From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web10.1375.1585071733754485428 for ; Tue, 24 Mar 2020 10:42:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=31W5aVQ/; spf=none, err=SPF record not found (domain: amd.com, ip: , mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fiJqjxKrNLV1NUulxGrjBcHbDrcbAaeiP/g26WXXCYBfPlXQJAQu/fSMBYiIz8uQDsn302ow1qEZhjZBTuVsPLXe7yq5t80wKVyMUqmkSxOHj8MHPS0HrPcfpGXdeR7XjbxUohT7/nEn4cgVlL92qwCXmeL1BNzbYViS0RjWPBQ04rGsvnBi5nOoOCv70aBenUOnsKzKvdMnPoZ9CPJ/qs1WPICMba7kKHJi3vrFzQVwViV9Pdh02AnUlvaGdjEfYK8R2sQWygYeBh0EycMz9CseyKdmOD83tuwMo5/yuBgkdB5oOQXNJWDHjVy4dQwyU4gtzJCaNjLjsmbywxH67w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EkP9TjVYBJEc58gVbhwHfBvnoKLOH2MXsxOpTk0gXP0=; b=EOPUhiknD4jwWITbEVopfgu2uDYEsTTVr4IsFU1SZ/SJ5poOT5WAXVkBBe79s5RtbqdIphcjbXPkgN4hkbEH/ZmFMfopZfF5Xo2wQWFUasBuU1O75LMTMku/cRvCGmcUrQC1hukzajI+XguByyWPxUU4efha2x+EeicmwUBsNWjXIhiD/H/DnVLWOKppCn7aO2SP2/NwlFDjpEEbUwQtGitYIlfcNAvZUCm7W63dYV8lGVfI6Uu7rTu1zo9U/Nl1v+2vNZ60X1kz00bceqJ47mcFlYfrYc3iqxg5yDoidrAGRCWv6tLiowm4MHQnBuT09nQnWRqnFFJDubxHnVMc+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EkP9TjVYBJEc58gVbhwHfBvnoKLOH2MXsxOpTk0gXP0=; b=31W5aVQ/opEWrCwoJh6y0NL+tUQCz6Zte+j+VGMOBKZt7oOUm+N20nPXUuq67p4dcGgKoOYquLl4N2kWpJ6wcdzxjgQ/x8bFJkKM1kBVSPsNFJeUch9CkQ8ZieN/bGWqvzzHBlhQkU6hdowIy/WR/ozewGRE/M4qrL3xQ+r0dqY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) by DM6PR12MB4027.namprd12.prod.outlook.com (2603:10b6:5:148::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.20; Tue, 24 Mar 2020 17:42:10 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::f0f9:a88f:f840:2733]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::f0f9:a88f:f840:2733%7]) with mapi id 15.20.2835.023; Tue, 24 Mar 2020 17:42:10 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh Subject: [PATCH v6 34/42] OvmfPkg/Sec: Add #VC exception handling for Sec phase Date: Tue, 24 Mar 2020 12:40:48 -0500 Message-Id: <661ec5ed4b47d6bf6a4b609ba0fde53f878c9675.1585071656.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM5PR06CA0025.namprd06.prod.outlook.com (2603:10b6:3:5d::11) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR06CA0025.namprd06.prod.outlook.com (2603:10b6:3:5d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.19 via Frontend Transport; Tue, 24 Mar 2020 17:41:41 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 04827b66-b2b0-41fd-25c8-08d7d01a9d50 X-MS-TrafficTypeDiagnostic: DM6PR12MB4027:|DM6PR12MB4027: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 03524FBD26 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(366004)(376002)(396003)(346002)(136003)(39860400002)(2906002)(956004)(2616005)(5660300002)(8676002)(6916009)(8936002)(966005)(81156014)(478600001)(81166006)(316002)(36756003)(86362001)(54906003)(52116002)(186003)(6486002)(16526019)(66556008)(66946007)(4326008)(26005)(66476007)(7696005)(136400200001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB4027;H:DM6PR12MB3163.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LQaZVwBfKPaoYa14kswBY+ky0P56NIqkgREDChiK/Gr5NIzKNwDk3oc+cC6E74GGrjaO4sAJoS1nHwNnrTLXwSJqpYlCew82ShXxCrGZHT5TX/ioeVt27bmzqn7tY5+WWJESe8jt6F0EI0TOvgns29JbOiudIA0q3FPC5GhffyjC2PchrTmq0EFVpecFcbPCZmK2LCRuJ+pclWdvk6rUyDv1KAtpmIZut36XSqgsBWhSwMFOcjtV1b9uJOJMjhp9XWETGP5tiKR3Jnhr4DlNBUCSohgUnCpYzOxqkUItrc0KJdBu+7WN1rNT/+D40aR0v9qdI6wmLZZ0ODBw6VpeEr9mhbqm8mlSM+oLfdDz1vHBOTzzxLxt0TZKFUGEeKqbN+32f6aI5PKEMjD4OD9VQ85g9ww7SUM7jeCnceuG0gPs7j0zFn5MbnB6o7WJ4oFpXjL9DwErAfS/it280mNjWt/TSqH6WnMRG3LytoljcmnBMCw445xldluIgLbdnGSkbKGQrIQ/xm3WdgppVzp2d1fWdl1Ob1HZQUm/B/s2K1L0320u4ECh88XCMK0zcppzQhRjqRODJfCSMAiGvzLVvw== X-MS-Exchange-AntiSpam-MessageData: IHn9vOMsGukwmYJgjyI4H+ClUvC8Rk0ZwH5Set1qi1Dc4ioL2IUU+Jn3ifmh5Vg7MGbuTq1UWtPxHf0RzsEzOu76DDCaCctcyfzen8lpCEiE7+U3FAr1oUm/96TyMQFUVjf7ikBZLKn0FRD9YgVBYQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 04827b66-b2b0-41fd-25c8-08d7d01a9d50 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2020 17:41:42.4886 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WTTCAKRCegjEPIOrwHdD3g19WQDQTFZigWscDZwH1PWYPQhsdRE4pdQSsageISGDWt+mCqakSm18K73Gc6me/g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4027 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 An SEV-ES guest will generate a #VC exception when it encounters a non-automatic exit (NAE) event. It is expected that the #VC exception handler will communicate with the hypervisor using the GHCB to handle the NAE event. NAE events can occur during the Sec phase, so initialize exception handling early in the OVMF Sec support. Before establishing the exception handling, validate that the supported version of the SEV-ES protocol in OVMF is supported by the hypervisor. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky --- OvmfPkg/Sec/SecMain.inf | 4 ++ OvmfPkg/Sec/SecMain.c | 153 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 144 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 63ba4cb555fb..7f78dcee2772 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -50,15 +50,19 @@ [LibraryClasses] PeCoffExtraActionLib ExtractGuidedSectionLib LocalApicLib + CpuExceptionHandlerLib [Ppis] gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED [Pcd] + gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index bae9764577f0..1dd185aabc8a 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -24,6 +24,9 @@ #include #include #include +#include +#include +#include #include @@ -34,6 +37,10 @@ typedef struct _SEC_IDT_TABLE { IA32_IDT_GATE_DESCRIPTOR IdtTable[SEC_IDT_ENTRY_COUNT]; } SEC_IDT_TABLE; +typedef struct _SEC_SEV_ES_WORK_AREA { + UINT8 SevEsEnabled; +} SEC_SEV_ES_WORK_AREA; + VOID EFIAPI SecStartupPhase2 ( @@ -712,6 +719,92 @@ FindAndReportEntryPoints ( return; } +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress = 0; + Msr.GhcbTerminate.Function = GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode = ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +STATIC +VOID +SevEsProtocolCheck ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + + // + // Use the GHCB MSR Protocol to obtain the GHCB SEV-ES Information for + // protocol checking + // + Msr.GhcbPhysicalAddress = 0; + Msr.GhcbInfo.Function = GHCB_INFO_SEV_INFO_GET; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB); + + if (Msr.GhcbInfo.Function != GHCB_INFO_SEV_INFO) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + if (Msr.GhcbProtocol.SevEsProtocolMin > Msr.GhcbProtocol.SevEsProtocolMax) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); + } + + if ((Msr.GhcbProtocol.SevEsProtocolMin > GHCB_VERSION_MAX) || + (Msr.GhcbProtocol.SevEsProtocolMax < GHCB_VERSION_MIN)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); + } + + // + // SEV-ES protocol checking succeeded, set the initial GHCB address + // + Msr.GhcbPhysicalAddress = FixedPcdGet32 (PcdOvmfSecGhcbBase); + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + Ghcb = Msr.Ghcb; + SetMem (Ghcb, sizeof (*Ghcb), 0); + + // + // Set the version to the maximum that can be supported + // + Ghcb->ProtocolVersion = MIN (Msr.GhcbProtocol.SevEsProtocolMax, GHCB_VERSION_MAX); + Ghcb->GhcbUsage = GHCB_STANDARD_USAGE; +} + +STATIC +BOOLEAN +SevEsIsEnabled ( + VOID + ) +{ + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + + SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); + + return ((SevEsWorkArea != NULL) && (SevEsWorkArea->SevEsEnabled != 0)); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -737,8 +830,55 @@ SecCoreStartupWithStack ( Table[Index] = 0; } + // + // Initialize IDT - Since this is before library constructors are called, + // we use a loop rather than CopyMem. + // + IdtTableInStack.PeiService = NULL; + for (Index = 0; Index < SEC_IDT_ENTRY_COUNT; Index ++) { + UINT8 *Src, *Dst; + UINTN Byte; + + Src = (UINT8 *) &mIdtEntryTemplate; + Dst = (UINT8 *) &IdtTableInStack.IdtTable[Index]; + for (Byte = 0; Byte < sizeof (mIdtEntryTemplate); Byte++) { + Dst[Byte] = Src[Byte]; + } + } + + IdtDescriptor.Base = (UINTN)&IdtTableInStack.IdtTable; + IdtDescriptor.Limit = (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); + + if (SevEsIsEnabled ()) { + SevEsProtocolCheck (); + + // + // For SEV-ES guests, the exception handler is needed before calling + // ProcessLibraryConstructorList() because some of the library constructors + // perform some functions that result in #VC exceptions being generated. + // + // Due to this code executing before library constructors, *all* library + // API calls are theoretically interface contract violations. However, + // because this is SEC (executing in flash), those constructors cannot + // write variables with static storage duration anyway. Furthermore, only + // a small, restricted set of APIs, such as AsmWriteIdtr() and + // InitializeCpuExceptionHandlers(), are called, where we require that the + // underlying library not require constructors to have been invoked and + // that the library instance not trigger any #VC exceptions. + // + AsmWriteIdtr (&IdtDescriptor); + InitializeCpuExceptionHandlers (NULL); + } + ProcessLibraryConstructorList (NULL, NULL); + if (!SevEsIsEnabled ()) { + // + // For non SEV-ES guests, just load the IDTR. + // + AsmWriteIdtr (&IdtDescriptor); + } + DEBUG ((EFI_D_INFO, "SecCoreStartupWithStack(0x%x, 0x%x)\n", (UINT32)(UINTN)BootFv, @@ -751,19 +891,6 @@ SecCoreStartupWithStack ( // InitializeFloatingPointUnits (); - // - // Initialize IDT - // - IdtTableInStack.PeiService = NULL; - for (Index = 0; Index < SEC_IDT_ENTRY_COUNT; Index ++) { - CopyMem (&IdtTableInStack.IdtTable[Index], &mIdtEntryTemplate, sizeof (mIdtEntryTemplate)); - } - - IdtDescriptor.Base = (UINTN)&IdtTableInStack.IdtTable; - IdtDescriptor.Limit = (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); - - AsmWriteIdtr (&IdtDescriptor); - #if defined (MDE_CPU_X64) // // ASSERT that the Page Tables were set by the reset vector code to -- 2.17.1