From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.38.40; helo=nam02-bl2-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0040.outbound.protection.outlook.com [104.47.38.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8F93822492754 for ; Fri, 2 Mar 2018 05:11:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=inMVz/ZwjVPiuPVRcn4vaoKcGtjyIk3fIn7h/4WdozM=; b=EECVUEgTkFfl2fKnd1a612pddCAOv43BX/aliQ/9cDRvCSYpDRINvMgsNVTzNVgk0uWAy4rSeY2fS4Dem4uKbcPidRJm/SEqWfgN6IihUBArTiLRw3uqU5+0eelqINWQfxPgjJBOJaNhVcYaeGJQWCCpe7Rkovgdvtkuj34rjxg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp101352wss.amd.com (165.204.77.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Fri, 2 Mar 2018 13:17:47 +0000 Cc: brijesh.singh@amd.com, Ard Biesheuvel , Jordan Justen To: Laszlo Ersek , edk2-devel-01 References: <20180302000408.14201-1-lersek@redhat.com> <2d6e37a5-fdfa-330d-d7ef-51e0350afdad@amd.com> <6be3c2e4-0269-7743-d14d-4cf1f2935342@redhat.com> From: Brijesh Singh Message-ID: <45c6adcc-57a1-c7c4-3474-b33b7323ea17@amd.com> Date: Fri, 2 Mar 2018 07:17:43 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <6be3c2e4-0269-7743-d14d-4cf1f2935342@redhat.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY4PR04CA0055.namprd04.prod.outlook.com (2603:10b6:910:4f::20) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 73612e71-1cb4-431e-ff1c-08d5803ffe0a X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:t2PNQo9XJc/idmxXQ4smCKsc+54Ae3iBdtK9w1QLtZ5T22vuLY7RIG2145fYp0GRyABsYxoTk88K4Lh1ylxfR3jEUe+JzH5RbDX3kBdyHHIoQpDYpL3dD0IoXrXg2OGn+Beige2DigrLPBp4tGwHEwVN5AalijpTkXw2yyJPSoh1UuTmX0PhmlCL4g7s1MKe+0IJwoWkj3pBZQ4644bLVHX/9M+DRoi3WgKkSWOEN3/iMghxDno4cTdcl6uKDExy; 25:QX33Ojpa7znF2mv3L/HmMv5rTndnE7gfroOqu3uNuuwvxfZQHZsXsPJt6wnsnM69XDPh2ozO9fFQaXBy0WDbWBGTcnF3EQRYx6HlcMfpVW852NRipMuxL7Dn9ejcXBlTY0ZqfDGEGAmQkCf5y/Vwmv6zwzIbEhxWIphzCkGDpE+xVwoY6NbsWe8ry6bE4DBsQrJ7mq4P9ve8BjznjltdeD000theNlLOrDBXvTK9L2v5m+Ady0QT+C9HXiKPN0KxIuKtRrzE8xpkFhaB70g4dwnxMkW0X/crgrpBTe8iRPgZeMFUGbO2NBSjfKPwY1cVDtfpGafXJo4c83j6/t+L9g==; 31:FUfGl9sSibkkxCVI+CrrTrqB09FzcR95DjVD6JE151p22vFf244Te4OuVVtwvzuSmUeTnii9/nTbhNAxHZF/khbbKldVztnUWhCAquNFY7cAWNa6FnkynaHLKV/JpJRe24szAVLJzua044NBfXIaapANLPAbZJTpSe8iSMvSARDDg5+CUunTv9bu+MsmkFWqXm1eLHt2R7cOSDBAW2Gp8i8XASRlwI429O0CJ/TyV/k= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:+0/mrLDf7AkGODD0r111129WVSMezjukkXrqFxp2X671Ck69DaqYgFWqMxE5UCjtWqC3H7+zOHgwnZy3AW2yBekf8RYb19j2wZTqpPuVeQkSd6rxVF3TuWhfVOYVq8FuYmEw6UJQEyFMA7xQf94PylhkgF1DO0Q+++XuvIfth74LySb2BD3Y6SZRl8owV7PfOtCgpWzEEHUDD1QJM1diaiD95Gup52860fxSEgGpDnISf4nYe7s1YkCr3JqJ47eijahmrbxoqWIBkdgs4ohFUsA3UtlvopMcWdRdqiwj6epZ2ntmlzRi5dk7Bumkwq7/6wNlahEdXb0a52Cnyfk5iz70rm8Z+QLhXx9mkEpytIjM/zpwiVN06Mf4NK1qnUhGKn0bUZLpkT8RO7tH5ZaOJCnZh1PHhm673Fvkgadawo0IfetuRsV1EoUBIfvtERAY79PLv3YN6WLSi2BhSVLiNkbK71VKfqb0qPd8ztLXjub2ulSf/JATpLr/qSjTO/U2; 4:2u5/DwSggkZow8pPPsNpu2gQs1tpWRSPW4BUazdO9Xbdz1wLCbF511Hzntgo4hzNzUSD3x4cV2RT8w09T7uRUdQzqkAJsfWOFys5rDBoEGFxIwL1RQ8LmPw8ilc3HNh1y/MVr1UK5bK5gSCAEMtIHZJSQM209W6accm2VSdSVhVIaDAI6PdpMBrL0y3cA9K2w60z6ym5iD8meuxbotDtUSjDfDNgfRjech34EY2ZGlc5T0dKKJfR4N7CniEJ6aA4P3EREz+WEiHbawU6WO7WISIpHpdP1Wnp/rQD2pvpXbgZh5UDc5/Ah3XZRd81gYFZ5gT35B2SKaL4f1PHPznS6YyVmqU6iN4VRGlOYKQKMwM= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(166708455590820)(84791874153150); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(3231220)(944501236)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041288)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 05991796DF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(39380400002)(376002)(396003)(346002)(366004)(189003)(199004)(50466002)(65826007)(186003)(8936002)(2870700001)(25786009)(105586002)(6116002)(8676002)(2906002)(81166006)(81156014)(2950100002)(966005)(86362001)(58126008)(31696002)(2486003)(478600001)(47776003)(23676004)(26005)(4326008)(52146003)(3846002)(53416004)(106356001)(65956001)(65806001)(66066001)(110136005)(52116002)(229853002)(7696005)(54906003)(6246003)(68736007)(316002)(97736004)(16526019)(76176011)(53546011)(386003)(36756003)(5660300001)(6486002)(305945005)(7736002)(6666003)(6306002)(64126003)(53936002)(31686004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp101352wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU0OzIzOit0bGJZZEhHM3hzZmRLOVpMSHRGRjUyTEg3?= =?utf-8?B?UjNNU2NGUldYVE5zNkxBSVRWREVnTmdxOHlKakxmS2phRitQUHF2djZqeDdP?= =?utf-8?B?NmxWUk9oTWhWazB2anFwZFlLSTVqa0FjUlVsWE80NWpqckgxeVFNSUVvaitI?= =?utf-8?B?c2t5NzBwSGRwVzE1UG1ObDJkdUJJbXVmbjRSYmxyMFY2eFh2eGt3NFB6eHFx?= =?utf-8?B?UFQyMTFkbHErQkxMTWYxOWRJRitOSUZWdkNaVWxjdVJoZlMyWVVHWjhZYkh4?= =?utf-8?B?d01WTnF0T2RmUnE3UlNaQ3IyWjlKREUxRE53bXh3dEd0dndZRloxcVZzTWIw?= =?utf-8?B?OTVZYm9CSHNqdUNrWDVabmprV0x3cHRsdVJ4RTNDcGxXRlcwYWxYTHJ4anZL?= =?utf-8?B?Z3NJcVFXZTg0MmJkQy9ySFpwaWx1cVRjQ1lIRUk3eHV1aG9hMW10U3pZaFpQ?= =?utf-8?B?RUtWM2pmWGdCZEppd1hraUkvL09aZzhnMEt2WXFLazU4RURxNkFXOFhTTkVs?= =?utf-8?B?MmVFUzdkRis5TzNFTG1OMjdkellMWGtHNmJiWmU2V0NaMW93dkR5UTBTZUZJ?= =?utf-8?B?cDlLQldNaGlnTTkwaGJnZDhHT3VFM0JDUWxwWm9Cemd1am1KQ3kyT0VkRndk?= =?utf-8?B?b0hTRllUMGZlT2IvaTZaME9HWGI3V2JZeEVvMGowK3RGRVpYMHJ5NU9ONXBv?= =?utf-8?B?d2hDdVVpYWZEUmZ3R25yeDB4alcwMmV4MXB6VDhIQ29UK0svSGVXWCtTMjhZ?= =?utf-8?B?OUNpZUNCN3VmVUlJZGdkcTBMbGZ1SVhRTkVJS1NrY0Zqb3UvKzNXaW1xUlpZ?= =?utf-8?B?OWR5Z1ZWOGNONG1SM1NVWExPbjlJbW5VTExiUGVKMk9sOWJydFQrMzVJeTFS?= =?utf-8?B?di9waGFqMzlHNlNxVnpkMmwrL1cwb1NUeUErc1EzS0hKaUNvazdraFRBSWpZ?= =?utf-8?B?cDdzL3pCUHRpR2o2dEJVU045am9MMWdUNG8rakJJNmFRZGdHTU1Vb3lWUzFj?= =?utf-8?B?WkRwUUx3NFNuQXVqQXNhWVQ4T0JvN2V1cFk3MzRSVVhEUTJ3VGRycGlSTTQr?= =?utf-8?B?aE5KeDFHN0pJQ2VuZ2VDM0cxRDRQa2I1b1FITkV4bEltdmo1enVDcTB1TStX?= =?utf-8?B?bGs2bzlTa0UwVFgwTzh0dDRUdVpJYzU0QmcvT2JlMXcyQ2szLzRqZ1BBc2hi?= =?utf-8?B?eDNWZE9Eb2w3S2pqUVhtbGZnTEUycldua3RualJmQWNKRlVYZmYvdEo0aUlJ?= =?utf-8?B?NGw3UW41eHhqT1NqcEJMbHo4WllWSjlyK0Vmcm5DZGFsVlRQYzVMazdZYTFj?= =?utf-8?B?K3VqWU4zNlhqY2xtdTNRdldLN3pNek5WR2JVVmZrSmhHaW1MdXRkQmZzQjNa?= =?utf-8?B?MFdNOWtDd085bDNueFoxb3JUWjM5WFhNUjVJenBNVGxrZDJUby82QnBPSlRU?= =?utf-8?B?SnN4dW5zRVZVNm9OSlMxZUE2WVRNQkdNZWtKZ2lhNVVTcEpRbE9WYWxEMTNR?= =?utf-8?B?UU4vUUozanIrMWljTWIreUxxZEx3d29KYUo0L050VFZqQ04zMmw5aDdIZEls?= =?utf-8?B?dWk5Zk5Rdy9SQW5hT3FnREZNQmtXajFTZGtEVmRHMllOZUp3dVpYR0lBRVlL?= =?utf-8?B?OHRBUTRQTjVkWGxieEpMcHJ5S2VsbVo3M25uRGpwRTFPcjd2bEk2TXRKc3p6?= =?utf-8?B?UzJZS0V4SmVQdHQzcXVGdjhDU1RobE1UaTdPbUlMRDFZaTlES1JaMVUwSmFB?= =?utf-8?B?aTZtdkFaQ0xQcm4rQTJsdmxtVm8wR0FvYXhBa1p2SGFPdWhNc2ZEbVRIWFM2?= =?utf-8?B?TkNNWWFGMVVQWmllSnFrS2cvWmFUT2FVb3lFOS9rb1R5NkoxRVBKTlBQaFJ1?= =?utf-8?Q?p38ylb5n30E=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:KQsVA/4Gw0leah53ntuQtEtzOQrE9G5QOtRwNxN8PwpcJb24rlmsu7KmtjjEYYUlt2AQmA5BdsVXSLBHLmx6swHqXgb0oNRkEEIPiTeYmpfV2sauJhsPSepvYKlfuQgi9HLAs12wZg2D8a1gpAStxZVrKid10m/tzG3jcWJCgSTUH9M6aCQIlnIMYViICPWtxdbX/4FmmoGjxN9HMG2ezo2nXpZpJNvEDsDc7/SGFOqHz3GA6lsCwuJJ00GpCQ9zGp2P5XDAiFHPyQahz7fpI3wTwyuTGPJX5e56PWJQK7sr/wGV85ib33+XOxkqD5Yrx2AkN36Z+nl23uCB35vAyoJavOymKKrmdYlaxJFbflc=; 5:x2xG0V1dV+tfpL49Ve7LcgQc9XgxjJapSEjMViHyRoJ2nQ6oBHAvDp8Z+nFF6PhTxhP9kB6o7MnDepIjbAv88q6Syf+4XU8j7NM9I8xxgPH4uwin09Q+HvCyanIIj72ajjAwRAEdjOnWPw/35178hc7Sj5mcXyjjIsScrHqQfyM=; 24:KBCCu6C3vYo0E0ip2GG+zvPmCfqrJ5CEn0jc84bQXWLV4psSuMGTWUvt6O+xgbDTX0o7uSROBctvGYD0jxnKzTh+6HBxd9S2wPNpaqo0hXE=; 7:Vb/66WGfMvaTpueundGyAHFlhbUStvJopsOmwkE0UXkXtV0lESqZDfQEBvHJydQsKQ00oLPeIPaEYXzaGhDfIdzBZXH6ruE/vQWQ1dBD847WfQ0NMJy3d1M2nfXstJOfPwCzpcMA5+KrACml2hu5Xz+mr/986yCw47ZXRNGVebgOYfgMq05sjL+Pxmm88fUbQkNIABy1TdNP/WksXLVTdGXJO3L9m8SvyM8a4JWEXsuTOJ4FctvOs9xhl6EdMzvI SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:mKEEfA82kHBsTJP6ATBPqZYDBIjiN3uTirSrdjlVYbNevXvzecTJLtLCYCwaBzUNX/t4h7RjG6yozNLwMSRfo4/btYfVhzYp2nURBL5iS4SQ5qLFCzFTISG7yQmYCNlKsuseIlKde9FZ7C54y/3Sb4OeYsDSrqBxNXGnN58VeF68OSSAgxoW1dbVVxdYBwyPPC0aodEOY/yAKJiIGqGhypURzmJ5FZze+y6QcL+PJ0ApWQ64xdibm42cvx4j4ITH X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2018 13:17:47.0596 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 73612e71-1cb4-431e-ff1c-08d5803ffe0a X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 Subject: Re: [PATCH 00/20] OvmfPkg: SEV: decrypt the initial SMRAM save state map for SMBASE relocation X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2018 13:11:43 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US On 3/2/18 5:53 AM, Laszlo Ersek wrote: > On 03/02/18 02:16, Brijesh Singh wrote: >> >> On 3/1/18 6:03 PM, Laszlo Ersek wrote: >>> I also tried to test the series with SEV guests (again with Brijesh's v2 >>> 2/2 patch applied on top). Unfortunately, I didn't get good results with >>> or without SMM. Without SMM, the guest OS boots to a point, but then it >>> gets stuck with the CPU spinning. With SMM, OVMF gets stuck in SMBASE >>> relocation. >> To boot the SEV guest with SMM support we need this KVM patch, without >> this we will get either #UD or some undefined behavior. >> >> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=7607b7174405aec7441ff6c970833c463114040a > Looks like a very recent commit. What tree (and at what commit) do you > recommend that I build a new host kernel? Yes this is very recent commit and it was developed during SMM work. For host kernel we need at least 4.16.0-rc1 but since you are going to boot the SMM enabled BIOS hence I recommend using latest kvm/master https://git.kernel.org/pub/scm/virt/kvm/kvm.git/ > >> It's strange that you are having trouble booting SEV guest without SMM >> support. It's possible that we might have some mismatch kernel kvm + >> qemu + ovmf patches. > Wait, the details matter: I wrote "the guest OS boots to a point". There > are no problems with the firmware, or the initial OS boot progress. The > issue happens fairly later (but certainly before I reach a login prompt > or similar). Maybe this is nothing new relative to last November; I > don't remember. Ah, my best guess is that userspace program is getting wrong time using clock_gettime() and hence the bootscripts are waiting on some events forever .. IIRC, I was getting boot hang sometime back in Oct or Nov and debugging took me to the kvmclock support for SEV guest. I was doing everything right in my patches for kvmclock except the first hunk of the below patch. When kvmclock is available the clock_getttime() uses vdso and since kvmclock page is shared between HV and Guest hence we needed to ensure that userspace pgtable have proper C-bit when accessing this memory range. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v4.16-rc3&id=819aeee065e5d1b417ecd633897427c89f3253ec All the SEV guest got accepted in 4.15, hence for guest kernel you can use Linux kernel >=4.15 >>> Until then, Brijesh, can you please test this series? Thank you! >> >> Sure, I will try the series tomorrow morning. thank you so much for the >> cleanup and remaining SMM work. > Thanks! > > Do you have (maybe updated) instructions for setting up the SEV host? > What are the latest bits that are expected to work together? AMDSEV page https://github.com/AMDESE/AMDSEV contains some instruction and scripts to boot the SEV guest but its still using the older version of kernel and qemu. Here is what you need to do: For host kernel: - use recent kvm/master - make sure following kernel config is enabled   CONFIG_KVM_AMD_SEV   CONFIG_CRYPTO_DEV_SP_PSP   CONFIG_AMD_MEM_ENCRYPT   CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT For guest kernel:  - you can use host kernel or anything >=4.15     make sure you have following config enabled in kernel:       CONFIG_AMD_MEM_ENCRYPT For qemu: - v10 patches from this branch https://github.com/codomania/qemu/tree/v10 > Thanks! > Laszlo