From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.82]) by mx.groups.io with SMTP id smtpd.web09.151.1630513055289667530 for ; Wed, 01 Sep 2021 09:17:36 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=xRpkrovz; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.96.82, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m2AtZ3oeELp7JkjJ0cucPTsBWhHgd5NZYm0eKK4quchizwazPokFkPinRzi9oelbao2oqvrV4hPEzZI8JRP8yy4z1kUHgcZX+MCglQrMvkTJS81LIE7fZEzlMnljAPifyYmOVdL2EF/ncxzQyuKHKgcaGKgN0WxiFnQQRY/iMTICiYHDWqTCMMeNS/AZcHtj4c7jhkbMlbbqiqdZyE59FYX2xmGTrB54zoolwNDR4Urbb/s9Jjw1tTlFQYLe0JWkmx7EbEx0J3RjWd530S7X90AiOS6vhP7r2AG6mDhjFE6opT5xt8JhL5wNMwxzaD+vaEWVRR0wtEW7zJmr5SYxHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EC5azXKMRfzEI215/YLeNa7CA9RVQ8LpIaE+hWletp8=; b=DjNJgE67Hyrrtv9dwPxiD+Ad0nuGLkpFHulI8GpAKa391/zyQCbSWR+YBdMzVCc38ShKytfvP7GCwuds9uBzLec2aDdkCMoyUgJlR8QVkuEzkSOggcuTve+7oT/gQqz9nKU8sbdWgyvTB4yXT/xTK2zVJVjJMDQKKFnVznZsCeaDUPee0TdYvPsN5ZrQdLl+pBAPtmcoRqEljFPQvd40lrm+UR5AsjoJ3RXbgZhxwRGSK6oxqEM3Dl/VLtU5lDpUHntO85VtkizSmd7YAjKZVwNqBNUERCefYf8w1Xty/EFTimvJyrkHSKV6PCp/g3qEgc7/gzbWUjOxk2bvDD4+Uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EC5azXKMRfzEI215/YLeNa7CA9RVQ8LpIaE+hWletp8=; b=xRpkrovzZN8WOl1ZUmfUCWTs/4izBjv/EHQ3QQkE8OB1vcN0ygqp0fYQfbWu02AEbY8i9dTlwDMkkGEOgaogjAKE9bjY8TkL1q7qAZ1PYn0I7rgGkljiKZDwnli1lPW0AEDXxioBDqKbP/rINKCvKo24zmX96xXK6rKGBf51oN8= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4525.namprd12.prod.outlook.com (2603:10b6:806:92::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19; Wed, 1 Sep 2021 16:17:34 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:34 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth Subject: [PATCH v6 01/29] OvmfPkg: reserve SNP secrets page Date: Wed, 1 Sep 2021 11:16:18 -0500 Message-ID: <20210901161646.24763-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ec375d3d-172c-4018-4b81-08d96d64019f X-MS-TrafficTypeDiagnostic: SA0PR12MB4525: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dVjf4QV5mFLAiLLLStWaOvudFbiVDDZHl16Wi1pFxKnKH2OV6tFrHS7csdPI/PAg4CvxB3s9f1kmfPkiapNFAoNSuw0BwVFEoKS5XnQdXICY4I1vG7SE+Ou/8h1eQ1NCfJdD3XlTiMzWuY3orwVXnUQemcD/Jw/R4VD/HAcC1CkzYwjwKjZckXz5BnNDfdt6DRYYcpxEk9awud0RhdeyVt8jcF8QZlIJ/Hav+xJUe10/Uyo8p7dDVKFevnkv8vRodYkm3LMzoCd/60QsXBtuH0paqOgxbSfI6R+4dtuGjTo3yoQHrJZ3PnNxDlBTWsbFj0PUanoaEtAi+d63fKcUCcXbaikAXd4hBXoK/MbQjcE6Ms9m6Bd8QKx8DDlnxbtCZbDKsIX/x8WogQe9kNoEtApX1jFzyRpYLw1lfj53N4vOfg1qXfdQuIn2FS0FjnxMYSETqF4bUQYfIZ4yXep639dH2DyL7FI2Jck+vZ2nG/lHmVnpJ2MSkr0OwcbiSqO7L9nZ+qA73RAQhjxzEehqPFFz0N3HGOI2TTp+3Eike2LqOJi0Vm8CKENjc/aJYSQWkz2c3+WxGxTGMV1D96JgbFmSsacyuirqm6prxfT6V60mN4PHrMplNv+A0OEZ9Hq3zyAEVy+PFiagn8b2omPPgq8kpQ0rmv8mepeg9yHHC1Dupz4NhDJQOsilVx905e1auExQlKJ6aZoGZZsmzd+EHq07yKL/nqoiDwGOMMmmRlA7BN44Xm3Bubih7yEnC4/Drld8l6rZFS/H14vMMe6HtS5cNLHU5Kfdn3AvNmVzSYQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(39860400002)(396003)(376002)(346002)(1076003)(186003)(4326008)(956004)(316002)(6916009)(19627235002)(66476007)(83380400001)(66946007)(66556008)(2616005)(54906003)(38350700002)(44832011)(26005)(2906002)(6666004)(86362001)(5660300002)(52116002)(7696005)(6486002)(36756003)(966005)(8676002)(478600001)(8936002)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?vg7lmaw7yXWLNCZ7g04IEilxm9szZh6PH8ON5957RieDXbr0crQgpMLElINf?= =?us-ascii?Q?RtNV4iiuSmqpHz34ix32BymswNb7S5tap907F1Yu8w4L2tBmNeLmwehiiaBY?= =?us-ascii?Q?HREisvqpB8+Z8fiig7kLCp/jsdaVEXaqGGiQu/BlZlSQN4eVBZYlMwiQJvb1?= =?us-ascii?Q?Hzy4uwLrW3OqjQcEZVXP/iSspmSvZf+jAtyaauHLr+/tQY3sRg5mBGIjQJrN?= =?us-ascii?Q?plES3bN7CAjWyvRsMvx9nzBfObl84tbe8NiSJb0FDj+u+66/1eelcErX07NV?= =?us-ascii?Q?j72X3Sse7AYkcLWb4204ZLUKy+/UMc94arujV8EvRtK51Vi+wGbdHQ+d8puE?= =?us-ascii?Q?TFXo+E4Z+WLVcIjaXqJLRDS7JUZ2Cj+f2z22uXzzkuHPTCMAmbcjxbCdy04T?= =?us-ascii?Q?geLGdjDtsyUY5+GQriscrAFzsvE8Fjr4ShN0Rm1MUeo4ClQ/SVw8etcTkIgD?= =?us-ascii?Q?j91V5ay/pKAFNN7hV4Oc6b/PoXm3uKtlTvLPt75jfD7Ihwb4l9qSw+8eMv4D?= =?us-ascii?Q?/D9tyMPX21UYk5h9Tp6Ml9lfCOT/O4I3yYKyllhwl03ZlyiqMWOMOK8Tiqkb?= =?us-ascii?Q?mJUWDlMmsInYbm4QEYZKSIjfqOYgu3UXtjV2+B+ImjOZfBgp37CEulOYE88+?= =?us-ascii?Q?qnnOFeG8B44H5RTKuPCrzGYNbqUoD72oUAP+sL9joiL1bnOATogJmandyi3G?= =?us-ascii?Q?KC0Q8h57qYBb9z6ON5sFd0u7FzDeCGMRF1HEdESZAilUoENSoHdzNbFnHmtt?= =?us-ascii?Q?LuG1WdPQdPO90hkAiMS9Hsx6cCSJ9WrBZjhENTxa6wAqlN2UZ5e+Yya7p0Xs?= =?us-ascii?Q?lTgbZC2Zwl+UtoPL9vn3PUfbKZmxGFjJsexKsfTXRJD2N3f5/kL7aeQzKtrs?= =?us-ascii?Q?6UCpFVtqwqe5OndW4NlbhVbQoSFBVdM2VZANmEIavfb34hqyIV2vw8rOtqb6?= =?us-ascii?Q?1oxbs/dzgTJmPOdfHn/10YOM6Jn7qP1f8WY3xC31WsPOulP9LYv8gB3D4ntF?= =?us-ascii?Q?dp1epjc6Vis7jiKRM4DDl1RMSUqL2K5UcFE1u4SpGSgRrpWQB9AJag/BFmH5?= =?us-ascii?Q?qDXMwf5MQzn8oA564rMPayUFBehaOkINZ/LUa4ggdJPyLQPEQ+DnUCTPt1Eb?= =?us-ascii?Q?68PNXS8T0hA3Okvj+Fs/NswGBwr3bnN6AJH4cIiVrFPAF0us4b8qQpwJrmxS?= =?us-ascii?Q?ne4wldDPYZZ8i9IQtK7pPiVGHkdygIu5T1olR7uENadgJSO1ByMM+jjDPpO4?= =?us-ascii?Q?vPi3eFPIqLSf2v/D4Dbub8jWtTF2+xuVCTq9s2JTYy/v8B/kpIoX5ufK+XWb?= =?us-ascii?Q?+eVaejQT7GQwb6fU+fKS4Olk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ec375d3d-172c-4018-4b81-08d96d64019f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:34.3078 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: p+QLIHWDIn1iBQishyq3A63awMMjVJHYX3MhnuMcq07ZVYnE9Q954Oaf9ju5hJvPH2Ks8giF0UmcZhCvzNafcw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4525 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 During the SNP guest launch sequence, a special secrets page needs to be inserted by the VMM. The PSP will populate the page; it will contain the VM Platform Communication Key (VMPCKs) used by the guest to send and receive secure messages to the PSP. The purpose of the secrets page in the SEV-SNP is different from the one used in SEV guests. In SEV, the secrets page contains the guest owner's private data after the remote attestation. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ 2 files changed, 9 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index c37dafad49bb..6266fdef6054 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -340,6 +340,12 @@ [PcdsFixedAtBuild] # header definition. gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|0|= UINT32|0x51 =20 + ## The base address and size of the SEV-SNP Secrets Area that contains + # the VM platform communication key used to send and recieve the + # messages to the PSP. If this is set in the .fdf, the platform + # is responsible to reserve this area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x52 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x53 =20 [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 23936242e74a..5b871db20ab2 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ [FD.MEMFD] 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 --=20 2.17.1