From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.40.88; helo=nam03-co1-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0088.outbound.protection.outlook.com [104.47.40.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 152AA22402E15 for ; Wed, 28 Feb 2018 08:09:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yURHsDAx8dOWYSuAfmBoXtN+Etq35fIou3E1iBzbCCQ=; b=JzPLYIaL+AEtBffXd0MZe08hMBjy97EGajALCxP/2v01tDFs0i4vxRJ7bUfDYpMFvB1VlvIvtZ3+Mvaql213GLs194lRYRvu0s/RnbGVanLC1RSpvBeDB+ZQvEEbI2d/ECQsb8xD2YmDVsogdsG6Rw9lzT4mUlU4q2W2qgw5BQ4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 16:15:24 +0000 From: Brijesh Singh To: edk2-devel@lists.01.org Cc: Tom Lendacky , Paolo Bonzini , Michael Kinney , Brijesh Singh , Jordan Justen , Laszlo Ersek , Ard Biesheuvel Date: Wed, 28 Feb 2018 10:14:14 -0600 Message-Id: <20180228161415.28723-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228161415.28723-1-brijesh.singh@amd.com> References: <20180228161415.28723-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0079.namprd05.prod.outlook.com (2603:10b6:803:22::17) To SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 05775671-5e73-49fb-c6af-08d57ec67981 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:UJn2PPYm1hr3p8MdAK5npwJFNfuhtDEPRUQyX+cyaDYSkoewYPZuMbirh9SdE2ju/6Xu7O1dWKZ46fgeUC1Y+Uf1JDpl8VACQ/vmLQO4UvxCDXZ1AyLjEYqH2Z6/DTKBz3bxAMjHu+ZjMiCkv5vdzQugvMdoKFFJ5l1RZ3NG6YlqLgYTRe09qJ6rR2eaPw/itz3sCqPuN5sFY2ScsnRNjj7q9n8dJ31+TsgohuIZx3xidnYTboazLzI3BlzTnP2T; 25:2rWoZdJTqKS+hKmfqKmiYu6GiS8V2d+AZ+XaB7DxjE874SWUQ5rGNohZdVByNlGOVS9mnSMqNEtSexcPz+W+QG7LTDFTpSlPCudTUzbZWFqiwUDN6GfAKviuQfNCBRfctnHVqWDzyMwFdVcrLhwOY/gvCdc9GErr5lguR4RuC0hYzGXSlMESeGi+T3oCcxlD+iP0kJklQpRgcbnIFqvO80mAY/sm0Od0Hp8jeVWIUEzJRYBx6YpSHXJjfMn0peCxez14g+Ib+zgCvWYWbA2qGa/w2QumQdz6Swe1J+bLHHHiKOwJRJG341XBx8No5RFUJrznkgJYdYWhtoaU9wJEgQ==; 31:kdWGOiv/BFr/itNHyQW0R/rhpB6AbBKCEwzVI2mI1gBKH9LytCKYnP4dLrGM/1VFH72sn9ibso/BWrYjJ4INMIQZUuvLa70ZXCwj4iItJldjpUPOgLMNms0sG4wps341sI1+VK0ffpgfjVFgCokKdeMFbBJIGWNDwPQ6dW9iqcvfV5PvV4WYDfQzM/hvDo3FEePRmSM9Mi+iYMlk7n+RZKUhsP/ljyCA5m/2GPkwRBQ= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:pmzQU2FCM2ZQyKif7fGIVQPKiBvO6jRxcGzLVRIfFMjLOJkQoh6xG+qd8616fW7ePb3SXe/eZtLKHBbIw1Q5kXQrb4UyQJSnSIYA7XZGpjV7BNozqt28Ou4f+2/vjxKJPUohYsuDIvgEjmC0nMNth6c2rVIK01hZw4ZJpPeFkPcNYhKog5U+etHVfKyMWoC0bG8/9vfCFGOG1rLGdoc60xxEiuxFVkdIDzqlN47Rx0FMf5+oR6viOrBqGwicCXwLAMnW2C3TqemT/qmr9fZEv6n7gnxQHxCiTkebsf9MZGy6a0GCdq9uX4hP+TeZIClLYj4EVOWN6d9H4a4SJTXx2p5LqbGpIkhW8n3l5gyTtLMS9eazMJI+e1M73KpzT8/zWjUyPEQVAIEIBem2cT6kecCMr/0r+IPiPbkB8tYenVD6LPxPvJEj94oL7d6ApH2TldorglBCeX+rHDcT05NtZyfTcOo6s9lY9KBqZY6l/hWtWDJFX1jhu7KF2rAazb0W; 4:0u/FeJX4VIUbL+tQFEEoFwjRmGqmsiaCpIGnB+MycoWZmgYtV6yTcO3dWUj1EXaylTCOQxQyri3Hf7BMPMDp8WmOPDnCB35PXhkdmYDhLYTNjmxS4tRYta1oOKjTCfDuWZb1QW5m1qTwPTGiYvAgHuGBNGPA/Mt6NWOxHYbgNfGm6EXR5KLa0bO/95AO8NywOfmZ+hTQBdMA9aranUjIFLoIUbg9ZtUBgs9q/u1A/0XxHO+yhMxGfjtey7Rwry2kPYxdrwEHBuyofx0amz/7KLHkpmGn2xZeXPOYG38MYzVUGtjT6FY3LjFKrmgNBHRXuivQTD2lWtRwLSxmYYyxP5P2PU/U6cfnU4h28xpwVw4= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(3231220)(944501161)(52105095)(10201501046)(6055026)(6041288)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39380400002)(396003)(376002)(366004)(39860400002)(346002)(199004)(189003)(53416004)(25786009)(3846002)(305945005)(47776003)(386003)(26005)(8936002)(8676002)(106356001)(2361001)(7736002)(2351001)(81166006)(66066001)(81156014)(59450400001)(50226002)(16526019)(54906003)(316002)(16586007)(86362001)(6116002)(4326008)(1076002)(186003)(2906002)(53936002)(6486002)(97736004)(2950100002)(6916009)(6666003)(50466002)(76176011)(7696005)(52116002)(478600001)(36756003)(48376002)(51416003)(68736007)(105586002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:ibqN3UAdHhJpSPwi0/l+VvjA4RCu5C9b7dN2DR0D6?= =?us-ascii?Q?T0cbRORjVfczggZXvUXFLpPJ4mdKg/Bv8kMED8Kw6RR8vgvuhv31xAJjCzam?= =?us-ascii?Q?SYc23dGnKzDUYbFM+9P2Ngr2ozJJlsGTAg+Iao/ubHBpbJz63WbJcNrG8TOC?= =?us-ascii?Q?FwGC8G2cCT5KXhRMbiGIMYJdYYjw8wPNSre7UP5x+Q5Pn4RTrLkwv9UcPEWq?= =?us-ascii?Q?a+k9pj7+jdrypXJTAJRmcDsLhAwlXvGWVPE8cKfQGkvTb3AbSYFGgdXsLSF7?= =?us-ascii?Q?8rWa+92DsozsJgxJGTHnZ+uYjDQi7C7Zc4X0Thjhm1yVbxnNiAR5spOfRebq?= =?us-ascii?Q?Ba34wRzLtqBbZhwMgs8T4M4TR/Z+9xYp/DrxSCEuLbe1vNCqSbhIZCLSW95T?= =?us-ascii?Q?Z6QqP/Y5OO2leWLstheMrRJjqxq5z7lUyASqiUKoIpOdWc2k5SloreIfwhsc?= =?us-ascii?Q?Qg8+SLAFGi9lh9iVKr1ktvFsT3rk0Ep6YhjgDeDgWfRi0R/4wT//ooyfmX+Q?= =?us-ascii?Q?UUG2IP6LWJirV4AYBRnDM83D+/d7YTm5oQL3e/B4EtdARKhALy4GrJTlUKfu?= =?us-ascii?Q?uSoJ9OK0WhkNldPwDhc+ZmQGSjT+1KQa/+Z4NOZeRb402f0IhcTLP6f+yC3B?= =?us-ascii?Q?BOLOZiYB80LEX+qbxUHzY2Zh29KEAzgGu8gPKY+/5y4rzMhXlK989PxcUY/N?= =?us-ascii?Q?VS12dHRkjSyyZBie+6OeVMIFvrhnttL7h2zspc73OxfbyIZ1qO0k2aDg9fgq?= =?us-ascii?Q?G8uP+LcBcpPrcfduj/masEvk39434dA3kK/h9HTPdq17/0Uwdjc4HZuMtgbm?= =?us-ascii?Q?Ns16DMHd+cpFD1jcZFpq4Fj7Y7ohMZhdc27wWo55M/HcwqHShAwV9qtljjXm?= =?us-ascii?Q?wC8vmDDBVKNHqtUzcjLNfK0H8L/z4jk+s6Yejj5rQ1EF0+sEAz7WdX9cTCFJ?= =?us-ascii?Q?aIbv7FNGfj70F1gFs2sSnYkBiGLafrYnAM751bdZ0dUoVbGz+Zd539/5pCZv?= =?us-ascii?Q?QLRq0iVK+xyuDLUVESZvLsx6AtoIdBBk0QaTw4KyfZm/FVbVYVFWzkeUaYGo?= =?us-ascii?Q?MQmANm9FE1qB6S5MhN2L6XJIFzFw85EsbIyyOg4JS64wtAeOvd1NcQ9GCk1Z?= =?us-ascii?Q?eMz6IPVJaz171KIiOjtK6XqPCHcc0hQz5E7zARZgtkhxDHchl+6bedZIPqli?= =?us-ascii?Q?ZImPjJ8A/a2GCArqKyKjRwmpGnxFSegyeCE?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:+dcbIffdHzI5AtlFn9stDSzFbxYzefn5QqYcFn3U5fDeweAO1R83KEqKs5RI19Yyoqi19ah4Y8Nz9uZ73vd55KB7hPmg5cJ3gy+jlqqR6tRmrPk1aXSdJtS/Nb2DpEsTKevJ4ZaOwU7r0+dckukmapkdCRW3Qu3pFLxV8+MwnFaykQbAgYDwBAamgRuXQKK0qrjIDKfQIlNnvS31ceJdX3Cr+frpD9XMm3TwzgYX0f+4s/JuvDoOCOIw0RGxwkU8OtRBIOYWgxFF0Y5MpZlQNaWA6Jd7JEiwzfFWD31TB3sZcsj0RRYYD8549aK2ePb5LfqG3tOlDo9FZ0OTKr9ZLd6QU0jU1kFMhIywiYZBzIg=; 5:CVeeqnb7NxCMOHs/vtRs257bmvPZuHNZWdqpR/hlIvb9qcZwqwTM0CUYROsONt+OWCNem2tatpTcEoFkftMaP+wE0RyS4YwH/gOTMHqRn2PGPJjE//WXWe2X7Z7bkA6t4WHPhMHC5MOsxdnShZWW/TOGTKnUE73GgGxVrm28PcI=; 24:BisVD+gLay9z++EzmqWC7qq041xQwIOl/sBAQEipfuUgIciRYDwTXxtB1fIOxr13ZpfmbNg//kDKEFuhzTdIVApi6b3frVT5diHv2A48IbQ=; 7:nsQdAwaI3tCVA2O3Sa3bKFNsIy41ittc/etlXfg+zg1gQH3MJZ6qE+QvDBksYzXXxrk0E5tkud8y2jvH9E7dGx64rpVVfzXJIGxGwJJypDWjVH4J0tat7BpxdPjFAnEtUvjC+NIjN+3ey/0HYPK53BRoS8NNxhKpx+Vxj137LBdkECxUzYM2FJ0AgKSKzydcCpxgYTNBowK7KSvwQVNIwd6pVWtRjbrjLkMwQg/u//GqynAS32mXF7hfGdGqeJeP SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:l6492QY3qK8OSrp3WhskJVzYC/fHey6FTvsK6A7RUOkHmpzzPizpaN/oZm9RJMMyL3K+QsNNI2k7Pqgnis2epX5AehTHRzVsPk269m76qCr0wChjcM5Eul3kiN+gZTrrHlmsn0IFoHa+DWvNdKLu/h9YyUkYwzM9xeAKGrLMMvAE4btNkW5obB37RJRSa7wHQNIxj7vGX+9Mqg5Il+CBMfj+NSV5yZDhlbjuBc0JUx2WYwWlNRisPXruqaznwpCF X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 16:15:24.7778 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 05775671-5e73-49fb-c6af-08d57ec67981 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Subject: [PATCH v2 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 16:09:19 -0000 Content-Type: text/plain When OVMF is built with SMM, SMMSaved State area (SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET) contains data which need to be accessed by both guest and hypervisor. Since the data need to be accessed by both hence we must map the SMMSaved State area as unencrypted (i.e C-bit cleared). This patch clears the SavedStateArea address before SMBASE relocation. Currently, we do not clear the SavedStateArea address after SMBASE is relocated due to the following reasons: 1) Guest BIOS never access the relocated SavedStateArea. 2) The C-bit works on page-aligned address, but the SavedStateArea address is not a page-aligned. Theoretically, we could roundup the address and clear the C-bit of aligned address but looking carefully we found that some portion of the page contains code -- which will causes a bigger issue for the SEV guest. When SEV is enabled, all the code must be encrypted otherwise hardware will cause trap. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 +++ OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf | 1 + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 35 ++++++++++++++++++++ OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 21 ++++++++++++ 4 files changed, 61 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 41635a57a454..162ed98a2fbe 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -29,6 +29,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec [LibraryClasses] BaseLib @@ -41,3 +42,6 @@ [LibraryClasses] [Depex] TRUE + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf index 31edf3a9c1fd..ba564abb787b 100644 --- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf +++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf @@ -36,3 +36,4 @@ [LibraryClasses] PcdLib DebugLib SmmServicesTableLib + MemEncryptSevLib diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index e472096320ea..5803e8655049 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -25,6 +25,8 @@ #include #include #include +#include +#include EFI_STATUS EFIAPI @@ -71,5 +73,38 @@ AmdSevDxeEntryPoint ( FreePool (AllDescMap); } + // + // When SMM is enabled, clear the C-bit from SMM Saved State Area + // + // NOTES: The SavedStateArea address cleared here is before SMBASE + // relocation. Currently, we do not clear the SavedStateArea address after + // SMBASE is relocated due to the following reasons: + // + // 1) Guest BIOS never access the relocated SavedStateArea. + // + // 2) The C-bit works on page-aligned address, but the SavedStateArea + // address is not a page-aligned. Theoretically, we could roundup the address + // and clear the C-bit of aligned address but looking carefully we found + // that some portion of the page contains code -- which will causes a bigger + // issues for SEV guest. When SEV is enabled, all the code must be encrypted + // otherwise hardware will cause trap. + // + // We restore the C-bit for this SMM Saved State Area after SMBASE relocation + // is completed (See OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c). + // + if (FeaturePcdGet (PcdSmmSmramRequire)) { + EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress; + + SmmSavedStateAreaAddress = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET; + + Status = MemEncryptSevClearPageEncMask ( + 0, + SmmSavedStateAreaAddress, + EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)), + FALSE + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c index a307f64c9c61..946294701c62 100644 --- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c +++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c @@ -20,6 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include // @@ -183,6 +184,26 @@ SmmCpuFeaturesSmmRelocationComplete ( VOID ) { + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress; + + // + // When SEV is enabled, the SMM SavedState is mapped with C=0 + // (See OvmfPkg/AmdSevDxe/AmdSevDxe.c). Now the SMBASE is relocated hence we + // remap the address with C=1. + // + if (!MemEncryptSevIsEnabled ()) { + return; + } + + SmmSavedStateAreaAddress = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET; + Status = MemEncryptSevSetPageEncMask ( + 0, + SmmSavedStateAreaAddress, + EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)), + FALSE + ); + ASSERT_EFI_ERROR (Status); } /** -- 2.14.3