From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.42]) by mx.groups.io with SMTP id smtpd.web12.2796.1608065520926844182 for ; Tue, 15 Dec 2020 12:52:01 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=mTajgkSG; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.42, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dmiXNQaFCL5zpXbtQVrwTNKQcxT5mRJwCagr703Mam1qywAP3VFcPASf/9uS2cwCcVQbpQengVz8OO7WYf4tUqKKMLDz68lJBDrmgytEyHFF3dUA0kfND4fn4pFvH05d1jy/Oy5qkKX4pjjNs2h24P5cA5okBRkMv/5/fxRecaO4TOCIXoUHNxarSwiboUCQg/1SqJqqey8uM6T19LIAqh3mbXEH534b+IJhOi5r0TDi28uLArebYiyDucBsPk2tsGyLC67ThfPt1sTKtZd3fd+Q0Kvz4/MjQXj8qnu6SJfPpEUecQswkrCo4LOpG6UrfKhsE8kHRTJKShfX3W7imA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zxc3ee4j5NCQp+pKg0CXiUVIU6inGfZcFt7dDGR7YK0=; b=K0lULFwwGcAVaXGrJe8BEyj6XNUvYJZdDDneUa1xzcR2XD5oV4R5Q1lsWEDY2y/Kk5TrQEQegVZFJ6zpNUdddDG6g/BJWgvxjdUXhQVk1zK2SQgR+Qw0zAjlBiODpRfMIOfi3LvHA3XP9oCMyMYVhRNW3pYXbKuRqLXrOBY+17NIzGQLbaaDqLBcUU7f3uYw0v0k9UF1Ebp7mbSagZ4PKAR0JyLTcd9Wfovkz4hDPgJR3doN/ur1nQvGIYjH65m8iGRP62TED7nzlyG+k40HH/0bCIlz+NoEqMd9mpC/WTCPDvSu8aY/8FRpbO44Ig4KV0wmimkz7mX+0ak0iPr3bw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zxc3ee4j5NCQp+pKg0CXiUVIU6inGfZcFt7dDGR7YK0=; b=mTajgkSGvctLcp1g7XKm18E1t1yOIFAjV3oDJVkU2IGkg/KbDjEnJhM0VCchG21fnpGvXkFdzoPg5PFQYZWBvIMirzXytNuNBl1Ru6/FP7upQrIufEZ/TWUedvdXh1EDO5ghMwXo/VgRxrXeMzWhhl88GnYj8DuCm1y2hiVJfis= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (10.168.234.7) by DM6PR12MB4155.namprd12.prod.outlook.com (10.141.8.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.15; Tue, 15 Dec 2020 20:51:58 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3654.025; Tue, 15 Dec 2020 20:51:58 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Jordan Justen , Laszlo Ersek , Ard Biesheuvel Subject: [PATCH 04/12] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Date: Tue, 15 Dec 2020 14:51:03 -0600 Message-ID: <17a60d57656bd9351f318d325b9bd6ef64026769.1608065471.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR10CA0001.namprd10.prod.outlook.com (2603:10b6:610:4c::11) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR10CA0001.namprd10.prod.outlook.com (2603:10b6:610:4c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 15 Dec 2020 20:51:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8720a076-b49c-47e8-ad54-08d8a13b43b3 X-MS-TrafficTypeDiagnostic: DM6PR12MB4155: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1247; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7CCQMJADPICP0YgzfkHk20lVUKGmbuOkWqBBbk8X6WzqJE8nmbJogfRThQgvorT7+p7nO8naNlFnFo+x9wgNoTRXN05mhZdnsYxxEJdUHh99uuxJG49rdrZIOkw2RoIpjgUn5PlvHEvm84YIgMlGg071AkCq6zI1FTzKesUvnQR1W7W4YC/26FvOl8NljsJQfi/m1f+mZid5lKZwEMRf4KhPaYttMRRo3V0BTasUnNCJWkYQqmUFHIgjoBm40vfdpr775KcQEYwU3oU1wxKWDBvBOP0IPmPmWzL6RYIoP+h+Gn331mko+rTc0t0FFoXNH1bJ2gDxkGB7PuN3kn+S6m6F4hPmPcEWHLPM7pLVb77R8RVBKeEuG8epZ99F4J3gb4i5f18LiXUUR+TTtLhck2BUHzKQjxEgHpENkEWsDbefq5dI3w8LHpI5juaGbifEaeiWhjbW2ILvQYGZcWYF3g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(136003)(346002)(66946007)(26005)(4326008)(19627235002)(16526019)(6916009)(8676002)(36756003)(508600001)(52116002)(6666004)(5660300002)(8936002)(966005)(186003)(54906003)(956004)(2616005)(66476007)(2906002)(86362001)(34490700003)(6486002)(66556008)(7696005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?LoampayT3SxJw4of3PkBmfrJh7piqkNbDBsacsg92S2VBWWKp+92jCAMHRDj?= =?us-ascii?Q?Pe+CSRNwJQsUJyhOV2BIui/URCusQbkEYF0tO1blUK6SX+MClbU6zQgpc3pD?= =?us-ascii?Q?aoG0cSaQm8pznpLRkmm/A9P4ou5oJskmdMFcmFKjtGfw/azRhZN+udacNdQS?= =?us-ascii?Q?Bj8xjfaOKfad4Fj3vP8ik3/2U7tI/z8DhV4Wp64M8uBrSScjT0yzMzeJ/ndx?= =?us-ascii?Q?Su9UlU6IpowM/bHCbYm1ZWeJ93Nji2U9hCjUdOt0h/BiYwqe0Psk0al2wBcV?= =?us-ascii?Q?rS6LUyWpXm4iwQuc87112IlHw1pibZDoaY+IO76znNi0kKPi6rQCkHvB7y/h?= =?us-ascii?Q?RvXjtvOV4q1mYb60fNm4bMj6OfxxJzc19RJCg8XZVESS50LbeIejtqodkv0J?= =?us-ascii?Q?L5ZDNen5q5aqyXRindmzg9qe0LXpaX2LXP9V9gzRCO3U3QUrXHSlLuUkTt49?= =?us-ascii?Q?na73FLp9NyqibgKR52B+y7xriwWiJfEVj/MvTqeQYAWfgWrbcJ3xo7+Dq8Da?= =?us-ascii?Q?BAHdTLBUGKTOrd/untlgXC73dSpixKtZWDC4Woy2c2VpTMwcMd7lRDTX01EW?= =?us-ascii?Q?aYvDxOKoMFNusilOe95Ni+4t0E2SUxBRZ+AbakP7omIsc4PCYs+ruP4s1V1s?= =?us-ascii?Q?ZU3p+8xJ0WBx71AhQSzQUVoGDafHaAx/Y5VEHkM/PXeMGJmMSmKSNtd4PA4n?= =?us-ascii?Q?Fq2Rdx6D55rm8Nr6ScXTKCjKLu/SegCildBnHLc/OqainmJt9kHSTQMrHVZN?= =?us-ascii?Q?TO10auDK/CddJTEDIyAukedCjjxEbGXjO8XtIOiR5FmFCux+/pRbpUANYZ2L?= =?us-ascii?Q?6p1wTlwx/U4tOUWKD8QNBZPtNdH7l4Qqfsf84viZMUgjrEso5CILAD6RMCLt?= =?us-ascii?Q?yIzcauRFdg1cxGOeNCo2ShdhLC+y8Ol1YrjoyCNAJRYtWpJ+XF6g/d1AtIO1?= =?us-ascii?Q?ZRkfnKR6bQKdSTaxVjyiiOb4QJukDsduhoWttgqdhHCS7jkRmtJwJlmeKtyS?= =?us-ascii?Q?uaoj?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Dec 2020 20:51:58.3066 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 8720a076-b49c-47e8-ad54-08d8a13b43b3 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qaEr+KXTIORu5klpneHFVflqUZSz+ChG89fO2h1yaSEUV34j3jZ7mlniWTTJdJbA9PsT5MS2wDlkE26ldo2raw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4155 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3108 If a hypervisor incorrectly reports through CPUID that SEV-ES is not active, ensure that a #VC exception was not taken. If it is found that a #VC was taken, then the code enters a HLT loop. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Brijesh Singh Signed-off-by: Tom Lendacky --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 3cd909df4f09..b08f31157cbf 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -153,6 +153,21 @@ SevEncBitLowHlt: jmp SevEncBitLowHlt =20 NoSev: + ; + ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred= . + ; + cmp byte[SEV_ES_WORK_AREA], 0 + jz NoSevPass + + ; + ; A #VC was received, yet CPUID indicates no SEV-ES support, something + ; isn't right. + ; +NoSevEsVcHlt: + hlt + jmp NoSevEsVcHlt + +NoSevPass: xor eax, eax =20 SevExit: --=20 2.28.0