From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web11.2703.1648668675160602334
 for <devel@edk2.groups.io>;
 Wed, 30 Mar 2022 12:31:15 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@ibm.com header.s=pp1 header.b=Ling+2ri;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098416.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 22UJGtWm016986;
	Wed, 30 Mar 2022 19:31:12 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date :
 mime-version : subject : to : cc : references : from : in-reply-to :
 content-type : content-transfer-encoding; s=pp1;
 bh=iXhTNRAqenACE1bdoDCLiLpVvP9JJA7ZEqieHnT9X1U=;
 b=Ling+2ri/vzv71Ele05sA86KUJFq7vR/J3l9732/tDTFgsucJdXaBYb2i2gaMYDDd5aE
 QjfRONMB99AZilt5xCjPEzw5WU+FDqWkYtgJJQSVm1yWOJxIlXH/NPZiwReGTEFGjrhu
 6hOf4ER2ZLxB9jMzkupoz15Kh0tLePUjs5ART1UGbmYKkLISuMJzAuaX0RiqUBmEJy2B
 5hHJNSSBoSyeMVGMY6/dw7fC/1KmFSBn6AfHe55nQJhmcBFw5F9RmUVd6X1AoL2lDsTw
 NEGXQLXnLSNh3Q0C5l6QMgIW8CB58Ri28tX3J6ULY9+NJRHBt6tMYD6avgOjnCCLGUaV TA== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3f4uejteyr-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 30 Mar 2022 19:31:12 +0000
Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 22UJM8Us010062;
	Wed, 30 Mar 2022 19:31:12 GMT
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3f4uejteyb-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 30 Mar 2022 19:31:11 +0000
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 22UJDchk007782;
	Wed, 30 Mar 2022 19:31:11 GMT
Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28])
	by ppma04dal.us.ibm.com with ESMTP id 3f1tfa768m-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 30 Mar 2022 19:31:11 +0000
Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109])
	by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 22UJVA9736110826
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 30 Mar 2022 19:31:10 GMT
Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id EBCFA112061;
	Wed, 30 Mar 2022 19:31:09 +0000 (GMT)
Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 8AD7A112069;
	Wed, 30 Mar 2022 19:31:06 +0000 (GMT)
Received: from [9.160.79.229] (unknown [9.160.79.229])
	by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed, 30 Mar 2022 19:31:06 +0000 (GMT)
Message-ID: <5a8dfc50-d9e8-447e-6328-302d8a519c79@linux.ibm.com>
Date: Wed, 30 Mar 2022 22:31:04 +0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.7.0
Subject: Re: [PATCH 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation
To: Brijesh Singh <brijesh.singh@amd.com>, Gerd Hoffmann <kraxel@redhat.com>
Cc: devel@edk2.groups.io, Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jiewen Yao <jiewen.yao@intel.com>,
        Jordan Justen
 <jordan.l.justen@intel.com>,
        Erdem Aktas <erdemaktas@google.com>,
        James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Dov Murik <dovmurik@linux.ibm.com>
References: <20220328184530.86797-1-dovmurik@linux.ibm.com>
 <20220328184530.86797-3-dovmurik@linux.ibm.com>
 <20220330052029.4fuzbca2364nm7fg@sirius.home.kraxel.org>
 <7585badc-63d5-4195-760c-3cc3665795e4@linux.ibm.com>
 <7ea76edb-fad8-b06e-e715-0868de1f1261@amd.com>
From: "Dov Murik" <dovmurik@linux.ibm.com>
In-Reply-To: <7ea76edb-fad8-b06e-e715-0868de1f1261@amd.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: 6apOC62GWtyhc3BS3zCNWtqryP4uUIs4
X-Proofpoint-ORIG-GUID: O1_-oLxYD7iHZ9xxsEJEcVh5J11AfPkj
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514
 definitions=2022-03-30_06,2022-03-30_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 phishscore=0
 priorityscore=1501 mlxlogscore=999 clxscore=1015 spamscore=0 bulkscore=0
 impostorscore=0 suspectscore=0 malwarescore=0 lowpriorityscore=0
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2202240000 definitions=main-2203300092
X-MIME-Autoconverted: from 8bit to quoted-printable by mx0b-001b2d01.pphosted.com id 22UJGtWm016986
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable



On 30/03/2022 22:27, Brijesh Singh wrote:
>=20
>=20
> On 3/30/22 01:04, Dov Murik wrote:
>>
>>
>> On 30/03/2022 8:20, Gerd Hoffmann wrote:
>>> =C2=A0=C2=A0 Hi,
>>>
>>>> Check if that page is defined; if it is, skip it in the metadata lis=
t.
>>>> In such case, VMM should fill the page with the hashes content, or
>>>> explicitly update it as a zero page (if kernel hashes are not used).
>>>
>>> Is it an option to just skip the page unconditionally?
>>>
>>> I think in the OvmfPkgX64 build the page is not used, so it probably
>>> doesn't matter whenever it is included or not, and it would make thin=
gs
>>> a bit less confusing ...
>>>
>>
>>
>> Brijesh,
>>
>> What would happen if we change this:
>>
>> =C2=A0=C2=A0=C2=A0=C2=A0 %define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE +=
 CPUID_SIZE)
>>
>> to:
>>
>> =C2=A0=C2=A0=C2=A0=C2=A0 %define SNP_SEC_MEM_BASE_DESC_3 (FixedPcdGet3=
2
>> (PcdOvmfSecPeiTempRamBase))
>>
>> in OvmfPkg/ResetVector/ResetVector.nasmb ?
>>
>> It means that the page starting at MEMFD_BASE_ADDRESS+0x00F000 (that
>> is, the page
>> that follows the SNP CPUID page) will not be pre-validated by QEMU.
>>
>=20
> Lets look at the OvmfPkgX64.fdf is
>=20
> ...
>=20
> 0x00E000|0x001000
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.=
PcdOvmfCpuidSize
>=20
>=20
> 0x010000|0x010000
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSp=
aceGuid.PcdOvmfSecPeiTempRamSize
>=20
>=20
> 0x020000|0x0E0000
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGu=
id.PcdOvmfPeiMemFvSize
>=20
>=20
> ...
>=20
> If you change SNP_SEC_MEM_BASE_DESC_3 to start from PcdOvmfPeiMemFvBase
> then who will validate the range for=C2=A0 PcdOvmfSecPeiTempRamBase -
> PcdOvmfPeiMemFvBase ? The SEC phase (Sec/X64/SecEntry.nasm) uses the
> PcdOvmfSecPeiTempRamBase. If the memory is not validated prior to use
> then it will result in #VC (page-not-validated) and crash the guest BIO=
S
> boot.
>=20

Gerd actually wants to change SNP_SEC_MEM_BASE_DESC_3 to start from
PcdOvmfSecPeiTempRamBase, which is 0x010000.

Supposedly no one uses the single page at 0x00F000 .

-Dov