From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot0-x241.google.com (mail-ot0-x241.google.com [IPv6:2607:f8b0:4003:c0f::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D783080380 for ; Tue, 21 Mar 2017 13:59:07 -0700 (PDT) Received: by mail-ot0-x241.google.com with SMTP id i1so23742078ota.3 for ; Tue, 21 Mar 2017 13:59:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:user-agent:mime-version :content-transfer-encoding; bh=WzqRUIGArg7kBU+V/P6a7CcHcyTe9XGiEiHe5ocVHlo=; b=XHngemdnRZxzpoYF47w2gZ4LCpjHGDyrGloQWY/3aBbPn0K+gFBhHRK4bErpB4zSJv tfBH6c0xql5kVcFRmP4HpJgd/JZWgN7+rGItXM4xQQkuZQBrkFl/p365TFwevY/2kcHk 260p7Gbtdgu5IaV34dkf2OtgOIvXCah536KuqlOc66k8vuo1BX2CFBgsoD6701iJaZlV mfCUbOW9uS1pWOjxL3qWHL5tCbnkMYIcRXr+N/v8fVCX85jcrhsr3yhEEz3Pu0wRLFDo V7cb4/GNNo1E0PG58O6+5BCVE93aUhlqlD03LDf2UDRKh07NlU8UVPYxyggc2kIseqzu RNpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:user-agent :mime-version:content-transfer-encoding; bh=WzqRUIGArg7kBU+V/P6a7CcHcyTe9XGiEiHe5ocVHlo=; b=dQQxUIHz3Ax8W7ZoVU+wMZRsXDyBQ2vdQFlOHn2XSqjhjliDmZXMDEs2dxWFgqkb1y JJG86izV6behE1VUqB7XX0NzL9rwK/fdxKMmFwsYZD5Zoc/XkEWxhf1UZvhPyyy2WTEb n4VqahtdeYG00xqvevA++qlwtPKTtSvGQNJi9llwioRImBXJZaA0+GqZ8eWgN/Hk2pQ/ Vwg3kHdE7VxoK+1VI3pTsHVM4DE9tCiai9O11EUmv3FXufgOfLGYfWjjz0N0Fptxd5To l4hTOaYj0OBNmRd4DKh2w5Qw9YD5LWSU1InAnYFbyBTe9M+KG4ZL9J6YnRyqM3Dzoee0 jJaw== X-Gm-Message-State: AFeK/H3ZpXmT0XjNKaMEAQTxeb8q8Gf7VQ2CWx5mreQm5WMMc7CAh6MfSOGu+fnCYUVZmA== X-Received: by 10.157.20.198 with SMTP id r6mr10548823otr.43.1490129947013; Tue, 21 Mar 2017 13:59:07 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j128sm9424141oif.32.2017.03.21.13.59.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 13:59:06 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, ersek@redhat.com, edk2-devel@ml01.01.org, liming.gao@intel.com, jordan.l.justen@intel.com Cc: leo.duran@amd.com, brijesh.singh@amd.com, Thomas.Lendacky@amd.com Date: Tue, 21 Mar 2017 16:59:05 -0400 Message-ID: <149012994545.26803.15256468111517327020.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [RFC PATCH v2 00/10] x86: Secure Encrypted Virtualization (AMD) X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 20:59:08 -0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit This RFC series provides support for AMD's new Secure Encrypted Virtualization (SEV) feature. SEV is an extension to the AMD-V architecture which supports running multiple VMs under the control of a hypervisor. The SEV feature allows the memory contents of a virtual machine (VM) to be transparently encrypted with a key unique to the guest VM. The memory controller contains a high performance encryption engine which can be programmed with multiple keys for use by a different VMs in the system. The programming and management of these keys is handled by the AMD Secure Processor firmware which exposes a commands for these tasks. SEV guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. For data memory, SEV guest VMs can choose which pages they would like to be private. The choice is done using the standard CPU page tables using the C-bit, and is fully controlled by the guest. Due to security reasons all the DMA operations inside the guest must be performed on shared pages (C-bit clear). Note that since C-bit is only controllable by the guest OS when it is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware forces the C-bit to a 1. The following links provide additional details: AMD Memory Encryption whitepaper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf AMD64 Architecture Programmer's Manual: http://support.amd.com/TechDocs/24593.pdf SME is section 7.10 SEV is section 15.34 Secure Encrypted Virutualization Key Management: http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf KVM Forum Presentation: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf [1] http://marc.info/?l=linux-mm&m=148846752931115&w=2 --- Patch series is based on commit 5d5a190 (ArmVirtPkg/HighMemDxe: check new regions against GCD memory space map) plus I have cherry-picked https://lists.01.org/pipermail/edk2-devel/2017-March/008109.html and https://lists.01.org/pipermail/edk2-devel/2017-March/008756.html. source is also available @ https://github.com/codomania/edk2/tree/sev-rfc-2 The patch series is tested with OvmfIa32.dsc, OvmfIa32X64.dsc and OvmfX64.dsc. Since memory encryption bit is not accessiable when processor is in 32-bit mode hence any DMA access in this mode would cause assert. I have also tested the suspend and resume path, it seems to be working fine. I still need to work to finish adding the SEV Dma support in QemuFwCfgS3Lib package (see TODO). Changes since v1: - bug fixes in OvmfPkg/ResetVector (pointed by Tom Lendacky) - add SEV CPUID and MSR register definition in standard include file - remove the MemEncryptLib dependency from PlatformPei. Move AmdSevInitialize() implementation in local file inside the PlatformPei package - rename MemCryptSevLib to MemEncryptSevLib and add functions to set or clear memory encryption attribute on memory region - integerate SEV support in BmDmaLib - split QemuFwCfgDxePei.c into QemuFwCfgDxe.c and QemuFwCfgPei.c to allow building seperate QemuFwCfgLib for Dxe and Pei phase (recommended by Laszlo Ersek) - add SEV support in QemuFwCfgLib - clear the memory encryption attribute from framebuffer memory region TODO: - add support for accessing QEMU system flash device when SEV is enabled - add support for DMA operation in QemuFwCfgS3Lib when SEV is enabled - investigate SMM/SMI support - add virtio support Brijesh Singh (10): OvmfPkg/Include: Define SEV specific CPUID and MSR OvmfPkg/ResetVector: add memory encryption mask when SEV is enabled OvmfPkg/PlatformPei: Add Secure Encrypted Virutualization (SEV) support OvmfPkg/BaseMemcryptSevLib: Add SEV helper library OvmfPkg/DxeBmDmaLib: Import DxeBmDmaLib package OvmfPkg/DxeBmDmaLib: Fix AllocateBounceBuffer parameter OvmfPkg/BmDmaLib: Add SEV support OvmfPkg/QemuFwCfgLib: Provide Pei and Dxe specific library support OvmfPkg/QemuFwCfgLib: Add Secure Encrypted Virtualization (SEV) support OvmfPkg/QemuVideoDxe: Clear the C-bit from framebuffer region when SEV is enabled OvmfPkg/Include/Library/BmDmaLib.h | 0 OvmfPkg/Include/Library/MemEncryptSevLib.h | 69 +++ OvmfPkg/Include/Register/AmdSevMap.h | 133 +++++++ .../BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 46 ++ .../BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 124 ++++++ .../BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 120 ++++++ .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 304 +++++++++++++++ .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 158 ++++++++ OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 409 ++++++++++++++++++++ OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 42 ++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 189 +++++++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 8 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c | 112 +++++ .../Library/QemuFwCfgLib/QemuFwCfgLibInternal.h | 38 ++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 209 ++++++++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c | 116 ------ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 8 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c | 82 ++++ OvmfPkg/OvmfPkgIa32.dsc | 10 OvmfPkg/OvmfPkgIa32X64.dsc | 10 OvmfPkg/OvmfPkgX64.dsc | 10 OvmfPkg/PlatformPei/AmdSev.c | 97 +++++ OvmfPkg/PlatformPei/Platform.c | 1 OvmfPkg/PlatformPei/Platform.h | 5 OvmfPkg/PlatformPei/PlatformPei.inf | 2 OvmfPkg/QemuVideoDxe/Gop.c | 15 + OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf | 1 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 62 +++ 28 files changed, 2252 insertions(+), 128 deletions(-) copy MdeModulePkg/Include/Library/BmDmaLib.h => OvmfPkg/Include/Library/BmDmaLib.h (100%) create mode 100644 OvmfPkg/Include/Library/MemEncryptSevLib.h create mode 100644 OvmfPkg/Include/Register/AmdSevMap.h create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h create mode 100644 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c create mode 100644 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf create mode 100644 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c copy OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf => QemuFwCfgDxeLib.inf} (82%) create mode 100644 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c delete mode 100644 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c rename OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf => QemuFwCfgPeiLib.inf} (83%) create mode 100644 OvmfPkg/PlatformPei/AmdSev.c -- Brijesh Singh