From nobody Fri Oct 18 08:37:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+103597+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1682454846919463.9361351998658; Tue, 25 Apr 2023 13:34:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bPNrYY1788612x9zCLmSA54L; Tue, 25 Apr 2023 13:34:06 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.73]) by mx.groups.io with SMTP id smtpd.web11.91240.1682454846056783578 for ; Tue, 25 Apr 2023 13:34:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aui5WvcCUdKKfCnbMq/eMrJDa2Sw90i6tZ16XhPSCDsfyq77WIDiNXeWP806DgETr7lucnLvDYQBCo+ikVnck+UQvcsbdYQ1mDfbnWZMMTkCC1uhCmrJV/w4s9VhlWH82Jm7B6ktXPRK6mDQYKxy+CrdtAHxgM5cSqjsPwkoIf99SxWEiB+uPbQY2NMMMWElyzJPdh8/jQAmHt+V4j3HTFjQ5De9gGp7kpkXa94EX1JGIdDFmxP0W1v5ciBNeAMg/CPPuvv7Dfa0WvU0dvTfgPkozg4xEcEpAV40rSNlNkhSR5ovGkzlkB3Z5Wej6Nz7i7wdwOC+7VOybN23f6bhRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IeAx2Sp5KSXcSZYMb57SbqjHMQoX4Z7BgdD0bohHQKM=; b=CuFlNLlvycSexBnS6aiEkTmvqXhHYXlMxU0FN3fbFErdTQ0PBS7WK/n/QPSzHl6lHDpQXk26ZChELzw3ECxELgIHHItq5qzjuEI3u2Pe8r4U+qVLnaWnimS6aKMcwDdtNTLxLl8znLayF2ZifmeGgErltc0S1LUmTdLqadtstaq7JhGS1A6l01gRg/i28ep0z6+oisIvLJz9Baoy41Wu+72T4LIwr2T64Aee2hXMe58IzrZeuD89lxeCGojzjYlBOudcQ2rdKg7kZ32d8AZhwT8MXgzvKq12K1wp4Adi1CvZdGtfTIA16/gBjHoLQWYnQmGYhYIy1L/usYvSwu7CRQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none X-Received: from BN7PR06CA0060.namprd06.prod.outlook.com (2603:10b6:408:34::37) by MN2PR12MB4253.namprd12.prod.outlook.com (2603:10b6:208:1de::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Tue, 25 Apr 2023 20:34:03 +0000 X-Received: from BN8NAM11FT063.eop-nam11.prod.protection.outlook.com (2603:10b6:408:34:cafe::f7) by BN7PR06CA0060.outlook.office365.com (2603:10b6:408:34::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend Transport; Tue, 25 Apr 2023 20:34:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+103597+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT063.mail.protection.outlook.com (10.13.177.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 20:34:03 +0000 X-Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Tue, 25 Apr 2023 15:34:02 -0500 From: "Roth, Michael via groups.io" To: CC: Ard Biesheuvel , Tom Lendacky , Jiewen Yao , , Gerd Hoffmann , Erdem Aktas , James Bottomley , Min Xu , Dov Murik Subject: [edk2-devel] [PATCH v2 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory Date: Tue, 25 Apr 2023 15:32:55 -0500 Message-ID: <20230425203258.255583-2-michael.roth@amd.com> In-Reply-To: <20230425203258.255583-1-michael.roth@amd.com> References: <20230425203258.255583-1-michael.roth@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT063:EE_|MN2PR12MB4253:EE_ X-MS-Office365-Filtering-Correlation-Id: eae2fcd0-da69-429d-b925-08db45cc68cd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: LbQl77d3m2DmFuAKpnT9pwpFIAb3Q1QuXkZNkxWgOWwd0DLYCdj9AyYMUEtaJezGHvgoIJkzLhNwr57mktKUjwNKIXOUZG/T3JP0td6QY3lpWV8fCEj3cON+a62b1ws63ApzDSPN4yJSwe7JNU2l3lGedJ/QuQ2cl4wUKNsVUWGM4DO2gk055RHpmd4UGs1Zq4/LdCZfl3XWhr26l9ZuxZCQDjZX5/CiacUBf0qQrmeNGvXZvyGN6UivkqXAcV5cJjJ147hZVpK6xKgsAQG19kbr4/bWa5Nz0uDIpaoOJNyXYaKQg3wfbxAwesW50MYO09bCYqEWCr24dk1Gt+Wg4cCpu9maQYxYCBKD3a03mX6gMP/n+VpnOFinWZuHVb7Zur28dPfkpClaMq0BG56bZmtvTcKin+CfLGy95YEGs0C7dUnvYigIV45OkzdERnT+FbW8aYoRg+BRvqkTsKbEN3CsJolTY+La8a1SvyQ2rQZrYF8BkAgV9h4gw4R1HnQy66/cQ7ziWHAgz5ifa1s2slVYeFHltW0Wbkssvar89tdcrJdFol+90QKb2/WGd1Zkb0Mx7MBIOJV0kg6lvkplVJBBMOwydlOr4TiYPCRinsY4pFLWYKCvsfmAUkY2HQebDZImQOK2GJ41ijo46CML57IXykv4/Byvyy4zS7u4bv8TD2OYe3OeS18IPjYWfAJNj//L1WGNhXJ3fXFDgPxzUWORfA18tOO9qy6O/K00lwL+DYLn9nn/ztv8V3gC90HkVdkL6ZvTZiOmWe7UYTiWRQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2023 20:34:03.6546 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: eae2fcd0-da69-429d-b925-08db45cc68cd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT063.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4253 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,Michael.Roth@amd.com X-Gm-Message-State: NrlDzJL90f7DiZbGcOS43SMSx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1682454846; bh=m/1C7s4bca4Jv6S/v/CXNzzSy5plci43bGHgcwWIBo4=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=b19Nwf07M9k2IWn1bWFXO69u7bp1zYFNPdEbEBHZucZU5Qzlg242jh9Yqvd21hWsXMS a9JGoEgLBK56iTaCL8/EWVWCipDbBWXFRcdYA1uKg0r2HXwNRGpsRz89MSXI7JDX7q1YK Wb2iAFuTCjysxTbff5RhA01gG/SMua3pdIo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1682454847267100001 Content-Type: text/plain; charset="utf-8" The SEV-SNP Confidential Computing blob contains metadata that should remain accessible for the life of the guest. Allocate it as EfiACPIReclaimMemory to ensure the memory isn't overwritten by the guest operating system later. Reported-by: Dov Murik Suggested-by: Dov Murik Reviewed-by: Dov Murik Reviewed-by: Tom Lendacky Acked-by: Gerd Hoffmann Signed-off-by: Michael Roth --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 62 +++++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 14 deletions(-) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 05b728d32a..df807066fa 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -28,15 +28,36 @@ // Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeM= ain.h #define EFI_MEMORY_INTERNAL_MASK 0x0700000000000000ULL =20 -STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { - SIGNATURE_32 ('A', 'M', 'D', 'E'), - 1, - 0, - (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfSnpSecretsBase), - FixedPcdGet32 (PcdOvmfSnpSecretsSize), - (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfCpuidBase), - FixedPcdGet32 (PcdOvmfCpuidSize), -}; +STATIC +EFI_STATUS +AllocateConfidentialComputingBlob ( + OUT CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION **CcBlobPtr + ) +{ + EFI_STATUS Status; + CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION *CcBlob; + + Status =3D gBS->AllocatePool ( + EfiACPIReclaimMemory, + sizeof (CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION), + (VOID **)&CcBlob + ); + if (EFI_ERROR (Status)) { + return Status; + } + + CcBlob->Header =3D SIGNATURE_32 ('A', 'M', 'D', 'E'); + CcBlob->Version =3D 1; + CcBlob->Reserved1 =3D 0; + CcBlob->SecretsPhysicalAddress =3D (UINT64)(UINTN)FixedPcdGet32 (PcdOvmf= SnpSecretsBase); + CcBlob->SecretsSize =3D FixedPcdGet32 (PcdOvmfSnpSecretsSize); + CcBlob->CpuidPhysicalAddress =3D (UINT64)(UINTN)FixedPcdGet32 (PcdOvmf= CpuidBase); + CcBlob->CpuidLSize =3D FixedPcdGet32 (PcdOvmfCpuidSize); + + *CcBlobPtr =3D CcBlob; + + return EFI_SUCCESS; +} =20 STATIC EFI_HANDLE mAmdSevDxeHandle =3D NULL; =20 @@ -175,10 +196,11 @@ AmdSevDxeEntryPoint ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; - UINTN NumEntries; - UINTN Index; + EFI_STATUS Status; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION *SnpBootDxeTable; =20 // // Do nothing when SEV is not enabled @@ -284,6 +306,18 @@ AmdSevDxeEntryPoint ( } } =20 + Status =3D AllocateConfidentialComputingBlob (&SnpBootDxeTable); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "%a: AllocateConfidentialComputingBlob(): %r\n", + __func__, + Status + )); + ASSERT (FALSE); + CpuDeadLoop (); + } + if (MemEncryptSevSnpIsEnabled ()) { // // Memory acceptance began being required in SEV-SNP, so install the @@ -321,7 +355,7 @@ AmdSevDxeEntryPoint ( // return gBS->InstallConfigurationTable ( &gConfidentialComputingSevSnpBlobGuid, - &mSnpBootDxeTable + SnpBootDxeTable ); } =20 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#103597): https://edk2.groups.io/g/devel/message/103597 Mute This Topic: https://groups.io/mt/98501799/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-