From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:27 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=y9CIjHqq; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=el8yTFUcBfPzpVtNgKvwkLBCVRKQNnz6Qa68B94VXb0W+e5nyrMjqKJ/ZbzvFrNWgL8YlqZ2CRQk/i1a1sfI7wrGSNOMBxZw8RfOzt9jYzok1gK15onQ0VgoEh/3HECIQ5l0WnqWSRITjTz/hgmqae9Gv5nuUvpNlFyya8PMj9UjpvbShCFGp1g2CLn5Af8VUpgPXjeTv7xFheoWlx13jO58+XEi1r7nF6e5oY+uyEHtaeM9LiSHf2ojKjsj9QlMAUW0BLI3XXUooaMRcKRi5rVcUHs4qfYY2+Ij2a3NACy7YngOWzfQ88kX/19Xmx0EqzKSd/xZuklV2qD/PPSL5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DwI0k7bbuQTBk5WMJRFb3b6AcIO8XigRDcbmGemQzjE=; b=D8GKn2fQec0a/6wMiX/vbs1Eqjqw5HYTbcFpLSj8VULF0SOCKIvFyBngZegW80QiDs8mBpDesn7NILY8XegG6HiwEhgQSQFr7xdLiSe+4O4vXDJHk1omuhq1M5s2Fs6O54cfIHPebBYP2XpWes9zSY+PgBbwuYSd1iuTcFvCQdtznDV7t80A4eHJzSy7EvmIlBqv7TqcS+WPEK3/XmCoiuOP49Vn52d8T8krall6wduZSNZl7TY8jrxqpiIb7bEe+RcKoJ8cCeQOFJc/cmvJkRYPRAuCCrPEbTZ1zQKrr91hcGxEOT6N4o8R5UHyDlmOBhyXzJUvA9oLgP6mZlbZmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DwI0k7bbuQTBk5WMJRFb3b6AcIO8XigRDcbmGemQzjE=; b=y9CIjHqqG1KDzzfHpplntBGtiE6S1Vm4WVprOjSxM8aIVbs0V2Ayd3q8rLpbH5MfSZKZi+wG/m9igx7PkUFbOpyYgk5UnNttP6tZuJsVzd0wTenh6i3UfTxoEBKdnNKce6GvTZlYZ1CH1KM7c+JWOR9gO8RitYLcvvO0n5QBods= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:25 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:25 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v4 04/27] OvmfPkg: reserve SNP secrets page Date: Mon, 28 Jun 2021 12:42:00 -0500 Message-ID: <20210628174223.1302-5-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:24 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e54a1557-d5b7-42c6-c4ef-08d93a5c3b35 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lgApbdSg0t5B4d3kKIMuxgMgSl20nxmjJfEgPDn9K7w8jg9gpYj+LNDOoc3u5KiXBcPFV1ETWEsXo5Jq3GKcgru1V/yWhCOP1UAS/om+Hpsm4vb4kj5zdyRxxMW42r3T51D6RLdZuV7oTVk4EyAw7Gv+MKUWj3lpb051PY20y5ykkRP7JhabR7CKxtl5NmvSXUWlmACHLLD7T13cA2QYjaR8nlOAU02uapY4lS80EYA6Bd2xocv9jmHQZa063AklUy8rivj5mie2XqpHsobWggCcPU1lfZ8N+p8TzTBQ+6ZzMFtMA6Emz+exObLvlDDAfjvhLpLLrMxCyRi86ds84zD62VhEwDnnW5smpgCDewBp2wQMDTaNuuuskq/rx+eEDznxp8kA0UAmZ+0t93wZBUcICs651a0QsHpCFS2U7fnNcWWpiQEFwYIv7Eum9XSCxNY7yVKJehpLyGakugRjV1qnaF+KmFbKR0NbhFtpL9LYtDwvg3iiCNoRJLXDrRHKUArJ16T4Vz2JGSLg/lKmftNoz4JJZ3cO7LLwvZLiXFFnXPks3hn8yQgW4lXbTtvL/MbaoFTGYZiUEjtw55e5247B9zKV10wfa3ivujEBjuN9dGkn8cPN63K4w7RaMg7xLlQ/NUEjtCFfQm0coCK9FkpoSFi8t3T9ZOea47haGdxCH1N8k5n0v6PZmXq1c2j7TskZNrlt0+9A8LjxyKgfqqRpgQdK56m0IJtjhtXtxgzwwPOA8UNWDGVjRPo7IcbKtXSCdlquW8Vg/841ElY3HI4qMr4M4MMsixX+0IkJmiGz3uXn53i4+IuA7WNfu3nRYpDObc0jVwgYXWyezDbX+w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(19627235002)(8676002)(66476007)(66556008)(66946007)(966005)(5660300002)(1076003)(6666004)(8936002)(38350700002)(38100700002)(4326008)(478600001)(52116002)(2616005)(316002)(956004)(6916009)(7416002)(86362001)(54906003)(2906002)(7696005)(83380400001)(16526019)(36756003)(186003)(26005)(6486002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?yYAxDrZDH5lvnEpDgkH64upV7manFwyjKI61jKL6TpmIYFfbdz3z1EHWVrPm?= =?us-ascii?Q?9X8Fi95vv2Kz7R5yq+yURYw5Tui7qaPhlvLivue+RhHShrh3YrEKa6PDGjYC?= =?us-ascii?Q?P0JlQWLT6alI4kZOoRefcdkekb9fA+qySlg/w1r02iXgwuYeTZlJXxGlBD7O?= =?us-ascii?Q?BsQoKTagjxME/uPbACT+rXC9JKeJ4LyIW0F3JTZMqsQVHspqZ6OR76TQIEZK?= =?us-ascii?Q?u2rAVgvsFDsJgoHOadzgYag56xrh7YcNQJhsfyun06FrLPV/0iEJtdrZlpuz?= =?us-ascii?Q?3zusg1ykm4TrMNY17b0fPB/tph9a1LgHBUmEC2TkF5tWgZB6P+Dz5jW9yTxC?= =?us-ascii?Q?/n4BqeQ5xKjRXdAnRRFXr8+0lMmaEjkVtZnPjhYWwUKwfl+/OTWHF8h+tVUj?= =?us-ascii?Q?mdjtaRhiCqzgGP7K+S00KREYJhXaiZC/xTIGLUnLhXTUwifQ7uqMArrW+3C9?= =?us-ascii?Q?pkvIAYsJk4EJfIK6twbHrohKG6r40qlQzDFD1Zv0K5zh5k9ka1WgqXJoAkCi?= =?us-ascii?Q?/A2dzMayqtNIVXCdJEAMKBN+JDEJg6SBKk+LI4L5jLfMYV9aIiokytHcPgbc?= =?us-ascii?Q?cTUWNnACEfMfSl7gPJaMZMkuBVGzATjb4i394qZ6qOX9UwPONObRPGT97ush?= =?us-ascii?Q?svSVytuiY8OuC7zJqDyybcQ6WD0rwbte0qErAymwKlsHbgP45jYigGIVJcHd?= =?us-ascii?Q?Z0CcUGKugQcJyNiO7WmkQFPJ+Q/72VU5ANGfkMWmhGyDhe5ixWh19p1ZXxKE?= =?us-ascii?Q?R6fKx5mePPe1HStV+FWOPOuuPyLEuM2qwx/SmR6beqiubjYUboa5RiSA6I57?= =?us-ascii?Q?jFRG6VWgAG4boXKcJcggwRZlU2kV3nr2fMWVGtfTJjnxXo6wrL6GohgW+RBs?= =?us-ascii?Q?sYNvnpBOB1BLltJSCSPA++JOHoLJxmHcRFMkCEE2mFsoDBcpHqoUuzzcIthW?= =?us-ascii?Q?S2MrlfFYvTGhiauOl1MyULSLSp153CINryDQv+yy8NAPlRTy1jQ1CVoqlJk1?= =?us-ascii?Q?CI99Wma3EDE7/c/lp+poj1A1lYFCA2eHyVZCB3JwjFn4NrYpKyVURyBP0WTu?= =?us-ascii?Q?TwXBB8TC2u8AoG8SkmaqC7C/HNf2/RcdqRruiOqRFJh2OW3irck9aIc0VDix?= =?us-ascii?Q?w6Ax6kUs28KauvLF3BtFPuXDdg+zO+vsaQW7fyrXG93tXXFmVbvW8QglCkas?= =?us-ascii?Q?Gd9FrsJjlYNrCJQ2bgVkDebmBy8Q9jAM/tYEpGY7tuz5RUGKlAbNeOw3jg2y?= =?us-ascii?Q?AxmSExeAifnzP//ngMGvCLTr6VFhm+CyRdb/PqwREhwBA+2JiwvLQL4TurYd?= =?us-ascii?Q?FlgBMQiG557G56djrdGXGv1k?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e54a1557-d5b7-42c6-c4ef-08d93a5c3b35 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:25.6136 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4lLKlW0R9k9iRTYvqbCAPStez90Se/yIm0NXPxIvDnpMCJFMf6sSEBjzhGiB01o66J6kLx1FKNjk+2fPViZBYw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 During the SNP guest launch sequence, a special secrets page needs to be inserted by the VMM. The PSP will populate the page; it will contain the VM Platform Communication Key (VMPCKs) used by the guest to send and receive secure messages to the PSP. The purpose of the secrets page in the SEV-SNP is different from the one used in SEV guests. In SEV, the secrets page contains the guest owner's private data after the remote attestation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 7 +++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ 2 files changed, 10 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6ae733f6e39f..106a368ec975 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -321,6 +321,13 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 =20 + ## The base address and size of the SEV-SNP Secrets Area that contains + # the VM platform communication key used to send and recieve the + # messages to the PSP. If this is set in the .fdf, the platform + # is responsible to reserve this area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1= 0 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 5fa8c0895808..902c6a4e9ea1 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ [FD.MEMFD] 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 --=20 2.17.1