From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.61]) by mx.groups.io with SMTP id smtpd.web11.2718.1609793134104649038 for ; Mon, 04 Jan 2021 12:45:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=QZB9Bimp; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.61, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hh8O23WgSS18Fk+o/61KExmBD/6COlJVS1EjzvPmzfjAXio5IqwjrY/iUBc/WxBFfA3nt2KeulIRBiVEeWj15XzE/NBFqjAQ6pDML9XryrqnuzUW1akcAx5GukieEddLNdhZHQY9ZbS6wqWaB/M6HW934Beh7TbaP6b/TnFiTlhDNt7rbbeak9PG3I4xmBtAIxHGa04Lu9yUW/WGvmoZCcqtibofnbjwwpEH1tcNJPHUdqPgGtsVSLv/4wk+UqMBMmTvX5AJmPRjO7tZCCZmKQy3q4TqGKsnk6XBlk9m/he2dYhrT1FnUeh8LWlPxQppNqlX0r89Gygz2HJhz1QykQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0sb+SaApJuegBPrVVC1FNL2E74wZ5K/GCj0fFm7G1oE=; b=g7lLseK8+K0cn/Awfyj/NGgthGbx5xe6ZtmbkRSsSv68TmonUXor1+6Z0dUl7G3VPDxCnCeXdQsdgkHmaq6W+FTr3XgiAk6h9bWK/es3g7a7n+uKS2NPyqhi0S31OvnN+YX4febU2uDbSbScpnasxUB0AzyB7MBT5Y6X1TRf5rDaR/SXz31Pdv661ab5FQLffYfEGxLquwwr/JTm5c/tX7b8gMCnLGmepcPvLxc8JOR9DGes3vvZJB4NvSGMvtflqxJSL65rnxIqIcKe5+E0jL4k1CZEtmZGwR7FR4WKnxs0ZlJaE9bbOnC3FUcMCg4q3NTwrYPuLhDgu3pHV3JpbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0sb+SaApJuegBPrVVC1FNL2E74wZ5K/GCj0fFm7G1oE=; b=QZB9BimpUmeJyAWuBdiT+XccW0SfOJcH8imUIN5Ie/Vp3BvUl05l7382L1uq5cO0pmn0umIyKN/plInTYW2g4dmqbTtu6+LGzG79oxUhL10N3wz3YwT33WLsLy7RKiQpz45iRVKUJEFal74V6GFAgm/rm3/iqesw80eeO9u8eBA= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4960.namprd12.prod.outlook.com (2603:10b6:5:1bc::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.21; Mon, 4 Jan 2021 20:45:32 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Mon, 4 Jan 2021 20:45:32 +0000 Subject: Re: [edk2-devel] [PATCH 03/12] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES To: Laszlo Ersek , devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <3ffe88b74cf89f79a49441ac844b273e857d013f.1608065471.git.thomas.lendacky@amd.com> <8873c06a-dfb1-5cd7-9ce2-00cb44ebb59f@redhat.com> From: "Lendacky, Thomas" Message-ID: <3b2c3669-7207-9608-f97a-356b310b9de5@amd.com> Date: Mon, 4 Jan 2021 14:45:31 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <8873c06a-dfb1-5cd7-9ce2-00cb44ebb59f@redhat.com> X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SA9PR13CA0188.namprd13.prod.outlook.com (2603:10b6:806:26::13) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SA9PR13CA0188.namprd13.prod.outlook.com (2603:10b6:806:26::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.4 via Frontend Transport; Mon, 4 Jan 2021 20:45:32 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b4443463-f674-45ed-de1e-08d8b0f1ae2a X-MS-TrafficTypeDiagnostic: DM6PR12MB4960: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PNUflZ+pfgecc4q/1DPzgBeVKciIDPDR2ELW26XQpeAVjAYVRQR3Gp9n+/CplKDIIMoSAxGq0Fqy/j+Djcc/0iS17zNZVudxNMYdOHvmhI01AKGMVndM0j3IeNpGf4TrHjfvJ6w2JJ6C4MSmk5IOWDbO/C7J7WAXG09LnKMvRdbk8pK+SPhOlSm56JGuc78K4Y82mX1NpQmbjYPIabDW0StIi8WTcw8n8VmgD06GQgQR5jIWtYRqDXzX/CJl4XHec+fBnAQXRrSKR2JU9s0MdZZ0jSYkOgAtsdxM145c87mMZikdSxtEIKAYu21mA65Db4gqzIGt2uf1vZXcPB5UXj3mmDGjkwUBT8jGc7QoFIlD3W5MAIMGSDpkl9/bpf+SyGx/25GSZyJijxkbZ6bPP0doas0Bc7n2Uol7T8mPXpu/kFn7pL3QA3rz+U7Q7MVij0J4S6O3/7VS1i6Z3oFEzRgVwYaxBKLPtpPeqjGluE1M6f+xke4N3XG0Tfl2LLGl4BMhBWtVcH0A7WySefyAZvJNKpjVnxV0LAQm846GIoJ9IhGGqOHGdj9LowHGi3vN X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(396003)(366004)(39860400002)(83380400001)(54906003)(31686004)(316002)(8676002)(26005)(6506007)(186003)(66946007)(53546011)(16526019)(86362001)(31696002)(52116002)(36756003)(4326008)(45080400002)(30864003)(19627235002)(6512007)(6486002)(966005)(2906002)(15650500001)(66556008)(8936002)(66476007)(956004)(478600001)(5660300002)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?MzFpc3NJYi9tdVY2QTllMENkcndVdlJ4cWpJNHg3Z2syYjZtRCtWaDRPa3ZL?= =?utf-8?B?d0NHLy8xTmg2ZFljd1RtMGR5OXlEOHp0b3I4L1RvdW5QeUlQL2ZsR0VwOWxV?= =?utf-8?B?NU56K1dOWUM0OWlEWExjaHcva2MzY25oNWNrK21Cei9QYU5SYzFaWUpnODFi?= =?utf-8?B?Sy96Q0tCN2padEVyOS9MSlBpYzJpYW1IK1AyMzFqdHJhQ2lHSFlUc0NZRmpC?= =?utf-8?B?b2VjaSsvUGFCWThQZ0ZhaHFNcS9kZGNKVWtDZ0o4elB5Y0k0cExxUFZ2dE5n?= =?utf-8?B?VkN6d0FVcEtyUmd6L3dSMlZrWndMNVNnN1V2a3NZL2hwK0VJbnV4WG9hUm1m?= =?utf-8?B?b0txdmhZaVdEbGdEWHdBMG1wNzBIU0hPMVRnWGtJdHlHdllCcndJM0tVWHll?= =?utf-8?B?MTV6QnVvRTE3NGFTOW1MdGgyOW43NDJheTgrNGN1b2NEUGUxb09XNXR4YzFs?= =?utf-8?B?Q3MzM1U4ZWlTTnYvSll5UnF5SEQyMTFSS294Nkx3OGdRRzdBOFRuSEZzRDlR?= =?utf-8?B?SS96ZmxPTlZtNEc5Z2tJV3A3SlpTMkpYTWx2NXZ4NGhKV1lQWXRjMFJjdkYz?= =?utf-8?B?WVdpWUJlc1A2V2pGVEN4QWZKUjlhdFJjTy9kWmt2MGpORnFDVjZrengybGlE?= =?utf-8?B?blQ1eUFuc3paYURKT1Q3aGlYcGlTQzRxbmdvaDlEeENEN0dlRFI1bE5RZzJS?= =?utf-8?B?NVFTRU9RM0Izb1JWRG1YNVdYYzlsTVN3bWNqOW9lR0cwRjYxNkRmOHdhelRs?= =?utf-8?B?WnFyQmtJUWdFb2hZa3lvZjdDVDVxU0lRZWRjb3dBdDhzU1RpOGZKc0pueGpF?= =?utf-8?B?bGYzTWpya1ZnU2x0ZmUyRktNdjJmY3llb1hKYTJVUVFKSTlaSTNsK0NlZzZS?= =?utf-8?B?OWM0VHdJWG1kemcrUzl0OUF1ekUxajhGVjlaRk52YXAvbW0rREoyNTdFNXdU?= =?utf-8?B?ZUYrdDZOdjUrOFpCeS92V1FvbC9hNU8zdDZlTWR1VDErQy9TSzl2bHJFbk94?= =?utf-8?B?RWIzeGpBbGp2Yk0yakszTExNRGh6eXBXR2Vhak0yUE5qYXlZckhWS0Z3UlRZ?= =?utf-8?B?cWRKbGluQ3hBeW5CV0NSZG5QeC9oRDFPajZWUHVycmdSaXpUaVlKcHR2OW5G?= =?utf-8?B?Q00wTmlLeVdKNm85MHVhREhuNnovenZYenlRb2VHY1MvQkswSTdSa3RIM2Fn?= =?utf-8?B?TlNTTDZuS3dlYVBwUEhJMkxpMmhIVFY3VnBFNTNVL1I3cTNuWEh4MTRaZzBl?= =?utf-8?B?OHpKbENNSXplV1I0d25BL05sbVJUNnhleGd5NXFkK3JlTlpROXU3TXlHclg2?= =?utf-8?Q?w+BdC/10YFu4UiOxPAf7Mq8qAU4QJk7uB3?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jan 2021 20:45:32.7127 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: b4443463-f674-45ed-de1e-08d8b0f1ae2a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uR6DmPna7fTura0xHgFPn9COl6eowgwrWT2a5BrBH22yGFnzALMqmkKCE8D8LnARJp6cDxvksOw/f7Ji7b8lOw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4960 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 1/4/21 1:59 PM, Laszlo Ersek wrote: > On 12/15/20 21:51, Lendacky, Thomas wrote: >> From: Tom Lendacky >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7C1fc5692b60664b1323db08d8b0eb372d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637453871588219864%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=J4HNck3XxUEfW1exEoa52sp6p3EliBd2jgqDJT%2BqYa4%3D&reserved=0 >> >> To help mitigate against ROP attacks, add some checks to validate the >> encryption bit position that is reported by the hypervisor. >> >> The first check is to ensure that the hypervisor reports a bit position >> above bit 31. After extracting the encryption bit position from the CPUID >> information, the code checks that the value is above 31. If the value is >> not above 31, then the bit position is not valid, so the code enters a >> HLT loop. >> >> The second check is specific to SEV-ES guests and is a two step process. >> The first step will obtain random data using RDRAND and store that data to >> memory before paging is enabled. When paging is not enabled, all writes to >> memory are encrypted. The random data is maintained in registers, which >> are protected. After enabling paging, the random data in memory is >> compared to the register contents. If they don't match, then the reported >> bit position is not valid, so the code enters a HLT loop. > > (1) Please replace: > > After enabling paging, > > with: > > The second step is that, after enabling paging, Will do. > >> >> The third check is after switching to 64-bit long mode. Use the fact that >> instruction fetches are automatically decrypted, while a memory fetch is >> decrypted only if the encryption bit is set in the page table. By >> comparing the bytes of an instruction fetch against a memory read of that >> same instruction, the encryption bit position can be validated. If the >> compare is not equal, then SEV/SEV-ES is active but the reported bit >> position is not valid, so the code enters a HLT loop. > > I had to stare quite long at the commit message and the code, but > ultimately, it is clearly documented that the 1st and 3rd checks cover > both SEV and SEV-ES, while the 2nd check only covers SEV-ES. OK. > >> >> The encryption mask is saved in the SEV-ES work area so that it can be >> used later in the boot process. > > (2) This does not seem to happen in this patch. > > If you agree, please drop this paragraph from the commit message. Yes, will do. A left over comment from what is now done in a later patch. > >> >> To keep the changes local to the OvmfPkg, an OvmfPkg version of the >> Flat32ToFlat64.asm file has been created based on the UefiCpuPkg file >> UefiCpuPkg/ResetVector/Vtf0/Ia32/Flat32ToFlat64.asm. > > Thanks for this hint. Reviewing this patch with "--find-copies-harder > -C20" is indeed easier. > >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Brijesh Singh >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/Include/Library/MemEncryptSevLib.h | 4 + >> OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm | 116 ++++++++++++++++++++ >> OvmfPkg/ResetVector/Ia32/PageTables64.asm | 12 +- >> OvmfPkg/ResetVector/ResetVector.nasmb | 4 +- >> 4 files changed, 133 insertions(+), 3 deletions(-) >> create mode 100644 OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm >> >> diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h >> index a6d82dac7fac..dc09c61e58bb 100644 >> --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h >> +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h >> @@ -21,10 +21,14 @@ >> // This structure is also used by assembler files: >> // OvmfPkg/ResetVector/ResetVector.nasmb >> // OvmfPkg/ResetVector/Ia32/PageTables64.asm >> +// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm >> // any changes must stay in sync with its usage. >> // >> typedef struct _SEC_SEV_ES_WORK_AREA { >> UINT8 SevEsEnabled; >> + UINT8 Reserved1[7]; >> + >> + UINT64 RandomData; >> } SEC_SEV_ES_WORK_AREA; >> >> /** >> diff --git a/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm b/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm >> new file mode 100644 >> index 000000000000..8fe0d0eed945 >> --- /dev/null >> +++ b/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm >> @@ -0,0 +1,116 @@ >> +;------------------------------------------------------------------------------ >> +; @file >> +; Transition from 32 bit flat protected mode into 64 bit flat protected mode >> +; >> +; Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.
>> +; Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.
>> +; SPDX-License-Identifier: BSD-2-Clause-Patent >> +; >> +;------------------------------------------------------------------------------ >> + >> +BITS 32 >> + >> +; >> +; Modified: EAX, ECX, EDX >> +; >> +Transition32FlatTo64Flat: >> + >> + OneTimeCall SetCr3ForPageTables64 >> + >> + mov eax, cr4 >> + bts eax, 5 ; enable PAE >> + mov cr4, eax >> + >> + mov ecx, 0xc0000080 >> + rdmsr >> + bts eax, 8 ; set LME >> + wrmsr >> + >> + ; >> + ; SEV-ES mitigation check support >> + ; >> + xor ebx, ebx >> + >> + cmp byte[SEV_ES_WORK_AREA], 0 >> + jz EnablePaging >> + >> + ; >> + ; SEV-ES is active, perform a quick sanity check against the reported >> + ; encryption bit position. This is to help mitigate against attacks where >> + ; the hypervisor reports an incorrect encryption bit position. >> + ; >> + ; This is the first step in a two step process. Before paging is enabled >> + ; writes to memory are encrypted. Using the RDRAND instruction (available >> + ; on all SEV capable processors), write 64-bits of random data to the >> + ; SEV_ES_WORK_AREA and maintain the random data in registers (register >> + ; state is protected under SEV-ES). This will be used in the second step. >> + ; >> +RdRand1: >> + rdrand ecx >> + jnc RdRand1 >> + mov dword[SEV_ES_WORK_AREA_RDRAND], ecx >> +RdRand2: >> + rdrand edx >> + jnc RdRand2 >> + mov dword[SEV_ES_WORK_AREA_RDRAND + 4], edx >> + >> + ; >> + ; Use EBX instead of the SEV_ES_WORK_AREA memory to determine whether to >> + ; perform the second step. >> + ; >> + mov ebx, 1 >> + >> +EnablePaging: >> + mov eax, cr0 >> + bts eax, 31 ; set PG >> + mov cr0, eax ; enable paging >> + >> + jmp LINEAR_CODE64_SEL:ADDR_OF(jumpTo64BitAndLandHere) >> +BITS 64 >> +jumpTo64BitAndLandHere: >> + >> + ; >> + ; Check if the second step of the SEV-ES > > (3) Please finish this comment. Will do. > >> + test ebx, ebx >> + jz InsnCompare >> + >> + ; >> + ; SEV-ES is active, perform the second step of the encryption bit postion >> + ; mitigation check. The ECX and EDX register contain data from RDRAND that >> + ; was stored to memory in encrypted form. If the encryption bit position is >> + ; valid, the contents of ECX and EDX will match the memory location. >> + ; >> + cmp dword[SEV_ES_WORK_AREA_RDRAND], ecx >> + jne SevEncBitHlt >> + cmp dword[SEV_ES_WORK_AREA_RDRAND + 4], edx >> + jne SevEncBitHlt >> + >> + ; >> + ; If SEV or SEV-ES is active, perform a quick sanity check against >> + ; the reported encryption bit position. This is to help mitigate >> + ; against attacks where the hypervisor reports an incorrect encryption >> + ; bit position. If SEV is not active, this check will always succeed. >> + ; >> + ; The cmp instruction compares the first four bytes of the cmp instruction >> + ; itself (which will be read decrypted if SEV or SEV-ES is active and the >> + ; encryption bit position is valid) against the immediate within the >> + ; instruction (an instruction fetch is always decrypted correctly by >> + ; hardware) based on RIP relative addressing. >> + ; >> +InsnCompare: >> + cmp dword[rel InsnCompare], 0xFFF63D81 >> + je GoodCompare >> + >> + ; >> + ; The hypervisor provided an incorrect encryption bit position, do not >> + ; proceed. >> + ; >> +SevEncBitHlt: >> + hlt >> + jmp SevEncBitHlt >> + > > (4) Considering *both* HLT loops introduced in this patch: > > would it make sense to insert a CLI before *each* HLT? > > In UefiCpuPkg, we do that in several places. > > I'm guessing it might help if the hypervisor tried to inject #VC or some > other exception while the guest is intentionally stuck in the HLT loop. > (I don't know if forcing the guest to run an exception handler is in any > way exploitable, I just think once we land here, the hypervisor should > have as little control as possible.) > That makes sense. I'll add a CLI before each HLT. Thanks, Tom > The patch looks fine otherwise. > > Thanks > Laszlo > >> +GoodCompare: >> + debugShowPostCode POSTCODE_64BIT_MODE >> + >> + OneTimeCallRet Transition32FlatTo64Flat >> + >> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm >> index 4032719c3075..3cd909df4f09 100644 >> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm >> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm >> @@ -140,9 +140,17 @@ GetSevEncBit: >> ; Get pte bit position to enable memory encryption >> ; CPUID Fn8000_001F[EBX] - Bits 5:0 >> ; >> + and ebx, 0x3f >> mov eax, ebx >> - and eax, 0x3f >> - jmp SevExit >> + >> + ; The encryption bit position is always above 31 >> + sub ebx, 32 >> + jns SevExit >> + >> + ; Encryption bit was reported as 31 or below, enter a HLT loop >> +SevEncBitLowHlt: >> + hlt >> + jmp SevEncBitLowHlt >> >> NoSev: >> xor eax, eax >> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb >> index c5e0fe93abf4..d3aa87982959 100644 >> --- a/OvmfPkg/ResetVector/ResetVector.nasmb >> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb >> @@ -3,6 +3,7 @@ >> ; This file includes all other code files to assemble the reset vector code >> ; >> ; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.
>> +; Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.
>> ; SPDX-License-Identifier: BSD-2-Clause-Patent >> ; >> ;------------------------------------------------------------------------------ >> @@ -67,13 +68,14 @@ >> %endif >> >> %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset)) >> -%include "Ia32/Flat32ToFlat64.asm" >> >> %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) >> %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) >> %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) >> %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) >> + %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8) >> %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) >> +%include "Ia32/Flat32ToFlat64.asm" >> %include "Ia32/PageTables64.asm" >> %endif >> >> >