From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 90D7E2255D6D6 for ; Thu, 1 Mar 2018 15:58:28 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C978E8D746; Fri, 2 Mar 2018 00:04:36 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-4.rdu2.redhat.com [10.10.120.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id E31F610B0F24; Fri, 2 Mar 2018 00:04:35 +0000 (UTC) From: Laszlo Ersek To: edk2-devel-01 Cc: Ard Biesheuvel , Brijesh Singh , Jordan Justen Date: Fri, 2 Mar 2018 01:04:07 +0100 Message-Id: <20180302000408.14201-20-lersek@redhat.com> In-Reply-To: <20180302000408.14201-1-lersek@redhat.com> References: <20180302000408.14201-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Fri, 02 Mar 2018 00:04:36 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Fri, 02 Mar 2018 00:04:36 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: [PATCH 19/20] OvmfPkg/SmmCpuFeaturesLib: SEV: encrypt+free pages of init. save state map X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 23:58:29 -0000 Based on the following patch from Brijesh Singh : [PATCH v2 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State http://mid.mail-archive.com/20180228161415.28723-2-brijesh.singh@amd.com https://lists.01.org/pipermail/edk2-devel/2018-February/022016.html Once PiSmmCpuDxeSmm relocates SMBASE for all VCPUs, the pages of the initial SMRAM save state map can be re-encrypted (including zeroing them out after setting the C-bit on them), and they can be released to DXE for general use (undoing the allocation that we did in PlatformPei's AmdSevInitialize() function). The decryption of the same pages (which will occur chronologically earlier) is implemented in the next patch; hence the "re-encryption" part of this patch is currently a no-op. The series is structured like this in order to be bisection-friendly. If the decryption patch preceded this patch, then an info leak would be created while standing between the patches. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek --- OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf | 2 ++ OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 38 ++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf index 5184abbf21bd..7c2aaa890b5e 100644 --- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf +++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf @@ -19,21 +19,23 @@ [Defines] BASE_NAME = SmmCpuFeaturesLib MODULE_UNI_FILE = SmmCpuFeaturesLib.uni FILE_GUID = AC9991BE-D77A-464C-A8DE-A873DB8A4836 MODULE_TYPE = DXE_SMM_DRIVER VERSION_STRING = 1.0 LIBRARY_CLASS = SmmCpuFeaturesLib CONSTRUCTOR = SmmCpuFeaturesLibConstructor [Sources] SmmCpuFeaturesLib.c [Packages] MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec [LibraryClasses] BaseLib BaseMemoryLib DebugLib + MemEncryptSevLib SmmServicesTableLib + UefiBootServicesTableLib diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c index 13d929a983be..59c319e01bfb 100644 --- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c +++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c @@ -1,39 +1,41 @@ /** @file The CPU specific programming for PiSmmCpuDxeSmm module. Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include #include #include +#include #include #include +#include #include #include // // EFER register LMA bit // #define LMA BIT10 /** The constructor function @param[in] ImageHandle The firmware allocated handle for the EFI image. @param[in] SystemTable A pointer to the EFI System Table. @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. **/ EFI_STATUS EFIAPI SmmCpuFeaturesLibConstructor ( @@ -168,40 +170,76 @@ SmmCpuFeaturesHookReturnFromSmm ( if ((CpuSaveState->x64.AutoHALTRestart & BIT0) != 0) { CpuSaveState->x64.AutoHALTRestart &= ~BIT0; } } return OriginalInstructionPointer; } /** Hook point in normal execution mode that allows the one CPU that was elected as monarch during System Management Mode initialization to perform additional initialization actions immediately after all of the CPUs have processed their first SMI and called SmmCpuFeaturesInitializeProcessor() relocating SMBASE into a buffer in SMRAM and called SmmCpuFeaturesHookReturnFromSmm(). **/ VOID EFIAPI SmmCpuFeaturesSmmRelocationComplete ( VOID ) { + EFI_STATUS Status; + UINTN MapPagesBase; + UINTN MapPagesCount; + + if (!MemEncryptSevIsEnabled ()) { + return; + } + + // + // Now that SMBASE relocation is complete, re-encrypt the original SMRAM save + // state map's container pages, and release the pages to DXE. (The pages were + // allocated in PlatformPei.) + // + Status = MemEncryptSevLocateInitialSmramSaveStateMapPages ( + &MapPagesBase, + &MapPagesCount + ); + ASSERT_EFI_ERROR (Status); + + Status = MemEncryptSevSetPageEncMask ( + 0, // Cr3BaseAddress -- use current CR3 + MapPagesBase, // BaseAddress + MapPagesCount, // NumPages + TRUE // Flush + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: MemEncryptSevSetPageEncMask(): %r\n", + __FUNCTION__, Status)); + ASSERT (FALSE); + CpuDeadLoop (); + } + + ZeroMem ((VOID *)MapPagesBase, EFI_PAGES_TO_SIZE (MapPagesCount)); + + Status = gBS->FreePages (MapPagesBase, MapPagesCount); + ASSERT_EFI_ERROR (Status); } /** Return the size, in bytes, of a custom SMI Handler in bytes. If 0 is returned, then a custom SMI handler is not provided by this library, and the default SMI handler must be used. @retval 0 Use the default SMI handler. @retval > 0 Use the SMI handler installed by SmmCpuFeaturesInstallSmiHandler(). The caller is required to allocate enough SMRAM for each CPU to support the size of the custom SMI handler. **/ UINTN EFIAPI SmmCpuFeaturesGetSmiHandlerSize ( VOID ) { return 0; -- 2.14.1.3.gb7cf6e02401b