From nobody Sun May 5 10:28:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+100626+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100626+1787277+3901457@groups.io; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1677748551; cv=none; d=zohomail.com; s=zohoarc; b=gfYCcqgMPQDZALBvBDbYC1FXfdPa6ojLnGv1wPc1ZYOcdjpoaOd4y+RvbuS1VpH3PXQ3UBcAC1zDZaNOw9HQRAQfP9yFLwwDV2+Iudp+9lQwff8MhTwD9u/Bpro0klBAcPMYirj0Yo/bIzePRr12d99n6nhUsbzfQ1a4k3zj7CQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1677748551; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=QI07pudRBRhpgsqWWD0Xrfjsx+lLiPjCzVOt6HM2az8=; b=Dykn0yASLjcGQWuDsQXn5qtz8HbOqCXU4fCnBkE3pJYXxqBryC6O8S0aDmvte5BYmk+6WroKNJ17OsDn4ay5s+e8CgdU6Y45ogA9ZLOCNW1sCzVwpINDE7qVKyjmOUzJp2EPgrNx4xzZXE2EzUQKDywuyTbKcp22uK3CrDZZeeo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100626+1787277+3901457@groups.io; dmarc=fail header.from= (p=reject dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1677748551442326.2506914875562; Thu, 2 Mar 2023 01:15:51 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id HRdMYY1788612xQZ3KnuwrXW; Thu, 02 Mar 2023 01:15:51 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.10988.1677748550442066251 for ; Thu, 02 Mar 2023 01:15:50 -0800 X-Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3228lZ1K029971; Thu, 2 Mar 2023 09:15:48 GMT X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p2rkqgs70-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Mar 2023 09:15:47 +0000 X-Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3228mrLW004107; Thu, 2 Mar 2023 09:15:47 GMT X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p2rkqgs6j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Mar 2023 09:15:47 +0000 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3227JFH1030098; Thu, 2 Mar 2023 09:15:46 GMT X-Received: from smtprelay07.dal12v.mail.ibm.com ([9.208.130.99]) by ppma03dal.us.ibm.com (PPS) with ESMTPS id 3nybcmtxxm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Mar 2023 09:15:46 +0000 X-Received: from smtpav03.wdc07v.mail.ibm.com (smtpav03.wdc07v.mail.ibm.com [10.39.53.230]) by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3229Fhn439059848 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Mar 2023 09:15:44 GMT X-Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8BD495805C; Thu, 2 Mar 2023 09:15:43 +0000 (GMT) X-Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 566F05805D; Thu, 2 Mar 2023 09:15:42 +0000 (GMT) X-Received: from amdmilan1.watson.ibm.com (unknown [9.2.130.16]) by smtpav03.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 2 Mar 2023 09:15:42 +0000 (GMT) From: "Dov Murik" To: devel@edk2.groups.io Cc: Dov Murik , Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Erdem Aktas , James Bottomley , Min Xu , Tom Lendacky , Michael Roth , Ashish Kalra , Mario Smarduch , Tobin Feldman-Fitzthum Subject: [edk2-devel] [PATCH v3 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf Date: Thu, 2 Mar 2023 09:15:31 +0000 Message-Id: <20230302091532.1985238-2-dovmurik@linux.ibm.com> In-Reply-To: <20230302091532.1985238-1-dovmurik@linux.ibm.com> References: <20230302091532.1985238-1-dovmurik@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: bGwe2jn2YYcX3hoH6oHuxlqEsSdCwbmd X-Proofpoint-GUID: wmTz8_stjWQV-3FbHXNNDZ0Mn2IfS_O7 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dovmurik@linux.ibm.com X-Gm-Message-State: yN62ixtxnFnXlAgrNYfjlA7Lx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1677748551; bh=W6kUVp3UoIr9AnNZTH5elRKTPsmC4eEgJSLxp924tdE=; h=Cc:Date:From:Reply-To:Subject:To; b=GmhtKOnDnY2f5SdZVEdaSbjotzq73VWVnsK9aWpiAQKiUBJHawYCCcyoEGZcNlyAH5v JhNqVSqZuTHjl3SVNQtkvmvuulOZamGQvg2MDjkbWQk5BYk1tfa66bcnkr2pwndYiAp71 pHPkHKXh1jcKL5/zrfxiaxH0Jy5sf3fjnAw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1677748553286100001 Content-Type: text/plain; charset="utf-8" Resize the MEMFD section of AmdSevX64.fdf and reorder its pages so that it matches the same size and order used in OvmfPkgX64.fdf. After this change, this is the difference in the MEMFD of the two targets: $ diff -u \ <(sed -ne '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf) \ <(sed -ne '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf) Acked-by: Gerd Hoffmann Acked-by: Tom Lendacky --- /dev/fd/63 2023-02-16 07:06:15.365308683 +0000 +++ /dev/fd/62 2023-02-16 07:06:15.365308683 +0000 @@ -32,6 +32,12 @@ 0x00E000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.Pcd= OvmfCpuidSize +0x00F000|0x000C00 +gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize + +0x00FC00|0x000400 +gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid= .PcdQemuHashTableSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++++++++++---------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 5fb3b5d27632..54ba9ecf5149 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -36,10 +36,10 @@ FV =3D SECFV =20 [FD.MEMFD] BaseAddress =3D $(MEMFD_BASE_ADDRESS) -Size =3D 0xD00000 +Size =3D 0xE00000 ErasePolarity =3D 1 BlockSize =3D 0x10000 -NumBlocks =3D 0xD0 +NumBlocks =3D 0xE0 =20 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize @@ -59,21 +59,21 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmf= PkgTokenSpaceGuid.PcdOvmf 0x00B000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfWorkAreaSize =20 -0x00C000|0x000C00 -gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize - -0x00CC00|0x000400 -gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid= .PcdQemuHashTableSize - -0x00D000|0x001000 +0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 -0x00E000|0x001000 +0x00D000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize =20 -0x00F000|0x001000 +0x00E000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.Pcd= OvmfCpuidSize =20 +0x00F000|0x000C00 +gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize + +0x00FC00|0x000400 +gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid= .PcdQemuHashTableSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 @@ -81,12 +81,13 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUe= fiOvmfPkgTokenSpaceGuid.P gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfPeiMemFvSize FV =3D PEIFV =20 -0x100000|0xC00000 +0x100000|0xD00000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 ##########################################################################= ################ -# Set the SEV-ES specific work area PCDs +# Set the SEV-ES specific work area PCDs (used for all forms of SEV since = the +# the SEV STATUS MSR is now saved in the work area) # SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100626): https://edk2.groups.io/g/devel/message/100626 Mute This Topic: https://groups.io/mt/97335491/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 10:28:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+100627+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100627+1787277+3901457@groups.io; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1677748552; cv=none; d=zohomail.com; s=zohoarc; b=Iwmj+OxCxkfjWmMHlTx8vVZpdFp/JNVrnBES9f0Slvot6JsqEav+/ddJSwNU+ATld6TQJ4jGUtm7rdBa3nwwqWGTivLqG1Pai/RHbU/Ax6/vCRUFmMCwSTNm/HAcfL6V3QVGKJa7m47H/u2GzPzjCsKRYp1iGKg2q4g+2VnfAEM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1677748552; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=05U3SmejGkpyRu4DNg7w2gkiwBdmuYqvfxXNTfN0G+s=; b=OfCbMZIv/W7M8msZfPckR4ttPKBsBG5q3tjLH0sLkcFpmwXHoXWW7sdPQFAJcsk5BgNjR1CottW6YmC6oM6HAYg4FWTfI3MFBbKmWKx7wcjtsQMhjwU603yF3chr9FKBWZBAG7bXW5gsLCC/5biKPrPouiKkCZFirnZu59Tq8tI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100627+1787277+3901457@groups.io; dmarc=fail header.from= (p=reject dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167774855272468.82070524512153; Thu, 2 Mar 2023 01:15:52 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id slsoYY1788612xUbs86s3JAn; Thu, 02 Mar 2023 01:15:52 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web11.10990.1677748551681281388 for ; Thu, 02 Mar 2023 01:15:51 -0800 X-Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3228v4eP030268; Thu, 2 Mar 2023 09:15:49 GMT X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p2rr78h6p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Mar 2023 09:15:49 +0000 X-Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3228wxeX008508; Thu, 2 Mar 2023 09:15:49 GMT X-Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p2rr78h6a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Mar 2023 09:15:48 +0000 X-Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3226KaN4024608; Thu, 2 Mar 2023 09:15:48 GMT X-Received: from smtprelay03.wdc07v.mail.ibm.com ([9.208.129.113]) by ppma05wdc.us.ibm.com (PPS) with ESMTPS id 3nybe9v0uq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Mar 2023 09:15:48 +0000 X-Received: from smtpav03.wdc07v.mail.ibm.com (smtpav03.wdc07v.mail.ibm.com [10.39.53.230]) by smtprelay03.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3229FkX58848074 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Mar 2023 09:15:46 GMT X-Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A61AE5805A; Thu, 2 Mar 2023 09:15:46 +0000 (GMT) X-Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 647A058054; Thu, 2 Mar 2023 09:15:45 +0000 (GMT) X-Received: from amdmilan1.watson.ibm.com (unknown [9.2.130.16]) by smtpav03.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 2 Mar 2023 09:15:45 +0000 (GMT) From: "Dov Murik" To: devel@edk2.groups.io Cc: Dov Murik , Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Erdem Aktas , James Bottomley , Min Xu , Tom Lendacky , Michael Roth , Ashish Kalra , Mario Smarduch , Tobin Feldman-Fitzthum Subject: [edk2-devel] [PATCH v3 2/2] OvmfPkg/ResetVector: Define SNP metadata for kernel hashes Date: Thu, 2 Mar 2023 09:15:32 +0000 Message-Id: <20230302091532.1985238-3-dovmurik@linux.ibm.com> In-Reply-To: <20230302091532.1985238-1-dovmurik@linux.ibm.com> References: <20230302091532.1985238-1-dovmurik@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: M1j0EnAy8cigFd0Y-sR-V4FN5xkB5EfT X-Proofpoint-GUID: Jb9t9Tsfl5zJvMSN4Spc_UsvnMXp3xix Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dovmurik@linux.ibm.com X-Gm-Message-State: DXI0Cw2Iu8Tf6Gcg6Wx08U8Jx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1677748552; bh=XrnifFG3QZPGZa5UnBKmzwYe3bEVfOeWYX8G4OMUd7k=; h=Cc:Date:From:Reply-To:Subject:To; b=OSUiFt1aL65gjwmVyECg6U1cdlphFMnJd7+TyHX81Rb6RL+YRPo/Ly1H1AZRKW1clUy DZ1tvGpYrv8wHmU2wOYUs4nJ3gO8KMw8vy5J8yJwXVGXVszzZxMG8/JRXM2xgxaGabKqo 2bMsunPCSnrb0GuQEGdkATLyEadQ4pSozfc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1677748553300100003 Content-Type: text/plain; charset="utf-8" In order to allow the VMM (such as QEMU) to add a page with hashes of kernel/initrd/cmdline for measured direct boot on SNP, add it explicitly to the SNP metadata list report to the VMM. In such case, VMM should fill the page with the hashes content, or explicitly update it as a zero page (if kernel hashes are not used). Note that for SNP, the launch secret part of the page (lower 3KB) are not relevant and will remain zero. The last 1KB is used for the hashes. This should have no effect on OvmfPkgX64 targets (which don't define PcdSevLaunchSecretBase). Signed-off-by: Dov Murik Acked-by: Gerd Hoffmann Acked-by: Tom Lendacky --- OvmfPkg/ResetVector/ResetVector.nasmb | 11 ++++++++++- OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 +++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 94fbb0a87b37..5832aaa8abf7 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -64,6 +64,15 @@ %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSiz= e)) %define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase)) %define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize)) +%if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0) + ; There's a reserved page for SEV secrets and hashes; the VMM will fill = and + ; validate the page, or mark it as a zero page. + %define SEV_SNP_KERNEL_HASHES_BASE (FixedPcdGet32 (PcdSevLaunchSecret= Base)) + %define SEV_SNP_KERNEL_HASHES_SIZE (FixedPcdGet32 (PcdSevLaunchSecret= Size) + FixedPcdGet32 (PcdQemuHashTableSize)) +%else + %define SEV_SNP_KERNEL_HASHES_BASE 0 + %define SEV_SNP_KERNEL_HASHES_SIZE 0 +%endif %define SNP_SEC_MEM_BASE_DESC_1 (FixedPcdGet32 (PcdOvmfSecPageTables= Base)) %define SNP_SEC_MEM_SIZE_DESC_1 (FixedPcdGet32 (PcdOvmfSecGhcbBase) = - SNP_SEC_MEM_BASE_DESC_1) ; @@ -75,7 +84,7 @@ ; %define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000) %define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_= BASE_DESC_2) -%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE) +%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE + SEV_SNP_K= ERNEL_HASHES_SIZE) %define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase)= - SNP_SEC_MEM_BASE_DESC_3) =20 %ifdef ARCH_X64 diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVec= tor/X64/OvmfSevMetadata.asm index d03fc6d45175..8aa77d870123 100644 --- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm +++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm @@ -26,6 +26,8 @@ BITS 64 ; %define OVMF_SECTION_TYPE_CPUID 0x3 =20 +; Kernel hashes section for measured direct boot +%define OVMF_SECTION_TYPE_KERNEL_HASHES 0x10 =20 ALIGN 16 =20 @@ -65,6 +67,15 @@ CpuidSec: DD CPUID_SIZE DD OVMF_SECTION_TYPE_CPUID =20 +%if (SEV_SNP_KERNEL_HASHES_BASE > 0) +; Kernel hashes for measured direct boot, or zero page if +; there are no kernel hashes / SEV secrets +SevSnpKernelHashes: + DD SEV_SNP_KERNEL_HASHES_BASE + DD SEV_SNP_KERNEL_HASHES_SIZE + DD OVMF_SECTION_TYPE_KERNEL_HASHES +%endif + ; Region need to be pre-validated by the hypervisor PreValidate3: DD SNP_SEC_MEM_BASE_DESC_3 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100627): https://edk2.groups.io/g/devel/message/100627 Mute This Topic: https://groups.io/mt/97335492/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-