From nobody Sat Feb  7 09:46:54 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97702+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 167165779175840.72018175412552;
 Wed, 21 Dec 2022 13:23:11 -0800 (PST)
Return-Path: <bounce+27952+97702+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id ZbODYY1788612xpgz9Qc8IaK;
 Wed, 21 Dec 2022 13:23:11 -0800
X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com
 (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.75])
 by mx.groups.io with SMTP id smtpd.web10.22539.1671638864871917866
 for <devel@edk2.groups.io>;
 Wed, 21 Dec 2022 08:07:45 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=kJo1norBbJaTEIgCDY+bly01Q4UCXBHYbAZRKHbdfWb0vdmwmFpYj5+uY2JcALNt26rHSmKOU8tPv6h6ZuzIvD8RYtcKtmdrCevGMJZYWh3f+LU/QZakNGzJEyyp9TrJHAj9z/qS52L2z9czMSgGLtrFJ7c291GYwTsR85jUc0QW/aXWZNErFdZCxb+YzqLvozIvxmuTY1nlA7tL6FwxstF285hStBBYb5/GGjVgLX3MvN5DDLnBEAlVQQZwp/b5SFOrWM5ydGhjQZf0c3v/zZf/TcXs1V3522z9h+1MTSdriEJcgJhRkaO69xCslfTUdEpdzSzkyJCRFwMAVaJy4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=f59gmXconZyZ9v923Eu9Ly+ke1bCER+fRmCbUMqoSj8=;
 b=UmahguErSSKnQIlbR7jciNZew5zP0WrMrx9o7PY33T597Egmt8KHlvmEj8XhuYAvHYgTamGdLxuhUs6zOezvWhW1yM7sw/pL1gTRHBqJ/6eIvw9GcJ7EZ510DP1C6wgUtF4sJCC5dHcwRV8GIL2sUzQV2uQ5P4mzlmeQxMk7U5REpPeZ+0mtco5ohduxKUYrAv98asXfpwN5cVJVo3kOts7+wNU+oTTCkiNYp9BRn+WIqEkHGc773VohXpbGAyTjEWcwUAKQf4CJNHTHVOV6GoXrL3oN+TzVAx0S83YfmRNBUiyb78OpMR8IUfrjkPHthL5tZ7/LE9/8dySwmprhUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
X-Received: from BN9P220CA0024.NAMP220.PROD.OUTLOOK.COM
 (2603:10b6:408:13e::29)
 by SJ0PR12MB6853.namprd12.prod.outlook.com (2603:10b6:a03:47b::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Wed, 21 Dec
 2022 16:07:43 +0000
X-Received: from BN8NAM11FT078.eop-nam11.prod.protection.outlook.com
 (2603:10b6:408:13e:cafe::76) by BN9P220CA0024.outlook.office365.com
 (2603:10b6:408:13e::29) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.21 via Frontend
 Transport; Wed, 21 Dec 2022 16:07:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97702+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 BN8NAM11FT078.mail.protection.outlook.com (10.13.176.251) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.5944.10 via Frontend Transport; Wed, 21 Dec 2022 16:07:42 +0000
X-Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 21 Dec
 2022 10:07:39 -0600
From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Tom Lendacky <thomas.lendacky@amd.com>, <ray.ni@intel.com>, Dov Murik
	<dovmurik@linux.ibm.com>
Subject: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob
 as EfiACPIReclaimMemory
Date: Wed, 21 Dec 2022 10:06:48 -0600
Message-ID: <20221221160651.182143-2-michael.roth@amd.com>
In-Reply-To: <20221221160651.182143-1-michael.roth@amd.com>
References: <20221221160651.182143-1-michael.roth@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM11FT078:EE_|SJ0PR12MB6853:EE_
X-MS-Office365-Filtering-Correlation-Id: adfa5bb6-a608-4ebd-d40b-08dae36d7df1
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 2gwdE2dmSleW10nDkdvz/S7hOo7Vg2y1PuUOGtZ5SXPxMGO/gsMqthGx+GOKRdBDKOWxywmi+sPlEzF4tuiA/nWu9eiWOoXqofEz4yb4JpxD6Gr9+wwWorWzLMpT0JTHzp1TN4mGkThJb5Eo3IMd77BPtx8g3xqfh3lnUcu+jf32JKOTxQLmK8Q7B69ZfL9hxeimShJU3CafQG8l7M5KO4jebsW/WQKmE2/t+DiPolzyaKkJ2dvcLYjir/WkDo8nWxdeLR1fCWZ19FI2Ud+AH6YA4LsbWy2+Ts/0PyeXsRDhsGe5AF4PazayBCSQPkdRHgVZvD6TeX6ZaDsThKFAzzjorB5Bi6RqAWtPOUWzyeQlTlZ5zZzC6OWKEvoTenTsuyEFGq+NyTO0SivarSh4md9jOaaOctGFpix4fx/E7lx2vhAkVDl0SwGYS5HzwXKrVgStBtOEaAFkDwgf8snh8PqKUbKnKprBsjc02gDPLE9JjjuS3bnWBS/hO9rBZAuIJ6JJ470wqwQUzeJp3oSI2kFyfNIIyCEuCH9v2UiDYDj3zNkSgRfDc9DYTFlGsLVOHr4pQ1rGQXnHFbTfiXzOoT4C8vWJefXocpCHSFKQ7ygODqre75zfVBKCZdwXe6pPaMBfg6/tvOlCJR4hWi3nSOsekWm8shaebFFMwnAWJHhzjf0OarZT2x+lAzsg9qb0vqbmNqtJqcfgJya8lRw0c5FhtdIixHvRnRqn1xiBVkxMqgd8VW+KeYpvOmqBAk3bW7+YWVDEkrsnLq1STlF15g==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 16:07:42.9818
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 adfa5bb6-a608-4ebd-d40b-08dae36d7df1
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 BN8NAM11FT078.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB6853
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,Michael.Roth@amd.com
X-Gm-Message-State: eyHUOZsWaqkvsb6eLvMWol1ax1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1671657791;
 bh=aF0dIhGO9ku4m964PADr/PZIGD6Fgx2m+VTsY46julQ=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=vBuzP8aUOEhplejC7w+GRppMCzjUuxttrHeFjSZHO9KvcvlS6/Ry766vmd08BiEt8Tn
 Yq42Tl4aL1towQ3ZQfL1Q9ITVahPPPWxgvovTbaDG4M0CMrYKoJwbplhUkY/R5kFw660e
 A0IuCoAJuD3lVqn6YSCPmUvoJHYkmFA8yxM=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1671657793645100040
Content-Type: text/plain; charset="utf-8"

