From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.41])
 by mx.groups.io with SMTP id smtpd.web08.5389.1625057648313529841
 for <devel@edk2.groups.io>;
 Wed, 30 Jun 2021 05:54:08 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=5V97NlTY;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.41, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=oGW6uAS0sVD+8xEiL1T4YVs2FZmT8iF7exhgG5jmjKa4Gdx/ceoBN4vtvEDAX71y0pfU+ezjHLN4yTDSTU9xMf629GofbBrWlmcCpVxUSL5GZxZT6wpP+ZiClc4vn/RmeZR1qMdhTnMCxvtOIhR+CJEuP0YD2Ss0Ob+ZzKQuFIDOBHYC4lhyk6FiQhv2B2eZgBmnEnvzsoIovnoGOOeVVE64fymCsxT6VzswxKUgugKlTFYRBl48qmcxpDNsDD+8eKFGGjTXE3pGO4pFypCshwRH5F82f5eumqYpD3ykSwp4Sc5ZdXWGdgvCdx+BlcpHDquC1hkpSlvTvcnglUfFHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=DwI0k7bbuQTBk5WMJRFb3b6AcIO8XigRDcbmGemQzjE=;
 b=PFHctt6wy4Zt1HUUW/chOTbZSaKbeJB/ynzEAgT2mxVCNzPAaB7iB2K96jk+XNTK2UPVVDd0Q2SFOWLfu8/FAnvXz0aALkZjUoa+87Sj3p0MGnjnQ1CO0PxceKezn1fc37D4spJSjMEo1yRABop12uT9b1p8EXLemRlLYIEdL4hkMw0JoaJl5jrE4oYa3RAFLiYiV8Orh6livuRLS2cifQxrm7n9nXu4w4YAUb0Vh4115/pSn6/Tdri4Rt17cOvAxMLdftD4XhJf9lIMnND/9vOKAcvjh/NED+8vMQrv7ke3cZV8NOOphL0PlByyT/QP3Izv8/a8q4afyS2sHLiZ6Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=DwI0k7bbuQTBk5WMJRFb3b6AcIO8XigRDcbmGemQzjE=;
 b=5V97NlTYqBDYxPDFDKn4pVwPdJtKaPaA4LvXycvTeiZqp2gXzeT9vM4C3PTFU6MP+QqKCTP1UBOu+VPJVbXfif5/wrHLqaYvHg1L1F6ifKGeh/1oX31+Evcj7gso/eJsh+jJv5ZVEpG9ds7HCa6xQTYfMajFirbsku5KVMqVyZM=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by
 DM5PR1201MB0076.namprd12.prod.outlook.com (2603:10b6:4:55::14) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4264.20; Wed, 30 Jun 2021 12:54:06 +0000
Received: from DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021
 12:54:06 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [RFC PATCH v5 04/28] OvmfPkg: reserve SNP secrets page
Date: Wed, 30 Jun 2021 07:52:57 -0500
Message-ID: <20210630125321.30278-5-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com>
References: <20210630125321.30278-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com
 (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com
 (2603:10b6:5:42::18)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:05 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e8bbe2e1-248f-47a5-4805-08d93bc62516
X-MS-TrafficTypeDiagnostic: DM5PR1201MB0076:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM5PR1201MB00761A405AEF9A45D4EE9878E5019@DM5PR1201MB0076.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6790;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	Zd6wUF49KOgTGta4UsEc594HoiQ0PwYnX+mBIUoFw03BKh4VO66yzzVZJvfQliyZUbU1x+1WwhmkHHtMZHpdEjAcPifi++AAqmkZG1AQhgVd6iGozh65fHCCEGkwKWjUMnrJkWVq611h/Yq/PwdhDi1BHtxpCejz6EAzOFXBYGg6uNUSrVCVpRxXFnIhHvAkJGlq1jJsNhXgalboX25nTH7349DOTE4Li9jM0+5cuTHaPXM/LQ17MGcdJp7uR7KfNIUOQWpUWfpIny2Y8FSvUitAqXMWPlRZbuBxmNTZ3h/NsBpt522Yc1USbwwdkbQ3MBcy6WHlL7spnSMsVffi4Mtj41Ov1XxlSJEaLBzSv5OOXNJIpOI6s2LY/r9sxvUM3hTrRit9xWoDMlxU7vcjcRpdN2Mg4sDtwfSUdDS8WeIYzm7cbaeMpjXOZQGvi68SHqJcQFlhSkIH3kCTXOdyWXeiEk3r1ZVCCYQb5lZAnOAlw+mh32JulKE/R5WnHz0EtI0A4kHPJTNmavfUuS4ceBjYSw9XXQEY6j/zfryGeWu17l/DQu3G479CAIlxQi8q+emiDueDJHo8NGYpQLMAAQtv4RKI5P/9c55op9ZbkhpIx1MsDGZOQFFb159nBicQFvozcdz6Tj0EC6M25kLLD8zcFi6EuXzVHfV75YU0I4OgpXVy1R0UIIvZ4XaTZZXGZi58NA/2yacqN19mnLSjcjcHJPBC6IE0+5DGIeGzJPJPWWLLxFzcOuOENV7IOTr1PwYb+cPQ9KHZ+dvfTrStEPbRlYkf9a4iFVZHcI5bC8QVEDx04uJEwNMCsGJl9imY8avnFHsqRCoQQX8VLo38rg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(7696005)(1076003)(8676002)(16526019)(8936002)(6666004)(2616005)(4326008)(956004)(38350700002)(38100700002)(478600001)(186003)(6486002)(19627235002)(66556008)(66476007)(26005)(7416002)(316002)(966005)(86362001)(66946007)(52116002)(36756003)(54906003)(5660300002)(2906002)(6916009)(44832011)(83380400001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?Fdbd5YPhX/LEAFIsHImWWNEYTqu9NyWN4kzcLks38ILz+T1i3mTd/OQjYC5G?=
 =?us-ascii?Q?mUT2q0W8hF0LvgKhLtFKgQCk0/A+cCHoXK6uV1s/sLqpdMmwWSDbKjsmuIVy?=
 =?us-ascii?Q?xm03VMBhtKYjBXgwhUistFAuLiCGCVJYnvlkFmK8sKMhf0wWC35bYgWKwyH1?=
 =?us-ascii?Q?kVfQXxHFztWKlXhGzmE9lYy+InUKRmz1JY//V9b2WtrLFKqTOTioG6YzV3YY?=
 =?us-ascii?Q?1itnn63v/OGjqdmWAGmPEmS2r+p6S7FBOMkBR38Uzlu5x6+SqnWTCUl1VdZu?=
 =?us-ascii?Q?BwHevYX1e1USLtvdkjUlwLBa4pIV4H8IIea7HeshCDYY16eiq4jRoBAZSY0f?=
 =?us-ascii?Q?jjq0QKd7WC/P5dPpE7PD2WsMGLsOIetKi+rRZePYpduM0ElKa7IUs8Vd4omv?=
 =?us-ascii?Q?pvDXyYndDUEK/JV0hCAHEi5dOx7sk6eq03B7yGHW6L8lh6jPkGO+wd0l0hEL?=
 =?us-ascii?Q?h2iJkTJbuoctc2N70SXS5gEEP5kEMHbK6l2N0xMcv6rOy/aaHWMjYQr9nqHq?=
 =?us-ascii?Q?3CsqbrPT2QK7qh6358d6gwiaf2FuMtrj3FuO3+rIbm2fd361hyWDU+FamJ4S?=
 =?us-ascii?Q?2DbiiLwBfyJzyGiZOvHkdAX95RR/8jlOP9s8Snol/39cPetLoTFU10JmJI+g?=
 =?us-ascii?Q?4GwTTkGPDVnZvQjU7Dh4YB5n3R0/tcriisyNCEP7jLdc9gYLioQnwhqphNqW?=
 =?us-ascii?Q?ru6BIqQBg7raxBAnQA6ZbeL6X490FHS+tbEylhdAkq+hH6R9oeefU2RPECvt?=
 =?us-ascii?Q?WoA6QJIMwMFQ4/KZM5OfYQYq9qqLfdGUqXBotCtmNdwT1sEKD2OTWi0X9vm6?=
 =?us-ascii?Q?TsER1SWNyV74qw2WJAuFFuanlcX0sF5At62O+dNQaqqA1bsGqGADfg94sBG2?=
 =?us-ascii?Q?3n2mat2nHBaAMUw9pGkep7VMKWpQSfI2tbeDFFpVC8VcENHefxP+8L5/KJpD?=
 =?us-ascii?Q?z+rrusCsoMufYbTtv6GIL/+JjYmF5VSw5U7B3wNIikjY47FRhIYvxn/s1zsb?=
 =?us-ascii?Q?cJt38DVYJSwyMQOrTiRBJfCaxWe3k9Db0YwqWxpW9eMnyq31giDjaWhue9HG?=
 =?us-ascii?Q?3OCqBWJZ3N2RWVpdVnqPeMfRW3Ts/OiKa7yAUi5JbEfEZ9Q6onN6H+vr5ljq?=
 =?us-ascii?Q?EiWtoaOJVuoUbZK0ZHbiSXMwCiduEC1sgufOCWVHIJveGAuDK1SuQW9HiAoQ?=
 =?us-ascii?Q?H1hyqgZVCwS223uAyNLlTddQ6sM5kzl5iz/EeVa7sIphSJ9qCl34Pwv+/edu?=
 =?us-ascii?Q?HkpzOdDWzo1mEDQwmtY3jtzPTnzD8dESIMgbKTBWiS8rgo42hSFi1p9MdYFh?=
 =?us-ascii?Q?FhKPzN0IgDpnZvslo/BSPziH?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e8bbe2e1-248f-47a5-4805-08d93bc62516
X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:06.2365
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: HJfdKB6rqJbye387HaiowJphuxCQpzEcwDjXDejTOkWUbzk3kUOYHeLkocpwy2qeuoOxqqqJakrh/hZEaJ/+Dg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0076
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to the PSP.

The purpose of the secrets page in the SEV-SNP is different from the one
used in SEV guests. In SEV, the secrets page contains the guest owner's
private data after the remote attestation.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/OvmfPkg.dec    | 7 +++++++
 OvmfPkg/OvmfPkgX64.fdf | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f..106a368ec975 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -321,6 +321,13 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43
=20
+  ## The base address and size of the SEV-SNP Secrets Area that contains
+  #  the VM platform communication key used to send and recieve the
+  #  messages to the PSP. If this is set in the .fdf, the platform
+  #  is responsible to reserve this area from DXE phase overwrites.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1=
0
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 5fa8c0895808..902c6a4e9ea1 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -88,6 +88,9 @@ [FD.MEMFD]
 0x00C000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecGhcbBackupSize
=20
+0x00D000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui=
d.PcdOvmfSnpSecretsSize
+
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPeiTempRamSize
=20
--=20
2.17.1