From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.60])
 by mx.groups.io with SMTP id smtpd.web10.5573.1625057659234481619
 for <devel@edk2.groups.io>;
 Wed, 30 Jun 2021 05:54:19 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=ze12sG4m;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.60, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=D7TWR/OJ4kDmLxoRZt/dh+50S6tmCk/Es/TgE5sugC6a0ge0bE6splHAgpQU3wL5eafWIjqsHOlPD/oKHdrCiWk+F/hmdJf4jWOBDZGgMAVYc9OvZ8OtcbecJb6DDs3iaA/t3V1CQHALNtSYvA4hUtqdliZTPIcNCyoH9XSVBPv1m40eC16OBX4l2ZzzwIlk15eGHTkFqDvjRtMTY92cfL7+0iUVXRPnvU9OTQCJUkrmb6boxHJq0PBUqsvR9r8Sc7Y3kYXy56Mc+EWpWXo7kaeXurxuNvuflevtUq0f4hsvaglRIfjk1wqhOGE5HCpYiwtPpsazAHHuWY/FrAglTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=WVGp0Oa2Zfjw4vyKQPpZbKR8L1k0ZEJkZuoTYYbozfI=;
 b=aT7Z2R6hqZZ7aJymC0oys84nQHQejz7zwqaLnuy4tDhpMR3Qcw4jf3+vy6QRGcMN9lc7QTZFekNKSq6rrFwHeA4KdI1Y8oV/YuV2keBiKSh7a7gsHPNeFF42bUnSmaSuAX0JGa+f6k8eKOOBf+Ehq2DTSvZLo2jRqje1lK/SP17DSvVfNag+zODWQzU1iKi1l2t2RvYLJ+rJ8Ptp4l+x/Ssr+LdCMqELuLxhHn6CyHn23YoEuY7VFU0iMBVhieKPQ+iVnl6RlX/HQrP9kNOuY2gx0YoVvFiQ27Pc8/73iLr9E0Xw0FFyBRbb1fpd2MwvrGgkECOP6AKttw+ROP702A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=WVGp0Oa2Zfjw4vyKQPpZbKR8L1k0ZEJkZuoTYYbozfI=;
 b=ze12sG4mF2pxqGk5s6aApQqjlnybHnASnm7wzCt7PU77BRokzD6uDKYeWW08XRpLdt1E3Ay54cLZDJabT4pJNx0TG7v6I+vkZCrKCmrrpnZFWmGkhjBWD3XeJqowtJFcdvykFmDKYLmbIdXHrSXciwRpOP2vAeAAu8YylS0l+ho=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by
 DM5PR1201MB0076.namprd12.prod.outlook.com (2603:10b6:4:55::14) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4264.20; Wed, 30 Jun 2021 12:54:17 +0000
Received: from DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021
 12:54:17 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [RFC PATCH v5 12/28] OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest
Date: Wed, 30 Jun 2021 07:53:05 -0500
Message-ID: <20210630125321.30278-13-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com>
References: <20210630125321.30278-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com
 (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com
 (2603:10b6:5:42::18)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:16 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7c60ff52-306e-4d36-11e3-08d93bc62bd5
X-MS-TrafficTypeDiagnostic: DM5PR1201MB0076:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM5PR1201MB0076660A36C46F2271538A68E5019@DM5PR1201MB0076.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	o70wHAjUQlxQFxsDRmwVTwkYf4N6ntw7ZddB75l3AhR+DNCW9BCMWz2cL4LKSfJMryXUaXjfljK2p0q0Y3gzBJojVuPn9f2QgV/jCHwUgwEJzFmC2SsfxRY4aH6HMP9TFTT2Yvem85wy2mhnQtS4AubGaJqYfhFifLMK6vxVW82Gn+235Mtglog5TRzBW8bl3qOU6EQSbuP6i5FxiiHtcNWBbBlSuvf4pv9cd1vvG2C4zDC3PZii4QXwpUidrs2mNBviD/RkQRgMoc1riSmDqcQRL+bbZVz8uz+Xo22rV2YAvVLZZhL5zFsUqvBEgGVAdyiKbr0BH/GqfMc6EyOmZDCPMiBJnafyyNGfo609iP5yMkRlvMEAWliV8BrTiZCuS8PZfWgKSjsDDA6ut4zEuJcNISbTX6k9texAIuqIltAiYMQj8vUoA2qFh8RvQLUgd5G7tOS5p6P3c/NgEXVGSmRK6nz1tgj/EXolExmDFjd4/D2gTgcdmCbVTgmR4HoB51n7+VNKw0wX0bF4PHAsFRpgy34qQ7Y/5uaCTCEad/Qu/4XFmu8ZQE6JZ5dRN8h1/AeRDmH6OgafVELLJMRMnnxPbNBgQZXZCU7ECBH+2i9VgNNFkeR4wCsTvc9W9CUJlM7Wyb3Gjnts+T50E4VIIGSUOBYZQ260dCe7EXRXL42TCbEWc/0HUYc1qWggpIW5+Dvu2lEW6AGq/NFiDwhF3bGJPo+e57f8keYMM7ZI0SWECpxUBmR8s4HHwJMkMazmh+szS4SSXHr79GfocsCsChC7A6D7EMd/6c3OZJr1zQdd79ugSqWNVaheETX8Mn8q
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(7696005)(1076003)(8676002)(16526019)(8936002)(6666004)(2616005)(4326008)(956004)(38350700002)(38100700002)(478600001)(186003)(6486002)(66556008)(66476007)(26005)(7416002)(316002)(966005)(86362001)(66946007)(52116002)(36756003)(54906003)(5660300002)(2906002)(6916009)(44832011)(83380400001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?xzc3u2bL+PP8ZycCX0XN5SvZghqEu9O1IkISjQr4hOrvfYRyBeOGCNqznG9I?=
