From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.57])
 by mx.groups.io with SMTP id smtpd.web11.39027.1629208030648607891
 for <devel@edk2.groups.io>;
 Tue, 17 Aug 2021 06:47:10 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=bEUhJpuN;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.57, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=AATybwakx8fjAive3ONRTwyFvi3T4Ad3CxDlGoLBU2WEl6mCAwyQB87tBTVJGXXl9JqkioRvhYXO5eXtIWrXQWrUAXwct5hqNqStq/GjhDoqHZoMLip4vBeJREa/EjLwHQHRUrFBJq62bjD+6viJjHOuox8tgJytbc7B1UMIaIBmfsjKVIpUmJpT5lo6krpl4BGEI1/bdzd9eyQaouPgpkgYiKkNv5jUZ5Mv/UdbP/0bYI3KI2TntO+t2roEAOJ1O9rexifjzmDr4drIrvWZaErSohzbHGbH2emBIeU3XVnz1m1K1Lcl3lVON9+LFHLb3pGB9GERgfiBwsalgtg6ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=yaRxyLzr5PQGguxoR5PgXkb9je60WAv1H2AsmkqkzQc=;
 b=YOy+cpdcJzIVreWFwicyjihBkgYhsQuRblOlGi5dqrPIZadL0Y6MGQRFgkU35dMGFvGmWr3t7OLsjy8jANE3FodKA9naSAP1x9vDkKgiupYEUlRrLK+J0lXWLMUaN7XcGpPEJZa3rVt3UrkvIeIA6SDHTaFyQh0s9YuRA4yBYKgXsNLBtb0nhjKy8X2cXIHGuGav/cf/XA+uf9qlCD62Ulpb8CffeNtepG1MLG55bGUjPv+VDKIy+YWzRnThtx49O2/HkRj1UYfWUgHntWeJU9Em26LShu2M6C0eVF7PckVV6I0K1mqj3zY906CRQUWH/jJp1aXAQzCDV4PMZnPu2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=yaRxyLzr5PQGguxoR5PgXkb9je60WAv1H2AsmkqkzQc=;
 b=bEUhJpuNdz7tXvmIZ2lOaTr1ozwqLPZchTPhtDg7VGObYspemTC5vT2rc3e3wdR5S2ncj0g50IqnTpdJlX0vDCrIXQgykfXbekh+y6aRF408yCg7oetSjHSRqcNgKTeQ+2FDyZ+l/HFzag3e6myYFn7U8jWoEn+wlgnkpiQHQbs=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.15; Tue, 17 Aug
 2021 13:47:09 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021
 13:47:09 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v3 2/3] OvmfPkg/ResetVector: update SEV support to use new work area format
Date: Tue, 17 Aug 2021 08:46:50 -0500
Message-ID: <20210817134651.20444-3-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210817134651.20444-1-brijesh.singh@amd.com>
References: <20210817134651.20444-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA0PR11CA0165.namprd11.prod.outlook.com
 (2603:10b6:806:1bb::20) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16 via Frontend Transport; Tue, 17 Aug 2021 13:47:08 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 89491a0c-c3a4-41f6-b17a-08d9618581ef
X-MS-TrafficTypeDiagnostic: SA0PR12MB4384:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB438452F66A76376E2557A21EE5FE9@SA0PR12MB4384.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	PAtnOgwnIFR7hlxOVKqGNlLEhum+bje9N+fXxM8/op7k7VVnqwuMRht/ZmtWc0Noh+dpwCMA0NmsZYeua4sgEmt1S9WN1WRx3KDGzlW5tahrN9Z2Kw/i+n+uaKPx+26iiVHEzFUKeZ0jBhLW8MhwnoiIAFWDVaZABuLm1O8RNSOXpY0eug4+9zGfycfkRFTgom5PRsVbTF83hS84rlAcLVBJSdC+DUHKYxzPt4WEqafmOCPsE8F/5kPbks5PAhhTZnN6unTPgLl2WCJw/s7Z+OO6xSS2zaUii7+ddQ97R1GBDY+mE2TLuCEW5TCj3vVRwV4VA3MYMsKzO3B0JUx6gkpzIdsL7P9FFznjGSt8REgipACUE6pTa+sVRn30pmV3E+T7C3XsqbHTpYCo98yRn1jKAqMPy7JplX9AsaIyRULmyvHBlWudkyGaEARQd5qt1Gb3gZXxQK9rPSrbfYXwIjqhznlIh8NZZ9jl3iMlNu0QJSbYMIgiU4r7UGORjKo+f9hRu/c1Vgul2J7oKaToY4E/KtZsgU836jQKkx/751+ztzx7QAoNbCelJLe0UbNI0Knx6OQH7RtYuUUaviIagEAO6V8OEBSRZzhsgKER1KrAWL1UKwg8qsRzutTm87FaDL485I6nI1UKfRkuqmrfrJ+3ZpT4tSdJGQdT0JBxF07CU11HgTfKkc+Zl0cZauL86V75vINz//K7IUEGae/4BP0KKSJTWtyBPYNfJjQodupI523XNsToLKMJF1DYCOB6uuP1JjnkB2Q1u/54ln0FNRq0J5UGV1AklBADrR4kmwA=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(39860400002)(376002)(396003)(366004)(52116002)(1076003)(26005)(36756003)(83380400001)(8676002)(86362001)(186003)(8936002)(54906003)(15650500001)(956004)(7696005)(2616005)(966005)(4326008)(6916009)(2906002)(66556008)(66476007)(6666004)(44832011)(19627235002)(38100700002)(38350700002)(66946007)(6486002)(5660300002)(316002)(478600001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?CXoV/eGg/v9StWY8rpzYlEfXEwBPvw9tXC09vWmKASVgyAMERiOFw3Sb+s1+?=
 =?us-ascii?Q?RpA72ZkqN+waXPdRXXRk5rGM3j8UhzXXM8X9cF/adQQjVJllSKTX+lMTM74O?=
 =?us-ascii?Q?MUFErAnid52bgq6Q2lUMpnkiBQP/0QwFpmRysYtmJGD7kmlSWbv/8OAeBn2D?=
 =?us-ascii?Q?TJBbugFNKqUrIFKaw3M1w2JU4V7SAzvJXrLT+1Fx3JPCuH+YwAoDbpQjm3N2?=
 =?us-ascii?Q?bhX4Djkohjq3WyGUTsr/Zt9c9zEfioLeeMTKMKXqK2WAABkjK/etcRIUo1lQ?=
 =?us-ascii?Q?ycIegyi004zuVv5B+5s6tNBiqJYcHRP6mKxbeWJvDxyuxYAyCacmandxwJNO?=
 =?us-ascii?Q?p5BV9x3hYozEr91qtqnjdnxS58va5I+41nkYbmT9QGOeJclgV0q3mw5/k9XP?=
 =?us-ascii?Q?iLnQ+O/ObjjOQqd9zkhM+4gGbLNtz/kEIbNVHB+qOYZP84jrpGgbk3jrIPzk?=
 =?us-ascii?Q?OVLfvqK4FqO6N1k1FfXDI0ZLtaCpGKrE60ou2inpB1FL15x3SmtFzjkEmhF0?=
 =?us-ascii?Q?ebM2Jmw10VUX03KrHaL786rrkexQsoDPYn4PLR5pJWemanJMeGcCHJuJEBdz?=
 =?us-ascii?Q?tXuMUtXlj0b+rqszu/+b4kKwNDtIinNC3dB1Z6WPVuFluz9fRboeJMSArlgy?=
 =?us-ascii?Q?kjHYPr/v8sT87hvoVDeMuyVxKUISzbAS/T0xBAdmuv6FtDfF5i6qgPIvzPSC?=
 =?us-ascii?Q?orPX7ChM7H93kwpr0kUdInrC9Sdg3ZU2vMKYjduKMaqyMc/owu7H7/jpXKZI?=
 =?us-ascii?Q?TqVfmqfb/SwOopbN6hfGqDKc06CcW3DQaAXtQDKNtY/Hks2s1f0eoZARYFQS?=
 =?us-ascii?Q?oNJidMwYuNbSRLSolmL8kc63VQAxJ5P4Mc5uJEvs8YKUon2ySB368zi65dBs?=
 =?us-ascii?Q?BEoKF89eEl8Gy5ToYQxV3apz/447zlXQcy1l1Kd3RaanzrQ+y0JqGeNqptNN?=
 =?us-ascii?Q?ciQZ5DItSObpX0xvHZCuamC4vwLGEV3HIgrLTflIU1wiEy6ovKCWV8LdvNuV?=
 =?us-ascii?Q?O1SUDzt/1QXPvB9S5eotTVB+zL9cdsqzI/6K3t/nvmHEnxShc5OK2d0bgO53?=
 =?us-ascii?Q?d+P6bge8hf88FgCjD0gA+VbcI4D+vDywVDUzcO0Tbgczzqx5XAO7qrtwOhGs?=
 =?us-ascii?Q?NUTr9hcBR2gIgvyVld5vP2LnzCU8WgfrGMCUxAcCA1Hp5IaldG8DM8CAvSAZ?=
 =?us-ascii?Q?ZtxmM0cfcn1/wJDHcg27IUsL7+0ruPBUsmR+7bmchlci2CyaFRFjbYkqYAcj?=
 =?us-ascii?Q?MqpKAAzdpAZtl4Jed4jvAdfe99/uXVvFqpGv7vJWbvpQ4hO/nqqq2cq2o+nW?=
 =?us-ascii?Q?Km0XkYo0JNUDaGbN1c8LSsq3?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 89491a0c-c3a4-41f6-b17a-08d9618581ef
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 13:47:08.9669
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: lBWtKmP6GQCvmWb1ZYCGGpMEPrm7XEdS2WOtRYkT6xf8PZFqkvK9UOFBJ0xo3zx1SqhKbe76Z96OPHIcjfobAQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

Update the SEV support to switch to using the newer work area format.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/ResetVector.inf       |  1 +
 OvmfPkg/Sec/SecMain.inf                   |  2 ++
 OvmfPkg/Sec/SecMain.c                     | 36 ++++++++++++++++++++++-
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       |  8 +++++
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |  4 +++
 OvmfPkg/ResetVector/ResetVector.nasmb     |  1 +
 6 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese=
tVector.inf
index d028c92d8cfa..a2520dde5508 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -43,6 +43,7 @@ [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
=20
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 7f78dcee2772..ea4b9611f52d 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -70,6 +70,8 @@ [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd
   gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
=20
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 9db67e17b2aa..707b0d4bbff4 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -807,6 +807,36 @@ SevEsProtocolCheck (
   Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE;
 }
=20
+/**
+ Determine if the SEV is active.
+
+ During the early booting, GuestType is set in the work area. Verify that =
it
+ is an SEV guest.
+
+ @retval TRUE   SEV is enabled
+ @retval FALSE  SEV is not enabled
+
+**/
+STATIC
+BOOLEAN
+IsSevGuest (
+  VOID
+  )
+{
+  OVMF_WORK_AREA             *WorkArea;
+
+  //
+  // Ensure that the size of the Confidential Computing work area header
+  // is same as what is provided through a fixed PCD.
+  //
+  ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeade=
r) =3D=3D
+          sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER));
+
+  WorkArea =3D (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
+
+  return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D GUEST=
_TYPE_AMD_SEV));
+}
+
 /**
   Determine if SEV-ES is active.
=20
@@ -826,9 +856,13 @@ SevEsIsEnabled (
 {
   SEC_SEV_ES_WORK_AREA  *SevEsWorkArea;
=20
+  if (!IsSevGuest()) {
+    return FALSE;
+  }
+
   SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr=
eaBase);
=20
-  return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D 0=
));
+  return (SevEsWorkArea->SevEsEnabled !=3D 0);
 }
=20
 VOID
diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index aa95d06eaddb..87d81b01e263 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -171,6 +171,9 @@ CheckSevFeatures:
     bt        eax, 0
     jnc       NoSev
=20
+    ; Set the work area header to indicate that the SEV is enabled
+    mov     byte[WORK_AREA_GUEST_TYPE], 1
+
     ; Check for SEV-ES memory encryption feature:
     ; CPUID  Fn8000_001F[EAX] - Bit 3
     ;   CPUID raises a #VC exception if running as an SEV-ES guest
@@ -257,6 +260,11 @@ SevExit:
 IsSevEsEnabled:
     xor       eax, eax
=20
+    ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set
+    ; to 1 if SEV is enabled.
+    cmp       byte[WORK_AREA_GUEST_TYPE], 1
+    jne       SevEsDisabled
+
     ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if
     ; SEV-ES is enabled.
     cmp       byte[SEV_ES_WORK_AREA], 1
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index eacdb69ddb9f..f688909f1c7d 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -42,6 +42,10 @@ BITS    32
 ;
 SetCr3ForPageTables64:
=20
+    ; Clear the WorkArea header. The SEV probe routines will populate the
+    ; work area when detected.
+    mov     byte[WORK_AREA_GUEST_TYPE], 0
+
     OneTimeCall   CheckSevFeatures
     xor     edx, edx
     test    eax, eax
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re=
setVector.nasmb
index acec46a32450..d1d800c56745 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -72,6 +72,7 @@
   %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase))
   %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase))
   %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize))
+  %define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase))
   %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase))
   %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + =
8)
   %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) =
+ 16)
--=20
2.17.1