From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.83])
 by mx.groups.io with SMTP id smtpd.web10.22142.1671637961489917972
 for <devel@edk2.groups.io>;
 Wed, 21 Dec 2022 07:52:41 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=gs0sMRgx;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.83, mailfrom: michael.roth@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=nByVStqSH7SSzbm5WrJK4AH3XuK6aylaxnQtS/e2K2AKVP/N4UTnGd4ocv3D9U9ApSaEXRRuYTdyFs9lcN2ChJzuImcLM/wcPw5v7AReZ838Dd/Enrh/aTlO9rGK/mqMf3YZSHjYVYJlgIKOSyxk+lWO7w6xlGm1rOK7uHslZEVJCtQQDzQtxSdCS+a0jOmBQNxGItF95LA8LvckzFaJCdwrjMlnKznU/vYnB2lHlVwfCB/MoGOlxPYKo3jeHvfNe+pc6HkIPnzDC5LUuCf7anOZkorrZReekkap45xqU/hX66upCKrP1OP1fJM2/fkv57RkNMBEpLHT7LkGI0mybw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=8gz2v30kuj9XUaZ2Cr4ju9MkRsYagoUDRTmDO02i6IU=;
 b=N4dKB/ZyceVamjHcTuZELgHUnee9SZ2HRS5h1Nh++zfBSiJGwHMW+zM2EbN8cU9T9uOyEHTQalI6WwyPPqg7jQAmtAXQDBf/qXEgx4LHrSZXuAmop61HB7bNnJrWzk3xQ4FgcpdrHR3d0YrkU7vi5Rrg4uk7SzKfj5H0+zV1JRJHS231nK8UsDDk0U/bxEbtXzVOAAOCEgaSFWx4AVVogAT3VYwT5PUCdRbKdck+eJqTj+KxZFhj3pkJwpRBc1ZDz8MtwiCIUdOiufVbxBioHvrHTa82dyqhKEysGhHkuGlRozRxwo4drGvTLfO6iLauyl4DXb0ftOdmUYH45pd0RQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=8gz2v30kuj9XUaZ2Cr4ju9MkRsYagoUDRTmDO02i6IU=;
 b=gs0sMRgxf3yeDgOXaOlnSf9dbIvWj7+i7GSIoIe2yehMOcTW0nlovv0u6EnZE9KJhsuspwYnimMvykAXZkhhPYbPRnd0kCcjNbvG/Rt6rODtYoJe65DzFby+1gUDEoKappOsP/Vy477RDKkYXuFJIKSO+aJx8EJHbOF8PGMOTC4=
Received: from BN9P223CA0019.NAMP223.PROD.OUTLOOK.COM (2603:10b6:408:10b::24)
 by DM4PR12MB6158.namprd12.prod.outlook.com (2603:10b6:8:a9::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Wed, 21 Dec
 2022 15:52:39 +0000
Received: from BN8NAM11FT061.eop-nam11.prod.protection.outlook.com
 (2603:10b6:408:10b:cafe::e6) by BN9P223CA0019.outlook.office365.com
 (2603:10b6:408:10b::24) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.21 via Frontend
 Transport; Wed, 21 Dec 2022 15:52:39 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
 BN8NAM11FT061.mail.protection.outlook.com (10.13.177.144) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.5944.10 via Frontend Transport; Wed, 21 Dec 2022 15:52:39 +0000
Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 21 Dec
 2022 09:52:38 -0600
From: "Roth, Michael" <Michael.Roth@amd.com>
To: <devel@edk2.groups.io>
CC: Tom Lendacky <thomas.lendacky@amd.com>, <ray.ni@intel.com>
Subject: [PATCH v4 4/4] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page
Date: Wed, 21 Dec 2022 09:50:47 -0600
Message-ID: <20221221155047.180912-5-michael.roth@amd.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20221221155047.180912-1-michael.roth@amd.com>
References: <20221221155047.180912-1-michael.roth@amd.com>
MIME-Version: 1.0
Return-Path: Michael.Roth@amd.com
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM11FT061:EE_|DM4PR12MB6158:EE_
X-MS-Office365-Filtering-Correlation-Id: 52545b2e-7dbd-4e83-4348-08dae36b634e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	TwK3gAN51nOx4HvorcIveDX2Pk9sOWxooCYzx7+dLeOfzDgGrpfl8/iME1nmwo8OQTsoP7QJfOpHAM7J3wOSOJA4vEFln+VV/El0HJuxj0W5TZr2jSCKqV6YJE6zPjnW0JkmmXILX1K8OEK2iE4/EBstpnAuqtytFQSZT9qI3TADGaYiAmgsjboCmK5PnsOwq64Z6Wl7XvE8+D3PwKiHznmAp8yT+LOQ3ivGq2oS55Vbv5GAl3Dg/RV4XBm7ybkJ2owi+dUxYYJWXLZehOSHCNDcAY5KSj+OASn9uEh7fHfUgOHtML5c2DEUEcXQpE/i/eIDV4VFSttLnHawaiCqXCdQAYVABTX7r3z56ORLp5w8OcFOncZN+44Yp9T/dUVebDw3yS3rISg5PXi4Ib2wppfdRjPCG+D6S1VqAPuIbJ8QzpUP0tLrjj7/onNtcS6WVI7ELz2RdEAJD8Eqzr2ba8Fb/bgKD71BqrYyE/MOitOtvr03K4gr3ss8sd5uM1SRY55N+OV3wIQ6okDLmrPE86vbYBSP1XC7P9iaIdnLhhHbhB6iUU7PSGfOrLiKuEIRwzYhaLSSkap7IGtnB6YZPfiFmv1pfa3RMWUSlwelv4/Yr2U1XFi7mtsEkrXBM5jJj451SLzqY6pRI5xfZoYx1ZmoQz0CLlvriL6ZMWvP0vs4VvRPSRkORiZ9AFPdq481aOmInf51QyoPUPsdolKfbgYgCuE+sbJ5wMDufebdnPU=
X-Forefront-Antispam-Report: 
	CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(346002)(396003)(39860400002)(376002)(451199015)(46966006)(36840700001)(40470700004)(54906003)(6916009)(316002)(478600001)(36860700001)(40460700003)(82740400003)(81166007)(4326008)(8676002)(70586007)(82310400005)(356005)(36756003)(86362001)(70206006)(2616005)(1076003)(40480700001)(83380400001)(426003)(47076005)(8936002)(6666004)(41300700001)(336012)(5660300002)(2906002)(16526019)(44832011)(26005)(186003)(36900700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 15:52:39.2957
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 52545b2e-7dbd-4e83-4348-08dae36b634e
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN8NAM11FT061.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6158
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

A full-featured SEV-SNP guest will not rely on the AP jump table, and
will instead use the AP Creation interface defined by the GHCB. However,
a guest is still allowed to use the AP jump table if desired.

However, unlike with SEV-ES guests, SEV-SNP guests should not
store/retrieve the jump table address via GHCB requests to the
hypervisor, they should instead store/retrieve it via the SEV-SNP
secrets page. Implement the store side of this for OVMF.

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib=
rary/MpInitLib/DxeMpInitLib.inf
index 8c8b81d933..0c36538d59 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -85,3 +85,4 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                      ## =
CONSUMES=0D
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                           ## =
CONSUMES=0D
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr           ## =
CONSUMES=0D
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress                     ## =
CONSUMES=0D
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M=
pInitLib/DxeMpLib.c
index beab06a5b1..8edc612772 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -15,6 +15,7 @@
 #include <Library/CcExitLib.h>=0D
 #include <Register/Amd/Fam17Msr.h>=0D
 #include <Register/Amd/Ghcb.h>=0D
+#include <Register/Amd/SnpSecretsPage.h>=0D
 =0D
 #include <Protocol/Timer.h>=0D
 =0D
@@ -217,6 +218,15 @@ GetSevEsAPMemory (
 =0D
   DEBUG ((DEBUG_INFO, "Dxe: SevEsAPMemory =3D %lx\n", (UINTN)StartAddress)=
);=0D
 =0D
+  if (ConfidentialComputingGuestHas (CCAttrAmdSevSnp)) {=0D
+    SNP_SECRETS_PAGE  *Secrets;=0D
+=0D
+    Secrets                       =3D (SNP_SECRETS_PAGE *)(INTN)PcdGet64 (=
PcdSevSnpSecretsAddress);=0D
+    Secrets->OsArea.ApJumpTablePa =3D (UINT64)(UINTN)StartAddress;=0D
+=0D
+    return (UINTN)StartAddress;=0D
+  }=0D
+=0D
   //=0D
   // Save the SevEsAPMemory as the AP jump table.=0D
   //=0D
--=20
2.25.1