From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.61])
 by mx.groups.io with SMTP id smtpd.web10.176.1630513061970038126
 for <devel@edk2.groups.io>;
 Wed, 01 Sep 2021 09:17:48 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=ew3wColv;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.61, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=PqZuotBfCqghDLc+QtWci/2OHfZrfLZyer9WJzCC5kBp3i1yx+x0Epes/J0/0aNAAy2JDx4ssoKyuu15qUc/njRrhvD6IfRnC5u1jU7m0lQ+te+yd3Fshe4Wc+W0cXf99zfQbi4r1HiKGt64jRDrBhAzsWj1dHxjJxmQb+ziYcbkNEWE6sC+UhLJcnxvPnbQDqU0ip1n4n28FAuMxvWM4jl/giU5qvrbgCt5xPn0/MGqRzr8of0DGzTH68YJISTVtOC0t1J6kDP7mw8qLGbQ2WmbhlS1DRtfZaHJMZYsGcGxlmt9D6lnY8jrE3zigGxL8+P5MqL4Kwh2WrFr2QRxeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=WPvt287+uBijKTQV9IOneZeVURnXj6LsXUCPBmBTZ0U=;
 b=M5FOdxSxvpfCvKvIbJAFsqfpf4/0ZfwIXNa6DS6FzmeMPlMUMyT3pFgv/uW2rorxTxwRnebwMuCG+H4B5RFmFF/fK7CuLEHgENVAGq2NkVxnVGpsp1a76m1Z7zGsrosXI/rnpWr0NvtjKFpZWPWLsKe0DHfxl+my6HWnP6YKQnp2JI3j/aTR6QXj9jWFMir8r77ZGjsKD6FaETZGz2g/AI3ULtEFvmGBjRr46Z1ZNoJJKL+i37K00I+kVrL8UYrQE20O1KI19+nseIyKdrxDldGuh9y4KKYwOznLAIa1rzyfEn0+/Q3hCLRLIA1/NsTaO15R8imbmlWxWnugiUgGAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=WPvt287+uBijKTQV9IOneZeVURnXj6LsXUCPBmBTZ0U=;
 b=ew3wColvScCq6berEqSBqmlGmfBC7UZ3s0ZjJaJEPe8dA7iy3x1VZOe98tVfeR2khKIte8nQjlSyXseklBJvfHCnCMkV2+TrVAe4xdZyNKRqwKPULx/dCK/hW0+XkwMBRHEBhncNQNNS9eaKafG960VJcLd1IOiQolaFTe+03W4=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Wed, 1 Sep
 2021 16:17:42 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021
 16:17:42 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [PATCH v6 11/29] OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest
Date: Wed,  1 Sep 2021 11:16:28 -0500
Message-ID: <20210901161646.24763-12-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com>
References: <20210901161646.24763-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com
 (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:42 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d80aebdf-27a9-4126-e70f-08d96d6406b2
X-MS-TrafficTypeDiagnostic: SA0PR12MB4415:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB4415DB89402828137C962C73E5CD9@SA0PR12MB4415.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	/RWnkVmXFbSuO99+i2dRm1LAgwT0YN60Jc+j784I5cYAVbWPHGJuix2T1i08tno8iZU97CTKs5bt+Mg/Grx1t32+mTejVzIcY8JXvNsoDuji7SbY4VI+RXYZlpsHtVXwG/XYNHrqsM5k05rBnalmZ0fUIDY9dfwh8szoTd7+S0FXVnUK7pSJV8cJvdOzJ17Hv1LX3Q3mFmUfBfzfhh28ap+GDD/NR286VaLkTE18+rxaUpWkdnoi7ICHxyqfUUgSXhVo05+YGB+WbYg89CgWUU12K2eyYuEgNAcZ7Ht7VPsMo08+spFOQ5vs+RxqFoHjXr1NJfEJL9+eZ8aoJl1hVMsXZSLUtAKFlQjIP3P50UbrK920JqwhAi3FDoAid2ZuVN8ye8tGp0TMnSsOXKd19cz62BqISWx3Hm8S/Vw0ywCRWBN07eQrfHGhiBNFUU5mHsVzfYei37MbSKsrgqxzRTYQrUMjy7BpnCEYQP+ijmtwvq28x/sDPK58BN40jWhufv5iAm8n0EpJlVcPHQ8T+4vDnlNvPedhFBY3Cj+1c2y5VUgFEW60kkdDFQCy4FKKQKAsH1Zme/MpCuYi4ad9Ey9v97j/CssunrjXWVq1lhohgk1GK/ITpsIgsc1urx9P+VhaWMvv2V3FBbp44rB/c1DhTKTMTVU0E2IW2Xn6WbWz1NIa62dES8bGYs0xSfkZ3ec9WW9BmM3xKGysVBLsTyvE9FETFnIHuGsUVho7JYc8/VEBWkndgCicWdkyrDowdPtSdPrbsZrmI6v3nIRusDbx1ouhyji4mtL4exCcY74=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(136003)(396003)(346002)(366004)(66476007)(1076003)(83380400001)(6916009)(2906002)(8936002)(8676002)(186003)(26005)(66946007)(86362001)(66556008)(316002)(478600001)(966005)(44832011)(2616005)(54906003)(6486002)(5660300002)(36756003)(956004)(4326008)(6666004)(7696005)(52116002)(38350700002)(38100700002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?bGet4rpd4zbGSCMR37ZzCj84Xqbj16BEI+pVKnuv5aEB5iYudzxFgLosk9Os?=
