From nobody Tue Feb 10 13:16:39 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+83707+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one);
	dmarc=pass(p=none dis=none)  header.from=groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1636738829160262.4971066088267;
 Fri, 12 Nov 2021 09:40:29 -0800 (PST)
Return-Path: <bounce+27952+83707+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 8NDRYY1788612xA6CklQzjcB;
 Fri, 12 Nov 2021 09:40:28 -0800
X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com
 (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.52])
 by mx.groups.io with SMTP id smtpd.web11.403.1636738827838684619
 for <devel@edk2.groups.io>;
 Fri, 12 Nov 2021 09:40:28 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=AEcF5hQeuPNNzQJg68AmE0rZa64KyG107DWAJgHIL7/sMosoiUuH3h5kisGIivLrX8EQ5euC2IWp0tMhg38TMixOJXtrcmOYnStTf+9CEk787mLbRrrn2xhvDhs4KG5jSHiNxXs2q0/sZ93NbBvRyjLXxApKZQ8qHhPmjPgsguzYOzs698m/06P77h5R9av7X4n+8bGgN4Og/wmCifFrI1Z3j+2UzB4wBTk5+toq7mPFSVDyp+3se6TVGsidhVgoWiXL9/fML4diGYch4ImKfiHXaqx5AwYFv+B1mTWOIgy6jQoSPGchkt0C2AyuaQpbjQf6NKfnnzo+1mMTTc7bBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=vSsOCAoj05mNZJVzDfEaGhq0nwLq6KKyhcIqeqjED/4=;
 b=QhwFLBiV6M0UJs56eBPQ2g1zUbf4Q+HWaY/7vNrzCqvGhWY37bJiZ8xzoWBGy2kc7p6ZOfo8eqW003Daezn9myfVIpt/358ubip2WYDNkunrcArQkFPZ9CAcQHMO5M1rjxFFz8UUH9hZR7caDN4DqWeNXrbynbDbbJlRL7BXhxFQyO4mf3veI6rLc+JWAqfOy3w11IyPSDym1bDs15N+Q29QpWf1bjfrDMJUVSXej531Zt3qk8bhDraBGuvWZWC36sGYf9tiFCTYW3H0LTDvXhll/NZHWzqocVWc7HS9vbsnvK/FSijyJMtUoq0QO6g1IKMakx8a+ZEYacvGG/AXFQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
X-Received: from BN0PR04CA0193.namprd04.prod.outlook.com
 (2603:10b6:408:e9::18)
 by DM5PR1201MB0091.namprd12.prod.outlook.com (2603:10b6:4:57::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.13; Fri, 12 Nov
 2021 17:40:24 +0000
X-Received: from BN8NAM11FT014.eop-nam11.prod.protection.outlook.com
 (2603:10b6:408:e9:cafe::56) by BN0PR04CA0193.outlook.office365.com
 (2603:10b6:408:e9::18) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.19 via Frontend
 Transport; Fri, 12 Nov 2021 17:40:24 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+83707+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com;
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 BN8NAM11FT014.mail.protection.outlook.com (10.13.177.142) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.4690.15 via Frontend Transport; Fri, 12 Nov 2021 17:40:24 +0000
X-Received: from sbrijesh-desktop.amd.com (10.180.168.240) by
 SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.17; Fri, 12 Nov
 2021 11:40:21 -0600
From: "Brijesh Singh via groups.io" <brijesh.singh=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>, "Jiewen
 Yao" <jiewen.yao@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, "Jordan
 Justen" <jordan.l.justen@intel.com>, Ard Biesheuvel
	<ardb+tianocore@kernel.org>, Erdem Aktas <erdemaktas@google.com>, "Michael
 Roth" <Michael.Roth@amd.com>, Gerd Hoffmann <kraxel@redhat.com>, "Michael D
 Kinney" <michael.d.kinney@intel.com>, Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>, Ray Ni <ray.ni@intel.com>, Rahul Kumar
	<rahul1.kumar@intel.com>, Eric Dong <eric.dong@intel.com>, Brijesh Singh
	<brijesh.singh@amd.com>, Michael Roth <michael.roth@amd.com>, Jiewen Yao
	<Jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v13 06/32] OvmfPkg: reserve CPUID page
Date: Fri, 12 Nov 2021 11:39:33 -0600
Message-ID: <20211112173959.2505972-7-brijesh.singh@amd.com>
In-Reply-To: <20211112173959.2505972-1-brijesh.singh@amd.com>
References: <20211112173959.2505972-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e52b30a6-b540-4d19-f829-08d9a603820a
X-MS-TrafficTypeDiagnostic: DM5PR1201MB0091:
X-Microsoft-Antispam-PRVS: 
 <DM5PR1201MB0091AC32306CF6A233041DEBE5959@DM5PR1201MB0091.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4714;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 ZIlSVF03gzpaSs7qqsCsAnypqPlpl0JJUhFFzPILgVvPTxLm2VlkA+KXr703ZfAMp19XnGCTyRaSOrFzz9KOJcchJwHDoIDa6Y8zmT2/DqJ7+XTGHz1uDAHA2CJeDHJeotRmNqzKFa1eZ4kfhU5vJH1ZymccFG6RH88mQ7GoB3VLURhxpwBwnZnUOqwijHhelqkpEfYvaooKrnyZ+wGK2VYZFY5XNMwCYe8t1ccqD+fciWYQQu+TMSySr0f5PCsLbMZW7nyIftTGM2ECPX7oh+uMNv9+O1mAMI6gki/XmAOt3CtpGuIczb58iJkuoHUyQVICh4kj8sKA1XwTote8uV6MAm/5M0jEvUAoJlNZO5eRjzTl3Xp8XiRP0i9YJxaO+KZKLDWPCFEhqjUCmJsDSwbgqHVWefHs2hGTRhqqmKzmA+unRsUYFznb/9tVh5ojsyQfzJAvyJAUPP02akt6XFuZVH5/UOJNowdVIzOUiAzu6WVUe1fJLUGhx1p/IxSFFDSgL/MwkhKEHxzKLmo1h4Bjo1B4XK6ZnB+5TPc4ASFBWI12wBJt0gOnqRvIEeuY/ruFRFcpDlBtF3/YNOpJY9L3NT/mPfE9iyJuaFfqbSQMMG6dUwIUyTPi3lBpUPSZmIjxJcXup5c7DBW8tGPPLx4EZJ7DzURsWb0jIDWL06HuteqCTNM80mzhco87cJC79CC/ZXzylqQ6NmFWEcZ0ZO9QyLkr/Nm4QzOz3BsxDsp3y5pm0S+NHURe3vyxncu3JCZBJzyfkYDIQcLzHSKkQPwOOihb49vlDl2OxwskeIpWR4TuhWykcJX1+GyFB72Q
