[edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM

[edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
confidential VM (CVM) rather than trust such services from the hypervisor.

Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
certain SNP related operations that require that VMPL level. Specifically,
the PVALIDATE instruction and the RMPADJUST instruction when setting the
the VMSA attribute of a page (used when starting APs).

If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
use an SVSM (which is running at VMPL0) to perform the operations that
it is no longer able to perform.

When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
it will be starting. As a result, the GHCB APIC ID retrieval action must
be performed. Since this service can also work with SEV-SNP running at
VMPL0, the patches to make use of this feature are near the beginning of
the series.

How OVMF interacts with and uses the SVSM is documented in the SVSM
specification [1] and the GHCB specification [2].

This support creates a new CcSvsmLib library that is used by MpInitLib.
This requires an update to the edk2-platform DSC files to add the new
library. The edk2-platform change would be needed after patch 12, but
before patch 15.

This series introduces support to run OVMF under an SVSM. It consists
of:
  - Retrieving the list of vCPU APIC IDs and starting up all APs without
    performing a broadcast SIPI
  - Reorganizing the page state change support to not directly use the
    GHCB buffer since an SVSM will use the calling area buffer, instead
  - Detecting the presence of an SVSM
  - When not running at VMPL0, invoking the SVSM for page validation and
    VMSA page creation/deletion
  - Detecting and allowing OVMF to run in a VMPL other than 0 when an
    SVSM is present

The series is based off of commit:

  2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first before lock cmpxchg")

[1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
[2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf

---

Changes in v2:
- Move the APIC IDs retrieval support to the beginning of the patch series
    - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
- Split up Page State Change reorganization into multiple patches
- Created CcSvsmLib library instead of extending CcExitLib
    - This will require a corresponding update to edk2-platform DSC files
    - Removed Ray Ni's Acked-by since it is not a minor change
- Variable name changes and other misc changes

Tom Lendacky (23):
  OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
  MdePkg: GHCB APIC ID retrieval support definitions
  OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
  UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
  OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
  OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
    Change
  MdePkg: Avoid hardcoded value for number of Page State Change entries
  OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
  OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
  MdePkg/Register/Amd: Define the SVSM related information
  MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
  UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM
  UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library
  Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services
  UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA
  OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate
    pages
  OvmfPkg: Create a calling area used to communicate with the SVSM
  OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
  OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
  OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls
  UefiCpuPkg/MpInitLib: AP creation support under an SVSM
  Ovmfpkg/CcExitLib: Provide SVSM discovery support
  OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
    VMPL0

 MdePkg/MdePkg.dec                                                     |   5 +-
 OvmfPkg/OvmfPkg.dec                                                   |   4 +
 UefiCpuPkg/UefiCpuPkg.dec                                             |   5 +-
 OvmfPkg/AmdSev/AmdSevX64.dsc                                          |   1 +
 OvmfPkg/Bhyve/BhyveX64.dsc                                            |   1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc                                        |   1 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc                                      |   1 +
 OvmfPkg/Microvm/MicrovmX64.dsc                                        |   1 +
 OvmfPkg/OvmfPkgIa32.dsc                                               |   1 +
 OvmfPkg/OvmfPkgIa32X64.dsc                                            |   3 +-
 OvmfPkg/OvmfPkgX64.dsc                                                |   1 +
 OvmfPkg/OvmfXen.dsc                                                   |   1 +
 UefiCpuPkg/UefiCpuPkg.dsc                                             |   4 +-
 UefiPayloadPkg/UefiPayloadPkg.dsc                                     |   1 +
 OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
 OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
 MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf          |   3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf          |   3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf          |   3 +-
 OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   3 +-
 OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   3 +-
 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf                               |  38 ++
 OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
 OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf                    |  27 ++
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   2 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   2 +
 MdePkg/Include/Library/BaseLib.h                                      |  39 ++
 MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
 MdePkg/Include/Register/Amd/Ghcb.h                                    |  23 +-
 MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
 MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
 MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
 OvmfPkg/Include/WorkArea.h                                            |   9 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   6 +-
 UefiCpuPkg/Include/Library/CcSvsmLib.h                                | 101 ++++
 UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  29 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |  11 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  27 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |  22 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |  31 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 206 ++++----
 OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c                                 | 500 ++++++++++++++++++++
 OvmfPkg/PlatformPei/AmdSev.c                                          | 102 +++-
 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c                      | 108 +++++
 UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  21 +-
 UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   9 +-
 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 134 ++++--
 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
 OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
 OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |  11 +-
 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni                    |  13 +
 55 files changed, 1628 insertions(+), 233 deletions(-)
 create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
 create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
 create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
 create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
 create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h
 create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
 create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
 create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
 create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
 create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni

-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115835): https://edk2.groups.io/g/devel/message/115835
Mute This Topic: https://groups.io/mt/104512925/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 01/23] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
the return value is checked with EFI_ERROR() when it should just be
compared to 0. Fix the error check.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index 7797febb8ac6..be43a44e4e1d 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -2,7 +2,7 @@
 
   SEV-SNP Page Validation functions.
 
-  Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -31,8 +31,8 @@ SevSnpIsVmpl0 (
   VOID
   )
 {
-  UINT64      Rdx;
-  EFI_STATUS  Status;
+  UINT64  Rdx;
+  UINT32  Status;
 
   //
   // There is no straightforward way to query the current VMPL level.
@@ -44,7 +44,7 @@ SevSnpIsVmpl0 (
   Rdx = 1;
 
   Status = AsmRmpAdjust ((UINT64)gVmpl0Data, 0, Rdx);
-  if (EFI_ERROR (Status)) {
+  if (Status != 0) {
     return FALSE;
   }
 
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115836): https://edk2.groups.io/g/devel/message/115836
Mute This Topic: https://groups.io/mt/104512928/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 02/23] MdePkg: GHCB APIC ID retrieval support definitions

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

When an SVSM is present, starting the APs requires knowledge of the APIC
IDs. Create the definitions required to retrieve and hold the APIC ID
information of all the vCPUs present in the guest.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 MdePkg/MdePkg.dec                  |  5 ++++-
 MdePkg/Include/Register/Amd/Ghcb.h | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 0459418906f8..7d3f54a46f54 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -9,7 +9,7 @@
 # (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP<BR>
 # Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR>
 # Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
 # Copyright (c) 2023, Ampere Computing LLC. All rights reserved.<BR>
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -876,6 +876,9 @@ [Guids]
   ## Include/Protocol/CcMeasurement.h
   gEfiCcFinalEventsTableGuid     = { 0xdd4a4648, 0x2de7, 0x4665, { 0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46 }}
 
+  ## Include/Register/Amd/Ghcb.h
+  gEfiApicIdsGuid                = { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80, 0x1b }}
+
 [Guids.IA32, Guids.X64]
   ## Include/Guid/Cper.h
   gEfiIa32X64ErrorTypeCacheCheckGuid = { 0xA55701F5, 0xE3EF, 0x43de, { 0xAC, 0x72, 0x24, 0x9B, 0x57, 0x3F, 0xAD, 0x2C }}
diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/Amd/Ghcb.h
index dab396f3ede8..432d67e3e223 100644
--- a/MdePkg/Include/Register/Amd/Ghcb.h
+++ b/MdePkg/Include/Register/Amd/Ghcb.h
@@ -4,7 +4,7 @@
   Provides data types allowing an SEV-ES guest to interact with the hypervisor
   using the GHCB protocol.
 
-  Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+  Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
   @par Specification Reference:
@@ -56,6 +56,7 @@
 #define SVM_EXIT_AP_JUMP_TABLE          0x80000005ULL
 #define SVM_EXIT_SNP_PAGE_STATE_CHANGE  0x80000010ULL
 #define SVM_EXIT_SNP_AP_CREATION        0x80000013ULL
+#define SVM_EXIT_GET_APIC_IDS           0x80000017ULL
 #define SVM_EXIT_HYPERVISOR_FEATURES    0x8000FFFDULL
 #define SVM_EXIT_UNSUPPORTED            0x8000FFFFULL
 
@@ -170,6 +171,7 @@ typedef union {
 #define GHCB_HV_FEATURES_SNP_AP_CREATE                   (GHCB_HV_FEATURES_SNP | BIT1)
 #define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION        (GHCB_HV_FEATURES_SNP_AP_CREATE | BIT2)
 #define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION_TIMER  (GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION | BIT3)
+#define GHCB_HV_FEATURES_APIC_ID_LIST                    BIT4
 
 //
 // SNP Page State Change.
@@ -202,6 +204,18 @@ typedef struct {
   SNP_PAGE_STATE_ENTRY     Entry[SNP_PAGE_STATE_MAX_ENTRY];
 } SNP_PAGE_STATE_CHANGE_INFO;
 
+//
+// Get APIC IDs
+//
+#define EFI_APIC_IDS_GUID  \
+  { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80, 0x1b }}
+extern EFI_GUID  gEfiApicIdsGuid;
+
+typedef struct {
+  UINT32    NumEntries;
+  UINT32    ApicIds[];
+} GHCB_APIC_IDS;
+
 //
 // SEV-ES save area mapping structures used for SEV-SNP AP Creation.
 // Only the fields required to be set to a non-zero value are defined.
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115837): https://edk2.groups.io/g/devel/message/115837
Mute This Topic: https://groups.io/mt/104512930/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 03/23] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an SVSM.

After retrieving the APIC IDs, save the address of the APIC ID data
structure in a GUIDed HOB.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
 OvmfPkg/PlatformPei/AmdSev.c        | 91 +++++++++++++++++++-
 2 files changed, 91 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index ad52be306560..7de3b4341c2c 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -45,6 +45,7 @@ [Guids]
   gEfiMemoryTypeInformationGuid
   gFdtHobGuid
   gUefiOvmfPkgPlatformInfoGuid
+  gEfiApicIdsGuid
 
 [LibraryClasses]
   BaseLib
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index e6b602d79a05..472cf13f0faa 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -1,7 +1,7 @@
 /**@file
   Initialize Secure Encrypted Virtualization (SEV) support
 
-  Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>
+  Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -31,6 +31,87 @@ GetHypervisorFeature (
   VOID
   );
 
+/**
+  Retrieve APIC IDs from the hypervisor.
+
+**/
+STATIC
+VOID
+AmdSevSnpGetApicIds (
+  VOID
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  GHCB                      *Ghcb;
+  BOOLEAN                   InterruptState;
+  UINT64                    VmgExitStatus;
+  UINT64                    PageCount;
+  BOOLEAN                   PageCountValid;
+  VOID                      *ApicIds;
+  RETURN_STATUS             Status;
+  UINT64                    GuidData;
+
+  Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+  Ghcb                    = Msr.Ghcb;
+
+  PageCount      = 0;
+  PageCountValid = FALSE;
+
+  CcExitVmgInit (Ghcb, &InterruptState);
+  Ghcb->SaveArea.Rax = PageCount;
+  CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+  VmgExitStatus = CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0);
+  if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) {
+    PageCount      = Ghcb->SaveArea.Rax;
+    PageCountValid = TRUE;
+  }
+
+  CcExitVmgDone (Ghcb, InterruptState);
+
+  ASSERT (VmgExitStatus == 0);
+  ASSERT (PageCountValid);
+  if ((VmgExitStatus != 0) || !PageCountValid) {
+    return;
+  }
+
+  //
+  // Allocate the memory for the APIC IDs
+  //
+  ApicIds = AllocateReservedPages ((UINTN)PageCount);
+  ASSERT (ApicIds != NULL);
+
+  Status = MemEncryptSevClearPageEncMask (
+             0,
+             (UINTN)ApicIds,
+             (UINTN)PageCount
+             );
+  ASSERT_RETURN_ERROR (Status);
+
+  ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount));
+
+  PageCountValid = FALSE;
+
+  CcExitVmgInit (Ghcb, &InterruptState);
+  Ghcb->SaveArea.Rax = PageCount;
+  CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+  VmgExitStatus = CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)ApicIds, 0);
+  if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax == PageCount)) {
+    PageCountValid = TRUE;
+  }
+
+  CcExitVmgDone (Ghcb, InterruptState);
+
+  ASSERT (VmgExitStatus == 0);
+  ASSERT (PageCountValid);
+  if ((VmgExitStatus != 0) || !PageCountValid) {
+    FreePages (ApicIds, (UINTN)PageCount);
+    return;
+  }
+
+  GuidData = (UINT64)(UINTN)ApicIds;
+  BuildGuidDataHob (&gEfiApicIdsGuid, &GuidData, sizeof (GuidData));
+}
+
 /**
   Initialize SEV-SNP support if running as an SEV-SNP guest.
 
@@ -78,6 +159,14 @@ AmdSevSnpInitialize (
       }
     }
   }
+
+  //
+  // Retrieve the APIC IDs if the hypervisor supports it. These will be used
+  // to always start APs using SNP AP Create.
+  //
+  if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) == GHCB_HV_FEATURES_APIC_ID_LIST) {
+    AmdSevSnpGetApicIds ();
+  }
 }
 
 /**
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115838): https://edk2.groups.io/g/devel/message/115838
Mute This Topic: https://groups.io/mt/104512934/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 04/23] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

Currently, the first time an AP is started for an SEV-SNP guest, it relies
on the VMSA as set by the hypervisor. If the list of APIC IDs has been
retrieved, this is not necessary. Instead, use the SEV-SNP AP Create
protocol to start the AP for the first time and thereafter using the VMPL
at which the BSP is running.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/MpLib.h          | 15 +++-
 UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c    | 21 +++++-
 UefiCpuPkg/Library/MpInitLib/MpLib.c          |  9 ++-
 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c     | 78 ++++++++++++++++++--
 6 files changed, 112 insertions(+), 13 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 55e46d4a1fad..538a2146ff24 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -68,6 +68,7 @@ [Guids]
   gEfiEventExitBootServicesGuid                 ## CONSUMES  ## Event
   gEfiEventLegacyBootGuid                       ## SOMETIMES_CONSUMES  ## Event
   gEdkiiMicrocodePatchHobGuid                   ## SOMETIMES_CONSUMES  ## HOB
+  gEfiApicIdsGuid                               ## SOMETIMES_CONSUMES  ## HOB
 
 [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber            ## CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index bc3d716aa951..622baec45e2f 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -76,3 +76,4 @@ [Ppis]
 [Guids]
   gEdkiiS3SmmInitDoneGuid
   gEdkiiMicrocodePatchHobGuid
+  gEfiApicIdsGuid                        ## SOMETIMES_CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index a96a6389c17d..617f7401aea8 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -2,7 +2,7 @@
   Common header file for MP Initialize Library.
 
   Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
-  Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+  Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -911,6 +911,19 @@ SevSnpCreateAP (
   IN INTN         ProcessorNumber
   );
 
+/**
+  Determine if the SEV-SNP AP Create protocol should be used.
+
+  @param[in]  CpuMpData  Pointer to CPU MP Data
+
+  @retval     TRUE       Use SEV-SNP AP Create protocol
+  @retval     FALSE      Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+  IN  CPU_MP_DATA  *CpuMpData
+  );
+
 /**
   Get pointer to CPU MP Data structure from GUIDed HOB.
 
diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
index c83144285b68..0478e92317f1 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
@@ -2,7 +2,7 @@
 
   AMD SEV helper function.
 
-  Copyright (c) 2021, AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -68,3 +68,22 @@ SevSnpRmpAdjust (
   //
   return RETURN_UNSUPPORTED;
 }
+
+/**
+  Determine if the SEV-SNP AP Create protocol should be used.
+
+  @param[in]  CpuMpData  Pointer to CPU MP Data
+
+  @retval     TRUE       Use SEV-SNP AP Create protocol
+  @retval     FALSE      Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+  IN  CPU_MP_DATA  *CpuMpData
+  )
+{
+  //
+  // SEV-SNP is not supported on 32-bit build.
+  //
+  return FALSE;
+}
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index cdfb570e61a0..dd8d00d54a15 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -2,7 +2,7 @@
   CPU MP Initialize Library common functions.
 
   Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
-  Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+  Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -1302,9 +1302,10 @@ WakeUpAP (
       //
       // Wakeup all APs
       //   Must use the INIT-SIPI-SIPI method for initial configuration in
-      //   order to obtain the APIC ID.
+      //   order to obtain the APIC ID if not an SEV-SNP guest and the
+      //   list of APIC IDs is not available.
       //
-      if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag != ApInitConfig)) {
+      if (CanUseSevSnpCreateAP (CpuMpData)) {
         SevSnpCreateAP (CpuMpData, -1);
       } else {
         if ((CpuMpData->InitFlag == ApInitConfig) && FixedPcdGetBool (PcdFirstTimeWakeUpAPsBySipi)) {
@@ -1414,7 +1415,7 @@ WakeUpAP (
         SetSevEsJumpTable (ExchangeInfo->BufferStart);
       }
 
-      if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag != ApInitConfig)) {
+      if (CanUseSevSnpCreateAP (CpuMpData)) {
         SevSnpCreateAP (CpuMpData, (INTN)ProcessorNumber);
       } else {
         SendInitSipiSipi (
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index c9f0984f41a2..5d92c441adcd 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -2,7 +2,7 @@
 
   AMD SEV helper function.
 
-  Copyright (c) 2021, AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -268,20 +268,55 @@ SevSnpCreateAP (
   IN INTN         ProcessorNumber
   )
 {
-  CPU_INFO_IN_HOB  *CpuInfoInHob;
-  CPU_AP_DATA      *CpuData;
-  UINTN            Index;
-  UINT32           ApicId;
+  CPU_INFO_IN_HOB    *CpuInfoInHob;
+  CPU_AP_DATA        *CpuData;
+  UINTN              Index;
+  UINTN              MaxIndex;
+  UINT32             ApicId;
+  EFI_HOB_GUID_TYPE  *GuidHob;
+  GHCB_APIC_IDS      *GhcbApicIds;
 
   ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000);
 
   CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
 
   if (ProcessorNumber < 0) {
-    for (Index = 0; Index < CpuMpData->CpuCount; Index++) {
+    if (CpuMpData->InitFlag == ApInitConfig) {
+      //
+      // APs have not been started, so CpuCount is not "known" yet. Use the
+      // retrieved APIC IDs to start the APs and fill out the MpLib CPU
+      // information properly. CanUseSevSnpCreateAP() guarantees we have a
+      // HOB when InitFlag is ApInitConfig.
+      //
+      GuidHob     = GetFirstGuidHob (&gEfiApicIdsGuid);
+      GhcbApicIds = (GHCB_APIC_IDS *)(*(UINTN *)GET_GUID_HOB_DATA (GuidHob));
+      MaxIndex    = MIN (GhcbApicIds->NumEntries, PcdGet32 (PcdCpuMaxLogicalProcessorNumber));
+    } else {
+      //
+      // APs have been previously started.
+      //
+      MaxIndex = CpuMpData->CpuCount;
+    }
+
+    for (Index = 0; Index < MaxIndex; Index++) {
       if (Index != CpuMpData->BspNumber) {
         CpuData = &CpuMpData->CpuData[Index];
-        ApicId  = CpuInfoInHob[Index].ApicId,
+
+        if (CpuMpData->InitFlag == ApInitConfig) {
+          ApicId = GhcbApicIds->ApicIds[Index];
+
+          //
+          // For the first boot, use the BSP register information.
+          //
+          CopyMem (
+            &CpuData->VolatileRegisters,
+            &CpuMpData->CpuData[0].VolatileRegisters,
+            sizeof (CpuData->VolatileRegisters)
+            );
+        } else {
+          ApicId = CpuInfoInHob[Index].ApicId;
+        }
+
         SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId);
       }
     }
@@ -325,3 +360,32 @@ SevSnpRmpAdjust (
 
   return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx);
 }
+
+/**
+  Determine if the SEV-SNP AP Create protocol should be used.
+
+  @param[in]  CpuMpData  Pointer to CPU MP Data
+
+  @retval     TRUE       Use SEV-SNP AP Create protocol
+  @retval     FALSE      Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+  IN  CPU_MP_DATA  *CpuMpData
+  )
+{
+  //
+  // The AP Create protocol is used for an SEV-SNP guest if
+  //   - The initial configuration has been performed already or
+  //   - The APIC IDs GUIDed HOB is non-zero.
+  //
+  if (!CpuMpData->SevSnpIsEnabled) {
+    return FALSE;
+  }
+
+  if ((CpuMpData->InitFlag == ApInitConfig) && (GetFirstGuidHob (&gEfiApicIdsGuid) == NULL)) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115839): https://edk2.groups.io/g/devel/message/115839
Mute This Topic: https://groups.io/mt/104512938/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 05/23] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

In prep for follow-on patches, fix an area of the code that does not meet
the uncrustify coding standards.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 27 +++++++++++---------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 46c6682760d5..6a11adb06efb 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -2,7 +2,7 @@
 
   SEV-SNP Page Validation functions.
 
-  Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -78,7 +78,9 @@ PvalidateRange (
   IN  BOOLEAN                     Validate
   )
 {
-  UINTN                 RmpPageSize, Ret, i;
+  UINTN                 RmpPageSize;
+  UINTN                 Index;
+  UINTN                 Ret;
   EFI_PHYSICAL_ADDRESS  Address;
 
   for ( ; StartIndex <= EndIndex; StartIndex++) {
@@ -96,7 +98,7 @@ PvalidateRange (
     // the RMP entry is 4K and we are validating it as a 2MB.
     //
     if ((Ret == PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize == PvalidatePageSize2MB)) {
-      for (i = 0; i < PAGES_PER_LARGE_ENTRY; i++) {
+      for (Index = 0; Index < PAGES_PER_LARGE_ENTRY; Index++) {
         Ret = AsmPvalidate (PvalidatePageSize4K, Validate, Address);
         if (Ret) {
           break;
@@ -135,18 +137,19 @@ BuildPageStateBuffer (
   )
 {
   EFI_PHYSICAL_ADDRESS  NextAddress;
-  UINTN                 i, RmpPageSize;
+  UINTN                 RmpPageSize;
+  UINTN                 Index;
 
   // Clear the page state structure
   SetMem (Info, sizeof (*Info), 0);
 
-  i           = 0;
+  Index       = 0;
   NextAddress = EndAddress;
 
   //
   // Populate the page state entry structure
   //
-  while ((BaseAddress < EndAddress) && (i < SNP_PAGE_STATE_MAX_ENTRY)) {
+  while ((BaseAddress < EndAddress) && (Index < SNP_PAGE_STATE_MAX_ENTRY)) {
     //
     // Is this a 2MB aligned page? Check if we can use the Large RMP entry.
     //
@@ -160,14 +163,14 @@ BuildPageStateBuffer (
       NextAddress = BaseAddress + EFI_PAGE_SIZE;
     }
 
-    Info->Entry[i].GuestFrameNumber = BaseAddress >> EFI_PAGE_SHIFT;
-    Info->Entry[i].PageSize         = RmpPageSize;
-    Info->Entry[i].Operation        = MemoryStateToGhcbOp (State);
-    Info->Entry[i].CurrentPage      = 0;
-    Info->Header.EndEntry           = (UINT16)i;
+    Info->Entry[Index].GuestFrameNumber = BaseAddress >> EFI_PAGE_SHIFT;
+    Info->Entry[Index].PageSize         = RmpPageSize;
+    Info->Entry[Index].Operation        = MemoryStateToGhcbOp (State);
+    Info->Entry[Index].CurrentPage      = 0;
+    Info->Header.EndEntry               = (UINT16)Index;
 
     BaseAddress = NextAddress;
-    i++;
+    Index++;
   }
 
   return NextAddress;
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115840): https://edk2.groups.io/g/devel/message/115840
Mute This Topic: https://groups.io/mt/104512941/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 06/23] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

Calculate the amount of memory that can be use to build the Page State
Change data (SNP_PAGE_STATE_CHANGE_INFO) instead of using a hard-coded
size. This allows for changes to the GHCB shared buffer size without
having to make changes to the page state change code.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 6a11adb06efb..60b176ab14b8 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -133,23 +133,26 @@ BuildPageStateBuffer (
   IN EFI_PHYSICAL_ADDRESS        EndAddress,
   IN SEV_SNP_PAGE_STATE          State,
   IN BOOLEAN                     UseLargeEntry,
-  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
+  IN SNP_PAGE_STATE_CHANGE_INFO  *Info,
+  IN UINTN                       InfoSize
   )
 {
   EFI_PHYSICAL_ADDRESS  NextAddress;
   UINTN                 RmpPageSize;
   UINTN                 Index;
+  UINTN                 IndexMax;
 
   // Clear the page state structure
-  SetMem (Info, sizeof (*Info), 0);
+  SetMem (Info, InfoSize, 0);
 
   Index       = 0;
+  IndexMax    = (InfoSize - sizeof (Info->Header)) / sizeof (Info->Entry[0]);
   NextAddress = EndAddress;
 
   //
   // Populate the page state entry structure
   //
-  while ((BaseAddress < EndAddress) && (Index < SNP_PAGE_STATE_MAX_ENTRY)) {
+  while ((BaseAddress < EndAddress) && (Index < IndexMax)) {
     //
     // Is this a 2MB aligned page? Check if we can use the Large RMP entry.
     //
@@ -265,7 +268,8 @@ InternalSetPageState (
                     EndAddress,
                     State,
                     UseLargeEntry,
-                    Info
+                    Info,
+                    sizeof (Ghcb->SharedBuffer)
                     );
 
     //
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115841): https://edk2.groups.io/g/devel/message/115841
Mute This Topic: https://groups.io/mt/104512944/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 07/23] MdePkg: Avoid hardcoded value for number of Page State Change entries

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
structure maps the full GHCB shared buffer based on the shared buffer size
being 2032 bytes.

Instead of using a hardcoded value for SNP_PAGE_STATE_MAX_ENTRY, use a
build calculated value. Since the SNP_PAGE_STATE_CHANGE_INFO is used as a
mapping, eliminate the hardcoded array size so that the structure can be
used based on any size buffer.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 MdePkg/Include/Register/Amd/Ghcb.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/Amd/Ghcb.h
index 432d67e3e223..0cdc00627472 100644
--- a/MdePkg/Include/Register/Amd/Ghcb.h
+++ b/MdePkg/Include/Register/Amd/Ghcb.h
@@ -197,13 +197,14 @@ typedef struct {
   UINT32    Reserved;
 } SNP_PAGE_STATE_HEADER;
 
-#define SNP_PAGE_STATE_MAX_ENTRY  253
-
 typedef struct {
   SNP_PAGE_STATE_HEADER    Header;
-  SNP_PAGE_STATE_ENTRY     Entry[SNP_PAGE_STATE_MAX_ENTRY];
+  SNP_PAGE_STATE_ENTRY     Entry[];
 } SNP_PAGE_STATE_CHANGE_INFO;
 
+#define SNP_PAGE_STATE_MAX_ENTRY  \
+  ((sizeof (((GHCB *)0)->SharedBuffer) - sizeof (SNP_PAGE_STATE_HEADER)) / sizeof (SNP_PAGE_STATE_ENTRY))
+
 //
 // Get APIC IDs
 //
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115842): https://edk2.groups.io/g/devel/message/115842
Mute This Topic: https://groups.io/mt/104512946/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 08/23] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.

Currently, the page state change logic directly uses the GHCB shared
buffer to build the page state change structures. However, this will be
in conflict with the use of the GHCB should an SVSM call be required.

Instead, use a separate buffer (an area in the workarea during SEC and
an allocated page during PEI/DXE) to hold the page state change request
and only update the GHCB shared buffer as needed.

Since the information is copied to, and operated on, in the GHCB shared
buffer this has the added benefit of not requiring to save the start and
end entries for use when validating the memory during the page state
change sequence.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Include/WorkArea.h                                            |   9 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   6 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |  11 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  27 ++++-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |  22 +++-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |  14 ++-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 109 +++++++++++++-------
 7 files changed, 146 insertions(+), 52 deletions(-)

diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index b1c7045ce18c..e3b415db2caa 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -2,7 +2,7 @@
 
   Work Area structure definition
 
-  Copyright (c) 2021, AMD Inc.
+  Copyright (c) 2021 - 2024, AMD Inc.
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
@@ -54,6 +54,13 @@ typedef struct _SEC_SEV_ES_WORK_AREA {
   // detection in OvmfPkg/ResetVector/Ia32/AmdSev.c
   //
   UINT8     ReceivedVc;
+  UINT8     Reserved[7];
+
+  // Used by SEC to generate Page State Change requests. This should be
+  // sized less than an equal to the GHCB shared buffer area to allow a
+  // single call to the hypervisor.
+  //
+  UINT8     WorkBuffer[1024];
 } SEC_SEV_ES_WORK_AREA;
 
 //
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
index 43319cc9ed17..5d23d1828b25 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
@@ -2,7 +2,7 @@
 
   SEV-SNP Page Validation functions.
 
-  Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -24,7 +24,9 @@ InternalSetPageState (
   IN EFI_PHYSICAL_ADDRESS  BaseAddress,
   IN UINTN                 NumPages,
   IN SEV_SNP_PAGE_STATE    State,
-  IN BOOLEAN               UseLargeEntry
+  IN BOOLEAN               UseLargeEntry,
+  IN VOID                  *PscBuffer,
+  IN UINTN                 PscBufferSize
   );
 
 VOID
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
index cbcdd46f528f..2515425e467a 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
@@ -2,7 +2,7 @@
 
   SEV-SNP Page Validation functions.
 
-  Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -16,6 +16,8 @@
 #include "SnpPageStateChange.h"
 #include "VirtualMemory.h"
 
+STATIC VOID  *mPscBuffer = NULL;
+
 /**
   Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
 
@@ -52,5 +54,10 @@ MemEncryptSevSnpPreValidateSystemRam (
     }
   }
 
-  InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+  if (mPscBuffer == NULL) {
+    mPscBuffer = AllocateReservedPages (1);
+    ASSERT (mPscBuffer != NULL);
+  }
+
+  InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE, mPscBuffer, EFI_PAGE_SIZE);
 }
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index dee3fb8914ca..337a7d926b15 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -3,7 +3,7 @@
   Virtual Memory Management Services to set or clear the memory encryption bit
 
   Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
-  Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2017 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -23,6 +23,8 @@ STATIC BOOLEAN          mAddressEncMaskChecked = FALSE;
 STATIC UINT64           mAddressEncMask;
 STATIC PAGE_TABLE_POOL  *mPageTablePool = NULL;
 
+STATIC VOID  *mPscBuffer = NULL;
+
 typedef enum {
   SetCBit,
   ClearCBit
@@ -786,7 +788,19 @@ SetMemoryEncDec (
   // The InternalSetPageState() is used for setting the page state in the RMP table.
   //
   if (!Mmio && (Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) {
-    InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), SevSnpPageShared, FALSE);
+    if (mPscBuffer == NULL) {
+      mPscBuffer = AllocateReservedPages (1);
+      ASSERT (mPscBuffer != NULL);
+    }
+
+    InternalSetPageState (
+      PhysicalAddress,
+      EFI_SIZE_TO_PAGES (Length),
+      SevSnpPageShared,
+      FALSE,
+      mPscBuffer,
+      EFI_PAGE_SIZE
+      );
   }
 
   //
@@ -975,11 +989,18 @@ SetMemoryEncDec (
   // The InternalSetPageState() is used for setting the page state in the RMP table.
   //
   if ((Mode == SetCBit) && MemEncryptSevSnpIsEnabled ()) {
+    if (mPscBuffer == NULL) {
+      mPscBuffer = AllocateReservedPages (1);
+      ASSERT (mPscBuffer != NULL);
+    }
+
     InternalSetPageState (
       OrigPhysicalAddress,
       EFI_SIZE_TO_PAGES (OrigLength),
       SevSnpPagePrivate,
-      FALSE
+      FALSE,
+      mPscBuffer,
+      EFI_PAGE_SIZE
       );
   }
 
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
index 497016544482..0040700f03f3 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
@@ -2,7 +2,7 @@
 
   SEV-SNP Page Validation functions.
 
-  Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+  Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -17,6 +17,8 @@
 #include "SnpPageStateChange.h"
 #include "VirtualMemory.h"
 
+STATIC UINT8  mPscBufferPage[EFI_PAGE_SIZE];
+
 typedef struct {
   UINT64    StartAddress;
   UINT64    EndAddress;
@@ -113,7 +115,14 @@ MemEncryptSevSnpPreValidateSystemRam (
       if (BaseAddress < OverlapRange.StartAddress) {
         NumPages = EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAddress);
 
-        InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+        InternalSetPageState (
+          BaseAddress,
+          NumPages,
+          SevSnpPagePrivate,
+          TRUE,
+          mPscBufferPage,
+          sizeof (mPscBufferPage)
+          );
       }
 
       BaseAddress = OverlapRange.EndAddress;
@@ -122,7 +131,14 @@ MemEncryptSevSnpPreValidateSystemRam (
 
     // Validate the remaining pages.
     NumPages = EFI_SIZE_TO_PAGES (EndAddress - BaseAddress);
-    InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+    InternalSetPageState (
+      BaseAddress,
+      NumPages,
+      SevSnpPagePrivate,
+      TRUE,
+      mPscBufferPage,
+      sizeof (mPscBufferPage)
+      );
     BaseAddress = EndAddress;
   }
 }
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index be43a44e4e1d..ca279d77274b 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -10,6 +10,7 @@
 
 #include <Uefi/UefiBaseType.h>
 #include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
 #include <Library/MemEncryptSevLib.h>
 
 #include "SnpPageStateChange.h"
@@ -65,6 +66,8 @@ MemEncryptSevSnpPreValidateSystemRam (
   IN UINTN             NumPages
   )
 {
+  SEC_SEV_ES_WORK_AREA  *SevEsWorkArea;
+
   if (!MemEncryptSevSnpIsEnabled ()) {
     return;
   }
@@ -78,5 +81,14 @@ MemEncryptSevSnpPreValidateSystemRam (
     SnpPageStateFailureTerminate ();
   }
 
-  InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+  SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);
+
+  InternalSetPageState (
+    BaseAddress,
+    NumPages,
+    SevSnpPagePrivate,
+    TRUE,
+    SevEsWorkArea->WorkBuffer,
+    sizeof (SevEsWorkArea->WorkBuffer)
+    );
 }
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 60b176ab14b8..bcc0798d6b02 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -72,16 +72,19 @@ SnpPageStateFailureTerminate (
 STATIC
 VOID
 PvalidateRange (
-  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info,
-  IN  UINTN                       StartIndex,
-  IN  UINTN                       EndIndex,
-  IN  BOOLEAN                     Validate
+  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
   )
 {
   UINTN                 RmpPageSize;
+  UINTN                 StartIndex;
+  UINTN                 EndIndex;
   UINTN                 Index;
   UINTN                 Ret;
   EFI_PHYSICAL_ADDRESS  Address;
+  BOOLEAN               Validate;
+
+  StartIndex = Info->Header.CurrentEntry;
+  EndIndex   = Info->Header.EndEntry;
 
   for ( ; StartIndex <= EndIndex; StartIndex++) {
     //
@@ -89,6 +92,7 @@ PvalidateRange (
     //
     Address     = ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
     RmpPageSize = Info->Entry[StartIndex].PageSize;
+    Validate    = Info->Entry[StartIndex].Operation == SNP_PAGE_STATE_PRIVATE;
 
     Ret = AsmPvalidate (RmpPageSize, Validate, Address);
 
@@ -182,11 +186,29 @@ BuildPageStateBuffer (
 STATIC
 VOID
 PageStateChangeVmgExit (
-  IN GHCB                        *Ghcb,
-  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
+  IN GHCB                  *Ghcb,
+  IN SNP_PAGE_STATE_ENTRY  *Start,
+  IN UINT16                Count
   )
 {
-  EFI_STATUS  Status;
+  SNP_PAGE_STATE_CHANGE_INFO  *GhcbInfo;
+  EFI_STATUS                  Status;
+  BOOLEAN                     InterruptState;
+
+  ASSERT (Count <= SNP_PAGE_STATE_MAX_ENTRY);
+  if (Count > SNP_PAGE_STATE_MAX_ENTRY) {
+    SnpPageStateFailureTerminate ();
+  }
+
+  //
+  // Initialize the GHCB
+  //
+  CcExitVmgInit (Ghcb, &InterruptState);
+
+  GhcbInfo                      = (SNP_PAGE_STATE_CHANGE_INFO *)Ghcb->SharedBuffer;
+  GhcbInfo->Header.CurrentEntry = 0;
+  GhcbInfo->Header.EndEntry     = Count - 1;
+  CopyMem (GhcbInfo->Entry, Start, sizeof (*Start) * Count);
 
   //
   // As per the GHCB specification, the hypervisor can resume the guest before
@@ -197,7 +219,7 @@ PageStateChangeVmgExit (
   // page state was not successful, then later memory access will result
   // in the crash.
   //
-  while (Info->Header.CurrentEntry <= Info->Header.EndEntry) {
+  while (GhcbInfo->Header.CurrentEntry <= GhcbInfo->Header.EndEntry) {
     Ghcb->SaveArea.SwScratch = (UINT64)Ghcb->SharedBuffer;
     CcExitVmgSetOffsetValid (Ghcb, GhcbSwScratch);
 
@@ -211,6 +233,34 @@ PageStateChangeVmgExit (
       SnpPageStateFailureTerminate ();
     }
   }
+
+  CcExitVmgDone (Ghcb, InterruptState);
+}
+
+STATIC
+VOID
+PageStateChange (
+  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
+  )
+{
+  GHCB                      *Ghcb;
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  SNP_PAGE_STATE_HEADER     *Header;
+  UINT16                    Index;
+  UINT16                    Count;
+
+  Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+  Ghcb                    = Msr.Ghcb;
+
+  Header = &Info->Header;
+
+  for (Index = Header->CurrentEntry; Index <= Header->EndEntry;) {
+    Count = MIN (Header->EndEntry - Index + 1, SNP_PAGE_STATE_MAX_ENTRY);
+
+    PageStateChangeVmgExit (Ghcb, &Info->Entry[Index], Count);
+
+    Index += Count;
+  }
 }
 
 /**
@@ -226,18 +276,14 @@ InternalSetPageState (
   IN EFI_PHYSICAL_ADDRESS  BaseAddress,
   IN UINTN                 NumPages,
   IN SEV_SNP_PAGE_STATE    State,
-  IN BOOLEAN               UseLargeEntry
+  IN BOOLEAN               UseLargeEntry,
+  IN VOID                  *PscBuffer,
+  IN UINTN                 PscBufferSize
   )
 {
-  GHCB                        *Ghcb;
   EFI_PHYSICAL_ADDRESS        NextAddress, EndAddress;
-  MSR_SEV_ES_GHCB_REGISTER    Msr;
-  BOOLEAN                     InterruptState;
   SNP_PAGE_STATE_CHANGE_INFO  *Info;
 
-  Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
-  Ghcb                    = Msr.Ghcb;
-
   EndAddress = BaseAddress + EFI_PAGES_TO_SIZE (NumPages);
 
   DEBUG ((
@@ -251,57 +297,40 @@ InternalSetPageState (
     UseLargeEntry
     ));
 
-  while (BaseAddress < EndAddress) {
-    UINTN  CurrentEntry, EndEntry;
-
-    //
-    // Initialize the GHCB
-    //
-    CcExitVmgInit (Ghcb, &InterruptState);
+  Info = (SNP_PAGE_STATE_CHANGE_INFO *)PscBuffer;
 
+  for (NextAddress = BaseAddress; NextAddress < EndAddress;) {
     //
     // Build the page state structure
     //
-    Info        = (SNP_PAGE_STATE_CHANGE_INFO *)Ghcb->SharedBuffer;
     NextAddress = BuildPageStateBuffer (
-                    BaseAddress,
+                    NextAddress,
                     EndAddress,
                     State,
                     UseLargeEntry,
-                    Info,
-                    sizeof (Ghcb->SharedBuffer)
+                    PscBuffer,
+                    PscBufferSize
                     );
 
-    //
-    // Save the current and end entry from the page state structure. We need
-    // it later.
-    //
-    CurrentEntry = Info->Header.CurrentEntry;
-    EndEntry     = Info->Header.EndEntry;
-
     //
     // If the caller requested to change the page state to shared then
     // invalidate the pages before making the page shared in the RMP table.
     //
     if (State == SevSnpPageShared) {
-      PvalidateRange (Info, CurrentEntry, EndEntry, FALSE);
+      PvalidateRange (Info);
     }
 
     //
     // Invoke the page state change VMGEXIT.
     //
-    PageStateChangeVmgExit (Ghcb, Info);
+    PageStateChange (Info);
 
     //
     // If the caller requested to change the page state to private then
     // validate the pages after it has been added in the RMP table.
     //
     if (State == SevSnpPagePrivate) {
-      PvalidateRange (Info, CurrentEntry, EndEntry, TRUE);
+      PvalidateRange (Info);
     }
-
-    CcExitVmgDone (Ghcb, InterruptState);
-
-    BaseAddress = NextAddress;
   }
 }
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115843): https://edk2.groups.io/g/devel/message/115843
Mute This Topic: https://groups.io/mt/104512949/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 09/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

When building the Page State Change entries for a range of memory, it can
happen that multiple calls to BuildPageStateBuffer() need to be made. If
the size of the input work area passed to BuildPageStateBuffer() exceeds
the number of entries that can be passed to the hypervisor using the GHCB
shared buffer, the Page State Change VMGEXIT support will issue multiple
VMGEXITs to process all entries in the buffer.

However, it could be that the final VMGEXIT for each round of Page State
Changes is only for a small number of entries and subsequent VMGEXITs may
still be issued to handle the full range of memory requested. To maximize
the number of entries processed during the Page State Change VMGEXIT,
limit BuildPageStateBuffer() to not build entries that exceed the maximum
number of entries that can be handled in a single Page State Change
VMGEXIT.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index bcc0798d6b02..f1883239a661 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -145,6 +145,7 @@ BuildPageStateBuffer (
   UINTN                 RmpPageSize;
   UINTN                 Index;
   UINTN                 IndexMax;
+  UINTN                 PscIndexMax;
 
   // Clear the page state structure
   SetMem (Info, InfoSize, 0);
@@ -153,6 +154,16 @@ BuildPageStateBuffer (
   IndexMax    = (InfoSize - sizeof (Info->Header)) / sizeof (Info->Entry[0]);
   NextAddress = EndAddress;
 
+  //
+  // Make the use of the work area as efficient as possible relative to
+  // exiting from the guest to the hypervisor. Maximize the number of entries
+  // that can be processed per exit.
+  //
+  PscIndexMax = (IndexMax / SNP_PAGE_STATE_MAX_ENTRY) * SNP_PAGE_STATE_MAX_ENTRY;
+  if (PscIndexMax > 0) {
+    IndexMax = MIN (IndexMax, PscIndexMax);
+  }
+
   //
   // Populate the page state entry structure
   //
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115844): https://edk2.groups.io/g/devel/message/115844
Mute This Topic: https://groups.io/mt/104512950/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 10/23] MdePkg/Register/Amd: Define the SVSM related information

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The Secure VM Service Module specification defines the interfaces needed
to allow multi-VMPL level execution of an SEV-SNP guest.

