From: "Brijesh Singh" <brijesh.singh@amd.com>
To: Tom Lendacky <thomas.lendacky@amd.com>,
qi zhou <atmgnd@outlook.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: brijesh.singh@amd.com,
"erdemaktas@google.com" <erdemaktas@google.com>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"jiewen.yao@intel.com" <jiewen.yao@intel.com>,
"min.m.xu@intel.com" <min.m.xu@intel.com>
Subject: Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
Date: Mon, 29 Nov 2021 13:28:46 -0600 [thread overview]
Message-ID: <37990bf4-d440-ce19-367b-8498c153ca76@amd.com> (raw)
In-Reply-To: <daa9613e-c4d9-42d6-65c9-9a6b35aee91f@amd.com>
On 11/29/21 1:04 PM, Tom Lendacky wrote:
> On 11/25/21 7:12 AM, qi zhou wrote:
>> From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001
>> From: Qi Zhou <atmgnd@outlook.com>
>> Date: Thu, 25 Nov 2021 20:25:55 +0800
>> Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr
>> during
>> PEI phase
>>
>> Tested on Intel Platform, It is like 'SEV-ES work area' can be
>> modified by
>> os(Windows etc), and will not restored on reboot, the
>> SevEsWorkArea->EncryptionMask may have a random value after reboot.
>> then it
>> may casue fail on reboot. The msr bits already cached by
>> mSevStatusChecked,
>> there is no need to try cache again in PEI phase.
>>
>> Signed-off-by: Qi Zhou <atmgnd@outlook.com>
>> ---
>> .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------
>> 1 file changed, 19 insertions(+), 36 deletions(-)
>>
>> diff --git
>> a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> index e2fd109d12..0819f50669 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (
>> UINT32 RegEax;
>> MSR_SEV_STATUS_REGISTER Msr;
>> CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
>> - BOOLEAN ReadSevMsr;
>> - SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
>> - ReadSevMsr = FALSE;
>> -
>> - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32
>> (PcdSevEsWorkAreaBase);
>> - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
>> - //
>> - // The MSR has been read before, so it is safe to read it again
>> and avoid
>> - // having to validate the CPUID information.
>> + //
>> + // Check if memory encryption leaf exist
>> + //
>> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
>> + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
>
What is missing in the original patch set is that now with the common
work area we need to check the Guest Type before accessing the SevEs
workarea type. I have a patch in my wip to cleanup the SEV feature
detection check and patiently waiting for the SEV-SNP series to land so
that I can submit other patches.
You need something like IsSevGuest() before accessing the SevEs
workarea, see how its done for the SEC.
https://github.com/AMDESE/ovmf/blob/snp-v13/OvmfPkg/Sec/AmdSev.c#L234
In my WIP I am moving that to common BaseMemEncryptLib.
thanks
> This now defeats the purpose of the workarea the already validated CPUID
> information. This CPUID information will now require validating.
>
> Wouldn't the best thing be to clear the workarea in the early boot code?
>
> Thanks,
> Tom
>
>> //
>> - ReadSevMsr = TRUE;
>> - } else {
>> + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
>> //
>> - // Check if memory encryption leaf exist
>> - //
>> - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
>> - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
>> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL,
>> NULL);
>> +
>> + if (Eax.Bits.SevBit) {
>> //
>> - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
>> + // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
>> //
>> - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL,
>> NULL, NULL);
>> -
>> - if (Eax.Bits.SevBit) {
>> - ReadSevMsr = TRUE;
>> + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
>> + if (Msr.Bits.SevBit) {
>> + mSevStatus = TRUE;
>> }
>> - }
>> - }
>> -
>> - if (ReadSevMsr) {
>> - //
>> - // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
>> - //
>> - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
>> - if (Msr.Bits.SevBit) {
>> - mSevStatus = TRUE;
>> - }
>> - //
>> - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
>> - //
>> - if (Msr.Bits.SevEsBit) {
>> - mSevEsStatus = TRUE;
>> + //
>> + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
>> + //
>> + if (Msr.Bits.SevEsBit) {
>> + mSevEsStatus = TRUE;
>> + }
>> }
>> }
>>
next prev parent reply other threads:[~2021-11-29 19:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou
2021-11-25 13:21 ` qi zhou
2021-11-29 19:04 ` Lendacky, Thomas
2021-11-29 19:28 ` Brijesh Singh [this message]
2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann
2021-11-30 17:18 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=37990bf4-d440-ce19-367b-8498c153ca76@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox