From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from rn-mailsvcp-ppex-lapp15.apple.com (rn-mailsvcp-ppex-lapp15.apple.com [17.179.253.34]) by mx.groups.io with SMTP id smtpd.web11.12855.1619014216433034534 for ; Wed, 21 Apr 2021 07:10:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@apple.com header.s=20180706 header.b=uuhqKd/+; spf=pass (domain: apple.com, ip: 17.179.253.34, mailfrom: afish@apple.com) Received: from pps.filterd (rn-mailsvcp-ppex-lapp15.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp15.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 13LE7hZC015988; Wed, 21 Apr 2021 07:09:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-type : content-transfer-encoding : from : mime-version : subject : date : message-id : references : cc : in-reply-to : to; s=20180706; bh=nOeWaUwR3FBngCtw6fjKOCu2m63etq2s/gw94T5SZLQ=; b=uuhqKd/+b6LyY4KgyzC8TIYY4wgoj+5MXq5Jx09ZukU8XdYI7xJKX+g3CNKs65F92ZDj cjkncIyiRVeyvMFdE5vbWIsFzIDtfVI7CIloRa1/AmBMfncXsMKGiLfSHXPNAhrLbvB/ r++XZ1xY5tfdduqTj1sitvgljAZZZumVY0s9LsOOLDu+UQ8F7L4jKzuN703HgQFBW1qd V2zpFfqlXP8uYSFjjCFRpnOHMXcVqmA2GcVaWOy0bKimPN4L8B64EcFAsus1gD0+Zu7D Yng8093WZrv5gSlX9gJdl3B/7ru10d1aQSZVQycazdKDSLgaAT61FA6ESNZYzn+GTkMV 6w== Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by rn-mailsvcp-ppex-lapp15.rno.apple.com with ESMTP id 37yyj6wjkb-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 21 Apr 2021 07:09:28 -0700 Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QRX00CNE3BR0H90@rn-mailsvcp-mta-lapp01.rno.apple.com>; Wed, 21 Apr 2021 07:09:27 -0700 (PDT) Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QRX00W0035IDB00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Wed, 21 Apr 2021 07:09:27 -0700 (PDT) X-Va-A: X-Va-T-CD: 6408a2b575dc7df9636f1b1d6637a7d2 X-Va-E-CD: ca2682b6c31e4ae53e5ae8b165e051bf X-Va-R-CD: 963ac24531ef478d39e858aa2600e155 X-Va-CD: 0 X-Va-ID: 21a8803a-0ec2-466d-a1f9-6b83786a4e9c X-V-A: X-V-T-CD: 6408a2b575dc7df9636f1b1d6637a7d2 X-V-E-CD: ca2682b6c31e4ae53e5ae8b165e051bf X-V-R-CD: 963ac24531ef478d39e858aa2600e155 X-V-CD: 0 X-V-ID: e4de65c0-011a-4bfe-bf31-07ef928917e2 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-04-21_04:2021-04-21,2021-04-21 signatures=0 Received: from [10.104.61.110] (unknown [10.104.61.110]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QRX00JCZ3BQKO00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Wed, 21 Apr 2021 07:09:27 -0700 (PDT) From: "Andrew Fish" MIME-version: 1.0 (1.0) Subject: Re: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV Date: Wed, 21 Apr 2021 07:09:26 -0700 Message-id: <6A0F5090-96C2-4E16-A4CD-6B5B9B7AE973@apple.com> References: <831dc0af-e5b8-ead1-6ef7-f94aff8df0b5@amd.com> Cc: Tom Lendacky , Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu In-reply-to: <831dc0af-e5b8-ead1-6ef7-f94aff8df0b5@amd.com> To: devel@edk2.groups.io, evantass@amd.com X-Mailer: iPhone Mail (18D70) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-04-21_04:2021-04-21,2021-04-21 signatures=0 Content-type: multipart/alternative; boundary=Apple-Mail-6B75D40F-BFD7-4330-B0AB-5E29741B0E3C Content-transfer-encoding: 7bit --Apple-Mail-6B75D40F-BFD7-4330-B0AB-5E29741B0E3C Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion= /23_boot_sequence > On Apr 20, 2021, at 11:34 PM, Eric van Tassell wrote: >=20 > =EF=BB=BF >=20 >> On 4/20/21 5:54 PM, Tom Lendacky wrote: >> From: Tom Lendacky >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 >> The TPM support in OVMF performs MMIO accesses during the PEI phase. At >=20 > where are the phases defined and how many other are there? >=20 >> this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES >> guest will fail attempting to perform MMIO to an encrypted address. >> Read the PcdTpmBaseAddress and mark the specification defined range >> (0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process >> the MMIO requests. >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Jordan Justen >> Cc: Brijesh Singh >> Cc: James Bottomley >> Cc: Jiewen Yao >> Cc: Min Xu >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/PlatformPei/PlatformPei.inf | 1 + >> OvmfPkg/PlatformPei/AmdSev.c | 19 +++++++++++++++++++ >> 2 files changed, 20 insertions(+) >> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/= PlatformPei.inf >> index 6ef77ba7bb21..de60332e9390 100644 >> --- a/OvmfPkg/PlatformPei/PlatformPei.inf >> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf >> @@ -113,6 +113,7 @@ [Pcd] >> [FixedPcd] >> gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress >> + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress >> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS >> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory >> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType >> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.= c >> index dddffdebda4b..d524929f9e10 100644 >> --- a/OvmfPkg/PlatformPei/AmdSev.c >> +++ b/OvmfPkg/PlatformPei/AmdSev.c >> @@ -141,6 +141,7 @@ AmdSevInitialize ( >> ) >> { >> UINT64 EncryptionMask; >> + UINT64 TpmBaseAddress; >> RETURN_STATUS PcdStatus; >> // >> @@ -206,6 +207,24 @@ AmdSevInitialize ( >> } >> } >> + // >> + // PEI TPM support will perform MMIO accesses, be sure this range is= not >> + // marked encrypted. >> + // >> + TpmBaseAddress =3D PcdGet64 (PcdTpmBaseAddress); >> + if (TpmBaseAddress !=3D 0) { >> + RETURN_STATUS DecryptStatus; >> + >> + DecryptStatus =3D MemEncryptSevClearPageEncMask ( >> + 0, >> + TpmBaseAddress, >> + EFI_SIZE_TO_PAGES (0x5000), >> + FALSE >> + ); >> + >> + ASSERT_RETURN_ERROR (DecryptStatus); >> + } >> + >> // >> // Check and perform SEV-ES initialization if required. >> // >=20 >=20 >=20 >=20 >=20 --Apple-Mail-6B75D40F-BFD7-4330-B0AB-5E29741B0E3C Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable https://= edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot= _sequence


On Apr 20, 2021, at 11:34 PM, Eric van Tassell <evantass= @amd.com> wrote:

=EF=BB=BF

On 4/20/21 5= :54 PM, Tom Lendacky wrote:
From:= Tom Lendacky <thomas.lendacky@amd.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?i= d=3D3345
The TPM sup= port in OVMF performs MMIO accesses during the PEI phase. At

where are the phases defined and how many o= ther are there?

= this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES
guest will fail attempt= ing to perform MMIO to an encrypted address.
Read the PcdTpmBaseAddress and mark the specificat= ion defined range
(0= x5000 in length) as un-encrypted, to allow an SEV-ES guest to process
the MMIO requests.=
Cc: Laszlo Ersek <lerse= k@redhat.com>
Cc:= Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.c= om>
Cc: Brijesh S= ingh <brijesh.singh@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
<= /blockquote>
Cc: Jiewen Yao <jiewen.yao@i= ntel.com>
Cc: Min= Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/PlatformPei/PlatformPei.i= nf |  1 +
&nbs= p;OvmfPkg/PlatformPei/AmdSev.c        | = 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/= OvmfPkg/PlatformPei/PlatformPei.inf
index 6ef77ba7bb21..de60332e9390 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.= inf
+++ b/OvmfPkg/Pl= atformPei/PlatformPei.inf
= @@ -113,6 +113,7 @@ [Pcd]
   [FixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExp= ressBaseAddress
+ &n= bsp;gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress
=
   gEmbeddedTokenSpaceGuid.= PcdMemoryTypeEfiACPIMemoryNVS
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIRe= claimMemory
 &= nbsp; gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType
diff --git a/OvmfPkg/Plat= formPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index dddffdebda4b..d524929f9e10 100644<= br>
--- a/OvmfPkg/PlatformPei/A= mdSev.c
+++ b/OvmfPk= g/PlatformPei/AmdSev.c
@@ -141,6 +141,7 @@ AmdSevInitialize (
   )
 {
   UINT64       &= nbsp;           &nbs= p;        EncryptionMask;
+  UINT64   &n= bsp;            = ;            Tp= mBaseAddress;
 = ;  RETURN_STATUS         =             Pcd= Status;
  = ;   //
@@ -206,6 +207,24 @@ AmdSevInitialize (
     }
   }
 +  //
+  // PEI TPM support will perform M= MIO accesses, be sure this range is not
+  // marked encrypted.
+  //
+  TpmBaseAddress =3D PcdGet64 (PcdTpmBaseAddress)= ;
+  if (TpmBas= eAddress !=3D 0) {
+=    RETURN_STATUS  DecryptStatus;
+
+    DecryptStatus =3D MemEncryptSevClearPa= geEncMask (
+  =             &nb= sp;       0,
+        &nb= sp;            =  TpmBaseAddress,
+             = ;         EFI_SIZE_TO_PAGES (0= x5000),
+  &nbs= p;            &= nbsp;      FALSE
+        &nbs= p;            &= nbsp;);
+
=
+    ASSERT_RET= URN_ERROR (DecryptStatus);
+  }
+
   //=
   = // Check and perform SEV-ES initialization if required.
   //




<= span>
--Apple-Mail-6B75D40F-BFD7-4330-B0AB-5E29741B0E3C--