From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web11.18084.1574301228329922798 for ; Wed, 20 Nov 2019 17:53:48 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: nathaniel.l.desimone@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Nov 2019 17:53:47 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,224,1571727600"; d="scan'208";a="407027631" Received: from orsmsx104.amr.corp.intel.com ([10.22.225.131]) by fmsmga005.fm.intel.com with ESMTP; 20 Nov 2019 17:53:47 -0800 Received: from orsmsx114.amr.corp.intel.com ([169.254.8.67]) by ORSMSX104.amr.corp.intel.com ([169.254.4.122]) with mapi id 14.03.0439.000; Wed, 20 Nov 2019 17:53:46 -0800 From: "Nate DeSimone" To: "devel@edk2.groups.io" , "thomas.lendacky@amd.com" CC: "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , "Kinney, Michael D" , "Gao, Liming" , "Dong, Eric" , "Ni, Ray" , Brijesh Singh , "You, Benjamin" , "Bi, Dandan" , "Dong, Guo" , "Wu, Hao A" , "Wang, Jian J" , "Ma, Maurice" Subject: Re: [edk2-devel] [RFC PATCH v3 00/43] SEV-ES guest support Thread-Topic: [edk2-devel] [RFC PATCH v3 00/43] SEV-ES guest support Thread-Index: AQHVn94iwJ3qKA3+RUe2f37EITXC56eU2hIg Date: Thu, 21 Nov 2019 01:53:45 +0000 Message-ID: <02A34F284D1DA44BB705E61F7180EF0AB5BEE1D6@ORSMSX114.amr.corp.intel.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYTg1Mzk0ODEtMzJkYS00MDY0LTgzOTYtMDcyYTZmODk1Y2Q4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiOFdGd2tZMFwvSkJ5U0YrbzFXZ1R6VXp0QWpQY1JMb0lORjdwTWFNTGlIUDl0TXIraHd1VDF4aEFRb1lzM0g0MTkifQ== x-ctpclassification: CTP_NT x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Tom, EFI_CPU_ARCH_PROTOCOL is a PI spec defined protocol. Please see Volume 2, = Section 12.3 of the UEFI Platform Initialization Specification. Generally w= e strictly adhere to the spec when a PPI or protocol is spec defined. If no= t already done, I would recommend submitting a spec change request with the= UEFI Forum. I don't think we can merge the patch series as-is without your= change being ratified by the UEFI Forum. Another option would be to define a separate protocol with the EDKII_ pref= ix instead of the EFI_ prefix as the EFI_ prefix is exclusively reserved fo= r PPIs and protocols that are defined by either the UEFI spec or the PI spe= c. In which case, the protocol would need to be moved to either MdeModulePk= g or UefiCpuPkg, as only spec defined PPIs and protocols are allowed in Mde= Pkg. Regards, Nate -----Original Message----- From: devel@edk2.groups.io On Behalf Of Lendacky, T= homas Sent: Wednesday, November 20, 2019 12:06 PM To: devel@edk2.groups.io Cc: Justen, Jordan L ; Laszlo Ersek ; Ard Biesheuvel ; Kinney, Michael D ; Gao, Liming ; Dong, Eric <= eric.dong@intel.com>; Ni, Ray ; Brijesh Singh ; You, Benjamin ; Bi, Dandan ; Dong, Guo ; Wu, Hao A = ; Wang, Jian J ; Ma, Maurice Subject: [edk2-devel] [RFC PATCH v3 00/43] SEV-ES guest support This patch series provides support for running EDK2/OVMF under SEV-ES. Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the = SEV support to protect the guest register state from the hypervisor. See "AMD64 Architecture Programmer's Manual Volume 2: System Programming", sec= tion "15.35 Encrypted State (SEV-ES)" [1]. In order to allow a hypervisor to perform functions on behalf of a guest, = there is architectural support for notifying a guest's operating system whe= n certain types of VMEXITs are about to occur. This allows the guest to sel= ectively share information with the hypervisor to satisfy the requested fun= ction. The notification is performed using a new exception, the VMM Communi= cation exception (#VC). The information is shared through the Guest-Hypervi= sor Communication Block (GHCB) using the VMGEXIT instruction. The GHCB format and the protocol for using it is documented in "SEV-ES Gue= st-Hypervisor Communication Block Standardization" [2]. The main areas of the EDK2 code that are updated to support SEV-ES are aro= und the exception handling support and the AP boot support. Exception support is required starting in Sec, continuing through Pei and = into Dxe in order to handle #VC exceptions that are generated. Each AP req= uires it's own GHCB page as well as a page to hold values specific to that = AP. AP booting poses some interesting challenges. The INIT-SIPI-SIPI sequence = is typically used to boot the APs. However, the hypervisor is not allowed t= o update the guest registers. The GHCB document [2] talks about how SMP boo= ting under SEV-ES is performed. Since the GHCB page must be a shared (unencrypted) page, the processor mus= t be running in long mode in order for the guest and hypervisor to communic= ate with each other. As a result, SEV-ES is only supported under the X64 ar= chitecture. [1] https://www.amd.com/system/files/TechDocs/24593.pdf [2] https://developer.amd.com/wp-content/resources/56421.pdf --- These patches are based on commit: cc6854506c2b ("Readme.md: remove positional references from submodule desc= ription") Proper execution of SEV-ES relies on Bugzilla 2340 being fixed. A version of the tree (with an extra patch to workaround Bugzilla 2340) ca= n be found at: https://github.com/AMDESE/ovmf/tree/sev-es-v9 Cc: Ard Biesheuvel Cc: Benjamin You Cc: Dandan Bi Cc: Eric Dong Cc: Guo Dong Cc: Hao A Wu Cc: Jian J Wang Cc: Jordan Justen Cc: Laszlo Ersek Cc: Liming Gao Cc: Maurice Ma Cc: Michael D Kinney Cc: Ray Ni Changes since v2: - Added a way to locate the SEV-ES fixed AP RIP address for starting AP's to avoid updating the actual flash image (build time location that is identified with a GUID value). - Create a VmgExit library to replace static inline functions. - Move some PCDs to the appropriate packages - Add support for writing to QEMU flash under SEV-ES - Add additional MMIO opcode support - Cleaned up the GHCB MSR CPUID protocol support Changes since v1: - Patches reworked to be more specific to the component/area being updated and order of definition/usage - Created a library for VMGEXIT-related functions to replace use of inline functions - Allocation method for GDT changed from AllocatePool to AllocatePages - Early caching only enabled for SEV-ES guests - Ensure AP loop mode set to halt loop mode for SEV-ES guests - Reserved SEC GHCB-related memory areas when S3 is enabled Tom Lendacky (43): MdePkg: Create PCDs to be used in support of SEV-ES MdePkg: Add the MSR definition for the GHCB register MdePkg: Add a structure definition for the GHCB MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables MdePkg/BaseLib: Add support for the XGETBV instruction MdePkg/BaseLib: Add support for the VMGEXIT instruction UefiCpuPkg: Implement library support for VMGEXIT UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE events UefiCpuPkg/CpuExceptionHandler: Support string IO for IOIO_PROT NAE events UefiCpuPkg/CpuExceptionHandler: Add support for CPUID NAE events UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT NAE events UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE events (MMIO) UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE events UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC NAE events UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC NAE events UefiCpuPkg/CpuExceptionHandler: Add support for INVD NAE events UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL NAE events UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP NAE events UefiCpuPkg/CpuExceptionHandler: Add support for MONITOR/MONITORX NAE events UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWAITX NAE events UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write NAE events OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function OvmfPkg: Add support to perform SEV-ES initialization OvmfPkg/ResetVector: Add support for a 32-bit SEV check OvmfPkg: Create a GHCB page for use during Sec phase OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is supported OvmfPkg: Create GHCB pages for use during Pei and Dxe phase OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled OvmfPkg/Sec: Add #VC exception handling for Sec phase OvmfPkg/Sec: Enable cache early to speed up booting OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with SEV-ES is enabled MdeModulePkg: Reserve a 16-bit protected mode code segment descriptor UefiCpuPkg: Add a 16-bit protected mode code segment descriptor UefiCpuPkg/MpInitLib: Add a CPU MP data flag to indicate if SEV-ES is enabled UefiCpuPkg: Allow AP booting under SEV-ES OvmfPkg: Reserve a page in memory for the SEV-ES AP reset vector OvmfPkg: Move the GHCB allocations into reserved memory MdePkg: Add a finalization function to the CPU protocol UefiCpuPkg/MpInitLib: Add MP finalization interface to MpInitLib UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use