From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) by mx.groups.io with SMTP id smtpd.web10.63534.1674694618502297134 for ; Wed, 25 Jan 2023 16:56:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@google.com header.s=20210112 header.b=e73nwoTn; spf=pass (domain: flex--dionnaglaze.bounces.google.com, ip: 209.85.210.201, mailfrom: 32c_rywskbeqjouttgmrgfkmuumrk.iusjkbkrkjqi.mxuavy.ou@flex--dionnaglaze.bounces.google.com) Received: by mail-pf1-f201.google.com with SMTP id g16-20020a056a001a1000b0059050afa753so150660pfv.10 for ; Wed, 25 Jan 2023 16:56:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2UGw9tGRMjqwxHUfJnkJ3d22qOQq7916EVDeJk2eg4o=; b=e73nwoTnM+UxSJrR7ZUXcrZXj+/BGjIGQLuhprbwVb3Zm+2gJZforbcND/IWylVZWA t70pC3Qo7FqLomTbW0qIfAo/UVdD+vsKTYsQ0i8RD7IKgpCBfnDJpkROkTyONTmpQ9mt y7O0Q9Alx8rCwXzBzR1tJcBwUiXmk69ZjmrnsezD4PByLpYOUo5X5zYqFkYUTfPyUBAN i/aUNM1QZVCvRLAEc4JVMCNS4FSaYNeWSDtLXccDtgiMZxyYENC5ZLw2A2l2iLy0gfOn tcF+5nHL1myDmvkzX07epnbXvDhzXrb/NPXtQH2nqi9BEiRpW/O9m2J04u/1s68l0stz F53g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2UGw9tGRMjqwxHUfJnkJ3d22qOQq7916EVDeJk2eg4o=; b=jVuTNdIrVzYfGZl7blZM+eQ2oeUQXWqQQnbASH+TYabE3VsZ9rIER/FS2b+5Zw9EPK 8sdHGq4642b+b1fo2DSmikhOgYcViq/6cWTDxRAI0L24q6aRPE+oJtTvV2jcUaiTa88A mSr54ThpsXJIpOzyJUCgr+CSr+CO7mNe1RVbWeS8BKDymrP2C7yej1K+68W9oT/l6cha 4Z1K0KXcYUcdEvNa4Je46oqkIPVzPA9P7LLwTPHTH/B6I/sPWEXZURPo4cgofAHL0KSl RYY2ug1CcjOAfG3jejMyHXTuczFOOZqEVmp6Uar3Jyg6yScYMTWn0+Einig2n+Ud4xRr WGCQ== X-Gm-Message-State: AO0yUKXFwQ0iQZyyYHssuwPrsyX6xiENmZlVUZ6XUt8xAsF0WFrupvaL 2ukty9xU1hTQiADgAo3UMS589qxmTYHpWFkPKUMuJazx80+qSZkvN3w/YuWxKwIJdefJsYdCw/m 7Z3QBkX40TYvM/lRnjrunrxeOKj8JnguJ6d96DJPn4G+e0YY/Jhc+iqGWVtSAU4dZYaKG+0Ad X-Google-Smtp-Source: AK7set8p+mz9EcaoF/u7whRxSb2GhRxAPxRwp3WjYkwj8wITSHz4372JNSg+jEDbxN5PI4JGV6ruWk/v4gM3kcrSHw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a63:5f96:0:b0:4de:5506:dc61 with SMTP id t144-20020a635f96000000b004de5506dc61mr49382pgb.112.1674694617748; Wed, 25 Jan 2023 16:56:57 -0800 (PST) Date: Thu, 26 Jan 2023 00:56:46 +0000 In-Reply-To: <20230126005647.3019225-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126005647.3019225-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.39.1.456.gfc5497dd1b-goog Message-ID: <20230126005647.3019225-4-dionnaglaze@google.com> Subject: [PATCH v10 3/4] OvmfPkg: Implement AcceptAllUnacceptedMemory in AmdSevDxe From: "Dionna Glaze" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Content-Type: text/plain; charset="UTF-8" This protocol implementation disables the accept-all-memory behavior of the BeforeExitBootServices event this driver adds. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 26 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 1 + 2 files changed, 27 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 5eec76fea2..e98867afac 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -21,6 +21,7 @@ #include #include #include +#include #include STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { @@ -155,6 +156,21 @@ ResolveUnacceptedMemory ( ASSERT_EFI_ERROR (Status); } +STATIC +EFI_STATUS +EFIAPI +AllowUnacceptedMemory ( + IN BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL *This + ) +{ + mAcceptAllMemoryAtEBS = FALSE; + return EFI_SUCCESS; +} + +STATIC +BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL + mMemoryAcceptanceProtocol = { AllowUnacceptedMemory }; + STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { AmdSevMemoryAccept }; @@ -304,6 +320,16 @@ AmdSevDxeEntryPoint ( DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for EventBeforeExitBootServices failed.\n")); } + Status = gBS->InstallProtocolInterface ( + &mAmdSevDxeHandle, + &gBz3987SevMemoryAcceptanceProtocolGuid, + EFI_NATIVE_INTERFACE, + &mMemoryAcceptanceProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install Bz3987SevMemoryAcceptanceProtocol failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 5b443d45bc..1e14e4e0ab 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -49,6 +49,7 @@ [Protocols] gEdkiiMemoryAcceptProtocolGuid + gBz3987SevMemoryAcceptanceProtocolGuid [Guids] gConfidentialComputingSevSnpBlobGuid -- 2.39.1.456.gfc5497dd1b-goog