From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web10.61414.1629321675189865535
 for <devel@edk2.groups.io>;
 Wed, 18 Aug 2021 14:21:15 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=rLrxn3mZ;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: tobin@linux.ibm.com)
Received: from pps.filterd (m0098409.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL30p8028137;
	Wed, 18 Aug 2021 17:21:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : subject :
 date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding; s=pp1;
 bh=M+7oNwBgA5K/PuT+tZPThXv8hxnX90P645n0lB2CfKo=;
 b=rLrxn3mZ26txlBwHPJ5A/pVWW4H5nxnUzCyay16tmcxuF5L4WM6NShyZN5eg/D4FTQuO
 nlxhMzXLObHoKWsYNnJPYZYI6hV+xZ3xNjbHWiYal5X2tfVRpAt5B5R66nEgFzmgjbva
 memJLyYU2zcad86gwiTZDdo39ENvXE685HjwCA1FOoeKem/EVSyqDzqVQBgCctvtw0Mq
 XBSCl2UJ6hrlOKGo0k3Bn/9MOz2h84DpN/9/A+BL1nRs78DXdHwqIGSRQ4o0qLprQYFw
 70+s6eSSTU7fWgj0h6GbtSVK3ZiApIf1AgvHSYa0oh5clnX8Rvt6lbYvIRgXRdCCYJKh 9g== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3agcsrjfqt-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 18 Aug 2021 17:21:10 -0400
Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL4C7f031237;
	Wed, 18 Aug 2021 17:21:10 -0400
Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3agcsrjfq9-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 18 Aug 2021 17:21:10 -0400
Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1])
	by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILILBg002948;
	Wed, 18 Aug 2021 21:21:08 GMT
Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17])
	by ppma03dal.us.ibm.com with ESMTP id 3ae5ffhua0-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 18 Aug 2021 21:21:08 +0000
Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236])
	by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILL7UV38994370
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 18 Aug 2021 21:21:07 GMT
Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E5192BE051;
	Wed, 18 Aug 2021 21:21:06 +0000 (GMT)
Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CF34CBE056;
	Wed, 18 Aug 2021 21:21:05 +0000 (GMT)
Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16])
	by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP;
	Wed, 18 Aug 2021 21:21:05 +0000 (GMT)
From: "Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>
To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com,
        frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com,
        thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com,
        srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com,
        jiewen.yao@intel.com
Subject: [RFC PATCH 1/9] OvmfPkg/AmdSev: Base for Confidential Migration Handler
Date: Wed, 18 Aug 2021 17:20:40 -0400
Message-Id: <20210818212048.162626-2-tobin@linux.ibm.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com>
References: <20210818212048.162626-1-tobin@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: DNYqFva_65Z21x64y0LIuFtKppEHhaHR
X-Proofpoint-GUID: eyuEMVbKuWJfKJd7poyQ6tJE3Rsx3DfP
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790
 definitions=2021-08-18_07:2021-08-17,2021-08-18 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 mlxscore=0
 clxscore=1015 adultscore=0 impostorscore=0 phishscore=0 suspectscore=0
 lowpriorityscore=0 spamscore=0 bulkscore=0 malwarescore=0
 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2107140000 definitions=main-2108180130
Content-Transfer-Encoding: 8bit

Base enablement of DXE driver that supports confidential migration.

Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
---
 OvmfPkg/OvmfPkg.dec                           |  5 ++
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |  1 +
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |  1 +
 .../ConfidentialMigrationDxe.inf              | 34 ++++++++++++
 .../ConfidentialMigrationDxe.c                | 53 +++++++++++++++++++
 5 files changed, 94 insertions(+)
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 3978852557..cfc645619d 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -370,6 +370,11 @@
   #  instance in PiSmmCpuDxeSmm, and CpuHotplugSmm.
   gUefiOvmfPkgTokenSpaceGuid.PcdCpuHotEjectDataAddress|0|UINT64|0x46
 
+  ## Set via FW_CFG to enable confidential migration as source or target.
+  #
+  gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget|FALSE|BOOLEAN|0x49
+  gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler|FALSE|BOOLEAN|0x4a
+
 [PcdsFeatureFlag]
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderPciTranslation|TRUE|BOOLEAN|0x1c
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderMmioTranslation|FALSE|BOOLEAN|0x1d
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index e6cd10b759..982ecaf70e 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -790,6 +790,7 @@
 !endif
   OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
   OvmfPkg/AmdSev/Grub/Grub.inf
+  OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
 !if $(BUILD_SHELL) == TRUE
   ShellPkg/Application/Shell/Shell.inf {
     <LibraryClasses>
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 0a89749700..9bf17b8d51 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -274,6 +274,7 @@ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
 !endif
 INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
 INF  OvmfPkg/AmdSev/Grub/Grub.inf
+INF OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
 !if $(BUILD_SHELL) == TRUE
 INF  ShellPkg/Application/Shell/Shell.inf
 !endif
diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
new file mode 100644
index 0000000000..6e3fa7e51c
--- /dev/null
+++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
@@ -0,0 +1,34 @@
+## @file
+#
+#  Copyright (C) 2021 IBM Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = ConfidentialMigration
+  FILE_GUID                      = 5c2978f4-f175-434b-9e6c-9b03bd7e346f
+  MODULE_TYPE                    = DXE_RUNTIME_DRIVER
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = SetupMigrationHandler
+
+[Sources]
+  ConfidentialMigrationDxe.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+  DebugLib
+  MemoryAllocationLib
+  UefiDriverEntryPoint
+  UefiLib
+
+[Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget
+  gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler
+
+[Depex]
+  TRUE
diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
new file mode 100644
index 0000000000..f0dfbd279e
--- /dev/null
+++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
@@ -0,0 +1,53 @@
+/** @file
+  In-guest support for confidential migration
+
+  Copyright (C) 2021 IBM Coporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/DebugLib.h>
+#include <Library/UefiLib.h>
+
+VOID
+EFIAPI
+MigrationHandlerMain ()
+{
+  DebugPrint (DEBUG_INFO,"Migration Handler Started\n");
+
+}
+
+/**
+SetupMigrationHandler runs in the firmware of the main VM to setup
+regions of memory that the Migration Handler can use when executing
+in the mirror VM.
+
+**/
+EFI_STATUS
+EFIAPI
+SetupMigrationHandler (
+  IN EFI_HANDLE           ImageHandle,
+  IN EFI_SYSTEM_TABLE     *SystemTable
+  )
+{
+
+  if (!PcdGetBool(PcdStartConfidentialMigrationHandler)) {
+    return 0;
+  }
+
+  //
+  // If VM is migration target, wait until hypervisor modifies CPU state
+  // and restarts execution.
+  //
+  if (PcdGetBool(PcdIsConfidentialMigrationTarget)) {
+    DebugPrint (DEBUG_INFO,"Waiting for incoming confidential migration.\n");
+
+    while (1) {
+      CpuPause ();
+    }
+  }
+
+  //
+  // If VM is migration source, continue with boot.
+  //
+  return 0;
+}
-- 
2.20.1