From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: devel@edk2.groups.io, Ard Biesheuvel <ardb+tianocore@kernel.org>,
Erdem Aktas <erdemaktas@google.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Michael D Kinney <michael.d.kinney@intel.com>,
Min Xu <min.m.xu@intel.com>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Rahul Kumar <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
Michael Roth <michael.roth@amd.com>
Subject: Re: [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM
Date: Tue, 27 Feb 2024 12:53:51 +0100 [thread overview]
Message-ID: <4wxc4xkazxlj6fgnsohswlh325ybl3hjldusyzbipfsvp32qjf@j3pplzqflnbd> (raw)
In-Reply-To: <2bba1fe3921bab6830cfebd405ce166a337276b9.1708623001.git.thomas.lendacky@amd.com>
On Thu, Feb 22, 2024 at 11:29:51AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
> lower, a new CcSvsmLib library must be created.
>
> This library includes an interface to detect if running under an SVSM, an
> interface to return the current VMPL, an interface to perform memory
> validation and an interface to set or clear the attribute that allows a
> page to be used as a VMSA.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
> UefiCpuPkg/UefiCpuPkg.dec | 5 +-
> UefiCpuPkg/UefiCpuPkg.dsc | 4 +-
> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf | 27 +++++
> UefiCpuPkg/Include/Library/CcSvsmLib.h | 101 ++++++++++++++++++
> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c | 108 ++++++++++++++++++++
> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni | 13 +++
> 6 files changed, 256 insertions(+), 2 deletions(-)
>
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
> index 571b59b36f0a..4a383c6d1d4d 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -2,7 +2,7 @@
> # This Package provides UEFI compatible CPU modules and libraries.
> #
> # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> @@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64]
> ## @libraryclass Provides function to support CcExit processing.
> CcExitLib|Include/Library/CcExitLib.h
>
> + ## @libraryclass Provides function to support CcSvsm processing.
> + CcSvsmLib|Include/Library/CcSvsmLib.h
> +
> ## @libraryclass Provides function to get CPU cache information.
> CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h
>
> diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
> index 10b33594e586..1ee726e6c6b5 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dsc
> +++ b/UefiCpuPkg/UefiCpuPkg.dsc
> @@ -2,7 +2,7 @@
> # UefiCpuPkg Package
> #
> # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> @@ -61,6 +61,7 @@ [LibraryClasses]
> PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
> CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> + CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
> SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
> CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
> @@ -159,6 +160,7 @@ [Components.IA32, Components.X64]
> UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf
> UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf
> UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> + UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
> UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
> UefiCpuPkg/SecCore/SecCore.inf
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> new file mode 100644
> index 000000000000..b45a75941a8a
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> @@ -0,0 +1,27 @@
> +## @file
> +# CcSvsm Base Support Library.
> +#
> +# Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 1.29
> + BASE_NAME = CcSvsmLibNull
> + MODULE_UNI_FILE = CcSvsmLibNull.uni
> + FILE_GUID = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = CcSvsmLib
> +
> +[Sources.common]
> + CcSvsmLibNull.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + UefiCpuPkg/UefiCpuPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> +
> diff --git a/UefiCpuPkg/Include/Library/CcSvsmLib.h b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> new file mode 100644
> index 000000000000..4715f4db3bd1
> --- /dev/null
> +++ b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> @@ -0,0 +1,101 @@
> +/** @file
> + Public header file for the CcSvsmLib.
> +
> + This library class defines some routines used for invoking an SVSM when the
> + guest is not running at VMPL0.
> +
> + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef CC_SVSM_LIB_H_
> +#define CC_SVSM_LIB_H_
> +
> +#include <Protocol/DebugSupport.h>
> +#include <Register/Amd/Ghcb.h>
> +
> +/**
> + Report the presence of an Secure Virtual Services Module (SVSM).
> +
> + Determines the presence of an SVSM.
> +
> + @retval TRUE An SVSM is present
> + @retval FALSE An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> + VOID
> + );
> +
> +/**
> + Report the VMPL level at which the SEV-SNP guest is running.
> +
> + Determines the VMPL level at which the guest is running. If an SVSM is
> + not present, then it must be VMPL0, otherwise return what is reported
> + by the SVSM.
> +
> + @return The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> + VOID
> + );
> +
> +/**
> + Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> + If an SVSM is present, the CAA for the BSP is returned.
> +
> + @return The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> + VOID
> + );
> +
> +/**
> + Perform a PVALIDATE operation for the page ranges specified.
> +
> + Validate or rescind the validation of the specified pages.
> +
> + @param[in] Info Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> + IN SNP_PAGE_STATE_CHANGE_INFO *Info
> + );
> +
> +/**
> + Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> + Add or remove the VMSA attribute for a page.