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Nov 2021 17:40:24.6055
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e52b30a6-b540-4d19-f829-08d9a603820a
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 BN8NAM11FT014.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0091
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: N3t6rLATk5e09c8ocwm2jmdwx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1636738828;
 bh=WiCf4mv2BRzDWqthk+hV4gVjvJKHXYBMgtE2/8j8iZY=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=ohS5AoiaYH2yWPRmCx0MAil5DfiSbRm6eM1/F9PP38PO0Qfccer3b7yvr+Rra8SngUa
 GF8iQpKfYvcmycmCbz6a4dviEQbw0Nynzn96QPwhq0R4iS4mw2vUPTi8Wwfs0KyC5JmKb
 4jdbxZaK6jY8GST+g/STuSvcPsDiqvuAk5k=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1636738829534100025
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/OvmfPkg.dec                         |  7 +++++++
 OvmfPkg/OvmfPkgX64.fdf                      |  3 +++
 OvmfPkg/ResetVector/ResetVector.inf         |  2 ++
 OvmfPkg/ResetVector/ResetVector.nasmb       |  2 ++
 OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 16 ++++++++++++++++
 5 files changed, 30 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index deb285fd62c5..bc14cf2ed403 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -357,6 +357,13 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x58
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x59
=20
+  ## The base address and size of a CPUID Area that contains the hypervisor
+  #  provided CPUID results. In the case of SEV-SNP, the CPUID results are
+  #  filtered by the SEV-SNP firmware. If this is set in the .fdf, the
+  #  platform is responsible to reserve this area from DXE phase overwrite=
s.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|0|UINT32|0x60
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize|0|UINT32|0x61
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 1313c7f016bf..e94b433e7b28 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -91,6 +91,9 @@ [FD.MEMFD]
 0x00D000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui=
d.PcdOvmfSnpSecretsSize
=20
+0x00E000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.Pcd=
OvmfCpuidSize
+
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPeiTempRamSize
=20
diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese=
tVector.inf
index fcbc25d0ce3d..1c5d84184ed7 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -55,6 +55,8 @@ [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize
=20
 [FixedPcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re=
setVector.nasmb
index 4e685ef23684..fbaeab5f5168 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -105,6 +105,8 @@
   %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)=
 + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
   %define SEV_SNP_SECRETS_BASE  (FixedPcdGet32 (PcdOvmfSnpSecretsBase))
   %define SEV_SNP_SECRETS_SIZE  (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
+  %define CPUID_BASE  (FixedPcdGet32 (PcdOvmfCpuidBase))
+  %define CPUID_SIZE  (FixedPcdGet32 (PcdOvmfCpuidSize))
=20
 %include "X64/IntelTdxMetadata.asm"
 %include "Ia32/Flat32ToFlat64.asm"
diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVec=
tor/X64/OvmfSevMetadata.asm
index 2bc7790bd808..0cc12ad3473f 100644
--- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
+++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
@@ -17,6 +17,16 @@ BITS  64
 ; AMD SEV-SNP specific sections
 %define OVMF_SECTION_TYPE_SNP_SECRETS     0x2
=20
+;
+; The section contains the hypervisor pre-populated CPUID values.
+; In the case of SEV-SNP, the CPUID values are filtered and measured by
+; the SEV-SNP firmware.
+; The CPUID format is documented in SEV-SNP firmware spec 0.9 section 7.1
+; (CPUID function structure).
+;
+%define OVMF_SECTION_TYPE_CPUID           0x3
+
+
 ALIGN 16
=20
 TIMES (15 - ((OvmfSevGuidedStructureEnd - OvmfSevGuidedStructureStart + 15=
) % 16)) DB 0
@@ -39,5 +49,11 @@ SevSnpSecrets:
   DD  SEV_SNP_SECRETS_SIZE
   DD  OVMF_SECTION_TYPE_SNP_SECRETS
=20
+; CPUID values
+CpuidSec:
+  DD  CPUID_BASE
+  DD  CPUID_SIZE
+  DD  OVMF_SECTION_TYPE_CPUID
+
 OvmfSevGuidedStructureEnd:
   ALIGN   16
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83707): https://edk2.groups.io/g/devel/message/83707
Mute This Topic: https://groups.io/mt/87011874/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-