From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.42]) by mx.groups.io with SMTP id smtpd.web10.1354.1632163593290461097 for ; Mon, 20 Sep 2021 11:46:33 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=ZcZNkB8f; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.42, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q3qpo/ArIRFXxK9DJ5yVrV133WOljyjhaMJYQX4sDm8QOLqwz5F7x8bT03jOSg0tKwnS+wVtlseZGeyEajQoRST5Hmd2hMoNyLUaGwXLQwefrf49Lv4paXVgC6WLYAV6mvmTTwh2M0cLXOX3+gqXqtkGjBDP1Ehy1IJDjpgEyU+ezV0G9qT6A5bkIUkD7v271xCXF86kemSckurCDaaBx7n2+cnzhulnhNJNsoi1Ps02F9M0urnkIlfgYYLZUtPCL2awPDY9oQo7l1yd6TxDH7xaVqPscCqqlln5jXzrQAdqmBpfCcwklqQ6yKs9ZVSCyAct+Vng+UpWWQ0m0d7p8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=K+RAaUEZPM3Oj8CKnpLf/nq1jec9JbPs9dxE2pXN2WM=; b=hxNCTP2j3IJcRbvI8O9b0ggEhbrlMiPfZqEUbfUUK/o3YxVqOLeFyio1k6aLBhaTz4PoZdTu79d4f+KNBGi/ed/plHq9P+uuNym19olzRgeFjzWYc5tVN3fIrzL7xAJoio3ezytdkZoXL0fyF1ZXR95Y9R+Cra5u7ekRcTwd7hcPh4eRsJn7fjDPA8pIRSk6MAdPoUOJaua0WAqFsYhaSg4bt4OM7qVSklZjGR/Q7veaQH8cOR4dIqdhiC+3gBw07/41ytZWH5kJMw4je3MV9MnG+X7oSPrcn1JLNEj7TvNohKlgEbEeStwuizH4aEEgCJijNJWYgRiWx1k25pKd9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K+RAaUEZPM3Oj8CKnpLf/nq1jec9JbPs9dxE2pXN2WM=; b=ZcZNkB8fMRXho9YtW8OTdS0BBZDdPiTdZCTnd0ga7PzfAXkbnhvIhNsjaMxy3izxXvTs/Kun43O+54G/x47xWiD5OF34ROP1glfiVTBUv1yoh1VXvCa/3/jk5lH3RlAjOoCzA8MkfWbCk+OZugDUTLYPJ6hgDwqdnwoeLvuScaY= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4575.namprd12.prod.outlook.com (2603:10b6:806:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Mon, 20 Sep 2021 18:46:31 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4523.018; Mon, 20 Sep 2021 18:46:31 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth Subject: [PATCH v8 15/32] OvmfPkg/MemEncryptSevLib: add function to check the VMPL0 Date: Mon, 20 Sep 2021 13:45:47 -0500 Message-ID: <20210920184604.31590-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210920184604.31590-1-brijesh.singh@amd.com> References: <20210920184604.31590-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0201CA0034.namprd02.prod.outlook.com (2603:10b6:803:2e::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0201CA0034.namprd02.prod.outlook.com (2603:10b6:803:2e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Mon, 20 Sep 2021 18:46:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b8b18474-4792-4265-a93f-08d97c66f61f X-MS-TrafficTypeDiagnostic: SA0PR12MB4575: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5yiS9pqp6E4XPkTspsbdU93J/FOIuEFzg8oWLWiRuE0GbfYBOREVhuUb+vG1usiCSZtGSrNNFe2zBCuLaZd7PWY3058Zx+mijufNa/9f13OoVF+azQKVwQGo8sTdHAKZZyqCWtT0yzivSNmv9+dap152S4DCEsT11Lq91PH9x3IP2Tv6yZcESU2ARHwyeOE1OdhHO67EMo+WjMhFxZJsbjSWc8EHiXpKjLxbdsse1LYVxSm2A2ih1c5UyQKztimjfHlqowuVzBTU/iskrFbRyf2OI9LoKjgGQ4Ab3YkPXbB072iE/hlYlimIsGm48WLC3vAh8INkH8ywpITU5ZQtxPjAMJsNGxsGRsD5U0rGfdlWX6KHbcR0wgexa9DFk/BfVW3CELlvjOPyouFcwpIdnRt1xRYEsWo9DgPgnkPiqUryGkEPqIKNexAHC3y9WrA3/Nlnf8cgdEqNvAQ0uxRSzO6tUtFlml3lx4ezbg9NcOf4a1wK++ofXtg7WRvq+gbdveHDEPynr7zkp30FgEP2oqDOkJP0yZ7ZGLUbrYoYMdmJ2pcTLIchXIQyou1RNG2E0zwzGNtw9lH8SGjvw/NPUX2U2pVn0wchtoIYlMje5hbClyYQ8G56dwgk9cFETTLdAo455jrG21EPLKeKtsWDHvCBaeSlbTj0Mn9xYCRgdc1pJOtJW6bHSMBitLLhqM31jbHgYaBISCFVTM/dsP/BCgDjGhnq4YKa+2sIzHJSeLWmZe4jI+g/CWOd1i/zp3Xn5ZAdc6QLKaLzAAEiDQdTKOTAEojvD2CT8y3nWrCXExA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(38350700002)(44832011)(5660300002)(36756003)(83380400001)(38100700002)(8936002)(66946007)(508600001)(6916009)(7696005)(52116002)(1076003)(6666004)(956004)(8676002)(186003)(54906003)(2616005)(2906002)(6486002)(26005)(19627235002)(316002)(66556008)(66476007)(966005)(86362001)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?N7oMic/YHFsbYyFsYE5y1wy2xJjhu1VklAFDKDpUnAYYZPy7Uf82eQgALAwR?= =?us-ascii?Q?E0M0BCpdAP8YknT4fJL4jT9oEV85tWiuN0gsnEInVkZf431xIK7uc0NLn+qQ?= =?us-ascii?Q?NpUMtZd3RoBywNn4m5AMW26LwM4NsaTYNB7l1JJ4aNuFzgv75HnlJkTCvLSy?= =?us-ascii?Q?JDzfYjL7ywZjc5FuOABxJCRkMVUsDqlkW7IWOyQyP3lefHntDGRLOlIVwd2p?= =?us-ascii?Q?eIzDyt4Cdmi4s9wMjxgJfWRgFs35b0Y56x3k2ZsXUCrpS5XgplFjPwKDawF3?= =?us-ascii?Q?dgI722eNcxvnM5qLSMk4/Fgp/w/mrlIu2psoWKa8OE39HjaElT8byuSixC8s?= =?us-ascii?Q?Ivi6cCdLMwSinKFm9h0zK17isw+HEVxZUmVAKMR/L5VCRYAKMUNRrh1MKLNd?= =?us-ascii?Q?MSHp+n8S2Uqh8RqpDl8Rrj3wxLMSWRWfzwPWzjJz838L+fAFjBo/BmZLaReE?= =?us-ascii?Q?8w0Qfw19xQ3ty+kee5ycj48SisWGJJQacRydePg70brheA4zYXewxX5uXIeG?= =?us-ascii?Q?Ok8tw+m4dYMqZHc2uAdv/NwerIw9pgdZ4WrVL6fGXKlFb9imGxZbc4HOPTbg?= =?us-ascii?Q?0+0pUtHXFxpCwf1sJHlatdwlOpJ7aiLR54mZtSgdFtIhfB+9TRRrXChqt+uo?= =?us-ascii?Q?i9Bv9REhlpGFH8t4AjzYl3OptRbpX1WboKU8Or9EeVH/TylKe6Wt7K80HOkW?= =?us-ascii?Q?q8usPaFAN9pfHmxGcKQFxM5hZ9v7vzpD3uXx5mkvdx32USBiVzK/IsYyuq2M?= =?us-ascii?Q?a8HM+5GflQokAzCWuIYfASq0N/ncwHiTNEC5DzQlOF5h5XMCJf8JdtBnZOI9?= =?us-ascii?Q?5+CypZEPx8oDxFwFO7rTj2Bovvz1RoI3lVRct9+qEO3R+UK3QyN+N5CnV/fF?= =?us-ascii?Q?UaBBX7aK+JKUEKz9fddPwKDnLJbYSq2d3Z5E/hEhVn0ax5AaMsMX05MdSLkN?= =?us-ascii?Q?kxBsV26+2pgkz+hvkB2E2pQ6aPoENFFRfsie+1iu42bSA/ipJTdJksLuiPAD?= =?us-ascii?Q?5WgEiEHYByy8SOqFrNgxpRODyeguw/heAOEVPvQPvUdKRcMbhTrla5+F3dds?= =?us-ascii?Q?YYQICxW+zR+ks9kVoSFWYgedBt29QmI05/QyrgpP6Gini1VGF4sz0SXQ2I/k?= =?us-ascii?Q?KcFRIYQYY/N53I7FXlDa0dOFQ9Rc75prwmbtPPUm5M054zysvWt/EB416q9Y?= =?us-ascii?Q?lPWEjcVhk51ePCaOgXhoV/iOGcL1HR80BiMydEhrHHfDM1XlzOK23HOwLelU?= =?us-ascii?Q?XI9LXLZSo8H3kjWzwz6ywxz6oFg8j9IQapZGmXLH+5ZORIqgXiYaL1HpSfb0?= =?us-ascii?Q?4VgPpowt645XQ05IUTAJqNKC?