From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9BC5222485A98 for ; Thu, 1 Mar 2018 15:58:04 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6E9D8410FBA1; Fri, 2 Mar 2018 00:04:12 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-4.rdu2.redhat.com [10.10.120.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 659BD10AF9D2; Fri, 2 Mar 2018 00:04:11 +0000 (UTC) From: Laszlo Ersek To: edk2-devel-01 Cc: Ard Biesheuvel , Brijesh Singh , Jordan Justen Date: Fri, 2 Mar 2018 01:03:48 +0100 Message-Id: <20180302000408.14201-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 02 Mar 2018 00:04:12 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 02 Mar 2018 00:04:12 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: [PATCH 00/20] OvmfPkg: SEV: decrypt the initial SMRAM save state map for SMBASE relocation X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 23:58:05 -0000 Repo: https://github.com/lersek/edk2.git Branch: sev_smram_save_state_map This patch series replaces the following patch from Brijesh: [PATCH v2 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State http://mid.mail-archive.com/20180228161415.28723-2-brijesh.singh@amd.com https://lists.01.org/pipermail/edk2-devel/2018-February/022016.html The series modifies four modules under OvmfPkg: - MemEncryptSevLib - PlatformPei - SmmCpuFeaturesLib - AmdSevDxe Patches 01 through 16 are cleanups for these modules, without change in functionality. The series is formatted with 20 lines of context, for simplifying the review of these patches. Patches 17 through 20 (one patch per module listed above) implement $SUBJECT: - MemEncryptSevLib gets a new helper function used by the other three modules. - PlatformPei makes sure that DXE stays out of the page(s) where the initial SMRAM save state map lives. - SmmCpuFeaturesLib and AmdSevDxe basically do what they did in Brijesh's patch, just better separated, and with minor tweaks. The series is bisectable. I regression-tested my usual non-SEV guests (with Brijesh's v2 2/2 patch applied on top, from the above-referenced series), which covers i440fx (no SMM, X64), q35 (SMM, IA32 and IA32X64), Fedora and Windows, normal boot and S3. I also tried to test the series with SEV guests (again with Brijesh's v2 2/2 patch applied on top). Unfortunately, I didn't get good results with or without SMM. Without SMM, the guest OS boots to a point, but then it gets stuck with the CPU spinning. With SMM, OVMF gets stuck in SMBASE relocation. I should mention however that my SEV host setup dates back to November 2017, including host kernel, QEMU and guest OS. I suppose all those components have seen many changes since, on the respective upstream lists. I'll have to work with Brijesh to update my SEV host to the latest bits. Until then, Brijesh, can you please test this series? Thank you! Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cheers Laszlo Laszlo Ersek (20): OvmfPkg/MemEncryptSevLib: rewrap to 79 characters width OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevIsEnabled() decl OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevClearPageEncMask() decl OvmfPkg/MemEncryptSevLib: clean up MemEncryptSevSetPageEncMask() decl OvmfPkg/MemEncryptSevLib: clean up SetMemoryEncDec() comment block OvmfPkg/MemEncryptSevLib: clean up InternalMemEncryptSevSetMemoryDecrypted() decl OvmfPkg/MemEncryptSevLib: clean up InternalMemEncryptSevSetMemoryEncrypted() decl OvmfPkg/MemEncryptSevLib: sort #includes, and entries in INF file sections OvmfPkg/PlatformPei: sort #includes in "AmdSev.c" OvmfPkg/SmmCpuFeaturesLib: rewrap to 79 columns OvmfPkg/SmmCpuFeaturesLib: upper-case the "static" keyword OvmfPkg/SmmCpuFeaturesLib: sort #includes, and entries in INF file sections OvmfPkg/SmmCpuFeaturesLib: remove unneeded #includes and LibraryClasses OvmfPkg/AmdSevDxe: rewrap to 79 characters width OvmfPkg/AmdSevDxe: sort #includes, and entries in INF file sections OvmfPkg/AmdSevDxe: refresh #includes and LibraryClasses OvmfPkg/MemEncryptSevLib: find pages of initial SMRAM save state map OvmfPkg/PlatformPei: SEV: allocate pages of initial SMRAM save state map OvmfPkg/SmmCpuFeaturesLib: SEV: encrypt+free pages of init. save state map OvmfPkg/AmdSevDxe: decrypt the pages of the initial SMRAM save state map OvmfPkg/AmdSevDxe/AmdSevDxe.c | 88 ++- OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 25 +- OvmfPkg/Include/Library/MemEncryptSevLib.h | 89 ++- OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 17 +- OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 72 ++- OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c | 66 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 74 ++- OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 172 ++++-- OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 137 +++-- OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 650 ++++++++++++++++---- OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf | 13 +- OvmfPkg/PlatformPei/AmdSev.c | 36 +- 12 files changed, 1067 insertions(+), 372 deletions(-) -- 2.14.1.3.gb7cf6e02401b