From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.79]) by mx.groups.io with SMTP id smtpd.web08.180.1630513058900363660 for ; Wed, 01 Sep 2021 09:17:39 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=gxiERFzT; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.96.79, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J5Ije9Mhpd0ScJSse8lcIM8OXGvb2rac2ehppxzTPv2PVLzFH6T2u6GVIPyYAzez8Ix7wMIx6XWAaxoD9z+D8UiZ/k9C9d+BohulUPRB2rWX5PbFsa0CgclnXTVfcM6zvFlzsw2NgkeGNxMgPO2ruMS/OnOwSnz8ubEAQtp1tzCGq4jp1xRI2/OPb8zlUSa5XeazqLa98GklzDT+yI/PU9mqXeuUTOAmSNswsmjSg2X/CULsf/EgMJeeMIl8T8t2GCp17zMob4J/FkjxU7zuwJZi5nEjMXGND5hyvwGsG3tk3zG95Bot55r7gCnVgDZKl6etlsf86OTcNErXJ7dfmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8OkTZWmcVby8DkIdYFjiJEiowUuxxivA6vO0ABgKU2g=; b=UsUWWudK8yHPotnPLOEB7/xdNc/QBxfB1ctzPB9gutVKMH4RKYBKV9L4l526RrEvUBVtdzRZ8bF0V0vHFqAeYe9IVpGfE4Tv1Nt8fWviSJzE/HCKHJRVkKZh1nQHYKkLXBe8qKrUt2tTmiEOckDVyCk99O+Gh9Nos1aXcn5aQ/i8pxs+wEfE1u8ErQq2lkQC4v6hYllvkR76LqzU6ddlJSd0AkGieBvBMeTMJi7cFpewXBrcilRfZqNztRmvQZQgjcdwG/mcvC+TDU/sYbiQVTvIAKCiQNKkZzkfdSxBv9GRfSgGOzoSmoL3hjk7r+PzBDK1LakCTwyDEj88ogXmXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8OkTZWmcVby8DkIdYFjiJEiowUuxxivA6vO0ABgKU2g=; b=gxiERFzTcdJerPZbMqkMmkyXaJtCTAILYzAh6GsfmSMEcPXWkYi1avCFuarb9oxF+GwHhmuajJBdQszF7chxFQSCDwqYpOOJd+4ep9BAmfQzPxYUuGsfXhAOhp2UwM0MfvLJhuYh94DZBxEG3TBPo7R6OxC7u4lYruqihIzjsaY= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4525.namprd12.prod.outlook.com (2603:10b6:806:92::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19; Wed, 1 Sep 2021 16:17:35 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:35 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth Subject: [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP Date: Wed, 1 Sep 2021 11:16:19 -0500 Message-ID: <20210901161646.24763-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d8e6e6ad-d4da-46df-93ea-08d96d64026a X-MS-TrafficTypeDiagnostic: SA0PR12MB4525: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: F+5WghNtlto9cS3Lhls//vAmuo1ULomss+MyX/E6/I7Il7qW54vyvd0Qk1Go+4c8SmxJ58sP3gPG9021WVBL5Vo05S1v9H5wepZ8m2LQHRAMGVsEgDyULQqFb0zp0u6y3Ol3l/eSZTizJMDJ5cOOMfQNlmerIjxvwWD/+esluBtP4/942RHrV+Yh2NO1QxQQ4f/KoOeHV4rG0ozcO6g2JsOvtl5MnPUhlx7KSI6nzmk4tmi81imX5H6YGkC2EC8QYLNQuTofdqs5E+y/AT05IENmkOaO9QIdTPljxCK2lXRCQ0qu1KB9grqBDMPJEWdPdKTLcgDfMMqcg/HeNv9J89Rgjc3E7waaRsKCXnUNhV7/e5App5eDJuxlm3xgc4DiXcvT8vMtvrBb/NFZ85B8qTE0LUQ2SG/i8YR9yVX7Z+rr4meBcUhmE/in7RbX7YFveZ05IotuaP9M4n+7DbVI6V+6ObxZRUEgC636S/FxJHeuv6jj/ZbvqwhKIpRUIIgjxqCULf7K9DIi5jOLeEaA6CTF7ykTPi13R0VEjzH5CMESoFnTKCoY3jnlvdJwcX26g7GfeIQ76PtwwA0a/1B//JG7sSO9pFtpGwecewo5fTCmMMRIU+D08H5wZPEAJq8ETURGxz87KccU0OYODZzOpFWroEYDh6iyzSeyaOWUuXddBaVYXy7vvYbG7YGJITDkbIoo6a9OFX1hgNviIwl6kFI1ZOO5l04ToSlI1o7iPzfmpEJ4NGZGGfKsmFwWMVf9r3kXGdfyuV2fCX80SKkD0Cn9dRHDrRHww8IJTA2GySo= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(39860400002)(396003)(376002)(346002)(1076003)(186003)(4326008)(956004)(316002)(6916009)(19627235002)(66476007)(83380400001)(66946007)(66556008)(2616005)(54906003)(38350700002)(44832011)(26005)(2906002)(6666004)(86362001)(5660300002)(52116002)(7696005)(6486002)(36756003)(966005)(8676002)(478600001)(8936002)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?U+xJUH8Z14w/2YCtr4GME4ZsJ4niJyImGUFKUhxMlhhZpUulcWdhiFjPGzzd?= =?us-ascii?Q?4SA5rWkCjJgyRh5CanOnp+c9TL44VpI0GEOLrSKmFHvKYIDy8MMp7UrHtiXM?= =?us-ascii?Q?8hqVESvR8BBtR8ojUEd5MuA38jdmgLGwXnCrliuTbotFYJm/mRZMO/M3SgrN?