From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.88])
 by mx.groups.io with SMTP id smtpd.web08.14578.1628108417304796494
 for <devel@edk2.groups.io>;
 Wed, 04 Aug 2021 13:20:18 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=akmAYGvh;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.88, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=M55XTQ7/jTyebKp9SCbjI51XRGDNYTD6SvZaFf6L1LbknnHsCmclUjM7+tC48K0psWE2uR3GDBBithE+c7uQRq62GiU3MrlpnOSoJe/9eICfJP1YBg/baGP5WQ22LhgRq9ktfLhltRlhhDcDfPwai2g2q8ssUB/FuP9QuLrUgacLLSSVLcZYB7NS2ovC8WdO0SFr57FUx9lCzUN1lg1Pq6PgXMtefCFczmvZhmRsgUijgfkAQOmpwIpFjMYWyi7n0HPUxuF2H6lduTJHGjsn5ysp/Qw6E9CNcXEGdWo6O3C6p5vLymlpXoFKwl6Nm39GHb8zrm8w83noUlfizFrXqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=uVYyDeargHuwnH/K6eRVxjoIg2wGkOfHIm+z0Fpv4e4=;
 b=VjAjNrIQLn1+6ATlV3WpZg13bo0E52e4zXd5GmnkxmBQzt+gx12oPZuDFVgxKPEC3GPGTjvVflOHaSmdZePwMhMx3xqWwjrk8uQTnsYFyO/YcTwUdsWLV2zp54+nMmU1Ip0rpH+zyWCvKGKXfb4wVK3P+L9UPkvP51Hxs3Cp5fqGdpkjs2Vpzf+DveoqKsrq2W13OFc0DYujUv4V47RhPR5dHnGey2Y6oY94e3N6nft3u/qeV6gdDHezs3cso5ZgPHnJtArcPMJjkfGVPFaa93sMWS+bXxM1NwwIvzNnGRndVZ1LLtTTYgQs9VFyOu67qgbzKDnan7KFT95KE3X1HA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=uVYyDeargHuwnH/K6eRVxjoIg2wGkOfHIm+z0Fpv4e4=;
 b=akmAYGvhD1CU+aF5ZaJSCnj43n68WINa0GqZ+XWIs31IjNXe5derOeArf9ZjFi/wPmMnAuTHAGbuaP2rmTjEl9A/oS6RJsss2eGfJxu8nfYuBKFJuM28kFxGFaMjCWbAxdJmpzo0k/7oAVlDZo9luj/XQLPSt4LjzOEHa76yV28=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SA0PR12MB4432.namprd12.prod.outlook.com (2603:10b6:806:98::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Wed, 4 Aug
 2021 20:20:17 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4394.017; Wed, 4 Aug 2021
 20:20:17 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH 2/3] OvmfPkg/ResetVector: update SEV support to use new work area format
Date: Wed,  4 Aug 2021 15:20:02 -0500
Message-ID: <20210804202003.17543-3-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210804202003.17543-1-brijesh.singh@amd.com>
References: <20210804202003.17543-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA9PR13CA0153.namprd13.prod.outlook.com
 (2603:10b6:806:28::8) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0153.namprd13.prod.outlook.com (2603:10b6:806:28::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.12 via Frontend Transport; Wed, 4 Aug 2021 20:20:16 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4b88741b-a24f-487c-ebb4-08d95785463c
X-MS-TrafficTypeDiagnostic: SA0PR12MB4432:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB4432B3BDFB2AE3AE4E4A4D7DE5F19@SA0PR12MB4432.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	AhkmMI2mObCRI/jps+4UYHH1ey5HIgUC0PQjq712Zn2+B/onua+iaLHYSyhgtyJNtasL/CYN31BbKD70hyDdXyFbqep1IXRAyTboYGzFaQGXPP10VtkB/ChqA3nN4CxIFtRoGRZrmAwNiBNKSVp2Z0Uj0pyUhIbRfI88KqraZ/2ACc7jDIc85NIId7Bjrn9UCRnCt9fPsLiI1jNPlsYFaafP7Crhry9T59jtE040jQLj6eFLsK0R26RD+nJpHfWPIMe6KjIBdKkRGJ9xW40UGhmq3w86sP5ikLjin6RupZUYd3yR/vm4pL1v9uNej4gUlis0oL4/aBxvm3DXGhwtYpDH1Js1/vKZahheUmvwFqjM/qgZOddgYD95FlLdquA1LK/LbRNYlySgtdnc4iy03MRkOQ82ilaIOmMwc3KNjma8dV8vGm9QebIb8V2LHJWUUx+p1XVpUemiaqc9UcM6NiVDKi4c8UgqOFDn3S50riPzCrb1L7JKBBlFAAxw62ZENnDinyVxGmKKTmewMZH7wNDRTkn13GutVUgoVWFCbWakWwgiJlewb+d32HS749EAkvsMsKBgPHgEA1PG3vAD9jl7T6dkdUtSCU99i4abfnHP+AXAlFipl7V9mYtq4uZKUgXDNUpXnio/sLl9pacXvt8o6fe1Fx3VSnU6jwnSWgnaaH7y50QO4GwtCP1UqS+iemhMG+9fqiApA/Qm+Z8MNrmUTklK1xaBQKQvjVLLxYO6V1wPvmOkNcWs/ExTS0FODYdpwQaGW4ATr6mkWMSOsbdKD5NOYn/DRwhIFQBffxY=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(366004)(396003)(136003)(39860400002)(956004)(2616005)(6666004)(5660300002)(26005)(316002)(2906002)(38350700002)(66946007)(54906003)(186003)(6916009)(83380400001)(7696005)(966005)(1076003)(15650500001)(478600001)(6486002)(52116002)(8676002)(19627235002)(8936002)(38100700002)(66476007)(66556008)(86362001)(44832011)(4326008)(36756003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?TqozPqd1E7UR25eLfFeOzMLh5pEfspWF7Mje9nFNzAHgJSHMmI30e+XdtpdX?=
 =?us-ascii?Q?TdIhnl+O9Sf8etsbpUv2NliuW3atqHFOv6lbVY/ntV9IY7Fs62ebign4SAHM?=
 =?us-ascii?Q?uXRIeR25tbqQAEhA4vNoS+53eySttVCu9+0pTNhv3wWBmlRpDiPrYeHKwHh/?=
 =?us-ascii?Q?XWxQdHts5yAQmlSpgLXTjrhTdvY6TDm4234Ug+yLJW5iV9XIKYNibDTGHU2N?=
 =?us-ascii?Q?4m3AJ1poDut7TA2L7nXY7OQYpEpRFamsk+qHCDDrEl00CHJexGaqShru7oPE?=
 =?us-ascii?Q?tER8OuojNu89RtkAyBhlL9pygh30FuXcgAlTBPMQCIPP2VXzWkpDfJDtb7LQ?=
 =?us-ascii?Q?C9ZF3xWuQhtkWrtJI7wQiCyHrwBz3uc2WQlY+eqerYWA4lGY9XmRUrPY9rlI?=
 =?us-ascii?Q?VaHC6VMU9cUu2ako6o/5IxqhbdvcXfAMXHMzDH27BvGpfX+qqWjrUmrBf8Fd?=
 =?us-ascii?Q?S3a/x1DG/uF9EvnHBi/mroYOGCb4/WEG45f9P0hGH4x0v2sq61J+Id3DmUU2?=
 =?us-ascii?Q?9Obp9bpkboZ6MmTZ1mP9O/UCiNnm6CcBlOC0DgWZKJQ41bIX4jWVYDF3VfJU?=
 =?us-ascii?Q?bl7R/Yf+qbipXqy9yAC5DDvkF/CgW6+N4MyYTwaiOqFel5Pqt3VDy7nDh0bu?=
 =?us-ascii?Q?AqWjXPhzldriBb/ZZxsvSJaqOZJkL4iE0tfJ3xWYMCmS3qRfqkTikvTbgnK1?=
 =?us-ascii?Q?YfP5mkvkTxkU3YHK+AthpSQL6tfOdHIvzpvOmcGBIHcq3w+QgL4LKgxDd6VU?=
 =?us-ascii?Q?J4qqbeafuMqV+XUVFGSfQZRkDZfNMkV7jHqJmwEcer7dGoWyj8jl/eVkOaCb?=
 =?us-ascii?Q?HSgJSP5jXjf601FXWkRHi0F2+4Olto4yihJaTdcr1L4wgRfIVv6B8IjX7mdO?=
 =?us-ascii?Q?HwsA6UrnSM0Cp0iANXTT65ZtGkuUTyF8Ne9Kr4vGN5CM9aCmCGtHkMUn1Gyo?=
 =?us-ascii?Q?wh/PX92Y90Og1egnbXRpmtPB/YC64jNw5bIxbP7uHxLSKExlcogb2g5YO12S?=
 =?us-ascii?Q?j3OZ7Y0RWY+jH3Hp6szoEfo/c2fDnczN+lgkfoU4tJX0v/Yn9UghM9tT4S+h?=
 =?us-ascii?Q?AMWJ5t0Ud1yjk3Oe8395xYWa9ThbPrNWSxZKXft1kiLwDPP8fjaIYj82x93P?=
 =?us-ascii?Q?iLSzmkPqOtwgDBBshSQG65y7yVyRbCxiXDpzjQU73kkEqTGF0xVcQmcZRerd?=
 =?us-ascii?Q?88bMqFWvHqLFGt7RwFD+4Uu0yeKDJSo31QSAn7BWh6gj8Bx5W5/M0c9SbrH9?=
 =?us-ascii?Q?wNDgFsGhehcudhKtukxUlv3HysSBWJ6xKCbIBQsIdHF/paTO1SFYp47ClWNm?=
 =?us-ascii?Q?Uz9Htr+Y9Ucx8I4ytg86dc+c?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4b88741b-a24f-487c-ebb4-08d95785463c
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 20:20:17.2459
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 2V4TtqaomNHfbR8f2go9R1QhelqgTm4VpqH0UYwc3gMxcx846bS6E7sicaWxbCECoIOZpP2ASdW6C1dwlTCsUA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4432
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

Update the SEV support to switch to using the newer work area format.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/ResetVector.inf       |  1 +
 OvmfPkg/Sec/SecMain.inf                   |  1 +
 OvmfPkg/Sec/SecMain.c                     | 25 ++++++++++++++++++++++-
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       |  8 ++++++++
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |  4 ++++
 OvmfPkg/ResetVector/ResetVector.nasmb     |  1 +
 6 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese=
tVector.inf
index d028c92d8cfa..6ec9cca40c3a 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -34,6 +34,7 @@ [BuildOptions]
    *_*_X64_NASMB_FLAGS =3D -I$(WORKSPACE)/UefiCpuPkg/ResetVector/Vtf0/
=20
 [Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 7f78dcee2772..82910dcbd5c2 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -56,6 +56,7 @@ [Ppis]
   gEfiTemporaryRamSupportPpiGuid                # PPI ALWAYS_PRODUCED
=20
 [Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 9db67e17b2aa..dda572c7ad7d 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -807,6 +807,29 @@ SevEsProtocolCheck (
   Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE;
 }
=20
+/**
+ Determine if the SEV is active.
+
+ During the early booting, GuestType is set in the work area. Verify that =
it
+ is an SEV guest.
+
+ @retval TRUE   SEV is enabled
+ @retval FALSE  SEV is not enabled
+
+**/
+STATIC
+BOOLEAN
+IsSevGuest (
+  VOID
+  )
+{
+  OVMF_WORK_AREA             *WorkArea;
+
+  WorkArea =3D (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
+
+  return ((WorkArea !=3D NULL) && (WorkArea->GuestType =3D=3D GUEST_TYPE_A=
MD_SEV));
+}
+
 /**
   Determine if SEV-ES is active.
=20
@@ -828,7 +851,7 @@ SevEsIsEnabled (
=20
   SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr=
eaBase);
=20
-  return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D 0=
));
+  return (((IsSevGuest()) && SevEsWorkArea !=3D NULL) && (SevEsWorkArea->S=
evEsEnabled !=3D 0));
 }
=20
 VOID
diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index aa95d06eaddb..87d81b01e263 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -171,6 +171,9 @@ CheckSevFeatures:
     bt        eax, 0
     jnc       NoSev
=20
+    ; Set the work area header to indicate that the SEV is enabled
+    mov     byte[WORK_AREA_GUEST_TYPE], 1
+
     ; Check for SEV-ES memory encryption feature:
     ; CPUID  Fn8000_001F[EAX] - Bit 3
     ;   CPUID raises a #VC exception if running as an SEV-ES guest
@@ -257,6 +260,11 @@ SevExit:
 IsSevEsEnabled:
     xor       eax, eax
=20
+    ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set
+    ; to 1 if SEV is enabled.
+    cmp       byte[WORK_AREA_GUEST_TYPE], 1
+    jne       SevEsDisabled
+
     ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if
     ; SEV-ES is enabled.
     cmp       byte[SEV_ES_WORK_AREA], 1
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index eacdb69ddb9f..f688909f1c7d 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -42,6 +42,10 @@ BITS    32
 ;
 SetCr3ForPageTables64:
=20
+    ; Clear the WorkArea header. The SEV probe routines will populate the
+    ; work area when detected.
+    mov     byte[WORK_AREA_GUEST_TYPE], 0
+
     OneTimeCall   CheckSevFeatures
     xor     edx, edx
     test    eax, eax
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re=
setVector.nasmb
index acec46a32450..d1d800c56745 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -72,6 +72,7 @@
   %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase))
   %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase))
   %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize))
+  %define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase))
   %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase))
   %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + =
8)
   %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) =
+ 16)
--=20
2.17.1