From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.83]) by mx.groups.io with SMTP id smtpd.web11.50826.1654010065991045200 for ; Tue, 31 May 2022 08:14:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=rZNVqIrD; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.83, mailfrom: nikunjamritlal.dadhania@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b0tPT1q2aZHyKlM0PNqrpDWkbyuO3422qorn72VGd0O5r/c2L8aRc6raN6/uiGtAlJEbYuakqhkq9gMw2TNbEAVDh8nqAUZWjtUHVyySfGN7MSy0XEnp3gAwR+2BCw6/p2u6I/5qB4+/gre75D6lH/SD0dJx+f2MV4Q0fea8GqzfNzdIis9yvs5jXS7KWM4IzslLGKOffKAJfiVgCR5E6mi6r/FWe4rjMP6XlmpaeCCAWlrKW/GsdgLCDV1rfqtL9DeNI0PV4fJzUHukpRp3kPbODMJMi0p27uWEkSCfFGxOzLw+6Rz9Rwtoh1w0GBUNjprAZLSBrdDleCrgOGHX/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=plyQRoZiZGi8iw/eXChcMYuIJujYvOdOk9Qod7TVt4w=; b=YA/7bSX+fcKYs0LM9FZfW5E0p41rsA7XVJPaeRyLGQO9kCk7fQvnxRVREe+j7UPUbVzrhf/hUgCzS0yPPSgZ24cVww3FwzTtsN28j+JfzIcPFdCoVyvwv92qoncwU8CDceaHfYOTiJrFUCHSAN194dd+ef0i1X4AeZUs5B4zZBFE/LAeJ1crNQJV1YuSrcTpjZRC1y0bn54UKNzQQ/xHiETBOxFLBMCuqVwgu9+zzVGqJJR0WHRor94GgPePpx5RqZrSq08+WlAMbJLBRPLjrhOoML4U92G2bl835OgIozTkfPOeb634UJXG6YFM3TiYh56rhjLq1jX2+v0Qh+cOrw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=plyQRoZiZGi8iw/eXChcMYuIJujYvOdOk9Qod7TVt4w=; b=rZNVqIrDOSyEc/N9X9ysV4v0T5q8zGNeOKfD5sT/OH6P/AQV22w9eyeLU+VPAIJjuHJfPMmtYarqeT1HTVQ5zQXV84VhRBUcuPLHw+YvGO+vc1sc4V8GJVgkKb9tLnxsm+adyl7Pkg73DobN12iw2bVgR9Sfn26Xl9ETxcVbgfE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DS7PR12MB6309.namprd12.prod.outlook.com (2603:10b6:8:96::19) by BY5PR12MB4209.namprd12.prod.outlook.com (2603:10b6:a03:20d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Tue, 31 May 2022 15:14:22 +0000 Received: from DS7PR12MB6309.namprd12.prod.outlook.com ([fe80::c502:5cdb:9472:3562]) by DS7PR12MB6309.namprd12.prod.outlook.com ([fe80::c502:5cdb:9472:3562%5]) with mapi id 15.20.5293.013; Tue, 31 May 2022 15:14:22 +0000 Message-ID: <60ee450a-741a-9685-e8fa-de97b5f2d654@amd.com> Date: Tue, 31 May 2022 20:44:10 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2 Subject: Re: [edk2-devel] [PATCH v7 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall To: devel@edk2.groups.io, ashish.kalra@amd.com Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com References: <11152470c9b41058d2a8dbffe2c0a1e5d9d4a534.1629380011.git.ashish.kalra@amd.com> From: "Nikunj A. Dadhania" In-Reply-To: <11152470c9b41058d2a8dbffe2c0a1e5d9d4a534.1629380011.git.ashish.kalra@amd.com> X-ClientProxiedBy: PN2PR01CA0054.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c01:22::29) To DS7PR12MB6309.namprd12.prod.outlook.com (2603:10b6:8:96::19) Return-Path: NikunjAmritlal.Dadhania@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 81122506-5f62-4ed2-7aec-08da43183d9b X-MS-TrafficTypeDiagnostic: BY5PR12MB4209:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +dPZDATiwVy33sjOKavRAU/5CiAaK5sj+4ORWkfIQ/7U9QB66r/nhU5BMHJdNuOsFqo4svQQyyWJCwtDmWXITcRH9EUE1PdXQnGeSAPHtQsSOiT53PxUdvBXoPb6cuxFBOB6rF7hisOM/mzfVlT1UmNHV4xsUhSygkY7/JjA2nEmxhZi/HEpTc6RZBHyeqlV0ZnOx5HIfQTXcDR31lohApVQEbLtKqOjCxTV0UdnfLcuH1mr2R9N//swQQ+mpmXJ/m98+OwsTh7kV/t61i3BJYTUWfQLXfpgWGnznXFea8wIh1Hu4yv41OK9VUkqzflO85zJHUZU/DOFIzvKWUp7uTb2WBGvSTzGiEqRyCyiPJfdhCG6dAy/8LmjHruzaf6fE44Kpt/C0sI5mwRfs6pOwjNFK3hRvOO4yRoPnCkIfsiBlWaPs6anm5PQEOEXQMQSPntg3k/LAQAFyE6pdP5/EW0I4d17c4l6sXSZddC2/vlIa6JJU2gECm1uWm9RjmBeBuhic9lzF9icJ9IJSj3hgYUsC7jpofaGC94p89oO7klsudvnmacucLoTvNk4WmHHZW/+xXlcmglZeD9u0d7BeYDIPIjX3brtr31VFidKgFTjpfRRZ9IjuK2QGY6s3ZDCe6qLG4hDX6iIfxhwXxidmwg3GjdrNxAejQefQ0f/BDQCc0Azbf/QkhCI6PFflrmlLNjPCzSdHM+m+L87ci2+w2E743OKt+tqIkJ3hLiMU9U= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR12MB6309.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(53546011)(6486002)(5660300002)(186003)(38100700002)(2906002)(508600001)(6666004)(31696002)(8936002)(4326008)(2616005)(66476007)(66556008)(66946007)(8676002)(19627235002)(6636002)(36756003)(6512007)(31686004)(316002)(26005)(6506007)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cmRac0ZXM0pKRW81M3lWenFtV0toUnY5ckZmY210aTh3NnVRT1gxWFpiUjdX?= =?utf-8?B?aGRUbEhqc0U5dTA2MTdYcUZGYytJNi9tODNBTjRUVjIrWlU4VnNCTEUzTW95?= =?utf-8?B?TmllR0ROYnAyQWdWd2ltY1BsMzdEaFdTbDBVb05MdFYrd3A1bVpMOVdtRUt3?= =?utf-8?B?MnhONE9WMHRYZHBDNmZNUjM2VmF2UUNoR0d4cUVZOTJ0MmFIMm9hdnUxNGY1?= =?utf-8?B?dTBIZVRqQVBmcTgzT2Q5eUFmM2Z0VzcvWVdQM29WcWhFOTNjS0FCMXZscVoz?= =?utf-8?B?Q0VaTk5aKzR6a2ppSjZKSFF6ZGdsYnJGbDhYMnQzdmYyZVk3c0hXSXZzbUoy?= =?utf-8?B?dzg4TGE2S3FNdHZOcUxIV1hXY281SG8rY29PVlBranovQ3lDV0ZBa1hTeDZj?= =?utf-8?B?eVhibjJDNkRhVEU5Y0gyL3FQQVBqQWhIM2ZiczVDaDVrc1oreElvS0VQNExp?= =?utf-8?B?a3pUNkgwUitIdEVRdVlvazY3ZWZ0QjQ4K29XZy9nMGpzZGs0Y3dubEN5MTZC?= =?utf-8?B?UU1OcXRVYkYzdlJGRDdjb0tGY3ZKWGhVNGZMY1lGRGRIdnpkTms1S004WTdT?= =?utf-8?B?cGI0NUlPNys5UmdUL0hKTmFySmJWSUFob0lLWHdxdjFzSHE3MTYzTkVacDZj?= =?utf-8?B?TVM5MTJIbHFHWnE0ZXdEN2ZnVTNtdHhGOVYyckxMeHRHcVZBZGhmS080SlFJ?= =?utf-8?B?WUJ3V1dFYllPWVJVcUJmNEZ1TW9zUDVNVzdrQURCNVZyVUpUdUE2Rk8raGNR?= =?utf-8?B?Ty9Ia1lMa200MmExVGpiVk9XdFpuWkpvdThCcC9Sb3M3S2t3aklGYjd3OGRY?= =?utf-8?B?ZzVZckdLZlFHbjBLUmN6aEl6OWdDd3g2YytETjR6N24xOHIwMG82Z2EyZkJy?= =?utf-8?B?UEdpc04rN2ZBMm9JVXhtUDN3VS9YdHRuTk1BdkM0MDd0amxOdGk1V3BTTE9D?= =?utf-8?B?UldOdlRQTnhlTXI2VXFVT1NSNk1DSXpoaVNZd2svMkZNV2NHczRLcStrUFZ1?= =?utf-8?B?UWJVdFJNeFh2QlBDakJNc2lIY2JmQXRSM29TOHBERE1ZQ2NDOThiYWg3OVFM?= =?utf-8?B?bUlqU1VCS2F4Y3dkWEh4L0c4dWV5ci9haHlCcys2SXJBVkxEVm1IM3R2WUht?= =?utf-8?B?RGZabWg4bFZZQmlZK3RPbHlGL3FjRXZDNWZVcGdHZzY4STY3SFMyQ09oNzRK?= =?utf-8?B?clNTZXVaWEkxb3ZRU2pVQ3o4SENYT1oxcjZiVXh4bVA1SEVJTHFLeTQ4WXVX?= =?utf-8?B?alNVMzY5em5LQlM1MDRpcENmU0ZaMmgyVGtzazVIY1dXV2FiQVJxeXJBcnlt?= =?utf-8?B?d0czVzFKa2xYVExkOWRoMnVIM3ltY0dtQkR6d2hSVjJWZFc2MTkrSHAyNVh6?= =?utf-8?B?dVpseXc4WWRJK2Zpb2dpT2ZITHMzdVlEdU1YV0o5aUxKQllGaVJhbWxHalA2?= =?utf-8?B?elBHZzNaQWo4V3ZVYzR5bmZnUk1mVEJmZ2lVRm90eTNJNS9HYUZnUGRiYkRJ?= =?utf-8?B?QkV2R00welVJb2VJQlBiS1N5cXljUElDMnVJN3U4VnRrYk9WTzk3L0w1a2Z2?= =?utf-8?B?QlN4OTU1dnNDeFRMYmVJQUlQSVRMb3BlYVdSL0V1Sk90KzNObE4ycFVaQTFs?= =?utf-8?B?TE05YUsySHg2MVIveFViR1VaQ0haNTJianIvWmhYV214TFVuVzYwTk0vTGJX?= =?utf-8?B?aU5Ybk4wRnh0eXJ4L0Z4M0JDeTdjWVdtUFI3Tmk2OVZ3TVJvTVcraGcyU1hN?= =?utf-8?B?ajd2aWRHWnkxNEVueUxJVXNuMVhoekVBZFVPLzZibUpGRHFucjN3N0xxN1hi?= =?utf-8?B?VWYzNGVrMUpheFpwVmI2K3BVbHFMdUo1TnJ5and3M1ZaVjFBeUowcFJzWnZa?= =?utf-8?B?ZVNtZ0lHNzdTOEQzMmovc0ZMZHpuWlJhM2lpWjlOM3B2T1dMODV2TmhTNktQ?= =?utf-8?B?aUZubGJIZkhnWHFkUjYyMllTWGZ5aUtUUkV3YllkYWZhbVhmK1N1NllZMmFG?= =?utf-8?B?YXhoZWorMUVnQnNZSzVYcVNJR1RYSE1YU3k3SUVGNi9iOG1WdlhnMzM2aUwy?= =?utf-8?B?SklHSXNKWi9pcjkvYUhTcitya2JMVTBCLzl6VlRmZ1VidkNjbk1zNmxYUjZP?= =?utf-8?B?SEd5VE5sZ0lQTUQrSnRUbmVlYXByS0cvc0JnMVAzMjNybFFXT2FCUGNETC9F?= =?utf-8?B?SmNpdVdQS2RGaDhVSGttc1d5Q09yVTdDVG5Rb0hmVEVzSmtGdy93UFlpZExX?= =?utf-8?B?ODg5OWFEU2N2bUFOVlVISE9DbWR2SDlRNklsTmN0YkFPZ0daTDhCVDNjNGxn?= =?utf-8?B?OHRkeTBOMzhMR1RJakJKTElic2RpaVJDQVkzOGViZ1E3alMrcW1NQT09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 81122506-5f62-4ed2-7aec-08da43183d9b X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB6309.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2022 15:14:22.3377 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3ftBQ4OZFVl54aE2alBCRzF90EJvsbOwroTZotxottYAf6Nw4+DminhZGJ3V1Ge16yby/IPCahUlSrtwztMHgA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4209 Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi Ashish, On 8/19/2021 7:36 PM, Ashish Kalra via groups.io wrote: > From: Ashish Kalra > > Mark the SEC GHCB page (that is mapped as unencrypted in > ResetVector code) in the hypervisor's guest page encryption > state tracking. > > Cc: Jordan Justen > Cc: Ard Biesheuvel > Signed-off-by: Ashish Kalra > --- > OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index a8bf610022..1d38056ec0 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -52,6 +52,17 @@ AmdSevEsInitialize ( > PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); > ASSERT_RETURN_ERROR (PcdStatus); > > + // > + // The SEC Ghcb setup during reset-vector needs to be marked as > + // decrypted in the hypervisor's guest page encryption state > + // tracking. > + // > + SetMemoryEncDecHypercall3 ( > + FixedPcdGet32 (PcdOvmfSecGhcbBase), > + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), > + FALSE > + ); PcdOvmfSecGhcbSize is set to 2 pages (8192 bytes). AFAIU, only first page needs to be change to shared, second page should be kept private. > // > // Allocate GHCB and per-CPU variable pages. > // Since the pages must survive across the UEFI to OS transition > Regards Nikunj