From nobody Tue Apr 23 06:34:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+84085+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84085+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=outlook.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1637845963875745.6254261123285; Thu, 25 Nov 2021 05:12:43 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id KZA6YY1788612xlgPOfC7tSM; Thu, 25 Nov 2021 05:12:43 -0800 X-Received: from AUS01-SY4-obe.outbound.protection.outlook.com (AUS01-SY4-obe.outbound.protection.outlook.com [40.92.62.188]) by mx.groups.io with SMTP id smtpd.web10.11911.1637845961260923533 for ; Thu, 25 Nov 2021 05:12:42 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ue9Yg6oBae03xXsN/X2X4mEM2azZd3iOR879HCUTYLBm3ACPxnYT64Z2T3IklElAGb6gTS+yYuKJlb6kT73KX77uxJAqoqX+Z/xGNMIqhZY6a1zvV8epO6s9bitJRze8VN9l3WsCb8Bo/2Uk7AEga7h4vSury4lZBSdk+8WFYRuVWkY+acZ33PHuNgHcX+EwPbMvT56U2hja62Lj91EqXx3XCDKCQReZI8XAHRJhXIugoN8wAMggcCO8fgAYE/oKDIHJ/c2zT6Hh6a0dMdbdwnB7o2ibgTLsxDhq4OG8MjXDcTcE/tkntM6OIVkge3U7jCBLnr/1a4XumKCu17VKxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5TeKVFImKTVG6/5fvSBauN63evUN+WYuWJEq3JaC5S0=; b=It9aeHxgXacpPzAAXPnb4xvCLTD73wvG+BRzgv6qhQHNiBuEgeXCehi/BByYiy72x8IxEMSxWf0wJpkOB+p1I9KmrieSKa395pyTmLsSLiARwR1LNP5UCA1EdgZoaJXuQ12vt+Qzl8wUIwFXediA2b7ebOxXW5VW+5t/1LhiAFS5GQeOC5Q+yTD0OwfZvPJh84/MsoHGJaCYA+Ss0iYoXfHOdluLy82zdMaYfsWaqFX2/9xM32sP0WsaxqaGDBLT2LtVLJeiKl9mDJXjWuB+CY5HiBvHs6C6bUhPHMEHqWVnjXfX8Y6aMzdADhqD8MBeRe/xPNv7KqFoOLy/F6Ui6Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none X-Received: from SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:169::6) by SYBP282MB2978.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:155::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.21; Thu, 25 Nov 2021 13:12:36 +0000 X-Received: from SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM ([fe80::e824:64d3:baaa:3d0a]) by SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM ([fe80::e824:64d3:baaa:3d0a%6]) with mapi id 15.20.4713.027; Thu, 25 Nov 2021 13:12:37 +0000 From: "qi zhou" To: "devel@edk2.groups.io" CC: "brijesh.singh@amd.com" , "erdemaktas@google.com" , "jejb@linux.ibm.com" , "jiewen.yao@intel.com" , "min.m.xu@intel.com" , "thomas.lendacky@amd.com" Subject: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase Thread-Topic: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase Thread-Index: AQHX4f2b4kgqpIwgKUWr38R05chesQ== Date: Thu, 25 Nov 2021 13:12:36 +0000 Message-ID: Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: 2b5c4d60-9dc4-03ec-03fe-f6dc62d0c975 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [Q0YhwGRssMm7n+tKwooGhcONwJZl6Z6Q] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a132bd7b-b714-4b7a-6f05-08d9b015405a x-ms-traffictypediagnostic: SYBP282MB2978: x-microsoft-antispam-message-info: 2q/Gbxu4eHWRixy/QRSx4h78TWWqRd+3bLxgRZx1bjcnuU2MHQIuFgYqE4ZvB+WYUDiQujS90MLusbluqJ37jnaFNcjuHHXztPSaTsK3VYU7jc+NRsRJuyQIkVDasWse2cvQIBM2CkVqYZSsxMU+NGVQNQkPbb6uzxiNuLjpz0RvAEOdJmB7KKewbbD6M+U+AoYfMMUkhriZE+bLVcqTlxEqJsENPwRzszkqtCLzrFFAlco11DZXHMioDkKV7xVddaFXKnFL3ZI/CgZwk2S5nx/vQGocP6Zz/iLwJWUpyZFkGl2GacodCh6Tj7H1aC48FOiuA59YezvTfWTaAYQJDq+zV4m0QQi9fp90jpbmqcyy4tt/D6cOl4fcYpaS6PnR0/5OvP45oQbZBPTurdqBsWMHLT5Unkt3qKfC4g8x5K2zZkgMzOKTA5RnIKaOHduMj/l9C2DyxdtzN9RCztUnl/+akFq4tolXuYS23n5yXCgBb2nqZQxXECfkLTc3+Uc+lgXYBezfgKMpD++gWy4QzqKstF3iNTIZFIEDHFAi7BVmvnFHnX0N4eucgzeGxGKhVeHP41ufzRvIuFjgvXX1mw== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: rhSxw2qbtfWV9bVIq0r4/sH5VWWuq02FJkqjtqc0GowiWQaOKjkbHJtZZZeQkZDFU6bGvun9CcZE16jhaiKiUeKCkQ05pR77RfaxNmD0iCg82X0cSGn76fbiUFWijEA2g8aZwhrLMRb9bqHxKUYO7KW4mM2ZLzLppBVJXIDchpOxHriLI9F92lb7SF0o5c9RS+gmZX9ZO+PeyxIKNynqlImzH/K4h7mW2KKMboS3MMAMMLJth3t1HFM8tvLGYTeZPmN7lUdbYTdrsydVY6h+amQLTAdULbvm7hSWZCdpWm0G4YpNXu9fP497rBnbmHXFg5uxsaC64eKfRjM72CbeHN0i1eE5KUcGEjybHkPpoOp8NN8r8VNh0JDxYpfaPxvN5fWJLlESYZGfmQhhBa7Gijt9YoG1RCRnkbjTlId2YndTnOL3rI6cSgKfPcEWJJKv0bv+xRs21W05LsvH1CyOrOwf/YKV2aKydG91UH3lQ3+zEersltC6vqW29TrzVyqegV+2lQ0YBBIZkRDfFhzo+XMg42NJ/4x4d0lHFGYnU8cLroMbxX+G/rs5yC6F069Qzb5D+l/zCodnD3T+pOYcN1ObkzEbhe2QbwCRmGxUbupDmU+7d25teKBLk6J2eRqX/6YHVxUdzCHq2bZoU4gpVrMzfmh/0epcPTP7IiYXX/+LFUEDsLoSJZgqtsO1VIjYmKCBT6XQ/5fNATVeY6kPug== MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: a132bd7b-b714-4b7a-6f05-08d9b015405a X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2021 13:12:36.8881 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBP282MB2978 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,atmgnd@outlook.com X-Gm-Message-State: wmyDOraOz6iG9S4k5T3WDVpgx1787277AA= Content-Language: en-US Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1637845963; bh=YIRIfoFWbfe0AoCWgmm2xD92PVScGprShuJ8Ki/ECXg=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=YyxL/kNvn2LJII3wRz4GddLNeciyJzMHvci1srGgNlY3MHrgrtvfsaxLMvDBGIwWmbO 5Sm7EZamYlmEIM2k84PFUYirGaCRwCGVmFJ61q0tRBUoYpb0WMe3eDsNqtSXB91VBFUQk QXuVAAS7VcwFXvM2lKt6nbm++REcJvk9pAM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1637845965735100003 Content-Type: text/plain; charset="utf-8" From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001 From: Qi Zhou Date: Thu, 25 Nov 2021 20:25:55 +0800 Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by os(Windows etc), and will not restored on reboot, the SevEsWorkArea->EncryptionMask may have a random value after reboot. then it may casue fail on reboot. The msr bits already cached by mSevStatusChecked, there is no need to try cache again in PEI phase. Signed-off-by: Qi Zhou --- .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------ 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..0819f50669 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus ( UINT32 RegEax; MSR_SEV_STATUS_REGISTER Msr; CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; - BOOLEAN ReadSevMsr; - SEC_SEV_ES_WORK_AREA *SevEsWorkArea; =20 - ReadSevMsr =3D FALSE; - - SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); - if (SevEsWorkArea !=3D NULL && SevEsWorkArea->EncryptionMask !=3D 0) { - // - // The MSR has been read before, so it is safe to read it again and av= oid - // having to validate the CPUID information. + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { // - ReadSevMsr =3D TRUE; - } else { + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) // - // Check if memory encryption leaf exist - // - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); - if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { // - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NUL= L); - - if (Eax.Bits.SevBit) { - ReadSevMsr =3D TRUE; + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + mSevStatus =3D TRUE; } - } - } - - if (ReadSevMsr) { - // - // Check MSR_0xC0010131 Bit 0 (Sev Enabled) - // - Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); - if (Msr.Bits.SevBit) { - mSevStatus =3D TRUE; - } =20 - // - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) - // - if (Msr.Bits.SevEsBit) { - mSevEsStatus =3D TRUE; + // + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) + // + if (Msr.Bits.SevEsBit) { + mSevEsStatus =3D TRUE; + } } } =20 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84085): https://edk2.groups.io/g/devel/message/84085 Mute This Topic: https://groups.io/mt/87301748/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-