joAOkcfjbT/yGDg2uEnYwA+hzJYX4ef7rxTthx3oAyotNq9usDzocEh/lfZenOhfB64UOmoXLic7AevAUOO6h8y04eonhtZPer1RgcGOf1korUQ2bz32tGRRnUUWASvFyJ9+UMWnt7aLdgEgiUY7PG3cPh6kIV0CK4LZxxDAmMragCir+otQlRFk1uEbCriPt7k3fkEVDssvJe0+NtqE1p+2nHnK20ltisUEs1CQR/4mlSo3e6ppzbrWtkj0r/MTaOBmu3Nhfmo+gaAIKlJ5Nd7xQFOpvuEVgGfaGzlY= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2021 04:14:24.4915 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 81e377fa-2ec6-4a6f-e29f-08d995db98ee X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT035.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3773 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: WPOHQPCtZlxM9gUnmmprLGs6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1634962468; bh=L28/xeUSl5fYhAarpikBvKnuhG9YQQmu0VKf+JymD5A=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=uKF0xJvP0xdloz9Rb8j2+MVonaPdxM+xhDKWTYqrdp39r/J1IWUkgVxZEiaP4GGxJIt //cWgysamDCpfKlBqu3Iy3Rx7n5XQvF9ufs6iZC+Fk5Bt9DFO/ILqB8KcuH/9oAemRvqp Q9Hz1D+P4fz6g5BTEysohaPEaEkGZnSZBH0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1634962470814100033 Content-Type: text/plain; charset="utf-8" From: Michael Roth CPUID instructions are issued during early boot to do things like probe for SEV support. Currently these are handled by a minimal #VC handler that uses the MSR-based GHCB protocol to fetch the CPUID values from the hypervisor. When SEV-SNP is enabled, use the firmware-validated CPUID values from the CPUID page instead [1]. [1]: SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6 Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Acked-by: Jiewen Yao Acked-by: Gerd Hoffmann Signed-off-by: Michael Roth Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 80 +++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 48d9178168b0..1f827da3b929 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -34,6 +34,18 @@ BITS 32 %define GHCB_CPUID_REGISTER_SHIFT 30 %define CPUID_INSN_LEN 2 =20 +; #VC handler offsets/sizes for accessing SNP CPUID page +; +%define SNP_CPUID_ENTRY_SZ 48 +%define SNP_CPUID_COUNT 0 +%define SNP_CPUID_ENTRY 16 +%define SNP_CPUID_ENTRY_EAX_IN 0 +%define SNP_CPUID_ENTRY_ECX_IN 4 +%define SNP_CPUID_ENTRY_EAX 24 +%define SNP_CPUID_ENTRY_EBX 28 +%define SNP_CPUID_ENTRY_ECX 32 +%define SNP_CPUID_ENTRY_EDX 36 + =20 %define SEV_GHCB_MSR 0xc0010130 %define SEV_STATUS_MSR 0xc0010131 @@ -335,11 +347,61 @@ SevEsIdtNotCpuid: TerminateVmgExit TERM_VC_NOT_CPUID iret =20 - ; - ; Total stack usage for the #VC handler is 44 bytes: - ; - 12 bytes for the exception IRET (after popping error code) - ; - 32 bytes for the local variables. - ; +; Use the SNP CPUID page to handle the cpuid lookup +; +; Modified: EAX, EBX, ECX, EDX +; +; Relies on the stack setup/usage in #VC handler: +; +; On entry, +; [esp + VC_CPUID_FUNCTION] contains EAX input to cpuid instruction +; +; On return, stores corresponding results of CPUID lookup in: +; [esp + VC_CPUID_RESULT_EAX] +; [esp + VC_CPUID_RESULT_EBX] +; [esp + VC_CPUID_RESULT_ECX] +; [esp + VC_CPUID_RESULT_EDX] +; +SnpCpuidLookup: + mov eax, [esp + VC_CPUID_FUNCTION] + mov ebx, [CPUID_BASE + SNP_CPUID_COUNT] + mov ecx, CPUID_BASE + SNP_CPUID_ENTRY + ; Zero these out now so we can simply return if lookup fails + mov dword[esp + VC_CPUID_RESULT_EAX], 0 + mov dword[esp + VC_CPUID_RESULT_EBX], 0 + mov dword[esp + VC_CPUID_RESULT_ECX], 0 + mov dword[esp + VC_CPUID_RESULT_EDX], 0 + +SnpCpuidCheckEntry: + cmp ebx, 0 + je VmmDoneSnpCpuid + cmp dword[ecx + SNP_CPUID_ENTRY_EAX_IN], eax + jne SnpCpuidCheckEntryNext + ; As with SEV-ES handler we assume requested CPUID sub-leaf/index is 0 + cmp dword[ecx + SNP_CPUID_ENTRY_ECX_IN], 0 + je SnpCpuidEntryFound + +SnpCpuidCheckEntryNext: + dec ebx + add ecx, SNP_CPUID_ENTRY_SZ + jmp SnpCpuidCheckEntry + +SnpCpuidEntryFound: + mov eax, [ecx + SNP_CPUID_ENTRY_EAX] + mov [esp + VC_CPUID_RESULT_EAX], eax + mov eax, [ecx + SNP_CPUID_ENTRY_EBX] + mov [esp + VC_CPUID_RESULT_EBX], eax + mov eax, [ecx + SNP_CPUID_ENTRY_EDX] + mov [esp + VC_CPUID_RESULT_ECX], eax + mov eax, [ecx + SNP_CPUID_ENTRY_ECX] + mov [esp + VC_CPUID_RESULT_EDX], eax + jmp VmmDoneSnpCpuid + +; +; Total stack usage for the #VC handler is 44 bytes: +; - 12 bytes for the exception IRET (after popping error code) +; - 32 bytes for the local variables. +; SevEsIdtVmmComm: ; ; If we're here, then we are an SEV-ES guest and this @@ -367,6 +429,13 @@ SevEsIdtVmmComm: ; Save the CPUID function being requested mov [esp + VC_CPUID_FUNCTION], eax =20 + ; If SEV-SNP is enabled, use the CPUID page to handle the CPUID + ; instruction. + mov ecx, SEV_STATUS_MSR + rdmsr + bt eax, 2 + jc SnpCpuidLookup + ; The GHCB CPUID protocol uses the following mapping to request ; a specific register: ; 0 =3D> EAX, 1 =3D> EBX, 2 =3D> ECX, 3 =3D> EDX @@ -424,6 +493,7 @@ VmmDone: mov ecx, SEV_GHCB_MSR wrmsr =20 +VmmDoneSnpCpuid: mov eax, [esp + VC_CPUID_RESULT_EAX] mov ebx, [esp + VC_CPUID_RESULT_EBX] mov ecx, [esp + VC_CPUID_RESULT_ECX] --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82573): https://edk2.groups.io/g/devel/message/82573 Mute This Topic: https://groups.io/mt/86530717/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-