UefiCpuPkg/CpuDxe: Provide an DXE MP finalization routine to support SEV-ES MdeModulePkg/DxeCore: Perform the CPU protocol finalization support MdeModulePkg/MdeModulePkg.dec | 23 + OvmfPkg/OvmfPkg.dec | 5 + UefiCpuPkg/UefiCpuPkg.dec | 8 + OvmfPkg/OvmfPkgIa32.dsc | 11 + OvmfPkg/OvmfPkgIa32X64.dsc | 11 + OvmfPkg/OvmfPkgX64.dsc | 11 + UefiCpuPkg/UefiCpuPkg.dsc | 5 + UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 2 + UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgX64.fdf | 9 + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 2 + MdePkg/Library/BaseLib/BaseLib.inf | 4 + OvmfPkg/PlatformPei/PlatformPei.inf | 7 + .../FvbServicesRuntimeDxe.inf | 2 + OvmfPkg/ResetVector/ResetVector.inf | 9 + OvmfPkg/Sec/SecMain.inf | 1 + .../DxeCpuExceptionHandlerLib.inf | 5 + .../PeiCpuExceptionHandlerLib.inf | 5 + .../SecPeiCpuExceptionHandlerLib.inf | 8 + UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 + UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf | 33 + .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +- MdePkg/Include/Library/BaseLib.h | 31 + MdePkg/Include/Protocol/Cpu.h | 18 + MdePkg/Include/Register/Amd/Fam17Msr.h | 28 + MdePkg/Include/Register/Amd/Ghcb.h | 117 ++ OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 + UefiCpuPkg/CpuDxe/CpuDxe.h | 12 + UefiCpuPkg/CpuDxe/CpuGdt.h | 4 +- UefiCpuPkg/Include/Library/MpInitLib.h | 14 + UefiCpuPkg/Include/Library/VmgExitLib.h | 96 ++ .../CpuExceptionHandlerLib/AMDSevVcCommon.h | 26 + .../CpuExceptionCommon.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 79 +- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 5 + .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 6 +- .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +- .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 +- MdePkg/Library/BaseLib/Ia32/GccInline.c | 45 + MdePkg/Library/BaseLib/X64/GccInline.c | 47 + .../MemEncryptSevLibInternal.c | 77 +- OvmfPkg/PlatformPei/AmdSev.c | 82 ++ OvmfPkg/PlatformPei/MemDetect.c | 23 + .../QemuFlash.c | 38 +- OvmfPkg/Sec/SecMain.c | 74 +- UefiCpuPkg/CpuDxe/CpuDxe.c | 21 +- UefiCpuPkg/CpuDxe/CpuGdt.c | 8 +- .../CpuExceptionCommon.c | 2 +- .../Ia32/AMDSevVcCommon.c | 20 + .../PeiDxeAMDSevVcHandler.c | 29 + .../PeiDxeSmmCpuException.c | 16 + .../SecAMDSevVcHandler.c | 50 + .../SecPeiCpuException.c | 16 + .../X64/AMDSevVcCommon.c | 1230 +++++++++++++++++ UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 136 +- UefiCpuPkg/Library/MpInitLib/MpLib.c | 280 +++- UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 35 + UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c | 132 ++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- MdePkg/Library/BaseLib/Ia32/VmgExit.nasm | 37 + MdePkg/Library/BaseLib/Ia32/XGetBv.nasm | 31 + MdePkg/Library/BaseLib/X64/VmgExit.nasm | 32 + MdePkg/Library/BaseLib/X64/XGetBv.nasm | 34 + OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 94 ++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 337 ++++- OvmfPkg/ResetVector/ResetVector.nasmb | 19 + .../X64/ExceptionHandlerAsm.nasm | 15 + UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc | 2 +- .../Library/MpInitLib/Ia32/MpFuncs.nasm | 15 + UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc | 4 +- UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 370 ++++- UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni | 15 + .../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 9 + 74 files changed, 3969 insertions(+), 101 deletions(-) create mode 10064= 4 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf create mode 100644 MdePkg/Include/Register/Amd/Ghcb.h create mode 100644 UefiCpuPkg/Include/Library/VmgExitLib.h create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcComm= on.h create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevV= cCommon.c create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSev= VcHandler.c create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcH= andler.c create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVc= Common.c create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExit.nasm create mode 100644 MdePkg/Library/BaseLib/Ia32/XGetBv.nasm create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm create mode 100644 MdePkg/Library/BaseLib/X64/XGetBv.nasm create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni -- 2.17.1