From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id F07C394154C for ; Tue, 27 Feb 2024 11:54:04 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=khP4W9rRUwzOmuQwhAxJ7+ay7Y9j14yWqF+sRGwWTFk=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20140610; t=1709034843; v=1; b=MqOcilNXIzV9sgXmj2U+zV3o6RZyGwMHi7O+y9qWYhX6MEdxWwIHdWDDexWztEQd338fTNU+ 72Xxh7SRVCdhJ72B8USLY5TI6RUzHKp/5XXe+b1ZhPv1SgnCjjhfXVI5yTiL2okSnAa+157pNwW NmUv/pzfIgPaZb9f7D3nztyc= X-Received: by 127.0.0.2 with SMTP id VEJTYY7687511x9azOSApfO7; Tue, 27 Feb 2024 03:54:03 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.10320.1709034842759754163 for ; Tue, 27 Feb 2024 03:54:02 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-59-_C2EmfO0Mq-OI3tBvsE54g-1; Tue, 27 Feb 2024 06:53:54 -0500 X-MC-Unique: _C2EmfO0Mq-OI3tBvsE54g-1 X-Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6E9D2800074; Tue, 27 Feb 2024 11:53:53 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.249]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 12BB21C060B1; Tue, 27 Feb 2024 11:53:53 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id D943918009BA; Tue, 27 Feb 2024 12:53:51 +0100 (CET) Date: Tue, 27 Feb 2024 12:53:51 +0100 From: "Gerd Hoffmann" To: Tom Lendacky Cc: devel@edk2.groups.io, Ard Biesheuvel , Erdem Aktas , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , Rahul Kumar , Ray Ni , Michael Roth Subject: Re: [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM Message-ID: <4wxc4xkazxlj6fgnsohswlh325ybl3hjldusyzbipfsvp32qjf@j3pplzqflnbd> References: <2bba1fe3921bab6830cfebd405ce166a337276b9.1708623001.git.thomas.lendacky@amd.com> MIME-Version: 1.0 In-Reply-To: <2bba1fe3921bab6830cfebd405ce166a337276b9.1708623001.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: MEYEPi3YOI7FWRnGwvg8Uubxx7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=MqOcilNX; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On Thu, Feb 22, 2024 at 11:29:51AM -0600, Tom Lendacky wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 > > In order to support an SEV-SNP guest running under an SVSM at VMPL1 or > lower, a new CcSvsmLib library must be created. > > This library includes an interface to detect if running under an SVSM, an > interface to return the current VMPL, an interface to perform memory > validation and an interface to set or clear the attribute that allows a > page to be used as a VMSA. > > Signed-off-by: Tom Lendacky Acked-by: Gerd Hoffmann > --- > UefiCpuPkg/UefiCpuPkg.dec | 5 +- > UefiCpuPkg/UefiCpuPkg.dsc | 4 +- > UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf | 27 +++++ > UefiCpuPkg/Include/Library/CcSvsmLib.h | 101 ++++++++++++++++++ > UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c | 108 ++++++++++++++++++++ > UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni | 13 +++ > 6 files changed, 256 insertions(+), 2 deletions(-) > > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec > index 571b59b36f0a..4a383c6d1d4d 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -2,7 +2,7 @@ > # This Package provides UEFI compatible CPU modules and libraries. > # > # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.
> -# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.
> +# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.
> # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64] > ## @libraryclass Provides function to support CcExit processing. > CcExitLib|Include/Library/CcExitLib.h > > + ## @libraryclass Provides function to support CcSvsm processing. > + CcSvsmLib|Include/Library/CcSvsmLib.h > + > ## @libraryclass Provides function to get CPU cache information. > CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h > > diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc > index 10b33594e586..1ee726e6c6b5 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dsc > +++ b/UefiCpuPkg/UefiCpuPkg.dsc > @@ -2,7 +2,7 @@ > # UefiCpuPkg Package > # > # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.
> -# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.
> +# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.
> # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -61,6 +61,7 @@ [LibraryClasses] > PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf > + CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf > MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf > SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf > CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf > @@ -159,6 +160,7 @@ [Components.IA32, Components.X64] > UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf > UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf > UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf > + UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf > UefiCpuPkg/SecCore/SecCore.inf > diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf > new file mode 100644 > index 000000000000..b45a75941a8a > --- /dev/null > +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf > @@ -0,0 +1,27 @@ > +## @file > +# CcSvsm Base Support Library. > +# > +# Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION = 1.29 > + BASE_NAME = CcSvsmLibNull > + MODULE_UNI_FILE = CcSvsmLibNull.uni > + FILE_GUID = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9 > + MODULE_TYPE = BASE > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = CcSvsmLib > + > +[Sources.common] > + CcSvsmLibNull.c > + > +[Packages] > + MdePkg/MdePkg.dec > + UefiCpuPkg/UefiCpuPkg.dec > + > +[LibraryClasses] > + BaseLib > + > diff --git a/UefiCpuPkg/Include/Library/CcSvsmLib.h b/UefiCpuPkg/Include/Library/CcSvsmLib.h > new file mode 100644 > index 000000000000..4715f4db3bd1 > --- /dev/null > +++ b/UefiCpuPkg/Include/Library/CcSvsmLib.h > @@ -0,0 +1,101 @@ > +/** @file > + Public header file for the CcSvsmLib. > + > + This library class defines some routines used for invoking an SVSM when the > + guest is not running at VMPL0. > + > + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef CC_SVSM_LIB_H_ > +#define CC_SVSM_LIB_H_ > + > +#include > +#include > + > +/** > + Report the presence of an Secure Virtual Services Module (SVSM). > + > + Determines the presence of an SVSM. > + > + @retval TRUE An SVSM is present > + @retval FALSE An SVSM is not present > + > +**/ > +BOOLEAN > +EFIAPI > +CcSvsmIsSvsmPresent ( > + VOID > + ); > + > +/** > + Report the VMPL level at which the SEV-SNP guest is running. > + > + Determines the VMPL level at which the guest is running. If an SVSM is > + not present, then it must be VMPL0, otherwise return what is reported > + by the SVSM. > + > + @return The VMPL level > + > +**/ > +UINT8 > +EFIAPI > +CcSvsmSnpGetVmpl ( > + VOID > + ); > + > +/** > + Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest. > + > + If an SVSM is present, the CAA for the BSP is returned. > + > + @return The CAA > + > +**/ > +UINT64 > +EFIAPI > +CcSvsmSnpGetCaa ( > + VOID > + ); > + > +/** > + Perform a PVALIDATE operation for the page ranges specified. > + > + Validate or rescind the validation of the specified pages. > + > + @param[in] Info Pointer to a page state change structure > + > +**/ > +VOID > +EFIAPI > +CcSvsmSnpPvalidate ( > + IN SNP_PAGE_STATE_CHANGE_INFO *Info > + ); > + > +/** > + Perform an RMPADJUST operation to alter the VMSA setting of a page. > + > + Add or remove the VMSA attribute for a page. > + > + @param[in] Vmsa Pointer to an SEV-ES save area page > + @param[in] ApicId APIC ID associated with the VMSA > + @param[in] SetVmsa Boolean indicator as to whether to set or > + or clear the VMSA setting for the page > + > + @retval EFI_SUCCESS RMPADJUST operation successful > + @retval EFI_UNSUPPORTED Operation is not supported > + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid > + parameter was supplied > + > +**/ > +EFI_STATUS > +EFIAPI > +CcSvsmSnpVmsaRmpAdjust ( > + IN SEV_ES_SAVE_AREA *Vmsa, > + IN UINT32 ApicId, > + IN BOOLEAN SetVmsa > + ); > + > +#endif > diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c > new file mode 100644 > index 000000000000..268bd9a7ca54 > --- /dev/null > +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c > @@ -0,0 +1,108 @@ > +/** @file > + CcSvsm Base Support Library. > + > + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > + > +/** > + Report the presence of an Secure Virtual Services Module (SVSM). > + > + Determines the presence of an SVSM. > + > + @retval TRUE An SVSM is present > + @retval FALSE An SVSM is not present > + > +**/ > +BOOLEAN > +EFIAPI > +CcSvsmIsSvsmPresent ( > + VOID > + ) > +{ > + return FALSE; > +} > + > +/** > + Report the VMPL level at which the SEV-SNP guest is running. > + > + Determines the VMPL level at which the guest is running. If an SVSM is > + not present, then it must be VMPL0, otherwise return what is reported > + by the SVSM. > + > + @return The VMPL level > + > +**/ > +UINT8 > +EFIAPI > +CcSvsmSnpGetVmpl ( > + VOID > + ) > +{ > + return 0; > +} > + > +/** > + Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest. > + > + If an SVSM is present, the CAA for the BSP is returned. > + > + @return The CAA > + > +**/ > +UINT64 > +EFIAPI > +CcSvsmSnpGetCaa ( > + VOID > + ) > +{ > + return 0; > +} > + > +/** > + Perform a PVALIDATE operation for the page ranges specified. > + > + Validate or rescind the validation of the specified pages. > + > + @param[in] Info Pointer to a page state change structure > + > +**/ > +VOID > +EFIAPI > +CcSvsmSnpPvalidate ( > + IN SNP_PAGE_STATE_CHANGE_INFO *Info > + ) > +{ > +} > + > +/** > + Perform an RMPADJUST operation to alter the VMSA setting of a page. > + > + Add or remove the VMSA attribute for a page. > + > + @param[in] Vmsa Pointer to an SEV-ES save area page > + @param[in] ApicId APIC ID associated with the VMSA > + @param[in] SetVmsa Boolean indicator as to whether to set or > + or clear the VMSA setting for the page > + > + @retval EFI_SUCCESS RMPADJUST operation successful > + @retval EFI_UNSUPPORTED Operation is not supported > + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid > + parameter was supplied > + > +**/ > +EFI_STATUS > +EFIAPI > +CcSvsmSnpVmsaRmpAdjust ( > + IN SEV_ES_SAVE_AREA *Vmsa, > + IN UINT32 ApicId, > + IN BOOLEAN SetVmsa > + ) > +{ > + return EFI_UNSUPPORTED; > +} > diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni > new file mode 100644 > index 000000000000..c80c0a5656dd > --- /dev/null > +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni > @@ -0,0 +1,13 @@ > +// /** @file > +// CcSvsmLib instance. > +// > +// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
> +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "CcSvsmLib NULL instance" > + > +#string STR_MODULE_DESCRIPTION #language en-US "CcSvsmLib NULL instance." > + > -- > 2.42.0 > -- -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116031): https://edk2.groups.io/g/devel/message/116031 Mute This Topic: https://groups.io/mt/104512960/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-