From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+115858+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 004C87803D2
	for <rebecca@openfw.io>; Thu, 22 Feb 2024 17:33:02 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=DWxiWz/f6DaEadYgyYEjnmIUWcIhd9KALjdnZtgl410=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1708623181; v=1;
 b=u4wwOg5Sfquw8JBcAshxGM7/5mdrKmaXqOdUsFpIL+pd0WXM12O+Y+0SEf07ueSaChw0jC1z
 HLN1ufPXMzWmpBAU44cR+MpVq/XgPZcI+gu9713AaWlFL5h963w5PRe1U7Awh6e9VpnRaqSCPoV
 He1+k714mnfmTAiM9iU9pgG0=
X-Received: by 127.0.0.2 with SMTP id pQTRYY7687511x3ZCazMQBxs; Thu, 22 Feb 2024 09:33:01 -0800
X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.77])
 by mx.groups.io with SMTP id smtpd.web10.19168.1708623180863768126
 for <devel@edk2.groups.io>;
 Thu, 22 Feb 2024 09:33:01 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=bzNMHVOOz63k6ozNcEOFMuxM4deptghmm4bKGvAF8f65t0fn9HLTSSkkGlm44pKCLLvwNH6J39qQ05zbXfa4nN1KFJcZlgsaZ1vTTSZUuIh9Njh77J0c6kZ0rpE+0HWTrrbDRkmVcPhWON0jdebt2lEPt2fKM652CZbo7rOE7dQS5PZHrUb4Itit5Ofn6Gm6d8DU2eReH+2ELk7b0EP7v5xScyY5V6e0t9cfg3wS/IQEpilCEvtWvDFS1rHPna6HjGcLhsNX1h5F9tyCEEL5GZeje6g6BNAFv3ov+AU9Yo/+Cz9GCbR7aY73ysykC0JXXphbdJe4Ic221osRkUhcJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=rO9e9oknBHgX0UNUDIMZMEDEwYo4jxvYuVEPpzI1g64=;
 b=Ywo2bus2UqmTY6wQ1UMBdbJ4FCJE63IXEVjV/gGBbA7TM1y/GSmoFY+OjkB9eNBZirH1Joo7j9sVrzHU5BV9CH8su5dpdga6fvZy/hZka3U/E+taRRXuNcEXG/Jr/xHyUeVE04WyRX+yHUkBEyXfzeiPLXr/UnT/yuCUhLJu0XAzRQtYWgZqxrZKQNpkxrU3AXGa9z9Z7lK29959wx+ldwpF0Df6xDJPg75Dz5T3GPVagkr0G3Cropz4wcg9lGTEpO37A7nfVfpGT3gs/VQfgS8VoAgVJcEYFkYmhbqHG6ww4RgB2c9KniTo1GXvMuxN+zVeP6yNf3oyX5LKpk1zoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none (0)
X-Received: from BN9PR03CA0533.namprd03.prod.outlook.com (2603:10b6:408:131::28)
 by SA1PR12MB5660.namprd12.prod.outlook.com (2603:10b6:806:238::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.20; Thu, 22 Feb
 2024 17:32:57 +0000
X-Received: from BN2PEPF000044A7.namprd04.prod.outlook.com
 (2603:10b6:408:131:cafe::11) by BN9PR03CA0533.outlook.office365.com
 (2603:10b6:408:131::28) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.42 via Frontend
 Transport; Thu, 22 Feb 2024 17:32:57 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 BN2PEPF000044A7.mail.protection.outlook.com (10.167.243.101) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:32:56 +0000
X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by
 SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Thu, 22 Feb 2024 11:32:56 -0600
From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Ard Biesheuvel <ardb+tianocore@kernel.org>, Erdem Aktas
	<erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>, Jiewen Yao
	<jiewen.yao@intel.com>, Laszlo Ersek <lersek@redhat.com>, Liming Gao
	<gaoliming@byosoft.com.cn>, Michael D Kinney <michael.d.kinney@intel.com>,
	Min Xu <min.m.xu@intel.com>, Zhiguang Liu <zhiguang.liu@intel.com>, "Rahul
 Kumar" <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>, Michael Roth
	<michael.roth@amd.com>
Subject: [edk2-devel] [PATCH v2 23/23] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0
Date: Thu, 22 Feb 2024 11:30:02 -0600
Message-ID: <1246f4733a23f85c63c315f5302cf8f7d36ed5bd.1708623001.git.thomas.lendacky@amd.com>
In-Reply-To: <cover.1708623001.git.thomas.lendacky@amd.com>
References: <cover.1708623001.git.thomas.lendacky@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN2PEPF000044A7:EE_|SA1PR12MB5660:EE_
X-MS-Office365-Filtering-Correlation-Id: 27a4216e-c10f-4c15-bcdf-08dc33cc4ef4
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
	gLXY5TEwDiGV8yNFIjn9JjKimmxaiS+lcQCGD2dtmNVzi2AtkXtqaDHIrS+LqI9N1Un8KisIdTDVCBay0Ct74r91xhMPMiVAsF2/LteB5I4hD/qT6DHGat5IpgrkNcncEfVECuEsFWcVBq8CfwJgWo87P6Me1/d+mBcTftsd5XQs1GcABWUHok3RPsMu2TV/X1qPOLtgJOvcZ2/d6YyC2PRpyY11uDCg8OqYKxo1jI6q3aKQ4LwUW0yiATS357ocCuLhmZz+yHTVn0zS6Y+jIxWXDbgOEKG2ylfpIOHo6fNDAFvBdwJCA9oNbW+aibzjAboXKyuRXvQrYW6BLDhDIyXfaGd/Y+4s8Ih+dvT8ZiXkOvNQ58afZrGQu6TTJagqPKo5Rh7yM+pZnhw3aYrTRy/KrMi98k65Xah47URg4xnyeFA5ZADLcZBPydjB6UGqXEfoiThmZy/AxO9LIvn0Wacr3RG9tYX9uyTMTgUJceJpWjpRSnJ9OeXLYT/cPidmHQr0vU8D9Jdi1zNlYb4UZB1wwLRGSNAAIn2VJn5r+B/lduZq4pvcDlrV7BGsRDPjP+jYx4Y4qT4DCem1q1K9rEQu6UwbzWLVOGL2JFi+5kHJldI7pcnyyznR4KUsjgDotTXdQ38AwU4x3p313/xGEg==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:32:56.9680
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 27a4216e-c10f-4c15-bcdf-08dc33cc4ef4
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN2PEPF000044A7.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB5660
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: DPwUI3ZIHS0lalLKVyYGrVaOx7686176AA=
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=u4wwOg5S;
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}");
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654

Currently, an SEV-SNP guest will terminate if it is not running at VMPL0.
The requirement for running at VMPL0 is removed if an SVSM is present.

Update the current VMPL0 check to additionally check for the presence of
an SVSM is the guest is not running at VMPL0.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 9 +++=
+++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida=
te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index ca279d77274b..f2d9f7cf2fea 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -12,6 +12,7 @@
 #include <Library/BaseLib.h>
 #include <Library/DebugLib.h>
 #include <Library/MemEncryptSevLib.h>
+#include <Library/CcSvsmLib.h>
=20
 #include "SnpPageStateChange.h"
=20
@@ -74,10 +75,12 @@ MemEncryptSevSnpPreValidateSystemRam (
=20
   //
   // The page state change uses the PVALIDATE instruction. The instruction
-  // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate
-  // the boot.
+  // can be run at VMPL-0 only. If its not a VMPL-0 guest, then an SVSM mu=
st
+  // be present to perform the operation on behalf of the guest. If the gu=
est
+  // is not running at VMPL-0 and an SVSM is not present, then terminate t=
he
+  // boot.
   //
-  if (!SevSnpIsVmpl0 ()) {
+  if (!SevSnpIsVmpl0 () && !CcSvsmIsSvsmPresent ()) {
     SnpPageStateFailureTerminate ();
   }
=20
--=20
2.42.0



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115858): https://edk2.groups.io/g/devel/message/115858
Mute This Topic: https://groups.io/mt/104512987/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-