From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.72]) by mx.groups.io with SMTP id smtpd.web08.975.1626726435471619520 for ; Mon, 19 Jul 2021 13:27:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=ixUIxCqm; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.72, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KD6nWYqqCdCYrQY/K8GrxP4dXdlGnLxi1kTPHC08wtMg+Ls/gOyiccmBMInh5t4dJsVxo2R0+JhHDYMr6xbxrvdYEwrJ9p0V0ghCLz9cDceepCHoQxC9LWsHf24Vr9osFim4I4GTXzvt0OkpvwOqe7lrVgd7XIvSOoyNg9qFzUR6Zy052Xm6NQVwmMko2k2AwFPPHxC2qaRk1+IqgPhto3iHipBgBZxTbCzL14QE7yeofT6VjnJPY7V7RENOJnm1UDLKHCOpVjpZhBy7wNKeKppct4Q6baMCvoam5OgwQM+7a0dGX38M4lMczjl1YJ2M7QVnXI6B7U/aclY3egYgrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LD2/H2IRuEWSndglR7Vf6peV5m5mrVJcHgCf7/IC9No=; b=FaQZr5YcoDA5vOezd9NOd/A2XkZjyS8Ubc8jnySOiNOdPH49rdkPOf0aujpuehMKx25ne4NrZM84JR43GZtkWm0qwcrh1G2u68SWZQVC3GbyG1mxs0N8+9xvthjaw/AFZffWu+5omm50Z76+xQ22XMo5GirY36ebuj7W+c3KqOILH+KHzP0J3N+JIQhk/ogED2fZ0IkkaIPVYlGxJcfXePLFN3UI0UwQQ5SdXBby81yO9itKMJOzd8muf4ulKjvjPeiqKwVdw7OKP8ZTaXhMVi+DWZP/Z/kIaxVXq4spPQfI1lqv8ZEacSEKXwFO7PyI5saP0C8xNOWhHbC+AuYYOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LD2/H2IRuEWSndglR7Vf6peV5m5mrVJcHgCf7/IC9No=; b=ixUIxCqmA1flu997Cmfc9bWXFoI5Fd/G2hTs+KHaaGNi13nfj9ZrauAbiAHzGRUWaFogyuCLJrfDdbvEkj4/tJEsMGKKREFEphVfMTg3hP0F/dUUNVhLk2QnVMA2Dv//WD01vrCCWtWXLMdd2maRI1Q38dVRqXetVp+PG/WxWt8= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4365.namprd12.prod.outlook.com (2603:10b6:806:96::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Mon, 19 Jul 2021 20:27:13 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4331.033; Mon, 19 Jul 2021 20:27:13 +0000 Date: Mon, 19 Jul 2021 20:27:11 +0000 From: "Ashish Kalra" To: Tom Lendacky Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: Re: [PATCH v5 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Message-ID: <20210719202711.GC24481@ashkalra_ubuntu_server> References: <959ad1f27b83dd52524ef187ff9fc96c90a8ab86.1625687246.git.ashish.kalra@amd.com> <6fc8c340-dac7-e3b3-52cc-5cec16d1ab5e@amd.com> In-Reply-To: <6fc8c340-dac7-e3b3-52cc-5cec16d1ab5e@amd.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-ClientProxiedBy: SN4PR0201CA0022.namprd02.prod.outlook.com (2603:10b6:803:2b::32) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by SN4PR0201CA0022.namprd02.prod.outlook.com (2603:10b6:803:2b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23 via Frontend Transport; Mon, 19 Jul 2021 20:27:13 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8f92702d-f684-4b65-caa3-08d94af39808 X-MS-TrafficTypeDiagnostic: SA0PR12MB4365: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2276; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: S6BiJuXOm80qcykio8h+/9i5TxvWOrr93m+6+V/hfTykbUugWiXhXWDQ2Br3l6d9qeYbG0XTsCciBhPz8QklGuGbAv5EdBPSfmhe59KC0S7CEcf+5uRr/tRQmXs4883+nbmqjYI+IMDldM/rI+aK4ny378LKqPHqQ6IzcID0f7QERQ7VXATlt0inUIJ1fxSkYq6bHdJIlBYeq45OwVu3QaS4X5T91/nlpFpMcbOiV2jBeADsSeRO1FejOrhyvG3fimR3u+llHK/9uB279z4aNxL/oHsdJnsVU0bNOaFYshiAJwOQi283Cp3Uj6EhQPASO5oqgk/bwuqI/Y+H097bO8kdVaiaeO1ZDe4Tl0cOxWcgT0/J7dmvmSLSmxR8mqx+s2mxLOCePUdaGAUuiFM1+x5isW/ZVfF5WCzdzYrGVUV0k2sPnjW0LtCtKHvWXXcJdG/l2J/gkjmYwEPpJdYYNMaLc2IDWllpZCdxyxUprFn3fgWFUv4o8hgr2Ua8Wi9RH/1pVdfQh6cG8uXgIzxBAYpFl+dKiSaW7XFVAJw5m4qJqkEiM52VZcIfwRD1Ye4E0njBLkFZZSL0yDmG/mkbcPGcKrAsFAHfDXoV4ikacrTDDoPj/Fqpp13myBWrxUgz/HxGFva31aVhiFZHW20XDszO4vc74rnpWO8ec2Y1akl8n6G8a4zHMWA/NxUb/zRdL+H1evtwho+NzKF+TBcP2Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(136003)(376002)(39860400002)(366004)(346002)(6496006)(2906002)(33716001)(52116002)(33656002)(44832011)(26005)(8936002)(4326008)(316002)(956004)(53546011)(5660300002)(66556008)(66946007)(66476007)(6862004)(7416002)(6636002)(1076003)(86362001)(9686003)(19627235002)(38100700002)(478600001)(55016002)(8676002)(38350700002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?WwnV0nXPRaH2PxSV42GqRHOijKfZyFHqJ8xyEefbbjsGk0ysH0I39WfJcVCj?= =?us-ascii?Q?fBGFDw0HcniNMDvIoZenWjgxzpSNOeBfjipKc1l026+T9Fc6L71+kBwCG20k?= =?us-ascii?Q?YKre3EIvtNNejeCPV4YVwUvAkHZEPPQLJsNicI3w8zkEy8t5CsJLsab/I78a?= =?us-ascii?Q?ac7/g88525ho6ruRRrErNeEZKM9gJa+pd4K6WueLUDYktbeL4Bv6t5JzFErm?= =?us-ascii?Q?/l+mPkhQhMWIJQMOvhpMP2/7OlpqJawMj+bJfGV3tY8Ckzk/t+4a/p2Cq5/V?= =?us-ascii?Q?fknpXjnpmhlpILsnVWmwnrNOiYqvgtHC9BGSDri+EE+dNSAJLk+TEqfzcAxp?= =?us-ascii?Q?LvA5FbqYX4WXsKr7I6/Adg+EwuDVjGO/hKQ2FSsdaRdl8Y2ZpIQh1FqtKl7S?= =?us-ascii?Q?TyYKw4bSOOh2NxT+TOT9YRYQ2DKH20LCL3EQb/vUlgV3Q+OEWh5JRtO0i1Zz?= =?us-ascii?Q?KhY7fhykh/fJ0xllgt+eBQNT/1KsOgGP5wb3kwM4DutGAD1Y8t52fI1Lo8+2?= =?us-ascii?Q?uVs6tRwfew4o6V2UAJRcCeKAEdt2TdcVN3zwFUVoDoXPUPNX5IDtdJlPKm0L?= =?us-ascii?Q?thAPemxT7LQXy3n2ZCXX19yXITbISADfXirXt198HATAqola6O4iARh0OMG/?= =?us-ascii?Q?JxVCfwRrYXx8OsQ53RCk0Z4AoMdEmqGaWFBJabfxSy0+Bu8w8OJGdzpDgyGN?= =?us-ascii?Q?FhpjDf00xlDlvql9R+kd8Gj1akY1OtTl8TrMN3GXQWMdusPAPLzCMDoZT2H7?= =?us-ascii?Q?wQW07qVjHm7Si0mGRBKShY2p9xowXNe6z4bR1heRpza/aI32zxueQ2eSeIe9?= =?us-ascii?Q?zIy1lxXyoE3PhNCh2xxR1ueCML59cu8G+JWHw4zLn6JD88eY00eDQ/TiLyCT?= =?us-ascii?Q?yJxv/VfZ+bysRSpmwEBxkRkQuP2gOK3qNYeC7u4g97P5JWahBQiYwrc1dCRy?= =?us-ascii?Q?QP9FpAuNGMT4HVpXNUJfX+1yLIkBdct4vbUUJ3jlo6bUjk0EJZVHuGaTb7tG?= =?us-ascii?Q?cx2M05UNuwIVw5h/d6WErX4yCWvwcPR4+McQf0t69J7nzm+hPaacXoa7Sgos?= =?us-ascii?Q?g++INTYl6j75lVILBW1v0XqE5Uc5p+xJKAWy0zB3kCG6FGW23RNi7SP+F7TD?= =?us-ascii?Q?Q6wUxi+fKfoSiWdeCqAi/ijuSnXHD3wNciJQTrXm40gBPWtiClGWimT/gYji?= =?us-ascii?Q?+Ud/qHOLO1pQP4YUUrwk+wgHQe0PIinta2ZvwGg/9oz10nAeFovL2FqmMXNl?= =?us-ascii?Q?fgSeze+eFjOMuzQVb8tciFz/B5E6+/wzTdx8Psv6nfgqWSPVB+4qM608aCIY?= =?us-ascii?Q?t/djsG1s5Sb7M5slCX9VfThF?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8f92702d-f684-4b65-caa3-08d94af39808 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 20:27:13.9026 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QmvYgKyXEPiqPC3faZToyiKmm4uYJ4HiazbP5xoPUlReEKMwOlK8Bbhbu1/Ne2ZPFDEBqkACs6GF6zdJ3dEONA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4365 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello Tom, On Fri, Jul 16, 2021 at 09:22:20AM -0500, Tom Lendacky wrote: > On 7/8/21 9:08 AM, Ashish Kalra wrote: > > From: Ashish Kalra > > > > Mark the SEC GHCB page (that is mapped as unencrypted in > > ResetVector code) in the hypervisor page status tracking. > > > > Cc: Jordan Justen > > Cc: Laszlo Ersek > > Cc: Ard Biesheuvel > > Signed-off-by: Ashish Kalra > > --- > > OvmfPkg/PlatformPei/AmdSev.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > > index a8bf610022..1ec0de48fe 100644 > > --- a/OvmfPkg/PlatformPei/AmdSev.c > > +++ b/OvmfPkg/PlatformPei/AmdSev.c > > @@ -52,6 +52,15 @@ AmdSevEsInitialize ( > > PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); > > ASSERT_RETURN_ERROR (PcdStatus); > > > > + // > > + // GHCB_BASE setup during reset-vector needs to be marked as > > s/GHCB_BASE/The SEC Ghcb/ > > > + // decrypted in the hypervisor page encryption bitmap. > > Is the "hypervisor page encryption bitmap" valid anymore? This gets passed > up to userspace now, right? > > You should go through all the patches to be sure you aren't talking about > a bitmap anymore and just state that you're updating the encryption state > with the hypervisor. > Ok, i will fix that. > > + // > > + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase), > > The first argument needs to be moved down to a line of its own and > indented like the following arguments. > > > + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), > > + KVM_MAP_GPA_RANGE_DECRYPTED > > Ah, now I see this #define used, but you should be passing a 0 or 1, > right? This happens to evaluate to 0, but it's the wrong way to call this > function. > Ok. Thanks, Ashish > > + ); > > + > > // > > // Allocate GHCB and per-CPU variable pages. > > // Since the pages must survive across the UEFI to OS transition > >