From nobody Mon Feb 9 05:20:55 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+68294+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+68294+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1607039802702813.0510497019355; Thu, 3 Dec 2020 15:56:42 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id aXJUYY1788612xsivROC8IkV; Thu, 03 Dec 2020 15:56:42 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.56]) by mx.groups.io with SMTP id smtpd.web08.5157.1607034421925214229 for ; Thu, 03 Dec 2020 14:27:02 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nWzV2PFhNGvVur2a0tss6H6UKQfQWmbOkoSP6cHrN279M/6duJS2RtOVVafjWFl0IQWSgrLujrjc9eUXI4RJV9R0q1iZ5omxJoBWfk3BgSU2icZVSbIQfBQ8WHBAnrc2oDhK6yzoE/P3XTk/UowfRmd8XQxhDNnxcHdwllxVCs+RBfAnnonzNC0G/xipoAm+j9sXH94e6NnuoII6PxwL/FPT8eCZ/TumfgJR1xwDdmhdVNjeUe2DY1AEX6qdH/8XgoWvzKD9pPUqaO5t+bzPdvCoOnmk5/MRqYV82R2raU+dLytDCRvpcO6tDWRIeo+KK6sM3HRPvIFCq3y3laBW2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1t6oC4lZ57xjNaS6GKs/9SY1UpL5VsqK5gUKYx1x8Y8=; b=c2pOhgerUicdrWN2nugxB6jQkrfIJJ1is3oRfhIjPCnjlEKTmbUl+8HxEcRXbypKMtrCe2ogh21A6wo9CPFZq5RiRSiXKc+Gr3HHjP2lf6znkgmFi6r9QjrAJyYgpzAW7/ezeCBVI2JrYyCUb4VvqQvTY4mf9wfKsBI/bex9ezMNqcpgeXJuAInpU0modwRvqyHHVhbZIsMFo1xmfPSFLJC2q+rG/LAiR6TxVzjf3JWoqt7Ih3kNzNulgL2LOphrXRDU8Lc5tKM7fRHgi7KwtNXeqISSMDw2qz8NkDcv38MiW2iP6jHBGGGwh8zh/cabYTI7XltRN6JHX173UuTOdQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2446.namprd12.prod.outlook.com (2603:10b6:802:26::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Thu, 3 Dec 2020 22:27:00 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Thu, 3 Dec 2020 22:27:00 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [edk2-devel] [PATCH v2 1/3] OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. Date: Thu, 3 Dec 2020 22:26:49 +0000 Message-Id: <5d84e29cb02eada513738fb4f0c54a6dfe35f416.1607032888.git.ashish.kalra@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR03CA0075.namprd03.prod.outlook.com (2603:10b6:5:333::8) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR03CA0075.namprd03.prod.outlook.com (2603:10b6:5:333::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Thu, 3 Dec 2020 22:26:59 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6f130e55-dd89-4726-9d88-08d897da8d2f X-MS-TrafficTypeDiagnostic: SN1PR12MB2446: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: cJI8AW2+ZLVWhuhaAlN1AArHEAesdfqb7XhizmwAxuFzPIlBRcubPi2dhrFzDZnE/Sgjp6O6ITL+d4HLc+0akZ6Z1L43CbW9KiEOw9srW5Fn0nyk8BCAl0Ygd6nNvkGDFbY/UUGSIsfKaGE0FE5o5KInFoHx2GwbvWS9HOXeLT7WcobCX7I2KCGSTZWmknEnvhvKDT8SE5mE70lPZPx+BFFPNDebRrimfrZytqrTPXOsVLqBpNrYLCDs0WiXDqYZVND1G29++9Ztkm7EutiOicOaun7uRV55Q2gDzZW2xDEx6ftG1CzC/GigRGtIr2Ksy8Q0seZWvJsix+eDZ0k6xQ== X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?84Vlq3Od+Nkm/cgXHXwqZvNPzTR+EQnno+rrL89V3tu0XCg8e6+eIm/vgz0w?= =?us-ascii?Q?JKf9IY6Zqr2UgoDcX4D2U9CBBJwhmtzZ/ydhKrGt9Q1MYMaz07ofVuqwmLYF?= =?us-ascii?Q?lYg7eG9CvDCCJZEBSClrqNIXtjgGrEEtuHah7UlTQwmWhTV1/VUEi8kJftFo?= =?us-ascii?Q?yi60aA7CL2XzexOkcEbSJIoIkjGlul53S6kWO4AiomD7CiePQ9u9ueM/4eCX?= =?us-ascii?Q?xozmrL7v1+JwdgoPV0xEzW+FhJxroKVHIqMITdB8vSKka/a891LjKh7V6bDI?= =?us-ascii?Q?Tb7MIQPLkjDIk0XR3cGC6e09+dXH/THD0/YPrveTn9MUU0jLZF94pTkq2cw9?= =?us-ascii?Q?6VGWkdKqGrtwbjllPnAuhMWQn+Jhne2CJpXsVnmX9kDX7ICGIJSgxRNjxVH/?= =?us-ascii?Q?vWpcCrqLfL5IGMEiTYDkPCqMlFBDRCShQ+IbI5Y2X9gQQJw4HkMOP+TtxHBC?= =?us-ascii?Q?GVaD47beb5W7h0D5R78QX8LnbbGAOtcAMc0M32kC7JWYDTTOKaw/41IAik7d?= =?us-ascii?Q?ta+N+gS72wAvTbW9iDdF9mj1eA0yaNXJCZUGRS2W/KwU0brB/qM/xCLuUUwD?= =?us-ascii?Q?g9j09eS4zDqjElA1N+/1qVZWpk4MRcJ2smAa04vp9mQg8hDTc1uaGVjpSd2n?= =?us-ascii?Q?yXGQgYRPq50eNwd0HwY1h+5q11+lXOOE57gHVTOKA0lXWVUoLEW5JBwQS6fU?= =?us-ascii?Q?1+kdUkfKDGCbU30efWm6mR9+rg9gYFl7x3m/4ATLgG/38UAmCYdWndyxCmez?= =?us-ascii?Q?5HdiqGin39Ws+4MQUPBG/7yqhBYEA+H2OoE6VN9Dj7RVHc8ZLBWtPCCI/i3n?= =?us-ascii?Q?FbcBEhEmLJ17m6AinfGskD79XBTUeUowjYq3F3dE+MGUPWx2wq1cRPQA62Rx?= =?us-ascii?Q?5FQqwoiTI0yi4sGasI7pWlnD+8rYJzozQRhUAzLeaLlgRhE2nMKobXdB10ui?= =?us-ascii?Q?1nLpRZzeE4euUxypmSU416YcMF13pra2OsxpPDkFAZ1LUA/cYNPuomM6KS35?= =?us-ascii?Q?fAbz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6f130e55-dd89-4726-9d88-08d897da8d2f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Dec 2020 22:27:00.2866 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: niTinYtfCsq3sPiwv7kh92W06HNLKdxQl7ZobC8nHLZ0q7Jv1QoeddUEEvRKl6cwzlDc7z2JWJzqV10Sk5nM2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2446 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: TwduDpqHOo92Mgl8V96zGkk2x1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1607039802; bh=REYzxfudQX8tim1rpkDOOnX9PbINY8MFlvDpgXez31E=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=Uo2nT89uY9rdJrnv5CcQpU77Y5jfLiGZxvaeezJ0MOJuphGgBOjLDjUdUPoClDmNa8v E0LEGk2afFqUnKwAUfyZC7jFRWX6y4IEdb7qkOV7MITIgsR6XlKpLik+JjXfISkE/yl8H /2Zsrc3aOenjKHiTSubjcBO8kzmK1fEq0yk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Add SEV and SEV-ES hypercall abstraction library to support SEV Page encryption/deceryption status hypercalls for SEV and SEV-ES guests. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/Include/Library/MemEncryptHypercallLib.h | 37 ++= +++++ OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c | 105 ++= ++++++++++++++++++ OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf | 39 ++= ++++++ OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm | 39 ++= ++++++ OvmfPkg/OvmfPkgX64.dsc | 1 + 5 files changed, 221 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptHypercallLib.h b/OvmfPkg/Inc= lude/Library/MemEncryptHypercallLib.h new file mode 100644 index 0000000000..cd46a7f2b3 --- /dev/null +++ b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h @@ -0,0 +1,37 @@ +/** @file + + Define Secure Encrypted Virtualization (SEV) hypercall library. + + Copyright (c) 2020, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _MEM_ENCRYPT_HYPERCALL_LIB_H_ +#define _MEM_ENCRYPT_HYPERCALL_LIB_H_ + +#include + +#define SEV_PAGE_ENC_HYPERCALL 12 + +/** + This hyercall is used to notify hypervisor when a page is marked as + 'decrypted' (i.e C-bit removed). + + @param[in] PhysicalAddress The physical address that is the start= address + of a memory region. + @param[in] Length The length of memory region + @param[in] Mode SetCBit or ClearCBit + +**/ + +VOID +EFIAPI +SetMemoryEncDecHypercall3 ( + IN UINTN PhysicalAddress, + IN UINTN Length, + IN UINTN Mode + ); + +#endif diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.= c b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c new file mode 100644 index 0000000000..f1136b7d36 --- /dev/null +++ b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c @@ -0,0 +1,105 @@ +/** @file + + Secure Encrypted Virtualization (SEV) hypercall helper library + + Copyright (c) 2020, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// +// Interface exposed by the ASM implementation of the core hypercall +// +// + +VOID +EFIAPI +SetMemoryEncDecHypercall3AsmStub ( + IN UINTN HypercallNum, + IN UINTN PhysicalAddress, + IN UINTN Length, + IN UINTN Mode + ); + +/** + This function returns the current CPU privilege level, implemented + in ASM helper stub. + +**/ + +UINT8 +EFIAPI +GetCurrentCpuPrivilegeLevel ( + VOID + ); + +STATIC +VOID +GhcbSetRegValid ( + IN OUT GHCB *Ghcb, + IN GHCB_REGISTER Reg + ) +{ + UINT32 RegIndex; + UINT32 RegBit; + + RegIndex =3D Reg / 8; + RegBit =3D Reg & 0x07; + + Ghcb->SaveArea.ValidBitmap[RegIndex] |=3D (1 << RegBit); +} + +VOID +EFIAPI +SetMemoryEncDecHypercall3 ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Pages, + IN UINTN Mode + ) +{ + if (MemEncryptSevEsIsEnabled ()) { + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 Status; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + VmgInit (Ghcb, &InterruptState); + + Ghcb->SaveArea.Rax =3D SEV_PAGE_ENC_HYPERCALL; + GhcbSetRegValid (Ghcb, GhcbRax); + Ghcb->SaveArea.Rbx =3D PhysicalAddress; + GhcbSetRegValid (Ghcb, GhcbRbx); + Ghcb->SaveArea.Rcx =3D Pages; + GhcbSetRegValid (Ghcb, GhcbRcx); + Ghcb->SaveArea.Rdx =3D Mode; + GhcbSetRegValid (Ghcb, GhcbRdx); + Ghcb->SaveArea.Cpl =3D GetCurrentCpuPrivilegeLevel(); + GhcbSetRegValid (Ghcb, GhcbCpl); + + Status =3D VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0); + if (Status) { + DEBUG ((DEBUG_ERROR, "SVM_EXIT_VMMCALL failed %lx\n", Status)); + } + VmgDone (Ghcb, InterruptState); + } else { + SetMemoryEncDecHypercall3AsmStub ( + SEV_PAGE_ENC_HYPERCALL, + PhysicalAddress, + Pages, + Mode); + } +} diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.= inf b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf new file mode 100644 index 0000000000..1936fe5b37 --- /dev/null +++ b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf @@ -0,0 +1,39 @@ +## @file +# Library provides the hypervisor helper functions for SEV guest +# +# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION =3D 1.25 + BASE_NAME =3D MemEncryptHypercallLib + FILE_GUID =3D 86f2501e-f128-45f3-91c4-3cff31656ca8 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MemEncryptHypercallLib|SEC PEI_CORE P= EIM DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER + +# +# The following information is for reference only and not required by the = build +# tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + UefiCpuPkg/UefiCpuPkg.dec + OvmfPkg/OvmfPkg.dec + +[Sources.X64] + MemEncryptHypercallLib.c + X64/AsmHelperStub.nasm + +[LibraryClasses] + BaseLib + DebugLib + VmgExitLib diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm = b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm new file mode 100644 index 0000000000..5d8a7aa85a --- /dev/null +++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm @@ -0,0 +1,39 @@ +DEFAULT REL +SECTION .text + +; VOID +; EFIAPI +; SetMemoryEncDecHypercall3AsmStub ( +; IN UINT HypercallNum, +; IN INTN Arg1, +; IN INTN Arg2, +; IN INTN Arg3 +; ); +global ASM_PFX(SetMemoryEncDecHypercall3AsmStub) +ASM_PFX(SetMemoryEncDecHypercall3AsmStub): + ; UEFI calling conventions require RBX to + ; be nonvolatile/callee-saved. + push rbx + ; Copy HypercallNumber to rax + mov rax, rcx + ; Copy Arg1 to the register expected by KVM + mov rbx, rdx + ; Copy Arg2 to register expected by KVM + mov rcx, r8 + ; Copy Arg2 to register expected by KVM + mov rdx, r9 + ; Call VMMCALL + vmmcall + pop rbx + ret + +; UINT8 +; EFIAPI +; GetCurrentCpuPrivilegeLevel ( +; VOID +; ); +global ASM_PFX(GetCurrentCpuPrivilegeLevel) +ASM_PFX(GetCurrentCpuPrivilegeLevel): + mov ax, cs + and al, 0x3 + ret diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index e59ae05b73..97c31c7586 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -174,6 +174,7 @@ VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf + MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncrypt= HypercallLib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#68294): https://edk2.groups.io/g/devel/message/68294 Mute This Topic: https://groups.io/mt/78698660/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-