 =?us-ascii?Q?YlPmdSv2UlRwhbF8jhYCY3RngvyWICkwTYHS3UWhvswXNccPiJPdq4wuVIvC?=
 =?us-ascii?Q?3EmzGVJ1WpMUt6jqPLsLp/xGW3Gy26mM/ymtV9Kz7ckgSIwE6v+mFKQmEuo5?=
 =?us-ascii?Q?M0kWYXNvXOnURZsAkwI9XWkhVc329KndjiwsW9KD+WXgMWvaK0UknS/NEpJf?=
 =?us-ascii?Q?TRcTTZn8a8dOgL2tkytsbLtxMBbZ10EYewTlrBqkXJ6l+Jz4N1Q4pVIAKJQW?=
 =?us-ascii?Q?AIPXLRxMMeqX97vvVt9O8MktNyfbRrrAKmR5EH8d+dkt5+ec53ywVdQ5X5iq?=
 =?us-ascii?Q?Xq+T3VKqBomODYzPwiz04aUdT35t/DkvoSNMjW4UMEHaSe13IztSHZy5pj7d?=
 =?us-ascii?Q?fmsEr6C1wd+EJHMBOUEMdzDMhsANoCesGr97vr59+1CQteoBtq6ymalsj5Km?=
 =?us-ascii?Q?kgpgG/8A2HyfaKA900Xqyeq/dRzCC1klaaKbH3THMStNiVE7vq1mfUdt6y5v?=
 =?us-ascii?Q?065JszjZFl3VLzprpUBgu7CSyRlyOeasupEK3hFyHg5Ujs4xNuhTALFPyBsz?=
 =?us-ascii?Q?lJTjCCL2aul00wjJQHuW8HvUJdVjYlYzlX6yLbW7TD7Fhr+pudmPxiGyw1xX?=
 =?us-ascii?Q?syEZrQzK7BY8a6425RtBYP7deAIG7rnc08TDIdlaIuXEKhllOVlHCiH36Omn?=
 =?us-ascii?Q?8lSFuPpnLiiExK9wPuSgvc181rJXqwq/+JLRFye7IHYpWang+9MpZgv3LwgG?=
 =?us-ascii?Q?YdceLJ77qgEzQUPCp/FIuiFa9GZKckcrLTmo6DnxmSCUaEM+u6rNPIcvlhGq?=
 =?us-ascii?Q?usCQP6O2Un00xcbKwONTqIeywsEJZD0qtNlQNV2oElB8H7J47m9OzY7y/8or?=
 =?us-ascii?Q?gYpl9rIZ+NBH7c0KWrBQiq6445MKgWkm25i7fxeuRArETBJVR+wVKWUu1gOB?=
 =?us-ascii?Q?89CKhcKpPyVqKzbs0lEFH+YIsOES0KfTaUwBy7diGbd+fI9wDUzW99THwU5H?=
 =?us-ascii?Q?0SBWFkdc6K9asgUKT1tRCiEhdlkVPsiYaS1r+6Lmn/bHGefHA1gcWQeWdWCM?=
 =?us-ascii?Q?aZiKkZPn792QRiZLuZBS5WwQLiM9Kc1uw7OsBu34EXgGhy5ioSuGV1/mg7j6?=
 =?us-ascii?Q?ez8kmxQTh8UeUEnX1qVAJzu0SVZCP8+Yv18se2tMyU8hK8wXwptn9NiTIp2y?=
 =?us-ascii?Q?0xg3nOIcAzdc93eh6PPRMo/WW07pFyNOAdHsYdIF0xQ+6/T4Fj9GVO57VMUS?=
 =?us-ascii?Q?5rfxICyF0q+JNVq/XNEyyYgOjIlExT2cnTSjQ9DCOe2g2/T7MK2IPMuP2TQP?=
 =?us-ascii?Q?uwTOVCL2Qflj5vUQC4W0hnVr?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c60ff52-306e-4d36-11e3-08d93bc62bd5
X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:17.6202
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 5K5JJCKqMdHIPzCoyWgCiGU/ujq/6IYet4iFCsOqcw/39nKwNtDjJWiNddB46X+fkwIJ7/+FDCssHFsIJOGBxA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0076
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/Sec/SecMain.c | 84 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 9db67e17b2aa..c10441ddf472 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -750,6 +750,79 @@ SevEsProtocolFailure (
   CpuDeadLoop ();
 }
=20
+/**
+  Determine if SEV-SNP is active.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+
+**/
+STATIC
+BOOLEAN
+SevSnpIsEnabled (
+  VOID
+  )
+{
+  MSR_SEV_STATUS_REGISTER           Msr;
+
+  //
+  // Read the SEV_STATUS MSR to determine whether SEV-SNP is active.
+  //
+  Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);
+
+  //
+  // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+  //
+  if (Msr.Bits.SevSnpBit) {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+STATIC
+VOID
+SevSnpGhcbRegister (
+  UINTN   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail=
.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
   Validate the SEV-ES/GHCB protocol level.
=20
@@ -791,6 +864,17 @@ SevEsProtocolCheck (
     SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
   }
=20
+  //
+  // We cannot use the MemEncryptSevSnpIsEnabled () because the
+  // ProcessLibraryConstructorList () is not called yet.
+  //
+  if (SevSnpIsEnabled ()) {
+    //
+    // SEV-SNP guest requires that GHCB GPA must be registered before usin=
g it.
+    //
+    SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase));
+  }
+
   //
   // SEV-ES protocol checking succeeded, set the initial GHCB address
   //
--=20
2.17.1