From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.54]) by mx.groups.io with SMTP id smtpd.web08.94203.1638375879331021924 for ; Wed, 01 Dec 2021 08:24:39 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=JbbWys8i; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.54, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kMW1v/p8+INE+pbY3k482ti5AazQZErTrT7Q6ziizuoA2zq1QUqzoisTkq3FoEv9L0xMpUkf8ecMzHLF4RNd5f+x/meE2BdpK6Sf6LjYacJaSRMGyy5L44e9nTWmgRGK4dzui2mtqR7a5Pazm1ErNx8xbfovylpwKsfNcoCwrW+dsoUol1qHpKt3rBUUFFcdtJaVumTVAUxao/GX538R/n+sOVM55oa8S3xdJb9DpQE5j5Zf9UZEA5ItuE6XiPHrSg1mOFMdBAbnpnjy0YOR2FG35NuRfFz7nmx3rgiJNOrO4AjFwZHwJER+B0t7aQ6LfhRGgR+i89mp40qw56cXfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W429VgIIvu9+RlxrnDQuSVzGvVrTwQYkBRZ+I0nhLJw=; b=Mz3qcpeAS0h5hWhePBlXcLFwnT8AIDCXe5tqx/zc34MPRoV1BnNaH9YGCGr+brP/uZBOPx4hk3+8eezOugS9v3lGlFC5mAHMGctdhjde2iqkrlPslmJpl6rtFZciABmaZppQVVUwZqFf1tQNa3ZD77C70GqeHA4KW/55H/mMO1j1a6vzrB43gzNyWYugasVHAmOYjzUYAymDVGV9oE7/bmhMaWgR9x5DW8KnNV9NvX2/zz7pGdJeX4TwwgfHQEHPCtr0rzv9oXc7C7eXQZ/6U6ARSsyppBe4dt2HgHn/Win9aIX7Q0FipSc+arzaiNsJmISpNKkMPDEq5fcL+wwITw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W429VgIIvu9+RlxrnDQuSVzGvVrTwQYkBRZ+I0nhLJw=; b=JbbWys8iob03Yp31ECOgO3OsoeOQrG6fyN4zvP5wTFBpKoyzJWbnE0mLNlmNYgjavcxF+GxBoSqG2YEaCtqtpDnGMRB4NBFNkt+p3WqkOf1MIatc+kqmH+t1DbWWy1sU/FEPJ/2wtEzFDBYAqzgV+tGND6SZOyWh9+Gaope857Y= Received: from CO2PR07CA0064.namprd07.prod.outlook.com (2603:10b6:100::32) by BY5PR12MB3793.namprd12.prod.outlook.com (2603:10b6:a03:1ad::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.14; Wed, 1 Dec 2021 16:24:37 +0000 Received: from CO1NAM11FT052.eop-nam11.prod.protection.outlook.com (2603:10b6:100:0:cafe::5f) by CO2PR07CA0064.outlook.office365.com (2603:10b6:100::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.23 via Frontend Transport; Wed, 1 Dec 2021 16:24:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1NAM11FT052.mail.protection.outlook.com (10.13.174.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4755.13 via Frontend Transport; Wed, 1 Dec 2021 16:24:37 +0000 Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.17; Wed, 1 Dec 2021 10:24:32 -0600 From: "Brijesh Singh" To: CC: James Bottomley , Min Xu , "Jiewen Yao" , Tom Lendacky , "Jordan Justen" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , Brijesh Singh , Qi Zhou Subject: [PATCH 1/1] OvmfPkg/MemEncryptSevLib: Check the guest type before EsWorkarea access Date: Wed, 1 Dec 2021 10:24:07 -0600 Message-ID: <20211201162407.3323063-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Return-Path: brijesh.singh@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 048ff058-95b3-447c-41ab-08d9b4e7116f X-MS-TrafficTypeDiagnostic: BY5PR12MB3793: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1265; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IK7dMb7Ef8p5YWCIhBvXKQoEY9ERnwSpj9u8iqEZ9UOyNV3nzlqw33PGhw3iXLHCVfWUIkppv2Cc2aD3MkyPOUMzROyGGSqi7qhw+9GXyykf0abRzJzC8GHzm+9fNKE8AhJ+01A3Op1irNsrOzTKqivXUNurKoZooxhG0OfAfaMLtTf3YsuKAe1ECxAsHvmzSXhcFW/5/9a6P4SjN9h5zTF1vRLNXvY1QlT4xo9uhjZ5lzeP9Pbs13wOtsQbrU9dTNmq5DDwFP72kDqn7O610bK9mZpAzPBUwdiM1XYXhbBZR/Q27f5NiHspwtYJgyLdqXMdomZFBLnIwfKV4DEUcB0+bDU4/QDZjgmBv9WDAEc4V1rgdD0eOtURnG6TLDYYv+VhPmedTogv9pbg3of+YDdX3jhqie+05I47dOtpSu2f7XUjujYxNI8RSctX3BWswgwbTd7m684zvk/RXsFXOOBgUsNggtuaUXDmr3G4jxqlIFkDFHHeEpMR5Xu+bA7se0Fo8lkp6sSRcpw6/ehoDjtIAXpgfuataQlXDxP23Lv6MkMPl+c+Izj/HpNwIM8BGD8ifJcU9o+m/kfZzvVpvuwvFrja3HTCNJVguvug/IfTpS7kiKpO7mpdyiwPF1OwIGN2EOYtk3fg9CIX6veEVpm9yL91sJUdjHcAVR6xyiZobhwJ6GPN5ywOQXxCUTEWg92+PGZCjiehkcDyyTa7UjR5MOo2LFv4bJGlrk9znN1428Y36GUnYHIrcHYqn02OIwjDIKUE/x8L8RaSAU2ifQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(6029001)(4636009)(36840700001)(40470700001)(336012)(426003)(86362001)(1076003)(54906003)(2616005)(7696005)(6666004)(6916009)(44832011)(26005)(316002)(16526019)(32650700002)(186003)(70586007)(2906002)(8936002)(70206006)(8676002)(45080400002)(36756003)(508600001)(81166007)(40460700001)(83380400001)(5660300002)(4326008)(82310400004)(36860700001)(356005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Dec 2021 16:24:37.1042 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 048ff058-95b3-447c-41ab-08d9b4e7116f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT052.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB3793 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain The commit 80e67af9afca added support for a generic workarea concept. The workarea header contains the information of the guest type. The header is populated by ResetVector code during the guest detection. Currently, the InternalMemEncryptSevStatus() reads the EsWorkArea to determine the C-bit position. The EsWorkArea PCD is valid only for the SEV guest type. Add a check of the guest type before accessing the EsWorkArea PCD. Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area") Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: Qi Zhou Signed-off-by: Brijesh Singh --- .../DxeMemEncryptSevLib.inf | 2 + .../PeiMemEncryptSevLib.inf | 2 + .../SecMemEncryptSevLib.inf | 2 + .../PeiMemEncryptSevLibInternal.c | 50 +++++++++++++++- .../SecMemEncryptSevLibInternal.c | 58 ++++++++++++++++++- 5 files changed, 110 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index f2e162d68076..03b66b986f1f 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -54,4 +54,6 @@ [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire =20 [Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 03a78c32df28..16dd4d9d8b77 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -54,4 +54,6 @@ [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire =20 [FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf index 279c38bfbc2c..a933cb33a9cb 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf @@ -48,4 +48,6 @@ [LibraryClasses] PcdLib =20 [FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d120f..db4249ec0d7d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -24,6 +24,52 @@ STATIC BOOLEAN mSevStatusChecked =3D FALSE; STATIC UINT64 mSevEncryptionMask =3D 0; STATIC BOOLEAN mSevEncryptionMaskSaved =3D FALSE; =20 +/** + Determine if the SEV is active. + + During the early booting, GuestType is set in the work area. Verify that = it + is an SEV guest. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + + **/ +STATIC +BOOLEAN +IsSevGuest ( + VOID + ) +{ + OVMF_WORK_AREA *WorkArea; + + // + // Ensure that the size of the Confidential Computing work area header + // is same as what is provided through a fixed PCD. + // + ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeade= r) =3D=3D + sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER)); + + WorkArea =3D (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase); + + return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D GUEST= _TYPE_AMD_SEV)); +} + +STATIC +SEC_SEV_ES_WORK_AREA * +GetSevEsWorkArea ( + VOID + ) +{ + // + // Before accessing the Es workarea lets verify that its SEV guest + // + if (!IsSevGuest()) { + return NULL; + } + + return (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); +} + /** Reads and sets the status of SEV features. =20 @@ -43,7 +89,7 @@ InternalMemEncryptSevStatus ( =20 ReadSevMsr =3D FALSE; =20 - SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); + SevEsWorkArea =3D GetSevEsWorkArea (); if (SevEsWorkArea !=3D NULL && SevEsWorkArea->EncryptionMask !=3D 0) { // // The MSR has been read before, so it is safe to read it again and av= oid @@ -139,7 +185,7 @@ MemEncryptSevGetEncryptionMask ( if (!mSevEncryptionMaskSaved) { SEC_SEV_ES_WORK_AREA *SevEsWorkArea; =20 - SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWork= AreaBase); + SevEsWorkArea =3D GetSevEsWorkArea (); if (SevEsWorkArea !=3D NULL) { mSevEncryptionMask =3D SevEsWorkArea->EncryptionMask; } else { diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f3183f..d7aff1fa40ba 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -17,6 +17,52 @@ #include #include =20 +/** + Determine if the SEV is active. + + During the early booting, GuestType is set in the work area. Verify that = it + is an SEV guest. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + + **/ +STATIC +BOOLEAN +IsSevGuest ( + VOID + ) +{ + OVMF_WORK_AREA *WorkArea; + + // + // Ensure that the size of the Confidential Computing work area header + // is same as what is provided through a fixed PCD. + // + ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeade= r) =3D=3D + sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER)); + + WorkArea =3D (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase); + + return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D GUEST= _TYPE_AMD_SEV)); +} + +STATIC +SEC_SEV_ES_WORK_AREA * +GetSevEsWorkArea ( + VOID + ) +{ + // + // Before accessing the Es workarea lets verify that its SEV guest + // + if (!IsSevGuest()) { + return NULL; + } + + return (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); +} + /** Reads and sets the status of SEV features. =20 @@ -35,7 +81,8 @@ InternalMemEncryptSevStatus ( =20 ReadSevMsr =3D FALSE; =20 - SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); + + SevEsWorkArea =3D GetSevEsWorkArea (); if (SevEsWorkArea !=3D NULL && SevEsWorkArea->EncryptionMask !=3D 0) { // // The MSR has been read before, so it is safe to read it again and av= oid @@ -115,7 +162,14 @@ MemEncryptSevGetEncryptionMask ( SEC_SEV_ES_WORK_AREA *SevEsWorkArea; UINT64 EncryptionMask; =20 - SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); + // + // Before accessing the Es workarea lets verify that its SEV guest + // + if (!IsSevGuest()) { + return 0; + } + + SevEsWorkArea =3D GetSevEsWorkArea (); if (SevEsWorkArea !=3D NULL) { EncryptionMask =3D SevEsWorkArea->EncryptionMask; } else { --=20 2.25.1