From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: Laszlo Ersek <lersek@redhat.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Jordan Justen <jordan.l.justen@intel.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <liming.gao@intel.com>,
Eric Dong <eric.dong@intel.com>, Ray Ni <ray.ni@intel.com>,
"Singh, Brijesh" <brijesh.singh@amd.com>
Subject: Re: [edk2-devel] [RFC PATCH 05/28] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase
Date: Wed, 21 Aug 2019 21:42:22 +0000 [thread overview]
Message-ID: <229e74df-17b8-9bb5-7a5e-f6e7df64ca4f@amd.com> (raw)
In-Reply-To: <59b40c01-a6bf-2c65-0edd-87a35f937264@redhat.com>
On 8/21/19 9:31 AM, Laszlo Ersek wrote:
> On 08/19/19 23:35, Lendacky, Thomas wrote:
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>
>> Allocate memory for the GHCB pages during SEV initialization for use
>> during Pei and Dxe phases. Since the GHCB pages must be mapped as shared
>> pages, modify CreateIdentityMappingPageTables() so that pagetable entries
>> are created without the encryption bit set.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>> UefiCpuPkg/UefiCpuPkg.dec | 4 ++
>> OvmfPkg/OvmfPkgX64.dsc | 4 ++
>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 +
>> OvmfPkg/PlatformPei/PlatformPei.inf | 2 +
>> .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +++-
>> .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +-
>> .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +++-
>> .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 ++++++++++----
>> .../MemEncryptSevLibInternal.c | 1 -
>> .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 33 ++++++++--
>> OvmfPkg/PlatformPei/AmdSev.c | 64 +++++++++++++++++++
>> 11 files changed, 164 insertions(+), 23 deletions(-)
>
> Should be split to at least four patches (UefiCpuPkg, MdeModulePkg,
> OvmfPkg/BaseMemEncryptSevLib, OvmfPkg/PlatformPei).
>
> In addition, MdeModulePkg content must not depend on UefiCpuPkg content
> -- if modules under both packages need to consume a new PCD, then the
> PCD should be declared under MdeModulePkg. The rough dependency order is:
>
> - MdePkg (must be self-contained)
> - MdeModulePkg (may consume MdePkg)
> - UefiCpuPkg (may consume everything above, to my knowledge)
> - OvmfPkg (may consume everything above)
>
Ok, thanks for the guidance.
Ideally, I just would like to modify the newly created page tables after
the call to CreateIdentityMappingPageTables() in MdeModulePkg/Core/
DxeIplPeim/Ia32/DxeLoadFunc.c. Is there a preferred way to add a listener
or callback or notification service so that the main changes would be
limited to the OvmfPkg files and would that be acceptable?
Thanks,
Tom
> Thanks
> Laszlo
>
>>
>> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
>> index 6ddf0cd22466..4d5a2593cf13 100644
>> --- a/UefiCpuPkg/UefiCpuPkg.dec
>> +++ b/UefiCpuPkg/UefiCpuPkg.dec
>> @@ -323,5 +323,9 @@ [PcdsDynamic, PcdsDynamicEx]
>> # @ValidRange 0x80000001 | 0 - 1
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuProcTraceOutputScheme|0x0|UINT8|0x60000015
>>
>> + ## Contains the GHCB page allocation information.<BR><BR>
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0|UINT64|0x60000016
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0|UINT64|0x60000017
>> +
>> [UserExtensions.TianoCore."ExtraFiles"]
>> UefiCpuPkgExtra.uni
>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
>> index dda8dac18441..d6fc7cdf7da8 100644
>> --- a/OvmfPkg/OvmfPkgX64.dsc
>> +++ b/OvmfPkg/OvmfPkgX64.dsc
>> @@ -569,6 +569,10 @@ [PcdsDynamicDefault]
>> # Set memory encryption mask
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
>>
>> + # Set GHCB base address for SEV-ES
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0
>> +
>> !if $(SMM_REQUIRE) == TRUE
>> gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> index abc3217b0179..b994398633e3 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> @@ -52,6 +52,7 @@ [Sources.ARM, Sources.AARCH64]
>> [Packages]
>> MdePkg/MdePkg.dec
>> MdeModulePkg/MdeModulePkg.dec
>> + UefiCpuPkg/UefiCpuPkg.dec
>>
>> [Packages.ARM, Packages.AARCH64]
>> ArmPkg/ArmPkg.dec
>> @@ -110,6 +111,8 @@ [Pcd.IA32,Pcd.X64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
>> gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
>> gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize ## CONSUMES
>>
>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES
>> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
>> index aed1f64b7c93..f53195e6dda5 100644
>> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
>> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
>> @@ -102,6 +102,8 @@ [Pcd]
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize
>>
>> [FixedPcd]
>> gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> index 2d0493f109e8..6b7c38a441d6 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> @@ -201,6 +201,8 @@ EnableExecuteDisableBit (
>> @param[in, out] PageEntry2M Pointer to 2M page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> VOID
>> @@ -208,7 +210,9 @@ Split2MPageTo4K (
>> IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry2M,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> );
>>
>> /**
>> @@ -217,6 +221,8 @@ Split2MPageTo4K (
>>
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> @return The address of 4 level page map.
>>
>> @@ -224,7 +230,9 @@ Split2MPageTo4K (
>> UINTN
>> CreateIdentityMappingPageTables (
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbkSize
>> );
>>
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> index 172d7cd1c60c..630a3503f6ba 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> @@ -123,7 +123,7 @@ Create4GPageTablesIa32Pae (
>> //
>> // Need to split this 2M page that covers stack range.
>> //
>> - Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize);
>> + Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, 0, 0);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> @@ -278,7 +278,7 @@ HandOffToDxeCore (
>> //
>> // Create page table and save PageMapLevel4 to CR3
>> //
>> - PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE);
>> + PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE, 0, 0);
>>
>> //
>> // End of PEI phase signal
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> index 2867610bff4d..77da20e5c5c5 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> @@ -35,6 +35,8 @@ HandOffToDxeCore (
>> UINT32 Index;
>> EFI_VECTOR_HANDOFF_INFO *VectorInfo;
>> EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
>> + VOID *GhcbBase;
>> + UINTN GhcbSize;
>>
>> if (IsNullDetectionEnabled ()) {
>> ClearFirst4KPage (HobList.Raw);
>> @@ -77,12 +79,19 @@ HandOffToDxeCore (
>> TopOfStack = (VOID *) ((UINTN) BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SIZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT);
>> TopOfStack = ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT);
>>
>> + //
>> + // Get the address and size of the GHCB pages
>> + //
>> + GhcbBase = (VOID *) PcdGet64 (PcdGhcbBase);
>> + GhcbSize = PcdGet64 (PcdGhcbSize);
>> +
>> PageTables = 0;
>> if (FeaturePcdGet (PcdDxeIplBuildPageTables)) {
>> //
>> // Create page table and save PageMapLevel4 to CR3
>> //
>> - PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (UINTN) BaseOfStack, STACK_SIZE);
>> + PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (UINTN) BaseOfStack, STACK_SIZE,
>> + (EFI_PHYSICAL_ADDRESS) (UINTN) GhcbBase, GhcbSize);
>> } else {
>> //
>> // Set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> index edc38e4525c4..b3c3c3276e6a 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> @@ -180,6 +180,8 @@ EnableExecuteDisableBit (
>> @param Size Size of the given physical memory.
>> @param StackBase Base address of stack.
>> @param StackSize Size of stack.
>> + @param GhcbBase Base address of GHCB pages.
>> + @param GhcbSize Size of GHCB area.
>>
>> @retval TRUE Page table should be split.
>> @retval FALSE Page table should not be split.
