From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.61])
 by mx.groups.io with SMTP id smtpd.web11.28327.1595450386419989313
 for <devel@edk2.groups.io>;
 Wed, 22 Jul 2020 13:39:46 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=4ZNwFmHZ;
 spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.236.61, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=B6DJ+bRwLQ0BP6dFJ+DD1FPcgfRNodcVsYo5CKMFZvpIGCjhuS7r+DRA1jRhRpE157pxybwWCF+S18W9kvJGjiCxVLSpMfoZ+wXjYl0NsiSeBfLlwBk/NUHR47tqECaa0wMPmhA9seYql/GFqUS1aGuOQ0xMCnTme2I0QZrN42rYfX4SnJA3+zJ3fD6DOcMtZhLMaJco0Xb0ODXKX/A9bpCxvXka5sncwYeUSnJmP/hg285r9R7G8C4cvMEyVzKOdlmi3u0vDXZah5xFUMeyWjJw6STjQxoP1N9RRIGBn7S99UUH2yhG7Ojgkvc8f2Qgz3cdf2KUrEX0KGZz7ja21g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=J0O1ec8P5s9qcoogAqfz+JCHDh6FvA4HYvr2JzgXZIg=;
 b=YGGNADLUUfz+KVminspVw5C32JyqrEwTJ5j2OLXL7/qgiwayt/4Uabde/yZtfzbg0C7300b8AJrzHVho7RKTycMi1F1EHUCMutZbo1GKuPO4DjVsOdWKJYW73gBNng7j+u+mEBU1qT7bHTAcu6tEYeFHmStFvCrnX97SUm7q6OdxEqsgxwdjiY/KVCaCc9Lz+Ft288UQzrls3/qv1KJvT7C4XHF7W8vbIdL17IAbAHz0v3KA1Kp64YgAOqicU5sYPFaHd3LTuhnL7S4zJNvjsSC2RqSnCoe+uxbm/SnIYipVtgSXVcZ+zrWFBVxjRnJjSiNZUHSQ3FJhlgMkjrk1uw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=J0O1ec8P5s9qcoogAqfz+JCHDh6FvA4HYvr2JzgXZIg=;
 b=4ZNwFmHZOApX8GtH1lN584aknjURcYKGqOcrOWMiqLf2/9mk85qp3R+62YstoYIyNU3hYyRb/I/bA50YcaxII/n2Mkp+/5YaI9SCeIpjzkYxQ48o4z3tS3tgbn8XzuoKxxPrwaJLfK76ojejcrB1KlF8PMJWWyADs7lPhsyA608=
Authentication-Results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=amd.com;
Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by
 DM5PR12MB2358.namprd12.prod.outlook.com (2603:10b6:4:b3::34) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3216.21; Wed, 22 Jul 2020 20:39:43 +0000
Received: from DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::25ec:e6ba:197c:4eb0]) by DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::25ec:e6ba:197c:4eb0%8]) with mapi id 15.20.3216.021; Wed, 22 Jul 2020
 20:39:43 +0000
Subject: Re: [PATCH v11 00/46] SEV-ES guest support
To: Laszlo Ersek <lersek@redhat.com>, devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
 Ard Biesheuvel <ard.biesheuvel@arm.com>, Eric Dong <eric.dong@intel.com>,
 Jordan Justen <jordan.l.justen@intel.com>, Liming Gao
 <liming.gao@intel.com>, Michael D Kinney <michael.d.kinney@intel.com>,
 Ray Ni <ray.ni@intel.com>, Andrew Fish <afish@apple.com>,
 Anthony Perard <anthony.perard@citrix.com>,
 Benjamin You <benjamin.you@intel.com>, Dandan Bi <dandan.bi@intel.com>,
 Guo Dong <guo.dong@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
 Jian J Wang <jian.j.wang@intel.com>, Julien Grall <julien@xen.org>,
 Leif Lindholm <leif@nuviainc.com>, Maurice Ma <maurice.ma@intel.com>
References: <cover.1595366363.git.thomas.lendacky@amd.com>
 <9f6d4185-83d2-2745-2106-6399f85e60e4@redhat.com>
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
Message-ID: <3381b49c-1c88-c49c-597a-3a6e9d5dd905@amd.com>
Date: Wed, 22 Jul 2020 15:39:41 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
In-Reply-To: <9f6d4185-83d2-2745-2106-6399f85e60e4@redhat.com>
X-ClientProxiedBy: SN4PR0501CA0118.namprd05.prod.outlook.com
 (2603:10b6:803:42::35) To DM5PR12MB1355.namprd12.prod.outlook.com
 (2603:10b6:3:6e::7)
Return-Path: thomas.lendacky@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.236.30.118] (165.204.77.1) by SN4PR0501CA0118.namprd05.prod.outlook.com (2603:10b6:803:42::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.18 via Frontend Transport; Wed, 22 Jul 2020 20:39:42 +0000
X-Originating-IP: [165.204.77.1]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: c80cc255-8e92-4878-b56c-08d82e7f5d2d
X-MS-TrafficTypeDiagnostic: DM5PR12MB2358:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM5PR12MB23588B7B4A89CA9E0265943FEC790@DM5PR12MB2358.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4714;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	3TMYalLRed15caAOpFfoVFCUrAK0qMNp32cZzR+UkeZa99IX5H81y8RJBTa++l1PHg8dk28ra1bRm2TjR6lYDHVh0fTMbPmtxnl8AmlnN4wJPNf4SeetxFxTo4EbbRMa/o6lEO1G5T3NPBQeGb/lpwm9woVjr+hfQaXQLUdNjvxY05I/azWdGUEqX0wL4rlT3XlGOJJ2+ySX6NGpvDfkoRJMbm09f7wHLTs8gOeT4a5YBfZ5OFlErXZt8ueOCkWs+cOsFBN1Bhbi0MKCNdLYPF/PPDeYQx65s5YLdl0tdL9dAN6ZUnCz9h4HzVadEuw5u+/Z66pHoP6pE2Vy7qLazC/wZJX8GOQXmFNsMuuaSFEukBCTDABobwc7SVI1qk0T6taNR+1u4K2Kr5pmcsUID4hna4dB0lK2A1zbrVaR+F9rCvPmkr6DFAHy1bLoxglsMnrZoTC06h5htoJxPL4RsA==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(136003)(346002)(376002)(396003)(39860400002)(83380400001)(16576012)(316002)(31686004)(52116002)(45080400002)(966005)(53546011)(66476007)(478600001)(7416002)(6486002)(16526019)(66556008)(26005)(66946007)(8936002)(36756003)(8676002)(31696002)(956004)(54906003)(186003)(4326008)(86362001)(5660300002)(2616005)(2906002)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
	b4yjFUGk4Jqlk6zWK1iqKzEWcWz9brKWonZuJzQB+W4uXqlZ+r2xENfPl3DUm1Z0LHx/PSqJeiiQgOhbWHnyZ3gvQnVH8dnRUcFmFMFP2NEnZv8P0q0vMm+sLvysSZdDJzK5pwbHKDOSh1S1sSRClt0z9JDV33V2lC24bh+F3sWEiOXlsrc6S4x+HPVm5Tlt+o0txbVY/NpQ1A/aiaKtayDhN0WNirb8n4V+Sv6hSwaUPVnk/FzbzYUoUX8g90+2i5KP8K9T4Tcsxv69LzZ2w2JZu3YgqFzXHiwoChMzzk3HCYGHPOjfoFV6PzFwzdk+K4dofAQwsh28WpKkgexKnhGmjvdYO5MFz3qnadbJ1bgcWRPJCHbRXyopXAeDnADF7Do98fF56N4599Fg0psiJlpTau9i7xJ0hqUppXDskNJlWJ74o015NGFLMOX26PY552EIEeXP1w+ko5J9Q8SxJj8eaiVpzVDbmwD8q4NHU9Q=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c80cc255-8e92-4878-b56c-08d82e7f5d2d
X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jul 2020 20:39:43.3855
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: DEf5wp9zlK65FoSr/qcrW1M+4YSjErzuCzBQmwbn+JSe4s44iNQ8xl/EvwrHRMxBTeHwxByVzlgneGXcXMBzOg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB2358
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 7/22/20 3:13 PM, Laszlo Ersek wrote:
> On 07/21/20 23:18, Tom Lendacky wrote:
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>
>> This patch series provides support for running EDK2/OVMF under SEV-ES.
>>
>> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the
>> SEV support to protect the guest register state from the hypervisor. See
>> "AMD64 Architecture Programmer's Manual Volume 2: System Programming",
>> section "15.35 Encrypted State (SEV-ES)" [1].
>>
>> In order to allow a hypervisor to perform functions on behalf of a guest,
>> there is architectural support for notifying a guest's operating system
>> when certain types of VMEXITs are about to occur. This allows the guest to
>> selectively share information with the hypervisor to satisfy the requested
>> function. The notification is performed using a new exception, the VMM
>> Communication exception (#VC). The information is shared through the
>> Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT instruction.
>> The GHCB format and the protocol for using it is documented in "SEV-ES
>> Guest-Hypervisor Communication Block Standardization" [2].
>>
>> The main areas of the EDK2 code that are updated to support SEV-ES are
>> around the exception handling support and the AP boot support.
>>
>> Exception support is required starting in Sec, continuing through Pei
>> and into Dxe in order to handle #VC exceptions that are generated.  Each
>> AP requires it's own GHCB page as well as a page to hold values specific
>> to that AP.
>>
>> AP booting poses some interesting challenges. The INIT-SIPI-SIPI sequence
>> is typically used to boot the APs. However, the hypervisor is not allowed
>> to update the guest registers. The GHCB document [2] talks about how SMP
>> booting under SEV-ES is performed.
>>
>> Since the GHCB page must be a shared (unencrypted) page, the processor
>> must be running in long mode in order for the guest and hypervisor to
>> communicate with each other. As a result, SEV-ES is only supported under
>> the X64 architecture.
>>
>> [1] https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&amp;data=02%7C01%7Cthomas.lendacky%40amd.com%7C55f66571386d4639169308d82e7bb6c1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637310457204828040&amp;sdata=FUhx4fmdzpMota0nG9nudA3aA%2F9Z4Pj2tShJL8UvyhI%3D&amp;reserved=0
>> [2] https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.amd.com%2Fwp-content%2Fresources%2F56421.pdf&amp;data=02%7C01%7Cthomas.lendacky%40amd.com%7C55f66571386d4639169308d82e7bb6c1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637310457204838018&amp;sdata=Krm34z0vbUIvbx3YUNdAFjVJ14hopxmR95tyfpUMquA%3D&amp;reserved=0
>>
>> ---
>>
>> These patches are based on commit:
>> 9132a31b9c83 ("MdeModulePkg/DxeCorePerformanceLib: Switch to UnicodeStrnToAsciiStrS")
>>
>> A version of the tree can be found at:
>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es-v19&amp;data=02%7C01%7Cthomas.lendacky%40amd.com%7C55f66571386d4639169308d82e7bb6c1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637310457204838018&amp;sdata=IObhTmWtA4zHG1k5rM8lNjaUfOjYR%2BdV2b1pp2G7Lw4%3D&amp;reserved=0
>>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Anthony Perard <anthony.perard@citrix.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Benjamin You <benjamin.you@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Guo Dong <guo.dong@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Julien Grall <julien@xen.org>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Leif Lindholm <leif@nuviainc.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Maurice Ma <maurice.ma@intel.com>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>>
>> Changes since v10:
>> - Fix conflicts around GccInline.c file after moving to latest commit
>> - Fix conflicts with OVMF PCD values after moving to latest commit
> 
> The updates in patch 29 (OvmfPkg: Create a GHCB page for use during Sec
> phase) look OK; thanks.
> 
> My understanding is that the MdePkg and MdeModulePkg patches remain
> needing approval; is that correct?

Yes, those are the only patches that don't have a Reviewed-by: or Acked-by:.

Thanks,
Tom

> 
> Thanks!
> Laszlo
>