From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8D1C8D811B1 for ; Wed, 28 Feb 2024 16:19:48 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=nnuaDHGDir+D6ZiIoUH0v65VdhGi+s0mJxRDX6Wy9rU=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Message-ID:Date:User-Agent:Subject:To:Cc:References:From:Autocrypt:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1709137187; v=1; b=F+YiVSTOQu/9jTEfBjHMw3fyl/TYKaAAEY0Y+8ONhKBL6rCmA6pt464OSiOxHT/wJOQCTaXV u8noaVxiPG0nQKqfElxz4+Y+w7cK0Sibl+H0LBE4dcwB6RibYf3N799GBNnc5Lk0lO0rVQ6BXA6 Pcsk3KXZolsHgSRv0kA8AWDE= X-Received: by 127.0.0.2 with SMTP id 7UL9YY7687511x01xqlPqbuT; Wed, 28 Feb 2024 08:19:47 -0800 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.78]) by mx.groups.io with SMTP id smtpd.web10.864.1709137186339943090 for ; Wed, 28 Feb 2024 08:19:46 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cWvp5uv9CzrHJM416ibOqIWAMGUUv1TJbMhaZA6+oc5hprkNw5JTi+TkgksUf66T6TsaPUO0jw9zw46aTdJ/CVQ28TIZPj4Let4dqYu4cPF3Ys/R3FAE7CPQgkMSJTJ7/xbPFUfBUKuxiPt+BvlBEhQ8Vm5+1u56k9XloZlCVcvaq8WmyVT7SA1G3ljiBNlbusubfrRXF/Rr3tFNsA4Y8JlpuYTDkgntZq9ExCh1/2nvczvrjyTM5KNP4oxVxPHkXW03sGQ9Sg+ZrdAFDUggLBHP5L3AujL1HbGU3/wmrGZDseL41v4lWmFxsGN+Aka4ITtEeW8m6lU6TfjLtju3Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O+Snr9ad8OIaCr8+G33n2K5H55mArt5QbBl34PaYosc=; b=llVAKFR/UQJ6zEZ2MtV2DQeZel+Pznxv84o+/gxN/4e+wVavnEZa3CefGOHpxdvOOzebAvrnMxhxsSEiH0MfVmXi9VEDhj7wyVfW4hjOD/KeqW6OY5J9WGrm3KworNjiDef3/pf5rbv/okCcT8bRZcttUbCjgWmTO/xdUG4lwvuKn6kpCMAZBWX1AAhJBISG+Qx7r3zJjI7RuqhUCqXg6QMqYWembVGStoEJprvupvWDBsCwx4c4OjBje2w947ahczfWBvOoaqtoGYBm/jnyxlcIYaZ6UjkTvLB9NnW2zk0zs9GlFQsvDy2rFA0LgrLeBoCTz1JRbTej+nQLrKBu0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) by IA1PR12MB8263.namprd12.prod.outlook.com (2603:10b6:208:3f8::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.36; Wed, 28 Feb 2024 16:19:44 +0000 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::4c26:40af:e1fd:849e]) by BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::4c26:40af:e1fd:849e%7]) with mapi id 15.20.7316.035; Wed, 28 Feb 2024 16:19:43 +0000 Message-ID: <30de7630-870b-41d4-9da3-5486c8fc44fe@amd.com> Date: Wed, 28 Feb 2024 10:19:41 -0600 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM To: "Yao, Jiewen" , "devel@edk2.groups.io" Cc: Ard Biesheuvel , "Aktas, Erdem" , Gerd Hoffmann , Laszlo Ersek , Liming Gao , "Kinney, Michael D" , "Xu, Min M" , "Liu, Zhiguang" , "Kumar, Rahul R" , "Ni, Ray" , Michael Roth References: From: "Lendacky, Thomas via groups.io" Autocrypt: addr=thomas.lendacky@amd.com; keydata= xsFNBFaNZYkBEADxg5OW/ajpUG7zgnUQPsMqWPjeAxtu4YH3lCUjWWcbUgc2qDGAijsLTFv1 kEbaJdblwYs28z3chM7QkfCGMSM29JWR1fSwPH18WyAA84YtxfPD8bfb1Exwo0CRw1RLRScn 6aJhsZJFLKyVeaPO1eequEsFQurRhLyAfgaH9iazmOVZZmxsGiNRJkQv4YnM2rZYi+4vWnxN 1ebHf4S1puN0xzQsULhG3rUyV2uIsqBFtlxZ8/r9MwOJ2mvyTXHzHdJBViOalZAUo7VFt3Fb aNkR5OR65eTL0ViQiRgFfPDBgkFCSlaxZvc7qSOcrhol160bK87qn0SbYLfplwiXZY/b/+ez 0zBtIt+uhZJ38HnOLWdda/8kuLX3qhGL5aNz1AeqcE5TW4D8v9ndYeAXFhQI7kbOhr0ruUpA udREH98EmVJsADuq0RBcIEkojnme4wVDoFt1EG93YOnqMuif76YGEl3iv9tYcESEeLNruDN6 LDbE8blkR3151tdg8IkgREJ+dK+q0p9UsGfdd+H7pni6Jjcxz8mjKCx6wAuzvArA0Ciq+Scg hfIgoiYQegZjh2vF2lCUzWWatXJoy7IzeAB5LDl/E9vz72cVD8CwQZoEx4PCsHslVpW6A/6U NRAz6ShU77jkoYoI4hoGC7qZcwy84mmJqRygFnb8dOjHI1KxqQARAQABzSZUb20gTGVuZGFj a3kgPHRob21hcy5sZW5kYWNreUBhbWQuY29tPsLBmQQTAQoAQwIbIwcLCQgHAwIBBhUIAgkK CwQWAgMBAh4BAheAAhkBFiEE3Vil58OMFCw3iBv13v+a5E8wTVMFAmWDAegFCRKq1F8ACgkQ 3v+a5E8wTVOG3xAAlLuT7f6oj+Wud8dbYCeZhEX6OLfyXpZgvFoxDu62OLGxwVGX3j5SMk0w IXiJRjde3pW+Rf1QWi/rbHoaIjbjmSGXvwGw3Gikj/FWb02cqTIOxSdqf7fYJGVzl2dfsAuj aW1Aqt61VhuKEoHzIj8hAanlwg2PW+MpB2iQ9F8Z6UShjx1PZ1rVsDAZ6JdJiG1G/UBJGHmV kS1G70ZqrqhA/HZ+nHgDoUXNqtZEBc9cZA9OGNWGuP9ao9b+bkyBqnn5Nj+n4jizT0gNMwVQ h5ZYwW/T6MjA9cchOEWXxYlcsaBstW7H7RZCjz4vlH4HgGRRIpmgz29Ezg78ffBj2q+eBe01 7AuNwla7igb0mk2GdwbygunAH1lGA6CTPBlvt4JMBrtretK1a4guruUL9EiFV2xt6ls7/YXP 3/LJl9iPk8eP44RlNHudPS9sp7BiqdrzkrG1CCMBE67mf1QWaRFTUDPiIIhrazpmEtEjFLqP r0P7OC7mH/yWQHvBc1S8n+WoiPjM/HPKRQ4qGX1T2IKW6VJ/f+cccDTzjsrIXTUdW5OSKvCG 6p1EFFxSHqxTuk3CQ8TSzs0ShaSZnqO1LBU7bMMB1blHy9msrzx7QCLTw6zBfP+TpPANmfVJ mHJcT3FRPk+9MrnvCMYmlJ95/5EIuA1nlqezimrwCdc5Y5qGBbbOwU0EVo1liQEQAL7ybY01 hvEg6pOh2G1Q+/ZWmyii8xhQ0sPjvEXWb5MWvIh7RxD9V5Zv144EtbIABtR0Tws7xDObe7bb r9nlSxZPur+JDsFmtywgkd778G0nDt3i7szqzcQPOcR03U7XPDTBJXDpNwVV+L8xvx5gsr2I bhiBQd9iX8kap5k3I6wfBSZm1ZgWGQb2mbiuqODPzfzNdKr/MCtxWEsWOAf/ClFcyr+c/Eh2 +gXgC5Keh2ZIb/xO+1CrTC3Sg9l9Hs5DG3CplCbVKWmaL1y7mdCiSt2b/dXE0K1nJR9ZyRGO lfwZw1aFPHT+Ay5p6rZGzadvu7ypBoTwp62R1o456js7CyIg81O61ojiDXLUGxZN/BEYNDC9 n9q1PyfMrD42LtvOP6ZRtBeSPEH5G/5pIt4FVit0Y4wTrpG7mjBM06kHd6V+pflB8GRxTq5M 7mzLFjILUl9/BJjzYBzesspbeoT/G7e5JqbiLWXFYOeg6XJ/iOCMLdd9RL46JXYJsBZnjZD8 Rn6KVO7pqs5J9K/nJDVyCdf8JnYD5Rq6OOmgP/zDnbSUSOZWrHQWQ8v3Ef665jpoXNq+Zyob pfbeihuWfBhprWUk0P/m+cnR2qeE4yXYl4qCcWAkRyGRu2zgIwXAOXCHTqy9TW10LGq1+04+ LmJHwpAABSLtr7Jgh4erWXi9mFoRABEBAAHCwXwEGAEKACYCGwwWIQTdWKXnw4wULDeIG/Xe /5rkTzBNUwUCZYMCBQUJEqrUfAAKCRDe/5rkTzBNU7pAD/9MUrEGaaiZkyPSs/5Ax6PNmolD h0+Q8Sl4Hwve42Kjky2GYXTjxW8vP9pxtk+OAN5wrbktZb3HE61TyyniPQ5V37jto8mgdslC zZsMMm2WIm9hvNEvTk/GW+hEvKmgUS5J6z+R5mXOeP/vX8IJNpiWsc7X1NlJghFq3A6Qas49 CT81ua7/EujW17odx5XPXyTfpPs+/dq/3eR3tJ06DNxnQfh7FdyveWWpxb/S2IhWRTI+eGVD ah54YVJcD6lUdyYB/D4Byu4HVrDtvVGUS1diRUOtDP2dBJybc7sZWaIXotfkUkZDzIM2m95K oczeBoBdOQtoHTJsFRqOfC9x4S+zd0hXklViBNQb97ZXoHtOyrGSiUCNXTHmG+4Rs7Oo0Dh1 UUlukWFxh5vFKSjr4uVuYk7mcx80rAheB9sz7zRWyBfTqCinTrgqG6HndNa0oTcqNI9mDjJr NdQdtvYxECabwtPaShqnRIE7HhQPu8Xr9adirnDw1Wruafmyxnn5W3rhJy06etmP0pzL6frN y46PmDPicLjX/srgemvLtHoeVRplL9ATAkmQ7yxXc6wBSwf1BYs9gAiwXbU1vMod0AXXRBym 0qhojoaSdRP5XTShfvOYdDozraaKx5Wx8X+oZvvjbbHhHGPL2seq97fp3nZ9h8TIQXRhO+aY vFkWitqCJg== In-Reply-To: X-ClientProxiedBy: SA1P222CA0171.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c3::8) To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|IA1PR12MB8263:EE_ X-MS-Office365-Filtering-Correlation-Id: 0044523a-f759-46c6-cd79-08dc387912db X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: pqSP+xm4/AW4x/H4XlXWoddd+XbsVKJyb2mLRzQ8QREzijYKZB5UNo03Kw7nJSdojegy4ZdwvyJbtif4i4CydVeQYcLivdhoh6Qv5cES39FzWQJvDfK8blaSoT7V7rTjfBfVlgns0mpzJ3baigv/DW8bgYe70AqsP6xiSCl9OT5a4tjyw8xnlFDhHXIX7N4Iikg9sGlc+mEe4Xbs4akjOhLU3kB/h7Tgm4+OGxnO0Qij+PFT4PDcllXEOMcMeDxMYj+QWSj7uh0jZClMnO64hSsD1yxXyWxPkkmbFcsbEmr0WjJ5QX409Ywonc20xbBnkbZAFA4azQD7eNo6jXT4KRK/HhJQxGpm5vBlopI37CFgrtUcp7FnFwqbpCCBjTmVx+hDg0OyXl6T6MVHxmpqy5xJ6mpzRVV+NT2tykf8vI4HO7wSA8Kw4cuZBve/ntXOsqgnDbyQUPz5p1z4kxgUjcd4mLWZfIshAasch1O5UaJWtQX0xd3/l5RqHqd4ViF7FIwiVr2Vh9DBVQTkfq94eZusVa6ZZX4djhTNlZ2PIT0MKNk9Ic6Nzy7jiETQRcaFbO5gPlFeX0xr9pSNxWdX94gTNb6Jghp+Rb1FatpNhSUbTiFTnG8jMTnSrV9B21gn X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?OTZpSUJjQllyWlVTOGRJOGtBbWpkOUlHZmRibTNvODJNekpRSC9Ud1R0K1hF?= =?utf-8?B?NktUYkZEQk9zdFZTRmR5eHd4c0NoQy81WEEyUVpYZWdFc0FZTitOem1SNFNz?= =?utf-8?B?ZXRhSjNoYndGU2krZTFpTVpoTkdhU1RBZXhEa0VVU2NHdzVtMThzYXB6ZzQz?= =?utf-8?B?U0tvQUh6a3dqeWh6MmF5anJkNnJMNVZTbFpFSGdhbjY3UVVWM2pzTm9hbFpG?= =?utf-8?B?dWxpSVBpUm5Hakh3YWd3TWFSTy9TeGdIazJrVHR4VmpzYmNFU3p6VEd2YVdW?= =?utf-8?B?WTZ0TzVONG5uc0Q5N2xDRVV6aTJ2VzlkRGw4SDhOVmV6V2Foc0g3RHBnKzda?= =?utf-8?B?dkZZOVhrQlRLQVZ2QVBIMTBhamZKVm4zVkNmbTZxU1ROZUxWMDUwNkxhTEVW?= =?utf-8?B?bEtnV0FHRzlkellEK0NRWnVicDE2Y0Z6NFFzbjVtUmF6TzdFVGxSUXNiaUlH?= =?utf-8?B?TDhKWGlIbndoZjZNa2QvcE1sNzhGSEhCQjMzY3YxZVlnUUxzVDlLdW8vYXNh?= =?utf-8?B?M3EzNjlZYmd1NG1LMDFoNEVsaEhOVnRHS0ZPaGdENWJubkhSdmR1SzRmbkQ3?= =?utf-8?B?ODhXMHE1a2s5QmlVLy9rN1NGVWVkNmxjY2gzMjFoYVlOUXlrdEV1RlJKa2l2?= =?utf-8?B?Q1VBTW1uUVRJK3dQNmh4NmUyUXVVTTZzSWY1ZXpxMVVsdkpzR1ZrL1RTMzNC?= =?utf-8?B?eHVLMkFoTWpSQXd3akE0NXMxN0hZb2tlRkwwcXhiaEQrZHpWbmVnN1F0a1Q5?= =?utf-8?B?RmF6V1hjZFV2Z1VaSC9kaThuTlljTFA5N09ONlA5SXY1b1hwRDUzOWlVL2hJ?= =?utf-8?B?L09WYkpaZFJ3a2l5akVJWGQzckM5Qmg5TnBIclRhQTYvS2Evc0RuUWpNY1By?= =?utf-8?B?N3BvZ2JmTDhxZkd3M3JzakpOSVNnaU82MjdQVit5M3lTbGdEWVFlYzk2R2VV?= =?utf-8?B?THU3THNkUnpxRlh1MTFocWM0dUFlR2FVYVVva1pxeStmTFBZV2FQaGtNN3dI?= =?utf-8?B?ajNieEl0QmlMRXRFWXA3SmtCcWxJeFdGK0tMaVlubFNaelozOTE3aGNaOG91?= =?utf-8?B?SlFtMEYvdVBoa2J6Szh6c2lpOUp3REVwU1gvS2FlWlZqaHNUQ0tYdkRIMnpZ?= =?utf-8?B?b1RwTGhpdHdhYy95TmNYTHpyVVMwYVJEZXd0blY0RTVaMFprbEhCcjNpVkVp?= =?utf-8?B?VjBpVkpmNy9LamV4bzRQeUJUUXN6V1BPdjhDS0lYRTRwZVBEUUFGNGtzdE9L?= =?utf-8?B?eVlCa1NyRUZnNDBMS0ZUZ2hYSnZoeHVvelIxWGd0R0l0R1JFeUprWW5vanZR?= =?utf-8?B?MktTcDVGd0NvdW1lQWdiUUhNaVFpN0VnMXhxd3ZlVTRqNzAwa080TDFwTkFi?= =?utf-8?B?ck9EdHNwSUhSMUF2S21RaDBLL01maUpsTjdnQTVPeklCOFRqUTIyUHAyOVpZ?= =?utf-8?B?ZHFWeHFxSi9LMElHM2pGOFBKY2JnckFvTmJUbUVpRXh4YzFyYWRubWJpQytY?= =?utf-8?B?K2cxbTFlcDljNFJPY1p5TFcrclFSUUpjR2oySHdtV2pCOENBSWFSd0tFWW1h?= =?utf-8?B?TzZ5RzVjRnpJVTJBQ2N3ZTNwcTd6STIrcHIzc2l1d0N2YlNRSGkzY2VoL1Iz?= =?utf-8?B?UWd6QStDWDR1bFliTzFoa1pSeldQQUZOVXFSRGcrZ0t1M2NHVzhqSTFwQzRJ?= =?utf-8?B?aHl2dlRDZFBETkRURWZQeVEzbkhlTWpFT1hFTlFsbTkxazVQUHppZEhIcTFH?= =?utf-8?B?TURrdVZlSlVoekhoSUo5bnZVTlJ5UlkvZ2xZUlBjQWN4SW5Hb3VhU3JIUmcv?= =?utf-8?B?V0t0ZzZhY2ZzbW9hVFlvczJOb093VXlWOUF3YXNxREVCTmJoTjVkZkoxTlRQ?= =?utf-8?B?WTQ2bWJZc2l2NTJGRWVyUVQ5NXFVSkJhaTlYZ1ZJN2x2Y3NmTlNnNzkxdXM0?= =?utf-8?B?dXhVdkx4L3crVkxtbzlGbGJJRmlqQWtvN2oyWGc0aVdOa0RVTVdCR0w0cWcy?= =?utf-8?B?VWROTVppbnB3aVRzKzNVa3djcytxVktHbE9jNlFqL09pOWpzK2x3MUR0Uk9t?= =?utf-8?B?UU43bHVWQW5ic0JqVnhKcmtpejVwbWxUUm5CbUJ5MEJzc21sZ1VXOTRpMXcy?= =?utf-8?Q?gGW21RacXkbXcghWpuzSKsv5V?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0044523a-f759-46c6-cd79-08dc387912db X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2024 16:19:43.9428 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 20h0FY88/W9+IxsHeXEaTyAoRKw2jJBWWc5a6OJvSnxQZIWp+c0cNzzwdAoRW49ZsO0LvHmZ4+1bDLIKqZ2Zyg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8263 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 78D6xDDfTbSEQnokEmEsh1w8x7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=F+YiVSTO; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=pass (policy=none) header.from=groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") On 2/28/24 00:14, Yao, Jiewen wrote: > Some feedback: >=20 > 1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions >=20 > MdePkg only contains the definition in the standard. >=20 > Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specification? The structure is documented in the GHCB specification, but the GUID is not. Is the request to move the GUID to someplace other than MdePkg? >=20 > 2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an-S= VSM >=20 > I am not sure the position of SVSM. > If the SVSM interface is AMD specific, the it should be AmdSvsmLib. I believe TDX is also looking at the SVSM for TDX partitioning, but I'm=20 not certain of that. > If the SVSM interface is generic, then we should define everything in a g= eneric way. >=20 > It is very confusing to mix a generic CcSvsm lib with AMD specific . I can certainly change the name to be AMD specific fow now. It can always= =20 be changed to something else later if need be, much like VmgExitLib was=20 changed to CcExitLib. Thanks, Tom >=20 >=20 > Thank you > Yao, Jiewen >=20 >> -----Original Message----- >> From: Tom Lendacky >> Sent: Friday, February 23, 2024 1:30 AM >> To: devel@edk2.groups.io >> Cc: Ard Biesheuvel ; Aktas, Erdem >> ; Gerd Hoffmann ; Yao, Jiewen >> ; Laszlo Ersek ; Liming Gao >> ; Kinney, Michael D ; >> Xu, Min M ; Liu, Zhiguang ; >> Kumar, Rahul R ; Ni, Ray ; Mi= chael >> Roth >> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an S= VSM >> >> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 >> >> This series adds SEV-SNP support for running OVMF under an Secure VM >> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL). >> By running at a less priviledged VMPL, the SVSM can be used to provide >> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP >> confidential VM (CVM) rather than trust such services from the hyperviso= r. >> >> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are >> certain SNP related operations that require that VMPL level. Specificall= y, >> the PVALIDATE instruction and the RMPADJUST instruction when setting the >> the VMSA attribute of a page (used when starting APs). >> >> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must >> use an SVSM (which is running at VMPL0) to perform the operations that >> it is no longer able to perform. >> >> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs tha= t >> it will be starting. As a result, the GHCB APIC ID retrieval action must >> be performed. Since this service can also work with SEV-SNP running at >> VMPL0, the patches to make use of this feature are near the beginning of >> the series. >> >> How OVMF interacts with and uses the SVSM is documented in the SVSM >> specification [1] and the GHCB specification [2]. >> >> This support creates a new CcSvsmLib library that is used by MpInitLib. >> This requires an update to the edk2-platform DSC files to add the new >> library. The edk2-platform change would be needed after patch 12, but >> before patch 15. >> >> This series introduces support to run OVMF under an SVSM. It consists >> of: >> - Retrieving the list of vCPU APIC IDs and starting up all APs withou= t >> performing a broadcast SIPI >> - Reorganizing the page state change support to not directly use the >> GHCB buffer since an SVSM will use the calling area buffer, instead >> - Detecting the presence of an SVSM >> - When not running at VMPL0, invoking the SVSM for page validation an= d >> VMSA page creation/deletion >> - Detecting and allowing OVMF to run in a VMPL other than 0 when an >> SVSM is present >> >> The series is based off of commit: >> >> 2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first before >> lock cmpxchg") >> >> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical- >> docs/specifications/58019.pdf >> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical- >> docs/specifications/56421.pdf >> >> --- >> >> Changes in v2: >> - Move the APIC IDs retrieval support to the beginning of the patch seri= es >> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD >> - Split up Page State Change reorganization into multiple patches >> - Created CcSvsmLib library instead of extending CcExitLib >> - This will require a corresponding update to edk2-platform DSC fil= es >> - Removed Ray Ni's Acked-by since it is not a minor change >> - Variable name changes and other misc changes >> >> Tom Lendacky (23): >> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() >> MdePkg: GHCB APIC ID retrieval support definitions >> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor >> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set >> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors >> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State >> Change >> MdePkg: Avoid hardcoded value for number of Page State Change entries >> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support >> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency >> MdePkg/Register/Amd: Define the SVSM related information >> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM >> UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM >> UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library >> Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services >> UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA >> OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate >> pages >> OvmfPkg: Create a calling area used to communicate with the SVSM >> OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call >> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency >> OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls >> UefiCpuPkg/MpInitLib: AP creation support under an SVSM >> Ovmfpkg/CcExitLib: Provide SVSM discovery support >> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at >> VMPL0 >> >> MdePkg/MdePkg.dec = | 5 +- >> OvmfPkg/OvmfPkg.dec = | 4 + >> UefiCpuPkg/UefiCpuPkg.dec = | 5 +- >> OvmfPkg/AmdSev/AmdSevX64.dsc = | 1 + >> OvmfPkg/Bhyve/BhyveX64.dsc = | 1 + >> OvmfPkg/CloudHv/CloudHvX64.dsc = | 1 + >> OvmfPkg/IntelTdx/IntelTdxX64.dsc = | 1 + >> OvmfPkg/Microvm/MicrovmX64.dsc = | 1 + >> OvmfPkg/OvmfPkgIa32.dsc = | 1 + >> OvmfPkg/OvmfPkgIa32X64.dsc = | 3 +- >> OvmfPkg/OvmfPkgX64.dsc = | 1 + >> OvmfPkg/OvmfXen.dsc = | 1 + >> UefiCpuPkg/UefiCpuPkg.dsc = | 4 +- >> UefiPayloadPkg/UefiPayloadPkg.dsc = | 1 + >> OvmfPkg/AmdSev/AmdSevX64.fdf = | 9 +- >> OvmfPkg/OvmfPkgX64.fdf = | 3 + >> MdePkg/Library/BaseLib/BaseLib.inf = | 2 + >> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf = | 3 >> +- >> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf = | 3 +- >> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf = | 3 >> +- >> OvmfPkg/Library/CcExitLib/CcExitLib.inf = | 3 +- >> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf = | 3 +- >> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf = | 38 ++ >> OvmfPkg/PlatformPei/PlatformPei.inf = | 3 + >> OvmfPkg/ResetVector/ResetVector.inf = | 2 + >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf = | 27 ++ >> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf = | 2 + >> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf = | 2 + >> MdePkg/Include/Library/BaseLib.h = | 39 ++ >> MdePkg/Include/Register/Amd/Fam17Msr.h = | 19 +- >> MdePkg/Include/Register/Amd/Ghcb.h = | 23 +- >> MdePkg/Include/Register/Amd/Msr.h = | 3 +- >> MdePkg/Include/Register/Amd/Svsm.h = | 101 ++++ >> MdePkg/Include/Register/Amd/SvsmMsr.h = | 35 ++ >> OvmfPkg/Include/WorkArea.h = | 9 +- >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h = | 6 >> +- >> UefiCpuPkg/Include/Library/CcSvsmLib.h = | 101 ++++ >> UefiCpuPkg/Library/MpInitLib/MpLib.h = | 29 +- >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c = | >> 11 +- >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c = | 27 >> +- >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c = | >> 22 +- >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c = | >> 31 +- >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c = | >> 206 ++++---- >> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c = | 29 +- >> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c = | 500 >> ++++++++++++++++++++ >> OvmfPkg/PlatformPei/AmdSev.c = | 102 +++- >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c = | 108 +++++ >> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c = | 21 +- >> UefiCpuPkg/Library/MpInitLib/MpLib.c = | 9 +- >> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c = | 134 ++++-- >> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm = | 39 ++ >> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm = | 94 ++++ >> OvmfPkg/ResetVector/ResetVector.nasmb = | 6 +- >> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm = | 11 +- >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni = | 13 + >> 55 files changed, 1628 insertions(+), 233 deletions(-) >> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf >> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h >> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h >> create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h >> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c >> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm >> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni >> >> -- >> 2.42.0 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116121): https://edk2.groups.io/g/devel/message/116121 Mute This Topic: https://groups.io/mt/104512925/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-