From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.65]) by mx.groups.io with SMTP id smtpd.web11.13306.1605127919042865999 for ; Wed, 11 Nov 2020 12:51:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=0MmuFfzb; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.244.65, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QXvLi5O/u80jroBKZsLTlkKvzAy5mZKvStijoaUGPZe6xqz+URDintAiotwCQtoosHAJMKpYxrzFGeGAhQv2e7oFdB3NZIdk55xYstA1HNTi/porl9JdcSRTjWNxN6HcaknpR+wWTS0cWW8wBm64MKI8HQsXTU+1oBt4/FjnsgZf3YqT+7C16UQu2SakK9fpvbmDoEqYZ1avc3enFdnVYw34Ww3C4qLZYLXTD6dSjLmBSnl96WiY88fmtcBcHNITQllud45zflOrNQQZSY2Jgz1BEWoc6VSAaeWAWZpKFvlmovKS4n3nrAXpNHv/NQOOfwkpZjfBDsXqPmQh05ze1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xiyz4TuFDCN03FNygLlMJqOW9GMsuj23cZkYoNDip7k=; b=LvFLHbIoDlUZq5KLEcSIkSWi95uvwzFHmaQNKCHorD6QIgU3DUstyCzgyJSw2vdFdxxQP5a9QjH78Rs8dAR4J2yQymPr/9nzKMarmRWBRu+GeVTwCehRkey4BiM0LmE2t1Gc8acr2gx73yohjelcioW+6QaozxaHznjDIBxVLrXyOPuz6UY4JaVCLaqlDcYhR71IdhUEXU/70c1ePb36kf1ztCJII4wDI5kxc0sQwTXE1EUAVD/AzJXAhr8ADdGIlf+2rMy4/jIuA7EccrU9Pc06nSvbjci8JqLlgt8K57KcdzlHpdt8fc+3VKMUjUnBn5FFz5yiRhMPuMMuHfYb/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xiyz4TuFDCN03FNygLlMJqOW9GMsuj23cZkYoNDip7k=; b=0MmuFfzbdPTkI0McDZqi+P9yrcmTLjR0vz/hkFD9Rxl67IfIiL2DYy6n7CqCFi2Yco+8zYfiUvQiQ+hA4cd5Py78Poa6mGX2FVVfl45A4KixyPF084qntTrDXMvomHaUChxLmOYuCUWtsCzfOLiad/ch8VX3gNaeZmmxxstcKnQ= Authentication-Results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4987.namprd12.prod.outlook.com (2603:10b6:5:163::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.23; Wed, 11 Nov 2020 20:51:56 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::e442:c052:8a2c:5fba]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::e442:c052:8a2c:5fba%6]) with mapi id 15.20.3541.025; Wed, 11 Nov 2020 20:51:56 +0000 Subject: Re: [PATCH] OvmfPkg/Bhyve: Update Bhyve following changes to OVMF To: Laszlo Ersek , Rebecca Cran Cc: devel@edk2.groups.io, Jordan Justen , Ard Biesheuvel , Peter Grehan References: <20201111031006.33564-1-rebecca@bsdio.com> <28151b00-7744-ff98-ddd0-52ec527c6f1c@redhat.com> From: "Lendacky, Thomas" Message-ID: <57dc2229-81b4-17a3-b428-273ba56770ac@amd.com> Date: Wed, 11 Nov 2020 14:51:54 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <28151b00-7744-ff98-ddd0-52ec527c6f1c@redhat.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0701CA0017.namprd07.prod.outlook.com (2603:10b6:803:28::27) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.118] (165.204.77.1) by SN4PR0701CA0017.namprd07.prod.outlook.com (2603:10b6:803:28::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21 via Frontend Transport; Wed, 11 Nov 2020 20:51:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9c36eca8-dae9-43f2-5353-08d88683a050 X-MS-TrafficTypeDiagnostic: DM6PR12MB4987: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3631; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: u5L5Lswvvs+fqd5aLtFgAS4rUFh7Tkm0iBwprXeMBkdpj9TuhisogSt01Fh3hH02rCQVhgMMYO4IePhp7RwhzBx0pcvZedUPAtXquMqDo0ajVS0yZClrbXu5PlXKfQaLj9sjKL2GxxO1ie98BH/3wlEVsKyt6AlWL67bwPNBMuE6BSC+OapLqTr/U6DgGSYqrsoOgQG7m9pxDC02ATITwkT/r+WHzPUCj8ONN+kKncuV0r84RNvIEdflCaLnQ83BrtxecJfNKeAJuPTciCaqM4vgua+jkM7bZ5Yno8F5fGSPLLiN57DT4TZKJhiEgZRTkbKCxjwQewpndFW8j0j8Wgn2I9e7FSPzC3HVWs2VE/3GdgWzIdNk1C5BeexLTCII X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(136003)(346002)(366004)(396003)(31686004)(4326008)(15650500001)(52116002)(19627235002)(2616005)(31696002)(26005)(16526019)(316002)(956004)(16576012)(54906003)(110136005)(8676002)(53546011)(86362001)(478600001)(5660300002)(6486002)(186003)(66476007)(8936002)(36756003)(83380400001)(66946007)(66556008)(2906002)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Xh+nmxda0WC0cXVnZBObmpDc/C0q/9aInqLxrWPM8OpugKN7ThRk8UjZd7Yb5AZTO8l1/uljJo453Y1Pb6STaWHuYY4faCScPUE3wKGiGJ31/OLbJ0KEBWQ/HOI/3ouLAbe1ynvpkyqE9eP3ZGGG0HSC9tDMVDQQzeuE8m5EYRTCyYuPWyZa9I81ksVqzmEthBNe8ZOfrBA3u0sN+8XABNHCppi3Rx5UWE2zDe3QczzvKSHxXJmU28VMnI1Gr/4Y6FteN8ziu49XmJB/cWd0Mvv+f+ns+QWaQ+UyUgfbO+Rv5weB2cxxYQkU9wC9T1uupoS6+0SrnWUKHtYlOX1iPVWdx3aneaPbeSKVRB5BbFH00nHo22GX9H08nDR5kAUAgTXMn1KtuNDztrKNtYREgmrHbl1i2ds/wb25XV8ZRI/6Bs+2jkLkuyRpexUkQStsvvx8icSMq9JVU8jMNxs3VRf8qD6HpdmD7rfFB78msas0a4MqO+dQG4JYD5GHMi9kwaiFnDps54bGQTpTITEgk9RKOhyTgS6H2VDpxZCtXGdjY7SkCBS2VV0za43ZjruS9h95/czqx6++g4tUti7SxCXDCHlc9B3pp1Df4LtuTTo2qkZvJh6LwSIHvfxz5CHiGeKWEfgKtHpZbEw0R7GFzw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9c36eca8-dae9-43f2-5353-08d88683a050 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2020 20:51:56.4030 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4bK+PFn2jqPbOka5wujS/PIL6fpfkHzPMrsQ+zmob+Vi9nkVuj8RFwWlUqJgL8x9k0MiB2sqz9awHfV1aeVdww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4987 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 11/11/20 1:57 PM, Laszlo Ersek wrote: > +Tom > > On 11/11/20 04:10, Rebecca Cran wrote: >> Fix BhyveX64.dsc and BhyveX64.fdf to follow breaking >> changes in OVMF. >> >> Signed-off-by: Rebecca Cran >> --- >> OvmfPkg/Bhyve/BhyveX64.dsc | 1 + >> OvmfPkg/Bhyve/BhyveX64.fdf | 6 ++++++ >> 2 files changed, 7 insertions(+) > > Ouch, I'm sorry. I think I missed the Bhyve support being added as I rebased to newer levels of the tree, sorry about that. Thanks, Tom > >> >> diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc >> index 16d2233d77..868338b460 100644 >> --- a/OvmfPkg/Bhyve/BhyveX64.dsc >> +++ b/OvmfPkg/Bhyve/BhyveX64.dsc >> @@ -225,6 +225,7 @@ >> >> [LibraryClasses.common] >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >> + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf >> >> [LibraryClasses.common.SEC] >> !ifdef $(DEBUG_ON_SERIAL_PORT) > > Yep, makes sense. > >> diff --git a/OvmfPkg/Bhyve/BhyveX64.fdf b/OvmfPkg/Bhyve/BhyveX64.fdf >> index 5d2586ae14..8776aaf7ac 100644 >> --- a/OvmfPkg/Bhyve/BhyveX64.fdf >> +++ b/OvmfPkg/Bhyve/BhyveX64.fdf >> @@ -76,6 +76,12 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid. >> 0x007000|0x001000 >> gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize >> >> +0x008000|0x001000 >> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableSize >> + >> +0x009000|0x002000 >> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize >> + >> 0x010000|0x010000 >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize >> >> > > Hmm, this, on the other hand, makes me wonder. All four PCDs are > [PcdsFixedAtBuild], from "OvmfPkg.dec", so the platform DSC/FDF files > *should not* be required to override defaults. > > .... > > Ah, wait, you're hitting the exact PCD value checks (%error directives) > in "OvmfPkg/ResetVector/ResetVector.nasmb". > > During the SEV-ES review, I completely lost track of Bhyve consuming > "OvmfPkg/ResetVector/ResetVector.inf". Sorry about that. > > So the following list of commits: > > (1) 6995a1b79bab OvmfPkg: Create a GHCB page for use during Sec phase > (2) 8a2732186a53 OvmfPkg/ResetVector: Add support for a 32-bit SEV check > (3) 30937f2f98c4 OvmfPkg: Use the SEV-ES work area for the SEV-ES AP > reset vector > > causes a problem for the Bhyve platform. > > I don't like the "OvmfPkg/Bhyve/BhyveX64.fdf" hack as presented above, > because, while it makes the symptom go away, it causes "BhyveX64.fdf" > appear as if it had anything to do with SEV-ES -- which it doesn't. > > Here's what I suggest: > > > * patch#1: > > Subject: > > OvmfPkg/Bhyve: detach ResetVector from before the SEV-ES changes > > Commit message: > > Commits 6995a1b79bab, 8a2732186a53 and 30937f2f98c4 modified all four > regular files under "OvmfPkg/ResetVector" with SEV-ES dependencies. > These are not relevant for Bhyve. Detach the pre-SEV-ES version of > ResetVector for Bhyve. > > Composing the patch: > > $ git checkout -b bhyve_reset_vector master > $ rm -r OvmfPkg/ResetVector/ > $ git checkout 6995a1b79bab^ -- OvmfPkg/ResetVector/ > $ mv OvmfPkg/ResetVector/ OvmfPkg/Bhyve/ > $ git checkout master -- OvmfPkg/ResetVector/ > > # add your (C) notices to all files under OvmfPkg/Bhyve/ResetVector/ > # namely "PageTables64.asm", "ResetVector.inf", "ResetVector.nasmb" > > # do *not* re-generate the FILE_GUID in the new INF file (this is a > # well-known GUID, namely "gEfiFirmwareVolumeTopFileGuid") > > $ git add OvmfPkg/Bhyve/ResetVector/ > $ git commit > > > * patch#2: > > Subject: > > OvmfPkg/Bhyve: fix build breakage after SEV-ES changes > > Commit message: > > Consume the SEV-ES-independent reset vector restored in the previous > patch. Use the Null instance of VmgExitLib. > > Body: > >> diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc >> index 16d2233d7788..ba79ceef5563 100644 >> --- a/OvmfPkg/Bhyve/BhyveX64.dsc >> +++ b/OvmfPkg/Bhyve/BhyveX64.dsc >> @@ -225,6 +225,7 @@ [LibraryClasses] >> >> [LibraryClasses.common] >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >> + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf >> >> [LibraryClasses.common.SEC] >> !ifdef $(DEBUG_ON_SERIAL_PORT) >> @@ -571,7 +572,7 @@ [PcdsDynamicHii] >> # >> ################################################################################ >> [Components] >> - OvmfPkg/ResetVector/ResetVector.inf >> + OvmfPkg/Bhyve/ResetVector/ResetVector.inf >> >> # >> # SEC Phase modules >> diff --git a/OvmfPkg/Bhyve/BhyveX64.fdf b/OvmfPkg/Bhyve/BhyveX64.fdf >> index 5d2586ae141a..f4050c4934b7 100644 >> --- a/OvmfPkg/Bhyve/BhyveX64.fdf >> +++ b/OvmfPkg/Bhyve/BhyveX64.fdf >> @@ -117,7 +117,7 @@ [FV.SECFV] >> # >> INF OvmfPkg/Sec/SecMain.inf >> >> -INF RuleOverride=RESET_VECTOR OvmfPkg/ResetVector/ResetVector.inf >> +INF RuleOverride=RESET_VECTOR OvmfPkg/Bhyve/ResetVector/ResetVector.inf >> >> ################################################################################ >> [FV.PEIFV] > > Optimally, these changes should have been part of the SEV-ES feature > series, but we didn't realize. Sorry about the regression! > > Thanks > Laszlo >