From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.71]) by mx.groups.io with SMTP id smtpd.web08.10724.1619540521018051898 for ; Tue, 27 Apr 2021 09:22:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=UcV+kaqo; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.71, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q5BW5b3y3tnHW5gUm1Z2zENj8zDflUryr/I/bZAhk5ewYRHLsaW6JOA65LWbXW9D3KGyhU2VwpyZQJ0avldWlCW7ZCEl9aOf/juk+ltpaDhGdvzYQiN2O83MxR2e8KjoKteryL66JlsVBj7nf3+5FNj+g1+feG8Sps4mPw1t5yLK4GWfb9MoX+snONhFjS2XEltOc3Luu3ItdN/tiDisMN2ARE/nDmuSzfKXJsBZfeiK5zzhhutKSbO9pBNrWvDy89v8cu/fRcI0lGzfd2hxUOEe15y+9zLqzdeweiZw3XoWDR/dUzIX8bUmD/XDNdbq/n79cKUi2zuwcaPHCBIjiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YgJO1z1nHquxy0yd3Id2yL/gpPCNxfND9n8LfRNz7kM=; b=NkWkrIWemyZlu5Iq24/8/5MYYDYlqpicUxc/LJD1XixXcwN2h0KYu1EZ41ptgcRPAPsRZLGBRRoyoP3JeWK/+kyjz6l7dEc8hyJpP2yqoMq6pYIuYwu2bBUMJHHR9qe2PJOctxAHFHpoIZmSXsfFHrA2PN0VVuG6FKWLrKJjgXMEB/HTJYfDyN6/+v38oUzxeGANKCziUb1gC0rDTryI1DmS2W7y71HwC8SHs25ghajbGpmWx50vlxTB96/W2OU6w5JjI5AeXYOWkU1xEqfu4SnPi1avHscmaz0n3Fcz2PLh1aGaqR6LtLV7Y+Bso4w+WZQZFekpBtYXzuZ6ODK8xA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YgJO1z1nHquxy0yd3Id2yL/gpPCNxfND9n8LfRNz7kM=; b=UcV+kaqoAbO3s2rVeb1Eno/cshI25IMX/CZLO0G66wTc6mDCNO4Aqrlv6mXddiWcPMWBzRt1uSb1BoAa6ie2egKerp16WBO2b6RIoi/B+yZCvV5zdT1mCtULKTPi4HUmvRKJWSCh924dkO8YhqQsbB5IGx+rhoO9oqsukKW+Sdk= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB3692.namprd12.prod.outlook.com (2603:10b6:5:14a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Tue, 27 Apr 2021 16:21:55 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Tue, 27 Apr 2021 16:21:55 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Stefan Berger Subject: [PATCH v2 4/4] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES Date: Tue, 27 Apr 2021 11:21:10 -0500 Message-ID: <00ff47c80f180b5b9054890de0ce5e1975fe2b1f.1619540470.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.31.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR04CA0090.namprd04.prod.outlook.com (2603:10b6:805:f2::31) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR04CA0090.namprd04.prod.outlook.com (2603:10b6:805:f2::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.22 via Frontend Transport; Tue, 27 Apr 2021 16:21:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7fb20ff2-016e-4519-05e1-08d909989300 X-MS-TrafficTypeDiagnostic: DM6PR12MB3692: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3EQ3/iBnk5SyHEAWdyf1O/zDMS7ViSXn4Ub8K2c8/JsydlwrZeiOpM7eCTeQMeo9oCenJ8h87rly8NbAzGG79NbCBByNSo+A8ejV2eIt41B9p0Whm7SMjorxEDrDi7Np2zU0URDZuEl7nn3b/oZWbJG8hbV0dDM8BCGGFK+KuV6fM4Ru+uJ1sd5XULwr0L/wwQlnQZy3yeNa7v/DO4oJovWRvoIwiltX6SXJvxUAu8zR+9N13DCDu05XcVAedJLZ5g0L4ROwhWrSzCupRh56LXq9qX0fgI2vx52yOUSW2j4sKw9f+d/0DdRcz/QdyU4/N2iIxZbXRlwlPcumCV0H+F2ClKHCnKbTognn9QUVforSGe+w9C0kQvMAcmp4MiFzOQIbqP0j933sTPfF54WYWFKFP0/FqLY7pax3eQFvxHeB+ziDbg/xHQBfO6T7XnXaLj5HUkqP2iypxSYA7NsSc34wO2jRGurzH7r7OvNxcaOV8YaJ2k/9KqRTCkQrWjGPgogV76Ouqvty6BfgoEWo+jgh9+KzxlPBZrILK0aQGPDct3TsKbYioXeI1cbVWYcVA3re88PefX4IpLMN8rJ/G6IErhGg45RFLQ/VRI5wfsXGfOeuR+XXq56wuhqEKtgBPDgcirelqxhzleCI3JnQBqlSW/W4LLIBzFniUQgHfLbT5Ulo+d5fTsG39JMC5ySkcxV+E7+Ak2ZQUipf9PGgjuLgZJXYm6/AbIQ2hn8+Q/o= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(396003)(366004)(136003)(346002)(376002)(8676002)(8936002)(7416002)(2616005)(478600001)(5660300002)(86362001)(54906003)(38100700002)(2906002)(316002)(6916009)(52116002)(83380400001)(26005)(4326008)(36756003)(6666004)(186003)(6486002)(66556008)(966005)(19627235002)(7696005)(956004)(66476007)(66946007)(16526019)(38350700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?VejUO4/iqWM5LB/FG9fujj0UFYPpl/ESjKf4i9EJTuFACqIyGGO/xEwuKy2L?= =?us-ascii?Q?VD8iMFYtwvxWyDjNFWYErzEdBhxlLgeFp+zKtgslT6MePuom4OxktND+9GWC?= =?us-ascii?Q?9XrPwIW/OW8/S9a9CgwT4hxrK8CcctWYCWjz6SxiSbpKsXCTZGdXgszPTIGp?= =?us-ascii?Q?gF4nIMNZDC0ZK4fmxqX6ZWTF1JXxg3Ra1E327TBaihsG/dOhPezbf3rhW9wk?= =?us-ascii?Q?dr+AnN3eOGb35A9SoH5vtm70CGc4RTu/NxyPrjAXvgZpmER7tNoaLhlO7kWH?= =?us-ascii?Q?F0X/DSN2BccNUNmHk2eUrjgXe3HTNZKE5KP9JQuCPwJY50CRag19f/kbjnd8?= =?us-ascii?Q?gv9IpKIS68g6MxtJ+t/njPrjTYiGfYAvKJijbPoMwpreM1HHDv69Flxz2lOz?= =?us-ascii?Q?92OBREdFgVNxj83+prBRjBQR+EMwLcEpZMwUe0srvfc2PGfK+kHitnaaKKaw?= =?us-ascii?Q?zHK7czNNfXvU75AVS++PC+gWwZ2f045b6edJ0DC3YA+E4NJBJone9gD1em6o?= =?us-ascii?Q?/jGhZqyJCNKfaR/JRvFubmOKtK/N6IYUpE7pzZcRrfZE0ndigWjT4fZ3GMe6?= =?us-ascii?Q?bd2mTSgUmmTJtbRaz51IW1++cfaOLewu5DaQ/0E98nHfUO68Zl0mdUlPcg2P?= =?us-ascii?Q?57ZLtyFiu4ZVkVFQQs44vGqS5fwZc9zKwKACReJk0BtLq4+UY+YX6WY39NOX?= =?us-ascii?Q?QZQNMEKqwDUM17bFvv44UkAcEmm3S8sFBnAvN/SwC1FIPP9NIXUMAG6ju3xn?= =?us-ascii?Q?/oDn6GUL5UsbGeDSC83AJQT+Mbj0nSAUY2yC49kNoEAZHnHKEX87iU+wWv2y?= =?us-ascii?Q?DVh1I6yUlpkwtiES/ymnE7C+PvrVlqTgTo7aY/d3MZxiX5d4OyMIPk3zNTRl?= =?us-ascii?Q?UmzKpY1aUoYvFt5Rr+sooa9daXyQXjxNFl7CqnSKyas7xISZWaaZudIaiTKv?= =?us-ascii?Q?7UymIeN9adPbz+i+rQhaHGmHuAS30toYfxZB84cDbd1B3s5tb2wgnPnfQ5Xk?= =?us-ascii?Q?XdkQEo5VwCxgVxxj4NfVI6GrYKyhDM+d9BpVcHEYUROKFQP/1BMfhiNvIU7j?= =?us-ascii?Q?FxGyMs1PVJ0txJoTxGqRI6QWYIHGvI/OOnh3B4sSIgVOaxLDdOkCiyWkZVwc?= =?us-ascii?Q?2EOxP/6s7GJ/qIfyp30T/hkObdqL1R+BbqMXIkbpA0v7nRqPmCZRqEJFkE98?= =?us-ascii?Q?RsRqcUVrGhavuixADIbmC7tkNyVOlsvl3nUpnEzwBHi6CGpBndbLdnI3K8qS?= =?us-ascii?Q?xUUK4qu1uPBWvOkFCgGD1G60+uD3haT5jmBeLielZZGHLo/6jqIYv8cYnuEK?= =?us-ascii?Q?OVL7jgVt3dUdYIY74XixeQAs?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7fb20ff2-016e-4519-05e1-08d909989300 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Apr 2021 16:21:55.6706 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3MspVl6GfyqrqTVH3M4lFGVsSTq3wvh13/WA2C84V4BqpNWzyMYoxlkOAXQ/sEuzzlmbwor2rH3D+ybqKlgXiQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3692 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 During PEI, the MMIO range for the TPM is marked as encrypted when running as an SEV guest. While this isn't an issue for an SEV guest because of the way the nested page fault is handled, it does result in an SEV-ES guest terminating because of a mitigation check in the #VC handler to prevent MMIO to an encrypted address. For an SEV-ES guest, this range must be marked as unencrypted. Create a new x86 PEIM for TPM support that will map the TPM MMIO range as unencrypted when SEV-ES is active. The gOvmfTpmMmioAccessiblePpiGuid PPI will be unconditionally installed before exiting. The PEIM will exit with the EFI_ABORTED status so that the PEIM does not stay resident. The OVMF Tcg2Config PEIM will add the gOvmfTpmMmioAccessiblePpiGuid as a Depex for IA32 and X64 builds so that the MMIO range is properly mapped for SEV-ES before the Tcg2Config PEIM is loaded. Update all OVMF Ia32 and X64 build packages to include this new PEIM. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Marc-Andr?? Lureau Cc: Stefan Berger Signed-off-by: Tom Lendacky --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.fdf | 1 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 2 +- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf | 40 +++++++++++ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c | 76 +++++++++++= +++++++++ 11 files changed, 125 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index cdb29d53142d..5a5246c64bf7 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -627,6 +627,7 @@ [Components] =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 1730b6558b5c..a33c14c673a0 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -707,6 +707,7 @@ [Components] =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 78a559da0d0b..a4ff7ed44705 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -720,6 +720,7 @@ [Components.IA32] =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index a7d747f6b4ab..3fb56b3f9ff9 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -719,6 +719,7 @@ [Components] =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index c0098502aa90..ab58a9c0b4da 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -148,6 +148,7 @@ [FV.PEIFV] =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index f400c845b9c9..fc0ae1f280df 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -163,6 +163,7 @@ [FV.PEIFV] =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index d055552fd09f..306fc5a9b60d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -163,6 +163,7 @@ [FV.PEIFV] =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index d519f8532822..22c8664427d6 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -175,6 +175,7 @@ [FV.PEIFV] =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index 6776ec931ce0..39d1deeed16b 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -57,7 +57,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PROD= UCES =20 [Depex.IA32, Depex.X64] - TRUE + gOvmfTpmMmioAccessiblePpiGuid =20 [Depex.ARM, Depex.AARCH64] gOvmfTpmDiscoveredPpiGuid diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf b/Ov= mfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf new file mode 100644 index 000000000000..926113b8ffb0 --- /dev/null +++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf @@ -0,0 +1,40 @@ +## @file +# Map TPM MMIO range unencrypted when SEV is active +# +# Copyright (C) 2021, Advanced Micro Devices, Inc. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TpmMmioSevDecryptPei + FILE_GUID =3D F12F698A-E506-4A1B-B32E-6920E55DA1C4 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D TpmMmioSevDecryptPeimEntryPoint + +[Sources] + TpmMmioSevDecryptPeim.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + MemEncryptSevLib + PeimEntryPoint + PeiServicesLib + +[Ppis] + gOvmfTpmMmioAccessiblePpiGuid ## PRODUCES + +[FixedPcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + +[Depex] + gEfiPeiMemoryDiscoveredPpiGuid diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c b/Ovm= fPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c new file mode 100644 index 000000000000..dd1f1a80b5b0 --- /dev/null +++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c @@ -0,0 +1,76 @@ +/** @file + Map TPM MMIO range unencrypted when SEV is active + + Copyright (C) 2021, Advanced Micro Devices, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + + +#include + +#include +#include +#include + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmMmioRangeAccessible =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gOvmfTpmMmioAccessiblePpiGuid, + NULL +}; + +/** + The entry point for TPM MMIO range mapping driver. + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval EFI_ABORTED No need to keep this PEIM resident +**/ +EFI_STATUS +EFIAPI +TpmMmioSevDecryptPeimEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + RETURN_STATUS DecryptStatus; + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__)); + + // + // If SEV or SEV-ES is active, MMIO succeeds against an encrypted physic= al + // address because the nested page fault (NPF) that occurs on access doe= s not + // include the encryption bit in the guest physical address provided to = the + // hypervisor. + // + // However, if SEV-ES is active, before performing the actual MMIO, an + // additional MMIO mitigation check is performed in the #VC handler to e= nsure + // that MMIO is being done to an unencrypted address. To prevent guest + // termination in this scenario, mark the range unencrypted ahead of acc= ess. + // + if (MemEncryptSevEsIsEnabled ()) { + DEBUG ((DEBUG_INFO, "%a: mapping TPM MMIO address range unencrypted\n"= , __FUNCTION__)); + + DecryptStatus =3D MemEncryptSevClearPageEncMask ( + 0, + PcdGet64 (PcdTpmBaseAddress), + EFI_SIZE_TO_PAGES ((UINTN) 0x5000), + FALSE + ); + + if (RETURN_ERROR (DecryptStatus)) { + DEBUG ((DEBUG_INFO, "%a: failed to map TPM MMIO address range unencr= ypted\n", __FUNCTION__)); + ASSERT_RETURN_ERROR (DecryptStatus); + } + } + + // + // MMIO range available + // + Status =3D PeiServicesInstallPpi (&mTpmMmioRangeAccessible); + ASSERT_EFI_ERROR (Status); + + return EFI_ABORTED; +} --=20 2.31.0