From nobody Sat Feb 7 05:59:29 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+69950+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+69950+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1610045348805912.4596893425315; Thu, 7 Jan 2021 10:49:08 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 0W0tYY1788612xVveRTT5HN7; Thu, 07 Jan 2021 10:49:08 -0800 X-Received: from NAM04-BN8-obe.outbound.protection.outlook.com (NAM04-BN8-obe.outbound.protection.outlook.com [40.107.100.85]) by mx.groups.io with SMTP id smtpd.web12.1067.1610045342805755640 for ; Thu, 07 Jan 2021 10:49:03 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H1wigj17ykPLBu8pUezlE1OoAGdHsdDxUGvGF2UJeDFkAWJ1KJ8DzIC84EAHXUO43cirqYQuT4dq90CDoEnnSofW31heCTRUfdx0o341BLzsZtJ//io/tWS3OUJiELjjj1blo4DT6p1vi0/CcGQwlaMfMBKxIsVlxcsq2Qzrac+ga+64C+hTXDyGhWrSD6BNi/9fXoX3aAVSAV2O4ikBWRmeG/0j1r/gQdz2NjRViVN8zQkaSjecJu327q06kzIedxjxKr+tY55AHoytoWqsO58RApkFpWn/XSu9wqVi//+kjLyCzH5AlvxOrhAzIC0Ud2n59hEg+hsGY91okI32og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oO1K9D4ut2PUpPlrsE3RGduw7Jd3LKdGpZ8TKzmjinY=; b=LNau2xTzwFvKjz4QY3AQ66bPxfNdpPs/8pd5CTGecPwn9crd/9c2FUXb/b65g1OxLVRM7kVHBwqJvtySWjFYFtoI9DwetP8sj0dr4CgVgImWrIAsiVdUb45JqCyDSMsZcn70Ct24kuVX0WvsCBG09GGKqCzzaqMjZJ59uNGntyTZNKGFujgA5qCPYAapB+l3yGGoE/YwY9K6Fsh6tlAPuyr+pYkBSnsPfVRndph5xtD3vgUt/ucKsyo19Nokjw5pdKT3IhxMP3p70HyBYtU/x+ZFvKIRdpLiKPRVi2fEHShEwdLvDDHwAcQjGsUdPsTOmHm6xztkQWnBfegbyRH28g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR1201MB0121.namprd12.prod.outlook.com (2603:10b6:4:56::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.23; Thu, 7 Jan 2021 18:49:00 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Thu, 7 Jan 2021 18:49:00 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Jordan Justen , Laszlo Ersek , Ard Biesheuvel Subject: [edk2-devel] [PATCH v3 01/15] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Date: Thu, 7 Jan 2021 12:48:11 -0600 Message-ID: <43a660624c32b5f6c2610bf42ee39101c21aff68.1610045305.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR16CA0048.namprd16.prod.outlook.com (2603:10b6:805:ca::25) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR16CA0048.namprd16.prod.outlook.com (2603:10b6:805:ca::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Thu, 7 Jan 2021 18:48:59 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 1915a915-5337-4bff-c07d-08d8b33ce584 X-MS-TrafficTypeDiagnostic: DM5PR1201MB0121: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: TCf56SqreMijylbZlkp+IUmveuO4j1JKPUnKwL3PCLwrrpjgKsTbKSwAEw317Cfxftg7iHVYUV4qlYhSw69kDQK1kMpqv+6sfeDWMqoxFOnvevwZXAiYsyhDMW3ZH1iesUhY1Kc17Yqr9WQyXX69FWyMshHhfLXPgo05krSNEhzmEXi0YfGPjYKdCsd4WjQa/5SanjPX8lJfKVz7Mc2wh0aDVWGxA7GV3bjW6Ak67iennsY2KMKZkFqNOLm2WaxaYDz2cONr1a0BMB5wpVwXtMseoXg8WzdFo7qPf2jt6MyIuD7TBRTRonRWUOCnIEVXDAGYO6GJxM+pgE9LMpWi0WW2HtMpakYsORKfG+ivCdNs6fxucikHEcAW1x+tXZIEUyAMFKQZNxFGspivCfqPEyMInu49TIxIMswvmRouKaI+8W2KDw8/WHCgG9GfZLHByzdV1Bfc4BoecBpKVpVByg== X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?/+eyVQN5AMuEuClvO6ineCpFiTD/GRS+iKr3c0nQOFcOaYI8uFxMVsQba+ei?= =?us-ascii?Q?nY3G92ccZO6sYQyTlFeMMWcwjA88EPwbU05YKsHMIN8RoiSkKP7Gv7Vu7dOk?= =?us-ascii?Q?u21cWkFwx9mEqnf/kxOb9IeuJhuQcov8dAkvRJzo7xPbj8f/GP7/c5OTEbdL?= =?us-ascii?Q?sU8BFDNf7qMmQt50KQOdVlX4XRTY9Y8E32TnVOWXeq/XIZM7OaKQAOVHnjZ9?= =?us-ascii?Q?LhO9ZCKc6j/VLc7eHHOInMOPki8A0qaqBTVvwpcODzs2Rlx1KFQgRgRabSPR?= =?us-ascii?Q?GWKCnMXffG3aSa9h2bMMfa1qcf8V7g571kXkOyWIKqmZtuKuDtQrJFwo+NHb?= =?us-ascii?Q?izgjfJIXWPiwVgif/NCGqhKUw0rDtsmOUN7SbHT+KuLe22UKIueDJU/MaeZj?= =?us-ascii?Q?KyN7gfmthgJ5mDjeYGDwLqA5sVs39YTjM6IZ5Sx7SgtIFlem0DQOMh1chJEv?= =?us-ascii?Q?b3SFBghqTkemiGS3UE3YxAmdayIokg2U3zLR4LXGJi4uciCvWeEPkiEOeU9P?= =?us-ascii?Q?7Sj3sXki+nHb7wcL18vtBmzYW6OJZaIxXlEDI0p9SxqIg/GUxIdhL/sEVHGa?= =?us-ascii?Q?BMP5puk5BNUdFriZjQsRNFf7UtAA75ZAEYKoxyZ3ndhGpaQe2gceG2dqwpVW?= =?us-ascii?Q?L5ZKOUH2ToC+5CIYRpFsaPuL1HP6I8sBkN3UgK9rYVahhX0ojCNCS3Z1cfE8?= =?us-ascii?Q?N4wnheM0p5AX2VDeuvAi4B+mOzXHgYMdW2s87K7pHYR7bJZu3bsZpxzyCIxp?= =?us-ascii?Q?BOWNdtwynwryCTzpoZFWXj+gjUrGCD4rgfjX7QAZbMpz9s9HyIMEXt2vEeLE?= =?us-ascii?Q?T0ZjFvttxFCyexnkjPlOkJAjaIHeWwZdK7l8fX+9De7Tt68kO2NDiZZ/GDse?= =?us-ascii?Q?LZkgzQs5QtWD7ctWOEfQgdW9OZaw2wZh3120XfsgdpdIePEvS5Z/Eia0691/?= =?us-ascii?Q?wq0KqaOqr6Kb/qap2VVvo/RAPz1ZO797/ttoG9ktdC3frrJnAeBBhXsgn35V?= =?us-ascii?Q?vB6h?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jan 2021 18:49:00.1647 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 1915a915-5337-4bff-c07d-08d8b33ce584 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Snw4n7mtUaRb66OqHejqZDyddLEsERFmmaHu9KGsxQ8Z4GxfIZFZqhSBmQQU3ZVbUIqLRpPBSVrrcdp8LpogqQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0121 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: zSjhWLA6SkHz4Ld8dRqTIk6Rx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1610045348; bh=jW9/Ct5SKrmZ0FGOUQSk5mrHp0PT2PXRwgBVncB/8gE=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Er3AN37VD3fKdjWinr7lamQRD1zGwlvwB0iuCP+aC3ajxPNHMYDBjRPQ3FmkHnzfWrH s1TMGU3s2dJTLHy6nPy6SFibAAdafDeiFJP/624q+Bd9sPVuURrPmECWI1FYoYDNeHcTy 8GL2LMBooKrtDKUsRCAFjCmdrHg6aQSt/hA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3108 Simplify and consolidate the SEV and SEV-ES checks into a single routine. This new routine will use CPUID to check for the appropriate CPUID leaves and the required values, as well as read the non-interceptable SEV status MSR (0xc0010131) to check SEV and SEV-ES enablement. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Brijesh Singh Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 75 ++++++++++++-------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 7c72128a84d6..4032719c3075 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -3,6 +3,7 @@ ; Sets the CR3 register for 64-bit paging ; ; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.
+; Copyright (c) 2017 - 2020, Advanced Micro Devices, Inc. All rights reser= ved.
; SPDX-License-Identifier: BSD-2-Clause-Patent ; ;-------------------------------------------------------------------------= ----- @@ -62,18 +63,22 @@ BITS 32 %define CPUID_INSN_LEN 2 =20 =20 -; Check if Secure Encrypted Virtualization (SEV) feature is enabled +; Check if Secure Encrypted Virtualization (SEV) features are enabled. +; +; Register usage is tight in this routine, so multiple calls for the +; same CPUID and MSR data are performed to keep things simple. ; ; Modified: EAX, EBX, ECX, EDX, ESP ; ; If SEV is enabled then EAX will be at least 32. ; If SEV is disabled then EAX will be zero. ; -CheckSevFeature: +CheckSevFeatures: ; Set the first byte of the workarea to zero to communicate to the SEC ; phase that SEV-ES is not enabled. If SEV-ES is enabled, the CPUID ; instruction will trigger a #VC exception where the first byte of the - ; workarea will be set to one. + ; workarea will be set to one or, if CPUID is not being intercepted, + ; the MSR check below will set the first byte of the workarea to one. mov byte[SEV_ES_WORK_AREA], 0 =20 ; @@ -97,21 +102,41 @@ CheckSevFeature: cmp eax, 0x8000001f jl NoSev =20 - ; Check for memory encryption feature: + ; Check for SEV memory encryption feature: ; CPUID Fn8000_001F[EAX] - Bit 1 ; CPUID raises a #VC exception if running as an SEV-ES guest - mov eax, 0x8000001f + mov eax, 0x8000001f cpuid bt eax, 1 jnc NoSev =20 - ; Check if memory encryption is enabled + ; Check if SEV memory encryption is enabled ; MSR_0xC0010131 - Bit 0 (SEV enabled) mov ecx, 0xc0010131 rdmsr bt eax, 0 jnc NoSev =20 + ; Check for SEV-ES memory encryption feature: + ; CPUID Fn8000_001F[EAX] - Bit 3 + ; CPUID raises a #VC exception if running as an SEV-ES guest + mov eax, 0x8000001f + cpuid + bt eax, 3 + jnc GetSevEncBit + + ; Check if SEV-ES is enabled + ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) + mov ecx, 0xc0010131 + rdmsr + bt eax, 1 + jnc GetSevEncBit + + ; Set the first byte of the workarea to one to communicate to the SEC + ; phase that SEV-ES is enabled. + mov byte[SEV_ES_WORK_AREA], 1 + +GetSevEncBit: ; Get pte bit position to enable memory encryption ; CPUID Fn8000_001F[EBX] - Bits 5:0 ; @@ -132,45 +157,35 @@ SevExit: pop eax mov esp, 0 =20 - OneTimeCallRet CheckSevFeature + OneTimeCallRet CheckSevFeatures =20 ; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat= ure ; is enabled. ; -; Modified: EAX, EBX, ECX +; Modified: EAX ; ; If SEV-ES is enabled then EAX will be non-zero. ; If SEV-ES is disabled then EAX will be zero. ; -CheckSevEsFeature: +IsSevEsEnabled: xor eax, eax =20 - ; SEV-ES can't be enabled if SEV isn't, so first check the encryption - ; mask. - test edx, edx - jz NoSevEs + ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if + ; SEV-ES is enabled. + cmp byte[SEV_ES_WORK_AREA], 1 + jne SevEsDisabled =20 - ; Save current value of encryption mask - mov ebx, edx + mov eax, 1 =20 - ; Check if SEV-ES is enabled - ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) - mov ecx, 0xc0010131 - rdmsr - and eax, 2 - - ; Restore encryption mask - mov edx, ebx - -NoSevEs: - OneTimeCallRet CheckSevEsFeature +SevEsDisabled: + OneTimeCallRet IsSevEsEnabled =20 ; ; Modified: EAX, EBX, ECX, EDX ; SetCr3ForPageTables64: =20 - OneTimeCall CheckSevFeature + OneTimeCall CheckSevFeatures xor edx, edx test eax, eax jz SevNotActive @@ -229,7 +244,7 @@ pageTableEntriesLoop: mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 - OneTimeCall CheckSevEsFeature + OneTimeCall IsSevEsEnabled test eax, eax jz SetCr3 =20 @@ -336,8 +351,8 @@ SevEsIdtVmmComm: ; If we're here, then we are an SEV-ES guest and this ; was triggered by a CPUID instruction ; - ; Set the first byte of the workarea to one to communicate to the SEC - ; phase that SEV-ES is enabled. + ; Set the first byte of the workarea to one to communicate that + ; a #VC was taken. mov byte[SEV_ES_WORK_AREA], 1 =20 pop ecx ; Error code --=20 2.30.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#69950): https://edk2.groups.io/g/devel/message/69950 Mute This Topic: https://groups.io/mt/79505865/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-