From nobody Mon Feb 9 18:45:15 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+88441+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1649179997644648.5068862197708; Tue, 5 Apr 2022 10:33:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id s9KpYY1788612xRjxEjxn3hD; Tue, 05 Apr 2022 10:33:17 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.73]) by mx.groups.io with SMTP id smtpd.web11.109.1649179996430414145 for ; Tue, 05 Apr 2022 10:33:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YbRfCTQR5oxMjERLtY7ign2Np/Fh/sgOn9DkXBpYQ580XYfmX03fMWAyn0CSvwhuTQWxBwQbqm5TTUClR/pQO7ttWlcgdEKc+H4H7nFLnUw41xs1KbvbNaop00B290t0sP+BG+lk9BVIF3vXKgt2u+ZciPIumiVD7ekbxFnFXdotUQ/J222gjZzhfr9K+Zza4YIxHFBJIhQGBcd18CYL9D5vbZyChymTtIHRmHzF0OkuN8Prl6Q9U16sZ8LzM3fS5c5X7liJSJcoffMvvpavDvXaupoHZneFtAo2vOjN9lH8S/+8aOmUSVn8KAMJ7YDmLk21hB5eeuMWlMfEeZhdWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Xhhdohhx02B4MoP7YOlLSQaujslzZPGS3ZFI5mABxQM=; b=JmG1mVRLopIbUPY1aHHtUf5Fct2CUqhtBT0nmvHgoPZNi90UwwNH9VD6AfjDq/HpQLrwzTsAkXaUw33YI5mvZ8GCkY8vGvm2nWgnw+zyFzBQOU9DorFPrvZdW52uuuVjK6k7Yb68CAZ2vEeUyOYp3T/FRtY9lx1jvw+xccajL+81b0dj85JVyDff8nCegDcwiTkIRff6va4Aq//lH06iq7CVlC5T7iFTyq8GDukUdjHiHyd0E5GxZN0sMiSsTYqOqPVyH6mEF7XoQrhXKsrPhnnJEbdA5+wOg+kBi11J/M433Dhbhp+OGfJHrOysIrJlji2sAoXOzskfGeHoVdAq9Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none X-Received: from BN8PR07CA0011.namprd07.prod.outlook.com (2603:10b6:408:ac::24) by DM5PR1201MB2475.namprd12.prod.outlook.com (2603:10b6:3:e6::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Tue, 5 Apr 2022 17:33:14 +0000 X-Received: from BN8NAM11FT065.eop-nam11.prod.protection.outlook.com (2603:10b6:408:ac:cafe::d5) by BN8PR07CA0011.outlook.office365.com (2603:10b6:408:ac::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31 via Frontend Transport; Tue, 5 Apr 2022 17:33:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+88441+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT065.mail.protection.outlook.com (10.13.177.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5123.19 via Frontend Transport; Tue, 5 Apr 2022 17:33:13 +0000 X-Received: from ashkalraubuntuserver.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 5 Apr 2022 12:33:12 -0500 From: "Ashish Kalra via groups.io" To: CC: , , , , , , , , Subject: [edk2-devel] [PATCH v8 6/6] OvmfPkg/AmdSevDxe: Add support for SEV live migration. Date: Tue, 5 Apr 2022 17:33:03 +0000 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 60b109e7-bae9-4311-c802-08da172a5cba X-MS-TrafficTypeDiagnostic: DM5PR1201MB2475:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: /pC3oZ1FoDrOAiYwT65Uvh7MXn92BHxwg/gRydqRMr4n2dosieE7ZaeHsk+06qlxlEy0IjEkrFW1OOrqtTB84T60RplEj2NMCXSIlIlV75g8gJu4Ud6Zc/3ng94NwwXoaaQP+bcHGcrTFZRCmTYe5SQQKZet5iLcCwnv8NbT1t20fqBn1jYE2F/dj45eGOEpbHN/OAGcTYFvfknjocUm3sDU27Xt49XZpbBZv1y9LpgTbPJvCPG5c703JmqVG2HCdqtWTnwayH0vobg+c+Znj53v0xzNJM5nwftESymsjMMHS0tMOaNUZqZwYQIwgtQVgFKFH1YfDNH3O+ROx6R4xZ0gHHiBplzSoG/YarBdes+OK3Su0vFe71Dw7pgHtabedk3xeHZKXYUJP6tTVKgxMWqPvRVRiwYtvBTi5tYgUvooGI49jTZq4BhJR/iwo0a3I4I9i+/4ajOZMibzOtmuD8/g/r/MrYg0Vrsdwa6T0RLedo7Ld1TkiCs7od2+wGrB2rd51mH9mbOLfqK9pUJFzjf80zb7omzp8udCxNYYm9fKPXtBhQ/jFa4UG106H7rOh+f7F9dVQgNT1AEtGkoe+NLdil4gh2nEi3EYZzW0fwHl4GxGKxUjxmLMbf5qRTO9EwRn7vUQIUuf/sfYjqiQP/vBc7K3TQH82voVbOk/VI7QWrMXQjvy4gSOghL1gwJtQfvQp81WXUyP7ZbpUtvYpg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2022 17:33:13.7375 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 60b109e7-bae9-4311-c802-08da172a5cba X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT065.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB2475 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: 2YTF7yhflJvlSYNxsjjPs2KLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1649179997; bh=C8nV5F/+wgOoqDtiI1l/Io74cCVcS60BR11sKDj4dyA=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=mCUaC1qxiWNCguHodAOSFP1zxWbSN0+J6r6mAWyf/CUqzit/qoge4MGx8EjmaeQg3aq aIagqKLcXSqSUd+7TGhqRoS2HMLxP+CD5yVIfkSVYOftojX6tmfVN4aSsvgTJoA4s7nCM 9KM2+Mx08tTW/DttkICPvyKBl9hQc1ii2vU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1649179999125100001 Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Check for SEV live migration feature support, if detected setup a new UEFI enviroment variable to indicate OVMF support for SEV live migration. This environment variable is created by UEFI but consumed by the (guest) linux kernel. This is actually part of a 3-way negotiation of the live migration feature between hypervisor, guest OVMF and guest kernel. Host indicates support for live migration, which is detected by OVMF and correspondingly OVMF sets this SetLiveMigrationEnabled UEFI variable, which is read by the guest kernel and it indicates to the guest kernel that both host and OVMF support and have enabled the live migration feature. The new runtime UEFI environment variable is set via the notification function registered for the EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. AmdSevDxe module is an apriori driver so it gets loaded between PEI and DXE phases and the SetVariable call will fail at the driver's entry point as the Variable DXE module is still not loaded yet. So we need to wait for an event notification which is signaled after the Variable DXE module is loaded, hence, using the EndOfDxe event notification to make this call. Signed-off-by: Ashish Kalra --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 67 ++++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h | 20 +++++++ OvmfPkg/OvmfPkg.dec | 1 + 4 files changed, 92 insertions(+) create mode 100644 OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 662d3c4ccb..1453d68d81 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -15,10 +15,13 @@ #include #include #include +#include #include #include #include #include +#include +#include #include =20 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { @@ -31,6 +34,39 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBoo= tDxeTable =3D { FixedPcdGet32 (PcdOvmfCpuidSize), }; =20 +STATIC +VOID +EFIAPI +AmdSevDxeOnEndOfDxe ( + IN EFI_EVENT Event, + IN VOID *EventToSignal + ) +{ + EFI_STATUS Status; + BOOLEAN SevLiveMigrationEnabled; + + SevLiveMigrationEnabled =3D MemEncryptSevLiveMigrationIsEnabled (); + + if (SevLiveMigrationEnabled) { + Status =3D gRT->SetVariable ( + L"SevLiveMigrationEnabled", + &gAmdSevMemEncryptGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof SevLiveMigrationEnabled, + &SevLiveMigrationEnabled + ); + + DEBUG (( + DEBUG_INFO, + "%a: Setting SevLiveMigrationEnabled variable, status =3D %lx\n", + __FUNCTION__, + Status + )); + } +} + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -42,6 +78,7 @@ AmdSevDxeEntryPoint ( EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; UINTN NumEntries; UINTN Index; + EFI_EVENT Event; =20 // // Do nothing when SEV is not enabled @@ -158,5 +195,35 @@ AmdSevDxeEntryPoint ( ); } =20 + // + // AmdSevDxe module is an apriori driver so it gets loaded between PEI + // and DXE phases and the SetVariable call will fail at the driver's + // entry point as the Variable DXE module is still not loaded yet. + // So we need to wait for an event notification which is signaled + // after the Variable DXE module is loaded, hence, using the + // EndOfDxe event notification to make this call. + // + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. + // The notification function sets the runtime variable indicating OVMF + // support for SEV live migration. + // + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + AmdSevDxeOnEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &Event + ); + + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "%a: CreateEventEx(): %r\n", + __FUNCTION__, + Status + )); + } + return EFI_SUCCESS; } diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 9acf860cf2..42f8af0d0d 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -52,3 +52,7 @@ =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + +[Guids] + gAmdSevMemEncryptGuid + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event diff --git a/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h b/OvmfPkg/Include/G= uid/AmdSevMemEncryptLib.h new file mode 100644 index 0000000000..62d22e79a9 --- /dev/null +++ b/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h @@ -0,0 +1,20 @@ +/** @file + + AMD Memory Encryption GUID, define a new GUID for defining + new UEFI environment variables assocaiated with SEV Memory Encryption. + + Copyright (c) 2021, AMD Inc. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __AMD_SEV_MEMENCRYPT_LIB_H__ +#define __AMD_SEV_MEMENCRYPT_LIB_H__ + +#define AMD_SEV_MEMENCRYPT_GUID \ +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x= 75}} + +extern EFI_GUID gAmdSevMemEncryptGuid; + +#endif diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index b9ca441202..0f415f24db 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -142,6 +142,7 @@ gConfidentialComputingSecretGuid =3D {0xadf956ad, 0xe98c, 0x484c, {= 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} gConfidentialComputingSevSnpBlobGuid =3D {0x067b1f5f, 0xcf26, 0x44c5, {= 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}} gUefiOvmfPkgPlatformInfoGuid =3D {0xdec9b486, 0x1f16, 0x47c7, {= 0x8f, 0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}} + gAmdSevMemEncryptGuid =3D {0x0cf29b71, 0x9e51, 0x433a, {= 0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88441): https://edk2.groups.io/g/devel/message/88441 Mute This Topic: https://groups.io/mt/90271245/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-