From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.57]) by mx.groups.io with SMTP id smtpd.web09.51069.1654011746668353888 for ; Tue, 31 May 2022 08:42:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=09uB3baT; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.102.57, mailfrom: nikunjamritlal.dadhania@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n7Crf0nPfiUkZDK41LFa8Nhz+mriowmX1YGCGnrABOCujb56VqnArIA/wff4V/zjpJYqyNPAnUB9frTXMbLRCIfvz2o5GruW0dwysYTr3xQ9vOuaZIDK53DB7kBCbJlRoiq42bJ5p2HNJdqdD5NZ1b5S44xSgacpUoWvfGI3Kd+pKIAOsW01654djRVQPZZITMDRiuzlbCsWqW6WquObRTjW+JtWthcjb6+dT9o1LyUdEGbRWDrH0y85/+r44Pi4YGrH97+igXdHYTbWczfreeTOrC6mdMo+MC9srz/FYY7+apJwCAXOLbrsdvh+B6uxaubqGmo/IgpXkxhpDhfi3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lm0fNcJ48xUrAU91OgWGyfeSlgGOtykruKUcWCSw+8s=; b=iWaMA9oY+8UkZZ2g2JkC+wp3gHtU34Tbyvgjzfe3O5nkv12X8PokVGElE7vk4f516DfZ33l/f9I7OcRaR6jCgDon3vTZG38gjgvI+Qxto78iGNPss8hqDXRIoMY+ZG14wes6xnRAFMnbzt5TA3D211nt0WHB+N174CkZ6e2YZUSDZaPcN+QjbYY66kjueWR6FMonHOb1pSRYOq7PKBxkly2/ZokUGpFnR38/Wpk5oYFY4cObwPDzXgAjw6yBnT1LqG37RYjhjtMSrdUMOlsq2YWnjzc5U0BZi1lePHOQ1jb2M3q5926/bazR7EXpVE9T+XjhlOSXsgkD7NUsKYqTZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lm0fNcJ48xUrAU91OgWGyfeSlgGOtykruKUcWCSw+8s=; b=09uB3baTa5U9/MVuekq6ySu8AHUxOg2kEu7enNwhslo35+j61TR5ppYG4djzjPoqJyjCMBtw7Y5NLcVpc0BFy2XUzYMFdudlyaFvEl5ZRjEnzVwxamMEpBAB8accG4rWZ5UkdNDctla1k372BLRW0B4/v4AG0Y79heMI3aAtmJM= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DS7PR12MB6309.namprd12.prod.outlook.com (2603:10b6:8:96::19) by DM5PR12MB1595.namprd12.prod.outlook.com (2603:10b6:4:3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Tue, 31 May 2022 15:42:24 +0000 Received: from DS7PR12MB6309.namprd12.prod.outlook.com ([fe80::c502:5cdb:9472:3562]) by DS7PR12MB6309.namprd12.prod.outlook.com ([fe80::c502:5cdb:9472:3562%5]) with mapi id 15.20.5293.013; Tue, 31 May 2022 15:42:24 +0000 Message-ID: <04d6a4bc-3f62-bb3e-cbfa-338583c99114@amd.com> Date: Tue, 31 May 2022 21:12:12 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2 Subject: Re: [edk2-devel] [PATCH v8 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall To: devel@edk2.groups.io, ashish.kalra@amd.com Cc: dovmurik@linux.vnet.ibm.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, dgilbert@redhat.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, nikunj@amd.com References: <8e98ccac7867d922f0f4c76ccc17fadef738623e.1649178155.git.ashish.kalra@amd.com> From: "Nikunj A. Dadhania" In-Reply-To: <8e98ccac7867d922f0f4c76ccc17fadef738623e.1649178155.git.ashish.kalra@amd.com> X-ClientProxiedBy: PN2PR01CA0223.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c01:ea::16) To DS7PR12MB6309.namprd12.prod.outlook.com (2603:10b6:8:96::19) Return-Path: NikunjAmritlal.Dadhania@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bec4edbe-f13f-42a2-3e51-08da431c285e X-MS-TrafficTypeDiagnostic: DM5PR12MB1595:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QBsPgJz6Q3o2fGq7cuHoWewoRvwRvpofQhgy0VqibiUPu2J9YiiwrH0qFXEaA3iB6tVDSW95s4kObTREujNhKbi1qweeV03TQdyXb90a+H7qqTh1ufafufCgHzSm4EDdla49W6Slzfd2OxDPdSP1bVJfekUi/4F5CKYJ51WVXZl28RT9t+1nz84k4lpswXTjyosAACXRrzUzYTwapLoXoZCxPYP/AGKeOeiGc2vogamOClFZLLni9sNy/54/IIuT0w1feROdaEukUwpJj+cK8rZVwMfc3V3VSyEI1LSBEIna7wlKO8yZ4LX0DVU/jKxJ9f5XI5d9+LNKbRj4HtIRAB3RWRT9dUe0AT7isnBtC001ehVE0j8jfmrzlW0J2vITYsmeoGvhjHh7nByiSdGCLbzpepyVN7fL83atw4J5+BKOB3x9XmB5KqLQkVD4GaIqqY1Y2HNe7W6yBPgTqNUVPWln1zZNY8gKukr95vVem+5TRdActe9/0I1OFWnlHaXyHXwZpesMZUqITqckyYVajxqCB61JRQWf48SjN/y9NbZnB3A09UEWwiBNEpsYj87B/STynCFefODKCnRUMALUQQCfUmXWAzkWeielKx8iPoHpqZWRGidBQThbtm0u7dlAUUpsiFwnGgJwhTWVzKXrreHc3FMPNAN5apSEF1nWy3L4TOW8o69jt2g+c/5nvCbHUGX7VjNQ4/fj/PqYMmWU0l8VthKO1d1iu3gJwJKksiZ9PYrzMQtuZyWND2de2+41 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR12MB6309.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(66946007)(66476007)(66556008)(36756003)(31696002)(38100700002)(19627235002)(316002)(8936002)(4326008)(8676002)(186003)(6636002)(5660300002)(2616005)(2906002)(6666004)(508600001)(26005)(6506007)(53546011)(6512007)(6486002)(31686004)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cHVpMGlTa3FiM1BVYkFlRzRQT2p2bVdXSlFvbVhvVWZGTUtNdEFBY2MwTUta?= =?utf-8?B?akVBZ0pkZUJrdW5sTDZIYStSZk1oUkRycjhqbGlmK0JVeG1mZm10WWJ5Rjl3?= =?utf-8?B?TDNKQjA5SU43Z21aYnBXM1RNcU04c2gwNnR2a04wZFRjMjFSQnh2cWpIUHVM?= =?utf-8?B?L2F6Vng1ck1SR25BbTduY29xY2I0b0RrZnVMMGEySmkwbnB2UVpjZVFVUnFo?= =?utf-8?B?MlljYTZGajhoa2R5SE91Zm45QXBoZjdSRWFkcGdPNjZEaHdHR2t5RmlSTk1D?= =?utf-8?B?ZnB1dWZRaHZNaFVIYyszbGhENUNBSnB4ci9RYWFFMmszRm5hVWI2dXlBcERH?= =?utf-8?B?M0tiUHpPTDUrcnVmRldFVERjbWtHNUJub0ljZmFESzRVSXpjLzJacGhodStT?= =?utf-8?B?TkNFMTZETjZibWxWc0xKV2hrM2VFcXJ4aTRJYUxDK3Z5UGhqRHpscHRNZDZV?= =?utf-8?B?MVZlU1JvWG5ZSm5nK3NjeW53WXZZVUwrUmxiS3lWOS9XU1JBbkdUVFl0U3ZR?= =?utf-8?B?TkZvc2k1QzhmcnZlcGVHR0E4Y0JDRCtnWFNqZW0xQWhQNk8wWWRVZHRjaGVr?= =?utf-8?B?RE42L0NhUlE1cVVoK014NjdOd3dLR1pvN3l5bWk3TXE1T29WTmxqejNXM1l0?= =?utf-8?B?L0tGTlp1dGVDVnNIQjA2RWZoNWF2SVJ6NUF6dkw4TGUvcTFKNDg2R0hXclFM?= =?utf-8?B?bWZMVW1RTjhuSWtmMXhmbW94TEdZN2hvbzhPL0FVQitYL2g1WlRNUkpVQXVU?= =?utf-8?B?bXBRVkd0TWJzbmQ5aHNsOFBUVjVkUmdvUlZqU1FQdUhEcUFtRGl2a2tOcEdj?= =?utf-8?B?bXAxeTQxejdYd3B6Sk82MTF2LzFhM1ZNZXZRbzI4bzYzMzVJUmdscXA1NmRM?= =?utf-8?B?MHBQcElXV1Zhby9MekNtRWdndzlaL1BybjlQOHdENzdSTHpDSnNYYjgxSUY1?= =?utf-8?B?TDd4dHIycEdTZXczdzFxOEFZTGJySzBVK2xra0ZhelZTTFNDTGJQVTVCOXgy?= =?utf-8?B?T09UVHhXRFFCeXNPWkQ3UnU5cHRxVlIxSE9mVnVvQkZ4N3Rjc1FUSFoyTnMv?= =?utf-8?B?RnRpWklvREIzMkNwVnNicjFlTG1kZFl4MEVnVjhBTnBRL3Y4aHBySGphNTND?= =?utf-8?B?bjRjMUJQNWt3TXV0ZXRta3RvQnFvbzZuT0x6dkh6VGZFZWlKZUZ3VStVZThz?= =?utf-8?B?ZHVsRytOREdMUi9lL2x6S2lKZXAxajRXejFRK1ZTZDZGTExOZ0hOKzI4MkxV?= =?utf-8?B?Si9tanVwWTVzQjZUZTBiRER0Y2xscTM5a3FuM0FGeDh0UDB6dnFpSExqMHVP?= =?utf-8?B?MEt2OHBuaEVyYlBJemFRWEV5SG9ENXFmeXZXNTNJVlFTYnAzZXFOVGEyeEtF?= =?utf-8?B?aENYaFZJRWhMUGNxcFJxVlV2eEh0Qk8xcy8yV3NCOVZPeXJ5dGw2UEJQV1E3?= =?utf-8?B?ZkJIUWQvSThBM2hvWUNDRW1LUThGcnJCTUZMYTdDd1pzN2czU3RsMmNwK1Iy?= =?utf-8?B?NHVkM2k3c0pUVXVMRDl6SnQxYlRqMHJnNmplUXE1b055U0Y2MTI5KzBvbzVH?= =?utf-8?B?c3puOCs3bVNFeHR3NlZJWjA1akpUSHArMTcyQzZZeWlpNzRMWTVLZWtZRU9M?= =?utf-8?B?bm5iU3BXZ0tBYUhyYlpJeTNCU1lrckFtcHRDUDQzRGpKaGhtUTZ2MU81NnNH?= =?utf-8?B?ZlNxSEZrcndDdXBEVGtBb1lMM01hTHRMOVA4UTdyNFdjeTdqcmJDb1B1MEJK?= =?utf-8?B?TDNpRExpM2xoUml2eVFYSFZoWXpjZkVwYlBPTCtTRThLSkN0RWFWNEJOTVNm?= =?utf-8?B?N0ZqUm9xeHZNa2FtZTl5Y0YwQzhJVUJvZGNkV2poeFFTSFlvZVR5MlRPTUlB?= =?utf-8?B?dytqcUVob0pOQzB6RHkwcnpEOEVvZUZ2b2QrUDFMYS81RFUwN2t6ZEtyOGRJ?= =?utf-8?B?NkMvSTFGdUZGZEl0cG45eUpUdGxlYWYzNGVmaHNEK2plUjRxRnA4b00yNmkx?= =?utf-8?B?bmhyNTMvc1R1SXJ5enZwYTBUYzFXTThGV1hWU3hQQWxML09ZU1VCZ0ZDOVUx?= =?utf-8?B?ZUExS1FMVFNUVG9URDJkQ1ZRK3pneklvL2lvcG5NTnpXL0FqMUhQaGhSVElu?= =?utf-8?B?QVVzOGZxQzNOWUVaSTAwQmtXUjBsQmIrbzd5N0JpK3g1WFM1ZDkwWW9SaWlO?= =?utf-8?B?N05pUjd2WWJHUDdiMUcraXBuM0JaNU41c2ZYRlBMR05UWWRpUjMyeUFqdi9m?= =?utf-8?B?TFIyYW1UTFBmazcxaW9CRVk4clNHSGxEVllFYWlrTlUrVGlYR3E5U3BjQW5p?= =?utf-8?B?Tm9yWVBrQkJIM0R0RU11MmxudHdDZmhyUi93Y3F2YzdmUUhpa0FaZz09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bec4edbe-f13f-42a2-3e51-08da431c285e X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB6309.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2022 15:42:24.5349 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pOknZvwRgVo+68eE+jF6gQM3yDZU4vkTAKxV3Ng+WkxfwcKNqwH42wp7482D6wvt0iUX7hQeQlpTMaBBJMcnBg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1595 Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi Ashish, I missed the v8 and replied on v7. On 4/5/2022 11:02 PM, Ashish Kalra via groups.io wrote: > From: Ashish Kalra > > Mark the SEC GHCB page (that is mapped as unencrypted in > ResetVector code) in the hypervisor's guest page encryption > state tracking. > > Cc: Jordan Justen > Cc: Ard Biesheuvel > Signed-off-by: Ashish Kalra > --- > OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index 385562b44c..cd96fc23bd 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -223,6 +223,17 @@ AmdSevEsInitialize ( > PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); > > ASSERT_RETURN_ERROR (PcdStatus); > > > > + // > + // The SEC Ghcb setup during reset-vector needs to be marked as > + // decrypted in the hypervisor's guest page encryption state > + // tracking. > + // > + SetMemoryEncDecHypercall3 ( > + FixedPcdGet32 (PcdOvmfSecGhcbBase), > + EFI_SIZE_TO_PAGES (FixedPcdGet32 (PcdOvmfSecGhcbSize)), > + FALSE > + ); > + PcdOvmfSecGhcbSize is set to 2 pages (8192 bytes). AFAIU, only first page needs to be change to shared, second page should be kept private. > // > // Allocate GHCB and per-CPU variable pages. > // Since the pages must survive across the UEFI to OS transition > Regards Nikunj