From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.79]) by mx.groups.io with SMTP id smtpd.web08.180.1630513058900363660 for ; Wed, 01 Sep 2021 09:17:39 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=B2/NqW2I; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.96.79, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i4KMjUauVeonBFaQIvNKWC1hc9YFVYXW1kxeDmz+yti/XpyLHgNO8FRYZ2mpvUy7apOCUr1eIqTBKezrI4DRlgjCMMtgfz99DffF4pVlbb5BqkclVHsSx9QgXZqbEb6FJevROUwmiEIeUWV4unFz0fBmlLe2xFmEj+YdqpXTFuQJTxafIbbjtrpFWuBzPlmlpQnRZkIZKy1ubaR48dPzPK8u4CB0ArL9bHuz7X4z+1iVP45wSm13Vf20nT1js9l1yfc6Bt85iCtqFzNZNzzd2cXxPxsglzCNmhIQoqHunQ2s4KVrvCBS9xd+O9nWQjgjV9bt9qO0X/yoMEi7+aqsVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ox7HDwxe3Sq/LSNdk9PE5eDiVOJB1ad2DW9PV3FQGmQ=; b=Y8MEDfL2a3MaXwHWTgz7p2INWMP/yaetaPFkXl1sbpspozrCxe9McOD7/2Ie1NJkr1wGGVlKwPVvNtBn5a1CGnnvL9CZyTjzCupY+p+eyT1FAf1tMxS7cB+e+U6aNKiwS8r3/sz6MWEJ0Mna8XP/PG4V/i+FPMIE4WqiPw09J+QK23MzoBifS0BukBuCfcTwkaMmw59fhYtCPwwaTXW5nb0k/Bs/BTsVFAx4qDZTijlh1dvfyj87mCvaQpHyrx4O59RC0rs3xtrsreY/y5fq7UDMLKRwuUmOfD0junsCpL6gkB8emuq5U6AnQpzvfn56YctJLnW+n/fg96z3mzO6Hg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ox7HDwxe3Sq/LSNdk9PE5eDiVOJB1ad2DW9PV3FQGmQ=; b=B2/NqW2I9FkvORdJBF+YjseqBULBBvRCNSYLIY+MMUQxqmu6deeEw90RaoIDkWMICgVaiXn9G5OM3GAWOt93TwDOVNTksH/pF6BYLstvFpuDVwbpg0L9XG8yA/K0L5eLkwuVkz4DeRhd5UkhkAE3t5BFmZaZ5+oOVcZP21CUXTQ= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4525.namprd12.prod.outlook.com (2603:10b6:806:92::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19; Wed, 1 Sep 2021 16:17:37 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:36 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth Subject: [PATCH v6 03/29] OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID Date: Wed, 1 Sep 2021 11:16:20 -0500 Message-ID: <20210901161646.24763-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c2a02224-390d-4333-7688-08d96d6402d7 X-MS-TrafficTypeDiagnostic: SA0PR12MB4525: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:626; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: n06CfxrFmYYcGqGXvKON658t0+llid3vRKuPJJVIeRCpyidq5FGjnWi9JYND6dTxI6QTBOKSoxxL7PZsWLznvhy0es9nbTi8o8SCAPgTnSrIC+7gOTHWKelB01vQrx8fRbydqqUWd17j3+hRRmrKYZkx1q/mV0d8TmWdpt1VTiYtCGvDXliT0v3no8eqvT5lKWNQyfA/3hjnDK50U9tzCztn2wok/uRt2peEYlFRNDDVcCfFJ//W7okwegSGrTDP37djQnBov90tWb/V7pn/rwtY8CJAZDKnXjGP2Kz3awDhympkwa80LNdYg68RLmLoVZdWQ939JpLDUMHFSMjfJqPRM0r00zo2rXx+3A8+OOsbk3HHTo7/+x+2mYoOo8IlWxfrg1yyvZXzHD/LH8JjBMjdmlSXAdh1r9m+NDpqQ89+lfjXnMsRpIs4L3b6lUZIMA/Y73j0OAa2eNC1F/kioWFeLT345do45F3DPy9VBqwOuykO+8Urm1Qt7MHL0AmBeMixvd0BUHhLbAS1z+XvMCyvvslDGkZ/8om713JyRzfTXsMx1SXfLGgT9pd+GeCC5vJBRHMwBtWKJ0vWnlxivvjJkkd5+jzXl1ieoGRTJR2RtQHC64P5yAatbsmTPjTpm2iNPoFvwAx/DorwDeeShtwzBEgCyDCOuHL6paAxf0Ko9klg+zpnfPpQfYEffL7LqstBTzMyyMoaM7j6mmDh4SQbvbPBs2hrKEmmZiQMLKddgBx7TCs9PhGO3mAUCjJSkvj9OyZsAkXS0izPCcEJ0LcGHcO1Z+iKU4+jhnyFyjE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(39860400002)(396003)(376002)(346002)(1076003)(186003)(4326008)(956004)(316002)(6916009)(19627235002)(66476007)(83380400001)(66946007)(66556008)(2616005)(54906003)(38350700002)(44832011)(26005)(2906002)(6666004)(86362001)(5660300002)(52116002)(7696005)(6486002)(36756003)(966005)(8676002)(478600001)(8936002)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?qIPXeSL5NNkiMaXFc15tLf3BvzwowLDnV25VpIfwZnsUTahuH1xpnHl1fFE1?= =?us-ascii?Q?o41OBFVxX7WV3Oe+C6z5xgDY2Wq/94TkO1WUEYwk66SovUSu2M7JinXaMzb0?= =?us-ascii?Q?Qc4JbQrbWkUmec92KkO4IJ3LOe1gS02cgEJ2Gl6PR8mf/0CmGbS/KxxIkrDZ?= =?us-ascii?Q?NWQziedN1rlR/sN/G95Rd4chufzU5YvJYbke9DlDepIJ44asNFdYcyRDNjcP?= =?us-ascii?Q?RVaJ7dKQ4NEJmFYCBUjYlgxUolfCZDxZnLdFDv6b5DQdzfzw8NdSBkn7Jja5?= =?us-ascii?Q?D67cmvsu5PHlv8AwX9Vb+36UxHP5CpKbh71r40Aqv8Wm/LK7/P+ORZmVCE4O?= =?us-ascii?Q?0RkNNGWxLuxaEUsdLUjZ1VqA1/MXEUf9lFiebwqRbC/6589Jp7HVjGIro4PD?= =?us-ascii?Q?HQ73Lk2bbSFk6H0U3xbF0etwLGEqx0NYFOg2cQm2LPy49EGL88BCgRDUQUoX?= =?us-ascii?Q?cnslXMpPYBCf7GhlrqRWZOS7c9mTdg2z81iTD6zuCyXS1FZ7A+OGp8sHfa1z?= =?us-ascii?Q?WudKIqKjR0B1FqyD2BK+166qAkvJJJ45VLX+qRfQGKwQGCwR0XXnQu/wKRn8?= =?us-ascii?Q?XoXfos/G9R10c+Prt1R6R/bZ8Qxb9FqpRa9QcMZoKxxH4LIXj9N4rfO4Zpl1?= =?us-ascii?Q?zpajvyg2sp0MnrMkuP224HsO16StL3Ex5gHIWe+Ogvtt0KrSg7QdBXC+IYq4?= =?us-ascii?Q?yFYAsFybQajUZd+k/6Ft0Lt7D63mRfnKLCRA1Ylhpl3Z//W59XNzMKoWI971?= =?us-ascii?Q?z/Ebnr53LDX56jCbRFOSx83gsGf6kb+qb2cC84ArUgZiMFFGxjJiafDn/2UO?= =?us-ascii?Q?ERvpy/qQRRix0IKccNNX759tfuT4ntuAtXE72YZzy0j2wQxix6N3XbhCaQ7P?= =?us-ascii?Q?e17IF2LqW6iiyDBKNmzGSIep8uYVB5USG4WMBHqLIwpZXwW3RLBKwsub0jKn?= =?us-ascii?Q?xn7rPyZM69z61O3J3c6ZJWrKszSvtR845RhhSrGymbNihJRZMUx4m0Of2g1T?= =?us-ascii?Q?Wg3xs8dKlRNnBf4mHCZIHokMElRQNDV5qjGKlbHh/pUyKg+iuaxDHlr4XEOu?= =?us-ascii?Q?p+qgG4W16euWlcXKUDQw0NQ+3Zle//vvxH/fH3f3cTQygQPhqmbpNdfCicjh?= =?us-ascii?Q?R7DBjzoaMeSKeqeKCYA5WjK63wQ3K5Tzf95eGJsNEK2CQ3LPWkYRFHkJoJxy?= =?us-ascii?Q?DkWvpphztzvHV9yGPZ3fW7739gpq/+JJq1O0VP25iV+ZbwSUcjhinxX1iGjY?= =?us-ascii?Q?Yxoj5oZ27zNHMiyYq+7Pl3WmYhLZl9NhxN3uYHSosTwOM6JyOpgwaLmb5/lI?= =?us-ascii?Q?X/U/FOsgIJISROL/KbllxLsC?