From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=2OKN7tg+; spf=none, err=SPF record not found (domain: amd.com, ip: , mailfrom: thomas.lendacky@amd.com) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W58D+SWm+tP0Pnj4tQ0eGi6U91HHuWL/hZPswjs+ijJUf9g8DAT5hsXSwjSZUEe6icu1fEcWry1F1hrtX8vTBt8KUzZdW3J07p2W3q0CDNP2SS48o+06R9hdMNhVGi/WcuhGKMj4tDet93N7EgtzHZDIZDhKJoQIbMe6lIS25OqTMA8Zj3n4NOFZxyY6VKA2cdEFJ+4gNl8x3jgeWp+7TQ4OLrB2OtjuJcoipq2ncqZF/y3yTsQZp6T24hrPHOJNcnW9wu4N5+utHRNj/JkzmSneQQZbQixcigUFHWOg5hMUKE6cuIMgm1B3Ktqu6mCG8b9MixJfL+UjVoOHFXvzWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JIX5WUBW9cSrUz+hMRK11AR+CYdIjZfPruwCSpASMwY=; b=ndnVBwDGFOrp0qaygf/ltvNnuZPiqqGEwV3lCzfBtiuoSoqPdqhDBSXqu3XArfIgWHs61mh63JmlE575GVbmxDuDOTZixBaNWP6ZeRJ6Fa8uHL3pqacU4DQ+0hJjI6r38W/td6xXuACP16UIncmgNfSRb23+SgfW6izH5BDpZGsHriegdhoZfN6ZDsnnKFSLI1Rj2AKMeoEbY7cYFWdqIqv6iTWptjUGh3Qo+FUGXq3p7QIoQZ7Z8wrpnutBfF+2OJ0jc17GV5JH8NCQCSeuc4ajg7ygjJ7aMUvUOc9deUGcLjUwkxSoLv5BSnOoOnbKLdiLKfPw/avyMXE+EcscIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JIX5WUBW9cSrUz+hMRK11AR+CYdIjZfPruwCSpASMwY=; b=2OKN7tg+YMOiVexk2ClzCJTeK3VNEyZvrGrTp5eBjqsggID1QH3KeTrUANGcsBjJ1ZdilYk10QbeXElc/FySdXuJBKPxQ6sytG+QDIVO4ZGYIsBlfmZUjK/Uryvn3p3dzLln0j7PMDvhydLHIdWA3z4O5Nah87bW6ayqR5KRKbE= Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:53 +0000 Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:53 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [RFC PATCH 05/28] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Thread-Topic: [RFC PATCH 05/28] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Thread-Index: AQHVVtYTRsM0mPTGh0OdCosfG5VAaQ== Date: Mon, 19 Aug 2019 21:35:53 +0000 Message-ID: <096c6641b2f228177ab3bb815211379c1f650028.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.17.1 x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cd1b65f5-4732-4bba-0d24-08d724ed35fb x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:BYAPR12MB2965; x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 0134AD334F x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(366004)(376002)(396003)(136003)(39860400002)(189003)(199004)(30864003)(50226002)(53936002)(316002)(5660300002)(2351001)(52116002)(76176011)(36756003)(53946003)(6436002)(71200400001)(19627235002)(6512007)(7736002)(256004)(86362001)(14454004)(478600001)(305945005)(2906002)(71190400001)(2501003)(64756008)(186003)(118296001)(4326008)(26005)(6486002)(99286004)(1730700003)(386003)(6506007)(66066001)(66476007)(66556008)(8676002)(102836004)(81166006)(25786009)(66446008)(6916009)(54906003)(3846002)(6116002)(486006)(5640700003)(476003)(2616005)(11346002)(446003)(81156014)(66946007)(8936002)(579004);DIR:OUT;SFP:1101;SCL:1;SRVR:BYAPR12MB2965;H:BYAPR12MB3158.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: c32uRtY0CYGYkYvG+cKezcQptqrcgdEfpkAN3d53riRyLRXW5yuYIHeTPS6Amv9HVWlXOdhQht+Ty74f9xVrj9yK2BQ21xtmUva1lTtYUBbMS1Q6Ht0bM9aFWaXYPr5PC8ztCDYm+yioNuPV8dGpn1KmeufMG9xaqwxt6wwXNyQxfxJGz4YxYuz2I+rJrESUE7V4l3M7Jzhqq3R9y30cnlV4gUrtFlcpv3htrXcanVAcYMGyLYeTi8v9G6/p1SbvGb5uwCkZNvFR8CJfQU0sVrSVhKEJ4oqC2/gPia7mnSHhkAI0o9wsTZ+9UM6t8Mu3NtympfR2IClfXfPEZiYkLJuCwp8O+0ihqJwFx0kVIFoW4JteVMPiqzyIGXHZb8vwmCkjWGiKB5TjKRmfTkZeY+piXJ3FHdUdJwyW3IdZIlM= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd1b65f5-4732-4bba-0d24-08d724ed35fb X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:53.0417 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: k7f/5sNwkK3NS5t5HCj+HZ5zduu7YzVeDE9ryoofZjHS8+WmRCDYjI4Aycb8BdAqlKofPFu2aHhW1m2w1JQLow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-ID: <4153BA704B6115469807B8603FD45080@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable From: Tom Lendacky Allocate memory for the GHCB pages during SEV initialization for use during Pei and Dxe phases. Since the GHCB pages must be mapped as shared pages, modify CreateIdentityMappingPageTables() so that pagetable entries are created without the encryption bit set. Signed-off-by: Tom Lendacky --- UefiCpuPkg/UefiCpuPkg.dec | 4 ++ OvmfPkg/OvmfPkgX64.dsc | 4 ++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + OvmfPkg/PlatformPei/PlatformPei.inf | 2 + .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +++- .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +- .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +++- .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 ++++++++++---- .../MemEncryptSevLibInternal.c | 1 - .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 33 ++++++++-- OvmfPkg/PlatformPei/AmdSev.c | 64 +++++++++++++++++++ 11 files changed, 164 insertions(+), 23 deletions(-) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 6ddf0cd22466..4d5a2593cf13 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -323,5 +323,9 @@ [PcdsDynamic, PcdsDynamicEx] # @ValidRange 0x80000001 | 0 - 1 gUefiCpuPkgTokenSpaceGuid.PcdCpuProcTraceOutputScheme|0x0|UINT8|0x600000= 15 =20 + ## Contains the GHCB page allocation information.

+ gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0|UINT64|0x60000016 + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0|UINT64|0x60000017 + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index dda8dac18441..d6fc7cdf7da8 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -569,6 +569,10 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 =20 + # Set GHCB base address for SEV-ES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0 + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index abc3217b0179..b994398633e3 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -52,6 +52,7 @@ [Sources.ARM, Sources.AARCH64] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + UefiCpuPkg/UefiCpuPkg.dec =20 [Packages.ARM, Packages.AARCH64] ArmPkg/ArmPkg.dec @@ -110,6 +111,8 @@ [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##= CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase ##= CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index aed1f64b7c93..f53195e6dda5 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -102,6 +102,8 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePk= g/Core/DxeIplPeim/X64/VirtualMemory.h index 2d0493f109e8..6b7c38a441d6 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h @@ -201,6 +201,8 @@ EnableExecuteDisableBit ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ VOID @@ -208,7 +210,9 @@ Split2MPageTo4K ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ); =20 /** @@ -217,6 +221,8 @@ Split2MPageTo4K ( =20 @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 @return The address of 4 level page map. =20 @@ -224,7 +230,9 @@ Split2MPageTo4K ( UINTN CreateIdentityMappingPageTables ( IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbkSize ); =20 =20 diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg= /Core/DxeIplPeim/Ia32/DxeLoadFunc.c index 172d7cd1c60c..630a3503f6ba 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c @@ -123,7 +123,7 @@ Create4GPageTablesIa32Pae ( // // Need to split this 2M page that covers stack range. // - Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize, 0, 0); } else { // // Fill in the Page Directory entries @@ -278,7 +278,7 @@ HandOffToDxeCore ( // // Create page table and save PageMapLevel4 to CR3 // - PageTables =3D CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZ= E); + PageTables =3D CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZ= E, 0, 0); =20 // // End of PEI phase signal diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/= Core/DxeIplPeim/X64/DxeLoadFunc.c index 2867610bff4d..77da20e5c5c5 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c @@ -35,6 +35,8 @@ HandOffToDxeCore ( UINT32 Index; EFI_VECTOR_HANDOFF_INFO *VectorInfo; EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; + VOID *GhcbBase; + UINTN GhcbSize; =20 if (IsNullDetectionEnabled ()) { ClearFirst4KPage (HobList.Raw); @@ -77,12 +79,19 @@ HandOffToDxeCore ( TopOfStack =3D (VOID *) ((UINTN) BaseOfStack + EFI_SIZE_TO_PAGES (STACK_= SIZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); TopOfStack =3D ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); =20 + // + // Get the address and size of the GHCB pages + // + GhcbBase =3D (VOID *) PcdGet64 (PcdGhcbBase); + GhcbSize =3D PcdGet64 (PcdGhcbSize); + PageTables =3D 0; if (FeaturePcdGet (PcdDxeIplBuildPageTables)) { // // Create page table and save PageMapLevel4 to CR3 // - PageTables =3D CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS)= (UINTN) BaseOfStack, STACK_SIZE); + PageTables =3D CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS)= (UINTN) BaseOfStack, STACK_SIZE, + (EFI_PHYSICAL_ADDRESS) (= UINTN) GhcbBase, GhcbSize); } else { // // Set NX for stack feature also require PcdDxeIplBuildPageTables be T= RUE diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePk= g/Core/DxeIplPeim/X64/VirtualMemory.c index edc38e4525c4..b3c3c3276e6a 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -180,6 +180,8 @@ EnableExecuteDisableBit ( @param Size Size of the given physical memory. @param StackBase Base address of stack. @param StackSize Size of stack. + @param GhcbBase Base address of GHCB pages. + @param GhcbSize Size of GHCB area. =20 @retval TRUE Page table should be split. @retval FALSE Page table should not be split. @@ -189,7 +191,9 @@ ToSplitPageTable ( IN EFI_PHYSICAL_ADDRESS Address, IN UINTN Size, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { if (IsNullDetectionEnabled () && Address =3D=3D 0) { @@ -208,6 +212,12 @@ ToSplitPageTable ( } } =20 + if (GhcbBase) { + if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase)) = { + return TRUE; + } + } + return FALSE; } /** @@ -321,6 +331,8 @@ AllocatePageTableMemory ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ VOID @@ -328,7 +340,9 @@ Split2MPageTo4K ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { EFI_PHYSICAL_ADDRESS PhysicalAddress4K; @@ -354,7 +368,12 @@ Split2MPageTo4K ( // // Fill in the Page Table entries // - PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncMask= ; + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K; + if (!GhcbBase + || (PhysicalAddress4K < GhcbBase) + || (PhysicalAddress4K >=3D GhcbBase + GhcbSize)) { + PageTableEntry->Uint64 |=3D AddressEncMask; + } PageTableEntry->Bits.ReadWrite =3D 1; =20 if ((IsNullDetectionEnabled () && PhysicalAddress4K =3D=3D 0) || @@ -382,6 +401,8 @@ Split2MPageTo4K ( @param[in, out] PageEntry1G Pointer to 1G page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ VOID @@ -389,7 +410,9 @@ Split1GPageTo2M ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry1G, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { EFI_PHYSICAL_ADDRESS PhysicalAddress2M; @@ -412,11 +435,11 @@ Split1GPageTo2M ( =20 PhysicalAddress2M =3D PhysicalAddress; for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries < 51= 2; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += =3D SIZE_2MB) { - if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSiz= e)) { + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSiz= e, GhcbBase, GhcbSize)) { // // Need to split this 2M page that covers NULL or stack range. // - Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries @@ -615,6 +638,8 @@ EnablePageTableProtection ( =20 @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB base address. + @param[in] GhcbSize GHCB size. =20 @return The address of 4 level page map. =20 @@ -622,7 +647,9 @@ EnablePageTableProtection ( UINTN CreateIdentityMappingPageTables ( IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { UINT32 RegEax; @@ -734,8 +761,8 @@ CreateIdentityMappingPageTables ( PageDirectory1GEntry =3D (VOID *) PageDirectoryPointerEntry; =20 for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries = < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += =3D SIZE_1GB) { - if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize)= ) { - Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, S= tackBase, StackSize); + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize,= GhcbBase, GhcbSize)) { + Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, S= tackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries @@ -763,11 +790,11 @@ CreateIdentityMappingPageTables ( PageDirectoryPointerEntry->Bits.Present =3D 1; =20 for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntrie= s < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += =3D SIZE_2MB) { - if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSiz= e)) { + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSiz= e, GhcbBase, GhcbSize)) { // // Need to split this 2M page that covers NULL or stack range. // - Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.= c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c index 9c1d68e017fe..1dce01dd7546 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c @@ -109,7 +109,6 @@ MemEncryptSevIsEnabled ( return mSevStatus; } =20 - /** Locate the page range that covers the initial (pre-SMBASE-relocation) SM= RAM Save State Map. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c index 5e110c84ff81..3a4f223f8a86 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c @@ -183,6 +183,8 @@ AllocatePageTableMemory ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ STATIC @@ -191,7 +193,9 @@ Split2MPageTo4K ( IN PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { PHYSICAL_ADDRESS PhysicalAddress4K; @@ -217,7 +221,12 @@ Split2MPageTo4K ( // // Fill in the Page Table entries // - PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncMask= ; + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K; + if (!GhcbBase + || (PhysicalAddress4K < GhcbBase) + || (PhysicalAddress4K >=3D GhcbBase + GhcbSize)) { + PageTableEntry->Uint64 |=3D AddressEncMask; + } PageTableEntry->Bits.ReadWrite =3D 1; PageTableEntry->Bits.Present =3D 1; if ((PhysicalAddress4K >=3D StackBase) && @@ -417,6 +426,8 @@ EnablePageTableProtection ( @param[in, out] PageEntry1G Pointer to 1G page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ STATIC @@ -425,7 +436,9 @@ Split1GPageTo2M ( IN PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry1G, IN PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { PHYSICAL_ADDRESS PhysicalAddress2M; @@ -450,8 +463,10 @@ Split1GPageTo2M ( (IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M +=3D SIZE_2MB)) { - if ((PhysicalAddress2M < StackBase + StackSize) && - ((PhysicalAddress2M + SIZE_2MB) > StackBase)) { + if (((PhysicalAddress2M < StackBase + StackSize) && + ((PhysicalAddress2M + SIZE_2MB) > StackBase)) || + ((PhysicalAddress2M < GhcbBase + GhcbSize) && + ((PhysicalAddress2M + SIZE_2MB) > GhcbBase))) { // // Need to split this 2M page that covers stack range. // @@ -459,7 +474,9 @@ Split1GPageTo2M ( PhysicalAddress2M, (UINT64 *)PageDirectoryEntry, StackBase, - StackSize + StackSize, + GhcbBase, + GhcbSize ); } else { // @@ -714,6 +731,8 @@ SetMemoryEncDec ( (UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30, (UINT64 *)PageDirectory1GEntry, 0, + 0, + 0, 0 ); continue; @@ -768,6 +787,8 @@ SetMemoryEncDec ( (UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21, (UINT64 *)PageDirectory2MEntry, 0, + 0, + 0, 0 ); continue; diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 2ae8126ccf8a..84896d4681f9 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -16,9 +16,68 @@ #include #include #include +#include +#include +#include =20 #include "Platform.h" =20 +/** + + Initialize SEV-ES support if running an SEV-ES guest. + + **/ +STATIC +VOID +AmdSevEsInitialize ( + VOID + ) +{ + VOID *GhcbBase; + PHYSICAL_ADDRESS GhcbBasePa; + UINTN GhcbPageCount; + RETURN_STATUS DecryptStatus, PcdStatus; + + if (!MemEncryptSevEsIsEnabled ()) { + return; + } + + GhcbPageCount =3D mMaxCpuCount; + + // + // Allocate GHCB pages. + // + GhcbBase =3D AllocatePages (GhcbPageCount); + ASSERT (GhcbBase); + + GhcbBasePa =3D (PHYSICAL_ADDRESS)(UINTN) GhcbBase; + + DecryptStatus =3D MemEncryptSevClearPageEncMask ( + 0, + GhcbBasePa, + GhcbPageCount, + TRUE + ); + ASSERT_RETURN_ERROR (DecryptStatus); + + BuildMemoryAllocationHob ( + GhcbBasePa, + EFI_PAGES_TO_SIZE (GhcbPageCount), + EfiBootServicesData + ); + + SetMem (GhcbBase, GhcbPageCount * SIZE_4KB, 0); + + PcdStatus =3D PcdSet64S (PcdGhcbBase, (UINT64)GhcbBasePa); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdGhcbSize, (UINT64)EFI_PAGES_TO_SIZE (GhcbPag= eCount)); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting= at 0x%lx\n", GhcbPageCount, GhcbBase)); + + AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa); +} + /** =20 Function checks if SEV support is available, if present then it sets @@ -89,4 +148,9 @@ AmdSevInitialize ( EfiBootServicesData // MemoryType ); } + + // + // Check and perform SEV-ES initialization if required. + // + AmdSevEsInitialize (); } --=20 2.17.1