From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.71]) by mx.groups.io with SMTP id smtpd.web10.23592.1628519372934563593 for ; Mon, 09 Aug 2021 07:29:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=nRtgzne6; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.71, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bVpq5uhxVYtmUZTpBgQRUvKNo8caaVjCWrNajIbyr0s+DZQDBc8n4s2Njcrjyvoe4gePO91RYaAQ6FYN1eCaStvT+VHc7enuRxk8ZdVMTTV7xI6UHVgOVL//8Y0ufDLCAfgY2kzN6uAOZgfeU4+fvWdkAMg5gVexf1l9MvPXGYN2RT4p01piWd/28u8X2zfyGOuvS0gpsaRiwC1pSwY++sYeT5cJMYWrLz0Yz1k17R0LdrfvjimZbwWxakevnFE8W5zEQvKbIUHMWaozjZee7iFzWXPi5NFU67JImHD5Q6SLBbJQvwiJvvNnWq3Vz24LggodisJOB3ZweArY95BC8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4WkH2nayfYkaHtFMQilyLduHqETC9S3AXD3lWBgGZe4=; b=KY56LPbw7LLkvJGR3E3l3qfJmFDcr6IzkHfyCljlDbhMSXm/O3s3vCwtOU4pAaku3g/waHb90FtNHOClGQxLmPf4X2wWfcvWS+h1HuuyCtlEAsUZUXtPd0Fzj6n4IpSAgMwN6jsQ2TzIRfqiIue2v9xWoJScbrdo2WDy70/8UjUgi29uPBMtadLcaP7X52U2rFNhKCwFYxHX4o+cpIFWsOFYjDkX8UrAR7P1bu0ohSyWWesVMOenSXMfAOaH8D5OUEP91D3eP70t2labVci4lIaKUcoTwOn5nUMQkhlBrVldSQ/v8+BWCa/hDXUTAVTBeVLUZX1AZQmCAY4/E+OaZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4WkH2nayfYkaHtFMQilyLduHqETC9S3AXD3lWBgGZe4=; b=nRtgzne6Vvb7Xw7YC8xaiAeRt2rcyFIAJipDxmG8VQioZ/YfSpsz/+xs/dNFoEyvelALftQzb7oBpPYNFsN7zuZ2pMMrIVODiOtVqo8tms70tuYKsiamp4Vn3t8OU7ihaS7JYyCpU6KoorwIsYRd1OCNwu9vs3nEU9WeszpRBGc= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM4PR12MB5293.namprd12.prod.outlook.com (2603:10b6:5:39d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.17; Mon, 9 Aug 2021 14:29:31 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4394.023; Mon, 9 Aug 2021 14:29:31 +0000 Subject: Re: [PATCH v6 6/6] OvmfPkg/AmdSevDxe: Add support for SEV live migration. To: Ashish Kalra , devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, jejb@linux.ibm.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com References: From: "Lendacky, Thomas" Message-ID: <4f2224f2-de60-03a6-333e-163f31fe1c1a@amd.com> Date: Mon, 9 Aug 2021 09:29:29 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: X-ClientProxiedBy: SN4PR0501CA0114.namprd05.prod.outlook.com (2603:10b6:803:42::31) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.241] (165.204.77.1) by SN4PR0501CA0114.namprd05.prod.outlook.com (2603:10b6:803:42::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.4 via Frontend Transport; Mon, 9 Aug 2021 14:29:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c3b7f230-e849-4582-e3ec-08d95b421a10 X-MS-TrafficTypeDiagnostic: DM4PR12MB5293: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VDB2RqOTj8nElzAoCN1R5t5Qc1OdzfcMx07Y7zmNCLa7yInc6+vdNhjFMJvCc0F4i1RrCjwCguf9k9e2q6qEnsP6T/LZo62FV2vJhckIDPaEs93Ra5z/MgKI99Pw7AnNKIr1gBx4xY5etB+2CEPHfNTdoFXPbdjgB60U3JDYHdJ7nz9PTDovyol7Nii7BLGQ3vAfAjbDtBCQcl2hCzXKihEP7021ITX+mHnzYEd/8YGDwIVNsTLUduO748Y19Z+UKxZtQjsZrlbU/mSK3b/FAC2KszZbxiuAmO2Qt6XOd0uJqAAUBejI2mXoL3qDAxKKfUHkGDvTUzDMMpwLYXDvMFX3yWmLfMeThiAijl2wvWzRE1yMRYinMOSYMXNt7ntFqXxcpvSVJwQHhXmsNgNhJ8FUIsuduDRSnbVf0Y/vn2ZztT4SCoij2tW091rFun6IQq5q1CyWk547NhcnaT8PAhcGWqjKxCNccxP+Bq88IS2ajPzu9qDB1E6bT4m9ZNysj+ckME4WRR8M2DOwfE2Llgrums5F5jbMKE+KZ5foRxZDOQb12AZfZm7KC3MVJqNcq3C+3XvJlUqsL3hvLo0PX3wVE/ce4GCuN9Mk6iMT48BMt/zOG504JfLWxJR9BCuUsd8+8N31yFga5y2LeSFEdJJqJsMQ7a1+wu0fbQVG2JNUFpbDm0TRJgOzfFCpIHhi5eNqTxhmKBjOQEs6WnNa8FU3vIOZadV4ysc6MDOpkRy5CRgAlAGnPO0+QVirRtIq X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(366004)(39860400002)(396003)(136003)(376002)(86362001)(31696002)(36756003)(8676002)(6486002)(956004)(2616005)(4326008)(53546011)(186003)(478600001)(2906002)(26005)(66556008)(66946007)(66476007)(38100700002)(8936002)(83380400001)(16576012)(5660300002)(31686004)(316002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Qk9xbFh1ay90aDJDWVlNMTY2bGxNYVVpYlVsTXoyL0VPWElHc1RRdFVLNnhl?= =?utf-8?B?SkkzRUN3RkhmTW9haE5YVzNHQnN5QVg4NDVhSmM5L3RuNzBRWWdRSzY2NUlX?= =?utf-8?B?d1JQRjF3T25zelprazlrMXovU1NqRUNLWE9SeEliVTZ4RHZRRlpGbnV3OW9J?= =?utf-8?B?V0FvTzBGSURyN1hsM0lxdjg1NVJUWkVzR09ZeVk1YmszU3crWU8zajNqYXNQ?= =?utf-8?B?c2pCNEp5WnlHQUJFU3RaRzdTa2g3SVR0d08xWVEzUFZJMHBwSUZJNWhRUWQ3?= =?utf-8?B?K0o4QUh5QzVVRW1EOW84Um5HaUllYkZHKy8vTVQwYlpFbDFXVTdFUmlyLzJi?= =?utf-8?B?cW9Wa1djUllJUGRtNjIxMmRRdk1UMHdvT3p3bExWdW1hVkg5d0hteFhDVmJi?= =?utf-8?B?SFg4eHQyQUtWM2YwamlxM0VPNG03U0p5RDJzb3BtdEtmZ3dZbyswamgwZ0gr?= =?utf-8?B?UE9ycHJSTEdheFZMMHlZUEtlTFJuYmVabUU5VEs0TlBJNVAzOGFqWHRzSjc3?= =?utf-8?B?eWRIK2pibm91L25pQjI3TDFNRmF5bVVCQ3BqUzVaV3NhRzJDN0dkOGljazJC?= =?utf-8?B?U1JlNTh5T1c2UzR5ZWtrRjdKOFM2cy9PcnFsR3dYQXoxVFBZM1BUanJXdVVw?= =?utf-8?B?Z1lDN3d5QlZjMUd6THZBVHpIQXpjQmdFUlNUdW1kNnJTZUQ3dGtGNk9jT09U?= =?utf-8?B?V0dvNXl1d0tSUWxPdWFUNDgrWldoSTYwWWVwOEtQU05ZdFVEK1pLK3NMU2Zi?= =?utf-8?B?TDJOVGNnS3VSbTVwWE03OXN3eG5tcG5FdjQ3bzRtQ3V3ODhhaEx3TFdIcVZp?= =?utf-8?B?ZTdkY3pQVml3bWRZZjk0bnQwa2ozRmJpa0FTc2VuZXlhalIvZDBiZ0hRb1JZ?= =?utf-8?B?TjFiKy9wV2NCSVhSc3NScXlQcEVEeUsvTVA0ZWRQdGE1a3pFRisyendDNUZ2?= =?utf-8?B?MVhoYWNmc0o0RU5BTHppS0VsTkE4OWRrVVZndWFQQTEvUmhTQ3FyRm15T2hE?= =?utf-8?B?T29kcmNVdDNLbnBjMWZWVy9aaWU2Z3FvNWtTWnRndnp1ZmgvczR2WVJTYTZJ?= =?utf-8?B?aHBNYXRoekh0Q05WMGR2ZXF1czlxem5LTUdIdVVVV2JwbGdmOFhtNTR1Z2FJ?= =?utf-8?B?cVY5MmR0OWducmZicVdkdTZjb2VqWExQdlpkeWJPMkNyZzlZaE16NWNaZHpy?= =?utf-8?B?QlNDVXhRdjROUUNXZndUdG1rMVpOTkNSM3dXWUxUc281SDhCUkpMQ0lWemdm?= =?utf-8?B?d2lDLzA5cXVzdFhnbTlSZDlZbnBQaFRzUGlvSEF4b1VXbmVUSnc1RmxnUG5w?= =?utf-8?B?am9yTytZZFk1TklRQzlKK2ovd0lFR1U1bDBXbkxZMWloT29EYnE4SG5RbVZj?= =?utf-8?B?SElLc2NKZ1l6NzdvVS9VNkQwc0NuZ3ZGcmRYNTBKWlJPRC9KUTRHWGphWUwy?= =?utf-8?B?d1RyRDhQdms5UHFJaTZOYjFRbkdsb2NpejVGYWJSVmNqOEl0YW5ScWorYlZw?= =?utf-8?B?aExlNmdzejZWcWFzVW5kQXZBVWZHeHBDSUtrUXA0d3p1ZWdzSWhsTzh6OC8x?= =?utf-8?B?RXY3V3NBdi96cE5veDVsRVFMdnRJcTdNd0dvNmJOS01TeDIrek56cUxUdHBF?= =?utf-8?B?YW9JTjBjZ3hEY0taQ2NvTkJyQXA3alZuMjdVVTlVUXEvVzdWNlB3Mll6OURp?= =?utf-8?B?cVlsOGRsM2VxSFRLVnltcktZM1RYNmRnaGNOQ0VFa0t0SnROSHBaTDZFbWR5?= =?utf-8?Q?vICxjZNE4mtOWwmnfVM1qwYHcUs972aPt2SCaWa?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c3b7f230-e849-4582-e3ec-08d95b421a10 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Aug 2021 14:29:31.4412 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: UwzhvU+M550aNEOHIRAy/AzVqAPbdA3DVIPWb+k/3lzzxWf+rnS/Aqfh3r7qqn2jhhmbg03ppmFC9H4zycEIEw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5293 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 8/2/21 7:33 AM, Ashish Kalra wrote: > From: Ashish Kalra > > Check for SEV live migration feature support, if detected > setup a new UEFI enviroment variable to indicate OVMF > support for SEV live migration. > > The new runtime UEFI environment variable is set via the > notification function registered for the > EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. > > AmdSevDxe module is an apriori driver so it gets loaded between PEI > and DXE phases and the SetVariable call will fail at the driver's > entry point as the Variable DXE module is still not loaded yet. > So we need to wait for an event notification which is signaled > after the Variable DXE module is loaded, hence, using the > EndOfDxe event notification to make this call. > > Signed-off-by: Ashish Kalra > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 64 ++++++++++++++++++++ > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ > OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h | 20 ++++++ > OvmfPkg/OvmfPkg.dec | 1 + > 4 files changed, 89 insertions(+) > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > index c66c4e9b92..bfad71b9c6 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > @@ -15,10 +15,47 @@ > #include > #include > #include > +#include > +#include > #include > #include > +#include > +#include > #include > > +STATIC > +VOID > +EFIAPI > +AmdSevDxeOnEndOfDxe ( > + IN EFI_EVENT Event, > + IN VOID *EventToSignal > + ) > +{ > + EFI_STATUS Status; > + BOOLEAN SevLiveMigrationEnabled; > + > + SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled(); > + > + if (SevLiveMigrationEnabled) { > + Status = gRT->SetVariable ( > + L"SevLiveMigrationEnabled", > + &gAmdSevMemEncryptGuid, > + EFI_VARIABLE_NON_VOLATILE | > + EFI_VARIABLE_BOOTSERVICE_ACCESS | > + EFI_VARIABLE_RUNTIME_ACCESS, > + sizeof SevLiveMigrationEnabled, > + &SevLiveMigrationEnabled > + ); > + > + DEBUG (( > + DEBUG_INFO, > + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", > + __FUNCTION__, > + Status > + )); > + } > +} > + > EFI_STATUS > EFIAPI > AmdSevDxeEntryPoint ( > @@ -30,6 +67,7 @@ AmdSevDxeEntryPoint ( > EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; > UINTN NumEntries; > UINTN Index; > + EFI_EVENT Event; > > // > // Do nothing when SEV is not enabled > @@ -130,5 +168,31 @@ AmdSevDxeEntryPoint ( > } > } > > + // > + // AmdSevDxe module is an apriori driver so it gets loaded between PEI > + // and DXE phases and the SetVariable call will fail at the driver's > + // entry point as the Variable DXE module is still not loaded yet. > + // So we need to wait for an event notification which is signaled > + // after the Variable DXE module is loaded, hence, using the > + // EndOfDxe event notification to make this call. > + // > + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. > + // The notification function sets the runtime variable indicating OVMF > + // support for SEV live migration. > + // > + Status = gBS->CreateEventEx ( > + EVT_NOTIFY_SIGNAL, > + TPL_CALLBACK, > + AmdSevDxeOnEndOfDxe, > + NULL, > + &gEfiEndOfDxeEventGroupGuid, > + &Event > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n", DEBUG_ERROR? > + __FUNCTION__, Status)); Should there be an "ASSERT_EFI_ERROR (Status)" after the DEBUG call? Thanks, Tom > + } > + > return EFI_SUCCESS; > } > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > index 0676fcc5b6..2ad1fb8632 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > @@ -45,3 +45,7 @@ > > [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId > + > +[Guids] > + gAmdSevMemEncryptGuid > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event > diff --git a/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h b/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h > new file mode 100644 > index 0000000000..8ab283860b > --- /dev/null > +++ b/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h > @@ -0,0 +1,20 @@ > +/** @file > + > + AMD Memory Encryption GUID, define a new GUID for defining > + new UEFI environment variables assocaiated with SEV Memory Encryption. > + > + Copyright (c) 2021, AMD Inc. All rights reserved.
> + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __AMD_SEV_MEMENCRYPT_LIB_H__ > +#define __AMD_SEV_MEMENCRYPT_LIB_H__ > + > +#define AMD_SEV_MEMENCRYPT_GUID \ > +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > + > +extern EFI_GUID gAmdSevMemEncryptGuid; > + > +#endif > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 2ab27f0c73..3978852557 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -125,6 +125,7 @@ > gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} > gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} > gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} > + gAmdSevMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > > [Ppis] > # PPI whose presence in the PPI database signals that the TPM base address >