From nobody Wed Apr 24 01:14:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74609+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74609+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619716359362377.20206801710117; Thu, 29 Apr 2021 10:12:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id oBlyYY1788612xLWtnWpoXlg; Thu, 29 Apr 2021 10:12:38 -0700 X-Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.44]) by mx.groups.io with SMTP id smtpd.web10.10201.1619716357662335255 for ; Thu, 29 Apr 2021 10:12:37 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mu5dcIxQCojRQM6C6udLKeXSNLVR7gN5GX03LCTN7pReHBLFpiDjWPZ/ZR9pBZr7PyhYqNxbKOm3ELu7vvGf6MUQq7zOFtXJ+26SfpT33okQNaAfSHZIQRt8Mjr+tDb9OedDRGc/iOu9akH7bamw1ckCncDZ2QKgOci7LMLdBvTshUuVh2qao+d1ZrEYFox1V+5dcKWQ6QmB89exW/DZePp75keQ0nQL5zrTuVm8CXr4smrBgXwMcoGN++55uVdoY3PR0uNn3G62NFC+WXUbYMQX2tG+1ngCA9dVnV04I7fr4C3C1OmaBSuJEZQvM/2rU5VT84MeZqpKeFotDp9zqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XWcpYLomQE9UgdSmnLbBdNso2tZYsHmhPG3l4ez3CRo=; b=WJnbQ92TDSMgOlnhM0aLFG+f6zXau9kwcvRDAWW6xj1USblY9/QJ8A4XTLrNQaJSoPU6wyVF4NlZpoppaWGrg3XXGPJGLUIXc0q17RUWh1OoD53Z5rF+ghxfi1a+haiadysmhoMgARkOnxToAKmsaUgHmMIOE6QVSKzZ37h4VOB3xivU5c+TI8rYjUMqC2voFr4wgd9MItPhSka0zyHItcH21ieeYyOztMw0rbYv0GOH3oDT67Xeqwic0TBsOiDsT01ndm9ZeUAogfpkQ21B08XIa5WiPP6eTTCE9DyudJkApQD35TBjzk1hb8IlvPscYfV/lE/dGJJj1Uwd7qY0lw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4218.namprd12.prod.outlook.com (2603:10b6:5:21b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 29 Apr 2021 17:12:36 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Thu, 29 Apr 2021 17:12:36 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu Subject: [edk2-devel] [PATCH v3 1/5] OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes Date: Thu, 29 Apr 2021 12:12:10 -0500 Message-ID: <5949d54cb2c9ab69256f67ed5654b32654c0501c.1619716333.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0060.namprd04.prod.outlook.com (2603:10b6:806:120::35) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SN7PR04CA0060.namprd04.prod.outlook.com (2603:10b6:806:120::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Thu, 29 Apr 2021 17:12:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 31a397b3-bdad-40bf-f7d3-08d90b31fc13 X-MS-TrafficTypeDiagnostic: DM6PR12MB4218: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: PgQLljd1nKJoInqv2j6YAi/Ab/99WgFw7b+0P828vNtKZGIba22+Yje7hLEPiMLXosTPU0MYOPs6KW+RG8X6hwyFs59pLBTNRCh46tik/u70Go8X9j1wDqLfF9S3a5Qe8Tv5mfF2cZ5zsQZHt70vimLUp5Jp4YdzNSwwKKLnFE/bLMBYfLHxjRa2TIEi4J1L3U0Xcpliv9OUun0iBovxMBeKaLEQbQP0Yv+x0deJU6CAriIQ865yreWB4AcDZNa4U7tbtOJqw9KPjBV1eTHAtb4TyNPd/S5itdOkFWk8PRz9suB+GBkt+weXJoyVZvO95feLG85dnGH4HyV2mFcZC7r+QsDOzVt4uZlDr8Hxpez8Mpcuzy+o++if2fgaT8Gm+hy5e+kaRKFI8slYqPw/wrOh0n2C8YdTJFp9MMoeAmlI9h0RrChCbbZkyGXwjK0IZkBOB4t5RzBvOiJKN9IVieUS7LLWD0WKWT36hUBGyfkr74+2gZMdKtqy96yRYpKyFMewWu8QDYEQsTwWeCTHeFqSc2btXdmicL95pFHw4b3rr3amieSj+mc1o87jtiaxR8b2/vwoSfSSsTja1J6pOnbbNaBw7F/KE73ck+PZgFy5B57EUKTT6VQIkMrq161vUMlLG5cYq5I+RCDurEbIe66Vd5BlcrMfVWQx3i8DBYrheFeQgfmMb22b/sTfS5ez3hW8NWFbj2ApozNa88Vych0Z9Yo3LKWQdv1GeUHFKTVBEn+01seDXncHzHQvdg2z X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?vKa9KeWLIALum+/3majfCFERMetn7+2Gzxs1KJ+iwyDe6o6kkHUMofRdUYK9?= =?us-ascii?Q?K0JOB4va+OFfsgxtEtBVo9GZkXs+LZawWSUw6pFv99xeoQEk160erOzxRH/L?= =?us-ascii?Q?d+LCDsD0qhetVn0JGHnQnPR6pngPJgkyJ7ZMKEDFVBn8CZVhS9vWXWV7fdM2?= =?us-ascii?Q?TANHddoO3bbynGn/zZCjdPTkUonHBFIIFbH8DoixkazwU9zW9ssiFldVlhSS?= =?us-ascii?Q?vEoWbPV/3GO6n7x8eRuLZ1DzuZyYEMmLvgDrP1SGBL1xK8aOyGpfRHuQxqXh?= =?us-ascii?Q?XlAHVq5YwYUyzzzoPXyo4qNVIAqxkH0kXuwIE8XlwrY4NfBYyX15Xm5x18Gd?= =?us-ascii?Q?a8P8HrkR7Ff3mut0Bc88C6nWjnOfkAuEOWKPCm3jKjDwYhQ2SGXgzHNEi6dg?= =?us-ascii?Q?vYzfnqC5WfBZ+JVZFHHSoGQQQGYArBKeicDJqzw/1EtGFtv0yzTgb24LuYaA?= =?us-ascii?Q?XcWwhbxzsdDSgQfiTIOx7lVbnVj3TiSnjY68OYPmUvmcg2V9799h0oGi9Tvq?= =?us-ascii?Q?+EvVcymnQdAKomCIQ9eUBye7wjwU0nkjvzjnTPxuyPLFj8gAk5AXowg6/0I4?= =?us-ascii?Q?v7Dk9GcGpvExgoxEzu9r4KUm+DVzAIbTeSYHC93cpeM2RHHGuWnoJUXD8v6l?= =?us-ascii?Q?rYtM4k46kIsyZ02CxjsU7wZKXghDFm9zat/B1df12z/j6kOiij3M8A4AQl1G?= =?us-ascii?Q?Wi8KOLqLv04kfw5ylKWZ3SDv1CHn+6qgWbDVm1cTdeisZC7XuIrQIIPqzzhx?= =?us-ascii?Q?eTvucB4YgOU1l+JtAdLcrMNEfFZHZ01MA3AeSy3l1tqbGBRxmWqsBRT+p0yg?= =?us-ascii?Q?r6F6Q4sHzUwO6cgJL+iD8/QlI7xKLIl2loVQRIrSV9LA81A63lLrIoPtrkw2?= =?us-ascii?Q?HW3yQjlWCNYKtNK4/bN422fibIN3DW2ck+pBXS991TUhaBGgP2QhKBI5StY9?= =?us-ascii?Q?dd5iDC/9NYLFIgdH6Gv1pp1cmJhpdP3KR6Zpc0jTL5lpI+TifXYJZtSXjE64?= =?us-ascii?Q?mcLkkBCQGVPCtBXZYCMGt569RYs3K0AMhcGs7MlAZsZQJycTkOezCeoDKc1x?= =?us-ascii?Q?1A5UJJKrxNJi9SW6iClA5KUhXFBXFzgHIvowxjL5E/ZcyJkzP4zqoGA9DKZ5?= =?us-ascii?Q?IVJqPc2EUcX3Dx+3z2vPe8f9sEFlbhSK32ODPNULVLe/HuKnUNMySAl7Fg+g?= =?us-ascii?Q?geAnlO4nl7PM0phBWs8vDOVUURLQWA30x4TBlogmbHefSASerR6JrbaQVoXp?= =?us-ascii?Q?EDum9o6qE/ioq2/hnSabVFg4pBOda+SfQHrKGUlKHV96AQwzSIqzwg3LV4Kc?= =?us-ascii?Q?2zBv0z8EwmvRV0o757tt/WKb?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 31a397b3-bdad-40bf-f7d3-08d90b31fc13 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2021 17:12:36.1735 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: LJSz4e3LTQE1zWrBFN2S069x/RIgXtLxmcca1xQggZTWG3xk1+DHSrbKuSuF3/ysAIZpgdA8pnrQ6ZaEWHLQXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4218 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: D3I6q5PVeafGM5k1TGpwSYXqx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619716358; bh=ppcxMzovZ95om36y4fuySJPeGjeKO/f6hUftw33JQqQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=OkdOfi0BlxhZB5gKQgabDjQRg6b/Xv7uvt9I/CAdCYFqs8QeohreQ3HrtLmNAyokWQu o5SOm9+Ew0B6tjPxxGR1Y5VbBXp1gHb4fYenD4lKnKKyM3XTwXmAy8kJQrSArO+ZKERwB m2xXVAWuFlPLFNBtC3lig7C8vHjXQ9GwmgA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 The MOVZX and MOVSX instructions use the ModRM byte in the instruction, but the instruction decoding support was not decoding it. This resulted in invalid decoding and failing of the MMIO operation. Also, when performing the zero-extend or sign-extend operation, the memory operation should be using the size, and not the size enumeration value. Add the ModRM byte decoding for the MOVZX and MOVSX opcodes and use the true data size to perform the extend operations. Additionally, add a DEBUG statement identifying the MMIO address being flagged as encrypted during the MMIO address validation. Fixes: c45f678a1ea2080344e125dc55b14e4b9f98483d Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Acked-by: Laszlo Ersek Signed-off-by: Tom Lendacky --- OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index 24259060fd65..b716541ad170 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -643,6 +643,9 @@ ValidateMmioMemory ( // // Any state other than unencrypted is an error, issue a #GP. // + DEBUG ((DEBUG_ERROR, + "MMIO using encrypted memory: %lx\n", + (UINT64) MemoryAddress)); GpEvent.Uint64 =3D 0; GpEvent.Elements.Vector =3D GP_EXCEPTION; GpEvent.Elements.Type =3D GHCB_EVENT_INJECTION_TYPE_EXCEPTION; @@ -817,6 +820,7 @@ MmioExit ( // fall through // case 0xB7: + DecodeModRm (Regs, InstructionData); Bytes =3D (Bytes !=3D 0) ? Bytes : 2; =20 Status =3D ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Byte= s); @@ -835,7 +839,7 @@ MmioExit ( } =20 Register =3D GetRegisterPointer (Regs, InstructionData->Ext.ModRm.Reg); - SetMem (Register, InstructionData->DataSize, 0); + SetMem (Register, (UINTN) (1 << InstructionData->DataSize), 0); CopyMem (Register, Ghcb->SharedBuffer, Bytes); break; =20 @@ -848,6 +852,7 @@ MmioExit ( // fall through // case 0xBF: + DecodeModRm (Regs, InstructionData); Bytes =3D (Bytes !=3D 0) ? Bytes : 2; =20 Status =3D ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Byte= s); @@ -878,7 +883,7 @@ MmioExit ( } =20 Register =3D GetRegisterPointer (Regs, InstructionData->Ext.ModRm.Reg); - SetMem (Register, InstructionData->DataSize, SignByte); + SetMem (Register, (UINTN) (1 << InstructionData->DataSize), SignByte); CopyMem (Register, Ghcb->SharedBuffer, Bytes); break; =20 --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74609): https://edk2.groups.io/g/devel/message/74609 Mute This Topic: https://groups.io/mt/82461181/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 01:14:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74610+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74610+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619716368120602.376102746582; Thu, 29 Apr 2021 10:12:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id estQYY1788612xRJFTTeCCpd; Thu, 29 Apr 2021 10:12:47 -0700 X-Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.50]) by mx.groups.io with SMTP id smtpd.web12.10316.1619716366598364516 for ; Thu, 29 Apr 2021 10:12:46 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fr6ExNdaLlEx0yFxQ/yxFT/ihY9afuEeNaRz6kganAkMRw+/bCSG+kS+R6Bx6eCnmFuhkvdcBlxRBIEcI95Vkc/gkeIxz8CnuX66eUvxDxl7p9qHHj3Rl94YJgHaS6QUz4IPwOXMPg7wNEmBZinwUgLoZZ3utBzZZmU6ajckHUt/RC7Dc4iJJi6UBMbCXVLwbAYfntjRQi+AoU/IctXmKHysA8SqVvOMt7uO+9gvon+pA/gn8y+vgak5ZW7h41AEKPk7vi8B4j6hGYb1kwA8bfTpTLm8y/8eHSdzIgSEGi6wmX0FhaWqFAd1qrFHjUSKLTgKE4fwOR/XI64/jXdGpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HXZwAjBoY/j+7OTid5+AbQYwcQW+xuvbYKi4O2dFE2s=; b=ZO/hqE8gyXUYDC80soe00uzdFrHRqQ/tDglKLgmnhV0J7hiIwqrz6gVQfycCbYDLM5iJFr258VhNebOZjDg1FuhB7xoe5XW6ZGLtHJ6ZCGGBM/Su31FycS4yyQpIRKgrIijTGYigIp9Ei6dxQ5AGElmzu/pusdzzsNe1FVnSyUPbiytsdtNTO062SU5HMKHptEqwTKMSKG0b4ew3fj/Hi5mKQAPEuKwltN8GU8evEDr17QeXFg95TSjlGHZPR3rKZgn3wai1z6rEDQDjbidbQSQl3kdAqZrilWWj96pRaSISymoX7Ar8B3gb+YPE4+5IxY66Ogbl9uulNnR3Po6xGA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4218.namprd12.prod.outlook.com (2603:10b6:5:21b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 29 Apr 2021 17:12:45 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Thu, 29 Apr 2021 17:12:45 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu Subject: [edk2-devel] [PATCH v3 2/5] OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes Date: Thu, 29 Apr 2021 12:12:11 -0500 Message-ID: <2fdde57707b52ae39c49341c9d97053aaff56e4a.1619716333.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR05CA0011.namprd05.prod.outlook.com (2603:10b6:805:de::24) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR05CA0011.namprd05.prod.outlook.com (2603:10b6:805:de::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.8 via Frontend Transport; Thu, 29 Apr 2021 17:12:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c992b276-a886-42df-b514-08d90b320161 X-MS-TrafficTypeDiagnostic: DM6PR12MB4218: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: +jOLVKuso6YXfSZwQ2QAkEr+9Vmj9hTn9Ry5sDTgRr8Ok+c3Ml5OTvFy2QK0eXibyKup1GxkZ0wsy4kpNAoqsn6HS4WKAqzrpN7JRwztBSqJ/7r+k/xQdWqOLKHHhh1+LMF+/jZe7taTjLiUZdKghraOJx8C6Wz6RNuhDLUgups9CT8uiuwtKdwDAV3wR3oyppF/AOm5m+l7z06NJRrvu/D5ObwMxMJT9QZQgWsyHPnTin38x33fxC4mzYRbE0LZB/VhbMXqc+OBvLDtrWjHhPhV/62srK3cvuuh3/lSr+PSE4m9nnaI1ti4gCsXg6tc2HGi2ddSnsaEHvOtUUGafNh0etxxA+Gk/N4NsvNQs53QDtjgu9bhrYujnu/YBXeFofgsInZuLrJ085biCtK0hkkIZAogyLvOkahXCf70ZQAebUt7a+z4Pbus8e7XPhDhragKj95cd3jfkddsKRbrESg7Sl7XYhdNTN2ol948aAkxdt52EoeC/pYL6SHlhNfLUkoWDnaxc+I40SEc0YT3/XO+dea2JNGNevXJyXTIyvqZV7PT48f3ug9+nQP07Q8a0dyTyMjW+9Y1ZilnLY64WQanlc8Xunz2AQ/k1ksfRFq9Xafr3hi9gV+7FiR8ryAq/PjbI+PLOy1ifAMPUzZyhwoecZOhIrNyJPcRk2iNjHVMXQ9qXY0O/BN4xcz2x/kbkVKGTaLPukDxVuvnmF7J+VR0ktfIdyQkMyvHTc7nPzI= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?6PrRw8tNhzSpFn15FlainQ5EQgI/0p6euHkaFV7vkR1TTFXiciOsLXL0ynBM?= =?us-ascii?Q?7AYEMJSVQXeDkfGLgpzd5YcN7vXfR+1RQiAYUkPUlGNqNJ32Fb+tHlGoDGEa?= =?us-ascii?Q?Fyvd1Bk5g+kZk/F71hkeHhp1qaCoXSjP8KaF1U0qixKyDQlptO7ozHmIF7bX?= =?us-ascii?Q?oKGqDrVwyWIUOIta8IksgMfS3lngwHQjmwj0Zim4ABh0bELLjCQf3ia0ypO3?= =?us-ascii?Q?A8q6oyo6N5rzO24JqBurqJYXvBS5hFLmwUsscb7Gv+Gl1vywPUOk6bDNtFEt?= =?us-ascii?Q?cvBnEEj/pUBqXTHhPC4N0I93qBnOqdPIrpZj9GPDA5B2ygwOQaktwIJ9B812?= =?us-ascii?Q?mZAslgabEcmJud1bcvaNpvi6rDBUU5MGS1Rh+y4AEXz0772TS5ChcXeZ80nw?= =?us-ascii?Q?nlAmdfu1j9L+3knO97d6KrrZm3veLOl2TSgMd+XjrcxxW96m+agi81qGz4z9?= =?us-ascii?Q?IaQKMDl62kfNjNrUTt34l60Du21XQoTyUb4BgX37LNwGjU5QnzosJHmO5jNC?= =?us-ascii?Q?4qsPK6iBNHuE4KhgV8f7lwKreSpA/7eTPexRBoQCxPkTp9XH7WTrRU4amPei?= =?us-ascii?Q?J9wkjWHNgRDnhlr6E3KkQyMXG0kfba/ZdRO3X/1b+AVajBC44nuZoO+lk+1W?= =?us-ascii?Q?9BgodJcDt+GDnw8iIMGGIzR1+nTZLFi95LYTk87J2Wd71rH6FcwTZ4mEl6k/?= =?us-ascii?Q?uhz8J4HFLP3BQL3J5oao76JFQBcTGzSDnwEOpmPKPg2YlpKgBFwEgyZtnkcO?= =?us-ascii?Q?P5DGRGrq/nwFoiDaqi/fq4i1CBnlImuBP/SwryGkbeRzV26cxeoThKjGLPk3?= =?us-ascii?Q?1ri2h1g3bm7MEQyUTUA8Drk8uDsg+s+UCNuVWKu+7Mu2Ca0v+1xFEpnrRtp8?= =?us-ascii?Q?W70ZdrnFUskQmVSavZwSLQ5BZyGgsKxECue13MY9FPOVnQZut0s71Aa5KXDZ?= =?us-ascii?Q?JGHZy3RozsOP1lZWlD85/hsvSwxxUvkBedmYz36Woxm6XVvz0kFr67Zyb4Ld?= =?us-ascii?Q?oJ1mkVAbylO/YfZATMGx7x/5+uok1xW5Ynq/GGXuJaprujgcEG+gpIfCg9fj?= =?us-ascii?Q?qrOPSBXrxfhOqozXz2aLCFxcLKe5PATS96LZrY7UnsrE5cmajMtTJ/sDEChc?= =?us-ascii?Q?KtRMX1WfThJ2I/NHSyYC2F7XGbyPcuJF0VmPsU7Q7tkrr/eE6OHvCEXp1tZG?= =?us-ascii?Q?SGwtcTFd/iSIF2b56j0/mDJSZsfDKgyHIN+8zB/e0zrBRvwKxae3iCUNe9Dy?= =?us-ascii?Q?fY9zWqmvM+YQafKPQ4AtNM2x3aEv4jgNqb7cndFt210Jz/KGIWFYxbtJanHK?= =?us-ascii?Q?+kvnCKl+R4iLWzrecq/4vnsk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c992b276-a886-42df-b514-08d90b320161 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2021 17:12:45.1045 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5rTGPIJOCRr3x7d87+UGhnvVdrzfcS9+5cKOPRwEprNWm25TudoY8vH4P+ftmAo1aldWIMWbyLEjKH0Z2Byvzg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4218 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: tAVo11n5xhML4nOq5a7TYAEEx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619716367; bh=uUkLsyIksEllp89fxh0DUBHziznwbqsK2c+5xlqIvCo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=BXLSMtJ7lvfAlR2I5gY6Bt3FC641fpMBNCKI+jvV7K43p/0DWWDwrQfIOUl3v3O9Ol8 m7v7vze1UvmIbG1Dzw1TeWu64xpcAGyEabDJZPFCKosx4jpVpUWpLJcPNrmuyUOp5fHGn heRLB7ebweoO2kEvejFfHHSEgyUPyaLXbE8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 Enabling TPM support results in guest termination of an SEV-ES guest because it uses MMIO opcodes that are not currently supported. Add support for the new MMIO opcodes (0xA0 - 0xA3), MOV instructions which use a memory offset directly encoded in the instruction. Also, add a DEBUG statement to identify an unsupported MMIO opcode being used. Fixes: c45f678a1ea2080344e125dc55b14e4b9f98483d Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Signed-off-by: Tom Lendacky Acked-by: Laszlo Ersek --- OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 111 ++++++++++++++++++++ 1 file changed, 111 insertions(+) diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index b716541ad170..41b0c8cc5312 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -680,6 +680,7 @@ MmioExit ( UINTN Bytes; UINT64 *Register; UINT8 OpCode, SignByte; + UINTN Address; =20 Bytes =3D 0; =20 @@ -729,6 +730,57 @@ MmioExit ( } break; =20 + // + // MMIO write (MOV moffsetX, aX) + // + case 0xA2: + Bytes =3D 1; + // + // fall through + // + case 0xA3: + Bytes =3D ((Bytes !=3D 0) ? Bytes : + (InstructionData->DataSize =3D=3D Size16Bits) ? 2 : + (InstructionData->DataSize =3D=3D Size32Bits) ? 4 : + (InstructionData->DataSize =3D=3D Size64Bits) ? 8 : + 0); + + InstructionData->ImmediateSize =3D (UINTN) (1 << InstructionData->Addr= Size); + InstructionData->End +=3D InstructionData->ImmediateSize; + + // + // This code is X64 only, so a possible 8-byte copy to a UINTN is ok. + // Use a STATIC_ASSERT to be certain the code is being built as X64. + // + STATIC_ASSERT ( + sizeof (UINTN) =3D=3D sizeof (UINT64), + "sizeof (UINTN) !=3D sizeof (UINT64), this file must be built as X64" + ); + + Address =3D 0; + CopyMem ( + &Address, + InstructionData->Immediate, + InstructionData->ImmediateSize + ); + + Status =3D ValidateMmioMemory (Ghcb, Address, Bytes); + if (Status !=3D 0) { + return Status; + } + + ExitInfo1 =3D Address; + ExitInfo2 =3D Bytes; + CopyMem (Ghcb->SharedBuffer, &Regs->Rax, Bytes); + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + Status =3D VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, ExitInfo1, ExitInfo2); + if (Status !=3D 0) { + return Status; + } + break; + // // MMIO write (MOV reg/memX, immX) // @@ -811,6 +863,64 @@ MmioExit ( CopyMem (Register, Ghcb->SharedBuffer, Bytes); break; =20 + // + // MMIO read (MOV aX, moffsetX) + // + case 0xA0: + Bytes =3D 1; + // + // fall through + // + case 0xA1: + Bytes =3D ((Bytes !=3D 0) ? Bytes : + (InstructionData->DataSize =3D=3D Size16Bits) ? 2 : + (InstructionData->DataSize =3D=3D Size32Bits) ? 4 : + (InstructionData->DataSize =3D=3D Size64Bits) ? 8 : + 0); + + InstructionData->ImmediateSize =3D (UINTN) (1 << InstructionData->Addr= Size); + InstructionData->End +=3D InstructionData->ImmediateSize; + + // + // This code is X64 only, so a possible 8-byte copy to a UINTN is ok. + // Use a STATIC_ASSERT to be certain the code is being built as X64. + // + STATIC_ASSERT ( + sizeof (UINTN) =3D=3D sizeof (UINT64), + "sizeof (UINTN) !=3D sizeof (UINT64), this file must be built as X64" + ); + + Address =3D 0; + CopyMem ( + &Address, + InstructionData->Immediate, + InstructionData->ImmediateSize + ); + + Status =3D ValidateMmioMemory (Ghcb, Address, Bytes); + if (Status !=3D 0) { + return Status; + } + + ExitInfo1 =3D Address; + ExitInfo2 =3D Bytes; + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + Status =3D VmgExit (Ghcb, SVM_EXIT_MMIO_READ, ExitInfo1, ExitInfo2); + if (Status !=3D 0) { + return Status; + } + + if (Bytes =3D=3D 4) { + // + // Zero-extend for 32-bit operation + // + Regs->Rax =3D 0; + } + CopyMem (&Regs->Rax, Ghcb->SharedBuffer, Bytes); + break; + // // MMIO read w/ zero-extension ((MOVZX regX, reg/memX) // @@ -888,6 +998,7 @@ MmioExit ( break; =20 default: + DEBUG ((DEBUG_ERROR, "Invalid MMIO opcode (%x)\n", OpCode)); Status =3D GP_EXCEPTION; ASSERT (FALSE); } --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74610): https://edk2.groups.io/g/devel/message/74610 Mute This Topic: https://groups.io/mt/82461188/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 01:14:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74611+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74611+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619716376451753.9644790499309; Thu, 29 Apr 2021 10:12:56 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id t9g1YY1788612xFgrpW7vXJ4; Thu, 29 Apr 2021 10:12:56 -0700 X-Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.45]) by mx.groups.io with SMTP id smtpd.web10.10204.1619716375457201959 for ; Thu, 29 Apr 2021 10:12:55 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lB8ukiYz/W9S8+XXCFh6nLMJ1z4/S61TahmF1E6YbK8J0qt3+6UNxbGIof9gogtqNGEdXB3EuY1SZHmR565xwqPxtOVnl+vo/YzZLxMds8xVVSlbJ9gbsFWt1OgphQm+znd1pPYlVy2G79hVfo++Awz5MP4fSu+UsG5v8xcp2Vb5LNRMY6yUfh9J/ZfOJ04LM5nKyuYdxsRuHwxb8oCE9N4dy2unqPnSJiYceITNbOY69r3h2OOo687J5ijRXrz5tB3CW+VmNlza5XWltq2eusFXwLXB9tOdK0dgxW2gthNkwa59w4C+WF02SRh6eVWF0YgOJ/Gb8WGXUxHLp9K37A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZG4fF7skBu3dojAmFzgvTfLLE5UT6pdXnBCHdNJXx/s=; b=W25NEctXsxT8X8og5xJKU5N47cr7KsQkYyrRszs1XJ5gHg7c9EMCMIrxYuqFzk+ko8isYHpaVOVhU0CelfEUms1DQPr/1LoAiIKe7UREXOgan66fspsMVKnwxIVCvVoE6yl65YGIWBnE/4wXifBgx5xQP7Vx3pJn5nkb12mEc5uK5l776IEPo6H4Y82lw6Cjr4B6Ci3D1KyGby0XuawT98VaqG6VCe0hAw6qOVIaGdWY9raNY2SorXKhgrMhg33qmuXLA0BmJ2z8Ikw+Kl4RYKtSi9v0FNAJ+Mpcc3fv7wWETpHL39iPdAkOMWg6dCVYdLyJyBbZfUB3fDDx98goPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4218.namprd12.prod.outlook.com (2603:10b6:5:21b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 29 Apr 2021 17:12:54 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Thu, 29 Apr 2021 17:12:54 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Stefan Berger Subject: [edk2-devel] [PATCH v3 3/5] OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability Date: Thu, 29 Apr 2021 12:12:12 -0500 Message-ID: <03e292339273721724c8b14605cfe9d7bbe45a71.1619716333.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0120.namprd13.prod.outlook.com (2603:10b6:806:24::35) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SA9PR13CA0120.namprd13.prod.outlook.com (2603:10b6:806:24::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.8 via Frontend Transport; Thu, 29 Apr 2021 17:12:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e2c4f6ad-e0c8-4596-e368-08d90b3206a8 X-MS-TrafficTypeDiagnostic: DM6PR12MB4218: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: QK/FCz1RqFolwyRwCtV/onLI+m7z9kZUEsifw7/5OxZrJHshJlYSOuJVHrNjxPrjfhorgiwmqzQPSPfQAb/HG8Tc5tPcGr4CbIOsCEoi0e9tUXp1Nxoa/iFzQQXExJlS0dFF20EfTWeAQIiCNN5qSgz3cEUY4sMmsSMb9cSB8gVWs18tVD6DvcVQLRjw1IoLCbgx0CPsAnD13ZQc6LSvXiPpPXtzuEM6My6psHaavtzHdlintEVjL2lIE7bCbQygwjwM4lRKN9C3Z+KOE4iC/ToI8FlERRgKxxj49VGXOBUdBw6Zmfdmk5Crbp6SWi41+eabjgiAJmgwNzMfLymBp6Uv/DcwED8Ns+hckTpF/fAJ235hLLG62qAW9mXmDyzlVlCrKX5+7nAOFW11aze+HHaslBzi2plTlF4T4rq+PREbGWtM1JBEXCMBZ8Z3PDOWRUUTh9itEgKfjiZVyaXH2rQ8E74YAW1bYuKPVZreOSKxEMhIWi5JP5jAftZGgzFIAaosSBMQ6DwNqHjDAHS1TYV4mAsdjyA0XzyHAT59ZoedXHG7ujSVwU3kTD8TwJnQzid8XSdQP9xh+iLUazFsdUxYD78pEIJ2UTse38/R+ze2BPiGKKmFdHYl+A00CKwlHFhRxJRPaqdPP59vXJvCNiJohoro47rGgA+vzL4R3TA= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?bcO+DQFQNcKovJEVn32a2RAf9Q9IasK8dTPcL2ITmdRqXpstspVjGIutoNIh?= =?us-ascii?Q?qmsAPdkgxKhblY2XfbhNaCjp13tBaF8l5Ufpk0wKDiPif2tQ7V032NNGEGqJ?= =?us-ascii?Q?Pg0PvwJboi8KXGwAE/n4xkbcMjuXZg2yxZggEf2wThgOx2Pq9gSTRLq5rcwd?= =?us-ascii?Q?AjQOkHGa3iQP4t0sYQR67PlquTpu7EFIyAY47hsLTg3e4cUQPS0lN2DLqPZ3?= =?us-ascii?Q?vR4Ua3dqwIztvm4XLygziLoEC3+3YUtmW8zFiMinE/afCz0vD3sXX1iYnAfm?= =?us-ascii?Q?UEya/kwGWOeLECZy5LAfj3ZDY6Gh8SGzGTuORoT4o1l1gLfqVCC9AWAIAc9A?= =?us-ascii?Q?8UQcvXqMkiZZqBc4nnRe/uCnpyoK1U1JJLCnQy6YVTAp+I8ga8OdFW4ZGm+u?= =?us-ascii?Q?tz137ei+7+I8f1umj9WlmvMj5kD58sq9mW9QVBH/HbYJQRGPpY/ZbTDSbD/Y?= =?us-ascii?Q?oFDNJO39Bg4OudJlh7/q8arzbwOsezqKjnKvksQapIrot8anK6H1lAoyl2a5?= =?us-ascii?Q?EH5sysTOoaQxKEHiRl+2RW4831gIlW9Lki4SFe3eaNniSr4+a+PEXHGZy925?= =?us-ascii?Q?EzLHlNiG4o3TUieZQ6VuCrEq850M1D5d+aFIGcumoQiw1wlImIS/1+aPrbSa?= =?us-ascii?Q?uQ6e4VioJH+0N+c6TXZigFceHONUxAmzxJx6o73d/FWMZ/j8p+e86QWRlnL5?= =?us-ascii?Q?PYu7uWrhG/91H6022rLePO40NBYXnyKsT3h7vPsscjJDmdNFJ/50vr7thPp4?= =?us-ascii?Q?/UyhDY3VAXzU5j9bv4pQifSIs/Z85WYuG5ziB9/uESB/fBK190mHyMY9c9YT?= =?us-ascii?Q?J+KaB//tU8hkarNvBAr+6AS4W8WxpKn945VDaloErz8OjvVwXdW2Vu64Am6h?= =?us-ascii?Q?TyDC/wK7FWEx3auZQBkG6AsNot1u4QhZt5F72IL/LDvsH9XQOH2ufTZt8oH7?= =?us-ascii?Q?xFqF4Aap6k5K7W0q4jABqPlt+WpWFaHfst2P2C8bKT0S6dw+isWKiRod8wWh?= =?us-ascii?Q?immi1zl8kRM3ORZCdRbbIVumBBS8PsrfBC4SUGVwWgdr52I5wX+Xew439A7P?= =?us-ascii?Q?yL+KaP5a4v6zXAriT6zBln5QrX6OO6hczjaDHmEA/AruSMBri4aUqsmIB7J6?= =?us-ascii?Q?HQj7tiikVWTMYdzOzfFCSYIBeZ5fEyKrPEju+wUjs/HHtRQKmGwOIDFXCpJw?= =?us-ascii?Q?vVadvivnB95aj5G5O8A+Jm9DwvMU0nbW1CtlDqkUYm2ZQMbgwypaT1Vue1ff?= =?us-ascii?Q?Zu4N0gIeyPN6IRlZtIzyuCVfFQOf8OjPM/cf+laakver5vfDKFoUM8K+cLxp?= =?us-ascii?Q?Aqe1OwzMVdtJDXGJNbqEvjsp?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e2c4f6ad-e0c8-4596-e368-08d90b3206a8 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2021 17:12:53.9626 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 417ZzitNH3h92PVMwWUA15SMkWOlY39xn0h89PAyKDqnVPDmrI4b6+6IyhoZCGnM5An2HQGyfc1gpsX/KhN92Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4218 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: NdX4hkqkds0GDaPeUop9wvRgx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619716376; bh=MgQk0B7zKSB6X17wQNonSj7ca88Ha/LfrG9Jcb1rSV8=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=J/nJPFehdedU1BU85keUECTqhlN/cZlGxGJVyj9PnFDAZKeoHZpPkbrvXPWZivO2m3A petm6+2MMm1TvndqSv+/X5pomTmN4vyXDqhptm+QDLv3L1jwDrsJKp4k38XEM9Pr/ihrc +861zGa97e6i7CrgKXAO6rB4+F5M95eackQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Define a new PPI GUID that is to be used as a signal of when it is safe to access the TPM MMIO range. This is needed so that, when SEV is active, the MMIO range can be mapped unencrypted before it is accessed. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Marc-Andr=C3=A9 Lureau Cc: Stefan Berger Signed-off-by: Tom Lendacky Reviewed-by: Laszlo Ersek --- OvmfPkg/OvmfPkg.dec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 9629707020ba..6ae733f6e39f 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -128,6 +128,10 @@ [Ppis] # has been discovered and recorded gOvmfTpmDiscoveredPpiGuid =3D {0xb9a61ad0, 0x2802, 0x41f3, {= 0xb5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}} =20 + # This PPI signals that accessing the MMIO range of the TPM is possible = in + # the PEI phase, regardless of memory encryption + gOvmfTpmMmioAccessiblePpiGuid =3D {0x35c84ff2, 0x7bfe, 0x453d, {= 0x84, 0x5f, 0x68, 0x3a, 0x49, 0x2c, 0xf7, 0xb7}} + [Protocols] gVirtioDeviceProtocolGuid =3D {0xfa920010, 0x6785, 0x4941, {= 0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}} gXenBusProtocolGuid =3D {0x3d3ca290, 0xb9a5, 0x11e3, {= 0xb7, 0x5d, 0xb8, 0xac, 0x6f, 0x7d, 0x65, 0xe6}} --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74611): https://edk2.groups.io/g/devel/message/74611 Mute This Topic: https://groups.io/mt/82461198/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 01:14:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74612+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74612+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619716385822873.0605830375075; Thu, 29 Apr 2021 10:13:05 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KyTyYY1788612xYFzy2BMdA5; Thu, 29 Apr 2021 10:13:04 -0700 X-Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.61]) by mx.groups.io with SMTP id smtpd.web08.10222.1619716383676501357 for ; Thu, 29 Apr 2021 10:13:03 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PYnDBdcRxp0HbNNE9swPoWUDu2qidDh9RrsD2E+KtWH7x7ISumFHIfjswUELdwoM2EPcm48TIgoXVh912DoRYCprdmVH9snTwmd05uuxfSgpbcfXuVYWvKjnVfWb8miFPyALRCZY2qbT6X4tbWI6Ry8jiLKk0+ykyuVbpHkj/MhM+nzjs8Be15lAWQR3vKdlud5TXLP4S2EqVBlIHgeumBlEAk9KUI0yLfIJ2+kvQYKvz0k1TFLA7xAh1WW2UBqcZiN6AVhnViRPp9Abhv8NettvkMaoCNEG13QstJwVGIs69efpzuglg2IrlpiuotkEQg4VtoniP08WxD1APFTfSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TYJ3yzct9ErxUhPGHz71J6QUlELmwoA7kd6FwVyd7eI=; b=TwywLp8Jl3cJ/kEIbdqqQxbn6jDTwak6fSF1kF/A6aQGDEmBIqb4sbtzYxP1a03goxdNKu8mGqH/prc8f88h+TgjFvpp8DwIsJEWKYgseyGf5KmyQAkuNIw29DRfJjIfjIFL1Xh9j5qrxvHrPNsv4bAcvpjMLCUR0a6y4bYtczqdkaN86L/5BFoaESyker4QEosKiTyVVMHtQch9Ef236Pe4A7WHC2GBLKnpma1S1kx28DKeLKTbS5dB77LDG6LBn2EU3bagoaaojUmH1IUo33+1/BPmcBkER5vRB3k9X7NlzKUP0cvojdC5kXHOCHtRR80CChaUaF2+VDx3tNdYrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4218.namprd12.prod.outlook.com (2603:10b6:5:21b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 29 Apr 2021 17:13:02 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Thu, 29 Apr 2021 17:13:02 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Stefan Berger Subject: [edk2-devel] [PATCH v3 4/5] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES Date: Thu, 29 Apr 2021 12:12:13 -0500 Message-ID: <42794cec1f9d5bc24cbfb9dcdbe5e281ef259ef5.1619716333.git.thomas.lendacky@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0120.namprd13.prod.outlook.com (2603:10b6:806:24::35) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SA9PR13CA0120.namprd13.prod.outlook.com (2603:10b6:806:24::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.8 via Frontend Transport; Thu, 29 Apr 2021 17:13:01 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ca7935f9-05d5-4b03-ef3a-08d90b320b71 X-MS-TrafficTypeDiagnostic: DM6PR12MB4218: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: GOWmqpXWRdyqwfJakpz4ROo4NpyxRJI/idUrzPI1nn99rHw/GjAhtjJuWOaP04Jrt39l+qqvB/ZR3jvKCf3nurt0ZC2dpTptjPXFrQyjMOvpV08YqHoEbgDRZUVJgZtzlNolut3p24gNPEYw+DnUN172zWhOehuXk5fczisbcZUls+QSHGnIcAz8Vfk6Tl5V3aQfMRe6q6aoeMnNAaTZBDmlmTroTWaj5qca89ohPdRhQwYMsSL91dP5pLJrUirdm2ipBFJyMxvhLddG/Jm+1kG9QWJm3NraXoHUwZWboMZKmiSkL6MSw3YZopxMjcK2rpq3dHWWQ4P7thrX76bV0rQ532Gx3xo9BDIg6MBKw5ZYzuCxMcK/SPIdfunFdUVtojsjsECE4lOtYj7gzAYtK67Qp7O8SuHcde/0kLJ5SmMavU3HkSr5geVZJ6IRSVXXl89TP1IUqHlew77LF5tCmrJccZM3hSNcgg3EklBudRr1glnTvy4VxGG9LdwRmqLwYbb7pFvXMjBczbYpq72LrUCpGByP0qPpm+limhxV0OYGxnZ1Ga93fqMlvrvYfRcMD+SDiIp8mCC2WtAgSTEUBwIe2Oi4B/RcvyXy+LhcN/XSYhNE+0jqC/7NBHf+FSzfwaNsZO4og9YRAjhDeOFOCsxP2XXs/CsA7XQqLXdAMvhmZQ2Og88F+xagNsT+joj2gp6QEe6rTmx6dMB4QIkK9nUhNuKjVhdQLhswIvt3wPs= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?Y4MYRg7fXzhvCPpo33RJsqjb7QOoxBktEjMUUeQcNidLzoRNzwBvzCysS/di?= =?us-ascii?Q?bDYD+e2hCXkXS2S3WolKXcWy66nAas+ZcGcQw9khHFF3JMPZVS+HoXR/DS96?= =?us-ascii?Q?m0zj1WZR290g4OibB4LGSgj4+VoySGK4qmFOHQz9J0ORVEUN69lZhGncn6SR?= =?us-ascii?Q?7mk7ELyjlu0XVS6Ty0bu8387aUt1lT7tcpvonBdnp++XLTeEea4kjN1yhq+X?= =?us-ascii?Q?s3gFkbB6TXtq2HFfEapKZga7gbFITWglfZRMYutrlAx7BmuLmn/A1yvIByGN?= =?us-ascii?Q?cE3BmVhk/Gv8EewckfUX5+ajqLoiyulnnYknauLyZl9AeGMK2k1+rEaIOaFV?= =?us-ascii?Q?V1mAinMttSQzi2uWNfjwH6rhNxLdahtKcTY0ovX9VSpYEWG+NKKo1UZSP8mi?= =?us-ascii?Q?MNZsf9pg84YV/+hxMxtAn4vtBjq+gBt00lXxC7MsBTA/xkTPZ97jBevnd8jU?= =?us-ascii?Q?YMKFHetxQeb6Xr07rmDVFP6Ebsr7NGF+AyLxyKFMM7RuyPL7AGmmmLMwp4qA?= =?us-ascii?Q?zrumiKIWjXi5sMqktVhsiUx+MmRbcebzJMz1RBpe7CmFH0hkE7DoKD8Kd90d?= =?us-ascii?Q?T7yTgLcESloRASioxf+A2w48FPOrKY9q7LF05zS8TyV8EjATNkpar8drNEep?= =?us-ascii?Q?XujxOK0CR2yCrm1mE+gP6WkF5qBOgv+EMlIDvdoXwKLcHqEz+EGBrKh5+3lh?= =?us-ascii?Q?wnwifAkfbTRrgwyQ9ZdGRuFAb0MQjBLAamDtuSuVnhdxK2WNq3RDsqRsw6An?= =?us-ascii?Q?IalRY9FaaAcLez/JPl2v/9iWQZFKNMAY6u6GzojweJCgQgbSwJVj9lgdL7gV?= =?us-ascii?Q?3//5M9rZhjTDJnycrqAThLtJmctjopLdWbyUKVYeINgVUNWp2hMLpxUEbBuh?= =?us-ascii?Q?qdWML4a8F4Ywc901HA8qAYdEqidSIIeYx7WaFCzcHeuvnV2vcYmyBkLH+i2g?= =?us-ascii?Q?H7g3bxePwvcy/nyGv5nLehoUnzju1y40/A3NdJFB/jPKAa/jGMS0DqxLnYW3?= =?us-ascii?Q?C5pBHOEAOmuqT2oes4ANCeBS81uinJXRgKlIKmhqkwlCjnSD0gYD+H5QjnOE?= =?us-ascii?Q?SfGtFlsLNyR4/beIoKaRGtWPlwgukKr/SPVau4z4z9jE0n/iv+9y7IohDJ9m?= =?us-ascii?Q?MwKpUt6oSBZTrwfj4rMyPQeCgs4BMbFuXB2RLOy9dAIpCyVNfZ60uEM4vmEl?= =?us-ascii?Q?SBubX1peotpyhWfZpUwec0YiML+0peM0+8GZzkNGjV4iRO5EkdCndGk6aSqe?= =?us-ascii?Q?muedNKmI4/PAQZYQmFPzzBjKWWKvNitrkV8GHy2tgKQLflEuZblgB0ZIgLNV?= =?us-ascii?Q?fQYh0len4vOAGfJZuCE+JYmm?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca7935f9-05d5-4b03-ef3a-08d90b320b71 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2021 17:13:02.0111 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jmuL4iPaFwF9/ZQxCukrE5+9HYJrgMI2kZfZSQqJtH5CdYfIvlXr7oF7XVeK6KRq1fbgADYCbQupCEgeQQT1TA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4218 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: yGGbzKQNYHB1qCE3NCXWcMcpx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619716384; bh=K+E628i+diwQlu+ZZpjzNaJM5aDgofaH0TTTFOVqAnY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=P35ltAAaWXKmvKfgzAAdNlONeaFmxyonJt7bFn9GQMhylhbUSJGFwEvP5Cwm0qozMnU ED57u9dQBaehyjjfvZjdrWo84nGBm948eg7zrhq45eeMawLadYl+cXtFjzA84e0eIdUEH NW8v9gS7Gpsuma326xDxSpCvZWGDlCWIWQU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 During PEI, the MMIO range for the TPM is marked as encrypted when running as an SEV guest. While this isn't an issue for an SEV guest because of the way the nested page fault is handled, it does result in an SEV-ES guest terminating because of a mitigation check in the #VC handler to prevent MMIO to an encrypted address. For an SEV-ES guest, this range must be marked as unencrypted. Create a new x86 PEIM for TPM support that will map the TPM MMIO range as unencrypted when SEV-ES is active. The gOvmfTpmMmioAccessiblePpiGuid PPI will be unconditionally installed before exiting. The PEIM will exit with the EFI_ABORTED status so that the PEIM does not stay resident. This new PEIM will depend on the installation of the permanent PEI RAM, by PlatformPei, so that in case page table splitting is required during the clearing of the encryption bit, the new page table(s) will be allocated from permanent PEI RAM. Update all OVMF Ia32 and X64 build packages to include this new PEIM. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Marc-Andr=C3=A9 Lureau Cc: Stefan Berger Signed-off-by: Tom Lendacky Reviewed-by: Laszlo Ersek --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.fdf | 1 + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf | 40 +++++++++ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c | 87 +++++++++++= +++++++++ 10 files changed, 135 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index cdb29d53142d..66bbbc80cd18 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -626,6 +626,7 @@ [Components] OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 1730b6558b5c..33fbd767903e 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -706,6 +706,7 @@ [Components] UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 78a559da0d0b..b13e5cfd9047 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -719,6 +719,7 @@ [Components.IA32] UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index a7d747f6b4ab..999738dc39cd 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -718,6 +718,7 @@ [Components] UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index c0098502aa90..dd0030dbf189 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -147,6 +147,7 @@ [FV.PEIFV] INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index f400c845b9c9..b3c8b56f3b60 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -162,6 +162,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index d055552fd09f..86592c2364a3 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -162,6 +162,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index d519f8532822..d6be798fcadd 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -174,6 +174,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf b/Ov= mfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf new file mode 100644 index 000000000000..51ad6d0d055d --- /dev/null +++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf @@ -0,0 +1,40 @@ +## @file +# Map TPM MMIO range unencrypted when SEV-ES is active. +# Install gOvmfTpmMmioAccessiblePpiGuid unconditionally. +# +# Copyright (C) 2021, Advanced Micro Devices, Inc. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 1.29 + BASE_NAME =3D TpmMmioSevDecryptPei + FILE_GUID =3D F12F698A-E506-4A1B-B32E-6920E55DA1C4 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D TpmMmioSevDecryptPeimEntryPoint + +[Sources] + TpmMmioSevDecryptPeim.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib + MemEncryptSevLib + PcdLib + PeimEntryPoint + PeiServicesLib + +[Ppis] + gOvmfTpmMmioAccessiblePpiGuid ## PRODUCES + +[FixedPcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + +[Depex] + gEfiPeiMemoryDiscoveredPpiGuid diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c b/Ovm= fPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c new file mode 100644 index 000000000000..df2ad623308d --- /dev/null +++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c @@ -0,0 +1,87 @@ +/** @file + Map TPM MMIO range unencrypted when SEV-ES is active. + Install gOvmfTpmMmioAccessiblePpiGuid unconditionally. + + Copyright (C) 2021, Advanced Micro Devices, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + + +#include + +#include +#include +#include +#include + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmMmioRangeAccessible =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gOvmfTpmMmioAccessiblePpiGuid, + NULL +}; + +/** + The entry point for TPM MMIO range mapping driver. + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval EFI_ABORTED No need to keep this PEIM resident +**/ +EFI_STATUS +EFIAPI +TpmMmioSevDecryptPeimEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + RETURN_STATUS DecryptStatus; + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__)); + + // + // If SEV is active, MMIO succeeds against an encrypted physical address + // because the nested page fault (NPF) that occurs on access does not + // include the encryption bit in the guest physical address provided to = the + // hypervisor. + // + // If SEV-ES is active, MMIO would succeed against an encrypted physical + // address because the #VC handler uses the virtual address (which is an + // identity mapped physical address without the encryption bit) as the g= uest + // physical address of the MMIO target in the VMGEXIT. + // + // However, if SEV-ES is active, before performing the actual MMIO, an + // additional MMIO mitigation check is performed in the #VC handler to e= nsure + // that MMIO is being done to/from an unencrypted address. To prevent gu= est + // termination in this scenario, mark the range unencrypted ahead of acc= ess. + // + if (MemEncryptSevEsIsEnabled ()) { + DEBUG ((DEBUG_INFO, + "%a: mapping TPM MMIO address range unencrypted\n", + __FUNCTION__)); + + DecryptStatus =3D MemEncryptSevClearPageEncMask ( + 0, + FixedPcdGet64 (PcdTpmBaseAddress), + EFI_SIZE_TO_PAGES ((UINTN) 0x5000), + FALSE + ); + + if (RETURN_ERROR (DecryptStatus)) { + DEBUG ((DEBUG_ERROR, + "%a: failed to map TPM MMIO address range unencrypted\n", + __FUNCTION__)); + ASSERT_RETURN_ERROR (DecryptStatus); + } + } + + // + // MMIO range available + // + Status =3D PeiServicesInstallPpi (&mTpmMmioRangeAccessible); + ASSERT_EFI_ERROR (Status); + + return EFI_ABORTED; +} --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74612): https://edk2.groups.io/g/devel/message/74612 Mute This Topic: https://groups.io/mt/82461201/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 01:14:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74613+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74613+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619716394456658.5334792518679; Thu, 29 Apr 2021 10:13:14 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QLiHYY1788612xGAbmXhyIuc; Thu, 29 Apr 2021 10:13:12 -0700 X-Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.77]) by mx.groups.io with SMTP id smtpd.web11.10182.1619716392098259707 for ; Thu, 29 Apr 2021 10:13:12 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iF4FyhIRq+bhSFmXf1DJfxpXhU3P6qYebhxMk3GmiLGiAtjHkXtrR4V+wYfycPsfmOoOBjnOPtTS5OtWwU1YKgLUIiw99ALwXYI6nyO3rzbqhZ7h6RXs6QwOyIPcr5IdHUcS40D6aYls9aMYvP+ipbxxZQ2uL4y0CdJga1o7JMR1l5plJteXlN9Dc+XOyeLdU9l0q5vcRw3ERTP9VzFpKbHgdIxM2Tls/gP/Hw0rJFw57QbvH+ERitVLC3F0M1uQVXdS+UuTb4cPWbhpsvFNXis8oGBFYGfDYIjkjm2K2zP+SMurJvvJ916nVmhMB0ZJQEmrKvccA1BLR2Xp0QNaCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dc94TYjH79mQWSi056EfR89kBna2mxZwTNPv5EUTmv0=; b=GEUxDBJhQNW5Vulb8ycmOYcmwcpFK4MWUnvm8K7nG9qCgkLzoxJJiRM+99DRLI63X3v3A3IlOi+r43hrr13t7kHmsnaMRKiDxwZKF1s5xfFUprdKEECXXxqkxuy1A5iare0dZFFtwhVtbDqKn6FRp1pDX0BrN0ZXzaLL0PzPP7QVGpnVdOzhuR/JfeU5xVpYB2ZbZz8+cvFwWTf5fpfxQkC2dktLW2qZOefxCXZj5B0xLuRSt6dHdUNVaS3tz0wEXfXhTmGjgvyFjNErDxvz3BlfCKZ/37H2e8JGJ5/KTUexbk5k3G56MBc8MmEVC7N2uuD8JSBA2Y9IdoeS/cLLog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4218.namprd12.prod.outlook.com (2603:10b6:5:21b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 29 Apr 2021 17:13:10 +0000 X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Thu, 29 Apr 2021 17:13:10 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Stefan Berger Subject: [edk2-devel] [PATCH v3 5/5] OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64 Date: Thu, 29 Apr 2021 12:12:14 -0500 Message-ID: In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0123.namprd13.prod.outlook.com (2603:10b6:806:27::8) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from tlendack-t1.amd.com (165.204.77.1) by SA9PR13CA0123.namprd13.prod.outlook.com (2603:10b6:806:27::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.8 via Frontend Transport; Thu, 29 Apr 2021 17:13:09 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e500feee-79ca-47db-e2ba-08d90b321083 X-MS-TrafficTypeDiagnostic: DM6PR12MB4218: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3968; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: C16inr+UhZgmO8UKoAfd+h5QnnapaDQGHxURnR0TL78SGr3JSVdk8leC1wLeHWpyrcD4Zp+KJyjuMspQNTP5zEdpbT9r5IcRQUJh2C/XJLfrZGFKZSyPm/H7D4dMr70hsp7gYkMfdLIr6XHFjjm93XQoK5eWlHc1r0Q9diN75uvqo+MUrazO9IhBLHfbyWnCjL7WWGI+KI5qIpWZFyJ/z9lU8lv+D6CsC4Z04uhyfUwyyUDxWYAJGzeRAbRUsL0mdLNWifTyUlSU/YvMGJVW//ml7j16KdMCfE7u3/YUV9vj9z+xlg4iUbisBXhpIqXWpF9vG/bhr3OvIstbrs0KzD66j6n7h9nxhUFEEEAwDl/UcV8jCOKfXGrE9pazWmzCLVomDwdTadTJ2YA02uH7LLJ3qk5wLsH6P5S1s8s23yRoPzTS9XrHcZWEb0Q1F/9ycymA/+HQbdLSgZ7SUFUnjpV2x5xuS/yTxuN1Ex62oP/ble8Zbh+u3kDFbrjqa3Gv3lYZKe4l/xfMZwvdCHpVHwSREFi3y+mpNyXV9kO/fJ4tAogKM3x1yiWw6cRQ4ch9ghaDebD/mBFpgMXt4RqatCl7w5OPdXSM05uGeDDfU7NJQr765exLCSCIq5dCDSe1z+u8MicMtjOAx+Td1jxa0uhYVTaFcf/zmuzsSamIr33dJVdxuQdDlsfSpAdZKmdgP1i5zQGr8M9QnJwCXM0iznmtGNrWIpWgSPppodI6gpo= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?v/qWY+99sqldJ/HTX2MYJoFsc3L8oASdagrkPCtwN264YpGWCd6sjeAmXesg?= =?us-ascii?Q?9ulrDnv3gDySqms2mHqGJ0TMt0Gheo6fFGTg/69ieF5C4kWNf6x/ztw2Jpmo?= =?us-ascii?Q?j/NWxg8bWvd+zP9ZcgyVGX08PF9LYsxlM3vTaYAUi2jFW75WGUkaQ3xbsTbC?= =?us-ascii?Q?TLFkAuhztWdINt+RMJPzSJL8upRRQmi5rLEBjz/NJann7BDeML7Wy66d8IVb?= =?us-ascii?Q?eb4ZIiEdQ/7QeKsuUGlwQHYfkt9GOixIKxqp8OJgJFGle4NHDh3nPwU/ovF7?= =?us-ascii?Q?T+P2R/RsZEfBs/WShDbL3ErRuFavJY6TB2i+En016ibtXj0vG3Xy9i1XWEe1?= =?us-ascii?Q?Xqpx6sGSeDbAxWAZVyq8pzdRDmLrDiKBovKDUZ9HKgyEWZ+FOpVUthWTvJTv?= =?us-ascii?Q?MqbKvuTHBaPOohPhYkKSNVCKnwlZ0X5IdXGxEn79WP0iraudwkXuBn0Qfpce?= =?us-ascii?Q?qk7M9aA3E3Ew+AchCOrtjf9uioGlC0yMBG6DSp4M+9m/U0vE3hTAZZtq0T1F?= =?us-ascii?Q?B5TIrLXw3M0NXcVCISj8Iu4buymBnR3a/GRoFTHFXVOk1+qLOcTuvp2zRGQ0?= =?us-ascii?Q?zGlu/twnIRwZhDTxBjg2X/yHjld9XjQ18FlboVltXtLbOVcsCyl8lF3ennVB?= =?us-ascii?Q?rgU9mlw4baJ532OeMVLsuFXLuH6uKtZ0fmckttYohzEQKGuEZJQIHkKQs85Q?= =?us-ascii?Q?MswtfzxVuk61z8hj+IatTs3GXJaQLT/XPCesZANlLJL07nypt7NU6IM06pov?= =?us-ascii?Q?G+qY/z5HMeDBqH7//Dgb4wptUpPqCx7JAeuclqK8Vugui17QamnJZR0fAgPr?= =?us-ascii?Q?RyEuhUnhvPtinA40r70omEVMZ1DjwPAbcULpAgm4mnHWpXRkRatU5lCcdfRl?= =?us-ascii?Q?sXxSarmznur2C4UVjY/M/QXdXtHCIYZUlU1G4z3E2ZDIPCkVMQmE0ReszpHQ?= =?us-ascii?Q?fqAUC+UOYtCTouOlqgcn4xf1u7m41jssIqO7pyWtDWCYoBLom3dkLzmBrb1j?= =?us-ascii?Q?UZsKzFuzr+4LzrsGGraBBhcRBbHWQrcOzqt42enjzkqEvAHBsOUiJDOwNYBm?= =?us-ascii?Q?bpwLgbUKYDNAWNYyrqErcl4Ap1L6tnql9ky8LvlirvgIWRML5Ge+Xv3cOywt?= =?us-ascii?Q?M5P5p2XQLhsvLgVGB5O4B0F86Wl5PzpdnnG85OWxYrK9xZpTvs3vMzv3vqKw?= =?us-ascii?Q?yJ9r2oSaelAdF5lhw4KWZzplMvz4Gr+/FlU4shJoGNGTQHWOg143AkeXktm3?= =?us-ascii?Q?nCwbRTlNxyhlhxp4qzvGlGI0eJVgoIFsGQDJ4yC7TR+OKw+ywiifAdra9cXR?= =?us-ascii?Q?8819gg1Li2+nv7ywvjEvGvzc?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e500feee-79ca-47db-e2ba-08d90b321083 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2021 17:13:10.5383 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: itp4jXxVQzX0nF4rLmFaH+qPGGfZj9oSE20cnIa33pwQNCT3kUL3TTTryAyHaRo7FECnjs4JpRBY0MAxu50/mg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4218 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: IzPrhGMYouWehrlu2PwC2OFZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619716392; bh=/UwKRlz7G0TcIRF217fJR34AuQSXVZ2l8cE1qyyhSyw=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Lgp6fZ/40ri0nJR5gsLXAguvWFF5T3nuPoO9kqjZFm/G2IRgVP6Ck9QI0t1+FaW7vLY QZtABC1sZH7iZ1B9QBuprYCWQAq5g71NOO2dLBXdFw26GUOogUAcHEpQ6rsdbXPWQ94CL UiBm0PzgwRQBdIhSvopgm+TFwlxtcybnNlQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 The OVMF Tcg2Config PEIM adds the gOvmfTpmMmioAccessiblePpiGuid as a Depex for IA32 and X64 builds so that the MMIO range is properly mapped as unencrypted for an SEV-ES guest before the Tcg2Config PEIM is loaded. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Marc-Andr=C3=A9 Lureau Cc: Stefan Berger Signed-off-by: Tom Lendacky Reviewed-by: Laszlo Ersek --- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index 6776ec931ce0..39d1deeed16b 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -57,7 +57,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PROD= UCES =20 [Depex.IA32, Depex.X64] - TRUE + gOvmfTpmMmioAccessiblePpiGuid =20 [Depex.ARM, Depex.AARCH64] gOvmfTpmDiscoveredPpiGuid --=20 2.31.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74613): https://edk2.groups.io/g/devel/message/74613 Mute This Topic: https://groups.io/mt/82461203/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-