From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web11.8508.1619071689949928097 for ; Wed, 21 Apr 2021 23:08:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AWzDL1h+; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1619071689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j0JRhkDN5iALp2d446O8DAZOSOtSYX/D3n3GluYUicU=; b=AWzDL1h+7uagSEAh7GAYmvXx+vjO8k9vSeOl2vqk84R5B6C1z6spSpYWVTl9FtHNqjYtrB f3fimkxhsvbszqOt1tbqk8dFpCr9xLWWFopGlk3pvP26jHFw+RdkBMuI2jXChW/xcVP98D Pr1IoJ8m5CmjIC6kvaN0j8BlfugS6hE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-391-hkC55aYPMcGEV972m3OuOw-1; Thu, 22 Apr 2021 02:07:55 -0400 X-MC-Unique: hkC55aYPMcGEV972m3OuOw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 469738189CA; Thu, 22 Apr 2021 06:07:53 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-151.ams2.redhat.com [10.36.112.151]) by smtp.corp.redhat.com (Postfix) with ESMTP id 51AE9291EC; Thu, 22 Apr 2021 06:07:50 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV To: devel@edk2.groups.io, evantass@amd.com, Tom Lendacky Cc: Joerg Roedel , Borislav Petkov , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu References: <1f64ca5689ec86c427e4db8c41da598896dca4ba.1618959281.git.thomas.lendacky@amd.com> <831dc0af-e5b8-ead1-6ef7-f94aff8df0b5@amd.com> From: "Laszlo Ersek" Message-ID: <021d789e-145a-220a-e43d-519ff56105bc@redhat.com> Date: Thu, 22 Apr 2021 08:07:49 +0200 MIME-Version: 1.0 In-Reply-To: <831dc0af-e5b8-ead1-6ef7-f94aff8df0b5@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 04/21/21 01:17, Eric van Tassell wrote: > > > On 4/20/21 5:54 PM, Tom Lendacky wrote: >> From: Tom Lendacky >> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 >> >> The TPM support in OVMF performs MMIO accesses during the PEI phase. At > > where are the phases defined and how many other are there? See "Figure 1. PI Architecture Firmware Phases" in the PI 1.7 spec, Volume 1, chapter 2 Overview. One resource for learning more about the phases is: https://github.com/tianocore/tianocore.github.io/wiki/UEFI-EDKII-Learning-Dev Thanks Laszlo > >> this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES >> guest will fail attempting to perform MMIO to an encrypted address. >> >> Read the PcdTpmBaseAddress and mark the specification defined range >> (0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process >> the MMIO requests. >> >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Jordan Justen >> Cc: Brijesh Singh >> Cc: James Bottomley >> Cc: Jiewen Yao >> Cc: Min Xu >> Signed-off-by: Tom Lendacky >> --- >>   OvmfPkg/PlatformPei/PlatformPei.inf |  1 + >>   OvmfPkg/PlatformPei/AmdSev.c        | 19 +++++++++++++++++++ >>   2 files changed, 20 insertions(+) >> >> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf >> b/OvmfPkg/PlatformPei/PlatformPei.inf >> index 6ef77ba7bb21..de60332e9390 100644 >> --- a/OvmfPkg/PlatformPei/PlatformPei.inf >> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf >> @@ -113,6 +113,7 @@ [Pcd] >>     [FixedPcd] >>     gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress >> +  gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress >>     gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS >>     gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory >>     gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType >> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c >> index dddffdebda4b..d524929f9e10 100644 >> --- a/OvmfPkg/PlatformPei/AmdSev.c >> +++ b/OvmfPkg/PlatformPei/AmdSev.c >> @@ -141,6 +141,7 @@ AmdSevInitialize ( >>     ) >>   { >>     UINT64                            EncryptionMask; >> +  UINT64                            TpmBaseAddress; >>     RETURN_STATUS                     PcdStatus; >>       // >> @@ -206,6 +207,24 @@ AmdSevInitialize ( >>       } >>     } >>   +  // >> +  // PEI TPM support will perform MMIO accesses, be sure this range >> is not >> +  // marked encrypted. >> +  // >> +  TpmBaseAddress = PcdGet64 (PcdTpmBaseAddress); >> +  if (TpmBaseAddress != 0) { >> +    RETURN_STATUS  DecryptStatus; >> + >> +    DecryptStatus = MemEncryptSevClearPageEncMask ( >> +                      0, >> +                      TpmBaseAddress, >> +                      EFI_SIZE_TO_PAGES (0x5000), >> +                      FALSE >> +                      ); >> + >> +    ASSERT_RETURN_ERROR (DecryptStatus); >> +  } >> + >>     // >>     // Check and perform SEV-ES initialization if required. >>     // >> > > > > >