 =?us-ascii?Q?L2qRZ/Dn6hTbAQBgRx5Vq8FnB7mpL4rruEsgAJEe4nyOkDyDjZl5lAWGZKbx?=
 =?us-ascii?Q?/Op23xDVWJtACD+s4tFbs9rEMN/wxAyXQQ+kV0aeOTFw1HvyIQ1pfAKIGavK?=
 =?us-ascii?Q?fqFzG5dCdld/Ht8pSCbyhWjApnA6/ac4i70filLhSUXUDf5Em1L5EaEf0onR?=
 =?us-ascii?Q?am1sYy51u5+gdFqzU2h6gCnB04mfaT7JO1erZsvR2ZQwVMIYO/qkxVDc/4Ux?=
 =?us-ascii?Q?mX1JpXYD/Zu1Bm+TLDUPhues+17EYCHkQmBhQ2z8shiiCKk325gW46Rf95oA?=
 =?us-ascii?Q?Y1UhPGJMQ85oQPU7+r4/kshiz/CEaNuUMsYun0QTk1tqOGTEUkMc0+Qe10BC?=
 =?us-ascii?Q?rvvFNmxrA86y84Ufzg0KNMwQrJ0VnxPTyuqgnAWmvLYXfshWnuS3AaGiURWv?=
 =?us-ascii?Q?fhddFCozytckvBuHOHH7Lw9e4S5r/jxWufAFJVwtuDyhBAt5+P4nMDb2IbkU?=
 =?us-ascii?Q?ZbG83R1CoIykXpTNaNcpAelIf9aikDqtYpYYu8dYRMaOp2xnBSwteMvIaAUX?=
 =?us-ascii?Q?6pp7j3ktFRNWtDHpx8Uhql9tAIIY+hzGiFY7p61bpWh4FwnG69pThFsaZ+ZN?=
 =?us-ascii?Q?nl9vI0DyHocVzGzvYdByb5mGUiXwNnmSCiFL+U/1LKxD5qZQRO1yk9yUKmTD?=
 =?us-ascii?Q?uhpgjLwV/SX/BsMLsx0HKzu24W10imXAg/YT5RrRP7XqRJGofnNB+K4/fhJY?=
 =?us-ascii?Q?1L6S0MIp9MuDUMg3ehNdNLa9CDNWyHlRw6CpAMbyNPOqX3ig0mLN4+B9oX4C?=
 =?us-ascii?Q?9Hg7lM5tIPEjxxePjylnZcSlipi5vm8k+byKP/A2JBvyBIHz6CfFGpTGkZgT?=
 =?us-ascii?Q?DBvz7AZV363zsnUKtlOs56bLj16Xp/p29oifORq+W1cngMwDZ7Y8dyYBh408?=
 =?us-ascii?Q?Ou+zFlEKSl3CogntGoACMLdBY1m6YY6PwIYyqTLwfG8AmOQ7qClkSGw+8A9h?=
 =?us-ascii?Q?ft5G9ugA0YjwSf17fSQyA6GhbJlHKfnKL4Li8TaT2QAswWLs4HU7H5LfC+nv?=
 =?us-ascii?Q?hix0mhrX6Q/XR7cIczN2HZoLNwfopB3/io1J0B1T2voq0/nUK9L7j1u/C7YP?=
 =?us-ascii?Q?dxuR1UpyEYJQKWq8JRF4VRd+NXm4ovSnYvziKDaUfQQQHuG9AZo/AzwuN2ME?=
 =?us-ascii?Q?ob5oGkyGH1In45WQ82X06OaRMLnhKRcSmcj4kV3ZsQZfVcuBsh6cLwiP24I/?=
 =?us-ascii?Q?6tueJuAeOhFWOVeHMwbJp69kk7Ri4bQaeDnfQ3/ZJ4qZofGy8oyZAWX9HxGG?=
 =?us-ascii?Q?gPTyDBViYPKWWvqgAufsiLis?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d80aebdf-27a9-4126-e70f-08d96d6406b2
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:42.7969
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: cnfd0LYm4tdE26wsBqTqCYFIkIkdL6xIBiASIWkUHVtO8eX+vAiCWKsS37Sa3vdlgcFCOJ28jLFKp/Ffe0FnTQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/Sec/AmdSev.c | 88 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)

diff --git a/OvmfPkg/Sec/AmdSev.c b/OvmfPkg/Sec/AmdSev.c
index 3b4adaae32c7..054f19216f1e 100644
--- a/OvmfPkg/Sec/AmdSev.c
+++ b/OvmfPkg/Sec/AmdSev.c
@@ -48,6 +48,83 @@ SevEsProtocolFailure (
   CpuDeadLoop ();
 }
=20
+/**
+  Determine if SEV-SNP is active.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+
+**/
+STATIC
+BOOLEAN
+SevSnpIsEnabled (
+  VOID
+  )
+{
+  MSR_SEV_STATUS_REGISTER           Msr;
+
+  //
+  // Read the SEV_STATUS MSR to determine whether SEV-SNP is active.
+  //
+  Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);
+
+  //
+  // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+  //
+  if (Msr.Bits.SevSnpBit) {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+ Register the GHCB GPA
+
+*/
+STATIC
+VOID
+SevSnpGhcbRegister (
+  UINTN   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail=
.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
   Validate the SEV-ES/GHCB protocol level.
=20
@@ -88,6 +165,17 @@ SevEsProtocolCheck (
     SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
   }
=20
+  //
+  // We cannot use the MemEncryptSevSnpIsEnabled () because the
+  // ProcessLibraryConstructorList () is not called yet.
+  //
+  if (SevSnpIsEnabled ()) {
+    //
+    // SEV-SNP guest requires that GHCB GPA must be registered before usin=
g it.
+    //
+    SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase));
+  }
+
   //
   // SEV-ES protocol checking succeeded, set the initial GHCB address
   //
--=20
2.17.1