From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web11.8792.1676882994979514469
 for <devel@edk2.groups.io>;
 Mon, 20 Feb 2023 00:49:55 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=biyzeRbX;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098416.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31K7wsIL010380;
	Mon, 20 Feb 2023 08:49:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : content-transfer-encoding : mime-version; s=pp1;
 bh=2NOWMfT9Bg8N2CfdRbEaD85wncvucIlp8gVBamnizn8=;
 b=biyzeRbX6bIQxUt6eGGHThuKD6Fqo+u1YCd5fK6sZz66ga4cDSgEgT5If5lgbXv7Zrqb
 ZahVybcUe4CBACACMjhKHO6pGakWBDT7OTRDnQw3I+tec+qjNykeozaI+vIgS7dt+d9f
 D0c6JDaEtCOct1RWivzTneFOOZ/Kv7jwyoWoc1A/zBrriZ+oLXo/pfjfV3Me+VG3uoJV
 gIrW4zTGzQnSY4DiswXcuoyKLKAoe9GppSn5X75bFAPPpeJUsj7qA8JepP227nRkHyRw
 PhyVMY4VJUdUCxulfzAGbkJYF5ZGHYHJ79Gzxvh+rhY6+duy6M8NNFdkp97fRlOGcCKs pA== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nv2asvywv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Feb 2023 08:49:52 +0000
Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31K88qOc003931;
	Mon, 20 Feb 2023 08:49:51 GMT
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27])
	by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nv2asvywj-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Feb 2023 08:49:51 +0000
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
	by ppma05wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31K5oNGE004295;
	Mon, 20 Feb 2023 08:49:50 GMT
Received: from smtprelay04.wdc07v.mail.ibm.com ([9.208.129.114])
	by ppma05wdc.us.ibm.com (PPS) with ESMTPS id 3ntpa6m71j-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Feb 2023 08:49:50 +0000
Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103])
	by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31K8nmEI29033166
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 20 Feb 2023 08:49:49 GMT
Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CEF145805E;
	Mon, 20 Feb 2023 08:49:48 +0000 (GMT)
Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 0AE8958067;
	Mon, 20 Feb 2023 08:49:48 +0000 (GMT)
Received: from amdmilan1.watson.ibm.com (unknown [9.2.130.16])
	by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP;
	Mon, 20 Feb 2023 08:49:47 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jiewen Yao <jiewen.yao@intel.com>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Gerd Hoffmann <kraxel@redhat.com>, Erdem Aktas <erdemaktas@google.com>,
        James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Michael Roth <michael.roth@amd.com>,
        Ashish Kalra <ashish.kalra@amd.com>,
        Mario Smarduch <mario.smarduch@amd.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Subject: [RESEND] [PATCH v2 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP
Date: Mon, 20 Feb 2023 08:49:40 +0000
Message-Id: <20230220084942.1292756-1-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: GUrr0OiGa-dTGC1aDhdSrpoGv3Abo36s
X-Proofpoint-ORIG-GUID: q3PeFromU3NmMtnjWXbE4wP51fvEQrf8
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22
 definitions=2023-02-20_05,2023-02-17_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 malwarescore=0
 suspectscore=0 mlxlogscore=568 adultscore=0 phishscore=0 mlxscore=0
 clxscore=1015 lowpriorityscore=0 impostorscore=0 spamscore=0
 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2212070000 definitions=main-2302200076
Content-Transfer-Encoding: 8bit

[Resending due to missing Cc in actual patches emails.]

(Note: This is a new version of this one-year-old patch series; the v1
series [1] got a few Acked-by but it's been so long that I don't
consider them relevant anymore.)

AMD SEV and SEV-ES support measured direct boot with
kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF
during boot.

To enable the same approach for AMD SEV-SNP we make sure the page in
which QEMU inserts the hashes of kernel/initrd/cmdline is not already
pre-validated, as SNP doesn't allow validating a page twice.

The first patch rearranges the pages in AmdSevX64's MEMFD so they are in
the same order both as in the main target (OvmfPkgX64), with the
exception of the SEV Launch Secret page which isn't defined in
OvmfPkgX64.

The second patch modifies the SNP metadata structure such that on
AmdSev target the SEV Launch Secret page is not included in the ranges
that are pre-validated (zero pages) by the VMM; instead the VMM will
insert content into this page (the hashes table), or mark it explicitly
as a zero page if no hashes are added.

This series is available at:
https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v2

The corresponding RFC patch series for QEMU is in:
https://lore.kernel.org/qemu-devel/20230216084913.2148508-1-dovmurik@linux.ibm.com/
or use this tree:
https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v2

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Mario Smarduch <mario.smarduch@amd.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>

---

v2 changes:
* Rebased on master
* Updated AmdSev MEMFD size to match OvmfX64

v1:
[1] https://edk2.groups.io/g/devel/message/88137


Dov Murik (2):
  OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in
    OvmfPkgX64.fdf
  OvmfPkg/ResetVector: Exclude SEV launch secrets page from
    pre-validation

 OvmfPkg/AmdSev/AmdSevX64.fdf          | 27 ++++++++++----------
 OvmfPkg/ResetVector/ResetVector.nasmb | 14 +++++++++-
 2 files changed, 27 insertions(+), 14 deletions(-)

-- 
2.25.1