From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.40.75; helo=nam03-co1-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0075.outbound.protection.outlook.com [104.47.40.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2EBC2223C179D for ; Wed, 21 Feb 2018 08:46:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GG4hsdwF4exT0kk9n4bIVjujxcrVo1rR8hV4fmKQGkY=; b=iDDeJtOSx3eZ3oRE4pxvb7CWHrtbu1Yx00etypB0XIidfLL6BpDl3O//S7vYzrzatZxTIxGH0n0VBVIn4XjqrHlA9g+QIoIIDZEyGn364d9b87KvKt4O9czEgGFFkTur7E5U1sihf3ZN2Ul5IbvUgkOk/oYj6C01raDvgnya1NE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Wed, 21 Feb 2018 16:52:35 +0000 From: Brijesh Singh To: edk2-devel@lists.01.org Cc: Tom Lendacky , Brijesh Singh , Jordan Justen , Laszlo Ersek , Ard Biesheuvel Date: Wed, 21 Feb 2018 10:52:11 -0600 Message-Id: <20180221165212.6643-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180221165212.6643-1-brijesh.singh@amd.com> References: <20180221165212.6643-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1601CA0017.namprd16.prod.outlook.com (2603:10b6:300:da::27) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4d486350-78b2-488d-30de-08d5794b82df X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:7RMAeVB8hJZMhwfXxsiN/jwtX3K5jDqk2LD37AGrm7731WmEuLuGFDBN1j2w+1FQyBdTq2kHP5P49o0dnARPwpBaa7sPFXjkEuKrIIAaI1IbIx1+yFGiz4DOpbOA1iquexjTgVJIi1gPrywCowfM0EOv3qSo4us7Sfp4fmczRlQPwhsTo6JFhYT4FvirOHuYqkmaG2FU7iGtVimIazcL30oapSa0UoVnUsIRAjQD/h5n19JC6OkgHo7BXcsPkeyj; 25:ekyL3o5zIdBRCLdqRVoWJz8vTv1hUK8+tMeWS29AC9oCqryhus+eKii0eO59OmXM8+oWw9dqHxU+U/nv/sBfGEA3UI/snirD/USmdivc2tzI5rthOZyHdFCT+ecY22EYpFncvYSS6q5BEAS9hMoEnEfCdXztWPOi6Ptggyvmz6iHQ53ovSP1zsrLcgFQDkkNCU7zo7RDmI3SKbBuhUDtm3n+1Y05synOQBd/0ydPrv5gLdmUBFzSCC9vyFbNZH8kisU3ykZOSGFamun9xZ/KZpXkjh1gLs640VLB1sfTMhZSAgXaJ8dLG/BUxj1vlyjSuhXFJwVPuILfmD8nNU7Btg==; 31:+jJ9I5Q8Q49hqMm+bgipgPjMTp6M1DELNnajKP8tsbi6pgFgx4YOVpIy0VE0xmbiAWb/pyapYsvWc6CFuJ6CDy5GVv2uygEE4bhqV9a2AaRECpbVvgvzZ9TJ/jmnbLL2GNGThiGAc0v3vWroTFC6uc+a3KqcoArMLCRbMUT9i8NQoUWH2Vvj36PTNaPC9tJ1YC7uBrldBGPY87FPRwgw9LjW/5TsvFuy1qXS04YfJgo= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:2Az7mW10qn9YjkMyYG9WYJ0sFZGwVI4d05Tk8q6CtWKeVV8ZoSwklqjx1pg9BNULFYAfBU9x11aS+6muNjIRU12lpXqDJ8o89owq8p6bVzsH7QgynaxN5EREYioBeyvrGLArDFgP85M4NJVkwKypxLTPO6x6chawXiUmDieLysKSj6oX2cR/C/yZ78KBJoQ19DfEc8FtE0e6ev2rpyJD+lWhe5j0DyQOV3kd7AAS56+ntlN+qAbf0HHfqBRBFIvcWHK6cCHFWq3IvrQbHqbV+TqLyxK9VQ7Kuv8UVivpZSk+9InYnB9vrqsXZ/2l0LEHwhpb5ekvvCLUvH+z2BBmNTTOtDtUUUKbKhLZqpD9Hspdi59afALl4SxBSAaqMj7cUebieEZMiUfXCA1QrRj/4G/1kCEjmnvoZROOPBv7roAUhDn9m7dFQzvFlYKADLXWcsyyNx1ESIOlGe5/WwEqREXhobcigfOyO/T4fsk6fIqxdKDzvZHkiiOoEXqOGWfq; 4:9xGvnTJ6MCOzl+DMow+kNjTmjiQZDw3QT3fkFOb7k1ImQ/TxT6NH6ItIq0LOATmT7EFsWST0x69JjdiiRwTyJo2KGKmWdDH1YVUllO3Yrf82LAyxW0tQeuR03geECkThPCXx+9vXXvbCT1rExkTMH+B3t9MNhWlGp7q29fXJhzjkXeGOg9THRF4LbzWdu9ur6Q6c+pDToDmJIVIINGYLXRgKop16Qn4tRg1duLJISThi55d1lkwxmUqMC25TAzGjsHO6RTLFMDxN2EewrnksYNo2XCHqvf8nbqjoQvGVSJ9NmZ7kkYBJvhDrd+Zcm3FcADHgryQuWi/af4g+GnsKtA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001069)(6040501)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231101)(944501161)(6055026)(6041288)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0590BBCCBC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(39380400002)(199004)(189003)(8676002)(16586007)(81166006)(2351001)(76176011)(68736007)(52116002)(7696005)(316002)(105586002)(51416003)(2361001)(106356001)(50226002)(97736004)(47776003)(3846002)(8936002)(1076002)(6116002)(36756003)(66066001)(2906002)(81156014)(7736002)(305945005)(50466002)(6486002)(6666003)(53416004)(2950100002)(6916009)(53936002)(5660300001)(54906003)(478600001)(26005)(4326008)(16526019)(386003)(186003)(86362001)(25786009)(48376002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:jxLyEeu44HePsa6OGUUI1Q/9m+POTfp7fxXUZlbG5?= =?us-ascii?Q?+a48ueeGMDVlpziqIqdVMWWwDIivn1PILXVQlG9YjstEPRzxiyFgUftavd3I?= =?us-ascii?Q?pp59ZoCPXXfEUwTU+XH89BpwepyapCyhKvHYap2pQ7Svdh6BTxdO++lnX1Lt?= =?us-ascii?Q?VOl7mFObudfXjEjElwqBdczCTU3jqCHSVMBEdrN/dUrsJ02uMxyuCkfCVgof?= =?us-ascii?Q?OLhO78ethNn4pbZPHEt8/GgCUQyk5fBSRR5j9fk4+3delawEv9Uqd5OLJvbN?= =?us-ascii?Q?lr4G7n+PlB6kKyq8mrxLEDGeBplCQQPQ0jEXBku48CiXP4Buc/REvENi61wN?= =?us-ascii?Q?Saf6JgvxvxinSpkemBVu26tXDsrLSIEbVGc64fX4C0nWB7esPoyoSx1NChE1?= =?us-ascii?Q?J30C13OEi3bOpbaGuaMIb9uVY1w8ec9y3DDpaWr3/RCC1Bfu6+XUo6qdNsj2?= =?us-ascii?Q?VombAtAB0ZF7/9IZCWs88KjKVFXlnmdJ7xBS1IqpjzYojuKlAq4iWbe/6w9C?= =?us-ascii?Q?Nfjeh6KL4JwuMRGARJqluQ//4TT77KuBwJGwEQejaY/Wg7oOqihopTKLyfVN?= =?us-ascii?Q?bM5kfxcNMDVCllWSK23WsTroFu6vorIgtRYRSWgqERNT3wmPhQZoNa2tlEST?= =?us-ascii?Q?9/Vg+c2ws+FyrVdaSQLUOBobWx71wb+8iSLTPhAsTLwsPMmMD/wr6IeIuw4z?= =?us-ascii?Q?wfl9kfaazmb0CbdEC4j7xhDF6K0Yq0w9TLRnm662XKKzZTNzsvnsU8pRdsqD?= =?us-ascii?Q?hepbXopubUgQAESMtsZF+ihV6IiVVRGL/oDWXPxXGvMGBkapmAX8r4LMJgfN?= =?us-ascii?Q?SAq/7i5hAUd5wMfU1PtavSh/ldZf9Nh+mHjWVIbs1EPKE6/x7sHi6EeLOotq?= =?us-ascii?Q?TCDsRpZ+pQaXgOevzGhSwyIGcXx7sR5pRNlJ/rmBN3T0tg/U4IC378NT9EPn?= =?us-ascii?Q?DU2yw8Z4BzDvShGZB+vzytEqUfLPPvdYxBeXihsjPmGrrf2E+cwI9B22HNlF?= =?us-ascii?Q?hsUbrlzRFMXuOt3hBg/MzKzJpY0njaj2bQFSVZc3eNrI8I6qWixaWqCxI04H?= =?us-ascii?Q?IrDQCpT4nkPgNqRrfoOCQichr68OTo+j1eFm2AUMDu9i1tpjt5UF1LnTZM/t?= =?us-ascii?Q?fDJzPUbNqR9Eq53WfjxTISTaoURN9s6nZaAnk0ypflJOXZufqX1uEjPkB0W8?= =?us-ascii?Q?hKTglLiIvsSsC0=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:VeyQqnJ4Sunb9EBMRBwheTxxb1Z4HZh56xKPlunqkLpzyPHDJlFeAmnlc0hU9Ey7fsT37Ua3g8PPmqiMI5TMXQADy6fDkobt3j9BtN7HsCrV7/s7w0VivwTGKOLfrdpE5JEWSh1DbZ4C6y4BF9wVmEvKOcaSJ+eeoZaP9i+FwxYeFRlmdIOPbJpdzhFkvdtzjTfROkxjI68HHE86fr6iwO2GHldluHJe3tjPWXYLeYuPPys2A7bG/pMqWCrirosoWyEzH74+iFHwGmXekS/FRs9XF5xdEqjtvk+KUN+exXofG6hSoLOnarrYbMtktgLRxrFTdyvEBzSjSZjvU2v1CNHcQx+4J1QjgX4M9jZXxI4=; 5:X37f4+3v2A9j3WXOjG2Um7B6Vm445zTEtQnn66ST2K0OQgIuknK6S/PdZtcHSEW8DbguwPCugSZrgLmMaG4CkIiCjsbEVX3/B4wfhvY1NwZFlQPKgT5tNcwTtndymqH/kDgbgV3plSFIP3wVhQX63XEJYJJ3U81HkMJ6GFwJIn8=; 24:oIRYEO3KchKV03laJoW7s+h9/RVchWhun/p6kbwwCFi9BdHyS9dKV7u5KzwtB/UnaN6/xi80VnvlpJw/K9m7J/suD1628v0O08zHOhRLqJk=; 7:rjYTJAFo8BghS/KSfz3KgAGJcVZK3UfOqgT9Qi+VAsSqKwQUOZ1V+2sGP5wWHIBqH1AUG0nI4O0mVr0bcYenMLC/A9di/nLSCF3cgSCyISKW7xGz6NxTEkQALS22eM1yaeJhyOB1UPQ94MhiqF7eM72lsJv1Gbbmb1XxQjZRwTByjC0Br8ZJdSB/yb3+87505P6PnGSzZQUGUid2Hs/St3NG2lBtOG1y/4grP+vfy6Vijs8i65fak1V95MPIaV5S SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:zStmLkptlyf1LRppRptD/0LjNx8gM8RIUZKcKoxbh/dBzXi2VpZLJYJmaSsWbsYaBukLFPV58eu2HOMbOcNmP3MyjPwiOcOw3xJG/VH1FyGxPsua7Guv/KQmRwXjoS2PBOgQK4gLe8D/7sKoIYGgGCP+EmyuPB/MV7OjqppW1lRa+iX8eAE1KYUqyXvz1rG+Uom++K94UEWOr2sEVaCvPpF+i4cpVo/S60E38DDWgLeu0YP0LXcjXykSDw9RN6vt X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2018 16:52:35.9372 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4d486350-78b2-488d-30de-08d5794b82df X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 Subject: [PATCH 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 16:46:38 -0000 Content-Type: text/plain When OVMF is built with SMM, SMMSaved State area (SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET) contains data which need to be accessed by both guest and hypervisor. Since the data need to be accessed by both hence we must map the SMMSaved State area as unencrypted (i.e C-bit cleared). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++++ OvmfPkg/AmdSevDxe/AmdSevDxe.c | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 41635a57a454..162ed98a2fbe 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -29,6 +29,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec [LibraryClasses] BaseLib @@ -41,3 +42,6 @@ [LibraryClasses] [Depex] TRUE + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index e472096320ea..5ec727456526 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -25,6 +25,8 @@ #include #include #include +#include +#include EFI_STATUS EFIAPI @@ -71,5 +73,22 @@ AmdSevDxeEntryPoint ( FreePool (AllDescMap); } + // + // When SMM is enabled, clear the C-bit from SMM Saved State Area + // + if (FeaturePcdGet (PcdSmmSmramRequire)) { + EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress; + + SmmSavedStateAreaAddress = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET; + + Status = MemEncryptSevClearPageEncMask ( + 0, + SmmSavedStateAreaAddress, + EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)), + FALSE + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } -- 2.14.3