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2a02224-390d-4333-7688-08d96d6402d7 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:36.2937 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MiCWsJK3tYNt839J3dLHBvCeXq1waCMvdkS3K7QOBmO9hqeqEEIGDYQ9b4nsuNKHPSUNj01Z7wn0w6fWGVquxg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4525 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Introduce a new SEV-SNP boot-specific GUID block. The block is used to communicate the secrets and cpuid memory area reserved by the guest BIOS. When SEV-SNP is enabled, the hypervisor will locate the SEV-SNP boot block to get the location of the Secrets and CPUID page and call the PSP firmware command to populate those memory areas. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/ResetVector.inf | 4 ++++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 23 ++++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 4 ++++ 3 files changed, 31 insertions(+) diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index a2520dde5508..34d843de62c4 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -50,3 +50,7 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 7ec3c6e980c3..71e1484cf4e4 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -47,6 +47,29 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart = + 15) % 16)) DB 0 ; guidedStructureStart: =20 +%ifdef ARCH_X64 +; SEV-SNP boot support +; +; sevSnpBlock: +; For the initial boot of SEV-SNP guest, a CPUID and Secrets page must +; be reserved by the BIOS at a RAM area defined by SNP_CPUID_BASE and +; SNP_SECRETS_BASE. A hypervisor will locate this information using the +; SEV-SNP boot block GUID and provide the GPA to the PSP to populate +; the memory area with the required information.. +; +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 +; +sevSnpBootBlockStart: + DD SNP_SECRETS_BASE + DD SNP_SECRETS_SIZE + DD SNP_CPUID_BASE + DD SNP_CPUID_SIZE + DW sevSnpBootBlockEnd - sevSnpBootBlockStart + DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 + DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 +sevSnpBootBlockEnd: +%endif + ; SEV Hash Table Block ; ; This describes the guest ram area where the hypervisor should diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index d1d800c56745..9be963206989 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -77,6 +77,10 @@ %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) + %define SNP_CPUID_BASE FixedPcdGet32 (PcdOvmfSnpCpuidBase) + %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) + %define SNP_SECRETS_BASE FixedPcdGet32 (PcdOvmfSnpSecretsBase) + %define SNP_SECRETS_SIZE FixedPcdGet32 (PcdOvmfSnpSecretsSize) %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/AmdSev.asm" %include "Ia32/PageTables64.asm" --=20 2.17.1