From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.51]) by mx.groups.io with SMTP id smtpd.web10.14862.1624902216714063553 for ; Mon, 28 Jun 2021 10:43:36 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=r68N9v7D; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.51, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TqEbl2mXbDVyYi4Te60yRU13eCVLM1Z6V8uThOi7Ov9OMNDCUITaAgZKzLoL0cFrt/UXtYCKtwFeSBU4tEWqMAQrpvsL3/wEZKoqYc2Qv6k6h3jFfLB+Wr6T6nUNxR/Khn4WQDtqtgwFteWqfyB2qKKTukB4oAOHGvP+4MZidmxyr4ayuythDNwLLMqT0U6A92L6nVMdOcLEdnxpsk+CANg8R4zR0faadjtXqr2i2LcMJ5G+wCVaWriCwiKDiQLaMHU9XqtNfSOfdH5Ftt6h1OvjVEFUDkeOpVic7UEgxNd7D5mh1Yt+7NlR5/MbZffg6iU8EPUPR15E+MNY0/qGYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=80UEoPaOgJSfw6CUClOElvdZAMG3H7UjcoEf4OwPWi4=; b=SAWYCVQtEFrN3Oz4tUcBFtTfs+4KJ0sXaulCnHBPaFRMNlIlmItRDAbVUgXSc7sIoxylndkJFPEmYvL0T7wbahVXb5idmg+urYfhSViC2bVqvcMO+AA0Zyau3zXb4c1UqppxBM7TzaB8I9FJGGSM/u7SkRXK9ofgaFX2ENTO9D+ctEgby5V12FR2mmsK+/vl1mKJDW/hGwbHf5xrjUPWEnL1pXUcaH1MuRHDTmzeZlbriQCEQidtioWS+xvd0k41enoSJBafyUd9CB0Ze1Mt7lcetAoQFDU5LitLCv2xjxvv5Zdjf6kS9Oxw4c1FZbFszEwm8ddlID3xJeDRvzKAUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=80UEoPaOgJSfw6CUClOElvdZAMG3H7UjcoEf4OwPWi4=; b=r68N9v7DSEkgmVfJ5iV8A6Frx1Ysoc5t1twBYD+l47YUwhvV16f1ucginMqZORoA0T4phRHL7w8MJnC04ezb/sPJprLbrj/X0+OGPXBrcA6okZ1aP5VVgSDuBDz7g5XUbBNHQuzdUiFbra9oZQ96vW9HAVkKdm9mwWf3p9y62a4= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:35 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:35 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v4 12/27] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest Date: Mon, 28 Jun 2021 12:42:08 -0500 Message-ID: <20210628174223.1302-13-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:34 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bf8b253d-121e-4efd-8276-08d93a5c40f4 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qTXT3oFHbd2AQ+QVei6R6W1QZ0t/PcaGCMKRbNKNfq9CdYIs1Jc8uG3Rc4oZnTr8UvTtdyNzES8r4XG6nuXSbcaY6pqHsQ+ubdgsFLoTVKKWgKmVbBgZ1UbRasndCT7cNat3ojIL99ikP1SIbXrtFrIe3g4kW0SsRXX0Dmr2dGRUBgiSG+R7lWTsYmwKADcMMUfjjqJheQyrRR2LLKzuvm0Oh0jt5UnKGyA7E5Y1awHzaM9aLytdnZucimnJPxA84L5HqS+xGHcdhfMAXoD3z1HwVQgBLPjOV5bc++mR2sr/jqoROk5f2E2PDQRU0pTyuf1mIJbRn9Z4u30NM6MwIuM8ffR4H5qWCyFdkbd62B6HEfLBT8vB28IQWB+ZpkZgXTletJxcieTdhjh/TRsIdqA+kiCKQ8LGRDkbCGeDmP4Navj26rP8VzbJVoWiWt8CAqjGAy/+D12ikVz4PY//2iTygKmjeyv0ZucQn4a/UWE/3nchsCu+pSaUWQlCeM6vM58LNKwOgglaGkqkHnD8fiNe++yriPhPLhb/Dz+o2rZstDNcg+1XtTApkYXXTVvewoeuSNHHjjPQOJ6JqDF5vJQH1LQ9hr7KOGThRlds00p1Jd1BzCce7zO61Ka+Q3/k1vxIxYByK70LK6Q5G5Ip+mad8n8Otg8rgPT3TJNQOot7+hR8zlKKUXhMbHTeDZM2gncLcbmMJe0+4XFvkHucLG5QGyyAsYza/4QHmvB90aJr3LkUw6Hvn1VoavoBitjqTq0FV+fKb1qr5c3GTFlsxWLk2RAL3Uk2GdU9nZm0WTiGQa/1vcJoW0x3R+9OAYr7 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(8676002)(66476007)(66556008)(66946007)(966005)(5660300002)(1076003)(6666004)(8936002)(38350700002)(38100700002)(4326008)(478600001)(52116002)(2616005)(316002)(956004)(6916009)(7416002)(86362001)(54906003)(2906002)(7696005)(83380400001)(16526019)(36756003)(186003)(26005)(6486002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?HPtUl10bSD/P5iB107lJEECCUWOzSlnpcFTmMZcm/UjnMX6zLdpxU1KAZFGB?