From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.32.52; helo=nam01-sn1-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0052.outbound.protection.outlook.com [104.47.32.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 91586223230EA for ; Wed, 21 Feb 2018 08:46:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=nk2pDONs8QIv6u3mGP0P/fpFQ7T8BUpGEbfrjPHJ67Y=; b=DUhd/rwIW8jqvAYFAtlvk9HkSpT8veuQzFDA3bglyJ5szxhxQJYwI6pzq4wZQ8PWCc1Cmq7+mNpKyFvU8eklN/i5L4LNCQdwFk+ahIDdifpVokv4r2EYcTQSG71pzf/dDclNUmztZYgD5Su23tjAEZ8Y25djuVwbygm2ShyoAg4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Wed, 21 Feb 2018 16:52:37 +0000 From: Brijesh Singh To: edk2-devel@lists.01.org Cc: Tom Lendacky , Brijesh Singh , Jordan Justen , Laszlo Ersek , Ard Biesheuvel Date: Wed, 21 Feb 2018 10:52:12 -0600 Message-Id: <20180221165212.6643-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180221165212.6643-1-brijesh.singh@amd.com> References: <20180221165212.6643-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1601CA0017.namprd16.prod.outlook.com (2603:10b6:300:da::27) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8a6ee4bd-c0c2-4b95-8aee-08d5794b839b X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:3BoYkIe3VWEcvuoFLRqb4/J01Jhh6khWWMzuNieYdJlBOfDKqm23rGQrU/wJuBnin4BIkuatj904AyYJKSL2q/eI7dUgqxIVA0JUQI3rqrCKAKk0Dq4GaxmbdixFOi2jbbSf2y1OBVIh0MeUDzVsML4i7kvo8x9JuCvwXL/bXPeA/DvmCEIPz4T7tn0Wet6xea05Wsxc4IDVYeTxWbUqyBZoiVqr53VDCDwf4XI1WMOsA/NeXU1RcXMxIis9KvKj; 25:Hfwr+htuyMIaC2oVeRzlCpWa+8cx98Wfxeju8puqx1BTdJlGU5XE25yZKLOoChLrnzDY4YJXTq+PPG9fQnTuPjnrQGToTwKGgV56XRC8XrMJcpNN2jy/7ZEVWGLQn2EqVWorp0/b/Au7LJHrOtnwuvaCAPfLWawPYsf4U/5RKxb2OU5WVE2TYyI6iqKS+ne5k6ilLx5/qxbIYXcyiF5CR/eV5D2ABfmyaDOO7iv5SH2LrXzOZkSEvtbK34IeKrMaIJFdaq31qEKrCNHGg6opJSD2h1C62v5oqQ340e9SeQARXhanMdB5wGnlPPW4W7bJFArUrUmWznqaAIJwKFChTQ==; 31:c8je1U/ym5L7SOQKtEXb5dzV7rKATa6Jdg77Pvlss4/PQz6ceBKgwpIdU5rpNWDX8MrSnnNSjLXcabDHWAZbYi2SbnsXSh8kN1zt3iZMKDbADzLYgvy+PRM7llGjzujDwXqO4OxF1XKUpEEiG7LZlLOYKtwfH10Xj5Wfntwy1mStzSraRGSQzvEGcNpdoJRSGHAO9QFemFN9u62e059y4kV1+IiU/RxE2uWMm5jYrSY= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:awwzlxN4TPQ9qVfBMP15TGlprvZxQ1eostLuDIg/eWWqVVFlmoELTznkQCQWVO3bxH7omOXGsOkJ/omp6Jlr1eLbnuFxVr5wwKoUMyVi1nnZdEgqrSYYvi6UR2Cysn4DSNh47AxFwuDV5bptsD5hFEE/xAWMXIANB9zamjO9MCb0CXBu2FcMCVi/45IAsxQpXjLrBp4BCYrhUi70yh8rfESqhvZpge0uupBWOoXEpypos16DaSkvgDgaT+gkBvncWBvAXJJAOdB7vILlERZZBYIJqyOsGNK7ah8Lg6XGFc6WqneE7XM4Xj7pw7Ldrm7Mo/queF11MArBY0GXji2v92rm3XTCmXjgF14nnnGgcS80FefM0P7m97lt6hmt+Tz4S270U5AueILtDaiFR7Dq/pjfloKm5sCzLYtDIiBfnYj3WLHzSg41whGPXgOrZRFav9pOf27JOQZYKTnd6VCrth03IY4PI1E56CLCWqgAP9T1e3IjFP4NynhrZf+lSoZf; 4:sRGZRKOd24AKfoCvLc5SjtYcC8yLEjte946IIBF4k6J41wxZ8HLrzUZLHnTPVEkPa1lF6ELymWDxf7e1t6rnuazxZbQjRGaQm1bkRi+p8WA61ViZNABYtn/hXbSRYKR70j/mLYglsOxlMksjn4D+dBzmlZRYbqWLraMlGG/Q8aBQt8jYOZBFI1lJAYIquKv1dzXmb3jDF5tfAQPVEJjPfNz6B1PZ4ETMmjXgMBeyvF3ZFSbG0p78PKccc3eC5KmbBfw/c0gNYufypcXzHDz3YAtobnd0LCS3UT8rHhkczB1ByuTrDPeuJcjFxwbYPyi+8L+gif/B+X9aT8lNswPAHw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001069)(6040501)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231101)(944501161)(6055026)(6041288)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0590BBCCBC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(39380400002)(199004)(189003)(8676002)(16586007)(81166006)(2351001)(76176011)(68736007)(52116002)(7696005)(316002)(105586002)(59450400001)(51416003)(2361001)(106356001)(50226002)(97736004)(47776003)(3846002)(8936002)(1076002)(6116002)(36756003)(66066001)(2906002)(81156014)(7736002)(305945005)(50466002)(6486002)(6666003)(53416004)(2950100002)(6916009)(53936002)(5660300001)(54906003)(478600001)(26005)(4326008)(16526019)(386003)(186003)(86362001)(25786009)(48376002)(213903007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:yhSNr4OGm3WSRqkLEo4yeEs1hu/6gQGGlH6fh4WRF?= =?us-ascii?Q?cfvy9qTwkKpb4dks6vIllxWRvouDtL4ZT9Yh6cuEDDLoB1Rapjkb3bOIKCUN?= =?us-ascii?Q?NpVw1SqeD3tD0q6JSfvNJeLtPtdzqPDUu6DOQAt+mo58KQyFiy+bTty2Pw8u?= =?us-ascii?Q?lT86BQx0td8WmsF0jyKF2ItDjDStDH2ERPCzxBZB4LfCptFYsDSL91ZSO40t?= =?us-ascii?Q?XIo5VFDaFOlSVHZ6jmU3kiohgYpF/17zB5J2nJ7LkRhTchcft2qZ1myO1Px6?= =?us-ascii?Q?M2c/4Fx73+NYWMdh5U61nDV1S/BpehGaJTGg5kcSrYgOQbbu/DWVLHKWfnaZ?= =?us-ascii?Q?URVyKqTkvBmIj0C7bMjufyhXhVxWRso6kSVSrlOlvZg13laEVkQzeC2OsbQO?= =?us-ascii?Q?iu4VfOTH1eVxIQl23kunnVuz7nA9DGbmqL+u/74rcD36o14ylOOi5Elkeb9G?= =?us-ascii?Q?/64o/AJ2idHlTUwzuhBpQC6SndS8iNiWRK8sd+tQqCcYmgoTLAcypJkizJB1?= =?us-ascii?Q?QMLMaEKHaPCta1PcGyrjnl8pjIwMmdgm1w5PPkfxMmaCqvx/yyjvz/YrhRwT?= =?us-ascii?Q?eZiials4h1jRw37qaUxWyPl2IxuZ0C+9hU6rRDVvHx0+pyET3mq66ZkM3ER9?= =?us-ascii?Q?3NmXvdEcyaTUJiG+7uVzbCTLnxjJd5ntvlJoHHi6jPZUZ7Xuc4zhovf5S05M?= =?us-ascii?Q?g09tuZfue/xy/3dNWULZ7v3dgVtBxgljUoUwhvPJEpd1uC+kINQY7Tdmzj4C?= =?us-ascii?Q?PfESxxfPYIkCBddWf9hhU3mAeDcp7fL+SaFRg9BVl36gGxO7ieqDeb5nNFPu?= =?us-ascii?Q?wt1INsVkJPaa6bjmTiySfqAqsN8mL+znMwbJt5We+eVsxVD+RoS2L/W8m8JU?= =?us-ascii?Q?QLAXqvJk9VMgEJOYc0O8ImeRLWB79bk81NYjeTaKjVy5m9ujnLH1j22GHKme?= =?us-ascii?Q?m6uOLvaucQizKT2v1NM/hAUhSExC0zodW/SLYHqmRQTh5FsiISMAgM9UKYqF?= =?us-ascii?Q?eh/uQq00GW93qV3nmPvGm2V540A4TiKvtirfUmK/XJbJVwhP9hMEtk5cwyEn?= =?us-ascii?Q?f93Ua7m/C8welEaMhCS19dHsD/x/seh291wwzQDKZkwz0mG3IyE5W2UoO54J?= =?us-ascii?Q?oG5cBbKSjLuQxR9qXilzGZAy9515cKxI0horvKL6oWADDthJxz+UyLmGkjkP?= =?us-ascii?Q?+xLFB2NUChHxqYNN7PS2XTqoK6wtF64wyrQWy5B5onIGl4euhXZwrXASQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:3d78Rctwk3kFNPvbjo5a2TUQ5c3dGmlF5vNa6TXet6Xrss9rFz6k5gEmDKdpZbm6es46XFuYv1J6HfG85eat2eQ3pdrAFImmY8eVgMgPNwBtuvZzJ1ZGRQ4OeaTbeXBBS/eMM90Ba7e2N8Yk22Ayc/Uoe4Fk5OfofazEJCjj6szhDjP4YmPc+NYOee+RMxfQp3YihBgVIqoiAhDyDFXsfwDMIKrfpD0sYwIAT0KCRgDn20V7AuhNPFyNcVYyZ2/d0/dOWdvLJ7tiVPYmupEog+zfNTR8028hzvWpvrSNjegfqCZJf2V3CGzidLIpHY3Y2OaH52De8HIzn0FCIdCBjli7O7NQISVgYHsYsG8PtIg=; 5:Q40ceHogFDZkDjSnyUvhyblL3z1f9BYUtE2g3iZwWfOqT7exU0ilrXlFSnpoZnqn+lvzKsM96/x10aCVtRNaFSZu0kZbQ6xpvgbGvJ9z+0AZMThRDhItZS0an2V09lFJXImN7I6/BVRMutDTrLAeio5PpkuQdL7nyCypaEcOeoc=; 24:jlxqw+fWB/5NYVtUdMpD3rsZ68HHgMDUJhp4dogAbFdcfXkOZNoQSuY2Qy3HzSYCsDFYkP/EUJKw9fGOEkjSMz3cemfvd9JgCGIsZu5W5OY=; 7:5jo3d61OcrmURPhww9Atf1ZEXYOUNhuxPKtDcClH/XcJxIQDLl27MBn01e/5f2lz202Eh9xZnTFIahYID5mDWhKX71iRZnpwb3/anxNm4Fy9I6aYA+v9DUWj+E8EfbLrmMsC77qxpndEB7SxAuz6eLkYU5lt9bIitqo7HBq2MiNJY/uCxPwFAV559qIukYN8IjA2zciMQP6/7GfNGbfMUfmlCjr/V1ICMj/YD9QHq/94OwY5amjgXg484Mo0R6m1 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:xz+qMd9sNZHhlPzvNa/UGOiJkjyygUf+7BQjgqoAB8KvfdIkS1ZzV0edtXmaVWr1820dDHls5TGGWS0LjoCvzXe1yvNklLjkUP9fAmdFuYGpGVPKiVeLnuixHJNs2/3WqhYHbQvR8fa/qXVBSJ0R4/zfwLYXW6YM+EtXJSx1WkMn6n1yBu+PzMQb7wVKp67ID9On/tMe7/1mjJLCoGo6XbRNLSDSUzlxFDXSyvZcDyxYe4+dI/5vZJH1ObUB89P9 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2018 16:52:37.1716 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8a6ee4bd-c0c2-4b95-8aee-08d5794b839b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 Subject: [PATCH 2/2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Clear C-bit when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 16:46:41 -0000 Content-Type: text/plain Commit:24e4ad7 (OvmfPkg: Add AmdSevDxe driver) added a driver which runs early in PEI phase and clears the C-bit from all MMIO regions (including Qemu Flash). When SMM is enabled, we build two sets of page tables; first page table is used when executing code in non SMM mode (SMM-less-pgtable) and second page table is used when we are executing code in SMM mode (SMM-pgtable). During boot time, AmdSevDxe driver clears the C-bit from the SMM-less-pgtable. But when SMM is enabled, Qemu Flash services are used from SMM mode. In this patch we explicitly clear the C-bit from Qemu flash MMIO range before we probe the flash. When OVMF is built with SMM_REQUIRE then call to initialize the flash services happen after the SMM-pgtable is created and processor is serving the first SMI. At this time we will have access to the SMM-pgtable. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh --- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf | 1 + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h | 5 +++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c | 5 +++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c | 10 ++++++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c | 35 ++++++++++++++++++++ 5 files changed, 56 insertions(+) diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf index ba2d3679a46d..d365e27cbe59 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf @@ -53,6 +53,7 @@ [LibraryClasses] DevicePathLib DxeServicesTableLib MemoryAllocationLib + MemEncryptSevLib PcdLib SmmServicesTableLib UefiBootServicesTableLib diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h index 1f9287b08769..704ed477ba14 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h @@ -189,4 +189,9 @@ VOID InstallVirtualAddressChangeHandler ( VOID ); + +VOID +FvbBeforeFlashProbe ( + VOID + ); #endif diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c index 558b395dff4a..b7b9bf1fb8d9 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c @@ -967,6 +967,11 @@ FvbInitialize ( UINTN NumOfBlocks; RETURN_STATUS PcdStatus; + // + // execute platform specific hooks before probing the flash + // + FvbBeforeFlashProbe (); + if (EFI_ERROR (QemuFlashInitialize ())) { // // Return an error so image will be unloaded diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c index 63b308658e36..7d274c08ad12 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c @@ -155,3 +155,13 @@ InstallVirtualAddressChangeHandler ( ); ASSERT_EFI_ERROR (Status); } + +VOID +FvbBeforeFlashProbe ( + VOID + ) +{ + // + // Do nothing + // +} diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c index e0617f2503a2..d97b13f47bf7 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -67,3 +68,37 @@ InstallVirtualAddressChangeHandler ( // Nothing. // } + +VOID +FvbBeforeFlashProbe ( + VOID + ) +{ + + ASSERT (FeaturePcdGet (PcdSmmSmramRequire)); + + // + // When SEV is enabled, AmdSevDxe runs early in PEI phase and clears the C-bit + // from the MMIO space (including flash ranges) but the driver runs in non SMM + // context hence it cleared the flash ranges from non SMM page table. + // When SMM is enabled, the flash services are accessed from the SMM mode + // hence we explicitly clear the C-bit on flash ranges from SMM page table. + // + if (MemEncryptSevIsEnabled ()) { + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS BaseAddress; + UINTN FdBlockSize, FdBlockCount; + + BaseAddress = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfFdBaseAddress); + FdBlockSize = PcdGet32 (PcdOvmfFirmwareBlockSize); + FdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / FdBlockSize; + + Status = MemEncryptSevClearPageEncMask ( + 0, + BaseAddress, + EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount), + FALSE + ); + ASSERT_EFI_ERROR (Status); + } +} -- 2.14.3