From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [])
 by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447
 for <devel@edk2.groups.io>;
 Mon, 28 Jun 2021 10:43:29 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=zB1WOLMY;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: <nil>, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=HFV+1AxwICiGgikwxZLVLu51/FoXceICVHXBBNmk2cgDJPfyLVOfUr/P89tF1+tKqlt75qwJD2Nh+2eN86NtFoc0rsYDN1wT9CgdLnmOtJQW4GNQpddTPCi14N3T8wPp1UGBbr0ZTfpMvFHPKKGTuKDdhGo6QJErOORFo9WNJthsSV4/50qT63rd/dqw02rCUO+y4VvoIWCUf4t7v3pwPgy6JIlyYUDJyDBl3dq3bfBVk8ms7vwhXQ/ERPoj5+dNDyIot8G/WzGcmtnE97vgmd4nLe+W0S5VYc+WpmG+SQEE875cKnC3PP5Vy+XYo0ggq7Y40+dI58NdjvKRgUKrtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xVPCjq8ZN6ppI7DW/FpyKan0V0ikfo5VLzIJjxBKN2A=;
 b=E2zaVXtj2HviR0FHvNWMZ/46TzYaaHMLKQl+kHMmK7UwipGa3SruKKUAAY1PpCTpEmv9ppODwtYO3zOhfwgjtVcVeg5LOAQdc1rjiBtRqrH1nM7oUVOB/YS28sMxJDjgu3I6Z5J2xHTEgFOftGEZKNDIPPThY2S6cnnATuml/puZoQML5hypWFGonn3TLvTJIgV3UscPq5CVc2un2I1pXJ8oNuS8dGXV+tPiFVGf6FNHQhV6cdcszsp0vJJz2bi4Dc8MpeQJpeqGK62BCiyRJGQfc8VK786QB6okNF/Sora5Dcl5lxSOQbEtUmNKarrCaEqd5C0jADCjX48wpVL76Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xVPCjq8ZN6ppI7DW/FpyKan0V0ikfo5VLzIJjxBKN2A=;
 b=zB1WOLMYpNr6bpp1nseRMizt7kURfLySMnQ69thV4pKw6RaoRwAfxkwV2c3mKxwXQYCn/o7hXjB+FO2xuxSiz89BExXgMfzU68c2KUGC1sB9pu3LQ4/qwwPg9dUesvTeFh0oIMOWX+2gm6dIYk4f314QyERZF1HA9OcRZK85HdI=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by
 DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4264.19; Mon, 28 Jun 2021 17:43:27 +0000
Received: from DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021
 17:43:26 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [RFC PATCH v4 05/27] OvmfPkg: reserve CPUID page for SEV-SNP
Date: Mon, 28 Jun 2021 12:42:01 -0500
Message-ID: <20210628174223.1302-6-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com>
References: <20210628174223.1302-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com
 (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com
 (2603:10b6:5:42::18)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:25 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 29143d42-1099-4a86-76a1-08d93a5c3bfe
X-MS-TrafficTypeDiagnostic: DM6PR12MB4172:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM6PR12MB41727565C031CEA82FC526BBE5039@DM6PR12MB4172.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	cCbNUcq9qD5iKiOYBIySCa480VZnku67nnzSrNuY+EoDfdfhImQVfd+M2HJL5KQsV+Nd4hSZAhZOZeAA8ytwHYUR+KcWlgy6gjXCcrMsMo7235xelgu7vIUDxw3x/oQw6nh9UpodU8UaqpGc7+naVnUc0+TT2gGsTk9YPQPVNNcP+5kFcFtKbj8159wH3lk9qzem4xle8JHydGk/mMA4opaC73YP4/s/pi02ELK3+qD+oSV8XcixsQzeOlY59zLeCpjdlpsmKcI+ckD4MgJoiB/W+26wdrJyx7KVZrifnAia53nrnqyDuYdCRZu/pPvtjLL0BzTgrVyolgHyZGuzhOUZ3FzBwB6siMwTRu8oke2EcxZ1l0gstJKxvPBcOL+k+xijBvlFNFMYxjuEgnwA2ZMx4ehM31IdR0mhd80RmcD6Kry18EMxz6UBJfi8reNxLVMbNGajhDiJxhE3bsR/QchUAx9h0tFGK1/XBSLTQO5qMI3DtTh4B/ITSdXPDvBfuw11cxt5Cjsfb7uLMRPLPmelpv01qRTP3yFRaJde9itGTmupZDExtko4FVJLFJjRa0EEiEERQFu0p4h6aFK99kfLVuigQpWJpZGbF2awyelyogQ7iuhkcnOlAFeqrZa+PYI1Ojp7toGyTAMSTATo7NS+XARrkMfezfbeMtuOl7JzpS1lKyAvn5eb/kJle/nDmVltVKCQ9lBWLD3nZovShTePtbwvwz0B/18KeHoqfcPWz1MPoPSGq9t21xIqZfrKXTm0XnPGFLzEEnjAa/hM7gsh5S8D+6U6+toqdlVfYO70gaoEB6Lrz7aJRlcXCT2vls6WEdeVw+p8oaLHZCgvig==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(19627235002)(8676002)(66476007)(66556008)(66946007)(966005)(5660300002)(1076003)(6666004)(8936002)(38350700002)(38100700002)(4326008)(478600001)(52116002)(2616005)(316002)(956004)(6916009)(7416002)(86362001)(54906003)(2906002)(7696005)(83380400001)(16526019)(36756003)(186003)(26005)(6486002)(44832011);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?8Ix+Ksy+VY4HxdmVGuoQKSmAe79H9lKS3YbphAaTxY9XJoejr75/KVqgag4V?=
 =?us-ascii?Q?Jw7yFzroPI3RI4s3JNnFbjiELxO+FfWPG6YHxiYmKw7aV9EDgN+bCP7EbBSO?=
 =?us-ascii?Q?JIp2O+LgR5UubHsQUKdSc+SPkcZzqQSlfDLw9aJC4Dt+koGmfh98Vwo+W1QV?=
 =?us-ascii?Q?EuVPHXl1A1cgXRewkCXEZw11+NxO74eX5MI9OG5NM68zu7P0SjAPeFTR0nf7?=
 =?us-ascii?Q?sPw34aDuhZr7HKGmHNjHZY9/GbiG92HWmGf7lOtzuzCUOqM78dWAwd9ltyFx?=
 =?us-ascii?Q?A1X2nsSF+8cnCfGdpJGX738+axmXq9UTRHlcQ4WJKkBAg5eROZuvdbdnRsmo?=
 =?us-ascii?Q?/gyMdp2xZgERAVjGX9nEQPHEbTu+A61tW6bHdEXD0HlJlkbeJfglxIceIYhY?=
 =?us-ascii?Q?3oYFKzC0uOLblmjqhUM1P6mtwAz54bjfOQdHiaN8dKabzBYNyMx6a/hroOkB?=
 =?us-ascii?Q?UaB/feZ0BsWsxSj4Vr9KnZJcuaq1Wvjk24UM18CfBYglya6sijHh/FnIjmQk?=
 =?us-ascii?Q?Nfzlvr0pZpbbP66oQtl0Y+rTIAertV0M/3Nujo2eWwHGgqI6fvd2tST95x40?=
 =?us-ascii?Q?HbeDgrbuNB6OOwmKJvXkNSgWGyf+yJM1NbkbHkpdGPr9iIBgDoF/7r9scZow?=
 =?us-ascii?Q?oXz6zElKCFiP0fNkWGKFih7sU2xVu3FOBcFeZuD2BjwIdVc9fFxhiHj8rfCB?=
 =?us-ascii?Q?hoNcVUsVBhPHt3syQZ6nmQ2uB8AzqQauDeajZFMNCsT+ZuYkS4/zDWHKVMhe?=
 =?us-ascii?Q?69itfOGw48Dbrf5NUZETNSIhKeN8waZkoPUFYRAcxEpb+8Wo1uusqDtqp+hB?=
 =?us-ascii?Q?/uXuPN+KvlqxEY9U6ARhTACmUbL8I6YIW7JDuFZfjuqCuNjDYbLnEf51HG4s?=
 =?us-ascii?Q?yHmguo5/OBNZW4uZaKj0zRPiRgZpbAGVeSpkA9WRbjNENhbFqWkfjtQ0ZRp9?=
 =?us-ascii?Q?sks/S5j3B5eVqOlQEZ8J+gZpw2eG1a8Lw/Thdd/QEPW/HvZ8s6yTlgn1Tif1?=
 =?us-ascii?Q?XnR8l0cciBuKTxQv88Jfjm6yy7Etl/D9TkW1aTKfABK8kbXH3RjJcpGjAQHe?=
 =?us-ascii?Q?G0iCr8Co/+lBRQuTU5G1ghtzl8DJARsqzhBH0JNAWAoJCPsbk0Ulpg4UnxKV?=
 =?us-ascii?Q?1mzE1A3wMnL3CojBdR33tLh3VA9+7UjUGxzLmymYawX2LfrGXnTm2KkRykA1?=
 =?us-ascii?Q?ryQSd7ZGYV8+r7XQJAMjfZVIMqRvS9ksM0aSayo96DihuShZ40JQ7QRwwoAd?=
 =?us-ascii?Q?1vcGdf7Dkx0ycINcurpSgLyiI6uEf7pA0mid7qiTYZujqjyb9ou/SJQuZ41E?=
 =?us-ascii?Q?Y9kLZ9DaaUZlJj8rpHntdwoj?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 29143d42-1099-4a86-76a1-08d93a5c3bfe
X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:26.8909
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: R9k8V6dvpYN9R+bXzz3ctHN9ubfv0MeDfcLx+Eb2vDfsu5cewLqw9CH+3S5UuacXEIKsSlqmDBnpGEEWDNg7bw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/OvmfPkg.dec    | 6 ++++++
 OvmfPkg/OvmfPkgX64.fdf | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 106a368ec975..93f759534ade 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -328,6 +328,12 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48
=20
+  ## The base address and size of the SEV-SNP CPUID Area that contains
+  #  the PSP filtered CPUID results. If this is set in the .fdf, the
+  #  platform is responsible to reserve this area from DXE phase overwrite=
s.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x49
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x50
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1=
0
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 902c6a4e9ea1..3e257aaf72bd 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -91,6 +91,9 @@ [FD.MEMFD]
 0x00D000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui=
d.PcdOvmfSnpSecretsSize
=20
+0x00E000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.=
PcdOvmfSnpCpuidSize
+
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPeiTempRamSize
=20
--=20
2.17.1