public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: devel@edk2.groups.io, Ard Biesheuvel <ardb+tianocore@kernel.org>,
	 Erdem Aktas <erdemaktas@google.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	 Laszlo Ersek <lersek@redhat.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	 Michael D Kinney <michael.d.kinney@intel.com>,
	Min Xu <min.m.xu@intel.com>,
	 Zhiguang Liu <zhiguang.liu@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
	 Michael Roth <michael.roth@amd.com>
Subject: Re: [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM
Date: Tue, 27 Feb 2024 12:53:51 +0100	[thread overview]
Message-ID: <4wxc4xkazxlj6fgnsohswlh325ybl3hjldusyzbipfsvp32qjf@j3pplzqflnbd> (raw)
In-Reply-To: <2bba1fe3921bab6830cfebd405ce166a337276b9.1708623001.git.thomas.lendacky@amd.com>

On Thu, Feb 22, 2024 at 11:29:51AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
> lower, a new CcSvsmLib library must be created.
> 
> This library includes an interface to detect if running under an SVSM, an
> interface to return the current VMPL, an interface to perform memory
> validation and an interface to set or clear the attribute that allows a
> page to be used as a VMSA.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

> ---
>  UefiCpuPkg/UefiCpuPkg.dec                          |   5 +-
>  UefiCpuPkg/UefiCpuPkg.dsc                          |   4 +-
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf |  27 +++++
>  UefiCpuPkg/Include/Library/CcSvsmLib.h             | 101 ++++++++++++++++++
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c   | 108 ++++++++++++++++++++
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni |  13 +++
>  6 files changed, 256 insertions(+), 2 deletions(-)
> 
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
> index 571b59b36f0a..4a383c6d1d4d 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -2,7 +2,7 @@
>  # This Package provides UEFI compatible CPU modules and libraries.
>  #
>  # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
>  #
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64]
>    ##  @libraryclass  Provides function to support CcExit processing.
>    CcExitLib|Include/Library/CcExitLib.h
>  
> +  ##  @libraryclass  Provides function to support CcSvsm processing.
> +  CcSvsmLib|Include/Library/CcSvsmLib.h
> +
>    ##  @libraryclass  Provides function to get CPU cache information.
>    CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h
>  
> diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
> index 10b33594e586..1ee726e6c6b5 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dsc
> +++ b/UefiCpuPkg/UefiCpuPkg.dsc
> @@ -2,7 +2,7 @@
>  #  UefiCpuPkg Package
>  #
>  #  Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -#  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +#  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
>  #
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -61,6 +61,7 @@ [LibraryClasses]
>    PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
>    TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
>    CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> +  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>    MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
>    SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
>    CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
> @@ -159,6 +160,7 @@ [Components.IA32, Components.X64]
>    UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf
>    UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf
>    UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> +  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>    UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
>    UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
>    UefiCpuPkg/SecCore/SecCore.inf
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> new file mode 100644
> index 000000000000..b45a75941a8a
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> @@ -0,0 +1,27 @@
> +## @file
> +#  CcSvsm Base Support Library.
> +#
> +#  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 1.29
> +  BASE_NAME                      = CcSvsmLibNull
> +  MODULE_UNI_FILE                = CcSvsmLibNull.uni
> +  FILE_GUID                      = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9
> +  MODULE_TYPE                    = BASE
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = CcSvsmLib
> +
> +[Sources.common]
> +  CcSvsmLibNull.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  UefiCpuPkg/UefiCpuPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +
> diff --git a/UefiCpuPkg/Include/Library/CcSvsmLib.h b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> new file mode 100644
> index 000000000000..4715f4db3bd1
> --- /dev/null
> +++ b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> @@ -0,0 +1,101 @@
> +/** @file
> +  Public header file for the CcSvsmLib.
> +
> +  This library class defines some routines used for invoking an SVSM when the
> +  guest is not running at VMPL0.
> +
> +  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef CC_SVSM_LIB_H_
> +#define CC_SVSM_LIB_H_
> +
> +#include <Protocol/DebugSupport.h>
> +#include <Register/Amd/Ghcb.h>
> +
> +/**
> +  Report the presence of an Secure Virtual Services Module (SVSM).
> +
> +  Determines the presence of an SVSM.
> +
> +  @retval  TRUE                   An SVSM is present
> +  @retval  FALSE                  An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> +  VOID
> +  );
> +
> +/**
> +  Report the VMPL level at which the SEV-SNP guest is running.
> +
> +  Determines the VMPL level at which the guest is running. If an SVSM is
> +  not present, then it must be VMPL0, otherwise return what is reported
> +  by the SVSM.
> +
> +  @return                         The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> +  VOID
> +  );
> +
> +/**
> +  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> +  If an SVSM is present, the CAA for the BSP is returned.
> +
> +  @return                         The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> +  VOID
> +  );
> +
> +/**
> +  Perform a PVALIDATE operation for the page ranges specified.
> +
> +  Validate or rescind the validation of the specified pages.
> +
> +  @param[in]       Info           Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> +  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
> +  );
> +
> +/**
> +  Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> +  Add or remove the VMSA attribute for a page.
> +
> +  @param[in]       Vmsa           Pointer to an SEV-ES save area page
> +  @param[in]       ApicId         APIC ID associated with the VMSA
> +  @param[in]       SetVmsa        Boolean indicator as to whether to set or
> +                                  or clear the VMSA setting for the page
> +
> +  @retval  EFI_SUCCESS            RMPADJUST operation successful
> +  @retval  EFI_UNSUPPORTED        Operation is not supported
> +  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
> +                                  parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> +  IN SEV_ES_SAVE_AREA  *Vmsa,
> +  IN UINT32            ApicId,
> +  IN BOOLEAN           SetVmsa
> +  );
> +
> +#endif
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> new file mode 100644
> index 000000000000..268bd9a7ca54
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> @@ -0,0 +1,108 @@
> +/** @file
> +  CcSvsm Base Support Library.
> +
> +  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Uefi.h>
> +#include <Library/CcSvsmLib.h>
> +
> +/**
> +  Report the presence of an Secure Virtual Services Module (SVSM).
> +
> +  Determines the presence of an SVSM.
> +
> +  @retval  TRUE                   An SVSM is present
> +  @retval  FALSE                  An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> +  VOID
> +  )
> +{
> +  return FALSE;
> +}
> +
> +/**
> +  Report the VMPL level at which the SEV-SNP guest is running.
> +
> +  Determines the VMPL level at which the guest is running. If an SVSM is
> +  not present, then it must be VMPL0, otherwise return what is reported
> +  by the SVSM.
> +
> +  @return                         The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> +  VOID
> +  )
> +{
> +  return 0;
> +}
> +
> +/**
> +  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> +  If an SVSM is present, the CAA for the BSP is returned.
> +
> +  @return                         The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> +  VOID
> +  )
> +{
> +  return 0;
> +}
> +
> +/**
> +  Perform a PVALIDATE operation for the page ranges specified.
> +
> +  Validate or rescind the validation of the specified pages.
> +
> +  @param[in]       Info           Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> +  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
> +  )
> +{
> +}
> +
> +/**
> +  Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> +  Add or remove the VMSA attribute for a page.
> +
> +  @param[in]       Vmsa           Pointer to an SEV-ES save area page
> +  @param[in]       ApicId         APIC ID associated with the VMSA
> +  @param[in]       SetVmsa        Boolean indicator as to whether to set or
> +                                  or clear the VMSA setting for the page
> +
> +  @retval  EFI_SUCCESS            RMPADJUST operation successful
> +  @retval  EFI_UNSUPPORTED        Operation is not supported
> +  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
> +                                  parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> +  IN SEV_ES_SAVE_AREA  *Vmsa,
> +  IN UINT32            ApicId,
> +  IN BOOLEAN           SetVmsa
> +  )
> +{
> +  return EFI_UNSUPPORTED;
> +}
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> new file mode 100644
> index 000000000000..c80c0a5656dd
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> @@ -0,0 +1,13 @@
> +// /** @file
> +// CcSvsmLib instance.
> +//
> +// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "CcSvsmLib NULL instance"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "CcSvsmLib NULL instance."
> +
> -- 
> 2.42.0
> 

-- 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116031): https://edk2.groups.io/g/devel/message/116031
Mute This Topic: https://groups.io/mt/104512960/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



  reply	other threads:[~2024-02-27 11:54 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-22 17:29 [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 01/23] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
2024-02-27  9:46   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 02/23] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-02-23  0:16   ` Ni, Ray
2024-02-27 10:02     ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 03/23] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
2024-02-27 10:03   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 04/23] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Lendacky, Thomas via groups.io
2024-02-27 10:11   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 05/23] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
2024-02-27 10:12   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 06/23] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
2024-02-27 10:17   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 07/23] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
2024-02-27 10:18   ` Gerd Hoffmann
2024-02-27 15:52     ` Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 08/23] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-02-27 11:07   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 09/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-02-27 11:19   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 10/23] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 11/23] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
2024-02-27 11:50   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
2024-02-27 11:53   ` Gerd Hoffmann [this message]
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 13/23] UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library Lendacky, Thomas via groups.io
2024-02-27 11:54   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 14/23] Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-02-28  8:40   ` Gerd Hoffmann
2024-02-28 15:51     ` Lendacky, Thomas via groups.io
2024-03-01 10:59       ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 15/23] UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-02-28  8:42   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 16/23] OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
2024-02-28  8:43   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 17/23] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-02-28  8:44   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 18/23] OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
2024-02-28  8:50   ` Gerd Hoffmann
2024-02-28 15:58     ` Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 19/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-02-28  8:50   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 20/23] OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-02-28  8:52   ` Gerd Hoffmann
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 21/23] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 22/23] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
2024-02-28  8:54   ` Gerd Hoffmann
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 23/23] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-02-28  6:14 ` [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Yao, Jiewen
2024-02-28 16:19   ` Lendacky, Thomas via groups.io
2024-02-29 14:06     ` Yao, Jiewen
2024-02-29 14:36       ` Lendacky, Thomas via groups.io

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4wxc4xkazxlj6fgnsohswlh325ybl3hjldusyzbipfsvp32qjf@j3pplzqflnbd \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox