From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.54]) by mx.groups.io with SMTP id smtpd.web09.2792.1634962482797952134 for ; Fri, 22 Oct 2021 21:14:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=FEQ0mjaI; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.54, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FD2p8+e1Om5o769XzMn7LPdr7ZngHKkYIXm+XhApOgjWV5Yuq9Mpe0vKIKkKOYUoh88FoSD5ORi9dVbCy8F7qNvRGvvylTAEIiq01YwxjhWWPeoCycnlOVWTmskg/xYbyVyq5l2+d//n0PUYTrIPx8Q0IIvEXAcMWyoSEZMlQeCOH1ptetGwm4cERlk/3kzrp+kYDA/bCaMVcTTM8X92XJwUvSuV8PWfoNAnRF00n3/9fkZMBv3rtK6sD68mR3YiPpmFWk3nw5kMDC5GeiBu0+b40NGx7EZPDaAPqvoK3tbl2FbYvRljR/eTeg6zvRLn2Bj2Gv7O6CzKfwoR+WnedQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KpZ7sq77kWIpB1FvdT0PZrmXQc0A5H3Zed7kNavMpag=; b=QKuXXNiM7L5TCDfWpPQH8kGAxSDDTY6C0JErhuwTzNr6H3aHGeidzGiZUQGkyJwpbN5Kew7e7ByX9KC0keYiq5PsbLSpU/pehQrBxyGUKT1brMJp/CcoRy6BbgmUFPIV4qWAzYCk8zbVmHOXSTuFXa6WwGtjoqRDvhBg4vk7XmG2fZxMuh4f+yxrECF99cqhwBgtrVpE+FLv0EM6Tl4JngDT3vrxfFlaHDYbs+XXjxu9Ey1ACN7Z8UXfUxrOVlfJ1C+APmn5nvsvousjbwYPRk0UE3ZiaymwX0xlzgCgMUsnj/Q2SqzBvXfbYwF9SYNBrhI7ZpAj4ALZMOjQvR6pzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KpZ7sq77kWIpB1FvdT0PZrmXQc0A5H3Zed7kNavMpag=; b=FEQ0mjaI9CNe44e9/5jMGUcYMbt3+knYu8XifENbWr9D9XNkjDX4Qa/Whq9exuBS1SMbgCjFsT4j2lN0RdPwMpZOnzpIJfHujhHTmhUm6jkZvmBbdcm+F++9femXe7BU28Vr9OVYRSXS1m4CAzDFRBtOb2dccgX/8W3n1/AG/y0= Received: from BN9PR03CA0647.namprd03.prod.outlook.com (2603:10b6:408:13b::22) by CY4PR12MB1415.namprd12.prod.outlook.com (2603:10b6:903:43::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.15; Sat, 23 Oct 2021 04:14:37 +0000 Received: from BN8NAM11FT037.eop-nam11.prod.protection.outlook.com (2603:10b6:408:13b:cafe::91) by BN9PR03CA0647.outlook.office365.com (2603:10b6:408:13b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18 via Frontend Transport; Sat, 23 Oct 2021 04:14:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT037.mail.protection.outlook.com (10.13.177.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4628.16 via Frontend Transport; Sat, 23 Oct 2021 04:14:37 +0000 Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 22 Oct 2021 23:14:34 -0500 From: "Brijesh Singh" To: CC: James Bottomley , Min Xu , "Jiewen Yao" , Tom Lendacky , "Jordan Justen" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , Brijesh Singh , Michael Roth , Ray Ni , Rahul Kumar , Eric Dong Subject: [PATCH v11 21/32] OvmfPkg/PlatformPei: set PcdConfidentialComputingAttr when SEV is active Date: Fri, 22 Oct 2021 23:13:38 -0500 Message-ID: <20211023041349.1263726-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211023041349.1263726-1-brijesh.singh@amd.com> References: <20211023041349.1263726-1-brijesh.singh@amd.com> MIME-Version: 1.0 Return-Path: brijesh.singh@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3611f744-2734-467b-ba25-08d995dba063 X-MS-TrafficTypeDiagnostic: CY4PR12MB1415: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MSX7aCjxnHlxHpgIIBbfbNLL1sn1x0eDcqGFPcYjThLmdtt1nnjOWSGTv9jqRqmvSQRjiV6bUIlJdGPoia2Igu5CxZ8YcAR9r3wg7HOpYX7E7nPt6BbrFL1cz7ok1GWyOgyXRR/y33sknSrPSSZ4DYZbCGcuhil5TwB8lWxGJ5X0zxY3wSNKrfQ50HLvzZwgzylyG8S02e3b+6ssNfapqmRbjT2k9P+OR3yPS8e6pdvRd56fxVPHpk6YV0P9WtaiFVrEuDzLMy9oSlRvdMXF6RnHaTa89oarz8li/HwtQEsY4CdmZB3G2Cc/ZwhgFk9UoyXpMf9BABIoEHu3nl/4MQtbMtznicE1wzotOiYl0Lc0vBeXkiToM5S+v2EZ9a1a329dJ1XvSGLSn7isi2Yj8BdyAIA+0BoE6sXlAkbkYj2rdkYfnnI3GIJEDSGfZHgvgxcCQiIFOSKxaR2KzzPpZsHmF/y+yKX4FS5x2FI4uVlff6GM2J0KRQSeNH1pTJ5VMQroDeAwYhF3y/a84eabEF4sRfrSVm8YGEnTbhWZuVIOIVLBnMVIqosVsrBF8hBGxi36I0PgeDSSogst4Fh1Kr9tY5U2yOdj3VFoda2q9UgOBplZCmW659bftr+46pF5L+f4YztC98Qa7iAWFMgCbUp8cfx12T09Tfl4g+35umD2wvFfuNAQTvtMUYxdTZm9Oo62PN1HazMOCqEkbZ3nH1gY/4dsYGKpJY0Ki7DYxihEVTsrJ/zsXFwy5gQAb/DWCRuEfOH9fYyZsQTZ2yZDTK2vUwg0JGqZ1Oj7aXfRreMmBP3UV9Y2xUUOlH+Of/s2 