From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=40.107.71.68; helo=nam05-by2-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710068.outbound.protection.outlook.com [40.107.71.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 790C9210ED795 for ; Mon, 2 Jul 2018 20:11:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vdLYsCERXUFnaBZZ3a/QHivrrrH5v4WiQU0GmKg+EB8=; b=woypZqdhYd3nDIdxj41zQ/kNnhRrM9QcHYsU8bx+E9oTjAW+527eKX6sn4IiSU/USioQtS1zVwiJzJVr03FaBezAJA6P1xHWbQd+DlP2AR8sQj4dNUVmmzghn1zVY++AtYftsJGZ2V0K9fR/lNSxZsTwXikM/g5ar6DhD6VANaA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from sbrijesh-desktop.amd.com (165.204.77.1) by MW2PR12MB2457.namprd12.prod.outlook.com (2603:10b6:907:8::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.26; Tue, 3 Jul 2018 03:11:21 +0000 From: Brijesh Singh To: edk2-devel@lists.01.org Cc: Tom Lendacky , Brijesh Singh , Justen Jordan L , Laszlo Ersek Date: Mon, 2 Jul 2018 22:11:07 -0500 Message-Id: <1530587467-19571-2-git-send-email-brijesh.singh@amd.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1530587467-19571-1-git-send-email-brijesh.singh@amd.com> References: <1530587467-19571-1-git-send-email-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0024.namprd05.prod.outlook.com (2603:10b6:803:40::37) To MW2PR12MB2457.namprd12.prod.outlook.com (2603:10b6:907:8::32) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c37df2a9-384a-41c3-331a-08d5e092a739 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(5600053)(711020)(2017052603328)(7153060)(7193020); SRVR:MW2PR12MB2457; X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2457; 3:8umb5dIcEhN4vcTGxggmEmcJxu5j1fZ8QxwDzcCwnNFDJVqR14XhDe1JMnPztjfoJ3Msx57DNNjEWEuBymEnE82lM+6LAy6vos4AkCydRzHWzhgG9bUqSefQrxlnbQIjF4xs4lLu17k1EqhkJ+CAqGoOkkWbR4mA+v8vb3Wrl1MwHbc9z937Ana+CTtLnEg1Ksmv/NiF2VBMTgeO72XEKj8eEwGnLFDwR48MEnOS5rNABsRskDi26yDoyjgURSxL; 25:Y+88LmOwRqoiv9geiDZCWIRJDXlG5D8ExWv5U5S8hN6H8ey906JlvVfWtxdkz5gJs6O+X7+9CiT/Wc38s2z7/ROkAw+r2fScIPnxsU7f9SANacqjxGS1fMkSMqKK0Qexzzt3i439+JXSLD1BgMt5QhI1P+VAwxHM5EXDF/Z3Kqf1gs0tU1u2Eq3A1LLZHP4A/zZHMdQhDiJmSzprNoUd9J+VWuL5kuOcVZGFxa25b9fhUrecQWB1KhHcl+WmV8Xrgk6RwA9jNsIyH+gY2Xop9MVFAy2LfCETj9HrrVpttjoSdQqFdc37XVHaUq0+L6tSGZ5KoaRLX0NpW8RhyospeQ==; 31:V6AJClpFeJRpKD8e/Qdd3cJmweurWEjsEjSBNYOGHq0YjxMksjDI3vOP0MFs+dqTCHVrAYV9hTBxndxJjp8M3XQNf0zS5Bbwvu+/VKGKqOjVwvPtXqDLVGPoTyY4YpV634jqnW4khezl+3VG9nZpf/lIHuP5vyzhWHHolPFaTvsnyKPhQxs0dYAbxEdI0BPUw0pKRPFvIHX25FvRrW8mpxaBszibeGtLSa0uw5BubAI= X-MS-TrafficTypeDiagnostic: MW2PR12MB2457: X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2457; 20:TAfZN078/53JU8aU4jfNDQ6DfSK8kkTA0k4mG7b0XuimWLONiGKOmcPjI1rM1NkWRif1WwmHOWJcEM+Uug9sR22vhfHgbZYucJdaNTElEhvefgV8PFt4szURJKGQios5jTenXYUXc08eM87N/ZD6vNHDPz0+oR7rmMyEHs17oSWCnOnuRg+Fh7x7Q/ofN5kZKy8fZ4Tf5RKsF8gCL/KVCkkjtw+59JpTusG0EeAOgcgjDk1zl9jiLH3SH/mZYBS9LDd1VK2/Qm2yFgD8fw0/pikN0tW/Sj2TTjUKgz4QCNZUvnJE31wmtFcwm3la/aylWiu7z5X+y4szYcdsgKfRfKaTzW3h7SmizQahWTBFDX5VZzQj4whJtQMxYFkJRBgBOp0I72wNASLw8uW0uy7h9iBZ+lzydBl1BmmB9sF7Vi3KydRdVMXW4zQDTEiIsmnvwf5xTCZMLqodnZPc+3yl3lE2ggPh7qjRT8T0rwRAjtT2AxuN65/52Fr8VMYjIG5Z; 4:UpsPKDPmsVUobHHfWDOQXMnOOATOfY0TV8LA5RKF8wvFJBpibsYv7Ljz2kivu5gsJuTQDvu6cALdMcRAaDok5I8aQVHIrkE+Sm3tUFoleE8Xg8k/FxX4azQfMFl6i+mqQZRU+WNVUzeu4GW1rx4xG1U0wIu6BW/VBy25k+XJDLcLfg0nLuDeWOtKbuI7El3tt4b9AWPn7QVbe8TtzjEXU6v2HVCZxTGNLfC1RgjGQ9on7uEdLlzN5sxDRoHwxJcY/Dz08Q/drF9hVUmuN3jdRksSwFq1jYR5MY6guvRRvHoXf/FZQlkZGkKM8GGlaZwg2mL2MNdm06TB8Qal/ndupA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3231254)(944501410)(52105095)(3002001)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:MW2PR12MB2457; BCL:0; PCL:0; RULEID:; SRVR:MW2PR12MB2457; X-Forefront-PRVS: 0722981D2A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(366004)(39860400002)(396003)(346002)(136003)(189003)(199004)(50466002)(2906002)(81156014)(386003)(97736004)(305945005)(53416004)(2351001)(14444005)(7696005)(4326008)(7736002)(51416003)(52116002)(53936002)(48376002)(478600001)(8936002)(81166006)(76176011)(8676002)(5660300001)(476003)(2616005)(106356001)(44832011)(2361001)(956004)(11346002)(446003)(486006)(6116002)(3846002)(54906003)(86362001)(25786009)(66066001)(316002)(26005)(16586007)(50226002)(105586002)(36756003)(6486002)(47776003)(16526019)(186003)(6916009)(68736007)(6666003)(213903007); DIR:OUT; SFP:1101; SCL:1; SRVR:MW2PR12MB2457; H:sbrijesh-desktop.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MW2PR12MB2457; 23:vTjQs7Xhm+JHIOpWfT70gHW5EFpNivJ0MWCxFgtDy?= =?us-ascii?Q?ZQsgOjP5w5zeahriQEwObyabRAH/TcegMkk+A4Y4muJXwE7P3jaTTF1OKevF?= =?us-ascii?Q?oikH4vAQN4xBsQWf2+uPNc4mgo5uoeh1luagqy8D+fcAVqQpCWhTcJQYJ6qu?= =?us-ascii?Q?TT7r3gqe3WmOwu6VUy8OlUqLbFc4QCfSw7uzdh2mDZOGd59xUpE0rIXbk87U?= =?us-ascii?Q?6Bm8iApKTvO7yu0YoQz9kmBVYuwtsxw0NA0NmI7aEd99tZKHe8s4jE9iS+3x?= =?us-ascii?Q?rGByHbIi+Upwb2plwRuXShBbavJsJB0hbJ/+vszxSSkqdghFbLONsZxdqTui?= =?us-ascii?Q?OII+k2qsCvRRH2LgdSdgGmkahK9nqhPSzCe/o8mAY4y91BX9w3ew8IbTUgmb?= =?us-ascii?Q?IAdCFHPUIQAoxKzEwUWnvZsXopJh1MLxzs78ZA2ZW9q5c1qm4pdxRg9AObaG?= =?us-ascii?Q?p6dyL/onxnG4g1MQJ40YZ+ntUlpJEC68NT/n2Fx0UpOgN5JRM79w95G/5tFz?= =?us-ascii?Q?ceyfNzArJkPIkaiEc4jffv2z4mMUNciIm4k5d219r76Jc+SiN6R3EjvA79UU?= =?us-ascii?Q?H5DCIbbvNqQiPRn+OWSxBnQ/LyijMUDhOTKroNK19hKYH8tg/UzcM708s1Wj?= =?us-ascii?Q?nj2S1ghAUC2/BwMEdXfJrn/vkj8toH4SDDqvxl0HwReFI4wQnkKbL8GitoLY?= =?us-ascii?Q?iXiePBbObpq2wNNcFlOaNONRfbYGs8MYe0kgmdF0paDCtt8ovlrp1W8GwlGQ?= =?us-ascii?Q?6LMdSZX8D7Jt6n7lcOZl6PIyHzd+CVftmP9ctVCWUFF3gtX6hIMhRw588LEA?= =?us-ascii?Q?AXxfy4OEgH2JC7gAVA3RXjqeAIVkJN+YgZre7/MGK3FxoviEMlJq+evqmuvk?= =?us-ascii?Q?ZXsQzzPKbGDFrbAYEGurwguWBbVxrIfJiEsBqd/lhL9O8vKsuTRrdTeSppxO?= =?us-ascii?Q?sZOJ/e6zOXTXwm1rx94tUM8gSnqF0zu3J27IDV7UndXMhi8hTkLErW2vbRz3?= =?us-ascii?Q?ZQ01F4NAZdMRnWass8svDoFwA1OqNo9c6DliiB926rSlABbnHyzsncg4NgAz?= =?us-ascii?Q?w4u464gra4vH4usbxPKtl/cswlvAT/CNZIT5GkJZAdnO5j3Lz9d3NIw24ZeC?= =?us-ascii?Q?by1puAlmu5mR8vWhRVGkCgmyI/MkEkgtHuJHtsIqIvXD2xdG6XClq61HTB/f?= =?us-ascii?Q?DJA+NbVS8pAHrjMv2fWwqEBFV+8q1140SEGuCVjahh/zBlRuxDBXTEE7fA5U?= =?us-ascii?Q?/TpvjTI/vPzgQhs4IFPYIQRW6ipRTxeMZxPDT+ITX88OkzVWRy1SuKbbbp8r?= =?us-ascii?B?dz09?= X-Microsoft-Antispam-Message-Info: 697Ls4hY1PpJPVhcvVcfnzvh6nxuWz9lFd9uAnqz+/v2MjsWKm2uCfv0Yn7YcDPoZaHhQEI3dBzsu+2CQl+Jp7jurtT5CDDZd9yizMLOlHMzvvqEkF2oD/D8ihg+FdPhBzfOeAcmX+34BWQ5kOkNncnj9cwKSrY7UrsY/TeDjYSwTS994BjPcdO9i7uliAEjKyIHZa3Cx0K4IWGixlWJrV1VW4i6fn2uZKz4BbRtlDaCcxI9S4is0+y+HtfOh7MtPjsr+4Vs7q0oLscRByyyc6DisDbhpgZfubLYut4r8Z9oOXI4/G9IIf28/stiuv/4DnGNZ/pYcE/jpyOzhdoTQ0J8WdRtob7SC9seEvnmfik= X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2457; 6:yFkowcaxf6Al/iq4M3XT9z4qzWfyUSCqY+ZrZfrvfp9nwUQYz62qB8DDuIeSwfkPdOuEw96A+XUJvg0oGmSwf4xCTF2J6Le3eDGJe8jxZuHMKrXoJTQYeuvn2kyRSvgYVqrs50/GqRjRBwb3OzvR81mGpWDqc3JrrPV/n7QyyRB7moEE33diGC+2J23SehjZrTHNcFK04QFO63E5FMtUnmKi8nPMPq8tk93zWjDUyVP7uZg9K40x3F+IoH3F22fG6FpRg+1s0g9RN5pSQFKus5VNJcKCUwccpH+C9lV3BB0S8bssp0KjQcnUxjAdmESYcVxhZT1HhjirJ6my1jLAskUeymAYtZVZ0kPiWxwBi2doSNnZk85rbTINpo5kpQkoMao0iLffYlUk55L6ZxuNTsf2qAbkXKE1iz31ylvrhUmcLkortUIhqQLcBicrbCP4PeR+kkQjSgHvSca3vmn+WQ==; 5:w7OBlxZWSOoo283OL5BFwCMYc7Y5C7vs5Sb3aC7GXVFNiNPNYDKHMGApygCgBCf4+4B/CMe7DRzYUAko2D/0GlJxglla6fQ4H0QkF9pqlpqTlDKT6xuWludP0QND1j5ta5/1uidYyJ/YWRJ4masHmMtQFfVlPtHtRIeHcCm5/2g=; 24:/s+IgB0XramHE38c5f4MGMtKFPAnCVb5ePY/uMJKbC1FrJCL1jqObwLsSV3gEISCkftwSqhNLuhxyYNb1QvNjFE77YoW8yIWB1NxaA1C8Ds= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2457; 7:zz0EozJviuQcn8q5U+4SsQrShwa6vK7/EyjWlJB+/UVNTnF0uZ8bUPRefM1R1mu6iy+gFenGMKwvLcSQbfkXoOUkze6jojA4tgdnemLvT4QMoxcHTXNgn1cPD9L0IGZ+WPFoY1Gwa3I2RcKqXoJe1lmYaABfxJ7UkJjN2dAZLFqMU+ygE2mG/HvKMMTm3ZnRfFB3ssOOUrRrbEp2p1OJToqBFcC3uo1zB4YS4rzPP0rReyreQGxyNfvgEvxKmhfH; 20:GHznJMhUceY58fD+pPMW5I2jGjl/f2J1Q2fQQ94bDIl/b8Jw9xWxtVw0nMCX2M+ktefO5k+fgynimjGerL7QrRQXxYwBEMQyQF7DfesJpzFuNPnvBt5ZPTuv8yw0MC7A63IVowpgd16LU4EnUzZVxpuv8Prs+7Q4EYR3LNfiYR5pNwa1qdleQYTVIacYHo2AENduNS3PjcWGBJnjHNYwQVH3a8WhEClyCr0M8mVnmKw22BP/pCJjUcr6kSu3+GVN X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jul 2018 03:11:21.3184 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c37df2a9-384a-41c3-331a-08d5e092a739 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR12MB2457 Subject: [PATCH 2/2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: mark Runtime Data as MMIO when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 03:11:25 -0000 Content-Type: text/plain When SEV is active, the flash memory range is mapped as unencrypted by AmdSevDxe. Mark the flash memory range