From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118471+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 982DF74004A
	for <rebecca@openfw.io>; Wed,  1 May 2024 19:05:13 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=EnRaKrFPKE+vb5Hpf3nFUzWisgNBqtfIaKge+H0DPB4=;
 c=relaxed/simple; d=groups.io;
 h=Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20240206; t=1714590312; v=1;
 b=ZjltGMPy0/alELtMq00YthJcpliPuAComEAm9nvz1jfppWejE1habfWaJRM+roG2p7+ExR5/
 EWXfmgR6M4Xz5WD7vHTWrQqaLLcbS2bxBYpAtkrPqIHiteMW6PraEJjAj4+rhFjIbfcpX7Blmiv
 7eBnAOHrJefnx3RFjax6fDKf9TbMLjWyNIbgLCN8iffdERgprSauFqNYOcwkkimFxqTxc565Mju
 xxgwL9aOi8obGfRyw5GyXlMPs8mD8lAjt7+VkX1BV4dBeeco5RaE1XdOOj5KfX2LK+beJ8flqMO
 lW6oJ/BPC6IxjALEeWn45aW9vrs/Ro/WG0heMCU0hxuHA==
X-Received: by 127.0.0.2 with SMTP id e4RlYY7687511xypxBa5588v; Wed, 01 May 2024 12:05:12 -0700
X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.67])
 by mx.groups.io with SMTP id smtpd.web10.5149.1714590311430309068
 for <devel@edk2.groups.io>;
 Wed, 01 May 2024 12:05:11 -0700
X-Received: from SJ0PR03CA0018.namprd03.prod.outlook.com (2603:10b6:a03:33a::23)
 by PH0PR12MB7813.namprd12.prod.outlook.com (2603:10b6:510:286::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.34; Wed, 1 May
 2024 19:05:08 +0000
X-Received: from SJ5PEPF000001CC.namprd05.prod.outlook.com
 (2603:10b6:a03:33a:cafe::4e) by SJ0PR03CA0018.outlook.office365.com
 (2603:10b6:a03:33a::23) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.34 via Frontend
 Transport; Wed, 1 May 2024 19:05:07 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 SJ5PEPF000001CC.mail.protection.outlook.com (10.167.242.41) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7544.18 via Frontend Transport; Wed, 1 May 2024 19:05:07 +0000
X-Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 1 May
 2024 14:05:06 -0500
From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Gerd Hoffmann <kraxel@redhat.com>, Ard Biesheuvel <ardb@kernel.org>, "Tom
 Lendacky" <thomas.lendacky@amd.com>, Erdem Aktas <erdemaktas@google.com>,
	Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>
Subject: [edk2-devel] [PATCH v4 1/3] OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs
Date: Wed, 1 May 2024 14:03:38 -0500
Message-ID: <20240501190340.2238565-2-michael.roth@amd.com>
In-Reply-To: <20240501190340.2238565-1-michael.roth@amd.com>
References: <20240501190340.2238565-1-michael.roth@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CC:EE_|PH0PR12MB7813:EE_
X-MS-Office365-Filtering-Correlation-Id: b72156c6-a9da-4a37-c10b-08dc6a119e07
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
	=?us-ascii?Q?Cqf/+881N4ApJcPeaZ8ucQIP2JpIsm8Gtmi9l+mWijeaaeqHPwKFhFoYkSme?=
 =?us-ascii?Q?pmV+YAIJm6S0BjWRocQUYly0u7m5F2KmV6grUfhdgGBQtva9F/YavtMA+sKg?=
 =?us-ascii?Q?gvh7o2oqmpifLZyBpQBijB11+Cg5m6DkEYamQOLYbHqN5cMHs+Bf2XC8CNbz?=
 =?us-ascii?Q?UCC5N480XWiJAQgRJfFrSi7rEQ1RCqSQf3TtakPGzNsv/k1G8CgpeMisB8oG?=
 =?us-ascii?Q?zF/lZIqaXM5+3eUQqlRhTBPC8oNQmx1o06dU5JIMkUG7e+jm2L2ebp8la+1N?=
 =?us-ascii?Q?tTkdIv0+o8vHpHfpCI6t8sw3agejE3XnjToQWnKMsitLAT6tquMrEt083z5t?=
 =?us-ascii?Q?j+UP9MRXQPaDb67awRCM3k5moHkUAfKK2Gny6S1v2XCIsbkrGPcQR0obp73A?=
 =?us-ascii?Q?hLDiLRezsZNw8Cit6vgPGzPVXdly2Y/e+QNT5DYXhhA1cfDtaq5bVxFmOdTw?=
 =?us-ascii?Q?TBCNTg81LY/eiyXUPZeoSsPsZ1YCvfDn3bEfuPsOSch2Mt5yCaQH5GJl0y9G?=
 =?us-ascii?Q?xos6t5GSxoqWhAiekbGHpZULzTGqS10a37Va3HlSmEYbGs62rIHLzCtlfjGB?=
 =?us-ascii?Q?+/sGkL800g6m1Yh5l6M69QkhnIIaYvmpemes2b7D4j4jOO4UYZLjpOSfVJbJ?=
 =?us-ascii?Q?Meb10H8vZ6EyP3MK/hLMteIfqKShwAsJW6jWVbnBYLwySiEUWLmNmv5oWwaG?=
 =?us-ascii?Q?8JmFylKb990B9SjJce/aytkYFHi2YLpMf7UM3QtLepoGbWvRQJEI2ot4GBmQ?=
 =?us-ascii?Q?C/xo9nnUkjwM22pFByYCd6tTVf1iYCsixbF+NfKFBAaHDytx97P0xUausMGv?=
 =?us-ascii?Q?NTnpgDXR9d2TaRIxAWPb1EdvnhCuXEzhcRgdb5b68AZHDR+gNvn/Z76kctb5?=
 =?us-ascii?Q?JCjBZK82grrAMLEbHfbD2MuPLPKE/UZX3LISnZ5vOp8PPWLpiw9FxaY2Jn8P?=
 =?us-ascii?Q?lMJqXFPYo3VkAN+eeCEir8fuuz4z0yL2x3P4rSB5RaU62vd4y00a8xF3op6Y?=
 =?us-ascii?Q?LI8I+QMOGaqNWttrc92tk6Unw1BUonkC0EJ8cfxmf0t8y4DwpndhcvYRPCB2?=
 =?us-ascii?Q?WhqrV66Erm3mNvPEVPEz55jsKw+6KntZVznRjArDRYUzLVau7qyD/CjLrrS0?=
 =?us-ascii?Q?Xvo2xFHbzzcV37kGQ7cyii/EaAmWhSM3oOhlz7BykTmg5ySBhKAXU5FNhLAl?=
 =?us-ascii?Q?SL3uNcm0Ebua3mlVS4tz8MbsPmwMBn5z8BKE0B3BJIpOyk4sZHOxUiKA3e/X?=
 =?us-ascii?Q?KKLXnNEkURUW/uPNP9hqMovlroJsWMhwRZW7l2VFX586QSxeTQw2FQd05/zc?=
 =?us-ascii?Q?dR/i78WEmKOlar1QnzLA9cuPP05TjCufgvVZu06dNnMjNauFZIcS1Yj/nCoV?=
 =?us-ascii?Q?X1lJ5+0=3D?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 May 2024 19:05:07.6814
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b72156c6-a9da-4a37-c10b-08dc6a119e07
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	SJ5PEPF000001CC.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7813
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 01 May 2024 12:05:11 -0700
Resent-From: Michael.Roth@amd.com
Reply-To: devel@edk2.groups.io,Michael.Roth@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: iLE8hCXRBgooWqTgFv0Nr7erx7686176AA=
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=ZjltGMPy;
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

Future changes will make use of CpuPageTableLib to handle splitting
page table mappings during SEC phase. While it's not strictly required
by hardware, CpuPageTableLib relies on non-leaf PTEs never having the
encryption bit set, so go ahead change the page table setup code to
satisfy this expectation.

