From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.85]) by mx.groups.io with SMTP id smtpd.web09.5410.1625057653836311982 for ; Wed, 30 Jun 2021 05:54:14 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=ZnfXWPv+; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.85, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZgDYieHJ86xzUaL6m6Y89n0943/PfB4qVTh9gzWgV0UE0SEKLsDvt7qDTZJBmGvne/yrFSQw96Edg5ibNyExfbNkNGm+LuByjaSpQ+BEjEbS5/QCr7tbAKc6QtYRYxIABeZK8a9qxg9+we/KCI2QYhmE50GQpNu22wxBv3fqXI9c+VzeoIko8gOnpz6UUaWNN5zyr9cG06xJNsERh1vV/lPI/d9riRQQHYq6PaQhponRt4IE4sZ7fRD2I24+CmGOjFw0c6c5CBdTT76tnwtGSvVhkTQSKH69tMRUFwxYtRTSzdMwPorqgJygt+UDkbjtkL6mLdZ0dwazo9vXWGsCAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k45gWEdvDq9vSmqfHDfJhgxZSGVdVGRTy/sME+PNqDw=; b=LereB4nbWzniFWVVM6cqek2ER/UGZvyLgqHI/TKS6+BVtmWvqlfRo5T17WFr7c7t+gKmIx+IuE8LzNZQB+escKwBKBwcZjBf04HSgWn9LRg4XMOkIuBuE0Uqylr6zOhyqvtYT4dy2A9ZDuhVNmEYcgeQ0BndVt2JRtouqUUi/ALdiklrv2lokHvnP99PMnuVOSz3R08flDb9OcP2lqr5snK1O8Oxgyd5t+Nv+SEjUfBedpP7lrQvQuEMvw3uRa+Vw82oKO1F2pAhIJtNyO0UCh5otOnfR8tRVOg7JSWlwZB/6TPL2aFLJbTtrxs62QbTrT/GP1nzLcLGCxPvK79ihA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k45gWEdvDq9vSmqfHDfJhgxZSGVdVGRTy/sME+PNqDw=; b=ZnfXWPv+i460J3PIeYjvFwSGdXl0XzV9Pc2OGvmt8jin8XjCnXfNdzUstQC5Xm00yMtVCQtes2boGvQr4C551WpMSVRMgUH+XINlScGn/b1dh7WRM6nn5Ryc1rT9ifAJlVxxtVzvylKGY9qRbXi2O4dURC3t9dBnlI1vUHuUQyA= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM5PR1201MB0076.namprd12.prod.outlook.com (2603:10b6:4:55::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Wed, 30 Jun 2021 12:54:11 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021 12:54:11 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v5 08/28] OvmfPkg/ResetVector: invalidate the GHCB page Date: Wed, 30 Jun 2021 07:53:01 -0500 Message-ID: <20210630125321.30278-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com> References: <20210630125321.30278-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1f757059-9972-43aa-b193-08d93bc62850 X-MS-TrafficTypeDiagnostic: DM5PR1201MB0076: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kIeyKZR+qIz2JI9ghNCg2PVN4EcXWeZgOhHbqJUQlD5nzkFcRN9RgKewTgpAOGdnHmVLpk5N/xNLjGvfTdzeyj+85GHxEHL+2cDDUNb7RbLOFqSQNBNQ3ovng02puQkJ0WijdCx664D046aKc2JIwZq8g7Hw1JZRfipMQ5GnXJDYIjfiFhxo4mE15eJTo6U+eBtaWanDRPb1Yn5OSg/zR/+G4yITHnetBGvLYARy0JYMVDSGzITNReYb7CivyR67IdE+T+PhQ0pFIyBtuA+mB7CjUXKtBoFymwWtvHZl95/1Z4SAhE0JAjQ7rbygTGxCx+gautT0bLfNg48o6UVB2j0JVggEH5p2dJU8yCB9JTf01Sk7AV0D+2zJf2T337ZFl/hvf1T5+Z2Wb2LWCD/g7f2XtCTDvj6JHANqBOt9FWCdIKpgHn8+u9pA0L5/khGBfBIXX5reYf9Q1mxuf8euFsFuz8K/IE2WVOQAgW2xOrKoD75D9u/iKvFXMPs8wRPIY58BWeo7LT6T1ASR5C72Mb4ScPrUTMxZ4uiDnLPRF2hdU2dso9OKGCiRPlHKcRvjwFbtUaPIDXR9ee5LNT/LknlazDV5O7UbAzmIQf57D7KYCbfE/+LAGDAyO57MXXmxw4prUtRNtU5GrybDKrigr345L8/Ho3ORckIvAKQy8yNDMy7aRj7QTn2TZ8y3Kx6CQ2KHA0pOu8IO+4di1ceibmKBgDI/w9oc4ELnDeHGawNoVV9jhreXDrPl1g5kqmkGeKqE6gqOcqKZiQbRE7pv7d/eyFuoikP5BITdmZhWhV4/5sVdUnkOWH/CeRUKVI9iQzD9C4xWylTWvqi8aJyOfA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(7696005)(1076003)(8676002)(16526019)(8936002)(6666004)(2616005)(4326008)(956004)(38350700002)(38100700002)(478600001)(186003)(6486002)(19627235002)(66556008)(66476007)(26005)(7416002)(316002)(966005)(86362001)(66946007)(52116002)(36756003)(54906003)(5660300002)(2906002)(6916009)(44832011)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?kLnHTAIEMl4TMo4oVZY8y2jPACu9KlIw2MwD7xjl6emYQJV+kesfY5ZoCzAY?= =?us-ascii?Q?NGe4cWXEDk6lXmYgfNfgcVggX4bvUDuHxmXe+y1bwUa8UW6GcLqTddNSGnUr?= =?us-ascii?Q?G4PUqrf6YFgy5ENTW5IW6EGuouyJwFnfPqlkZzQRUw3O1Co1F/B51Wh5uaXG?= =?us-ascii?Q?kEyTDxehoWC5ABOjbTpocY53+3w9Wnn9r8HFZxPAgEdkqc4eZS2FCF90L/Bw?= =?us-ascii?Q?9AvVSgZzdBM/2Xh3y1HbuQnIdz0v4wt7VQOnaQ0rK/t8WPizdsi9bmOdvZNN?= =?us-ascii?Q?5498CUyDHU6kXBsHOZrolOSvvIO0hE2fsVUU96o73bkwm3DD/ln7+6Y66uTx?= =?us-ascii?Q?/ZNA85kJMovYAZ6vgICQ1mffH9pylGWlh0+TNHQSSyXvaHOZM6iG/oCk/RrC?= =?us-ascii?Q?awfj4QJeC0b5i5WA1A1cnAe+wr05MA7WEtaIqI81y2bVSQBZYL3uN/2phkkb?= =?us-ascii?Q?cz19APBI3xqcmwqnB8IMOMDuUbZFQo+A1eyV8IqHNuluPCRDaWD5fzrUoNDN?= =?us-ascii?Q?17fg/8gWvZ5eA4W2/ijd6iB5+nF5Ap4T8LEWmPbf0NNFZ4IQCity+ntXSYHj?= =?us-ascii?Q?5Ncj2Etk7Bt2qqAjsCe4fjr6wFKtdZGdUcs3PqUUMbv6AdyHoX25JXQzeV7L?= =?us-ascii?Q?EGd4CtKrLyXwoEXTVcrC34vRzEJ66QL1DVN3ZSzO8ZltY9q3EHusMNFRz+DH?= =?us-ascii?Q?0n6sYrELhmzTum4yh02ECuf2KKdAf7GOWeNOP91tRHzMULdcIUm9Dcf0QO79?= =?us-ascii?Q?mLEnyvKb2rfRdiPnIRPCh6NKGCkB5G/PObWy+uM4NFLKV5DSZA6fkW9YGEci?= =?us-ascii?Q?TZ4WA7RDHrgLQ0x4z/DWBS92737jwtfGFddSMhyJjMm1uuBXzv7mnhZcjSJs?= =?us-ascii?Q?7aY0gSR8pPhgI5VlQ0PzuoE+pgbO8rHQEUuX1MHlw2osIQKI40poKELpcNHp?= =?us-ascii?Q?WWsdIK/ubGQChSaPnmk8rUf6qgFjnSW+exnY4aHtSiwA+wiepHpFBd/7BKg5?= =?us-ascii?Q?UNXwApHn/d0pzBT4gUrcY2ottUl4BwQ380iikSCy/nRnY7RYaZMG8NCkgzzy?= =?us-ascii?Q?aNoxGHxlOwOwrtBGavEO4G1SzI9isHYvK/kcHzKWRRi1dCJ3urUPuf1A6YLN?= =?us-ascii?Q?n+mMX8Au560Da4Jjn4fyTi3l5phzSE4ExbZm/9KSymVMFMSvXPR2iNbw5jyR?= =?us-ascii?Q?dWg+3utcHoA19+an2I/qhVcDPMxVyV890yZ98DbGqIu6tlhCM8r3PESBGRVw?= =?us-ascii?Q?QmDRR1S0mwLiyQP9uAf++uWYjmrIKN/6sQcJTbTBdej3uAlXm2Yx3LFgtg1n?= =?us-ascii?Q?rlpW6MErCbSjDW3V/HHBO+tO?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1f757059-9972-43aa-b193-08d93bc62850 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:11.6925 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EgdP3G1pTTLp1YKH8vig0JL8/se+xWa1nV2dSAaxdfKr6AHaU4VQ/jg5QDTsQnsobj23AswnwsFBczk4yCpXUg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0076 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The GHCB page is part of a pre-validated memory range specified through the SnpBootBlock GUID. When SEV-SNP is active, the GHCB page is pre-validated by the hyperivosr during the SNP guest creation. On boot, the reset vector maps the GHCB page as un-encrypted in the initial page table. Just clearing the encryption attribute from the page table is not enough. To maintain the security guarantees, the page must be invalidated. The page invalidation consists of two steps: 1. Use the PVALIDATE instruction to clear Validated Bit from the RMP table. 2. Use the Page State Change VMGEXIT to ask hypervisor to change the page state to shared in the RMP table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 125 ++++++++++++++++++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 13 +++ 2 files changed, 138 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index c4c00056f9f3..b6f33d049a43 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -8,6 +8,8 @@ ; ;-------------------------------------------------------------------------= ----- =20 +%include "Nasm.inc" + BITS 32 =20 ; @@ -45,6 +47,25 @@ BITS 32 ; The unexpected response code %define TERM_UNEXPECTED_RESP_CODE 2 =20 +; SNP page state change failure +%define TERM_PAGE_STATE_CHANAGE 3 + +; Hypervisor does not support SEV-SNP feature +%define TERM_HV_UNSUPPORTED_FEATURE 4 + +; GHCB SEV Information MSR protocol +%define GHCB_SEV_INFORMATION_REQUEST 2 +%define GHCB_SEV_INFORMATION_RESPONSE 1 + +; GHCB Page Invalidate request and response protocol values +; +%define GHCB_PAGE_STATE_CHANGE_REQUEST 20 +%define GHCB_PAGE_STATE_CHANGE_RESPONSE 21 +%define GHCB_PAGE_STATE_SHARED 2 + +; GHCB Hypervisor features MSR protocol +%define GHCB_HYPERVISOR_FEATURES_REQUEST 128 +%define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 =20 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll @@ -247,6 +268,110 @@ SevExit: =20 OneTimeCallRet CheckSevFeatures =20 +; The version 2 of GHCB specification added the support to query the hyper= visor +; features. If the GHCB version is >=3D2 then read the hypervisor features= and +; verify that SEV-SNP feature is supported. +; +CheckSnpHypervisorFeatures: + ; Get the SEV Information + xor eax, eax + xor edx, edx + + VmgExit GHCB_SEV_INFORMATION_REQUEST, GHCB_SEV_INFORMATION_RESPONSE + + ; + ; SEV Information Response GHCB MSR + ; GHCB_MSR[63:48] =3D Maximum protocol version + ; GHCB_MSR[47:32] =3D Minimum protocol version + ; + shr edx, 16 + cmp edx, 2 + jl SevSnpUnsupportedFeature + + ; Get the hypervisor features + xor eax, eax + xor edx, edx + + VmgExit GHCB_HYPERVISOR_FEATURES_REQUEST, GHCB_HYPERVISOR_FEATURES_RES= PONSE + + ; + ; Hypervisor features reponse + ; GHCB_MSR[63:12] =3D Features bitmap + ; BIT0 =3D SEV-SNP Supported + ; + shr eax, 12 + bt eax, 0 + jnc SevSnpUnsupportedFeature + +CheckSnpHypervisorFeaturesDone: + OneTimeCallRet CheckSnpHypervisorFeatures + +; If its an SEV-SNP guest then use the page state change VMGEXIT to invali= date +; the GHCB page. +; +; Modified: EAX, EBX, ECX, EDX +; +InvalidateGHCBPage: + ; Check if SEV-SNP is enabled + ; MSR_0xC0010131 - Bit 2 (SEV-SNP enabled) + mov ecx, SEV_STATUS_MSR + rdmsr + bt eax, 2 + jnc InvalidateGHCBPageDone + + ; Verify that SEV-SNP feature is supported by the hypervisor. + OneTimeCall CheckSnpHypervisorFeatures + + ; Use PVALIDATE instruction to invalidate the page + mov eax, GHCB_BASE + mov ecx, 0 + mov edx, 0 + PVALIDATE + + ; Save the carry flag to be use later. + setc dl + + ; If PVALIDATE fail then abort the launch. + cmp eax, 0 + jne SevSnpPageStateFailureTerminate + + ; Check the carry flag to determine if RMP entry was updated. + cmp dl, 0 + jne SevSnpPageStateFailureTerminate + + ; Ask hypervisor to change the page state to shared using the + ; Page State Change VMGEXIT. + ; + ; Setup GHCB MSR + ; GHCB_MSR[55:52] =3D Page Operation + ; GHCB_MSR[51:12] =3D Guest Physical Frame Number + ; + mov eax, (GHCB_BASE >> 12) + shl eax, 12 + mov edx, (GHCB_PAGE_STATE_SHARED << 20) + + VmgExit GHCB_PAGE_STATE_CHANGE_REQUEST, GHCB_PAGE_STATE_CHANGE_RESPON= SE + + ; + ; Response GHCB MSR + ; GHCB_MSR[63:12] =3D Error code + ; + cmp edx, 0 + jnz SevSnpPageStateFailureTerminate + +InvalidateGHCBPageDone: + OneTimeCallRet InvalidateGHCBPage + +; Terminate the SEV-SNP guest due to the page state change failure +SevSnpPageStateFailureTerminate: + TerminateVmgExit TERM_PAGE_STATE_CHANAGE + +; Terminate the SEV-SNP guest because hypervisor does not support +; the SEV-SNP feature +SevSnpUnsupportedFeature: + TerminateVmgExit TERM_HV_UNSUPPORTED_FEATURE + + ; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat= ure ; is enabled. ; diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index eacdb69ddb9f..f587ef912e4c 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -140,6 +140,19 @@ clearGhcbMemoryLoop: mov dword[ecx * 4 + GHCB_BASE - 4], eax loop clearGhcbMemoryLoop =20 + ; + ; The page table built above cleared the memory encryption mask from t= he + ; GHCB_BASE (aka made it shared). When SEV-SNP is enabled, to maintain + ; the security guarantees, the page state transition from private to + ; shared must go through the page invalidation steps. Invalidate the + ; memory range before loading the page table below. + ; + ; NOTE: the invalidation must happen after zeroing the GHCB memory. Th= is + ; is because, in the 32-bit mode all the access are considered p= rivate. + ; The invalidation before the zero'ing will cause a #VC. + ; + OneTimeCall InvalidateGHCBPage + SetCr3: ; ; Set CR3 now that the paging structures are available --=20 2.17.1