From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.63]) by mx.groups.io with SMTP id smtpd.web09.69913.1629382002223552514 for ; Thu, 19 Aug 2021 07:06:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=QCvojiB2; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.63, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A0MEpymO6tY2vz2JiU0cBg+cX+M/teHoqxAvrrsL0b0T/mC8cXr9K9gsN5yIDi5N6UI/Wi6eMWl/De6Pcf5aybqr+eUS1tBm7fOqWoGvxV2gpDf0U8t4Y5omC0TpyjBs7JQWpIsYxS2QKNl0e+vh0gCBYJqNbLd6rPGBtV3kTTVJs5+BEafjIqJURECyUMcU/EC2iMRo3iNTR8v8eay3l05vWVhPkpnBOWv0tr08m1LkaTb/PXrmQSAe2TVHpj6akUAVXqN/gmBBh2NtaK1Rqs/5YwENJqOUX51RHMkrwiJfeoN7/ybLJUSgnpdhFpOUQmBeCj5RZtutV18/OYSV4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ji4uj16QQKOjojz2gXpfZP1QxnigEd7HIVF7Inqfs1s=; b=Pnt3OtIWBdb61o4Jx+GBoNA7f76k8lhU0JmfPEW3NBNfkzIdlv8n1pYU6kitt5Yr/0HjvOHb8MXYGLqPe70QLyg5w30acR8aVXKgSoRqMnGnjzMJXli6pymb5qaD5JFWOo1pbwI8SapubP/25f0FOlPG3IRknzwfmaEsEeRgB6wF9wg3bw0PDoqK8LC3AKb/WwORDrkts1aMditDSKV7jHG5X1NL/WPVYha7W8+6yOvoSZqIJ2oD67jsDUOBUR4gZhurysDN+WdYYTbJeQ3FuV0jbEZdzs9q7oGJ7cZgNuqTcjHhU+rMf5IIktBLyQ2uo12NVTqQvhzs/3GuXGjJEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ji4uj16QQKOjojz2gXpfZP1QxnigEd7HIVF7Inqfs1s=; b=QCvojiB2S2y+mDuEQ9nnSm8BOv0piZ7N4ljL2jH8CG+7MBmJtjOjmS0E4kHj2UrlHVwa62/rAAX8SUwAOSV6z67YsIA4T5lDugBsmZqDqHe6dAp8BX5l49AVcga6DOytDvPZCBJ4Q9EYzwYQeTLJQHvxhx9rk45Exarxw24bY3E= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Thu, 19 Aug 2021 14:06:39 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4415.024; Thu, 19 Aug 2021 14:06:38 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [PATCH v7 6/6] OvmfPkg/AmdSevDxe: Add support for SEV live migration. Date: Thu, 19 Aug 2021 14:06:28 +0000 Message-Id: <61cbdcc75681f79b56687d6a048cef795b5a10e5.1629380011.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN6PR01CA0002.prod.exchangelabs.com (2603:10b6:805:b6::15) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR01CA0002.prod.exchangelabs.com (2603:10b6:805:b6::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Thu, 19 Aug 2021 14:06:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 606bfab8-9d27-4228-fc4a-08d9631a901a X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jQLVV7w9A4nH/jNekm1KsEwBzYIK8Q26gSGtSa2kkUZSUuakVxPGufrxzNCHkEzVbWz7tMVuQ8arBlGdpCVurQe8lcQnE/s116D+zuKaNanGRZDWOH8IuMWknC/t/Vr4et8Dvf3YxQV/RcS+QHMbnxEXkVDVIukSEWx9ZsyokHr4dJix9c3Xg8/XPqjMVQwz67YLdctlJXQVKJYdixLYPUHWC93m5tBY1OWG8Xee18NlA3wK5aAQ6mRC4k7VgKQQlJ3kQqOkK8D4EbFwTxz1D7kClIkIJxfBro0a991Se+oNvmtvcvKpFLcQE752da4r+EjybfdkCrGQjQxf36UkglcFfVz5bD3TfMPM3uJWWnjKzpo8rUhr0CBuRgs0foHN3ZC1tjbfIWo1Sou9Rlv6Kn3+Mob3VIBjYEMGonSkD35XLCzU1FES0EOQeo39bQjLH/Zv2sdpp+68lNJljZ64UxFBCA0qnxLFmpWLGatxolky8DlQKoceaZtGxfoNEFbD3Id9YbwtSi7hJKJwwWZH0xzdnKVLpvr5ihl9KNHIUGOCS8LVB8laKOEONqQbV3vLNfTCB9VRQ4k0TtnFHdQAfr7ZfCEro8U3WpQLTQXzx37IyFti4aB9SjcjvXHhcufEcfShMkdKOmxFiLqOhYWhNlLARHp5Azf2zAQqcaBaRXEoFHHQzPiFq1tmdKwCrQwNCfRVM+3+6wVWS3gMPN237g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(366004)(376002)(346002)(7696005)(66476007)(36756003)(956004)(6666004)(38350700002)(5660300002)(66946007)(52116002)(6486002)(2906002)(83380400001)(8936002)(316002)(186003)(66556008)(4326008)(86362001)(26005)(38100700002)(478600001)(8676002)(6916009)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?vpTIjJjIS30TPErok2uBnvV/z+S+t2p9nafwk7Kv9YuTwCFuctQtKtqysM8y?= =?us-ascii?Q?iluNm89IyyR9jxFX4WMaYbxul9+ihgxa8Savh4HB0SsXpOX0tr5eaIycfIrc?= =?us-ascii?Q?qBhwG5UkAmGZUlzY4arlcWMqp8ZL5Sp0bJIEnOrnS7SN4khTasWl4JYkguXg?= =?us-ascii?Q?IIEnR/xLc73F1av/RkEWYRYDDrYURIg1mPh0ZgBkjGMe2iyaDMEUqM7lCkNA?= =?us-ascii?Q?C3UI7B65q5Heq+HU7YKgJUWAO6heHe6iV2HQWl69hLU/MFYh0N3Q7xnvPT6S?= =?us-ascii?Q?e1w/qQsNczwmQ6ccELON+LXRMjkvC+GKeVwUXV9MnB7/IIiCC10x7eJuJ4un?= =?us-ascii?Q?jsBkwlkGECF6OXgsZai5z02Nc0saaZBrPVZUH6bBViH+1ixrETN/JQ5lcnW1?= =?us-ascii?Q?ub443Juxqna/nRbXYh29r3kEmr+ng6X3b7xoA+jd010YXP3Pmh7hbgtrm9xo?= =?us-ascii?Q?GrgM0WNFj73Anl0dIAttGav6gMqg/DTfQpB+t201BLmcQeph+7jb2ceHrO0B?= =?us-ascii?Q?qsMnHSlGeHsXwAVcyqSZ3LvLBUGQv0mPBnbev+4qcL/OX5ADHmLF3viDHwU3?= =?us-ascii?Q?4q7fQJ4YiyNOUh+J1jR4Wepm7eh7HhEjqsFi4bLhZvH1i8cXxHU4gHj2pBrB?= =?us-ascii?Q?o3e6QUcmvzT/4LlaqdUUGfQ8aGywTNwF9DoiuU1KA0MG96WXFUlgFVAPDH9i?= =?us-ascii?Q?b7UvBAxOFW83E9u7xzkxoheCTqwqZQgRzErHBN/FoXOTzbj6PTxseW8kNzmM?= =?us-ascii?Q?P4nKgqgoYeNOIJ4+aipNvA5XAqvCfsTbY0zvZHku79nZ8VfMWksW2mzvlJa4?= =?us-ascii?Q?uNl2LB+XgZkR7h8OH1zR3BaejCDCv2FAkQcqQXPjwOX4HBGSDi+rLq3dlejV?= =?us-ascii?Q?IICLU8kpZiI6kzQ0wHxAksfaYf28qFjidz1nXj1KXuFNw+qfLhR5yPgth2vo?= =?us-ascii?Q?dK+hirFsWBkTW29ZSF9HVTxL7MmBzuaXSs5HE3TX+HFNOCW5FN0FvF4ctqBE?= =?us-ascii?Q?5JXHF9IVKWjgcA/aToojf7qbjqovTKClIcAaUSr5xB6BsZXk5CNCvInXKciK?= =?us-ascii?Q?sk8ZwHXedKcpYH/F40g5xToHxBhNi4AGY4j43JUke5LxlwF5kiKZaGwUoa8r?= =?us-ascii?Q?gKJAHOzJmFuOW7OUck4uzX48Ea2LvDxyxJBot+8hA+HpLI32yoF/pgGViLfG?= =?us-ascii?Q?fKVStgNjXgzo1Vy+HCYdwZNG7I+ykIM0An+UNQWJ40q1sCKWkWwac0yp3IEy?= =?us-ascii?Q?RR6SJvyaKrOkecXvTrxiGYVF/roYf/B/fTIwZGFiS5vwM6afdTSAu6WnDIpu?= =?us-ascii?Q?bsGX6zNYNMt6NNO8OwK143nS?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 606bfab8-9d27-4228-fc4a-08d9631a901a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2021 14:06:38.8812 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Htpww6YQ+TYeccwj9D4FkF7vJmrXe6nxY1jvurojnxtscFs8ZGc4qQOqs+bNB108OvHwgr6fzkz3ojmht0z+Lw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Content-Type: text/plain From: Ashish Kalra Check for SEV live migration feature support, if detected setup a new UEFI enviroment variable to indicate OVMF support for SEV live migration. This environment variable is created by UEFI but consumed by the (guest) linux kernel. This is actually part of a 3-way negotiation of the live migration feature between hypervisor, guest OVMF and guest kernel. Host indicates support for live migration, which is detected by OVMF and correspondingly OVMF sets this SetLiveMigrationEnabled UEFI variable, which is read by the guest kernel and it indicates to the guest kernel that both host and OVMF support and have enabled the live migration feature. The new runtime UEFI environment variable is set via the notification function registered for the EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. AmdSevDxe module is an apriori driver so it gets loaded between PEI and DXE phases and the SetVariable call will fail at the driver's entry point as the Variable DXE module is still not loaded yet. So we need to wait for an event notification which is signaled after the Variable DXE module is loaded, hence, using the EndOfDxe event notification to make this call. Signed-off-by: Ashish Kalra --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 64 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h | 20 ++++++ OvmfPkg/OvmfPkg.dec | 1 + 4 files changed, 89 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index c66c4e9b92..c4d28985bf 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -15,10 +15,47 @@ #include #include #include +#include +#include #include #include +#include +#include #include +STATIC +VOID +EFIAPI +AmdSevDxeOnEndOfDxe ( + IN EFI_EVENT Event, + IN VOID *EventToSignal + ) +{ + EFI_STATUS Status; + BOOLEAN SevLiveMigrationEnabled; + + SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled(); + + if (SevLiveMigrationEnabled) { + Status = gRT->SetVariable ( + L"SevLiveMigrationEnabled", + &gAmdSevMemEncryptGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof SevLiveMigrationEnabled, + &SevLiveMigrationEnabled + ); + + DEBUG (( + DEBUG_INFO, + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", + __FUNCTION__, + Status + )); + } +} + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -30,6 +67,7 @@ AmdSevDxeEntryPoint ( EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; UINTN NumEntries; UINTN Index; + EFI_EVENT Event; // // Do nothing when SEV is not enabled @@ -130,5 +168,31 @@ AmdSevDxeEntryPoint ( } } + // + // AmdSevDxe module is an apriori driver so it gets loaded between PEI + // and DXE phases and the SetVariable call will fail at the driver's + // entry point as the Variable DXE module is still not loaded yet. + // So we need to wait for an event notification which is signaled + // after the Variable DXE module is loaded, hence, using the + // EndOfDxe event notification to make this call. + // + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. + // The notification function sets the runtime variable indicating OVMF + // support for SEV live migration. + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + AmdSevDxeOnEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &Event + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: CreateEventEx(): %r\n", + __FUNCTION__, Status)); + } + return EFI_SUCCESS; } diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 0676fcc5b6..2ad1fb8632 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -45,3 +45,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + +[Guids] + gAmdSevMemEncryptGuid + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event diff --git a/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h b/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h new file mode 100644 index 0000000000..1c948fbcdd --- /dev/null +++ b/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h @@ -0,0 +1,20 @@ +/** @file + + AMD Memory Encryption GUID, define a new GUID for defining + new UEFI environment variables assocaiated with SEV Memory Encryption. + + Copyright (c) 2021, AMD Inc. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __AMD_SEV_MEMENCRYPT_LIB_H__ +#define __AMD_SEV_MEMENCRYPT_LIB_H__ + +#define AMD_SEV_MEMENCRYPT_GUID \ +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} + +extern EFI_GUID gAmdSevMemEncryptGuid; + +#endif diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 8fb6f257e8..35d6362a4d 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -124,6 +124,7 @@ gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gAmdSevMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} [Ppis] # PPI whose presence in the PPI database signals that the TPM base address -- 2.17.1