From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <brijesh.ksingh@gmail.com>
Received: from mail-oi0-x241.google.com (mail-oi0-x241.google.com
 [IPv6:2607:f8b0:4003:c06::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 9131F8036C
 for <edk2-devel@ml01.01.org>; Tue, 21 Mar 2017 14:12:56 -0700 (PDT)
Received: by mail-oi0-x241.google.com with SMTP id a94so7280706oic.0
 for <edk2-devel@ml01.01.org>; Tue, 21 Mar 2017 14:12:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:subject:to:cc:date:message-id:in-reply-to:references
 :user-agent:mime-version:content-transfer-encoding;
 bh=yAKU24hQV2lfymybX1+gVm+DNO7VBM6r9sKVoHpBNl4=;
 b=iv5/PwyNm18rpwr4Uhm3GDM0OcI2oDDsNXWb5DOHd7Z0QfUUHqAx1rEGxfJdDjTc+y
 z3CyZCfbABbvv+b4vBkgiRApL7GblMRGOVfZJqNkdIK6HHRickOsiaajedKurRevbItZ
 g0JyQ9n6Ro7N77D4P6DxhcK6gOTYICgTBt2aHXh++Av3eVtVLcD59JZ/NyD5JU7gCL03
 8k7J+H86aIlERbawphqdWcE+EfqW1NMGW7yHa6A1rhLVHjeFoXllGosmwGc8ba7uiavZ
 yj8oSSI6HDe+egrtxKG553cDQ1l45L/TILdEYkJx65/KVe+zvG33ON9R74gGwaqxAhw6
 TAPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to
 :references:user-agent:mime-version:content-transfer-encoding;
 bh=yAKU24hQV2lfymybX1+gVm+DNO7VBM6r9sKVoHpBNl4=;
 b=IgehMrqJXfdf4wPuUt5aKhJBTG3Lc77yu2+XhPG+pgEnsyTgVUH0zC9OvjKnHNj9k4
 qdnlwMvS2SsrezlwLnqP3sgDJiNpZpcnV1FzeDXZUUHv12h6IB6dlWPOuaW5/BSh4btc
 xPRKLRmGv/hf+tGyw+bV9tKj1rvbe15zo+Dp+LwQn5fBpBZTacSpcaW90zBj+qLeHOv2
 qAHCwEJzSDWYLnzMrGDTCyBbp8Kxm95sbgM4Ah1u6mS3VXmUQ+91E3ZkdHe/GPLMgw8I
 PXiGhW+qaE2Al/Z747stWcIFmK38j6DNph9zvNIz6PeGpgkUleEjcLcCXwLHwPFx1QLM
 TmPg==
X-Gm-Message-State: AFeK/H1q6cN+rMky9nozLkrids97QRrbTc2eSOZ1/F9dYZT6/+O/SZAacCV6A2xk0Lv3jw==
X-Received: by 10.202.45.205 with SMTP id t196mr19984993oit.171.1490130775869; 
 Tue, 21 Mar 2017 14:12:55 -0700 (PDT)
Received: from [127.0.1.1] ([165.204.77.1])
 by smtp.gmail.com with ESMTPSA id d17sm9328502otd.11.2017.03.21.14.12.55
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 21 Mar 2017 14:12:55 -0700 (PDT)
From: Brijesh Singh <brijesh.ksingh@gmail.com>
X-Google-Original-From: Brijesh Singh <brijesh.singh@amd.com>
To: michael.d.kinney@intel.com, jordan.l.justen@intel.com,
 edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com
Cc: leo.duran@amd.com, brijesh.singh@amd.com, Thomas.Lendacky@amd.com
Date: Tue, 21 Mar 2017 17:12:55 -0400
Message-ID: <149013077498.27235.15379321048646409782.stgit@brijesh-build-machine>
In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine>
References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Subject: [RFC PATCH v2 02/10] OvmfPkg/ResetVector: add memory encryption mask when SEV is enabled
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 21:12:56 -0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

SEV guest VMs have the concept of private and shared memory. Private
memory is encrypted with the guest-specific key, while shared memory
may be encrypted with hypervisor key. Certain types of memory (namely
instruction pages and guest page tables) are always treated as private
memory by the hardware. The C-bit in PTE indicate whether the page is
private or shared. The C-bit position for the PTE can be obtained from
CPUID Fn8000_001F[EBX].

When SEV is active, the BIOS is pre-encrypted by the Qemu launch sequence,
we must set the C-bit when building the page table for 64-bit or 32-bit
PAE mode.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |   62 +++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 6201cad..7083f6b 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -37,6 +37,47 @@ BITS    32
                        PAGE_READ_WRITE + \
                        PAGE_PRESENT)
 
+; Check if Secure Encrypted Virtualization (SEV) feature
+;  
+;  If SEV is enabled, then EAX will contain Memory encryption bit position
+;
+CheckSevFeature:
+    xor       eax, eax
+
+    ; Check if we have a valid (0x8000_001F) CPUID leaf
+    mov       eax, 0x80000000
+    cpuid
+    cmp       eax, 0x8000001f
+    jl        NoSev
+
+    ; Check for memory encryption feature:
+    ;  CPUID  Fn8000_001F[EAX] - Bit 1
+    ;
+    mov       eax,  0x8000001f
+    cpuid
+    bt        eax, 1
+    jnc       NoSev
+
+    ; Check if memory encryption is enabled
+    ;  MSR_0xC0010131 - Bit 0 (SEV enabled)
+    ;  MSR_0xC0010131 - Bit 1 (SEV-ES enabled)
+    mov       ecx, 0xc0010131
+    rdmsr
+    bt        eax, 0
+    jnc       NoSev
+
+    ; Get pte bit position to enable memory encryption
+    ; CPUID Fn8000_001F[EBX] - Bits 5:0
+    ;
+    mov       eax, ebx
+    and       eax, 0x3f
+    jmp       SevExit
+
+NoSev:
+    xor       eax, eax
+
+SevExit:
+    OneTimeCallRet CheckSevFeature
 
 ;
 ; Modified:  EAX, ECX
@@ -60,18 +101,38 @@ clearPageTablesMemoryLoop:
     mov     dword[ecx * 4 + PT_ADDR (0) - 4], eax
     loop    clearPageTablesMemoryLoop
 
+    ; Check if its SEV-enabled Guest
+    ;
+    OneTimeCall   CheckSevFeature
+    xor     edx, edx
+    test    eax, eax
+    jz      SevNotActive
+
+    ; If SEV is enabled, Memory encryption bit is always above 31
+    mov     ebx, 32
+    sub     ebx, eax
+    bts     edx, eax
+
+SevNotActive:
+
+    ;
     ;
     ; Top level Page Directory Pointers (1 * 512GB entry)
     ;
     mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (4)], edx
 
     ;
     ; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
     ;
     mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1004)], edx
     mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x100C)], edx
     mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1014)], edx
     mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x101C)], edx
 
     ;
     ; Page Table Entries (2048 * 2MB entries => 4GB)
@@ -83,6 +144,7 @@ pageTableEntriesLoop:
     shl     eax, 21
     add     eax, PAGE_2M_PDE_ATTR
     mov     [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
+    mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
     loop    pageTableEntriesLoop
 
     ;