From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web11.6018.1676537604427085856
 for <devel@edk2.groups.io>;
 Thu, 16 Feb 2023 00:53:24 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=da2X8yQ8;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31G8mt7D008767;
	Thu, 16 Feb 2023 08:53:23 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date :
 subject : to : cc : references : from : in-reply-to : content-type :
 content-transfer-encoding : mime-version; s=pp1;
 bh=9B+zFP5NWdAngd/i6MErzS6tIuuvUFyGF9sI9Zgxb4w=;
 b=da2X8yQ8XxIrv+22uRRv8/mZJWE9XsCFI24nN3ZdR656iZGlFR6gwLX7/qimYLKw1Y5R
 vUnjxb9bkY7/OpsLZA4wsLwHmznIEYoDTlq8SoVmjcXcXk1yowXIJZPi372QiraU3Vp+
 LT35S6MJ8MzG1Qy3E9UyTeFz+nA0zKZ1EkGFxFj2jF0AgdN6MQWbYNkLEPAy74bvrxyj
 5TBUAvkLxUh3gSMjG4PcqYtYKhDbHkhhSeS8Z6g3buRQZDJZZv0XS8IT2KdsJFUCv7kh
 1cZtRxpFg+L1KcvZFxLsU34f4Khfc/ASbK1eneBtna3ZZ0YoiwmmrF0bbQLi+Ifl9B5M mA== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nshacr2ur-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 16 Feb 2023 08:53:22 +0000
Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31G8nnKM012911;
	Thu, 16 Feb 2023 08:53:22 GMT
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nshacr2u5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 16 Feb 2023 08:53:22 +0000
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31G7uAPR000981;
	Thu, 16 Feb 2023 08:53:20 GMT
Received: from smtprelay03.wdc07v.mail.ibm.com ([9.208.129.113])
	by ppma04dal.us.ibm.com (PPS) with ESMTPS id 3np2n7qya6-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 16 Feb 2023 08:53:20 +0000
Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229])
	by smtprelay03.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31G8rIV451249612
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 16 Feb 2023 08:53:19 GMT
Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id D608758059;
	Thu, 16 Feb 2023 08:53:18 +0000 (GMT)
Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 03C5E5805B;
	Thu, 16 Feb 2023 08:53:15 +0000 (GMT)
Received: from [9.77.150.161] (unknown [9.77.150.161])
	by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP;
	Thu, 16 Feb 2023 08:53:14 +0000 (GMT)
Message-ID: <38005c3a-4d02-bb11-3df0-6d16cf23e5db@linux.ibm.com>
Date: Thu, 16 Feb 2023 10:53:13 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.2
Subject: Re: [PATCH v2 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jiewen Yao <jiewen.yao@intel.com>,
        Jordan Justen
 <jordan.l.justen@intel.com>,
        Gerd Hoffmann <kraxel@redhat.com>, Erdem Aktas <erdemaktas@google.com>,
        James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Michael Roth <michael.roth@amd.com>,
        Ashish Kalra <ashish.kalra@amd.com>,
        Mario Smarduch <mario.smarduch@amd.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Dov Murik <dovmurik@linux.ibm.com>
References: <20230216080657.2120213-1-dovmurik@linux.ibm.com>
From: "Dov Murik" <dovmurik@linux.ibm.com>
In-Reply-To: <20230216080657.2120213-1-dovmurik@linux.ibm.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: 1r2V2rTq9u6Hhxv96pI0Bw5eK3V2e4nE
X-Proofpoint-ORIG-GUID: N7OOkOwEXNQdHZ2IXxfutt6vJHOADhHg
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22
 definitions=2023-02-16_06,2023-02-15_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxscore=0
 mlxlogscore=682 spamscore=0 impostorscore=0 phishscore=0 adultscore=0
 bulkscore=0 malwarescore=0 clxscore=1015 suspectscore=0 lowpriorityscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000
 definitions=main-2302160070
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit



On 16/02/2023 10:06, Dov Murik wrote:
> (Note: This is a new version of this one-year-old patch series; the v1
> series [1] got a few Acked-by but it's been so long that I don't
> consider them relevant anymore.)
> 
> AMD SEV and SEV-ES support measured direct boot with
> kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF
> during boot.
> 
> To enable the same approach for AMD SEV-SNP we make sure the page in
> which QEMU inserts the hashes of kernel/initrd/cmdline is not already
> pre-validated, as SNP doesn't allow validating a page twice.
> 
> The first patch rearranges the pages in AmdSevX64's MEMFD so they are in
> the same order both as in the main target (OvmfPkgX64), with the
> exception of the SEV Launch Secret page which isn't defined in
> OvmfPkgX64.
> 
> The second patch modifies the SNP metadata structure such that on
> AmdSev target the SEV Launch Secret page is not included in the ranges
> that are pre-validated (zero pages) by the VMM; instead the VMM will
> insert content into this page (the hashes table), or mark it explicitly
> as a zero page if no hashes are added.
> 
> A corresponding RFC patch to QEMU will be published soon in qemu-devel.

The corresponding QEMU RFC patch series is at:

  https://lore.kernel.org/qemu-devel/20230216084913.2148508-1-dovmurik@linux.ibm.com/

and the QEMU tree can be fetched from:

  https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v2

This edk2 series is also published at:

  https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v2



-Dov


> 
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Ashish Kalra <ashish.kalra@amd.com>
> Cc: Mario Smarduch <mario.smarduch@amd.com>
> Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
> 
> ---
> 
> v2 changes:
> * Rebased on master
> * Updated AmdSev MEMFD size to match OvmfX64
> 
> v1:
> [1] https://edk2.groups.io/g/devel/message/88137
> 
> 
> Dov Murik (2):
>   OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in
>     OvmfPkgX64.fdf
>   OvmfPkg/ResetVector: Exclude SEV launch secrets page from
>     pre-validation
> 
>  OvmfPkg/AmdSev/AmdSevX64.fdf          | 27 ++++++++++----------
>  OvmfPkg/ResetVector/ResetVector.nasmb | 14 +++++++++-
>  2 files changed, 27 insertions(+), 14 deletions(-)
>