From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.47]) by mx.groups.io with SMTP id smtpd.web10.17134.1631130359233552776 for ; Wed, 08 Sep 2021 12:45:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=J5BrGk1/; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.47, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KQV0QRkW9G58AHCTKvuCa5ZtZzaJbDqzOdHehxPLINL9Wdhys3J7KrSMbG3zVvA5IqZE/prFaOqZtv0eKUpW9RSknVQOUCzYUj71bKihxKikp95QdNcbaIytEJPIBidVvbpCTRC1nNE5CEjcdm2ICyNnSkkYHVfAQbNO3sNYMeFrrI8S2VWxGKFTYOvut7FnOmbwAO+CdbQ8tfFPEESw3TKNU6PRUbTBCLaMQnHMH4JYF9J7n3brexdTWjn9FJdLdvFKyi/dwtGFP92id/B8hRb4W9sIALhtW+/+Kw/pnXQ1JlzXkUuRWGmeDklZoodlys+oZWKWUU/mMiAjvLqKgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/fXTlqREzfUG1XyTdnAqEae4yZVjwZg2ruAdoQFNbS4=; b=chwQdCsWj60hQbBxkIa3e3oUdfku8L/OnSo+qAdJgfmVAbaaQbQPxx822eR6x0vcKEKJHIHFOGmJbAv3OxsB0Ub/O2c+d3Qn9dqKZh1BSmMyeXF4wxpMm0lEtZh0icO1Uoumyg/sPDXzbyqONJB7feu/j3MNGQs5OXkS6xKa6VYfgNVgR5TEAlemE9B4fs7z9UvsLXMOm5UgeYcSa6NHAU7QlIFQIOpI0L0T7iKTI7zoN4/MILfG3lonYtq5iVtTxyyLl2Ni1i1v1oBrV9esyutjVCV8PJEDSgC5R/X2DEVPTkHy50hGJlxI+5ZBKf33piov7wzIBwyd/Wfsh3OjbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/fXTlqREzfUG1XyTdnAqEae4yZVjwZg2ruAdoQFNbS4=; b=J5BrGk1/kNeWgc0DQpdpJbh7lk306W65StObi+5Ybt2/FwbCv01NdP1FI8BrTzBlX+jFfrA4GPv3ybqR6SdP6Bg6+xiL9cFE5wEsiszOr9Dr5rK00jbXCVrKUrGYOrRHKzydPMLntm0ygmovNlnFv+CRpTrYsUcNVomBP55AOPA= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2719.namprd12.prod.outlook.com (2603:10b6:805:6c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14; Wed, 8 Sep 2021 19:45:57 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4478.025; Wed, 8 Sep 2021 19:45:57 +0000 Cc: brijesh.singh@amd.com, James Bottomley , "Xu, Min M" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann Subject: Re: [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support To: "Yao, Jiewen" , "devel@edk2.groups.io" References: <20210901161646.24763-1-brijesh.singh@amd.com> From: "Brijesh Singh" Message-ID: <4da448de-5e1c-85cf-9471-bf2d77281ac9@amd.com> Date: Wed, 8 Sep 2021 14:45:55 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: X-ClientProxiedBy: SN7PR04CA0045.namprd04.prod.outlook.com (2603:10b6:806:120::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from [10.236.31.95] (165.204.77.1) by SN7PR04CA0045.namprd04.prod.outlook.com (2603:10b6:806:120::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14 via Frontend Transport; Wed, 8 Sep 2021 19:45:56 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0642ffe4-7ca1-4088-4642-08d9730146d9 X-MS-TrafficTypeDiagnostic: SN6PR12MB2719: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TvWd7FmxmB4I1yKJs2IinvcoqykR8O7Y+CQpzNEMQtFHngPBAM/qgghd9OReaKxdoPBD3twdJHb3dYQEPRrzErl+7K7VHGP0ORm1cwvm3YyZwWd/9mfYy5d5iSVmlqhLSqACcYjzMzVWl5Tnit+mq/KNu2zpLya1Ha5tkeKvgLySalRnk6y2kFrzJinRKf/pZXD4m6/ejcUacUixqfTbXZrX38hkFwPPWLvWvglNgspsWcBlU1JnTBvWhhwohYAmlncN9orHi2lystvGZo+DF3nzgGAZE+nquKXTKAhXd8N9bJg1Y13QwoZuneE7fC0V4000xFNzc94ryxhiSQOjY2VbYpmHP7WUIBgxDngjXemTtILPLrk3APLX2bWtzcS4TlPVJgfEL3HuTaxk1LCdXDQyVTBIszh1bArkIyPpb41szD9h7lUJjGgypmpiOd/6TXwyreht8SESiyTEhCEUVJ7iALIZjn5zx7ra4F+j/2K7t2QRADxCqJb03ICY60S9BwXpU4wrUDiy09/XWq1oV8vX3obSclippNdj7ShfO1VIKuJ0klRxJaYMNw8s28ySpn24x6j90MIV45E7ompyoCjb0gdqEyiyjb16Y17gNuzbYSizu0ceTUm8SnnEeZ9mvCjP62xnxtLTh6jhnG2PFrkXVeaicoWGkveF9gqOpCoVOD/7Nwlxn38FyYSODHbZnHsKNeP6NQOgIW0IFthOWmy4HLbor+wSmt9pshEF/nEC1+s/LYgrJie0MKzWfuF4bNkZnCTg8IPSG+DGf+IyRSz5j71h82SWMJHOQIn5+AdYC9+GGQ1Hn6+Ua3s/vHn5kfSDFP18yK1lU9wa1Mf5S+ED9PyvcVqPduABlwoS8Py8ooxo9nVF2b0sQCSV10q9 