From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <brijesh.ksingh@gmail.com>
Received: from mail-it0-x241.google.com (mail-it0-x241.google.com
 [IPv6:2607:f8b0:4001:c0b::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B3B0980333
 for <edk2-devel@ml01.01.org>; Mon,  6 Mar 2017 15:27:37 -0800 (PST)
Received: by mail-it0-x241.google.com with SMTP id w185so11363317ita.3
 for <edk2-devel@ml01.01.org>; Mon, 06 Mar 2017 15:27:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:subject:to:cc:date:message-id:in-reply-to:references
 :user-agent:mime-version:content-transfer-encoding;
 bh=NhFE9VUwdBHZlRBOozeZMhxftUbqETgHBmjfPRfJVPw=;
 b=D1jWM3vlxZLRZPnJDbLZqu+m8a54QlSzQMzRlgp3VOMJKClmIJWUvBUvhpy0S6VzsE
 NeQQ8AWORk/0tucXzIpTkU7Ehp2EOkbB4OMo/Ms9cIWvXi0DjacxRKLL4Jn6NIUzWGZA
 zULe3woTxBSIz2fN311p5ZZErdqPVSgvqBKz2sq16MmR3y9QOJ9fFXYVHkoP4CDxtrF4
 NTidn6bVAflOtxahi+hK5kp4Mc0/7B0r0APXWU8KPpg7Ca7nvtWNRR/RkgR+ZkZL3uvp
 5PHlX0XR9hUgPLcUGPANE/i/IVBN//yejhF2KiP/OUagNPOgA0JtJlgoFSlDQWQwXy3y
 o7rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to
 :references:user-agent:mime-version:content-transfer-encoding;
 bh=NhFE9VUwdBHZlRBOozeZMhxftUbqETgHBmjfPRfJVPw=;
 b=BGsDvmmU3VVGbqcqqye0nFmbZOYJGdu8UIg/1Kdir2236oaGapKQHOvz3YB08DeOOM
 rUkNqVpLqwhgSRn5/T6a2ldyMrB0LYJsD7Dl24tVRAOJdAfGsFBd1t71bFghap16PJ6/
 nB/+PIR3mMuNTaZQvVqxw5CmScwNMoQ1yDHDoBBYO7Cgt+DXDDPR2TvYrlvLCzjKvjWC
 QkRGfSmI276B7f5XLJdvne25pZmTrJg1+L5Mijr5wM60TeF8YFIodwAcZ/lJ4Z8wnpoH
 Vu8TPlNjRXC4Q2VJDBAmevHiSX7Lz0KGzLbiXEK/P1wj5HphiluDY41vhGKb8fGFszet
 A+sQ==
X-Gm-Message-State: AMke39lHtoYJT3i4PmCLBKT0XhyOmFxJDoAMUj7thBVkt9QPzUg9Omg9EJQs7oFmvab1DQ==
X-Received: by 10.36.91.67 with SMTP id g64mr15943269itb.20.1488842857086;
 Mon, 06 Mar 2017 15:27:37 -0800 (PST)
Received: from [127.0.1.1] ([165.204.77.1])
 by smtp.gmail.com with ESMTPSA id b15sm9337856ioj.34.2017.03.06.15.27.36
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 06 Mar 2017 15:27:36 -0800 (PST)
From: Brijesh Singh <brijesh.ksingh@gmail.com>
X-Google-Original-From: Brijesh Singh <brijesh.singh@amd.com>
To: jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com
Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com, brijesh.sing@amd.com
Date: Mon, 06 Mar 2017 18:27:35 -0500
Message-ID: <148884285589.29188.3336162059588227554.stgit@brijesh-build-machine>
In-Reply-To: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine>
References: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Subject: [RFC PATCH v1 1/5] OvmfPkg/ResetVector: Set memory encryption when SEV is active
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 23:27:37 -0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

SEV guest VMs have the concept of private and shared memory. Private
memory is encrypted with the guest-specific key, while shared memory
may be encrypted with hypervisor key. The C-bit (encryption attribute)
in PTE indicates whether the page is private or shared.

If SEV is active, set the memory encryption attribute while building
the page table.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |   52 +++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 6201cad..eaf9732 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -26,6 +26,7 @@ BITS    32
 %define PAGE_GLOBAL           0x0100
 %define PAGE_2M_MBO            0x080
 %define PAGE_2M_PAT          0x01000
+%define KVM_FEATURE_SEV         0x08
 
 %define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \
                           PAGE_ACCESSED + \
@@ -37,6 +38,33 @@ BITS    32
                        PAGE_READ_WRITE + \
                        PAGE_PRESENT)
 
+; Check if Secure Encrypted Virtualization (SEV) feature
+; is enabled in KVM
+;
+;  If SEV is enabled, then EAX will contain Memory encryption bit position
+;
+CheckKVMSEVFeature:
+    ; Check for SEV feature
+    ;  CPUID KVM_FEATURE - Bit 8
+    mov       eax, 0x40000001
+    cpuid
+    bt        eax, KVM_FEATURE_SEV
+    jnc       NoSev
+
+    ; Get memory encryption information
+    ; CPUID Fn8000_001F[EBX] - Bits 5:0
+    ;
+    mov       eax,  0x8000001f
+    cpuid
+    mov       eax, ebx
+    and       eax, 0x3f
+    jmp       SevExit
+
+NoSev:
+    xor       eax, eax
+
+SevExit:
+    OneTimeCallRet CheckKVMSEVFeature
 
 ;
 ; Modified:  EAX, ECX
@@ -60,18 +88,41 @@ clearPageTablesMemoryLoop:
     mov     dword[ecx * 4 + PT_ADDR (0) - 4], eax
     loop    clearPageTablesMemoryLoop
 
+    ; Check if it SEV-enabled Guest
+    ;
+    OneTimeCall   CheckKVMSEVFeature
+    xor     edx, edx
+    test    eax, eax
+    jz      SevNotActive
+
+    ; If SEV is enabled, Memory encryption bit is always above 31
+    mov     ebx, 32
+    sub     ebx, eax
+    bts     edx, eax
+
+SevNotActive:
+
+    ;
     ;
     ; Top level Page Directory Pointers (1 * 512GB entry)
     ;
+    ; edx contain the memory encryption bit mask, must be applied
+    ; to upper 31 bit on 64-bit address
+    ;
     mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (4)], edx
 
     ;
     ; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
     ;
     mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1004)], edx
     mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x100C)], edx
     mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1004)], edx
     mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x100C)], edx
 
     ;
     ; Page Table Entries (2048 * 2MB entries => 4GB)
@@ -83,6 +134,7 @@ pageTableEntriesLoop:
     shl     eax, 21
     add     eax, PAGE_2M_PDE_ATTR
     mov     [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
+    mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
     loop    pageTableEntriesLoop
 
     ;