From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.40])
 by mx.groups.io with SMTP id smtpd.web11.21935.1671637878107502255
 for <devel@edk2.groups.io>;
 Wed, 21 Dec 2022 07:51:18 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=ycl3l07A;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.40, mailfrom: michael.roth@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=nPqC5Jcx/l/mQhPGMUMEMVR2AUCMP6GKORe9laa4KQXcy8oV5qGFrxOeAyq5WO3kioZZHnPZmhsvvYtmuhvZ/35F3EdtvKePLo1bk6bKc5KdmYmtf3eb7VESlB67gKwLlVx9COxXv2uGgs5jW0rHi32ETwWGV9KWtZbYOCXHVi3/MHUTNIryVcEQy0rVAyM9ArAEe63PSiXExQzAFIsH36GBPcca4X585TlzBLiHAoVAzi7jDl7JwqhBTipt7qYLSFAcCwDygV97pGQYB8KsG2t4LCed7MpHL/tT1ruyEWMs5rmIF2tFOiEXFjiUEnCTIWQxbkoKRY4rlGH8LKgptw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=bEc3Kqw8myS8IyRI4WOYsyKOV5IpbdMn0kDDlykoQV4=;
 b=W6B03DnTkoagSw5JtUk0KKOcWiX8F9SsC+qp800YgwPfnluS2Kuuf5RiQtA/laP1RRBbwJLnfJlls8RucpCn6C8++vxFgMZyRo9m/M5q9yQXwU4nqrxjqQayxfv9GZxLfwRjkzU7W9txtDsvkzadzgQvBcuG05PDz3GylMsuH3rKrIgAuOGG0N6CAW/4HNQqUFXxu07tLh9FwUgpueboBmV0IESFewdIdb/s4oMFGrQzIFYkqm7S274sC8iE2i/MkctqyheZdXk4mrhG8qGcT9c+qw9BAy8VPLDyFDA2QwNMRhPrDEXIO1VWN5wPYV35xIVnm3PS1XCYtRoHEwrZsw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bEc3Kqw8myS8IyRI4WOYsyKOV5IpbdMn0kDDlykoQV4=;
 b=ycl3l07AmpxsWKRm3TTFR1iuFiQ9LLbcotfYqjlTmE+gg2KS2YBf1pV30abslCsIAi9FA7ocrKKeP3+mFCCkNh9OhQ9s//hIzBC40B2Eh085/H5tJ2l1kZJUqPdV4UrwxXR8Csh0LgtBhW8/G3NO/JsNMNzc87ROZgn0DhdkHRY=
Received: from DS7PR06CA0033.namprd06.prod.outlook.com (2603:10b6:8:54::15) by
 PH7PR12MB7331.namprd12.prod.outlook.com (2603:10b6:510:20e::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Wed, 21 Dec
 2022 15:51:15 +0000
Received: from DM6NAM11FT030.eop-nam11.prod.protection.outlook.com
 (2603:10b6:8:54:cafe::fb) by DS7PR06CA0033.outlook.office365.com
 (2603:10b6:8:54::15) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.21 via Frontend
 Transport; Wed, 21 Dec 2022 15:51:15 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
 DM6NAM11FT030.mail.protection.outlook.com (10.13.172.146) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.5944.10 via Frontend Transport; Wed, 21 Dec 2022 15:51:15 +0000
Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 21 Dec
 2022 09:51:14 -0600
From: "Roth, Michael" <Michael.Roth@amd.com>
To: <devel@edk2.groups.io>
CC: Tom Lendacky <thomas.lendacky@amd.com>, <ray.ni@intel.com>
Subject: [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP
Date: Wed, 21 Dec 2022 09:50:43 -0600
Message-ID: <20221221155047.180912-1-michael.roth@amd.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Return-Path: Michael.Roth@amd.com
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT030:EE_|PH7PR12MB7331:EE_
X-MS-Office365-Filtering-Correlation-Id: 71ea74ae-d4ac-4c46-1f86-08dae36b311e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	yULveFCml4fxuFvxQuZf+qd0jLB6W0I0rRFdBoTWi6iwCnaVFsYedYSAkTPtcht4wSVHDKg/zWNCTgFtrKdRuZM42owrixKbxgS42oE16kz3EULfdRDD1/PRHoeXnQx078fmMb8rX4gSQleZwJIO6WeQgCs/aHHjMVecLVMT8+2pXBDuS/0fUA28vC6l0VdL3bau/pc1uaLRP8vwAkc04LQnqakxlD1q57JYYbqcVsPith5V5ZO05CJHQFd2f7etTnYGfhrt+YZfNWwuJYIeFBxilflEGT7lcfxN1z88zncrY+WhPULlLy8zOkBcRsQq8wpJhNhMWoU0+X+6ynE4+tUQ7MVvgHW5f8xV4l7w5qKAzpG8476UKLksygLnZp3qJRQBHIYVMwur6xqRVBBHmJ+WYtJAi4Zj0oBGL/Lo9fddoqfjIGb7TCn9R1xHNdNUv+1iTVg03R8yL/7nAd9LDBDZlbMuHF+VdCXHvtYA0EByIJkxYPUUKH8GM+DngRYIFJaXUj/UwdC+Yniizs/k4H/sXq/dtfbSDvFrRrm9QjUJhmHAdTrT+9PYofuL7bC4tF5HJ0vYvnVtItr/p2uSGdd8cDuuwdvzjeIE3JQ+sd6Er7t5jHGb+phc9RwQNp/ADJ3BG8KsbTDZ9rScEnEfCL/rFgtzYvBn8nLjc7z+cuPr2gr+6VAxKfw3W3e8Vdr+0NI8r562z2tMqwk1P1m2jMo0/2Fdbszft3K+JEYw1pQ=
X-Forefront-Antispam-Report: 
	CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(396003)(346002)(376002)(39860400002)(451199015)(46966006)(40470700004)(36840700001)(336012)(83380400001)(478600001)(26005)(40460700003)(186003)(86362001)(40480700001)(36756003)(356005)(426003)(36860700001)(1076003)(16526019)(82310400005)(47076005)(82740400003)(2616005)(19627235002)(70206006)(5660300002)(6666004)(8676002)(70586007)(41300700001)(8936002)(4326008)(6916009)(44832011)(54906003)(81166007)(2906002)(316002)(36900700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 15:51:15.0628
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 71ea74ae-d4ac-4c46-1f86-08dae36b311e
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	DM6NAM11FT030.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7331
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

A full-featured SEV-SNP guest will not rely on the AP jump table, and
will instead use the AP Creation interface defined by the GHCB. However,
a guest is still allowed to use the AP jump table if desired.

However, unlike with SEV-ES guests, SEV-SNP guests should not
store/retrieve the jump table address via GHCB requests to the
hypervisor, they should instead store/retrieve it via the SEV-SNP
secrets page.

This series implements the store side of this for OVMF by introducing a
PCD that can be used to pass the SEV-SNP secrets page address to
UefiCpuPkg, where the jump table address is allocated. It also
introduces a struct that defines the SEV-SNP secrets page format
according to the GHCB v2.01 and SEV-SNP FW ABI specifications.

v4:
 - Move storing of jump table address after relevant comment rather
   than before it. (Tom)

v3:
 - Break up single patch into a set of patches containing the specific
   changes for each package. (Ray)

v2:
 - Update Secrets OS area to match latest GHCB 2.01 spec (Tom)
 - Move Secrets header file into ./Register/AMD subdirectory (Tom)
 - Fix CI EccCheck due to assignment in variable declaration

----------------------------------------------------------------
Michael Roth (4):
      MdePkg: Add header for SEV-SNP secrets page struct
      MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page
      OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase
      UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page

 MdePkg/Include/Register/Amd/SnpSecretsPage.h  | 56 +++++++++++++++++++++++=
++++++++++++++++++++++++++++++
 MdePkg/MdePkg.dec                             |  4 ++++
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |  3 +++
 OvmfPkg/CloudHv/CloudHvX64.dsc                |  3 +++
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  3 +++
 OvmfPkg/Microvm/MicrovmX64.dsc                |  3 +++
 OvmfPkg/OvmfPkgIa32.dsc                       |  3 +++
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  3 +++
 OvmfPkg/OvmfPkgX64.dsc                        |  3 +++
 OvmfPkg/PlatformPei/AmdSev.c                  |  5 +++++
 OvmfPkg/PlatformPei/PlatformPei.inf           |  1 +
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       | 10 ++++++++++
 13 files changed, 98 insertions(+)
 create mode 100644 MdePkg/Include/Register/Amd/SnpSecretsPage.h