From nobody Sat May 18 11:46:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76804+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76804+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162428382721075.65023741241419; Mon, 21 Jun 2021 06:57:07 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id C011YY1788612xWb9otMXXnW; Mon, 21 Jun 2021 06:57:05 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.70]) by mx.groups.io with SMTP id smtpd.web12.47519.1624283819445933869 for ; Mon, 21 Jun 2021 06:56:59 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IWu6Q7HVRzztn2opYPJsHNuGCqRToUc6cBMRo4IvH3I2Mjf6b+QgrB8o1YcbYo2pD3nRNBZ3Mtk3Lyt5ezOh1XfR1y7/VO+cJQekp1D0JndRjqg0DNrotyNP78T4aJNSNKPkXKQfZ0P8cT6DVk7YCTZ1P1CNrqKldbxXOnZ+HNLV4fltaFbanRIyjKFnq6aAZQHKowL0NrxskaXPlePSNsr1zHbVEh8gPc/SnjVzIv7CsRKblzwFRBnbl1/X4YJSZ939CT35z6ZLPQ4bkHBwPf2KpqJggZeQj2UFJKOmLKnSmCDc1cmRR7250YVuTQ80JlmUtkt7cUokmM3CQpZowQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CL1myi0XU7As4Ctxxi95R7m0gOfZ6sCOv0R0H82VlOA=; b=Wmefqb5oETHZbDWObaW/LVw74cFsCmlLhW5I1hlavZ1dORZGOALjaj0qyXFgmDeLXlhlutv20xx7jTxFx4L5Vu/XvBxQQBZah9BkTFMMvA/4d9AWW7Ce9pEIxDkzV4Wykl+1EQxlJPESN3wHfRWCYIKdIDYTL8YugMZEzsePhDZMzYpI+sDcl4Am6fNaRwzDZWbyVHQiSIbpyOlHWTigd4NswcajPRbbZ8wdJ2dV4XL+eagQW/3HYY9jaoiXd5UPaAU3UlLJV6UoyrAf3zIqtW4acnMkCYJlTt/C823lgRBSWw0oEYGyVh4oh6AezQOt4x5//VLIPT6rCDI6oyCU5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2829.namprd12.prod.outlook.com (2603:10b6:805:e8::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.23; Mon, 21 Jun 2021 13:56:57 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c%7]) with mapi id 15.20.4242.023; Mon, 21 Jun 2021 13:56:57 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [edk2-devel] [PATCH v4 1/4] OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. Date: Mon, 21 Jun 2021 13:56:47 +0000 Message-Id: <7d0a30a022a7d3d3e056af8f79b87ed9991d2f52.1624281247.git.ashish.kalra@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0163.namprd11.prod.outlook.com (2603:10b6:806:1bb::18) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0163.namprd11.prod.outlook.com (2603:10b6:806:1bb::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.21 via Frontend Transport; Mon, 21 Jun 2021 13:56:56 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9f08b20e-cf47-452f-0a9a-08d934bc6f07 X-MS-TrafficTypeDiagnostic: SN6PR12MB2829: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: qtCegVSL7/DI11QSJPHP69ag+/9bYvyARFlelwrXjS3pSPyQ/mHxRyIqBVBkZTDMC9lSCVrHfAh+QsKUjAXExUh/re+CaKSl2C+DaeyvQCHrQoTylPK4R93VNqGzRI0PVbF6LgykHLmreL2J/Az/fh/Aez3/jOD+W4fbrSC+Ei34WXAc4ae1JdkFcbmSHbE3XOFwYHSv1DwEtdQjYJTLUb+xhEHQbR5a4i7RS/VNbHiEHJgLbKn38KeVg63COKyN/mt+1bIfqxc6y63kcw7CWlMQo682ghlYD9xpiZJGtGum71KBJE2N7sQuo+Oyk9sPoQVZWZdKKNhV4ruDGXQ0Cu1j3jJUBhmUuyS/tFBz2vANW57W+urpzVS4Ok46oMdOOEtNQdriMKI1YbVgahXLOhkJBHil2tNEWIrB/2hLBGuwXAqzVnJtyiYrRev3XG2CshlCz1Rk9tvLFMFhRsy+RlcOLRVFGGRriTeiFSu+gVVlGqFDMVIQfnwjSCLZFfW/fwUcvtMUpQG/toojrq0tRUQ/68JP+siN3w8gurCAqsSNDqBrWiMDbIi2YqKEI6j4PMQvp3bL3+ZjcfhTXaAs++bd0BqCW4zf1GnKwbUlkr5+u9Wy+8CSamNqrzBmLRxgOmOMu5NbsXtWzw8Q0qV9yzolgKs7atH0JxUmS03rrwM= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?rUd06hVG5aK++LCOxAFCe1em9HhTRe55xPb5AWjVRhCoCkEjo66OOMVp7JF0?= =?us-ascii?Q?gwm7NU6DHno8wzqRDVEOzu57SoaGX2FN/jtYAkntvDDo6RBhGDW9E24QLki0?= =?us-ascii?Q?1IHJGm6K7qHxA5vpnp+X+LbLFg1fJ0YQ9/obT1I2a5MHzhJWIoEfKSiVcS3Q?= =?us-ascii?Q?EwfUXpZtuuP6D3x61FHXAJs5HorzidzW6sA+F0L79EN4dnOIxyIuVRM6Zfoh?= =?us-ascii?Q?lZItWXEpAcW52+Tva2yRuDvpHEJ0ucBDf62ReBtdbVqOY0gWWkCYkN4u+8Rg?= =?us-ascii?Q?qrm1vmeg14zqJzbLJ9rozCnTO+qbqhWv+IzFyG2CPB66SJF5FKGOEC/Bv0+A?= =?us-ascii?Q?nVkYfQF2fYJs/Tc8/hKA7RwtID8ImKsidBnE+RJPpyV1us/fYlC+dOkqqoFE?= =?us-ascii?Q?77qTq7dEu0Jmc3Yhk0QmTvjFkk577kCBWPjBld39v84ZC/vNjxMbwrcRhDdg?= =?us-ascii?Q?2j7+cZGK83CaS3gvg0LzKaFHn1TOlDYC/gZa8OC6tw/i4MwIdSlz2KZ8fatA?= =?us-ascii?Q?rkmn7+/TfjXEGUPcba6B9JjfKbHQEK/A0MNtUf+9mnqWiJJY1XZeGDTYqRAw?= =?us-ascii?Q?8vlzfxR0DJWc+qdWKKWGMfsGj/S1zwASischYYHNNV+Wl192aHcEsAZcV7dq?= =?us-ascii?Q?p+v4C4lDdnWHJSzg3rabIIyz+2X9jVqqKT2Vinq+qN0EJDSi3BBPUn3DLuzS?= =?us-ascii?Q?pxkFCtYdiLDsrA20m6C0p6qlqV9+GRJd+7g0OstbMfYNz0mSnQmToWfKysmq?= =?us-ascii?Q?7MtX0pQEz+7DrEO+A00FMVBW4F9B5zH3OHGAyJ5gFm+TqZjeNSrmLhxNe+24?= =?us-ascii?Q?PuOgc8c9f7hAqMFaJ19KGfNrx+g2miPqLOivLzXtY67EO8U9T+GrjSYVgQwS?= =?us-ascii?Q?gwqFhEjXNyCGbhJPrEv/rJ2VC/Wm97EwOK8H8qnNZY7z+0lMR3XtQRevfZyX?= =?us-ascii?Q?SqHn7vt5oJRUVEDHguM5aLb7RccXGLN5Nm0dkkRUehI0DMfQo235KdqquqQ+?= =?us-ascii?Q?fq8T6EG52PDiO9WJ5rrLf6iTS19rSuHPS3DhANj76TZvpdI8YiJi0pP/YtgL?= =?us-ascii?Q?+0WP7DFlpABbI1vVHLK+i4h9AZhXunRZIpE/jNB61WX3t+M4vPBS9oy5PeQ8?= =?us-ascii?Q?jcNIAiubaWH0ZGgv3JvWo//LZnDjOtg2qo1K5yGIdygICz0zkbTrMXFhBKN5?= =?us-ascii?Q?Bb2GdlbBjnv3RUKQU/DCh+FsVNnZv2bmcSHDHSBcbH+Nrg2af95AxMstCVKM?= =?us-ascii?Q?YZwM8oTtUhLxOiiLih/MEXsTiwIfP/TIGl9C9TKZ+VDfQ5El4DZ8tAJMpEjY?= =?us-ascii?Q?X4sKN6KPqHjLOTxQa8gxK9nc?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9f08b20e-cf47-452f-0a9a-08d934bc6f07 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2021 13:56:57.2563 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Wxq8z3UB6aDPeVse29Oo/Adupt1PTpCeItbVML4xzjjRO20PwNjFGeBod1e83sVMryzAhUqYEwS6CpvXMI9WoA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2829 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: eh2z9nhkyup2Cn2NjU5sBgujx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624283825; bh=+BsUIjvl5m2bXsNpj98+OVox9ZPh7/Kp7q4f1GRiDuE=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=qpNoXjg+3YiyeZjUECuzDn3kesYpyhyIal82DY0o6H8ibv7L08EpXiHWYUjvuWuFS+f CO7swn1Px7Q6KciiY+sTY2ajRBBNIkzDng/KP2gV3eaJ6ndlFpn3FlOPWB786FeTTyOwy HcxstRdLwGqBLyX628qwHjFi9zy9EYUtrcQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Add SEV and SEV-ES hypercall abstraction library to support SEV Page encryption/deceryption status hypercalls for SEV and SEV-ES guests. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- Maintainers.txt | 2= + OvmfPkg/Include/Library/MemEncryptHypercallLib.h | 43= ++++++++ OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c | 37= +++++++ OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf | 42= ++++++++ OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm | 28= ++++++ OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c | 105= ++++++++++++++++++++ OvmfPkg/OvmfPkgIa32.dsc | 1= + OvmfPkg/OvmfPkgIa32X64.dsc | 1= + OvmfPkg/OvmfPkgX64.dsc | 1= + OvmfPkg/OvmfXen.dsc | 1= + 10 files changed, 261 insertions(+) diff --git a/Maintainers.txt b/Maintainers.txt index ea54e0b7e9..8ecc8464ba 100644 --- a/Maintainers.txt +++ b/Maintainers.txt @@ -449,8 +449,10 @@ F: OvmfPkg/AmdSev/ F: OvmfPkg/AmdSevDxe/ F: OvmfPkg/Include/Guid/ConfidentialComputingSecret.h F: OvmfPkg/Include/Library/MemEncryptSevLib.h +F: OvmfPkg/Include/Library/MemEncryptHypercallLib.h F: OvmfPkg/IoMmuDxe/AmdSevIoMmu.* F: OvmfPkg/Library/BaseMemEncryptSevLib/ +F: OvmfPkg/Library/MemEncryptHypercallLib/ F: OvmfPkg/Library/PlatformBootManagerLibGrub/ F: OvmfPkg/Library/VmgExitLib/ F: OvmfPkg/PlatformPei/AmdSev.c diff --git a/OvmfPkg/Include/Library/MemEncryptHypercallLib.h b/OvmfPkg/Inc= lude/Library/MemEncryptHypercallLib.h new file mode 100644 index 0000000000..b241a189b6 --- /dev/null +++ b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h @@ -0,0 +1,43 @@ +/** @file + + Define Secure Encrypted Virtualization (SEV) hypercall library. + + Copyright (c) 2020, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _MEM_ENCRYPT_HYPERCALL_LIB_H_ +#define _MEM_ENCRYPT_HYPERCALL_LIB_H_ + +#include + +#define KVM_HC_MAP_GPA_RANGE 12 +#define KVM_MAP_GPA_RANGE_PAGE_SZ_4K 0 +#define KVM_MAP_GPA_RANGE_PAGE_SZ_2M (1 << 0) +#define KVM_MAP_GPA_RANGE_PAGE_SZ_1G (1 << 1) +#define KVM_MAP_GPA_RANGE_ENC_STAT(n) ((n) << 4) +#define KVM_MAP_GPA_RANGE_ENCRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(1) +#define KVM_MAP_GPA_RANGE_DECRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(0) + +/** + This hyercall is used to notify hypervisor when a page is marked as + 'decrypted' (i.e C-bit removed). + + @param[in] PhysicalAddress The physical address that is the start= address + of a memory region. + @param[in] Length The length of memory region + @param[in] Mode SetCBit or ClearCBit + +**/ + +VOID +EFIAPI +SetMemoryEncDecHypercall3 ( + IN UINTN PhysicalAddress, + IN UINTN Length, + IN UINTN Mode + ); + +#endif diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercal= lLib.c b/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib= .c new file mode 100644 index 0000000000..2e73d47ee6 --- /dev/null +++ b/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c @@ -0,0 +1,37 @@ +/** @file + + Secure Encrypted Virtualization (SEV) hypercall helper library + + Copyright (c) 2020, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +/** + This hyercall is used to notify hypervisor when a page is marked as + 'decrypted' (i.e C-bit removed). + + @param[in] PhysicalAddress The physical address that is the start= address + of a memory region. + @param[in] Length The length of memory region + @param[in] Mode SetCBit or ClearCBit + +**/ + +VOID +EFIAPI +SetMemoryEncDecHypercall3 ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Pages, + IN UINTN Mode + ) +{ + // + // Memory encryption bit is not accessible in 32-bit mode + // +} diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.= inf b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf new file mode 100644 index 0000000000..a77d58a7e6 --- /dev/null +++ b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf @@ -0,0 +1,42 @@ +## @file +# Library provides the hypervisor helper functions for SEV guest +# +# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION =3D 1.25 + BASE_NAME =3D MemEncryptHypercallLib + FILE_GUID =3D 86f2501e-f128-45f3-91c4-3cff31656ca8 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MemEncryptHypercallLib + +# +# The following information is for reference only and not required by the = build +# tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + UefiCpuPkg/UefiCpuPkg.dec + OvmfPkg/OvmfPkg.dec + +[Sources.X64] + X64/MemEncryptHypercallLib.c + X64/AsmHelperStub.nasm + +[Sources.IA32] + Ia32/MemEncryptHypercallLib.c + +[LibraryClasses] + BaseLib + DebugLib + VmgExitLib diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm = b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm new file mode 100644 index 0000000000..f29b96f9b0 --- /dev/null +++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm @@ -0,0 +1,28 @@ +DEFAULT REL +SECTION .text + +; VOID +; EFIAPI +; SetMemoryEncDecHypercall3AsmStub ( +; IN UINT HypercallNum, +; IN INTN Arg1, +; IN INTN Arg2, +; IN INTN Arg3 +; ); +global ASM_PFX(SetMemoryEncDecHypercall3AsmStub) +ASM_PFX(SetMemoryEncDecHypercall3AsmStub): + ; UEFI calling conventions require RBX to + ; be nonvolatile/callee-saved. + push rbx + ; Copy HypercallNumber to rax + mov rax, rcx + ; Copy Arg1 to the register expected by KVM + mov rbx, rdx + ; Copy Arg2 to register expected by KVM + mov rcx, r8 + ; Copy Arg2 to register expected by KVM + mov rdx, r9 + ; Call VMMCALL + vmmcall + pop rbx + ret diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercall= Lib.c b/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c new file mode 100644 index 0000000000..1c09ea012b --- /dev/null +++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c @@ -0,0 +1,105 @@ +/** @file + + Secure Encrypted Virtualization (SEV) hypercall helper library + + Copyright (c) 2020, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// +// Interface exposed by the ASM implementation of the core hypercall +// +// + +VOID +EFIAPI +SetMemoryEncDecHypercall3AsmStub ( + IN UINTN HypercallNum, + IN UINTN PhysicalAddress, + IN UINTN Length, + IN UINTN Mode + ); + +STATIC +VOID +GhcbSetRegValid ( + IN OUT GHCB *Ghcb, + IN GHCB_REGISTER Reg + ) +{ + UINT32 RegIndex; + UINT32 RegBit; + + RegIndex =3D Reg / 8; + RegBit =3D Reg & 0x07; + + Ghcb->SaveArea.ValidBitmap[RegIndex] |=3D (1 << RegBit); +} + +/** + This hyercall is used to notify hypervisor when a page is marked as + 'decrypted' (i.e C-bit removed). + + @param[in] PhysicalAddress The physical address that is the start= address + of a memory region. + @param[in] Length The length of memory region + @param[in] Mode SetCBit or ClearCBit + +**/ + +VOID +EFIAPI +SetMemoryEncDecHypercall3 ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Pages, + IN UINTN Mode + ) +{ + if (MemEncryptSevEsIsEnabled ()) { + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 Status; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + VmgInit (Ghcb, &InterruptState); + + Ghcb->SaveArea.Rax =3D KVM_HC_MAP_GPA_RANGE; + GhcbSetRegValid (Ghcb, GhcbRax); + Ghcb->SaveArea.Rbx =3D PhysicalAddress; + GhcbSetRegValid (Ghcb, GhcbRbx); + Ghcb->SaveArea.Rcx =3D Pages; + GhcbSetRegValid (Ghcb, GhcbRcx); + Ghcb->SaveArea.Rdx =3D Mode; + GhcbSetRegValid (Ghcb, GhcbRdx); + Ghcb->SaveArea.Cpl =3D AsmReadCs() & 0x3; + GhcbSetRegValid (Ghcb, GhcbCpl); + + Status =3D VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0); + if (Status) { + DEBUG ((DEBUG_ERROR, "SVM_EXIT_VMMCALL failed %lx\n", Status)); + } + VmgDone (Ghcb, InterruptState); + } else { + SetMemoryEncDecHypercall3AsmStub ( + KVM_HC_MAP_GPA_RANGE, + PhysicalAddress, + Pages, + Mode + ); + } +} diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index f53efeae79..36f1d82ce7 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -176,6 +176,7 @@ VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLi= b.inf + MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncrypt= HypercallLib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index b3662e17f2..2a743688b4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -180,6 +180,7 @@ VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLi= b.inf + MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncrypt= HypercallLib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0a237a9058..eb9da51a15 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -180,6 +180,7 @@ VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLi= b.inf + MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncrypt= HypercallLib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 3c1ca6bfd4..de0c052832 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -167,6 +167,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad= ImageLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLi= b.inf + MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncrypt= HypercallLib.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76804): https://edk2.groups.io/g/devel/message/76804 Mute This Topic: https://groups.io/mt/83688875/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 11:46:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76805+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76805+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624283843489950.4338837139784; Mon, 21 Jun 2021 06:57:23 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id CCrUYY1788612xaZPU1SIuYk; Mon, 21 Jun 2021 06:57:23 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.49]) by mx.groups.io with SMTP id smtpd.web11.47435.1624283837645170051 for ; Mon, 21 Jun 2021 06:57:17 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NLoLFaJ0KJQ9nsVqARhA0F2HYxcJxa3OxYKrIBzNg89eSryEjILo/sbFpsgUWJS0Gq9RzBUjEf0iQUksfPxcatnMPkjE0tIP4SVJVNmA0VJoPAcFEps7LJeNPYkz4D0ijbGoS0XuqrWxg83ipjUJauaeIJXAVYLFdbiOW0WGCd3IGa5RSHuVl0cWNEKhxn4AwTU6orHoD8Je57Streq8AWV9bhIZ3NmkHPfQeI5tzHWfLtTIKD7RJGUuFqh0aDajD5byEjnTAMXWXsSwOi71d9BxheFtbDy+hbPyXJkYlxlUa1QHwmv2+3mBZfGHkHL0SjfEZnJHzbptsCFn9J8xqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sDsYiUHbgCCsciVssX8I7wKSLZYM3PDdu4kQzH2qfX4=; b=n6QXd8gPLJ+xevYgt8zrJiXofVtgirdTB4kDOhjQO81cxeXWNW+mJXd1PVvCd/MIbPlJXhwSFsgpYZKN39HEuLYqwjQ2FIpMP29FvD18lpa7t1I+KhmJOOLmD8yp5epLNWUQ8jP0otAhXK65Kid3uHzwVq23t0VDPgpZRxcKOmulBH/dDirHjSqbnl3wMJQegeC+eJluaMddLFZruF0zOhr9hM06Gk0uWoAQsDcktWOb+EWYaxksdSAOuKHCIERCBm3/WQ+gzrSPZQ9Cshlg7Zkuw2jc5Nt+T1Nw93aGojdcoFuES0fmOvCcvIH/swZk/DPKlr0woxrRStqFqXAPBg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2781.namprd12.prod.outlook.com (2603:10b6:805:67::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.23; Mon, 21 Jun 2021 13:57:16 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c%7]) with mapi id 15.20.4242.023; Mon, 21 Jun 2021 13:57:16 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [edk2-devel] [PATCH v4 2/4] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Date: Mon, 21 Jun 2021 13:57:06 +0000 Message-Id: <3bfdbe553d597f489a03c21fbc0f6c614f92c32f.1624281247.git.ashish.kalra@amd.com> In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0801CA0014.namprd08.prod.outlook.com (2603:10b6:803:29::24) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0801CA0014.namprd08.prod.outlook.com (2603:10b6:803:29::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.18 via Frontend Transport; Mon, 21 Jun 2021 13:57:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5d77dc17-f487-4c4d-db01-08d934bc79eb X-MS-TrafficTypeDiagnostic: SN6PR12MB2781: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: HeXbFTqewZByXoBea8pn2wXS/obq2cd7d3KWEpJlhT4tIxKfXIIKhHA9Qu8uos1wX/Mo/YPJbHzwpGREYJT/ZySYTvNbW9eAocdBOcAtyC4gbQxq3IXo9F2XYiRqdjy3mIjJaOEISKY3jO2cKBOUQlZ5Ru4hXdzgsRssXAN1QhHMyzAlrqrCFPsMRH/xL2NT27WOxPj8BMGpYV6Ui8tTrkz5J187ezcq+Jiu15jb7Cf/eAw/vrl3yYYjHYZNujlgOEF4K/+PVVKjH/UhWxaRiKaUP3QW2sJTUO+Qgw12B+R4OBmw9UB+X9KmDuihZcBnKtS/prIsymsIsqUswQuKT52t4NHTFsEr/eE2p+fhcdB5C9iBM4EffLzn5/vwPrlmlX1rYepeyHS4T4CSFQHqegfCA6swbDzuCKIULMdBrL3nl3eov2z65obDEUPGq5XRpje9a+6TnNG5FCnYVMswGRuywg7m42MBiyWJmGYfvjWMjWXT366MKOT0K8racA7h1MFe4LpXdAm8vUD6qsKqY3Ig2EyigDtNM9MswFf3nHIqOuvQ6yIf0IA35FVG3qeHksXApOltHQjhWPEowexer+ITh/nMv2QyAnhtmg/lbkvF1nIWaapH4nY+xm0ASXYcxL8kclYj/pxVc+E2lYQodCvnr8Aihmp6xClNruNsmgk= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?6+GQHNo+HRm0AP4IVvJGL5z7+qSeAYkN8kdBy4DCbL/UiogQY/ju1lf9ELKc?= =?us-ascii?Q?L/iAB2zhVrBZ+NxZe9xHzSH/GiYkJNPmUETD9Syl/PTUCCklyMkviuGPLSHt?= =?us-ascii?Q?nXsS6F4JgnlbOC7w5xSPsp9zQzIlaQPxkfyUKR3ec7jqUk8q3uTTRkIYQx/g?= =?us-ascii?Q?pDmc2aMezYhqqJEl1y2blLbS3VGlN+AtiamGFlfMNiMNhgQim0jHjjCsJXJv?= =?us-ascii?Q?nGR+MsOBiIc6jD6gRqkgO5mQL1S/SGGdwzBw616wTe+XddIyXx8lcSYI23qc?= =?us-ascii?Q?tFJTY9fXLm0o+0UTZL2p+v/rk7OAacd0Xqah0GdBWnT5SJr8qns7dxGGO/zd?= =?us-ascii?Q?Gt9gS+LPODc21aklNkZ4x8bMP8ewN3vPJyJ8Vi/UimdPb5vUqPBavUL6fGDd?= =?us-ascii?Q?FEvB/qSLGB/G570lTd5kLtcmMvyYX51O6Ox4HsFHitoz4kM1FJV/I4/mQX06?= =?us-ascii?Q?/IfE61H2rwgZBtqWldG4/27CZNCEM9j5LLxsvIQs67Ud8Hl/6STZiI58QGgb?= =?us-ascii?Q?6LejrO0fqwcPEqX95XLNI4bQ0raAbsGE9tw3gG4H0fkfwQBlPznIbFTI5J8y?= =?us-ascii?Q?6c+ww+JaHXn/EfHxPwPUY8/wgxUTpl7dgW2tGSjD99VjL3JuXSFwCjoHFmlL?= =?us-ascii?Q?LGZiMGHVGYnhdoB25/5Z1bNaqS5IYHS5YRV5c/yVO2QhyGcoPz6wZmblKdkH?= =?us-ascii?Q?nKxRRoxeTu6zki9oSBgQU+GKlr+4w2sZmlHYadP39+75H5LvB2FOeOyQYUXc?= =?us-ascii?Q?n7FQLgANfXJh84KAITixZ+bDMkYeaf6e8dZT4IHLEogwY3umkcgpnJBxYLzO?= =?us-ascii?Q?zziOGoS5ZqNfArEwA036TIsfNacIK66PnKSc9cqGVCQmBw+euAJBPIJVwngY?= =?us-ascii?Q?mzgcElac6LQGUFXv1uHKuPATgY9Gdrp8mgSbloolxXk2vdml57P0xbob6z+r?= =?us-ascii?Q?b1qzBvoQwk4j0lHBjCamSfo0BlDpkorJzxRPO94gNm+j7pZj8ZjVuDs73oHH?= =?us-ascii?Q?miYd2j5R28Aoh/7ep21Nqm/kqhkETRHyqtiWhC0JOd2epgGbfwvrtXkStWE7?= =?us-ascii?Q?r6SlBGqbswjyc9B/mwraVYsYYwkh4fmyPsmPLfiUYsWtjYcWahRyQNMzsFbG?= =?us-ascii?Q?dol2LYvdQtK/8PZA4K0id19aevU9avUXoeFVl1+1wOwF0HiOiWSO3okuh4tn?= =?us-ascii?Q?XYFVE3QU5Mo7Enqb3mZ8rgZRCbZcPmRSTKA2Z991Yv9iLG4TJSQ0ZgIEfVOh?= =?us-ascii?Q?Y3K8IQ1wicliyBhHEsA3cvhwVC7lDqvyP+QA0Ik4u/ei3eLrc5UwFyr6+pCB?= =?us-ascii?Q?Dl7Ec4pFwXlnGkMjCsB7C8ID?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5d77dc17-f487-4c4d-db01-08d934bc79eb X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2021 13:57:16.1697 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bV5DaS7Gmg2g7kHcV+fr5rN6NvfhPDL/gqbF65nQ/FqQz4kwGoGFo12zEt7+2+Yq0PPLZyJ5hm75h/W2YYDwtQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2781 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: i9psqz5LWJzxP7XNuaoccTpGx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624283843; bh=v7viM1SAK4VphGhvqt1qHekc8BfF33h+DQC/wT6jNmE=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=tDuHEl6GHdq6qBHjw+99aQmsWrEx7NFgSrXNU6+zf2VXVzWAPMFq5YRPKUuW59U0Dyd SWZ8d8zYCW6MXDlg8usRkS4pci7H4aiZUq+Bffw+Erz3+sL1ANIKtGcVUj1m92QW8ao1o NiG/ev0fgw9eMEnNCEMrXFyFl/4hm2td/ok= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh By default all the SEV guest memory regions are considered encrypted, if a guest changes the encryption attribute of the page (e.g mark a page as decrypted) then notify hypervisor. Hypervisor will need to track the unencrypted pages. The information will be used during guest live migration, guest page migration and guest debugging. Invoke hypercall via the new hypercall library. This hypercall is used to notify hypervisor when a page is marked as 'decrypted' (i.e C-bit removed). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1 + OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 1 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 22 ++++++= ++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index f2e162d680..aefcd7c0f7 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -49,6 +49,7 @@ DebugLib MemoryAllocationLib PcdLib + MemEncryptHypercallLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 03a78c32df..7503f56a0b 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -49,6 +49,7 @@ DebugLib MemoryAllocationLib PcdLib + MemEncryptHypercallLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index c696745f9d..12b3a9fcfb 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -15,6 +15,7 @@ #include #include #include +#include =20 #include "VirtualMemory.h" =20 @@ -585,6 +586,9 @@ SetMemoryEncDec ( UINT64 AddressEncMask; BOOLEAN IsWpEnabled; RETURN_STATUS Status; + UINTN Size; + BOOLEAN CBitChanged; + PHYSICAL_ADDRESS OrigPhysicalAddress; =20 // // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnin= gs. @@ -636,6 +640,10 @@ SetMemoryEncDec ( =20 Status =3D EFI_SUCCESS; =20 + Size =3D Length; + CBitChanged =3D FALSE; + OrigPhysicalAddress =3D PhysicalAddress; + while (Length !=3D 0) { // @@ -695,6 +703,7 @@ SetMemoryEncDec ( )); PhysicalAddress +=3D BIT30; Length -=3D BIT30; + CBitChanged =3D TRUE; } else { // // We must split the page @@ -749,6 +758,7 @@ SetMemoryEncDec ( SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); PhysicalAddress +=3D BIT21; Length -=3D BIT21; + CBitChanged =3D TRUE; } else { // // We must split up this page into 4K pages @@ -791,6 +801,7 @@ SetMemoryEncDec ( SetOrClearCBit (&PageTableEntry->Uint64, Mode); PhysicalAddress +=3D EFI_PAGE_SIZE; Length -=3D EFI_PAGE_SIZE; + CBitChanged =3D TRUE; } } } @@ -808,6 +819,17 @@ SetMemoryEncDec ( // CpuFlushTlb(); =20 + // + // Notify Hypervisor on C-bit status + // + if (CBitChanged) { + SetMemoryEncDecHypercall3 ( + OrigPhysicalAddress, + EFI_SIZE_TO_PAGES(Size), + KVM_MAP_GPA_RANGE_ENC_STAT(!Mode) + ); + } + Done: // // Restore page table write protection, if any. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76805): https://edk2.groups.io/g/devel/message/76805 Mute This Topic: https://groups.io/mt/83688883/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 11:46:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76806+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76806+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1624283864985543.1637778047024; Mon, 21 Jun 2021 06:57:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fYpSYY1788612xaJuzwR9VjQ; Mon, 21 Jun 2021 06:57:44 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.48]) by mx.groups.io with SMTP id smtpd.web10.47411.1624283858389813809 for ; Mon, 21 Jun 2021 06:57:38 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fKkByn1qvGRQ73ve9YREoU67Edoe7qP0KCF8jGqxa7B28HNWo5QBwOo84xbtQKhwm5tRVIISooqne31fIPOYMcs9SNkc1Rd6zRJmPV4cLW9dIfCqeWibSvp2zSH3T2UgT423UO+y9P4ZEJo2Dywayx8+CSfw4bsNWeq7bvLlZcrD3KqoVpdjQZ4XNFTqNCoEi3ayXnlmJhij8dom9V6ZCVbg8P0rrjYjB5akns+xFsX/YuGyzFUP9wwuvxnX6DxhAx1SKDGuL5dJ17wHi5WIoRI/fysyakEE6+sBzy1Irc04cNgQhh2yYJyjP8zY7PCd/YUG8u+bjXgrm/lkpTPNUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pj+T23vRP2RRj0JLDBl6yXOoMaD9gar4LRqW0xkUO3A=; b=I9eMIFd/tQ8FdroDPM66TEZ1mR9Z0bNfwdU7m2qZRqra+h1sd2yEUyhoKgHi3nZFDPeZtSkuVQL3LEtPQZk7xVUTmJP1BNURY8W7CIeVPyXIUQWvtewc54346n3OtcEmu1MuO9M40EiNZDXOg7C09ERBHEn1LFyWyqJmSbR4dJrDruZoCoyoj38qEG1z1vNYFOQpf5t23X8X2+cUy0yUBv78axWaQSbY33+FuYGEJYXIK10Jx2ZvSJX9KmzJEcGpa7j4sGOwtrXmOuukRiJP9Fgz51/w8HBY8gZ3pHvhz+Oxs1NEKVaore5NPyHEEKoMGxx0hY1Yedw6FXSNor6hmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2781.namprd12.prod.outlook.com (2603:10b6:805:67::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.23; Mon, 21 Jun 2021 13:57:36 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c%7]) with mapi id 15.20.4242.023; Mon, 21 Jun 2021 13:57:36 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [edk2-devel] [PATCH v4 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Date: Mon, 21 Jun 2021 13:57:27 +0000 Message-Id: In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0701CA0046.namprd07.prod.outlook.com (2603:10b6:803:2d::33) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0701CA0046.namprd07.prod.outlook.com (2603:10b6:803:2d::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.16 via Frontend Transport; Mon, 21 Jun 2021 13:57:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cd7bbf02-131f-4cf2-eb36-08d934bc8668 X-MS-TrafficTypeDiagnostic: SN6PR12MB2781: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: B5jwkpBdl1Juk9bHXQDavgT6SYXD1BchOLRSsV5NWD6UaYXoUVwJzhLCkFsr/3S+z+POmeMY46Xsoq9O5VKrClzS2iPZovJOt7gu4Xz1a9mUthyAJ029+Q6J7fiwdH0qJRT8HiJ0+ZqJxSqZ8QXvk+yKK35WooTVarNZrDacQYOsrlHwEa5KGGKK84NByyThv4t38bc5WbnThr9V6GMDxNV0rdlVrwpzI2YQZ0UignYAJrgVn5ti/6/3spJDfmx2GhwU1Sje+W4qYSCa/Ph4va3SX2ub2l21mJn20SX20P8ADS2LFInL79Qbqd91JMWYo9yZppPY/irDNdF+aEDbWyFLTsDBjzJJMMLk7+XMmQ/jjIE5SGHDaqaZQYeVL3Rk8s2ajDvPubUP0FirknfY/3ZDJS+T8MSy36UV1w6xXUiHsmDBpLm9/QxE44zXsHXbdxtle78Vt4I682DO8qUHPLCFQLHhbeyjwO+IhKmGPDYRrVt6EffXpMEty0Tc9eg0rE9n+IHeLWgUTaxMMmsCaMfn26OjXjWOjeNnAGAyFaFJocS2vSQhpUBEEFNg9nEgFIadANS7uYbnbwAOCT0lVBSUuEjUXqM33UeHbHfgHEwiQIRNcKhPpDeYCiQmyJq0uzpOUlZ++ooDW/UEFgjyztNi9qTixkz4ZvpmIbxOet0= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?VQfIFc42+Pz6aqmo5EgITqE4yWMCgMX9NEgiIfxAvSiOy+ZjQ4g7duVjaFB8?= =?us-ascii?Q?YBMyZIJHHiDPw4t4wMaA8E2+dOJD66wcIGLREaEWMYdLtHF4Gd79iTgI+/Yo?= =?us-ascii?Q?Vx9bEbq2JVqLQcXyqUCMymE7XTiaDfhsosC3fBIh0poBkLyk/czXJdA9wzqE?= =?us-ascii?Q?a14cWAftYD/4phbazSJqJ1nbFDWPqMyw8i9P3leS1XVSNrANW6mhcD4ZEnkG?= =?us-ascii?Q?Tj9hQdvNSiEovuukg4GupdX3qbxqp690y7hzFPMw84aiTtuy3HkG3dCnHlB/?= =?us-ascii?Q?SBM2f0CIfwYggjy0xZICEurp7mLGEDLX9WCyxWS67CSBOrT4qdADYKaNi89z?= =?us-ascii?Q?wCDs+aKCOsLtSjmoIivhqTuOUybpgzzgzEMTpozKmara2p+GdK6/9PqzcuT8?= =?us-ascii?Q?6PSkiRrvQbeWTKie0ZuVxX4Js2OYOpsG9nwdsmTdwQeaaOBIj9YKa4V55Pki?= =?us-ascii?Q?CBr7clVXxdXsfHpY/tAOWe2w0tPNZONVrOyO1PM/vt/pkNktl7J/ebHXYU7W?= =?us-ascii?Q?erTbKe7zTLxXN6BeP9TYNYQqoM1iEU/BrdJ3wY2ziX+MIOLXo72lnR1MiXZr?= =?us-ascii?Q?ufl+D005TyKZC0k7FJiTJfPbHRgYf4nB4lzJKiFTSdq+Vj3rbGtxIzKkjYwz?= =?us-ascii?Q?Ivsl9KlOjrDm0tGHicO9l7AULgRw1iYrTUkkxLR7EIS+rWA8Mbu/O9apYLG3?= =?us-ascii?Q?OSt1fch8JyN4OnNTuHJOMZzMmCr1B31dlBpNcGoHi3ZFwd/+pUPd1LyZY1HO?= =?us-ascii?Q?EukVF4kYU03IZAe3YBe2NAGQVSO6N4RRyN7ZJkOKZXUvUNogKgQNLNKfzRNJ?= =?us-ascii?Q?nQ0erSNGSay1nnP+XFp4HSm/rmySnaXkYosAlkYRk7Uq3UYFyAtdTCPtWgKj?= =?us-ascii?Q?L+X2WLFtV8kn0HJJNSRKnvjfU9A9/6ofQZgLS/i3CWFBfwZPmgCDKJUfSmUb?= =?us-ascii?Q?NPACsx0BBGCoZKwzh+jKw068oXdLWCqkaDJJcMm+JGb1JvbmJmOeWH1+PbSh?= =?us-ascii?Q?q4M6f9+SWfDruzZLG4FLkpXHqsdNWKygRT1s7/TfGcesu+1P0LXTi53+7X84?= =?us-ascii?Q?jU95j36IMY6BJOtgelZMCQNyz5xSI/ykcdV/JbY5YZuaQpgEaf4PiAl7JEpc?= =?us-ascii?Q?+n7usGyt+xjBQXIY19/0TupKL8oIBoREGkxe0P7rdxEOmJWkWgL8qi7UpLTZ?= =?us-ascii?Q?b5GGJpNMcKsrlegh55WGMBHwG85qXfrxmBXk+759haOSOxLosRaVFKEa98S1?= =?us-ascii?Q?DL72vn5SDohbzJiTlq+fejVg5l8dADi8i3Y4nll45BEySac9uUviLfaEaMtO?= =?us-ascii?Q?ffBWMMbMDpWBY6rc1zJctVnU?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd7bbf02-131f-4cf2-eb36-08d934bc8668 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2021 13:57:36.5413 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6mDVb6GUeOQk87JJVZqPk1x4+FIIi4+ORPOzPNqJGSsdBC+D+XLcj4paq3Rd3YLOGKTHC9IpbEc8OMjlz9VDoQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2781 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: yxUHiUX2oY9WOLVkFkKXglJyx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624283864; bh=VMLmQ7K1tr6R1KaGXwIkIT8MmBtfTMs40OGW7tEFfJ8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=vCOnZvZqmmMHoGAmhsMi6atwxlI2zEH/X8c7qUJgFHO43dm52RHTa/yPqXpryR4sJSs nXp9QPoDk8fMjaZdDAuv+b9pdR+r5JtKW6F/S5wye1nihay3L1L5w3VGAPWTaPydMITkU /3XtpsfbxZA5l642YoHGHv8FpSaUoFfBBds= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor page status tracking. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..3f642ecb06 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,15 @@ AmdSevEsInitialize ( PcdStatus =3D PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); =20 + // + // GHCB_BASE setup during reset-vector needs to be marked as + // decrypted in the hypervisor page encryption bitmap. + // + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), + KVM_MAP_GPA_RANGE_DECRYPTED + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76806): https://edk2.groups.io/g/devel/message/76806 Mute This Topic: https://groups.io/mt/83688893/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 11:46:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76807+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76807+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162428388846219.792451787738855; Mon, 21 Jun 2021 06:58:08 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 13zsYY1788612xAR8vYpUTs8; Mon, 21 Jun 2021 06:58:08 -0700 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.52]) by mx.groups.io with SMTP id smtpd.web11.47445.1624283882525010976 for ; Mon, 21 Jun 2021 06:58:02 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mu/gEsXgIW0Ym7QKs3OxqCvnRyWOXL2s9k8Xw6a+UZqDgPu/BCHt1cBBbysB282/aoDz0usf+f6bEPCtTN9dqJnnXCwwIuJ9j5SF6ni5HH6gjjbXhPPizFWRYBfbXveuRp/6uCPQDDnaHWQxl2KfXVZLQIg/uU40kn6aYqu6z5eaY+9PRDWK/v4sM9HVfQUY9eyTTZnOEVkCPZGJZIaxb0uaF2hHl+8/XDgmrwQcyhvmgv/DGZ6ha0piLTJnrs3yLLEowQyRUYaWLqLu7x11ZShOZTT0Ayfxfx1ZOOVmuAYwArN/q8jsu07nFwywT3VGfpz2Voheh94MM0rti7f4nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7isUSTVSvhhFrn3A7XiWREdPwGvyNnFr1I93yOsfC/4=; b=PGMcYT+2/q8aVR6PrXKKPwuNrzvJtrqh4eNVmviGLGeRmj/e4QG8s27JqQZlLeGPGzeOZxexGqp8KgpvWMBHa9adj7EzYtY55x8Um3sOb2KN7MCqlz4NSGMmtNp1z8Ovn6SkXmLNoTb7wZDpM8CJWTnngm5Mq8ja/Co3ups7X3GukIacAWREerk1JrbNAaeyHJXWNR/XXTjGYKOeicl8pcrjJpldMdDFeBDDkh88ANSh18hFIeaCpWJDRq+VfEvE+rOMLxwUrhgtW0zF+cOz96lvHDv83VYy9a4J+kdvbR0Iq8P4w3KajuDcPK7Hgaz7DnNqFb7pqcg6JYx5UxLy5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2686.namprd12.prod.outlook.com (2603:10b6:805:72::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.21; Mon, 21 Jun 2021 13:58:00 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c%7]) with mapi id 15.20.4242.023; Mon, 21 Jun 2021 13:58:00 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [edk2-devel] [PATCH v4 4/4] OvmfPkg/PlatformDxe: Add support for SEV live migration. Date: Mon, 21 Jun 2021 13:57:51 +0000 Message-Id: In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0401CA0006.namprd04.prod.outlook.com (2603:10b6:803:21::16) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0401CA0006.namprd04.prod.outlook.com (2603:10b6:803:21::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.21 via Frontend Transport; Mon, 21 Jun 2021 13:58:00 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 059e359f-61c6-43cf-dc0e-08d934bc94b9 X-MS-TrafficTypeDiagnostic: SN6PR12MB2686: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: g26ENslH9f8GOGf1azn4HF+AV6NrOzb/Tb3n5w9GxCPiL9vHD/TkM7zp3WqJs/a7KHKtHcOPFHn5fgemEkeW05sA7HtV4HNbfPtC1arwniyRjZGkR4KJv4bg0ZbXns6mo1VtrDoMTcNtwEE4pYpYdF7uADRkjXhLxEH6YonYqKvShYuvhCRQoz0j2WrKtDkbbCW4f9f/J6pRaH4HC14fbgU/2BZQjUoxTjr4GSeBpPRF3jbLbsc10d9LRNe6zTCWsj8PTUf0l2c4UqIUd47+l06ims/n5HvRS2S1ligTTFaY0cgF4UspM+lJnXyPI2mmRH9G3r5a2VuyGmukppYJzVEqK4eQt2o6YuUJnXvlikSOh8XzL1wXzs65NOydK5cYMdLJl/wyOhQqy/VTQIC/RucjaBUUypxBOP93M0wvyANfj4+VouM7EoefQWmN7G3cgVOJK1eBOpFMyruINt3yzza/RQEAY2DUEOBv7oB96jdFrq57BL+g8ZARGKVHB1tw829heAQ2vm8ktAMiAR8PLa2qXPtxiXxEE0yjRzAdW2ClUVgcgVIXmjMajDorO7WdiguoPBfUSqz6SEypgQF1ntsDaCO5s3xH+lAWtfzBRl2NRrgWCulfy/8YixFcq3z34b02cKpD+64mBzg5pojz3q+ALvmzZnyqpdq8IXaCfPA= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?+eYgrMqlxptnoPj1ozDZkPdd4bLuc6lWQyd01fdqAYMzUqUb9KakEZzLPTK2?= =?us-ascii?Q?58VmnHe7eydr3qng9I6O/A4SaO5TYEVrdsA9n89eW6Qu2JhKXi+IVcXMZcue?= =?us-ascii?Q?QsDEEhwh4UQtQ9LRY0UhX8bGRXSokMg9dvbtaAyquuNqaHP9NHsMjglx23Ht?= =?us-ascii?Q?NwRZbmI8RLtvrKhIRXkh17jfN8bHjyvtzX9o0BfDs35sgLGT6byGI07Z9rRL?= =?us-ascii?Q?2e+14fKaxw59ap1DyZIVNdo28T22ihyszdmEV83dxBfvWmoD/4Pp+DVPeQm+?= =?us-ascii?Q?k/JVIL757ODIYtTeFs/vGmh+kazHApNnjMcemn53OzOrrUHXD4wIEN8mfmfL?= =?us-ascii?Q?2x23tawamATykWX6JJVfkr831Wj6hzVMDLrD2aXDxJsDTKJBlVb3r8cPg5Fm?= =?us-ascii?Q?KCUo6OTpZIjf2pZ/rxqJNQ/S+9JagM03Z3QL3BVDos0KAEAJe0hHMLDlqsIV?= =?us-ascii?Q?1i9hUKZJ6rLgdtjTLTWJvTjdSmgobcXPqh5Kra3PrXQkp46MVWxC7MrX6wB0?= =?us-ascii?Q?tc7x7ADXNnVTsczA5RBzkDgeoSGlenEOp4JKzNlIDzWb9ybrUVS/QitunV0p?= =?us-ascii?Q?CYlJS433JC1KD1srbGYPf/5nhwjYo4IlHoeNm6ADlQgZMi/pDkzveEpYuoYX?= =?us-ascii?Q?G7GuRr4lZGM14Rvih67gLwVshi8UcTj4CAVgJSq4WKVhnobO6u6LjLGgIHSG?= =?us-ascii?Q?UbJtvC/aohWMg8sIDH1bdqiCXF0RsYZVswTq/tcrJ8lCcPqpW5qBruZKf8OY?= =?us-ascii?Q?UubiswCjsB+YIPS7TeYzltmsrOzaqn+okIQvdBOnfI6QNsKku2Co1FjI7WIU?= =?us-ascii?Q?HKmkOzNdkIxZEOYyvvfVP+8comXJuDMkUU1ZXe5yICtig73XI1Xn8JMbnkLQ?= =?us-ascii?Q?hPsOTVBGXmU5RiGJmVEKTx6YRQhHtI28fzgBSNDnnfsMwUn8etyerhMzakrT?= =?us-ascii?Q?Ba82nuF/IkA+CGlempVGYNlOfMGVuq5ryJAu6VxG+ULfUeVa5MVDEykAAXeO?= =?us-ascii?Q?ooFDveW8L/tLdiwv2zTu16vP7pYKmoUYHwUEnNu8SdTX9/bM7IBWymQgNV/N?= =?us-ascii?Q?ct6ZCUSslqIy19cynWjsTlB6u6czrjwFaQWm5JqN1ToPr8z9x0pULPNXoLRa?= =?us-ascii?Q?NWFQRFrYVvfx5NhozBYjOe/pyKAtI3OnX+yl/Xl2KGapx7qW/afhKN4Co/zY?= =?us-ascii?Q?Poq/AGvZcY0kt9RcphCnBn3hw1JDAwPNMldTswhwMuy1xpKv29gzsnHzv/HD?= =?us-ascii?Q?cqnjWZEpH374psK7YGY6j0fymxB81kR3ZLAQPEP4TGCDrFg2prvidW0T9wGw?= =?us-ascii?Q?LsTjvYH6OZIaV/7SPgJvZS1H?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 059e359f-61c6-43cf-dc0e-08d934bc94b9 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2021 13:58:00.4779 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 13boqePrrkRoeoSgfgV0XxpbuErfX/Um9ERl2dBLzEBH+H1ZKk4tKotkChc1simNB+9b+CSyVUwCUBYpRSAVRA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2686 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: xwwDNP4gnLFnLIXJzotFkK8Ax1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1624283888; bh=Fs3C84qCgW3JszUai07Wa60gq63TwpkRPG1dBwB+mOU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=gI+K+QIYdvug1D999/UT6Cv7jBTp/+Nog536zPj5dPAa6+4i9f/4Z57za4asVgXAbG8 KG9XKdiGpvsURmGCAnIpiv1oDakmibWYkH2BPBZyoYtFkwvWo9fCVBxkWNvY/s6ATIZYO W4odorlLMGGo/TrvU6PtCIb+fHoheHwv6zI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Detect for KVM hypervisor and check for SEV live migration feature support via KVM_FEATURE_CPUID, if detected setup a new UEFI enviroment variable to indicate OVMF support for SEV live migration. Signed-off-by: Ashish Kalra --- OvmfPkg/Include/Guid/MemEncryptLib.h | 20 ++++ OvmfPkg/OvmfPkg.dec | 1 + OvmfPkg/PlatformDxe/AmdSev.c | 108 ++++++++++++++++++++ OvmfPkg/PlatformDxe/Platform.c | 5 + OvmfPkg/PlatformDxe/Platform.inf | 2 + OvmfPkg/PlatformDxe/PlatformConfig.h | 5 + 6 files changed, 141 insertions(+) diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/Me= mEncryptLib.h new file mode 100644 index 0000000000..4c046ba439 --- /dev/null +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h @@ -0,0 +1,20 @@ +/** @file + + AMD Memory Encryption GUID, define a new GUID for defining + new UEFI enviroment variables assocaiated with SEV Memory Encryption. + + Copyright (c) 2020, AMD Inc. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __MEMENCRYPT_LIB_H__ +#define __MEMENCRYPT_LIB_H__ + +#define MEMENCRYPT_GUID \ +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x= 75}} + +extern EFI_GUID gMemEncryptGuid; + +#endif diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6ae733f6e3..e452dc8494 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -122,6 +122,7 @@ gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {= 0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {= 0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid =3D {0xadf956ad, 0xe98c, 0x484c, {= 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gMemEncryptGuid =3D {0x0cf29b71, 0x9e51, 0x433a, {= 0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c new file mode 100644 index 0000000000..3dbf17a8cd --- /dev/null +++ b/OvmfPkg/PlatformDxe/AmdSev.c @@ -0,0 +1,108 @@ +/**@file + Detect KVM hypervisor support for SEV live migration and if + detected, setup a new UEFI enviroment variable indicating + OVMF support for SEV live migration. + + Copyright (c) 2020, Advanced Micro Devices. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +// +// The package level header files this module uses +// + +#include +#include +#include +#include +#include +#include + +#define KVM_FEATURE_MIGRATION_CONTROL 17 + +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. + + @retval TRUE KVM was detected and Live Migration supported + @retval FALSE KVM was not detected or Live Migration not supported + +**/ +BOOLEAN +KvmDetectSevLiveMigrationFeature( + VOID + ) +{ + UINT8 Signature[13]; + UINT32 mKvmLeaf =3D 0; + UINT32 RegEax, RegEbx, RegEcx, RegEdx; + + Signature[12] =3D '\0'; + for (mKvmLeaf =3D 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf +=3D 0x100= ) { + AsmCpuid (mKvmLeaf, + NULL, + (UINT32 *) &Signature[0], + (UINT32 *) &Signature[4], + (UINT32 *) &Signature[8]); + + if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) { + DEBUG (( + DEBUG_ERROR, + "%a: KVM Detected, signature =3D %s\n", + __FUNCTION__, + Signature + )); + + RegEax =3D 0x40000001; + RegEcx =3D 0; + AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx); + if (RegEax & (1 << KVM_FEATURE_MIGRATION_CONTROL)) { + DEBUG (( + DEBUG_ERROR, + "%a: Live Migration feature supported\n", + __FUNCTION__ + )); + return TRUE; + } + } + } + + return FALSE; +} + +/** + + Function checks if SEV Live Migration support is available, if present t= hen it sets + a UEFI enviroment variable to be queried later using Runtime services. + + **/ +VOID +AmdSevSetConfig( + VOID + ) +{ + EFI_STATUS Status; + BOOLEAN SevLiveMigrationEnabled; + + SevLiveMigrationEnabled =3D KvmDetectSevLiveMigrationFeature(); + + if (SevLiveMigrationEnabled) { + Status =3D gRT->SetVariable ( + L"SevLiveMigrationEnabled", + &gMemEncryptGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (BOOLEAN), + &SevLiveMigrationEnabled + ); + + DEBUG (( + DEBUG_ERROR, + "%a: Setting SevLiveMigrationEnabled variable, status =3D %lx\n", + __FUNCTION__, + Status + )); + } +} diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c index f2e51960ce..f61302d98b 100644 --- a/OvmfPkg/PlatformDxe/Platform.c +++ b/OvmfPkg/PlatformDxe/Platform.c @@ -763,6 +763,11 @@ PlatformInit ( { EFI_STATUS Status; =20 + // + // Set Amd Sev configuation + // + AmdSevSetConfig(); + ExecutePlatformConfig (); =20 mConfigAccess.ExtractConfig =3D &ExtractConfig; diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platfor= m.inf index 14727c1220..2896f0a1d1 100644 --- a/OvmfPkg/PlatformDxe/Platform.inf +++ b/OvmfPkg/PlatformDxe/Platform.inf @@ -24,6 +24,7 @@ PlatformConfig.c PlatformConfig.h PlatformForms.vfr + AmdSev.c =20 [Packages] MdePkg/MdePkg.dec @@ -56,6 +57,7 @@ [Guids] gEfiIfrTianoGuid gOvmfPlatformConfigGuid + gMemEncryptGuid =20 [Depex] gEfiHiiConfigRoutingProtocolGuid AND diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/Pla= tformConfig.h index 716514da21..4f662aafa4 100644 --- a/OvmfPkg/PlatformDxe/PlatformConfig.h +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h @@ -44,6 +44,11 @@ PlatformConfigLoad ( OUT UINT64 *OptionalElements ); =20 +VOID +AmdSevSetConfig( + VOID + ); + // // Feature flags for OptionalElements. // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76807): https://edk2.groups.io/g/devel/message/76807 Mute This Topic: https://groups.io/mt/83688901/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-