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(4636009)(36840700001)(46966006)(7696005)(19627235002)(86362001)(7416002)(316002)(47076005)(5660300002)(6916009)(356005)(26005)(966005)(186003)(16526019)(54906003)(8936002)(508600001)(36756003)(81166007)(83380400001)(2616005)(70586007)(70206006)(44832011)(4326008)(336012)(426003)(1076003)(8676002)(2906002)(36860700001)(82310400003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2021 04:14:37.0472 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3611f744-2734-467b-ba25-08d995dba063 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT037.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1415 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MpInitLib uses the ConfidentialComputingAttr PCD to determine whether AMD SEV is active so that it can use the VMGEXITs defined in the GHCB specification to create APs. Cc: Michael Roth Cc: Ray Ni Cc: Rahul Kumar Cc: Eric Dong Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Suggested-by: Jiewen Yao Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 15 +++++++++++++++ 6 files changed, 28 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 2997929faa05..8f5876341e26 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -575,6 +575,9 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 + # Set ConfidentialComputing defaults + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 + !if $(TPM_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} !endif diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 1dc069e42420..dbcfa5ab52ce 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -651,6 +651,9 @@ [PcdsDynamicDefault] gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 =20 + # Set ConfidentialComputing defaults + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 + [PcdsDynamicHii] !if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index a766457e6bc6..e4597e7f03da 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -659,6 +659,9 @@ [PcdsDynamicDefault] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} !endif =20 + # Set ConfidentialComputing defaults + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 + [PcdsDynamicDefault.X64] # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 97b7cb40ff88..08837bf8ec97 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -662,6 +662,9 @@ [PcdsDynamicDefault] gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 =20 + # Set ConfidentialComputing defaults + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 + [PcdsDynamicHii] !if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 67eb7aa7166b..bada5ea14439 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -106,6 +106,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e1504831bec0..c447753075b1 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -20,6 +20,7 @@ #include #include #include +#include =20 #include "Platform.h" =20 @@ -338,4 +339,18 @@ AmdSevInitialize ( // Check and perform SEV-ES initialization if required. // AmdSevEsInitialize (); + + // + // Set the Confidential computing attr PCD to communicate which SEV + // technology is active. + // + if (MemEncryptSevSnpIsEnabled ()) { + PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdS= evSnp); + } else if (MemEncryptSevEsIsEnabled ()) { + PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdS= evEs); + } else { + PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdS= ev); + } + ASSERT_RETURN_ERROR (PcdStatus); + } --=20 2.25.1