From nobody Sun Feb  8 12:20:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+53784+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 158085739242126.966833379159652;
 Tue, 4 Feb 2020 15:03:12 -0800 (PST)
Return-Path: <bounce+27952+53784+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 39L6YY1788612xNyll9NEKY2;
 Tue, 04 Feb 2020 15:03:12 -0800
X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com
 (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.86])
 by mx.groups.io with SMTP id smtpd.web10.1685.1580857389917988958
 for <devel@edk2.groups.io>;
 Tue, 04 Feb 2020 15:03:10 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=YlpVmIJ/CW33OpRYWfiwzGR3RZpiZmDuUZKgxiL2dYfIpo6JGjL2qnCfJobyH8qRlvyyBjSBCq925acDYPQ86UL9MBQtx3+pBJ/PsMLgQ0z4kHksyR2m9zqyNhiJfHsqoFNQKWF/fK86S6PhH15AHplwVNnFfGfXPFFy2gbe0ZPDzmfdtFwSpBY2P0GHqQPGeMfUwjrXxwnYgHckTgqr65ifzoyZP39G2zBm0dvYQ3GlfK/FcuORU6UGmhekhHqzUtigvcB1B77mGFnx2BF0ut1WZ6U3fv4idanpoeuJf2f46hQ2PHKPACL3KcrahLexZHaAtwgYacvG8XTH9ujG5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=NAgTch9dW8xX8rqLU2HUbsKJtJD1b8oLwFlpCmR6svE=;
 b=MohhlRQ+T0yYr+W4DdF8eyFeb+Qg7rP+2OH9CqUIO/yxYH1+dtZM2rPpbBfTiWhAXUtLSnAcFJ1RFdLe+jyA2VaaeVGi0nS/BMVvERotH2qJjsVNa09TnxYwg/FZCl8nYIP3w2E5plKylyos4qWxopFL88HDOYwZPeEvZEru8k+F6Nll9EBUiWIzrhn7lMvAf48YmLO7N8AKRkdQ4KxA7h73Z7kH9aMl4bmP0Y1LMurJ0Oqqn4yx2cZx61VIZKd/eDIOUkJKti0/XCbg86XYiAZYiIFFKNsZROCUinOXoC/eRN18z13A6SRdvN3fo2r+E674a5enFouxfRqGTS4sBw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from DM6PR12MB3163.namprd12.prod.outlook.com (20.179.71.154) by
 DM6PR12MB3930.namprd12.prod.outlook.com (10.255.174.19) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2686.29; Tue, 4 Feb 2020 23:03:08 +0000
X-Received: from DM6PR12MB3163.namprd12.prod.outlook.com
 ([fe80::a0cd:463:f444:c270]) by DM6PR12MB3163.namprd12.prod.outlook.com
 ([fe80::a0cd:463:f444:c270%7]) with mapi id 15.20.2707.020; Tue, 4 Feb 2020
 23:03:08 +0000
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: devel@edk2.groups.io
Cc: Jordan Justen <jordan.l.justen@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <liming.gao@intel.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [edk2-devel] [PATCH v4 38/40] OvmfPkg: Use the SEV-ES work area for
 the SEV-ES AP reset vector
Date: Tue,  4 Feb 2020 17:01:42 -0600
Message-Id: 
 <bb88dc35d8f4c83640876bcdaabae4ad712a4d1f.1580857303.git.thomas.lendacky@amd.com>
In-Reply-To: <cover.1580857303.git.thomas.lendacky@amd.com>
References: <cover.1580857303.git.thomas.lendacky@amd.com>
X-ClientProxiedBy: SN6PR16CA0062.namprd16.prod.outlook.com
 (2603:10b6:805:ca::39) To DM6PR12MB3163.namprd12.prod.outlook.com
 (2603:10b6:5:15e::26)
MIME-Version: 1.0
X-Received: from tlendack-t1.amd.com (165.204.77.1) by
 SN6PR16CA0062.namprd16.prod.outlook.com (2603:10b6:805:ca::39) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.32 via Frontend
 Transport; Tue, 4 Feb 2020 23:02:42 +0000
X-Originating-IP: [165.204.77.1]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 28cbd95b-dba7-4f8c-4aba-08d7a9c6575c
X-MS-TrafficTypeDiagnostic: DM6PR12MB3930:|DM6PR12MB3930:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <DM6PR12MB39303EB44C36E7CDC5689DAEEC030@DM6PR12MB3930.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+53784+1787277+3901457@groups.io;
 helo=web01.groups.io;
Received-SPF: None (protection.outlook.com: amd.com does not designate
 permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 
 KPE7IGHUBqVDD60WHInmVRwTnq6aNXVYykusb3d5jTCgl3+YtrpFt54LIq59jiBiTLtj0/KRjAAfi+hayv+23LaXFlmLuIWfSro0vWwdb4dIRaM2iHTD6WAM8+h2aJtfCYpuSfLlNOCePiWR6C60ogbJ2TV7O7Pvu2cJUZVCQfMBvo/jmh5tdQPA1lsY5xv8hDWJoLYWSQLn6UlJ70tuqdy1sDah5bTqv9UJnQ2XW2Shi8laYJBCI4eD9xEUNCfqlnZTBKlVGh5CeBEbzZamYKvaaU5Z8s8yAhOmb+Qzva6rXC2rBD4ibnQX8McsGt/kGVwc3qvO6N9UPAIdTZDR1si/WV/dJ7UbGz/jcCe2+OaQUhSbilA14kMBJw6T42MNSqmtB+y1VZNGvGmqcxelWXVRcy9GkygdqfjAONapVH733Me4M9GHfoKtGH/gBd7wmVkCghFF8PhG+ccW22qwwPvb1QW0WNSopas/VXKXAhOCYTl34zDdvSrMdOqxmNiJUegl+xm+4ORLyJMz6gFNvA==
X-MS-Exchange-AntiSpam-MessageData: 
 /TFLtGq+YTxBvI1P3EAZE9J8PQvPFtBiGyy/U2drW0Jsy4wQEzd5lOGE1qUTiTzBnBE/F5DX8DnY/f3G1ChZaJNhn+sJaWw7PofrYkGoSrocLS+gO7N0fSEgPNyDmjl0H7yO8lISxU1IEMoQ2rWNeQ==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 28cbd95b-dba7-4f8c-4aba-08d7a9c6575c
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2020 23:02:43.2698
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 P+Mtvecz4FTSUEXmGdvv/FOGK0cZ0EAWm8q5+Uqv+02BtGtHb4UOUku5PEZOkFUfeHtuEEeaUZajTKp43QCOSw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3930
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com
X-Gm-Message-State: tw9PhqnOI17DYjLEcA7kgctdx1787277AA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1580857392;
 bh=VMrBvNtlA225f9iaF8paLVYomYlcDRgf7LuvciuEEF8=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=qVkjxp58pE/fRkZJpA2/zCr5h4vB86VBAJA+3MN1cB75T9/CHQOyggDM5aaQ3B8sKKy
 3N1OkJA30ifbHThAqOkQMIxghbv+RuVvhYHDKvpjO0AJyIj37mA0vQPEUTS5+ppyWza8h
 zmj+fARlmsbHjOYW2+TNcIPspDVhPeOgVY0=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2198

A hypervisor is not allowed to update an SEV-ES guest's register state,
so when booting an SEV-ES guest AP, the hypervisor is not allowed to
set the RIP to the guest requested value. Instead an SEV-ES AP must be
re-directed from within the guest to the actual requested staring location
as specified in the INIT-SIPI-SIPI sequence.

Use the SEV-ES work area for the reset vector code that contains support
to jump to the desired RIP location after having been started. This is
required for only the very first AP reset.

This new OVMF source file, ResetVectorVtf0.asm, is used in place of the
original file through the use of the include path order set in
OvmfPkg/ResetVector/ResetVector.inf under "[BuildOptions]".

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 100 +++++++++++++++++++
 OvmfPkg/ResetVector/ResetVector.nasmb        |   1 +
 2 files changed, 101 insertions(+)
 create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm

diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe=
ctor/Ia16/ResetVectorVtf0.asm
new file mode 100644
index 000000000000..980e0138e7fe
--- /dev/null
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -0,0 +1,100 @@
+;-------------------------------------------------------------------------=
-----
+; @file
+; First code executed by processor after resetting.
+; Derived from UefiCpuPkg/ResetVector/Vtf0/Ia16/ResetVectorVtf0.asm
+;
+; Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;-------------------------------------------------------------------------=
-----
+
+BITS    16
+
+ALIGN   16
+
+;
+; Pad the image size to 4k when page tables are in VTF0
+;
+; If the VTF0 image has page tables built in, then we need to make
+; sure the end of VTF0 is 4k above where the page tables end.
+;
+; This is required so the page tables will be 4k aligned when VTF0 is
+; located just below 0x100000000 (4GB) in the firmware device.
+;
+%ifdef ALIGN_TOP_TO_4K_FOR_PAGING
+    TIMES (0x1000 - ($ - EndOfPageTables) - 0x20) DB 0
+%endif
+
+;
+; SEV-ES Processor Reset support
+;
+; sevEsResetBlock:
+;   For the initial boot of an AP under SEV-ES, the "reset" RIP must be
+;   programmed to the RAM area defined by SEV_ES_AP_RESET_IP. A known offs=
et
+;   and GUID will be used to locate this block in the firmware and extract
+;   the build time RIP value. The GUID must always be 48 bytes from the
+;   end of the firmware.
+;
+;   0xffffffca (-0x36) - IP value
+;   0xffffffcc (-0x34) - CS segment base [31:16]
+;   0xffffffce (-0x32) - Size of the SEV-ES reset block
+;   0xffffffd0 (-0x30) - SEV-ES reset block GUID
+;                        (00f771de-1a7e-4fcb-890e-68c77e2fb44e)
+;
+;   A hypervisor reads the CS segement base and IP value. The CS segment b=
ase
+;   value represents the high order 16-bits of the CS segment base, so the
+;   hypervisor must left shift the value of the CS segement base by 16 bit=
s to
+;   form the full CS segment base for the CS segment register. It would th=
en
+;   program the EIP register with the IP value as read.
+;
+
+TIMES (32 - (sevEsResetBlockEnd - sevEsResetBlockStart)) DB 0
+
+sevEsResetBlockStart:
+    DD      SEV_ES_AP_RESET_IP
+    DW      sevEsResetBlockEnd - sevEsResetBlockStart
+    DB      0xDE, 0x71, 0xF7, 0x00, 0x7E, 0x1A, 0xCB, 0x4F
+    DB      0x89, 0x0E, 0x68, 0xC7, 0x7E, 0x2F, 0xB4, 0x4E
+sevEsResetBlockEnd:
+
+ALIGN   16
+
+applicationProcessorEntryPoint:
+;
+; Application Processors entry point
+;
+; GenFv generates code aligned on a 4k boundary which will jump to this
+; location.  (0xffffffe0)  This allows the Local APIC Startup IPI to be
+; used to wake up the application processors.
+;
+    jmp     EarlyApInitReal16
+
+ALIGN   8
+
+    DD      0
+
+;
+; The VTF signature
+;
+; VTF-0 means that the VTF (Volume Top File) code does not require
+; any fixups.
+;
+vtfSignature:
+    DB      'V', 'T', 'F', 0
+
+ALIGN   16
+
+resetVector:
+;
+; Reset Vector
+;
+; This is where the processor will begin execution
+;
+    nop
+    nop
+    jmp     EarlyBspInitReal16
+
+ALIGN   16
+
+fourGigabytes:
+
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re=
setVector.nasmb
index 97e36ef591ab..12265e7746c1 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -82,5 +82,6 @@
=20
 %include "Main.asm"
=20
+  %define SEV_ES_AP_RESET_IP  FixedPcdGet32 (PcdSevEsWorkAreaBase)
 %include "Ia16/ResetVectorVtf0.asm"
=20
--=20
2.17.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#53784): https://edk2.groups.io/g/devel/message/53784
Mute This Topic: https://groups.io/mt/70985007/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-