From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Brijesh Singh <brijesh.singh@amd.com>,
Jordan Justen <jordan.l.justen@intel.com>
Subject: [PATCH 00/20] OvmfPkg: SEV: decrypt the initial SMRAM save state map for SMBASE relocation
Date: Fri, 2 Mar 2018 01:03:48 +0100 [thread overview]
Message-ID: <20180302000408.14201-1-lersek@redhat.com> (raw)
Repo: https://github.com/lersek/edk2.git
Branch: sev_smram_save_state_map
This patch series replaces the following patch from Brijesh:
[PATCH v2 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State
http://mid.mail-archive.com/20180228161415.28723-2-brijesh.singh@amd.com
https://lists.01.org/pipermail/edk2-devel/2018-February/022016.html
The series modifies four modules under OvmfPkg:
- MemEncryptSevLib
- PlatformPei
- SmmCpuFeaturesLib
- AmdSevDxe
Patches 01 through 16 are cleanups for these modules, without change in
functionality. The series is formatted with 20 lines of context, for
simplifying the review of these patches.
Patches 17 through 20 (one patch per module listed above) implement
$SUBJECT:
- MemEncryptSevLib gets a new helper function used by the other three
modules.
- PlatformPei makes sure that DXE stays out of the page(s) where the
initial SMRAM save state map lives.
- SmmCpuFeaturesLib and AmdSevDxe basically do what they did in
Brijesh's patch, just better separated, and with minor tweaks.
The series is bisectable.
I regression-tested my usual non-SEV guests (with Brijesh's v2 2/2 patch
applied on top, from the above-referenced series), which covers i440fx
(no SMM, X64), q35 (SMM, IA32 and IA32X64), Fedora and Windows, normal
boot and S3.
I also tried to test the series with SEV guests (again with Brijesh's v2
2/2 patch applied on top). Unfortunately, I didn't get good results with
or without SMM. Without SMM, the guest OS boots to a point, but then it
gets stuck with the CPU spinning. With SMM, OVMF gets stuck in SMBASE
relocation.
I should mention however that my SEV host setup dates back to November
2017, including host kernel, QEMU and guest OS. I suppose all those
components have seen many changes since, on the respective upstream
lists. I'll have to work with Brijesh to update my SEV host to the
latest bits.
Until then, Brijesh, can you please test this series? Thank you!
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cheers
Laszlo
Laszlo Ersek (20):
OvmfPkg/MemEncryptSevLib: rewrap to 79 characters width
OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevIsEnabled() decl
OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevClearPageEncMask()
decl
OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevSetPageEncMask() decl
OvmfPkg/MemEncryptSevLib: clean up SetMemoryEncDec() comment block
OvmfPkg/MemEncryptSevLib: clean up
InternalMemEncryptSevSetMemoryDecrypted() decl
OvmfPkg/MemEncryptSevLib: clean up
InternalMemEncryptSevSetMemoryEncrypted() decl
OvmfPkg/MemEncryptSevLib: sort #includes, and entries in INF file
sections
OvmfPkg/PlatformPei: sort #includes in "AmdSev.c"
OvmfPkg/SmmCpuFeaturesLib: rewrap to 79 columns
OvmfPkg/SmmCpuFeaturesLib: upper-case the "static" keyword
OvmfPkg/SmmCpuFeaturesLib: sort #includes, and entries in INF file
sections
OvmfPkg/SmmCpuFeaturesLib: remove unneeded #includes and
LibraryClasses
OvmfPkg/AmdSevDxe: rewrap to 79 characters width
OvmfPkg/AmdSevDxe: sort #includes, and entries in INF file sections
OvmfPkg/AmdSevDxe: refresh #includes and LibraryClasses
OvmfPkg/MemEncryptSevLib: find pages of initial SMRAM save state map
OvmfPkg/PlatformPei: SEV: allocate pages of initial SMRAM save state
map
OvmfPkg/SmmCpuFeaturesLib: SEV: encrypt+free pages of init. save state
map
OvmfPkg/AmdSevDxe: decrypt the pages of the initial SMRAM save state
map
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 88 ++-
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 25 +-
OvmfPkg/Include/Library/MemEncryptSevLib.h | 89 ++-
OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 17 +-
OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 72 ++-
OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c | 66 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 74 ++-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 172 ++++--
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 137 +++--
OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 650 ++++++++++++++++----
OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf | 13 +-
OvmfPkg/PlatformPei/AmdSev.c | 36 +-
12 files changed, 1067 insertions(+), 372 deletions(-)
--
2.14.1.3.gb7cf6e02401b
next reply other threads:[~2018-03-01 23:58 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-02 0:03 Laszlo Ersek [this message]
2018-03-02 0:03 ` [PATCH 01/20] OvmfPkg/MemEncryptSevLib: rewrap to 79 characters width Laszlo Ersek
2018-03-02 0:33 ` Kinney, Michael D
2018-03-02 11:25 ` Laszlo Ersek
2018-03-02 0:03 ` [PATCH 02/20] OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevIsEnabled() decl Laszlo Ersek
2018-03-02 0:03 ` [PATCH 03/20] OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevClearPageEncMask() decl Laszlo Ersek
2018-03-02 0:03 ` [PATCH 04/20] OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevSetPageEncMask() decl Laszlo Ersek
2018-03-02 0:03 ` [PATCH 05/20] OvmfPkg/MemEncryptSevLib: clean up SetMemoryEncDec() comment block Laszlo Ersek
2018-03-02 0:03 ` [PATCH 06/20] OvmfPkg/MemEncryptSevLib: clean up InternalMemEncryptSevSetMemoryDecrypted() decl Laszlo Ersek
2018-03-02 0:03 ` [PATCH 07/20] OvmfPkg/MemEncryptSevLib: clean up InternalMemEncryptSevSetMemoryEncrypted() decl Laszlo Ersek
2018-03-02 0:03 ` [PATCH 08/20] OvmfPkg/MemEncryptSevLib: sort #includes, and entries in INF file sections Laszlo Ersek
2018-03-02 0:03 ` [PATCH 09/20] OvmfPkg/PlatformPei: sort #includes in "AmdSev.c" Laszlo Ersek
2018-03-02 0:03 ` [PATCH 10/20] OvmfPkg/SmmCpuFeaturesLib: rewrap to 79 columns Laszlo Ersek
2018-03-02 0:03 ` [PATCH 11/20] OvmfPkg/SmmCpuFeaturesLib: upper-case the "static" keyword Laszlo Ersek
2018-03-02 0:04 ` [PATCH 12/20] OvmfPkg/SmmCpuFeaturesLib: sort #includes, and entries in INF file sections Laszlo Ersek
2018-03-02 0:04 ` [PATCH 13/20] OvmfPkg/SmmCpuFeaturesLib: remove unneeded #includes and LibraryClasses Laszlo Ersek
2018-03-02 0:04 ` [PATCH 14/20] OvmfPkg/AmdSevDxe: rewrap to 79 characters width Laszlo Ersek
2018-03-02 0:04 ` [PATCH 15/20] OvmfPkg/AmdSevDxe: sort #includes, and entries in INF file sections Laszlo Ersek
2018-03-02 0:04 ` [PATCH 16/20] OvmfPkg/AmdSevDxe: refresh #includes and LibraryClasses Laszlo Ersek
2018-03-02 0:04 ` [PATCH 17/20] OvmfPkg/MemEncryptSevLib: find pages of initial SMRAM save state map Laszlo Ersek
2018-03-02 0:04 ` [PATCH 18/20] OvmfPkg/PlatformPei: SEV: allocate " Laszlo Ersek
2018-03-02 0:04 ` [PATCH 19/20] OvmfPkg/SmmCpuFeaturesLib: SEV: encrypt+free pages of init. " Laszlo Ersek
2018-03-02 0:04 ` [PATCH 20/20] OvmfPkg/AmdSevDxe: decrypt the pages of the initial SMRAM " Laszlo Ersek
2018-03-02 1:16 ` [PATCH 00/20] OvmfPkg: SEV: decrypt the initial SMRAM save state map for SMBASE relocation Brijesh Singh
2018-03-02 11:53 ` Laszlo Ersek
2018-03-02 13:17 ` Brijesh Singh
2018-03-05 9:55 ` Laszlo Ersek
2018-03-05 14:00 ` Laszlo Ersek
2018-03-05 14:44 ` Brijesh Singh
2018-03-05 14:47 ` Brijesh Singh
2018-03-05 21:06 ` Laszlo Ersek
2018-03-02 15:21 ` Brijesh Singh
2018-03-06 12:59 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180302000408.14201-1-lersek@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox