* [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
@ 2021-11-25 13:12 qi zhou
2021-11-25 13:21 ` qi zhou
2021-11-29 19:04 ` Lendacky, Thomas
0 siblings, 2 replies; 6+ messages in thread
From: qi zhou @ 2021-11-25 13:12 UTC (permalink / raw)
To: devel@edk2.groups.io
Cc: brijesh.singh@amd.com, erdemaktas@google.com, jejb@linux.ibm.com,
jiewen.yao@intel.com, min.m.xu@intel.com, thomas.lendacky@amd.com
>From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001
From: Qi Zhou <atmgnd@outlook.com>
Date: Thu, 25 Nov 2021 20:25:55 +0800
Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during
PEI phase
Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by
os(Windows etc), and will not restored on reboot, the
SevEsWorkArea->EncryptionMask may have a random value after reboot. then it
may casue fail on reboot. The msr bits already cached by mSevStatusChecked,
there is no need to try cache again in PEI phase.
Signed-off-by: Qi Zhou <atmgnd@outlook.com>
---
.../PeiMemEncryptSevLibInternal.c | 55 +++++++------------
1 file changed, 19 insertions(+), 36 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index e2fd109d12..0819f50669 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (
UINT32 RegEax;
MSR_SEV_STATUS_REGISTER Msr;
CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
- BOOLEAN ReadSevMsr;
- SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
- ReadSevMsr = FALSE;
-
- SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
- if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
- //
- // The MSR has been read before, so it is safe to read it again and avoid
- // having to validate the CPUID information.
+ //
+ // Check if memory encryption leaf exist
+ //
+ AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
+ if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
//
- ReadSevMsr = TRUE;
- } else {
+ // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
//
- // Check if memory encryption leaf exist
- //
- AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
- if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
+ AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
+
+ if (Eax.Bits.SevBit) {
//
- // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
+ // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
//
- AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
-
- if (Eax.Bits.SevBit) {
- ReadSevMsr = TRUE;
+ Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
+ if (Msr.Bits.SevBit) {
+ mSevStatus = TRUE;
}
- }
- }
-
- if (ReadSevMsr) {
- //
- // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
- //
- Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
- if (Msr.Bits.SevBit) {
- mSevStatus = TRUE;
- }
- //
- // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
- //
- if (Msr.Bits.SevEsBit) {
- mSevEsStatus = TRUE;
+ //
+ // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
+ //
+ if (Msr.Bits.SevEsBit) {
+ mSevEsStatus = TRUE;
+ }
}
}
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou
@ 2021-11-25 13:21 ` qi zhou
2021-11-29 19:04 ` Lendacky, Thomas
1 sibling, 0 replies; 6+ messages in thread
From: qi zhou @ 2021-11-25 13:21 UTC (permalink / raw)
To: devel@edk2.groups.io
Cc: brijesh.singh@amd.com, erdemaktas@google.com, jejb@linux.ibm.com,
jiewen.yao@intel.com, min.m.xu@intel.com, thomas.lendacky@amd.com
Here I will add some debug infomation about the reboot issue. on the master branch, I added some logs, see below:
https://1drv.ms/u/s!As-Ec5SPH0fuimANnT5FPm8cmeM6
---
.../Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index e2fd109d12..8ab5849386 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -44,6 +44,7 @@ InternalMemEncryptSevStatus (
ReadSevMsr = FALSE;
SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+ DEBUG ((DEBUG_INFO, "SevEsWorkAera: %p, SevEsWorkArea->EncryptionMask: %lu\n", SevEsWorkArea, SevEsWorkArea ? SevEsWorkArea->EncryptionMask : 0));
if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
//
// The MSR has been read before, so it is safe to read it again and avoid
@@ -71,7 +72,9 @@ InternalMemEncryptSevStatus (
//
// Check MSR_0xC0010131 Bit 0 (Sev Enabled)
//
+ DEBUG ((DEBUG_INFO, "Begin read msr\n"));
Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
+ DEBUG ((DEBUG_INFO, "End read msr\n"));
if (Msr.Bits.SevBit) {
mSevStatus = TRUE;
}
--
2.25.1
Then rebuild the ovmf package, launch qemu with windows 10 guest os installed, repeat reboot win10 guest os 4-10 times, then there may got reboot fail
see this screenshot: https://1drv.ms/u/s!As-Ec5SPH0fuil9hsVV_ooZG0mcw?e=xgfJoL
From: qi zhou <atmgnd@outlook.com>
Sent: Thursday, November 25, 2021 21:12
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: brijesh.singh@amd.com <brijesh.singh@amd.com>; erdemaktas@google.com <erdemaktas@google.com>; jejb@linux.ibm.com <jejb@linux.ibm.com>; jiewen.yao@intel.com <jiewen.yao@intel.com>; min.m.xu@intel.com <min.m.xu@intel.com>; thomas.lendacky@amd.com <thomas.lendacky@amd.com>
Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
>From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001
From: Qi Zhou <atmgnd@outlook.com>
Date: Thu, 25 Nov 2021 20:25:55 +0800
Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during
PEI phase
Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by
os(Windows etc), and will not restored on reboot, the
SevEsWorkArea->EncryptionMask may have a random value after reboot. then it
may casue fail on reboot. The msr bits already cached by mSevStatusChecked,
there is no need to try cache again in PEI phase.
Signed-off-by: Qi Zhou <atmgnd@outlook.com>
---
.../PeiMemEncryptSevLibInternal.c | 55 +++++++------------
1 file changed, 19 insertions(+), 36 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index e2fd109d12..0819f50669 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (
UINT32 RegEax;
MSR_SEV_STATUS_REGISTER Msr;
CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
- BOOLEAN ReadSevMsr;
- SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
- ReadSevMsr = FALSE;
-
- SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
- if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
- //
- // The MSR has been read before, so it is safe to read it again and avoid
- // having to validate the CPUID information.
+ //
+ // Check if memory encryption leaf exist
+ //
+ AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
+ if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
//
- ReadSevMsr = TRUE;
- } else {
+ // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
//
- // Check if memory encryption leaf exist
- //
- AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
- if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
+ AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
+
+ if (Eax.Bits.SevBit) {
//
- // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
+ // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
//
- AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
-
- if (Eax.Bits.SevBit) {
- ReadSevMsr = TRUE;
+ Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
+ if (Msr.Bits.SevBit) {
+ mSevStatus = TRUE;
}
- }
- }
-
- if (ReadSevMsr) {
- //
- // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
- //
- Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
- if (Msr.Bits.SevBit) {
- mSevStatus = TRUE;
- }
- //
- // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
- //
- if (Msr.Bits.SevEsBit) {
- mSevEsStatus = TRUE;
+ //
+ // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
+ //
+ if (Msr.Bits.SevEsBit) {
+ mSevEsStatus = TRUE;
+ }
}
}
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou
2021-11-25 13:21 ` qi zhou
@ 2021-11-29 19:04 ` Lendacky, Thomas
2021-11-29 19:28 ` Brijesh Singh
1 sibling, 1 reply; 6+ messages in thread
From: Lendacky, Thomas @ 2021-11-29 19:04 UTC (permalink / raw)
To: qi zhou, devel@edk2.groups.io
Cc: brijesh.singh@amd.com, erdemaktas@google.com, jejb@linux.ibm.com,
jiewen.yao@intel.com, min.m.xu@intel.com
On 11/25/21 7:12 AM, qi zhou wrote:
> From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001
> From: Qi Zhou <atmgnd@outlook.com>
> Date: Thu, 25 Nov 2021 20:25:55 +0800
> Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during
> PEI phase
>
> Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by
> os(Windows etc), and will not restored on reboot, the
> SevEsWorkArea->EncryptionMask may have a random value after reboot. then it
> may casue fail on reboot. The msr bits already cached by mSevStatusChecked,
> there is no need to try cache again in PEI phase.
>
> Signed-off-by: Qi Zhou <atmgnd@outlook.com>
> ---
> .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------
> 1 file changed, 19 insertions(+), 36 deletions(-)
>
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> index e2fd109d12..0819f50669 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (
> UINT32 RegEax;
> MSR_SEV_STATUS_REGISTER Msr;
> CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
> - BOOLEAN ReadSevMsr;
> - SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
>
> - ReadSevMsr = FALSE;
> -
> - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
> - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
> - //
> - // The MSR has been read before, so it is safe to read it again and avoid
> - // having to validate the CPUID information.
> + //
> + // Check if memory encryption leaf exist
> + //
> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
> + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
This now defeats the purpose of the workarea the already validated CPUID
information. This CPUID information will now require validating.
Wouldn't the best thing be to clear the workarea in the early boot code?
Thanks,
Tom
> //
> - ReadSevMsr = TRUE;
> - } else {
> + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
> //
> - // Check if memory encryption leaf exist
> - //
> - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
> - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
> +
> + if (Eax.Bits.SevBit) {
> //
> - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
> + // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
> //
> - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
> -
> - if (Eax.Bits.SevBit) {
> - ReadSevMsr = TRUE;
> + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
> + if (Msr.Bits.SevBit) {
> + mSevStatus = TRUE;
> }
> - }
> - }
> -
> - if (ReadSevMsr) {
> - //
> - // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
> - //
> - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
> - if (Msr.Bits.SevBit) {
> - mSevStatus = TRUE;
> - }
>
> - //
> - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
> - //
> - if (Msr.Bits.SevEsBit) {
> - mSevEsStatus = TRUE;
> + //
> + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
> + //
> + if (Msr.Bits.SevEsBit) {
> + mSevEsStatus = TRUE;
> + }
> }
> }
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
2021-11-29 19:04 ` Lendacky, Thomas
@ 2021-11-29 19:28 ` Brijesh Singh
2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann
0 siblings, 1 reply; 6+ messages in thread
From: Brijesh Singh @ 2021-11-29 19:28 UTC (permalink / raw)
To: Tom Lendacky, qi zhou, devel@edk2.groups.io
Cc: brijesh.singh, erdemaktas@google.com, jejb@linux.ibm.com,
jiewen.yao@intel.com, min.m.xu@intel.com
On 11/29/21 1:04 PM, Tom Lendacky wrote:
> On 11/25/21 7:12 AM, qi zhou wrote:
>> From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001
>> From: Qi Zhou <atmgnd@outlook.com>
>> Date: Thu, 25 Nov 2021 20:25:55 +0800
>> Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr
>> during
>> PEI phase
>>
>> Tested on Intel Platform, It is like 'SEV-ES work area' can be
>> modified by
>> os(Windows etc), and will not restored on reboot, the
>> SevEsWorkArea->EncryptionMask may have a random value after reboot.
>> then it
>> may casue fail on reboot. The msr bits already cached by
>> mSevStatusChecked,
>> there is no need to try cache again in PEI phase.
>>
>> Signed-off-by: Qi Zhou <atmgnd@outlook.com>
>> ---
>> .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------
>> 1 file changed, 19 insertions(+), 36 deletions(-)
>>
>> diff --git
>> a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> index e2fd109d12..0819f50669 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>> @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (
>> UINT32 RegEax;
>> MSR_SEV_STATUS_REGISTER Msr;
>> CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
>> - BOOLEAN ReadSevMsr;
>> - SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
>> - ReadSevMsr = FALSE;
>> -
>> - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32
>> (PcdSevEsWorkAreaBase);
>> - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
>> - //
>> - // The MSR has been read before, so it is safe to read it again
>> and avoid
>> - // having to validate the CPUID information.
>> + //
>> + // Check if memory encryption leaf exist
>> + //
>> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
>> + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
>
What is missing in the original patch set is that now with the common
work area we need to check the Guest Type before accessing the SevEs
workarea type. I have a patch in my wip to cleanup the SEV feature
detection check and patiently waiting for the SEV-SNP series to land so
that I can submit other patches.
You need something like IsSevGuest() before accessing the SevEs
workarea, see how its done for the SEC.
https://github.com/AMDESE/ovmf/blob/snp-v13/OvmfPkg/Sec/AmdSev.c#L234
In my WIP I am moving that to common BaseMemEncryptLib.
thanks
> This now defeats the purpose of the workarea the already validated CPUID
> information. This CPUID information will now require validating.
>
> Wouldn't the best thing be to clear the workarea in the early boot code?
>
> Thanks,
> Tom
>
>> //
>> - ReadSevMsr = TRUE;
>> - } else {
>> + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
>> //
>> - // Check if memory encryption leaf exist
>> - //
>> - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
>> - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
>> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL,
>> NULL);
>> +
>> + if (Eax.Bits.SevBit) {
>> //
>> - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
>> + // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
>> //
>> - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL,
>> NULL, NULL);
>> -
>> - if (Eax.Bits.SevBit) {
>> - ReadSevMsr = TRUE;
>> + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
>> + if (Msr.Bits.SevBit) {
>> + mSevStatus = TRUE;
>> }
>> - }
>> - }
>> -
>> - if (ReadSevMsr) {
>> - //
>> - // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
>> - //
>> - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
>> - if (Msr.Bits.SevBit) {
>> - mSevStatus = TRUE;
>> - }
>> - //
>> - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
>> - //
>> - if (Msr.Bits.SevEsBit) {
>> - mSevEsStatus = TRUE;
>> + //
>> + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
>> + //
>> + if (Msr.Bits.SevEsBit) {
>> + mSevEsStatus = TRUE;
>> + }
>> }
>> }
>>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
2021-11-29 19:28 ` Brijesh Singh
@ 2021-11-30 15:51 ` Gerd Hoffmann
2021-11-30 17:18 ` Brijesh Singh
0 siblings, 1 reply; 6+ messages in thread
From: Gerd Hoffmann @ 2021-11-30 15:51 UTC (permalink / raw)
To: devel, brijesh.singh
Cc: Tom Lendacky, qi zhou, erdemaktas@google.com, jejb@linux.ibm.com,
jiewen.yao@intel.com, min.m.xu@intel.com
Hi,
> What is missing in the original patch set is that now with the common work
> area we need to check the Guest Type before accessing the SevEs workarea
> type. I have a patch in my wip to cleanup the SEV feature detection check
> and patiently waiting for the SEV-SNP series to land so that I can submit
> other patches.
Can you prepare a version of the fix which does not depend on the snp
series and can be applied to edk2-stable202111?
thanks,
Gerd
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann
@ 2021-11-30 17:18 ` Brijesh Singh
0 siblings, 0 replies; 6+ messages in thread
From: Brijesh Singh @ 2021-11-30 17:18 UTC (permalink / raw)
To: Gerd Hoffmann, devel
Cc: brijesh.singh, Tom Lendacky, qi zhou, erdemaktas@google.com,
jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com
On 11/30/21 9:51 AM, Gerd Hoffmann wrote:
> Hi,
>
>> What is missing in the original patch set is that now with the common work
>> area we need to check the Guest Type before accessing the SevEs workarea
>> type. I have a patch in my wip to cleanup the SEV feature detection check
>> and patiently waiting for the SEV-SNP series to land so that I can submit
>> other patches.
> Can you prepare a version of the fix which does not depend on the snp
> series and can be applied to edk2-stable202111?
Ack.
> thanks,
> Gerd
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-11-30 17:18 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou
2021-11-25 13:21 ` qi zhou
2021-11-29 19:04 ` Lendacky, Thomas
2021-11-29 19:28 ` Brijesh Singh
2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann
2021-11-30 17:18 ` Brijesh Singh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox