From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.79]) by mx.groups.io with SMTP id smtpd.web10.6617.1607040250767792302 for ; Thu, 03 Dec 2020 16:04:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=nMrd2twE; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.79, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G9feCwzhmJ8zt5fkvkUkP6ltTLa5+uO83S+MYddpco7Td9I4D2MSj0XFEibjnKJuh+w+PvaZ6jqP+dibhpfCgt0zLm+GZn/4tZp95akowtiwpkUUE0QFC6G9/2dSN74Wka22uP2TVVkhn7UN/yXN0NG27PKvRXoGd9P9yeOJOVmuEq5UWPsviCr6r4TG9UkWo/+IJiltXBlu0be+sMPeM97F6oPcSBCk/ceN4zsWWImkvdwi5kNa+tfqiEHAYLfwQa8zDMI4qJTDqh9Hy/um0o/56ota79rGPwT8ddwDmTWvDUZVb5T8BtdNcttUCRxXlgWPZq8TUiqXCK9PRkUPVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9NrRjuDbk0gR894EdP5cVW8mfT1mrhqJ0Tz+jGFClXs=; b=CeNcRBZjeQt4WsWiXjLJVniBQWXRtt0LCvgEC9kJaUtri4YzwBiPvMPjfjGTFx4/aujbY0hetxdLr/2/Rtt/DuESLUVsfQV0cA5zSd1D4132XTDRBCmwrySzOfwzw7yul6M2KcGQje2lL5ttMMlh1OREnuKGQUyWLXYLEA7uYk5kigP3ucK0TUzUq397I1fUNndM0IMxBDtfQw3r9160o/ETxS10nNuFsgX9kcqJxI3/87/jNQXc8fldTGA76HtwkznvVSmM/pwz/BiHZikpIBhZBEwRElMs/puwBZMHvga6JM4MG8UkOtXRvjPbEx1d7QlArxXsrSSOE8KJkosQFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9NrRjuDbk0gR894EdP5cVW8mfT1mrhqJ0Tz+jGFClXs=; b=nMrd2twE5I4p75FPT7oOzLNhrNWI/cP1I1vRZC6pHhyOBz5kBukUcaN58tLT43ClToEJQQJSmt1TQ6/FbDZBc9MYUfzM60ezUOhVWD0yzvUqjHofs190bk+FTXxNFdFHFIpVGVLoNzUNVjQCaMPMY2zxInYYlpexETuVmy03JPw= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Fri, 4 Dec 2020 00:04:06 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Fri, 4 Dec 2020 00:04:06 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [PATCH v3 3/3] OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap. Date: Fri, 4 Dec 2020 00:03:56 +0000 Message-Id: <1091f14cf79ab501485f247488d71380b5117dbe.1607038824.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0401CA0035.namprd04.prod.outlook.com (2603:10b6:803:2a::21) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0401CA0035.namprd04.prod.outlook.com (2603:10b6:803:2a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Fri, 4 Dec 2020 00:04:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 10c97df5-cbb1-4152-bee8-08d897e81db7 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0A8s1WkBGpEy/85HzQYmLUL4c4gc35bOVByxcQZwCNWPKi3lOmErOaxmUv0g5RvgyDMumWfARNYEIzmEYjrW+QTg6Wi3hl/ATXwxWHS96HHpiv4QScc7F3exfc1zpPiyyiDR/CvWNtLnMahWdVxdUqGSAN2q1PEM3V3/dpTcinDP5H59iqA9/InFGS502uWL+78b+QhWCcxD2l4UrLnnH9dJtUbhzkt+LJDljlW7mM1CJapXUHuLbBB8wyhFkZdrwdF3wIIWk6ETVuUVgHcjO6ayRO1F7VZeYTGlu2e8IM+fnWtUtiYS08vISIytR1wILZdVI266cym+4yLIjKKXzg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(346002)(136003)(396003)(366004)(478600001)(86362001)(66476007)(5660300002)(6666004)(66946007)(66556008)(956004)(19627235002)(2616005)(7696005)(316002)(52116002)(2906002)(16526019)(8676002)(186003)(6916009)(6486002)(26005)(8936002)(36756003)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?gF134VJC4ANy6kZ/KB4U9QsRBcdtQpJJ5FNDnr6p/ZC4Gud0r2/myRtmQz8r?= =?us-ascii?Q?2+qI5BkRitpagOXm1Qq32OjQ0ZSQJtd/voUImN/h9GQq7P1qw370yobgqDgX?= =?us-ascii?Q?03kV9qAaZu+Ep78/1GLHTPypYlQG4Nc6uoHi7bTalUoCk098+Xhpb3zurE9+?= =?us-ascii?Q?CyjKJSx511Ynr9XhIFmKFb8l/rkF5LbgsRN7VA5FGmFAvQkpcBQz5UixIdQK?= =?us-ascii?Q?DkdKSwEfiB6BYcwXfnWZjMEDR6M4t06/HZx3SiFs84waInHzmwLwIUwy0tSV?= =?us-ascii?Q?yU3QR0nbNvDDP7N3iOMby5PVXxpF04q1GtAhjNk+XW7hOuuu9jpMbvkrRybm?= =?us-ascii?Q?B5KQnInshv/evbCh2dAzZxz8SE+ApMFR5SxLMSvrc9/bZMZycW8z/yzethIN?= =?us-ascii?Q?aHfYJmDEI2AphQQ9u6dxTzKRagL7GN47/+eWndjihd+RWpn0mOocsRZ/ONI4?= =?us-ascii?Q?6WsVisluiO5nfIn3bRa8ds9MUpRJSEmKr63uxYHN3jhHR8o7w+qXlgYTLpNr?= =?us-ascii?Q?QJgfyys85X0uxtKImJY0RCakKvHNo6iPm1+eid5vhGtKjUD8vRWWhuzeP12a?= =?us-ascii?Q?focqKFzlYE48vt2lnu6ogU8zfN/Kbb/TbpZfKTz5wOaaMH59i3isv4XQXLNZ?= =?us-ascii?Q?pNKiqL22Hs05KBnmixb/629c47uxAYAKeqo+AkYSaYqajmHKDpbY8gU+MxVw?= =?us-ascii?Q?JL0DNuLCu6eQad+b8u4WYkRgHhIL2HnmhbH5FafIwjXtmBF+juHoNY91oUDz?= =?us-ascii?Q?jNiwJNJYsx1Wj1s/Hhmk/imv6iJW4Ciczg1PazE7iCwgMJGOs/ikWLZaN5pP?= =?us-ascii?Q?7vwYNkIuUGAgHjhhMehZuwezt/6z/GftaGEFOTn1keT9JlOahb6hJwfaa1o5?= =?us-ascii?Q?09Wi/awKNeygvrEPH26DKOLKEV8wDCGBwz8rcbHLhx3KnoIsBDwKjAMwSrml?= =?us-ascii?Q?EdQOyysaecNcFXpNsQq7PR2q43g9ZaG/5KkciOhaPuuT2u9944f7Xlwk2VoT?= =?us-ascii?Q?mxtN?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 10c97df5-cbb1-4152-bee8-08d897e81db7 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Dec 2020 00:04:06.1042 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Vp0O0AwJMhM6CJIDXYftBN3x10gnL2Ta1ChDwWGvL+mmxIO75bJ6s677wYdBDXXabUjV6/k5BGLrtSox9L1X7A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Content-Type: text/plain From: Ashish Kalra Mark the SEC GHCB page that is mapped as unencrypted in ResetVector code in the hypervisor page encryption bitmap. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 4a515a4847..da9470db7f 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -49,6 +50,15 @@ AmdSevEsInitialize ( PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + // + // GHCB_BASE setup during reset-vector needs to be marked as + // decrypted in the hypervisor page encryption bitmap. + // + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), + FALSE + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition -- 2.17.1