From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.25407.1634492203336192605 for ; Sun, 17 Oct 2021 10:36:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@ibm.com header.s=pp1 header.b=acPkgPiF; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19HGHpYT023613; Sun, 17 Oct 2021 13:36:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pp1; bh=K6gtTrVB0FIgRb1JYjMW76BLZFIgyfhA7CLKoVSt980=; b=acPkgPiFaqDVw+a8uzwd0QHL5HK+HgEnICUS8Ev4SQvoRXSfPreiL8s4xVs+wrFvHbYi qyVev4lZ6QvdfEkpESUhtoRzbhqLGWzoWc+BwEDLVte1tKy8toLoAnvvRPZbGcwRUkrK tU5uuC4hC1QWWMUD/TZIXWs3Z9PydTI04e2+sT/wQiyNpw4qgwuiUx6a3iegWqokxwFb j/47Pfk0EOrj5scATBF1zYK8MVGBJHH1a5xBHj3r0aLbM9+m2FOQIve9YiTSObqNERKv QSWJ/yij6iOBtFAegxJXQow5ywyClRckKkqeJygYnwbDVoazeAF2vXrSZJ0jvLK8z8DR bw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3brq7s8wf9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 17 Oct 2021 13:36:40 -0400 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19HHaedM030974; Sun, 17 Oct 2021 13:36:40 -0400 Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com with ESMTP id 3brq7s8wf2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 17 Oct 2021 13:36:39 -0400 Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19HHY780014734; Sun, 17 Oct 2021 17:36:39 GMT Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma04wdc.us.ibm.com with ESMTP id 3bqpc9rkw1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 17 Oct 2021 17:36:39 +0000 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 19HHabOg25100754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 17 Oct 2021 17:36:37 GMT Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BF60A136059; Sun, 17 Oct 2021 17:36:37 +0000 (GMT) Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DCACA136051; Sun, 17 Oct 2021 17:36:34 +0000 (GMT) Received: from [9.65.213.166] (unknown [9.65.213.166]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Sun, 17 Oct 2021 17:36:34 +0000 (GMT) Message-ID: <625f7620-da6b-deea-1d27-3fcf83c8ef3e@linux.ibm.com> Date: Sun, 17 Oct 2021 20:36:33 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD To: Brijesh Singh , devel@edk2.groups.io Cc: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Tobin Feldman-Fitzthum , Dov Murik References: <20211014181711.784074-1-brijesh.singh@amd.com> <20211014181711.784074-3-brijesh.singh@amd.com> <02cc952f-6170-fb28-a1b1-a3b62b43e5c4@linux.ibm.com> <9e3d48cf-84c8-5df6-b230-46687ae44b84@amd.com> From: "Dov Murik" In-Reply-To: <9e3d48cf-84c8-5df6-b230-46687ae44b84@amd.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: vIvBKJFEZtLDthcTgX9GoYlxfXvynDJ7 X-Proofpoint-ORIG-GUID: RqUSHNi2NKP0ttmUrMgI6PEaf_PeNJWF X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-17_05,2021-10-14_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxlogscore=999 priorityscore=1501 adultscore=0 lowpriorityscore=0 suspectscore=0 mlxscore=0 bulkscore=0 phishscore=0 malwarescore=0 spamscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110170118 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-001b2d01.pphosted.com id 19HGHpYT023613 Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 17/10/2021 1:32, Brijesh Singh wrote: >=20 > On 10/16/21 1:38 PM, Dov Murik wrote: >> [+Tobin] >> >> >> On 14/10/2021 21:17, Brijesh Singh wrote: >>> The commit 80e67af9afca added support for the generic work area conce= pt >>> used mainly by the encrypted VMs but missed update the AmdSev package. >>> >>> Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area") >> Thanks Brijesh. >> >> The fix does allow me to launch SEV-ES guests, which is good news. >> However, the guest's measurement has changed, so I wonder what this >> change causes. >> >> The details: >> >> I tested 3 commits (always building the AmdSevX64 target): >> >> 1. commit 7b4a99be8a39 - edk2-stable202108 >> >> I successfully launch SEV and SEV-ES guests and my measurement check >> script verifies the digest correctly (including the "measured linux >> boot" hashes table added by QEMU). >> >> 2. commit f10a112f08f3 - master (Oct 14) >> >> I successfully launch SEV guests, but SEV-ES guests crash with "error: >> kvm run failed Invalid argument". The measurement check verifies diges= t >> correctly. >> >> 3. master + this AmdSevX64.fdf patch >> >> I successfully launch SEV guests and measurement calculation is OK. As >> far SEV-ES guests, the measurement check