> +
> + @param[in] Vmsa Pointer to an SEV-ES save area page
> + @param[in] ApicId APIC ID associated with the VMSA
> + @param[in] SetVmsa Boolean indicator as to whether to set or
> + or clear the VMSA setting for the page
> +
> + @retval EFI_SUCCESS RMPADJUST operation successful
> + @retval EFI_UNSUPPORTED Operation is not supported
> + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
> + parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> + IN SEV_ES_SAVE_AREA *Vmsa,
> + IN UINT32 ApicId,
> + IN BOOLEAN SetVmsa
> + );
> +
> +#endif
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> new file mode 100644
> index 000000000000..268bd9a7ca54
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> @@ -0,0 +1,108 @@
> +/** @file
> + CcSvsm Base Support Library.
> +
> + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Uefi.h>
> +#include <Library/CcSvsmLib.h>
> +
> +/**
> + Report the presence of an Secure Virtual Services Module (SVSM).
> +
> + Determines the presence of an SVSM.
> +
> + @retval TRUE An SVSM is present
> + @retval FALSE An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> + VOID
> + )
> +{
> + return FALSE;
> +}
> +
> +/**
> + Report the VMPL level at which the SEV-SNP guest is running.
> +
> + Determines the VMPL level at which the guest is running. If an SVSM is
> + not present, then it must be VMPL0, otherwise return what is reported
> + by the SVSM.
> +
> + @return The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> + VOID
> + )
> +{
> + return 0;
> +}
> +
> +/**
> + Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> + If an SVSM is present, the CAA for the BSP is returned.
> +
> + @return The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> + VOID
> + )
> +{
> + return 0;
> +}
> +
> +/**
> + Perform a PVALIDATE operation for the page ranges specified.
> +
> + Validate or rescind the validation of the specified pages.
> +
> + @param[in] Info Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> + IN SNP_PAGE_STATE_CHANGE_INFO *Info
> + )
> +{
> +}
> +
> +/**
> + Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> + Add or remove the VMSA attribute for a page.
> +
> + @param[in] Vmsa Pointer to an SEV-ES save area page
> + @param[in] ApicId APIC ID associated with the VMSA
> + @param[in] SetVmsa Boolean indicator as to whether to set or
> + or clear the VMSA setting for the page
> +
> + @retval EFI_SUCCESS RMPADJUST operation successful
> + @retval EFI_UNSUPPORTED Operation is not supported
> + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
> + parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> + IN SEV_ES_SAVE_AREA *Vmsa,
> + IN UINT32 ApicId,
> + IN BOOLEAN SetVmsa
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> new file mode 100644
> index 000000000000..c80c0a5656dd
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> @@ -0,0 +1,13 @@
> +// /** @file
> +// CcSvsmLib instance.
> +//
> +// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "CcSvsmLib NULL instance"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "CcSvsmLib NULL instance."
> +
> --
> 2.42.0
>
--
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116031): https://edk2.groups.io/g/devel/message/116031
Mute This Topic: https://groups.io/mt/104512960/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-02-27 11:54 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-22 17:29 [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 01/23] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
2024-02-27 9:46 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 02/23] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-02-23 0:16 ` Ni, Ray
2024-02-27 10:02 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 03/23] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
2024-02-27 10:03 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 04/23] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Lendacky, Thomas via groups.io
2024-02-27 10:11 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 05/23] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
2024-02-27 10:12 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 06/23] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
2024-02-27 10:17 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 07/23] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
2024-02-27 10:18 ` Gerd Hoffmann
2024-02-27 15:52 ` Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 08/23] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-02-27 11:07 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 09/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-02-27 11:19 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 10/23] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 11/23] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
2024-02-27 11:50 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
2024-02-27 11:53 ` Gerd Hoffmann [this message]
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 13/23] UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library Lendacky, Thomas via groups.io
2024-02-27 11:54 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 14/23] Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-02-28 8:40 ` Gerd Hoffmann
2024-02-28 15:51 ` Lendacky, Thomas via groups.io
2024-03-01 10:59 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 15/23] UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-02-28 8:42 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 16/23] OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
2024-02-28 8:43 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 17/23] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-02-28 8:44 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 18/23] OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
2024-02-28 8:50 ` Gerd Hoffmann
2024-02-28 15:58 ` Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 19/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-02-28 8:50 ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 20/23] OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-02-28 8:52 ` Gerd Hoffmann
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 21/23] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 22/23] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
2024-02-28 8:54 ` Gerd Hoffmann
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 23/23] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-02-28 6:14 ` [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Yao, Jiewen
2024-02-28 16:19 ` Lendacky, Thomas via groups.io
2024-02-29 14:06 ` Yao, Jiewen
2024-02-29 14:36 ` Lendacky, Thomas via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4wxc4xkazxlj6fgnsohswlh325ybl3hjldusyzbipfsvp32qjf@j3pplzqflnbd \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox