From: "Dionna Glaze" <dionnaglaze@google.com>
To: devel@edk2.groups.io
Cc: Dionna Glaze <dionnaglaze@google.com>,
Ard Biescheuvel <ardb@kernel.org>,
"Min M. Xu" <min.m.xu@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
James Bottomley <jejb@linux.ibm.com>,
Tom Lendacky <Thomas.Lendacky@amd.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
Andrew Fish <afish@apple.com>,
"Michael D. Kinney" <michael.d.kinney@intel.com>
Subject: [PATCH v7 0/7] Add safe unaccepted memory behavior
Date: Wed, 5 Oct 2022 20:33:22 +0000 [thread overview]
Message-ID: <20221005203329.469866-1-dionnaglaze@google.com> (raw)
These seven patches build on the lazy-accept patch series
"Introduce Lazy-accept for Tdx guest"
by adding SEV-SNP support for the MemoryAccept protocol, and
importantly making eager memory acceptance the default behavior.
We implement a standardized event group from UEFI v2.9,
EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES, since it provides exactly
the right invocation point for eagerly accepting memory if eager
acceptance has not been disabled.
To make use of this event group, we add a new driver that is meant to
carry behavior that is needed for all confidential compute technologies,
not just specific platforms, CocoDxe. In CocoDxe we implement the
default safe behavior to accept all unaccepted memory and invalidate
the MemoryMap on ExitBootServices.
To allow the OS loader to prevent the eager acceptance, we add a new
protocol, up for standardization, AcceptAllUnacceptedMemoryProtocol.
This protocol has one interface, Disable(). The OS loader can inform the
UEFI that it supports the unaccepted memory type and accepts the
responsibility to accept it.
All images that support unaccepted memory must now locate and call this
new BZ3987_ACCEPT_ALL_UNACCEPTED_MEMORY_PROTOCOL and call the Disable
function.
Changes since v6:
- Added implementation of EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES.
- Changed callback protocol of v5 to instead use the standardized event
group for before_exit_boot_services.
Changes since v5:
- Generic callback protocol moved to MdeModulePkg
- Removed use of EFI_WARN_STALE_DATA and added comment that the callback
should only return EFI_SUCCESS or EFI_INVALID_PARAMETER.
- Removed errant log statement and fixed formatting.
Changes since v4:
- Commit message wording
- Replaced direct change to DxeMain with a more generic callback
protocol.
- Implemented the direct change as an instance of the callback protocol
from a new CocoDxe driver.
- Replaced "enable" protocol with a "disable" protocol, since the name
was confusing. The AcceptAllUnacceptedMemory protocol directly names
the behavior that is disabling.
Changes since v3:
- "DxeMain accepts all memory" patch split into 3 to make each patch
affect only one package at a time.
Changes since v2:
- Removed the redundant memory accept interface and added the accept
behavior to the DXE implementation of
MemEncryptSevSnpPreValidateSystemRam.
- Fixed missing #include in >=4GB patch.
Changes since v1:
- Added a patch to classify SEV-SNP memory above 4GB unaccepted.
- Fixed style problems in EfiMemoryAcceptProtocol implementation.
Cc: Ard Biescheuvel <ardb@kernel.org>
Cc: "Min M. Xu" <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Andrew Fish <afish@apple.com>
Cc: "Michael D. Kinney" <michael.d.kinney@intel.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Dionna Glaze (7):
OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
MdePkg: Add EFI_EVENT_BEFORE_EXIT_BOOT_SERVICES_GUID
MdeModulePkg: Notify BeforeExitBootServices in CoreExitBootServices
OvmfPkg: Introduce CocoDxe driver
MdePkg: Introduce the AcceptAllUnacceptedMemory protocol
OvmfPkg: Implement AcceptAllUnacceptedMemory in CocoDxe
OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted
MdeModulePkg/Core/Dxe/DxeMain.inf | 1 +
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 6 +
MdePkg/Include/Guid/EventGroup.h | 5 +
MdePkg/Include/Protocol/Bz3987AcceptAllUnacceptedMemory.h | 40 +++++
MdePkg/MdePkg.dec | 8 +-
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 55 ++++++-
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 +
OvmfPkg/CocoDxe/CocoDxe.c | 165 ++++++++++++++++++++
OvmfPkg/CocoDxe/CocoDxe.inf | 46 ++++++
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 ++-
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
OvmfPkg/PlatformPei/AmdSev.c | 5 +
19 files changed, 357 insertions(+), 9 deletions(-)
create mode 100644 MdePkg/Include/Protocol/Bz3987AcceptAllUnacceptedMemory.h
create mode 100644 OvmfPkg/CocoDxe/CocoDxe.c
create mode 100644 OvmfPkg/CocoDxe/CocoDxe.inf
--
2.38.0.rc1.362.ged0d419d3c-goog
next reply other threads:[~2022-10-05 20:33 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-05 20:33 Dionna Glaze [this message]
2022-10-05 20:33 ` [PATCH v7 1/7] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe Dionna Glaze
2022-10-05 20:43 ` Lendacky, Thomas
2022-10-05 20:33 ` [PATCH v7 2/7] MdePkg: Add EFI_EVENT_BEFORE_EXIT_BOOT_SERVICES_GUID Dionna Glaze
2022-10-06 12:45 ` Ard Biesheuvel
2022-10-10 1:33 ` 回复: [edk2-devel] " gaoliming
2022-10-05 20:33 ` [PATCH v7 3/7] MdeModulePkg: Notify BeforeExitBootServices in CoreExitBootServices Dionna Glaze
2022-10-05 20:50 ` Lendacky, Thomas
2022-10-05 20:58 ` Dionna Glaze
2022-10-10 1:32 ` 回复: [edk2-devel] " gaoliming
[not found] ` <171B47E3227F0BCA.23411@groups.io>
2022-10-05 21:01 ` Dionna Glaze
2022-10-06 12:46 ` Ard Biesheuvel
2022-10-05 20:33 ` [PATCH v7 4/7] OvmfPkg: Introduce CocoDxe driver Dionna Glaze
2022-10-05 20:33 ` [PATCH v7 5/7] MdePkg: Introduce the AcceptAllUnacceptedMemory protocol Dionna Glaze
2022-10-05 20:33 ` [PATCH v7 6/7] OvmfPkg: Implement AcceptAllUnacceptedMemory in CocoDxe Dionna Glaze
2022-10-05 20:33 ` [PATCH v7 7/7] OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted Dionna Glaze
2022-10-05 21:02 ` Lendacky, Thomas
2022-10-14 6:20 ` [edk2-devel] [PATCH v7 0/7] Add safe unaccepted memory behavior Ni, Ray
2022-10-14 21:29 ` Dionna Glaze
2022-10-19 8:57 ` Ard Biesheuvel
2022-10-20 22:37 ` Dionna Glaze
2022-10-21 13:17 ` Ard Biesheuvel
2022-10-21 15:42 ` Dionna Glaze
2022-10-24 8:34 ` aik
2022-10-24 15:24 ` Dionna Glaze
2022-10-26 0:23 ` aik
2022-10-26 1:07 ` Dionna Glaze
2022-10-26 1:35 ` Alexey Kardashevskiy
2022-10-26 2:49 ` Alexey Kardashevskiy
2022-10-27 3:18 ` Alexey Kardashevskiy
2022-10-27 15:38 ` Dionna Glaze
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221005203329.469866-1-dionnaglaze@google.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox