From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.77]) by mx.groups.io with SMTP id smtpd.web11.103482.1682968009541935579 for ; Mon, 01 May 2023 12:06:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=guwZuiqa; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.77, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZibM93Sb4urfOtE3e8d5i1lpKdjGrA6RTmgBQXzqKY6wz7QrO6rVhiO+kARPltj5+lPEJxdMtx0MjGyGpKS4h9SrJeqJLh7ocil3aV516myiZRdgOOtW6hpAFfyk2KSvsZYI9Nbxkzw7E5/O5RTNDGscGV3e0pffiQTiJWcxBqPXE/LSacXkbHv/U4jBMsbdeCRG6LA6lT1NMU0s+C6eTMr3Njd5PfnTccMybBhD6Z7Uw+ydy0lgp0Iu7sj0yf9gF1kfgNWcBg6DUgtGRDJnh0QqP4zDCIGr554LS8WF5jqhA3Ki2ZwbmbJSDDj+sFzeRGsmp6yyMnZpe0ZE2IlrrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=odsLFMW7AdzgMK/0bOVsDl1sKs22q0UjyaXNWFS81dI=; b=TZ7PRCc51aJNV7gNBzzV+/xvZzJHEcgXRCEi5isVFC9lrnEax3IaMNjsMC/+EIa2ohg5bOzFieh1D9JGOBu+ZToj4kZMxCMTLJ8fRI/KVGx1f684Hd80g1cumacotQcBLYDNg0tlkpS7dwi/Y7jY7LXpySl+zRYGKIZw+Zg624oquExHCbrYqjLNqxaD0DuKBiHHekb7UeYGXvCpLIGHDkBnVE5fma6JBQRNEtcf0Lk6/3S7tpbk2OLT4Xqr1XYgUD2WHg0C6VUKzxc9DgI1rOVFPecvxxqNDEe99+8GkNfWBzjykkc95W6WHOKSpgTawl0MiYJm7DOB3PFm+KWZXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=odsLFMW7AdzgMK/0bOVsDl1sKs22q0UjyaXNWFS81dI=; b=guwZuiqafpUsQasqLd/aU+hLTjwcQRV/xZpbEZiyGfEjQJiIcbFiWMxjxqNmnVYDVwPonijs6kyD2AwkiQHV6mpN33HNiQRyspQ/Se/x8UMU3EirPh2eL9I7HLEWVxtUo5Mj+wp+eHcWJ5PSQZBoScAwQIhy8y68+i0UfvhomLs= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH7PR12MB8105.namprd12.prod.outlook.com (2603:10b6:510:2b7::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.30; Mon, 1 May 2023 19:06:47 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648%7]) with mapi id 15.20.6340.030; Mon, 1 May 2023 19:06:46 +0000 Message-ID: <56d6eacf-5ab8-e90b-be17-08ad768dc4d0@amd.com> Date: Mon, 1 May 2023 14:06:36 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest To: Gerd Hoffmann Cc: "Xu, Min M" , joeyli , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth References: <2xjjrifeaa7khaha4se7gs3hmtdz2kkg2dv4t7njwf5z5mbn2f@qb5s2k7c6225> <03fed1d7-cbd8-ee45-ebd8-8ecf60971e61@amd.com> <0da93279-d397-c067-cc9f-7abfc9935eea@amd.com> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: CP5P284CA0200.BRAP284.PROD.OUTLOOK.COM (2603:10d6:103:22d::14) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH7PR12MB8105:EE_ X-MS-Office365-Filtering-Correlation-Id: e5ac62a9-899d-4e78-4e29-08db4a773594 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CUU7jnfJpRioFC9irr0+r/TSfL9GUcoGcGGMm8w4YiMgbcFbDSU5gAezNT5CgbgpJMj+wwFK7QjWdubczHjJHhChuH2AhskD8DTVknnL64F2rrTURi4/VaMUP6sNft7tnlceVQM2pznd23f6rG7lvVzKtYHakmZFm1RjGXM+yw90FG3Tkn/8gMiYyFfQ3Yi3niPNtdAymz00/qwyAIrtZ3V/pbxlYIUDXzetpYKI/1sntmK4hE0BSTg+maZzsZIkFQrGUmlelS1vYXVYK0W4+YvcLA4WPcc26hyp5znaW6eIiu3FiNCSswppFJZjEZ6HZnLRIjm7ECCYN1JDrbUu2+0IUF1R+sGCzkjdMSOkwu9/5DulK5TS1+puKkMPBx0Ww2kJZBat0/BFyn+Rw1rxhJk2lpQUS3lvbjaBDLbUR9minqxff1Dg22yyCU2b2YBy7UuitFV8z6C7x2riJj7LKyG8eu4mePdCZXYrAUjMGxWF4HiADNhW+157qmBgtQGAO8/GvMs7PIsdltDMQcOH7y6qB+V1nSphQBgRG6K+yjRJC9p2s1G+M1yqwXaDUz1sIuWV0WQpJkSzOZYN0xsXLIeLI2yxe7Oa3qzicdiOr/4NVNSCED0HpKCnQkPe8j6/+I5hiC7kWrnn38ISbZg20Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(4636009)(136003)(366004)(376002)(396003)(39860400002)(346002)(451199021)(41300700001)(38100700002)(66556008)(66476007)(6916009)(4326008)(66946007)(316002)(2906002)(8936002)(8676002)(5660300002)(6512007)(6506007)(26005)(186003)(53546011)(6486002)(6666004)(83380400001)(2616005)(31686004)(36756003)(31696002)(478600001)(54906003)(86362001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?L09BWllVS1JWeThMZEh1WnYwNG1FODhzRFBuK3dDRHRwQjhsSk00OHlhZGp1?= =?utf-8?B?MGY0WGZRWGFwKzNqRW41WVZEV0JsdHFPUTF2Z04xNjlDelhuK0Z4RnBpdERV?= =?utf-8?B?eENHdXdlaWY2NzdRaG40L1pLWmFjYmRUZ1lYODRSMjgvMkNpcjdva29oaGc4?= =?utf-8?B?WjNpbjRkcExhWVlxVkZEMW5YNlB0YkJPZVZhRUNKWDlGQVVhTUpyblFHQUQv?= =?utf-8?B?Ly9UVlpiWlFjTVhqOHpjOGV1L1dEeFA0Uk81REgvWHZZR2RYRkxTWlVuY2c4?= =?utf-8?B?VFFRMDdFYmRvN1JJMldLMkh6N2tDR0R1eC9mYW9uNkQ1aUV2R05RTkoyWG9B?= =?utf-8?B?MW5tSEhWRit4QkhTQnYxU1VwTzg3U2kwYnJuU3h6TllGR25XZm9pY1FiNXN3?= =?utf-8?B?eXRmcjI2eUkwTElRLzBlQ3RxL3htZFZBeTNBRnZwYUZUM3I0Q1lLcWFGRVh5?= =?utf-8?B?ZnJHSFY3Qmt4eW9VT2J3RDk4NTgxc1hKVmdrYTBHNUdJWXRzVnBVd1J2YnMz?= =?utf-8?B?YWVvc3BSdVVKV0lFVllnYzYwTHI3ZzU1UFFCNDZpcXdydk1zdnduZWhWd3hq?= =?utf-8?B?R3FlWWIvMzBCMjU3VE4yVnI4UncycVZqWFM4SktzVzRQSExCRTU3b1pVQU4w?= =?utf-8?B?ZUg1NDl4c3pXWjVrRDEvZWRSOGJFdnREbzlBeFNYbDZyWmVwVjRSWmh4eFRX?= =?utf-8?B?ZmJwRjZ3Yzk1WVpNcitFZUE2dkV0dlBUM0lDcEFkYW5pc1pPSXJmTU9nMDYx?= =?utf-8?B?aUZRTTBjdWY0ckJDajFINmFqZUNtY2MraFpjMDZST3c4bkd6U1hnWGJvQVdW?= =?utf-8?B?YjdsRktORXVOZ1JCTnJkZHJOS3BnejZPWGltKzNMMnNoZnhhZ1VjQTBQRGc3?= =?utf-8?B?N0duRDh3akxycTMyamxIRFdhMGxBMCtMcTlIaXZ5dE1MZjFPUmdISVVseitG?= =?utf-8?B?SVU3MVppdGpuMmdmeEdkVnNQU05NanpDMjU3RDRtMWJnZ1hIUFc0Sm9saUlS?= =?utf-8?B?UHQzTTFqcW5OLzJHQWl3Njgydnl1c1JPQzN2dSt5cGxZZHAzQ1ZyclRrQkwz?= =?utf-8?B?OW5Va3hTM1ZMZE84OFkwWTB4Rncyam9CY3NuaHFmRHVYMkJ5MFlXSlV5VTNP?= =?utf-8?B?M2JNejg1MkNFSnR1aU95Vm5oS1h6Q3MxTjVRM0Z3Qkd0YkROb1NWUTNUYnRp?= =?utf-8?B?dHZPWnRRU3o4TDI4elVUY2pZalNUOVNzMDFReEpOWER3eE50WC8ySThIV24z?= =?utf-8?B?UjJMU2djNVN5U0llMlpWQkFPb3RaQTBhME1KV3hWdnFheEo3cFU4dTQ1UTE2?= =?utf-8?B?QkZQNXo3VzZpMWF3TDR4UWtvZ1U5RTZWclpsVmN2OUtpMFg1N2ZKZ3NVWUkz?= =?utf-8?B?Z3ZKbnlOTGdWVWZLMTNpLzI3V0FqcUVLYng5WEhMZDFrc0dJMjQvcktRSXB1?= =?utf-8?B?N0p3UmI4N1AzZnlaWEIxUlFoeFhCbHQyald5UWoraXMrWGNHd0NSUko5UVMx?= =?utf-8?B?MmVYQnMrdXNkbUFTcEdJc0kvTHFzOEN4RlV3V3U0eWhDa280dU5zSm01b2V6?= =?utf-8?B?SDdkM3hqT2FrQlJPWEdEcSs4MkkvdFdIRStUK0trbGl5Wk5tcVJvTVdyN0R6?= =?utf-8?B?dk9ERWFJckpTRkk2R1dDVnVIQncwYlRPd2FGUzlxMzJqTkhBK2gwd0plb3Jn?= =?utf-8?B?QytaNEpaUE5UV1ZLdUVzdXhRd0VYOHRIYUxoTDdSdkVCZmR0c3JWdU9mV2xz?= =?utf-8?B?U0JoTDkyOHZmSUs2a2RraTNVelluQk1MTjhvb3dyWVd0SUF6dWVqY242TExG?= =?utf-8?B?MGRDei9MMHM3MVovN1lZM1NnblY2TTVRY2h1RndYaHRLSTI2M1RaTnF6a0xS?= =?utf-8?B?eDlTaU9UL3h6cHJqNjg3UGwvNUN6RzdsNmZXMFZCZ0ZOMHh3UkY3Wk1xU3N6?= =?utf-8?B?UVgzVDAyOHF6a1lEYit3ZXhhd2NZQmwzYWJjLy9UbGlRQXA5V2FxaDdoUFla?= =?utf-8?B?TzdlbjM3QW42WEhBRnFFM2hVZSs1MDN1OG9vZHBxZ3k2amluY2szNXozRkF4?= =?utf-8?B?aVJDNVg2R1FhMW5zbkczUHVtMG1qVWNxWXlhQmlqMEhxWUJNTFN2V3NkSFhU?= =?utf-8?Q?8GS1EV8+3hG/KRvAJTJBnhC0Z?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e5ac62a9-899d-4e78-4e29-08db4a773594 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 May 2023 19:06:46.7812 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zCcsNgd8ci0FLRIQPrwl0m4dkT3ekVnYhzmweRZcnobtxsTbTdfYgH4j0ZoQy56MbxBXifz6QMcXJJlBqcF4CQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB8105 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/28/23 03:41, Gerd Hoffmann wrote: > Hi, > >> I'd have to dig much deeper to see if there's a way to identify whether a >> VARS file was specified on the Qemu command line. I *think* (please correct >> me if I'm missing something) for SEV and SEV-ES it would be straight forward >> to try and access the memory as shared and check the headers. If they're >> valid, then a VARS file was specified on the command line and should remain >> mapped shared. If they aren't valid, a VARS file wasn't specified and you >> have either the full OVMF.fd file or just the OVMF_CODE.fd with memory >> backing the VARS that, in either case, should be mapped private. > > OVMF_CODE.fd + OVMF_VARS.fd is *identical* to just OVMF.fd, i.e. the > guest will see valid varstore headers in both cases. It is identical except in how they are mapped. With a split OVMF_CODE.fd / OVMF_VARS.fd, the OVMF_CODE.fd file is mapped private and the OVMF_VARS.fd is mapped shared because the hypervisor is updating the contents of OVMF_VARS.fd. With OVMF.fd, the whole file is mapped private because updates to the variables are not retained, so the hypervisor isn't updating the contents. I'll give the patch below a try in the next day or two. Thanks, Tom > > The split into code part and vars part allows to (a) easily update the > code without screwing up the vars, and (b) map both with different > properties, i.e. code read-only and vars read/write. > > Does the patch below help? > > take care, > Gerd > > From 3971f9453ded3032f5918dc9d181ecc0b6f97862 Mon Sep 17 00:00:00 2001 > From: Gerd Hoffmann > Date: Fri, 28 Apr 2023 10:34:23 +0200 > Subject: [PATCH 1/1] [testing] try setup mmio in QemuFlashBeforeProbe (dxe) > > --- > .../QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c | 15 ++++++++++++--- > 1 file changed, 12 insertions(+), 3 deletions(-) > > diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > index d57f7ca25ccf..3a6280ab9c3a 100644 > --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > @@ -37,9 +37,18 @@ QemuFlashBeforeProbe ( > IN UINTN FdBlockCount > ) > { > - // > - // Do nothing > - // > + EFI_STATUS Status; > + > + if (MemEncryptSevIsEnabled ()) { > + Status = MemEncryptSevClearMmioPageEncMask ( > + 0, > + BaseAddress, > + EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount) > + ); > + if (EFI_ERROR(Status)) { > + DEBUG ((DEBUG_WARN, "%a: MemEncryptSevClearMmioPageEncMask: %r\n", __func__, Status)); > + } > + } > } > > /**