From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.49])
 by mx.groups.io with SMTP id smtpd.web09.451.1609968169509812234
 for <devel@edk2.groups.io>;
 Wed, 06 Jan 2021 13:22:49 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=Nvzji/5l;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.49, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QR8jqMO3YDiwIc1vaDHHQC3ZReetAZNv7nZZ1ftEgNqIYMKGbBB8bTCdFkh6ZWQJTpAAxcZ8GXCFdb7t53rIRMCryoJGhdYqvBaAJoQICwy/925Ce3g1S6eWNDVNh1UzpQof90L4HL/v+YfsSnOrQlO03ClpCWJ2VWHwt27nnbkBzRWfQ4rJzE5S0iPA3u1/I1edfmjbWUKKDYftG/52bjxKoXIsRNDoO7Af1ViSUQcqGlS/sgl8MTuYpgd3n0KLhE2PW9yx9mddk5WALS6GS3OzGNYPd2tU2/ck3qpG8GTVR/OIvlz/zfkCvebZLfkvQpx4EAdyKdO1Gy3HL4/X4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Fl5c+WUyti+6Z3EUPP8krTRnKF8JE7UIwuZUxS7tsxY=;
 b=M0i56wh0iZC1+1UcWEEFZrxlZ3J2vSR0WxkR0X1D9neJZKWFMtgU7JYst1HNB+uDgbQCKG+1FCfnvGasQLh6M4QHTM37eF4M3QmEm1xQE6E5gtF8ok6G7EQkLICfOeNyBaP/fQL/ZAchcVkohCpnO/JCmhIlMCfB3ocmLMjcF80e178Y4LY3jL2IR9nk9X5LVLIjly7KhflyX1XzY6ckIWbz8QdCVxAlfESQIJRePHgycGiZZMZqDAPk6AY1Iu6QFZM8sPVeJvFp4cizoqG6uZFUCp/UJDmnHE/b766k/uDTV3Zee0KPmPJl7zTF0o0tSG3LoCSU6OE/a/eQWDziWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Fl5c+WUyti+6Z3EUPP8krTRnKF8JE7UIwuZUxS7tsxY=;
 b=Nvzji/5l8S/AsPxB8ryvcY0m/s+oiGuq21j0Nk1upEG8ZMGb4fiTUQ6cecC1UnBInArDPuzTpjdhxCintGgojdKVPOykN3oOzM5ISUXgfuvOXxtAl+lVOuLEPkpWMb6vkt6xOddEDONEJsfeQE8bP6yexT64bimqsptJVNhs0P4=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by
 DM6PR12MB3578.namprd12.prod.outlook.com (2603:10b6:5:3c::33) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3721.24; Wed, 6 Jan 2021 21:22:47 +0000
Received: from DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Wed, 6 Jan 2021
 21:22:47 +0000
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: devel@edk2.groups.io
CC: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: [PATCH v2 04/15] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check
Date: Wed,  6 Jan 2021 15:21:30 -0600
Message-ID: <1c6e5ce7612f64fb1e4aea5f642d01572c063850.1609968101.git.thomas.lendacky@amd.com>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <cover.1609968101.git.thomas.lendacky@amd.com>
References: <cover.1609968101.git.thomas.lendacky@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA0PR11CA0059.namprd11.prod.outlook.com
 (2603:10b6:806:d0::34) To DM5PR12MB1355.namprd12.prod.outlook.com
 (2603:10b6:3:6e::7)
Return-Path: thomas.lendacky@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from tlendack-t1.amd.com (165.204.77.1) by SA0PR11CA0059.namprd11.prod.outlook.com (2603:10b6:806:d0::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Wed, 6 Jan 2021 21:22:46 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: b193ce88-47cb-4b2e-cabe-08d8b28936ad
X-MS-TrafficTypeDiagnostic: DM6PR12MB3578:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM6PR12MB3578FCEE21CC130FBE0C1612ECD00@DM6PR12MB3578.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:1247;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	0WmjLRlyAlePsGgwScnz6oAI904X4m5WRnqc4nOYI84gHguFV8NcoU1VqUHy/gbGxKA7FYw4wufo4ZQsw2KBqbBa9grNuCJOsG6Wq1/E/nXH8kdIde4ff0iRETDpjvasxFM5CmHlXFbFOsmd7PUX9RqoO5sLTIUODmWRO+Tyh7oubY1pmLy/q9GF8Ovr/Ue9gPDJxv4hLA7MexkO28WXIDuVbb7jEwAcoy8yu2fV9Je4wBx91yloAN/vnOpEhOnZOguv3jNVpLDLa47L3+md7umu/T/k4JOSafJynK2EeJUh9h0n7RdQ4fyVInoE8MsUEPIevFSG59tTymAK/xM7n32GkSiEi5Cbv2kJm/XdHw4TVW6Ir4UxGIduqPO0H+5Sz+khReJp9wzM+DZM/C4BRG42PKkHG3fFZ1bNUtd8UVUh5qDcUrk03o/B3SBK7WYndM21dJB6QoK1fXr+HNLctg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(396003)(366004)(136003)(346002)(376002)(4326008)(36756003)(956004)(16526019)(186003)(66556008)(6486002)(66476007)(2616005)(7696005)(316002)(52116002)(2906002)(26005)(54906003)(66946007)(8676002)(86362001)(966005)(5660300002)(6916009)(8936002)(19627235002)(478600001)(6666004);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
	=?us-ascii?Q?xBVCivC0AxuTqNtu4FRHulCFTvkQ/+8XBImkH6rG7kWdFdcKePCJlh1ptf8I?=
 =?us-ascii?Q?hpOszjhHoQnKVPUSFCNNg+dtOqNLKXcbuyJJyB+cg28UsZU+RgVcH7Zp2I3Q?=
 =?us-ascii?Q?83By3e0OktDctpF5mT5FLaQtmbn1Y1tslK0vljofWlNEf07pnWEo/uvYUEyv?=
 =?us-ascii?Q?udxHV256oRRld8VYlBjwtOD7LUTUxtagdzRSInYbqjRikDT9BwveBYEmJ/bC?=
 =?us-ascii?Q?onE+TPcB0qgisVbrSTF30WO8OBlWf8vTedbArsQCJTEYLk4j8dJ6vh3Oa5zl?=
 =?us-ascii?Q?q3IqvYv8m+rZZuydSYmkxL+tzKDsH2mTCCK+WLxnpBuGtKlTBUFTW0p3ih44?=
 =?us-ascii?Q?li/vLIZbGnoBTtaP/XPMXa3akKpEHdvNOSktE77TddIQ52aDBhNk91zMKrLb?=
 =?us-ascii?Q?CC5S5r1/6CMhOJn3VRINnXJ0cX7A3D+PTqr0lXxvDLBWEqrw/qQlrmSY3Cxt?=
 =?us-ascii?Q?aQ8YNHfEWqeuKL+n8RKG1gcc6q000NFHW04KcLenKINtjroRY5hYggETGn5Q?=
 =?us-ascii?Q?DvSZ1BpsHCYez5FIJrx4TvHxeiHellpfvwnLLJYG+ZTj5VdfiTBroU7NFIIw?=
 =?us-ascii?Q?aIqrDcpj/uW4gghQnO6EFwKfiuzavzMTGI/0J9uh0VEODyZNmJWVVwbkV3u+?=
 =?us-ascii?Q?/2j+dWOcQa5Vl7O+RMkKsi4W0gcuO7UPS8szpViFd2xTNMP9H4up/MHbeFdV?=
 =?us-ascii?Q?/4EvSZlDqtZlmNTrBJlVsc7frmSg9jmYH4Q0k+x+1tI7T68k8/gDi14yeAin?=
 =?us-ascii?Q?D+h+6Ch4vAr2e9Gkvhdo7izdjScV4HGaqiwHp6m8Wnm+c18kIHeUCZWL0H4v?=
 =?us-ascii?Q?ji43KwrHbNTUjkxsgkK8ZVoPF/yWw6JuBOOlOjmITT6sikvGLlxBzpzpB8EG?=
 =?us-ascii?Q?4Sdb44kjB1NwRruJfEpL1294V2XTXpyVQfqTX7fjMUHTuSIRyZlNO8Lk6Io2?=
 =?us-ascii?Q?nWy96/BGGFC9bZsoCckMApj9po3B9rk5imn/XQ9YT2jLV7lk58GSm+pzYFov?=
 =?us-ascii?Q?Mxh+?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2021 21:22:46.9398
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-Network-Message-Id: b193ce88-47cb-4b2e-cabe-08d8b28936ad
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: F6k5S/vhC3NMgS5Q1keoCGWERBw7MiuKuOI5FRjDqgqOsSMD1bL1rKY4UxCVQmT9RF9biFOVvnTYC4uH9+oi3Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3578
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

From: Tom Lendacky <thomas.lendacky@amd.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3108

If a hypervisor incorrectly reports through CPUID that SEV-ES is not
active, ensure that a #VC exception was not taken. If it is found that
a #VC was taken, then the code enters a HLT loop.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index ccc95ad4715d..a1771dfdec23 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -154,6 +154,22 @@ SevEncBitLowHlt:
     jmp       SevEncBitLowHlt
=20
 NoSev:
+    ;
+    ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred=
.
+    ;
+    cmp       byte[SEV_ES_WORK_AREA], 0
+    jz        NoSevPass
+
+    ;
+    ; A #VC was received, yet CPUID indicates no SEV-ES support, something
+    ; isn't right.
+    ;
+NoSevEsVcHlt:
+    cli
+    hlt
+    jmp       NoSevEsVcHlt
+
+NoSevPass:
     xor       eax, eax
=20
 SevExit:
--=20
2.30.0