>> @@ -189,7 +191,9 @@ ToSplitPageTable (
>> IN EFI_PHYSICAL_ADDRESS Address,
>> IN UINTN Size,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> if (IsNullDetectionEnabled () && Address == 0) {
>> @@ -208,6 +212,12 @@ ToSplitPageTable (
>> }
>> }
>>
>> + if (GhcbBase) {
>> + if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase)) {
>> + return TRUE;
>> + }
>> + }
>> +
>> return FALSE;
>> }
>> /**
>> @@ -321,6 +331,8 @@ AllocatePageTableMemory (
>> @param[in, out] PageEntry2M Pointer to 2M page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> VOID
>> @@ -328,7 +340,9 @@ Split2MPageTo4K (
>> IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry2M,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> EFI_PHYSICAL_ADDRESS PhysicalAddress4K;
>> @@ -354,7 +368,12 @@ Split2MPageTo4K (
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + if (!GhcbBase
>> + || (PhysicalAddress4K < GhcbBase)
>> + || (PhysicalAddress4K >= GhcbBase + GhcbSize)) {
>> + PageTableEntry->Uint64 |= AddressEncMask;
>> + }
>> PageTableEntry->Bits.ReadWrite = 1;
>>
>> if ((IsNullDetectionEnabled () && PhysicalAddress4K == 0) ||
>> @@ -382,6 +401,8 @@ Split2MPageTo4K (
>> @param[in, out] PageEntry1G Pointer to 1G page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> VOID
>> @@ -389,7 +410,9 @@ Split1GPageTo2M (
>> IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry1G,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> EFI_PHYSICAL_ADDRESS PhysicalAddress2M;
>> @@ -412,11 +435,11 @@ Split1GPageTo2M (
>>
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) {
>> - if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize)) {
>> + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) {
>> //
>> // Need to split this 2M page that covers NULL or stack range.
>> //
>> - Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize);
>> + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> @@ -615,6 +638,8 @@ EnablePageTableProtection (
>>
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB base address.
>> + @param[in] GhcbSize GHCB size.
>>
>> @return The address of 4 level page map.
>>
>> @@ -622,7 +647,9 @@ EnablePageTableProtection (
>> UINTN
>> CreateIdentityMappingPageTables (
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> UINT32 RegEax;
>> @@ -734,8 +761,8 @@ CreateIdentityMappingPageTables (
>> PageDirectory1GEntry = (VOID *) PageDirectoryPointerEntry;
>>
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += SIZE_1GB) {
>> - if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize)) {
>> - Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, StackBase, StackSize);
>> + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize, GhcbBase, GhcbSize)) {
>> + Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, StackBase, StackSize, GhcbBase, GhcbSize);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> @@ -763,11 +790,11 @@ CreateIdentityMappingPageTables (
>> PageDirectoryPointerEntry->Bits.Present = 1;
>>
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += SIZE_2MB) {
>> - if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize)) {
>> + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) {
>> //
>> // Need to split this 2M page that covers NULL or stack range.
>> //
>> - Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize);
>> + Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
>> index 9c1d68e017fe..1dce01dd7546 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
>> @@ -109,7 +109,6 @@ MemEncryptSevIsEnabled (
>> return mSevStatus;
>> }
>>
>> -
>> /**
>> Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
>> Save State Map.
>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
>> index 5e110c84ff81..3a4f223f8a86 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
>> @@ -183,6 +183,8 @@ AllocatePageTableMemory (
>> @param[in, out] PageEntry2M Pointer to 2M page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> STATIC
>> @@ -191,7 +193,9 @@ Split2MPageTo4K (
>> IN PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry2M,
>> IN PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> PHYSICAL_ADDRESS PhysicalAddress4K;
>> @@ -217,7 +221,12 @@ Split2MPageTo4K (
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + if (!GhcbBase
>> + || (PhysicalAddress4K < GhcbBase)
>> + || (PhysicalAddress4K >= GhcbBase + GhcbSize)) {
>> + PageTableEntry->Uint64 |= AddressEncMask;
>> + }
>> PageTableEntry->Bits.ReadWrite = 1;
>> PageTableEntry->Bits.Present = 1;
>> if ((PhysicalAddress4K >= StackBase) &&
>> @@ -417,6 +426,8 @@ EnablePageTableProtection (
>> @param[in, out] PageEntry1G Pointer to 1G page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> STATIC
>> @@ -425,7 +436,9 @@ Split1GPageTo2M (
>> IN PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry1G,
>> IN PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> PHYSICAL_ADDRESS PhysicalAddress2M;
>> @@ -450,8 +463,10 @@ Split1GPageTo2M (
>> (IndexOfPageDirectoryEntries++,
>> PageDirectoryEntry++,
>> PhysicalAddress2M += SIZE_2MB)) {
>> - if ((PhysicalAddress2M < StackBase + StackSize) &&
>> - ((PhysicalAddress2M + SIZE_2MB) > StackBase)) {
>> + if (((PhysicalAddress2M < StackBase + StackSize) &&
>> + ((PhysicalAddress2M + SIZE_2MB) > StackBase)) ||
>> + ((PhysicalAddress2M < GhcbBase + GhcbSize) &&
>> + ((PhysicalAddress2M + SIZE_2MB) > GhcbBase))) {
>> //
>> // Need to split this 2M page that covers stack range.
>> //
>> @@ -459,7 +474,9 @@ Split1GPageTo2M (
>> PhysicalAddress2M,
>> (UINT64 *)PageDirectoryEntry,
>> StackBase,
>> - StackSize
>> + StackSize,
>> + GhcbBase,
>> + GhcbSize
>> );
>> } else {
>> //
>> @@ -714,6 +731,8 @@ SetMemoryEncDec (
>> (UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30,
>> (UINT64 *)PageDirectory1GEntry,
>> 0,
>> + 0,
>> + 0,
>> 0
>> );
>> continue;
>> @@ -768,6 +787,8 @@ SetMemoryEncDec (
>> (UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21,
>> (UINT64 *)PageDirectory2MEntry,
>> 0,
>> + 0,
>> + 0,
>> 0
>> );
>> continue;
>> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
>> index 2ae8126ccf8a..84896d4681f9 100644
>> --- a/OvmfPkg/PlatformPei/AmdSev.c
>> +++ b/OvmfPkg/PlatformPei/AmdSev.c
>> @@ -16,9 +16,68 @@
>> #include <PiPei.h>
>> #include <Register/Amd/Cpuid.h>
>> #include <Register/Cpuid.h>
>> +#include <Register/Amd/Msr.h>
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/MemoryAllocationLib.h>
>>
>> #include "Platform.h"
>>
>> +/**
>> +
>> + Initialize SEV-ES support if running an SEV-ES guest.
>> +
>> + **/
>> +STATIC
>> +VOID
>> +AmdSevEsInitialize (
>> + VOID
>> + )
>> +{
>> + VOID *GhcbBase;
>> + PHYSICAL_ADDRESS GhcbBasePa;
>> + UINTN GhcbPageCount;
>> + RETURN_STATUS DecryptStatus, PcdStatus;
>> +
>> + if (!MemEncryptSevEsIsEnabled ()) {
>> + return;
>> + }
>> +
>> + GhcbPageCount = mMaxCpuCount;
>> +
>> + //
>> + // Allocate GHCB pages.
>> + //
>> + GhcbBase = AllocatePages (GhcbPageCount);
>> + ASSERT (GhcbBase);
>> +
>> + GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN) GhcbBase;
>> +
>> + DecryptStatus = MemEncryptSevClearPageEncMask (
>> + 0,
>> + GhcbBasePa,
>> + GhcbPageCount,
>> + TRUE
>> + );
>> + ASSERT_RETURN_ERROR (DecryptStatus);
>> +
>> + BuildMemoryAllocationHob (
>> + GhcbBasePa,
>> + EFI_PAGES_TO_SIZE (GhcbPageCount),
>> + EfiBootServicesData
>> + );
>> +
>> + SetMem (GhcbBase, GhcbPageCount * SIZE_4KB, 0);
>> +
>> + PcdStatus = PcdSet64S (PcdGhcbBase, (UINT64)GhcbBasePa);
>> + ASSERT_RETURN_ERROR (PcdStatus);
>> + PcdStatus = PcdSet64S (PcdGhcbSize, (UINT64)EFI_PAGES_TO_SIZE (GhcbPageCount));
>> + ASSERT_RETURN_ERROR (PcdStatus);
>> +
>> + DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting at 0x%lx\n", GhcbPageCount, GhcbBase));
>> +
>> + AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa);
>> +}
>> +
>> /**
>>
>> Function checks if SEV support is available, if present then it sets
>> @@ -89,4 +148,9 @@ AmdSevInitialize (
>> EfiBootServicesData // MemoryType
>> );
>> }
>> +
>> + //
>> + // Check and perform SEV-ES initialization if required.
>> + //
>> + AmdSevEsInitialize ();
>> }
>>
>
next prev parent reply other threads:[~2019-08-21 21:42 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 21:35 [RFC PATCH 00/28] SEV-ES guest support thomas.lendacky
2019-08-19 21:35 ` [RFC PATCH 01/28] OvmfPkg/Sec: Enable cache early to speed up booting Lendacky, Thomas
2019-08-21 14:21 ` [edk2-devel] " Laszlo Ersek
2019-08-21 21:25 ` Lendacky, Thomas
2019-08-21 21:51 ` Jordan Justen
2019-08-22 13:46 ` Laszlo Ersek
2019-08-22 20:44 ` Jordan Justen
2019-08-23 13:32 ` Laszlo Ersek
2019-08-19 21:35 ` [RFC PATCH 02/28] OvmfPkg/ResetVector: Add support for a 32-bit SEV check Lendacky, Thomas
2019-08-19 21:35 ` [RFC PATCH 03/28] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function Lendacky, Thomas
2019-08-19 21:35 ` [RFC PATCH 04/28] OvmfPkg: Create a GHCB page for use during Sec phase Lendacky, Thomas
2019-08-21 14:25 ` [edk2-devel] " Laszlo Ersek
2019-08-21 21:29 ` Lendacky, Thomas
2019-08-19 21:35 ` [RFC PATCH 05/28] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Lendacky, Thomas
2019-08-21 14:31 ` [edk2-devel] " Laszlo Ersek
2019-08-21 21:42 ` Lendacky, Thomas [this message]
2019-08-22 14:12 ` Laszlo Ersek
2019-08-22 15:24 ` Lendacky, Thomas
2019-08-23 13:26 ` Laszlo Ersek
2019-08-19 21:35 ` [RFC PATCH 06/28] OvmfPkg: A per-CPU variable area for #VC usage Lendacky, Thomas
2019-08-19 21:35 ` [RFC PATCH 07/28] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled Lendacky, Thomas
2019-08-21 15:44 ` [edk2-devel] " Laszlo Ersek
2019-08-19 21:35 ` [RFC PATCH 08/28] MdePkg/BaseLib: Implement the VMGEXIT support Lendacky, Thomas
2019-08-19 21:47 ` Ni, Ray
2019-08-19 22:25 ` Lendacky, Thomas
2019-08-19 21:35 ` [RFC PATCH 09/28] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception Lendacky, Thomas
2019-08-19 21:35 ` [RFC PATCH 10/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Sec phase Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 11/28] UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE events Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 12/28] UefiCpuPkg/CpuExceptionHandler: Support string IO " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 13/28] UefiCpuPkg/CpuExceptionHandler: Add support for CPUID " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 14/28] UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 15/28] UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE events (MMIO) Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 16/28] UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE events Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 17/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 18/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 19/28] UefiCpuPkg/CpuExceptionHandler: Add support for INVD " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 20/28] UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 21/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 22/28] UefiCpuPkg/CpuExceptionHandler: Add support for MONITOR/MONITORX " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 23/28] UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWAITX " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 24/28] UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write " Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 25/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Pei/Dxe phases Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 26/28] UefiCpuPkg/MpInitLib: Update CPU MP data with a flag to indicate if SEV-ES is active Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 27/28] UefiCpuPkg/MpInitLib: Allow AP booting under SEV-ES Lendacky, Thomas
2019-08-19 21:36 ` [RFC PATCH 28/28] UefiCpuPkg/MpInitLib: Introduce an MP finalization routine to support SEV-ES Lendacky, Thomas
2019-08-21 14:17 ` [edk2-devel] [RFC PATCH 00/28] SEV-ES guest support Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=229e74df-17b8-9bb5-7a5e-f6e7df64ca4f@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox