From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.74])
 by mx.groups.io with SMTP id smtpd.web08.69870.1629381980508500658
 for <devel@edk2.groups.io>;
 Thu, 19 Aug 2021 07:06:20 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=hryDwfgG;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.74, mailfrom: ashish.kalra@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Nv8feEiTza87Y/SrORN9uA2vhBJGoudZoDkKLV2CM4Uc1S1AhDFHBuC1dVHBlTXa5GnBz0DQERGoSSF26GfwExIr/NlYyIMR1binbPnLi7jY9IYROgZebbPGiVzI083fCnqiDHruV4wp/Vy+kTXxf2kxuCyuFkx4hOpNopvQESgZUureJiMo1azd8LQ/PuW1tdca6JTUAM3Fvv4kumBEboWD3ucNXVYLGdUdVSoENAYPN6jOQSiU8J5qFYhso6EVoGhJ6B7A/wJwL0Dw9NPRUOQoXgF2WCe6k5D/A6BRAqDeuZtcA13u5QneUIQaGc48HF9fYQVaeXf61JdLx1vSDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=iSW7FhssemJySQFDeOkS69RYSbquqEk79caf/V+lVOc=;
 b=jXUdrxoIoHRX6nQv2uteqlswoLThpbMQ4O3BNxfV0pVBt0Y4aWMPFBGLVxy2pmzU0gedLHctIkVKUsUYOCyhfbBIeXcOjWL8+ywykTU/vpF75mpiuLK46yjWDdxPs9dKkpx0QP+pxbyp6MRochaer1GEuYnhdbELlmyZPuY0yGWVt3zcEJjfIQq47UoIyPuoobWTrfnTshmv/K0P4uKIga1ji8kBXVosXVnAqpbl2VDzKbQegxGWPr+JeKr60R9JC0ZZOuOW5TPqRXf9Y3WXf0zTQ0szshO0YKcr2g3oSAEAarJdYE8wYTWVPtrgEvKQXhZV2Vd8szHGXQ8X8G+uoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=iSW7FhssemJySQFDeOkS69RYSbquqEk79caf/V+lVOc=;
 b=hryDwfgGwjO0ETFDioYmwEaruhPRTDL5RMYPUqQgda6dTMf5xOIK1du+ap3/2/sPv0ctPMfF4yX6oaTdh4x0IFqzOskyhg///kkj8na5oBDmL0+zOZCRpzMa6y5Mk3boyChCaT3eWZVOTfeh3XAFWeMs7xwzHDHMJviY7sZS80c=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23)
 by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Thu, 19 Aug
 2021 14:06:19 +0000
Received: from SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4415.024; Thu, 19 Aug 2021
 14:06:19 +0000
From: "Ashish Kalra" <ashish.kalra@amd.com>
To: devel@edk2.groups.io
Cc: dovmurik@linux.vnet.ibm.com,
	brijesh.singh@amd.com,
	tobin@ibm.com,
	Thomas.Lendacky@amd.com,
	jejb@linux.ibm.com,
	erdemaktas@google.com,
	jiewen.yao@intel.com,
	min.m.xu@intel.com,
	jordan.l.justen@intel.com,
	ard.biesheuvel@arm.com
Subject: [PATCH v7 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall
Date: Thu, 19 Aug 2021 14:06:08 +0000
Message-Id: <11152470c9b41058d2a8dbffe2c0a1e5d9d4a534.1629380011.git.ashish.kalra@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <cover.1629380011.git.ashish.kalra@amd.com>
References: <cover.1629380011.git.ashish.kalra@amd.com>
X-ClientProxiedBy: SN4PR0501CA0053.namprd05.prod.outlook.com
 (2603:10b6:803:41::30) To SN6PR12MB2767.namprd12.prod.outlook.com
 (2603:10b6:805:75::23)
Return-Path: Ashish.Kalra@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0501CA0053.namprd05.prod.outlook.com (2603:10b6:803:41::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.6 via Frontend Transport; Thu, 19 Aug 2021 14:06:18 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 297d12bf-10da-4737-56b7-08d9631a8440
X-MS-TrafficTypeDiagnostic: SA0PR12MB4574:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB45742A6AAE9FDF1633134F348EC09@SA0PR12MB4574.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6430;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	