MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++ MdeModulePkg/Core/Dxe/DxeMain.inf | 3 + MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++- MdeModulePkg/Core/Dxe/Mem/Page.c | 122 ++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 9 ++ MdeModulePkg/MdeModulePkg.uni | 6 + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 + OvmfPkg/Bhyve/BhyveX64.dsc | 2 + OvmfPkg/CloudHv/CloudHvX64.dsc | 2 + OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 + .../Ia32/MemEncryptSevLib.c | 17 +++ .../X64/DxeSnpSystemRamValidate.c | 35 +++++ .../X64/PeiSnpSystemRamValidate.c | 17 +++ .../X64/SecSnpSystemRamValidate.c | 18 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/OvmfXen.dsc | 2 + 20 files changed, 334 insertions(+), 1 deletion(-)
These three patches build on the lazy-accept patch series "Introduce Lazy-accept for Tdx guest" by adding SEV-SNP support for the MemoryAccept protocol, and importantly making eager memory acceptance the default behavior. For unaccepted memory to be enabled, we must know that the booted image supports the unaccepted memory type. We add a trivial protocol that sets a dynamic Pcd to true when called in order for the booted image to signal its support for unaccepted memory. This does not need to be an OsIndications bit because it does not need to be persisted. We use the Pcd to disable a new ExitBootServices notification that accepts all unaccepted memory, removes the unaccepted memory entries in the memory space map, and then add the same memory ranges back as conventional memory. All images that support unaccepted memory must now locate and call this new ENABLE_UNACCEPTED_MEMORY_PROTOCOL. Cc: Ard Biescheuvel <ardb@kernel.org> Cc: "Min M. Xu" <min.m.xu@intel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Erdem Aktas <erdemaktas@google.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com> Dionna Glaze (3): OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe DxeMain accepts all memory at EBS if needed MdeModulePkg: add EnableUnacceptedMemoryProtocol MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++ MdeModulePkg/Core/Dxe/DxeMain.inf | 3 + MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++- MdeModulePkg/Core/Dxe/Mem/Page.c | 122 ++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 9 ++ MdeModulePkg/MdeModulePkg.uni | 6 + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 + OvmfPkg/Bhyve/BhyveX64.dsc | 2 + OvmfPkg/CloudHv/CloudHvX64.dsc | 2 + OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 + .../Ia32/MemEncryptSevLib.c | 17 +++ .../X64/DxeSnpSystemRamValidate.c | 35 +++++ .../X64/PeiSnpSystemRamValidate.c | 17 +++ .../X64/SecSnpSystemRamValidate.c | 18 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/OvmfXen.dsc | 2 + 20 files changed, 334 insertions(+), 1 deletion(-) -- 2.37.3.998.g577e59143f-goog -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94134): https://edk2.groups.io/g/devel/message/94134 Mute This Topic: https://groups.io/mt/93857638/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 9/22/22 15:50, Dionna Glaze wrote: > These three patches build on the lazy-accept patch series > > "Introduce Lazy-accept for Tdx guest" > > by adding SEV-SNP support for the MemoryAccept protocol, and > importantly making eager memory acceptance the default behavior. > > For unaccepted memory to be enabled, we must know that the booted image > supports the unaccepted memory type. We add a trivial protocol that sets > a dynamic Pcd to true when called in order for the booted image to > signal its support for unaccepted memory. This does not need to be an > OsIndications bit because it does not need to be persisted. > > We use the Pcd to disable a new ExitBootServices notification that > accepts all unaccepted memory, removes the unaccepted memory entries in > the memory space map, and then add the same memory ranges back as > conventional memory. > > All images that support unaccepted memory must now locate and call this > new ENABLE_UNACCEPTED_MEMORY_PROTOCOL. This seems to be missing the creation of unaccepted memory under SEV-SNP. Is that going to be part of a separate patch (to update PlatformAddMemoryBaseSizeHob () and mark anything above 4GB as unaccepted)? Thanks, Tom > > Cc: Ard Biescheuvel <ardb@kernel.org> > Cc: "Min M. Xu" <min.m.xu@intel.org> > Cc: Gerd Hoffmann <kraxel@redhat.com> > Cc: James Bottomley <jejb@linux.ibm.com> > Cc: Tom Lendacky <Thomas.Lendacky@amd.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Erdem Aktas <erdemaktas@google.com> > > Signed-off-by: Dionna Glaze <dionnaglaze@google.com> > > Dionna Glaze (3): > OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe > DxeMain accepts all memory at EBS if needed > MdeModulePkg: add EnableUnacceptedMemoryProtocol > > MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++ > MdeModulePkg/Core/Dxe/DxeMain.inf | 3 + > MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++- > MdeModulePkg/Core/Dxe/Mem/Page.c | 122 ++++++++++++++++++ > MdeModulePkg/MdeModulePkg.dec | 9 ++ > MdeModulePkg/MdeModulePkg.uni | 6 + > OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++ > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 + > OvmfPkg/Bhyve/BhyveX64.dsc | 2 + > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 + > OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++ > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 + > .../Ia32/MemEncryptSevLib.c | 17 +++ > .../X64/DxeSnpSystemRamValidate.c | 35 +++++ > .../X64/PeiSnpSystemRamValidate.c | 17 +++ > .../X64/SecSnpSystemRamValidate.c | 18 +++ > OvmfPkg/OvmfPkgIa32X64.dsc | 2 + > OvmfPkg/OvmfPkgX64.dsc | 2 + > OvmfPkg/OvmfXen.dsc | 2 + > 20 files changed, 334 insertions(+), 1 deletion(-) > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94243): https://edk2.groups.io/g/devel/message/94243 Mute This Topic: https://groups.io/mt/93857638/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Ah yes, I did forget to include that patch. Will add to v2. I was just setting the ResourceType to unaccepted and skipping the Prevalidate call in PlatformPei if the start address is greater or equal to SIZE_4GB. That seemed more self-contained than messing with PlatformInitLib. Would you prefer that I add SevSnp logic to PlatformInitLib? On Fri, Sep 23, 2022 at 10:19 AM Tom Lendacky <thomas.lendacky@amd.com> wrote: > On 9/22/22 15:50, Dionna Glaze wrote: > > These three patches build on the lazy-accept patch series > > > > "Introduce Lazy-accept for Tdx guest" > > > > by adding SEV-SNP support for the MemoryAccept protocol, and > > importantly making eager memory acceptance the default behavior. > > > > For unaccepted memory to be enabled, we must know that the booted image > > supports the unaccepted memory type. We add a trivial protocol that sets > > a dynamic Pcd to true when called in order for the booted image to > > signal its support for unaccepted memory. This does not need to be an > > OsIndications bit because it does not need to be persisted. > > > > We use the Pcd to disable a new ExitBootServices notification that > > accepts all unaccepted memory, removes the unaccepted memory entries in > > the memory space map, and then add the same memory ranges back as > > conventional memory. > > > > All images that support unaccepted memory must now locate and call this > > new ENABLE_UNACCEPTED_MEMORY_PROTOCOL. > > This seems to be missing the creation of unaccepted memory under SEV-SNP. > Is that going to be part of a separate patch (to update > PlatformAddMemoryBaseSizeHob () and mark anything above 4GB as unaccepted)? > > Thanks, > Tom > > > > > Cc: Ard Biescheuvel <ardb@kernel.org> > > Cc: "Min M. Xu" <min.m.xu@intel.org> > > Cc: Gerd Hoffmann <kraxel@redhat.com> > > Cc: James Bottomley <jejb@linux.ibm.com> > > Cc: Tom Lendacky <Thomas.Lendacky@amd.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Erdem Aktas <erdemaktas@google.com> > > > > Signed-off-by: Dionna Glaze <dionnaglaze@google.com> > > > > Dionna Glaze (3): > > OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe > > DxeMain accepts all memory at EBS if needed > > MdeModulePkg: add EnableUnacceptedMemoryProtocol > > > > MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++ > > MdeModulePkg/Core/Dxe/DxeMain.inf | 3 + > > MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++- > > MdeModulePkg/Core/Dxe/Mem/Page.c | 122 ++++++++++++++++++ > > MdeModulePkg/MdeModulePkg.dec | 9 ++ > > MdeModulePkg/MdeModulePkg.uni | 6 + > > OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + > > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++ > > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 + > > OvmfPkg/Bhyve/BhyveX64.dsc | 2 + > > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 + > > OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++ > > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 + > > .../Ia32/MemEncryptSevLib.c | 17 +++ > > .../X64/DxeSnpSystemRamValidate.c | 35 +++++ > > .../X64/PeiSnpSystemRamValidate.c | 17 +++ > > .../X64/SecSnpSystemRamValidate.c | 18 +++ > > OvmfPkg/OvmfPkgIa32X64.dsc | 2 + > > OvmfPkg/OvmfPkgX64.dsc | 2 + > > OvmfPkg/OvmfXen.dsc | 2 + > > 20 files changed, 334 insertions(+), 1 deletion(-) > > > -- -Dionna Glaze, PhD (she/her) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94248): https://edk2.groups.io/g/devel/message/94248 Mute This Topic: https://groups.io/mt/93857638/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 9/23/22 14:34, Dionna Amalie Glaze wrote: > Ah yes, I did forget to include that patch. Will add to v2. I was just > setting the ResourceType to unaccepted and skipping the Prevalidate call > in PlatformPei if the start address is greater or equal to SIZE_4GB. That > seemed more self-contained than messing with PlatformInitLib. Would you > prefer that I add SevSnp logic to PlatformInitLib? No, if it works and is easier / more concise, then please keep it the way you have it. Thanks, Tom > > On Fri, Sep 23, 2022 at 10:19 AM Tom Lendacky <thomas.lendacky@amd.com > <mailto:thomas.lendacky@amd.com>> wrote: > > On 9/22/22 15:50, Dionna Glaze wrote: > > These three patches build on the lazy-accept patch series > > > > "Introduce Lazy-accept for Tdx guest" > > > > by adding SEV-SNP support for the MemoryAccept protocol, and > > importantly making eager memory acceptance the default behavior. > > > > For unaccepted memory to be enabled, we must know that the booted image > > supports the unaccepted memory type. We add a trivial protocol that > sets > > a dynamic Pcd to true when called in order for the booted image to > > signal its support for unaccepted memory. This does not need to be an > > OsIndications bit because it does not need to be persisted. > > > > We use the Pcd to disable a new ExitBootServices notification that > > accepts all unaccepted memory, removes the unaccepted memory entries in > > the memory space map, and then add the same memory ranges back as > > conventional memory. > > > > All images that support unaccepted memory must now locate and call this > > new ENABLE_UNACCEPTED_MEMORY_PROTOCOL. > > This seems to be missing the creation of unaccepted memory under SEV-SNP. > Is that going to be part of a separate patch (to update > PlatformAddMemoryBaseSizeHob () and mark anything above 4GB as > unaccepted)? > > Thanks, > Tom > > > > > Cc: Ard Biescheuvel <ardb@kernel.org <mailto:ardb@kernel.org>> > > Cc: "Min M. Xu" <min.m.xu@intel.org <mailto:min.m.xu@intel.org>> > > Cc: Gerd Hoffmann <kraxel@redhat.com <mailto:kraxel@redhat.com>> > > Cc: James Bottomley <jejb@linux.ibm.com <mailto:jejb@linux.ibm.com>> > > Cc: Tom Lendacky <Thomas.Lendacky@amd.com > <mailto:Thomas.Lendacky@amd.com>> > > Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>> > > Cc: Erdem Aktas <erdemaktas@google.com <mailto:erdemaktas@google.com>> > > > > Signed-off-by: Dionna Glaze <dionnaglaze@google.com > <mailto:dionnaglaze@google.com>> > > > > Dionna Glaze (3): > > OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe > > DxeMain accepts all memory at EBS if needed > > MdeModulePkg: add EnableUnacceptedMemoryProtocol > > > > MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++ > > MdeModulePkg/Core/Dxe/DxeMain.inf | 3 + > > MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++- > > MdeModulePkg/Core/Dxe/Mem/Page.c | 122 > ++++++++++++++++++ > > MdeModulePkg/MdeModulePkg.dec | 9 ++ > > MdeModulePkg/MdeModulePkg.uni | 6 + > > OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + > > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++ > > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 + > > OvmfPkg/Bhyve/BhyveX64.dsc | 2 + > > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 + > > OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++ > > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 + > > .../Ia32/MemEncryptSevLib.c | 17 +++ > > .../X64/DxeSnpSystemRamValidate.c | 35 +++++ > > .../X64/PeiSnpSystemRamValidate.c | 17 +++ > > .../X64/SecSnpSystemRamValidate.c | 18 +++ > > OvmfPkg/OvmfPkgIa32X64.dsc | 2 + > > OvmfPkg/OvmfPkgX64.dsc | 2 + > > OvmfPkg/OvmfXen.dsc | 2 + > > 20 files changed, 334 insertions(+), 1 deletion(-) > > > > > > -- > -Dionna Glaze, PhD (she/her) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94249): https://edk2.groups.io/g/devel/message/94249 Mute This Topic: https://groups.io/mt/93857638/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On Fri, Sep 23, 2022 at 02:42:57PM -0500, Tom Lendacky wrote: > On 9/23/22 14:34, Dionna Amalie Glaze wrote: > > Ah yes, I did forget to include that patch. Will add to v2. I was just > > setting the ResourceType to unaccepted and skipping the Prevalidate call > > in PlatformPei if the start address is greater or equal to SIZE_4GB. > > That seemed more self-contained than messing with PlatformInitLib. Would > > you prefer that I add SevSnp logic to PlatformInitLib? > > No, if it works and is easier / more concise, then please keep it the way > you have it. Well, moving over the SEV code over to PlatformInitLib makes sense. That should allow the AmdSev use pei-less boot, simliar to IntelTdx, and further down the road allow unify AmdSev + IntelTdx variants into a single firmware binary supporting both SevSnp and Tdx. I don't think that should be part of the "unaccepted memory" patch series though. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94341): https://edk2.groups.io/g/devel/message/94341 Mute This Topic: https://groups.io/mt/93857638/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.