From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.39.1622070701830167716 for ; Wed, 26 May 2021 16:11:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=urifNjtt; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ccnE7hQx1GkfLVNxkL01s8TyFqkcEZe6Shlhc7ddDtGBr8u35IzFHMiMJJIYeSgk0pm8XK8+50EAcp5RQdjihJdHyLplus9GBCz4r4iJVWyL4RWxlFbQnSvTPcyNyhOBxvisR9cLkGya3zWop76dL5y/q837eG32XYMIHRaFN72Mfbjo3ocK2VDIEVwOP3ND7Hwk8PY7sDtgfTQOAuBLStue0fvgZ3C3cwSnxSj7Yoa+nMCuQz6va51AV5zo0yR8wePliet+S1wcupede2tWvb1pfAEqN805/TU+p6Z4lacXa0N169Ov/ldonk+sMTpTgKcLD8e/8p+awIbTQsLcvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tRs6C7x84I8qa/3N7DQFAcguvFDY/Gwxd+5tBnTXOQM=; b=MsjOLo9H6zkgTalDFppVukxFjhCY85VfuXbWjH0LxY4O+KDhdVXaBZm/2VZtA9XF5kaNq2Bxg1irjFhzQFw7Daycofvr9l8VsONX16kgv98D0VBhn6sS7829c9n/HCVVSZgujuipn+QKHhChKr2d7UYLOgqFTEYzxlLttaLWBYJ3OmN4g0d48wxouojw5kznVcnEuvkAtxq4goEVXyLx1ukNVehl9ntSk8gRukmcLA1jvV5WIP34/BD+fWzFhR0JCA9jT7vTZkCewu4+3lHYufFLxcmq17msyOa2f0raFaUEzzLLKsa45OGMOQv8Jj/qAGDqu99Ovg/CDadJdRD4ew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tRs6C7x84I8qa/3N7DQFAcguvFDY/Gwxd+5tBnTXOQM=; b=urifNjtt0GOfGMC7JE2vnUCuMdDlgnxaxkU8HMZpyKDAWeq3fbO54vKQW5X+qRwF/LbMj12DtIAMHRu51nEEzof/8AXkVkA74rY3/lTzAmCYNzh2Od0gwgucghtWTHI0448wyDzar7vNUajqqJ20xh+6YbOpJB2njbvzDbCgIts= Authentication-Results: linux.ibm.com; dkim=none (message not signed) header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:38 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:38 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [PATCH RFC v3 03/22] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field Date: Wed, 26 May 2021 18:10:59 -0500 Message-ID: <20210526231118.12946-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8d597fb3-1d18-4219-acc7-08d9209b9d65 X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2043; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DFv5O3UY4yWGDeysKuEVEaKC+O764nNfxUjK5M8pVybQPtJXpQBR1aobbi71j+/XZYQwwZimFZ4ycsT5zCIKMU1nNBouFuMoU4BsxRbcXNAvscoVdWNx552uMhV72JUosIsmqavdXHbzL8s37+pOXBeoavh56GIUFFackkn9mJ5J9xIuQYUITQOVWqZQPomiM6TeICPm2Ee7YGC7lujI4GDm7B5b4eimW/RWGscW7cBHY0cMZXTiMbfms2sJOuaQgUFNcfQiGnjc75e86YlSUXAmj33pkh+UtXAK5qSAQmAdKuGltMoHX0SPPz6y7U47cAyYCiT01ZC+O0DVjTMBbwDBrQTyoeW56NdJNi7g6ovmscvFc+RNYd8rpM6ZIFaeLGocotW50fTXQowVhoQKu1w1v/Q0bZRGpejyrrrqZthOXxlwjikes3dtbuF9t5Ldl7um1+5132KRbiUCNUPjq5ScWj2lCo5VFTU5cjqiBtDLinu8XHVqLDTG3Krb+DFhhTjHWZBuUY370NE5Id5RO/Idu+5Ceh2G/A4FhgJd8qcv25HSdhhO4geJReBadY9pE2NR9wgi5C1FPt+6jJnuaVd9IF03OvkzllAE7wKjCMn5/YZcglsMFYhFUhOR0RjpDEdDys6ZJMJ1po8O2AEeX3m0qo3PTAaEZvw33B33AKta55cN2zLkgNV0C76/K1m2ewh3N8nHzxQG4SP3uxAbBQPE4EhZffV2+frgVdApJU8dlpifcBSsafkEhCdKXKageltCjBaDglji4ADzQL3HBvE9HBQUIs8U++ByDwKAggs= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(366004)(346002)(396003)(376002)(6486002)(26005)(2616005)(6666004)(478600001)(956004)(66476007)(36756003)(1076003)(8676002)(7696005)(52116002)(8936002)(44832011)(86362001)(38100700002)(38350700002)(83380400001)(54906003)(2906002)(921005)(4326008)(186003)(66946007)(7416002)(5660300002)(316002)(19627235002)(66556008)(966005)(110136005)(16526019);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?kfHg6Tau9tSjAUxSb/Odn1TNU9sYx1lAoK1CwGNz1PkcDPTO2bJi0ADNHVvS?= =?us-ascii?Q?PjenSNfFPV4cqBWvnlMhwRobboG20JwKAgJlhvXxw8LqWXsNcXgooGtzgldN?= =?us-ascii?Q?tTJ0VnRGwfKNsVGmS4EFdPplvfsfEyoEQ+hJuc4UWY+7QQdKTBK9vMi4XCIP?= =?us-ascii?Q?/qX5BPJjCqGNz6BwCLOP4TEeJWPmqgcpEuGwG6ZOmxfZB+P8o+HlnhQ0ZSlT?= =?us-ascii?Q?3ePVLiwONXEwIM0d0vIU65NMNEzSOUDXQU/vnPf6WzpC204osliydU+DVuUA?= =?us-ascii?Q?T1ilsh3EA8z6J6sVmqtvySNfHoDsxeOEw+EXmlBMTpM4v5oKK3zhBoJg9CFq?= =?us-ascii?Q?ZYQa6aAwQX5HPssaMMkGUmyZVC3L9OYnEVEfuxg1u6wm4WN7CoqEnrxxvWLz?= =?us-ascii?Q?NQE6bbb6sHHdw6lG06m2PzUPZ2gt4R70/w3o9Lypt+ISd67RLec7WiRVU7pE?= =?us-ascii?Q?buOuOge9y9VZSbQqaQmvf+AyAUwYUrOY0BDmz1MgUZ4UkzP/ayIWdtE8dery?= =?us-ascii?Q?8ESlAi55pJiaMUBBgWLu5QE/IzQBlLFaIjSrkbfdb/sn3++feZHkjhWpH+x6?= =?us-ascii?Q?TPMotgQ6JxUj/I39hY9BrYFSPRN/p+VZ1Yh1hehx1qrlQn439D2uf9fUSEjK?= =?us-ascii?Q?JPR0UWOYmtixVhQruKdVbPI3xebBOBmouwux9amy3hi3luBeZf/rpFUfR3dE?= =?us-ascii?Q?NqBXrU4DKX9TrvwlAhn3EPTvKo6iJvq1boXCikRS90V4YEb9ismJ6/kP5Gdt?= =?us-ascii?Q?hcB5MgC2qIybUfc58/RkJWHQe2JfaxaV+uQAPPbLY0tPqFPFDODrgTkSpkSX?= =?us-ascii?Q?Rt4a5wUV6lMXzVxvCDV3Pv7r+3Zqh/tvT0VB6xxe1Y7EAEkQ11MQno0kfnNT?= =?us-ascii?Q?+m44RC7N5YyamI2NbtGHUmy7vodOrYoMqHwyMu5E2u52AXJDfe6Oa6lnqdy5?= =?us-ascii?Q?v9lKZc/GRmgVfqDio5BW+zsruzc0hVezkN4lp1E1ow1FyWKB7TiJnP0XMhWj?= =?us-ascii?Q?4myApJrtFKnqzp0clwKJJNC1cRaV2wk2v3OMRr2YHAjioZwo1GDelc246nan?= =?us-ascii?Q?cJYICE95R9acgwmLzPBufaMGzArAI2roJ1hi/kuvYeTU1uyiGgVw9O65riJY?= =?us-ascii?Q?95b+yZDM/KrZ8JSWhs74xWj4WQ3cDQARoGdATBzzSwnDR75jZYEn4AVuHnxO?= =?us-ascii?Q?n5mym8Fc5bcHydccQWKHfdpFHDpie3VyhHVHEYaW0AwWTnBSMVNcohmtOf9I?= =?us-ascii?Q?+DrsWfR/gNb8AG7GknasQUA3OriDXTjSO2ckhTxldwZJLViTQ0dmS2wLHGuj?= =?us-ascii?Q?NL5qNu95l1BukSriPaUSCyfC?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8d597fb3-1d18-4219-acc7-08d9209b9d65 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:38.4710 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WP8qA65Xb5/uRNVQO+ohQRhmVS+nNqm4wquJmi7OgvFevf52dMBN9vTzggOHaPX3RW10qq4k8AMAk33R6XrbTA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Extend the workarea to include the SEV-SNP enabled fields. This will be set when SEV-SNP is active in the guest VM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/Include/Library/MemEncryptSevLib.h | 3 ++- OvmfPkg/PlatformPei/AmdSev.c | 26 ++++++++++++++++++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 12 ++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 6ef77ba7bb21..bc1dcac48343 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -110,6 +110,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 2425d8ba0a36..24507de55c5d 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -49,7 +49,8 @@ typedef struct { // typedef struct _SEC_SEV_ES_WORK_AREA { UINT8 SevEsEnabled; - UINT8 Reserved1[7]; + UINT8 SevSnpEnabled; + UINT8 Reserved2[6]; =20 UINT64 RandomData; =20 diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022ba..67b78fd5fa36 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -22,6 +22,27 @@ =20 #include "Platform.h" =20 +/** + + Initialize SEV-SNP support if running as an SEV-SNP guest. + + **/ +STATIC +VOID +AmdSevSnpInitialize ( + VOID + ) +{ + RETURN_STATUS PcdStatus; + + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -209,4 +230,9 @@ AmdSevInitialize ( // Check and perform SEV-ES initialization if required. // AmdSevEsInitialize (); + + // + // Check and perform SEV-SNP initialization if required. + // + AmdSevSnpInitialize (); } diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 5fae8986d9da..6838cdeec9c3 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -81,6 +81,11 @@ CheckSevFeatures: ; the MSR check below will set the first byte of the workarea to one. mov byte[SEV_ES_WORK_AREA], 0 =20 + ; Set the SevSnpEnabled field in workarea to zero to communicate to th= e SEC + ; phase that SEV-SNP is not enabled. If SEV-SNP is enabled, this funct= ion + ; will set it to 1. + mov byte[SEV_ES_WORK_AREA_SNP], 0 + ; ; Set up exception handlers to check for SEV-ES ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for @@ -136,6 +141,13 @@ CheckSevFeatures: ; phase that SEV-ES is enabled. mov byte[SEV_ES_WORK_AREA], 1 =20 + bt eax, 2 + jnc GetSevEncBit + + ; Set the second byte of the workarea to one to communicate to the SEC + ; phase that the SEV-SNP is enabled + mov byte[SEV_ES_WORK_AREA_SNP], 1 + GetSevEncBit: ; Get pte bit position to enable memory encryption ; CPUID Fn8000_001F[EBX] - Bits 5:0 diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 5fbacaed5f9d..1971557b1c00 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -73,6 +73,7 @@ %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) + %define SEV_ES_WORK_AREA_SNP (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 1) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) --=20 2.17.1