From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.68])
 by mx.groups.io with SMTP id smtpd.web11.5549.1625057649706732968
 for <devel@edk2.groups.io>;
 Wed, 30 Jun 2021 05:54:09 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=vdjP+c0f;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.68, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=b9ZK3DNCRtPLYzDQc7db21tQ/MGDkaNIazZKPGuf6DVEczs4lvuBfYAuU1wPVOfm8CqatoBSoHsvq3BeGHVqR75Ory1WULpbLMsl56ewrB4IBr3hxsecDvf/Sg0fbq7zicwP029pjJirq5RurHDzEQXu5PP5HQjB3HVGbZLzF5x+ZVP1tZwd1oUYkHqq524e1XNIfBZGt22w2RbRLvghKWhWAk5kCnjrAMpSeRt4GjDt0B6gAfv4dewKlEN03ln+JS9Lz45XXc47gwyjIH/DPs7GiQ5m40Z1IYgC521RVI1LfZfWUQsebYz/Fm7VMkYypH+XSLgOtL8MLHxwL5/LvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xVPCjq8ZN6ppI7DW/FpyKan0V0ikfo5VLzIJjxBKN2A=;
 b=BKAD9ntwUgKvZ5AoOsoGkHo5Irx8H23n3COSw2XnX03+snu+8/5T789z9stZXSZqiW8FvdHWQCdPwUmPWHFGAZwSKfnMn6Xwxoh2U8VfOVPcKBj/EMUN7cW3C9LSNQXMMR2uuA1iQWGwFW6OogB/LymMIY5ogeF8R77jmm5sL5eBBwe7/+C2gRmrmb7boJarpctZYmYjJbkdnAFHfdq0W3CbrfanKzr+qSnPpJENBKEs/T4j5VEfBPMfXMlmsdqR3GXXOmTIyRG6fh7OorXZwWHCVi9ScC42TXcgTZ5zTspPSYbgX7SmVRmv6xjJcM/st8MRZIttwXH4Uj6D3FUHHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xVPCjq8ZN6ppI7DW/FpyKan0V0ikfo5VLzIJjxBKN2A=;
 b=vdjP+c0fQ3VykS3F6VhlDE4qHkefHLCEmmQ30ejf4Ab1HhDJnKUeRag4y3bEb/OT7Z1BTnj2WToA3PtAx3TwKMTUe/ruCPyaY65aW5K4DUz+Mc1lHlBABwxKSDcoZ5uqfcAI9mMKjrZGnqz7qON9cK6+9ddCvMeVdgnEo+HiI4k=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by
 DM5PR1201MB0076.namprd12.prod.outlook.com (2603:10b6:4:55::14) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4264.20; Wed, 30 Jun 2021 12:54:07 +0000
Received: from DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021
 12:54:07 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [RFC PATCH v5 05/28] OvmfPkg: reserve CPUID page for SEV-SNP
Date: Wed, 30 Jun 2021 07:52:58 -0500
Message-ID: <20210630125321.30278-6-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com>
References: <20210630125321.30278-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com
 (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com
 (2603:10b6:5:42::18)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:06 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d8e91509-8f7a-4389-13cd-08d93bc625dc
X-MS-TrafficTypeDiagnostic: DM5PR1201MB0076:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM5PR1201MB007618C688279C72EF8FBF4BE5019@DM5PR1201MB0076.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	9/U70lKzqaVBtVuNYvj+fL/DXWE17cRLoc2yBuo98nz0GkFoRjmPgBibu89xTPOoixsgKRQRVwEpo+oKV6YEoLUGxxQiUgsuMlnw3lWWmzYL4cWbOA0OA8701sSsqkHNJLknlNgactzpAR3bqpUM1jPDovoleNX5N9+VWXd+1wwVRNMryxTii3HEhnCmPftY3llJFEPDYV8ZzwjnMeTfFmGmHLR/GZjbMaVV3SSnlAYX3xb3hK+30mJbkZsgkNEh0mLa0+RgHXsTPtkp3+m4G7EtQUzqoqte4kD/lcueRv+5ott7idRtgG6SAgJytp6c3YucXHbDRLBwQBH1Qf34aS/IqBBc1LX4ln6M02IlUGYzLf1tHVdGXbEC4opC/4AhVuXhy5C0Pvrw+Znae0MhwhFk0j95A/RfB/UYe3Gc64RDyMJwj8Wlm55sWHe7k8dYHDcQ5XdiR4HcVX8E/mw/qrfvmMXcLP1jqQghaiFjMz61uA+kHwqbTnUvzOY1RGuDKd1eBe8eISpgnl3ts8MVdH/UmLCbBhMV8lUh6xbZS2ai8qvyxrQHWwB3xYC3a+8xEpFuF9rw+D5t9McsnPN71BnzPscmABYQ+s+V/Si+GVW3Rqni1OevWzIe70TL92x7e8SE+0sGiMP4WbEtQ9m9hjSrFLM7okArKjXnhV2kRcv4VauwqEt7FXDeI+sLns6kGILeTC/kkQsl3LhiKwCBetW09j+QYkn6UfTxW9PGqHQ9jSkrs2ynEgInj0cTzbF9HZxHS52vrm/xT3bHSP+zvLPBsLpnuwSH3q0i/PG3oEVwMwZQyfbJ5D/K5LJnTimA2cLT/jrWNNl3/msoPEErUA==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(7696005)(1076003)(8676002)(16526019)(8936002)(6666004)(2616005)(4326008)(956004)(38350700002)(38100700002)(478600001)(186003)(6486002)(19627235002)(66556008)(66476007)(26005)(7416002)(316002)(966005)(86362001)(66946007)(52116002)(36756003)(54906003)(5660300002)(2906002)(6916009)(44832011)(83380400001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?kcvMYypJXvz1YGEbh9hlKIqTQraP9Rxw3UskYjsKn4IL9Z3tdBkSj+9b/+PM?=
 =?us-ascii?Q?oDCS2pTENvkK/smg+bUivB/nof/BvSrgF7YgL0MGHXln/fgG52naJAoEpuSq?=
 =?us-ascii?Q?3jFWG8+iUqeIq4O8ujzZN4ED9f+msJ0xTWyelbqc4ZuMv6vvbm4LHL5J3JZg?=
 =?us-ascii?Q?EngbMUaf/e/wE/zBGCYmFUqw28WWg5yUhggfTpXOiESue+OuoIkDHCtKSbUQ?=
 =?us-ascii?Q?w+qmQlauQoDi5XNBl9W09SmtF2I+3dbPLxe8UROQDgAtLlmxrO24xItAN90e?=
 =?us-ascii?Q?0m5iVrnJeGuoK9Dxr6y5ZrnfJZsWgyEZ1dzRYZdZm6tO2u8TMIr33vvHl5yb?=
 =?us-ascii?Q?rNhp/3FuiQ5RqFBNzZasllHtskOJm6nbwq6LmC5rg+7IfNY7sFTsQysuFzmL?=
 =?us-ascii?Q?vOArp5R1GJiXzildIGAV3QwtO4YT1mFb3zeBPhrORKIDYBEKdJNh6YJCObCa?=
 =?us-ascii?Q?expmWgBWIjvAvnPavwVj3M48ch0g/ucIeDTAXlchjTEPTJ24GRCHyEd4lYk2?=
 =?us-ascii?Q?Suxn0pzQ1ysvxpTN17boxm4Ojq+kRerlGb/nCf4Ceb8O+uFwLHtG8SjHuzvc?=
 =?us-ascii?Q?h9ZUB4G38nKfr9WnsnimIvBm8MdkvLvUJ0zDiMGd+gKmC9TtvAsOKHPidbhF?=
 =?us-ascii?Q?P/djqIQKEBOHcW7w4guw3bRj1QyJh6MUOJ4Mm8GWKLbezN5uQp/PkNWyolig?=
 =?us-ascii?Q?KEYz//oWK9/F4SvceNQ/AxKgfNRbwkeKfIG8+p8w4RMQxGh5HEnjlRL3HhpE?=
 =?us-ascii?Q?xeQFm2T+41K73Skx2I7iuZaBaEtfqQ3CxJ8UgXssuNiWPlIbn8Yskut3/0X/?=
 =?us-ascii?Q?cquRApcIjXnAHzkumoHXlR4KbaDDai99AZlKOBbRrACtne5r5ia/w4uZ5Hz8?=
 =?us-ascii?Q?xxAIxYU44B+DbZ4uI3P7U18RKF615l+PbjXSezBIbm+Jc3eRgCjLh7TuLl7H?=
 =?us-ascii?Q?LEGOS2leGIpdREFeDP+vTvDeeT98indXCCeb+XHaNsnysuPWWLmfJrUN+Bpt?=
 =?us-ascii?Q?lsuAwz9niEAXdtCIdC10GWWgcaafHdAXE5GodFOsaunArdBTB10qOmyRiwZG?=
 =?us-ascii?Q?FN4J/FgARchMItnzfEH/2FepMnbjmv2jg/clbNa4a4Wpxthjfq06IfL5Slzu?=
 =?us-ascii?Q?sFXinJj8WL18p8snR51u9945bQyCtLEio15fYvJ0g+yJZeGcDkYiA/N3P2Ql?=
 =?us-ascii?Q?EuUSa6NhDBulW3obJkv/X56gIGopQzH76LX2M8KBth8jxs1mjlVtqeko8+oB?=
 =?us-ascii?Q?zA2qG+4WP7/tXfggmI6ysNHoFTuX+K6SgSPRJRmapeNuSIv7ieEURzObj98/?=
 =?us-ascii?Q?dS3cAdQou7M+BKjQVb4QDxeu?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d8e91509-8f7a-4389-13cd-08d93bc625dc
X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:07.6098
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: W2fVERjcl40WMAhOnSmTOyz7tWgXxWy1G1/zIjkOawuEhy/GStq9u9jPRq83PJPJDoIh7luuVrfOsNmxyPuQvA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0076
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/OvmfPkg.dec    | 6 ++++++
 OvmfPkg/OvmfPkgX64.fdf | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 106a368ec975..93f759534ade 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -328,6 +328,12 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48
=20
+  ## The base address and size of the SEV-SNP CPUID Area that contains
+  #  the PSP filtered CPUID results. If this is set in the .fdf, the
+  #  platform is responsible to reserve this area from DXE phase overwrite=
s.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x49
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x50
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1=
0
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 902c6a4e9ea1..3e257aaf72bd 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -91,6 +91,9 @@ [FD.MEMFD]
 0x00D000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui=
d.PcdOvmfSnpSecretsSize
=20
+0x00E000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.=
PcdOvmfSnpCpuidSize
+
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPeiTempRamSize
=20
--=20
2.17.1