From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (NAM02-BL2-obe.outbound.protection.outlook.com [40.107.75.81])
by mx.groups.io with SMTP id smtpd.web09.61.1614730577986044981
for <devel@edk2.groups.io>;
Tue, 02 Mar 2021 16:16:18 -0800
Authentication-Results: mx.groups.io;
dkim=pass header.i=@amd.com header.s=selector1 header.b=wEtzMlkM;
spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.75.81, mailfrom: ashish.kalra@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=X8JXd4aj+jbjxbA/kHeUzSuQnHZA47OmZRonYC0o9ncU8lbZICzeHaq8S3VluVsp1i2Q7ZYDJP1ySoeguvFgrfaWQpvUEEYIcKK4Pk7T+mBTyiDS4P0czB/yRzsdaD6PhOek2kstDBz49BdjtClTiJd8SC/UEHLyImx+3ZPqdCd5XShs7PSnitd2DXkzWyIxHnFtUKACGenykvsiQrmzNXfL5Br5Gy47w/9eLpNPSiHe7MHETCCF3OpY9fC1JuYoYK4YR6Q+m/Bujfags9z+43nKY1HgO8Cuxvu07oUuVybv6iKbxER/RzJEGEZWVim7Cb8vJaWGoJnqIeYrwe37nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=qKJTbHAjMq7ERNPRocVOZE79EUig51oFzvnvvvXsR+8=;
b=m7pOfn8DKaMMPs7IDZrNZmANY0gC12WGOv7PsXAb+/DmKTHxcF4x+MOPlzDxsCzJLm1a6Eg4/qvK1IZwB3/yrbSNXFcHwJ2jFGM99vKj+7hgJUDP/pYHOMSs+3k0nTpAr5+PKCcdsFYzW/1kuthtJWZTIQPnzlkKzwAqww3q4GtKDQWFd4Y4jVXLbj7hwxhrqFB9U4kjV3pA/XOueNV2TZckek2PL/AEREbB9y6W0lCrQiEfs7NQYVLjRsHrBGM2Pwnw5k0pBOKQVWF9ErhEl2nntEefxoK22WhP1pdGqBsL9vKLykFRPELha8TwfwuKY1lip2r0Aek6sUfGroZh9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=qKJTbHAjMq7ERNPRocVOZE79EUig51oFzvnvvvXsR+8=;
b=wEtzMlkMqwKBvQgKQSpr7Kr/FCf6AhlOEjAGXE6aEk71YhlafUqpDROaRNNJVGcxpCZQULY9Ogj6+7nLoJQSQMT7h9PuX/9rxXhdJnGxJe942mdtIU0Kq5HKhkPoVhrcfJvYNBqp3yXS/W95S5SaaskvGjhfARa4nGqtCJyy7EQ=
Authentication-Results: linux.ibm.com; dkim=none (message not signed)
header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23)
by SA0PR12MB4446.namprd12.prod.outlook.com (2603:10b6:806:71::18) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Wed, 3 Mar
2021 00:16:16 +0000
Received: from SN6PR12MB2767.namprd12.prod.outlook.com
([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com
([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3890.028; Wed, 3 Mar 2021
00:16:16 +0000
Date: Wed, 3 Mar 2021 00:16:01 +0000
From: "Ashish Kalra" <ashish.kalra@amd.com>
To: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Cc: devel@edk2.groups.io, Dov Murik <dovmurik@linux.vnet.ibm.com>,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
James Bottomley <jejb@linux.ibm.com>,
Hubertus Franke <frankeh@us.ibm.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Jon Grimm <jon.grimm@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [RFC PATCH 02/14] OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap.
Message-ID: <20210303001601.GA30351@ashkalra_ubuntu_server>
References: <20210302204839.82042-1-tobin@linux.ibm.com>
<20210302204839.82042-3-tobin@linux.ibm.com>
In-Reply-To: <20210302204839.82042-3-tobin@linux.ibm.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SN4PR0501CA0154.namprd05.prod.outlook.com
(2603:10b6:803:2c::32) To SN6PR12MB2767.namprd12.prod.outlook.com
(2603:10b6:805:75::23)
Return-Path: ashish.kalra@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from ashkalra_ubuntu_server (165.204.77.1) by SN4PR0501CA0154.namprd05.prod.outlook.com (2603:10b6:803:2c::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.9 via Frontend Transport; Wed, 3 Mar 2021 00:16:15 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: f1ebcefa-e103-469a-aafb-08d8ddd98f72
X-MS-TrafficTypeDiagnostic: SA0PR12MB4446:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS:
<SA0PR12MB44461B3B515260A71EADA0E78E989@SA0PR12MB4446.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6790;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
MUDnd+b1D9mkAsvM0ns8qwQu+pULhlm2s/3WYLv53+/LtOKCtZbx9FDvwiB9XDitBtM6xZRbSLCQSFZOpBfS28YIMPYUpkftL3Fov/5XC886CEBPVKfSeyW06uFvSqsrtHQOmT3G1MqmcRGSZL2Gmi55SYeQDlH8WZ+w+pqhvox3lMvwUre5qfeD8f+VpTfxYl8986N2tmhiokAfmbp9ErV7tBlPcmj1Yzp42mzs8zo8gW5S1T7x+LOWBwY9zJE2xNTKmEeQjDnjgMOBVM2eD/BVYJ+p3BKP2zxQ1a4+ZRroAT8tSBZc32uPtfIytWsOHx4cHR8SagdBrg8E5HUaf/7fpik0DGfJYFTR9SC//o/XDdJonbZqK/NwZLSbNQswRWbBi5kBWNVfa+8dLWKWow5F4WC6Zln3MucRPYSQ9/EwoxYIozVz8leXxYGqcyOeV9tw3IkrIY23r/Cy0OGr29kEnIFgddT6XLTSYBNldyiUxHMKeoM91GY6nrseWj7CFD/miAkCBfdjJktQK/82nA==
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(39860400002)(346002)(396003)(6916009)(4326008)(33716001)(8936002)(9686003)(2906002)(478600001)(86362001)(8676002)(6496006)(6666004)(66946007)(52116002)(54906003)(19627235002)(66556008)(66476007)(186003)(1076003)(956004)(16526019)(55016002)(5660300002)(44832011)(26005)(316002)(33656002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData:
=?us-ascii?Q?6fk9E9JgOi6186lPN6QXCnrbulHV2BLdq5ISYBVsVVvxMwqzJ4Q5Jc2ELOcQ?=
=?us-ascii?Q?FgBly2txrJGwYcsW9yCu+kLhhfanIwC0n6ziiR3JHnGdCPaODu7MBdBtOfFl?=
=?us-ascii?Q?rTexZGoVsx51niOHwgtUIQuQzC59ikypusi4Hh+7m9W9OIOcSK+tu/Kdcab+?=
=?us-ascii?Q?zrhJFdET1+gsmStTMB2NlUd2s06a2FlNtU3XklCeytQYIMtgdu0i1iZ0qmeA?=
=?us-ascii?Q?Nota6TgrnNtkfwPHTKHc0Ovpvpo8K7iPalw7cFgSZEY6rYUdMPqj6eVpSjtj?=
=?us-ascii?Q?bdoniUVZcvlpVlNDKOtbGWRIcFSvHcJvqVA/WBaYZ5xaRdmktBaJQNrqZKG9?=
=?us-ascii?Q?sysftMOspGCLELclYuevEQ9WyZDvTYDsOt+2bTjJrncojRxJFNHGbwgrIDfD?=
=?us-ascii?Q?4U9wbJrXb35StcT1STpeMOKM4Y1K6Z9mNbvH5AQfPynb08Gc6x2mENzzU/EW?=
=?us-ascii?Q?ZTTb2N5sH+DYr2FkQu/L6jATYA3cVeH2IzMbLuXJqHe5kodKGYNg9xfTjjSi?=
=?us-ascii?Q?69kDN6SZYlv/rhTOeIy8XMX2K3ji8tukNOHdrvmDHgod92li8ksU5D2toF5A?=
=?us-ascii?Q?gpeTMAczAR27kyksqxDZv+SPquUgtiGg1lUNHnPyCxg+cszE7EnAT0HT6wgs?=
=?us-ascii?Q?PhtVxG72gXGNS+1mHlrQxrDtL7E0kQYAVvQwreP5gX8oV4vOcUa9ksKbyxBB?=
=?us-ascii?Q?ko6So52WquwoWECXMLQINNxkmtnUf8wOad92aL+rKdbSqeLlSzsJHGlfDumI?=
=?us-ascii?Q?1fGVbs1lWyW4mx0nmQjn4BE4wJd4ayWfgjuDol1b8Cm+ohPhow2u5lVJPJkb?=
=?us-ascii?Q?sv8LptMgKNTC3t6k43ECd6T9vDW3btZSX4G0L9TFnMaHHw+S7rC7rQSi6YXS?=
=?us-ascii?Q?ALm1cR6VtiLMJ82tG6Jx0SK6MVSJU6oM9t1Cuu7MwZfR6y0mg1sCh66LlGZs?=
=?us-ascii?Q?QnmzNor6LDCpZHdpFfLwDRMUPYUePLlgQdtSF9jFqla6ZWWwJ5CKQF3MnILC?=
=?us-ascii?Q?ofuRxaTpfQQJhOKZqtfLyNK6BndW2ALgKrYhVgW1TRjie8alGuOZuh4ry3Vi?=
=?us-ascii?Q?HK/xjbCyqap/zYfAgeJT2VeC9iUkyIxVk91mf/qfVpxd4PoNwv4z/z4+8le7?=
=?us-ascii?Q?HrjArTt9ohNVNgUhdDa1gG83shPRusITyXDb4H34KICb7Jed+kzC9h17zSf0?=
=?us-ascii?Q?57gwc11JV0QBGELDUghuHOPz68RMmX2+AFxUuBM8WR0IkXqzs3KlRLOKipST?=
=?us-ascii?Q?V5I3zAv+hGAYCi/0KrQqWvdyoY++i0bU3nTB+2xAwMEcPEjuOB9C9ApFKcQp?=
=?us-ascii?Q?XnM/o+6BiqXMmEZjnZe5mPJe?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f1ebcefa-e103-469a-aafb-08d8ddd98f72
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2021 00:16:16.4239
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: SK7Grdw0MFU08DtKpw71GtnCIUE3Yo9z9nrAExHRpReV7gKwxBDP7PYXI4CpRMxIgHif1dj71CqvKp9oOl28Gg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4446
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello Tobin,
Just a high level question, why is this patch included in this
patch series, i don't think you are supporting SEV-ES platform
migration in this patch-set ?
Thanks,
Ashish
On Tue, Mar 02, 2021 at 03:48:27PM -0500, Tobin Feldman-Fitzthum wrote:
> From: Ashish Kalra <ashish.kalra@amd.com>
>
> Mark the SEC GHCB page that is mapped as unencrypted in
> ResetVector code in the hypervisor page encryption bitmap.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> ---
> OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
> index dddffdebda..c72eeb37c5 100644
> --- a/OvmfPkg/PlatformPei/AmdSev.c
> +++ b/OvmfPkg/PlatformPei/AmdSev.c
> @@ -15,6 +15,7 @@
> #include <Library/HobLib.h>
> #include <Library/MemEncryptSevLib.h>
> #include <Library/MemoryAllocationLib.h>
> +#include <Library/MemEncryptHypercallLib.h>
> #include <Library/PcdLib.h>
> #include <PiPei.h>
> #include <Register/Amd/Msr.h>
> @@ -52,6 +53,15 @@ AmdSevEsInitialize (
> PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
> ASSERT_RETURN_ERROR (PcdStatus);
>
> + //
> + // GHCB_BASE setup during reset-vector needs to be marked as
> + // decrypted in the hypervisor page encryption bitmap.
> + //
> + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
> + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
> + FALSE
> + );
> +
> //
> // Allocate GHCB and per-CPU variable pages.
> // Since the pages must survive across the UEFI to OS transition
> --
> 2.20.1
>