From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120])
 by mx.groups.io with SMTP id smtpd.web10.3515.1597348453230697400
 for <devel@edk2.groups.io>;
 Thu, 13 Aug 2020 12:54:13 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DMx0X6ZR;
 spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1597348452;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=7CfF4XYk4RZxTQQiTsMxOtnhiPQ9ahKCF8DM5j89tlY=;
	b=DMx0X6ZRyM4rexiBge4O4Bb3MciPT3bUZF2DZ47BcCiwN4LMFLRHUSzwI8GlIpaAr/1JiW
	f+6l97SDuEoMdES3SjqbFY5ZSdH1ShDnLk2UD6C7KOHmq19FzmHv7p1Wojn2E0K1Fy0Ajw
	Q0Y7Kay2QybMmPB3d2Qh96opAaX4Xi0=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-526-hMh6YnLFP3ajDdngG8uemw-1; Thu, 13 Aug 2020 15:53:56 -0400
X-MC-Unique: hMh6YnLFP3ajDdngG8uemw-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 39C8B425CB;
	Thu, 13 Aug 2020 19:53:53 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-166.ams2.redhat.com [10.36.112.166])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 802E16FDB8;
	Thu, 13 Aug 2020 19:53:48 +0000 (UTC)
Subject: Re: [PATCH v15 00/46] SEV-ES guest support
To: Tom Lendacky <thomas.lendacky@amd.com>, devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
 Ard Biesheuvel <ard.biesheuvel@arm.com>, Eric Dong <eric.dong@intel.com>,
 Jordan Justen <jordan.l.justen@intel.com>, Liming Gao
 <liming.gao@intel.com>, Michael D Kinney <michael.d.kinney@intel.com>,
 Ray Ni <ray.ni@intel.com>, Andrew Fish <afish@apple.com>,
 Anthony Perard <anthony.perard@citrix.com>,
 Benjamin You <benjamin.you@intel.com>, Dandan Bi <dandan.bi@intel.com>,
 Guo Dong <guo.dong@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
 Jian J Wang <jian.j.wang@intel.com>, Julien Grall <julien@xen.org>,
 Leif Lindholm <leif@nuviainc.com>, Maurice Ma <maurice.ma@intel.com>
References: <cover.1597325013.git.thomas.lendacky@amd.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <3bdffcbb-dba1-ce8b-5b3c-ed7d94dc1db5@redhat.com>
Date: Thu, 13 Aug 2020 21:53:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Firefox/52.0 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <cover.1597325013.git.thomas.lendacky@amd.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0.004
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

On 08/13/20 15:22, Tom Lendacky wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> This patch series provides support for running EDK2/OVMF under SEV-ES.
> 
> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the
> SEV support to protect the guest register state from the hypervisor. See
> "AMD64 Architecture Programmer's Manual Volume 2: System Programming",
> section "15.35 Encrypted State (SEV-ES)" [1].
> 
> In order to allow a hypervisor to perform functions on behalf of a guest,
> there is architectural support for notifying a guest's operating system
> when certain types of VMEXITs are about to occur. This allows the guest to
> selectively share information with the hypervisor to satisfy the requested
> function. The notification is performed using a new exception, the VMM
> Communication exception (#VC). The information is shared through the
> Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT instruction.
> The GHCB format and the protocol for using it is documented in "SEV-ES
> Guest-Hypervisor Communication Block Standardization" [2].
> 
> The main areas of the EDK2 code that are updated to support SEV-ES are
> around the exception handling support and the AP boot support.
> 
> Exception support is required starting in Sec, continuing through Pei
> and into Dxe in order to handle #VC exceptions that are generated.  Each
> AP requires it's own GHCB page as well as a page to hold values specific
> to that AP.
> 
> AP booting poses some interesting challenges. The INIT-SIPI-SIPI sequence
> is typically used to boot the APs. However, the hypervisor is not allowed
> to update the guest registers. The GHCB document [2] talks about how SMP
> booting under SEV-ES is performed.
> 
> Since the GHCB page must be a shared (unencrypted) page, the processor
> must be running in long mode in order for the guest and hypervisor to
> communicate with each other. As a result, SEV-ES is only supported under
> the X64 architecture.
> 
> This series adds a new library requirement for the VmgExitLib library
> against the UefiCpuPkg CpuExceptionHandlerLib library and the UefiCpuPkg
> MpInitLib library. The edk2-platforms repo requires updates/patches to
> add the new library requirement. To accomodate that, this series could be
> split between:
> 
> patch number 10:
>   UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib library
> 
> and patch number 11:
>   UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception
> 
> The updates to edk2-platforms can be applied at the split.
> 
> [1] https://www.amd.com/system/files/TechDocs/24593.pdf
> [2] https://developer.amd.com/wp-content/resources/56421.pdf
> 
> ---
> 
> These patches are based on commit:
> 65904cdbb33c ("UefiCpuPkg/MtrrLibUnitTest: Change to use static array for CI test")
> 
> A version of the tree can be found at:
> https://github.com/AMDESE/ovmf/tree/sev-es-v24
> 
> Cc: Andrew Fish <afish@apple.com>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Benjamin You <benjamin.you@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Julien Grall <julien@xen.org>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Maurice Ma <maurice.ma@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> 
> Changes since v14:
> - Address ECC errors
>   - Fix non-boolean comparison to use a comparison operator
>   - Separate declaration and initialization of variables
>   - Add period to first line of block comments
>   - Split single-line multiple declaration into multiple lines

The changes look good to me, thanks!

In this particular case, the updates do not invalidate my
"Regression-tested-by" given under v14:

https://edk2.groups.io/g/devel/message/63921

"""
For all patches except #10 ("UefiPayloadPkg: Prepare UefiPayloadPkg to
use the VmgExitLib library") and #46 ("Maintainers.txt: Add reviewers
for the OvmfPkg SEV-related files"):

Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
"""

So whoever merges this series should please apply that to the respective
patches.

Thanks!
Laszlo