From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.67]) by mx.groups.io with SMTP id smtpd.web10.12527.1623160274642250252 for ; Tue, 08 Jun 2021 06:51:14 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=gP4V3gEw; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.67, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l95a92yKrOYlV1FcTO1DYlCp93xwI9dYw+A5l6aTJq1P4evcFGZc461aayBClHXJTyESXUnNG75IZaxTiv470EUoKA0899J1cqVxX3AR1ywFQXAeU8eaeul62wqMIDpbDKsPDp6olune8oxruKkWuDDXxFFYYCsQAoJ0NesWE69W+JAjnKFRM5KXc4PsYFBwUe7U46PpolXbiewTjRqJSKCiX7mLHPAajt055z5yA5agSBHuJTKObDvksQmCDDY/fWgiKG4wVJBPveEd9QjA9E/3gmiPCdoDRbpvNUpcM2Py4hn2OMhCSDtiK9Ew7BXw3iQGuKRauGCsfMxj2lr/Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sUXmJRJv+gtWCZpH0u61t79LVr/fY8OQPfNd8UfjNak=; b=b1YUfARR8d3IoNiRqXIc6QyY0wq8rhRgmotxmAsSMQUJz1OWXWBKY2ER7Vv0Mtx3E0zWMYvNCoTq+pkHkRre9clrjSpAEK8BqdzmSFFKuJ9NehmbCuwF+UpFuN2Sl0rrMYTqmkGw3uQawmhviH3hm16cciFFrY1ufH/7ZIQ3TaWEI9Au3gqY9aTSgDo/y5SC7ajNrCKsq20CGEo0eLOqfbRvGxosqO3Y5U3cnmXp/MQqMxJ8BP3H5BSChXimLK8NVvj0/l//2SBUGoTExpY9fC6dzhDxlZoWsZT28f63sXQfYZlFJNmlf+OSiAWs4war+ZLMbSGMbe2t4hsUkvIBkQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sUXmJRJv+gtWCZpH0u61t79LVr/fY8OQPfNd8UfjNak=; b=gP4V3gEwOOS3jnZY3wZK08UGgOM1OlNnWIKNvLtEWT/qnFW76hG6A6SE/rmPjZHQhlAJBEnkubMFopR8mPjyENhk2CHQezGVM4ZftIKkUThF/GeqOa5z/Oeo6Te3sipMx2mAfTbQFpDiG+xxV9Rm+0q6xFiLCqWWjQp0s/3HRfg= Authentication-Results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4510.namprd12.prod.outlook.com (2603:10b6:806:94::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Tue, 8 Jun 2021 13:51:12 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4219.021; Tue, 8 Jun 2021 13:51:12 +0000 CC: brijesh.singh@amd.com, Ard Biesheuvel Subject: Re: [edk2-devel] [PATCH RFC v3 03/22] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field To: Laszlo Ersek , devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar References: <20210526231118.12946-1-brijesh.singh@amd.com> <20210526231118.12946-4-brijesh.singh@amd.com> <75ef7f40-4a2b-5aeb-7859-d8a5cfdd7f2d@redhat.com> <3aa3454f-9fd8-c04e-618d-fcca8ffe6a3b@redhat.com> From: "Brijesh Singh" Message-ID: <2b4c1d22-4971-1b86-8b99-e21067e1f27a@amd.com> Date: Tue, 8 Jun 2021 08:51:11 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <3aa3454f-9fd8-c04e-618d-fcca8ffe6a3b@redhat.com> X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: SN4PR0501CA0137.namprd05.prod.outlook.com (2603:10b6:803:2c::15) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN4PR0501CA0137.namprd05.prod.outlook.com (2603:10b6:803:2c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.9 via Frontend Transport; Tue, 8 Jun 2021 13:51:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d4a30720-c8d8-4c9a-40d5-08d92a847a69 X-MS-TrafficTypeDiagnostic: SA0PR12MB4510: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: L+ohC0GLArbCu9yjTLBuX4XHD9UG0U80K9YKpPCc0WOh+hxikXVPyLCRXTFCRJM8Cj6sQiyjn82qIIABD7VSAfnr+6hIkfEnflPR1NAaLSwdFA35UtKKvW3+g/PwGLVqrW0lLRBgrZawjp8pTtqsWv1wK5LwMPkPIwG4jtYjgHu98IRzzcQc6pJkU1jqw27yQzNm/bEo+R/dmB54lmTdYjhFo2NGqXT0WEy33lTe3qxWxMC898/wO+JjANLy3Obp7Kg3YonnzOBc4HGz0wJ9rltCijLAug3qSog9lxIBf255CvJzDfNtTDuJiVdJK/ywzGscJbG4IIavS2TOCydo3NBfnZFPWQotVPbQ6zTjW7d3W7I4QBeCurxk+j3/BX1tufWGTkifDnuREcu4xC3h72iCAOiWfTILKoZhyq374x+PJgGSwbL0OYrYpcGfVa1NBxDMG7Jw0oKSI5e4PjcpBZ2lxIvipB6yp7Hl7DbVrqeisIOZQ24JQ+fkxwpT3V5UAKH/xR9bJozxtQPrJeDEDe2EwVAV1VynEQdh3dXysxqQC5I5pdKKtueLJ25OAqMVBranHKQ7qmHacrwJ6F6o7IWcCEsIYRdRiRqFya2jcMvm7IRiKA4X63aG4N1KBmCr3ftxC+1a2pSJTxBYfkJE8180Sh5Zx5l4xgzdZC26lLqznYtfYRed2vbYC0YVzR3iqqGHp9Sn9Omzhj15d7+pm/BmPiKsQ8fPCuiMefjapVNXMtqbxGsvTWoqK44a0Q5Panucm6aNL7hM/ZNHMKCINnONWxs+s+zmNuxtbrCLNioF6mh4728TjMxZBvy7Dh2NAXFdgQR7EqlPPMcPTh9jfOUscgzBeaWuwuo5BARF2iI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(136003)(376002)(39860400002)(66556008)(53546011)(6506007)(66946007)(110136005)(66476007)(16526019)(36756003)(83380400001)(316002)(5660300002)(38350700002)(478600001)(186003)(26005)(38100700002)(19627235002)(4326008)(6486002)(8676002)(44832011)(956004)(2616005)(966005)(6512007)(8936002)(7416002)(31686004)(86362001)(921005)(52116002)(31696002)(2906002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?2cjJiMWE901ONeOnMwyBy9VkMR89+DTzIfOMxDVjDajhTMDMiTvi1w9IG1BA?= =?us-ascii?Q?NGO+mzSPIj674276X7ZLRfcwlIx5n6i0aF7ZwyR7+W7ni959c7ng0ywNAqCj?= =?us-ascii?Q?IC9GV/V4XH2+yXZGkQknQBfIY8xnIgRUrpOZG0RiyJZa6dIdrNFqQqLFj9UL?= =?us-ascii?Q?WJ3+Bz/c6z2umSPqDVSTLloStyGeteQvTbsFwPSvb+qpVdD3y2VoXJyRHgts?= =?us-ascii?Q?aNNN87SXog9fODAknvD7xxQG5o6+yeGZ9IIQzabRDRwg2Q5tPAJfcFSzI9Gv?= =?us-ascii?Q?ayMcrNNyJSMz4fc4JG8bHwF2x9wWX/1529UXF+0VJ1P5ONXZuQ6dcC45/CC3?= =?us-ascii?Q?30ZkdozFV8jyECRihDvhlqv4+MxEWK1L0vbuq+6nhkBX2Jg3rlctocwXtNWl?= =?us-ascii?Q?e4jbzof+rgrvVziFBP2qTXVPr5ZTZztwD3sscdwvoaLo3p1oGdJI//vbh6iK?= =?us-ascii?Q?4NZlPxhS1Ey/XS42wmYDBL4s0SjDSbAvK7qGSN/Zd5xyVkyQ02RvUa7poN+g?= =?us-ascii?Q?tD2eKE8z4Uzjcnx3EXBy0ASpIkES5KSflPR4FJAiOHdSZy68AOmuwE1+GiDt?= =?us-ascii?Q?oiqOP88A6CL/a0MHg+je/OzxOvEKvir2mgQkyFk0KGCLmgpduA+x7eFnByD4?= =?us-ascii?Q?Vsa7yrBCDuAGeRE4vKzbm78DWApuE81wuKfgISeRBSN4+8I4Oc6kjeqiuj8w?= =?us-ascii?Q?WeftsnFziZH3wScF5lHYi9gm3VFxaafWHuw/axGThw1NYotrh31QLjUAVnh5?= =?us-ascii?Q?6u86fH/M3RR6JVIj4/qZ4L++7bv1kxXWjg8AxxuS3IEvK39UHcqlztu+QC2Y?= =?us-ascii?Q?D/aYLh70gEYRrXHb34e5rluHrM/+EJz2iJ4vwPk5OZEc3MRfsTaWdKz3RJSj?= =?us-ascii?Q?IJ9L/P3yzStMAXMiGvwnB/pIz0p/NesCekmE6m7Nebgx54lkVC14Kbq+Sc6N?= =?us-ascii?Q?Xg2cv9bVDel4NX1m5Am1mOohz/HPnHT8ZFHiLxRAskDOkUVKveGYxtr9Mbgl?= =?us-ascii?Q?62hgHyZOVu02vMKdrc0/wzhcRb2ys98S/xPo8dvHeC2afEAC+y3BimBIPYOj?= =?us-ascii?Q?5wlymCJccrvBZcpmmZ33fmtG2Ox+7MuGUr1blEwnVuTo+MKLm9D/Mc0uhScc?= =?us-ascii?Q?/wBA+3x29GP0YwTGQDzQYv9DUbGTD+ApWejJxC5D+omdyLSnFq3LjPWkaWcE?= =?us-ascii?Q?O930SypXbcWyB9yLxXaEWOFmqyeIdMqjYd3XZb7hQVSFbdGOgoshGbU9rG2F?= =?us-ascii?Q?W34tD+KWib9KOZ4AIrXkZwVbG1Gu9mpJZ6mRgFqllNu9d7KgFWZmjSRPQ2CW?= =?us-ascii?Q?IFo8NWyPd0zUMNUQcs/vyCAu?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4a30720-c8d8-4c9a-40d5-08d92a847a69 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2021 13:51:12.8753 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: n5G5z6gX0UONdZIn9P9YADR8x57vF0CVn6Lv+3OIuWdiDP4uaYDCbAcDl6olmL9TkNMkGI8KruSe0lISqPLCSw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4510 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US On 6/8/21 3:17 AM, Laszlo Ersek wrote: > >>> (3) Actually, no. >>> >>> This patch should be reduced to the following files only: >>> >>> - OvmfPkg/PlatformPei/AmdSev.c >>> - OvmfPkg/PlatformPei/PlatformPei.inf >>> >>> and the following changes should be dropped completely: >>> >>> - OvmfPkg/Include/Library/MemEncryptSevLib.h >>> - OvmfPkg/ResetVector/Ia32/PageTables64.asm >>> - OvmfPkg/ResetVector/ResetVector.nasmb >>> >>> Specifically, the "SEC_SEV_ES_WORK_AREA.SevSnpEnabled" field should >>> never be introduced. >>> >>> The reason is apparent only from patch #10 -- "OvmfPkg/PlatformPei: >>> register GHCB gpa for the SEV-SNP guest". >>> >>> The core idea is that in patch#10, in the SEC module, you can implement >>> SevSnpIsEnabled() by just reading MSR_SEV_STATUS, and checking the SNP >>> bit. Namely, while the SevSnpIsEnabled() call is made in >>> SevEsProtocolCheck(), i.e., before exception handling is set up in the >>> SEC module -- and so you indeed cannot call CPUID --, you don't *have* >>> to call CPUID at that call site. Where you call SevSnpIsEnabled() in >>> SevEsProtocolCheck(), you already know that SEV-ES is enabled, so it's >>> safe to just read the exact same SEV status MSR that the SEV-ES status >>> comes from in the first place, without any CPUID safety check. >> We must check the SNP Enabled inside the assembly code for the page >> invalidate functions, and I decided to cache the value. A similar >> SNP-enabled check is required in SEC phase before the >> ProcessLibraryConstrctorList() is called. There are two options on how >> we can go about doing the SNP enabled check inside the SEC phase >> 1. Call the SEV_STATUS MSR after reading the >> SEC_SEV_ES_WORK_AREA.SevEnabled. As you said, we need to be sure that ES >> is enabled before calling the SEV_STATUS MSR. >> 2. SEV_STATUS MSR is read in Reset vector for the SNP enabled check >> purpose. Extend the SevEsWorkArea to cache the state. >> >> =C2=A0I chose #2 because it avoids checking for ES enabled before checki= ng >> the SNP enabled. I understand that in the current code path, SNP check >> is called inside the SevEsProtocolCheck() -- ES is already enabled, and >> its safe to call SEV_STATUS MSR. What if we need to check for the SNP >> state outside the ES-specific code block in the future? Then we will >> need to extend the SevEsWorkArea. > What would be the reason for this, ever? One reason I can think of is if we ever decided validate the pages before the SevEsProtocolCheck(). The version 2 of GHCB spec adds few new NAE's that are SNP specific such as Page State Change. They are not applicable to the ES guests. Currently, we do the page validation much later and by then ProcessorConstructList() is called. Anyway, this is not an important thing to consider right now. As I said, I will drop the extending workarea to cache the SNP enable and Hypervisor feature values. > > I think this ties in with another point (or question) I raised > elsewhere: the assembly code in the reset vector suggests *anyway* that > SNP is only available if ES is available, but I couldn't verify that > from any specs. If this dependency is an architectural fact (that is, if > ES is absent, then SNP may never be present), then I wouldn't like to > introduce a separate field for SNP presence in the SEC_SEV_ES_WORK_AREA > structure. The SEV-SNP builds upon existing SEV and SEV-ES support and provides an additional protection from the hypervisor. The SEV-SNP feature requires both the SEV and SEV-ES must be enabled. There is some text about it in APM volume 2 [1] chapter=C2=A0 15.36. [1] https://www.amd.com/system/files/TechDocs/24593.pdf thanks