From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.447.1614718133777471556 for ; Tue, 02 Mar 2021 12:48:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kMk0nRbH; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: tobin@linux.ibm.com) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 122KhKtt191359; Tue, 2 Mar 2021 15:48:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=yJczPWr6BbOOqclY6+VzpR6bI3HJnUQx0UAc9y9us8o=; b=kMk0nRbH4nIK8O21zKQxtxNIjTVp9DEU5sKeXEnjTWAvMZJ281xkWD1WOJwrUGhPUEIi mPhf8ciUQkb8y7oPE6KylpUnks9ymscmRzs/Xv9oq0iy2OieeT2o6faCPUJP6TKen9YE ji2EBn6edVaMQXXFlQAvWIdWIvfTs67UUOfl1SXypf/P1jM8rPvMx4oB/pS1pEbaj+tj 9QjtaQfSM0R48rjIn77F8740QpibweJ//0db6Mt0c4eMkROc57WkX+fx3oaExJo+UwMc P2UMRV7qGPMkHgoFsHLY2MyR522sPTI8QdXBmJM2Cj30nijmAfxuMnYw5tqTY1HwKNL9 Vw== Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 371vn7r865-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Mar 2021 15:48:51 -0500 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 122Km6Xv013755; Tue, 2 Mar 2021 20:48:50 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma03dal.us.ibm.com with ESMTP id 37103w5sjd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Mar 2021 20:48:50 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 122Kmmac17498462 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Mar 2021 20:48:48 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7153BC6055; Tue, 2 Mar 2021 20:48:48 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DC0B4C605D; Tue, 2 Mar 2021 20:48:47 +0000 (GMT) Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 2 Mar 2021 20:48:47 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: devel@edk2.groups.io Cc: Dov Murik , Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , James Bottomley , Hubertus Franke , Brijesh Singh , Ashish Kalra , Jon Grimm , Tom Lendacky Subject: [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration. Date: Tue, 2 Mar 2021 15:48:28 -0500 Message-Id: <20210302204839.82042-4-tobin@linux.ibm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210302204839.82042-1-tobin@linux.ibm.com> References: <20210302204839.82042-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.761 definitions=2021-03-02_08:2021-03-01,2021-03-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=999 adultscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 mlxscore=0 phishscore=0 priorityscore=1501 bulkscore=0 impostorscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103020156 Content-Transfer-Encoding: 8bit From: Ashish Kalra Detect for KVM hypervisor and check for SEV live migration feature support via KVM_FEATURE_CPUID, if detected setup a new UEFI enviroment variable to indicate OVMF support for SEV live migration. Signed-off-by: Ashish Kalra --- OvmfPkg/OvmfPkg.dec | 1 + OvmfPkg/PlatformDxe/Platform.inf | 2 + OvmfPkg/Include/Guid/MemEncryptLib.h | 16 +++++ OvmfPkg/PlatformDxe/PlatformConfig.h | 5 ++ OvmfPkg/PlatformDxe/AmdSev.c | 99 ++++++++++++++++++++++++++++ OvmfPkg/PlatformDxe/Platform.c | 6 ++ 6 files changed, 129 insertions(+) create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 4348bb45c6..4450d78b91 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -122,6 +122,7 @@ gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} [Ppis] # PPI whose presence in the PPI database signals that the TPM base address diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf index 14727c1220..2896f0a1d1 100644 --- a/OvmfPkg/PlatformDxe/Platform.inf +++ b/OvmfPkg/PlatformDxe/Platform.inf @@ -24,6 +24,7 @@ PlatformConfig.c PlatformConfig.h PlatformForms.vfr + AmdSev.c [Packages] MdePkg/MdePkg.dec @@ -56,6 +57,7 @@ [Guids] gEfiIfrTianoGuid gOvmfPlatformConfigGuid + gMemEncryptGuid [Depex] gEfiHiiConfigRoutingProtocolGuid AND diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h new file mode 100644 index 0000000000..8264a647af --- /dev/null +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h @@ -0,0 +1,16 @@ +/** @file + AMD Memory Encryption GUID, define a new GUID for defining + new UEFI enviroment variables assocaiated with SEV Memory Encryption. + Copyright (c) 2020, AMD Inc. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef __MEMENCRYPT_LIB_H__ +#define __MEMENCRYPT_LIB_H__ + +#define MEMENCRYPT_GUID \ +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} + +extern EFI_GUID gMemEncryptGuid; + +#endif diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h index 716514da21..4f662aafa4 100644 --- a/OvmfPkg/PlatformDxe/PlatformConfig.h +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h @@ -44,6 +44,11 @@ PlatformConfigLoad ( OUT UINT64 *OptionalElements ); +VOID +AmdSevSetConfig( + VOID + ); + // // Feature flags for OptionalElements. // diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c new file mode 100644 index 0000000000..1f804984b7 --- /dev/null +++ b/OvmfPkg/PlatformDxe/AmdSev.c @@ -0,0 +1,99 @@ +/**@file + Detect KVM hypervisor support for SEV live migration and if + detected, setup a new UEFI enviroment variable indicating + OVMF support for SEV live migration. + Copyright (c) 2020, Advanced Micro Devices. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +// +// The package level header files this module uses +// + +#include +#include +#include +#include +#include +#include + +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. + @retval TRUE KVM was detected and Live Migration supported + @retval FALSE KVM was not detected or Live Migration not supported +**/ +BOOLEAN +KvmDetectSevLiveMigrationFeature( + VOID + ) +{ + UINT8 Signature[13]; + UINT32 mKvmLeaf = 0; + UINT32 RegEax, RegEbx, RegEcx, RegEdx; + + Signature[12] = '\0'; + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) { + AsmCpuid (mKvmLeaf, + NULL, + (UINT32 *) &Signature[0], + (UINT32 *) &Signature[4], + (UINT32 *) &Signature[8]); + + if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) { + DEBUG (( + DEBUG_ERROR, + "%a: KVM Detected, signature = %s\n", + __FUNCTION__, + Signature + )); + + RegEax = 0x40000001; + RegEcx = 0; + AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx); + if (RegEax & (1 << 14)) { + DEBUG (( + DEBUG_ERROR, + "%a: Live Migration feature supported\n", + __FUNCTION__ + )); + return TRUE; + } + } + } + + return FALSE; +} + +/** + Function checks if SEV Live Migration support is available, if present then it sets + a UEFI enviroment variable to be queried later using Runtime services. + **/ +VOID +AmdSevSetConfig( + VOID + ) +{ + EFI_STATUS Status; + BOOLEAN SevLiveMigrationEnabled; + + SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature(); + + if (SevLiveMigrationEnabled) { + Status = gRT->SetVariable ( + L"SevLiveMigrationEnabled", + &gMemEncryptGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (BOOLEAN), + &SevLiveMigrationEnabled + ); + + DEBUG (( + DEBUG_ERROR, + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", + __FUNCTION__, + Status + )); + } +} diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c index f2e51960ce..9a19b9f6b1 100644 --- a/OvmfPkg/PlatformDxe/Platform.c +++ b/OvmfPkg/PlatformDxe/Platform.c @@ -763,6 +763,12 @@ PlatformInit ( { EFI_STATUS Status; + // + // Set Amd Sev configuation + // + AmdSevSetConfig(); + + ExecutePlatformConfig (); mConfigAccess.ExtractConfig = &ExtractConfig; -- 2.20.1