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(39860400002)(136003)(396003)(8676002)(66556008)(66476007)(66946007)(83380400001)(16576012)(4326008)(110136005)(54906003)(53546011)(316002)(36756003)(31696002)(52116002)(31686004)(8936002)(19627235002)(2906002)(30864003)(5660300002)(6486002)(966005)(478600001)(186003)(26005)(45080400002)(2616005)(956004)(86362001)(44832011)(38100700002)(38350700002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?V0hlbFVpVE13Vnc1Ny9uZDhCQVNXRFVEQkFDMTVtenZET1pZTVNJaFdYaURy?= =?utf-8?B?bU5EVVdDT2hubDlod1kzTFJtb1BJN0V1ZjdpeFl5dUprRkl4SUh6REZEZVNX?= =?utf-8?B?VmkvZUZ2MHJ6RXI5bStQb1A4VU1CdnRjeHR3NUU1NC9kRHI5QkNscWVBTElZ?= =?utf-8?B?L3dCZjN0NXJBS2MrQm9WY0NxamxsN2NwOWptTjNxeGxjNmkzM1daS2lra2xU?= =?utf-8?B?TnZSUW5obEs5RllVbmRxVFYxdVFDVTQ0ZHNtZmFZU0h3SjllWFBLZkZrVlcy?= =?utf-8?B?RFF3OTNLb2JJL2oyNytMU1RDZWRMTFQyenNOaStwU3FFem94ZVZtOWlJM3hy?= =?utf-8?B?cU1iVUFBczZQaUFhSk9IdTVGbWJ5T3ZpY3M0QmIxOGtZQnpmYWhmdEFuelh0?= =?utf-8?B?ejZJVUg0MEJ4Z0Yxb25FZjFUdnJIVnM3T2hTMllZanNBWWRYQnBXbG1xVTl3?= =?utf-8?B?ekdUVklhb2crY0I5dkFob3BQSjNNRTZ4NWYvSVlyUkl4cnljM3lzS0dpTjBl?= =?utf-8?B?UnBvQlRyWm9CZUVTSWhLMHlEaTY2TWFoeWlXMXhoL3d4TjNBYjl0OHRMZXZq?= =?utf-8?B?SFYrRGxsNCsrYzZQTlZBTE45K1JWMGZ6NlEzVUQ4UmJsd3o1VGtYUklTTGdS?= =?utf-8?B?azd2SjVWY0JkditmdTA4dk9BN2JWT3VuTklqdUpETkUrSk16ZlBRdHNWSGpV?= =?utf-8?B?Y2VKekRUcTcydkRDa253dXdwWGxyS0laNkQ0Q21ENE0wRXZJcnVBVDFoMk1p?= =?utf-8?B?Y01NOFNaTkw1MTVhWDVqeVJjWlgraGdubXRXOTV4bE9JRXpnbUlBd2lyb2ht?= =?utf-8?B?OERqZVpmVU9RYXBKR2RDRmw3bUFMVFBaM0ZqWlVMUEtmcTRZdm5ZWitKZHcz?= =?utf-8?B?S0k0aDAvN2E5eWVMcTE2OVV3MDJaRWQyVDU3bGNFNDcrbXd3SVFsNXdIdDl3?= =?utf-8?B?bGtTbTZyRVB0U2tsNWNVZXo4b0lTU0s0cFJHbXVtVWFvTDh6SVJCcDBsM0ZC?= =?utf-8?B?U0dpN1NKTGZRem9sTnBmcVorYVJhV2hZODJvUnJRMDY1NVNObFJyMHdkQ3pk?= =?utf-8?B?THQ2bjU0Mk0wSmxueEpMK2d4VE12NWJ1TkQxYk9SaXY3SUlHTFRGaGw5Tlc2?= =?utf-8?B?a0F3dGhjbzJmd2ZwMlJBdkVEU2NLL2FrNEVKRkRKT1lzWHdEa0FWWnplT2lR?= =?utf-8?B?MFgwdFNlWmM2N1dXNDRObGZwZVZDSllTRkZ2SlJ3VlBlY3FERkNVck4rRkJW?= =?utf-8?B?TXl2eWNNdHU1bW9jNUZPclBxanJTTGhtYm93emlmUFN4ZDZQcDFUc1FqTU9Q?= =?utf-8?B?TkNUazJrZ3YwRXFYQzZSTGp4d2hZSm5oQzNYNFVHUFlVdXFwaElRZ1VXNXVV?= =?utf-8?B?SDE0eW9peUtXMFNVZ2lKSmRtb1hCbU1Wa05jSFJ0bjhwQlNwaUJKQkRtclEw?= =?utf-8?B?QjA3MTFqS3daclJUdFNBTU5CSG9naWxTZzN6ZjY4b3FWMnNST2pkY2phMWZ0?= =?utf-8?B?dWx4WTdHdlFyM3hkcnhKbE9WRFo3V0xUV2dBNms5blBqNis0VFRpbTBKS1gr?= =?utf-8?B?T0NHNXZrNUoxQzNRcnVrWTMxd1RBNFJqRjhrV0ZoSkZpREZ1RjVJV1VLaEN1?= =?utf-8?B?Ty9uN1RPUjhqMnJXUnowS01rR2tXeE1xdWh1dTd6ZmZ3R0thWmZLZVhBS3hm?= =?utf-8?B?VVpJQlZmWm1HZHRuMzJEUUxtYUgxTzNLcmI3ZUpwbWZWNVVHd01RL21PSkp1?= =?utf-8?Q?VLI4Val98UNlxHo3wgp8RAiP3tc9smgCQKHnkNo?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0642ffe4-7ca1-4088-4642-08d9730146d9 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Sep 2021 19:45:57.2420 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: on7xMgAYrOVNmQP5gLcYeDb1fb81dN3LhEq3KBInSl09Mn3evXZoFRyob/2pupOAgmpirnOmBOTPzZfHM9fuPw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2719 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Thank you so much Yao for reviewing the patches. Based on some comments from Gerd I may update code around the reset vector area (mainly use the metadata format etc). For your comments regarding the introducing a new PcdConfidentialComputingCategory I will look to see what I can come up with and in UefiCpuPkg I will try to move all the SEV specific functions in new files (where applicable). thanks Brijesh On 9/6/21 9:36 PM, Yao, Jiewen wrote: > Thank you Brijesh > It took me a while to review this series. Here is my feedback. > I am not sure what you prefer, to put all comment together? Or reply 29 email separately? > Let me put them together in this version. If you prefer a different way, please let me know. > > My strategy is same as previous. I will focus on common part and review as detail as possible. > For SEV specific thing, I will ACK and let AMD people make decision unless I have big concern on the design. > You can add my A-B and R-B in next version. > > > 0001-OvmfPkg-reserve-SNP-secrets-page > Reviewed-by: Jiewen Yao > > 0002-OvmfPkg-reserve-CPUID-page-for-SEV-SNP > Reviewed-by: Jiewen Yao > > 0003-OvmfPkg-ResetVector-introduce-SEV-SNP-boot-block-GUID > I am still thinking if it is possible to move all SEV define GUID blob to a standalone file, and TDX define GUID blob to another file. > Anyway, that can be done later. > Reviewed-by: Jiewen Yao > > 0004-OvmfPkg-ResetVector-invalidate-the-GHCB-page > Acked-by: Jiewen Yao > > 0005-OvmfPkg-ResetVector-check-the-vmpl-level > Acked-by: Jiewen Yao > > 0006-OvmfPkg-ResetVector-pre-validate-the-data-pages-used-in-SEC-phase > Acked-by: Jiewen Yao > > 0007-OvmfPkg-ResetVector-use-SEV-SNP-validated-CPUID-values > Acked-by: Jiewen Yao > > 0008-UefiCpuPkg-Define-the-SEV-SNP-specific-dynamic-PCDs > I really don't like the idea to use BOOL PcdSevEsIsEnabled and PcdSevSnpIsEnabled. > Can we define *one* PCD - such as PcdConfidentialComputingCategory? > We can assign range 0x0000~0xFFFF to AMD SEV, 0x10000~0x1FFFF to Intel TDX. > Then SEV=0x0000, SEV-ES=0x0001, SEV-SNP=0x0002, and TDX=0x10000 later. > I really don't want to keep adding PCD endlessly in the future, like PcdSevXXXIsEnabled, PcdSevYYYIsEnabled, PcdTdxIsEnabled, PcdTdx20Enabled, PcdTdx30Enabled, ...... > > > 0009-OvmfPkg-MemEncryptSevLib-add-MemEncryptSevSnpEnabled() > I am not sure since we have PCD in 0008, why we need to expose the function - MemEncryptSevSnpIsEnabled() and MemEncryptSevEsIsEnabled()? > Should we always use PCD anywhere else? > Anyway, Acked-by: Jiewen Yao > > 0010-OvmfPkg-SecMain-move-SEV-specific-routines-in-AmdSev.c > Reviewed-by: Jiewen Yao > > 0011-OvmfPkg-SecMain-register-GHCB-gpa-for-the-SEV-SNP-guest > Acked-by: Jiewen Yao > > 0012-OvmfPkg-VmgExitLib-use-SEV-SNP-validated-CPUID-values > Acked-by: Jiewen Yao > > 0013-OvmfPkg-PlatformPei-register-GHCB-gpa-for-the-SEV-SNP-guest > Acked-by: Jiewen Yao > > 0014-OvmfPkg-AmdSevDxe-do-not-use-extended-PCI-config-space > Acked-by: Jiewen Yao > > 0015-OvmfPkg-MemEncryptSevLib-add-support-to-validate-system-RAM > Acked-by: Jiewen Yao > > 0016-OvmfPkg-BaseMemEncryptSevLib-skip-the-pre-validated-system-RAM > Acked-by: Jiewen Yao > > 0017-OvmfPkg-MemEncryptSevLib-add-support-to-validate-4GB-memory-in-PEI-phase > Acked-by: Jiewen Yao > > 0018-OvmfPkg-SecMain-pre-validate-the-memory-used-for-decompressing-Fv > Acked-by: Jiewen Yao > > 0019-OvmfPkg-PlatformPei-validate-the-system-RAM-when-SNP-is-active > Acked-by: Jiewen Yao > > 0020-OvmfPkg-PlatformPei-set-the-SEV-SNP-enabled-PCD > See 0008 > > 0021-OvmfPkg-PlatformPei-set-the-Hypervisor-Features-PCD > Acked-by: Jiewen Yao > > 0022-MdePkg-GHCB-increase-the-GHCB-protocol-max-version > Acked-by: Jiewen Yao > > 0023-UefiCpuPkg-MpLib-add-support-to-register-GHCB-GPA-when-SEV-SNP-is-enabled > 1) See 0008. > 2) For MpFuncs.nasm, I recommend to move AmdSev specific initialization to a standalone file, such as Sev.nasm > > 0024-UefiCpuPkg-MpInitLib-use-BSP-to-do-extended-topology-check > See 0023 > > 0025-OvmfPkg-MemEncryptSevLib-change-the-page-state-in-the-RMP-table > Acked-by: Jiewen Yao > > 0026-OvmfPkg-MemEncryptSevLib-skip-page-state-change-for-Mmio-address > Acked-by: Jiewen Yao > > 0027-OvmfPkg-PlatformPei-mark-cpuid-and-secrets-memory-reserved-in-EFI-map > Would you please move SEV specific init to another Sev.c? > Also I found MemEncryptSevEsIsEnabled() and MemEncryptSevSnpIsEnabled() are there. > I suggest just use one API > MemEncryptSevEsIsEnabled() { > DoSevInitializeRamRegions() > } > Then you can check more in DoSevInitializeRamRegions(). > DoSevInitializeRamRegions() { > MemEncryptSevSnpIsEnabled() { > } > } > > 0028-OvmfPkg-AmdSev-expose-the-SNP-reserved-pages-through-configuration-table > I am not convinced to include SEV specific data structure in a generic structure in ConfidentialComputingSecret.h. > I recommend moving it to SEV specific file. > > 0029-UefiCpuPkg-MpInitLib-Use-SEV-SNP-AP-Creation-NAE-event-to-launch-APs > See 0008, 0023. > I recommend to move SevSnpCreateSaveArea() to Sev.c. > > Thank you > Yao Jiewen > > > >> -----Original Message----- >> From: Brijesh Singh >> Sent: Thursday, September 2, 2021 12:16 AM >> To: devel@edk2.groups.io >> Cc: James Bottomley ; Xu, Min M ; >> Yao, Jiewen ; Tom Lendacky >> ; Justen, Jordan L ; >> Ard Biesheuvel ; Erdem Aktas >> ; Michael Roth ; Gerd >> Hoffmann ; Brijesh Singh >> Subject: [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cbrijesh.singh%40amd.com%7C33df27781053475362e208d971a85cee%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637665791405981353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8vfBxVawRoEeDCR0DHJhfhTgPr66704twMGZ8%2BY%2BLGI%3D&reserved=0 >> >> SEV-SNP builds upon existing SEV and SEV-ES functionality while adding >> new hardware-based memory protections. SEV-SNP adds strong memory >> integrity >> protection to help prevent malicious hypervisor-based attacks like data >> replay, memory re-mapping and more in order to create an isolated memory >> encryption environment. >> >> This series provides the basic building blocks to support booting the SEV-SNP >> VMs, it does not cover all the security enhancement introduced by the SEV-SNP >> such as interrupt protection. >> >> Many of the integrity guarantees of SEV-SNP are enforced through a new >> structure called the Reverse Map Table (RMP). Adding a new page to SEV-SNP >> VM requires a 2-step process. First, the hypervisor assigns a page to the >> guest using the new RMPUPDATE instruction. This transitions the page to >> guest-invalid. Second, the guest validates the page using the new PVALIDATE >> instruction. The SEV-SNP VMs can use the new "Page State Change Request >> NAE" >> defined in the GHCB specification to ask hypervisor to add or remove page >> from the RMP table. >> >> Each page assigned to the SEV-SNP VM can either be validated or unvalidated, >> as indicated by the Validated flag in the page's RMP entry. There are two >> approaches that can be taken for the page validation: Pre-validation and >> Lazy Validation. >> >> Under pre-validation, the pages are validated prior to first use. And under >> lazy validation, pages are validated when first accessed. An access to a >> unvalidated page results in a #VC exception, at which time the exception >> handler may validate the page. Lazy validation requires careful tracking of >> the validated pages to avoid validating the same GPA more than once. The >> recently introduced "Unaccepted" memory type can be used to communicate >> the >> unvalidated memory ranges to the Guest OS. >> >> At this time we only support the pre-validation. OVMF detects all the available >> system RAM in the PEI phase. When SEV-SNP is enabled, the memory is validated >> before it is made available to the EDK2 core. >> >> Now that series contains all the basic support required to launch SEV-SNP >> guest. We are still missing the Interrupt security feature provided by the >> SNP. The feature will be added after the base support is accepted. >> >> Additional resources >> --------------------- >> SEV-SNP whitepaper >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2FSEV-SNP-strengthening-vm-&data=04%7C01%7Cbrijesh.singh%40amd.com%7C33df27781053475362e208d971a85cee%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637665791405981353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tobk2zHk1ziA6nZ9bvwNrohRuIN7bTEh5ZXFNzwTTX0%3D&reserved=0 >> isolation-with-integrity-protection-and-more.pdf >> >> APM 2: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=04%7C01%7Cbrijesh.singh%40amd.com%7C33df27781053475362e208d971a85cee%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637665791405981353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FDTzbh8F6CtvvC263r7xJGX6WAQ8yCAuKLkPM7GwBvQ%3D&reserved=0 (section 15.36) >> >> The complete source is available at >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-snp-rfc-5&data=04%7C01%7Cbrijesh.singh%40amd.com%7C33df27781053475362e208d971a85cee%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637665791405981353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6lvmuqOQbvNoXG50qK5QGYG6XEdojJ%2BHlkKrODZRAHY%3D&reserved=0 >> >> GHCB spec: >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.amd.com%2Fwp-content%2Fresources%2F56421.pdf&data=04%7C01%7Cbrijesh.singh%40amd.com%7C33df27781053475362e208d971a85cee%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637665791405981353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Q1oa5gB3CthKPkentzFJE3B3LfBpZq%2B4y8EzPTlPzl8%3D&reserved=0 >> >> SEV-SNP firmware specification: >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F56860.pdf&data=04%7C01%7Cbrijesh.singh%40amd.com%7C33df27781053475362e208d971a85cee%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637665791405981353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7cLoMR52WAvMe%2Fr4rKGGYx2wadopvXKnSGi%2FghyEdJA%3D&reserved=0 >> >> Change since v5: >> * When possible use the CPUID value from CPUID page >> * Move the SEV specific functions from SecMain.c in AmdSev.c >> * Rebase to the latest code >> * Add the review feedback from Yao. >> >> Change since v4: >> * Use the correct MSR for the SEV_STATUS >> * Add VMPL-0 check >> >> Change since v3: >> * ResetVector: move all SEV specific code in AmdSev.asm and add macros to >> keep >> the code readable. >> * Drop extending the EsWorkArea to contain SNP specific state. >> * Drop the GhcbGpa library and call the VmgExit directly to register GHCB GPA. >> * Install the CC blob config table from AmdSevDxe instead of extending the >> AmdSev/SecretsDxe for it. >> * Add the separate PCDs for the SNP Secrets. >> >> Changes since v2: >> * Add support for the AP creation. >> * Use the module-scoping override to make AmdSevDxe use the IO port for PCI >> reads. >> * Use the reserved memory type for CPUID and Secrets page. >> * >> Changes since v1: >> * Drop the interval tree support to detect the pre-validated overlap region. >> * Use an array to keep track of pre-validated regions. >> * Add support to query the Hypervisor feature and verify that SNP feature is >> supported. >> * Introduce MemEncryptSevClearMmioPageEncMask() to clear the C-bit from >> MMIO ranges. >> * Pull the SevSecretDxe and SevSecretPei into OVMF package build. >> * Extend the SevSecretDxe to expose confidential computing blob location >> through >> EFI configuration table. >> >> Brijesh Singh (25): >> OvmfPkg: reserve SNP secrets page >> OvmfPkg: reserve CPUID page for SEV-SNP >> OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID >> OvmfPkg/ResetVector: invalidate the GHCB page >> OvmfPkg/ResetVector: check the vmpl level >> OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase >> UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs >> OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() >> OvmfPkg/SecMain: move SEV specific routines in AmdSev.c >> OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest >> OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest >> OvmfPkg/AmdSevDxe: do not use extended PCI config space >> OvmfPkg/MemEncryptSevLib: add support to validate system RAM >> OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM >> OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI >> phase >> OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv >> OvmfPkg/PlatformPei: validate the system RAM when SNP is active >> OvmfPkg/PlatformPei: set the SEV-SNP enabled PCD >> OvmfPkg/PlatformPei: set the Hypervisor Features PCD >> MdePkg/GHCB: increase the GHCB protocol max version >> UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is >> enabled >> OvmfPkg/MemEncryptSevLib: change the page state in the RMP table >> OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address >> OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map >> OvmfPkg/AmdSev: expose the SNP reserved pages through configuration >> table >> >> Michael Roth (3): >> OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values >> OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values >> UefiCpuPkg/MpInitLib: use BSP to do extended topology check >> >> Tom Lendacky (1): >> UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs >> >> OvmfPkg/OvmfPkg.dec | 23 + >> UefiCpuPkg/UefiCpuPkg.dec | 11 + >> OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +- >> OvmfPkg/Bhyve/BhyveX64.dsc | 5 +- >> OvmfPkg/OvmfPkgIa32.dsc | 1 + >> OvmfPkg/OvmfPkgIa32X64.dsc | 6 +- >> OvmfPkg/OvmfPkgX64.dsc | 5 +- >> OvmfPkg/OvmfXen.dsc | 5 +- >> OvmfPkg/OvmfPkgX64.fdf | 12 +- >> OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 7 + >> .../DxeMemEncryptSevLib.inf | 3 + >> .../PeiMemEncryptSevLib.inf | 7 + >> .../SecMemEncryptSevLib.inf | 3 + >> OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 2 + >> OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 3 + >> OvmfPkg/PlatformPei/PlatformPei.inf | 10 + >> OvmfPkg/ResetVector/ResetVector.inf | 6 + >> OvmfPkg/Sec/SecMain.inf | 4 + >> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 + >> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 + >> MdePkg/Include/Register/Amd/Ghcb.h | 2 +- >> .../Guid/ConfidentialComputingSecret.h | 18 + >> OvmfPkg/Include/Library/MemEncryptSevLib.h | 26 + >> .../X64/SnpPageStateChange.h | 31 ++ >> .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 + >> OvmfPkg/Sec/AmdSev.h | 95 ++++ >> UefiCpuPkg/Library/MpInitLib/MpLib.h | 20 + >> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 23 + >> .../DxeMemEncryptSevLibInternal.c | 27 ++ >> .../Ia32/MemEncryptSevLib.c | 17 + >> .../PeiMemEncryptSevLibInternal.c | 27 ++ >> .../SecMemEncryptSevLibInternal.c | 19 + >> .../X64/DxeSnpSystemRamValidate.c | 40 ++ >> .../X64/PeiDxeVirtualMemory.c | 167 ++++++- >> .../X64/PeiSnpSystemRamValidate.c | 126 +++++ >> .../X64/SecSnpSystemRamValidate.c | 36 ++ >> .../X64/SnpPageStateChangeInternal.c | 295 ++++++++++++ >> OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 444 ++++++++++++++++-- >> OvmfPkg/PlatformPei/AmdSev.c | 192 ++++++++ >> OvmfPkg/PlatformPei/MemDetect.c | 21 + >> OvmfPkg/Sec/AmdSev.c | 267 +++++++++++ >> OvmfPkg/Sec/SecMain.c | 160 +------ >> UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 11 +- >> .../MpInitLib/Ia32/SevSnpRmpAdjustInternal.c | 31 ++ >> UefiCpuPkg/Library/MpInitLib/MpLib.c | 286 ++++++++++- >> .../MpInitLib/X64/SevSnpRmpAdjustInternal.c | 44 ++ >> OvmfPkg/FvmainCompactScratchEnd.fdf.inc | 5 + >> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 28 ++ >> OvmfPkg/ResetVector/Ia32/AmdSev.asm | 307 +++++++++++- >> OvmfPkg/ResetVector/ResetVector.nasmb | 6 + >> UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 2 + >> UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 78 +++ >> 52 files changed, 2771 insertions(+), 225 deletions(-) >> create mode 100644 >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h >> create mode 100644 OvmfPkg/Sec/AmdSev.h >> create mode 100644 >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c >> create mode 100644 >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c >> create mode 100644 >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c >> create mode 100644 >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c >> create mode 100644 OvmfPkg/Sec/AmdSev.c >> create mode 100644 >> UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c >> create mode 100644 >> UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c >> >> -- >> 2.17.1 >