[edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM

Lendacky, Thomas via groups.io posted 16 patches 9 months, 2 weeks ago
Failed in applying to current master (apply log)
There is a newer version of this series
OvmfPkg/OvmfPkg.dec                                                   |   4 +
UefiCpuPkg/UefiCpuPkg.dec                                             |   7 +-
OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   5 +-
OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   5 +-
OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   1 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   3 +-
MdePkg/Include/Library/BaseLib.h                                      |  39 ++
MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
MdePkg/Include/Register/Amd/Ghcb.h                                    |  19 +-
MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
OvmfPkg/Include/WorkArea.h                                            |   7 +
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   4 +-
OvmfPkg/Library/CcExitLib/CcExitSvsm.h                                |  29 ++
UefiCpuPkg/Include/Library/CcExitLib.h                                |  71 ++-
UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  27 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |  16 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  25 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |  20 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |  25 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 203 ++++----
OvmfPkg/Library/CcExitLib/CcExitSvsm.c                                | 532 ++++++++++++++++++++
OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
OvmfPkg/PlatformPei/AmdSev.c                                          | 100 +++-
UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c                      |  82 ++-
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  19 +-
UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   7 +-
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 127 +++--
MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |   9 +
UefiCpuPkg/UefiCpuPkg.uni                                             |   3 +
39 files changed, 1524 insertions(+), 210 deletions(-)
create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
[edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
Posted by Lendacky, Thomas via groups.io 9 months, 2 weeks ago
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
confidential VM (CVM) rather than trust such services from the hypervisor.

Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
certain SNP related operations that require that VMPL level. Specifically,
the PVALIDATE instruction and the RMPADJUST instruction when setting the
the VMSA attribute of a page (used when starting APs).

If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
use an SVSM (which is running at VMPL0) to perform the operations that
it is no longer able to perform.

How OVMF interacts with and uses the SVSM is documented in the SVSM
specification [1] and the GHCB specification [2].

This series introduces support to run OVMF under an SVSM. It consists
of:
  - Reorganize the page state change support to not directly use the
    GHCB buffer since an SVSM will use the calling area buffer, instead
  - Detecting the presence of an SVSM
  - When not running at VMPL0, invoking the SVSM for page validation and
    VMSA page creation/deletion
  - Retrieving the list of vCPU APIC IDs and starting up all APs without
    performing a broadcast SIPI
  - Detecting and allowing OVMF to run in a VMPL other than 0 when an
    SVSM is present

The series is based off of commit:

  7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")

[1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
[2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf

---

Tom Lendacky (16):
  OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
  MdePkg/Register/Amd: Define the SVSM related information
  MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
  UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
  Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
  OvmfPkg: Create a calling area used to communicate with the SVSM
  OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
  OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
  UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
  MdePkg: GHCB APIC ID retrieval support definitions
  UefiCpuPkg: Create APIC ID list PCD
  OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
  UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
  UefiCpuPkg/MpInitLib: AP creation support under an SVSM
  Ovmfpkg/CcExitLib: Provide SVSM discovery support
  OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
    VMPL0

 OvmfPkg/OvmfPkg.dec                                                   |   4 +
 UefiCpuPkg/UefiCpuPkg.dec                                             |   7 +-
 OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
 OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
 MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
 OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   5 +-
 OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   5 +-
 OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
 OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   1 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   3 +-
 MdePkg/Include/Library/BaseLib.h                                      |  39 ++
 MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
 MdePkg/Include/Register/Amd/Ghcb.h                                    |  19 +-
 MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
 MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
 MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
 OvmfPkg/Include/WorkArea.h                                            |   7 +
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   4 +-
 OvmfPkg/Library/CcExitLib/CcExitSvsm.h                                |  29 ++
 UefiCpuPkg/Include/Library/CcExitLib.h                                |  71 ++-
 UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  27 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |  16 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  25 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |  20 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |  25 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 203 ++++----
 OvmfPkg/Library/CcExitLib/CcExitSvsm.c                                | 532 ++++++++++++++++++++
 OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
 OvmfPkg/PlatformPei/AmdSev.c                                          | 100 +++-
 UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c                      |  82 ++-
 UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  19 +-
 UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   7 +-
 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 127 +++--
 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
 OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
 OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |   9 +
 UefiCpuPkg/UefiCpuPkg.uni                                             |   3 +
 39 files changed, 1524 insertions(+), 210 deletions(-)
 create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
 create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
 create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
 create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
 create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
 create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm

-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114626): https://edk2.groups.io/g/devel/message/114626
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
Posted by Yao, Jiewen 9 months, 2 weeks ago
Thanks Tom.
Please give me some time to digest this patch set before I can give some feedback.

One quick question to you:
With this patch, we need to support multiple SEV modes:
1. SEV guest firmware
2. SEV-ES guest firmware
3. SEV-SNP guest firmware
4. SEV-SNP SVSM guest firmware
And all these mode requires runtime detection. Am I right?
If so, where is the flag to set those mode?

Please correct me if my understanding is wrong.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Tom Lendacky <thomas.lendacky@amd.com>
> Sent: Saturday, January 27, 2024 6:13 AM
> To: devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>;
> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael
> Roth <michael.roth@amd.com>
> Subject: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
> 
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> This series adds SEV-SNP support for running OVMF under an Secure VM
> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> By running at a less priviledged VMPL, the SVSM can be used to provide
> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> confidential VM (CVM) rather than trust such services from the hypervisor.
> 
> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> certain SNP related operations that require that VMPL level. Specifically,
> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> the VMSA attribute of a page (used when starting APs).
> 
> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> use an SVSM (which is running at VMPL0) to perform the operations that
> it is no longer able to perform.
> 
> How OVMF interacts with and uses the SVSM is documented in the SVSM
> specification [1] and the GHCB specification [2].
> 
> This series introduces support to run OVMF under an SVSM. It consists
> of:
>   - Reorganize the page state change support to not directly use the
>     GHCB buffer since an SVSM will use the calling area buffer, instead
>   - Detecting the presence of an SVSM
>   - When not running at VMPL0, invoking the SVSM for page validation and
>     VMSA page creation/deletion
>   - Retrieving the list of vCPU APIC IDs and starting up all APs without
>     performing a broadcast SIPI
>   - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>     SVSM is present
> 
> The series is based off of commit:
> 
>   7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")
> 
> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> docs/specifications/58019.pdf
> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> docs/specifications/56421.pdf
> 
> ---
> 
> Tom Lendacky (16):
>   OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>   MdePkg/Register/Amd: Define the SVSM related information
>   MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>   UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
>   Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
>   OvmfPkg: Create a calling area used to communicate with the SVSM
>   OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
>   OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
>   UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
>   MdePkg: GHCB APIC ID retrieval support definitions
>   UefiCpuPkg: Create APIC ID list PCD
>   OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>   UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
>   UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>   Ovmfpkg/CcExitLib: Provide SVSM discovery support
>   OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>     VMPL0
> 
>  OvmfPkg/OvmfPkg.dec                                                   |   4 +
>  UefiCpuPkg/UefiCpuPkg.dec                                             |   7 +-
>  OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
>  OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
>  MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
>  OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   5 +-
>  OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   5 +-
>  OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
>  OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
>  UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   1 +
>  UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   3 +-
>  MdePkg/Include/Library/BaseLib.h                                      |  39 ++
>  MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
>  MdePkg/Include/Register/Amd/Ghcb.h                                    |  19 +-
>  MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
>  MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
>  MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
>  OvmfPkg/Include/WorkArea.h                                            |   7 +
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   4
> +-
>  OvmfPkg/Library/CcExitLib/CcExitSvsm.h                                |  29 ++
>  UefiCpuPkg/Include/Library/CcExitLib.h                                |  71 ++-
>  UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  27 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |
> 16 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  25
> +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |
> 20 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |
> 25 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
> 203 ++++----
>  OvmfPkg/Library/CcExitLib/CcExitSvsm.c                                | 532
> ++++++++++++++++++++
>  OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
>  OvmfPkg/PlatformPei/AmdSev.c                                          | 100 +++-
>  UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c                      |  82 ++-
>  UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  19 +-
>  UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   7 +-
>  UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 127 +++--
>  MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
>  MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
>  OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
>  OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |   9 +
>  UefiCpuPkg/UefiCpuPkg.uni                                             |   3 +
>  39 files changed, 1524 insertions(+), 210 deletions(-)
>  create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>  create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>  create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
>  create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
>  create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>  create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
> 
> --
> 2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114647): https://edk2.groups.io/g/devel/message/114647
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
Posted by Lendacky, Thomas via groups.io 9 months, 2 weeks ago
On 1/26/24 22:04, Yao, Jiewen wrote:
> Thanks Tom.
> Please give me some time to digest this patch set before I can give some feedback.
> 
> One quick question to you:
> With this patch, we need to support multiple SEV modes:
> 1. SEV guest firmware
> 2. SEV-ES guest firmware
> 3. SEV-SNP guest firmware
> 4. SEV-SNP SVSM guest firmware

This last mode is still an SNP guest, it just requires invoking an API to 
perform operations that require VMPL0 permissions. I'm not sure what you 
mean by having firmware at the end of each mode. The same firmware is used 
for all SEV guest modes as well as non-SEV guests.

> And all these mode requires runtime detection. Am I right?

Yes

> If so, where is the flag to set those mode?

There are function calls available to detect the SEV mode. See the 
implementation of MemEncryptSevIsEnabled(), MemEncryptSevEsIsEnabled() and 
MemEncryptSevSnpIsEnabled().

OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c

(OvmfPkg/Sec/AmdSev.c also has some early detection support)

Note:
   - An SEV-SNP guest is also considered an SEV-ES and SEV guest.
   - An SEV-ES guest is also considered an SEV guest.

Within the CcExitLib library, the decision to use the SVSM API will be 
based on the VMPL level at which OVMF is running.

Thanks,
Tom

> 
> Please correct me if my understanding is wrong.
> 
> Thank you
> Yao, Jiewen
> 
>> -----Original Message-----
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>> Sent: Saturday, January 27, 2024 6:13 AM
>> To: devel@edk2.groups.io
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
>> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen
>> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>;
>> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
>> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael
>> Roth <michael.roth@amd.com>
>> Subject: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
>>
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>
>> This series adds SEV-SNP support for running OVMF under an Secure VM
>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>> By running at a less priviledged VMPL, the SVSM can be used to provide
>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>> confidential VM (CVM) rather than trust such services from the hypervisor.
>>
>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>> certain SNP related operations that require that VMPL level. Specifically,
>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>> the VMSA attribute of a page (used when starting APs).
>>
>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>> use an SVSM (which is running at VMPL0) to perform the operations that
>> it is no longer able to perform.
>>
>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>> specification [1] and the GHCB specification [2].
>>
>> This series introduces support to run OVMF under an SVSM. It consists
>> of:
>>    - Reorganize the page state change support to not directly use the
>>      GHCB buffer since an SVSM will use the calling area buffer, instead
>>    - Detecting the presence of an SVSM
>>    - When not running at VMPL0, invoking the SVSM for page validation and
>>      VMSA page creation/deletion
>>    - Retrieving the list of vCPU APIC IDs and starting up all APs without
>>      performing a broadcast SIPI
>>    - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>>      SVSM is present
>>
>> The series is based off of commit:
>>
>>    7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")
>>
>> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>> docs/specifications/58019.pdf
>> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>> docs/specifications/56421.pdf
>>
>> ---
>>
>> Tom Lendacky (16):
>>    OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>>    MdePkg/Register/Amd: Define the SVSM related information
>>    MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>>    UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
>>    Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
>>    OvmfPkg: Create a calling area used to communicate with the SVSM
>>    OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
>>    OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
>>    UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
>>    MdePkg: GHCB APIC ID retrieval support definitions
>>    UefiCpuPkg: Create APIC ID list PCD
>>    OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>>    UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
>>    UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>>    Ovmfpkg/CcExitLib: Provide SVSM discovery support
>>    OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>>      VMPL0
>>
>>   OvmfPkg/OvmfPkg.dec                                                   |   4 +
>>   UefiCpuPkg/UefiCpuPkg.dec                                             |   7 +-
>>   OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
>>   OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
>>   MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
>>   OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   5 +-
>>   OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   5 +-
>>   OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
>>   OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
>>   UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   1 +
>>   UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   3 +-
>>   MdePkg/Include/Library/BaseLib.h                                      |  39 ++
>>   MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
>>   MdePkg/Include/Register/Amd/Ghcb.h                                    |  19 +-
>>   MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
>>   MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
>>   MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
>>   OvmfPkg/Include/WorkArea.h                                            |   7 +
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   4
>> +-
>>   OvmfPkg/Library/CcExitLib/CcExitSvsm.h                                |  29 ++
>>   UefiCpuPkg/Include/Library/CcExitLib.h                                |  71 ++-
>>   UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  27 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |
>> 16 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  25
>> +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |
>> 20 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |
>> 25 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
>> 203 ++++----
>>   OvmfPkg/Library/CcExitLib/CcExitSvsm.c                                | 532
>> ++++++++++++++++++++
>>   OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
>>   OvmfPkg/PlatformPei/AmdSev.c                                          | 100 +++-
>>   UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c                      |  82 ++-
>>   UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  19 +-
>>   UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   7 +-
>>   UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 127 +++--
>>   MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
>>   MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
>>   OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
>>   OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |   9 +
>>   UefiCpuPkg/UefiCpuPkg.uni                                             |   3 +
>>   39 files changed, 1524 insertions(+), 210 deletions(-)
>>   create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>>   create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>>   create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
>>   create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
>>   create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>>   create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>
>> --
>> 2.42.0
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114650): https://edk2.groups.io/g/devel/message/114650
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
Posted by Yao, Jiewen 9 months, 2 weeks ago
Thanks Tom. Below is exactly what I am looking for:
"the decision to use the SVSM API will be based on the VMPL level at which OVMF is running."

OVMF needs to detect SEV-SNP, then make next level decision on VMPL.
Makes sense to me.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Tom Lendacky <thomas.lendacky@amd.com>
> Sent: Sunday, January 28, 2024 1:49 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Laszlo Ersek
> <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>;
> Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
> Subject: Re: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
> 
> On 1/26/24 22:04, Yao, Jiewen wrote:
> > Thanks Tom.
> > Please give me some time to digest this patch set before I can give some
> feedback.
> >
> > One quick question to you:
> > With this patch, we need to support multiple SEV modes:
> > 1. SEV guest firmware
> > 2. SEV-ES guest firmware
> > 3. SEV-SNP guest firmware
> > 4. SEV-SNP SVSM guest firmware
> 
> This last mode is still an SNP guest, it just requires invoking an API to
> perform operations that require VMPL0 permissions. I'm not sure what you
> mean by having firmware at the end of each mode. The same firmware is used
> for all SEV guest modes as well as non-SEV guests.
> 
> > And all these mode requires runtime detection. Am I right?
> 
> Yes
> 
> > If so, where is the flag to set those mode?
> 
> There are function calls available to detect the SEV mode. See the
> implementation of MemEncryptSevIsEnabled(), MemEncryptSevEsIsEnabled() and
> MemEncryptSevSnpIsEnabled().
> 
> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
> 
> (OvmfPkg/Sec/AmdSev.c also has some early detection support)
> 
> Note:
>    - An SEV-SNP guest is also considered an SEV-ES and SEV guest.
>    - An SEV-ES guest is also considered an SEV guest.
> 
> Within the CcExitLib library, the decision to use the SVSM API will be
> based on the VMPL level at which OVMF is running.
> 
> Thanks,
> Tom
> 
> >
> > Please correct me if my understanding is wrong.
> >
> > Thank you
> > Yao, Jiewen
> >
> >> -----Original Message-----
> >> From: Tom Lendacky <thomas.lendacky@amd.com>
> >> Sent: Saturday, January 27, 2024 6:13 AM
> >> To: devel@edk2.groups.io
> >> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> >> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao,
> Jiewen
> >> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
> >> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>;
> >> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> >> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>;
> Michael
> >> Roth <michael.roth@amd.com>
> >> Subject: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
> >>
> >>
> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> >>
> >> This series adds SEV-SNP support for running OVMF under an Secure VM
> >> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> >> By running at a less priviledged VMPL, the SVSM can be used to provide
> >> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> >> confidential VM (CVM) rather than trust such services from the hypervisor.
> >>
> >> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> >> certain SNP related operations that require that VMPL level. Specifically,
> >> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> >> the VMSA attribute of a page (used when starting APs).
> >>
> >> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> >> use an SVSM (which is running at VMPL0) to perform the operations that
> >> it is no longer able to perform.
> >>
> >> How OVMF interacts with and uses the SVSM is documented in the SVSM
> >> specification [1] and the GHCB specification [2].
> >>
> >> This series introduces support to run OVMF under an SVSM. It consists
> >> of:
> >>    - Reorganize the page state change support to not directly use the
> >>      GHCB buffer since an SVSM will use the calling area buffer, instead
> >>    - Detecting the presence of an SVSM
> >>    - When not running at VMPL0, invoking the SVSM for page validation and
> >>      VMSA page creation/deletion
> >>    - Retrieving the list of vCPU APIC IDs and starting up all APs without
> >>      performing a broadcast SIPI
> >>    - Detecting and allowing OVMF to run in a VMPL other than 0 when an
> >>      SVSM is present
> >>
> >> The series is based off of commit:
> >>
> >>    7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")
> >>
> >> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/58019.pdf
> >> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/56421.pdf
> >>
> >> ---
> >>
> >> Tom Lendacky (16):
