From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 4BADEAC1831 for ; Thu, 22 Feb 2024 17:30:40 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=fK0iQO2bAmzpc1TI7nI4xyUw1wNgCwGYxY/9uA8mF9c=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1708623039; v=1; b=Se+Dz9dwWk1Ssb2UcBj9KwICca0n1/qGk2exN+twoDy+M+OtbB/2aaOWE61ySrwZY7mgBMEz NO6o6DqbAyPuUPZAdWsRB76aM6LKOGle7vKCt3Jn40FU9ZrhpVFZ3pGCK/ERuja/Cal40JukkIM hei99Grp+7BkO70HQhDElaeM= X-Received: by 127.0.0.2 with SMTP id 5OysYY7687511x9PQDrSKZvb; Thu, 22 Feb 2024 09:30:39 -0800 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.62]) by mx.groups.io with SMTP id smtpd.web11.18779.1708623038238762350 for ; Thu, 22 Feb 2024 09:30:38 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X95lFNxw12NR2FXWWqSrAMiZb469Ch9CJu5ZUMoERKyhUZTIFOeT27D+AF2z5IRfctTIDm5eOaU9l+g2J7T9pN1WHVtuarAAUycGg7KpHy3R/8MD4bti1ugSfSKKs4nQET08UlY934LoWIw+ew7/lbGngEUmD5qb1xWs38sJNow/5T2YRWwGrptx8P0YQPqoev3OTdS3mWPV4tEKdg+8t1i1Eoc3Ch88S0AiWKf1OgG88S1M4fkFBzuGVYE7nrMXNyk8zbqGq/1PVR/UgrgBux8Pp8pcSZh+YQ/KZBEz9YuX/Gp1W/AqMRSyhgsufWOJArFIIfBawFBSodHIF0Ov8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wkBFBow8wK92ozumzzfSIdYgwjubrrd4SMKe5ZSoUCw=; b=WqYWhpBUMl95ClaJLZkiH5rtqQKtYxiuUCzMHHuIfHCdUavpIXOkBxHogdDUn0upx6TQSUkuzbEPef8t4mc9ICuJzWXp8LIvW/RRENEJh4cgn86k6n5sZsh0N0fog6Xbdewdv5oOR4+5OebubeKTUMJaiRhpsS/gB+cgCrcsH3G/Qw82Vkg2WfHamPSP61krKG4O23FHMPm6/8Zf2Ty5zET/+1B7axkTdEm4/eJjovYyvQQwDN1l/I34GbAsm635POrCCEXPsYjR7U6+lrhHEJKXjluRe6N2If9tEZ+1l740d0CSHZC8pOmeNVNxV/26MB2M2pUVegBl6Jpucz3AWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BN0PR04CA0082.namprd04.prod.outlook.com (2603:10b6:408:ea::27) by DM4PR12MB5722.namprd12.prod.outlook.com (2603:10b6:8:5d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.21; Thu, 22 Feb 2024 17:30:34 +0000 X-Received: from BN2PEPF000044A5.namprd04.prod.outlook.com (2603:10b6:408:ea:cafe::86) by BN0PR04CA0082.outlook.office365.com (2603:10b6:408:ea::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.43 via Frontend Transport; Thu, 22 Feb 2024 17:30:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044A5.mail.protection.outlook.com (10.167.243.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:30:34 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 22 Feb 2024 11:30:33 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v2 03/23] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Date: Thu, 22 Feb 2024 11:29:42 -0600 Message-ID: <31b79c15d800767f6b175b80106eb710729c016e.1708623001.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044A5:EE_|DM4PR12MB5722:EE_ X-MS-Office365-Filtering-Correlation-Id: ef1c73ef-f063-4828-6762-08dc33cbfa22 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: nAquTLwbaokMVz+R0O15d38SKVmibgycdo8tlt8OmOiuX2faw6FSg2pM9w7rc1urnD5vs77VNipBkh7oAs13n3VtePeOjaxpo580a6MLDAQhWE/S1KwgYUGYxqixD+uF4k+lIevIXFe/3IsaSImswt3MVUgiiB1TbT5pnGmYuiWJuLceu1RFGIOBuJy4HbgdwIO7mHhztDezOPx7Ssvd76ESboabNABfhlJFJgL9c0Mjxib8kYt/21/EYsTkiHIzQENV/YwtSWvOdr0rDXhVgOq9T+LiONA5z2kTs/ULdRLNLo73HZscuH4cTwEh5G7TbXPoSOwjLrmt7Ektr1oWavRh/K+2d6cT592QP7dehbXEUuXrRChX+lLIJi11jCsXj8Y1cgDM6gjm4L9leVZn8/hjkmMPZ6JEPLgjaW25u3ABqy6UZxE2ZesgPyWxejtRexFyXVh+mReV8fYCP6k5+vj0tr1HuiJRPAh9MWhzfkoCEEVhUqsviqvogCjM6W4oGYjPCD+/gnk2WugIRcA4CVJYiAeRBPyM2bbkEBJu6JPCUNEUEtCJ964cVcFncwqwboH5vgilBzHJ5E5hTxET75lA+ThfQwV8es2ZQ1QCWPhUkPwrpqOG81lcnwyCOlriZ73eV9jgv2UdW/E1wz65kQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:30:34.6454 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ef1c73ef-f063-4828-6762-08dc33cbfa22 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044A5.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5722 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: NjLcWawDrdowKFeTGqkM5yUxx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Se+Dz9dw; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve them before any APs are actually started. The APIC IDs can be used to start the APs for any SEV-SNP guest, but is a requirement for an SEV-SNP guest that is running under an SVSM. After retrieving the APIC IDs, save the address of the APIC ID data structure in a GUIDed HOB. Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 91 +++++++++++++++++++- 2 files changed, 91 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index ad52be306560..7de3b4341c2c 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -45,6 +45,7 @@ [Guids] gEfiMemoryTypeInformationGuid gFdtHobGuid gUefiOvmfPkgPlatformInfoGuid + gEfiApicIdsGuid =20 [LibraryClasses] BaseLib diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e6b602d79a05..472cf13f0faa 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -1,7 +1,7 @@ /**@file Initialize Secure Encrypted Virtualization (SEV) support =20 - Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<= BR> + Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<= BR> =20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -31,6 +31,87 @@ GetHypervisorFeature ( VOID ); =20 +/** + Retrieve APIC IDs from the hypervisor. + +**/ +STATIC +VOID +AmdSevSnpGetApicIds ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 VmgExitStatus; + UINT64 PageCount; + BOOLEAN PageCountValid; + VOID *ApicIds; + RETURN_STATUS Status; + UINT64 GuidData; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + PageCount =3D 0; + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) { + PageCount =3D Ghcb->SaveArea.Rax; + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + return; + } + + // + // Allocate the memory for the APIC IDs + // + ApicIds =3D AllocateReservedPages ((UINTN)PageCount); + ASSERT (ApicIds !=3D NULL); + + Status =3D MemEncryptSevClearPageEncMask ( + 0, + (UINTN)ApicIds, + (UINTN)PageCount + ); + ASSERT_RETURN_ERROR (Status); + + ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount)); + + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)Api= cIds, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax =3D=3D= PageCount)) { + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + FreePages (ApicIds, (UINTN)PageCount); + return; + } + + GuidData =3D (UINT64)(UINTN)ApicIds; + BuildGuidDataHob (&gEfiApicIdsGuid, &GuidData, sizeof (GuidData)); +} + /** Initialize SEV-SNP support if running as an SEV-SNP guest. =20 @@ -78,6 +159,14 @@ AmdSevSnpInitialize ( } } } + + // + // Retrieve the APIC IDs if the hypervisor supports it. These will be us= ed + // to always start APs using SNP AP Create. + // + if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) =3D=3D GHCB_HV_FEATURES= _APIC_ID_LIST) { + AmdSevSnpGetApicIds (); + } } =20 /** --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115838): https://edk2.groups.io/g/devel/message/115838 Mute This Topic: https://groups.io/mt/104512934/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-