From nobody Tue Feb 10 10:08:05 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94251+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94251+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1663965312; cv=none; d=zohomail.com; s=zohoarc; b=NXQyPtiiUdZYMkFqxQLlCifdK3VKjeXXeSVxkfYLo6rnPrXW5xuOxfc4AeXUGPK1woXhe0f65nue2IYQv3tNWxnFWdoaRhxFjYp0mEWzXMVlklC9jYNVd4/miwP5N2DK1HG2Hkc+l88qH15H1gLddKUQ/crZiZz6c29nj2IsW5A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663965312; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=fC5u3Ee9fJNxTGe3iWN/c+sOTVMDwqjbKL5Hmuo0U+Q=; b=dpcGc7ZI02gx68jIiknjkhlEstM6l/I3nuzgXZSPZEUWNLfPBaZcPTqp2JNv7i6efyc6qtQH5UEz/d9tukVePHaoBunlJ+RnPB3Rsu/JjfUPXA5UInwFEnWR/MwAhZlQf7wD5aiw3JZ0zjeASDPuxwrkx5ka5GCmb2hLlaHuDjs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94251+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1663965312337673.9830390093275; Fri, 23 Sep 2022 13:35:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id b3w3YY1788612xxabU0hqmJk; Fri, 23 Sep 2022 13:35:12 -0700 X-Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) by mx.groups.io with SMTP id smtpd.web11.129.1663965311401539168 for ; Fri, 23 Sep 2022 13:35:11 -0700 X-Received: by mail-pf1-f202.google.com with SMTP id cg5-20020a056a00290500b0053511889856so607673pfb.18 for ; Fri, 23 Sep 2022 13:35:11 -0700 (PDT) X-Gm-Message-State: GFBAtISzrBa67PFLwy2F52MVx1787277AA= X-Google-Smtp-Source: AMsMyM5c3cAg7gNf/p6sBbuGD3QV7LW4KhdVz97rpEC+9xx8mkf+sEojD0I394XGD7h2EAsczbcDR3lF00idAxe5vg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:eb90:b0:176:b24a:e69b with SMTP id q16-20020a170902eb9000b00176b24ae69bmr10121964plg.86.1663965310660; Fri, 23 Sep 2022 13:35:10 -0700 (PDT) Date: Fri, 23 Sep 2022 20:34:28 +0000 In-Reply-To: <20220923203431.1428535-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220923203431.1428535-1-dionnaglaze@google.com> Message-ID: <20220923203431.1428535-2-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH 1/4] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Sophia Wolf Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1663965312; bh=lak0wi6ksLhvuk72TSiWTfcmN3sMU1IoEefpDb8y1jk=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=LRVDYKHPV7K98sC7eY+GaXVwdNIZTmj+V9+4y2PnqhyeZzf+upAi2MOluXMhRsl2LiM x736G/eMM5FzRQ0fTxlxA8TTB19PeoJMB57Q4eomUCpgs+B97N2AH5qYafF58+OcAgi0h fPyp4AgvUY/tk8p+TR49uTiuDLCgingJurI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1663965313275100004 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sophia Wolf When a guest OS does not support unaccepted memory, the unaccepted memory must be accepted before returning a memory map to the caller. EfiMemoryAcceptProtocol is defined in MdePkg and is implementated / Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Sophia Wolf --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 34 ++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++ OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++++++++ .../Ia32/MemEncryptSevLib.c | 17 +++++++++ .../X64/DxeSnpSystemRamValidate.c | 35 +++++++++++++++++++ .../X64/PeiSnpSystemRamValidate.c | 17 +++++++++ .../X64/SecSnpSystemRamValidate.c | 18 ++++++++++ 7 files changed, 138 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 662d3c4ccb..6e3a1fc7d7 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -20,6 +20,7 @@ #include #include #include +#include =20 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { SIGNATURE_32 ('A', 'M', 'D', 'E'), @@ -31,6 +32,29 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBoo= tDxeTable =3D { FixedPcdGet32 (PcdOvmfCpuidSize), }; =20 +STATIC EFI_HANDLE mAmdSevDxeHandle =3D NULL; + +STATIC +EFI_STATUS +EFIAPI +AmdSevMemoryAccept ( + IN EFI_MEMORY_ACCEPT_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS StartAddress, + IN UINTN Size +) +{ + MemEncryptSnpAcceptPages ( + StartAddress, + EFI_SIZE_TO_PAGES (Size) + ); + + return EFI_SUCCESS; +} + +STATIC EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol =3D { + AmdSevMemoryAccept +}; + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -147,6 +171,16 @@ AmdSevDxeEntryPoint ( } } =20 + Status =3D gBS->InstallProtocolInterface ( + &mAmdSevDxeHandle, + &gEfiMemoryAcceptProtocolGuid, + EFI_NATIVE_INTERFACE, + &mMemoryAcceptProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_S= EV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 9acf860cf2..5ddddabc32 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -47,6 +47,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize =20 +[Protocols] + gEfiMemoryAcceptProtocolGuid + [Guids] gConfidentialComputingSevSnpBlobGuid =20 diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 4fa9c0d700..05ec10471d 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -228,4 +228,18 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ); =20 +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index f92299fc77..f0747d792e 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -153,3 +153,20 @@ MemEncryptSevSnpPreValidateSystemRam ( { ASSERT (FALSE); } + +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c index d3a95e4913..7693e0ca66 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -14,6 +14,7 @@ #include =20 #include "SnpPageStateChange.h" +#include "VirtualMemory.h" =20 /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. @@ -38,3 +39,37 @@ MemEncryptSevSnpPreValidateSystemRam ( // ASSERT (FALSE); } + +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + EFI_STATUS Status; + + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + if (BaseAddress >=3D SIZE_4GB) { + Status =3D InternalMemEncryptSevCreateIdentityMap1G ( + 0, + BaseAddress, + EFI_PAGES_TO_SIZE (NumPages) + ); + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); + } + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 4970165444..1c52bfe691 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -126,3 +126,20 @@ MemEncryptSevSnpPreValidateSystemRam ( BaseAddress =3D EndAddress; } } + +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c index 7797febb8a..edfebf6ef4 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -10,6 +10,7 @@ =20 #include #include +#include #include =20 #include "SnpPageStateChange.h" @@ -80,3 +81,20 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); } + +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + ASSERT(FALSE); +} --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94251): https://edk2.groups.io/g/devel/message/94251 Mute This Topic: https://groups.io/mt/93879404/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-