From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.87]) by mx.groups.io with SMTP id smtpd.web10.28.1624383922322570760 for ; Tue, 22 Jun 2021 10:45:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=3G67nt3j; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.96.87, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OAZLItACQi03wJ5ziw02Mt5vbP6NARHWk9h4yERn16NfxsHIvhWNINFa2xSEbXLjQjkp9pOtuFOZzgPvT3NyKnzVLbWrPbkhHUrvqaxgP5pRh7cJZc4bhgbZ+H3sCiggW1aquhRA+E5a33W4YFHy6DLV3rIVGM0lcr0EtMV59g+BlvYOnXSg/U8hxETRgjBOLRZqorUw+GsiFkcCuBVca3o1tUjCUosfAhtIBsfxkwvM4Sd42P5dgERmQpiwpOZH0Kf9Y7pwG8GYz00dGgKzWBxhqy3RYz+ugw1Ff4H3V3QGVS9T4DDMJOzUPjASkDpG9ETTMgTV9cDh9Z6y2eP8XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2DcUhPQnT+T5gEwd86tKPgfOlBaUciD7Im0W3qnN7m8=; b=HIQW0lKxJCaC/s2G/P1WR5BNhcczQRnNk3WBxLkrnk8pw2DPqT01ttHtySLbYkUMUJmHFEuOs4hrPiQO5cNjrYtbaE5CO7E2PLvrZTHvfud7Bdsl++/4j4nTDx6+vgNMBt5Q8frVtXxY/cc3po9/nReDUX5MX3o5KKmaSeERO7soWX10QDG9aquuQTqZ6g3XQLvWGpC9u67Qe3JF9m6qwe2CAyeOXpVqzCkY84q7r/ztjh+vuxgc/DtIDkg5rMqYGIls2WN10NBO2w8HrY2eGikw2lHdadKXws2eQtoJjS1iUMpAkSYtyF2HWfUpf6bYnrWfl4Js+aaRZrrXqfKK+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2DcUhPQnT+T5gEwd86tKPgfOlBaUciD7Im0W3qnN7m8=; b=3G67nt3jgjmNpDx/nOQJ2hKjA4nZR5dyxVVjLIMPHmmUgoiMQbtT3O9vsxaaJIx7W5XDESe21HzJoO+Ce3G2sGPOwkukL5cEn7HNhfmW+YRU6U51KIiEmKu8wreCJjpMv0HbBEh7Jrb27kJyyvBNGHQQ3/ba2K1e2qcuvMmdpzI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from BYAPR12MB2711.namprd12.prod.outlook.com (2603:10b6:a03:63::10) by BYAPR12MB4711.namprd12.prod.outlook.com (2603:10b6:a03:95::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.18; Tue, 22 Jun 2021 17:45:19 +0000 Received: from BYAPR12MB2711.namprd12.prod.outlook.com ([fe80::40e3:aade:9549:4bed]) by BYAPR12MB2711.namprd12.prod.outlook.com ([fe80::40e3:aade:9549:4bed%7]) with mapi id 15.20.4242.023; Tue, 22 Jun 2021 17:45:19 +0000 Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, "Dr. David Alan Gilbert" , Paolo Bonzini Subject: Re: [PATCH v4 0/4] SEV Live Migration support for OVMF. To: Laszlo Ersek , Ashish Kalra , devel@edk2.groups.io References: From: "Brijesh Singh" Message-ID: <1bb32459-a44d-290a-c257-30c6c07d8d71@amd.com> Date: Tue, 22 Jun 2021 12:45:15 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: X-Originating-IP: [165.204.77.11] X-ClientProxiedBy: SA9P223CA0011.NAMP223.PROD.OUTLOOK.COM (2603:10b6:806:26::16) To BYAPR12MB2711.namprd12.prod.outlook.com (2603:10b6:a03:63::10) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [172.31.11.236] (165.204.77.11) by SA9P223CA0011.NAMP223.PROD.OUTLOOK.COM (2603:10b6:806:26::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18 via Frontend Transport; Tue, 22 Jun 2021 17:45:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5a3b2e3c-b068-4366-9e2f-08d935a580c4 X-MS-TrafficTypeDiagnostic: BYAPR12MB4711: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GBCQ4RRpTLAdrhrgSEB2TfhTlt0fvMoPjk5g7QRUEyy19j/SNVJeRp4G27IGFA6rLILqYVo8BPbC0Sx8iKRa+ClKQnYwQr6uu0jkOizGiII+zOF95hGAXsCZC2Vwv+f4mLXLBPTKhu6ghf9fsbWLYmu0M685szFPKYsW8tZkuQ7fDXxK/nTrjXyALjc2qoAFS4/s0mhGUi4pkEI/ic+raoFLqxmjN9vkO5QWsYW6WDidLTSjFkefGAvWlKpjAbvRrvKIQshQWiW//T40LfTUKmOsoO35U9xiWr3NtZ5hPVVz1A/I3ZEbi6UlPTjyZEuGg4blb+uFTmTDUlHcWG4Xu1E7XWQwGJ5phL5jEhllRfrx4ude6etCtbDdSFv+LzVLAJxAnlw9yvoOPMgNiU0mPfYmsyxg2wMzUEyakBi6oX+PoFewV5PQfl2bJdY4Nezxt6HJGDmqBmxM9cGv9YnMLvuVOvtkm8UR2vdslK/PfxFMwDmkFVVQC/b1Xa3mpZ1RvtnN+DwwapB1yCx1HusvL+xs3Ss4rUSrkcW0Salu+qi8iLzpn5wmwwptw2CH9ZSFazs1XVa5r6a+1GIA3GMi9i6dRbWEUK3vie1Ha6ZsVf1T22DtyvuSgFV+ELLv/S8YcXEItgrVetjabGIODDeIbmCf6fF8t1OgZJph6aTWw4MR0DfG/i8U4N2Y02qLl4B77EK4mftkrLLFJe7sr18kDotpkU6JXD7FWFDJQghA8h+9Bf5/2mHcuEd9f9AnwY+AyagjjFNUhDTtMaYKmXuMWkcaJLOqa5c6jSVTcdM8PrGupjIXR+kh4c0wf/Or0822j9tma/e6W9N1Zm0nxO+0lQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR12MB2711.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(396003)(376002)(346002)(366004)(39860400002)(26005)(52116002)(53546011)(186003)(31686004)(16526019)(38100700002)(38350700002)(2616005)(5660300002)(45080400002)(8936002)(6486002)(956004)(83380400001)(44832011)(8676002)(7416002)(31696002)(19627235002)(4326008)(16576012)(54906003)(966005)(36756003)(66476007)(66946007)(66556008)(316002)(2906002)(478600001)(86362001)(110136005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?aERPUE0rVGwrRW5PVkdONlZsVlNBTTYrWUtiYUFvSXJORjNIRlcyOFFNYWhv?= =?utf-8?B?d0NyazJYOWxweFlZd1NSUGsyUWRVR29hWFVWK20zaDNQUEZ6SUhGYk9Wd2xm?= =?utf-8?B?aXYzK2lYRnF4L284MHdzYXpCaHJJalllbUNSSUUxcjhpeUR1bnRqUWVEaUJq?= =?utf-8?B?SkFRVHE0MFk3czFSSEtjZExjVkcybXh3Y1RsUGttM2pHdktCOXFmZjE2eUJq?= =?utf-8?B?NFdlc0M1UXVCMFIxbDVZVGwxYmFwNml5KzRSeWVPRk9pbGJtUzBtVkNWUFhG?= =?utf-8?B?N1Nwc2FtSHVEU0ljSU5zVDlmVmdwNDJ1NTZseTJZMkNaS21xMWt4djhIdkFW?= =?utf-8?B?Z3hlVjVGOGFmNitDY3FxRGJEOVl1blVpSlRXVW5Nb2lld29iK1MvbVRzenR3?= =?utf-8?B?aXVqYXJIODBCQThwYWxxSmtsU1F5YTM1d29VNEgwRFRvZ29EMFFNU3J0MDc4?= =?utf-8?B?MWMycDFwSmtjOEg2ajJBUGx3V25RbTBSYWxaMnhGcVgvSHZsRnlWV0JFaURN?= =?utf-8?B?dzZTWWxmY2ZUTkRZeDNKUGF1dGRUMW5tSEphY3d1Q3pyWHhpVEU0cGdLTmd1?= =?utf-8?B?RHR4Yk42OGxMWmhNL3NEci9hNWttS1RFcjArSWZHaWtFbzJvYlJvamhQUUdq?= =?utf-8?B?elV3RmZ0bjIzdjJxQ2lxOTlrZ1d4cXArTWpHbDdoRU00R0Fwc2t0bmZueXV0?= =?utf-8?B?VGU5dC9XR3g0d1VibDdrNHMzVnV4VEQ2Q2tnN2RpVTBFeEI4Ly94R1lUeTZN?= =?utf-8?B?TlI3VERJUHVBeEJ0Qm5MYjBWRmJnczNLc0U3N2FVbkphK0prYjRSNnVyNDBp?= =?utf-8?B?T211cmVWbTJGa1ltbzh4THMwUEZ5bytnUzBSVGVuNWhKckdkS0lMOWxac0JD?= =?utf-8?B?aXJwSXRaQmd5S1Z6Z1E2Nld6MEp2WlNTdXFENHg1aWUxN1pyMWswM0k5MHBn?= =?utf-8?B?SVdLdVc1bmI2aEwyaWNKeStoT0E2d2VybmRwOGRKclI1bFFHa3JOMEgzcllL?= =?utf-8?B?cHZ2eUNkemdzY0lNdFNPakRERVpMUXh2Z2x0dVF1MGx3RWtJNlZyMFpySFRo?= =?utf-8?B?OEM3NnVkd3dnVXBuNmtXRjFTbnRzS3Q1ZHBrL2VoL2phSmhhSW93b3VCbTZi?= =?utf-8?B?TzJyNVFKZGNkRzVXZVY2eXByUER0UjlUUVZUSmRyZlVtQWRFdXFlMjNBZmIy?= =?utf-8?B?S2dmbUMwU3BBYXU5eFZrdmREZDZXQWswQU10TG9DakprdlFHQUpRMTlBRjA4?= =?utf-8?B?bjNydGtuWG1pZ1ZKTXVtemZQV3BTZkozNUlITURaSWdJdUlxNkw2UW4zRGdI?= =?utf-8?B?VW1nbEZKZlovdVg2T0svVHQwS3IzYk9DZmxKa3FBdlpIb1lqOGhINGZZTU1N?= =?utf-8?B?NmU5ZzBGYlMrdWFJZCtLVWxYK29nUVFnZjhlNk1EM1BIa2wrMmRBcFp2bWxo?= =?utf-8?B?NVFYT3NVOWZCNFR2UXdoOENSbWd3YWxZZkZaMWR6Q3NkcEdiZkR5VEh2dVp3?= =?utf-8?B?VnozN3JSM1RTb2Urei82ZDlISDNEODNQYzR3N0hoSEpCNGNqdlFoZUNYbHhn?= =?utf-8?B?Y1BrK1g3YUpWSHAyaHJLWGg4b1dkdVBld082V0g1UmhBYlhsSVVGTS9rbDFW?= =?utf-8?B?RCtLUnFoNENWNlQvbnAxZzcvemIzWnRMTS9pbVhtUDNaTFU4b2VKVFdzUUJn?= =?utf-8?B?YVZyWkhIaXNzU1VOY0c5M25RM1E0MVJVWVhsOGsreE5vU1hOd3luNFdVWG5w?= =?utf-8?Q?jCZBJaNE7uRH5MMJBmewZ2L0Y5YfehmL/ExFPz0?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a3b2e3c-b068-4366-9e2f-08d935a580c4 X-MS-Exchange-CrossTenant-AuthSource: BYAPR12MB2711.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2021 17:45:19.7160 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1rjUl4AfhImPwrvBn8M0rOGqwj17lc0Z93B/CleDsLpjQKaJCWnFc/Vxovb3Nkl5ZWGTHU3H0gZpKSvPnRkwig== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB4711 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Ashish, I have queue'd to review this series for later part of the week. Just curious, did you run CI on this series ? A quick glance hints that this series may fail to build on some platforms and additionally have formatting error. P.S: If you don't know how to use EDK2 CI then buzz me off-list. thanks On 6/22/2021 12:20 PM, Laszlo Ersek wrote: > Hi Ashish, > > (+Dave, +Paolo) > > On 06/21/21 15:56, Ashish Kalra wrote: >> From: Ashish Kalra >> >> By default all the SEV guest memory regions are considered encrypted, >> if a guest changes the encryption attribute of the page (e.g mark a >> page as decrypted) then notify hypervisor. Hypervisor will need to >> track the unencrypted pages. The information will be used during >> guest live migration, guest page migration and guest debugging. >> >> The patch-set adds a new SEV and SEV-ES hypercall abstraction >> library to support SEV Page encryption/decryption status hypercalls >> for SEV and SEV-ES guests. >> >> BaseMemEncryptSevLib invokes hypercalls via this new hypercall library. >> >> The patch-set detects if it is running under KVM hypervisor and then >> checks for SEV live migration feature support via KVM_FEATURE_CPUID, >> if detected setup a new UEFI enviroment variable to indicate OVMF >> support for SEV live migration. >> >> A branch containing these patches is available here: >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fashkalra%2Fedk2%2Ftree%2Fsev_live_migration_v4&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cb6f0cd9ca0cb4203327908d935a21cb3%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637599792656890122%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zwiAg6jzSPYtUA8UARYE6K39Q3VCJkhm9Ey00aGYC10%3D&reserved=0 >> >> Changes since v3: >> - Fix all DSC files under OvmfPkg except X64 to add support for >> BaseMemEncryptLib and add NULL instance of BaseMemEncryptLib >> for 32 bit platforms. >> - Add the MemEncryptHypercallLib-related files to Maintainers.txt, >> in section "OvmfPkg: Confidential Computing". >> - Add support for the new KVM_HC_MAP_GPA_RANGE hypercall interface. >> - Add patch for SEV live migration support. > > I have absolutely zero context in my mind about this work. > > By v1 / v2 / v3, are you referring to the following patch series (from December 2020): > > - [PATCH v1 0/2] SEV Page Encryption Bitmap support for OVMF. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flistman.redhat.com%2Farchives%2Fedk2-devel-archive%2F2020-December%2Fmsg00081.html&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cb6f0cd9ca0cb4203327908d935a21cb3%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637599792656890122%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QkZUdYyeWREfXyx2%2B32chbp7dMzEVfBb78dEsecduFw%3D&reserved=0 > > - [PATCH v2 0/3] SEV Page Encryption Bitmap support for OVMF. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flistman.redhat.com%2Farchives%2Fedk2-devel-archive%2F2020-December%2Fmsg00198.html&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cb6f0cd9ca0cb4203327908d935a21cb3%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637599792656900118%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=TH%2BbYo%2B2CZyOunhIpegEjqQkdXlBuZsiyWz1k%2BGXtQc%3D&reserved=0 > > - [PATCH v3 0/3] SEV Page Encryption Bitmap support for OVMF. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flistman.redhat.com%2Farchives%2Fedk2-devel-archive%2F2020-December%2Fmsg00202.html&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cb6f0cd9ca0cb4203327908d935a21cb3%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637599792656900118%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=css90wZ%2BFgbYm%2FQjvCLIFZwwozZz3dfzaVPDpsQsCsk%3D&reserved=0 > > We certainly need a new TianoCore BZ for tracking this feature; I only found the above patch set versions because I have full text search for my complete email traffic on my laptop. Sending v4 after half a year hiatus is like sending it in the next century. :) > > Anyway, where I'm particularly lost is that I (very vaguely) recall conflicting approaches from AMD and IBM on migration. Has an agreement been reached there? > > I certainly apologize for missing the context here; had someone asked me if I had seen any version of this patch set before, I would have *sworn* that I hadn't. > > I'm basically incapable of tracking this volume of development around confidential computing; sorry. > > Laszlo > >> >> Changes since v2: >> - GHCB_BASE setup during reset-vector as decrypted is marked explicitly >> in the hypervisor page encryption bitmap after setting the >> PcdSevEsIsEnabled PCD. >> >> Changes since v1: >> - Mark GHCB_BASE setup during reset-vector as decrypted explicitly in >> the hypervisor page encryption bitmap. >> - Resending the series with correct shallow threading. >> >> Ashish Kalra (3): >> OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. >> OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall >> OvmfPkg/PlatformDxe: Add support for SEV live migration. >> >> Brijesh Singh (1): >> OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall >> >> Maintainers.txt | 2 + >> OvmfPkg/Include/Guid/MemEncryptLib.h | 20 ++++ >> .../Include/Library/MemEncryptHypercallLib.h | 43 +++++++ >> .../DxeMemEncryptSevLib.inf | 1 + >> .../PeiMemEncryptSevLib.inf | 1 + >> .../X64/PeiDxeVirtualMemory.c | 22 ++++ >> .../Ia32/MemEncryptHypercallLib.c | 37 ++++++ >> .../MemEncryptHypercallLib.inf | 42 +++++++ >> .../X64/AsmHelperStub.nasm | 28 +++++ >> .../X64/MemEncryptHypercallLib.c | 105 +++++++++++++++++ >> OvmfPkg/OvmfPkg.dec | 1 + >> OvmfPkg/OvmfPkgIa32.dsc | 1 + >> OvmfPkg/OvmfPkgIa32X64.dsc | 1 + >> OvmfPkg/OvmfPkgX64.dsc | 1 + >> OvmfPkg/OvmfXen.dsc | 1 + >> OvmfPkg/PlatformDxe/AmdSev.c | 108 ++++++++++++++++++ >> OvmfPkg/PlatformDxe/Platform.c | 5 + >> OvmfPkg/PlatformDxe/Platform.inf | 2 + >> OvmfPkg/PlatformDxe/PlatformConfig.h | 5 + >> OvmfPkg/PlatformPei/AmdSev.c | 10 ++ >> 20 files changed, 436 insertions(+) >> create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h >> create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h >> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c >> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf >> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm >> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c >> create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c >> >