with EfiGcdMemoryTypeMemoryMappedIo so that OS maps this memory range as unencrypted. Cc: Justen Jordan L Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh --- Hi Laszlo, I have tried marking flash memory range as MMIO for non SEV guest, and everything seems to be working fine but I was not sure if we will break something else in non SEV case. Because of this I have created a new routine which marks the range as MMIO only when SEV is active. .../FvbServicesRuntimeDxe.inf | 1 + .../FwBlockService.c | 69 +++++++++++++++++++++- 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf index d7b4ec06c4e6..1af675852c86 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf @@ -58,6 +58,7 @@ [LibraryClasses] UefiBootServicesTableLib UefiDriverEntryPoint UefiRuntimeLib + MemEncryptSevLib [Guids] gEfiEventVirtualAddressChangeGuid # ALWAYS_CONSUMED diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c index 558b395dff4a..3aa21466556a 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c @@ -36,6 +36,7 @@ #include #include #include +#include #include "FwBlockService.h" #include "QemuFlash.h" @@ -867,6 +868,64 @@ MarkMemoryRangeForRuntimeAccess ( STATIC EFI_STATUS +SevMarkMemoryRangeForRuntimeAccess ( + EFI_PHYSICAL_ADDRESS BaseAddress, + UINTN Length + ) +{ + EFI_STATUS Status; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; + + // + // Mark flash region as runtime memory + // + Status = gDS->RemoveMemorySpace ( + BaseAddress, + Length + ); + + Status = gDS->AddMemorySpace ( + EfiGcdMemoryTypeMemoryMappedIo, + BaseAddress, + Length, + EFI_MEMORY_UC | EFI_MEMORY_RUNTIME + ); + ASSERT_EFI_ERROR (Status); + + Status = gDS->AllocateMemorySpace ( + AllocateAddress, + EfiGcdMemoryTypeMemoryMappedIo, + 0, + EFI_SIZE_TO_PAGES (Length), + &BaseAddress, + gImageHandle, + NULL + ); + ASSERT_EFI_ERROR (Status); + + Status = gDS->GetMemorySpaceDescriptor (BaseAddress, &GcdDescriptor); + ASSERT_EFI_ERROR (Status); + + Status = gDS->SetMemorySpaceAttributes ( + BaseAddress, + Length, + GcdDescriptor.Attributes | EFI_MEMORY_RUNTIME + ); + ASSERT_EFI_ERROR (Status); + + Status = MemEncryptSevClearPageEncMask ( + 0, + BaseAddress, + EFI_SIZE_TO_PAGES (Length), + FALSE + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +STATIC +EFI_STATUS InitializeVariableFvHeader ( VOID ) @@ -1091,7 +1150,15 @@ FvbInitialize ( // InstallProtocolInterfaces (FvbDevice); - MarkMemoryRangeForRuntimeAccess (BaseAddress, Length); + // + // When SEV is enabled, mark the flash region as MMIO to hint the OS that + // the memory range need to be mapped as unencrypted. + // + if (MemEncryptSevIsEnabled()) { + SevMarkMemoryRangeForRuntimeAccess (BaseAddress, Length); + } else { + MarkMemoryRangeForRuntimeAccess (BaseAddress, Length); + } // // Set several PCD values to point to flash -- 2.7.4