= =?us-ascii?Q?4l+WkQDeg5TlB9rQKGVN6OxutaLaj6jccYC38WOvgfYABaJA3lBhjRxEqf6B?= =?us-ascii?Q?3IbFB4qF6F1Gy5D8WeVv+gRQNr4EMjzxww9Y3soqoCzwHWqAuOoA6wH6MAiG?= =?us-ascii?Q?N91RBHgAn39POXY9a3bOWbfL3gGCZB9TneE7BYXTIB1yjoj0MQoZ4LT0tI42?= =?us-ascii?Q?bzf7s6w+vmKvD3Pv86uiMLlGWQmOmd3MaLmKE/LFwLJB2WewGZ2q6yTi4cCJ?= =?us-ascii?Q?JnII9jilyYX2Pp1V6jF8d0DX8UMC4+LTf0beTo3S+6NQY7GFZZD7gTg7MmGt?= =?us-ascii?Q?NHTFbKtzMHrYtpqt/iZmHYnHYwU4qLzX/yJIsq9K6lfK3Ebn3G03glwq9mxg?= =?us-ascii?Q?9uc8ganswBFMW8EFFW7C/XtC0aoOFQ/L1xcfq7sqT4lXsT8YGmyJVJETWRG7?= =?us-ascii?Q?zqqI5DJFAHgxu3eLAnSEpFaST18dLxqspVJhwqGeGsUIDhHFv3dngQlMu9oC?= =?us-ascii?Q?H2wJ2IGpMG0jG1aw4rggLvVvWG9tQ7//AEESgY6mhpUR+L8zpTvfziQ7aPS9?= =?us-ascii?Q?JnJk2mVELvi2+hrejqt8YRJEFUQGNqDIrqmNqjTibca4f6Fj2uBwtO1VeB5f?= =?us-ascii?Q?0H7YuhdxGL6VGWq3D+Z2dmWla7Whouko9s90rq5DnXzZKfO04IyJZhsvzIQR?= =?us-ascii?Q?S44eHrkEul2Wtwkl+UpsOcCUhaq74sF8dT3w9/cFhIEn/KAB1niBAnJzfvbq?= =?us-ascii?Q?ZoLFyr0ce6yQdNJGyrtWVYphXF6hZzB2yEgKEjFW40mslgU1r1KnKvBbH33s?= =?us-ascii?Q?XTN3c4/WD3INrBvr8z28DKrAxmaKQ6kOyioiwa2hOQ8vyIn/qLFLo35udRO8?= =?us-ascii?Q?zI6nREHx4LUprCERngC8YarxnQ9MJ5eBfQ5QgYMIlNJuvrnWTocf6L+icfCJ?= =?us-ascii?Q?aBdvdp1gDBueBjp94pRxypn1Z3Z5hwOkGA5T2B3pmg1kX5J0LcnWG5l35wng?= =?us-ascii?Q?bLpyXt0fitYgT1/KVWcJTYW3+xba7FNV+0JePqf7ydOBYA5aZadmPBSmFJA1?= =?us-ascii?Q?n9BVROqm3xvfbyD/ik/JF2gqlN/HYBC7LfXqvBk52so4QIWlsm54cd2xMeHu?= =?us-ascii?Q?XtS4uSKj5zl/mFokCxDhehMZpS5IwlyWf1s1Mma4kQv/LHsYaEHylCGm5Hrh?= =?us-ascii?Q?crRLjMlLg65kBXPo24tsLWSB?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d8e6e6ad-d4da-46df-93ea-08d96d64026a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:35.6410 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Hfax/wV2MBh1sW/DERhkvGIZKOWYABlDKTmqcxK1Y7EQ4oMtlAQX6BcPZEravTBel9cBUJOzdbuvW9yQLOo/Cg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4525 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Platform features and capabilities are traditionally discovered via the CPUID instruction. Hypervisors typically trap and emulate the CPUID instruction for a variety of reasons. There are some cases where incorrect CPUID information can potentially lead to a security issue. The SEV-SNP firmware provides a feature to filter the CPUID results through the PSP. The filtered CPUID values are saved on a special page for the guest to consume. Reserve a page in MEMFD that will contain the results of filtered CPUID values. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ 2 files changed, 9 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6266fdef6054..afe9b7135560 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -347,6 +347,12 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x52 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x53 =20 + ## The base address and size of the SEV-SNP CPUID Area that contains + # the PSP filtered CPUID results. If this is set in the .fdf, the + # platform is responsible to reserve this area from DXE phase overwrite= s. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x54 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x55 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1= 0 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 5b871db20ab2..1e292d11ace3 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -91,6 +91,9 @@ [FD.MEMFD] 0x00D000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize =20 +0x00E000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfSnpCpuidSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 --=20 2.17.1