Define the SVSM related structures for the SVSM Calling Area as well as
the SVSM CAA MSR. The SVSM CAA MSR is an MSR register that is reserved for
software use and will not be implemented in hardware.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 MdePkg/Include/Register/Amd/Fam17Msr.h |  19 +++-
 MdePkg/Include/Register/Amd/Msr.h      |   3 +-
 MdePkg/Include/Register/Amd/Svsm.h     | 101 ++++++++++++++++++++
 MdePkg/Include/Register/Amd/SvsmMsr.h  |  35 +++++++
 4 files changed, 156 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Register/Amd/Fam17Msr.h
index bb4e143e2456..f2d5ccb39dc7 100644
--- a/MdePkg/Include/Register/Amd/Fam17Msr.h
+++ b/MdePkg/Include/Register/Amd/Fam17Msr.h
@@ -6,7 +6,7 @@
   returned is a single 32-bit or 64-bit value, then a data structure is not
   provided for that MSR.
 
-  Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>
+  Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
   @par Specification Reference:
@@ -71,9 +71,24 @@ typedef union {
     UINT32    ErrorCode;
   } SnpPageStateChangeResponse;
 
+  struct {
+    UINT64    Function  : 12;
+    UINT64    Reserved1 : 20;
+    UINT64    Vmpl      : 8;
+    UINT64    Reserved2 : 56;
+  } SnpVmplRequest;
+
+  struct {
+    UINT32    Function : 12;
+    UINT32    Reserved : 20;
+    UINT32    ErrorCode;
+  } SnpVmplResponse;
+
   VOID      *Ghcb;
 
   UINT64    GhcbPhysicalAddress;
+
+  UINT64    Uint64;
 } MSR_SEV_ES_GHCB_REGISTER;
 
 #define GHCB_INFO_SEV_INFO                        1
@@ -84,6 +99,8 @@ typedef union {
 #define GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE      19
 #define GHCB_INFO_SNP_PAGE_STATE_CHANGE_REQUEST   20
 #define GHCB_INFO_SNP_PAGE_STATE_CHANGE_RESPONSE  21
+#define GHCB_INFO_SNP_VMPL_REQUEST                22
+#define GHCB_INFO_SNP_VMPL_RESPONSE               23
 #define GHCB_HYPERVISOR_FEATURES_REQUEST          128
 #define GHCB_HYPERVISOR_FEATURES_RESPONSE         129
 #define GHCB_INFO_TERMINATE_REQUEST               256
diff --git a/MdePkg/Include/Register/Amd/Msr.h b/MdePkg/Include/Register/Amd/Msr.h
index 084eb892cdd9..04a3cbeb4315 100644
--- a/MdePkg/Include/Register/Amd/Msr.h
+++ b/MdePkg/Include/Register/Amd/Msr.h
@@ -6,7 +6,7 @@
   returned is a single 32-bit or 64-bit value, then a data structure is not
   provided for that MSR.
 
-  Copyright (c) 2017 - 2019, Advanced Micro Devices. All rights reserved.<BR>
+  Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
   @par Specification Reference:
@@ -19,5 +19,6 @@
 
 #include <Register/Intel/ArchitecturalMsr.h>
 #include <Register/Amd/Fam17Msr.h>
+#include <Register/Amd/SvsmMsr.h>
 
 #endif
diff --git a/MdePkg/Include/Register/Amd/Svsm.h b/MdePkg/Include/Register/Amd/Svsm.h
new file mode 100644
index 000000000000..9a989f803107
--- /dev/null
+++ b/MdePkg/Include/Register/Amd/Svsm.h
@@ -0,0 +1,101 @@
+/** @file
+  Secure VM Service Module (SVSM) Definition.
+
+  Provides data types allowing an SEV-SNP guest to interact with the SVSM.
+
+  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Specification Reference:
+  Secure VM Service Module Specification
+
+**/
+
+#ifndef SVSM_H_
+#define SVSM_H_
+
+#include <Base.h>
+#include <Uefi.h>
+#include <Library/BaseLib.h>
+
+//
+// The SVSM definitions are part of the SNP Secrets Page:
+//   An SVSM is considered present if the SvsmSize field is non-zero.
+//
+typedef PACKED struct {
+  UINT8     Reserved1[320];
+
+  UINT64    SvsmBase;
+  UINT64    SvsmSize;
+  UINT64    SvsmCaa;
+  UINT32    SvsmMaxVersion;
+  UINT8     SvsmGuestVmpl;
+  UINT8     Reserved2[3];
+} SVSM_INFORMATION;
+
+typedef PACKED struct {
+  UINT8    SvsmCallPending;
+  UINT8    SvsmMemAvailable;
+  UINT8    Reserved1[6];
+
+  //
+  // The remainder of the CAA 4KB area can be used for argument
+  // passing to the SVSM.
+  //
+  UINT8    SvsmBuffer[SIZE_4KB - 8];
+} SVSM_CAA;
+
+#define SVSM_SUCCESS                   0x00000000
+#define SVSM_ERR_INCOMPLETE            0x80000000
+#define SVSM_ERR_UNSUPPORTED_PROTOCOL  0x80000001
+#define SVSM_ERR_UNSUPPORTED_CALL      0x80000002
+#define SVSM_ERR_INVALID_ADDRESS       0x80000003
+#define SVSM_ERR_INVALID_FORMAT        0x80000004
+#define SVSM_ERR_INVALID_PARAMETER     0x80000005
+#define SVSM_ERR_INVALID_REQUEST       0x80000006
+#define SVSM_ERR_BUSY                  0x80000007
+
+#define SVSM_ERR_PVALIDATE_FAIL_INPUT          0x80001001
+#define SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH  0x80001006
+#define SVSM_ERR_PVALIDATE_FAIL_NO_CHANGE      0x80001010
+
+typedef PACKED struct {
+  UINT16    Entries;
+  UINT16    Next;
+
+  UINT8     Reserved[4];
+} SVSM_PVALIDATE_HEADER;
+
+typedef union {
+  struct {
+    UINT64    PageSize   : 2;
+    UINT64    Action     : 1;
+    UINT64    IgnoreCf   : 1;
+    UINT64    Reserved_2 : 8;
+    UINT64    Address    : 52;
+  } Bits;
+  UINT64    Uint64;
+} SVSM_PVALIDATE_ENTRY;
+
+typedef PACKED struct {
+  SVSM_PVALIDATE_HEADER    Header;
+  SVSM_PVALIDATE_ENTRY     Entry[];
+} SVSM_PVALIDATE_REQUEST;
+
+#define SVSM_PVALIDATE_MAX_ENTRY   \
+  ((sizeof (((SVSM_CAA *)0)->SvsmBuffer) - sizeof (SVSM_PVALIDATE_HEADER)) / sizeof (SVSM_PVALIDATE_ENTRY))
+
+typedef union {
+  SVSM_PVALIDATE_REQUEST    PvalidateRequest;
+} SVSM_REQUEST;
+
+typedef union {
+  struct {
+    UINT32    CallId;
+    UINT32    Protocol;
+  } Id;
+
+  UINT64    Uint64;
+} SVSM_FUNCTION;
+
+#endif
diff --git a/MdePkg/Include/Register/Amd/SvsmMsr.h b/MdePkg/Include/Register/Amd/SvsmMsr.h
new file mode 100644
index 000000000000..9e7fca880ba5
--- /dev/null
+++ b/MdePkg/Include/Register/Amd/SvsmMsr.h
@@ -0,0 +1,35 @@
+/** @file
+  MSR Definitions.
+
+  Provides defines for Machine Specific Registers(MSR) indexes. Data structures
+  are provided for MSRs that contain one or more bit fields.  If the MSR value
+  returned is a single 32-bit or 64-bit value, then a data structure is not
+  provided for that MSR.
+
+  Copyright (c) 2024, Advanced Micro Devices. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef SVSM_MSR_H_
+#define SVSM_MSR_H_
+
+/**
+  Secure VM Service Module CAA register
+
+**/
+#define MSR_SVSM_CAA  0xc001f000
+
+/**
+  MSR information returned for #MSR_SVSM_CAA
+**/
+typedef union {
+  struct {
+    UINT32    Lower32Bits;
+    UINT32    Upper32Bits;
+  } Bits;
+
+  UINT64    Uint64;
+} MSR_SVSM_CAA_REGISTER;
+
+#endif
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115845): https://edk2.groups.io/g/devel/message/115845
Mute This Topic: https://groups.io/mt/104512952/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 11/23] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR Protocol or a GHCB NAE event.

Create a new version of the VMGEXIT instruction that will adhere to this
calling convention and load the SVSM function arguments into the proper
register before invoking the VMGEXIT instruction. On return, perform the
atomic exchange on the SVSM call pending value as specified in the SVSM
specification.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 MdePkg/Library/BaseLib/BaseLib.inf           |  2 +
 MdePkg/Include/Library/BaseLib.h             | 39 ++++++++
 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++++++++
 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm  | 94 ++++++++++++++++++++
 4 files changed, 174 insertions(+)

diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
index 4dbe94be71e1..26e66a8d67cf 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -187,6 +187,7 @@ [Sources.Ia32]
   Ia32/XGetBv.nasm
   Ia32/XSetBv.nasm
   Ia32/VmgExit.nasm
+  Ia32/VmgExitSvsm.nasm
 
   Ia32/DivS64x64Remainder.c
   Ia32/InternalSwitchStack.c | MSFT
@@ -328,6 +329,7 @@ [Sources.X64]
   X64/XGetBv.nasm
   X64/XSetBv.nasm
   X64/VmgExit.nasm
+  X64/VmgExitSvsm.nasm
   ChkStkGcc.c  | GCC
 
 [Sources.EBC]
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 1fff0fb224f1..95f805599d9d 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -7876,6 +7876,45 @@ AsmVmgExit (
   VOID
   );
 
+///
+/// The structure used to supply and return data to and from the SVSM.
+///
+typedef struct {
+  VOID      *Caa;
+  UINT64    RaxIn;
+  UINT64    RcxIn;
+  UINT64    RdxIn;
+  UINT64    R8In;
+  UINT64    R9In;
+  UINT64    RaxOut;
+  UINT64    RcxOut;
+  UINT64    RdxOut;
+  UINT64    R8Out;
+  UINT64    R9Out;
+  UINT8     *CallPending;
+} SVSM_CALL_DATA;
+
+/**
+  Executes a VMGEXIT instruction (VMMCALL with a REP prefix) with arguments
+  and return code
+
+  Executes a VMGEXIT instruction placing the specified arguments in the
+  corresponding registers before invocation. Upon return an XCHG is done to
+  atomically clear and retrieve the SVSM call pending value. The returned RAX
+  register value becomes the function return code. This function is intended
+  for use with an SVSM. This function is only available on IA-32 and x64.
+
+  @param[in,out]  SvsmCallPending  Pointer to the location of the SVSM call data
+
+  @return                          Value of the RAX register on return
+
+**/
+UINT32
+EFIAPI
+AsmVmgExitSvsm (
+  IN OUT SVSM_CALL_DATA  *SvsmCallData
+  );
+
 /**
   Patch the immediate operand of an IA32 or X64 instruction such that the byte,
   word, dword or qword operand is encoded at the end of the instruction's
diff --git a/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
new file mode 100644
index 000000000000..14717bd1af02
--- /dev/null
+++ b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
@@ -0,0 +1,39 @@
+;------------------------------------------------------------------------------
+;
+; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+;   VmgExitSvsm.Asm
+;
+; Abstract:
+;
+;   AsmVmgExitSvsm function
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+    DEFAULT REL
+    SECTION .text
+
+;------------------------------------------------------------------------------
+; UINT32
+; EFIAPI
+; AsmVmgExitSvsm (
+;   SVSM_CALL_DATA *SvsmCallData
+;   );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmVmgExitSvsm)
+ASM_PFX(AsmVmgExitSvsm):
+;
+; NASM doesn't support the vmmcall instruction in 32-bit mode and NASM versions
+; before 2.12 cannot translate the 64-bit "rep vmmcall" instruction into elf32
+; format. Given that VMGEXIT does not make sense on IA32, provide a stub
+; implementation that is identical to CpuBreakpoint(). In practice,
+; AsmVmgExitSvsm() should never be called on IA32.
+;
+    int  3
+    ret
+
diff --git a/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
new file mode 100644
index 000000000000..b8af78890611
--- /dev/null
+++ b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
@@ -0,0 +1,94 @@
+;------------------------------------------------------------------------------
+;
+; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+;   VmgExitSvsm.Asm
+;
+; Abstract:
+;
+;   AsmVmgExitSvsm function
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+    DEFAULT REL
+    SECTION .text
+
+;------------------------------------------------------------------------------
+; typedef struct {
+;   VOID      *Caa;
+;   UINT64    RaxIn;
+;   UINT64    RcxIn;
+;   UINT64    RdxIn;
+;   UINT64    R8In;
+;   UINT64    R9In;
+;   UINT64    RaxOut;
+;   UINT64    RcxOut;
+;   UINT64    RdxOut;
+;   UINT64    R8Out;
+;   UINT64    R9Out;
+;   UINT8     *CallPending;
+; } SVSM_CALL_DATA;
+;
+; UINT32
+; EFIAPI
+; AsmVmgExitSvsm (
+;   SVSM_CALL_DATA *SvsmCallData
+;   );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmVmgExitSvsm)
+ASM_PFX(AsmVmgExitSvsm):
+    push    r10
+    push    r11
+    push    r12
+
+;
+; Calling convention has SvsmCallData in RCX. Move RCX to R12 in order to
+; properly populate the SVSM register state.
+;
+    mov     r12, rcx
+
+    mov     rax, [r12 + 8]
+    mov     rcx, [r12 + 16]
+    mov     rdx, [r12 + 24]
+    mov     r8,  [r12 + 32]
+    mov     r9,  [r12 + 40]
+
+;
+; Set CA call pending
+;
+    mov     r10, [r12]
+    mov     byte [r10], 1
+
+    rep     vmmcall
+
+    mov     [r12 + 48], rax
+    mov     [r12 + 56], rcx
+    mov     [r12 + 64], rdx
+    mov     [r12 + 72], r8
+    mov     [r12 + 80], r9
+
+;
+; Perform the atomic exchange and return the CA call pending value.
+; The call pending value is a one-byte field at offset 0 into the CA,
+; which is currently the value in R10.
+;
+
+    mov     r11, [r12 + 88]     ; Get CallPending address
+    mov     cl, byte [r11]
+    xchg    byte [r10], cl
+    mov     byte [r11], cl      ; Return the exchanged value
+
+    pop     r12
+    pop     r11
+    pop     r10
+
+;
+; RAX has the value to be returned from the SVSM
+;
+    ret
+
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115846): https://edk2.groups.io/g/devel/message/115846
Mute This Topic: https://groups.io/mt/104512956/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
lower, a new CcSvsmLib library must be created.

This library includes an interface to detect if running under an SVSM, an
interface to return the current VMPL, an interface to perform memory
validation and an interface to set or clear the attribute that allows a
page to be used as a VMSA.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 UefiCpuPkg/UefiCpuPkg.dec                          |   5 +-
 UefiCpuPkg/UefiCpuPkg.dsc                          |   4 +-
 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf |  27 +++++
 UefiCpuPkg/Include/Library/CcSvsmLib.h             | 101 ++++++++++++++++++
 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c   | 108 ++++++++++++++++++++
 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni |  13 +++
 6 files changed, 256 insertions(+), 2 deletions(-)

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 571b59b36f0a..4a383c6d1d4d 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -2,7 +2,7 @@
 # This Package provides UEFI compatible CPU modules and libraries.
 #
 # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64]
   ##  @libraryclass  Provides function to support CcExit processing.
   CcExitLib|Include/Library/CcExitLib.h
 
+  ##  @libraryclass  Provides function to support CcSvsm processing.
+  CcSvsmLib|Include/Library/CcSvsmLib.h
+
   ##  @libraryclass  Provides function to get CPU cache information.
   CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h
 
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index 10b33594e586..1ee726e6c6b5 100644
--- a/UefiCpuPkg/UefiCpuPkg.dsc
+++ b/UefiCpuPkg/UefiCpuPkg.dsc
@@ -2,7 +2,7 @@
 #  UefiCpuPkg Package
 #
 #  Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
-#  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+#  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -61,6 +61,7 @@ [LibraryClasses]
   PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
   SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
   CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
@@ -159,6 +160,7 @@ [Components.IA32, Components.X64]
   UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf
   UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf
   UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
   UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
   UefiCpuPkg/SecCore/SecCore.inf
diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
new file mode 100644
index 000000000000..b45a75941a8a
--- /dev/null
+++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
@@ -0,0 +1,27 @@
+## @file
+#  CcSvsm Base Support Library.
+#
+#  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 1.29
+  BASE_NAME                      = CcSvsmLibNull
+  MODULE_UNI_FILE                = CcSvsmLibNull.uni
+  FILE_GUID                      = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = CcSvsmLib
+
+[Sources.common]
+  CcSvsmLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  UefiCpuPkg/UefiCpuPkg.dec
+
+[LibraryClasses]
+  BaseLib
+
diff --git a/UefiCpuPkg/Include/Library/CcSvsmLib.h b/UefiCpuPkg/Include/Library/CcSvsmLib.h
new file mode 100644
index 000000000000..4715f4db3bd1
--- /dev/null
+++ b/UefiCpuPkg/Include/Library/CcSvsmLib.h
@@ -0,0 +1,101 @@
+/** @file
+  Public header file for the CcSvsmLib.
+
+  This library class defines some routines used for invoking an SVSM when the
+  guest is not running at VMPL0.
+
+  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef CC_SVSM_LIB_H_
+#define CC_SVSM_LIB_H_
+
+#include <Protocol/DebugSupport.h>
+#include <Register/Amd/Ghcb.h>
+
+/**
+  Report the presence of an Secure Virtual Services Module (SVSM).
+
+  Determines the presence of an SVSM.
+
+  @retval  TRUE                   An SVSM is present
+  @retval  FALSE                  An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+CcSvsmIsSvsmPresent (
+  VOID
+  );
+
+/**
+  Report the VMPL level at which the SEV-SNP guest is running.
+
+  Determines the VMPL level at which the guest is running. If an SVSM is
+  not present, then it must be VMPL0, otherwise return what is reported
+  by the SVSM.
+
+  @return                         The VMPL level
+
+**/
+UINT8
+EFIAPI
+CcSvsmSnpGetVmpl (
+  VOID
+  );
+
+/**
+  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+  If an SVSM is present, the CAA for the BSP is returned.
+
+  @return                         The CAA
+
+**/
+UINT64
+EFIAPI
+CcSvsmSnpGetCaa (
+  VOID
+  );
+
+/**
+  Perform a PVALIDATE operation for the page ranges specified.
+
+  Validate or rescind the validation of the specified pages.
+
+  @param[in]       Info           Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+CcSvsmSnpPvalidate (
+  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
+  );
+
+/**
+  Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+  Add or remove the VMSA attribute for a page.
+
+  @param[in]       Vmsa           Pointer to an SEV-ES save area page
+  @param[in]       ApicId         APIC ID associated with the VMSA
+  @param[in]       SetVmsa        Boolean indicator as to whether to set or
+                                  or clear the VMSA setting for the page
+
+  @retval  EFI_SUCCESS            RMPADJUST operation successful
+  @retval  EFI_UNSUPPORTED        Operation is not supported
+  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
+                                  parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+CcSvsmSnpVmsaRmpAdjust (
+  IN SEV_ES_SAVE_AREA  *Vmsa,
+  IN UINT32            ApicId,
+  IN BOOLEAN           SetVmsa
+  );
+
+#endif
diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
new file mode 100644
index 000000000000..268bd9a7ca54
--- /dev/null
+++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
@@ -0,0 +1,108 @@
+/** @file
+  CcSvsm Base Support Library.
+
+  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Uefi.h>
+#include <Library/CcSvsmLib.h>
+
+/**
+  Report the presence of an Secure Virtual Services Module (SVSM).
+
+  Determines the presence of an SVSM.
+
+  @retval  TRUE                   An SVSM is present
+  @retval  FALSE                  An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+CcSvsmIsSvsmPresent (
+  VOID
+  )
+{
+  return FALSE;
+}
+
+/**
+  Report the VMPL level at which the SEV-SNP guest is running.
+
+  Determines the VMPL level at which the guest is running. If an SVSM is
+  not present, then it must be VMPL0, otherwise return what is reported
+  by the SVSM.
+
+  @return                         The VMPL level
+
+**/
+UINT8
+EFIAPI
+CcSvsmSnpGetVmpl (
+  VOID
+  )
+{
+  return 0;
+}
+
+/**
+  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+  If an SVSM is present, the CAA for the BSP is returned.
+
+  @return                         The CAA
+
+**/
+UINT64
+EFIAPI
+CcSvsmSnpGetCaa (
+  VOID
+  )
+{
+  return 0;
+}
+
+/**
+  Perform a PVALIDATE operation for the page ranges specified.
+
+  Validate or rescind the validation of the specified pages.
+
+  @param[in]       Info           Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+CcSvsmSnpPvalidate (
+  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
+  )
+{
+}
+
+/**
+  Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+  Add or remove the VMSA attribute for a page.
+
+  @param[in]       Vmsa           Pointer to an SEV-ES save area page
+  @param[in]       ApicId         APIC ID associated with the VMSA
+  @param[in]       SetVmsa        Boolean indicator as to whether to set or
+                                  or clear the VMSA setting for the page
+
+  @retval  EFI_SUCCESS            RMPADJUST operation successful
+  @retval  EFI_UNSUPPORTED        Operation is not supported
+  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
+                                  parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+CcSvsmSnpVmsaRmpAdjust (
+  IN SEV_ES_SAVE_AREA  *Vmsa,
+  IN UINT32            ApicId,
+  IN BOOLEAN           SetVmsa
+  )
+{
+  return EFI_UNSUPPORTED;
+}
diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
new file mode 100644
index 000000000000..c80c0a5656dd
--- /dev/null
+++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
@@ -0,0 +1,13 @@
+// /** @file
+// CcSvsmLib instance.
+//
+// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "CcSvsmLib NULL instance"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "CcSvsmLib NULL instance."
+
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115847): https://edk2.groups.io/g/devel/message/115847
Mute This Topic: https://groups.io/mt/104512960/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 13/23] UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The MpInitLib library will be updated to use the new CcSvsmLib library.
To prevent any build breakage, update the UefiPayloadPkg DSC file to
include the CcSvsmLib NULL library.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 0e142bb7c2a2..2d468b43a786 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -331,6 +331,7 @@ [LibraryClasses]
   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
   FdtLib|MdePkg/Library/BaseFdtLib/BaseFdtLib.inf
 [LibraryClasses.common]
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115848): https://edk2.groups.io/g/devel/message/115848
Mute This Topic: https://groups.io/mt/104512961/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 14/23] Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

Add initial support for the new CcSvsmLib library to OvmfPkg. The initial
implementation will fully implement the SVSM presence check API and the
SVSM VMPL API, with later patches fully implementing the other interfaces.

The SVSM presence check, CcSvsmIsSvsmPresent(), determines the presence
of an SVSM by checking if an SVSM has been advertised in the SEV-SNP
Secrets Page. The SVSM VMPL API, CcSvsmSnpGetVmpl(), returns the VMPL
level at which OVMF is currently running.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc            |   1 +
 OvmfPkg/Bhyve/BhyveX64.dsc              |   1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc          |   1 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc        |   1 +
 OvmfPkg/Microvm/MicrovmX64.dsc          |   1 +
 OvmfPkg/OvmfPkgIa32.dsc                 |   1 +
 OvmfPkg/OvmfPkgIa32X64.dsc              |   3 +-
 OvmfPkg/OvmfPkgX64.dsc                  |   1 +
 OvmfPkg/OvmfXen.dsc                     |   1 +
 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf |  38 +++
 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c   | 267 ++++++++++++++++++++
 11 files changed, 315 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index a31a89344a60..be0bfe3b017d 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -208,6 +208,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
+  CcSvsmLib|OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
 
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 9689a2f14efa..69e5c33126a3 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -234,6 +234,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
 
 [LibraryClasses.common.SEC]
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index b522fa10594d..31d8da0a1a61 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -244,6 +244,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
+  CcSvsmLib|OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
 
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 82e3e41cfc57..6fbe4bb17573 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -215,6 +215,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
+  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
   PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 063324cd0572..7110c4805acf 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -242,6 +242,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
+  CcSvsmLib|OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
   SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
   PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf
   FdtLib|EmbeddedPkg/Library/FdtLib/FdtLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 28379961a78e..dc9d7233da15 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -251,6 +251,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
 
 [LibraryClasses.common.SEC]
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 5e9eee628aea..afdb33023e85 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -4,7 +4,7 @@
 #  Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
 #  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
 #  Copyright (c) Microsoft Corporation.
-#  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+#  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -256,6 +256,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
 
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index bf4c7906c460..a70aae7c3e77 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -272,6 +272,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
+  CcSvsmLib|OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
 
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 976b795d41c9..d533c5f37be3 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -235,6 +235,7 @@ [LibraryClasses]
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
 
 [LibraryClasses.common.SEC]
diff --git a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
new file mode 100644
index 000000000000..6a57d397d2f6
--- /dev/null
+++ b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
@@ -0,0 +1,38 @@
+## @file
+#  CcExitLib Library.
+#
+#  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 1.29
+  BASE_NAME                      = CcSvsmLib
+  FILE_GUID                      = 288e3588-87d8-4c2c-b568-bf900de0fb36
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = CcSvsmLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = X64
+#
+
+[Sources.common]
+  CcSvsmLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+  UefiCpuPkg/UefiCpuPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+
+[Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
diff --git a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
new file mode 100644
index 000000000000..f45ae472783c
--- /dev/null
+++ b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
@@ -0,0 +1,267 @@
+/** @file
+  SVSM Support Library.
+
+  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Uefi.h>
+#include <Library/CcSvsmLib.h>
+#include <Register/Amd/Msr.h>
+#include <Register/Amd/Svsm.h>
+
+#define PAGES_PER_2MB_ENTRY  512
+
+/**
+  Issue a GHCB termination request for termination.
+
+  Request termination using the GHCB MSR protocol.
+
+**/
+STATIC
+VOID
+SnpTerminate (
+  VOID
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+
+  //
+  // Use the GHCB MSR Protocol to request termination by the hypervisor
+  //
+  Msr.Uint64                      = 0;
+  Msr.GhcbTerminate.Function      = GHCB_INFO_TERMINATE_REQUEST;
+  Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB;
+  Msr.GhcbTerminate.ReasonCode    = GHCB_TERMINATE_GHCB_GENERAL;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64);
+
+  AsmVmgExit ();
+
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
+
+/**
+  Report the presence of an Secure Virtual Services Module (SVSM).
+
+  Determines the presence of an SVSM.
+
+  @retval  TRUE                   An SVSM is present
+  @retval  FALSE                  An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+CcSvsmIsSvsmPresent (
+  VOID
+  )
+{
+  SVSM_INFORMATION  *SvsmInfo;
+
+  SvsmInfo = (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase);
+
+  return (SvsmInfo != NULL && SvsmInfo->SvsmSize != 0);
+}
+
+/**
+  Report the VMPL level at which the SEV-SNP guest is running.
+
+  Determines the VMPL level at which the guest is running. If an SVSM is
+  not present, then it must be VMPL0, otherwise return what is reported
+  by the SVSM.
+
+  @return                         The VMPL level
+
+**/
+UINT8
+EFIAPI
+CcSvsmSnpGetVmpl (
+  VOID
+  )
+{
+  SVSM_INFORMATION  *SvsmInfo;
+
+  SvsmInfo = (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase);
+
+  return CcSvsmIsSvsmPresent () ? SvsmInfo->SvsmGuestVmpl : 0;
+}
+
+/**
+  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+  If an SVSM is present, the CAA for the BSP is returned.
+
+  @return                         The CAA
+
+**/
+UINT64
+EFIAPI
+CcSvsmSnpGetCaa (
+  VOID
+  )
+{
+  SVSM_INFORMATION  *SvsmInfo;
+
+  SvsmInfo = (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase);
+
+  return CcSvsmIsSvsmPresent () ? SvsmInfo->SvsmCaa : 0;
+}
+
+/**
+  Perform a native PVALIDATE operation for the page ranges specified.
+
+  Validate or rescind the validation of the specified pages.
+
+  @param[in]       Info           Pointer to a page state change structure
+
+**/
+STATIC
+VOID
+BasePvalidate (
+  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
+  )
+{
+  UINTN                 RmpPageSize;
+  UINTN                 StartIndex;
+  UINTN                 EndIndex;
+  UINTN                 Index;
+  UINTN                 Ret;
+  EFI_PHYSICAL_ADDRESS  Address;
+  BOOLEAN               Validate;
+
+  StartIndex = Info->Header.CurrentEntry;
+  EndIndex   = Info->Header.EndEntry;
+
+  for ( ; StartIndex <= EndIndex; StartIndex++) {
+    //
+    // Get the address and the page size from the Info.
+    //
+    Address     = ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
+    RmpPageSize = Info->Entry[StartIndex].PageSize;
+    Validate    = Info->Entry[StartIndex].Operation == SNP_PAGE_STATE_PRIVATE;
+
+    Ret = AsmPvalidate (RmpPageSize, Validate, Address);
+
+    //
+    // If we fail to validate due to size mismatch then try with the
+    // smaller page size. This senario will occur if the backing page in
+    // the RMP entry is 4K and we are validating it as a 2MB.
+    //
+    if ((Ret == PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize == PvalidatePageSize2MB)) {
+      for (Index = 0; Index < PAGES_PER_2MB_ENTRY; Index++) {
+        Ret = AsmPvalidate (PvalidatePageSize4K, Validate, Address);
+        if (Ret) {
+          break;
+        }
+
+        Address = Address + EFI_PAGE_SIZE;
+      }
+    }
+
+    //
+    // If validation failed then do not continue.
+    //
+    if (Ret) {
+      DEBUG ((
+        DEBUG_ERROR,
+        "%a:%a: Failed to %a address 0x%Lx Error code %d\n",
+        gEfiCallerBaseName,
+        __func__,
+        Validate ? "Validate" : "Invalidate",
+        Address,
+        Ret
+        ));
+
+      SnpTerminate ();
+    }
+  }
+}
+
+/**
+  Perform a PVALIDATE operation for the page ranges specified.
+
+  Validate or rescind the validation of the specified pages.
+
+  @param[in]       Info           Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+CcSvsmSnpPvalidate (
+  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
+  )
+{
+  BasePvalidate (Info);
+}
+
+/**
+  Perform a native RMPADJUST operation to alter the VMSA setting of a page.
+
+  Add or remove the VMSA attribute for a page.
+
+  @param[in]       Vmsa           Pointer to an SEV-ES save area page
+  @param[in]       SetVmsa        Boolean indicator as to whether to set or
+                                  or clear the VMSA setting for the page
+
+  @retval  EFI_SUCCESS            RMPADJUST operation successful
+  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
+                                  parameter was supplied
+
+**/
+STATIC
+EFI_STATUS
+BaseVmsaRmpAdjust (
+  IN SEV_ES_SAVE_AREA  *Vmsa,
+  IN BOOLEAN           SetVmsa
+  )
+{
+  UINT64  Rdx;
+  UINT32  Ret;
+
+  //
+  // The RMPADJUST instruction is used to set or clear the VMSA bit for a
+  // page. The VMSA change is only made when running at VMPL0 and is ignored
+  // otherwise. If too low a target VMPL is specified, the instruction can
+  // succeed without changing the VMSA bit when not running at VMPL0. Using a
+  // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error if
+  // not running at VMPL0, thus ensuring that the VMSA bit is set appropriately
+  // when no error is returned.
+  //
+  Rdx = 1;
+  if (SetVmsa) {
+    Rdx |= RMPADJUST_VMSA_PAGE_BIT;
+  }
+
+  Ret = AsmRmpAdjust ((UINT64)(UINTN)Vmsa, 0, Rdx);
+
+  return (Ret == 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER;
+}
+
+/**
+  Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+  Add or remove the VMSA attribute for a page.
+
+  @param[in]       Vmsa           Pointer to an SEV-ES save area page
+  @param[in]       ApicId         APIC ID associated with the VMSA
+  @param[in]       SetVmsa        Boolean indicator as to whether to set or
+                                  or clear the VMSA setting for the page
+
+  @retval  EFI_SUCCESS            RMPADJUST operation successful
+  @retval  EFI_UNSUPPORTED        Operation is not supported
+  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
+                                  parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+CcSvsmSnpVmsaRmpAdjust (
+  IN SEV_ES_SAVE_AREA  *Vmsa,
+  IN UINT32            ApicId,
+  IN BOOLEAN           SetVmsa
+  )
+{
+  return BaseVmsaRmpAdjust (Vmsa, SetVmsa);
+}
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115849): https://edk2.groups.io/g/devel/message/115849
Mute This Topic: https://groups.io/mt/104512963/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 15/23] UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The RMPADJUST instruction is used to change the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. To
prepare for running at a less priviledged VMPL, use the CcSvsmLib library
API to perform the RMPADJUST. The CcSvsmLib library will perform the
proper operation on behalf of the caller.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/MpLib.h          | 14 -----
 UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c    | 20 --------
 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c     | 54 +++-----------------
 5 files changed, 9 insertions(+), 81 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 538a2146ff24..1b6abc4440cb 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -57,6 +57,7 @@ [LibraryClasses]
   SynchronizationLib
   PcdLib
   CcExitLib
+  CcSvsmLib
   MicrocodeLib
 [LibraryClasses.X64]
   CpuPageTableLib
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index 622baec45e2f..9077114b1e6d 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -53,6 +53,7 @@ [LibraryClasses]
   PeiServicesLib
   PcdLib
   CcExitLib
+  CcSvsmLib
   MicrocodeLib
 
 [Pcd]
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index 617f7401aea8..53a25c4634a1 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -870,20 +870,6 @@ FillExchangeInfoDataSevEs (
   IN volatile MP_CPU_EXCHANGE_INFO  *ExchangeInfo
   );
 
-/**
-  Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
-  @param[in]  PageAddress
-  @param[in]  VmsaPage
-
-  @return  RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
-  IN  EFI_PHYSICAL_ADDRESS  PageAddress,
-  IN  BOOLEAN               VmsaPage
-  );
-
 /**
   Create an SEV-SNP AP save area (VMSA) for use in running the vCPU.
 
diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
index 0478e92317f1..963bd62494b9 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
@@ -49,26 +49,6 @@ SevSnpCreateAP (
   ASSERT (FALSE);
 }
 
-/**
-  Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
-  @param[in]  PageAddress
-  @param[in]  VmsaPage
-
-  @return  RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
-  IN  EFI_PHYSICAL_ADDRESS  PageAddress,
-  IN  BOOLEAN               VmsaPage
-  )
-{
-  //
-  // RMPADJUST is not supported in 32-bit mode
-  //
-  return RETURN_UNSUPPORTED;
-}
-
 /**
   Determine if the SEV-SNP AP Create protocol should be used.
 
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index 5d92c441adcd..bb4a52b25cd2 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -10,6 +10,7 @@
 
 #include "MpLib.h"
 #include <Library/CcExitLib.h>
+#include <Library/CcSvsmLib.h>
 #include <Register/Amd/Fam17Msr.h>
 #include <Register/Amd/Ghcb.h>
 
@@ -38,20 +39,15 @@ SevSnpPerformApAction (
   BOOLEAN                   InterruptState;
   UINT64                    ExitInfo1;
   UINT64                    ExitInfo2;
-  UINT32                    RmpAdjustStatus;
   UINT64                    VmgExitStatus;
+  EFI_STATUS                VmsaStatus;
 
   if (Action == SVM_VMGEXIT_SNP_AP_CREATE) {
     //
-    // To turn the page into a recognized VMSA page, issue RMPADJUST:
-    //   Target VMPL but numerically higher than current VMPL
-    //   Target PermissionMask is not used
+    // Turn the page into a recognized VMSA page.
     //
-    RmpAdjustStatus = SevSnpRmpAdjust (
-                        (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
-                        TRUE
-                        );
-    if (RmpAdjustStatus != 0) {
+    VmsaStatus = CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE);
+    if (EFI_ERROR (VmsaStatus)) {
       DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n"));
       ASSERT (FALSE);
 
@@ -94,11 +90,8 @@ SevSnpPerformApAction (
     // Make the current VMSA not runnable and accessible to be
     // reprogrammed.
     //
-    RmpAdjustStatus = SevSnpRmpAdjust (
-                        (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
-                        FALSE
-                        );
-    if (RmpAdjustStatus != 0) {
+    VmsaStatus = CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE);
+    if (EFI_ERROR (VmsaStatus)) {
       DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n"));
       ASSERT (FALSE);
 
@@ -328,39 +321,6 @@ SevSnpCreateAP (
   }
 }
 
-/**
-  Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
-  @param[in]  PageAddress
-  @param[in]  VmsaPage
-
-  @return  RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
-  IN  EFI_PHYSICAL_ADDRESS  PageAddress,
-  IN  BOOLEAN               VmsaPage
-  )
-{
-  UINT64  Rdx;
-
-  //
-  // The RMPADJUST instruction is used to set or clear the VMSA bit for a
-  // page. The VMSA change is only made when running at VMPL0 and is ignored
-  // otherwise. If too low a target VMPL is specified, the instruction can
-  // succeed without changing the VMSA bit when not running at VMPL0. Using a
-  // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error if
-  // not running at VMPL0, thus ensuring that the VMSA bit is set appropriately
-  // when no error is returned.
-  //
-  Rdx = 1;
-  if (VmsaPage) {
-    Rdx |= RMPADJUST_VMSA_PAGE_BIT;
-  }
-
-  return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx);
-}
-
 /**
   Determine if the SEV-SNP AP Create protocol should be used.
 
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115850): https://edk2.groups.io/g/devel/message/115850
Mute This Topic: https://groups.io/mt/104512965/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 16/23] OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate pages

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The PVALIDATE instruction is used to change the SNP validation of a page,
but that can only be done when running at VMPL0. To prepare for running at
a less priviledged VMPL, use the CcSvsmLib library API to perform the
PVALIDATE. The CcSvsmLib library will perform the proper operation on
behalf of the caller.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf          |  3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf          |  3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf          |  3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 74 +-------------------
 4 files changed, 9 insertions(+), 74 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index cc24961c9265..7397e5cfb810 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Library provides the helper functions for SEV guest
 #
-# Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -52,6 +52,7 @@ [LibraryClasses]
   MemoryAllocationLib
   PcdLib
   CcExitLib
+  CcSvsmLib
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 8f56783da55e..55928f9e386c 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Library provides the helper functions for SEV guest
 #
-# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -52,6 +52,7 @@ [LibraryClasses]
   MemoryAllocationLib
   PcdLib
   CcExitLib
+  CcSvsmLib
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
index b6d76e7e630f..e373f9f010ba 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Library provides the helper functions for SEV guest
 #
-# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -49,6 +49,7 @@ [LibraryClasses]
   DebugLib
   PcdLib
   CcExitLib
+  CcSvsmLib
 
 [FixedPcd]
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index f1883239a661..4e1225d12797 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -14,14 +14,13 @@
 #include <Library/MemEncryptSevLib.h>
 #include <Library/DebugLib.h>
 #include <Library/CcExitLib.h>
+#include <Library/CcSvsmLib.h>
 
 #include <Register/Amd/Ghcb.h>
 #include <Register/Amd/Msr.h>
 
 #include "SnpPageStateChange.h"
 
-#define PAGES_PER_LARGE_ENTRY  512
-
 STATIC
 UINTN
 MemoryStateToGhcbOp (
@@ -63,73 +62,6 @@ SnpPageStateFailureTerminate (
   CpuDeadLoop ();
 }
 
-/**
- This function issues the PVALIDATE instruction to validate or invalidate the memory
- range specified. If PVALIDATE returns size mismatch then it retry validating with
- smaller page size.
-
- */
-STATIC
-VOID
-PvalidateRange (
-  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
-  )
-{
-  UINTN                 RmpPageSize;
-  UINTN                 StartIndex;
-  UINTN                 EndIndex;
-  UINTN                 Index;
-  UINTN                 Ret;
-  EFI_PHYSICAL_ADDRESS  Address;
-  BOOLEAN               Validate;
-
-  StartIndex = Info->Header.CurrentEntry;
-  EndIndex   = Info->Header.EndEntry;
-
-  for ( ; StartIndex <= EndIndex; StartIndex++) {
-    //
-    // Get the address and the page size from the Info.
-    //
-    Address     = ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
-    RmpPageSize = Info->Entry[StartIndex].PageSize;
-    Validate    = Info->Entry[StartIndex].Operation == SNP_PAGE_STATE_PRIVATE;
-
-    Ret = AsmPvalidate (RmpPageSize, Validate, Address);
-
-    //
-    // If we fail to validate due to size mismatch then try with the
-    // smaller page size. This senario will occur if the backing page in
-    // the RMP entry is 4K and we are validating it as a 2MB.
-    //
-    if ((Ret == PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize == PvalidatePageSize2MB)) {
-      for (Index = 0; Index < PAGES_PER_LARGE_ENTRY; Index++) {
-        Ret = AsmPvalidate (PvalidatePageSize4K, Validate, Address);
-        if (Ret) {
-          break;
-        }
-
-        Address = Address + EFI_PAGE_SIZE;
-      }
-    }
-
-    //
-    // If validation failed then do not continue.
-    //
-    if (Ret) {
-      DEBUG ((
-        DEBUG_ERROR,
-        "%a:%a: Failed to %a address 0x%Lx Error code %d\n",
-        gEfiCallerBaseName,
-        __func__,
-        Validate ? "Validate" : "Invalidate",
-        Address,
-        Ret
-        ));
-      SnpPageStateFailureTerminate ();
-    }
-  }
-}
-
 STATIC
 EFI_PHYSICAL_ADDRESS
 BuildPageStateBuffer (
@@ -328,7 +260,7 @@ InternalSetPageState (
     // invalidate the pages before making the page shared in the RMP table.
     //
     if (State == SevSnpPageShared) {
-      PvalidateRange (Info);
+      CcSvsmSnpPvalidate (Info);
     }
 
     //
@@ -341,7 +273,7 @@ InternalSetPageState (
     // validate the pages after it has been added in the RMP table.
     //
     if (State == SevSnpPagePrivate) {
-      PvalidateRange (Info);
+      CcSvsmSnpPvalidate (Info);
     }
   }
 }
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115851): https://edk2.groups.io/g/devel/message/115851
Mute This Topic: https://groups.io/mt/104512967/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 17/23] OvmfPkg: Create a calling area used to communicate with the SVSM

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

An SVSM requires a calling area page whose address (CAA) is used by the
SVSM to communicate and process the SVSM request.

