From nobody Mon Apr 29 11:15:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99099+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99099+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674767869; cv=none; d=zohomail.com; s=zohoarc; b=j5lTJEln8DfI0t05PK/ObcQ8NZFBaupEHRHVLdzk/wImpSrUDejpBwXalYyKSeTdopKdwLURrwj3mJG+MgAbtgWH5Dk5aweI0PiWe0CmWoWqrVoHrBZW5PImXdrSumM5XzV4uimIg9Ed09YqIxbxwPvfT89hSmBPiTM/7MNhW9Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674767869; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=jCbFKW1vNszTpUhdJH81TnYjpuZfnIdih+4k1tVuvpg=; b=kq9tX65c/k5ewey7o2Q3ixsARWUHR9wJ4rtDzywDlA6SWIhdadoo4Y7wzM6N3/k+SDhJpyikMsbfQ7qbtZgnQ3GD7vUOoXbX0tOpxnBTwdZLRBgoYoDwc0nHrC10S9usU1jA1OCuC0u+AgMBRqpFIS1GxsK3+XD7P08Yh63S8Y8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99099+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674767869054487.2235823028527; Thu, 26 Jan 2023 13:17:49 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id E3QWYY1788612xVfRLXEqdWB; Thu, 26 Jan 2023 13:17:48 -0800 X-Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) by mx.groups.io with SMTP id smtpd.web11.86794.1674767868278419502 for ; Thu, 26 Jan 2023 13:17:48 -0800 X-Received: by mail-pf1-f201.google.com with SMTP id c5-20020aa78805000000b0058d983c708aso1467619pfo.22 for ; Thu, 26 Jan 2023 13:17:48 -0800 (PST) X-Gm-Message-State: yk4x4fZOocAGUiYiaLkwDxMOx1787277AA= X-Google-Smtp-Source: AK7set9QiSvyYPDBWUYDTP/x0W6GobPmfM2sTU/O1R1BrVZ9HqCsyrjRBfqEZPdtPC5qpmRwYKC3ewMnCupEdWYPRQ== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:903:2652:b0:196:32fa:6991 with SMTP id je18-20020a170903265200b0019632fa6991mr852817plb.29.1674767867612; Thu, 26 Jan 2023 13:17:47 -0800 (PST) Date: Thu, 26 Jan 2023 21:17:37 +0000 In-Reply-To: <20230126211740.3235408-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126211740.3235408-1-dionnaglaze@google.com> Message-ID: <20230126211740.3235408-2-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v11 1/4] OvmfPkg: Add memory acceptance event in AmdSevDxe From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674767868; bh=p8wKWEPgE8NwOKJX+tWDc1LwrnFwGTq51WlJ7IbLT3I=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=ES7ziYoR4PU9dKGoZdb6fQlnOBsfe0pKSGuTCSMb5s/viixXVXf19dHjDYuPbQxdq+8 EpwELrONBwlsGlHJYRWClqu8ETmCMWsrHOhvOS+bgRKc2PvNng7rxidOV4lDls00qyjCt L74oSY+Bi5Xqcsp+If3sIoqMbBSCTaHcMFA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674767869487100003 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The added behavior is to accept all unaccepted memory at ExitBootServices if the behavior is not disabled. This allows safe upgrades for OS loaders to affirm their support for the unaccepted memory type. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze Reviewed-by: Ard Biesheuvel --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 97 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 1 + 2 files changed, 98 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index f7600c3c81..37d1a3ff55 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -20,6 +20,7 @@ #include #include #include +#include #include =20 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { @@ -34,6 +35,10 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBoo= tDxeTable =3D { =20 STATIC EFI_HANDLE mAmdSevDxeHandle =3D NULL; =20 +STATIC BOOLEAN mAcceptAllMemoryAtEBS =3D TRUE; + +STATIC EFI_EVENT mAcceptAllMemoryEvent =3D NULL; + #define IS_ALIGNED(x, y) ((((x) & ((y) - 1)) =3D=3D 0)) =20 STATIC @@ -62,6 +67,82 @@ AmdSevMemoryAccept ( return EFI_SUCCESS; } =20 +STATIC +EFI_STATUS +AcceptAllMemory ( + VOID + ) +{ + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "Accepting all memory\n")); + + /* + * Get a copy of the memory space map to iterate over while + * changing the map. + */ + Status =3D gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap); + if (EFI_ERROR (Status)) { + return Status; + } + + for (Index =3D 0; Index < NumEntries; Index++) { + CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; + + Desc =3D &AllDescMap[Index]; + if (Desc->GcdMemoryType !=3D EFI_GCD_MEMORY_TYPE_UNACCEPTED) { + continue; + } + + Status =3D AmdSevMemoryAccept ( + NULL, + Desc->BaseAddress, + Desc->Length + ); + if (EFI_ERROR (Status)) { + break; + } + + Status =3D gDS->RemoveMemorySpace (Desc->BaseAddress, Desc->Length); + if (EFI_ERROR (Status)) { + break; + } + + Status =3D gDS->AddMemorySpace ( + EfiGcdMemoryTypeSystemMemory, + Desc->BaseAddress, + Desc->Length, + EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO = | EFI_MEMORY_RP + ); + if (EFI_ERROR (Status)) { + break; + } + } + + gBS->FreePool (AllDescMap); + return Status; +} + +VOID +EFIAPI +ResolveUnacceptedMemory ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + if (!mAcceptAllMemoryAtEBS) { + return; + } + + Status =3D AcceptAllMemory (); + ASSERT_EFI_ERROR (Status); +} + STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol =3D { AmdSevMemoryAccept }; @@ -195,6 +276,22 @@ AmdSevDxeEntryPoint ( ); ASSERT_EFI_ERROR (Status); =20 + // SEV-SNP support does not automatically imply unaccepted memory supp= ort, + // so make ExitBootServices accept all unaccepted memory if support is + // not communicated. + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + ResolveUnacceptedMemory, + NULL, + &gEfiEventBeforeExitBootServicesGuid, + &mAcceptAllMemoryEvent + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for Event= BeforeExitBootServices failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING= _SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index cd1b686c53..5b443d45bc 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -52,6 +52,7 @@ =20 [Guids] gConfidentialComputingSevSnpBlobGuid + gEfiEventBeforeExitBootServicesGuid =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99099): https://edk2.groups.io/g/devel/message/99099 Mute This Topic: https://groups.io/mt/96553081/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 11:15:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99100+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99100+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674767871; cv=none; d=zohomail.com; s=zohoarc; b=nSXpYZ+y2tJk8AaWqjxrxvBNamTgwFVxUi1tHoglsM+Zr/tQLu01C5FObt9u2Ea8jqT3ILiv+eUUg1rdh0a6mttevBluFAlzJXYUuR6mxg5g/cKKcIKu/lkLZyDLTEaWKUmXRftNfqpHAp1l3ud+AFAYdzy8FNS5EPovlk/8aKY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674767871; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=GDbTrnN4/YeM/sJcZEqcelaiGo3GfLi57Cvt7l8ARPc=; b=HKQZEn2BvY54KJYMXS40ZJiPw5TKoR/ITzgLgmSe6PDZzN4DdqZqyaa6aQZfRnakx75mFWzAI+S+ydwBy3typ7YwyXXh2UlKimazuLCbvx4MxeMBltGg2DfLe14lakn2cHfrQs7EUgLUUuz8yNz+87N3DJlH2YiWyXFHY7gKFEQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99100+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674767871191733.5140120209768; Thu, 26 Jan 2023 13:17:51 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id MFrmYY1788612xqzNVN7H9S3; Thu, 26 Jan 2023 13:17:50 -0800 X-Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) by mx.groups.io with SMTP id smtpd.web10.86654.1674767870284075890 for ; Thu, 26 Jan 2023 13:17:50 -0800 X-Received: by mail-pj1-f74.google.com with SMTP id e11-20020a17090a77cb00b0022925dd66d3so3264804pjs.4 for ; Thu, 26 Jan 2023 13:17:50 -0800 (PST) X-Gm-Message-State: ZxIqZ5YSuEgPPIuMh5yegDd6x1787277AA= X-Google-Smtp-Source: AK7set+AacFezw+pAzGk7EbykqrwNGye/2t7RhCcqZEnAqMN49GreKRbVRKFvm5axBEzLhc6NSv+r92pVuF4IMjnbg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a62:e30e:0:b0:592:618f:db6c with SMTP id g14-20020a62e30e000000b00592618fdb6cmr22549pfh.34.1674767869619; Thu, 26 Jan 2023 13:17:49 -0800 (PST) Date: Thu, 26 Jan 2023 21:17:38 +0000 In-Reply-To: <20230126211740.3235408-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126211740.3235408-1-dionnaglaze@google.com> Message-ID: <20230126211740.3235408-3-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v11 2/4] MdePkg: Introduce the SevMemoryAcceptance protocol From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674767870; bh=g/DUtYSBfuSsHoIPXlq3AJMgWInkwYSdzA2F4OBF2gA=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=XcdQ4f2kz8cJBMYZIcb8GDIdhFCWfQtfLu0vjYUryJSNyQnnSLQB+BAHo1j9msM5PKv oE/PVbWNhBR+ctftHruv9Luo32GcADfwjbI6Y4TiGKzl/on6MRvphev1VvqlGyUPNB8Gs fh1EpJHjsHR1Y1ODuILyyvHhdJ7Zm2M3uxs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674767871426100009 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The default behavior for unaccepted memory in SEV-SNP is to accept all memory when ExitBootServices is called. An OS loader can use this protocol to disable this behavior to assume responsibility for memory acceptance and to affirm that the OS can handle the unaccepted memory type. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze Reviewed-by: Ard Biesheuvel --- OvmfPkg/Include/Protocol/SevMemoryAcceptance.h | 42 ++++++++++++++++++++ OvmfPkg/OvmfPkg.dec | 1 + 2 files changed, 43 insertions(+) diff --git a/OvmfPkg/Include/Protocol/SevMemoryAcceptance.h b/OvmfPkg/Inclu= de/Protocol/SevMemoryAcceptance.h new file mode 100644 index 0000000000..c45b499006 --- /dev/null +++ b/OvmfPkg/Include/Protocol/SevMemoryAcceptance.h @@ -0,0 +1,42 @@ +/** @file + The file provides the protocol that disables the behavior that all memory + gets accepted at ExitBootServices(). This protocol is only meant to be c= alled + by the OS loader, and not EDK2 itself. The SEV naming is due to the coin= cidence + that only SEV-SNP needs this protocol, since SEV-SNP kernel support rele= ased + before kernel support for unaccepted memory. The technology enablement t= hus + does not strictly imply support for the unaccepted memory type. + + Copyright (c) 2023, Google LLC. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef SEV_MEMORY_ACCEPTANCE_H_ +#define SEV_MEMORY_ACCEPTANCE_H_ + +#define OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL_GUID \ + {0xc5a010fe, \ + 0x38a7, \ + 0x4531, \ + {0x8a, 0x4a, 0x05, 0x00, 0xd2, 0xfd, 0x16, 0x49}} + +typedef struct _OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL + OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL; + +/** + @param This A pointer to a OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL. +**/ +typedef + EFI_STATUS +(EFIAPI *OVMF_SEV_ALLOW_UNACCEPTED_MEMORY)( + IN OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL *This + ); + +/// +/// The OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL allows the OS loader to +/// indicate to EDK2 that ExitBootServices should not accept all memory. +/// +struct _OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL { + OVMF_SEV_ALLOW_UNACCEPTED_MEMORY AllowUnacceptedMemory; +}; + +#endif diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 1b521f2604..a22eb246c6 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -184,6 +184,7 @@ gEfiLegacyInterruptProtocolGuid =3D {0x31ce593d, 0x108a, 0x485d, {= 0xad, 0xb2, 0x78, 0xf2, 0x1f, 0x29, 0x66, 0xbe}} gEfiVgaMiniPortProtocolGuid =3D {0xc7735a2f, 0x88f5, 0x4882, {= 0xae, 0x63, 0xfa, 0xac, 0x8c, 0x8b, 0x86, 0xb3}} gOvmfLoadedX86LinuxKernelProtocolGuid =3D {0xa3edc05d, 0xb618, 0x4ff6, {= 0x95, 0x52, 0x76, 0xd7, 0x88, 0x63, 0x43, 0xc8}} + gOvmfSevMemoryAcceptanceProtocolGuid =3D {0xc5a010fe, 0x38a7, 0x4531, {= 0x8a, 0x4a, 0x05, 0x00, 0xd2, 0xfd, 0x16, 0x49}} gQemuAcpiTableNotifyProtocolGuid =3D {0x928939b2, 0x4235, 0x462f, {= 0x95, 0x80, 0xf6, 0xa2, 0xb2, 0xc2, 0x1a, 0x4f}} gEfiMpInitLibMpDepProtocolGuid =3D {0xbb00a5ca, 0x8ce, 0x462f, {= 0xa5, 0x37, 0x43, 0xc7, 0x4a, 0x82, 0x5c, 0xa4}} gEfiMpInitLibUpDepProtocolGuid =3D {0xa9e7cef1, 0x5682, 0x42cc, {= 0xb1, 0x23, 0x99, 0x30, 0x97, 0x3f, 0x4a, 0x9f}} --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99100): https://edk2.groups.io/g/devel/message/99100 Mute This Topic: https://groups.io/mt/96553083/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 11:15:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99101+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99101+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674767873; cv=none; d=zohomail.com; s=zohoarc; b=UbD6abijWO1zhg8ErfTwge4/WkBkN9WkmB6BF/Q0Ki3fT2t++puQLSYczM2+peYBIqAnPZ+HsSohQE9K7KtOCR4zcabvEZBMrD+1Qx222iH82X/gokKP87juuEMdjhYkbCgrwBeD4wfLdl40aYaJDELvPwwNRCgjqAuYoFfn5j8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674767873; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=y87Q+Bo7N9pUDoudAXSMn3rXTGHDrbK4lmb3KchVtmg=; b=OX5MO1MNeEjpBGDSvHQr169ISol7WPWgZUfhSzG9DMkE75Je6M/Q2ZlbFBOGylEH9w7qux8Acn/o9sclsZbp0YyqSMMSgleycBT9PQ3cYYuGKkUQDJ6IGpFK4e6exVmuhAGErUTe9Oq9htQGbYuRX0+o/UxMptw7a+n9ZSiYw9s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99101+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674767873068789.1038848880321; Thu, 26 Jan 2023 13:17:53 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id daLyYY1788612xP2u2X1iADL; Thu, 26 Jan 2023 13:17:52 -0800 X-Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) by mx.groups.io with SMTP id smtpd.web11.86799.1674767872294590513 for ; Thu, 26 Jan 2023 13:17:52 -0800 X-Received: by mail-yb1-f201.google.com with SMTP id r8-20020a252b08000000b007b989d5e105so3243667ybr.11 for ; Thu, 26 Jan 2023 13:17:52 -0800 (PST) X-Gm-Message-State: tq3hHH4JTuaZittXX4BtbgtLx1787277AA= X-Google-Smtp-Source: AK7set/4rfWtyMIP2fPQ6b81XAmMYdHVnMQ//3Qs8KfIJmeUAKFnq2mKpH6rLF3O4h2v1d/C5Oy4An++mOczi+N9kw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a25:594:0:b0:80b:92d0:d31b with SMTP id 142-20020a250594000000b0080b92d0d31bmr986774ybf.436.1674767871400; Thu, 26 Jan 2023 13:17:51 -0800 (PST) Date: Thu, 26 Jan 2023 21:17:39 +0000 In-Reply-To: <20230126211740.3235408-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126211740.3235408-1-dionnaglaze@google.com> Message-ID: <20230126211740.3235408-4-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v11 3/4] OvmfPkg: Implement AcceptAllUnacceptedMemory in AmdSevDxe From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674767872; bh=JZGIyWCefgp1HP1u0wmD6P6C02tPRBdgBgrc5fslNHQ=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=DhOY0jVeTSfgSYgGRPoNAAWxZIMsBfi4XikAyBND3zSVBY5aqdzuOjUAKRG/pDn7N94 WmjH4hIsjgOsE937hmGIoUW2R2bv7Z8osYd2Razni9oLpywhvS7316M4DEhw44ESCG3g4 tmFBvoDdL8Izb1GfgafHrjoWyeILmjGtLh0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674767873421100014 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This protocol implementation disables the accept-all-memory behavior of the BeforeExitBootServices event this driver adds. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze Reviewed-by: Ard Biesheuvel --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 26 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 1 + 2 files changed, 27 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 37d1a3ff55..9d05a16c6e 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -21,6 +21,7 @@ #include #include #include +#include #include =20 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { @@ -143,6 +144,21 @@ ResolveUnacceptedMemory ( ASSERT_EFI_ERROR (Status); } =20 +STATIC +EFI_STATUS +EFIAPI +AllowUnacceptedMemory ( + IN OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL *This + ) +{ + mAcceptAllMemoryAtEBS =3D FALSE; + return EFI_SUCCESS; +} + +STATIC +OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL + mMemoryAcceptanceProtocol =3D { AllowUnacceptedMemory }; + STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol =3D { AmdSevMemoryAccept }; @@ -292,6 +308,16 @@ AmdSevDxeEntryPoint ( DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for Event= BeforeExitBootServices failed.\n")); } =20 + Status =3D gBS->InstallProtocolInterface ( + &mAmdSevDxeHandle, + &gOvmfSevMemoryAcceptanceProtocolGuid, + EFI_NATIVE_INTERFACE, + &mMemoryAcceptanceProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install OvmfSevMemoryAcceptanceProtocol failed= .\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING= _SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 5b443d45bc..e7c7d526c9 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -49,6 +49,7 @@ =20 [Protocols] gEdkiiMemoryAcceptProtocolGuid + gOvmfSevMemoryAcceptanceProtocolGuid =20 [Guids] gConfidentialComputingSevSnpBlobGuid --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99101): https://edk2.groups.io/g/devel/message/99101 Mute This Topic: https://groups.io/mt/96553085/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 11:15:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99102+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99102+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674767874; cv=none; d=zohomail.com; s=zohoarc; b=Fn+JH1A8gQEen0QQGcjmloTMFrQ5vJTnmf57rd55ZHAOASqgavgPaieXk2QGunojG3ABPCLF7RkmCjgdFlPqR1ty41KnqzHkFmwCdwNr1DLyQb7n4YAO4OETBRVj8hx0WMi5NDCtqUyZq/appN7x+29mb9Rx6j90LX9zDWt8S/8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674767874; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=fCgmlGoqqvywoOdEF1T04vrBr8tbwBAM37+sFipGD84=; b=ZWbYyPlJwtNCoNLaQSRMWRJdRJkIQgQDaR71MmkhoPBVLO6AxJ3qbrnx85DY/BKdMLyrccp00JSSjm2v1KvlaXRIzQYKiAPMAe13BPakFrrK+CdYZYsWeg62Fjaai3Ke1WFhyxxHd5lXnlFY+vviYt/z35rW/SMYbmkVTjzy7sU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99102+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674767874599527.2858118348187; Thu, 26 Jan 2023 13:17:54 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id pDaYYY1788612xQr1uqROm5y; Thu, 26 Jan 2023 13:17:54 -0800 X-Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) by mx.groups.io with SMTP id smtpd.web11.86800.1674767873716475155 for ; Thu, 26 Jan 2023 13:17:53 -0800 X-Received: by mail-pg1-f201.google.com with SMTP id 38-20020a630b26000000b004773803dda1so1281903pgl.17 for ; Thu, 26 Jan 2023 13:17:53 -0800 (PST) X-Gm-Message-State: wUOEAQhUQD6AJInTmXBRe6eUx1787277AA= X-Google-Smtp-Source: AMrXdXvav46tjxHEFnYAA6vZxq5VO3TCciw7sq+I45tj/j4DJxkyVkDRwoxjG289W/KRjhX4t7TdVDuJriCS1+srEA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:90a:138a:b0:22b:ba09:cb1a with SMTP id i10-20020a17090a138a00b0022bba09cb1amr2886188pja.188.1674767873123; Thu, 26 Jan 2023 13:17:53 -0800 (PST) Date: Thu, 26 Jan 2023 21:17:40 +0000 In-Reply-To: <20230126211740.3235408-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126211740.3235408-1-dionnaglaze@google.com> Message-ID: <20230126211740.3235408-5-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v11 4/4] OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Ard Biescheuvel , "Min M. Xu" , Gerd Hoffmann , James Bottomley , Tom Lendacky , Jiewen Yao , Erdem Aktas Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674767874; bh=/5ABt3f+63E6eubPR0H+DAoMIM+nsbajKeSYUbuKEU8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=R+tboLjYm8u+4Z6mgKxASm3eKw7eH4lj+1lKYjYFViyszM82NgS+7IgBIxUDwmYH5FF EM4Wu6DKSdM3Jrz1IXYEKbp5cP5yaGXYQkem6wOrRTcOe4i8frCQ9OrAioMTm0W3qNj2r V9UX/bktAElBXt5FRsKdxqhT6srEEoEdzQc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674767875449100018 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Instead of eagerly accepting all memory in PEI, only accept memory under the 4GB address. This allows a loaded image to use the MEMORY_ACCEPTANCE_PROTOCOL to disable the accept behavior and indicate that it can interpret the memory type accordingly. This classification is safe since ExitBootServices will accept and reclassify the memory as conventional if the disable protocol is not used. Cc: Ard Biescheuvel Cc: "Min M. Xu" Cc: Gerd Hoffmann Cc: James Bottomley Cc: Tom Lendacky Cc: Jiewen Yao Cc: Erdem Aktas Signed-off-by: Dionna Glaze Reviewed-by: Ard Biesheuvel --- OvmfPkg/PlatformPei/AmdSev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e4e7b72e67..7d824cc282 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -63,6 +64,10 @@ AmdSevSnpInitialize ( for (Hob.Raw =3D GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw =3D GET_= NEXT_HOB (Hob)) { if ((Hob.Raw !=3D NULL) && (GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_RES= OURCE_DESCRIPTOR)) { ResourceHob =3D Hob.ResourceDescriptor; + if (ResourceHob->PhysicalStart >=3D SIZE_4GB) { + ResourceHob->ResourceType =3D BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTE= D; + continue; + } =20 if (ResourceHob->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_MEMORY) { MemEncryptSevSnpPreValidateSystemRam ( --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99102): https://edk2.groups.io/g/devel/message/99102 Mute This Topic: https://groups.io/mt/96553086/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-