From nobody Tue Feb 10 08:28:05 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+89949+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1653267774095705.9392122401109;
 Sun, 22 May 2022 18:02:54 -0700 (PDT)
Return-Path: <bounce+27952+89949+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id RfLfYY1788612xLbHn3tXc8X;
 Sun, 22 May 2022 18:02:53 -0700
X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com
 (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.86])
 by mx.groups.io with SMTP id smtpd.web11.255.1653060585259134509
 for <devel@edk2.groups.io>;
 Fri, 20 May 2022 08:29:45 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=I6vftifo5FDJpuZ8V6XeUMl0RA+dM2cj/C+7okAqmNqjFsydIDVx7zSvood0ZEjAHAbzNrf+r7p6VWb8sgDL3FCWrr0wTXf5P5BfO2v4tzdxRYIvHvteTnIen5e0BTumUQRScKuZBSsWsPo18NCs1vxOYsPRGLgB0sjBHm0gCrNRxvDEy31PYLcUByR0t2FhC24YjsVmwx1rbFG2HjObE8TC5oYQok3BXjIKkEd/ccZg8YnDDdv2Oehfyh0ANu2Ftk0gNAmLZMDTBFxiaIjp8ceIBJ20djM1xNK0p4q89zZGISpIEqMl2IBSGHweVtIWza9RKDv5sJLuLZDskBKISg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=BLnVx/bOSV/VG+Rdhs8Q75YZIyxGRC/r1zDTrzLjTtc=;
 b=nI2v7gdVjESkTYa3AFcHjXJ7ZCxVZuWdshTi6ADQltASbF6x3k1iU2Lcd4ApVLLsD7E1e6PdzKuReY5cbjR1J3ahe8KRg+qZj60Vj7/2Vk0fOGa+1jnYFOJn1VrbXMUJR2MiqnMe/7hi18DkyYwWm+s41lXlA8WbBjvUuqBbLEv39zMTGEE5NTxeXyMkgWXqGwABuWNYBQDC3pPru7VnNxziUCSok4B3bP1VcTg9/v34wiz9qqplCLvf0XIWpsUIBFHk0ELE5+OgtwJd684WTqJsp+UU5DKD2g5J1+Kh9haH0PL71GXw3BNFCkwVUIiJ31RvfOEx0WAwUZn2Knwl/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
X-Received: from DM5PR18CA0078.namprd18.prod.outlook.com (2603:10b6:3:3::16)
 by
 DM6PR12MB3708.namprd12.prod.outlook.com (2603:10b6:5:1c5::12) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.5273.13; Fri, 20 May 2022 15:29:42 +0000
X-Received: from DM6NAM11FT027.eop-nam11.prod.protection.outlook.com
 (2603:10b6:3:3:cafe::16) by DM5PR18CA0078.outlook.office365.com
 (2603:10b6:3:3::16) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5144.22 via Frontend
 Transport; Fri, 20 May 2022 15:29:42 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+89949+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 DM6NAM11FT027.mail.protection.outlook.com (10.13.172.205) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.5273.14 via Frontend Transport; Fri, 20 May 2022 15:29:42 +0000
X-Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 20 May
 2022 10:29:41 -0500
From: "Michael Roth via groups.io" <michael.roth=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Tom Lendacky <thomas.lendacky@amd.com>, "Ni, Ray" <ray.ni@intel.com>
Subject: [edk2-devel] [PATCH v3 4/4] UefiCpuPkg: Store SEV-SNP AP jump table
 in the secrets page
Date: Fri, 20 May 2022 10:27:30 -0500
Message-ID: <20220520152730.7924-5-michael.roth@amd.com>
In-Reply-To: <20220520152730.7924-1-michael.roth@amd.com>
References: <20220520152730.7924-1-michael.roth@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7d94aeb6-024c-4e00-db60-08da3a758ff6
X-MS-TrafficTypeDiagnostic: DM6PR12MB3708:EE_
X-Microsoft-Antispam-PRVS: 
 <DM6PR12MB3708CD258586438EFF1338EC95D39@DM6PR12MB3708.namprd12.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 30L89snJrFdVlqaOod2Hvca8J4yNJwsz+bWUnZz9uR/ErVFgAlhCTapkG8D6JxDUT+7dR794He6WVCRmO/u/N0KuCllBcxVHYgSb4Wj3L2h/HeNH13vPeDOVHoHsmhgDiALCL38CLyTzaSBMDlAmTg5HCmmr7dn7pGJrX69bEik1NKqV+A7iTEPwiSjJ1gqnJY5Ay4YszdFaSD7IDus41ld1ObCz6aF8elWudqUiH5YCX+tHKvDbLt3PZMsVwsz0pwCln8RPfuEcahlAbVpxgeP/OAyra8V4KbtodIke5BDjinik8syepCj/7qLLX5bP9UIPnJ+NKlh2vYYcQNNIFb5+7mdaCS2Ckjb8HByYJltP/MYmEj+CcHYHNHjCu081joJQOUjKezMoGzUmclbK3hMcrVz7RuVLbDzDk/cR9TQB0V3JXsHHtpBQHSzBTwKVPzAH30vkxhFu2DxUXqh836uJjNnBnH9uH/7Y7n81HFr586f4+Nz5MQctyZwLLFFu9cwf03ZqoTiTjxu9F9OwQksh8mfcQsc707rNSu+DLwzGxnoa0WURvEjSH/ARFBWyKFgxCECJvXYV5d5dDP83uVN1v+NK4sFcyPs6zTqolfm3Q/6a1BiCIOq6fK56y4FBXE5d+rog1zQjkLA8gBPB8w4WUSI+EawKl6bWgIMEgovNw25FpoEdIn17gq35xPSUcPEvn5NUygsgQxgTWd8/Tg==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2022 15:29:42.6157
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7d94aeb6-024c-4e00-db60-08da3a758ff6
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT027.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3708
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,michael.roth@amd.com
X-Gm-Message-State: 5HV1uN8Q3TmYFqBbKFsAVb2nx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1653267773;
 bh=tzG81FNTnqBJfp6Fg4lDPhKxZaBu3L8hS+WSA+3P9GA=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=I8Mg8Ra/0ndB1L9iKSSYbm3c/niW96gI6ZQ4fyxq9SUkdyIYrx9FOcPX9YKqYgb3l0T
 9GNBnRIfNOcORq8cugPp+9somkDfSEfONfQr8JpCgV95f1o6KV856tgxxxQt53Rs3oIAk
 TIxZ6jJqO3uSoMVmT82PIGJd+xUxs3r0iGc=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1653267775498100015
Content-Type: text/plain; charset="utf-8"

A full-featured SEV-SNP guest will not rely on the AP jump table, and
will instead use the AP Creation interface defined by the GHCB. However,
a guest is still allowed to use the AP jump table if desired.

However, unlike with SEV-ES guests, SEV-SNP guests should not
store/retrieve the jump table address via GHCB requests to the
hypervisor, they should instead store/retrieve it via the SEV-SNP
secrets page. Implement the store side of this for OVMF.

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib=
rary/MpInitLib/DxeMpInitLib.inf
index e1cd0b3500..d8cfddcd82 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -80,3 +80,4 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                      ## =
CONSUMES

   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                           ## =
CONSUMES

   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr           ## =
CONSUMES

+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress                     ## =
CONSUMES

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M=
pInitLib/DxeMpLib.c
index 60d14a5a0e..4d6f7643db 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -15,6 +15,7 @@
 #include <Library/VmgExitLib.h>

 #include <Register/Amd/Fam17Msr.h>

 #include <Register/Amd/Ghcb.h>

+#include <Register/Amd/SnpSecretsPage.h>

=20

 #include <Protocol/Timer.h>

=20

@@ -216,6 +217,15 @@ GetSevEsAPMemory (
=20

   DEBUG ((DEBUG_INFO, "Dxe: SevEsAPMemory =3D %lx\n", (UINTN)StartAddress)=
);

=20

+  if (ConfidentialComputingGuestHas (CCAttrAmdSevSnp)) {

+    SNP_SECRETS_PAGE  *Secrets;

+

+    Secrets                       =3D (SNP_SECRETS_PAGE *)(INTN)PcdGet64 (=
PcdSevSnpSecretsAddress);

+    Secrets->OsArea.ApJumpTablePa =3D (UINT64)(UINTN)StartAddress;

+

+    return (UINTN)StartAddress;

+  }

+

   //

   // Save the SevEsAPMemory as the AP jump table.

   //

--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89949): https://edk2.groups.io/g/devel/message/89949
Mute This Topic: https://groups.io/mt/91279454/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-