From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.25.1616599950939575559 for ; Wed, 24 Mar 2021 08:32:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=IOAl21aH; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NF3T0Y6FjwMsxMX7Rd8gLTxgLLdqGsGx0Rr15Lg10ZKdcNd2D7M4YlqKgfLL1Q8UnJH3/+CRn7Q8rHZ74xI7fLR9dTPtrs9V8mEWVCghXyRG78AHx8Obd4k204fyIevEXz0s6XmRugo7/q3FOhFO0FZrxXB1vjs+AQY3KTpZ/yFnqjcv0PjFQWy/hWhQSwjAff0SYvYzQ7hGKtkSrrGp0ib93Qdzy6rjx+ITiSR3oUj51Yc1EO0e5fuu4IoSq8rCYDChhk4KAL6Cg63HVk6rV6kEvuR/saL7MgiSYa1tfZHQqOvjtx6dMsr9kyRIg70kw7Xo5Bd0EFUVPsezWCrWCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sLguSbeuPPWOB/At1OtnPWjxAXaWOyd8m/+/keDtK98=; b=QQMemoIUaju8q4JRQOEKcgUMmuNtmkEP0TPGLEtwVihQ2xLjeNVyPeb8VnoAq9gGJ0XN4SPVMgTkfGGQprm2VuEMuDc1Mxwlsa0ROzOKyrMqxa4RaFQmOEHZnHGOQCQXyHQviQ3E074NLqT9DAjeS48O0wwup0nQs4j2lV+FP2/GgxXFCX3RSPzz5eO/+FH26c5YSzbR8N2gEofZxXEzbQo13DuRcPl61xagOiqn/7aokvVq5UOY0WmmravLR3rdPdjx6bNqPWGCm8OQBSG72cdU3nFjR4CzOt+VWh3uuda82q+nWwPgmmn0D0AR2QfLCs9MmQjCCMzlXP/ZbX9K5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sLguSbeuPPWOB/At1OtnPWjxAXaWOyd8m/+/keDtK98=; b=IOAl21aHVP3GtgmglL9tdTYlgC8QhFOje2ZyJOKCv8eEF0JKN8FFFEa8CFy1ETMCUILtQT97UAyqnYCgNf/CwWLq3NzysSOmSvrZnFM0FGmtZJjw708J8DgcopP/UL/sV4r9AQBAdf1HJJzjXw1kWFiwjj/HJ4+c4QFQMyUhH78= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2541.namprd12.prod.outlook.com (2603:10b6:802:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Wed, 24 Mar 2021 15:32:32 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d%3]) with mapi id 15.20.3955.027; Wed, 24 Mar 2021 15:32:32 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek Subject: [RFC PATCH 07/19] OvmfPkg: Add a library to support registering GHCB GPA Date: Wed, 24 Mar 2021 10:32:03 -0500 Message-Id: <20210324153215.17971-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210324153215.17971-1-brijesh.singh@amd.com> References: <20210324153215.17971-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Wed, 24 Mar 2021 15:32:32 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 5cae0f06-8c8c-4761-bb14-08d8eeda0ad8 X-MS-TrafficTypeDiagnostic: SN1PR12MB2541: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KPZN7ehDiAUAi52h6/uNAmv2og3h/tbYvzvnVVbKf70U+rof+Z6zVfWidqjbF7wzMBpCkIH74inYufj/PrzK51CSOAeagpfmI5UOEZzgYgNcX5rZ5z6yiJj3nNIoMlIY/1nPeWTyByf3yeu71rKidrt4ap1bvmtiayiC0/1rh7j/MS38IPuIIiLlsOn/e8WRKoRMkf7iL0cWu+wV/AFAm4ivkanPZdyYIuBLKbpPHxyfuyK7ttjBOFEUHwa9HaRpg2+W1eGCxUKxy8iZHS8LAD+mzU0rff9B+llxpFHKGDGP9sqwpiE+PyJhf3/fS0CHYfT7MSYcTSZXDcQtdOsEjGcc8JJb+jJywNsYdE3f3b1uE6+Vcaj4tAhcYVII4xCu2iXjo5nlcXCT+nY46a4Sc0F4l51T8PNXTuj2cG2+1wpWy9RmsCZixHTJ75C5cIc4pncbvBaE4vKi5RqLrouaQA6EYierq4rgjkK8clQns0bxk7S1VMEdbc80kNzcD9KMPjIQlhG9fNyjroET70JsKsdHWn35F41iH5PM5TCDQO2XmfLXYYDEx00BANz8/5Iyc4eREEoVRJUh/IuUg+BGAox89QMfTOGUhpuRjwY1jpy/fDMvij/zwe+6sSpMAL4bAZfC3w7JGeh1hf7wjZSfVoUbt116Khdd3GFkrGzxD2z+RRjHt3JnF53YvfyDOf/dexbTUZg7tcNRaHRDR+BI2DHnzQo+MPd4rdH1LAxiQm7euLgkb1ewHlMv4qVQ/dnU X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(396003)(39860400002)(346002)(36756003)(8676002)(316002)(52116002)(54906003)(7696005)(5660300002)(1076003)(66946007)(6916009)(8936002)(83380400001)(2906002)(86362001)(6666004)(6486002)(38100700001)(26005)(66556008)(478600001)(956004)(66476007)(2616005)(966005)(19627235002)(4326008)(44832011)(186003)(16526019);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?3LZl9iE4Ps2Xg01O8uDrmdBTIlJE+YF9BOvVNSo9jfVpziIeJ4Wsvei5Qo8I?= =?us-ascii?Q?Qn9kRyDolCcWcxIp4OeBOPxxyo38G1EbGj5m2e5uBv0tWlomJbP+8MKQpU1L?= =?us-ascii?Q?PoLLsdZ9VQ2hWHnQ4s7jDA7tojgev0qNnMYsxPXpSMyXWNreee9faB9VBUdz?= =?us-ascii?Q?Rorbr1iuGrw/SRAHKkALNfe9UzJxv0RnD6XcdOAVfoNhOA0K3Q/nbH4Ku6HY?= =?us-ascii?Q?UGMnwS/1rrX5xICoceebyg4f6rxTdMBM55POSSBwZhu+atzTR+D4ZQWfjXKM?= =?us-ascii?Q?MTtcX2MOxoW+I73G9+MoM8NEhbh+SK4/NK5Q3Nfjxb0uldnYn+Koa1urN/fa?= =?us-ascii?Q?zjCqgeqJqNf1+sdI8dkWSdftfrsD6MZobt9AnZaZ/t1VZvFaSXUTTAngi+KI?= =?us-ascii?Q?EQsAAwodjS2GjVt+LDVaQ+zTZb9nAy4ORD/MoBT3IUiUUjqjPw4ERJkFO272?= =?us-ascii?Q?CpLD0nircrefUQ0BwgMpBKgVfS9cbNnbs9jJbhd+/2v6fPyL1ZydjU2MWB5R?= =?us-ascii?Q?/cL+iU2t+r1EFPVK6H1at0zvu4JVLLKQhvA0RhuPFpexCwj+ow9qW/XSTWHa?= =?us-ascii?Q?/Knoht9MudPZkL8pXUUCq/6MGVUOpfeXgdH9iXrg6LC8dLDWxLP5BviYII6E?= =?us-ascii?Q?RTH6QUCKKbP7tcjriQuzqG0jt52p7J/CIdUKRqAo4nUiGRRMgnBhZOnkEFmb?= =?us-ascii?Q?INzW/ZXulumgUw7q7kvLDDEg9tWa3mMQewKcnzU1MvO5NXpQ2aH49s5KR/HM?= =?us-ascii?Q?lmDXUkoW/zZWHpX7OeSnPln6RFtyoa+zvyUJSMoLMEfz656cORv7WCWTU6YD?= =?us-ascii?Q?d5+EVkU6xm4/Pv6ITrEwfs72sKNYvxNghBN3kmHZsvsQRd6VCkKthqE97Znq?= =?us-ascii?Q?6RlfX6mL4spwDIMUCb68iLejcKCG0lvHavdIu89xkOsxbHBmbesIPs1jQcXH?= =?us-ascii?Q?QSz04Ao8yxecQieuewWp0ZjLc6YECClAIaMIeVDnsOQj8t8cO1LWigEa2mOu?= =?us-ascii?Q?7u+fjuCz0Nwj7zp2QVwG78ZLTgt6hHeBZ26XAdAe9w59j290DGUmYjbIPC5X?= =?us-ascii?Q?le7dHRrBxm2oBoNC9hwQ08wv/bPwFR+4lFdP9xa/9lLNRIlA5b9WQ1zVEGHQ?= =?us-ascii?Q?vwokVvZW4T7IvP15VnQXvf3SyhNXtmoLKAZD6Wm9+Png3tRE3e1f4b4tUmBr?= =?us-ascii?Q?jxtpkhORhrzWjT46GET1W35jNFteYiI2+ktAi9nXIJQCwEENb4k75aAo62G8?= =?us-ascii?Q?eVxdrZFamAH6GZADas3fCDWhxR+bHAj5wSnoZEXE8TqIRlzgllLVInPAtFp2?= =?us-ascii?Q?Ycpy6PKNgfB2TLTwl//3R+MI?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5cae0f06-8c8c-4761-bb14-08d8eeda0ad8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2021 15:32:32.7840 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: DbJLj9pOuguGbHxsUbftqRHOYElZT2XXxUnRk7+1gzRzzgbdwEVnDN9/tbsjhpL8Aq5LKZENy47xI8AXkaH33A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2541 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest us required to perform GHCB GPA registration before using a GHCB. See the GHCB spec section 2.5.2 for more details. Add a library that can be called to perform the GHCB GPA registration. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/GhcbRegisterLib.h | 27 ++++++ OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c | 97 ++++++++++++++++++++ OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf | 33 +++++++ OvmfPkg/OvmfPkgX64.dsc | 1 + 4 files changed, 158 insertions(+) diff --git a/OvmfPkg/Include/Library/GhcbRegisterLib.h b/OvmfPkg/Include/Library/GhcbRegisterLib.h new file mode 100644 index 0000000000..7d98b6eb36 --- /dev/null +++ b/OvmfPkg/Include/Library/GhcbRegisterLib.h @@ -0,0 +1,27 @@ +/** @file + + Declarations of utility functions used for GHCB GPA registration. + + Copyright (C) 2021, AMD Inc, All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _GHCB_REGISTER_LIB_H_ +#define _GHCB_REGISTER_LIB_H_ + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to registered. + +**/ +VOID +EFIAPI +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ); + +#endif // _GHCB_REGISTER_LIB_H_ diff --git a/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c new file mode 100644 index 0000000000..7fe0aad75a --- /dev/null +++ b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c @@ -0,0 +1,97 @@ +/** @file + GHCBRegister Support Library. + + Copyright (C) 2021, Advanced Micro Devices, Inc. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +/** + Handle an SEV-SNP/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP guest + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress = 0; + Msr.GhcbTerminate.Function = GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode = ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to be registered. + +**/ +VOID +EFIAPI +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber = Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress = 0; + Msr.GhcbGpaRegister.Function = GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber = GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function != GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber != GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} diff --git a/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf new file mode 100644 index 0000000000..8cc39ef715 --- /dev/null +++ b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf @@ -0,0 +1,33 @@ +## @file +# GHCBRegisterLib Support Library. +# +# Copyright (C) 2021, Advanced Micro Devices, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = GhcbRegisterLib + FILE_GUID = 0e913c15-12cd-430b-8714-ffe85672a77b + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = GhcbRegisterLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources.common] + GhcbRegisterLib.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index d4d601b444..aa81bf9c66 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -242,6 +242,7 @@ [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf + GhcbRegisterLib|OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf [LibraryClasses.common.SEC] TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf -- 2.17.1