From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) by mx.groups.io with SMTP id smtpd.web10.4138.1570751849701935538 for ; Thu, 10 Oct 2019 16:57:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@apple.com header.s=20180706 header.b=nQ2OYHFv; spf=pass (domain: apple.com, ip: 17.171.2.60, mailfrom: afish@apple.com) Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.27/8.16.0.27) with SMTP id x9ANvONu036024; Thu, 10 Oct 2019 16:57:24 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=20180706; bh=b1WrVglc/rzx5LVyYleP9gSk8/ccaC8fCwXxE98mooo=; b=nQ2OYHFvfzQxKCman+B+yrtz5lZLIud4rkqj0vUaAonGy+qbE+cerVNObcqr+2dReK16 uk0mU1zhu1mwjwLmLNfJN6swuypk6lZHDRuh1hexW/7A5GsK47cuiwjhcYxBwpNrl7Lr 8nxkyUSbEsxVJUdEOawAUgEVsA/2SimnWSM44VjRomlmd0K583sLKj9E+YyC//E2cNKN igSe8fg0ckMB7kCRLfhfT+nbmcJO+ou6OG/p+ZoeN50CeQxPnUrk0GtahHL5olnTBfe2 VvBMizP79xkH9cHnPC6DN+uPu6M6/8HrKKTQNzw7E/rer3sNwU3JY6SM5uThaCgb50aD Qg== Received: from ma1-mtap-s03.corp.apple.com (ma1-mtap-s03.corp.apple.com [17.40.76.7]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 2vesu6mf02-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 10 Oct 2019 16:57:24 -0700 Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by ma1-mtap-s03.corp.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPS id <0PZ600FGMNVOZ770@ma1-mtap-s03.corp.apple.com>; Thu, 10 Oct 2019 16:57:24 -0700 (PDT) Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) id <0PZ600000NVM5300@nwk-mmpp-sz09.apple.com>; Thu, 10 Oct 2019 16:57:24 -0700 (PDT) X-Va-A: X-Va-T-CD: 61c95ae5e5faeeb9ffa58e8854c32ba1 X-Va-E-CD: 17a6de702c0d9dcaf89f320d435a4bc6 X-Va-R-CD: 4287d1648b5c1ab4e136057a2bee17a6 X-Va-CD: 0 X-Va-ID: 7b276919-c283-4d9a-96c5-c3dc967b18a0 X-V-A: X-V-T-CD: 61c95ae5e5faeeb9ffa58e8854c32ba1 X-V-E-CD: 17a6de702c0d9dcaf89f320d435a4bc6 X-V-R-CD: 4287d1648b5c1ab4e136057a2bee17a6 X-V-CD: 0 X-V-ID: 1a67fe47-9ba1-4b4e-9b10-0acd24cbc6a7 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-10-10_09:,, signatures=0 Received: from [17.235.61.64] (unknown [17.235.61.64]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPSA id <0PZ600C07NTG5J60@nwk-mmpp-sz09.apple.com>; Thu, 10 Oct 2019 16:56:06 -0700 (PDT) Sender: afish@apple.com MIME-version: 1.0 (Mac OS X Mail 13.0 \(3594.4.17\)) Subject: Re: [edk2-devel] [RFC PATCH v2 38/44] UefiCpuPkg: Allow AP booting under SEV-ES From: "Andrew Fish" In-reply-to: <8eb55d97-0ba3-c217-a160-c24730b9f036@amd.com> Date: Thu, 10 Oct 2019 16:56:04 -0700 Cc: Laszlo Ersek , Jordan Justen , Ard Biesheuvel , Mike Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" , =?utf-8?Q?Philippe_Mathieu-Daud=C3=A9?= Message-id: <00E8EC43-7DE9-4378-BD82-EEBB29A47DFA@apple.com> References: <81e310d1f2929f839cd166d1c7de6694220743b6.1568922729.git.thomas.lendacky@amd.com> <284e15f0-25ee-bb69-dcd1-09e146346c69@redhat.com> <8a8f839a-9e50-29da-06f7-50e3fc3b93c1@redhat.com> <851cc695-8902-3b07-4867-a101e0f9ee4f@amd.com> <8eb55d97-0ba3-c217-a160-c24730b9f036@amd.com> To: devel@edk2.groups.io, thomas.lendacky@amd.com X-Mailer: Apple Mail (2.3594.4.17) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-10-10_09:,, signatures=0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: quoted-printable > On Oct 10, 2019, at 4:17 PM, Lendacky, Thomas = wrote: >=20 > On 10/3/19 10:12 AM, Tom Lendacky wrote: >>=20 >>=20 >> On 10/3/19 5:32 AM, Laszlo Ersek wrote: >>> On 10/03/19 12:12, Laszlo Ersek wrote: >>>=20 >>>> UINT32 ApEntryPoint; >>>> EFI_GUID SevEsFooterGuid; >>>> UINT16 Size; >>>=20 >>> It's probably better to reverse the order of "Size" and >>> "SevEsFooterGuid", like this: >>>=20 >>> UINT32 ApEntryPoint; >>> UINT16 Size; >>> EFI_GUID SevEsFooterGuid; >>>=20 >>> because then even the "Size" field can be changed (or resized), as a >>> function of the footer GUID. >>=20 >> Cool, I'll look into doing this and see how it works out. >=20 > Just an update on this idea. This has worked out well, but has a couple = of > caveats. Removing the Qemu change to make the flash mapped read-only in > the nested page tables, caused the following: >=20 > 1. QemuFlashDetected() will attempt to detect how the flash memory devic= e > behaves. Because it is marked as read-only by the hypervisor, writing > to the area results in a #NPF for the write-fault. With SEV-ES, > emulation of the instruction can't be performed (can't read guest > memory and not provided the faulting instruction bytes), so the vCPU i= s > just restarted. This results in an infinite #NPF occurring. >=20 > The solution here was to check for SEV-ES being enabled and just retur= n > false from QemuFlashDetected(). Any downfalls to doing that? >=20 > 2. Commit 2db0ccc2d7fe ("UefiCpuPkg: Update CpuExceptionHandlerLib pass > XCODE5 tool chain") causes a similar situation to #1. It attempts to d= o > some address fixups and write to the flash device. >=20 > Reverting that commit fixes the issue. I don't think that will be an > acceptable solution, though, so need to think about what to do here. >=20 Did you fill a bugzilla for 2)? Thanks, Andrew Fish > After those two changes, the above method works well. >=20 > Thanks, > Tom >=20 >>=20 >> Thanks! >> Tom >>=20 >>>=20 >>> Thanks >>> Laszlo >>>=20 >=20 >=20 >=20