From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.41]) by mx.groups.io with SMTP id smtpd.web12.288.1653060563251388879 for ; Fri, 20 May 2022 08:29:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=sVD0o1ny; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.41, mailfrom: michael.roth@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k1vID3+lPPQHjaEFsL+Z8UcGkKsd9BL8EOG7qVBhDW6wZ7uv60QI++Ed7PLDwej5rSpEJ2r/2GXB/WRpCx4ORRzTzJxLuECMaVESSVN+PTiKaOLlZY2aJPSSEYMPoyewiJpVDm79sRcip0UvwPgu5dAD+fIUOJod0nHqOndquyTkEVLUhOFU30D5L31GW6vI6cOTjRLQmbE0f3OqL3L7ZVjEvNXDr9IZt/ICE4GICH5bqWXoO5ojx1AVpwIdVcDVkd4CyUHlgC5XAjMoLkwdT3rYIIRX8pKP2YEbUuiqHBjJaNtmiOpf846BTdGhGZACIjH/U19qxABJ7qJkcSvgOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yaUi0LuDwX01sbQw5cqEJCK45GSPvqlB/lGSnu02mY8=; b=LJL62rvPBUycjldxSqOg+XrDfKtUnKYT/cBjNezuUHS8+6EH4I8BgdVXoi6eDIzxZ2Xrilh+hXHkrMxcByh4VYbAJRD7GRmkICgaDKHeKTKMOkBwAB7FZAagK+dZyj9c/IreLDIchK1T6uV8ouXB53i4NSmjFwJpnegJXkwsMsJikyGApObB20GsaDC1JgqZ55YT75ZWvggm7CsO+S3u2a/YInHFT6rncA7IALcIGrmqP+Tu3Vf/5RmkvH89BOfxOYtI3ilsBRwY/VnqcfqsNmRSsusrzHm2P39PpAkqohqzmIx+K1g9NaPw7eQjTVKD/TvhzgHVAJcWhsI6549BcA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yaUi0LuDwX01sbQw5cqEJCK45GSPvqlB/lGSnu02mY8=; b=sVD0o1nyYsQ4FiUjcitUI3XUNt4DTMjFafDxToXvcu4yIaJkZJHAQKWAQere++yh2nUNNpcU0eIgH8VcXLZ5+0AyFAAjncNrzG1ZwByHnG4E7h/0kwP4vgH0P0ZBuQAStIHjmGID32aQON8RspJQIxMIDchA7Y2uHv9VT2sBf5E= Received: from DM6PR13CA0065.namprd13.prod.outlook.com (2603:10b6:5:134::42) by DM4PR12MB5102.namprd12.prod.outlook.com (2603:10b6:5:391::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.15; Fri, 20 May 2022 15:29:21 +0000 Received: from DM6NAM11FT034.eop-nam11.prod.protection.outlook.com (2603:10b6:5:134:cafe::e4) by DM6PR13CA0065.outlook.office365.com (2603:10b6:5:134::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.7 via Frontend Transport; Fri, 20 May 2022 15:29:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT034.mail.protection.outlook.com (10.13.173.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5273.14 via Frontend Transport; Fri, 20 May 2022 15:29:21 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 20 May 2022 10:29:20 -0500 From: Michael Roth To: CC: Tom Lendacky , "Ni, Ray" Subject: [PATCH v3 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase Date: Fri, 20 May 2022 10:27:29 -0500 Message-ID: <20220520152730.7924-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220520152730.7924-1-michael.roth@amd.com> References: <20220520152730.7924-1-michael.roth@amd.com> MIME-Version: 1.0 Return-Path: Michael.Roth@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4719671b-f240-421f-7cf7-08da3a75835b X-MS-TrafficTypeDiagnostic: DM4PR12MB5102:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pZdnTJJnqLUD6hOGD8odtsa0bXJMMCUId/1qXzwCux2SQa+ifPmu5xluKXC93Vay0DorFORvvldoxICLbdJoq9aXRoDIpejujY1LeMRkEI1/ozAWmv033jrL2eYVKFRMKWwhtmxcITTVq8BZ0aYbFSayWQUkESOhnr60nTCORBcTAPgxnRZwrIW1/O8/Vs331u2X8m+DTihQ0L1tPYGXMT3fTezBE79lvYgTqsJKGtTr0oCRya+ZCjrL9aAToHZb8wygGCjfOjBIvqUaUoP51JGsu6BnLSookP296Cb9GQYsPcJziU1hWi3VmKyKzijlmqkBqgt2C4hoGKG4js7oo/0Vs/PaUEyqBvyxp/XpNs0/Cbyi7CERz8e/dC70dSdgaFIHWc88ROu+Pz5kacFO87sA96FQvjDoeDdWekbzy3DTki6YxtYmJwtnEBGJk6qO9vT17f+v6177DELAlvbjMP7R2sKpqUt707Dz454C5gJVFsXh34L+cl27iHtffd4G02Q6Wr3YB7gcTvP3FG6LoI1HzaqvLerhvHW7AXUJgdwV3Ee7i0AVyw1AAyvh/PymjgVEiXL1k6Kc3oIjZb6hakseVPIS/HkZOI3GoKHLn0PzCXWC2dAv7Tk4pYXXQ/buJdWITnZEs0rJHFdfchklnTmIo01utiiKznpGcrUQcCZZzl72BpnPW490bq+2FYerGFwpxOX62KRQzI9XfhOkyWJbk3lB0NAjHaxVq349d8+AFMlvWsWO7NskpDJICfKj X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(36860700001)(54906003)(44832011)(2906002)(6916009)(40460700003)(8936002)(70586007)(70206006)(8676002)(356005)(4326008)(81166007)(5660300002)(19627235002)(186003)(16526019)(83380400001)(508600001)(86362001)(1076003)(82310400005)(47076005)(336012)(426003)(26005)(316002)(2616005)(36756003)(213903007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2022 15:29:21.4648 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4719671b-f240-421f-7cf7-08da3a75835b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT034.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5102 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain This needs to be set so that UefiCpuPkg can locate the SEV-SNP secrets page later to set the AP Jump Table address. Signed-off-by: Michael Roth --- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 +++ OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++ OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/PlatformPei/AmdSev.c | 5 +++++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + 9 files changed, 27 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index bead9722ea..c0a3548f22 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -576,6 +576,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !include OvmfPkg/OvmfTpmPcds.dsc.inc=0D =0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000=0D diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 92664f319b..ba4c14dd02 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -631,6 +631,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D [PcdsDynamicHii]=0D !include OvmfPkg/OvmfTpmPcdsHii.dsc.inc=0D =0D diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 00bc1255bc..c069bd9d1e 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -513,6 +513,9 @@ =0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D ##########################################################################= ######=0D #=0D # Components Section - list of all EDK II Modules needed by this Platform.= =0D diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index f8fc977cb2..774e5e2ca9 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -614,6 +614,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D ##########################################################################= ######=0D #=0D # Components Section - list of all EDK II Modules needed by this Platform.= =0D diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index c16a840fff..a531fcd070 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -650,6 +650,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !if $(CSM_ENABLE) =3D=3D FALSE=0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000=0D !endif=0D diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index d3a80cb568..cd579246f8 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -658,6 +658,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !if $(CSM_ENABLE) =3D=3D FALSE=0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000=0D !endif=0D diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 7b3d48aac4..a026706279 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -683,6 +683,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !if $(CSM_ENABLE) =3D=3D FALSE=0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000=0D !endif=0D diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 385562b44c..70352ca43b 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -408,6 +408,11 @@ AmdSevInitialize ( //=0D if (MemEncryptSevSnpIsEnabled ()) {=0D PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdS= evSnp);=0D + ASSERT_RETURN_ERROR (PcdStatus);=0D + PcdStatus =3D PcdSet64S (=0D + PcdSevSnpSecretsAddress,=0D + (UINT64)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase)=0D + );=0D } else if (MemEncryptSevEsIsEnabled ()) {=0D PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdS= evEs);=0D } else {=0D diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 00372fa0eb..c688e4ee24 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -114,6 +114,7 @@ gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr=0D gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures=0D gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress=0D =0D [FixedPcd]=0D gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase=0D --=20 2.25.1