From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.15796.1621448412898053018 for ; Wed, 19 May 2021 11:20:13 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=3se7ilfv; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gW9BNhWwld7ta/M4NhXKoU7Q17kd5kP1TcNZ8hM5STR7DA4BhEhhiJE9tdApz0LeltbS1VidoJB0BKjuyHbWiQDwSAdx474N+6NPko4EnD2kV0zgOCmVNBEly1yHDeyw1eQoHxgDtgScw1ZuJN03Nw6E61IoCPtoh7f9RG/rmFlN5rs2MzQDreLTmqRnKj/tkeX8cDC77pgpWjwgcbJf3/UHC6DZEhDFfmiFcJgU1qsOuFlzwaexfKnu49k7scvtkLzitFl4eFpjL31eHvPo6SUOmI0MbExqISJYdV79+g59qi3hKH2SKty6EC2aEM/cU/dPFgXnJraxITvR3DgeAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G3khcQ4xZBYeH5Nt9s+emYkyq7ndSveHK0psWNxobaY=; b=VAVHpfZGV+h9XoDw9KTivanfmPtrUdtA4nufD53OhF5DZ6d8XHvY9svSLcs/K4T1Q0q38z4ynS+Ce04QLRgF4x/gNCMKSa4lR6//skKY6Cnw+kVB2t1sVb/BYaiAT2ik02XIMFPvhZ5zz95fSROxtnM1na250XUNfx+brGJbLtxg6SDETIkpOL+xbeV9/TIBuuSMUXdNy4XPMTpAEdFUZOOSiMj/0bWRJ6tEgQvZ8IzlZhReOZ4Pn8pvPFu5ol9rKVvlNFdVY4LH1Pb6NsnJRE/QOBi6Vk/b1sn5m5uToOQ6M4tOPRvGfZF+T2nkyL5peD/UdMkFz8KXznFlBBKYwA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G3khcQ4xZBYeH5Nt9s+emYkyq7ndSveHK0psWNxobaY=; b=3se7ilfvDpVgdDjnmpfhg48yCrbXzLbYdcbPm4gB8MCvhhJopHH/OiIJpYhcsSdvupFgQoCav1wRLeEkYd8f59lFuuFargDy0Jket94Dkauct6O+np/1XR8q9HN5ajSVMAxrK8vLryzBI9AN+IEK5Quwv1K27lqGQWBrfxwvobw= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2365.namprd12.prod.outlook.com (2603:10b6:802:2e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.25; Wed, 19 May 2021 18:20:10 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4129.032; Wed, 19 May 2021 18:20:10 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: Tom Lendacky , James Bottomley , Min Xu , Jiewen Yao , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Michael D Kinney , Liming Gao , Zhiguang Liu , Brijesh Singh Subject: [PATCH v3 06/13] MdePkg/Register/Amd: define GHCB macros for SNP AP creation Date: Wed, 19 May 2021 13:19:42 -0500 Message-ID: <20210519181949.6574-7-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210519181949.6574-1-brijesh.singh@amd.com> References: <20210519181949.6574-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0212.namprd04.prod.outlook.com (2603:10b6:806:127::7) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7PR04CA0212.namprd04.prod.outlook.com (2603:10b6:806:127::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.25 via Frontend Transport; Wed, 19 May 2021 18:20:09 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2566881d-a454-497f-028a-08d91af2bcc9 X-MS-TrafficTypeDiagnostic: SN1PR12MB2365: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mY54ZOmtpl6UZ8yqbI27dn2352VTwDzGKmhnjU9g69WkJADSOVIPwgl9gPp/niAyQ7yPdZtTsZK4PaCFysXxKyACdqiJc/H7yZPDc36ivcjwrVWswBWCD5Olm/Is9e4+VpfdxWLdZ4NsaDpAG6FwHHAeZGB5GlNz/Mv+73r3STpMfUvijeS1Mn1NHRBTvsq+IdSFkkwNGkS2kZfmkJQr098eMzAFpuq2oLGBLzKNnWAb0P/b+l7GL9/BSqpKnPQbZXtRFLr1sapNRGIX7q/3xF9T5tpW7dvoojonaeF5KyXkdEuGSquMx20cX8MFFPIDI+XLRdZuArDMpJ0pCm8Mjcftu2u6Y2akI9IruNlPzWFVXV/jtUL5+05TkoUA8eCwdEAMTMfx+UrbQoCOyYzKyuocpBvsXrfUs4GdHIX2GjxhCjMi+PovpSeMZud8B5BriOBjuv2hp6MZZdHNf7B9PVIRGCUmW+2Z7+dSA9mewY8ecjEiBbe3QJuYjEQ9X2qqchiQfoatpOBzEbUGtGnOCZRExwjeF0r/zeUhhDrf+8/aLuU9Kjj7hHu6havEFQn/kB/p8drPyakWtHnXFVac6SnyarlKLsxpBgS4uAHVcdB7+d9ca4aA3R63Z86/0bUNSRy/QgXOIVS5BQRIq5dhhD2dlMNEMvnHqPB7YSzaoikfbtkBJURfBNfDWOTa6x6SkKr6mVb3x1DilbX5vq4h1ATo8Q2HsU3n2VVyT42ghr0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(396003)(366004)(376002)(39840400004)(16526019)(4326008)(6916009)(956004)(2616005)(478600001)(1076003)(2906002)(5660300002)(6486002)(966005)(54906003)(66946007)(66476007)(316002)(7416002)(8676002)(66556008)(8936002)(83380400001)(36756003)(38100700002)(38350700002)(86362001)(26005)(7696005)(52116002)(186003)(44832011)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?WkWKoDVPt8CaGyNnHRlEGDXLUhe2BIx6W873KqyabCXQsTaZOmHHRdrsv4Uc?= =?us-ascii?Q?2XVSu2mYV9/kiSYxR1O1GLhXtxLEhTUUUAvaA1aYpA8fk+hNfII9vaV5DGpP?= =?us-ascii?Q?lkGqkSAPX/zIUk/i9fg4n99xiO3xVqksyqCgfVrnDOPixceqwthfSkwTTyQS?= =?us-ascii?Q?A0l4zMiVz/CUh2Ozky8MaPiCx8XByuu3eAVZ74T99hVqA4QpqM3havYaoTuL?= =?us-ascii?Q?OkodT5iCVZjSGi6gTdQTuPXBH3OlNAR9iWrOPVYwKSqEuS9G4D+s9p3iKHoK?= =?us-ascii?Q?vObYv+ulX/nIA0LjDukauFkCAW0ywkxonBeSa2vo988mSIboY6ICbgUtgMq3?= =?us-ascii?Q?xpdyaLPbQNO+upsvny6o9SqmOHNZFVhgvXmxm0BgHj58INsovp+mxKzs12yI?= =?us-ascii?Q?JzK3QOSBITvmM7iLMgaW+SB9ku7X6rfkACCthgS8+7KwetcKo3pVxT4XYYsZ?= =?us-ascii?Q?RZjtC6GK9rRAYuTlqNpdXypy1hnoYlk1nSKI1wKwO4QT6XQr1KLzwLF8Fbu7?= =?us-ascii?Q?sg4mD9KGmU8JrVUK3cMrDDfICp8N4YWjOFfs7BNpG9Uuo4d366lWoYeJuJMF?= =?us-ascii?Q?QyGSys6ePX1zz1jH+IA7uUfZ+PC62HS8g2D32FM1aT1Lcug66EbOtbiBtPIz?= =?us-ascii?Q?RL+NX/GETGyUeFKmAqjkp1EpSqnUavD3qSp9HjWGQhPlzMW+QZJJ0DdGhj7c?= =?us-ascii?Q?hN2IOTJdh6o2VRRuHVM3HAy49iMBPEc3qaUA/6y4zaJ8MiTAlr67x44wJBu1?= =?us-ascii?Q?omfxCpTrP7qiE3tuYRc8lFvxH1dNnIgZv67hfrxhc+woSLVYy/1RXbG6kbv0?= =?us-ascii?Q?jPTRmLliUuUwnuse6dAK4Dk6+N/Hi5EqzNLRGuacxI7C/8l2zUm0hBufmAvh?= =?us-ascii?Q?M+AFIvBUHdaFNyIn0m0fAMAcWGL7FqOob4sDGYYMtH/c/ZKsHZq818i3EyO7?= =?us-ascii?Q?yKzKE3doguA+MONgXs0969Uq5BkyjLCp++KeKY8CHvIMiSSD6AsFSYbxbuU3?= =?us-ascii?Q?1HM8ssG9tlSp9wCfm6FDNcAr7yiXIeLnEPQQiUfbVBA3lD/lqrEL9ewWWSDR?= =?us-ascii?Q?udzyUYSsH2J7ShOiMctNSN0++pGHSxK4c2eT6Z7+gpRWtQhYsNqhG9pmlLAA?= =?us-ascii?Q?U5n2kBXcItbhkWVphQCpwtLs/QE1iqx2XLKVYRZMCVlcYth0FFOBOLjsGhDS?= =?us-ascii?Q?ZUWZQoXUGlN2XJvbDd0omjg4WYqCkhXzasujRMITMcuLTI9M4Vyn6JXcpvcR?= =?us-ascii?Q?goA8RpoEEoSZFuAwIu8qEAbMYFRjAWgFRPueD+Hr3zOMsgNJWuw7Vt7wU3Im?= =?us-ascii?Q?FjBhVRz8SQMlfzsUyKsFDtcz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2566881d-a454-497f-028a-08d91af2bcc9 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2021 18:20:10.2932 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JxtHXl0yw3JfzYkhqsrICmd1knh0a26PVuSpl7r6hZa9snJuNBgwTj4fAx6J/Sqz4FJgbjpLKX4y6KRwNCapFg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2365 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D33275 Version 2 of GHCB introduces NAE for creating AP when SEV-SNP is enabled in the guest VM. See the GHCB specification, Table 5 "List of Supported Non-Automatic Events" and sections 4.1.9 and 4.3.2, for further details. While at it, define the VMSA state save area that is required for creating the AP. The save area format is defined in AMD APM volume 2, Table B-4 (there is a mistake in the table that defines the size of the reserved area at offset 0xc8 as a dword, when it is actually a word). The format of the save area segment registers is further defined in AMD APM volume 2, sections 10 and 15.5. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Reviewed-by: Liming Gao Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- MdePkg/Include/Register/Amd/Ghcb.h | 84 ++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index 029904b1c63a..8c5f46e4bb53 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -55,6 +55,7 @@ #define SVM_EXIT_AP_RESET_HOLD 0x80000004ULL #define SVM_EXIT_AP_JUMP_TABLE 0x80000005ULL #define SVM_EXIT_SNP_PAGE_STATE_CHANGE 0x80000010ULL +#define SVM_EXIT_SNP_AP_CREATION 0x80000013ULL #define SVM_EXIT_HYPERVISOR_FEATURES 0x8000FFFDULL #define SVM_EXIT_UNSUPPORTED 0x8000FFFFULL =20 @@ -83,6 +84,12 @@ #define IOIO_SEG_ES 0 #define IOIO_SEG_DS (BIT11 | BIT10) =20 +// +// AP Creation Information +// +#define SVM_VMGEXIT_SNP_AP_CREATE_ON_INIT 0 +#define SVM_VMGEXIT_SNP_AP_CREATE 1 +#define SVM_VMGEXIT_SNP_AP_DESTROY 2 =20 typedef PACKED struct { UINT8 Reserved1[203]; @@ -195,4 +202,81 @@ typedef struct { SNP_PAGE_STATE_ENTRY Entry[SNP_PAGE_STATE_MAX_ENTRY]; } SNP_PAGE_STATE_CHANGE_INFO; =20 +// +// SEV-ES save area mapping structures used for SEV-SNP AP Creation. +// Only the fields required to be set to a non-zero value are defined. +// +// The segment register definition is defined for processor reset/real mod= e +// (as when an INIT of the vCPU is requested). Should other modes (long mo= de, +// etc.) be required, then the definitions can be enhanced. +// + +// +// Segment types at processor reset, See AMD APM Volume 2, Table 14-2. +// +#define SEV_ES_RESET_CODE_SEGMENT_TYPE 0xA +#define SEV_ES_RESET_DATA_SEGMENT_TYPE 0x2 + +#define SEV_ES_RESET_LDT_TYPE 0x2 +#define SEV_ES_RESET_TSS_TYPE 0x3 + +#pragma pack (1) +typedef union { + struct { + UINT16 Type:4; + UINT16 Sbit:1; + UINT16 Dpl:2; + UINT16 Present:1; + UINT16 Avl:1; + UINT16 Reserved1:1; + UINT16 Db:1; + UINT16 Granularity:1; + } Bits; + UINT16 Uint16; +} SEV_ES_SEGMENT_REGISTER_ATTRIBUTES; + +typedef struct { + UINT16 Selector; + SEV_ES_SEGMENT_REGISTER_ATTRIBUTES Attributes; + UINT32 Limit; + UINT64 Base; +} SEV_ES_SEGMENT_REGISTER; + +typedef struct { + SEV_ES_SEGMENT_REGISTER Es; + SEV_ES_SEGMENT_REGISTER Cs; + SEV_ES_SEGMENT_REGISTER Ss; + SEV_ES_SEGMENT_REGISTER Ds; + SEV_ES_SEGMENT_REGISTER Fs; + SEV_ES_SEGMENT_REGISTER Gs; + SEV_ES_SEGMENT_REGISTER Gdtr; + SEV_ES_SEGMENT_REGISTER Ldtr; + SEV_ES_SEGMENT_REGISTER Idtr; + SEV_ES_SEGMENT_REGISTER Tr; + UINT8 Reserved1[42]; + UINT8 Vmpl; + UINT8 Reserved2[5]; + UINT64 Efer; + UINT8 Reserved3[112]; + UINT64 Cr4; + UINT8 Reserved4[8]; + UINT64 Cr0; + UINT64 Dr7; + UINT64 Dr6; + UINT64 Rflags; + UINT64 Rip; + UINT8 Reserved5[232]; + UINT64 GPat; + UINT8 Reserved6[320]; + UINT64 SevFeatures; + UINT8 Reserved7[48]; + UINT64 XCr0; + UINT8 Reserved8[24]; + UINT32 Mxcsr; + UINT16 X87Ftw; + UINT8 Reserved9[2]; + UINT16 X87Fcw; +} SEV_ES_SAVE_AREA; +#pragma pack () + #endif --=20 2.17.1