From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.41]) by mx.groups.io with SMTP id smtpd.web10.25303.1671644513510435560 for ; Wed, 21 Dec 2022 09:41:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=QK6GU4B5; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.41, mailfrom: michael.roth@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cAw8jZA8VW1rsGta///QtO0ejubXIA/zDCmswFwa1BDFw2qZ/xUf8GAceU60mgnWLNQnB9whbft9gYD4YeBpUNj9iTPAhEhMeqgeNcLV+bfWi0zAwSQeemznr4YLfwvtpWmuzidscRFK3GZLHLOj/NmomNb8WFY1ZiQk/GuAQKGwW91ZiQC65tUUUw4tICc/v18lRXM0yqStbIRX76cgWiX+1nMLebm8m7iE5AstDf7ox7558rCu/zy72be9iZWezyjLf1AbvGGGzUa7vawPwSkd/zvroNmBFezB/pWshOJiAxpJr55r1t4n9kJcbrvQVPJparO2mrj0nvRWw00uEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VavLzSAJMKShyNcb8BTPVTldOAXp7fsJF2Ka2JAcBtc=; b=XaglVJi1StPp6ZMIgp5c5SqiC7OyrP+p4sgZ+MEr4lEV8hfZgR/U+0ufhhkTz/mE/00XApwcItHKbte3i0aIiQIcSNY6xm/pkGa+HmIc7pP8Q3QrTPshc4AUAfS35/42gJ9sn+gDjlJhRGrnnVknErIXni6SoNqP4fNw99JDnu5mnRI4REH8i8PgM+nG6pcTv8Ob9YgS0fRsQVgC6N2FwoIYsSiZa83UBwTss7R6xalW479m6Hgc7RiQSRngEx77G2xpioQjiGlCOzumhWhDwELkx34CmE2a6d4qjOyg7ZYriW1ykuBFVjSVNiIco1ti0aX5/versLX5mOKrXpPgfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VavLzSAJMKShyNcb8BTPVTldOAXp7fsJF2Ka2JAcBtc=; b=QK6GU4B5vKi0F7R9AdRfvfWyEePW9zo2U7ohzb/KlXqCyGVxG7pYa4yA+Tj9z3nMmQlMDzu6uqgFgmQH5uOg/lWpQQpy8SgccFN9Vgy8O9paAkN0YWBdm2GiYJp16sA3tDQc/okLH5AbTxzVj67B2bCS7Hjesv2vepgZCkWw/yQ= Received: from BYAPR11CA0052.namprd11.prod.outlook.com (2603:10b6:a03:80::29) by SA1PR12MB7128.namprd12.prod.outlook.com (2603:10b6:806:29c::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Wed, 21 Dec 2022 17:41:51 +0000 Received: from CO1PEPF00001A5E.namprd05.prod.outlook.com (2603:10b6:a03:80:cafe::66) by BYAPR11CA0052.outlook.office365.com (2603:10b6:a03:80::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.21 via Frontend Transport; Wed, 21 Dec 2022 17:41:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF00001A5E.mail.protection.outlook.com (10.167.241.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5944.8 via Frontend Transport; Wed, 21 Dec 2022 17:41:50 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 21 Dec 2022 11:41:49 -0600 Date: Wed, 21 Dec 2022 11:34:41 -0600 From: "Roth, Michael" To: CC: Tom Lendacky , , "Michael D Kinney" , Liming Gao , Zhiguang Liu , Ard Biesheuvel , Jiewen Yao , Gerd Hoffmann , Eric Dong , Rahul Kumar Subject: Re: [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Message-ID: <20221221173441.vex23g4ignzovj3o@amd.com> References: <20221221155047.180912-1-michael.roth@amd.com> MIME-Version: 1.0 In-Reply-To: <20221221155047.180912-1-michael.roth@amd.com> Return-Path: Michael.Roth@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF00001A5E:EE_|SA1PR12MB7128:EE_ X-MS-Office365-Filtering-Correlation-Id: 98f2a6e1-062a-4d5b-da38-08dae37aa46c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 19CCc3lMuocFx3OHrydLvidAiE+oCsHG0qm6Qxjb9+OhngckAoeVA3n3DtgTGHJXLTjZdeBUhFK87t3OZFdK0fBbtJn9hS8BtFTa/s2kI2eFiZIrxCgrbIbip0eOQ2esgKTYHSbv/FieJMLbTV8fe7UnX5RsfZQKAPJSyozsAV9v6iWglBErnlfyAWQZ//DNoLojIQWoPDzTFmvr8ax8VtPzj9Ef8SJ0NAhYUmTK+0u3iBhzCt4TkJIMk9KDVK8X7XWT/1FgnR6UupDEOtMe99z3XsksVHgjSsThAnk16EWELDjY9lW2anTV6yuG7P2SXJu2vpClIv9w0ZuQ7mBFyl88pLrPh1d5VKjj31y/HRorKWD1chJupg6xlVopfNYkehhkBF5K42CWw/pURM8CxAWycm8qdABeU+fCgfytwieB7tNDpoFNUt/xxa1sQj2ZDdDFfqXzMStPMb+WrfCpEXs+EV7j0lu4yKiOYC/IiDr5ZgJy/0L+jsg1QIhI51jrjOARbaY+j3+W3fv8BAmx5VozL9rStYvkPV8WaXCdLO3KbKewCWhsSr2zubRtOWTipyUrh+rMBLt4F62YirVrZy5Yrnc7mzhiJ11HnBiIhHB4eEjmaZ4OvnwYphEmWRPmqeV5DS+EbNiR1B6ekqRRpHBDENjTrxRONJ+c/y2w3NRNz9jA6egId2TILV8N602fP0Q2XJpdZSYJdH/+eA45yAKQYKqmWZlKOiKR9xzt3B8= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(39860400002)(396003)(346002)(376002)(451199015)(40470700004)(46966006)(36840700001)(6666004)(86362001)(478600001)(70206006)(186003)(2616005)(26005)(70586007)(40480700001)(16526019)(6916009)(19627235002)(316002)(54906003)(4326008)(82740400003)(81166007)(1076003)(82310400005)(8676002)(41300700001)(83380400001)(2906002)(8936002)(336012)(36756003)(356005)(426003)(44832011)(36860700001)(5660300002)(47076005)(7416002)(40460700003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 17:41:50.8750 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 98f2a6e1-062a-4d5b-da38-08dae37aa46c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF00001A5E.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7128 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline On Wed, Dec 21, 2022 at 09:50:43AM -0600, Michael Roth wrote: > A full-featured SEV-SNP guest will not rely on the AP jump table, and > will instead use the AP Creation interface defined by the GHCB. However, > a guest is still allowed to use the AP jump table if desired. > > However, unlike with SEV-ES guests, SEV-SNP guests should not > store/retrieve the jump table address via GHCB requests to the > hypervisor, they should instead store/retrieve it via the SEV-SNP > secrets page. > > This series implements the store side of this for OVMF by introducing a > PCD that can be used to pass the SEV-SNP secrets page address to > UefiCpuPkg, where the jump table address is allocated. It also > introduces a struct that defines the SEV-SNP secrets page format > according to the GHCB v2.01 and SEV-SNP FW ABI specifications. > > v4: > - Move storing of jump table address after relevant comment rather > than before it. (Tom) > > v3: > - Break up single patch into a set of patches containing the specific > changes for each package. (Ray) > > v2: > - Update Secrets OS area to match latest GHCB 2.01 spec (Tom) > - Move Secrets header file into ./Register/AMD subdirectory (Tom) > - Fix CI EccCheck due to assignment in variable declaration > > ---------------------------------------------------------------- > Michael Roth (4): > MdePkg: Add header for SEV-SNP secrets page struct > MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page > OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase > UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page Adding some Cc's from Maintainers.txt that I should have included originally: Patch 1/2: Michael D Kinney Liming Gao Zhiguang Liu Patch 3: Ard Biesheuvel Jiewen Yao Gerd Hoffmann Patch 4: Eric Dong Rahul Kumar Thanks, Mike > > MdePkg/Include/Register/Amd/SnpSecretsPage.h | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++ > MdePkg/MdePkg.dec | 4 ++++ > OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ > OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++ > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 +++ > OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++ > OvmfPkg/OvmfPkgIa32.dsc | 3 +++ > OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ > OvmfPkg/OvmfPkgX64.dsc | 3 +++ > OvmfPkg/PlatformPei/AmdSev.c | 5 +++++ > OvmfPkg/PlatformPei/PlatformPei.inf | 1 + > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 10 ++++++++++ > 13 files changed, 98 insertions(+) > create mode 100644 MdePkg/Include/Register/Amd/SnpSecretsPage.h > >