From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.58]) by mx.groups.io with SMTP id smtpd.web12.11313.1607069417312059079 for ; Fri, 04 Dec 2020 00:10:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=sj4okXLT; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.58, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bqIUwMkpuXmzwmcPJfTdaDp+0wkDj53JN9dcTLpPoxQkuSG5/LNd0I1PsVOdW/kUPkFvieeIptlouc3MSUdPQ01Z8ZwVkEEfwk7TDsxm+vHpLwC7q57PO+V6wN8LrzYT4neATxrFaFnbP00hGf35KXcDOSM0+nhFGesyvnZrcba7NVywEGwyzIOJBHKu/2KkS43GAfPherSRxbIqGJvk/4gzn3hpOgEQoiS0M4IosXjSFtM4sNqNHZuwthgZL5JnA/Kzj+J7ThWBxy3XR+j2SB10bqm0IRy3pqsMh/pS++NGeG4XZEgmhJF4AoJ1EvoJAuHPuFmVK93tBTm33wCnjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x2+bQ+tw0nrXl1aZUaIp6BvDw/8yXLUklbrd5OK99Hg=; b=DV/KjIDLXun8CvvSPkIiJbghhqUEd1elPgDWBoMA9U8y/BBH0CBuWeOIbt07as4J23uqrvyE4SW3+QHrz+po7C8cCm610U8dU7p3k5uTwtvwzMUCk4uxuSzeWoBtIydSwangdE5ZaRk4EpvqdrzqxDvSO00poHF6D+N7kfLaP9V4HDntfjSm1D5p5bmrGSt89pkyRYLiJr5/LBI2jq3J11bnlyf/kLLDFO36nRAA33c9bjLzk0tNWnLm53pygflSJ+sS+hAfCizMszDhiTbeN2jW6eytto8ZmNIXO2NjAFFkyaHhQlsNg3pv2T3ImgI8hDc1xCePCN90BuZ443+LEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x2+bQ+tw0nrXl1aZUaIp6BvDw/8yXLUklbrd5OK99Hg=; b=sj4okXLTWGLOzVqJeaaN0b8G50ZQhDWIz9cY/qcP52lpxudhapFjVyMrP+aimUeu2kcPl7ACOGhBcw7bGGXouq1jyfkGOyJTwI6FzAf5of71bcvxw8cbFt2XgdbOdpppHRduUtF3oiW8kLzYWF0plgEkrO8Os2KOXQ/suHNcmLs= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2446.namprd12.prod.outlook.com (2603:10b6:802:26::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Fri, 4 Dec 2020 08:10:15 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Fri, 4 Dec 2020 08:10:14 +0000 Date: Fri, 4 Dec 2020 08:10:09 +0000 From: "Ashish Kalra" To: Laszlo Ersek Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: Re: [edk2-devel] [PATCH v3 0/3] SEV Page Encryption Bitmap support for OVMF. Message-ID: <20201204081009.GA767@ashkalra_ubuntu_server> References: <6f1ebc14-879d-53fd-74f9-0085d869f090@redhat.com> In-Reply-To: <6f1ebc14-879d-53fd-74f9-0085d869f090@redhat.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN1PR12CA0112.namprd12.prod.outlook.com (2603:10b6:802:21::47) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by SN1PR12CA0112.namprd12.prod.outlook.com (2603:10b6:802:21::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Fri, 4 Dec 2020 08:10:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e79edafd-61f5-4a2e-b926-08d8982c0781 X-MS-TrafficTypeDiagnostic: SN1PR12MB2446: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +9BTO6W5NxhCmU/lrd+7XebEG87+qM2VfonjZWjRpp8xDxLG8YRc/+3PMYC52l/876CAT9jFMHjg0w2X0tzQh3phAq6kBRYDMbcj1hV2dtSzx0NL/HouridPFVewdwTsKKPW4YKiQZZXR0e8IrdLBgI8b3fxNL4cK0Onqp9d/6c1YmuSnq7U8IfIEeyp5MpWiMegTp4S987B+72Kf36P0gfiKSPWpr8pzbhFBCIixXO60rANR2rVt6k9utHsPOOU6SDD9UksZS6zvmgsYHlWmQZswjiu3km1v3Ux8SQN16Kl/a6sxKomI41NM0cQk97SVg7vCh51BdTmWxLZ4OSZsGb07cazaTls4un1U8oSqTx5bs/4/BfWPX/5lX4TdandOfLNyK/BSd00DJY3Uxf88Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(136003)(346002)(396003)(366004)(956004)(55016002)(8676002)(9686003)(4326008)(6666004)(8936002)(33716001)(19627235002)(6496006)(316002)(53546011)(16526019)(52116002)(186003)(33656002)(478600001)(44832011)(2906002)(86362001)(66946007)(5660300002)(966005)(66556008)(6916009)(26005)(66476007)(1076003)(45080400002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?N/PILBa+hnMnl2kg1wA/ekwk+crbgXSgRRVu7w6sbvL+o2UtxqvS1tjbMRWh?= =?us-ascii?Q?SGWcezvq2fTTjYQ+U5jg/i+FrA+2ug4rnJQ4qLqNPe6Y98LvK2Q+nRjqT41e?= =?us-ascii?Q?Gh8jcpkrFYYqCrAZAs+bnyB0A7hPm2aibeae9lsdXQO105ELNMisu8vE97LZ?= =?us-ascii?Q?K4TeelE20hupPEpPGpLh0+8TOwtHQdAm8fDVmm96f0uDosjpD1nHY6fT0Mms?= =?us-ascii?Q?4qgbYagNw/k1x9NSJNKADNEFeMLOhBUFl/RTzwbsRP+OnTCvr8zJWpwHgLXL?= =?us-ascii?Q?Aaf+CBGvOIZx32aiAuPg+WiSZDJY6wzreDBLIiPHcF1jM7pNl/o47XQHCXI6?= =?us-ascii?Q?AOGNK6MH/vA+r5HyKhZZ11hd1osjGn3w6IVQnksuDIhCSrwgmuT82/leGGoa?= =?us-ascii?Q?CRipVmaiodEyC9XB3Lxh7z3ZtOvmXj78OnQ7234x/nevEIDqkwOhDaCJNPbN?= =?us-ascii?Q?TJyIPPh/sx5AbPbjuTHChi3+PY94KF9J9JmGsHITtN0LSsUvmvOemyH6BT6v?= =?us-ascii?Q?QNOtIjIVC3PwHo0JlmkQUURbUPvopwkjrARcdCZ7UfAJ2Hsi1GUPEbmgGi7+?= =?us-ascii?Q?wUqndmO+X9v94cBHEwrNrr0mHd1poT9qkhIfjbxsW3V+8fTSx0tYRbdyO7Or?= =?us-ascii?Q?arFR9K6O3Uee6pp0hYrbfLLz+RqtoyXwnYxoUHcpH8+srj+1xSnn7nGr720z?= =?us-ascii?Q?A9pgVXoB8OVq8vWCeBSk5Hc8OnMhtMPgqCbFo1QfhM0+q7zvv5SHY+SCOW+S?= =?us-ascii?Q?yU46Z19kW/C/F08B+3j2OEJ26IkWhOwMKDFY7uWsK8BCgsZ5W1ufw+GDuxqJ?= =?us-ascii?Q?Ts/uyT3ypLHALatAEoFwPIfy8vIIczHSmez6rGcSmqQ+/y6ZjGY+0M/61RJ+?= =?us-ascii?Q?hxfyQBpH3JbcguWxaZLWv4rMJKC7ku1VVyy8IOADZxy4fTWGIyr7HKyZGqg9?= =?us-ascii?Q?cjrjoda6Jr3mkUwVAxjZWSFkbQ0uf77DFaoieuYjE25iRKKwP9o+UVIpp4zy?= =?us-ascii?Q?XmhQ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e79edafd-61f5-4a2e-b926-08d8982c0781 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Dec 2020 08:10:14.8588 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wtsc6CWtXji1KlL7tRM2QIq9JIBqBeMNglRbliqr3ybSOFBEmnQPOG2C3TIfOaV/e8788BkET5pm2V0q9QtWBg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2446 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Dec 04, 2020 at 04:50:05AM +0100, Laszlo Ersek wrote: > On 12/04/20 01:03, Ashish Kalra wrote: > > From: Ashish Kalra > > > > By default all the SEV guest memory regions are considered encrypted, > > if a guest changes the encryption attribute of the page (e.g mark a > > page as decrypted) then notify hypervisor. Hypervisor will need to > > track the unencrypted pages. The information will be used during > > guest live migration, guest page migration and guest debugging. > > > > The patch-set also adds a new SEV and SEV-ES hypercall abstraction > > library to support SEV Page encryption/decryption status hypercalls > > for SEV and SEV-ES guests. > > > > BaseMemEncryptSevLib invokes hypercalls via this new hypercall library. > > > > A branch containing these patches is available here: > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fashkalra%2Fedk2%2Ftree%2Fsev_page_encryption_bitmap_v3&data=04%7C01%7Cashish.kalra%40amd.com%7Cbc3c88f21f1d40b322b408d89807b5c8%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637426506192800828%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VZzP2MVJSECgMhOyuCCASw58g74BiCVAH9JW8hZG3Tw%3D&reserved=0 > > > > Changes since v2: > > - GHCB_BASE setup during reset-vector as decrypted is marked explicitly > > in the hypervisor page encryption bitmap after setting the > > PcdSevEsIsEnabled PCD. > > > > Changes since v1: > > - Mark GHCB_BASE setup during reset-vector as decrypted explicitly in > > the hypervisor page encryption bitmap. > > - Resending the series with correct shallow threading. > > > > Ashish Kalra (2): > > OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. > > OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap. > > > > Brijesh Singh (1): > > OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall > > > > .../Include/Library/MemEncryptHypercallLib.h | 37 ++++++ > > .../BaseMemEncryptSevLib.inf | 1 + > > .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 +++ > > .../MemEncryptHypercallLib.c | 105 ++++++++++++++++++ > > .../MemEncryptHypercallLib.inf | 39 +++++++ > > .../X64/AsmHelperStub.nasm | 39 +++++++ > > OvmfPkg/OvmfPkgX64.dsc | 1 + > > OvmfPkg/PlatformPei/AmdSev.c | 10 ++ > > 8 files changed, 250 insertions(+) > > create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h > > create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c > > create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf > > create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm > > > > I'll need some time to get to this series. > > I'm fairly certain though, from a quick skim, that this series breaks > all DSC files under OvmfPkg except X64. Please fix that. > > Ok thanks Laszlo, i will fix this. Ashish