From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.77]) by mx.groups.io with SMTP id smtpd.web10.53273.1670873387878770340 for ; Mon, 12 Dec 2022 11:29:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=5RljadKh; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.77, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NXnehC4zDjKVfm7DWIaTiFn2C1Cn89Wa3hJCRPYJT3z285XESx213MEzRTp/KqZqyXAnp8sb2jctvmFBn8nqJm5NCzCRqraBLi3Pk4t9bSR8/5rfhP4W0uoUPBCBvBiygadPTWMuOwK5CBFlmuc85krLfElk5kFSKAIs+NRjlsHdIapelORG/vQnNzOqGBeMU4rYck4dOC9Ik4HcxiYgAOosAxsbsNKX49weBXWaZmq2Ra91by++ey/5YjHtaNcBZ4dxveusK+eSz9CIPoIm9PghV5f1kSdBICltYF/xXVvRlpka0Cq+t+OIEf4yqQbmoI6Xl/iC+J6ZHJKu14Sjag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Sx7VwvayDr80kZ51Dv3/UNCVShpl5wfzxfPafoRlZno=; b=VE45U4Jtgdzu2wuNqrL8fsulLvAMKdKhOCrun/uifyN00UhESVp4VZ1d0QmYbZtOdOIz1AlXdA6gTgszdQStHwhgFuP7AeCk28CUQTAmZyDht3RxhF5InPM4IGalVyXgyiK1h8mBR1chXhZTTPqJyKvu+3PqIhHa2tukumNvHPf5ojIuOMaFSlyYV3wtg43i83eiSQe44fUWjN6GgecGRqUMc/cetkXznD0fJyz4PKHzM8Hgl73jWm4WWZcGz2sc5YCTQKNaK2qQskcDP0dYm+z+u2x3ggPF2TLLceYyavssmTaziGjNKIfJB2eipt/XANTzWWDK+IGkGK1MhAO1ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Sx7VwvayDr80kZ51Dv3/UNCVShpl5wfzxfPafoRlZno=; b=5RljadKhA0L90vRDhPiGqJuJWNYcRG8AQ5dU3xxbr/P8RFq+qwbpZGApWit55Q9tyCn5s6xFhyQwqDzKYJ2NmcjhpAW43dyDpmSv/BwXyNQ4uDUbToy4n/BZYDrZ+Ayjsc134FYyJso9WFzE7s6jqJ37fSLeki2UGlxYFBpYLYo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM4PR12MB5747.namprd12.prod.outlook.com (2603:10b6:8:5e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.19; Mon, 12 Dec 2022 19:29:45 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7%4]) with mapi id 15.20.5880.019; Mon, 12 Dec 2022 19:29:45 +0000 Message-ID: <26702644-9685-e7ab-6e0e-dfd66ddd07e1@amd.com> Date: Mon, 12 Dec 2022 13:29:43 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH v3] OvmfPkg/PlatformPei: Validate SEC's GHCB page To: Adam Dunlap , devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Brijesh Singh , Erdem Aktas , James Bottomley , Min Xu , Dionna Glaze References: From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: CH2PR07CA0048.namprd07.prod.outlook.com (2603:10b6:610:5b::22) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|DM4PR12MB5747:EE_ X-MS-Office365-Filtering-Correlation-Id: 4508e5d9-6054-4996-d8f2-08dadc7739ad X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LWmaTVsAV6TGsQdDNmZB2eDLaUgFqNkx5RetNQbyh1Y0osnq1GpAWhZIHyOPBtsMx+FsCULs9n88xyht1bNHOfaFBlAphPfx1mi+8gava3p5qkOZw6CKoulWyfVb0JI92hmIxOgciOzpkRUnQIHwMzzW1rdRiu7gQfXiKznOWX/oFqZUADKxUEa+BK4oZXSJdWKbtrESSc7Kq/bzdSCFiWNk51pfT/d78gNH3KDSVOiHJZSltAgolD3vk4I5XZY3d7sMY1Q8SsFH7v6qzuNjlAuN5UXhPqiXU+T3F5WZRNOgZbVq+BDiaivxw20l3oj1RFFaAfVEBnT+4feUVMFLCyiL62eVHsVHMuwyXgWt79aVrr92qTPeaGslhWnqCQUiYH308q6fYSjN+ERByAuepjjdJcFTCX15gfG4MI/PourBRl8EhjsVcMXlXJCeu+MHb3/28rUb9nypgCR7huCLfnwpHo8ruHC/ehseA9j1J+uhTy08jBYqwhUU1VSlnIVkBqcdL/VakO0dA7MYlel565fM8bCBp8IUcMLVtugg9YBuUHSlxt5a6nHMlol2Z+7x4Cajw4qz7biefgTH6u626cGUMn4/PgCZTo6ERpsmgeu9zsXmKWrqOMU5a0pd02s3WejGoNEsB8g2l3552UFSKE86De61JzunPFAHnbJbfR002QZ22pHZQaOF03FjJcdRow2ybH8SakMl7IJlH60oXtM1E9mholB5FMA48Hwhkr4= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(136003)(346002)(376002)(396003)(366004)(39860400002)(451199015)(38100700002)(478600001)(86362001)(6486002)(316002)(54906003)(5660300002)(2906002)(6512007)(8936002)(15650500001)(66476007)(66946007)(41300700001)(83380400001)(7416002)(4326008)(8676002)(66556008)(2616005)(53546011)(6506007)(31696002)(186003)(26005)(31686004)(36756003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WVRGWXRDb2JCcTAvRjFaT3hSWlFjZjdIeHJDZUtYMGE2WmdoU2diUE5WVnRZ?= =?utf-8?B?Uk54TjBTajhyanJPMkFOSzZKNlBURUVwVUQ3WXNBejQ5Z09vcFFzZVZ3bFdo?= =?utf-8?B?dlVvMVNnWkwydC83Tk5tOTMyemRRaCtNSVE0QzREL2Q3cFNQbWFha2djbm9Q?= =?utf-8?B?K1l6L1NKSmtnaGtyZ1lkNGtsWnlDVW1yRWZQR0d6NnE2dFhUWUpRNVM2Q3NZ?= =?utf-8?B?Q1VIeUpLTy9oRGF1OTBGdXI0MnVwZzlFQkVGektCOWxoaVFSWElHZnptQ1BZ?= =?utf-8?B?NEZIS3Z3MVBwSDN5ZWt0MHBrQUxlS2h4Z1ZPekovbVZCN1BQUmFnKzBuc1Mw?= =?utf-8?B?dU1PYXlPMlpKTnJkSjNtWUY2RmtNamVJUUtyQmYvbmJlY1IyMUVsNHBONVRk?= =?utf-8?B?SkxrejNQUVdCT2pQSDVSRFd4ZkRDeUNaRGcyQS9ZZHB4TEZnU0hBOWdCQVp5?= =?utf-8?B?aEJCTjVqS2dRMzdOZENNQXRCbEZTeGtwRmVwOWhSNXdxK1hYdytLZGZSc2s2?= =?utf-8?B?RjlXcWVLZHJFRGRkTmtBSU05RTFrY3ErWUVjcUlyQ1ZFNnNKODZ6RmluSkN3?= =?utf-8?B?bCszeDdmbXdCMzBpcVB4Qnd3cklMVm53QnF5Z1RsYkV2VnpmME9BdUxkWmlt?= =?utf-8?B?QUcwQVBjQTZ5WW5YenIxTGhFa3pyN3F6d2l2dUdLUGJidnB2T09YSEZNaCtO?= =?utf-8?B?U2JiTHpUL0tuR1VwYkl4QWhvZityNTNkakdKODRiVXlEVWhnQUxmbElkeFZt?= =?utf-8?B?ejRsY2ZidjUrTnMxejhzVHBtVmZWZm1FNHNKMm5GRXNvKytlZnBpZlZ6ckg2?= =?utf-8?B?dkoydHJhQ2JqQUhWc3lDdDd0YnpEdHZIRU9sL09ybWhKZmZxcnJZc2k3VUYw?= =?utf-8?B?TkNZM0ZNNHZSUWVYR21wRUU1TndDZEttVWc5VmFHbHZPSkVUMzg0N0ZWdmxz?= =?utf-8?B?Y1JmU1ZxYjhiOElPdWliRWRPN1Zydm04VUJMQ2ZvbU5IN2lLRjdhcHdWNk9m?= =?utf-8?B?TEx1YTEzMldIWVlUcEhjbkVJaU12T3pkZmUrTk9yNTUzU2pWdUswWGlZYi9y?= =?utf-8?B?UWpVQnprc1VPS2tNeERxdEIydVI4Tmp5cnFIY3hEQTR0WHU3dUpwa3dCL3Ar?= =?utf-8?B?U3ZQOHFmYUM3T0JqU0RTQW9RM1RveDQ5b0NWTnNJdS8xbFZUbFpRSmhoa2lY?= =?utf-8?B?NUNyTVVJamlNU1RqQlRJVHh2bXp2SDZFdHB3S1JVbkZCUzVCRXc3ZkppamRX?= =?utf-8?B?RFpwa25XeVpGSFpQUUszT3pmUU9mclNBOGVidjYzN0svOFV4aXlhQUxXU01Z?= =?utf-8?B?SFhHYkpJbHFQcFJ6ZUNEUVcxK1VvbUtOVUozeCtWZVFDUTVsSVhGZi95MDh5?= =?utf-8?B?STZlOUFIWTFGTUVJb1VyTEtNU3FhejREeWJ0dGdTcXlTWUNYK05lMzdadWZt?= =?utf-8?B?NFhIUVlhWWRSbG1xc0ZrTlY4MmZjaXpZVkdoY3ZOUHBFSGFONElZWnJCb2h1?= =?utf-8?B?V1FHWUpNYTAydzI5TUFnSENQY0JDMVc4bEY4cDFTeTZZcGpzZTFIaHNZVFVv?= =?utf-8?B?aGxKVUNFYWIrZGdTcHF3OFd0QytiRFdVempkby9YWHZpUU1weHh6ZjBkMXBn?= =?utf-8?B?UnFuTWVCVDJEY3hOMThaZ3R2OFZIVFVBd2tCd1plU1FMZFVybWJCQnAwSlh4?= =?utf-8?B?RE5VbGJEakZOS1JMYXdLL2JwUnh3MDFVRk9ENjF5MFRIbUJVdEJkWE1IUzNx?= =?utf-8?B?TmdpTTNvNEFYblFuc2tvVDlwTDloTDJtdGZWQzZ0MWNMVXFoVDFsVTFHcVdL?= =?utf-8?B?Uzk0MWI4WUFvWWtNbEdpb0ZuMTY5TWZQUWI0RW53RTVzUFJTVWFJdVFxK3Zr?= =?utf-8?B?OTVjcUJURFJ0UXdDNFlCQXc3WVhLTmdtV0JKVkNXK2xFeWVHOCtrbXVDby9w?= =?utf-8?B?Z3dZajdnUEZIbmM0d1VscGUyUlE2aGk2NlB5c3VQU3RzWnBLLzJGdFNmbmQ5?= =?utf-8?B?SUhianE5TDdXSDFTYUdLOFNkZzUvOUNoRWR1eGl6WXE3VHJHZVR5OWw4djJo?= =?utf-8?B?dDNxN1pKS3RSNkx0VVJoUWtROTN5QkhnOHU5V1VzQU9uVzU0aFlpMEQvaWNO?= =?utf-8?Q?gqU78PUzfSZfdC43W8aZTOdC1?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4508e5d9-6054-4996-d8f2-08dadc7739ad X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2022 19:29:45.4666 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 05uDrXl97vvA2VNnkttX3tH11au4dr9X7BJt0rmkn7vDyeWK6MwHrl+WZpc57Dk4OWtyl0G5/l1Y21pPLBi/SQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5747 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/9/22 15:04, Adam Dunlap wrote: > When running under SEV-ES, a page of shared memory is allocated for the > GHCB during the SEC phase at address 0x809000. This page of memory is > eventually passed to the OS as EfiConventionalMemory. When running > SEV-SNP, this page is not PVALIDATE'd in the RMP table, meaning that if > the guest OS tries to access the page, it will think that the host has > voilated the security guarantees and will likely crash. > > This patch validates this page immediately after EDK2 switches to using > the GHCB page allocated for the PEI phase. > > This was tested by writing a UEFI application that reads to and writes > from one byte of each page of memory and checks to see if a #VC > exception is generated indicating that the page was not validated. > > Fixes: 6995a1b79bab ("OvmfPkg: Create a GHCB page for use during Sec phase") > > Signed-off-by: Adam Dunlap Reviewed-by: Tom Lendacky > --- > > Removed the PcdStatus variable and just use Status for all statuses in > this function. Use uncrustify to fix some formatting errors. > > OvmfPkg/PlatformPei/AmdSev.c | 40 ++++++++++++++++++++++++------------ > 1 file changed, 27 insertions(+), 13 deletions(-) > > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index e1b9fd9b7f..b2f2f3ac26 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -212,7 +212,7 @@ AmdSevEsInitialize ( > UINTN GhcbBackupPageCount; > SEV_ES_PER_CPU_DATA *SevEsData; > UINTN PageCount; > - RETURN_STATUS PcdStatus, DecryptStatus; > + RETURN_STATUS Status; > IA32_DESCRIPTOR Gdtr; > VOID *Gdt; > > @@ -220,8 +220,8 @@ AmdSevEsInitialize ( > return; > } > > - PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); > - ASSERT_RETURN_ERROR (PcdStatus); > + Status = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); > + ASSERT_RETURN_ERROR (Status); > > // > // Allocate GHCB and per-CPU variable pages. > @@ -240,20 +240,20 @@ AmdSevEsInitialize ( > // only clear the encryption mask for the GHCB pages. > // > for (PageCount = 0; PageCount < GhcbPageCount; PageCount += 2) { > - DecryptStatus = MemEncryptSevClearPageEncMask ( > - 0, > - GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount), > - 1 > - ); > - ASSERT_RETURN_ERROR (DecryptStatus); > + Status = MemEncryptSevClearPageEncMask ( > + 0, > + GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount), > + 1 > + ); > + ASSERT_RETURN_ERROR (Status); > } > > ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount)); > > - PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa); > - ASSERT_RETURN_ERROR (PcdStatus); > - PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount)); > - ASSERT_RETURN_ERROR (PcdStatus); > + Status = PcdSet64S (PcdGhcbBase, GhcbBasePa); > + ASSERT_RETURN_ERROR (Status); > + Status = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount)); > + ASSERT_RETURN_ERROR (Status); > > DEBUG (( > DEBUG_INFO, > @@ -295,6 +295,20 @@ AmdSevEsInitialize ( > > AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); > > + // > + // Now that the PEI GHCB is set up, the SEC GHCB page is no longer necessary > + // to keep shared. Later, it is exposed to the OS as EfiConventionalMemory, so > + // it needs to be marked private. The size of the region is hardcoded in > + // OvmfPkg/ResetVector/ResetVector.nasmb in the definition of > + // SNP_SEC_MEM_BASE_DESC_2. > + // > + Status = MemEncryptSevSetPageEncMask ( > + 0, // Cr3 -- use system Cr3 > + FixedPcdGet32 (PcdOvmfSecGhcbBase), // BaseAddress > + 1 // NumPages > + ); > + ASSERT_RETURN_ERROR (Status); > + > // > // The SEV support will clear the C-bit from non-RAM areas. The early GDT > // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT