From nobody Fri Mar 29 14:53:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74309+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74309+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16189595988801019.4494105833206; Tue, 20 Apr 2021 15:59:58 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id D2zDYY1788612xurNOY41ACa; Tue, 20 Apr 2021 15:59:57 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.76]) by mx.groups.io with SMTP id smtpd.web10.4423.1618959303831115473 for ; Tue, 20 Apr 2021 15:55:04 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N+b5jmr0pxRSf05AFfh297g24e4JU+QWNJ5mZfRri81z5KkTCjGEhf1A0YTSFJ3irT14Bw1Z8qtASClKQsYPLkxIecTCC5xWdKL2MEwhU6yL5TVOOzSz0YDwA1LtbIBDMUdFTcJRRN7+p3F7wi7T1kAFVfcHs2P1iReoEFtx3NJj5BnDjdTiWpxWPuFN7xhR6xyLAKuFRsm8Pjd7oz5pc+6saOmT5S2cqsd1oda7zABcCMe31BPaakRFMXLmt7xiscgdv3c3Gs/yEcxsmNF58Dyu+B7o4QjCkVisE8AEGpustUHYn85MvQ74j2gHGS+t8ZnpTXp7nhV3Ca6/4aX0Eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gHVoR5QHNcVtwN30gHjxu+uV0S/YTv88Iyl5g4NoIA8=; b=OnptEByxvOHMTk7jxbbw7P2a8umpAxQBWTJdAHMxUEI0WDMdfVMN6pH/2TZTBS1kpGbyGm7JMNcIY8zUxsj5bgm3nO4QD6Un7jHDM70fBJk/1UmaucYIByCLU1g6DoVvfHyraCnmZv/xEd9dlDUvxlr0oYktMpoUJzgdOASPlQ2ITwDphdL2JsEX/XpDCHJdC6GKUDJz9JSZ/dgYUktGTmfkkxe8wZtTVAyP88qqJfzKs21f0DuOEUH/QEefBq0joyURGomj4zBGWsIhk3FeDLNk/d9WwoRPFnul+P40JjMr8lb1W84izIy5McW5mZSM/vN1e/iWnYF2D2tF840spA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4337.namprd12.prod.outlook.com (2603:10b6:5:2a9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Tue, 20 Apr 2021 22:55:02 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4042.024; Tue, 20 Apr 2021 22:55:02 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu Subject: [edk2-devel] [PATCH 1/3] OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes Date: Tue, 20 Apr 2021 17:54:40 -0500 Message-ID: <71864a75c680c4f7f07ebf9611c9cc2d351ce5d0.1618959281.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0194.namprd11.prod.outlook.com (2603:10b6:806:1bc::19) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SA0PR11CA0194.namprd11.prod.outlook.com (2603:10b6:806:1bc::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16 via Frontend Transport; Tue, 20 Apr 2021 22:55:01 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 334bfee7-4aa6-4411-4fd1-08d9044f54d0 X-MS-TrafficTypeDiagnostic: DM6PR12MB4337: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: s6eBk592uFYCllpBdCTDYUpGAzGBtO5xD+V8mGa795GT/zkjRtSL+QncNPJ6JNjNHk2J7Zk2RP+0t5nZ7niEWFogBBtSKiLPrI2JPavDQpjr0UAZ//LgipzYLTTKPqxgLl+8HPd3aMyNH9FRnsnFn0PZ3SjoUgtpo1MxTK8gYw1QYsYBk+LXsU6TmJ3LV70VTChkhVhMwX0kHHidP4Peph3LSJly1N0ayCt1ckqVtfS8H0uA7vUPbqKakqYlObo3senpLTAONDx9z9olH3FqWkGkjC7TuQppmLR749llc3Psc3wdaogff8DpA+xfp+DE5dhdvzM1vDxJZxgubcxLzsXfR+LDuPfAwxRzxnW7uDMqeSFkzi+hpHftNON/hXXnlFEF+AYDeDg+vNCdzlje/Nv/jSO3HObPs42p+p3hfOxVKSjBDfwBRGzDJ9ADfcCAnXX8TBHb9WDN1rgBoBVz6aBF9oHlDCKyDAymtsUK2+axWzh75bDd+EUHNNfzU9MPvcyXGEfz1UOU2EGs6iN63nziYqiJ4+Rmf3ZvcnO2ZafUdg9EUceblSVyPLRvAdRT4e5Rn3f2QfFFyUQ150XrLAXXVlZFllpq0cUSJLBuRHVRAC9Rsz/AvbWKxz4RBCpoh7ZmF3DTG1e840jzBQH0v/24zWraMXuvuYlTO3xJ113Oyyl32tF/J319aLin65m7W0vkumpJVll7q0we8guYhC/IDkoPFhGueJfAtxfSXeo= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?vuLpg4G/5AMTJ+OZIP9Bcg4mZTogC8T2NWnoINKw7SZamwTVpnZH8YErCLcE?= =?us-ascii?Q?bCNcuaN8sFI3CVr0W4Jis/LJi8QUXF2h1n1C2DNT6qrK0r0OYbVqynK9zWUo?= =?us-ascii?Q?XUQjuBFSAiqMZOkWKvDqL39YPvMr34KgXDP0C4Kxm8T3C8V3g6lw0efs0lha?= =?us-ascii?Q?fxSnCFyNkzEASHBM82Kd/UtyUfnFFpkdXf8Eit8hB8Yw9Uv4Es8f4Lx8gdSO?= =?us-ascii?Q?IJuCpV7C71LLQi9PtH7ECxO8E7F9csWLsbU/W8Uw4Ld4bqzfezp20NTczYkg?= =?us-ascii?Q?kI7tUI5Qxhygbjfq8DOq+iFyL92/oNwwdPqR/U34FbxigngQSIu7x/IXtSpP?= =?us-ascii?Q?hDqjKJrRCyWk4XKUZUUR4MQ7+SVW/TiTDLpTgKySgbx8ViiKQpYTpJYANhI/?= =?us-ascii?Q?3CTYtPHhLSDP2HBRJXQ1nO3sRpo3JYasSvs2tz3acHSBdvqyj0/QOb8jzM1I?= =?us-ascii?Q?JFP+us0UAfX1miynZNkqltEBKGWbFF09uToW5DaeKT/e+OL5Xp1k1LxgTy5i?= =?us-ascii?Q?o4a7uo8xInvJYTtE1nGJYGkK65rLrByasukb0rGaX6oB3sovGej8WZPv5br5?= =?us-ascii?Q?vVlUKF+k2PddSun7LQ+tjGWDHjpwr+1K32d+hx7vK0uvzVvUpIE7wD07BLni?= =?us-ascii?Q?AoAcqPH0CBDr5QWX6apEsx/6g0sk+ewuYkzFTlxTj1TrFENXVllyi5LYSe0c?= =?us-ascii?Q?U8bYFrN1Qr7pfJs1UX+aC67JVA0TNbWw+E/ZtSr49WPydjUQ6ECQF+Q7NYpt?= =?us-ascii?Q?3myjkpZibzw3mzvSZxwwNcIkbh6rXUxWaR6VkhcWlVFyClTUOWWAtVkSN++C?= =?us-ascii?Q?w5/kHuvfavnWpjGG4xbyUEY0DK6buEJnXV7s+UzarZRLL03d//EAgofO+Kk8?= =?us-ascii?Q?phDXmq988Xf8hILqJOiFQADzIP0E14n/meu27dgyxgm6Jea5QX5eGFz6+9Vn?= =?us-ascii?Q?jGsODP2tApGrV92eUxjjOeVaoa3RNc3+hQDayPUAKAsrWSJzYPeJ4YT+181b?= =?us-ascii?Q?JfbwY0lfuldjyUSbbJa04GOSjltw5gT8d115bEoh8nXyRlNvBP2pe15bE8wg?= =?us-ascii?Q?s7Yjfcp2RNmskGH3iuOmUnKvIc1/AKtUtbB0pD/OschYzph1ztHwJUUudOfT?= =?us-ascii?Q?G4mSykKRFOcTIGFOGIcABHWytg7js6/4lJM0eqbA/TpfuMJ4btpQMVPO54QM?= =?us-ascii?Q?YhEWA4hAqMbByWXgqFDcn7TBGtehDTmh82/eDvYOpyrtWC1+2vZcgeMkHt9+?= =?us-ascii?Q?siwfU9RZHXO96JAjTGM/mwq9TILw8suokdf1GkYKbzcCRGxznVZjnAABDfzL?= =?us-ascii?Q?TmE+duBUvnFVBC7v8xGvi01j?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 334bfee7-4aa6-4411-4fd1-08d9044f54d0 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2021 22:55:02.2870 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8MZfLSVoKrItKeOX+7EWZkDFgZSmkyFvgKDsL0u0qZYpQNObEBZhPrH/JonynCdKWxO5WU/yU6rIMPm4zXjO8A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4337 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: huJ3f7IHzr2QW1xCjHQ00nIix1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1618959597; bh=F4MpVGTeGfK0YL+0lceOgPkiT5wF1kcFZu/3T6gDWqA=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=GJdLTFIt54wBpjE8UTih4WXj6Qpc3f74sytdohiUcKR+52vGWMSN7lK38eCCHVMe7VT V1kBkVoVlwyNoyqFy0Vc35PgtFIveof3WSrlJj9usnSfSRR4Hpw2lOpPm30nm00d70OLo 8mdKYkbDnIvRVhFALPugZAPMvnOXDzHWPBU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 The MOVZX and MOVSX instructions use the ModRM byte in the instruction, but the instruction decoding support was not decoding it. This resulted in invalid decoding and failing of the MMIO operation. Also, when performing the zero-extend or sign-extend operation, the memory operation should be using the size, and not the size enumeration value. Add the ModRM byte decoding for the MOVZX and MOVSX opcodes and use the true data size to perform the extend operations. Additionally, add a DEBUG statement identifying the MMIO address being flagged as encrypted during the MMIO address validation. Fixes: c45f678a1ea2080344e125dc55b14e4b9f98483d Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Signed-off-by: Tom Lendacky Acked-by: Laszlo Ersek --- OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index 24259060fd65..273f36499988 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -643,6 +643,7 @@ ValidateMmioMemory ( // // Any state other than unencrypted is an error, issue a #GP. // + DEBUG ((DEBUG_INFO, "MMIO using encrypted memory: %lx\n", MemoryAddress)= ); GpEvent.Uint64 =3D 0; GpEvent.Elements.Vector =3D GP_EXCEPTION; GpEvent.Elements.Type =3D GHCB_EVENT_INJECTION_TYPE_EXCEPTION; @@ -817,6 +818,7 @@ MmioExit ( // fall through // case 0xB7: + DecodeModRm (Regs, InstructionData); Bytes =3D (Bytes !=3D 0) ? Bytes : 2; =20 Status =3D ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Byte= s); @@ -835,7 +837,7 @@ MmioExit ( } =20 Register =3D GetRegisterPointer (Regs, InstructionData->Ext.ModRm.Reg); - SetMem (Register, InstructionData->DataSize, 0); + SetMem (Register, (UINTN) (1 << InstructionData->DataSize), 0); CopyMem (Register, Ghcb->SharedBuffer, Bytes); break; =20 @@ -848,6 +850,7 @@ MmioExit ( // fall through // case 0xBF: + DecodeModRm (Regs, InstructionData); Bytes =3D (Bytes !=3D 0) ? Bytes : 2; =20 Status =3D ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Byte= s); @@ -878,7 +881,7 @@ MmioExit ( } =20 Register =3D GetRegisterPointer (Regs, InstructionData->Ext.ModRm.Reg); - SetMem (Register, InstructionData->DataSize, SignByte); + SetMem (Register, (UINTN) (1 << InstructionData->DataSize), SignByte); CopyMem (Register, Ghcb->SharedBuffer, Bytes); break; =20 --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74309): https://edk2.groups.io/g/devel/message/74309 Mute This Topic: https://groups.io/mt/82247952/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 14:53:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74310+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74310+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1618959600769622.5847913114835; Tue, 20 Apr 2021 16:00:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IP96YY1788612x9FSA59EbRp; Tue, 20 Apr 2021 15:59:59 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.62]) by mx.groups.io with SMTP id smtpd.web10.4426.1618959312842373885 for ; Tue, 20 Apr 2021 15:55:13 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oeyOD/VKYJm29lWNcM6fE3IZ3rTweVWfIv37qo8MAqi+AleGrmO1tgIxhdgGY4HiU4wx49wM2hsECLXgQ3X8ENUuFXb7XXjLuQp2sc12YUkvXXPE5QqytGorKxgLPmdZdcLHD5PJgeMHw0jd6C6d39i0pLJQab7aYHnf46C007YA2XgjqfiEIChontxV3YdNLadjXfdHbovaC5HsvYXFwZD/NIjX477CG/fWyYBUCfVyq8Z9s3YYxQv7qYKVG09PP1wW3JP30SVAOqmJ60sDR5zVfyZopOL6QHUGNOzKjh8c+xkj89esK/MNkMMxeYqLtg+JnlJmMf4r8vTCSyVtew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Us7TWZhk8u/sRp+FAuyv+A84mzi/aEzd04M2XoqbXaE=; b=IktAFokCxfE74Fv3mOAZE+5iRRdsNW2T3ref9fN4zs7Q6pUK2Dgh+RIvwdcL4nwIljFk9+hW1sgWSnOtfVLHOCbM2umC0Av220QOGtl3jvAPHGe8amQfz8o4BQw7yrqJXRk1glCVt9WnHzpyckx/hC2dujTIR7NnVg3QpERxU8dz9w6eCR41C7hmGsp4jrKnso8gDuZ6kr42yC51gcndhcr3rsm8drrP2e74pwBGyu0dX+aS0uQOEMv8cw7SJHG5Da5Q2clNNkWpUpkvU5TQ9M13lxnNJ3BqzilF9L8rzf4kd4tcqDnKH3H6i4sMQyoL3nkLnMenU4FX2Xqz6+tl6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4337.namprd12.prod.outlook.com (2603:10b6:5:2a9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Tue, 20 Apr 2021 22:55:10 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4042.024; Tue, 20 Apr 2021 22:55:10 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu Subject: [edk2-devel] [PATCH 2/3] OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes Date: Tue, 20 Apr 2021 17:54:41 -0500 Message-ID: <79ed645c089ffab10716cdb8813f191f6e0afcfb.1618959281.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0190.namprd04.prod.outlook.com (2603:10b6:806:126::15) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SN7PR04CA0190.namprd04.prod.outlook.com (2603:10b6:806:126::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.18 via Frontend Transport; Tue, 20 Apr 2021 22:55:09 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9f6a8ee8-fc3c-48a3-370c-08d9044f59c4 X-MS-TrafficTypeDiagnostic: DM6PR12MB4337: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: CXH43fZVpfNgsQ9gUGLXaSInrwiRjcnfK7hdTLT9JvC/m4B+VBZ/1G7V1tkBQHxTVqxtabOtOl+6n7a4S3lFzIzgsuoxfpWXvbw+qbGEGAcnSM2/N/mjTl5qPds/l6JMXSEscn0SvQl/8ISWlyYtQ54KqlR6O4p4+q7qfDxPHwzCEALd/IA0u0rXNzcNZ3RF/QcoDhqrDTJHbCWl35oANPds/rqntWZPU8mBrPXnXnFuUaOPDssYL+BUJNcpMxJsWUg2w0yxt4qzXjSG9aWhJRwE1iGowLG5SmukVPQdHrSWFVNiru/la4F5XEoOBgreBQfKwfc5Jc7u/vCD/euSDgUe3+X3bL2hNzxb+ZVM9B911QMYA5j4KD8XOvYhNbusF2O8IBzG8uxR5J/tHaFTK7vY9xZiNwDUnPHlNYptHqKRhes4HQZVupvrwcX16sBc/1UpszvFhD93L+FT0uJKJSEgNThq1dICQNToQYo+DNmqCUNsLlJk8bTXYQO3ZCGrTgiS6o+QL7eZ6p/xLDjQBGZdXcbRInsfPpjGTqZtAnOUEON2VMrqEI9bsOSjpWr3cySX8H4U51qC1LnKOBMhwIjRD9QYNbFE4kFrycddk494q+RQrD4OPDsPVdc/LFdofSvjt1CPWBfq6Bg90+aMVuMcZn8tiufmerCfUAJPj7u44c7QJ3ARLe4jILLoSmrrXprz0/EroNY3/2nqpRRqv+7yy3fkGVU1FYtYhiftaww= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?XGx1+5UELKMKIIzWNatli2xVQgbQ2XwEOKRPNtygyIDmRwsQuFUQsJ7ZmPtm?= =?us-ascii?Q?14DxO450Rez8O0GRp8USpg5iOREQI6dT+UBHD5cAkb6a0CTnPoe8QGWXI6ru?= =?us-ascii?Q?Jdqediq/RCUwHhXo9YYz39aDo5ZyrPGfjEp4PJ20czgFQRfnFuxtSosrQ5Lp?= =?us-ascii?Q?Y4+R5Co0R1DqeGkOl3EJL8wZ/7QGsO2qSnt+PfDlJiHhoW3CPnoaC6QZYHAe?= =?us-ascii?Q?NPA3VT0/jLdIWDMCROGUGh44dh2UPWXXQIUFdHKoe3RGHDG6MIIgaJ/lttwg?= =?us-ascii?Q?cVu4a96Coiajw4K1Lip5FF1XC9DYum29oemAdiHf6P5i1ETq0cE0336yTgL+?= =?us-ascii?Q?TyFTEkSI1Rtd5Q3oCkC99KsCD09UmLyQ/lR1m+hhwZkZjZcu7nZXRaRNSpIq?= =?us-ascii?Q?M80Z3MqKzxhPbuUNAVUoLA0XFS6b6nu6YbPjS7Gdy6Wh0rfIVmlg84QIkKTa?= =?us-ascii?Q?hUY7bG+UYw28akDKnpFRw2idtPuJggMkGGTP5rD5TOOiE8QpTmFAlYFHaz+O?= =?us-ascii?Q?Jfc2d/HYUGxBlfCN1XhyYjzwx8CtqIt2b76NyrWNoidGDuH+7eO6olrsCfBQ?= =?us-ascii?Q?DFNbnklpic8J7iSk7XvaFMZ2cDOugZ7IU3/L1zOFfdGTKyeTAKJB+0VwW9oN?= =?us-ascii?Q?mSElbG9Om2wdxpzrD8yiSG++37jld/B/5WjM2bvCvZitwf/a9C7sKuXETgg0?= =?us-ascii?Q?wtm0D3LCH6woDFUR8uT00AV13dDj40Fz3n7Jogl+maPi4l6AVvKBhFpWBBUm?= =?us-ascii?Q?qRdDoiUh4Mwu73xiWJajTAP8YC+IElef7rwpicWGqRWRsKvTIZcDcrUfjNUI?= =?us-ascii?Q?Fc2Ecd6enTd7BL9ivdvXtpPEzc/mpU1jNKzqzWWykGV4ADwfu3LmvR/8xxZN?= =?us-ascii?Q?zokTmZoTklPAY9jOKtg4PxW1P4JC0LRMeDKZH18R82mwZEhiWb9ZWnshDYkO?= =?us-ascii?Q?ztiD8YsHxcyEvzZ3rPlpUJWlSP+k5HxtuQ1eAVJq1qnSJqSzamqsZ5t/bxmk?= =?us-ascii?Q?GlPnPqyQslIZ24fTvQa1Qd4GIy6kjqIGPNzUgInw1xMRWEw1eYmOTKQbHZUF?= =?us-ascii?Q?VasFuAA99zZMYJdXxWZNWtEr9k4wF3Xi+YyEgTzmXCXcWtQIozbWqKxjXEKJ?= =?us-ascii?Q?pH9X08wyyovY6EL7bt1rRo8xfRYWWawU/81/Po43i4Wh6kxEofpgLn3J0eXn?= =?us-ascii?Q?FsdZSuxT/mqSIJ0LJwG2eqOiWxLAr9FNcL0sR1f9p1QWYVIrTr+nDWKA/6GK?= =?us-ascii?Q?IWt2N3FmUKtiv0e9r5wCY4kfYafY+F+1gRNCe75tzFbK8FCDzyG591TMRDTp?= =?us-ascii?Q?/Rq/4s7gvpJnYeRq1d/QR8gJ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9f6a8ee8-fc3c-48a3-370c-08d9044f59c4 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2021 22:55:10.6054 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: LtezZwvoyfFzYzeDNtjpBuIK5RR7VWB3WOtu+Pttrt7twYnHNhi4nhThphKWvPeaC5hU0WQCf/a842gRTPARjQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4337 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: TrT7GHtG0k3KBgjFaYseZFNax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1618959599; bh=kIkAae5KYkoPLll9jYYlPl/tzz8o+fBgeAZ4/pjG3jQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=bxMm9TSi8f8QKiCzk5WdPhpqZLirS5msRqAJOUvJI9Z7fbNR2fpe0r3X93dVq1uDVsi nf4aic/BA6XS7TbNmZbbv56uOrwqQtMChrvRPfLp+7wY/Ku2Fz6p5qdgAgQEaNo5wbFdY rsRRiDqEJd137qiPovRy0vtFgd9ojtyAv+A= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 Enabling TPM support results in guest termination of an SEV-ES guest because it uses MMIO opcodes that are not currently supported. Add support for the new MMIO opcodes (0xA0 - 0xA3), MOV instructions which use a memory offset directly encoded in the instruction. Also, add a DEBUG statement to identify an unsupported MMIO opcode being used. Fixes: c45f678a1ea2080344e125dc55b14e4b9f98483d Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Signed-off-by: Tom Lendacky --- OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index 273f36499988..f9660b757d8e 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -678,6 +678,7 @@ MmioExit ( UINTN Bytes; UINT64 *Register; UINT8 OpCode, SignByte; + UINTN Address; =20 Bytes =3D 0; =20 @@ -727,6 +728,51 @@ MmioExit ( } break; =20 + // + // MMIO write (MOV moffsetX, aX) + // + case 0xA2: + Bytes =3D 1; + // + // fall through + // + case 0xA3: + Bytes =3D ((Bytes !=3D 0) ? Bytes : + (InstructionData->DataSize =3D=3D Size16Bits) ? 2 : + (InstructionData->DataSize =3D=3D Size32Bits) ? 4 : + (InstructionData->DataSize =3D=3D Size64Bits) ? 8 : + 0); + + InstructionData->ImmediateSize =3D (UINTN) (1 << InstructionData->Addr= Size); + InstructionData->End +=3D (UINTN) (1 << InstructionData->AddrSize); + + if (InstructionData->AddrSize =3D=3D Size8Bits) { + Address =3D *(UINT8 *) InstructionData->Immediate; + } else if (InstructionData->AddrSize =3D=3D Size16Bits) { + Address =3D *(UINT16 *) InstructionData->Immediate; + } else if (InstructionData->AddrSize =3D=3D Size32Bits) { + Address =3D *(UINT32 *) InstructionData->Immediate; + } else { + Address =3D *(UINTN *) InstructionData->Immediate; + } + + Status =3D ValidateMmioMemory (Ghcb, Address, Bytes); + if (Status !=3D 0) { + return Status; + } + + ExitInfo1 =3D Address; + ExitInfo2 =3D Bytes; + CopyMem (Ghcb->SharedBuffer, &Regs->Rax, Bytes); + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + Status =3D VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, ExitInfo1, ExitInfo2); + if (Status !=3D 0) { + return Status; + } + break; + // // MMIO write (MOV reg/memX, immX) // @@ -809,6 +855,58 @@ MmioExit ( CopyMem (Register, Ghcb->SharedBuffer, Bytes); break; =20 + // + // MMIO read (MOV aX, moffsetX) + // + case 0xA0: + Bytes =3D 1; + // + // fall through + // + case 0xA1: + Bytes =3D ((Bytes !=3D 0) ? Bytes : + (InstructionData->DataSize =3D=3D Size16Bits) ? 2 : + (InstructionData->DataSize =3D=3D Size32Bits) ? 4 : + (InstructionData->DataSize =3D=3D Size64Bits) ? 8 : + 0); + + InstructionData->ImmediateSize =3D (UINTN) (1 << InstructionData->Addr= Size); + InstructionData->End +=3D (UINTN) (1 << InstructionData->AddrSize); + + if (InstructionData->AddrSize =3D=3D Size8Bits) { + Address =3D *(UINT8 *) InstructionData->Immediate; + } else if (InstructionData->AddrSize =3D=3D Size16Bits) { + Address =3D *(UINT16 *) InstructionData->Immediate; + } else if (InstructionData->AddrSize =3D=3D Size32Bits) { + Address =3D *(UINT32 *) InstructionData->Immediate; + } else { + Address =3D *(UINTN *) InstructionData->Immediate; + } + + Status =3D ValidateMmioMemory (Ghcb, Address, Bytes); + if (Status !=3D 0) { + return Status; + } + + ExitInfo1 =3D Address; + ExitInfo2 =3D Bytes; + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + Status =3D VmgExit (Ghcb, SVM_EXIT_MMIO_READ, ExitInfo1, ExitInfo2); + if (Status !=3D 0) { + return Status; + } + + if (Bytes =3D=3D 4) { + // + // Zero-extend for 32-bit operation + // + Regs->Rax =3D 0; + } + CopyMem (&Regs->Rax, Ghcb->SharedBuffer, Bytes); + break; + // // MMIO read w/ zero-extension ((MOVZX regX, reg/memX) // @@ -886,6 +984,7 @@ MmioExit ( break; =20 default: + DEBUG ((DEBUG_INFO, "Invalid MMIO opcode (%x)\n", OpCode)); Status =3D GP_EXCEPTION; ASSERT (FALSE); } --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74310): https://edk2.groups.io/g/devel/message/74310 Mute This Topic: https://groups.io/mt/82247966/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 14:53:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74311+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74311+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1618959603590183.32133858325597; Tue, 20 Apr 2021 16:00:03 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bcl1YY1788612xptMldlWiNI; Tue, 20 Apr 2021 16:00:02 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.86]) by mx.groups.io with SMTP id smtpd.web10.4427.1618959319881816979 for ; Tue, 20 Apr 2021 15:55:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dvze3jZYx6PmY5btom6aHpNdcZLcYnjHdvSkTq8oIqoM1Mlk3jQojJFWclJ2uKc42wSfBOPgmgQ6yR/gqnAZPNMqFYpVo9AfprTJm0ciFkvAH2gVV6IIE99CbUmkp2PfRaFec+kFfAmQ1KYStF5xHg1aYMSMvZ8IS3AFnN7sU38Y3t3qkc6FJT7gm4oYfZCQFUa14h1Wh5v37wbntZ86UJPaaDCPly9tXEypPylu+fJpNOLtNHvfHADyDJfuVoUBWfd6hhMgI0doe7s6I/zrCTcXRMVcjAv0go/01vx1ZSz9Y21izwyMOdS7L698n9+4qtF3alcV4EG+SWE3G7K0Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IV6d+KCFdmfmcxSXfvRENdHZYbY9RcCAXkNcPWojAYQ=; b=IuTobAKCEOwTLM3a6hvc1rDUZD/FAPo544lrefiXRY4CpIhf8ujNSzBY2tMh37Ebm9WxLb8Eaoald7ABIrY9xBTan8C5Qa6b22yPqx1wnRwUKL3pLfFVZXX3wWQ2zRDQXyf3MjX026k3vfWn3JbLq1EfUaUFZ/G66Lo4oocKScItTTKzBFc8AqzfT9meFhgTgfE5GKDUzw8GqQ3fm52aildBok5nrQcjMJi+/CsjBcaJu6hG0Zt8/wQTcSwwxKD1GBTvwWqRKxgyJ84IpHJlCg6n8365m+DrPcsqfZqQKCWqLi42N1E04gLYou+nc4u2ra2zT6H/jiNQC9QyTrd+Iw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4337.namprd12.prod.outlook.com (2603:10b6:5:2a9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Tue, 20 Apr 2021 22:55:18 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4042.024; Tue, 20 Apr 2021 22:55:18 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu Subject: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV Date: Tue, 20 Apr 2021 17:54:42 -0500 Message-ID: <1f64ca5689ec86c427e4db8c41da598896dca4ba.1618959281.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0066.namprd05.prod.outlook.com (2603:10b6:803:41::43) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0501CA0066.namprd05.prod.outlook.com (2603:10b6:803:41::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.6 via Frontend Transport; Tue, 20 Apr 2021 22:55:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f97f73b0-f9ac-4c16-00c2-08d9044f5ea2 X-MS-TrafficTypeDiagnostic: DM6PR12MB4337: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: x9kVgftWuxx4gRd3/YuJY6kMmeXX30Jf0EBOK2e9m1aSRdUP/FvAnFl/jqiX9/6lKSPtUn5+9BdETaVSvenScWeneP1fBfcPeY5C1eANg0f/o5M7Kg2kWIT67uZZFLJIQ1d8zjttL7+zAI/NPREW7lbX9zP5ILlEYD4X6JJ4l7pzpJTBcSsS06z1tHjq5B6j1icCsevf9pzMtGzH0sU2LS/gZAQ4jk/SM3ahMRev+Xccpw4ByTHo2T+9A9oP/VyoUX58YXb3SmdTYYdZ1oNyCcQKgj+3W+JN9nCyTbBBIdhDpKx3qAbOE+CEpTWG5QJMcmhNynxzUECt6K91dRLf8HNn5by+5+4C9UQqxMQaQ7lSiZBKu/HVvrf41qmHEq9UpQ73/1TfLx2H4nzWWDjS1YjOKz5PXkN21ICA08gagfJA5abcSq6JnVTgnCVGlVsWJ8U7z+IXdI847GM352gJ95HbNDeEH6PwLLS7c8aTrDj9wDRu/xNMPlUKSRkqK9Vst/qaNLaSNan3fN3m46NbM3E50gD8p0W6p+REz5EPLNByEvWQb6oqSd7qGToACn0++wyxJZlZBxdUnn34pN64yK9+bpl/oLaIpV+ZKa//tU60/PyCFslLF66rPeg1Nq+4Unc2WfV3A/QSYRJv+Jq9pp54A005aa28+di/Ibuvdk8vlYTO5FSqqjudPZawxGSWyZCNIU62XyUCgA6NUPcXCyw/Ruw7NrT7IT241GZJBHc= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?ddjSondS0l+ejuldS05+dFfcKh9dtbxsFo0wqDmZTknw7uLmdoJrDcp6CvyC?= =?us-ascii?Q?XUa60pG965WUWzJngycA/w8yLmAvipgbxSUcjtkdPFHFNZ2ysbN3IixQuNyj?= =?us-ascii?Q?w3vm2jfVSfi+rDQsFpfg67+2YcAuRhNzZT4U6U7G7Eq1jikNZ10Pxm59lNV1?= =?us-ascii?Q?b3DRxw4WL3JJM6eEnm66RVhCwLVNZ9JndkmbQ3DiMBp/I1CXPtSe7eBiLEsd?= =?us-ascii?Q?pY+O4PILpU1O7mcUmgPys+AZZZyruLYaOfzh3PimuJaVsZT/lp5pNpkZjU8I?= =?us-ascii?Q?i4zYhZ5uq+L5LcghI+FCH2CZ7Bze/uy3T3kxGYk2pihJezHB2/WVCI2Os5tW?= =?us-ascii?Q?0yjB6OV2BTvNEOQqekXKHXAY3gTOQ2f9TazC7jSFxpLtibyIYpzqibV4/Llt?= =?us-ascii?Q?cW5aqGCJMrydgJLCt/5JzypRi+YGkXZXGzoSXKFKsIEL+wgZkeFZdgmKiMnu?= =?us-ascii?Q?HHEXjaSdAof7q/vPKMN9C+8b5iJbCTGCyYbGKocEnrJHFB8DQYgApQNqH+c6?= =?us-ascii?Q?1YMbb2XgaAudvz/4WHrBv1yPlRTzuevmWIe/8gP6LrHSxKeS/RWLWGhBIP3X?= =?us-ascii?Q?uDYE01pvv0HoAv4yUEcue4UC70Q48GQZsG2SiM3m/nL6CbkNYgwNprf99Yxp?= =?us-ascii?Q?Lqvw0yUbympWTEmjby8pUvOK9SY1ol6pucP0in43VMj2WRrLxldU/QFy+CUO?= =?us-ascii?Q?FAmlNoOeDBo3QFLesaI2NAbvWCWYON5Ot9aMLtogmEozKTJjUE3/68x2nG7E?= =?us-ascii?Q?wiiaAhAUbmHD1dCbBN1dRsdVEieOBrJ7EoOcPA2NOOw5EsdmaohceuMC7P96?= =?us-ascii?Q?0wlWFxuzGyokQoc+vLq5B4iItQ9WEPC5OVX+7iCWNcSr5wQCVTgjjtTucnwA?= =?us-ascii?Q?jJEMJxPGpm6kJrkdDzUfpKgrokyMWydd7hqqRFrBw+VMjZqAUdl1B0oJWay8?= =?us-ascii?Q?xSiZB8j4Q8qvdosIEk0ZU9Yrr/igy/ZTjB1xuipmy3xSmEkAuY6DJb/u0Wzm?= =?us-ascii?Q?dIiy1nnAwYd1yJmpIS35xqOdn4Rt5+orqKrgtYmb0gVN1h9qPn+isLO5mHXY?= =?us-ascii?Q?AwnfcwsS5kmZ/BStY8wvrzBumUPNKs6elQfnZOXTcFK/H4c755lly/psaOno?= =?us-ascii?Q?Xqv35kRFEMTRTk7bdjiV1Vo/2/zGTmyO5YjlTGMmmdD73APq6xcHAf299k8Q?= =?us-ascii?Q?uylqtf5PvDq8FEOP+W4V2SrUp76nY2Jo4Htnxy55gVQp/aTjJFpfg0uXRmj+?= =?us-ascii?Q?u6gKO8uixAw7yAcSbR+nSbe1zn9dOoK8/50e0zvOyN6z35ofheS1gMsy6y0t?= =?us-ascii?Q?keAZxpRhn04TLlwtHBQfePbk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f97f73b0-f9ac-4c16-00c2-08d9044f5ea2 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2021 22:55:18.7518 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: GvAjvQDorhKIe3sXTZ8prxBmvV94GJh/YXHY42E84odnyLzkeC1SKcMpieay8fA6u4DsIh0tEak2kAWqDsGJtA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4337 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: PLJRgUJVIJh6ZDQC1gz6ddCZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1618959602; bh=3DkGGCp9XqSZalf3ldZrUywNNOQBjbr2V0vK0J6JlI4=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=KJaFyELGxTABIXg+F2FIhLxZaMGVX88+JHIBrpps5JzxpntL6+AnAX5vFgRJVS2RtLv /jtlo0EyEsx1as12vR53fk/6BSdreMdGv12GpZ9mjbDuNHJJK4OeQqOTXeNYFgm8SJMC0 cprG4nyhFcQnVVIdYA7VhOCWiNzO8e8N5z8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 The TPM support in OVMF performs MMIO accesses during the PEI phase. At this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES guest will fail attempting to perform MMIO to an encrypted address. Read the PcdTpmBaseAddress and mark the specification defined range (0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process the MMIO requests. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 6ef77ba7bb21..de60332e9390 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -113,6 +113,7 @@ [Pcd] =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index dddffdebda4b..d524929f9e10 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -141,6 +141,7 @@ AmdSevInitialize ( ) { UINT64 EncryptionMask; + UINT64 TpmBaseAddress; RETURN_STATUS PcdStatus; =20 // @@ -206,6 +207,24 @@ AmdSevInitialize ( } } =20 + // + // PEI TPM support will perform MMIO accesses, be sure this range is not + // marked encrypted. + // + TpmBaseAddress =3D PcdGet64 (PcdTpmBaseAddress); + if (TpmBaseAddress !=3D 0) { + RETURN_STATUS DecryptStatus; + + DecryptStatus =3D MemEncryptSevClearPageEncMask ( + 0, + TpmBaseAddress, + EFI_SIZE_TO_PAGES (0x5000), + FALSE + ); + + ASSERT_RETURN_ERROR (DecryptStatus); + } + // // Check and perform SEV-ES initialization if required. // --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74311): https://edk2.groups.io/g/devel/message/74311 Mute This Topic: https://groups.io/mt/82247968/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-