Add a pre-defined page area to the OvmfPkg and AmdSev packages and define
corresponding PCDs used to communicate the location and size of the area.
Keep the AmdSev package in sync with the OvmfPkg and adjust the AmdSev
launch and hash area memory locations.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/OvmfPkg.dec                         |  4 ++++
 OvmfPkg/AmdSev/AmdSevX64.fdf                |  9 ++++++---
 OvmfPkg/OvmfPkgX64.fdf                      |  3 +++
 OvmfPkg/PlatformPei/PlatformPei.inf         |  2 ++
 OvmfPkg/ResetVector/ResetVector.inf         |  2 ++
 OvmfPkg/PlatformPei/AmdSev.c                | 11 +++++++++++
 OvmfPkg/ResetVector/ResetVector.nasmb       |  6 ++++--
 OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 ++++++++++-
 8 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index fbc81e4c8070..2f7bded9260b 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -338,6 +338,10 @@ [PcdsFixedAtBuild]
   ## Restrict boot to EFI applications in firmware volumes.
   gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|FALSE|BOOLEAN|0x6c
 
+  ## The base address and size of the initial SVSM Calling Area.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|0|UINT32|0x70
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize|0|UINT32|0x71
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 9dd409596780..dafa5ebacbaf 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -68,13 +68,16 @@ [FD.MEMFD]
 0x00E000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
 
-0x00F000|0x000C00
+0x00F000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
+
+0x010000|0x000C00
 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
 
-0x00FC00|0x000400
+0x010C00|0x000400
 gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
 
-0x010000|0x010000
+0x011000|0x00F000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
 
 0x020000|0x0E0000
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index f47ab1727e4c..f12844f674e7 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -94,6 +94,9 @@ [FD.MEMFD]
 0x00E000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
 
+0x00F000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
+
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
 
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 7de3b4341c2c..126085db0204 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -128,6 +128,8 @@ [FixedPcd]
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index a4154ca90c28..0f5f8fec0b77 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -62,5 +62,7 @@ [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 472cf13f0faa..66f480ee1c5d 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -554,5 +554,16 @@ SevInitializeRam (
       (UINT64)(UINTN)PcdGet32 (PcdOvmfCpuidSize),
       EfiReservedMemoryType
       );
+
+    //
+    // The calling area memory needs to be protected until the OS can create
+    // its own calling area. Mark it as EfiReservedMemoryType so that the
+    // guest firmware and OS do not use it as a system memory.
+    //
+    BuildMemoryAllocationHob (
+      (EFI_PHYSICAL_ADDRESS)(UINTN)PcdGet32 (PcdOvmfSecSvsmCaaBase),
+      (UINT64)(UINTN)PcdGet32 (PcdOvmfSecSvsmCaaSize),
+      EfiReservedMemoryType
+      );
   }
 }
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 366a70fb9992..22bd34721a8b 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -3,7 +3,7 @@
 ; This file includes all other code files to assemble the reset vector code
 ;
 ; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.<BR>
-; Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; Copyright (c) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
 ; SPDX-License-Identifier: BSD-2-Clause-Patent
 ;
 ;------------------------------------------------------------------------------
@@ -68,6 +68,8 @@
 %define SEV_SNP_SECRETS_SIZE          (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
 %define CPUID_BASE                    (FixedPcdGet32 (PcdOvmfCpuidBase))
 %define CPUID_SIZE                    (FixedPcdGet32 (PcdOvmfCpuidSize))
+%define SVSM_CAA_BASE                 (FixedPcdGet32 (PcdOvmfSecSvsmCaaBase))
+%define SVSM_CAA_SIZE                 (FixedPcdGet32 (PcdOvmfSecSvsmCaaSize))
 %if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0)
   ; There's a reserved page for SEV secrets and hashes; the VMM will fill and
   ; validate the page, or mark it as a zero page.
@@ -88,7 +90,7 @@
 ;
 %define SNP_SEC_MEM_BASE_DESC_2       (GHCB_BASE + 0x1000)
 %define SNP_SEC_MEM_SIZE_DESC_2       (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE_DESC_2)
-%define SNP_SEC_MEM_BASE_DESC_3       (CPUID_BASE + CPUID_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
+%define SNP_SEC_MEM_BASE_DESC_3       (SVSM_CAA_BASE + SVSM_CAA_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
 %define SNP_SEC_MEM_SIZE_DESC_3       (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
 
 %ifdef ARCH_X64
diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
index 8aa77d870123..2511073a466f 100644
--- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
+++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
@@ -2,7 +2,7 @@
 ; @file
 ; OVMF metadata for the AMD SEV confidential computing guests
 ;
-; Copyright (c) 2021, AMD Inc. All rights reserved.<BR>
+; Copyright (c) 2021 - 2024, AMD Inc. All rights reserved.<BR>
 ;
 ; SPDX-License-Identifier: BSD-2-Clause-Patent
 ;-----------------------------------------------------------------------------
@@ -26,6 +26,9 @@ BITS  64
 ;
 %define OVMF_SECTION_TYPE_CPUID           0x3
 
+; The SVSM Calling Area Address (CAA)
+%define OVMF_SECTION_TYPE_SVSM_CAA        0x4
+
 ; Kernel hashes section for measured direct boot
 %define OVMF_SECTION_TYPE_KERNEL_HASHES   0x10
 
@@ -67,6 +70,12 @@ CpuidSec:
   DD  CPUID_SIZE
   DD  OVMF_SECTION_TYPE_CPUID
 
+; SVSM CAA page
+SvsmCaa:
+  DD  SVSM_CAA_BASE
+  DD  SVSM_CAA_SIZE
+  DD  OVMF_SECTION_TYPE_SVSM_CAA
+
 %if (SEV_SNP_KERNEL_HASHES_BASE > 0)
 ; Kernel hashes for measured direct boot, or zero page if
 ; there are no kernel hashes / SEV secrets
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115852): https://edk2.groups.io/g/devel/message/115852
Mute This Topic: https://groups.io/mt/104512971/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 18/23] OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The PVALIDATE instruction can only be performed at VMPL0. An SVSM will
be present when running at VMPL1 or higher.

When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform
memory validation instead of issuing the PVALIDATE instruction directly.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c | 183 +++++++++++++++++++-
 1 file changed, 182 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
index f45ae472783c..017ca715cee5 100644
--- a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
+++ b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
@@ -8,6 +8,7 @@
 
 #include <Base.h>
 #include <Uefi.h>
+#include <Library/BaseMemoryLib.h>
 #include <Library/CcSvsmLib.h>
 #include <Register/Amd/Msr.h>
 #include <Register/Amd/Svsm.h>
@@ -43,6 +44,78 @@ SnpTerminate (
   CpuDeadLoop ();
 }
 
+/**
+  Issue an SVSM request.
+
+  Invokes the SVSM to process a request on behalf of the guest.
+
+  @param[in,out]  SvsmCallData  Pointer to the SVSM call data
+
+  @return                       Contents of RAX upon return from VMGEXIT
+**/
+STATIC
+UINTN
+SvsmMsrProtocol (
+  IN OUT SVSM_CALL_DATA  *SvsmCallData
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  UINT64                    CurrentMsr;
+  UINT8                     Pending;
+  BOOLEAN                   InterruptState;
+  UINTN                     Ret;
+
+  do {
+    //
+    // Be sure that an interrupt can't cause a #VC while the GHCB MSR protocol
+    // is being used (#VC handler will ASSERT if lower 12-bits are not zero).
+    //
+    InterruptState = GetInterruptState ();
+    if (InterruptState) {
+      DisableInterrupts ();
+    }
+
+    Pending                   = 0;
+    SvsmCallData->CallPending = &Pending;
+
+    CurrentMsr = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+    Msr.Uint64                  = 0;
+    Msr.SnpVmplRequest.Function = GHCB_INFO_SNP_VMPL_REQUEST;
+    Msr.SnpVmplRequest.Vmpl     = 0;
+    AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64);
+
+    //
+    // Guest memory is used for the guest-SVSM communication, so fence the
+    // invocation of the VMGEXIT instruction to ensure VMSA accesses are
+    // synchronized properly.
+    //
+    MemoryFence ();
+    Ret = AsmVmgExitSvsm (SvsmCallData);
+    MemoryFence ();
+
+    Msr.Uint64 = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+    AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr);
+
+    if (InterruptState) {
+      EnableInterrupts ();
+    }
+
+    if (Pending != 0) {
+      SnpTerminate ();
+    }
+
+    if ((Msr.SnpVmplResponse.Function != GHCB_INFO_SNP_VMPL_RESPONSE) ||
+        (Msr.SnpVmplResponse.ErrorCode != 0))
+    {
+      SnpTerminate ();
+    }
+  } while (Ret == SVSM_ERR_INCOMPLETE || Ret == SVSM_ERR_BUSY);
+
+  return Ret;
+}
+
 /**
   Report the presence of an Secure Virtual Services Module (SVSM).
 
@@ -109,6 +182,114 @@ CcSvsmSnpGetCaa (
   return CcSvsmIsSvsmPresent () ? SvsmInfo->SvsmCaa : 0;
 }
 
+/**
+  Issue an SVSM request to perform the PVALIDATE instruction.
+
+  Invokes the SVSM to process the PVALIDATE instruction on behalf of the
+  guest to validate or invalidate the memory range specified.
+
+  @param[in]       Info           Pointer to a page state change structure
+
+**/
+STATIC
+VOID
+SvsmPvalidate (
+  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
+  )
+{
+  SVSM_CALL_DATA          SvsmCallData;
+  SVSM_CAA                *Caa;
+  SVSM_PVALIDATE_REQUEST  *Request;
+  SVSM_FUNCTION           Function;
+  BOOLEAN                 Validate;
+  UINTN                   Entry;
+  UINTN                   EntryLimit;
+  UINTN                   Index;
+  UINTN                   EndIndex;
+  UINT64                  Gfn;
+  UINT64                  GfnEnd;
+  UINTN                   Ret;
+
+  Caa = (SVSM_CAA *)CcSvsmSnpGetCaa ();
+  SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0);
+
+  Function.Id.Protocol = 0;
+  Function.Id.CallId   = 1;
+
+  Request    = (SVSM_PVALIDATE_REQUEST *)Caa->SvsmBuffer;
+  EntryLimit = ((sizeof (Caa->SvsmBuffer) - sizeof (*Request)) /
+                sizeof (Request->Entry[0])) - 1;
+
+  SvsmCallData.Caa   = Caa;
+  SvsmCallData.RaxIn = Function.Uint64;
+  SvsmCallData.RcxIn = (UINT64)(UINTN)Request;
+
+  Entry    = 0;
+  Index    = Info->Header.CurrentEntry;
+  EndIndex = Info->Header.EndEntry;
+
+  while (Index <= EndIndex) {
+    Validate = Info->Entry[Index].Operation == SNP_PAGE_STATE_PRIVATE;
+
+    Request->Header.Entries++;
+    Request->Entry[Entry].Bits.PageSize = Info->Entry[Index].PageSize;
+    Request->Entry[Entry].Bits.Action   = (Validate == TRUE) ? 1 : 0;
+    Request->Entry[Entry].Bits.IgnoreCf = 0;
+    Request->Entry[Entry].Bits.Address  = Info->Entry[Index].GuestFrameNumber;
+
+    Entry++;
+    if ((Entry > EntryLimit) || (Index == EndIndex)) {
+      Ret = SvsmMsrProtocol (&SvsmCallData);
+      if ((Ret == SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH) &&
+          (Request->Entry[Request->Header.Next].Bits.PageSize != 0))
+      {
+        // Calculate the Index of the entry after the entry that failed
+        // before clearing the buffer so that processing can continue
+        // from that point
+        Index = Index - (Entry - Request->Header.Next) + 2;
+
+        // Obtain the failing GFN before clearing the buffer
+        Gfn = Request->Entry[Request->Header.Next].Bits.Address;
+
+        // Clear the buffer in prep for creating all new entries
+        SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0);
+        Entry = 0;
+
+        GfnEnd = Gfn + PAGES_PER_2MB_ENTRY - 1;
+        for ( ; Gfn <= GfnEnd; Gfn++) {
+          Request->Header.Entries++;
+          Request->Entry[Entry].Bits.PageSize = 0;
+          Request->Entry[Entry].Bits.Action   = (Validate == TRUE) ? 1 : 0;
+          Request->Entry[Entry].Bits.IgnoreCf = 0;
+          Request->Entry[Entry].Bits.Address  = Gfn;
+
+          Entry++;
+          if ((Entry > EntryLimit) || (Gfn == GfnEnd)) {
+            Ret = SvsmMsrProtocol (&SvsmCallData);
+            if (Ret != 0) {
+              SnpTerminate ();
+            }
+
+            SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0);
+            Entry = 0;
+          }
+        }
+
+        continue;
+      }
+
+      if (Ret != 0) {
+        SnpTerminate ();
+      }
+
+      SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0);
+      Entry = 0;
+    }
+
+    Index++;
+  }
+}
+
 /**
   Perform a native PVALIDATE operation for the page ranges specified.
 
@@ -193,7 +374,7 @@ CcSvsmSnpPvalidate (
   IN SNP_PAGE_STATE_CHANGE_INFO  *Info
   )
 {
-  BasePvalidate (Info);
+  CcSvsmIsSvsmPresent () ? SvsmPvalidate (Info) : BasePvalidate (Info);
 }
 
 /**
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115853): https://edk2.groups.io/g/devel/message/115853
Mute This Topic: https://groups.io/mt/104512972/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 19/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

Similar to the Page State Change optimization added previously, also take
into account the possiblity of using the SVSM for PVALIDATE instructions.
Conditionally adjust the maximum number of entries based on how many
entries the SVSM calling area can support.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 4e1225d12797..7060cd61b21c 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -18,6 +18,7 @@
 
 #include <Register/Amd/Ghcb.h>
 #include <Register/Amd/Msr.h>
+#include <Register/Amd/Svsm.h>
 
 #include "SnpPageStateChange.h"
 
@@ -78,6 +79,7 @@ BuildPageStateBuffer (
   UINTN                 Index;
   UINTN                 IndexMax;
   UINTN                 PscIndexMax;
+  UINTN                 SvsmIndexMax;
 
   // Clear the page state structure
   SetMem (Info, InfoSize, 0);
@@ -96,6 +98,11 @@ BuildPageStateBuffer (
     IndexMax = MIN (IndexMax, PscIndexMax);
   }
 
+  SvsmIndexMax = (IndexMax / SVSM_PVALIDATE_MAX_ENTRY) * SVSM_PVALIDATE_MAX_ENTRY;
+  if (SvsmIndexMax > 0) {
+    IndexMax = MIN (IndexMax, SvsmIndexMax);
+  }
+
   //
   // Populate the page state entry structure
   //
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115854): https://edk2.groups.io/g/devel/message/115854
Mute This Topic: https://groups.io/mt/104512975/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 20/23] OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The RMPADJUST instruction is used to alter the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. When
an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU
calls to add or remove the VMSA attribute on a page instead of issuing
the RMPADJUST instruction directly.

Implement the CcSvsmSnpVmsaRmpAdjust() API to perform the proper operation
to update the VMSA attribute.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c | 54 +++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
index 017ca715cee5..97fe09aa7329 100644
--- a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
+++ b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
@@ -377,6 +377,57 @@ CcSvsmSnpPvalidate (
   CcSvsmIsSvsmPresent () ? SvsmPvalidate (Info) : BasePvalidate (Info);
 }
 
+/**
+  Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+  Add or remove the VMSA attribute for a page.
+
+  @param[in]       Vmsa           Pointer to an SEV-ES save area page
+  @param[in]       ApicId         APIC ID associated with the VMSA
+  @param[in]       SetVmsa        Boolean indicator as to whether to set or
+                                  or clear the VMSA setting for the page
+
+  @retval  EFI_SUCCESS            RMPADJUST operation successful
+  @retval  EFI_UNSUPPORTED        Operation is not supported
+  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
+                                  parameter was supplied
+
+**/
+STATIC
+EFI_STATUS
+SvsmVmsaRmpAdjust (
+  IN SEV_ES_SAVE_AREA  *Vmsa,
+  IN UINT32            ApicId,
+  IN BOOLEAN           SetVmsa
+  )
+{
+  SVSM_CALL_DATA  SvsmCallData;
+  SVSM_FUNCTION   Function;
+  UINTN           Ret;
+
+  SvsmCallData.Caa = (SVSM_CAA *)CcSvsmSnpGetCaa ();
+
+  Function.Id.Protocol = 0;
+
+  if (SetVmsa) {
+    Function.Id.CallId = 2;
+
+    SvsmCallData.RaxIn = Function.Uint64;
+    SvsmCallData.RcxIn = (UINT64)(UINTN)Vmsa;
+    SvsmCallData.RdxIn = (UINT64)(UINTN)Vmsa + SIZE_4KB;
+    SvsmCallData.R8In  = ApicId;
+  } else {
+    Function.Id.CallId = 3;
+
+    SvsmCallData.RaxIn = Function.Uint64;
+    SvsmCallData.RcxIn = (UINT64)(UINTN)Vmsa;
+  }
+
+  Ret = SvsmMsrProtocol (&SvsmCallData);
+
+  return (Ret == 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER;
+}
+
 /**
   Perform a native RMPADJUST operation to alter the VMSA setting of a page.
 
@@ -444,5 +495,6 @@ CcSvsmSnpVmsaRmpAdjust (
   IN BOOLEAN           SetVmsa
   )
 {
-  return BaseVmsaRmpAdjust (Vmsa, SetVmsa);
+  return CcSvsmIsSvsmPresent () ? SvsmVmsaRmpAdjust (Vmsa, ApicId, SetVmsa)
+                                : BaseVmsaRmpAdjust (Vmsa, SetVmsa);
 }
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115855): https://edk2.groups.io/g/devel/message/115855
Mute This Topic: https://groups.io/mt/104512977/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 21/23] UefiCpuPkg/MpInitLib: AP creation support under an SVSM

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

When running under an SVSM, the VMPL level of the APs that are started
must match the VMPL level provided by the SVSM. Additionally, each AP
must have a Calling Area for use with the SVSM protocol. Update the AP
creation to properly support running under an SVSM.

Acked-by: Ray Ni <ray.ni@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 28 +++++++++++++-------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index bb4a52b25cd2..681a47669a47 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -44,7 +44,8 @@ SevSnpPerformApAction (
 
   if (Action == SVM_VMGEXIT_SNP_AP_CREATE) {
     //
-    // Turn the page into a recognized VMSA page.
+    // Turn the page into a recognized VMSA page. When an SVSM is present
+    // the page following the VMSA is the Calling Area page.
     //
     VmsaStatus = CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE);
     if (EFI_ERROR (VmsaStatus)) {
@@ -56,6 +57,7 @@ SevSnpPerformApAction (
   }
 
   ExitInfo1  = (UINT64)ApicId << 32;
+  ExitInfo1 |= (UINT64)SaveArea->Vmpl << 16;
   ExitInfo1 |= Action;
   ExitInfo2  = (UINT64)(UINTN)SaveArea;
 
@@ -87,8 +89,9 @@ SevSnpPerformApAction (
 
   if (Action == SVM_VMGEXIT_SNP_AP_DESTROY) {
     //
-    // Make the current VMSA not runnable and accessible to be
-    // reprogrammed.
+    // Make the current VMSA not runnable and accessible to be reprogrammed.
+    // When an SVSM is present the page following the VMSA is the Calling Area
+    // page.
     //
     VmsaStatus = CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE);
     if (EFI_ERROR (VmsaStatus)) {
@@ -116,6 +119,7 @@ SevSnpCreateSaveArea (
   UINT32          ApicId
   )
 {
+  UINTN             PageCount;
   UINT8             *Pages;
   SEV_ES_SAVE_AREA  *SaveArea;
   IA32_CR0          ApCr0;
@@ -125,13 +129,19 @@ SevSnpCreateSaveArea (
   UINTN             StartIp;
   UINT8             SipiVector;
 
+  //
+  // When running under an SVSM, a Calling Area page is also needed and is
+  // always the page following the VMSA.
+  //
+  PageCount = CcSvsmIsSvsmPresent () ? 2 : 1;
+
   if (CpuData->SevEsSaveArea == NULL) {
     //
     // Allocate a page for the SEV-ES Save Area and initialize it. Due to AMD
     // erratum #1467 (VMSA cannot be on a 2MB boundary), allocate an extra page
     // to choose from to work around the issue.
     //
-    Pages = AllocateReservedPages (2);
+    Pages = AllocateReservedPages (PageCount + 1);
     if (!Pages) {
       return;
     }
@@ -140,12 +150,12 @@ SevSnpCreateSaveArea (
     // Since page allocation works by allocating downward in the address space,
     // try to always free the first (lower address) page to limit possible holes
     // in the memory map. So, if the address of the second page is 2MB aligned,
-    // then use the first page and free the second page. Otherwise, free the
+    // then use the first page and free the last page. Otherwise, free the
     // first page and use the second page.
     //
     if (_IS_ALIGNED (Pages + EFI_PAGE_SIZE, SIZE_2MB)) {
       SaveArea = (SEV_ES_SAVE_AREA *)Pages;
-      FreePages (Pages + EFI_PAGE_SIZE, 1);
+      FreePages (Pages + (EFI_PAGE_SIZE * PageCount), 1);
     } else {
       SaveArea = (SEV_ES_SAVE_AREA *)(Pages + EFI_PAGE_SIZE);
       FreePages (Pages, 1);
@@ -163,7 +173,7 @@ SevSnpCreateSaveArea (
     }
   }
 
-  ZeroMem (SaveArea, EFI_PAGE_SIZE);
+  ZeroMem (SaveArea, EFI_PAGE_SIZE * PageCount);
 
   //
   // Propogate the CR0.NW and CR0.CD setting to the AP
@@ -239,10 +249,10 @@ SevSnpCreateSaveArea (
 
   //
   // Set the SEV-SNP specific fields for the save area:
-  //   VMPL - always VMPL0
+  //   VMPL - based on current mode
   //   SEV_FEATURES - equivalent to the SEV_STATUS MSR right shifted 2 bits
   //
-  SaveArea->Vmpl        = 0;
+  SaveArea->Vmpl        = CcSvsmSnpGetVmpl ();
   SaveArea->SevFeatures = AsmReadMsr64 (MSR_SEV_STATUS) >> 2;
 
   SevSnpPerformApAction (SaveArea, ApicId, SVM_VMGEXIT_SNP_AP_CREATE);
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115856): https://edk2.groups.io/g/devel/message/115856
Mute This Topic: https://groups.io/mt/104512980/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 22/23] Ovmfpkg/CcExitLib: Provide SVSM discovery support

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The SVSM specification documents an alternative method of discovery for
the SVSM using a reserved CPUID bit and a reserved MSR.

For the CPUID support, the #VC handler of an SEV-SNP guest should modify
the returned value in the EAX register for the 0x8000001f CPUID function
by setting bit 28 when an SVSM is present.

For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC
should be generated when accessing this MSR. The #VC handler is expected
to ignore writes to this MSR and return the physical calling area address
(CAA) on reads of this MSR.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/CcExitLib/CcExitLib.inf     |  3 +-
 OvmfPkg/Library/CcExitLib/SecCcExitLib.inf  |  3 +-
 OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 ++++++++++++++++++--
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/Library/CcExitLib/CcExitLib.inf b/OvmfPkg/Library/CcExitLib/CcExitLib.inf
index bc75cd5f5a04..692143acd9ad 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitLib.inf
+++ b/OvmfPkg/Library/CcExitLib/CcExitLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  CcExitLib Library.
 #
-#  Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+#  Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
 #  Copyright (C) 2020 - 2022, Intel Corporation. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -41,6 +41,7 @@ [LibraryClasses]
   DebugLib
   LocalApicLib
   MemEncryptSevLib
+  CcSvsmLib
 
 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
diff --git a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf b/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
index 811269dd2c06..6778c1af6516 100644
--- a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
+++ b/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  VMGEXIT Support Library.
 #
-#  Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+#  Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -41,6 +41,7 @@ [LibraryClasses]
   LocalApicLib
   MemEncryptSevLib
   PcdLib
+  CcSvsmLib
 
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
index 0fc30f7bc4f6..edb4b57655d4 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
+++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
@@ -1,7 +1,7 @@
 /** @file
   X64 #VC Exception Handler functon.
 
-  Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+  Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -12,6 +12,7 @@
 #include <Library/LocalApicLib.h>
 #include <Library/MemEncryptSevLib.h>
 #include <Library/CcExitLib.h>
+#include <Library/CcSvsmLib.h>
 #include <Register/Amd/Msr.h>
 #include <Register/Intel/Cpuid.h>
 #include <IndustryStandard/InstructionParsing.h>
@@ -713,10 +714,29 @@ MsrExit (
   IN     CC_INSTRUCTION_DATA     *InstructionData
   )
 {
-  UINT64  ExitInfo1, Status;
+  MSR_SVSM_CAA_REGISTER  Msr;
+  UINT64                 ExitInfo1;
+  UINT64                 Status;
 
   ExitInfo1 = 0;
 
+  //
+  // The SVSM CAA MSR is a software implemented MSR and not supported
+  // by the hardware, handle it directly.
+  //
+  if (Regs->Rax == MSR_SVSM_CAA) {
+    // Writes to the SVSM CAA MSR are ignored
+    if (*(InstructionData->OpCodes + 1) == 0x30) {
+      return 0;
+    }
+
+    Msr.Uint64 = CcSvsmSnpGetCaa ();
+    Regs->Rax  = Msr.Bits.Lower32Bits;
+    Regs->Rdx  = Msr.Bits.Upper32Bits;
+
+    return 0;
+  }
+
   switch (*(InstructionData->OpCodes + 1)) {
     case 0x30: // WRMSR
       ExitInfo1          = 1;
@@ -1388,6 +1408,11 @@ GetCpuidFw (
     *Ebx = (*Ebx & 0xFFFFFF00) | (Ebx2 & 0x000000FF);
     /* node ID */
     *Ecx = (*Ecx & 0xFFFFFF00) | (Ecx2 & 0x000000FF);
+  } else if (EaxIn == 0x8000001F) {
+    /* Set the SVSM feature bit if running under an SVSM */
+    if (CcSvsmIsSvsmPresent ()) {
+      *Eax |= BIT28;
+    }
   }
 
 Out:
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115857): https://edk2.groups.io/g/devel/message/115857
Mute This Topic: https://groups.io/mt/104512981/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 23/23] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0

[Lendacky, Thomas via groups.io]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

Currently, an SEV-SNP guest will terminate if it is not running at VMPL0.
The requirement for running at VMPL0 is removed if an SVSM is present.

Update the current VMPL0 check to additionally check for the presence of
an SVSM is the guest is not running at VMPL0.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index ca279d77274b..f2d9f7cf2fea 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -12,6 +12,7 @@
 #include <Library/BaseLib.h>
 #include <Library/DebugLib.h>
 #include <Library/MemEncryptSevLib.h>
+#include <Library/CcSvsmLib.h>
 
 #include "SnpPageStateChange.h"
 
@@ -74,10 +75,12 @@ MemEncryptSevSnpPreValidateSystemRam (
 
   //
   // The page state change uses the PVALIDATE instruction. The instruction
-  // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate
-  // the boot.
+  // can be run at VMPL-0 only. If its not a VMPL-0 guest, then an SVSM must
+  // be present to perform the operation on behalf of the guest. If the guest
+  // is not running at VMPL-0 and an SVSM is not present, then terminate the
+  // boot.
   //
-  if (!SevSnpIsVmpl0 ()) {
+  if (!SevSnpIsVmpl0 () && !CcSvsmIsSvsmPresent ()) {
     SnpPageStateFailureTerminate ();
   }
 
-- 
2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115858): https://edk2.groups.io/g/devel/message/115858
Mute This Topic: https://groups.io/mt/104512987/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 02/23] MdePkg: GHCB APIC ID retrieval support definitions

[Ni, Ray]

> +//
> +// Get APIC IDs
> +//
> +#define EFI_APIC_IDS_GUID  \
> +  { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80,
> 0x1b }}
> +extern EFI_GUID  gEfiApicIdsGuid;

Since the above GUID is associated with the structure below, how about
rename the GUID from "gEfiApicIdsGuid" which is very general to a specific
name "gGhcbApicIdsGuid"?

+ @Yao, Jiewen, @Xu, Min M  for comments.

> +
> +typedef struct {
> +  UINT32    NumEntries;
> +  UINT32    ApicIds[];
> +} GHCB_APIC_IDS;
> +
>  //
>  // SEV-ES save area mapping structures used for SEV-SNP AP Creation.
>  // Only the fields required to be set to a non-zero value are defined.
> --
> 2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115860): https://edk2.groups.io/g/devel/message/115860
Mute This Topic: https://groups.io/mt/104512930/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 01/23] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:40AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
> the return value is checked with EFI_ERROR() when it should just be
> compared to 0. Fix the error check.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116014): https://edk2.groups.io/g/devel/message/116014
Mute This Topic: https://groups.io/mt/104512928/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 02/23] MdePkg: GHCB APIC ID retrieval support definitions

[Gerd Hoffmann]

On Fri, Feb 23, 2024 at 12:16:54AM +0000, Ni, Ray wrote:
> 
> > +//
> > +// Get APIC IDs
> > +//
> > +#define EFI_APIC_IDS_GUID  \
> > +  { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80,
> > 0x1b }}
> > +extern EFI_GUID  gEfiApicIdsGuid;
> 
> Since the above GUID is associated with the structure below, how about
> rename the GUID from "gEfiApicIdsGuid" which is very general to a specific
> name "gGhcbApicIdsGuid"?

Same comment goes for EFI_APIC_IDS_GUID.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116015): https://edk2.groups.io/g/devel/message/116015
Mute This Topic: https://groups.io/mt/104512930/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 03/23] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:42AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
> them before any APs are actually started. The APIC IDs can be used
> to start the APs for any SEV-SNP guest, but is a requirement for an
> SEV-SNP guest that is running under an SVSM.
> 
> After retrieving the APIC IDs, save the address of the APIC ID data
> structure in a GUIDed HOB.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116016): https://edk2.groups.io/g/devel/message/116016
Mute This Topic: https://groups.io/mt/104512934/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 04/23] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:43AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> Currently, the first time an AP is started for an SEV-SNP guest, it relies
> on the VMSA as set by the hypervisor. If the list of APIC IDs has been
> retrieved, this is not necessary. Instead, use the SEV-SNP AP Create
> protocol to start the AP for the first time and thereafter using the VMPL
> at which the BSP is running.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116018): https://edk2.groups.io/g/devel/message/116018
Mute This Topic: https://groups.io/mt/104512938/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 05/23] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:44AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> In prep for follow-on patches, fix an area of the code that does not meet
> the uncrustify coding standards.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116019): https://edk2.groups.io/g/devel/message/116019
Mute This Topic: https://groups.io/mt/104512941/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 06/23] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:45AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> Calculate the amount of memory that can be use to build the Page State
> Change data (SNP_PAGE_STATE_CHANGE_INFO) instead of using a hard-coded
> size. This allows for changes to the GHCB shared buffer size without
> having to make changes to the page state change code.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116020): https://edk2.groups.io/g/devel/message/116020
Mute This Topic: https://groups.io/mt/104512944/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 07/23] MdePkg: Avoid hardcoded value for number of Page State Change entries

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:46AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
> fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
> structure maps the full GHCB shared buffer based on the shared buffer size
> being 2032 bytes.
> 
> Instead of using a hardcoded value for SNP_PAGE_STATE_MAX_ENTRY, use a
> build calculated value. Since the SNP_PAGE_STATE_CHANGE_INFO is used as a
> mapping, eliminate the hardcoded array size so that the structure can be
> used based on any size buffer.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  MdePkg/Include/Register/Amd/Ghcb.h | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/Amd/Ghcb.h
> index 432d67e3e223..0cdc00627472 100644
> --- a/MdePkg/Include/Register/Amd/Ghcb.h
> +++ b/MdePkg/Include/Register/Amd/Ghcb.h
> @@ -197,13 +197,14 @@ typedef struct {
>    UINT32    Reserved;
>  } SNP_PAGE_STATE_HEADER;
>  
> -#define SNP_PAGE_STATE_MAX_ENTRY  253
> -
>  typedef struct {
>    SNP_PAGE_STATE_HEADER    Header;
> -  SNP_PAGE_STATE_ENTRY     Entry[SNP_PAGE_STATE_MAX_ENTRY];
> +  SNP_PAGE_STATE_ENTRY     Entry[];
>  } SNP_PAGE_STATE_CHANGE_INFO;

Good.

> +#define SNP_PAGE_STATE_MAX_ENTRY  \
> +  ((sizeof (((GHCB *)0)->SharedBuffer) - sizeof (SNP_PAGE_STATE_HEADER)) / sizeof (SNP_PAGE_STATE_ENTRY))

Can be dropped I think, after applying patch #6 BaseMemEncryptSevLib
does not use SNP_PAGE_STATE_MAX_ENTRY any more.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116021): https://edk2.groups.io/g/devel/message/116021
Mute This Topic: https://groups.io/mt/104512946/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 08/23] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support

[Gerd Hoffmann]

> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> @@ -23,6 +23,8 @@ STATIC BOOLEAN          mAddressEncMaskChecked = FALSE;
>  STATIC UINT64           mAddressEncMask;
>  STATIC PAGE_TABLE_POOL  *mPageTablePool = NULL;
>  
> +STATIC VOID  *mPscBuffer = NULL;
> +
>  typedef enum {
>    SetCBit,
>    ClearCBit

Oh.  Global variable in PEI code (both pre-existing and newly added).

This is problematic because in OVMF PEI is executed in-place and the
firmware volumes is measured by TPM PEIM.  Global variables modify
the PEI firmware volume and break the measurement.

A while back OVMF added EFI_HOB_PLATFORM_INFO (see
OvmfPkg/Include/Library/PlatformInitLib.h) to fix that.  Most fields
in that struct used to be global variables.

> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> @@ -17,6 +17,8 @@
>  #include "SnpPageStateChange.h"
>  #include "VirtualMemory.h"
>  
> +STATIC UINT8  mPscBufferPage[EFI_PAGE_SIZE];
> +

Same problem.

Given this is a pre-exising problem, affects SEV only and the rest of
the patch looks fine:
Acked-by: Gerd Hoffmann <kraxel@redhat.com>

But it should be cleaned up at some point.  BaseMemEncryptSevLib needs
an update anyway (use CpuPageTableLib, support 5-level paging).

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116026): https://edk2.groups.io/g/devel/message/116026
Mute This Topic: https://groups.io/mt/104512949/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 09/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:48AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> When building the Page State Change entries for a range of memory, it can
> happen that multiple calls to BuildPageStateBuffer() need to be made. If
> the size of the input work area passed to BuildPageStateBuffer() exceeds
> the number of entries that can be passed to the hypervisor using the GHCB
> shared buffer, the Page State Change VMGEXIT support will issue multiple
> VMGEXITs to process all entries in the buffer.
> 
> However, it could be that the final VMGEXIT for each round of Page State
> Changes is only for a small number of entries and subsequent VMGEXITs may
> still be issued to handle the full range of memory requested. To maximize
> the number of entries processed during the Page State Change VMGEXIT,
> limit BuildPageStateBuffer() to not build entries that exceed the maximum
> number of entries that can be handled in a single Page State Change
> VMGEXIT.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116027): https://edk2.groups.io/g/devel/message/116027
Mute This Topic: https://groups.io/mt/104512950/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 11/23] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:50AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> The SVSM specification relies on a specific register calling convention to
> hold the parameters that are associated with the SVSM request. The SVSM is
> invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
> using the GHCB MSR Protocol or a GHCB NAE event.
> 
> Create a new version of the VMGEXIT instruction that will adhere to this
> calling convention and load the SVSM function arguments into the proper
> register before invoking the VMGEXIT instruction. On return, perform the
> atomic exchange on the SVSM call pending value as specified in the SVSM
> specification.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116030): https://edk2.groups.io/g/devel/message/116030
Mute This Topic: https://groups.io/mt/104512956/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:51AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
> lower, a new CcSvsmLib library must be created.
> 
> This library includes an interface to detect if running under an SVSM, an
> interface to return the current VMPL, an interface to perform memory
> validation and an interface to set or clear the attribute that allows a
> page to be used as a VMSA.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

> ---
>  UefiCpuPkg/UefiCpuPkg.dec                          |   5 +-
>  UefiCpuPkg/UefiCpuPkg.dsc                          |   4 +-
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf |  27 +++++
>  UefiCpuPkg/Include/Library/CcSvsmLib.h             | 101 ++++++++++++++++++
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c   | 108 ++++++++++++++++++++
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni |  13 +++
>  6 files changed, 256 insertions(+), 2 deletions(-)
> 
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
> index 571b59b36f0a..4a383c6d1d4d 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -2,7 +2,7 @@
>  # This Package provides UEFI compatible CPU modules and libraries.
>  #
>  # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
>  #
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64]
>    ##  @libraryclass  Provides function to support CcExit processing.
>    CcExitLib|Include/Library/CcExitLib.h
>  
> +  ##  @libraryclass  Provides function to support CcSvsm processing.
> +  CcSvsmLib|Include/Library/CcSvsmLib.h
> +
>    ##  @libraryclass  Provides function to get CPU cache information.
>    CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h
>  
> diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
> index 10b33594e586..1ee726e6c6b5 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dsc
> +++ b/UefiCpuPkg/UefiCpuPkg.dsc
> @@ -2,7 +2,7 @@
>  #  UefiCpuPkg Package
>  #
>  #  Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -#  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +#  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
>  #
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -61,6 +61,7 @@ [LibraryClasses]
>    PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
>    TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
>    CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> +  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>    MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
>    SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
>    CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
> @@ -159,6 +160,7 @@ [Components.IA32, Components.X64]
>    UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf
>    UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf
>    UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> +  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>    UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
>    UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
>    UefiCpuPkg/SecCore/SecCore.inf
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> new file mode 100644
> index 000000000000..b45a75941a8a
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> @@ -0,0 +1,27 @@
> +## @file
> +#  CcSvsm Base Support Library.
> +#
> +#  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 1.29
> +  BASE_NAME                      = CcSvsmLibNull
> +  MODULE_UNI_FILE                = CcSvsmLibNull.uni
> +  FILE_GUID                      = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9
> +  MODULE_TYPE                    = BASE
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = CcSvsmLib
> +
> +[Sources.common]
> +  CcSvsmLibNull.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  UefiCpuPkg/UefiCpuPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +
> diff --git a/UefiCpuPkg/Include/Library/CcSvsmLib.h b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> new file mode 100644
> index 000000000000..4715f4db3bd1
> --- /dev/null
> +++ b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> @@ -0,0 +1,101 @@
> +/** @file
> +  Public header file for the CcSvsmLib.
> +
> +  This library class defines some routines used for invoking an SVSM when the
> +  guest is not running at VMPL0.
> +
> +  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef CC_SVSM_LIB_H_
> +#define CC_SVSM_LIB_H_
> +
> +#include <Protocol/DebugSupport.h>
> +#include <Register/Amd/Ghcb.h>
> +
> +/**
> +  Report the presence of an Secure Virtual Services Module (SVSM).
> +
> +  Determines the presence of an SVSM.
> +
> +  @retval  TRUE                   An SVSM is present
> +  @retval  FALSE                  An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> +  VOID
> +  );
> +
> +/**
> +  Report the VMPL level at which the SEV-SNP guest is running.
> +
> +  Determines the VMPL level at which the guest is running. If an SVSM is
> +  not present, then it must be VMPL0, otherwise return what is reported
> +  by the SVSM.
> +
> +  @return                         The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> +  VOID
> +  );
> +
> +/**
> +  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> +  If an SVSM is present, the CAA for the BSP is returned.
> +
> +  @return                         The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> +  VOID
> +  );
> +
> +/**
> +  Perform a PVALIDATE operation for the page ranges specified.
> +
> +  Validate or rescind the validation of the specified pages.
> +
> +  @param[in]       Info           Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> +  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
> +  );
> +
> +/**
> +  Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> +  Add or remove the VMSA attribute for a page.
> +
> +  @param[in]       Vmsa           Pointer to an SEV-ES save area page
> +  @param[in]       ApicId         APIC ID associated with the VMSA
> +  @param[in]       SetVmsa        Boolean indicator as to whether to set or
> +                                  or clear the VMSA setting for the page
> +
> +  @retval  EFI_SUCCESS            RMPADJUST operation successful
> +  @retval  EFI_UNSUPPORTED        Operation is not supported
> +  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
> +                                  parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> +  IN SEV_ES_SAVE_AREA  *Vmsa,
> +  IN UINT32            ApicId,
> +  IN BOOLEAN           SetVmsa
> +  );
> +
> +#endif
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> new file mode 100644
> index 000000000000..268bd9a7ca54
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> @@ -0,0 +1,108 @@
> +/** @file
> +  CcSvsm Base Support Library.
> +
> +  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Uefi.h>
> +#include <Library/CcSvsmLib.h>
> +
> +/**
> +  Report the presence of an Secure Virtual Services Module (SVSM).
> +
> +  Determines the presence of an SVSM.
> +
> +  @retval  TRUE                   An SVSM is present
> +  @retval  FALSE                  An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> +  VOID
> +  )
> +{
> +  return FALSE;
> +}
> +
> +/**
> +  Report the VMPL level at which the SEV-SNP guest is running.
> +
> +  Determines the VMPL level at which the guest is running. If an SVSM is
> +  not present, then it must be VMPL0, otherwise return what is reported
> +  by the SVSM.
> +
> +  @return                         The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> +  VOID
> +  )
> +{
> +  return 0;
> +}
> +
> +/**
> +  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> +  If an SVSM is present, the CAA for the BSP is returned.
> +
> +  @return                         The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> +  VOID
> +  )
> +{
> +  return 0;
> +}
> +
> +/**
> +  Perform a PVALIDATE operation for the page ranges specified.
> +
> +  Validate or rescind the validation of the specified pages.
> +
> +  @param[in]       Info           Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> +  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
> +  )
> +{
> +}
> +
> +/**
> +  Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> +  Add or remove the VMSA attribute for a page.
> +
> +  @param[in]       Vmsa           Pointer to an SEV-ES save area page
> +  @param[in]       ApicId         APIC ID associated with the VMSA
> +  @param[in]       SetVmsa        Boolean indicator as to whether to set or
> +                                  or clear the VMSA setting for the page
> +
> +  @retval  EFI_SUCCESS            RMPADJUST operation successful
> +  @retval  EFI_UNSUPPORTED        Operation is not supported
> +  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
> +                                  parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> +  IN SEV_ES_SAVE_AREA  *Vmsa,
> +  IN UINT32            ApicId,
> +  IN BOOLEAN           SetVmsa
> +  )
> +{
> +  return EFI_UNSUPPORTED;
> +}
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> new file mode 100644
> index 000000000000..c80c0a5656dd
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> @@ -0,0 +1,13 @@
> +// /** @file
> +// CcSvsmLib instance.
> +//
> +// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "CcSvsmLib NULL instance"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "CcSvsmLib NULL instance."
> +
> -- 
> 2.42.0
> 

-- 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116031): https://edk2.groups.io/g/devel/message/116031
Mute This Topic: https://groups.io/mt/104512960/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 13/23] UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:52AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> The MpInitLib library will be updated to use the new CcSvsmLib library.
> To prevent any build breakage, update the UefiPayloadPkg DSC file to
> include the CcSvsmLib NULL library.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116032): https://edk2.groups.io/g/devel/message/116032
Mute This Topic: https://groups.io/mt/104512961/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 07/23] MdePkg: Avoid hardcoded value for number of Page State Change entries

[Lendacky, Thomas via groups.io]

On 2/27/24 04:18, Gerd Hoffmann wrote:
> On Thu, Feb 22, 2024 at 11:29:46AM -0600, Tom Lendacky wrote:
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>
>> The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
>> fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
>> structure maps the full GHCB shared buffer based on the shared buffer size
>> being 2032 bytes.
>>
>> Instead of using a hardcoded value for SNP_PAGE_STATE_MAX_ENTRY, use a
>> build calculated value. Since the SNP_PAGE_STATE_CHANGE_INFO is used as a
>> mapping, eliminate the hardcoded array size so that the structure can be
>> used based on any size buffer.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>>   MdePkg/Include/Register/Amd/Ghcb.h | 7 ++++---
>>   1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/Amd/Ghcb.h
>> index 432d67e3e223..0cdc00627472 100644
>> --- a/MdePkg/Include/Register/Amd/Ghcb.h
>> +++ b/MdePkg/Include/Register/Amd/Ghcb.h
>> @@ -197,13 +197,14 @@ typedef struct {
>>     UINT32    Reserved;
>>   } SNP_PAGE_STATE_HEADER;
>>   
>> -#define SNP_PAGE_STATE_MAX_ENTRY  253
>> -
>>   typedef struct {
>>     SNP_PAGE_STATE_HEADER    Header;
>> -  SNP_PAGE_STATE_ENTRY     Entry[SNP_PAGE_STATE_MAX_ENTRY];
>> +  SNP_PAGE_STATE_ENTRY     Entry[];
>>   } SNP_PAGE_STATE_CHANGE_INFO;
> 
> Good.
> 
>> +#define SNP_PAGE_STATE_MAX_ENTRY  \
>> +  ((sizeof (((GHCB *)0)->SharedBuffer) - sizeof (SNP_PAGE_STATE_HEADER)) / sizeof (SNP_PAGE_STATE_ENTRY))
> 
> Can be dropped I think, after applying patch #6 BaseMemEncryptSevLib
> does not use SNP_PAGE_STATE_MAX_ENTRY any more.

It gets used again in patch #9 for the exit optimization support.

Thanks,
Tom

> 
> take care,
>    Gerd
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116050): https://edk2.groups.io/g/devel/message/116050
Mute This Topic: https://groups.io/mt/104512946/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM

[Yao, Jiewen]

Some feedback:

1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions

MdePkg only contains the definition in the standard.

Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specification?

2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an-SVSM

I am not sure the position of SVSM.
If the SVSM interface is AMD specific, the it should be AmdSvsmLib.
If the SVSM interface is generic, then we should define everything in a generic way.

It is very confusing to mix a generic CcSvsm lib with AMD specific <Register/Amd/Ghcb.h>.


Thank you
Yao, Jiewen

> -----Original Message-----
> From: Tom Lendacky <thomas.lendacky@amd.com>
> Sent: Friday, February 23, 2024 1:30 AM
> To: devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>;
> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael
> Roth <michael.roth@amd.com>
> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM
> 
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> This series adds SEV-SNP support for running OVMF under an Secure VM
> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> By running at a less priviledged VMPL, the SVSM can be used to provide
> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> confidential VM (CVM) rather than trust such services from the hypervisor.
> 
> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> certain SNP related operations that require that VMPL level. Specifically,
> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> the VMSA attribute of a page (used when starting APs).
> 
> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> use an SVSM (which is running at VMPL0) to perform the operations that
> it is no longer able to perform.
> 
> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
> it will be starting. As a result, the GHCB APIC ID retrieval action must
> be performed. Since this service can also work with SEV-SNP running at
> VMPL0, the patches to make use of this feature are near the beginning of
> the series.
> 
> How OVMF interacts with and uses the SVSM is documented in the SVSM
> specification [1] and the GHCB specification [2].
> 
> This support creates a new CcSvsmLib library that is used by MpInitLib.
> This requires an update to the edk2-platform DSC files to add the new
> library. The edk2-platform change would be needed after patch 12, but
> before patch 15.
> 
> This series introduces support to run OVMF under an SVSM. It consists
> of:
>   - Retrieving the list of vCPU APIC IDs and starting up all APs without
>     performing a broadcast SIPI
>   - Reorganizing the page state change support to not directly use the
>     GHCB buffer since an SVSM will use the calling area buffer, instead
>   - Detecting the presence of an SVSM
>   - When not running at VMPL0, invoking the SVSM for page validation and
>     VMSA page creation/deletion
>   - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>     SVSM is present
> 
> The series is based off of commit:
> 
>   2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first before
> lock cmpxchg")
> 
> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> docs/specifications/58019.pdf
> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> docs/specifications/56421.pdf
> 
> ---
> 
> Changes in v2:
> - Move the APIC IDs retrieval support to the beginning of the patch series
>     - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
> - Split up Page State Change reorganization into multiple patches
> - Created CcSvsmLib library instead of extending CcExitLib
>     - This will require a corresponding update to edk2-platform DSC files
>     - Removed Ray Ni's Acked-by since it is not a minor change
> - Variable name changes and other misc changes
> 
> Tom Lendacky (23):
>   OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>   MdePkg: GHCB APIC ID retrieval support definitions
>   OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>   UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
>   OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>   OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>     Change
>   MdePkg: Avoid hardcoded value for number of Page State Change entries
>   OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>   OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>   MdePkg/Register/Amd: Define the SVSM related information
>   MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>   UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM
>   UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library
>   Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services
>   UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA
>   OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate
>     pages
>   OvmfPkg: Create a calling area used to communicate with the SVSM
>   OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>   OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>   OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls
>   UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>   Ovmfpkg/CcExitLib: Provide SVSM discovery support
>   OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>     VMPL0
> 
>  MdePkg/MdePkg.dec                                                     |   5 +-
>  OvmfPkg/OvmfPkg.dec                                                   |   4 +
>  UefiCpuPkg/UefiCpuPkg.dec                                             |   5 +-
>  OvmfPkg/AmdSev/AmdSevX64.dsc                                          |   1 +
>  OvmfPkg/Bhyve/BhyveX64.dsc                                            |   1 +
>  OvmfPkg/CloudHv/CloudHvX64.dsc                                        |   1 +
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc                                      |   1 +
>  OvmfPkg/Microvm/MicrovmX64.dsc                                        |   1 +
>  OvmfPkg/OvmfPkgIa32.dsc                                               |   1 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                                            |   3 +-
>  OvmfPkg/OvmfPkgX64.dsc                                                |   1 +
>  OvmfPkg/OvmfXen.dsc                                                   |   1 +
>  UefiCpuPkg/UefiCpuPkg.dsc                                             |   4 +-
>  UefiPayloadPkg/UefiPayloadPkg.dsc                                     |   1 +
>  OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
>  OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
>  MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
>  OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf          |   3
> +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf          |   3 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf          |   3
> +-
>  OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   3 +-
>  OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   3 +-
>  OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf                               |  38 ++
>  OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
>  OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf                    |  27 ++
>  UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   2 +
>  UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   2 +
>  MdePkg/Include/Library/BaseLib.h                                      |  39 ++
>  MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
>  MdePkg/Include/Register/Amd/Ghcb.h                                    |  23 +-
>  MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
>  MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
>  MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
>  OvmfPkg/Include/WorkArea.h                                            |   9 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   6
> +-
>  UefiCpuPkg/Include/Library/CcSvsmLib.h                                | 101 ++++
>  UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  29 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |
> 11 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  27
> +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |
> 22 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |
> 31 +-
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
> 206 ++++----
>  OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
>  OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c                                 | 500
> ++++++++++++++++++++
>  OvmfPkg/PlatformPei/AmdSev.c                                          | 102 +++-
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c                      | 108 +++++
>  UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  21 +-
>  UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   9 +-
>  UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 134 ++++--
>  MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
>  MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
>  OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
>  OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |  11 +-
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni                    |  13 +
>  55 files changed, 1628 insertions(+), 233 deletions(-)
>  create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
>  create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>  create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>  create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>  create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h
>  create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
>  create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
>  create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>  create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>  create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> 
> --
> 2.42.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116092): https://edk2.groups.io/g/devel/message/116092
Mute This Topic: https://groups.io/mt/104512925/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 14/23] Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services

[Gerd Hoffmann]

> +/**
> +  Perform a native PVALIDATE operation for the page ranges specified.
> +
> +  Validate or rescind the validation of the specified pages.
> +
> +  @param[in]       Info           Pointer to a page state change structure
> +
> +**/
> +STATIC
> +VOID
> +BasePvalidate (
> +  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
> +  )

This is not mentioned in the commit message.

Looks like you are moving or copying code from BaseMemEncryptSevLib.

Moving code is best done with a patch doing the move only, without other
functional changes.  If that can't be done easily this should explained
in the commit message.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116098): https://edk2.groups.io/g/devel/message/116098
Mute This Topic: https://groups.io/mt/104512963/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 15/23] UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:54AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> The RMPADJUST instruction is used to change the VMSA attribute of a page,
> but the VMSA attribute can only be changed when running at VMPL0. To
> prepare for running at a less priviledged VMPL, use the CcSvsmLib library
> API to perform the RMPADJUST. The CcSvsmLib library will perform the
> proper operation on behalf of the caller.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116099): https://edk2.groups.io/g/devel/message/116099
Mute This Topic: https://groups.io/mt/104512965/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 16/23] OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate pages

[Gerd Hoffmann]

> -STATIC
> -VOID
> -PvalidateRange (
> -  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
> -  )
> -{

Ah, here you are completing the code move started in patch #14.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116104): https://edk2.groups.io/g/devel/message/116104
Mute This Topic: https://groups.io/mt/104512967/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 17/23] OvmfPkg: Create a calling area used to communicate with the SVSM

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:56AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> An SVSM requires a calling area page whose address (CAA) is used by the
> SVSM to communicate and process the SVSM request.
> 
> Add a pre-defined page area to the OvmfPkg and AmdSev packages and define
> corresponding PCDs used to communicate the location and size of the area.
> Keep the AmdSev package in sync with the OvmfPkg and adjust the AmdSev
> launch and hash area memory locations.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116100): https://edk2.groups.io/g/devel/message/116100
Mute This Topic: https://groups.io/mt/104512971/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 18/23] OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call

[Gerd Hoffmann]

  Hi,

> +        // Clear the buffer in prep for creating all new entries
> +        SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0);

Minor nit: There is a ZeroMem() for this purpose.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116105): https://edk2.groups.io/g/devel/message/116105
Mute This Topic: https://groups.io/mt/104512972/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 19/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:58AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> Similar to the Page State Change optimization added previously, also take
> into account the possiblity of using the SVSM for PVALIDATE instructions.
> Conditionally adjust the maximum number of entries based on how many
> entries the SVSM calling area can support.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116106): https://edk2.groups.io/g/devel/message/116106
Mute This Topic: https://groups.io/mt/104512975/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 20/23] OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:29:59AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> The RMPADJUST instruction is used to alter the VMSA attribute of a page,
> but the VMSA attribute can only be changed when running at VMPL0. When
> an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU
> calls to add or remove the VMSA attribute on a page instead of issuing
> the RMPADJUST instruction directly.
> 
> Implement the CcSvsmSnpVmsaRmpAdjust() API to perform the proper operation
> to update the VMSA attribute.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116107): https://edk2.groups.io/g/devel/message/116107
Mute This Topic: https://groups.io/mt/104512977/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 22/23] Ovmfpkg/CcExitLib: Provide SVSM discovery support

[Gerd Hoffmann]

On Thu, Feb 22, 2024 at 11:30:01AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> The SVSM specification documents an alternative method of discovery for
> the SVSM using a reserved CPUID bit and a reserved MSR.
> 
> For the CPUID support, the #VC handler of an SEV-SNP guest should modify
> the returned value in the EAX register for the 0x8000001f CPUID function
> by setting bit 28 when an SVSM is present.
> 
> For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC
> should be generated when accessing this MSR. The #VC handler is expected
> to ignore writes to this MSR and return the physical calling area address
> (CAA) on reads of this MSR.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116109): https://edk2.groups.io/g/devel/message/116109
Mute This Topic: https://groups.io/mt/104512981/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 14/23] Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services

[Lendacky, Thomas via groups.io]

On 2/28/24 02:40, Gerd Hoffmann wrote:
>> +/**
>> +  Perform a native PVALIDATE operation for the page ranges specified.
>> +
>> +  Validate or rescind the validation of the specified pages.
>> +
>> +  @param[in]       Info           Pointer to a page state change structure
>> +
>> +**/
>> +STATIC
>> +VOID
>> +BasePvalidate (
>> +  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
>> +  )
> 
> This is not mentioned in the commit message.
> 
> Looks like you are moving or copying code from BaseMemEncryptSevLib.
> 
> Moving code is best done with a patch doing the move only, without other
> functional changes.  If that can't be done easily this should explained
> in the commit message.

I can leave this as unsupported in this patch and then when switching over 
to using the functions in patch #16, move the code at that time.

For the VMSA update, that isn't as easy because of the interaction between 
UefiCpuPkg (MpInitLib) and OvmfPkg and requires two separate patches, 
which would cause bisection breakage.

Or I could keep this all here and expand the commit message to indicate 
that the base support is being implemented based off of the existing support.

Thoughts?

Thanks,
Tom

> 
> take care,
>    Gerd
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116119): https://edk2.groups.io/g/devel/message/116119
Mute This Topic: https://groups.io/mt/104512963/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 18/23] OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call

[Lendacky, Thomas via groups.io]

On 2/28/24 02:50, Gerd Hoffmann wrote:
>    Hi,
> 
>> +        // Clear the buffer in prep for creating all new entries
>> +        SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0);
> 
> Minor nit: There is a ZeroMem() for this purpose.

I use SetMem() in a few places, I'll change them over to ZeroMem().

Thanks,
Tom

> 
> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> 
> take care,
>    Gerd
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116120): https://edk2.groups.io/g/devel/message/116120
Mute This Topic: https://groups.io/mt/104512972/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM

[Lendacky, Thomas via groups.io]

On 2/28/24 00:14, Yao, Jiewen wrote:
> Some feedback:
> 
> 1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions
> 
> MdePkg only contains the definition in the standard.
> 
> Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specification?

The structure is documented in the GHCB specification, but the GUID is not.

Is the request to move the GUID to someplace other than MdePkg?

> 
> 2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an-SVSM
> 
> I am not sure the position of SVSM.
> If the SVSM interface is AMD specific, the it should be AmdSvsmLib.

I believe TDX is also looking at the SVSM for TDX partitioning, but I'm 
not certain of that.

> If the SVSM interface is generic, then we should define everything in a generic way.
> 
> It is very confusing to mix a generic CcSvsm lib with AMD specific <Register/Amd/Ghcb.h>.

I can certainly change the name to be AMD specific fow now. It can always 
be changed to something else later if need be, much like VmgExitLib was 
changed to CcExitLib.

Thanks,
Tom

> 
> 
> Thank you
> Yao, Jiewen
> 
>> -----Original Message-----
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>> Sent: Friday, February 23, 2024 1:30 AM
>> To: devel@edk2.groups.io
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
>> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen
>> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>;
>> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
>> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael
>> Roth <michael.roth@amd.com>
>> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM
>>
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>
>> This series adds SEV-SNP support for running OVMF under an Secure VM
>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>> By running at a less priviledged VMPL, the SVSM can be used to provide
>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>> confidential VM (CVM) rather than trust such services from the hypervisor.
>>
>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>> certain SNP related operations that require that VMPL level. Specifically,
>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>> the VMSA attribute of a page (used when starting APs).
>>
>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>> use an SVSM (which is running at VMPL0) to perform the operations that
>> it is no longer able to perform.
>>
>> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
>> it will be starting. As a result, the GHCB APIC ID retrieval action must
>> be performed. Since this service can also work with SEV-SNP running at
>> VMPL0, the patches to make use of this feature are near the beginning of
>> the series.
>>
>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>> specification [1] and the GHCB specification [2].
>>
>> This support creates a new CcSvsmLib library that is used by MpInitLib.
>> This requires an update to the edk2-platform DSC files to add the new
>> library. The edk2-platform change would be needed after patch 12, but
>> before patch 15.
>>
>> This series introduces support to run OVMF under an SVSM. It consists
>> of:
>>    - Retrieving the list of vCPU APIC IDs and starting up all APs without
>>      performing a broadcast SIPI
>>    - Reorganizing the page state change support to not directly use the
>>      GHCB buffer since an SVSM will use the calling area buffer, instead
>>    - Detecting the presence of an SVSM
>>    - When not running at VMPL0, invoking the SVSM for page validation and
>>      VMSA page creation/deletion
>>    - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>>      SVSM is present
>>
>> The series is based off of commit:
>>
>>    2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first before
>> lock cmpxchg")
>>
>> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>> docs/specifications/58019.pdf
>> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>> docs/specifications/56421.pdf
>>
>> ---
>>
>> Changes in v2:
>> - Move the APIC IDs retrieval support to the beginning of the patch series
>>      - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
>> - Split up Page State Change reorganization into multiple patches
>> - Created CcSvsmLib library instead of extending CcExitLib
>>      - This will require a corresponding update to edk2-platform DSC files
>>      - Removed Ray Ni's Acked-by since it is not a minor change
>> - Variable name changes and other misc changes
>>
>> Tom Lendacky (23):
>>    OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>>    MdePkg: GHCB APIC ID retrieval support definitions
>>    OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>>    UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
>>    OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>>    OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>>      Change
>>    MdePkg: Avoid hardcoded value for number of Page State Change entries
>>    OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>>    OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>    MdePkg/Register/Amd: Define the SVSM related information
>>    MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>>    UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM
>>    UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library
>>    Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services
>>    UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA
>>    OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate
>>      pages
>>    OvmfPkg: Create a calling area used to communicate with the SVSM
>>    OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>>    OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>    OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls
>>    UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>>    Ovmfpkg/CcExitLib: Provide SVSM discovery support
>>    OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>>      VMPL0
>>
>>   MdePkg/MdePkg.dec                                                     |   5 +-
>>   OvmfPkg/OvmfPkg.dec                                                   |   4 +
>>   UefiCpuPkg/UefiCpuPkg.dec                                             |   5 +-
>>   OvmfPkg/AmdSev/AmdSevX64.dsc                                          |   1 +
>>   OvmfPkg/Bhyve/BhyveX64.dsc                                            |   1 +
>>   OvmfPkg/CloudHv/CloudHvX64.dsc                                        |   1 +
>>   OvmfPkg/IntelTdx/IntelTdxX64.dsc                                      |   1 +
>>   OvmfPkg/Microvm/MicrovmX64.dsc                                        |   1 +
>>   OvmfPkg/OvmfPkgIa32.dsc                                               |   1 +
>>   OvmfPkg/OvmfPkgIa32X64.dsc                                            |   3 +-
>>   OvmfPkg/OvmfPkgX64.dsc                                                |   1 +
>>   OvmfPkg/OvmfXen.dsc                                                   |   1 +
>>   UefiCpuPkg/UefiCpuPkg.dsc                                             |   4 +-
>>   UefiPayloadPkg/UefiPayloadPkg.dsc                                     |   1 +
>>   OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
>>   OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
>>   MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
>>   OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf          |   3
>> +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf          |   3 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf          |   3
>> +-
>>   OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   3 +-
>>   OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   3 +-
>>   OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf                               |  38 ++
>>   OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
>>   OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
>>   UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf                    |  27 ++
>>   UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   2 +
>>   UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   2 +
>>   MdePkg/Include/Library/BaseLib.h                                      |  39 ++
>>   MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
>>   MdePkg/Include/Register/Amd/Ghcb.h                                    |  23 +-
>>   MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
>>   MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
>>   MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
>>   OvmfPkg/Include/WorkArea.h                                            |   9 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |   6
>> +-
>>   UefiCpuPkg/Include/Library/CcSvsmLib.h                                | 101 ++++
>>   UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  29 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c    |
>> 11 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |  27
>> +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c    |
>> 22 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c    |
>> 31 +-
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
>> 206 ++++----
>>   OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
>>   OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c                                 | 500
>> ++++++++++++++++++++
>>   OvmfPkg/PlatformPei/AmdSev.c                                          | 102 +++-
>>   UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c                      | 108 +++++
>>   UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  21 +-
>>   UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   9 +-
>>   UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 134 ++++--
>>   MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
>>   MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
>>   OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
>>   OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |  11 +-
>>   UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni                    |  13 +
>>   55 files changed, 1628 insertions(+), 233 deletions(-)
>>   create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
>>   create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>>   create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>>   create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>>   create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h
>>   create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
>>   create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
>>   create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>>   create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>   create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
>>
>> --
>> 2.42.0
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116121): https://edk2.groups.io/g/devel/message/116121
Mute This Topic: https://groups.io/mt/104512925/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM

[Yao, Jiewen]

Below:

> -----Original Message-----
> From: Tom Lendacky <thomas.lendacky@amd.com>
> Sent: Thursday, February 29, 2024 12:20 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Laszlo Ersek
> <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>;
> Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
> Subject: Re: [PATCH v2 00/23] Provide SEV-SNP support for running under an
> SVSM
> 
> On 2/28/24 00:14, Yao, Jiewen wrote:
> > Some feedback:
> >
> > 1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions
> >
> > MdePkg only contains the definition in the standard.
> >
> > Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specification?
> 
> The structure is documented in the GHCB specification, but the GUID is not.
> 
> Is the request to move the GUID to someplace other than MdePkg?

[Jiewen] Right. If the GUID is NOT in GHCB spec, then it should be in other place, such as OvmfPkg.


> 
> >
> > 2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an-
> SVSM
> >
> > I am not sure the position of SVSM.
> > If the SVSM interface is AMD specific, the it should be AmdSvsmLib.
> 
> I believe TDX is also looking at the SVSM for TDX partitioning, but I'm
> not certain of that.
> 
> > If the SVSM interface is generic, then we should define everything in a generic
> way.
> >
> > It is very confusing to mix a generic CcSvsm lib with AMD specific
> <Register/Amd/Ghcb.h>.
> 
> I can certainly change the name to be AMD specific fow now. It can always
> be changed to something else later if need be, much like VmgExitLib was
> changed to CcExitLib.

[Jiewen] Yes, Intel is planning for SVSM. But it is NOT ready yet.
It is hard for me to discuss it now.

Maybe, please help me understand:
Is CcSvsmLib a generic library / common protocol between OVMF and Coconut-SVSM? - Option 1
Or is CcSvsmLib an implementation specific library, and the current API cannot be shared with Intel TDX in future? - Option 2

I notice that some API is for option 1 - CcSvsmIsSvsmPresent().
But some API is for option 2 - CcSvsmSnpGetVmpl(), CcSvsmSnpGetCaa(), CcSvsmSnpPvalidate(), CcSvsmSnpVmsaRmpAdjust().

How do you plan if TDX need to support SVSM later?
How do you plan if we need to add some generic interaction between OVMF and coconut-SVSM, such as vTPM?



> 
> Thanks,
> Tom
> 
> >
> >
> > Thank you
> > Yao, Jiewen
> >
> >> -----Original Message-----
> >> From: Tom Lendacky <thomas.lendacky@amd.com>
> >> Sent: Friday, February 23, 2024 1:30 AM
> >> To: devel@edk2.groups.io
> >> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> >> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao,
> Jiewen
> >> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
> >> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>;
> >> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> >> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>;
> Michael
> >> Roth <michael.roth@amd.com>
> >> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM
> >>
> >>
> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> >>
> >> This series adds SEV-SNP support for running OVMF under an Secure VM
> >> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> >> By running at a less priviledged VMPL, the SVSM can be used to provide
> >> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> >> confidential VM (CVM) rather than trust such services from the hypervisor.
> >>
> >> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> >> certain SNP related operations that require that VMPL level. Specifically,
> >> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> >> the VMSA attribute of a page (used when starting APs).
> >>
> >> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> >> use an SVSM (which is running at VMPL0) to perform the operations that
> >> it is no longer able to perform.
> >>
> >> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs
> that
> >> it will be starting. As a result, the GHCB APIC ID retrieval action must
> >> be performed. Since this service can also work with SEV-SNP running at
> >> VMPL0, the patches to make use of this feature are near the beginning of
> >> the series.
> >>
> >> How OVMF interacts with and uses the SVSM is documented in the SVSM
> >> specification [1] and the GHCB specification [2].
> >>
> >> This support creates a new CcSvsmLib library that is used by MpInitLib.
> >> This requires an update to the edk2-platform DSC files to add the new
> >> library. The edk2-platform change would be needed after patch 12, but
> >> before patch 15.
> >>
> >> This series introduces support to run OVMF under an SVSM. It consists
> >> of:
> >>    - Retrieving the list of vCPU APIC IDs and starting up all APs without
> >>      performing a broadcast SIPI
> >>    - Reorganizing the page state change support to not directly use the
> >>      GHCB buffer since an SVSM will use the calling area buffer, instead
> >>    - Detecting the presence of an SVSM
> >>    - When not running at VMPL0, invoking the SVSM for page validation and
> >>      VMSA page creation/deletion
> >>    - Detecting and allowing OVMF to run in a VMPL other than 0 when an
> >>      SVSM is present
> >>
> >> The series is based off of commit:
> >>
> >>    2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first
> before
> >> lock cmpxchg")
> >>
> >> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/58019.pdf
> >> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/56421.pdf
> >>
> >> ---
> >>
> >> Changes in v2:
> >> - Move the APIC IDs retrieval support to the beginning of the patch series
> >>      - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
> >> - Split up Page State Change reorganization into multiple patches
> >> - Created CcSvsmLib library instead of extending CcExitLib
> >>      - This will require a corresponding update to edk2-platform DSC files
> >>      - Removed Ray Ni's Acked-by since it is not a minor change
> >> - Variable name changes and other misc changes
> >>
> >> Tom Lendacky (23):
> >>    OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
> >>    MdePkg: GHCB APIC ID retrieval support definitions
> >>    OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
> >>    UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
> >>    OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
> >>    OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
> >>      Change
> >>    MdePkg: Avoid hardcoded value for number of Page State Change entries
> >>    OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
> >>    OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
> >>    MdePkg/Register/Amd: Define the SVSM related information
> >>    MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
> >>    UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM
> >>    UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library
> >>    Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services
> >>    UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA
> >>    OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate
> >>      pages
> >>    OvmfPkg: Create a calling area used to communicate with the SVSM
> >>    OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
> >>    OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
> >>    OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls
> >>    UefiCpuPkg/MpInitLib: AP creation support under an SVSM
> >>    Ovmfpkg/CcExitLib: Provide SVSM discovery support
> >>    OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
> >>      VMPL0
> >>
> >>   MdePkg/MdePkg.dec                                                     |   5 +-
> >>   OvmfPkg/OvmfPkg.dec                                                   |   4 +
> >>   UefiCpuPkg/UefiCpuPkg.dec                                             |   5 +-
> >>   OvmfPkg/AmdSev/AmdSevX64.dsc                                          |   1 +
> >>   OvmfPkg/Bhyve/BhyveX64.dsc                                            |   1 +
> >>   OvmfPkg/CloudHv/CloudHvX64.dsc                                        |   1 +
> >>   OvmfPkg/IntelTdx/IntelTdxX64.dsc                                      |   1 +
> >>   OvmfPkg/Microvm/MicrovmX64.dsc                                        |   1 +
> >>   OvmfPkg/OvmfPkgIa32.dsc                                               |   1 +
> >>   OvmfPkg/OvmfPkgIa32X64.dsc                                            |   3 +-
> >>   OvmfPkg/OvmfPkgX64.dsc                                                |   1 +
> >>   OvmfPkg/OvmfXen.dsc                                                   |   1 +
> >>   UefiCpuPkg/UefiCpuPkg.dsc                                             |   4 +-
> >>   UefiPayloadPkg/UefiPayloadPkg.dsc                                     |   1 +
> >>   OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
> >>   OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
> >>   MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf          |
> 3
> >> +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf          |
> 3 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf          |
> 3
> >> +-
> >>   OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   3 +-
> >>   OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   3 +-
> >>   OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf                               |  38 ++
> >>   OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
> >>   OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
> >>   UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf                    |  27 ++
> >>   UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   2 +
> >>   UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   2 +
> >>   MdePkg/Include/Library/BaseLib.h                                      |  39 ++
> >>   MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
> >>   MdePkg/Include/Register/Amd/Ghcb.h                                    |  23 +-
> >>   MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
> >>   MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
> >>   MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
> >>   OvmfPkg/Include/WorkArea.h                                            |   9 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |
> 6
> >> +-
> >>   UefiCpuPkg/Include/Library/CcSvsmLib.h                                | 101 ++++
> >>   UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  29 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> |
> >> 11 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |
> 27
> >> +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> |
> >> 22 +-
> >>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
> |
> >> 31 +-
> >>
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
> >> 206 ++++----
> >>   OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
> >>   OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c                                 | 500
> >> ++++++++++++++++++++
> >>   OvmfPkg/PlatformPei/AmdSev.c                                          | 102 +++-
> >>   UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c                      | 108 +++++
> >>   UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  21 +-
> >>   UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   9 +-
> >>   UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 134 ++++--
> >>   MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
> >>   MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
> >>   OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
> >>   OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |  11 +-
> >>   UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni                    |  13 +
> >>   55 files changed, 1628 insertions(+), 233 deletions(-)
> >>   create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
> >>   create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> >>   create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
> >>   create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
> >>   create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h
> >>   create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
> >>   create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> >>   create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
> >>   create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
> >>   create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> >>
> >> --
> >> 2.42.0
> >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116169): https://edk2.groups.io/g/devel/message/116169
Mute This Topic: https://groups.io/mt/104512925/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM

[Lendacky, Thomas via groups.io]

On 2/29/24 08:06, Yao, Jiewen wrote:
> Below:
> 
>> -----Original Message-----
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>> Sent: Thursday, February 29, 2024 12:20 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
>> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Laszlo Ersek
>> <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael
>> D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu,
>> Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>;
>> Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
>> Subject: Re: [PATCH v2 00/23] Provide SEV-SNP support for running under an
>> SVSM
>>
>> On 2/28/24 00:14, Yao, Jiewen wrote:
>>> Some feedback:
>>>
>>> 1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions
>>>
>>> MdePkg only contains the definition in the standard.
>>>
>>> Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specification?
>>
>> The structure is documented in the GHCB specification, but the GUID is not.
>>
>> Is the request to move the GUID to someplace other than MdePkg?
> 
> [Jiewen] Right. If the GUID is NOT in GHCB spec, then it should be in other place, such as OvmfPkg.

Sounds good. I'll move to the UefiCpuPkg since MpInitLib will be using it.

> 
> 
>>
>>>
>>> 2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an-
>> SVSM
>>>
>>> I am not sure the position of SVSM.
>>> If the SVSM interface is AMD specific, the it should be AmdSvsmLib.
>>
>> I believe TDX is also looking at the SVSM for TDX partitioning, but I'm
>> not certain of that.
>>
>>> If the SVSM interface is generic, then we should define everything in a generic
>> way.
>>>
>>> It is very confusing to mix a generic CcSvsm lib with AMD specific
>> <Register/Amd/Ghcb.h>.
>>
>> I can certainly change the name to be AMD specific fow now. It can always
>> be changed to something else later if need be, much like VmgExitLib was
>> changed to CcExitLib.
> 
> [Jiewen] Yes, Intel is planning for SVSM. But it is NOT ready yet.
> It is hard for me to discuss it now.
> 
> Maybe, please help me understand:
> Is CcSvsmLib a generic library / common protocol between OVMF and Coconut-SVSM? - Option 1
> Or is CcSvsmLib an implementation specific library, and the current API cannot be shared with Intel TDX in future? - Option 2
> 
> I notice that some API is for option 1 - CcSvsmIsSvsmPresent().
> But some API is for option 2 - CcSvsmSnpGetVmpl(), CcSvsmSnpGetCaa(), CcSvsmSnpPvalidate(), CcSvsmSnpVmsaRmpAdjust().
> 
> How do you plan if TDX need to support SVSM later?
> How do you plan if we need to add some generic interaction between OVMF and coconut-SVSM, such as vTPM?

There are definitely some things that will be common, 
CcSvsmIsSvsmPresent() and CcSvsmSnpGetCaa(), and some things that will be 
SNP or TDX specific. For example, the concept of turning a page into a 
VMSA page or how the SVSM will be invoked will be different.

For now, I'll create an AMD specific library and then when TDX is ready to 
support an SVSM we can look to see how or what needs to be changed. It 
could be that they need to remain separate if there is not enough in common.

Thanks,
Tom

> 
> 
> 
>>
>> Thanks,
>> Tom
>>
>>>
>>>
>>> Thank you
>>> Yao, Jiewen
>>>
>>>> -----Original Message-----
>>>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>>> Sent: Friday, February 23, 2024 1:30 AM
>>>> To: devel@edk2.groups.io
>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
>>>> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao,
>> Jiewen
>>>> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
>>>> <gaoliming@byosoft.com.cn>; Kinney, Michael D
>> <michael.d.kinney@intel.com>;
>>>> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
>>>> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>;
>> Michael
>>>> Roth <michael.roth@amd.com>
>>>> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM
>>>>
>>>>
>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>>>
>>>> This series adds SEV-SNP support for running OVMF under an Secure VM
>>>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>>>> By running at a less priviledged VMPL, the SVSM can be used to provide
>>>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>>>> confidential VM (CVM) rather than trust such services from the hypervisor.
>>>>
>>>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>>>> certain SNP related operations that require that VMPL level. Specifically,
>>>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>>>> the VMSA attribute of a page (used when starting APs).
>>>>
>>>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>>>> use an SVSM (which is running at VMPL0) to perform the operations that
>>>> it is no longer able to perform.
>>>>
>>>> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs
>> that
>>>> it will be starting. As a result, the GHCB APIC ID retrieval action must
>>>> be performed. Since this service can also work with SEV-SNP running at
>>>> VMPL0, the patches to make use of this feature are near the beginning of
>>>> the series.
>>>>
>>>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>>>> specification [1] and the GHCB specification [2].
>>>>
>>>> This support creates a new CcSvsmLib library that is used by MpInitLib.
>>>> This requires an update to the edk2-platform DSC files to add the new
>>>> library. The edk2-platform change would be needed after patch 12, but
>>>> before patch 15.
>>>>
>>>> This series introduces support to run OVMF under an SVSM. It consists
>>>> of:
>>>>     - Retrieving the list of vCPU APIC IDs and starting up all APs without
>>>>       performing a broadcast SIPI
>>>>     - Reorganizing the page state change support to not directly use the
>>>>       GHCB buffer since an SVSM will use the calling area buffer, instead
>>>>     - Detecting the presence of an SVSM
>>>>     - When not running at VMPL0, invoking the SVSM for page validation and
>>>>       VMSA page creation/deletion
>>>>     - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>>>>       SVSM is present
>>>>
>>>> The series is based off of commit:
>>>>
>>>>     2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first
>> before
>>>> lock cmpxchg")
>>>>
>>>> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>>>> docs/specifications/58019.pdf
>>>> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>>>> docs/specifications/56421.pdf
>>>>
>>>> ---
>>>>
>>>> Changes in v2:
>>>> - Move the APIC IDs retrieval support to the beginning of the patch series
>>>>       - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
>>>> - Split up Page State Change reorganization into multiple patches
>>>> - Created CcSvsmLib library instead of extending CcExitLib
>>>>       - This will require a corresponding update to edk2-platform DSC files
>>>>       - Removed Ray Ni's Acked-by since it is not a minor change
>>>> - Variable name changes and other misc changes
>>>>
>>>> Tom Lendacky (23):
>>>>     OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>>>>     MdePkg: GHCB APIC ID retrieval support definitions
>>>>     OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>>>>     UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set
>>>>     OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>>>>     OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>>>>       Change
>>>>     MdePkg: Avoid hardcoded value for number of Page State Change entries
>>>>     OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>>>>     OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>>>     MdePkg/Register/Amd: Define the SVSM related information
>>>>     MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>>>>     UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM
>>>>     UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library
>>>>     Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services
>>>>     UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA
>>>>     OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate
>>>>       pages
>>>>     OvmfPkg: Create a calling area used to communicate with the SVSM
>>>>     OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>>>>     OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>>>     OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls
>>>>     UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>>>>     Ovmfpkg/CcExitLib: Provide SVSM discovery support
>>>>     OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>>>>       VMPL0
>>>>
>>>>    MdePkg/MdePkg.dec                                                     |   5 +-
>>>>    OvmfPkg/OvmfPkg.dec                                                   |   4 +
>>>>    UefiCpuPkg/UefiCpuPkg.dec                                             |   5 +-
>>>>    OvmfPkg/AmdSev/AmdSevX64.dsc                                          |   1 +
>>>>    OvmfPkg/Bhyve/BhyveX64.dsc                                            |   1 +
>>>>    OvmfPkg/CloudHv/CloudHvX64.dsc                                        |   1 +
>>>>    OvmfPkg/IntelTdx/IntelTdxX64.dsc                                      |   1 +
>>>>    OvmfPkg/Microvm/MicrovmX64.dsc                                        |   1 +
>>>>    OvmfPkg/OvmfPkgIa32.dsc                                               |   1 +
>>>>    OvmfPkg/OvmfPkgIa32X64.dsc                                            |   3 +-
>>>>    OvmfPkg/OvmfPkgX64.dsc                                                |   1 +
>>>>    OvmfPkg/OvmfXen.dsc                                                   |   1 +
>>>>    UefiCpuPkg/UefiCpuPkg.dsc                                             |   4 +-
>>>>    UefiPayloadPkg/UefiPayloadPkg.dsc                                     |   1 +
>>>>    OvmfPkg/AmdSev/AmdSevX64.fdf                                          |   9 +-
>>>>    OvmfPkg/OvmfPkgX64.fdf                                                |   3 +
>>>>    MdePkg/Library/BaseLib/BaseLib.inf                                    |   2 +
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf          |
>> 3
>>>> +-
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf          |
>> 3 +-
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf          |
>> 3
>>>> +-
>>>>    OvmfPkg/Library/CcExitLib/CcExitLib.inf                               |   3 +-
>>>>    OvmfPkg/Library/CcExitLib/SecCcExitLib.inf                            |   3 +-
>>>>    OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf                               |  38 ++
>>>>    OvmfPkg/PlatformPei/PlatformPei.inf                                   |   3 +
>>>>    OvmfPkg/ResetVector/ResetVector.inf                                   |   2 +
>>>>    UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf                    |  27 ++
>>>>    UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf                         |   2 +
>>>>    UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf                         |   2 +
>>>>    MdePkg/Include/Library/BaseLib.h                                      |  39 ++
>>>>    MdePkg/Include/Register/Amd/Fam17Msr.h                                |  19 +-
>>>>    MdePkg/Include/Register/Amd/Ghcb.h                                    |  23 +-
>>>>    MdePkg/Include/Register/Amd/Msr.h                                     |   3 +-
>>>>    MdePkg/Include/Register/Amd/Svsm.h                                    | 101 ++++
>>>>    MdePkg/Include/Register/Amd/SvsmMsr.h                                 |  35 ++
>>>>    OvmfPkg/Include/WorkArea.h                                            |   9 +-
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h         |
>> 6
>>>> +-
>>>>    UefiCpuPkg/Include/Library/CcSvsmLib.h                                | 101 ++++
>>>>    UefiCpuPkg/Library/MpInitLib/MpLib.h                                  |  29 +-
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
>> |
>>>> 11 +-
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c        |
>> 27
>>>> +-
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
>> |
>>>> 22 +-
>>>>    OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
>> |
>>>> 31 +-
>>>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
>>>> 206 ++++----
>>>>    OvmfPkg/Library/CcExitLib/CcExitVcHandler.c                           |  29 +-
>>>>    OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c                                 | 500
>>>> ++++++++++++++++++++
>>>>    OvmfPkg/PlatformPei/AmdSev.c                                          | 102 +++-
>>>>    UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c                      | 108 +++++
>>>>    UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c                            |  21 +-
>>>>    UefiCpuPkg/Library/MpInitLib/MpLib.c                                  |   9 +-
>>>>    UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c                             | 134 ++++--
>>>>    MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm                          |  39 ++
>>>>    MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm                           |  94 ++++
>>>>    OvmfPkg/ResetVector/ResetVector.nasmb                                 |   6 +-
>>>>    OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm                           |  11 +-
>>>>    UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni                    |  13 +
>>>>    55 files changed, 1628 insertions(+), 233 deletions(-)
>>>>    create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
>>>>    create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>>>>    create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>>>>    create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>>>>    create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h
>>>>    create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
>>>>    create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
>>>>    create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>>>>    create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>>>    create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
>>>>
>>>> --
>>>> 2.42.0
>>>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116170): https://edk2.groups.io/g/devel/message/116170
Mute This Topic: https://groups.io/mt/104512925/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 14/23] Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services

[Gerd Hoffmann]

On Wed, Feb 28, 2024 at 09:51:41AM -0600, Tom Lendacky wrote:
> On 2/28/24 02:40, Gerd Hoffmann wrote:
> > > +/**
> > > +  Perform a native PVALIDATE operation for the page ranges specified.
> > > +
> > > +  Validate or rescind the validation of the specified pages.
> > > +
> > > +  @param[in]       Info           Pointer to a page state change structure
> > > +
> > > +**/
> > > +STATIC
> > > +VOID
> > > +BasePvalidate (
> > > +  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
> > > +  )
> > 
> > This is not mentioned in the commit message.
> > 
> > Looks like you are moving or copying code from BaseMemEncryptSevLib.
> > 
> > Moving code is best done with a patch doing the move only, without other
> > functional changes.  If that can't be done easily this should explained
> > in the commit message.
> 
> I can leave this as unsupported in this patch and then when switching over
> to using the functions in patch #16, move the code at that time.
> 
> For the VMSA update, that isn't as easy because of the interaction between
> UefiCpuPkg (MpInitLib) and OvmfPkg and requires two separate patches, which
> would cause bisection breakage.

Oh, right, cross-package code move isn't going to work.

> Or I could keep this all here and expand the commit message to indicate that
> the base support is being implemented based off of the existing support.

I think adding clear annotations to the commit messages is fine then.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116229): https://edk2.groups.io/g/devel/message/116229
Mute This Topic: https://groups.io/mt/104512963/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-