From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, thomas.lendacky@amd.com
Cc: Brijesh Singh <brijesh.singh@amd.com>,
James Bottomley <jejb@linux.ibm.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: Re: [edk2-devel] [PATCH 06/12] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range
Date: Mon, 4 Jan 2021 22:04:26 +0100 [thread overview]
Message-ID: <5daddb82-ad8e-7de7-49df-f3d18907bfe1@redhat.com> (raw)
In-Reply-To: <90152d0505354d270cc3af9e5838010e4dcbe114.1608065471.git.thomas.lendacky@amd.com>
On 12/15/20 21:51, Lendacky, Thomas wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
>
> The PCIe MMCONFIG range should be treated as an MMIO range. However,
> there is a comment in the code explaining why AddIoMemoryBaseSizeHob()
> is not called. The AmdSevDxe walks the GCD map looking for MemoryMappedIo
> or NonExistent type memory and will clear the encryption bit for these
> ranges.
>
> Since the MMCONFIG range does not have one of these types, the encryption
> bit is not cleared for this range. Add support to detect the presence of
> the MMCONFIG range and clear the encryption bit. This will be needed for
> follow-on support that will validate MMIO under SEV-ES.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 8 +++++++-
> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 20 +++++++++++++++++++-
> 2 files changed, 26 insertions(+), 2 deletions(-)
>
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> index dd9ecc789a20..0676fcc5b6a4 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> @@ -2,7 +2,7 @@
> #
> # Driver clears the encryption attribute from MMIO regions when SEV is enabled
> #
> -# Copyright (c) 2017, AMD Inc. All rights reserved.<BR>
> +# Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.<BR>
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> @@ -39,3 +39,9 @@ [Depex]
>
> [FeaturePcd]
> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> +
> +[FixedPcd]
> + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
> +
> +[Pcd]
> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> index 595586617882..ed516fcdf956 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> @@ -4,7 +4,7 @@
> in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when SEV
> is enabled.
>
> - Copyright (c) 2017, AMD Inc. All rights reserved.<BR>
> + Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -17,6 +17,7 @@
> #include <Library/MemEncryptSevLib.h>
> #include <Library/MemoryAllocationLib.h>
> #include <Library/PcdLib.h>
> +#include <IndustryStandard/Q35MchIch9.h>
(1) Please keep the #include list alphabetically sorted.
>
> EFI_STATUS
> EFIAPI
> @@ -65,6 +66,23 @@ AmdSevDxeEntryPoint (
> FreePool (AllDescMap);
> }
>
> + //
> + // If PCI Express is enabled, the MMCONFIG area has been reserved, rather
> + // than marked as MMIO, and so the C-bit won't be cleared by the above walk
> + // through the GCD map. Check for the MMCONFIG area and clear the C-bit for
> + // the range.
> + //
> + if (PcdGet16 (PcdOvmfHostBridgePciDevId) == INTEL_Q35_MCH_DEVICE_ID) {
> + Status = MemEncryptSevClearPageEncMask (
> + 0,
> + FixedPcdGet64 (PcdPciExpressBaseAddress),
> + EFI_SIZE_TO_PAGES (SIZE_256MB),
> + FALSE
> + );
> +
> + ASSERT_EFI_ERROR (Status);
> + }
> +
> //
> // When SMM is enabled, clear the C-bit from SMM Saved State Area
> //
>
Very interesting. One wonders why, without this change, MMCONFIG
accesses work at all on SEV.
But then... this guest phys area is not backed by RAM in the first
place. Whenever the guest accesses it, we trap to QEMU unconditionally.
And so memory encryption plays no role in practice, I must think.
It's different for the flash, because the flash is backed by RAM, and
whether an access to it traps to QEMU or not depends on both the access
(r/w/x) and the mode the flash is in (programming mode on vs. off).
I now wonder whether the comment in the leading context (not visible
above), namely the one that references the root bridge MMIO aperture,
from which the PCI MMIO BARs are allocated, is accurate. Perhaps that
area would work in fact even if we didn't clear the C bit for them
(considering just the accesses themselves under SEV; not SEV-ES).
(2) Please include a sentence in the commit message about the fact that
MMCONFIG is not backed by a KVM memory slot, and so actual memory
encryption does not take place, and that's why MMCONFIG accesses do not
break currently under SEV / SEV-ES. (This is at least what I think happens.)
With (1) and (2) addressed:
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Thanks
Laszlo
next prev parent reply other threads:[~2021-01-04 21:04 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-15 20:50 [PATCH 00/12] SEV-ES security mitigations Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 01/12] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Lendacky, Thomas
2021-01-04 18:58 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 02/12] OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file Lendacky, Thomas
2021-01-04 19:02 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 03/12] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES Lendacky, Thomas
2021-01-04 19:59 ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:45 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 04/12] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Lendacky, Thomas
2021-01-04 20:00 ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:48 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 05/12] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask Lendacky, Thomas
2021-01-04 20:34 ` [edk2-devel] " Laszlo Ersek
2021-01-04 21:09 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 06/12] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range Lendacky, Thomas
2021-01-04 21:04 ` Laszlo Ersek [this message]
2021-01-05 22:48 ` [edk2-devel] " Lendacky, Thomas
2021-01-06 15:38 ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 07/12] OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value Lendacky, Thomas
2021-01-04 21:05 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 08/12] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC Lendacky, Thomas
2021-01-05 9:40 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:34 ` Lendacky, Thomas
2021-01-05 15:38 ` Lendacky, Thomas
2021-01-06 14:22 ` Laszlo Ersek
2021-01-06 14:21 ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 09/12] OvmfPkg/MemEncryptSevLib: Address range encryption state interface Lendacky, Thomas
2021-01-05 9:48 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 10/12] OvmfPkg/VmgExitLib: Support nested #VCs Lendacky, Thomas
2021-01-05 10:08 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 11/12] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Lendacky, Thomas
2021-01-05 10:13 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:40 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 12/12] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory Lendacky, Thomas
2021-01-05 10:28 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:45 ` Lendacky, Thomas
2020-12-17 14:23 ` [PATCH 00/12] SEV-ES security mitigations Laszlo Ersek
2020-12-21 15:02 ` [edk2-devel] " Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5daddb82-ad8e-7de7-49df-f3d18907bfe1@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox