From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.107.212.80])
 by mx.groups.io with SMTP id smtpd.web08.29571.1626708174196478430
 for <devel@edk2.groups.io>;
 Mon, 19 Jul 2021 08:22:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=RtsefXf8;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.212.80, mailfrom: ashish.kalra@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=a6V6j4+oj9dSz0daChqCPkSWoKh/TQNYreG46LIah28iFLSbMXN+tTomDU1nD7h8sshiL9vBlMJaH0aQHaNrwj2XfcJB3qTTqSzej8RqZqDxwcSqmdV3sJWjuYYEOZQmP+AavMwJEYsDdqN7vsdCQCGqjvvnM/HJ3f7U0PLQvkiIrMFDWtnWebbOJsWt1lHLqZk1Hto0FmjAv3I5qVYnYgEjcprELACFuNoc5AwpALNZcPkTRaUfSbMJKf5BZ/cSgdfh7lhSPKwzDTsmzCSs0jQZMrOnIIYgggmTCZHAE70r0GBGusE6d2TT51LTI+R6u2Se4/GFTc+1yEz9ePkeCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=JhHXpGJn9+wkK8/Wp6i3ukOs1jcG3n2u+L7BEx7t9Og=;
 b=fmsZ+U49T3ZS3tGgS6sDq/QYu7JUtQYqUp0NkT/DPHK/FQJHrC4aIGyiD+Ns8c42L7iPtOxtOQUcpJ688feLTjQjoQsHysOe7mUebguukttj26h5XJYyD+MRJpdKo1sWOmApF1S2ZJrM63fx3R69FZ8dpP8okM/wJOM+Y8ZY2YVNgH2DdwyI48iwUYV+3BzreR/cJAcTXMVZrPsmJxPOFp9aMTNBjPrd2CzxmfDgBhyv65Cd7PNDVkcFHUECZVh+/2tdAkphMeRC2b1MGWHODbNYmw7BWNhnD5M8Ub2raKZwpPQuMlLkd67QD1EXO+LTtkW1gzdcL7cz6I+jQbYA7Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=JhHXpGJn9+wkK8/Wp6i3ukOs1jcG3n2u+L7BEx7t9Og=;
 b=RtsefXf8hWzNDUIrRerRQws5zrVoyiq2YurUQ/PnKnA01ybBgaXogfZPBVsSGGFAVxbm9vLJV/omaZDoL/WaRI0zHCRxMJ4rB1FR4f6fRDqFs1da6ZGSzpOBW0cZp55RctItsy2FDu9AVFR0o+DXIbQ9H6OIWnw9oYDIec5Oe/A=
Authentication-Results: linux.ibm.com; dkim=none (message not signed)
 header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23)
 by SN1PR12MB2368.namprd12.prod.outlook.com (2603:10b6:802:32::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Mon, 19 Jul
 2021 15:22:52 +0000
Received: from SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4331.033; Mon, 19 Jul 2021
 15:22:52 +0000
Date: Mon, 19 Jul 2021 15:22:45 +0000
From: "Ashish Kalra" <ashish.kalra@amd.com>
To: Dov Murik <dovmurik@linux.ibm.com>
Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com,
	brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com,
	jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com,
	ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com,
	min.m.xu@intel.com
Subject: Re: [PATCH v5 4/4] OvmfPkg/AmdSevDxe: Add support for SEV live migration.
Message-ID: <20210719152245.GA24210@ashkalra_ubuntu_server>
References: <cover.1625687246.git.ashish.kalra@amd.com>
 <dc67a5f7b3797495aee8f7b12c4cae00645f82e1.1625687246.git.ashish.kalra@amd.com>
 <bdc36815-0f92-3502-e291-7a1548a34134@linux.ibm.com>
In-Reply-To: <bdc36815-0f92-3502-e291-7a1548a34134@linux.ibm.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-ClientProxiedBy: SN6PR2101CA0017.namprd21.prod.outlook.com
 (2603:10b6:805:106::27) To SN6PR12MB2767.namprd12.prod.outlook.com
 (2603:10b6:805:75::23)
Return-Path: ashish.kalra@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from ashkalra_ubuntu_server (165.204.77.1) by SN6PR2101CA0017.namprd21.prod.outlook.com (2603:10b6:805:106::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.2 via Frontend Transport; Mon, 19 Jul 2021 15:22:51 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4c707af7-f856-4135-8c26-08d94ac9132c
X-MS-TrafficTypeDiagnostic: SN1PR12MB2368:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SN1PR12MB23689EC86902075A4292E5F88EE19@SN1PR12MB2368.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	HR3UYKPEz3AfqfAPeQIzfpIHTe1leuk32ek/hj9tmyQqU4wCOAQ0q24ubMtPQqr1htxezt9SsZFOlbIt1mXu1CfnsTkRWqRn09E15OQvzTHG/XZmJLQVhwNxFWpMnnm1l/ReVWa+1iiQCbMpCOeLeUdcoX+GFEyZKAGYfEFFbydQA2Kei4DxtwzzmYb9fiKbQdW+YuiVtWNGPkVpKGc+0QTOA2otbgL0BvynAxXsCSH+jmhcEOgH9bsyKzy2/xXk0EWBaEluJbf0q7HH7noDjL/8g0d7ULdnzPVbufwP+iKAbiqk6MUrjcARYaK+AHOvhUg9v2GvXi/SVykE+ZuZEvLnfike+j5ZNGUSz1Vs7Pow5xhefC87/09dDDQf//0SyLCYdPpbG9ErSTP1FoMowcX6LYvaiAyJRVZS8cQm43AnoVkT1VDxUIZxpe1fpGxI5hnN3hD4iTNN68vUGeT8qKyzkDQhv+A8t/HJjceRvzYgaDjSfFPrdwq2sfD2FAVQz5a/dxY/sQrIQU7bo6TvS1bwUy/M1Lx5rq8D8vzJF/zsp5c9Dlj22DcD42SJm0Q12kIX6xP/DBkZBdHRoLEGdU2HxMFvPKcb1ANOoRa629UlahlrMFGT+QrhJs6A/NQlY3wXowa+w2hVkT0CW3WZv0iUF4oAN9tseNIP7qDZEx6XtJfy8o/z3JH29FwQbz9qWH2HXjSFBSupFRCALDoEFg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(346002)(396003)(376002)(39860400002)(9686003)(956004)(66946007)(478600001)(26005)(6666004)(66476007)(52116002)(66556008)(8936002)(38350700002)(44832011)(55016002)(4326008)(38100700002)(83380400001)(53546011)(5660300002)(86362001)(33656002)(316002)(186003)(7416002)(1076003)(2906002)(6496006)(33716001)(6916009)(8676002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?++7a4jjjjG/Mb60OibGcXGX4aQERy72IN4p3sbKCwkuUETYJfLPPBQGoXGPX?=
 =?us-ascii?Q?1uzaaSh3708F+0ZdV0MMGwJMF7Cj6khqApJqkr4iMim1dLZ1gGHbARu5WXRG?=
 =?us-ascii?Q?M7zFa8PFtMUTOkfFWkbWP+IJYzP2nzAGRgv2OHEg5jHi7lrIsKqDmEXrDV1j?=
 =?us-ascii?Q?qN8/lr/seGS+Xm5iBRbBBsPtR+bEK8OAdAZWFXL/xh6vuHmABUGDArhMFDYD?=
 =?us-ascii?Q?avd2qOffm4LyKqfyssdmVKnlHHfkjup76Z3jF1MMZKdPPJ9cFlCEIoBM5uVi?=
 =?us-ascii?Q?/52xPMLXQr4ktKhvrJUrlY6fbETligkNhv8D83wJOyp8ZV8FMUyeoZQH7pc2?=
 =?us-ascii?Q?C/t6rU2ioqwsIvpBBXlzozvBDEV8R8CUH/icOPlBDu3ecI0OQmDLrXmxIiE+?=
 =?us-ascii?Q?6p6BmmpEYF9VupJc3QNVj2XKIM+sizA157wq2eujL5gJ2ce0cJ3N36cpuewR?=
 =?us-ascii?Q?xWw7mUteLzSZL4zeb0nUpprUHsD5AT4Sa9ZRBDg26/Hv99LWBBUIBvkOC/AW?=
 =?us-ascii?Q?oOObdc3vqXYaZ227P+7+c2tWhoaqduFK1WlOkDBqvwe8W6p9YXZ+k97cyHcU?=
 =?us-ascii?Q?tzDh9XW4ruMupNSjaooL4IffO7k9z13bp3d6/5eW4pgvYlI8oNvhOwyqRIZX?=
 =?us-ascii?Q?7rO6JGQvWNrLRQ8N302RS0UTePsiDC+vJ2Zs26mFWac31mSE8q9KQ3dOLS3c?=
 =?us-ascii?Q?18yC1mV8PR3kPClmyRr8k98pfsEDz+BYUti1Uw1r96iItM89wqDeIeVFShdz?=
 =?us-ascii?Q?vf+19WhNpTxaK15mGVXzO6U2odHcaC2SJfEBtFa+KvtxC425Y4L8RfDgiaYE?=
 =?us-ascii?Q?uX2aAx9SiAnLLTwdqHxzoaoUnH9ZD+z4oxXLx9i4y/6bzIOAzGFywTENxv8i?=
 =?us-ascii?Q?Y29LlNbRi92lV2Ggs0x8vyp5/dPakquWPMfumexsfTSwH8l9iYjSlPSHTO+1?=
 =?us-ascii?Q?fINQBXguaRlmrlZEiNPrhsJadMNI4lXiKLRpgsoHErauiOaJVw0Au2SvUWid?=
 =?us-ascii?Q?Z1hYs3x8o+YVUn5m0+VuSPWcMtUuqVHRX1/ldFMKUb7mw2tbLi5a0KLZD35K?=
 =?us-ascii?Q?e5BiBwvvd7DA4Rmmam/rADzugL44TKaHspkqf+ZdfmhCoSHk/E5hdEN8EPCx?=
 =?us-ascii?Q?LoPPwgdDYwB44iRzJLSRY8OIZtQCviXPIQpINtMIWqDh27RMCTbCcGrGHbdY?=
 =?us-ascii?Q?p9DJb2xBWC41vxosgJuDQ5iOXYIz0DFrD0doNyGrKqlnjd1YJDiIZJPNj4eE?=
 =?us-ascii?Q?zHKOQcPSYpMZhhBkvYYcWGqU4P0RBS6O6m54+Twggz5vDbe3RlvGijg81YzW?=
 =?us-ascii?Q?/elMJ05sLIgEnvEBaZoQxZfd?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c707af7-f856-4135-8c26-08d94ac9132c
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 15:22:52.2842
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: UniSEd4mfxD2AiHUzjEmqZrLhg1kBk0yXDv0AxKKBLobCrapRpaiYI1Af30Qff9hbzuXMf0miGYgCdRpN7w6wQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2368
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello Dov,

On Mon, Jul 19, 2021 at 10:31:10AM +0300, Dov Murik wrote:
> Ashish,
> 
> 
> On 08/07/2021 17:09, Ashish Kalra wrote:
> > From: Ashish Kalra <ashish.kalra@amd.com>
> > 
> > Check for SEV live migration feature support, if detected
> > setup a new UEFI enviroment variable to indicate OVMF
> > support for SEV live migration.
> > 
> > The new runtime UEFI environment variable is set via the
> > notification function registered for the
> > EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver.
> > 
> 
> 
> Why is this indirect notification needed?  Why not simply call
> gRT->SetVariable in AmdSevDxeEntryPoint (instead of calling CreateEventEx)?
> 

AmdSevDxe module is an apriori driver so it gets loaded between PEI and
DXE phases and the SetVariable call will fail at the driver's entry
point as the Variable DXE module is still not loaded yet.

So i need to wait for an event notification which is signaled after the
Variable DXE module is loaded and i am using the EndOfDxe event
notification to make this call.

> If this is needed, please add a clarification (in the commit message and
> before the CreateEventEx call).
> 

Yes, i will add the above explantion. 

> 
> > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> > ---
> >  OvmfPkg/AmdSevDxe/AmdSevDxe.c        | 59 ++++++++++++++++++++
> >  OvmfPkg/AmdSevDxe/AmdSevDxe.inf      |  4 ++
> >  OvmfPkg/Include/Guid/MemEncryptLib.h | 20 +++++++
> >  OvmfPkg/OvmfPkg.dec                  |  1 +
> >  4 files changed, 84 insertions(+)
> > 
> > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> > index c66c4e9b92..45adf3249c 100644
> > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> > @@ -15,10 +15,49 @@
> >  #include <Library/BaseMemoryLib.h>
> >  #include <Library/DebugLib.h>
> >  #include <Library/DxeServicesTableLib.h>
> > +#include <Library/UefiRuntimeServicesTableLib.h>
> > +#include <Library/UefiBootServicesTableLib.h>
> >  #include <Library/MemEncryptSevLib.h>
> >  #include <Library/MemoryAllocationLib.h>
> > +#include <Guid/MemEncryptLib.h>
> > +#include <Guid/EventGroup.h>
> >  #include <Library/PcdLib.h>
> > 
> > +STATIC
> > +VOID
> > +EFIAPI
> > +AmdSevDxeOnEndOfDxe (
> > +  IN EFI_EVENT Event,
> > +  IN VOID      *EventToSignal
> > +  )
> > +{
> > +  EFI_STATUS Status;
> > +  BOOLEAN SevLiveMigrationEnabled;
> > +
> > +  SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled();
> > +
> > +  if (SevLiveMigrationEnabled) {
> > +    Status = gRT->SetVariable (
> > +               L"SevLiveMigrationEnabled",
> > +               &gMemEncryptGuid,
> > +               EFI_VARIABLE_NON_VOLATILE |
> > +               EFI_VARIABLE_BOOTSERVICE_ACCESS |
> > +               EFI_VARIABLE_RUNTIME_ACCESS,
> > +               sizeof (BOOLEAN),
> 
> Should be:
> 
>                   sizeof SevLiveMigrationEnabled,
> 
> 
> 
> > +               &SevLiveMigrationEnabled
> > +               );
> > +
> > +    DEBUG ((
> > +      DEBUG_INFO,
> > +      "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n",
> > +      __FUNCTION__,
> > +      Status
> > +      ));
> > +  }
> > +
> > +  DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__));
> 
> Remove debug print.
> 
> 
Ok.
> > +}
> > +
> >  EFI_STATUS
> >  EFIAPI
> >  AmdSevDxeEntryPoint (
> > @@ -30,6 +69,7 @@ AmdSevDxeEntryPoint (
> >    EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *AllDescMap;
> >    UINTN                            NumEntries;
> >    UINTN                            Index;
> > +  EFI_EVENT                        Event;
> > 
> >    //
> >    // Do nothing when SEV is not enabled
> > @@ -130,5 +170,24 @@ AmdSevDxeEntryPoint (
> >      }
> >    }
> > 
> > +  //
> > +  // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event.
> > +  // The notification function sets the runtime variable indicating OVMF
> > +  // support for SEV live migration.
> > +  //
> > +  Status = gBS->CreateEventEx (
> > +                  EVT_NOTIFY_SIGNAL,
> > +                  TPL_CALLBACK,
> > +                  AmdSevDxeOnEndOfDxe,
> > +                  NULL,
> > +                  &gEfiEndOfDxeEventGroupGuid,
> > +                  &Event
> > +                  );
> > +
> > +  if (EFI_ERROR (Status)) {
> > +      DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n",
> > +        __FUNCTION__, Status));
> > +  }
> > +
> >    return EFI_SUCCESS;
> >  }
> > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> > index 0676fcc5b6..f4e40ff412 100644
> > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> > @@ -45,3 +45,7 @@
> > 
> >  [Pcd]
> >    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
> > +
> > +[Guids]
> > +  gMemEncryptGuid
> > +  gEfiEndOfDxeEventGroupGuid         ## CONSUMES   ## Event
> > diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h
> > new file mode 100644
> > index 0000000000..4c046ba439
> > --- /dev/null
> > +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h
> 
> 
> Should the filename, GUID #define name, and global var name include
> "AMD" or "SEV" in them? (and similarly in the corresponding Linux patch)
> 
> Or: maybe the new "SevLiveMigrationEnabled" variable can be set in the
> confidential computing GUID? (not sure what are the guidelines for
> creating or reusing GUIDs).
> 
> 

Ok, i will use the same one as used for the corresponding Linux patch.

> 
> > @@ -0,0 +1,20 @@
> > +/** @file
> > +
> > +  AMD Memory Encryption GUID, define a new GUID for defining
> > +  new UEFI enviroment variables assocaiated with SEV Memory Encryption.
> 
> typos: environment, associated
> 
> 

Thanks,
Ashish