From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.41]) by mx.groups.io with SMTP id smtpd.web11.21983.1671637947065673544 for ; Wed, 21 Dec 2022 07:52:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=WM4cPtbp; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.41, mailfrom: michael.roth@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YEfP3IHVfX+R1klrjdNVReznJyfUGIybPegYfbC2ZKTwRnk/fnGIC2Pbtz5JEFvjblIL2Wh62nTWC+gyEkoHA3mPyh9XQ+L35XoB0x5PCxajP/J6xy3kKp1PVfE5lZxxHIVYguNL4gPFNv4XOxtMTGIBG+yL4+ZdblL/JwZpN3qU5vJgo/f/uOKGVYHFcuu2H9r+JaDjGAUIe5DsIROi+Y2kqx6yOSCaIwtqJU5XHnPvGxGTKNAbAX/ro2XHoP4vV/qu+N5j5uDVP2X59SgyhCSJMyOjihqXTUwFkUKOBuStEseoA7bnDLBChOA/FPgCrzO5JPrI7B+npjl2QlGppA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P6zS5hj8JPZJdZZ9ySQA8PTP9H5ndBOPtYHzd3X0dFc=; b=KmcWA8a6w3ZGzqb0F9pB7SI4x0Pos+Vc3gvW+xSRLgtfBuTpTDYIU/PnYBIKwzavtNeSavaIN5wlAG8wziKybEksc5j/uBGmKT4ciHYz/d+FYicd70frIHM53mWKmnNgMbwsYx9L8TL/qqIG/pZqAHQ+OxF6JgNRfUiRklRf4kiN5aZEEBcnLBahLz62a2PSZ2XV2SeMQOUAOcHO8PcctwWQYJk4WtHtEy7fuTqie6SxicWLi8EuCwI9vlAiEBY4dgxsswxDrniEKJQy0bvUYHmdKMXLwSVmJRvT2UmaVk8CdcS5nzMkYprhsqG/5tF7O1T+DpRE+miCl8nQi91spA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P6zS5hj8JPZJdZZ9ySQA8PTP9H5ndBOPtYHzd3X0dFc=; b=WM4cPtbpDwJ1WQAwZYUdZkvi9oJkZvF979cCvCIg5rBGt24TyWPUmkxJk5z3wAAV5YqYGbLcj69lGbtkicHsjkTrACdtOi3/jYPbNEDNr+Ds983bSbkkRv2XuSz+GgwHscAzjsgnnXicKKkxmRU+sJfjCOOEFbGCJGwD9uim2/A= Received: from DS7PR05CA0017.namprd05.prod.outlook.com (2603:10b6:5:3b9::22) by DS0PR12MB8528.namprd12.prod.outlook.com (2603:10b6:8:160::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Wed, 21 Dec 2022 15:52:18 +0000 Received: from DM6NAM11FT027.eop-nam11.prod.protection.outlook.com (2603:10b6:5:3b9:cafe::e4) by DS7PR05CA0017.outlook.office365.com (2603:10b6:5:3b9::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.5 via Frontend Transport; Wed, 21 Dec 2022 15:52:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT027.mail.protection.outlook.com (10.13.172.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5944.10 via Frontend Transport; Wed, 21 Dec 2022 15:52:18 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 21 Dec 2022 09:52:17 -0600 From: "Roth, Michael" To: CC: Tom Lendacky , Subject: [PATCH v4 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase Date: Wed, 21 Dec 2022 09:50:46 -0600 Message-ID: <20221221155047.180912-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221221155047.180912-1-michael.roth@amd.com> References: <20221221155047.180912-1-michael.roth@amd.com> MIME-Version: 1.0 Return-Path: Michael.Roth@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT027:EE_|DS0PR12MB8528:EE_ X-MS-Office365-Filtering-Correlation-Id: c81ff0b6-9714-47b2-4153-08dae36b56cd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: v/4he0yxMxt/Kz0b36A7zT+/Dw1HfFW1bQNjB7KlzPEuD8Pl+pXZ52TknrORWruotX0u33Zkldv6VZGgPyButC3iiwDakuqDS0KcLDTbgmnyk44MAgsgZnYFJ0gLKdIQyqlX29GOv1U/80rqJZgm1D/TuPD+08YRhuP43LMmiZzahh7se4+Kr7nS10OnhULKSG0UZeYehTuGOlMz4RbSJenGpyWU9vZEY0J+hHCm/gnKBF8LZZ0zLiWeC7pGrc7MXIdF7rRQNquwd8XIXBU9LpCRClPVkFko1oUOIRGYMS+KJ5jjyX3LuDX0ddq1dkxPpVP/TfII5CQPM9Q2ibjJKZQV8CA4wWRvWXpz3JA+IgNHkLSj1i+reYAUIlxuS1RT9POS1Ubkug+vqslVGM9TRsORMkHvl7A7f1p6IhrJHZutN34044RW8V7OjHs7IHfmbyOC8Ozd6VHn2SMCGKne17JIHgrSt63qZ62Ghpzz9HkfsT914Lg3G8qOgpC1eyOwZjH8laWp+0SqjO6Z+XgCw78D2zaSuJfkBQa+T+G8CGywrj9BBo28aP+YTGpwAcRtOoqW8crAhUdLtB+N76XF/pL00xG6xtBkm8tiSK8dCaaRkFsXWLiqMQNSyof9gB1ydaAWVSjCVS4LLgD4fCwrgQ5tivYdEamKq87fxvO0DeufHw+rWNRtsY7dh1aQYXn/+jdWN7DK1gOfxpU/VYAX6XlkwKAkp+mjNosSvoGo1fu4VJ8KMZPba9Lc5gsCb9aH8HJfC2SZGceqbSKvmE8ELQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(396003)(39860400002)(346002)(376002)(451199015)(46966006)(40470700004)(36840700001)(4326008)(8676002)(54906003)(6916009)(316002)(70586007)(70206006)(41300700001)(8936002)(19627235002)(478600001)(5660300002)(426003)(44832011)(6666004)(47076005)(2906002)(26005)(16526019)(186003)(2616005)(1076003)(336012)(36756003)(40480700001)(36860700001)(83380400001)(356005)(86362001)(82310400005)(40460700003)(82740400003)(81166007)(213903007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 15:52:18.2863 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c81ff0b6-9714-47b2-4153-08dae36b56cd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT027.