From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.164.1648493141682084767 for ; Mon, 28 Mar 2022 11:45:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VtK+Ctri; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 22SI85mu029694; Mon, 28 Mar 2022 18:45:39 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=AmG6/2LEpjAwWPcW55q7kxHkInZ5AXdrfoCJwo74vxQ=; b=VtK+Ctri1hm7Bdn7RpGlENZBIYp58mjjMhqyTca0MbQzmO9mJctGgW9w9isDQUN+Lug7 Hmtrk6bg1FzGkW6DEf+x/gTc7giBnPGjWB5Eam3sZoLkXp54h5nUt45McxjfMzzp5Tbd BRGYCl7Q9dTdKzleIgG8FE9oOJBJGqOXTEzDrZeQHdrJ67nuE/6+wEExg1m4XXpAph1U naoCzInizO03QUQaHPW1V+iLVqsMs1zZqNV9l8wvGA3pzJNSUaFhLBKuo56/218Rm1ty b9nk+7tyd0oGHkBJ0PThoZ7BXBpSSND0wlk8LCcTQTjctfYz36DZSwnMylXYY24tzAhR ZQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3f3hbr1aj6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 28 Mar 2022 18:45:39 +0000 Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 22SIZTkE010418; Mon, 28 Mar 2022 18:45:38 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com with ESMTP id 3f3hbr1ahr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 28 Mar 2022 18:45:38 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 22SIhStl020126; Mon, 28 Mar 2022 18:45:37 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma03wdc.us.ibm.com with ESMTP id 3f1tf9f761-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 28 Mar 2022 18:45:37 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 22SIjahe14615136 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 28 Mar 2022 18:45:36 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2CC3C6A051; Mon, 28 Mar 2022 18:45:36 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 495A26A04F; Mon, 28 Mar 2022 18:45:35 +0000 (GMT) Received: from amdmilan1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 28 Mar 2022 18:45:35 +0000 (GMT) From: "Dov Murik" To: devel@edk2.groups.io Cc: Dov Murik , Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Brijesh Singh , Erdem Aktas , James Bottomley , Min Xu , Tom Lendacky , Tobin Feldman-Fitzthum Subject: [PATCH 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP Date: Mon, 28 Mar 2022 18:45:28 +0000 Message-Id: <20220328184530.86797-1-dovmurik@linux.ibm.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: zX012ghAR9xipBkTUxOg72u6QkNStVVe X-Proofpoint-ORIG-GUID: cD7i11lY1Ez3VZdPsM8LGqKegBt5tBxB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-28_08,2022-03-28_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxlogscore=632 lowpriorityscore=0 priorityscore=1501 clxscore=1011 impostorscore=0 mlxscore=0 adultscore=0 spamscore=0 phishscore=0 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203280100 Content-Transfer-Encoding: 8bit AMD SEV and SEV-ES support measured direct boot with kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF during boot. To enable the same approach for AMD SEV-SNP we make sure the page in which QEMU inserts the hashes of kernel/initrd/cmdline is not already pre-validated, as SNP doesn't allow validating a page twice. The first patch rearranges the pages in AmdSevX64's MEMFD so they are in the same order both as in the main target (OvmfPkgX64), with the exception of the SEV Launch Secret page which isn't defined in OvmfPkgX64. The second patch modifies the SNP metadata structure such that on AmdSev target the SEV Launch Secret page is not included in the ranges that are pre-validated (zero pages) by the VMM; instead the VMM will insert content into this page, or mark it explicitly as a zero page if no hashes are added. A corresponding RFC patch to QEMU will be published soon. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Dov Murik (2): OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation OvmfPkg/AmdSev/AmdSevX64.fdf | 18 +++++++++--------- OvmfPkg/ResetVector/ResetVector.nasmb | 15 ++++++++++++++- 2 files changed, 23 insertions(+), 10 deletions(-) -- 2.20.1