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b8b18474-4792-4265-a93f-08d97c66f61f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Sep 2021 18:46:30.8793 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: j1V3ZwxCLE6wluEprAasAzQA/pp5HtUADkZRSKcvyBcg+Vf8JdI9bVGqCqGY5meZ4QmzbTUuQFevwRAymDjNQQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4575 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP architecture allows a guest VM to divide its address space into four levels. The level can be used to provide the hardware isolated abstraction layers with a VM. The VMPL0 is the highest privilege, and VMPL3 is the least privilege. Certain operations must be done by the VMPL0 software, such as: * Validate or invalidate memory range (PVALIDATE instruction) * Allocate VMSA page (RMPADJUST instruction when VMSA=3D1) The initial SEV-SNP support assumes that the guest is running on VMPL0. Let's add function in the MemEncryptSevLib that can be used for checking whether guest is booted under the VMPL0. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Signed-off-by: Brijesh Singh --- .../X64/SnpPageStateChange.h | 5 ++ .../X64/SecSnpSystemRamValidate.c | 46 +++++++++++++++++++ .../X64/SnpPageStateChangeInternal.c | 1 - 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h = b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h index 8bbdf06468b9..cc1318075523 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h @@ -28,4 +28,9 @@ InternalSetPageState ( IN BOOLEAN UseLargeEntry ); =20 +VOID +SnpPageStateFailureTerminate ( + VOID + ); + #endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c index 64aab7f45b6d..3394094a65e5 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -14,6 +14,43 @@ =20 #include "SnpPageStateChange.h" =20 +// +// The variable used for the VMPL check. +// +STATIC UINT8 gVmpl0Data[4096]; + +/** + The function checks whether SEV-SNP guest is booted under VMPL0. + + @retval TRUE The guest is booted under VMPL0 + @retval FALSE The guest is not booted under VMPL0 + **/ +STATIC +BOOLEAN +SevSnpIsVmpl0 ( + VOID + ) +{ + UINT64 Rdx; + EFI_STATUS Status; + + // + // There is no straightforward way to query the current VMPL level. + // The simplest method is to use the RMPADJUST instruction to change + // a page permission to a VMPL level-1, and if the guest kernel is + // launched at a level <=3D 1, then RMPADJUST instruction will return + // an error. + // + Rdx =3D 1; + + Status =3D AsmRmpAdjust ((UINT64) gVmpl0Data, 0, Rdx); + if (EFI_ERROR (Status)) { + return FALSE; + } + + return TRUE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -32,5 +69,14 @@ MemEncryptSevSnpPreValidateSystemRam ( return; } =20 + // + // The page state change uses the PVALIDATE instruction. The instruction + // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate + // the boot. + // + if (!SevSnpIsVmpl0 ()) { + SnpPageStateFailureTerminate (); + } + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); } diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern= al.c index 506df12d4e51..653151d4a422 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c @@ -40,7 +40,6 @@ MemoryStateToGhcbOp ( return Cmd; } =20 -STATIC VOID SnpPageStateFailureTerminate ( VOID --=20 2.25.1