OvmfPkg/OvmfPkg.dec | 4 + UefiCpuPkg/UefiCpuPkg.dec | 7 +- OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +- OvmfPkg/OvmfPkgX64.fdf | 3 + MdePkg/Library/BaseLib/BaseLib.inf | 2 + OvmfPkg/Library/CcExitLib/CcExitLib.inf | 5 +- OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 5 +- OvmfPkg/PlatformPei/PlatformPei.inf | 3 + OvmfPkg/ResetVector/ResetVector.inf | 2 + UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 +- MdePkg/Include/Library/BaseLib.h | 39 ++ MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +- MdePkg/Include/Register/Amd/Ghcb.h | 19 +- MdePkg/Include/Register/Amd/Msr.h | 3 +- MdePkg/Include/Register/Amd/Svsm.h | 101 ++++ MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++ OvmfPkg/Include/WorkArea.h | 7 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 4 +- OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++ UefiCpuPkg/Include/Library/CcExitLib.h | 71 ++- UefiCpuPkg/Library/MpInitLib/MpLib.h | 27 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 16 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 25 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 20 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 25 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 203 ++++---- OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 532 ++++++++++++++++++++ OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +- OvmfPkg/PlatformPei/AmdSev.c | 100 +++- UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c | 82 ++- UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 19 +- UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 127 +++-- MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++ MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++ OvmfPkg/ResetVector/ResetVector.nasmb | 6 +- OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 9 + UefiCpuPkg/UefiCpuPkg.uni | 3 + 39 files changed, 1524 insertions(+), 210 deletions(-) create mode 100644 MdePkg/Include/Register/Amd/Svsm.h create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
confidential VM (CVM) rather than trust such services from the hypervisor.
Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
certain SNP related operations that require that VMPL level. Specifically,
the PVALIDATE instruction and the RMPADJUST instruction when setting the
the VMSA attribute of a page (used when starting APs).
If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
use an SVSM (which is running at VMPL0) to perform the operations that
it is no longer able to perform.
How OVMF interacts with and uses the SVSM is documented in the SVSM
specification [1] and the GHCB specification [2].
This series introduces support to run OVMF under an SVSM. It consists
of:
- Reorganize the page state change support to not directly use the
GHCB buffer since an SVSM will use the calling area buffer, instead
- Detecting the presence of an SVSM
- When not running at VMPL0, invoking the SVSM for page validation and
VMSA page creation/deletion
- Retrieving the list of vCPU APIC IDs and starting up all APs without
performing a broadcast SIPI
- Detecting and allowing OVMF to run in a VMPL other than 0 when an
SVSM is present
The series is based off of commit:
7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")
[1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
[2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
---
Tom Lendacky (16):
OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
MdePkg/Register/Amd: Define the SVSM related information
MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
OvmfPkg: Create a calling area used to communicate with the SVSM
OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
MdePkg: GHCB APIC ID retrieval support definitions
UefiCpuPkg: Create APIC ID list PCD
OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
UefiCpuPkg/MpInitLib: AP creation support under an SVSM
Ovmfpkg/CcExitLib: Provide SVSM discovery support
OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
VMPL0
OvmfPkg/OvmfPkg.dec | 4 +
UefiCpuPkg/UefiCpuPkg.dec | 7 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +-
OvmfPkg/OvmfPkgX64.fdf | 3 +
MdePkg/Library/BaseLib/BaseLib.inf | 2 +
OvmfPkg/Library/CcExitLib/CcExitLib.inf | 5 +-
OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 5 +-
OvmfPkg/PlatformPei/PlatformPei.inf | 3 +
OvmfPkg/ResetVector/ResetVector.inf | 2 +
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 +-
MdePkg/Include/Library/BaseLib.h | 39 ++
MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +-
MdePkg/Include/Register/Amd/Ghcb.h | 19 +-
MdePkg/Include/Register/Amd/Msr.h | 3 +-
MdePkg/Include/Register/Amd/Svsm.h | 101 ++++
MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++
OvmfPkg/Include/WorkArea.h | 7 +
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 4 +-
OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++
UefiCpuPkg/Include/Library/CcExitLib.h | 71 ++-
UefiCpuPkg/Library/MpInitLib/MpLib.h | 27 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 16 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 25 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 20 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 25 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 203 ++++----
OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 532 ++++++++++++++++++++
OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +-
OvmfPkg/PlatformPei/AmdSev.c | 100 +++-
UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c | 82 ++-
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 19 +-
UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +-
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 127 +++--
MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++
MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++
OvmfPkg/ResetVector/ResetVector.nasmb | 6 +-
OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 9 +
UefiCpuPkg/UefiCpuPkg.uni | 3 +
39 files changed, 1524 insertions(+), 210 deletions(-)
create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
--
2.42.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114626): https://edk2.groups.io/g/devel/message/114626
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Thanks Tom.
Please give me some time to digest this patch set before I can give some feedback.
One quick question to you:
With this patch, we need to support multiple SEV modes:
1. SEV guest firmware
2. SEV-ES guest firmware
3. SEV-SNP guest firmware
4. SEV-SNP SVSM guest firmware
And all these mode requires runtime detection. Am I right?
If so, where is the flag to set those mode?
Please correct me if my understanding is wrong.
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Tom Lendacky <thomas.lendacky@amd.com>
> Sent: Saturday, January 27, 2024 6:13 AM
> To: devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>;
> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael
> Roth <michael.roth@amd.com>
> Subject: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> This series adds SEV-SNP support for running OVMF under an Secure VM
> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> By running at a less priviledged VMPL, the SVSM can be used to provide
> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> confidential VM (CVM) rather than trust such services from the hypervisor.
>
> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> certain SNP related operations that require that VMPL level. Specifically,
> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> the VMSA attribute of a page (used when starting APs).
>
> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> use an SVSM (which is running at VMPL0) to perform the operations that
> it is no longer able to perform.
>
> How OVMF interacts with and uses the SVSM is documented in the SVSM
> specification [1] and the GHCB specification [2].
>
> This series introduces support to run OVMF under an SVSM. It consists
> of:
> - Reorganize the page state change support to not directly use the
> GHCB buffer since an SVSM will use the calling area buffer, instead
> - Detecting the presence of an SVSM
> - When not running at VMPL0, invoking the SVSM for page validation and
> VMSA page creation/deletion
> - Retrieving the list of vCPU APIC IDs and starting up all APs without
> performing a broadcast SIPI
> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
> SVSM is present
>
> The series is based off of commit:
>
> 7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")
>
> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> docs/specifications/58019.pdf
> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> docs/specifications/56421.pdf
>
> ---
>
> Tom Lendacky (16):
> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
> MdePkg/Register/Amd: Define the SVSM related information
> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
> UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
> Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
> OvmfPkg: Create a calling area used to communicate with the SVSM
> OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
> OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
> UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
> MdePkg: GHCB APIC ID retrieval support definitions
> UefiCpuPkg: Create APIC ID list PCD
> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
> Ovmfpkg/CcExitLib: Provide SVSM discovery support
> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
> VMPL0
>
> OvmfPkg/OvmfPkg.dec | 4 +
> UefiCpuPkg/UefiCpuPkg.dec | 7 +-
> OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +-
> OvmfPkg/OvmfPkgX64.fdf | 3 +
> MdePkg/Library/BaseLib/BaseLib.inf | 2 +
> OvmfPkg/Library/CcExitLib/CcExitLib.inf | 5 +-
> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 5 +-
> OvmfPkg/PlatformPei/PlatformPei.inf | 3 +
> OvmfPkg/ResetVector/ResetVector.inf | 2 +
> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 +-
> MdePkg/Include/Library/BaseLib.h | 39 ++
> MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +-
> MdePkg/Include/Register/Amd/Ghcb.h | 19 +-
> MdePkg/Include/Register/Amd/Msr.h | 3 +-
> MdePkg/Include/Register/Amd/Svsm.h | 101 ++++
> MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++
> OvmfPkg/Include/WorkArea.h | 7 +
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 4
> +-
> OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++
> UefiCpuPkg/Include/Library/CcExitLib.h | 71 ++-
> UefiCpuPkg/Library/MpInitLib/MpLib.h | 27 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c |
> 16 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 25
> +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c |
> 20 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c |
> 25 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
> 203 ++++----
> OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 532
> ++++++++++++++++++++
> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +-
> OvmfPkg/PlatformPei/AmdSev.c | 100 +++-
> UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c | 82 ++-
> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 19 +-
> UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +-
> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 127 +++--
> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++
> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++
> OvmfPkg/ResetVector/ResetVector.nasmb | 6 +-
> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 9 +
> UefiCpuPkg/UefiCpuPkg.uni | 3 +
> 39 files changed, 1524 insertions(+), 210 deletions(-)
> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>
> --
> 2.42.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114647): https://edk2.groups.io/g/devel/message/114647
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 1/26/24 22:04, Yao, Jiewen wrote:
> Thanks Tom.
> Please give me some time to digest this patch set before I can give some feedback.
>
> One quick question to you:
> With this patch, we need to support multiple SEV modes:
> 1. SEV guest firmware
> 2. SEV-ES guest firmware
> 3. SEV-SNP guest firmware
> 4. SEV-SNP SVSM guest firmware
This last mode is still an SNP guest, it just requires invoking an API to
perform operations that require VMPL0 permissions. I'm not sure what you
mean by having firmware at the end of each mode. The same firmware is used
for all SEV guest modes as well as non-SEV guests.
> And all these mode requires runtime detection. Am I right?
Yes
> If so, where is the flag to set those mode?
There are function calls available to detect the SEV mode. See the
implementation of MemEncryptSevIsEnabled(), MemEncryptSevEsIsEnabled() and
MemEncryptSevSnpIsEnabled().
OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
(OvmfPkg/Sec/AmdSev.c also has some early detection support)
Note:
- An SEV-SNP guest is also considered an SEV-ES and SEV guest.
- An SEV-ES guest is also considered an SEV guest.
Within the CcExitLib library, the decision to use the SVSM API will be
based on the VMPL level at which OVMF is running.
Thanks,
Tom
>
> Please correct me if my understanding is wrong.
>
> Thank you
> Yao, Jiewen
>
>> -----Original Message-----
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>> Sent: Saturday, January 27, 2024 6:13 AM
>> To: devel@edk2.groups.io
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
>> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen
>> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>;
>> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
>> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael
>> Roth <michael.roth@amd.com>
>> Subject: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
>>
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>
>> This series adds SEV-SNP support for running OVMF under an Secure VM
>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>> By running at a less priviledged VMPL, the SVSM can be used to provide
>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>> confidential VM (CVM) rather than trust such services from the hypervisor.
>>
>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>> certain SNP related operations that require that VMPL level. Specifically,
>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>> the VMSA attribute of a page (used when starting APs).
>>
>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>> use an SVSM (which is running at VMPL0) to perform the operations that
>> it is no longer able to perform.
>>
>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>> specification [1] and the GHCB specification [2].
>>
>> This series introduces support to run OVMF under an SVSM. It consists
>> of:
>> - Reorganize the page state change support to not directly use the
>> GHCB buffer since an SVSM will use the calling area buffer, instead
>> - Detecting the presence of an SVSM
>> - When not running at VMPL0, invoking the SVSM for page validation and
>> VMSA page creation/deletion
>> - Retrieving the list of vCPU APIC IDs and starting up all APs without
>> performing a broadcast SIPI
>> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>> SVSM is present
>>
>> The series is based off of commit:
>>
>> 7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")
>>
>> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>> docs/specifications/58019.pdf
>> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>> docs/specifications/56421.pdf
>>
>> ---
>>
>> Tom Lendacky (16):
>> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>> MdePkg/Register/Amd: Define the SVSM related information
>> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>> UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
>> Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
>> OvmfPkg: Create a calling area used to communicate with the SVSM
>> OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
>> OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
>> UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
>> MdePkg: GHCB APIC ID retrieval support definitions
>> UefiCpuPkg: Create APIC ID list PCD
>> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
>> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>> Ovmfpkg/CcExitLib: Provide SVSM discovery support
>> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>> VMPL0
>>
>> OvmfPkg/OvmfPkg.dec | 4 +
>> UefiCpuPkg/UefiCpuPkg.dec | 7 +-
>> OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +-
>> OvmfPkg/OvmfPkgX64.fdf | 3 +
>> MdePkg/Library/BaseLib/BaseLib.inf | 2 +
>> OvmfPkg/Library/CcExitLib/CcExitLib.inf | 5 +-
>> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 5 +-
>> OvmfPkg/PlatformPei/PlatformPei.inf | 3 +
>> OvmfPkg/ResetVector/ResetVector.inf | 2 +
>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 +-
>> MdePkg/Include/Library/BaseLib.h | 39 ++
>> MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +-
>> MdePkg/Include/Register/Amd/Ghcb.h | 19 +-
>> MdePkg/Include/Register/Amd/Msr.h | 3 +-
>> MdePkg/Include/Register/Amd/Svsm.h | 101 ++++
>> MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++
>> OvmfPkg/Include/WorkArea.h | 7 +
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 4
>> +-
>> OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++
>> UefiCpuPkg/Include/Library/CcExitLib.h | 71 ++-
>> UefiCpuPkg/Library/MpInitLib/MpLib.h | 27 +-
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c |
>> 16 +-
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 25
>> +-
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c |
>> 20 +-
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c |
>> 25 +-
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
>> 203 ++++----
>> OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 532
>> ++++++++++++++++++++
>> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +-
>> OvmfPkg/PlatformPei/AmdSev.c | 100 +++-
>> UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c | 82 ++-
>> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 19 +-
>> UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +-
>> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 127 +++--
>> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++
>> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++
>> OvmfPkg/ResetVector/ResetVector.nasmb | 6 +-
>> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 9 +
>> UefiCpuPkg/UefiCpuPkg.uni | 3 +
>> 39 files changed, 1524 insertions(+), 210 deletions(-)
>> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
>> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>
>> --
>> 2.42.0
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114650): https://edk2.groups.io/g/devel/message/114650
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Thanks Tom. Below is exactly what I am looking for:
"the decision to use the SVSM API will be based on the VMPL level at which OVMF is running."
OVMF needs to detect SEV-SNP, then make next level decision on VMPL.
Makes sense to me.
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Tom Lendacky <thomas.lendacky@amd.com>
> Sent: Sunday, January 28, 2024 1:49 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Laszlo Ersek
> <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>;
> Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
> Subject: Re: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
>
> On 1/26/24 22:04, Yao, Jiewen wrote:
> > Thanks Tom.
> > Please give me some time to digest this patch set before I can give some
> feedback.
> >
> > One quick question to you:
> > With this patch, we need to support multiple SEV modes:
> > 1. SEV guest firmware
> > 2. SEV-ES guest firmware
> > 3. SEV-SNP guest firmware
> > 4. SEV-SNP SVSM guest firmware
>
> This last mode is still an SNP guest, it just requires invoking an API to
> perform operations that require VMPL0 permissions. I'm not sure what you
> mean by having firmware at the end of each mode. The same firmware is used
> for all SEV guest modes as well as non-SEV guests.
>
> > And all these mode requires runtime detection. Am I right?
>
> Yes
>
> > If so, where is the flag to set those mode?
>
> There are function calls available to detect the SEV mode. See the
> implementation of MemEncryptSevIsEnabled(), MemEncryptSevEsIsEnabled() and
> MemEncryptSevSnpIsEnabled().
>
> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
>
> (OvmfPkg/Sec/AmdSev.c also has some early detection support)
>
> Note:
> - An SEV-SNP guest is also considered an SEV-ES and SEV guest.
> - An SEV-ES guest is also considered an SEV guest.
>
> Within the CcExitLib library, the decision to use the SVSM API will be
> based on the VMPL level at which OVMF is running.
>
> Thanks,
> Tom
>
> >
> > Please correct me if my understanding is wrong.
> >
> > Thank you
> > Yao, Jiewen
> >
> >> -----Original Message-----
> >> From: Tom Lendacky <thomas.lendacky@amd.com>
> >> Sent: Saturday, January 27, 2024 6:13 AM
> >> To: devel@edk2.groups.io
> >> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> >> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao,
> Jiewen
> >> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
> >> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>;
> >> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> >> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>;
> Michael
> >> Roth <michael.roth@amd.com>
> >> Subject: [PATCH 00/16] Provide SEV-SNP support for running under an SVSM
> >>
> >>
> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> >>
> >> This series adds SEV-SNP support for running OVMF under an Secure VM
> >> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> >> By running at a less priviledged VMPL, the SVSM can be used to provide
> >> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> >> confidential VM (CVM) rather than trust such services from the hypervisor.
