From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.79]) by mx.groups.io with SMTP id smtpd.web12.1869.1634154122793702935 for ; Wed, 13 Oct 2021 12:42:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=IvpG9vvC; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.79, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iiKpUPtEUhyseH5I+I3zBCsf9sOImeyIUseyKT6WzFmmP/KktnNKVJypEVl40vOeorD6X5azcUdkXPonVv8cnIBcSkjm8SONJlSykfv5sFRD9rElSMBUoByndLS0qpaCE8bDSSyxvVDUhBIi3QECKHARIjBsFDZl9hrCmAiS0GeEpqTccmfl94T5euPJkFKFEPkdzqT93lFg4IUi1GPCpA8E4ivNcg+1gQ6I1ARGy80nH7kom5aqOzviJChGbbF+keDmUbCLvM9VRFppQbwXTK1j95sb8HNvrJVSkxSX7U9RzbHxOLhTN1sgHpUli21vm5l+vYQv+3asLLehuAd6Lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AucnJOo8iPpfyxKvamVntdE9v7F4IJEqcuUsxZnVU2k=; b=kJv9TowOLrMGLMXoETN/lb3FXzp0v6j2+l3I+vI4mJpAV+GGcvb3rlbTQXavM3Q75Ytbnfb7O9SUvbflHnnxRfwPKsIgzTmt7Ji2GbwMJmuC1ALbljZ5YUUe0Ba9Nytm+GUNwLWA5bYBEefYUCwnBRVso5I0Z/KLj42IJec1PUnq+gK3U6mxRVRcmJ3OYQXJxDcwivPz/hl2eCSqhd0NGE8H94S5FYqt61CzYlQxuYUK6eL1SV4moIZ1EpHXF19U3ceM1tzhb3UUlnbk8EUVrtBD2aOY+4wVbMmZMv6TyO2cLx+MjijN+xcg7KCxDcK4XLvmO+GRsdMv0BbPg/CxbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AucnJOo8iPpfyxKvamVntdE9v7F4IJEqcuUsxZnVU2k=; b=IvpG9vvC8HKXg0KPbCPyPi2O0rd4xnaQLLJTjSj0/v0G0mt5R8Hh7SSB7vlkEB0Tem/JXolPq0gZ/FtFm+vY7ooGs/m/SDArFOpJPrBCy/ZkvWZZRL+xPX96OCxE/0hTj0HoHjvdI3qPNq7qKGq2hRqDJCHdqSt1pvgU7ahHaNc= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4575.namprd12.prod.outlook.com (2603:10b6:806:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.22; Wed, 13 Oct 2021 19:42:01 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4587.026; Wed, 13 Oct 2021 19:42:01 +0000 Cc: brijesh.singh@amd.com, Tobin Feldman-Fitzthum , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: Re: Error when launching SEV-ES guest with OvmfPkg/AmdSev build To: Dov Murik , edk2-devel-groups-io References: <25b6f2b1-0903-e39a-665f-e3d20ff16261@linux.ibm.com> From: "Brijesh Singh" Message-ID: <3fd9fc49-802f-f3d8-e769-52b9eb478a2e@amd.com> Date: Wed, 13 Oct 2021 14:41:57 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <25b6f2b1-0903-e39a-665f-e3d20ff16261@linux.ibm.com> X-ClientProxiedBy: SN7PR04CA0171.namprd04.prod.outlook.com (2603:10b6:806:125::26) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (165.204.77.11) by SN7PR04CA0171.namprd04.prod.outlook.com (2603:10b6:806:125::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.14 via Frontend Transport; Wed, 13 Oct 2021 19:42:00 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 143506a9-e026-466c-a613-08d98e818678 X-MS-TrafficTypeDiagnostic: SA0PR12MB4575: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1332; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XEMjKbjeJW3eWlZ+LMHIiDZ69JV9KD2G8ufdNQ57y5glApjDvA013kXHCcIZcNwUiDKI4cdAja6NxSq3wCUh4so3k2633k9belmkLKEbaO4r1RsnhZvq95LMM5LgWOMLMvnEUqdbrMz9IxBnokQCLX/DfvTLmQUDgheo9gNat3Q0VLDle6G6ImLfv1oyrHCBKiYepgNL98bbJbJEUxqFZXTgl4hoy8H/v70EgKD2PhWO/QeTOlot+L7dyuds7XqdVzgTFT4Q8vrpMyAiE3m9sXAMUnJhS+AmNDJW0zFB99e2ZWfRsuAr28YfmXfs8CJElSeR4cB4wJvCI5Ogq8OJ22RdiA9Ih/RdeOpEOE4G5ivU4ECgxvBFTM50EBcRA+vYkL210osdjnwKy+Gr5Dm8s33DQR85mMXx5Is+c8wCTPRIQA4U0+SDlIq5ZBXKYsjqnLqVVcBWWZbK2DuU4UeoVh9lDcTiHFsVjIbWDyizkFdjyIjNj0Ckyzi/woB89Uk7M1qfsnZWdminhuYw2Q+gutFNaNAaRtXBWry3JPC1P6GWjnkfAYVgWRsmyrJqaNhN/a/ZzDXq0UapK0uPrmdlpQNhDciKh2CYjGz9JTJVtEKaAo0ifuc13EBvoKA2twqz+ybfwbad/MKgUHw2Tf/ePLsX5o8VyBpAf3j28AIR8flKjST3H2m+fNSsf1TeiuOHsd8yCHDnOvLwCOmo382lHVmynZyuqc8IlUX3upavUu/A3+9AIad7/3MD6Jv4bFuTZGpCJ/+BHRr5JqH2vi0imOwHdSJVmKECBZVY6rnvObD57F9n95DMLo3hSMWv5m6aO2/bE9LCITNtuVBUImJtig== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(44832011)(31686004)(53546011)(6666004)(6486002)(316002)(66476007)(4326008)(110136005)(966005)(31696002)(2906002)(66556008)(6506007)(66946007)(38100700002)(186003)(19627235002)(5660300002)(86362001)(8676002)(956004)(36756003)(26005)(8936002)(54906003)(508600001)(45080400002)(2616005)(83380400001)(6512007)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?a3psV1ExYkllMXUrcm40dllSSmVpNDN0VTJKYVBhMDB2UW5VV1hSQnppbFVH?= =?utf-8?B?eWlkcHkwTXJObnJGT3B2dUNYRlFsUGJXSkpBQ3RCVE9zMTR3N0doSE5XdC9l?= =?utf-8?B?NjFUY0tuWGRuK0IrT1EyQ3JJMXc5VDdncklQUzVuQ0ZNZlFsNHZiUDViZE9S?= =?utf-8?B?c3JqbEd4NXFYcWR5YlowendwSWFFNVBUTHVQcEFKcVh0S25qOUFzUXN0TWlM?= =?utf-8?B?U29jQ1EwZUdUWXRWQzRMNjNMdGpzME44RXpRZ1h2UjlpaTR2L0Y4dzF1Y3hB?= =?utf-8?B?dElyc1U4NkJZQ2dHWWh4bWpqbTFmMVY4RFd0S0VQczUwRnh5b2lpekpyL3Fh?= =?utf-8?B?OWpJK2dLVlo0ZlBIcithejlyaUhKQ3JJRHRUdXFRQk1kcjFROXlzaHN3QVBV?= =?utf-8?B?Tzg2Q09vU2NieVZLci9xcTRQOVBlcUREMHJyUFZDSnFDVmtQb2RYWWJwQVdn?= =?utf-8?B?OVY4Y0tlM2lkOVVxWWJXU0VLZUplNDlxK0dVR0JZTGlwdFM0WnJnZXpQd1pp?= =?utf-8?B?d2ovS1BLTVd0VTFEaWRWRnp5TFl6Znd6SEdqQjlrK2QvWVVTTFZFaEw5OVE5?= =?utf-8?B?eEgzVVBRRHltaDIvMnJWQWRLcFo2L0tTdDJld1NBQjBkdi8vNmYwSTF0RHBK?= =?utf-8?B?Tk9EUXR2MVBtOGIxUVFSVUtYaStiK2JDL085L0pIVDFBSTBuUFJ5bERlaS82?= =?utf-8?B?Zy9mTitkamJXNm5NRDdBWUhoRzh5T2ZoK3JuQmU3cS9PZ1o2cDZDTFlFMnBr?= =?utf-8?B?Y29PUTA4SStSdUowZ201S0xCY1hrTFhSRnBXRVRPNGpHQVF6VW1pU2ZHbjMv?= =?utf-8?B?ZERMaE5nWThEN0x4L1ZMeEY2V1Y4TzBQdnZXUUt1c2RUZ21aNWlhdlZoZE9B?= =?utf-8?B?T3d5dXdkMTNuWWo5T3QzOUQraktFU3dyc1VHSkR5SzczaDlDVGF2eTBVVDRG?= =?utf-8?B?cWFLcmgzOUpNT3R4N0xvT0U4Yzl1UFRJWUxUcjA3YmFmaHQ3WWVCbm5IS0w1?= =?utf-8?B?SFdHMTZ4YTlLK3VidmdEWFgxS0xrWlRJNTFmcUhyQ1FPNS9ZNlc5S3NZS2t4?= =?utf-8?B?NGliaGFYalBZQU1LbE1rcmxkTXRXTks2dXZBNzNOWVExdjNLd05wQTdncTV2?= =?utf-8?B?OTYya2RHM09laWRPZDVSSE9wNTIyMDRTZFpqNzhpeUN2V25vUU11NjBJTnBQ?= =?utf-8?B?dzFHdWdKTU9rVUNMeUROY0RTaXlKNVhVQUFqZUpyNmtVcUs1MTBuNHgzVEEw?= =?utf-8?B?YkJreUIxMFlrNDZJaFNIN2xLdVlOdm5IV3NUeDM5SzRxaklyYUp3V0lnallY?= =?utf-8?B?dFVWRXJuSUlYZWpuVVFTc2VEN0JRWWtxSUlwem90ZmZoVzg1Vmo4Tit6b2lU?= =?utf-8?B?N1htZ05Jc21JTm1ET21aVU9PeEFGUnBnNTlBM2syRjAydmVGZTQyNDhWbTNs?= =?utf-8?B?UXVxZXgra0tIL2NGYWI0Q0MvWmNnS2Z6VFFQUXd4WllHdmJCMGM2Wllxd0Jr?= =?utf-8?B?bnZsN1ovSUNPOVJqVTdOL1ZOZHhUWksyU0VDb2VtM21USkJWSTdMY1ptRC94?= =?utf-8?B?NVdzZHVHYzN3bTlSckNIR0pNWlJSODRPN1NJTVlXMmN2SHQrYW9ueGtsR3Bi?= =?utf-8?B?eXAvaXVCdVVVVFROLzNBbXJPVGRseC9HQW80M2Q0c2l4cyt4NlNyMUU3aVNa?= =?utf-8?B?aVdiVlZhY1MrbG9ZRGVMT3B2THBhMXIrMnFvR3pBcGoxSmRZYlFBN1lMdUly?= =?utf-8?Q?lfOYCySW4fzVuICGZPN83Pqxfq91TZD03coQeCX?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 143506a9-e026-466c-a613-08d98e818678 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Oct 2021 19:42:01.0343 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Gbg7IraLvdwhSvSysYKTP50ZJO14glru/dBHi6JrlE3u4NrhxqjNqEW92fPJTlVMhQ0t3UDGlL3x+/Z/H6APJQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4575 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Hi Dov, On 10/13/21 2:35 AM, Dov Murik wrote: > Hello, > > I encountered the following problem when trying to launch SEV-ES > (policy=0x5) guests with the OvmfPkg/AmdSev/AmdSevX64 package build: > > > $ sudo /home/dmurik/git/qemu/build/qemu-system-x86_64 -enable-kvm > -machine q35 -smp 1 -m 2G -machine confidential-guest-support=sev0 > -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x5 > -drive > if=pflash,format=raw,unit=0,file=/home/dmurik/git/edk2/Build/AmdSev/DEBUG_GCC5/FV/OVMF.fd,readonly=on > -nographic -global isa-debugcon.iobase=0x402 -debugcon file:ovmf-1.log > -monitor pty > > char device redirected to /dev/pts/6 (label compat_monitor0) > error: kvm run failed Invalid argument > EAX=0000000a EBX=0000006f ECX=00000000 EDX=00000000 > ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 > EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 > ES =0000 00000000 00000000 00000000 > CS =0000 00000000 00000000 00000000 > SS =0000 00000000 00000000 00000000 > DS =0000 00000000 00000000 00000000 > FS =0000 00000000 00000000 00000000 > GS =0000 00000000 00000000 00000000 > LDT=0000 00000000 00000000 00000000 > TR =0000 00000000 00000000 00000000 > GDT= 00000000 00000000 > IDT= 00000000 00000000 > CR0=c0000033 CR2=00000000 CR3=00000000 CR4=00000660 > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 > DR3=0000000000000000 > DR6=00000000ffff0ff0 DR7=0000000000000400 > EFER=0000000000000100 > Code=?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? > ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? > ?? ?? ?? ?? > > > ovmf-1.log is empty (even though OVMF is compiled with debug flags). > > > Plain SEV (no -ES) guests work OK. > > > The error is "kvm run failed Invalid argument", so I first tried > switching kernels, but 5.11.0, 5.13.0, and 5.14.0 all gave the same result. > > Then I tried an older OVMF release (edk2-stable202108) -- and it worked > OK. So I started a git bisect session and found this first bad commit: > > > commit ab77b6031b03733c28fa5f477d802fd67b3f3ee0 > Author: Brijesh Singh > Date: Tue Aug 17 21:46:50 2021 +0800 > > OvmfPkg/ResetVector: update SEV support to use new work area format > > BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3429&data=04%7C01%7Cbrijesh.singh%40amd.com%7C161014bce6d140ebb89408d98e2cce3a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637697145350831431%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=26MCaioHLlTtw81C%2F3Mpf8kOG2LpQXFmvt3FvH%2FnjNk%3D&reserved=0 > > Update the SEV support to switch to using the newer work area format. > > > I wonder if any change in this series should have also touched files in > OvmfPkg/AmdSev and missed them. This is most likely because the patch repurposed the EsWorkArea to a generic workarea but the AmdSevX64.fdf is still pointing the EsWorkArea to be the start of the page. After we repurposed the EsWorkArea it got assigned to a different value. See the OvmfPkgX64.fdf. I am having trouble building the AmdSev package. I am getting this error grub-mkimage: error: cannot open `/usr/lib/grub/x86_64-efi/sevsecret.mod': No such file or directory. Do you know what I am missing ? It seems like we have some dependency with the grub but I cannot seem to find out what I need to do to get those resolved. Any hint ? > Any other ideas on how to debug this are welcome. > > Let me know if this should be reported/discussed somewhere else. > > > Thanks, > -Dov