From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.55]) by mx.groups.io with SMTP id smtpd.web11.9627.1614790631182232678 for ; Wed, 03 Mar 2021 08:57:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=D0x/V6DP; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.55, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TM0y/bA88JXEjLaGknx9Yfio2DhQ93O+2VJlaRMRRJ+xY7bQI6CW3MacrxqZ9YJDNlSeqyAO6/DV6jQ3D3Qe5P0PxTUrCgh5D5teeVlneVWsQkteHXNBFtHhcvJSEFymrdVtthVVRzwO+PaZBIVRffEIcSdD07jRyANVR4pljZkjtPR3O2oqyVO0WpzCrGX93t1GVlSFwqWk/vCJT1GXF46sTm9ItBd7szsgFDgZeDHMubtZUgTKH9WhZjuqYTijhgRnYZzikkAW2lTQvu3/7uFovCpFd++B6KxNohQK93OhEt0yEuaf+t44it1gCenkgjvcCJbXTmB1MPEhM8EONA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8Vt8G0jvcQuvLvyysZ8DiAv6GOzkCDWS/JLNjEwnnu8=; b=KOfQRBD3Rdh3WEg7FF4Zrk9rJI/fkPRZxft+t84h+xIOFn+Y+y6h7SOuvdKNOGoKjSi0MrH7jcDKMUnfFG5AbTS6vlg8MRbO/PVXEvMSMOYjxO52sgoa2Iq+T+QflMoDiC0TkXdHWgLpWBU0MNLsA+l3xujGS9phdsV/GWaYDwnVoQbhoO99/t+5DcVH+4Mb3xc3b2x0J0OjBnTqWm1fMcE/lSZB3IaG/CScd8RyoqMC3fF4yZPYnoBWhc16QhNRN/qZYLM3SRNOQKYNLxhdawMOMtBB8mB7Hf6SehqfIxrmbgQuoM0Mw6qRzmXPX5/1y7NaAIFUzLsg4hgrg6k1Zg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8Vt8G0jvcQuvLvyysZ8DiAv6GOzkCDWS/JLNjEwnnu8=; b=D0x/V6DPpx8UH3n21SmIAr/6U06+pWTtzRlPyqQhed/0YFMQhGqtvkNBzIb/Z2asAJ81CKbM22rUXI5Q/Z9rSEeh5XA2+tgQg2Qm+EyQN79iLLQuPNa91EWQGsrJcO1KERHUL6En4oIbATFCp4BDw5+Vf4vb6qKNsAQwMieeiKU= Authentication-Results: linux.ibm.com; dkim=none (message not signed) header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2541.namprd12.prod.outlook.com (2603:10b6:802:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Wed, 3 Mar 2021 16:57:09 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3912.018; Wed, 3 Mar 2021 16:57:09 +0000 Date: Wed, 3 Mar 2021 16:57:02 +0000 From: "Ashish Kalra" To: Tobin Feldman-Fitzthum Cc: devel@edk2.groups.io, Dov Murik , Tobin Feldman-Fitzthum , James Bottomley , Hubertus Franke , Brijesh Singh , Jon Grimm , Tom Lendacky Subject: Re: [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration. Message-ID: <20210303165702.GA31960@ashkalra_ubuntu_server> References: <20210302204839.82042-1-tobin@linux.ibm.com> <20210302204839.82042-4-tobin@linux.ibm.com> <20210303164123.GB31638@ashkalra_ubuntu_server> <9fe30bee-f11e-bc11-404b-e93561226a28@linux.ibm.com> In-Reply-To: <9fe30bee-f11e-bc11-404b-e93561226a28@linux.ibm.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR11CA0020.namprd11.prod.outlook.com (2603:10b6:806:6e::25) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by SA9PR11CA0020.namprd11.prod.outlook.com (2603:10b6:806:6e::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Wed, 3 Mar 2021 16:57:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4d6f3f17-4c48-40ae-a4b5-08d8de6561f6 X-MS-TrafficTypeDiagnostic: SN1PR12MB2541: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QYwowR3K6tHBJzbaMRAsbIa6WJNZsSmZi0nblLSvAvpXcmnpUp8CdTf1Zcnk1lRP4NC45G3d/tgx1X7gMNp2zAYGXNXVKAv5EOeDg0ppRH5CPlEVylswnRynEBW9jwoMB8eRlV/aF2wlWxebXAV/u0MQEAwvtMeSjwxAzUfhcQS9lyIYEOTXd/tOE9zcouTBlIUPLeDGH71580yLq1aq987gkjKcdtbwJ6dAQPxdyhJap7jObGQ+ZeXxq2Y94WXI9duEZAmlHf6QNDOS+mkrV2f5XcRG+Oh6I8KyUARTmfhNiTak2QmFymJDqTwxlPJEGtoDsN7zQ8a2zR6q+PCe8sUKmmCNiMKohc/GdEcTP1K0Br7uJEmsrwiuuWCkQXiaEekkJWEhPMY1T7eO0CcsE7A/TwzRbVpFCH29HbgzHcNW7bL0FUSD5ugLbaKL+lt1AaeAiMjRLaLDAKLTfiiae2Mmh4UREs9wpilKQhOS8g8hC/FyS+DQ2PO4+yrlgHVTZpw5Rxwmc0hKj/YP5nMd+w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(396003)(366004)(136003)(39860400002)(376002)(44832011)(956004)(2906002)(8936002)(8676002)(55016002)(66946007)(6666004)(26005)(5660300002)(6496006)(52116002)(33656002)(53546011)(478600001)(86362001)(66556008)(66476007)(83380400001)(6916009)(33716001)(4326008)(54906003)(1076003)(9686003)(186003)(316002)(16526019);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?sVWu5BQk6SmBvyCxTvA0Te4SOTe2gmgZta7b1zYE6vhriThgt9KlQdDLIU3R?= =?us-ascii?Q?88nFg+q+nE8VjLGAhtWcwE6iwe6zWTJH999CA3VEAmT3mtRGmv6Ii7xIO88K?= =?us-ascii?Q?LCTi+qHncqzP02Y4tx9xUHT+syQdzUeqTJbIFWkwDlIlIl4NXkC4Gogzwlho?= =?us-ascii?Q?hC06MSdAEBZGneoFt8uPIfLGIkFMvb2+NT5Hn+vpiaav4BwupAdT66rXZbNd?= =?us-ascii?Q?CA0miB1lQOhFtt6EYtDmqoBvBQrvM3BWrXLyCSwaK9rfK8h+Fv+2C63aH1b/?= =?us-ascii?Q?qhdX5U/p7EeWKTnhFNXH+QHYEP93aGjknTLpTNojgKuliKaHHP7CunCgmB0k?= =?us-ascii?Q?bLxvJbGSi5tc96dgSxOsoJs67PvKXce7s5wZ6V3LHIQdnUdIFPJKKIlZ0jPD?= =?us-ascii?Q?DCyeu5lSWuYLIqOanEh6xvRbx0X2tD9mQUvpvfGJqKc9pf+8uHYVztlpfpqW?= =?us-ascii?Q?j1Bui6wA81bkdSfUcGYv9qLU90LnhwANqs0yOMTlb4hMBxfJlZ0k5iSLtqS5?= =?us-ascii?Q?EGD5f9OoU4Y2Ic8dnhMesqQEVbCfFcdHBIX8m3EjYspfDkI513FfgojrbTPa?= =?us-ascii?Q?2/cC9aYGZE8RADpi3NTRvTLXHRSaS9rWUb9K1oCp2HySQ7LoD6rIHYN3x1IC?= =?us-ascii?Q?OYLTIOkWQXNDH8SyFjawJAfvJ4VSRIvM3pz6wkwHJWPo+hjSeCeddOarXHYS?= =?us-ascii?Q?4Yyhm2u4YOtPTlfzFJPs8d5eZn6GrRs5ln215ami3hNGHCdVigfiJdhAe1to?= =?us-ascii?Q?Ud0MnH2O2+mcWJ8NmqolDdPLPw1Ph6pLJxogAg1tIR9lcC+790tEJyHmQg/5?= =?us-ascii?Q?xTVsl4lfkxNP65rMycm8kNttu7liAReXW/nqUvIEpPhccnPAu+fLWlOgrYEZ?= =?us-ascii?Q?1HPY7Cxft2Lfk9x6WjSr0nRswIng8+gowXEQpyyGsx35tovlyQ7vmBIZfgnv?= =?us-ascii?Q?Zig9alTiiUl6Q7VhOZbjNSCpuyn5kYfNGKhhrWezmADbF0J0oFwlyqR3BTco?= =?us-ascii?Q?u/cxSqI09dZLEF87v71tJajAywvr6nb9woHjuqX217yZwiZcHmhofvEnn57S?= =?us-ascii?Q?cXwxRDM4ZVcTn4VOeo4YBGjGiyC2KWay6SkMQs8mR+2zLrxq6nQRzaM7Cn7h?= =?us-ascii?Q?NQ/XNkmvLb2zB6qSGr+M17ro1V16i3l/RKQxZa/K6DmFA0mBGI4CNYqD02lS?= =?us-ascii?Q?dzGGKTg0/A08D82Hfx/PzqA9FspRoeJ4MWP60PlIZ1HOhf881tWy5hv0WPCA?= =?us-ascii?Q?jwUV2WQrv/x41giCqzcIgJMtIPkXz2TcF7tXVw/O50FuxGbHN6MOjXP7anel?= =?us-ascii?Q?Oubpxszpx9SPo7/jBOQHXj7W?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d6f3f17-4c48-40ae-a4b5-08d8de6561f6 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2021 16:57:09.4179 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: F2wLpwzgdGF1h5AXJMo3JYB4ctAwGv3P5W3z3qX7EEwRqJevZ+FHWkMgXFJd6bnvtWHjAoRzO3wMJGXTMjdguw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2541 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Mar 03, 2021 at 11:47:51AM -0500, Tobin Feldman-Fitzthum wrote: > > On 3/3/21 11:41 AM, Ashish Kalra wrote: > > Hello Tobin, > > > > You don't need this patch for MH support, this patch is only required > > for (SEV) slow migration support. > > If the SevLiveMigrationEnabled variable is not set, the bitmap sync does not > work correctly (bitmap all zeros), at least for the version of the kernel we > have been using. Since the bitmap will be replaced, this might not be > necessary in the future but it is for our setup at the moment. > Ok, i remember that GET_PAGE_ENCRYPTION_BITMAP ioctl will