From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.81]) by mx.groups.io with SMTP id smtpd.web10.10087.1619783547085642226 for ; Fri, 30 Apr 2021 04:52:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=zQqkCmpJ; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.81, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I0q7Uto/nAIm/GrLv/BH63WrJhI3Xv0G8rTks4dFVENQk327QxFARXPmv3VjY03KYhA2B5H07uTRvuhVnp5a/bhrDtDQ3JWLgciF/cWy1nIUvUjg7vZRJVJmfsiFZr6b7h6gZjElXJFvF16izOXE3Q1/JrIaf/9LrTl5uyYombka+2BnlUaioQmR2slnrShwIJ1xmY629tdvdtU0ErtzZQ3vWvyK5uxSpwZxF78SH+68l8TsJFYOLE9E0rb9docIOXDgd5GZqef5O5fdURVBKWwYrZ8t4v7Dpx6E6q/yaOvKUF98Lt443E5M06aLtH8GeqYUKidgAeAUw3jgUle9/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HLUrMCcTgoQVqsHkyx7rlhImlziwHkbOdKVE0QYPO7k=; b=B+Wc1b1NQPnUckqeXWd1xKoBvlOsW0atEGr67QGUekfY08DYemYJoFu/01VDAFPIVarNaR+7a1thoULWAsBHuyQEdJlOpEVjbeJqRUfKl83LoUL3JOvW2ej7fCEchHQ0Vyc+bpMS3azmtPouMyODN8CK5f8e3mSFNge0A1+Hk8ABofI89wv/8y+RtxiKmcUjXfx7cfNSlzyZLpYUoaWKjtBKO/tBOR8XrBn5/zAWnAoKgRMRHTbMUHIi/5mIx1tZFxMBOBfoSX34JBQpilTK0uqtbnuTfIf9GZOR/9XEkFQIYB4tJX0niCbr2hA9AzGzMQsxs5oI7UCsFkaX3W2mew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HLUrMCcTgoQVqsHkyx7rlhImlziwHkbOdKVE0QYPO7k=; b=zQqkCmpJQHIl3wU3ThmgIFP/YjxLrt809ReIVvm2l8sjQhm1DSyyZq9Fv5rEQYyjxpDv+UzmzCGORW4kmzu53Likg7dN7cv5AfDEa6L35GM72w4jaXuZ1485vpPS2+13B/8hQSfe26889EQcAyNojVzjt50Fxl46JlckNh2qWJ4= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:25 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:25 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [PATCH RFC v2 15/28] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field Date: Fri, 30 Apr 2021 06:51:35 -0500 Message-Id: <20210430115148.22267-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3153a158-adb2-45d9-f709-08d90bce6c0a X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2043; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uamJTPhISZ30iKRKgIgRuBR+3q/YvfGyM9JkdUOOlJX+VX8hYQPo36l2K63qJZYLAJ4f1KFTyn1xOdUby2gg5YaV3rlq4slJdtIv/Us8y/ZL1eGgV/on8povZIxxtDCkR4gfu3Y48oPH/YZPSrjw83tkXZhwl/QaTS6nNxeFeHTXQRcMGrkLsjBC1TbOWHu1YX2dZgmkGmza+EDq0X4PLwfMowS8A8a0VbKfUnMKzI9nsqvajsg3iTzzDQ9YBi0c737WGK2LsFzATL8eIr28A+bVbskWv8snhG7JhLJjhGGNLFQ/xe7Q22MR7euIJGUG87+2dzREd10+DurXxZrOEg0L+4O4uGXMUhvVk9umxLiHoWW8mSeLeJRelMmmOxDK1c4PdEWK1TOd3Pz1ivPkGWOpqhIXqRwyNBbAC/eC7xPWKWXoz8v5KvQov0UVsfEnv4c+sx1PLx7ovNFdyRxgX4SQNIwF10rbsXIafT9tfiN4dzxd2ssQMw+s5679RmBTKch/1q9NAuzA3BRRL3MIcNFFTTh1ozsd/93rXff4MEv7W49ULgoKsNSlxBjLaTrejvwmoWW6ouHU4ynFVhhIBETFd7dpkUhGfAa9O557tNv+PCO0RqhdBw39n8okZ5ilDDKaipWFx1VF96LrNfAnF28LNBqyfGghZtTsK3K7ROhwV+yA1ftjubTGpZyUxzFy3wlZImW4E7quyExLiG747mYMGgTveXAVwmy0iUIsKac= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(396003)(136003)(366004)(376002)(346002)(36756003)(44832011)(16526019)(52116002)(2616005)(956004)(66556008)(26005)(38100700002)(54906003)(966005)(1076003)(66476007)(186003)(7696005)(66946007)(5660300002)(6486002)(38350700002)(6916009)(86362001)(19627235002)(316002)(83380400001)(2906002)(6666004)(8936002)(478600001)(8676002)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?pwoDF6NNoDGmhGo8wxYx/efk69bH16259dbotSNktr3EfEBs/qHaJydGBZFb?= =?us-ascii?Q?p1f72N5ZW5LuksuLzUYFpcVxWzmEs5s2huBfTdgv0GDQ3oPR6C0huvUa3QuA?= =?us-ascii?Q?XAkJ3cjtgPZo5F/XNW+/gF1SzlIZvMzlHVrEQ41/nWRK/0PeSmAT2p9FRdWf?= =?us-ascii?Q?7KZEu1ONkZn0u1KJE9YJ5ZA6ckJ3VQ0qiL6M17nvWB2XZ4rm+tqgZTbh3E54?= =?us-ascii?Q?kHnfuqcCbzYimJbUt2P787ZqGoUIahiqhJAP7Mr+DeX4iweKGNeAZGvRFuHX?= =?us-ascii?Q?7Qv4+xVkbr4sIj3Ip7VHzFVTeOAiympeYAclRLjX9aU8El1uTkEFeFkjEMp+?= =?us-ascii?Q?ec6VrCQaBmascFr4pOIjKYXqkeJxxDyygizUlAmXsRrvJm58W4Es6LVLh8E9?= =?us-ascii?Q?xJt4Uew1SBgXwQdD41bflmBn5S8SpbRwyCG48NLS+lgRT7D9Sn4NflQxBRGQ?= =?us-ascii?Q?DPotrjWxnnfy5SRjNOTc9iB+kRYe95fqL8BjM8/A9ZEJoq5Kkwv4Zei83+lf?= =?us-ascii?Q?lfJdMG8Wt/puhPWTQzPssjqC388jGWxb8McuP0o+vt8TWmtJVOgalCje+Kkp?= =?us-ascii?Q?zuM9YGYDAUdtguLyVpGJnKqV5JrAjMjJfltw8YkvPBtTkcniAZnRleFk39DW?= =?us-ascii?Q?uK42wNxdswM4BUQqHjC+RmfdWkzWF3B+2H17G0n1I21RCcL1xG3Krw0euS2x?= =?us-ascii?Q?hWeK/k+c2L4n7jSnTYLzH45J2IvIj8tSlKKqlDFPkDkxOw1CJ9h3pFtTFCek?= =?us-ascii?Q?WscYA5FhguWHw88Gbw/52NMezGnVrRXYHg5BKO8vY+cVQMCYmYNokgBeWMMv?= =?us-ascii?Q?27CXkY+vbrWSoERPcypu+QK/sMrGhgmUyZqmCbOn3b3XtTe3nLwdWoyYDgDe?= =?us-ascii?Q?Fp5VQ4DQo0WkYMlibZz/ZspHpSfquEQpRW1TV4yz7M9J3UH98OcWene1uR8H?= =?us-ascii?Q?Lo58RJpaGsKDBX8AsnwB1UfzNkVMByH722GqfqBw8v4ZwKCubda5AOFExDdm?= =?us-ascii?Q?X8/beXSiB3cauI/pPhzJTZP9xDcjwkH3D+h4P8Nj/54T7/5emHz/KAvOjseq?= =?us-ascii?Q?rxtDDMo7s/TSG5wh1O2BAgQkg6wB3ulXeVvvN7KpCmIU0IHfJBfv/Q41THC4?= =?us-ascii?Q?uOaxEim2nltwk9EyOZ6c2IytJsKeUgokg8ml925KS2ogZdSh4AEqU8COT8bu?= =?us-ascii?Q?i6SXUcB83WJOnMN2WcyStQGpnr6ZywIdaJOmM+V94VeScRZa1aqraqZ2oAoS?= =?us-ascii?Q?6ohkQvZ68TPQIu3TsVYRa0ZBZBpnG05Ylk8sWJySOeAE81uOfuCPEQc3JHfj?= =?us-ascii?Q?TAfUTlU6wR4X+2wpoOiF6Dym?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3153a158-adb2-45d9-f709-08d90bce6c0a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:25.5461 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JAtH/V2JJxEdIzD8A1YKS+f5uxPaJiAFN4sIF8KWxqQFRMlTegV1prKC2mzSvQuePPrMeH+MVwJuKopHnhBocQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Extend the workarea to include the SEV-SNP enabled fields. This will be set when SEV-SNP is active in the guest VM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 3 ++- OvmfPkg/PlatformPei/AmdSev.c | 26 ++++++++++++++++++++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/ResetVector/Ia32/PageTables64.asm | 12 +++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index 3868376dbf..03e476ef2a 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -49,7 +49,8 @@ typedef struct { // typedef struct _SEC_SEV_ES_WORK_AREA { UINT8 SevEsEnabled; - UINT8 Reserved1[7]; + UINT8 SevSnpEnabled; + UINT8 Reserved1[6]; UINT64 RandomData; diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..67b78fd5fa 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -22,6 +22,27 @@ #include "Platform.h" +/** + + Initialize SEV-SNP support if running as an SEV-SNP guest. + + **/ +STATIC +VOID +AmdSevSnpInitialize ( + VOID + ) +{ + RETURN_STATUS PcdStatus; + + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + PcdStatus = PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); +} + /** Initialize SEV-ES support if running as an SEV-ES guest. @@ -209,4 +230,9 @@ AmdSevInitialize ( // Check and perform SEV-ES initialization if required. // AmdSevEsInitialize (); + + // + // Check and perform SEV-SNP initialization if required. + // + AmdSevSnpInitialize (); } diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index 6d18b0be9f..3aef0773b1 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -110,6 +110,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm index 5fae8986d9..6838cdeec9 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -81,6 +81,11 @@ CheckSevFeatures: ; the MSR check below will set the first byte of the workarea to one. mov byte[SEV_ES_WORK_AREA], 0 + ; Set the SevSnpEnabled field in workarea to zero to communicate to the SEC + ; phase that SEV-SNP is not enabled. If SEV-SNP is enabled, this function + ; will set it to 1. + mov byte[SEV_ES_WORK_AREA_SNP], 0 + ; ; Set up exception handlers to check for SEV-ES ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for @@ -136,6 +141,13 @@ CheckSevFeatures: ; phase that SEV-ES is enabled. mov byte[SEV_ES_WORK_AREA], 1 + bt eax, 2 + jnc GetSevEncBit + + ; Set the second byte of the workarea to one to communicate to the SEC + ; phase that the SEV-SNP is enabled + mov byte[SEV_ES_WORK_AREA_SNP], 1 + GetSevEncBit: ; Get pte bit position to enable memory encryption ; CPUID Fn8000_001F[EBX] - Bits 5:0 diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb index f936870b81..34b900127e 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -73,6 +73,7 @@ %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) + %define SEV_ES_WORK_AREA_SNP (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 1) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) -- 2.17.1