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       |  5 ++++-
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 20 ++++++++++----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index 23e4c5ebbe..827c874312 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -162,11 +162,14 @@ SevClearPageEncMaskForGhcbPage:
     ;
     ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted=
.
     ; This requires the 2MB page for this range be broken down into 512 4K=
B
-    ; pages.  All will be marked encrypted, except for the GHCB.
+    ; pages.  All will be marked encrypted, except for the GHCB. Since the
+    ; original PMD entry is no longer a leaf entry, remove the encryption
+    ; bit when pointing to the PTE page.
     ;
     mov     ecx, (GHCB_BASE >> 21)
     mov     eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
     mov     [ecx * 8 + PT_ADDR (0x2000)], eax
+    mov     [ecx * 8 + PT_ADDR (0x2000) + 4], strict dword 0
=20
     ;
     ; Page Table Entries (512 * 4KB entries =3D> 2MB)
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index 474d22dbfa..d913a39d46 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -67,7 +67,7 @@ BITS    32
 ;
 ; Create page tables for 4-level paging
 ;
-; Argument: upper 32 bits of the page table entries
+; Argument: upper 32 bits of the leaf page table entries
 ;
 %macro CreatePageTables4Level 1
=20
@@ -78,19 +78,19 @@ BITS    32
     ; Top level Page Directory Pointers (1 * 512GB entry)
     ;
     mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
-    mov     dword[PT_ADDR (4)], %1
+    mov     dword[PT_ADDR (4)], 0
=20
     ;
     ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB)
     ;
     mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY=
_ATTR
-    mov     dword[PT_ADDR (0x1004)], %1
+    mov     dword[PT_ADDR (0x1004)], 0
     mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY=
_ATTR
-    mov     dword[PT_ADDR (0x100C)], %1
+    mov     dword[PT_ADDR (0x100C)], 0
     mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDE_DIRECTORY=
_ATTR
-    mov     dword[PT_ADDR (0x1014)], %1
+    mov     dword[PT_ADDR (0x1014)], 0
     mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDE_DIRECTORY=
_ATTR
-    mov     dword[PT_ADDR (0x101C)], %1
+    mov     dword[PT_ADDR (0x101C)], 0
=20
     ;
     ; Page Table Entries (2048 * 2MB entries =3D> 4GB)
@@ -141,7 +141,7 @@ BITS    32
 ;
 ; Create page tables for 5-level paging with gigabyte pages
 ;
-; Argument: upper 32 bits of the page table entries
+; Argument: upper 32 bits of the leaf page table entries
 ;
 ; We have 6 pages available for the early page tables,
 ; we use four of them:
@@ -164,15 +164,15 @@ BITS    32
=20
     ; level 5
     mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
-    mov     dword[PT_ADDR (4)], %1
+    mov     dword[PT_ADDR (4)], 0
=20
     ; level 4
     mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY=
_ATTR
-    mov     dword[PT_ADDR (0x1004)], %1
+    mov     dword[PT_ADDR (0x1004)], 0
=20
     ; level 3 (1x -> level 2, 3x 1GB)
     mov     dword[PT_ADDR (0x3000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY=
_ATTR
-    mov     dword[PT_ADDR (0x3004)], %1
+    mov     dword[PT_ADDR (0x3004)], 0
     mov     dword[PT_ADDR (0x3008)], (1 << 30) + PAGE_PDE_LARGEPAGE_ATTR
     mov     dword[PT_ADDR (0x300c)], %1
     mov     dword[PT_ADDR (0x3010)], (2 << 30) + PAGE_PDE_LARGEPAGE_ATTR
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118471): https://edk2.groups.io/g/devel/message/118471
Mute This Topic: https://groups.io/mt/105849110/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-