From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.68]) by mx.groups.io with SMTP id smtpd.web12.9441.1614789687396633624 for ; Wed, 03 Mar 2021 08:41:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=kddPDxfa; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.68, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gHQMYyDjUPPRMDLGiHNVZ+4SRbfQMQBG6EKDd8v7kv8BseJYdR8H0N6I0MHJAHDQ68ggqEZeoIvx9VVo6/02Os9GLpBJN8fgI3XIQvxTYMvQoIOwJaGTBzm7AMLxXJ5zGXOmdQ0Gunx71pp6ilMADG8xcdSL75OXt5CdPkq8BRh8u+Y/853sY6lYGQbopKnKSRmjPwSvRvEh5WXhZSQZAsmnieipEg0wB57ZaAukFASSxI1xYXt0WvY2NprxRSRydTUs3Z2AxoFyCMRJuru8SO9HUXZjX7LgJzJrBSf4G/zFFGdjAQdWeSdWoguqKAoKQFAwwMZ2Fj2glwr/D//D6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=arywQL/uc6VeoKBn5DRzwXic8+rx7P/gO7XWARzkSOA=; b=HFA2Ha3v5fifZPtqnyJvkMAxThx5/SkGuT7HVKxmURhATu4rqdzkcyZB6EcN0TO1e3sC0Z+2V7J9hanTAgaH9HjNZsFGPDwYGiBWbOvQcuxTtxib+g+FA/7uabkEioqgPhCiah+q/7YUMhFLh7NofcpJnMM8iNTsRSy+ghoO8N4IcL0gzy3p46sy5L8hZXNNUnwsJEE4eiyNGoysuXxMOfmdqm36TiWa56Pc3QiBC9r2As2E1ehX2VXH/VWqndI09nUC/lIQyLSP2lMXsVO6Q8YebAm0IKLsDN5Z1O6kc0uA/tupX/9HhH7ejW2wK1XIym23EC4Yjzi2qAcPFCQ0Mg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=arywQL/uc6VeoKBn5DRzwXic8+rx7P/gO7XWARzkSOA=; b=kddPDxfafZIQ5jJ2crzmFaObyhwGUiJjplXngSaREQBRu8AOS7CePu1Dfy1DG1jJb8T/cCAKrpzPT3ZSguBGKM7nirHJOia0YzBfVIVHGot+VQjaBk8ZaG0DFcBnydGtb5viOkN/EONBXaPyz7/kCJlaMvGVpjdWQ5WVldanMxs= Authentication-Results: linux.ibm.com; dkim=none (message not signed) header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4512.namprd12.prod.outlook.com (2603:10b6:806:71::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Wed, 3 Mar 2021 16:41:25 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3912.018; Wed, 3 Mar 2021 16:41:25 +0000 Date: Wed, 3 Mar 2021 16:41:23 +0000 From: "Ashish Kalra" To: Tobin Feldman-Fitzthum Cc: devel@edk2.groups.io, Dov Murik , Tobin Feldman-Fitzthum , James Bottomley , Hubertus Franke , Brijesh Singh , Jon Grimm , Tom Lendacky Subject: Re: [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration. Message-ID: <20210303164123.GB31638@ashkalra_ubuntu_server> References: <20210302204839.82042-1-tobin@linux.ibm.com> <20210302204839.82042-4-tobin@linux.ibm.com> In-Reply-To: <20210302204839.82042-4-tobin@linux.ibm.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN1PR12CA0055.namprd12.prod.outlook.com (2603:10b6:802:20::26) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by SN1PR12CA0055.namprd12.prod.outlook.com (2603:10b6:802:20::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Wed, 3 Mar 2021 16:41:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 82c9c28f-e1c8-4f71-024f-08d8de632f89 X-MS-TrafficTypeDiagnostic: SA0PR12MB4512: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rzfriFOFeHKVyv3sxB0kPFLzJVgtvw5LmGhNOtQq/NLShsrgD98W8Zd8r6+NWu3agO1TpbsdlNXxAk2XaSjBxlaZv1UanFjuAXNrhUAwEEeinG35YS1G3ekkoSZsAIkTxbWp4b6RyAzKQwzGs7p26BsUBBnA3vg5+AU30Q7hDXwccoy1PlE2HbD0+OIbOpwJQ8yjaur4fh/buK53kTCnlCqu9aLBvmwZfJukL4VhmXhBNW3ADfdnipgBnguhXqoJJLq+ogqd2udEwzpUy8vgdhts0JRslBN3u4xi36RU8Rl+k85DWnASUmtgZquli6vWM7p/70NxcqqQvnm04FaLZtr70N8iGURZMZLzDveLfHDBTWZHpSFrUF61CMguragEZhGYtW5+QB12b4ATFjPC4/UCLWWpbeKXlzG6e/i5JGEgPygZyvh73n/oWWkqPc6n8gOwhH/gcWjWCEyaylorzP45iiWyciBxDUwV7TuS3H00xtlXmh+UgVZe9QC/PJWEHOKJym8NNbSaNzwwK7hrGg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(396003)(39860400002)(366004)(376002)(136003)(6916009)(956004)(86362001)(1076003)(478600001)(8676002)(26005)(44832011)(316002)(2906002)(33656002)(5660300002)(52116002)(33716001)(16526019)(6496006)(4326008)(186003)(66476007)(54906003)(66556008)(66946007)(55016002)(9686003)(8936002)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?9WiuSKweBHe0X+zHwkWmBhDPjW0eZuqtjRGt1ukOYUaGQe8tHCfsGwNeshYP?= =?us-ascii?Q?L5SGSdWp5GYyBdrSOBRUhw3WyNJyyFhIpgCBUZUHoQA8Wd7YWYAuakFl22zj?= =?us-ascii?Q?IcSpX7Eroe54y2XfpG+T5aKdeTYyqWvpY9VKTkDVn4v3AXitRhj4s44owo+K?= =?us-ascii?Q?EebuWdf3DJnsOdSgOOEbTqmvNQLa1m50k8g0YGAREneH6+aHJS5J6D1I50HP?= =?us-ascii?Q?mqgXyGM5B8NHibToFs8EBRiA9tobP566JIlqoHCpxqT5pKK3YTZz1J8cNJkk?= =?us-ascii?Q?AZGoJCBVXImAjE9x3kMIAb+0U5tbHu+1EHqJiMSVbMk8nrGIoltEr16zPGXt?= =?us-ascii?Q?OTnqnllBFcV548m3bBgupatRJJLLe96kzEiMDsdSFn8k+ZvxHxNJR0krZYgN?= =?us-ascii?Q?kXMFL5nXYY+WRYSrW7RUJydmq6gPIUGWvgCftiP8SA0mFfhZmkw6qRUwax8V?= =?us-ascii?Q?hrQqOBRVTvTasT7xK51UKsSoElataa8ZHfMAsHkXo5vQVD7iCNrAzGraU4KA?= =?us-ascii?Q?HKYYGX7fhJa6Lm62DYE/0iC06qvSq+Bp290iw+c1OrhPMayt1U+SHVyJ+qus?= =?us-ascii?Q?J6EeOFUXb1NLahlt2/AMaDx6uIqueLK/Ffw+7W/n1tJlt2kfbMtrhPrmGVta?= =?us-ascii?Q?UuQP7fKivtZkkUQg3IIF8d9gGwt5hOXpTISqrjYNyOAZkrFcEVkapgvYpKLT?= =?us-ascii?Q?ANDWWhr2Xkuga8LaHQPoJDz8QDCDVwaMr5INXTkRcDFM9bdvvyCYOkXp4SYt?= =?us-ascii?Q?shvWqru8j0L4Yq21QTruxY/gt+TAMFtDl4h+Pa02/Hj3lNcl5HdqBO6dcxLa?= =?us-ascii?Q?LjBf2pmgYxDTHm6IDhccKKBnQJRxZkOlf/ZdolZzWPuC3/DUha+jcz9dviXO?= =?us-ascii?Q?mauhbLmGv62h87btZsFlxG3D3ylclJN4gHpQjnxn0/X06Kpc1FwvjS0kim8f?= =?us-ascii?Q?rniNa/Do2b5r8sz6oqQIg8GUWUWNvdLp68pxrX7CcYvsECRJRrcRGvCGQS0a?= =?us-ascii?Q?93mchQslLBf7OEjsMJuZVf/Wn34tQNeFJ0qPqsKovNbPBHIuHbckgv+TwVhM?= =?us-ascii?Q?MBbGM6OSGDiWn63WkcxFBVgTCKfdRhq5IStSUjTc0f5cY3lrF1afdijO0teE?= =?us-ascii?Q?fq/AuJ40DJnLEkHkL7FbxPu+TVFxYNrTImFYPTgDeD5ExgM3512siW6PHzPs?= =?us-ascii?Q?NGfvgO/yoHWZYcttBxT+GoXwZHxPBaHtFGsGhzEBXd4NcEMUbSRitIrUYJDs?= =?us-ascii?Q?sgf9o2+p+LNMkcCEuPUgSqwWp+cz757AxQxHGzL5V4hV+vxVHkCV+pHusnmB?= =?us-ascii?Q?hlKSOBSeLxFuj5gv5iy6RByg?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 82c9c28f-e1c8-4f71-024f-08d8de632f89 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2021 16:41:25.4831 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: yT5gIyYIgzDS2cHKMDZDifeTnfACJ0nVIU1nfcH1N1OqfOEGF9z2FLFQU/90RXiDu1TQGvhbv+60ztqu9SQqMw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4512 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello Tobin, You don't need this patch for MH support, this patch is only required for (SEV) slow migration support. Thanks, Ashish On Tue, Mar 02, 2021 at 03:48:28PM -0500, Tobin Feldman-Fitzthum wrote: > From: Ashish Kalra > > Detect for KVM hypervisor and check for SEV live migration > feature support via KVM_FEATURE_CPUID, if detected setup a new > UEFI enviroment variable to indicate OVMF support for SEV > live migration. > > Signed-off-by: Ashish Kalra > --- > OvmfPkg/OvmfPkg.dec | 1 + > OvmfPkg/PlatformDxe/Platform.inf | 2 + > OvmfPkg/Include/Guid/MemEncryptLib.h | 16 +++++ > OvmfPkg/PlatformDxe/PlatformConfig.h | 5 ++ > OvmfPkg/PlatformDxe/AmdSev.c | 99 ++++++++++++++++++++++++++++ > OvmfPkg/PlatformDxe/Platform.c | 6 ++ > 6 files changed, 129 insertions(+) > create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h > create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 4348bb45c6..4450d78b91 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -122,6 +122,7 @@ > gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} > gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} > gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} > + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > > [Ppis] > # PPI whose presence in the PPI database signals that the TPM base address > diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf > index 14727c1220..2896f0a1d1 100644 > --- a/OvmfPkg/PlatformDxe/Platform.inf > +++ b/OvmfPkg/PlatformDxe/Platform.inf > @@ -24,6 +24,7 @@ > PlatformConfig.c > PlatformConfig.h > PlatformForms.vfr > + AmdSev.c > > [Packages] > MdePkg/MdePkg.dec > @@ -56,6 +57,7 @@ > [Guids] > gEfiIfrTianoGuid > gOvmfPlatformConfigGuid > + gMemEncryptGuid > > [Depex] > gEfiHiiConfigRoutingProtocolGuid AND > diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h > new file mode 100644 > index 0000000000..8264a647af > --- /dev/null > +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h > @@ -0,0 +1,16 @@ > +/** @file > + AMD Memory Encryption GUID, define a new GUID for defining > + new UEFI enviroment variables assocaiated with SEV Memory Encryption. > + Copyright (c) 2020, AMD Inc. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#ifndef __MEMENCRYPT_LIB_H__ > +#define __MEMENCRYPT_LIB_H__ > + > +#define MEMENCRYPT_GUID \ > +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > + > +extern EFI_GUID gMemEncryptGuid; > + > +#endif > diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h > index 716514da21..4f662aafa4 100644 > --- a/OvmfPkg/PlatformDxe/PlatformConfig.h > +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h > @@ -44,6 +44,11 @@ PlatformConfigLoad ( > OUT UINT64 *OptionalElements > ); > > +VOID > +AmdSevSetConfig( > + VOID > + ); > + > // > // Feature flags for OptionalElements. > // > diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c > new file mode 100644 > index 0000000000..1f804984b7 > --- /dev/null > +++ b/OvmfPkg/PlatformDxe/AmdSev.c > @@ -0,0 +1,99 @@ > +/**@file > + Detect KVM hypervisor support for SEV live migration and if > + detected, setup a new UEFI enviroment variable indicating > + OVMF support for SEV live migration. > + Copyright (c) 2020, Advanced Micro Devices. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > +// > +// The package level header files this module uses > +// > + > +#include > +#include > +#include > +#include > +#include > +#include > + > +/** > + Figures out if we are running inside KVM HVM and > + KVM HVM supports SEV Live Migration feature. > + @retval TRUE KVM was detected and Live Migration supported > + @retval FALSE KVM was not detected or Live Migration not supported > +**/ > +BOOLEAN > +KvmDetectSevLiveMigrationFeature( > + VOID > + ) > +{ > + UINT8 Signature[13]; > + UINT32 mKvmLeaf = 0; > + UINT32 RegEax, RegEbx, RegEcx, RegEdx; > + > + Signature[12] = '\0'; > + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) { > + AsmCpuid (mKvmLeaf, > + NULL, > + (UINT32 *) &Signature[0], > + (UINT32 *) &Signature[4], > + (UINT32 *) &Signature[8]); > + > + if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) { > + DEBUG (( > + DEBUG_ERROR, > + "%a: KVM Detected, signature = %s\n", > + __FUNCTION__, > + Signature > + )); > + > + RegEax = 0x40000001; > + RegEcx = 0; > + AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx); > + if (RegEax & (1 << 14)) { > + DEBUG (( > + DEBUG_ERROR, > + "%a: Live Migration feature supported\n", > + __FUNCTION__ > + )); > + return TRUE; > + } > + } > + } > + > + return FALSE; > +} > + > +/** > + Function checks if SEV Live Migration support is available, if present then it sets > + a UEFI enviroment variable to be queried later using Runtime services. > + **/ > +VOID > +AmdSevSetConfig( > + VOID > + ) > +{ > + EFI_STATUS Status; > + BOOLEAN SevLiveMigrationEnabled; > + > + SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature(); > + > + if (SevLiveMigrationEnabled) { > + Status = gRT->SetVariable ( > + L"SevLiveMigrationEnabled", > + &gMemEncryptGuid, > + EFI_VARIABLE_NON_VOLATILE | > + EFI_VARIABLE_BOOTSERVICE_ACCESS | > + EFI_VARIABLE_RUNTIME_ACCESS, > + sizeof (BOOLEAN), > + &SevLiveMigrationEnabled > + ); > + > + DEBUG (( > + DEBUG_ERROR, > + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", > + __FUNCTION__, > + Status > + )); > + } > +} > diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c > index f2e51960ce..9a19b9f6b1 100644 > --- a/OvmfPkg/PlatformDxe/Platform.c > +++ b/OvmfPkg/PlatformDxe/Platform.c > @@ -763,6 +763,12 @@ PlatformInit ( > { > EFI_STATUS Status; > > + // > + // Set Amd Sev configuation > + // > + AmdSevSetConfig(); > + > + > ExecutePlatformConfig (); > > mConfigAccess.ExtractConfig = &ExtractConfig; > -- > 2.20.1 >