From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [])
 by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447
 for <devel@edk2.groups.io>;
 Mon, 28 Jun 2021 10:43:27 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=y9CIjHqq;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: <nil>, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=el8yTFUcBfPzpVtNgKvwkLBCVRKQNnz6Qa68B94VXb0W+e5nyrMjqKJ/ZbzvFrNWgL8YlqZ2CRQk/i1a1sfI7wrGSNOMBxZw8RfOzt9jYzok1gK15onQ0VgoEh/3HECIQ5l0WnqWSRITjTz/hgmqae9Gv5nuUvpNlFyya8PMj9UjpvbShCFGp1g2CLn5Af8VUpgPXjeTv7xFheoWlx13jO58+XEi1r7nF6e5oY+uyEHtaeM9LiSHf2ojKjsj9QlMAUW0BLI3XXUooaMRcKRi5rVcUHs4qfYY2+Ij2a3NACy7YngOWzfQ88kX/19Xmx0EqzKSd/xZuklV2qD/PPSL5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=DwI0k7bbuQTBk5WMJRFb3b6AcIO8XigRDcbmGemQzjE=;
 b=D8GKn2fQec0a/6wMiX/vbs1Eqjqw5HYTbcFpLSj8VULF0SOCKIvFyBngZegW80QiDs8mBpDesn7NILY8XegG6HiwEhgQSQFr7xdLiSe+4O4vXDJHk1omuhq1M5s2Fs6O54cfIHPebBYP2XpWes9zSY+PgBbwuYSd1iuTcFvCQdtznDV7t80A4eHJzSy7EvmIlBqv7TqcS+WPEK3/XmCoiuOP49Vn52d8T8krall6wduZSNZl7TY8jrxqpiIb7bEe+RcKoJ8cCeQOFJc/cmvJkRYPRAuCCrPEbTZ1zQKrr91hcGxEOT6N4o8R5UHyDlmOBhyXzJUvA9oLgP6mZlbZmA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=DwI0k7bbuQTBk5WMJRFb3b6AcIO8XigRDcbmGemQzjE=;
 b=y9CIjHqqG1KDzzfHpplntBGtiE6S1Vm4WVprOjSxM8aIVbs0V2Ayd3q8rLpbH5MfSZKZi+wG/m9igx7PkUFbOpyYgk5UnNttP6tZuJsVzd0wTenh6i3UfTxoEBKdnNKce6GvTZlYZ1CH1KM7c+JWOR9gO8RitYLcvvO0n5QBods=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by
 DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4264.19; Mon, 28 Jun 2021 17:43:25 +0000
Received: from DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021
 17:43:25 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [RFC PATCH v4 04/27] OvmfPkg: reserve SNP secrets page
Date: Mon, 28 Jun 2021 12:42:00 -0500
Message-ID: <20210628174223.1302-5-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com>
References: <20210628174223.1302-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com
 (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com
 (2603:10b6:5:42::18)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:24 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e54a1557-d5b7-42c6-c4ef-08d93a5c3b35
X-MS-TrafficTypeDiagnostic: DM6PR12MB4172:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM6PR12MB4172F184F3D78B6F9DBBD00CE5039@DM6PR12MB4172.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6790;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	lgApbdSg0t5B4d3kKIMuxgMgSl20nxmjJfEgPDn9K7w8jg9gpYj+LNDOoc3u5KiXBcPFV1ETWEsXo5Jq3GKcgru1V/yWhCOP1UAS/om+Hpsm4vb4kj5zdyRxxMW42r3T51D6RLdZuV7oTVk4EyAw7Gv+MKUWj3lpb051PY20y5ykkRP7JhabR7CKxtl5NmvSXUWlmACHLLD7T13cA2QYjaR8nlOAU02uapY4lS80EYA6Bd2xocv9jmHQZa063AklUy8rivj5mie2XqpHsobWggCcPU1lfZ8N+p8TzTBQ+6ZzMFtMA6Emz+exObLvlDDAfjvhLpLLrMxCyRi86ds84zD62VhEwDnnW5smpgCDewBp2wQMDTaNuuuskq/rx+eEDznxp8kA0UAmZ+0t93wZBUcICs651a0QsHpCFS2U7fnNcWWpiQEFwYIv7Eum9XSCxNY7yVKJehpLyGakugRjV1qnaF+KmFbKR0NbhFtpL9LYtDwvg3iiCNoRJLXDrRHKUArJ16T4Vz2JGSLg/lKmftNoz4JJZ3cO7LLwvZLiXFFnXPks3hn8yQgW4lXbTtvL/MbaoFTGYZiUEjtw55e5247B9zKV10wfa3ivujEBjuN9dGkn8cPN63K4w7RaMg7xLlQ/NUEjtCFfQm0coCK9FkpoSFi8t3T9ZOea47haGdxCH1N8k5n0v6PZmXq1c2j7TskZNrlt0+9A8LjxyKgfqqRpgQdK56m0IJtjhtXtxgzwwPOA8UNWDGVjRPo7IcbKtXSCdlquW8Vg/841ElY3HI4qMr4M4MMsixX+0IkJmiGz3uXn53i4+IuA7WNfu3nRYpDObc0jVwgYXWyezDbX+w==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(19627235002)(8676002)(66476007)(66556008)(66946007)(966005)(5660300002)(1076003)(6666004)(8936002)(38350700002)(38100700002)(4326008)(478600001)(52116002)(2616005)(316002)(956004)(6916009)(7416002)(86362001)(54906003)(2906002)(7696005)(83380400001)(16526019)(36756003)(186003)(26005)(6486002)(44832011);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?yYAxDrZDH5lvnEpDgkH64upV7manFwyjKI61jKL6TpmIYFfbdz3z1EHWVrPm?=
 =?us-ascii?Q?9X8Fi95vv2Kz7R5yq+yURYw5Tui7qaPhlvLivue+RhHShrh3YrEKa6PDGjYC?=
 =?us-ascii?Q?P0JlQWLT6alI4kZOoRefcdkekb9fA+qySlg/w1r02iXgwuYeTZlJXxGlBD7O?=
 =?us-ascii?Q?BsQoKTagjxME/uPbACT+rXC9JKeJ4LyIW0F3JTZMqsQVHspqZ6OR76TQIEZK?=
 =?us-ascii?Q?u2rAVgvsFDsJgoHOadzgYag56xrh7YcNQJhsfyun06FrLPV/0iEJtdrZlpuz?=
 =?us-ascii?Q?3zusg1ykm4TrMNY17b0fPB/tph9a1LgHBUmEC2TkF5tWgZB6P+Dz5jW9yTxC?=
 =?us-ascii?Q?/n4BqeQ5xKjRXdAnRRFXr8+0lMmaEjkVtZnPjhYWwUKwfl+/OTWHF8h+tVUj?=
 =?us-ascii?Q?mdjtaRhiCqzgGP7K+S00KREYJhXaiZC/xTIGLUnLhXTUwifQ7uqMArrW+3C9?=
 =?us-ascii?Q?pkvIAYsJk4EJfIK6twbHrohKG6r40qlQzDFD1Zv0K5zh5k9ka1WgqXJoAkCi?=
 =?us-ascii?Q?/A2dzMayqtNIVXCdJEAMKBN+JDEJg6SBKk+LI4L5jLfMYV9aIiokytHcPgbc?=
 =?us-ascii?Q?cTUWNnACEfMfSl7gPJaMZMkuBVGzATjb4i394qZ6qOX9UwPONObRPGT97ush?=
 =?us-ascii?Q?svSVytuiY8OuC7zJqDyybcQ6WD0rwbte0qErAymwKlsHbgP45jYigGIVJcHd?=
 =?us-ascii?Q?Z0CcUGKugQcJyNiO7WmkQFPJ+Q/72VU5ANGfkMWmhGyDhe5ixWh19p1ZXxKE?=
 =?us-ascii?Q?R6fKx5mePPe1HStV+FWOPOuuPyLEuM2qwx/SmR6beqiubjYUboa5RiSA6I57?=
 =?us-ascii?Q?jFRG6VWgAG4boXKcJcggwRZlU2kV3nr2fMWVGtfTJjnxXo6wrL6GohgW+RBs?=
 =?us-ascii?Q?sYNvnpBOB1BLltJSCSPA++JOHoLJxmHcRFMkCEE2mFsoDBcpHqoUuzzcIthW?=
 =?us-ascii?Q?S2MrlfFYvTGhiauOl1MyULSLSp153CINryDQv+yy8NAPlRTy1jQ1CVoqlJk1?=
 =?us-ascii?Q?CI99Wma3EDE7/c/lp+poj1A1lYFCA2eHyVZCB3JwjFn4NrYpKyVURyBP0WTu?=
 =?us-ascii?Q?TwXBB8TC2u8AoG8SkmaqC7C/HNf2/RcdqRruiOqRFJh2OW3irck9aIc0VDix?=
 =?us-ascii?Q?w6Ax6kUs28KauvLF3BtFPuXDdg+zO+vsaQW7fyrXG93tXXFmVbvW8QglCkas?=
 =?us-ascii?Q?Gd9FrsJjlYNrCJQ2bgVkDebmBy8Q9jAM/tYEpGY7tuz5RUGKlAbNeOw3jg2y?=
 =?us-ascii?Q?AxmSExeAifnzP//ngMGvCLTr6VFhm+CyRdb/PqwREhwBA+2JiwvLQL4TurYd?=
 =?us-ascii?Q?FlgBMQiG557G56djrdGXGv1k?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e54a1557-d5b7-42c6-c4ef-08d93a5c3b35
X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:25.6136
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4lLKlW0R9k9iRTYvqbCAPStez90Se/yIm0NXPxIvDnpMCJFMf6sSEBjzhGiB01o66J6kLx1FKNjk+2fPViZBYw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to the PSP.

The purpose of the secrets page in the SEV-SNP is different from the one
used in SEV guests. In SEV, the secrets page contains the guest owner's
private data after the remote attestation.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/OvmfPkg.dec    | 7 +++++++
 OvmfPkg/OvmfPkgX64.fdf | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f..106a368ec975 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -321,6 +321,13 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43
=20
+  ## The base address and size of the SEV-SNP Secrets Area that contains
+  #  the VM platform communication key used to send and recieve the
+  #  messages to the PSP. If this is set in the .fdf, the platform
+  #  is responsible to reserve this area from DXE phase overwrites.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1=
0
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 5fa8c0895808..902c6a4e9ea1 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -88,6 +88,9 @@ [FD.MEMFD]
 0x00C000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecGhcbBackupSize
=20
+0x00D000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui=
d.PcdOvmfSnpSecretsSize
+
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPeiTempRamSize
=20
--=20
2.17.1