From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web11.10984.1677748546463113711
 for <devel@edk2.groups.io>;
 Thu, 02 Mar 2023 01:15:46 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=rUCSWAD1;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3228dhT5008168;
	Thu, 2 Mar 2023 09:15:43 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : content-transfer-encoding : mime-version; s=pp1;
 bh=a6hqKFKofk1EYjIKP5mb19lPk3h/bENXPhFhcRrMeBY=;
 b=rUCSWAD1t2nwTqlZ+NFvWFSf4NRgx8jAoJQy74MMhVh7avYyHxQdbatkNz/+RmbQkMuI
 /ZFIGV1e1pmpVi64TaGvPIp2MwJ0H/D0AgmYiuhNGtvOAzqodWoMI0vH43kx+SVbARg/
 bOlZQvR8gNJ/0wrwBupl51a3g842zC1MAdRBKOGOkQFN2Q0tMpMYXs+0f1NjELICBbCd
 yNYgUivJNSTaMq93bTz+g6UMNv7EfHveTyPcFKRypB6pZXDn+bB3jqhpXQFwKzQAJTyy
 m33wh+/dLjHB92rnrtJyRpVpEePQVkUnkFSjIbA7VDEq1Xk/9dTR0ifZmylHZzXpXEop tw== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p2rfv10xv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 02 Mar 2023 09:15:42 +0000
Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3228sr5r007767;
	Thu, 2 Mar 2023 09:15:42 GMT
Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11])
	by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p2rfv10xe-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 02 Mar 2023 09:15:42 +0000
Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1])
	by ppma03dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3227F7QF030021;
	Thu, 2 Mar 2023 09:15:41 GMT
Received: from smtprelay07.wdc07v.mail.ibm.com ([9.208.129.116])
	by ppma03dal.us.ibm.com (PPS) with ESMTPS id 3nybcmtxx5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 02 Mar 2023 09:15:41 +0000
Received: from smtpav03.wdc07v.mail.ibm.com (smtpav03.wdc07v.mail.ibm.com [10.39.53.230])
	by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3229Fdac6750816
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 2 Mar 2023 09:15:39 GMT
Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 62FE458062;
	Thu,  2 Mar 2023 09:15:39 +0000 (GMT)
Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 2BDE958054;
	Thu,  2 Mar 2023 09:15:38 +0000 (GMT)
Received: from amdmilan1.watson.ibm.com (unknown [9.2.130.16])
	by smtpav03.wdc07v.mail.ibm.com (Postfix) with ESMTP;
	Thu,  2 Mar 2023 09:15:38 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jiewen Yao <jiewen.yao@intel.com>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Gerd Hoffmann <kraxel@redhat.com>, Erdem Aktas <erdemaktas@google.com>,
        James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Michael Roth <michael.roth@amd.com>,
        Ashish Kalra <ashish.kalra@amd.com>,
        Mario Smarduch <mario.smarduch@amd.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Subject: [PATCH v3 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP
Date: Thu,  2 Mar 2023 09:15:30 +0000
Message-Id: <20230302091532.1985238-1-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: PxRIDTcxE3c204AKK5_g5_OiW5RV_5Ka
X-Proofpoint-ORIG-GUID: yvNzZTrjYgnlVkAtjupwa9yrTIH6SRWR
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
 definitions=2023-03-02_04,2023-03-02_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=626
 impostorscore=0 adultscore=0 priorityscore=1501 suspectscore=0
 malwarescore=0 phishscore=0 clxscore=1015 bulkscore=0 spamscore=0
 lowpriorityscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2212070000 definitions=main-2303020078
Content-Transfer-Encoding: 8bit

AMD SEV and SEV-ES support measured direct boot with
kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF
during boot.

To enable the same approach for AMD SEV-SNP, we declare the kernel
hashes page in the SNP metadata list as a new region type.  When QEMU
encounters that region in the list, it will insert the hashes of
kernel/initrd/cmdline and encrypt the page (or, if the user turned off
kernel hashes, it will validate the page as a zero page).

The first patch rearranges the pages in AmdSevX64's MEMFD so they are in
the same order both as in the main target (OvmfPkgX64), with the
exception of the SEV Launch Secret page which isn't defined in
OvmfPkgX64.

The second patch modifies the SNP metadata structure such that on
AmdSev target the SEV Launch Secret page is explicitly defined in SNP
metadata list, and therefore it is not included in the ranges that are
pre-validated (zero pages) by the VMM; instead the VMM will insert
content into this page (the hashes table), or mark it explicitly as a
zero page if no hashes are added.

This series is available at:
https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v3

A corresponding QEMU RFC series will be published soon in qemu-devel, or
use this tree:
https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v3

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Mario Smarduch <mario.smarduch@amd.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>

---

v3 changes:
* Define the kernel hashes page in the SNP metadata table (thanks Tom)

v2: https://edk2.groups.io/g/devel/message/100362
v2 changes:
* Rebased on master
* Updated AmdSev MEMFD size to match OvmfX64

v1: https://edk2.groups.io/g/devel/message/88137

Dov Murik (2):
  OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in
    OvmfPkgX64.fdf
  OvmfPkg/ResetVector: Define SNP metadata for kernel hashes

 OvmfPkg/AmdSev/AmdSevX64.fdf                | 27 ++++++++++----------
 OvmfPkg/ResetVector/ResetVector.nasmb       | 11 +++++++-
 OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 ++++++++
 3 files changed, 35 insertions(+), 14 deletions(-)

-- 
2.25.1