> >>
> >> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> >> certain SNP related operations that require that VMPL level. Specifically,
> >> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> >> the VMSA attribute of a page (used when starting APs).
> >>
> >> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> >> use an SVSM (which is running at VMPL0) to perform the operations that
> >> it is no longer able to perform.
> >>
> >> How OVMF interacts with and uses the SVSM is documented in the SVSM
> >> specification [1] and the GHCB specification [2].
> >>
> >> This series introduces support to run OVMF under an SVSM. It consists
> >> of:
> >> - Reorganize the page state change support to not directly use the
> >> GHCB buffer since an SVSM will use the calling area buffer, instead
> >> - Detecting the presence of an SVSM
> >> - When not running at VMPL0, invoking the SVSM for page validation and
> >> VMSA page creation/deletion
> >> - Retrieving the list of vCPU APIC IDs and starting up all APs without
> >> performing a broadcast SIPI
> >> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
> >> SVSM is present
> >>
> >> The series is based off of commit:
> >>
> >> 7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto drivers.")
> >>
> >> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/58019.pdf
> >> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/56421.pdf
> >>
> >> ---
> >>
> >> Tom Lendacky (16):
> >> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
> >> MdePkg/Register/Amd: Define the SVSM related information
> >> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
> >> UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM
> >> Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services
> >> OvmfPkg: Create a calling area used to communicate with the SVSM
> >> OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call
> >> OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls
> >> UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA
> >> MdePkg: GHCB APIC ID retrieval support definitions
> >> UefiCpuPkg: Create APIC ID list PCD
> >> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
> >> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
> >> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
> >> Ovmfpkg/CcExitLib: Provide SVSM discovery support
> >> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
> >> VMPL0
> >>
> >> OvmfPkg/OvmfPkg.dec | 4 +
> >> UefiCpuPkg/UefiCpuPkg.dec | 7 +-
> >> OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +-
> >> OvmfPkg/OvmfPkgX64.fdf | 3 +
> >> MdePkg/Library/BaseLib/BaseLib.inf | 2 +
> >> OvmfPkg/Library/CcExitLib/CcExitLib.inf | 5 +-
> >> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 5 +-
> >> OvmfPkg/PlatformPei/PlatformPei.inf | 3 +
> >> OvmfPkg/ResetVector/ResetVector.inf | 2 +
> >> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
> >> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 +-
> >> MdePkg/Include/Library/BaseLib.h | 39 ++
> >> MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +-
> >> MdePkg/Include/Register/Amd/Ghcb.h | 19 +-
> >> MdePkg/Include/Register/Amd/Msr.h | 3 +-
> >> MdePkg/Include/Register/Amd/Svsm.h | 101 ++++
> >> MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++
> >> OvmfPkg/Include/WorkArea.h | 7 +
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h |
> 4
> >> +-
> >> OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++
> >> UefiCpuPkg/Include/Library/CcExitLib.h | 71 ++-
> >> UefiCpuPkg/Library/MpInitLib/MpLib.h | 27 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> |
> >> 16 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c |
> 25
> >> +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> |
> >> 20 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
> |
> >> 25 +-
> >>
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
> >> 203 ++++----
> >> OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 532
> >> ++++++++++++++++++++
> >> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +-
> >> OvmfPkg/PlatformPei/AmdSev.c | 100 +++-
> >> UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c | 82 ++-
> >> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 19 +-
> >> UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +-
> >> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 127 +++--
> >> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++
> >> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++
> >> OvmfPkg/ResetVector/ResetVector.nasmb | 6 +-
> >> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 9 +
> >> UefiCpuPkg/UefiCpuPkg.uni | 3 +
> >> 39 files changed, 1524 insertions(+), 210 deletions(-)
> >> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
> >> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
> >> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h
> >> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c
> >> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
> >> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
> >>
> >> --
> >> 2.42.0
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114652): https://edk2.groups.io/g/devel/message/114652
Mute This Topic: https://groups.io/mt/103986434/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.