From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web10.373.1637235092431646373
 for <devel@edk2.groups.io>;
 Thu, 18 Nov 2021 03:31:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=iIGrmEgu;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1AIAZk3G015564;
	Thu, 18 Nov 2021 11:31:30 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : mime-version : content-transfer-encoding; s=pp1;
 bh=CXuekCkx4PIEIONmm9TIgR6QJ0kAodmOWm+kRew6+08=;
 b=iIGrmEgu/ixgXjcgznNyVpmmWFMEUHZ7mWk9gicEvAsdU3Pt3ST5Ym/xqDCa/Tuf1Ncr
 KOeDlfUIR0NEuVtwIVVY/h5L0eJvqEfw2xDUiWRAhpHzYOCFxMBHSdMulo5AhrfrSrkm
 SXEde/VDFf5OnueTUJVFu2gd02EXpzSDBWWmybXAB4nI9ZDBCJwyi3TR0kde7+OmyMMK
 kNLcbA6CiH1xNjucx7oYA3tjMm2js+Iv5d176yavDiXlJPdrEkAKgj9lU8yZIeaiio2r
 0uHCTcjwqw0xNVJvF2b7/6ZoQWWEVQTzmdP1NuqQ+LDqxNjtam4En1Xv745Xg18azn7t Pw== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3cdmv01f56-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 18 Nov 2021 11:31:29 +0000
Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1AIBIAOU010260;
	Thu, 18 Nov 2021 11:31:29 GMT
Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3cdmv01f4p-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 18 Nov 2021 11:31:29 +0000
Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1])
	by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1AIBRk0u017380;
	Thu, 18 Nov 2021 11:31:28 GMT
Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29])
	by ppma02wdc.us.ibm.com with ESMTP id 3cd81dprrk-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 18 Nov 2021 11:31:28 +0000
Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110])
	by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1AIBVQFw52822486
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 18 Nov 2021 11:31:26 GMT
Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id C6C82AE060;
	Thu, 18 Nov 2021 11:31:26 +0000 (GMT)
Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 7DBE4AE05F;
	Thu, 18 Nov 2021 11:31:26 +0000 (GMT)
Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16])
	by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP;
	Thu, 18 Nov 2021 11:31:26 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Erdem Aktas <erdemaktas@google.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
Date: Thu, 18 Nov 2021 11:31:08 +0000
Message-Id: <20211118113108.641827-1-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: t05lIQDs42DamCG9z0LyCMvwX8zH-rGp
X-Proofpoint-ORIG-GUID: SqGhMXhRL99ROxyJ2Gmtlcbt_raF6h-I
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475
 definitions=2021-11-18_05,2021-11-17_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 spamscore=0 phishscore=0 mlxscore=0 adultscore=0 bulkscore=0
 mlxlogscore=999 clxscore=1015 impostorscore=0 malwarescore=0
 lowpriorityscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2110150000 definitions=main-2111180067
Content-Transfer-Encoding: quoted-printable

Mark the SEV launch secret MEMFD area as reserved, which will allow the
guest OS to use it during the lifetime of the OS, without creating
copies of the sensitive content.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
 OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPe=
i/SecretPei.c
index db94c26b54d1..6bf1a55dea64 100644
--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
@@ -19,7 +19,7 @@ InitializeSecretPei (
   BuildMemoryAllocationHob (=0D
     PcdGet32 (PcdSevLaunchSecretBase),=0D
     ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),=0D
-    EfiBootServicesData=0D
+    EfiReservedMemoryType=0D
     );=0D
 =0D
   return EFI_SUCCESS;=0D
--=20
2.25.1