From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web10.8339.1602753947035469143 for ; Thu, 15 Oct 2020 02:25:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Drblf769; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602753946; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B1zstxrRzHf6ceKSMFS/TV8FGcBfwxYsRg+Vf+kknOY=; b=Drblf769GS04zqklIUT8K2C3dDo8XeV+xYdu2B940DtgSbJLv47K3uOSrU1RdLXKSsQf4F N+njAB7B0sXnGIsSwvMgGE/zMUqmvMJP4DuKaLMfG2Yjd6OB05oikZ5OI0Ltl6OXuaLZvS BERfXfnEMMB9ykdSroH8MOueYx8JiDE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-495-DT2MH2r2NpiEegb2oN2udQ-1; Thu, 15 Oct 2020 05:25:44 -0400 X-MC-Unique: DT2MH2r2NpiEegb2oN2udQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 308D857053; Thu, 15 Oct 2020 09:25:43 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-119.ams2.redhat.com [10.36.113.119]) by smtp.corp.redhat.com (Postfix) with ESMTP id BCED15C1BD; Thu, 15 Oct 2020 09:25:41 +0000 (UTC) Subject: Re: [PATCH 6/9] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Set the SwScratch valid bit To: Tom Lendacky , devel@edk2.groups.io Cc: Brijesh Singh , Jordan Justen , Ard Biesheuvel References: From: "Laszlo Ersek" Message-ID: <260a19c6-e1f4-14e9-2ecd-8188d2fe596a@redhat.com> Date: Thu, 15 Oct 2020 11:25:40 +0200 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 10/10/20 18:07, Tom Lendacky wrote: > From: Tom Lendacky > > All fields that are set in the GHCB should have their associated bit in > the GHCB ValidBitmap field set. Add support to set the bit for the scratch > area field (SwScratch). > > Fixes: 437eb3f7a8db ("OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with SEV-ES") > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > index 565383ee26d2..5d5a117c48e0 100644 > --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > @@ -52,10 +52,15 @@ QemuFlashPtrWrite ( > if (MemEncryptSevEsIsEnabled ()) { > MSR_SEV_ES_GHCB_REGISTER Msr; > GHCB *Ghcb; > + UINT32 ScratchIndex; > + UINT32 ScratchBit; > > Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB); > Ghcb = Msr.Ghcb; > > + ScratchIndex = GhcbSwScratch / 8; > + ScratchBit = GhcbSwScratch & 0x07; > + > // > // Writing to flash is emulated by the hypervisor through the use of write > // protection. This won't work for an SEV-ES guest because the write won't > @@ -66,6 +71,7 @@ QemuFlashPtrWrite ( > VmgInit (Ghcb); > Ghcb->SharedBuffer[0] = Value; > Ghcb->SaveArea.SwScratch = (UINT64) (UINTN) Ghcb->SharedBuffer; > + Ghcb->SaveArea.ValidBitmap[ScratchIndex] |= (1 << ScratchBit); > VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, (UINT64) (UINTN) Ptr, 1); > VmgDone (Ghcb); > } else { > Makes sense, but please reimplement this with the new (proposed) VmgSetOffsetValid() library function. Thanks Laszlo