doesn't match what I expect. = If >> I ignore the mismatched measurement and continue the launch, the guest >> runs OK with SEV-ES. >> >> >> So this patch fixes the problem (SEV-ES guest crashes on launch) but >> shows another problem (bad guest measurement). >> >> >> Note that for this test, my measurement calculation script automatical= ly >> takes the OVMF image I'm using to boot the VM. From my reading of the >> QEMU code, the only pieces that should affect the measurement is the >> OVMF image, the hashes table, and the VMSAs for each vcpu. The OVMF >> image is updated on every check, and the rest shouldn't have changed >> between those 3 revisions that I tested. >> >> >> It might be an issue with my measurement checking script which was >> assuming something that has changed with the introduction of the new >> work area, but I can't think of something like that. Note again that >> plain SEV measurement is still working OK. >> > I assume you are including the IP for the APs during your VMSA hash > computation. The IP for the AP is obtained through the SevEsResetGuid > [1]. It points to Fixed(PcdSevEsWorkArea). After we introduced the > generic Ovmf workarea concept the PcdSevEsWorkArea no longer start from > the beginning of the workarea. See the hunk below >=20 > +######################################################################= #################### > +# Set the SEV-ES specific work area PCDs > +# > +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_AD= DRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTo= kenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader > +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTok= enSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfi= dentialComputingWorkAreaHeader > +######################################################################= #################### > + >=20 > [1] > https://github.com/tianocore/edk2/blob/master/OvmfPkg/ResetVector/Ia16/= ResetVectorVtf0.asm#L109 >=20 > Make sure you are using the correct value for the AP IP in your > computation. If you have hard coded AP IP in your script then I would > recommend to update the script to=C2=A0 retrieve the value from the OVM= F_CODE.fd. >=20 > Hope this helps. >=20 Yep, that was indeed the issue. The VMSA for vcpu0 is identical to the previous version, but there was a 4-byte shift in the IP field in VMSA for the AP vcpus. Thanks for your help debugging this. So, FWIW: Reviewed-by: Dov Murik Tested-by: Dov Murik -Dov >> Do you encounter similar issues with VM measurement? >> >> >> -Dov >> >> >> >>> Cc: James Bottomley >>> Cc: Min Xu >>> Cc: Jiewen Yao >>> Cc: Tom Lendacky >>> Cc: Jordan Justen >>> Cc: Ard Biesheuvel >>> Cc: Erdem Aktas >>> Cc: Gerd Hoffmann >>> Reported-by: Dov Murik >>> Signed-off-by: Brijesh Singh >>> --- >>> OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++++- >>> 1 file changed, 8 insertions(+), 1 deletion(-) >>> >>> diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.= fdf >>> index 542722ac6b37..56626098862c 100644 >>> --- a/OvmfPkg/AmdSev/AmdSevX64.fdf >>> +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf >>> @@ -57,7 +57,7 @@ [FD.MEMFD] >>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbSize >>> =20 >>> 0x00B000|0x001000 >>> -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpace= Guid.PcdSevEsWorkAreaSize >>> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfWorkAreaSize >>> =20 >>> 0x00C000|0x000C00 >>> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenS= paceGuid.PcdSevLaunchSecretSize >>> @@ -79,6 +79,13 @@ [FD.MEMFD] >>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfDxeMemFvSize >>> FV =3D DXEFV >>> =20 >>> +####################################################################= ###################### >>> +# Set the SEV-ES specific work area PCDs >>> +# >>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_= ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkg= TokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader >>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgT= okenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCon= fidentialComputingWorkAreaHeader >>> +####################################################################= ###################### >>> + >>> ####################################################################= ############ >>> =20 >>> [FV.SECFV] >>>