From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) by mx.groups.io with SMTP id smtpd.web11.86799.1674767872294590513 for ; Thu, 26 Jan 2023 13:17:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@google.com header.s=20210112 header.b=B4ldW4/b; spf=pass (domain: flex--dionnaglaze.bounces.google.com, ip: 209.85.219.201, mailfrom: 3_-3sywskbuwrw211ouzodsu22uzs.q20rs9szsryg.u52836.w2@flex--dionnaglaze.bounces.google.com) Received: by mail-yb1-f201.google.com with SMTP id r8-20020a252b08000000b007b989d5e105so3243667ybr.11 for ; Thu, 26 Jan 2023 13:17:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Esu4lgcPVnfxyBBs/YdXMI9lhqFm65lIxL/SYkwCFS8=; b=B4ldW4/bNYG7SQW/+NO8tPv12AnocMMXdCqXYU9HkqcaIt37uPw8KkT5nPSm36PGry nYWnw4GI2DOX6CFrSqzQpogliHcX0q9BUTCJj3vFvLr4lX/R5RKwZH187wxI3DdMYgEd 2xKs6uBAHG/H5gxI6vTe1xA+MWgguK0OE/QhLvV/KjxwvQuYuz5324zL+9GdMoATRb99 YvgUVivpHi0XiNeUay67uqL9G2lghxIw33Qizl0jNtFzi7IPpkV5+J9m+edx5WLcNs5N 73Tw8DVhd1vT0Z7SuYy7t4dOCV0zEusotQFE0I84/HZwBSp1qQ8pUatk+emjhSpbwYMs oNlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Esu4lgcPVnfxyBBs/YdXMI9lhqFm65lIxL/SYkwCFS8=; b=zTuGjyA8YIG0+Wd4zTHzZGoFSDMqBdnFfeKXPIP/fTXmMqDmXuh/VPap5zjCyYaDXW Jrv6RT0sWS8fGP3df0GVEcKNfkOkzkE8I4ivBQyApulIc1KeXcwNAODjlikeGHXfgkY8 TfTpx5rzGGcp4g9BRD9YSDFT7zO3ADY8GLfKFU7QR94TLuw6yyO7sHVp4v/XkXzY3s/H svlgTcdk23gEJyT/PLYzLP0MZgPq7F+stb26xwel6vOaK8106rb4yROJbx/H8zm38vX0 HRkYnsXxa8SZqOTkz1NeyzHxL4zNggaVAArlCW7z1euDl/dDM81/DABGG4z5qcntLc3q H+BA== X-Gm-Message-State: AO0yUKUb1MXuMO3IzWktx8rBTAwDScSAZRM+SzQLJKP11cRNuG6pHSSH yHgu+NS6ZoJCLlMRlzY2WnuQuLFzDZf1ZKpYEzkCVPqPIvMbN9zvgK3yjBs7AJsgz/vQS/mfgCp IxYD6jAFueQZPxpdc2a8CpVZBa58rR6B6oG2Lm8wVy5wcYRSTU4QGZ3pk/MSutPhLvaRqThwl X-Google-Smtp-Source: AK7set/4rfWtyMIP2fPQ6b81XAmMYdHVnMQ//3Qs8KfIJmeUAKFnq2mKpH6rLF3O4h2v1d/C5Oy4An++mOczi+N9kw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a25:594:0:b0:80b:92d0:d31b with SMTP id 142-20020a250594000000b0080b92d0d31bmr986774ybf.436.1674767871400; Thu, 26 Jan 2023 13:17:51 -0800 (PST) Date: Thu, 26 Jan 2023 21:17:39 +0000 In-Reply-To: <20230126211740.3235408-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126211740.3235408-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.39.1.456.gfc5497dd1b-goog Message-ID: <20230126211740.3235408-4-dionnaglaze@google.com> Subject: [PATCH v11 3/4] OvmfPkg: Implement AcceptAllUnacceptedMemory in AmdSevDxe From: "Dionna Glaze" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Content-Type: text/plain; charset="UTF-8" This protocol implementation disables the accept-all-memory behavior of the BeforeExitBootServices event this driver adds. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 26 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 1 + 2 files changed, 27 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 37d1a3ff55..9d05a16c6e 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -21,6 +21,7 @@ #include #include #include +#include #include STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { @@ -143,6 +144,21 @@ ResolveUnacceptedMemory ( ASSERT_EFI_ERROR (Status); } +STATIC +EFI_STATUS +EFIAPI +AllowUnacceptedMemory ( + IN OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL *This + ) +{ + mAcceptAllMemoryAtEBS = FALSE; + return EFI_SUCCESS; +} + +STATIC +OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL + mMemoryAcceptanceProtocol = { AllowUnacceptedMemory }; + STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { AmdSevMemoryAccept }; @@ -292,6 +308,16 @@ AmdSevDxeEntryPoint ( DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for EventBeforeExitBootServices failed.\n")); } + Status = gBS->InstallProtocolInterface ( + &mAmdSevDxeHandle, + &gOvmfSevMemoryAcceptanceProtocolGuid, + EFI_NATIVE_INTERFACE, + &mMemoryAcceptanceProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install OvmfSevMemoryAcceptanceProtocol failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 5b443d45bc..e7c7d526c9 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -49,6 +49,7 @@ [Protocols] gEdkiiMemoryAcceptProtocolGuid + gOvmfSevMemoryAcceptanceProtocolGuid [Guids] gConfidentialComputingSevSnpBlobGuid -- 2.39.1.456.gfc5497dd1b-goog