> >>    OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
> >>    MdePkg/Register/Amd: Define the SVSM related information
> >>    MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
> >>    UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
> >>    Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
> >>    OvmfPkg: Create a calling area used to communicate with the SVSM
> >>    OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
> >>    OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
> >>    UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
> >>    MdePkg: GHCB APIC ID retrieval support definitions
> >>    UefiCpuPkg: Create APIC ID list PCD
> >>    OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
> >>    UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
> >>    UefiCpuPkg/MpInitLib: AP creation support under an SVSM
> >>    Ovmfpkg/CcExitLib: Provide SVSM discovery support
> >>    OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
> >>      VMPL0
> >>
> >>   OvmfPkg/OvmfPkg.dec                                                   |   4 +
> >>   UefiCpuPkg/UefiCpuPkg.dec                                             |   7 +-
> >>   OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
> >>   OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
> >>   MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
> >>   OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   5 +-
> >>   OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   5 +-
> >>   OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
> >>   OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
> >>   UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   1 +
> >>   UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   3 +-
> >>   MdePkg/Include/Library/BaseLib.h                                      |  39 ++
> >>   MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
> >>   MdePkg/Include/Register/Amd/Ghcb.h                                    |  19 +-
> >>   MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
> >>   MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
> >>   MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
> >>   OvmfPkg/Include/WorkArea.h                                            |   7 +
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |
> 4
> >> +-
> >>   OvmfPkg/Library/CcExitLib/CcExitSvsm.h                                |  29 ++
> >>   UefiCpuPkg/Include/Library/CcExitLib.h                                |  71 ++-
> >>   UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  27 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> |
> >> 16 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |
> 25
> >> +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> |
> >> 20 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
> |
> >> 25 +-
> >>
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
> >> 203 ++++----
> >>   OvmfPkg/Library/CcExitLib/CcExitSvsm.c                                | 532
> >> ++++++++++++++++++++
> >>   OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
> >>   OvmfPkg/PlatformPei/AmdSev.c                                          | 100 +++-
> >>   UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c                      |  82 ++-
> >>   UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  19 +-
> >>   UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   7 +-
> >>   UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 127 +++--
> >>   MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
> >>   MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
> >>   OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
> >>   OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |   9 +
> >>   UefiCpuPkg/UefiCpuPkg.uni                                             |   3 +
> >>   39 files changed, 1524 insertions(+), 210 deletions(-)
> >>   create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
> >>   create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
> >>   create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
> >>   create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
> >>   create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
> >>   create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
> >>
> >> --
> >> 2.42.0
> >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114652): https://edk2.groups.io/g/devel/message/114652
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-