From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.51]) by mx.groups.io with SMTP id smtpd.web12.5438.1625057660445617254 for ; Wed, 30 Jun 2021 05:54:20 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=WRQEpRRs; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.51, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nGkhvMjv4cOi6yQAk8ZFZ3eMihvznDZcCPzUwLElKo4COgSNEKfdkcFJimldOazrUJ88fCK3chD0blsFZTtBPf7VdF+MO26gMZRTTaa4qUtadE0k/liyhZRHc1Lcw5QPh3ML7m2xf2nJz73gE8lTyq4PpknB6J+ovx7+XTCKgP3+THpSLOWDUSwlcrNOsN/slxcVV+zO6HW2+DXwQOM6Xxr+kL4dz64BhPx0YbNfmc0e4g47+Ne6hsDuuMXyCMYXajjuGHc1RDucqsC3KAiHK0qL+w9rnErQ53NtjC4j0j9Q85+hwAsc/cHoNWJKGCmykcS9a83i1Q/Xig18gYl8YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=80UEoPaOgJSfw6CUClOElvdZAMG3H7UjcoEf4OwPWi4=; b=k3WxnpfmgJMjsR96zKm7Qy3C4egG1yurklESRpcyBGwxEnAlO2434e8pITRx8uNHH2yK/FxT3fT138gtbuz9Nfdy3DfGRbi/NcvlktfhW9ky8A/S2Ng+nFoov6zXy+N923jNnXtYOAeuyxNrP49+VP8A7CcCBLZVZIHxBmp8E9TOIEeZAxEQk67n7NJqwafBrHsi6Lr0bYn87qBzS/L4/fW3BOTQ1R1OE8STK033GN17Zh+NgzRBFDCMXX1+Ar4RV/1ggIVWcT5kvJb5wWY4NwEDNTrNT3bEbeZDwXgAiakkaLXYTCvGo6OljW10ci+Jq+RB7Ousg7cnvonPCPCX/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=80UEoPaOgJSfw6CUClOElvdZAMG3H7UjcoEf4OwPWi4=; b=WRQEpRRsD200VmQT+jy89AKYk8wYOfEcesZoRDqQB6Kd5GASjGWCPsQtDMUBxC4l1YaamrUKb0KRmjWaFcFjduAPvyUFq+fVmF6Gg4LQbnzZbBIXc7r+7YNq3kRo6GR0682rMFfeDMb9Gwk6oz//TH1ZCVI/14XoJ9CFpVR+PuI= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM5PR1201MB0076.namprd12.prod.outlook.com (2603:10b6:4:55::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Wed, 30 Jun 2021 12:54:19 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021 12:54:18 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v5 13/28] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest Date: Wed, 30 Jun 2021 07:53:06 -0500 Message-ID: <20210630125321.30278-14-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com> References: <20210630125321.30278-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 751ad52a-793d-4d80-a9da-08d93bc62c97 X-MS-TrafficTypeDiagnostic: DM5PR1201MB0076: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +6TTMUcldECs3WMszym6knAp/+v+Xlokt3aVqRV+absQZnngCyxtB2bkLxBUhmEw8W886URHIglcqDW7uac5gCd69vM5xbzBeWsCoumVOxRX4n7fGQ4mP6Poxg7QF2CvIGwsWNS4HTXGofgmpkYJNLfoOzFBIjnHrUUXJeNwFos4PJV5BfOdAiCYO7hI+haIaq3oenlKxT+/m28+Wz5503jerc5xgYw83PuFdyKQVMkJEFj7X28hX3m4UYRu4LZnHJAIjX3Yzmnf2d5Ul56jYL1lU0Zn4kOGI7a2BMx160Lgpz8OC71EJTlpPkjJ6iJwaKzBiCDh4a6woVe1qSMNNsJvH7CSF/q6/rOyqH4ludNQIM051KSz1PoOEL7lUfVpC1j4wtqpRGAej3wauy7RX2IsWzg36FbpYQCyDBDtC8a0dYRFF+Kr3IcFL8dUvg3A0zI54ANY1bkWEJP+DYr4Awtc8hSVVaMeUiJq/GpeZmIwcX0RbylxYGFIphVKgozIFSiWOahhha0RmREhRPE/dLwF5o1FPGLfFmZton0wutHRzRliIzqBwtwOMBYtKUi49XnhCTx0HiL/M64Pm9AGX8neVhx/ToPqAotBGO9IdUB7q1Mo50cbKhAe0cjYlqQj8shJrELAxmbi5WXI4Ns/0aai2a2s3HA8b6wXWdJR/d/ofEyVv0hjcuJR0XIu04GuIkUljI+W4oCXt00AYnw3GvZstlRCxTyEUyTN9NYMOaOcOHu08zbITJriXFZUcYXlUk/5oAOFWIChxCApc1Wq/Hp0vn9QFqXbbY4qjiQKPWtZwuXUd7pcwiM8NI6Vy2gg X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(7696005)(1076003)(8676002)(16526019)(8936002)(6666004)(2616005)(4326008)(956004)(38350700002)(38100700002)(478600001)(186003)(6486002)(66556008)(66476007)(26005)(7416002)(316002)(966005)(86362001)(66946007)(52116002)(36756003)(54906003)(5660300002)(2906002)(6916009)(44832011)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?XC8slwKR/R+eKKpUAY/pNT6bNPs45/Fr5442Hn+MauZ2hPJZLvsxdFbztjL5?= =?us-ascii?Q?00iSpIYYneCbvI6dkfjVr07XTJ4SWvViazTCyWjd8v+iE7ZAMV+mfcHRH/Dy?= =?us-ascii?Q?wt82nLzl1dVfZnFpAmrLQc4176ZHOv7RmNr44HEixz/EENRhZ1nM7NkiuUCp?= =?us-ascii?Q?VqdlNDzmcVOesEzhPLIJOaZpDzJr6ZzZvKuvG5HHf44o4QLnpzvawAaaD9F7?= =?us-ascii?Q?5rEjtwUz3zl4Sw1VK/L91k4Gk5syGYiIEoGujISsO2rGnRJnmHYCKhd+8xfP?= =?us-ascii?Q?r6yJ9NR2ZNkOOZHodEcVXyWGeqHQ1mTSSTFm2P0jViNErcOC9uPKJnZOffcu?= =?us-ascii?Q?3JlnHhyNHEMvlbF2ubnFz+NE2pze4UhlO3zcB8dUHPSsvurvArGYlV6TfcKN?= =?us-ascii?Q?+i1D9JR2ilRDy+DhVthPEL3mT18ugabP2iACyy+cci5Xnd6BPCN5d7CYqHYg?= =?us-ascii?Q?5pO/mr3gNDRtxi/ikjiTpj17tgKIqm5z6lLZSHZ2QJjj3rux2ox+htGo1FyO?= =?us-ascii?Q?FfUHKay6cEacj0zREr59vZ7PAeNG+4zFIJNQaPBBVNn2aMsz+krMAnYwLSUy?= =?us-ascii?Q?cwmA0SrC1Vbe8wXkDJIjtpI5etrJWDbKTe0hdZPwryNXPlr6Gs+B4OndmBey?= =?us-ascii?Q?ce8Ln6+zwm7xu/wVUh1w1wB95JECkvv6nhZfDXCXXA9HDWnvWcce8EB1LYpE?= =?us-ascii?Q?zFRPNeBP96CNaWLAtf0jKSNiPS3XJ4U3Wf9fqxu+02IoPZtKHSRdmvXLrhxG?= =?us-ascii?Q?lqGOGyO/wT0/jPcntkivyQ+4GLb2zZM1B+Yzza0gmBzbKutzsA4MXWaTy7oB?= =?us-ascii?Q?/j5nyvhQIvZvM1m5UavACX0VOuFNtBXQ/b71Z1jHmu1NrrGxBTWn+JiCu3wi?= =?us-ascii?Q?4SbEkKbw7qMTXodFK+/RLq5+Lu3IB50Kz+SDzs1/AFfZkIYKfWDcOcC5AR+v?= =?us-ascii?Q?Y4X+3VPWcnUeT0A3Os0qRhqVoRcMaNt+o8VrDUeNGpDphoHVOdluogosXAcb?= =?us-ascii?Q?5/RKagp7RLdtPqENgfc/HVDs3kVqtMIG3vZrC8FE2gWFJqueB3QNdbzi6A1K?= =?us-ascii?Q?be3AMBoFFGYFWkkIUO59OjgAhveRKj7aNWRvKLfbb+s+/kQEVSpLb/bqBM/F?= =?us-ascii?Q?QQegDXWuP2KLKyfSfZRZ1aPrBsmEAQhkIon3WHpDaloC2AH8DlF7FwlrdIWN?= =?us-ascii?Q?nWGojD4vT6Y0XBqc3IoiPHvQJCbUStcjvK8KPccqVJRyY7Sa132Sqf49it5r?= =?us-ascii?Q?Onp8KPYbKw/NYeHH0Q7nck9bYnBb04FjQ4SrnPqXWlFYFmvHyZa4Ni/Lfkv+?= =?us-ascii?Q?KyVuJ6vt/lcT/B3nQT/RGqdI?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 751ad52a-793d-4d80-a9da-08d93bc62c97 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:18.8695 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /ZJmC65SMq9gbVpUvkeochqZxoYf5MuzJDzp6RWquIjw2kaOLVqO16QdYwX0cCTCH/9MEs/miAVitl+C+AmjqQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0076 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 91 ++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022ba..de876fdb478e 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -19,9 +19,93 @@ #include #include #include +#include =20 #include "Platform.h" =20 +/** + Handle an SEV-SNP/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue= st + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to be registered. + +**/ +STATIC +VOID +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail= . + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -109,6 +193,13 @@ AmdSevEsInitialize ( "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n= ", (UINT64)GhcbBackupPageCount, GhcbBackupBase)); =20 + // + // SEV-SNP guest requires that GHCB GPA must be registered before using = it. + // + if (MemEncryptSevSnpIsEnabled ()) { + GhcbRegister (GhcbBasePa); + } + AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); =20 // --=20 2.17.1