not work correctly. Thanks, Ashish > > > > On Tue, Mar 02, 2021 at 03:48:28PM -0500, Tobin Feldman-Fitzthum wrote: > > > From: Ashish Kalra > > > > > > Detect for KVM hypervisor and check for SEV live migration > > > feature support via KVM_FEATURE_CPUID, if detected setup a new > > > UEFI enviroment variable to indicate OVMF support for SEV > > > live migration. > > > > > > Signed-off-by: Ashish Kalra > > > --- > > > OvmfPkg/OvmfPkg.dec | 1 + > > > OvmfPkg/PlatformDxe/Platform.inf | 2 + > > > OvmfPkg/Include/Guid/MemEncryptLib.h | 16 +++++ > > > OvmfPkg/PlatformDxe/PlatformConfig.h | 5 ++ > > > OvmfPkg/PlatformDxe/AmdSev.c | 99 ++++++++++++++++++++++++++++ > > > OvmfPkg/PlatformDxe/Platform.c | 6 ++ > > > 6 files changed, 129 insertions(+) > > > create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h > > > create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c > > > > > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > > > index 4348bb45c6..4450d78b91 100644 > > > --- a/OvmfPkg/OvmfPkg.dec > > > +++ b/OvmfPkg/OvmfPkg.dec > > > @@ -122,6 +122,7 @@ > > > gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} > > > gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} > > > gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} > > > + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > > > [Ppis] > > > # PPI whose presence in the PPI database signals that the TPM base address > > > diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf > > > index 14727c1220..2896f0a1d1 100644 > > > --- a/OvmfPkg/PlatformDxe/Platform.inf > > > +++ b/OvmfPkg/PlatformDxe/Platform.inf > > > @@ -24,6 +24,7 @@ > > > PlatformConfig.c > > > PlatformConfig.h > > > PlatformForms.vfr > > > + AmdSev.c > > > [Packages] > > > MdePkg/MdePkg.dec > > > @@ -56,6 +57,7 @@ > > > [Guids] > > > gEfiIfrTianoGuid > > > gOvmfPlatformConfigGuid > > > + gMemEncryptGuid > > > [Depex] > > > gEfiHiiConfigRoutingProtocolGuid AND > > > diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h > > > new file mode 100644 > > > index 0000000000..8264a647af > > > --- /dev/null > > > +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h > > > @@ -0,0 +1,16 @@ > > > +/** @file > > > + AMD Memory Encryption GUID, define a new GUID for defining > > > + new UEFI enviroment variables assocaiated with SEV Memory Encryption. > > > + Copyright (c) 2020, AMD Inc. All rights reserved.
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > +**/ > > > + > > > +#ifndef __MEMENCRYPT_LIB_H__ > > > +#define __MEMENCRYPT_LIB_H__ > > > + > > > +#define MEMENCRYPT_GUID \ > > > +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > > > + > > > +extern EFI_GUID gMemEncryptGuid; > > > + > > > +#endif > > > diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h > > > index 716514da21..4f662aafa4 100644 > > > --- a/OvmfPkg/PlatformDxe/PlatformConfig.h > > > +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h > > > @@ -44,6 +44,11 @@ PlatformConfigLoad ( > > > OUT UINT64 *OptionalElements > > > ); > > > +VOID > > > +AmdSevSetConfig( > > > + VOID > > > + ); > > > + > > > // > > > // Feature flags for OptionalElements. > > > // > > > diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c > > > new file mode 100644 > > > index 0000000000..1f804984b7 > > > --- /dev/null > > > +++ b/OvmfPkg/PlatformDxe/AmdSev.c > > > @@ -0,0 +1,99 @@ > > > +/**@file > > > + Detect KVM hypervisor support for SEV live migration and if > > > + detected, setup a new UEFI enviroment variable indicating > > > + OVMF support for SEV live migration. > > > + Copyright (c) 2020, Advanced Micro Devices. All rights reserved.
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > +**/ > > > +// > > > +// The package level header files this module uses > > > +// > > > + > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > + > > > +/** > > > + Figures out if we are running inside KVM HVM and > > > + KVM HVM supports SEV Live Migration feature. > > > + @retval TRUE KVM was detected and Live Migration supported > > > + @retval FALSE KVM was not detected or Live Migration not supported > > > +**/ > > > +BOOLEAN > > > +KvmDetectSevLiveMigrationFeature( > > > + VOID > > > + ) > > > +{ > > > + UINT8 Signature[13]; > > > + UINT32 mKvmLeaf = 0; > > > + UINT32 RegEax, RegEbx, RegEcx, RegEdx; > > > + > > > + Signature[12] = '\0'; > > > + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) { > > > + AsmCpuid (mKvmLeaf, > > > + NULL, > > > + (UINT32 *) &Signature[0], > > > + (UINT32 *) &Signature[4], > > > + (UINT32 *) &Signature[8]); > > > + > > > + if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) { > > > + DEBUG (( > > > + DEBUG_ERROR, > > > + "%a: KVM Detected, signature = %s\n", > > > + __FUNCTION__, > > > + Signature > > > + )); > > > + > > > + RegEax = 0x40000001; > > > + RegEcx = 0; > > > + AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx); > > > + if (RegEax & (1 << 14)) { > > > + DEBUG (( > > > + DEBUG_ERROR, > > > + "%a: Live Migration feature supported\n", > > > + __FUNCTION__ > > > + )); > > > + return TRUE; > > > + } > > > + } > > > + } > > > + > > > + return FALSE; > > > +} > > > + > > > +/** > > > + Function checks if SEV Live Migration support is available, if present then it sets > > > + a UEFI enviroment variable to be queried later using Runtime services. > > > + **/ > > > +VOID > > > +AmdSevSetConfig( > > > + VOID > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + BOOLEAN SevLiveMigrationEnabled; > > > + > > > + SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature(); > > > + > > > + if (SevLiveMigrationEnabled) { > > > + Status = gRT->SetVariable ( > > > + L"SevLiveMigrationEnabled", > > > + &gMemEncryptGuid, > > > + EFI_VARIABLE_NON_VOLATILE | > > > + EFI_VARIABLE_BOOTSERVICE_ACCESS | > > > + EFI_VARIABLE_RUNTIME_ACCESS, > > > + sizeof (BOOLEAN), > > > + &SevLiveMigrationEnabled > > > + ); > > > + > > > + DEBUG (( > > > + DEBUG_ERROR, > > > + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", > > > + __FUNCTION__, > > > + Status > > > + )); > > > + } > > > +} > > > diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c > > > index f2e51960ce..9a19b9f6b1 100644 > > > --- a/OvmfPkg/PlatformDxe/Platform.c > > > +++ b/OvmfPkg/PlatformDxe/Platform.c > > > @@ -763,6 +763,12 @@ PlatformInit ( > > > { > > > EFI_STATUS Status; > > > + // > > > + // Set Amd Sev configuation > > > + // > > > + AmdSevSetConfig(); > > > + > > > + > > > ExecutePlatformConfig (); > > > mConfigAccess.ExtractConfig = &ExtractConfig; > > > -- > > > 2.20.1 > > >