From nobody Mon Feb  9 15:11:18 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+95526+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+95526+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1666644089; cv=none;
	d=zohomail.com; s=zohoarc;
	b=fKzF6Q9ugx/tcysRDYc9zQPDBTNLI00Rj2ootKiWcRtIKzPs5LZ3d/Ax+HlzoqXS/w/JiyxSgkGxwb/bSkqQcl5jVKzzVjToZ9/V28KKXImc7wJudDtxXrLbr4WfD+E5SL4QSHuD2Ga7nEOFcC1OC4I6SWx+rUj2Xd/fqm9nc5s=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1666644089;
 h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=ERC9uUcioS60W7ZBsWHoMTNAq1EYAiwI1EFUJhCW+TQ=;
	b=mABXOfquhIYzd5dmjO9jguT1VR7H+AYRi6vJ1ak+zRZ/creMG8LWSnsGvsMSgckLep8v3tDygbhDeKxNY9siWu5d6X/2YRqx6ftixj8il93+dlcMem/wlTzAfeyAfe5nnHip8nYC+7N1SbfPrlQr/KyWVUaCizGWLWUkKgGchoM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+95526+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1666644089412920.6865650426056;
 Mon, 24 Oct 2022 13:41:29 -0700 (PDT)
Return-Path: <bounce+27952+95526+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id DzVFYY1788612x4wA88HHf4C;
 Mon, 24 Oct 2022 13:41:29 -0700
X-Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
 by mx.groups.io with SMTP id smtpd.web12.1417.1666644088248921201
 for <devel@edk2.groups.io>;
 Mon, 24 Oct 2022 13:41:28 -0700
X-Received: by mail-pf1-f201.google.com with SMTP id
 f13-20020a62380d000000b0056a7486d9a1so4761032pfa.4
        for <devel@edk2.groups.io>; Mon, 24 Oct 2022 13:41:28 -0700 (PDT)
X-Gm-Message-State: tnu0iCrg7Rx465kqbILoFr8qx1787277AA=
X-Google-Smtp-Source: 
 AMsMyM71SEw2PhWYtn4cuO7QqxpAYOC8+zUldBXzTHyt7vNdkXyVy5BL3Pz0TUNF2R0R79cZdzPvSC0omv5g09VkWA==
X-Received: from dionnaglaze.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6])
 (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:4396:b0:563:6fd7:9c98 with
 SMTP id bt22-20020a056a00439600b005636fd79c98mr35840501pfb.13.1666644087695;
 Mon, 24 Oct 2022 13:41:27 -0700 (PDT)
Date: Mon, 24 Oct 2022 20:41:08 +0000
In-Reply-To: <20221024204114.2772064-1-dionnaglaze@google.com>
Mime-Version: 1.0
References: <20221024204114.2772064-1-dionnaglaze@google.com>
Message-ID: <20221024204114.2772064-2-dionnaglaze@google.com>
Subject: [edk2-devel] [PATCH v8 1/7] OvmfPkg: Realize EfiMemoryAcceptProtocol
 in AmdSevDxe
From: "Dionna Glaze via groups.io" <dionnaglaze=google.com@groups.io>
To: devel@edk2.groups.io
Cc: Dionna Glaze <dionnaglaze@google.com>, Gerd Hoffmann <kraxel@redhat.com>,
	James Bottomley <jejb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dionnaglaze@google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1666644089;
 bh=pOUsYiP6jUCl9AOkO2uypEwtJYd4t+M+TpuJprzxZm8=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=ADfwusLBL0HdpBtQJBO4lbN9A+BczksbwyZPsw6tvZtHFJ4tc8OaUYFzrkRUIfHWiQ0
 CiMetUWNczUA7VBVi7+1aZxXl00b1syPIJOEtxRAVe3EbtrV1RoL5lmx3Q5gcV2hEBAxg
 Pl8mrJ2XN69kpIo5Ziz86quqZpuuFOfXqN0=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1666644089804100007
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Sophia Wolf <phiawolf@google.com>

When a guest OS does not support unaccepted memory, the unaccepted
memory must be accepted before returning a memory map to the caller.

EfiMemoryAcceptProtocol is defined in MdePkg and is implemented /
Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/AmdSevDxe/AmdSevDxe.c                                      | 55 ++=
++++++++++++++++--
 OvmfPkg/AmdSevDxe/AmdSevDxe.inf                                    |  3 ++
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 ++=
+++++--
 3 files changed, 74 insertions(+), 8 deletions(-)

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 662d3c4ccb..f7600c3c81 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -20,6 +20,7 @@
 #include <Library/UefiBootServicesTableLib.h>
 #include <Guid/ConfidentialComputingSevSnpBlob.h>
 #include <Library/PcdLib.h>
+#include <Protocol/MemoryAccept.h>
=20
 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable =3D {
   SIGNATURE_32 ('A',                                    'M', 'D', 'E'),
@@ -31,6 +32,40 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBoo=
tDxeTable =3D {
   FixedPcdGet32 (PcdOvmfCpuidSize),
 };
=20
+STATIC EFI_HANDLE  mAmdSevDxeHandle =3D NULL;
+
+#define IS_ALIGNED(x, y)  ((((x) & ((y) - 1)) =3D=3D 0))
+
+STATIC
+EFI_STATUS
+EFIAPI
+AmdSevMemoryAccept (
+  IN EDKII_MEMORY_ACCEPT_PROTOCOL  *This,
+  IN EFI_PHYSICAL_ADDRESS          StartAddress,
+  IN UINTN                         Size
+  )
+{
+  //
+  // The StartAddress must be page-aligned, and the Size must be a positive
+  // multiple of SIZE_4KB. Use an assert instead of returning an erros sin=
ce
+  // this is an EDK2-internal protocol.
+  //
+  ASSERT (IS_ALIGNED (StartAddress, SIZE_4KB));
+  ASSERT (IS_ALIGNED (Size, SIZE_4KB));
+  ASSERT (Size !=3D 0);
+
+  MemEncryptSevSnpPreValidateSystemRam (
+    StartAddress,
+    EFI_SIZE_TO_PAGES (Size)
+    );
+
+  return EFI_SUCCESS;
+}
+
+STATIC EDKII_MEMORY_ACCEPT_PROTOCOL  mMemoryAcceptProtocol =3D {
+  AmdSevMemoryAccept
+};
+
 EFI_STATUS
 EFIAPI
 AmdSevDxeEntryPoint (
@@ -147,11 +182,23 @@ AmdSevDxeEntryPoint (
     }
   }
=20
-  //
-  // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_S=
EV_SNP_BLOB.
-  // It contains the location for both the Secrets and CPUID page.
-  //
   if (MemEncryptSevSnpIsEnabled ()) {
+    //
+    // Memory acceptance began being required in SEV-SNP, so install the
+    // memory accept protocol implementation for a SEV-SNP active guest.
+    //
+    Status =3D gBS->InstallProtocolInterface (
+                    &mAmdSevDxeHandle,
+                    &gEdkiiMemoryAcceptProtocolGuid,
+                    EFI_NATIVE_INTERFACE,
+                    &mMemoryAcceptProtocol
+                    );
+    ASSERT_EFI_ERROR (Status);
+
+    //
+    // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING=
_SEV_SNP_BLOB.
+    // It contains the location for both the Secrets and CPUID page.
+    //
     return gBS->InstallConfigurationTable (
                   &gConfidentialComputingSevSnpBlobGuid,
                   &mSnpBootDxeTable
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.=
inf
index 9acf860cf2..cd1b686c53 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -47,6 +47,9 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
=20
+[Protocols]
+  gEdkiiMemoryAcceptProtocolGuid
+
 [Guids]
   gConfidentialComputingSevSnpBlobGuid
=20
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida=
te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
index d3a95e4913..cbcdd46f52 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
@@ -14,6 +14,7 @@
 #include <Library/MemEncryptSevLib.h>
=20
 #include "SnpPageStateChange.h"
+#include "VirtualMemory.h"
=20
 /**
   Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam (
   IN UINTN             NumPages
   )
 {
+  EFI_STATUS  Status;
+
   if (!MemEncryptSevSnpIsEnabled ()) {
     return;
   }
=20
-  //
-  // All the pre-validation must be completed in the PEI phase.
-  //
-  ASSERT (FALSE);
+  // DXE pre-validation may happen with the memory accept protocol.
+  // The protocol should only be called outside the prevalidated ranges
+  // that the PEI stage code explicitly skips. Specifically, only memory
+  // ranges that are classified as unaccepted.
+  if (BaseAddress >=3D SIZE_4GB) {
+    Status =3D InternalMemEncryptSevCreateIdentityMap1G (
+               0,
+               BaseAddress,
+               EFI_PAGES_TO_SIZE (NumPages)
+               );
+    if (EFI_ERROR (Status)) {
+      ASSERT (FALSE);
+      CpuDeadLoop ();
+    }
+  }
+
+  InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
 }
--=20
2.38.0.135.g90850a2211-goog



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95526): https://edk2.groups.io/g/devel/message/95526
Mute This Topic: https://groups.io/mt/94544530/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-