b/I9fv5TWCAxCRyb82FFG4ATVRuKrNxPg/T9EVrse7GJ/1Y6CQ0fqNafTQUKR5TvUulUXs5BFLO5ju9jdeEV1UDulqG9qMdliWyz8rI29SOC3dNXfPXmceBXRUlcYy56hpZOrvAmbQUvkcrXiHgdZyHESL93k5ZiezDQfmYtvBgzsGOqdpKqiqiQxPAYxAQXIDtk24/uX3YIncfds2X5EcfUw3hpa8/kPiulGDOmgO7WefU5TYkmuwdfRMb0QA9L4tUYfDNGa70ye1Scw3PDvAXC24qi8xhJAMUdhh9wq5U+sHodfLTcq4iqdBLc0qkSPwLXEAMLGrqMCvG+8bQmrn8FxdMpfJZAOelNrcBzsMRVwJy4dO0hBMPfWNyHNw4ZPtT9UkQlCBzISMp6bWS4SPWQBd6Pbfjcc433FiM/P+X1uTwVx7yx2uIt8J62tC3WYqH99KHyD9RH4XrUvbDj2FHhXB4lDCmGcgaAw7EOIb4jj/RnRvAD/igJ5duL9dXw0lgUMnsZd8luyvJhwbiX+Mdyx1YhL4rB8zvxEmIu39GPh+g7aHrLYS/B2QLNzQ3h9Ozb5gQXwEElFS+/ZhkZv9nwhaPWz1xVTgGFkUNWVL9413r4XzWqlFkWoptboJjFaGQWwhiZpV+mf+YqqiNpDjzAFa+dDZGRD8YcHnI5wVsbMyskPlCZwM0xcRak2kTD0GnCl5fyLlnWunvMUsFCyQ==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(366004)(376002)(346002)(7696005)(66476007)(36756003)(956004)(6666004)(38350700002)(5660300002)(66946007)(52116002)(6486002)(2906002)(8936002)(316002)(186003)(19627235002)(66556008)(4326008)(86362001)(26005)(38100700002)(478600001)(8676002)(6916009)(2616005);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?KLB8VbHWTWk5zgwu3ikZpXy1RXCCvXrwlfqgjc47eFNDvM2RyXL1A4EqGDn4?=
 =?us-ascii?Q?Gms0kJOZaq8AxfR40AXnuXudZY727Mn3qjULJGiJDajlhbe++H/J5pT613wR?=
 =?us-ascii?Q?PNWowDZta8kJsKkUoorUlX3+74wZPPU2kYj821qSwGXYcWsMn4mJu4GCcz/h?=
 =?us-ascii?Q?sYHocT4JbhAlaqvbtt1iZ/pgAlJrleoJCn3LDCIkcIvqJHcCksG1B8bF7Krk?=
 =?us-ascii?Q?l7fQK6/idZY+jvyqN9cqWGGHknOzLAkVgQsWfcEIhHgOPUDXkkqysdVtva1l?=
 =?us-ascii?Q?vcrdf8T2XwBuSAQPTKPYvUNCp5XVY5JCldA4XgbZwzL6FTjTFaxFImNuPg8o?=
 =?us-ascii?Q?PQJr4d102DdK8TiNZCvMo0HibFXWpZ2DyXVa0c1yZFsy+dCm0yyBNl1zD29B?=
 =?us-ascii?Q?DaVGixG4E3ohd1kcSgwMqYdgGDHUXpnICZWfaiuHruJ1zoPmWYBkeIlv4re9?=
 =?us-ascii?Q?PlJmFgT1eHuvcpogCPzqhcDg7byYWArylKjtn0a+DaFAQckYoOMmBhpglCwB?=
 =?us-ascii?Q?GXSuVNMPddROLa6crXmKomQ/dfzIu4mAN+e7vIs5OFClCE08tlCmdQpzkc0K?=
 =?us-ascii?Q?u1kL3vwuW4uvl7pLHabF2o2v1IhknPMJntdDvWdheZLWiW2s7SioTQ2hL+m/?=
 =?us-ascii?Q?1PSbU5ot1r7nX+jnZtWbSwwz3t3UHrENMS3opqBR+8TcvV1eLnAaCXr54Oae?=
 =?us-ascii?Q?uQ4l7KgKja1LzALSVleOeCtAmtva+Xik1vzsdxHdzIQSHKEbp/lUxFmLEHXx?=
 =?us-ascii?Q?tN19qgkw8COE1Pjfn6Po+ULsdC0wDGNHFBdfJ9NBKgUBfSJR+kgPQcNFQOh7?=
 =?us-ascii?Q?MeVU3G9DkqMSXJCE3/GOUfcDwspI7fHav7r+gW5A7I523ZXzlIA+Xn8Uno3W?=
 =?us-ascii?Q?tjdWijWzTHjc+nO39opk1z1OB+WNc4UxsYlarzt2r3BdN6jFUrXv4KyLFrp5?=
 =?us-ascii?Q?WMikk14C/xe6Ju8mmBlF1Oo5kDDsNfnyrFWjK4PAZIeT5yEG5xoS8jJrXqqw?=
 =?us-ascii?Q?C8WIB30tfT5+UUCRPxrxLnTd61Lhj1zwzWnslKqG/KOS/rZn2i3R3jTWa5pa?=
 =?us-ascii?Q?bHzhKFa04qduuMGeEtxvRAGOUnoIgwI7MisoDJlKRTFe5id5RPdnUPeOwSZm?=
 =?us-ascii?Q?RDi9bx4+MbwGLWCCrQNmAqIF1rHBcRMjsfCWFicJMHLCi1yE2AeEZPG3dRjO?=
 =?us-ascii?Q?UdcwOGH3OcwyWvLeUodPpDcBHBwAWjj2IhZqM9cfqsClfEDc3jWgP7LSUEyX?=
 =?us-ascii?Q?kUGMJkzDTZV0Z5LMy9uUuEfd68WgKQKqdGGFO0I0xT3K0FqPmzzaIGdU4Fe8?=
 =?us-ascii?Q?wURelTsndYMJi0UCosesHdDS?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 297d12bf-10da-4737-56b7-08d9631a8440
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2021 14:06:19.1362
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: dV0Er6VCFSMDOtsTzXVArwWPhCGuKG4WQlFmy9F4Rh9qd7y5AyUJR0MrHPFfoRhGyhBY4sdUUN3AE2oKQLCTEg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574
Content-Type: text/plain

From: Ashish Kalra <ashish.kalra@amd.com>

Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor's guest page encryption
state tracking.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022..1d38056ec0 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -52,6 +52,17 @@ AmdSevEsInitialize (
   PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
   ASSERT_RETURN_ERROR (PcdStatus);
 
+  //
+  // The SEC Ghcb setup during reset-vector needs to be marked as
+  // decrypted in the hypervisor's guest page encryption state
+  // tracking.
+  //
+  SetMemoryEncDecHypercall3 (
+    FixedPcdGet32 (PcdOvmfSecGhcbBase),
+    EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
+    FALSE
+    );
+
   //
   // Allocate GHCB and per-CPU variable pages.
   //   Since the pages must survive across the UEFI to OS transition
-- 
2.17.1