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8528 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain This needs to be set so that UefiCpuPkg can locate the SEV-SNP secrets page later to set the AP Jump Table address. Reviewed-by: Tom Lendacky Signed-off-by: Michael Roth --- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 +++ OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++ OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/PlatformPei/AmdSev.c | 5 +++++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + 9 files changed, 27 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index bb91e8c734..6c3b78d424 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -528,6 +528,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc=0D =0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000=0D diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 4d7107fd19..2cc73981b2 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -640,6 +640,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D [PcdsDynamicHii]=0D !include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc=0D =0D diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index ea538fd783..b264eb9fc3 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -527,6 +527,9 @@ =0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D ##########################################################################= ######=0D #=0D # Components Section - list of all EDK II Modules needed by this Platform.= =0D diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 285ba50671..b2eaa11a85 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -644,6 +644,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D ##########################################################################= ######=0D #=0D # Components Section - list of all EDK II Modules needed by this Platform.= =0D diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index dcf46d207d..2e04a3f8b1 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -666,6 +666,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !if $(CSM_ENABLE) =3D=3D FALSE=0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000=0D !endif=0D diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index d0746cb72b..4ebf2aff34 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -675,6 +675,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !if $(CSM_ENABLE) =3D=3D FALSE=0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000=0D !endif=0D diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 2caa4d2ecc..6f8f368977 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -703,6 +703,9 @@ # Set ConfidentialComputing defaults=0D gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0=0D =0D + # Set SEV-SNP Secrets page address default=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0=0D +=0D !if $(CSM_ENABLE) =3D=3D FALSE=0D gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000=0D !endif=0D diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e4e7b72e67..fa88c9ebd8 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -422,6 +422,11 @@ AmdSevInitialize ( //=0D if (MemEncryptSevSnpIsEnabled ()) {=0D PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdS= evSnp);=0D + ASSERT_RETURN_ERROR (PcdStatus);=0D + PcdStatus =3D PcdSet64S (=0D + PcdSevSnpSecretsAddress,=0D + (UINT64)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase)=0D + );=0D } else if (MemEncryptSevEsIsEnabled ()) {=0D PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdS= evEs);=0D } else {=0D diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 1fadadeb55..851af81248 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -115,6 +115,7 @@ gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr=0D gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures=0D gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask=0D + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress=0D =0D [FixedPcd]=0D gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase=0D --=20 2.25.1