From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.74]) by mx.groups.io with SMTP id smtpd.web08.69870.1629381980508500658 for ; Thu, 19 Aug 2021 07:06:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=hryDwfgG; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.74, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nv8feEiTza87Y/SrORN9uA2vhBJGoudZoDkKLV2CM4Uc1S1AhDFHBuC1dVHBlTXa5GnBz0DQERGoSSF26GfwExIr/NlYyIMR1binbPnLi7jY9IYROgZebbPGiVzI083fCnqiDHruV4wp/Vy+kTXxf2kxuCyuFkx4hOpNopvQESgZUureJiMo1azd8LQ/PuW1tdca6JTUAM3Fvv4kumBEboWD3ucNXVYLGdUdVSoENAYPN6jOQSiU8J5qFYhso6EVoGhJ6B7A/wJwL0Dw9NPRUOQoXgF2WCe6k5D/A6BRAqDeuZtcA13u5QneUIQaGc48HF9fYQVaeXf61JdLx1vSDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iSW7FhssemJySQFDeOkS69RYSbquqEk79caf/V+lVOc=; b=jXUdrxoIoHRX6nQv2uteqlswoLThpbMQ4O3BNxfV0pVBt0Y4aWMPFBGLVxy2pmzU0gedLHctIkVKUsUYOCyhfbBIeXcOjWL8+ywykTU/vpF75mpiuLK46yjWDdxPs9dKkpx0QP+pxbyp6MRochaer1GEuYnhdbELlmyZPuY0yGWVt3zcEJjfIQq47UoIyPuoobWTrfnTshmv/K0P4uKIga1ji8kBXVosXVnAqpbl2VDzKbQegxGWPr+JeKr60R9JC0ZZOuOW5TPqRXf9Y3WXf0zTQ0szshO0YKcr2g3oSAEAarJdYE8wYTWVPtrgEvKQXhZV2Vd8szHGXQ8X8G+uoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iSW7FhssemJySQFDeOkS69RYSbquqEk79caf/V+lVOc=; b=hryDwfgGwjO0ETFDioYmwEaruhPRTDL5RMYPUqQgda6dTMf5xOIK1du+ap3/2/sPv0ctPMfF4yX6oaTdh4x0IFqzOskyhg///kkj8na5oBDmL0+zOZCRpzMa6y5Mk3boyChCaT3eWZVOTfeh3XAFWeMs7xwzHDHMJviY7sZS80c= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Thu, 19 Aug 2021 14:06:19 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4415.024; Thu, 19 Aug 2021 14:06:19 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [PATCH v7 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Date: Thu, 19 Aug 2021 14:06:08 +0000 Message-Id: <11152470c9b41058d2a8dbffe2c0a1e5d9d4a534.1629380011.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0501CA0053.namprd05.prod.outlook.com (2603:10b6:803:41::30) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0501CA0053.namprd05.prod.outlook.com (2603:10b6:803:41::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.6 via Frontend Transport; Thu, 19 Aug 2021 14:06:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 297d12bf-10da-4737-56b7-08d9631a8440 X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: b/I9fv5TWCAxCRyb82FFG4ATVRuKrNxPg/T9EVrse7GJ/1Y6CQ0fqNafTQUKR5TvUulUXs5BFLO5ju9jdeEV1UDulqG9qMdliWyz8rI29SOC3dNXfPXmceBXRUlcYy56hpZOrvAmbQUvkcrXiHgdZyHESL93k5ZiezDQfmYtvBgzsGOqdpKqiqiQxPAYxAQXIDtk24/uX3YIncfds2X5EcfUw3hpa8/kPiulGDOmgO7WefU5TYkmuwdfRMb0QA9L4tUYfDNGa70ye1Scw3PDvAXC24qi8xhJAMUdhh9wq5U+sHodfLTcq4iqdBLc0qkSPwLXEAMLGrqMCvG+8bQmrn8FxdMpfJZAOelNrcBzsMRVwJy4dO0hBMPfWNyHNw4ZPtT9UkQlCBzISMp6bWS4SPWQBd6Pbfjcc433FiM/P+X1uTwVx7yx2uIt8J62tC3WYqH99KHyD9RH4XrUvbDj2FHhXB4lDCmGcgaAw7EOIb4jj/RnRvAD/igJ5duL9dXw0lgUMnsZd8luyvJhwbiX+Mdyx1YhL4rB8zvxEmIu39GPh+g7aHrLYS/B2QLNzQ3h9Ozb5gQXwEElFS+/ZhkZv9nwhaPWz1xVTgGFkUNWVL9413r4XzWqlFkWoptboJjFaGQWwhiZpV+mf+YqqiNpDjzAFa+dDZGRD8YcHnI5wVsbMyskPlCZwM0xcRak2kTD0GnCl5fyLlnWunvMUsFCyQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(366004)(376002)(346002)(7696005)(66476007)(36756003)(956004)(6666004)(38350700002)(5660300002)(66946007)(52116002)(6486002)(2906002)(8936002)(316002)(186003)(19627235002)(66556008)(4326008)(86362001)(26005)(38100700002)(478600001)(8676002)(6916009)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?KLB8VbHWTWk5zgwu3ikZpXy1RXCCvXrwlfqgjc47eFNDvM2RyXL1A4EqGDn4?= =?us-ascii?Q?Gms0kJOZaq8AxfR40AXnuXudZY727Mn3qjULJGiJDajlhbe++H/J5pT613wR?= =?us-ascii?Q?PNWowDZta8kJsKkUoorUlX3+74wZPPU2kYj821qSwGXYcWsMn4mJu4GCcz/h?= =?us-ascii?Q?sYHocT4JbhAlaqvbtt1iZ/pgAlJrleoJCn3LDCIkcIvqJHcCksG1B8bF7Krk?= =?us-ascii?Q?l7fQK6/idZY+jvyqN9cqWGGHknOzLAkVgQsWfcEIhHgOPUDXkkqysdVtva1l?= =?us-ascii?Q?vcrdf8T2XwBuSAQPTKPYvUNCp5XVY5JCldA4XgbZwzL6FTjTFaxFImNuPg8o?= =?us-ascii?Q?PQJr4d102DdK8TiNZCvMo0HibFXWpZ2DyXVa0c1yZFsy+dCm0yyBNl1zD29B?= =?us-ascii?Q?DaVGixG4E3ohd1kcSgwMqYdgGDHUXpnICZWfaiuHruJ1zoPmWYBkeIlv4re9?= =?us-ascii?Q?PlJmFgT1eHuvcpogCPzqhcDg7byYWArylKjtn0a+DaFAQckYoOMmBhpglCwB?= =?us-ascii?Q?GXSuVNMPddROLa6crXmKomQ/dfzIu4mAN+e7vIs5OFClCE08tlCmdQpzkc0K?= =?us-ascii?Q?u1kL3vwuW4uvl7pLHabF2o2v1IhknPMJntdDvWdheZLWiW2s7SioTQ2hL+m/?= =?us-ascii?Q?1PSbU5ot1r7nX+jnZtWbSwwz3t3UHrENMS3opqBR+8TcvV1eLnAaCXr54Oae?= =?us-ascii?Q?uQ4l7KgKja1LzALSVleOeCtAmtva+Xik1vzsdxHdzIQSHKEbp/lUxFmLEHXx?= =?us-ascii?Q?tN19qgkw8COE1Pjfn6Po+ULsdC0wDGNHFBdfJ9NBKgUBfSJR+kgPQcNFQOh7?= =?us-ascii?Q?MeVU3G9DkqMSXJCE3/GOUfcDwspI7fHav7r+gW5A7I523ZXzlIA+Xn8Uno3W?= =?us-ascii?Q?tjdWijWzTHjc+nO39opk1z1OB+WNc4UxsYlarzt2r3BdN6jFUrXv4KyLFrp5?= =?us-ascii?Q?WMikk14C/xe6Ju8mmBlF1Oo5kDDsNfnyrFWjK4PAZIeT5yEG5xoS8jJrXqqw?= =?us-ascii?Q?C8WIB30tfT5+UUCRPxrxLnTd61Lhj1zwzWnslKqG/KOS/rZn2i3R3jTWa5pa?= =?us-ascii?Q?bHzhKFa04qduuMGeEtxvRAGOUnoIgwI7MisoDJlKRTFe5id5RPdnUPeOwSZm?= =?us-ascii?Q?RDi9bx4+MbwGLWCCrQNmAqIF1rHBcRMjsfCWFicJMHLCi1yE2AeEZPG3dRjO?= =?us-ascii?Q?UdcwOGH3OcwyWvLeUodPpDcBHBwAWjj2IhZqM9cfqsClfEDc3jWgP7LSUEyX?= =?us-ascii?Q?kUGMJkzDTZV0Z5LMy9uUuEfd68WgKQKqdGGFO0I0xT3K0FqPmzzaIGdU4Fe8?= =?us-ascii?Q?wURelTsndYMJi0UCosesHdDS?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 297d12bf-10da-4737-56b7-08d9631a8440 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2021 14:06:19.1362 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dV0Er6VCFSMDOtsTzXVArwWPhCGuKG4WQlFmy9F4Rh9qd7y5AyUJR0MrHPFfoRhGyhBY4sdUUN3AE2oKQLCTEg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Content-Type: text/plain From: Ashish Kalra Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor's guest page encryption state tracking. Cc: Jordan Justen Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..1d38056ec0 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -52,6 +52,17 @@ AmdSevEsInitialize ( PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + // + // The SEC Ghcb setup during reset-vector needs to be marked as + // decrypted in the hypervisor's guest page encryption state + // tracking. + // + SetMemoryEncDecHypercall3 ( + FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), + FALSE + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition -- 2.17.1