From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.50]) by mx.groups.io with SMTP id smtpd.web12.3738.1587155194610036025 for ; Fri, 17 Apr 2020 13:26:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=JwAJWbMR; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.94.50, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SPjdd/Ccs48idol6D1Xc9zMyk9xJJkZBh4uOEP5rh5X2MHYWO+dYq04+b5ZCRqGNGNhI64fk6MypcKAXYYlJt5D2o0W28CpOtb6FxXCSoHgqiTztyXA1JyLGBJaoMiOwMdugV7T42sJ2kxXvfdVzxUtVSnEpqDDGEy7DKmmQNDl8Gdj2ziV9pfEzFw2CntsrY2WCGJ9ouvM8PGvob2L0q0/g9p5VDm1GMF6wZHFelSLyKzZtCpGFg51ldPn+rN7sERQ2EWaTnsi/3HwcNsACd+TeZfjaiRX7MMVb2MTTyCMkdVdECJDw7z4dGUReCrkA+fxw7VqYmCm6H6CNF1BFuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MkzvcOUSEJKj81bWHhIFIhMaPazGq+5Dv7ka/u9rCZg=; b=oXRhPCLnE0nRpqYPabE1xZL6+a+H2b3l/QarvStLtEG8OymTSMvRaNnhtUdraEFpEwQWZwngiyE9aZ0vcVN3P2f7GUPY1OTePUhdYjv2lsb2VmLkJkennU7sZ5zS9/qERfCBN/s7HgJ3q2M3tLK35lgpNqhv93SltcbJlEt7UPEAgAIIvgga9cIDeSrdSylL6Fl5bD/3lrNixs95nycw2j5ViPssUZqr9jiIIeeBqrkS+MHc6K0Uroc0OUnAr6Znt55u04lPWiFgT+gAJUoqE4CnxILsUIwXqReFtCQK3UsprNEZVXXjN2Z36nAsG7lIrFjToWg8mVPmNkWQ0Lne8g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MkzvcOUSEJKj81bWHhIFIhMaPazGq+5Dv7ka/u9rCZg=; b=JwAJWbMRgbrdgb3X0spGQ/HygxHtVJgWPfJEQer3OlpGR5i6Glb1fxLnkppNLiYRcMvWnslVXXMg1vn+o7cyw4qqgKv3ZaEYRNstPrc6rjmUAyZpaWvi9HWvGZ0aLgWUNAihzeQRjyNpa0Zp46kcfMwY9niNlgP4th11Tdj59ro= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from DM5PR12MB1386.namprd12.prod.outlook.com (2603:10b6:3:77::9) by DM5PR12MB1179.namprd12.prod.outlook.com (2603:10b6:3:6f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.28; Fri, 17 Apr 2020 20:26:33 +0000 Received: from DM5PR12MB1386.namprd12.prod.outlook.com ([fe80::969:3d4e:6f37:c33c]) by DM5PR12MB1386.namprd12.prod.outlook.com ([fe80::969:3d4e:6f37:c33c%12]) with mapi id 15.20.2900.028; Fri, 17 Apr 2020 20:26:33 +0000 Date: Fri, 17 Apr 2020 20:26:19 +0000 From: Ashish Kalra To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com Subject: SEV Live Migration Support in OVMF Message-ID: <20200417202619.GA4304@ashkalra_ubuntu_server> User-Agent: Mutt/1.9.4 (2018-02-28) X-ClientProxiedBy: DM6PR02CA0088.namprd02.prod.outlook.com (2603:10b6:5:1f4::29) To DM5PR12MB1386.namprd12.prod.outlook.com (2603:10b6:3:77::9) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by DM6PR02CA0088.namprd02.prod.outlook.com (2603:10b6:5:1f4::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.25 via Frontend Transport; Fri, 17 Apr 2020 20:26:32 +0000 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 03362f5c-af0b-46dd-4fd7-08d7e30d9e5c X-MS-TrafficTypeDiagnostic: DM5PR12MB1179:|DM5PR12MB1179: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-Forefront-PRVS: 0376ECF4DD X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1386.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(10009020)(4636009)(396003)(39860400002)(346002)(136003)(376002)(366004)(9686003)(81156014)(2906002)(6496006)(4326008)(5660300002)(66556008)(33656002)(66946007)(6666004)(52116002)(86362001)(316002)(8936002)(8676002)(26005)(55016002)(1076003)(44832011)(33716001)(66476007)(16526019)(186003)(6916009)(956004)(478600001);DIR:OUT;SFP:1101; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fPKA/QcLfxIrPWNll1VRsl/wqsYJbuJfT8DO2GXFesGbmIj6TZqn/cxlCVk7itQjS/wVbXUXB2j7H1eOnGvpxL92+XyhPPRiEBeeqgWgAiMj80nXZb+0kOHr8wSRje/R0s+nigI5r0m1x6mUWGadmwUWT2bUoeMLhjHD970mtBnwzpcWpx/M9KtcrJlyjL1ze01T2bxh42xxDxx1aRYPbAfWL4gdQcOLzNoEGopBwAZeglL+Wv2bcC2GG2wq8RU4en/MbDoq/HH6gou/MjnPH3bTOG3wzNWoxAGxyVBAAhJlgdA0q2SC+3rZAK6ZhhbrOH4sLrjJOEoplGs9HQLHw7LSeASroGJD+R/JsII1llu5uGEvJaAlUwzP3g1scrMcoyT40NRTSEWaQCMZN9qR6s/b6XT2ldh2l+g6epn6VIZfvb8VYIF5Es7/rf85tDVl X-MS-Exchange-AntiSpam-MessageData: XKK2Q1OiXkmt4/d/JCSfaCz4zLSXA9Hs2QvjbBhF8XAwzmlan+suu+uTc39cEac/5R7+nYxX5Odjyz023YD9Hndem9cxk+Le0FshxbQ5KnfRuS64D5JLeWolfn0U/RM0U7yRbzAfsZjbbZMf/1rA+A== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 03362f5c-af0b-46dd-4fd7-08d7e30d9e5c X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2020 20:26:32.8743 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: x0BbzZ/czaWmA5fE0HU6E6i87Cj6Tl8wqPGMtmQko9bj6JtkmwEOHX+irrkNvs+GVbYQl6RONpjV3D8al/tG+w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1179 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This is with reference to adding SEV Live migration support in OVMF, which basically is adding a hypercall as part of the MemEncryptSevClearPageEncMask() function. We unconditionally make a hypercall and if the hypercall succeeds then it can sets a new UEFI environment variable "SevLiveMigrationEnabled" which indicates it supports the feature to the OS. OS can later query whether feature is supported by OVMF by checking for this variable using the UEFI runtime services. I tried doing this by setting the UEFI variable if the hypercall succeeds using the UEFI runtime services SetVariable() function, but it looks like the UEFI runtime services table library is only available to DXE and UEFI module types. As OVMF's BaseMemEncryptLib module (which is doing the hypercall and then setting the variable) is a PEIM module, hence, it cannot call the UEFI runtime services and the build fails. Now i am returning the hypercall return status up the caller chain, i.e, all the way upto MemEncryptSevClearPageEncMask() and then set the Uefi variable in the above function which is running in DXE environment, so i believe that should work. Sharing the above on the development list for any feedback, comments or suggestions on this support and our current approach for the same. Thanks, Ashish