The SEV-SNP Confidential Computing blob contains metadata that should
remain accessible for the life of the guest. Allocate it as
EfiACPIReclaimMemory to ensure the memory isn't overwritten by the guest
operating system later.

Reported-by: Dov Murik <dovmurik@linux.ibm.com>
Suggested-by: Dov Murik <dovmurik@linux.ibm.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Reviewed-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/AmdSevDxe/AmdSevDxe.c | 62 +++++++++++++++++++++++++++--------
 1 file changed, 48 insertions(+), 14 deletions(-)

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 662d3c4ccb..8dfda961d7 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -21,15 +21,36 @@
 #include <Guid/ConfidentialComputingSevSnpBlob.h>

 #include <Library/PcdLib.h>

=20

-STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable =3D {

-  SIGNATURE_32 ('A',                                    'M', 'D', 'E'),

-  1,

-  0,

-  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfSnpSecretsBase),

-  FixedPcdGet32 (PcdOvmfSnpSecretsSize),

-  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfCpuidBase),

-  FixedPcdGet32 (PcdOvmfCpuidSize),

-};

+STATIC

+EFI_STATUS

+AllocateConfidentialComputingBlob (

+  OUT CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  **CcBlobPtr

+  )

+{

+  EFI_STATUS                                Status;

+  CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *CcBlob;

+

+  Status =3D gBS->AllocatePool (

+                  EfiACPIReclaimMemory,

+                  sizeof (CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION),

+                  (VOID **)&CcBlob

+                  );

+  if (EFI_ERROR (Status)) {

+    return Status;

+  }

+

+  CcBlob->Header                 =3D SIGNATURE_32 ('A', 'M', 'D', 'E');

+  CcBlob->Version                =3D 1;

+  CcBlob->Reserved1              =3D 0;

+  CcBlob->SecretsPhysicalAddress =3D (UINT64)(UINTN)FixedPcdGet32 (PcdOvmf=
SnpSecretsBase);

+  CcBlob->SecretsSize            =3D FixedPcdGet32 (PcdOvmfSnpSecretsSize);

+  CcBlob->CpuidPhysicalAddress   =3D (UINT64)(UINTN)FixedPcdGet32 (PcdOvmf=
CpuidBase);

+  CcBlob->CpuidLSize             =3D FixedPcdGet32 (PcdOvmfCpuidSize);

+

+  *CcBlobPtr =3D CcBlob;

+

+  return EFI_SUCCESS;

+}

=20

 EFI_STATUS

 EFIAPI

@@ -38,10 +59,11 @@ AmdSevDxeEntryPoint (
   IN EFI_SYSTEM_TABLE  *SystemTable

   )

 {

-  EFI_STATUS                       Status;

-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *AllDescMap;

-  UINTN                            NumEntries;

-  UINTN                            Index;

+  EFI_STATUS                                Status;

+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR           *AllDescMap;

+  UINTN                                     NumEntries;

+  UINTN                                     Index;

+  CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *SnpBootDxeTable;

=20

   //

   // Do nothing when SEV is not enabled

@@ -147,6 +169,18 @@ AmdSevDxeEntryPoint (
     }

   }

=20

+  Status =3D AllocateConfidentialComputingBlob (&SnpBootDxeTable);

+  if (EFI_ERROR (Status)) {

+    DEBUG ((

+      DEBUG_ERROR,

+      "%a: AllocateConfidentialComputingBlob(): %r\n",

+      __FUNCTION__,

+      Status

+      ));

+    ASSERT (FALSE);

+    CpuDeadLoop ();

+  }

+

   //

   // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_S=
EV_SNP_BLOB.

   // It contains the location for both the Secrets and CPUID page.

@@ -154,7 +188,7 @@ AmdSevDxeEntryPoint (
   if (MemEncryptSevSnpIsEnabled ()) {

     return gBS->InstallConfigurationTable (

                   &gConfidentialComputingSevSnpBlobGuid,

-                  &mSnpBootDxeTable

+                  SnpBootDxeTable

                   );

   }

=20

--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97702): https://edk2.groups.io/g/devel/message/97702
Mute This Topic: https://groups.io/mt/95815540/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-