From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.50]) by mx.groups.io with SMTP id smtpd.web10.77431.1680542045572826816 for ; Mon, 03 Apr 2023 10:14:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=BUA/OJ2b; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.50, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hRynp9N2uH8iX/FVkxl68cEChokdxBj2QbC7AtMzm3FrR6IP+OcCNsyQDGO8GV1ARYNnjwQpwWky00hb1aLddpDEpYvquAHfBHEvs/r5N4CPn0yzrMJ9LfdB1R2IZrNl9hFkSUsV9bWmG5XsNuJUYfHaBcQDwYZ92uVeDhKqA0eo2zMA3+42FQyc3XYybQEc5FwW2/N78ZCNiMik62uf/8i2P+zg3hpJ9XdP+dZwUcpre0etZ+1T+514FAhfiU6Czbu0iONTu0gqI56CDACEofNp3Bq4UDh2Dnwy7XmV332HwWapOqbZFzgHmbNo2zClO5Qv6lbClPfR4+dFXbrNXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3HVHP6ZEGQN0GR6oHU1lHm6LhilMx7J8VNnuPXTr/C4=; b=dvYEcsZZ0NSQ9y1grJ4gRUBCYXtnogPwSlpueFWCmuY8uKGSAT+r0gF+Ctm+2wkOtUdB2GJEMhHFpbcOxxm08EzVzzyHKvHCHUuEI6McrtL6IsmhIJApIC8FQhbYTL00TOf50A3V4wGgA9Kc//+qsdHuHMJfrlsIm3r1aX2DCKO4RvB3bipWrgMfHK2wOMfjQiFxinYGbgYryKvYT2fMx4IZTZPE/YmA/GuigSjDblJIWJV3X4fT/EeLILUWNMPUNwgcsUX/L13nD7eoD0CdyLkdHRPJuCewtPJRkQl9bojV3Iqhog4oN7TbI8+BZjLPuBNH1w4O9r3ts63PccwS1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3HVHP6ZEGQN0GR6oHU1lHm6LhilMx7J8VNnuPXTr/C4=; b=BUA/OJ2bmOtiNZ9c+XdF1CVVCkP7i6GeoeYABf8i8l5CePltwV5jI/Lrc9A42OVxQXkUK+aPh3KLiIuS9Tevy+wHC/ogsxXE5veJkU9MwPLEAnQuBOmC5ghDbn9oi9BhablksiSncQpgap4mv3PISdSYxG5Q5LKrVYKxejqRh0Q= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by CH2PR12MB4889.namprd12.prod.outlook.com (2603:10b6:610:68::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.33; Mon, 3 Apr 2023 17:14:03 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::5b56:bf13:70be:ea60]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::5b56:bf13:70be:ea60%5]) with mapi id 15.20.6254.033; Mon, 3 Apr 2023 17:14:03 +0000 Message-ID: <3732444c-d63f-958d-f340-a63a162861ed@amd.com> Date: Mon, 3 Apr 2023 12:14:01 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [edk2-devel] [Patch V2 0/8] Create page table by CpuPageTableLib in DxeIpl From: "Lendacky, Thomas" To: "Tan, Dun" , "devel@edk2.groups.io" Cc: "Ni, Ray" References: <17517763F19F09A0.27612@groups.io> <0b8cbd21-9c80-26cf-8934-c4df9158441d@amd.com> <9ecca246-63db-2cd1-212d-7801deb3b27c@amd.com> In-Reply-To: <9ecca246-63db-2cd1-212d-7801deb3b27c@amd.com> X-ClientProxiedBy: CH2PR18CA0035.namprd18.prod.outlook.com (2603:10b6:610:55::15) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|CH2PR12MB4889:EE_ X-MS-Office365-Filtering-Correlation-Id: edc33b4f-4f7c-4aff-1207-08db3466d2d8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xM8o371F9y0HNpbzCoBxnIXRyD1VBbZQjNzDxgzfTNlWHLuvt0cHeZvilv7xBaHecLQrXg9rVwutgvxy4DekiOCA4EY20ZIXrJLxi9WehC+JpbIFjkPxSMD31jKxxfQTj8GBajegeZ79MAFNHscoNU/i5phoKm74RSTXv0XvQv7q7wW2kIkcIl90s9pqhHFfc3+iqxACdUVMQ2co1U5QNVQr+Kf6XnbsePFCLulnQSQEFdjw0q/ADceUF8F5ucgxnEZ0R0MCGlddlke4CwgSOW5vQonREYATf9UUapwm2fYnaWhSBYuNVQeW/cjtW2b0Bjx+5XJBPYbsYAlkupg+lDv38+oG3zr2Kc3TgtljOd+iFQCG/KZnTXNYhu3UnZtgAIx1T8mkrZxv9mlFKGBGgOEMwSpO4/CxZVJetUx40SwrLC1UFmPMe4guklHpzknGorujS5eIBvYUWwrwtNEg3OpFejBmBSqfBN6bbjcsJenpPz7HTSbTcFPYe+75OkEEUB/ELh+yuDUtcN87d+W2YtUr63usNEn9IciQ2cDcudlG+/72r8NXzWfWKQdseqjWjWrEhvPdjxkZnF8taCdfMa2TqX50kTAfAsoYkerwYlkx5xh0PiLQjkHDy3XZLF5N X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(39860400002)(366004)(136003)(376002)(451199021)(478600001)(110136005)(83380400001)(31686004)(31696002)(86362001)(6506007)(26005)(6486002)(966005)(66476007)(66946007)(66556008)(316002)(19627235002)(53546011)(6512007)(2616005)(4326008)(186003)(41300700001)(38100700002)(2906002)(66899021)(8676002)(8936002)(5660300002)(36756003)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TFUwVklWb1pidHVMdVVRM2VkUkQyN1EyTUUvL2hZMEhOeTZDQjVWWUJwYnF2?= =?utf-8?B?VTU2YkFSYUJ4VzYwV0pQcU9Wbmg4UGlLbWxsVmx5cEJUbEgyUXJPdFFJZElp?= =?utf-8?B?TkNvYlBVTHRWQ2QwdjRsdXE3Vzlwd3pnTk5BWUJUU010c0RJK2RldWRyWWVu?= =?utf-8?B?TGwyVFE3Wm12VzZaR3dXdVJCRFNTbHJQZzhBMlZRdHNyWDRzVWFid0FFaHBD?= =?utf-8?B?T1RGZ2tSK05JVzVWRk8rRjlZTVJJamtDcHlyQWtSSGs1a0hYU2xOeHFLbEhi?= =?utf-8?B?djNsMDdRaHBrczNaaWE4R0hzc2F2dkRYY01Lenk4WUw1NmVidHFQcUl4R09M?= =?utf-8?B?cFJJMWxkYnh4YkwyRVRGTVAzdUtYb3pla1g2V1p3aG5ib1FGSzhDOUZ5WTFU?= =?utf-8?B?UFM1cXdxcHVXNjNSTTVvanZ5QnBveW9UZ3l0b0Z2N2lSS0FxYXhMcFRIbmVX?= =?utf-8?B?WkZPWlZxaWJJc1BWRGZPSUpmVEhNME5jZjI5L1NXMEZBTU1sSUhjVXUrTXN0?= =?utf-8?B?MDBoZWVaaEFsVkR6cW1pd0lzS0FiK2JxSGUwS2lJcHF4R1gvSTRlTmhCS1do?= =?utf-8?B?M0p6Q3V2L1Joc3pULytmYTU2cE4rOGhLUGFxVmdHVm5nVUVRZndKZllWQkVO?= =?utf-8?B?TlN3V1pQR2hpa1Z6cTlMVHFHc01KR1Y4VGlITGdkMDA4TTIyUGx1M01LMUVX?= =?utf-8?B?amtBUkxEL0pqanAyOEI0c0NGYzJlTVdJNGdHZVFyeTB1V2dsNGUwaCtXT3Ja?= =?utf-8?B?T2dsODZPRUVOSzdyOGo3OFJHdGZmN2N6bEVDbHBRYnhHeGNkK3pDUk9RZkcw?= =?utf-8?B?WnRONDNYMXBzRWdwU1pnUlA2K0ZaejFkUXVQVmNNcW9NdlRGRHV4T2Zjc05j?= =?utf-8?B?Z3dhRmpOUnhaVUw5dmF4Si9CbVE2VXp2N0tKUUt5SUR2OVNBNDF0UURVY0Vw?= =?utf-8?B?SHQzdHlmQjVmRzN3SjVqbGp3dlhnUkZiNzU1S3VwR01vWmhqaW5ER204aU55?= =?utf-8?B?SjVMR3ErakdjV21lNlVEa3Ztd2F1OWxjYkVZclpDRHJ6VnR0VTROU2dJRkh0?= =?utf-8?B?cld3bVBkYXB3WVRaaER6NlFCTTFWSEFnTUMxRkl0a2tnTDZGSThuNXY2ZmdZ?= =?utf-8?B?eVJmaFhDYkxSTHlpelFnWWVQMmx5WFhPNGRPZUxpUGw0TTZtQy9wbGJtdkpn?= =?utf-8?B?enJESXJqY3lkOUxBZFl1dUFJL29BZk9Ncy9DcnlRWU44MWgyejJHa2tlSklr?= =?utf-8?B?UlRoMy9RRDdlZVBDM3ZDcEswTklRK2J5REJ3cTJ3empEY21ZcTlYallHNVZu?= =?utf-8?B?emtYSlNrUkxzTm1NN1EyY3QxQmwxS01GazdEY0YyS2hHVWdhNmwrcmMrVTBM?= =?utf-8?B?MVNLVzN6ZTlVSlAxSjYxR1MzZW5TWW9uOWoxVDBmeExKYzFJOWlab1lNNUtO?= =?utf-8?B?V3hFRHBNYXdMekxpcklKTjFPR3RWNnB3aGpNOXVQOWcvVkc5QmRESjdHL0d1?= =?utf-8?B?TmMyZjM4OHhUenRSanFDWk9UR05FSmxyS3ZaWE9wTDNMQTM1OVRSbkIzYmc0?= =?utf-8?B?eDE0TkJYYUNFdXlYbkdORFZOMDBOVUUyT0Z0RkU2M0dDQnJCTHpGSlhWWXQr?= =?utf-8?B?Z3NXVkZDQTZKcEZEbUlsSThFMWpLQU9TTUYzc2NVTW1XV3NjL2g0T3RkSXBV?= =?utf-8?B?alEvUTZHaXZtME5rcW55d0lZL3p3WjVkVklKd3lKb2UrVEFaUm12QU9BbHRv?= =?utf-8?B?RkhBUlAxUmpRTDVaTXNIV1ZWd0wwczlBTHp1OUNhbTUrNzJ4aUFYazF1OFRj?= =?utf-8?B?em1JdmpXWGs0VmdlcEQ2WlRWN2NXU29RYzVpVkpoamJ4bmhtNTRjNWNEZWQz?= =?utf-8?B?R2V5aUNXdVRqWTNPeUZZbzZ4VE80TGlab3RJQ2YramRhNGFEK1E3YWd6dGxU?= =?utf-8?B?YW1Nb1JPaE9uM0MzUGQzazIzWmo1ME1yUTVDcElmMWhNWHgxdGx1RnhCUzhl?= =?utf-8?B?d1BvMGxVc25LNVJBdk4vZUVrQ0hZcUthUDk3TDZNTjd6WlpCT0Z6cHRWR3NF?= =?utf-8?B?VDAvRmdVbTZWKzFMKzlDTmhJY3VjYnRiY21BajZJOUtpR0VxTU5CQXpyM05s?= =?utf-8?Q?RP3EWs0fpyNXFHNgh97SbA8/O?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: edc33b4f-4f7c-4aff-1207-08db3466d2d8 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2023 17:14:03.4351 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: j0ZE332PsKR0KX5lah4cexwZyv7LatRdi8iUsisClpEypHjHzK26JrxARrRi1/6TOyGxnw7WhbokGF4q7M3YOA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4889 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/3/23 09:24, Tom Lendacky wrote: > On 3/31/23 09:35, Tom Lendacky wrote: >> On 3/31/23 04:41, Tan, Dun wrote: >>> Hi Tom, >>> >>> Reccentlly I sent this patch set to change DxeIpl code to use >>> CpuPageTableLib to create page table. I have done some test on Intel >>> CPU to make sure that the page table created by DxeIpl before the >>> change is the same as the page table created by DxeIpl after the >>> change. But there was a remaining case that I didn't cover. The case is >>> that PcdPteMemoryEncryptionAddressOrMask, PcdGhcbBase and PcdGhcbSize >>> are not zero(when memory encryption is enabled on AMD processors >>> supporting the SEV feature). >>> So could you please help do a test on AMD processor to make sure that >>> the SEV feature still works good with this pacth set? >> >> Yes, I can test it. > > This is breaking the SEV-ES and SEV-SNP boots. I'll see if I can figure > out what or where the breakage is, but this patchset can't be merged as is. The following change to the patch series allows SEV-ES and SEV-SNP guests to boot. Thanks, Tom diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c index a9edf4de32..a3f16c7cf9 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -416,6 +416,7 @@ CreateIdentityMappingPageTables ( IA32_MAP_ATTRIBUTE MapAttribute; IA32_MAP_ATTRIBUTE MapMask; EFI_PHYSICAL_ADDRESS GhcbBase4K; + EFI_PHYSICAL_ADDRESS GhcbBaseEnd; // // Make sure AddressEncMask is contained to smallest supported address field @@ -504,15 +505,21 @@ CreateIdentityMappingPageTables ( // // The GHCB range consists of two pages per CPU, the GHCB and a // per-CPU variable page. The GHCB page needs to be mapped as an - // unencrypted page while the per-CPU variable page needs to be - // mapped encrypted. These pages alternate in assignment. + // unencrypted page while the per-CPU variable page needs to remain + // mapped as an encrypted page. + // + // Loop through the GHCB range, remapping the GHCB page unencrypted + // and skipping over the per-CPU variable page. // ASSERT (Is64BitPageTable == TRUE); - GhcbBase4K = ALIGN_VALUE (GhcbBase, SIZE_4KB); - MapAttribute.Uint64 = GhcbBase4K; - MapMask.Uint64 = 0; - MapMask.Bits.PageTableBaseAddressLow = 1; - CreateOrUpdatePageTable (&PageTable, PagingMode, GhcbBase4K, SIZE_4KB, &MapAttribute, &MapMask); + GhcbBase4K = ALIGN_VALUE (GhcbBase, SIZE_4KB); + GhcbBaseEnd = ALIGN_VALUE (GhcbBase + GhcbSize, SIZE_4KB); + for (; GhcbBase4K < GhcbBaseEnd; GhcbBase4K += (SIZE_4KB * 2)) { + MapAttribute.Uint64 = GhcbBase4K; + MapMask.Uint64 = 0; + MapMask.Bits.PageTableBaseAddressLow = 1; + CreateOrUpdatePageTable (&PageTable, PagingMode, GhcbBase4K, SIZE_4KB, &MapAttribute, &MapMask); + } } if (PcdGetBool (PcdSetNxForStack)) { > > Thanks, > Tom > >> >> Thanks, >> Tom >> >>> >>> Thanks, >>> Dun >>> >>> -----Original Message----- >>> From: devel@edk2.groups.io On Behalf Of duntan >>> Sent: Friday, March 31, 2023 5:34 PM >>> To: devel@edk2.groups.io >>> Subject: [edk2-devel] [Patch V2 0/8] Create page table by >>> CpuPageTableLib in DxeIpl >>> >>> In this V2 patch set: >>> 1.Remove the unneeded patch for ArmVirtPkg 2.In this patch 'Create page >>> table by CpuPageTableLib', change the input parameter name from >>> Is32BitPageTable to Is64BitPageTable and add a line of >>> "MapAttribute.Bits.Present = 0" before set a range to non-present. >>> 3.In this patch 'Refinement to the code to set PageTable as RO', add a >>> line of "MapAttribute.Bits.ReadWrite = 0" before set a range to ReadOnly. >>> >>> Dun Tan (8): >>> EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC >>> IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC >>> MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC >>> OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file >>> MdeModulePkg: Add UefiCpuPkg.dec to pass DependencyCheck >>> MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib >>> MdeModulePkg/DxeIpl: Remove duplicated code to enable NX >>> MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO >>> >>> EmulatorPkg/EmulatorPkg.dsc | 3 ++- >>> IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++- >>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++- >>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 4 +++- >>> MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 112 >>> ++++------------------------------------------------------------------------------------------------------------ >>> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++-- >>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 711 >>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ >>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 182 >>> ++++++++++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> MdeModulePkg/MdeModulePkg.ci.yaml | 5 +++-- >>> MdeModulePkg/MdeModulePkg.dsc | 3 ++- >>> OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- >>> OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++- >>> OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +- >>> OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- >>> OvmfPkg/OvmfPkgIa32.dsc | 3 ++- >>> OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- >>> OvmfPkg/OvmfPkgX64.dsc | 2 +- >>> OvmfPkg/OvmfXen.dsc | 2 +- >>> 18 files changed, 200 insertions(+), 849 deletions(-) >>> >>> -- >>> 2.31.1.windows.1 >>> >>> >>> >>> >>> >>>