From: "Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>
To: devel@edk2.groups.io, ashish.kalra@amd.com
Cc: Dov Murik <dovmurik@linux.vnet.ibm.com>,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
James Bottomley <jejb@linux.ibm.com>,
Hubertus Franke <frankeh@us.ibm.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Jon Grimm <jon.grimm@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [RFC PATCH 02/14] OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap.
Date: Wed, 3 Mar 2021 09:56:00 -0500 [thread overview]
Message-ID: <5950410f-4716-fc45-4b05-042b00e5fb44@linux.ibm.com> (raw)
In-Reply-To: <20210303001601.GA30351@ashkalra_ubuntu_server>
> Hello Tobin,
>
> Just a high level question, why is this patch included in this
> patch series, i don't think you are supporting SEV-ES platform
> migration in this patch-set ?
You are correct that we don't support migration for SEV-ES machines,
although our approach can potentially be adapted for SEV-ES. I was on
the fence about including this patch, because we don't strictly need it
for migration. I'm not sure if the SEC GHCB would be significant even if
we did support SEV-ES migration. Ultimately it seemed like a good idea
because the SEV firmware build does otherwise support SEV-ES. Since I
was introducing the hypercall in an environment where SEV-ES can be
enabled, it seemed reasonable to include. Syncing page encryption status
hypothetically has uses beyond migration.
Note that I am not adding full support for the hypercall in OVMF, which
might be a good idea at some point.
-Tobin
> Thanks,
> Ashish
>
> On Tue, Mar 02, 2021 at 03:48:27PM -0500, Tobin Feldman-Fitzthum wrote:
>> From: Ashish Kalra <ashish.kalra@amd.com>
>>
>> Mark the SEC GHCB page that is mapped as unencrypted in
>> ResetVector code in the hypervisor page encryption bitmap.
>>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>>
>> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
>> ---
>> OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
>> index dddffdebda..c72eeb37c5 100644
>> --- a/OvmfPkg/PlatformPei/AmdSev.c
>> +++ b/OvmfPkg/PlatformPei/AmdSev.c
>> @@ -15,6 +15,7 @@
>> #include <Library/HobLib.h>
>> #include <Library/MemEncryptSevLib.h>
>> #include <Library/MemoryAllocationLib.h>
>> +#include <Library/MemEncryptHypercallLib.h>
>> #include <Library/PcdLib.h>
>> #include <PiPei.h>
>> #include <Register/Amd/Msr.h>
>> @@ -52,6 +53,15 @@ AmdSevEsInitialize (
>> PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
>> ASSERT_RETURN_ERROR (PcdStatus);
>>
>> + //
>> + // GHCB_BASE setup during reset-vector needs to be marked as
>> + // decrypted in the hypervisor page encryption bitmap.
>> + //
>> + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
>> + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
>> + FALSE
>> + );
>> +
>> //
>> // Allocate GHCB and per-CPU variable pages.
>> // Since the pages must survive across the UEFI to OS transition
>> --
>> 2.20.1
>>
>
>
>
>
next prev parent reply other threads:[~2021-03-03 14:56 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-02 20:48 [RFC PATCH 00/14] Firmware Support for Fast Live Migration for AMD SEV Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 01/14] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 02/14] OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap Tobin Feldman-Fitzthum
2021-03-03 0:16 ` Ashish Kalra
2021-03-03 14:56 ` Tobin Feldman-Fitzthum [this message]
2021-03-03 15:01 ` [edk2-devel] " Ashish Kalra
2021-03-02 20:48 ` [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration Tobin Feldman-Fitzthum
2021-03-03 16:41 ` Ashish Kalra
2021-03-03 16:47 ` Tobin Feldman-Fitzthum
2021-03-03 16:57 ` Ashish Kalra
2021-03-02 20:48 ` [RFC PATCH 04/14] OvmfPkg/AmdSev: Base for Confidential Migration Handler Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 05/14] OvmfPkg/PlatfomPei: Set Confidential Migration PCD Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 06/14] OvmfPkg/AmdSev: Setup Migration Handler Mailbox Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 07/14] OvmfPkg/AmdSev: MH support for mailbox protocol Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 08/14] UefiCpuPkg/MpInitLib: temp removal of MpLib cleanup Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 09/14] UefiCpuPkg/MpInitLib: Allocate MP buffer as runtime memory Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 10/14] UefiCpuPkg/CpuExceptionHandlerLib: Exception handling " Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 11/14] OvmfPkg/AmdSev: Build page table for migration handler Tobin Feldman-Fitzthum
2021-03-03 16:32 ` Ashish Kalra
2021-03-03 18:58 ` Dov Murik
2021-03-02 20:48 ` [RFC PATCH 12/14] OvmfPkg/AmdSev: Don't overwrite mailbox or pagetables Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 13/14] OvmfPkg/AmdSev: Don't overwrite MH stack Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 14/14] OvmfPkg/AmdSev: MH page encryption POC Tobin Feldman-Fitzthum
2021-03-03 16:14 ` [edk2-devel] [RFC PATCH 00/14] Firmware Support for Fast Live Migration for AMD SEV Laszlo Ersek
2021-03-03 18:25 ` Tobin Feldman-Fitzthum
2021-03-04 17:35 ` Laszlo Ersek
2021-03-05 10:44 ` Ashish Kalra
2021-03-05 16:10 ` Ashish Kalra
2021-03-05 21:22 ` Tobin Feldman-Fitzthum
2021-03-04 1:49 ` Yao, Jiewen
2021-03-04 9:21 ` Paolo Bonzini
2021-03-04 20:45 ` Laszlo Ersek
2021-03-04 21:18 ` Laszlo Ersek
2021-03-05 8:59 ` Paolo Bonzini
[not found] ` <166900903D364B89.9163@groups.io>
2021-03-13 2:32 ` Yao, Jiewen
2021-03-16 17:05 ` Singh, Brijesh
2021-03-16 17:47 ` Tobin Feldman-Fitzthum
2021-03-17 15:30 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5950410f-4716-fc45-4b05-042b00e5fb44@linux.ibm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox