From nobody Mon Nov 25 12:19:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+69872+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+69872+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1609968269633783.8171789802873; Wed, 6 Jan 2021 13:24:29 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id vCMmYY1788612xBp5tqwjbSd; Wed, 06 Jan 2021 13:24:29 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.74]) by mx.groups.io with SMTP id smtpd.web12.509.1609968263817507469 for ; Wed, 06 Jan 2021 13:24:23 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XmXyFFnvT7VBxYPIxhSggeLqEt2BW1aal2+aPw/TDVGUYL4sp5v5BgP1uz1n7ZhhfdjRSadybSJsDivsUdP+g1GTLXX+mH7OMUdNvHiJKqOd89U1dL1ExX89pSvNfgcOo19B0oNvQeuWEhUmyQZAIa/vbNEUrJQJE9EhiS2WZvuI1Gyouz/iJFszO1hIrlphRsful5CJH64yF+W+sS3YPRkZ5ez0MiuBxGqi82/lzHLHqunDaslonxlMEoD3qL3gYV2RQ5X+0JsssTAGfyCmQrnWcSxBmT+04afoPnVlpyv4ohwybDw+dRb5SOBj0xKEAfvOwrm/yhhKjVqjgTb2eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mdmLM6cNCtI0J4G6FIYY5jcP+TMvniVf70QE2BrfEMk=; b=koc+AmTQaeAsdJrycOL4wH77NbRqjwY3nqRF/Tm4lnT1WWRPrnSLU+5I9/+B/c2rbtQzuhGuBAA+fUAGl8JuyF7MHqKgMiwhUyj90vIiuXE1QTakVDOMxpFhBXVfWa37k0Fk3FvpjU3vSJm49+sx63/JbidIobnFXZa/gqc1W5SZLSqxnRUCmX5UhfIGHMku2bQ5M7yXbcWXlQ4060xSocOm8s3PnmFjf8wuM9+PV7DxxA/7UfNxAYYXYGk8MKvPuQk79WLlQD+uMN+6RcgqLkmxNYtqUfO9MwHt8VH/tCWez3GbhnX2SnT2f5D0kA5cHo9SpfAZFu6GyUDnwGFxqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1259.namprd12.prod.outlook.com (2603:10b6:3:75::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Wed, 6 Jan 2021 21:24:22 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Wed, 6 Jan 2021 21:24:22 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Anthony Perard , Julien Grall Subject: [edk2-devel] [PATCH v2 14/15] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Date: Wed, 6 Jan 2021 15:21:40 -0600 Message-ID: In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR05CA0029.namprd05.prod.outlook.com (2603:10b6:805:de::42) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR05CA0029.namprd05.prod.outlook.com (2603:10b6:805:de::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.2 via Frontend Transport; Wed, 6 Jan 2021 21:24:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 76d6ba98-bcb7-4137-4d79-08d8b2896f7f X-MS-TrafficTypeDiagnostic: DM5PR12MB1259: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: NL76Qdlj5wusn3wbJl97q4laHTc2ID6hUYPraLSow9YxkxKsHrPo95hpWKxkn7V2ePGWMAEUg6I0DBZToKu7i0Bvn4GEyUbesUitd/gq4Qz0To5o6dpgpd051hQMnEOQ6DvNjnlerS07zupPUDey35jNeEBzWB1EPG/DiKalNU/NjwtYudFmN3BPEyGrRm8CbaoPNXBFwrUz2nr6Yb+l1YSYpGkWcDvOJg+APMDpRcrJCW87Hmzx2SLx33vbgnhmWo802UonweQQbWykXR+T/Ntds0b9tf44Tx6nN27H0H60DaL4UVEC3fTb9xUOTirPIS+R+cnDLqkUKoBeWcI2YEUc4UjRC3pCfAKIX/Bu9AvPlcRYQBVPeFq6y4hXQ6Gl7uWQqZYkX/V1SgLPxAHG7AWD9bDBkMc3ISKEuZcFtmtVfUxOgXLkYgB1BcIUWy9agmcsJitQaa1dqfJr/k8Nfw== X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?RcygM2CV5b14yc9cOscc64WEZwsR0b1jk2X2gAb3YPs9KSKVlVM4/jJndUqC?= =?us-ascii?Q?YmSmmGu2IsboPkQPnpPeDeNbDyXGoBisMRgUlur3MF8sw+QqexiFHw37KG+g?= =?us-ascii?Q?AYiOBp+29pwQZAQWo+DHd05FTfEPWXwdbCgReEB3q5uoo+cCW7E/E1pK9ern?= =?us-ascii?Q?/SpOD6ElkHbXEQz/2Vgl9AUZiwvQ93uHUntZ+144iiktRebbFLg0rcb9UGux?= =?us-ascii?Q?kEHaorwnEJXw6S7O9LIoyFEuLQi73YKfKYxtuQTZ4JeMdXQI+r3Wdnb6d28H?= =?us-ascii?Q?d7s68P3CGqAZ9puY4ritMinewY6+By4aOW7ATH6IVdlDJOmG+EqqlatZ2C9w?= =?us-ascii?Q?UsrKYAnB5fZDzLmfRQ1VJ5bxTu8n5V5cfVQROvb42hy7WlxPbgrKjKUdWwsb?= =?us-ascii?Q?i/YbKhj+yrhlR8s0Y325CPKYba8LlyawdxSKpnfW+IiSCmUll8d0GDRZrycl?= =?us-ascii?Q?ozBd/Wu5WfiyjYot8+hyGUheTYgzICLQPvU1M8UCS9OgLLN3bhpkCSkmwGu3?= =?us-ascii?Q?Rhm4eW60f0Zd8IAW6ecoyr+e87/81QEIOTCjyKn9/1ZE65CexdYBoYWfNh1e?= =?us-ascii?Q?QTVQ1BoZVsZBKGiqdSYBfiECOhK5PIOVvxy2HhjlX2e4UgKfz+6J7dIiREUj?= =?us-ascii?Q?1rSvvJMPij5bQK6Yyui0uDUs6f3xeL+EUJsOG+T7T+F6BiWbiqEzN/Q/hGgQ?= =?us-ascii?Q?ol9CMLCgty89KabYRnr4FDPqe1su5OKSdpykB1/UfXyZ0M32rHJ//5yM9MIH?= =?us-ascii?Q?+rI4HQM+XUG2fI79z8DWTWzX8UZ7DJrZ1ls1U+5JfKl9JKLLCyz9UWvoIzmx?= =?us-ascii?Q?Sg4RQJV8s9/HJYtZ2E4+xgbRxsjXOb9hPmAJwJoi0Cx5YmNk8XA+nvG5xteo?= =?us-ascii?Q?eLOs0NGZ87algmHIsZDJRTrozuVUTI10PRCAVIVMc+99PDuNr/OD4z3oCu00?= =?us-ascii?Q?cuCW2eGGSgIcUm2I2yr8KS+Q2C27nYwh9kUvcOm9UxzfAZOTUji1Z6en2E/a?= =?us-ascii?Q?HfId?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2021 21:24:22.2753 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 76d6ba98-bcb7-4137-4d79-08d8b2896f7f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lVggbJ/+nW3F/hxyZq4t6WT2IKLtyBMt8JpoI0JVO1IIe/AKvhdlsYreN9yCTOKHKSboQ1i5Gd2RZejy2Oq+Jg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1259 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: ug54O7swAJyxajXUunEklwWYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1609968269; bh=8zY6G1IUscwXa/v5pqF39oHEZpmzFGvsS/BQsJryI64=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=vOV7o32SAqIrBrkl6XkYQZMcCNqwVdkyUU72doAu8cLQzxCgo0Nvp12jh/tiLb8fHlj mxAxXnwOQNKOHkSUzxesE9FgCrNNiQQbQI9YqjdA9OZsDKccqYDwzbULHLjWYOtVqd8WZ okcPTgevebkNw4f5ba4v1Re7/54ePrK9WdQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3108 Protect the GHCB backup pages used by an SEV-ES guest when S3 is supported. Regarding the lifecycle of the GHCB backup pages: PcdOvmfSecGhcbBackupBase (a) when and how it is initialized after first boot of the VM If SEV-ES is enabled, the GHCB backup pages are initialized when a nested #VC is received during the SEC phase [OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c]. (b) how it is protected from memory allocations during DXE If S3 and SEV-ES are enabled, then InitializeRamRegions() [OvmfPkg/PlatformPei/MemDetect.c] protects the ranges with an AcpiNVS memory allocation HOB, in PEI. If S3 is disabled, then these ranges are not protected. PEI switches to the GHCB backup pages in permanent PEI memory and DXE will use these PEI GHCB backup pages, so we don't have to preserve PcdOvmfSecGhcbBackupBase. (c) how it is protected from the OS If S3 is enabled, then (b) reserves it from the OS too. If S3 is disabled, then the range needs no protection. (d) how it is accessed on the S3 resume path It is rewritten same as in (a), which is fine because (b) reserved it. (e) how it is accessed on the warm reset path It is rewritten same as in (a). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Anthony Perard Cc: Julien Grall Cc: Brijesh Singh Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/PlatformPei/MemDetect.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index c53be2f4925c..6ef77ba7bb21 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -118,6 +118,8 @@ [FixedPcd] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =20 diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec= t.c index ffbbef891a11..c08aa2e45a53 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -888,6 +888,11 @@ InitializeRamRegions ( (UINT64)(UINTN) PcdGet32 (PcdOvmfSecGhcbSize), EfiACPIMemoryNVS ); + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSecGhcbBackupBase), + (UINT64)(UINTN) PcdGet32 (PcdOvmfSecGhcbBackupSize), + EfiACPIMemoryNVS + ); } #endif } --=20 2.30.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#69872): https://edk2.groups.io/g/devel/message/69872 Mute This Topic: https://groups.io/mt/79485096/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-