= =?us-ascii?Q?O6Nit2tba3UgARX0dfefd3wjhZX/bqxicrcL1feCvyNqNnGaGw/5y81zN9Jp?= =?us-ascii?Q?btbgpUo5/JDFI5wZl8JleSlC+YDHFU2VzXvxx4peDGziTqarXA/dKhaTV3Hg?= =?us-ascii?Q?b8uV1CyJPfRp4blWggMvPn/0Sb0ETleMXZjxDlU/cPMjoujdjIyRzct6MlvP?= =?us-ascii?Q?IsJoi08QdNOfNTMz+iUqdt26UHSeD8dcH3eEMKwyN01ZO70otDhElQV0MIPF?= =?us-ascii?Q?okyU1O9cIAlj4nhAUSGm4Pki1BR5FCm5D87UYqdSCS9wGMyQLb9gp/SQellt?= =?us-ascii?Q?E8cvY5fCSOPAR8gawBF7z7uh7wIBEfOWo4S9jUPrxICAusMHfLjZPZ4NKSei?= =?us-ascii?Q?zjYz8psCrSvsKB1VgoVayRAby/v9K1ABGpiEFSNHLivQd88HJFLGi9H4HjXQ?= =?us-ascii?Q?M2BxC4YVxPlrjRa1DF+F0SDH5rTvQMugLJUmMdv3cj/Vm2C5OdQn8TRlUqJ3?= =?us-ascii?Q?Lwbidpi+oW1fbDXxsZjx3vmmGFBou0OdCWx9fUmjchfPEqGbR9yBihRlf2QV?= =?us-ascii?Q?AFe/c+wyF7B3hDKlkuUzsawXkJHqlyKsS4HgBkPXpMk6PU2egafLhXwhiRbK?= =?us-ascii?Q?UY8Yl9LfVpqlK2VuwqcGioytDN1DOWAjUWzoYVOwi2yCyymi2ZBhYgIFugnT?= =?us-ascii?Q?cvKYDUpIq/nFVXy5KP28y7cA6LZ7w59DK8KOoKNyETyGZsDGaRQ0SWQw9wRR?= =?us-ascii?Q?JbfAVgO1BoTE6aW0Qhlyglvsg07vxBNZL9gOi1KP9vAjrzzA/wJsCQe444Ea?= =?us-ascii?Q?TOKR6bgKlPWRO3btEAnGkFFJMK9tU2etghEqR3KpkzCDmvZZfCpTemP755+s?= =?us-ascii?Q?mjjWMJRHH354ieE3vHKlA5nXKPS5Z03MzIEsgzulAmoB/hNfZwNPDj416GxC?= =?us-ascii?Q?O/Y63WBj4ow/u/ZcYh/1s+ziZaepnKJvGF65olL/lzO5mQraLY+XtdPHw5x1?= =?us-ascii?Q?W5xjZrsF4SVZ3UIdBQWVUEP1lgBlvxeLUvISrujHWQojlxL1Qx/74/uete6N?= =?us-ascii?Q?mtwkKZzh4CaouYDfi09VxbkhuRDkuX4L3/8s6OBh/75LuyUO2crZwfhFTlTo?= =?us-ascii?Q?lhlZS348ecaG5B1X+Lg2sqtr/cshGxSbgMiJGx4xh6ipidFGr724NSGoY5g0?= =?us-ascii?Q?enjKYqIktxcXLLQhRsf3miDC0vyR6XaWqUbOP9JRHLyeoYL1sE/TWFa9FXZh?= =?us-ascii?Q?dMirW3xsp7k3XnaypNGLiUj2eK5hX1PqdIYUoTi9mTSdue3KMNmj8OtAEp2M?= =?us-ascii?Q?qFX+MeT67Gu8YH9F/1WrAwAW?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bf8b253d-121e-4efd-8276-08d93a5c40f4 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:35.2393 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ig4kf75ug0d088EpEH6fJ8+shTEtrqkUKOXq8rGcZlmqceLbnsVNc77QX25aFbWLqxuujtcA33gunj1FAEtNOg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 91 ++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022ba..de876fdb478e 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -19,9 +19,93 @@ #include #include #include +#include =20 #include "Platform.h" =20 +/** + Handle an SEV-SNP/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue= st + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to be registered. + +**/ +STATIC +VOID +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail= . + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -109,6 +193,13 @@ AmdSevEsInitialize ( "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n= ", (UINT64)GhcbBackupPageCount, GhcbBackupBase)); =20 + // + // SEV-SNP guest requires that GHCB GPA must be registered before using = it. + // + if (MemEncryptSevSnpIsEnabled ()) { + GhcbRegister (GhcbBasePa); + } + AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); =20 // --=20 2.17.1