On 5/19/20 4:50 PM, Tom Lendacky wrote:
> This patch series provides support for running EDK2/OVMF under SEV-ES.
Over the next few days I'll work on the Wiki page that has been requested,
as well as getting the feature added to the request plan page.
Thanks,
Tom
>
> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the
> SEV support to protect the guest register state from the hypervisor. See
> "AMD64 Architecture Programmer's Manual Volume 2: System Programming",
> section "15.35 Encrypted State (SEV-ES)" [1].
>
> In order to allow a hypervisor to perform functions on behalf of a guest,
> there is architectural support for notifying a guest's operating system
> when certain types of VMEXITs are about to occur. This allows the guest to
> selectively share information with the hypervisor to satisfy the requested
> function. The notification is performed using a new exception, the VMM
> Communication exception (#VC). The information is shared through the
> Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT instruction.
> The GHCB format and the protocol for using it is documented in "SEV-ES
> Guest-Hypervisor Communication Block Standardization" [2].
>
> The main areas of the EDK2 code that are updated to support SEV-ES are
> around the exception handling support and the AP boot support.
>
> Exception support is required starting in Sec, continuing through Pei
> and into Dxe in order to handle #VC exceptions that are generated. Each
> AP requires it's own GHCB page as well as a page to hold values specific
> to that AP.
>
> AP booting poses some interesting challenges. The INIT-SIPI-SIPI sequence
> is typically used to boot the APs. However, the hypervisor is not allowed
> to update the guest registers. The GHCB document [2] talks about how SMP
> booting under SEV-ES is performed.
>
> Since the GHCB page must be a shared (unencrypted) page, the processor
> must be running in long mode in order for the guest and hypervisor to
> communicate with each other. As a result, SEV-ES is only supported under
> the X64 architecture.
>
> [1] https://www.amd.com/system/files/TechDocs/24593.pdf
> [2] https://developer.amd.com/wp-content/resources/56421.pdf
>
> ---
>
> These patches are based on commit:
> 7b6327ff03bb ("OvmfPkg/PlatformPei: increase memory type info defaults")
>
> A version of the tree can be found at:
> https://github.com/AMDESE/ovmf/tree/sev-es-v16
>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Benjamin You <benjamin.you@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Julien Grall <julien.grall@xen.org>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Maurice Ma <maurice.ma@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
>
> Changes since v7:
> - Reserve the SEV-ES workarea when S3 is enabled
> - Fix warnings issued by the Visual Studio compiler
> - Create a NULL VmgExitLib instance that is used for VMGEXIT
> related operations as well as #VC handling. Then create the full
> VmgExitLib support only in OvmfPkg - where it will be used. This
> removes a bunch of implementation code from platforms that will
> not be using the functionality.
> - Remove single use interfaces from the VmgExitLib (VmgMmioWrite
> and VmgSetApJumpTable)
>
> Changes since v6:
> - Add function comments to all functions, including local functions
> - Add function parameter direction to all functions (in/out)
> - Add support for MMIO MOVZX/MOVSX instructions
> - Ensure the per-CPU variable page remains encrypted
> - Coding-style fixes as identified by Ecc
>
> Changes since v5:
> - Remove extraneous VmgExitLib usage
> - Miscellaneous changes to address feedback (coding style, etc.)
>
> Changes since v4:
> - Move the SEV-ES protocol negotiation out of the SEC exception handler
> and into the SecMain.c file. As a result:
> - Move the SecGhcb related PCDs out of UefiCpuPkg and into OvmfPkg
> - Combine SecAMDSevVcHandler.c and PeiDxeAMDSevVcHandler.c into a
> single AMDSevVcHandler.c
> - Consolidate VmgExitLib usage into common LibraryClasses sections
> - Add documentation comments to the VmgExitLib functions
>
> Changes since v3:
> - Remove the need for the MP library finalization routine. The AP
> jump table address will be held by the hypervisor rather than
> communicated via the GHCB MSR. This removes some fragility around
> the UEFI to OS transition.
> - Rename the SEV-ES RIP reset area to SEV-ES workarea and use it to
> communicate the SEV-ES status, so that SEC CPU exception handling is
> only established for an SEV-ES guest.
> - Fix SMM build breakageAdd around QemuFlashPtrWrite().
> - Fix SMM build breakage by adding VC exception support the SMM CPU
> exception handling.
> - Add memory fencing around the invocation of AsmVmgExit().
> - Clarify comments around the SEV-ES AP reset RIP values and usage.
> - Move some PCD definitions from MdeModulePkg to UefiCpuPkg.
> - Remove the 16-bit code selector definition from MdeModulePkg
>
> Changes since v2:
> - Added a way to locate the SEV-ES fixed AP RIP address for starting
> AP's to avoid updating the actual flash image (build time location
> that is identified with a GUID value).
> - Create a VmgExit library to replace static inline functions.
> - Move some PCDs to the appropriate packages
> - Add support for writing to QEMU flash under SEV-ES
> - Add additional MMIO opcode support
> - Cleaned up the GHCB MSR CPUID protocol support
>
> Changes since v1:
> - Patches reworked to be more specific to the component/area being updated
> and order of definition/usage
> - Created a library for VMGEXIT-related functions to replace use of inline
> functions
> - Allocation method for GDT changed from AllocatePool to AllocatePages
> - Early caching only enabled for SEV-ES guests
> - Ensure AP loop mode set to halt loop mode for SEV-ES guests
> - Reserved SEC GHCB-related memory areas when S3 is enabled
>
> Tom Lendacky (46):
> MdeModulePkg: Create PCDs to be used in support of SEV-ES
> UefiCpuPkg: Create PCD to be used in support of SEV-ES
> MdePkg: Add the MSR definition for the GHCB register
> MdePkg: Add a structure definition for the GHCB
> MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables
> MdePkg/BaseLib: Add support for the XGETBV instruction
> MdePkg/BaseLib: Add support for the VMGEXIT instruction
> UefiCpuPkg: Implement library support for VMGEXIT
> OvmfPkg: Prepare OvmfPkg to use the VmgExitLib library
> UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib library
> UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception
> OvmfPkg/VmgExitLib: Implement library support for VmgExitLib in OVMF
> OvmfPkg/VmgExitLib: Add support for IOIO_PROT NAE events
> OvmfPkg/VmgExitLib: Support string IO for IOIO_PROT NAE events
> OvmfPkg/VmgExitLib: Add support for CPUID NAE events
> OvmfPkg/VmgExitLib: Add support for MSR_PROT NAE events
> OvmfPkg/VmgExitLib: Add support for NPF NAE events (MMIO)
> OvmfPkg/VmgExitLib: Add support for WBINVD NAE events
> OvmfPkg/VmgExitLib: Add support for RDTSC NAE events
> OvmfPkg/VmgExitLib: Add support for RDPMC NAE events
> OvmfPkg/VmgExitLib: Add support for INVD NAE events
> OvmfPkg/VmgExitLib: Add support for VMMCALL NAE events
> OvmfPkg/VmgExitLib: Add support for RDTSCP NAE events
> OvmfPkg/VmgExitLib: Add support for MONITOR/MONITORX NAE events
> OvmfPkg/VmgExitLib: Add support for MWAIT/MWAITX NAE events
> OvmfPkg/VmgExitLib: Add support for DR7 Read/Write NAE events
> OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function
> OvmfPkg: Add support to perform SEV-ES initialization
> OvmfPkg: Create a GHCB page for use during Sec phase
> OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is supported
> OvmfPkg: Create GHCB pages for use during Pei and Dxe phase
> OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled
> UefiCpuPkg: Create an SEV-ES workarea PCD
> OvmfPkg: Reserve a page in memory for the SEV-ES usage
> OvmfPkg/PlatformPei: Reserve SEV-ES work area if S3 is supported
> OvmfPkg/ResetVector: Add support for a 32-bit SEV check
> OvmfPkg/Sec: Add #VC exception handling for Sec phase
> OvmfPkg/Sec: Enable cache early to speed up booting
> OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with
> SEV-ES
> UefiCpuPkg: Add a 16-bit protected mode code segment descriptor
> UefiCpuPkg/MpInitLib: Add CPU MP data flag to indicate if SEV-ES is
> enabled
> UefiCpuPkg: Allow AP booting under SEV-ES
> OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector
> OvmfPkg: Move the GHCB allocations into reserved memory
> UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use
> Maintainers.txt: Add reviewers for the OvmfPkg SEV-related files
>
> MdeModulePkg/MdeModulePkg.dec | 9 +
> OvmfPkg/OvmfPkg.dec | 9 +
> UefiCpuPkg/UefiCpuPkg.dec | 17 +
> OvmfPkg/OvmfPkgIa32.dsc | 6 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 6 +
> OvmfPkg/OvmfPkgX64.dsc | 6 +
> OvmfPkg/OvmfXen.dsc | 1 +
> UefiCpuPkg/UefiCpuPkg.dsc | 2 +
> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 2 +
> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 2 +
> OvmfPkg/OvmfPkgX64.fdf | 9 +
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 2 +
> MdePkg/Library/BaseLib/BaseLib.inf | 4 +
> OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 36 +
> OvmfPkg/PlatformPei/PlatformPei.inf | 9 +
> .../FvbServicesRuntimeDxe.inf | 2 +
> OvmfPkg/ResetVector/ResetVector.inf | 8 +
> OvmfPkg/Sec/SecMain.inf | 4 +
> .../DxeCpuExceptionHandlerLib.inf | 1 +
> .../PeiCpuExceptionHandlerLib.inf | 1 +
> .../SecPeiCpuExceptionHandlerLib.inf | 1 +
> .../SmmCpuExceptionHandlerLib.inf | 1 +
> .../Xcode5SecPeiCpuExceptionHandlerLib.inf | 1 +
> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 +
> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 +
> .../Library/VmgExitLibNull/VmgExitLibNull.inf | 27 +
> .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +-
> MdePkg/Include/Library/BaseLib.h | 31 +
> MdePkg/Include/Register/Amd/Fam17Msr.h | 42 +
> MdePkg/Include/Register/Amd/Ghcb.h | 134 ++
> OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +
> .../QemuFlash.h | 13 +
> UefiCpuPkg/CpuDxe/CpuGdt.h | 4 +-
> UefiCpuPkg/Include/Library/VmgExitLib.h | 103 +
> UefiCpuPkg/Library/MpInitLib/MpLib.h | 68 +-
> .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +-
> .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +-
> .../Core/DxeIplPeim/X64/VirtualMemory.c | 57 +-
> MdePkg/Library/BaseLib/Ia32/GccInline.c | 45 +
> MdePkg/Library/BaseLib/X64/GccInline.c | 47 +
> .../MemEncryptSevLibInternal.c | 75 +-
> OvmfPkg/Library/VmgExitLib/VmgExitLib.c | 155 ++
> .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 1721 +++++++++++++++++
> OvmfPkg/PlatformPei/AmdSev.c | 89 +
> OvmfPkg/PlatformPei/MemDetect.c | 43 +
> .../QemuFlash.c | 23 +-
> .../QemuFlashDxe.c | 40 +
> .../QemuFlashSmm.c | 16 +
> OvmfPkg/Sec/SecMain.c | 188 +-
> UefiCpuPkg/CpuDxe/CpuGdt.c | 8 +-
> .../CpuExceptionCommon.c | 10 +-
> .../PeiDxeSmmCpuException.c | 20 +-
> .../SecPeiCpuException.c | 19 +
> UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 120 +-
> UefiCpuPkg/Library/MpInitLib/MpLib.c | 313 ++-
> UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 19 +
> .../Library/VmgExitLibNull/VmgExitLibNull.c | 121 ++
> UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +-
> Maintainers.txt | 10 +
> MdeModulePkg/MdeModulePkg.uni | 8 +
> MdePkg/Library/BaseLib/Ia32/VmgExit.nasm | 37 +
> MdePkg/Library/BaseLib/Ia32/XGetBv.nasm | 31 +
> MdePkg/Library/BaseLib/X64/VmgExit.nasm | 32 +
> MdePkg/Library/BaseLib/X64/XGetBv.nasm | 34 +
> OvmfPkg/Library/VmgExitLib/VmgExitLib.uni | 15 +
> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 100 +
> OvmfPkg/ResetVector/Ia32/PageTables64.asm | 348 +++-
> OvmfPkg/ResetVector/ResetVector.nasmb | 20 +
> .../X64/ExceptionHandlerAsm.nasm | 17 +
> .../X64/Xcode5ExceptionHandlerAsm.nasm | 17 +
> UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc | 2 +-
> .../Library/MpInitLib/Ia32/MpFuncs.nasm | 15 +
> UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc | 4 +-
> UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 370 +++-
> .../Library/VmgExitLibNull/VmgExitLibNull.uni | 15 +
> .../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 9 +
> UefiCpuPkg/UefiCpuPkg.uni | 11 +
> 77 files changed, 4730 insertions(+), 104 deletions(-)
> create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
> create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
> create mode 100644 MdePkg/Include/Register/Amd/Ghcb.h
> create mode 100644 UefiCpuPkg/Include/Library/VmgExitLib.h
> create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.c
> create mode 100644 OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c
> create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.c
> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExit.nasm
> create mode 100644 MdePkg/Library/BaseLib/Ia32/XGetBv.nasm
> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm
> create mode 100644 MdePkg/Library/BaseLib/X64/XGetBv.nasm
> create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.uni
> create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.uni
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#59936): https://edk2.groups.io/g/devel/message/59936
Mute This Topic: https://groups.io/mt/74336551/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-