* [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
@ 2024-03-08 15:30 Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 01/24] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
` (25 more replies)
0 siblings, 26 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth, Anatol Belski, Anthony Perard,
Corvin Köhne, Gua Guo, Guo Dong, James Lu, Jianyong Wu,
Rebecca Cran, Sean Rhodes
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
confidential VM (CVM) rather than trust such services from the hypervisor.
Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
certain SNP related operations that require that VMPL level. Specifically,
the PVALIDATE instruction and the RMPADJUST instruction when setting the
the VMSA attribute of a page (used when starting APs).
If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
use an SVSM (which is running at VMPL0) to perform the operations that
it is no longer able to perform.
When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
it will be starting. As a result, the GHCB APIC ID retrieval action must
be performed. Since this service can also work with SEV-SNP running at
VMPL0, the patches to make use of this feature are near the beginning of
the series.
How OVMF interacts with and uses the SVSM is documented in the SVSM
specification [1] and the GHCB specification [2].
This support creates a new AmdSvsmLib library that is used by MpInitLib.
The edk2-platforms repo requires updates/patches to add the new library
requirement. To accomodate that, this series could be split between:
patch number 12:
UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
and patch number 13:
UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
The updates to edk2-platforms can be applied at the split.
This series introduces support to run OVMF under an SVSM. It consists
of:
- Retrieving the list of vCPU APIC IDs and starting up all APs without
performing a broadcast SIPI
- Reorganizing the page state change support to not directly use the
GHCB buffer since an SVSM will use the calling area buffer, instead
- Detecting the presence of an SVSM
- When not running at VMPL0, invoking the SVSM for page validation and
VMSA page creation/deletion
- Detecting and allowing OVMF to run in a VMPL other than 0 when an
SVSM is present
The series is based off of commit:
e60529df58e4 ("UefiPayloadPkg: Make Dsc accomodative of other archs")
[1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
[2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
Cc: Anatol Belski <anbelski@linux.microsoft.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Corvin Köhne <corvink@freebsd.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gua Guo <gua.guo@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: James Lu <james.lu@intel.com>
Cc: Jianyong Wu <jianyong.wu@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
---
Changes in v3:
- Renamed CcSvsmLib to a more AMD-specific AmdSvsmLib with corresponding
function name changes
- Moved the GHCB APIC ID list GUID definition from MdePkg to UefiCpuPkg
and change the name from gEfiApicIdsGuid to gGhcbApicIdsGuid
- Separated the OvmfPkg changes for the AmdSvsmLib into two patches:
- First patch adds usage of the AmdSvsmLib NULL library
- Second patch adds the OVMF AmdSvsmLib implementation
- Updated the commit message for the OVMF AmdSvsmLib implementation to
indicate that the base functionality for PVALIDATE and RMPADJUST was
copied from the original locations in prep for converting those sites
to using the library API.
Changes in v2:
- Move the APIC IDs retrieval support to the beginning of the patch series
- Use a GUIDed HOB to hold the APIC ID list instead of a PCD
- Split up Page State Change reorganization into multiple patches
- Created CcSvsmLib library instead of extending CcExitLib
- This will require a corresponding update to edk2-platform DSC files
- Removed Ray Ni's Acked-by since it is not a minor change
- Variable name changes and other misc changes
Tom Lendacky (24):
OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
MdePkg: GHCB APIC ID retrieval support definitions
UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is
present
OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
Change
MdePkg: Avoid hardcoded value for number of Page State Change entries
OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
MdePkg/Register/Amd: Define the SVSM related information
MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
SVSM
UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate
pages
OvmfPkg: Create a calling area used to communicate with the SVSM
OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls
UefiCpuPkg/MpInitLib: AP creation support under an SVSM
Ovmfpkg/CcExitLib: Provide SVSM discovery support
OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
VMPL0
OvmfPkg/OvmfPkg.dec | 4 +
UefiCpuPkg/UefiCpuPkg.dec | 8 +-
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
OvmfPkg/Microvm/MicrovmX64.dsc | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 3 +-
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfXen.dsc | 1 +
UefiCpuPkg/UefiCpuPkg.dsc | 4 +-
UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +-
OvmfPkg/OvmfPkgX64.fdf | 3 +
MdePkg/Library/BaseLib/BaseLib.inf | 2 +
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf | 38 ++
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 3 +-
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 3 +-
OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | 3 +-
OvmfPkg/Library/CcExitLib/CcExitLib.inf | 3 +-
OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 3 +-
OvmfPkg/PlatformPei/PlatformPei.inf | 3 +
OvmfPkg/ResetVector/ResetVector.inf | 2 +
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf | 27 ++
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 2 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 2 +
MdePkg/Include/Library/BaseLib.h | 39 ++
MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +-
MdePkg/Include/Register/Amd/Ghcb.h | 19 +-
MdePkg/Include/Register/Amd/Msr.h | 3 +-
MdePkg/Include/Register/Amd/Svsm.h | 101 ++++
MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++
OvmfPkg/Include/WorkArea.h | 9 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 6 +-
UefiCpuPkg/Include/Guid/GhcbApicIds.h | 17 +
UefiCpuPkg/Include/Library/AmdSvsmLib.h | 101 ++++
UefiCpuPkg/Library/MpInitLib/MpLib.h | 29 +-
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 500 ++++++++++++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 11 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 27 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 22 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 31 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 206 ++++----
OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +-
OvmfPkg/PlatformPei/AmdSev.c | 103 +++-
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c | 108 +++++
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 21 +-
UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 +-
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 134 ++++--
MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++
MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++
OvmfPkg/ResetVector/ResetVector.nasmb | 6 +-
OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 +-
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni | 13 +
55 files changed, 1641 insertions(+), 232 deletions(-)
create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
create mode 100644 UefiCpuPkg/Include/Guid/GhcbApicIds.h
create mode 100644 UefiCpuPkg/Include/Library/AmdSvsmLib.h
create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116525): https://edk2.groups.io/g/devel/message/116525
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 01/24] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
@ 2024-03-08 15:30 ` Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 02/24] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
` (24 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
the return value is checked with EFI_ERROR() when it should just be
compared to 0. Fix the error check.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index 7797febb8ac6..be43a44e4e1d 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -2,7 +2,7 @@
SEV-SNP Page Validation functions.
- Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -31,8 +31,8 @@ SevSnpIsVmpl0 (
VOID
)
{
- UINT64 Rdx;
- EFI_STATUS Status;
+ UINT64 Rdx;
+ UINT32 Status;
//
// There is no straightforward way to query the current VMPL level.
@@ -44,7 +44,7 @@ SevSnpIsVmpl0 (
Rdx = 1;
Status = AsmRmpAdjust ((UINT64)gVmpl0Data, 0, Rdx);
- if (EFI_ERROR (Status)) {
+ if (Status != 0) {
return FALSE;
}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116526): https://edk2.groups.io/g/devel/message/116526
Mute This Topic: https://groups.io/mt/104810674/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 02/24] MdePkg: GHCB APIC ID retrieval support definitions
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 01/24] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
@ 2024-03-08 15:30 ` Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present Lendacky, Thomas via groups.io
` (23 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When an SVSM is present, starting the APs requires knowledge of the APIC
IDs. Create the definitions required to retrieve and hold the APIC ID
information of all the vCPUs present in the guest.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
MdePkg/Include/Register/Amd/Ghcb.h | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/Amd/Ghcb.h
index dab396f3ede8..bd7bf986d03f 100644
--- a/MdePkg/Include/Register/Amd/Ghcb.h
+++ b/MdePkg/Include/Register/Amd/Ghcb.h
@@ -4,7 +4,7 @@
Provides data types allowing an SEV-ES guest to interact with the hypervisor
using the GHCB protocol.
- Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
@@ -56,6 +56,7 @@
#define SVM_EXIT_AP_JUMP_TABLE 0x80000005ULL
#define SVM_EXIT_SNP_PAGE_STATE_CHANGE 0x80000010ULL
#define SVM_EXIT_SNP_AP_CREATION 0x80000013ULL
+#define SVM_EXIT_GET_APIC_IDS 0x80000017ULL
#define SVM_EXIT_HYPERVISOR_FEATURES 0x8000FFFDULL
#define SVM_EXIT_UNSUPPORTED 0x8000FFFFULL
@@ -170,6 +171,7 @@ typedef union {
#define GHCB_HV_FEATURES_SNP_AP_CREATE (GHCB_HV_FEATURES_SNP | BIT1)
#define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION (GHCB_HV_FEATURES_SNP_AP_CREATE | BIT2)
#define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION_TIMER (GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION | BIT3)
+#define GHCB_HV_FEATURES_APIC_ID_LIST BIT4
//
// SNP Page State Change.
@@ -202,6 +204,14 @@ typedef struct {
SNP_PAGE_STATE_ENTRY Entry[SNP_PAGE_STATE_MAX_ENTRY];
} SNP_PAGE_STATE_CHANGE_INFO;
+//
+// Get APIC IDs
+//
+typedef struct {
+ UINT32 NumEntries;
+ UINT32 ApicIds[];
+} GHCB_APIC_IDS;
+
//
// SEV-ES save area mapping structures used for SEV-SNP AP Creation.
// Only the fields required to be set to a non-zero value are defined.
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116527): https://edk2.groups.io/g/devel/message/116527
Mute This Topic: https://groups.io/mt/104810677/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 01/24] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 02/24] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
@ 2024-03-08 15:30 ` Lendacky, Thomas via groups.io
2024-04-03 7:07 ` Ni, Ray
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 04/24] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
` (22 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, the first time an AP is started for an SEV-SNP guest, it relies
on the VMSA as set by the hypervisor. If the list of APIC IDs has been
retrieved, this is not necessary. The list of APIC IDs will be identified
by a GUIDed HOB. If the GUIDed HOB is present, use the SEV-SNP AP Create
protocol to start the AP for the first time and each time thereafter.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiCpuPkg/UefiCpuPkg.dec | 5 +-
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 +
UefiCpuPkg/Include/Guid/GhcbApicIds.h | 17 +++++
UefiCpuPkg/Library/MpInitLib/MpLib.h | 15 +++-
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 21 +++++-
UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 ++-
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 78 ++++++++++++++++++--
8 files changed, 133 insertions(+), 14 deletions(-)
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 571b59b36f0a..c31d8b6736cf 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -2,7 +2,7 @@
# This Package provides UEFI compatible CPU modules and libraries.
#
# Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -91,6 +91,9 @@ [Guids]
## Include/Guid/MpInformation2.h
gMpInformation2HobGuid = { 0x417a7f64, 0xf4e9, 0x4b32, {0x84, 0x6a, 0x5c, 0xc4, 0xd8, 0x62, 0x18, 0x79 }}
+ ## Include/Guid/GhcbApicIds.h
+ gGhcbApicIdsGuid = { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80, 0x1b }}
+
[Protocols]
## Include/Protocol/SmmCpuService.h
gEfiSmmCpuServiceProtocolGuid = { 0x1d202cab, 0xc8ab, 0x4d5c, { 0x94, 0xf7, 0x3c, 0xfc, 0xc0, 0xd3, 0xd3, 0x35 }}
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 55e46d4a1fad..69950fcd1289 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -68,6 +68,7 @@ [Guids]
gEfiEventExitBootServicesGuid ## CONSUMES ## Event
gEfiEventLegacyBootGuid ## SOMETIMES_CONSUMES ## Event
gEdkiiMicrocodePatchHobGuid ## SOMETIMES_CONSUMES ## HOB
+ gGhcbApicIdsGuid ## SOMETIMES_CONSUMES ## HOB
[Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber ## CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index bc3d716aa951..22f74a814534 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -76,3 +76,4 @@ [Ppis]
[Guids]
gEdkiiS3SmmInitDoneGuid
gEdkiiMicrocodePatchHobGuid
+ gGhcbApicIdsGuid ## SOMETIMES_CONSUMES
diff --git a/UefiCpuPkg/Include/Guid/GhcbApicIds.h b/UefiCpuPkg/Include/Guid/GhcbApicIds.h
new file mode 100644
index 000000000000..9d5bfcb0de22
--- /dev/null
+++ b/UefiCpuPkg/Include/Guid/GhcbApicIds.h
@@ -0,0 +1,17 @@
+/** @file
+ APIC ID list retrieved for an SEV-ES/SEV-SNP guest via the GHCB.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef GHCB_APIC_IDS_H_
+#define GHCB_APIC_IDS_H_
+
+#define GHCB_APIC_IDS_GUID \
+ { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80, 0x1b }}
+
+extern EFI_GUID gGhcbApicIdsGuid;
+
+#endif
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index d26035559f22..65e05c4806f5 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -2,7 +2,7 @@
Common header file for MP Initialize Library.
Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
- Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+ Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -924,6 +924,19 @@ SevSnpCreateAP (
IN INTN ProcessorNumber
);
+/**
+ Determine if the SEV-SNP AP Create protocol should be used.
+
+ @param[in] CpuMpData Pointer to CPU MP Data
+
+ @retval TRUE Use SEV-SNP AP Create protocol
+ @retval FALSE Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+ IN CPU_MP_DATA *CpuMpData
+ );
+
/**
Get pointer to CPU MP Data structure from GUIDed HOB.
diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
index c83144285b68..0478e92317f1 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
@@ -2,7 +2,7 @@
AMD SEV helper function.
- Copyright (c) 2021, AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -68,3 +68,22 @@ SevSnpRmpAdjust (
//
return RETURN_UNSUPPORTED;
}
+
+/**
+ Determine if the SEV-SNP AP Create protocol should be used.
+
+ @param[in] CpuMpData Pointer to CPU MP Data
+
+ @retval TRUE Use SEV-SNP AP Create protocol
+ @retval FALSE Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+ IN CPU_MP_DATA *CpuMpData
+ )
+{
+ //
+ // SEV-SNP is not supported on 32-bit build.
+ //
+ return FALSE;
+}
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index 9bac62f289e0..d7244565029d 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -2,7 +2,7 @@
CPU MP Initialize Library common functions.
Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
- Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+ Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -1303,9 +1303,10 @@ WakeUpAP (
//
// Wakeup all APs
// Must use the INIT-SIPI-SIPI method for initial configuration in
- // order to obtain the APIC ID.
+ // order to obtain the APIC ID if not an SEV-SNP guest and the
+ // list of APIC IDs is not available.
//
- if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag != ApInitConfig)) {
+ if (CanUseSevSnpCreateAP (CpuMpData)) {
SevSnpCreateAP (CpuMpData, -1);
} else {
if ((CpuMpData->InitFlag == ApInitConfig) && FixedPcdGetBool (PcdFirstTimeWakeUpAPsBySipi)) {
@@ -1415,7 +1416,7 @@ WakeUpAP (
SetSevEsJumpTable (ExchangeInfo->BufferStart);
}
- if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag != ApInitConfig)) {
+ if (CanUseSevSnpCreateAP (CpuMpData)) {
SevSnpCreateAP (CpuMpData, (INTN)ProcessorNumber);
} else {
SendInitSipiSipi (
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index c9f0984f41a2..bd12a5ee2fcb 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -2,7 +2,7 @@
AMD SEV helper function.
- Copyright (c) 2021, AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -268,20 +268,55 @@ SevSnpCreateAP (
IN INTN ProcessorNumber
)
{
- CPU_INFO_IN_HOB *CpuInfoInHob;
- CPU_AP_DATA *CpuData;
- UINTN Index;
- UINT32 ApicId;
+ CPU_INFO_IN_HOB *CpuInfoInHob;
+ CPU_AP_DATA *CpuData;
+ UINTN Index;
+ UINTN MaxIndex;
+ UINT32 ApicId;
+ EFI_HOB_GUID_TYPE *GuidHob;
+ GHCB_APIC_IDS *GhcbApicIds;
ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000);
CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
if (ProcessorNumber < 0) {
- for (Index = 0; Index < CpuMpData->CpuCount; Index++) {
+ if (CpuMpData->InitFlag == ApInitConfig) {
+ //
+ // APs have not been started, so CpuCount is not "known" yet. Use the
+ // retrieved APIC IDs to start the APs and fill out the MpLib CPU
+ // information properly. CanUseSevSnpCreateAP() guarantees we have a
+ // HOB when InitFlag is ApInitConfig.
+ //
+ GuidHob = GetFirstGuidHob (&gGhcbApicIdsGuid);
+ GhcbApicIds = (GHCB_APIC_IDS *)(*(UINTN *)GET_GUID_HOB_DATA (GuidHob));
+ MaxIndex = MIN (GhcbApicIds->NumEntries, PcdGet32 (PcdCpuMaxLogicalProcessorNumber));
+ } else {
+ //
+ // APs have been previously started.
+ //
+ MaxIndex = CpuMpData->CpuCount;
+ }
+
+ for (Index = 0; Index < MaxIndex; Index++) {
if (Index != CpuMpData->BspNumber) {
CpuData = &CpuMpData->CpuData[Index];
- ApicId = CpuInfoInHob[Index].ApicId,
+
+ if (CpuMpData->InitFlag == ApInitConfig) {
+ ApicId = GhcbApicIds->ApicIds[Index];
+
+ //
+ // For the first boot, use the BSP register information.
+ //
+ CopyMem (
+ &CpuData->VolatileRegisters,
+ &CpuMpData->CpuData[0].VolatileRegisters,
+ sizeof (CpuData->VolatileRegisters)
+ );
+ } else {
+ ApicId = CpuInfoInHob[Index].ApicId;
+ }
+
SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId);
}
}
@@ -325,3 +360,32 @@ SevSnpRmpAdjust (
return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx);
}
+
+/**
+ Determine if the SEV-SNP AP Create protocol should be used.
+
+ @param[in] CpuMpData Pointer to CPU MP Data
+
+ @retval TRUE Use SEV-SNP AP Create protocol
+ @retval FALSE Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+ IN CPU_MP_DATA *CpuMpData
+ )
+{
+ //
+ // The AP Create protocol is used for an SEV-SNP guest if
+ // - The initial configuration has been performed already or
+ // - The APIC IDs GUIDed HOB is non-zero.
+ //
+ if (!CpuMpData->SevSnpIsEnabled) {
+ return FALSE;
+ }
+
+ if ((CpuMpData->InitFlag == ApInitConfig) && (GetFirstGuidHob (&gGhcbApicIdsGuid) == NULL)) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116528): https://edk2.groups.io/g/devel/message/116528
Mute This Topic: https://groups.io/mt/104810684/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 04/24] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (2 preceding siblings ...)
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present Lendacky, Thomas via groups.io
@ 2024-03-08 15:30 ` Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 05/24] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
` (21 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an SVSM.
After retrieving the APIC IDs, save the address of the APIC ID data
structure in a GUIDed HOB.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
OvmfPkg/PlatformPei/AmdSev.c | 92 +++++++++++++++++++-
2 files changed, 92 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index ad52be306560..2206316fec9e 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -45,6 +45,7 @@ [Guids]
gEfiMemoryTypeInformationGuid
gFdtHobGuid
gUefiOvmfPkgPlatformInfoGuid
+ gGhcbApicIdsGuid
[LibraryClasses]
BaseLib
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index e6b602d79a05..a9de33074a69 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -1,7 +1,7 @@
/**@file
Initialize Secure Encrypted Virtualization (SEV) support
- Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>
+ Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -9,6 +9,7 @@
//
// The package level header files this module uses
//
+#include <Guid/GhcbApicIds.h>
#include <IndustryStandard/Q35MchIch9.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
@@ -31,6 +32,87 @@ GetHypervisorFeature (
VOID
);
+/**
+ Retrieve APIC IDs from the hypervisor.
+
+**/
+STATIC
+VOID
+AmdSevSnpGetApicIds (
+ VOID
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ GHCB *Ghcb;
+ BOOLEAN InterruptState;
+ UINT64 VmgExitStatus;
+ UINT64 PageCount;
+ BOOLEAN PageCountValid;
+ VOID *ApicIds;
+ RETURN_STATUS Status;
+ UINT64 GuidData;
+
+ Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+ Ghcb = Msr.Ghcb;
+
+ PageCount = 0;
+ PageCountValid = FALSE;
+
+ CcExitVmgInit (Ghcb, &InterruptState);
+ Ghcb->SaveArea.Rax = PageCount;
+ CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+ VmgExitStatus = CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0);
+ if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) {
+ PageCount = Ghcb->SaveArea.Rax;
+ PageCountValid = TRUE;
+ }
+
+ CcExitVmgDone (Ghcb, InterruptState);
+
+ ASSERT (VmgExitStatus == 0);
+ ASSERT (PageCountValid);
+ if ((VmgExitStatus != 0) || !PageCountValid) {
+ return;
+ }
+
+ //
+ // Allocate the memory for the APIC IDs
+ //
+ ApicIds = AllocateReservedPages ((UINTN)PageCount);
+ ASSERT (ApicIds != NULL);
+
+ Status = MemEncryptSevClearPageEncMask (
+ 0,
+ (UINTN)ApicIds,
+ (UINTN)PageCount
+ );
+ ASSERT_RETURN_ERROR (Status);
+
+ ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount));
+
+ PageCountValid = FALSE;
+
+ CcExitVmgInit (Ghcb, &InterruptState);
+ Ghcb->SaveArea.Rax = PageCount;
+ CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+ VmgExitStatus = CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)ApicIds, 0);
+ if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax == PageCount)) {
+ PageCountValid = TRUE;
+ }
+
+ CcExitVmgDone (Ghcb, InterruptState);
+
+ ASSERT (VmgExitStatus == 0);
+ ASSERT (PageCountValid);
+ if ((VmgExitStatus != 0) || !PageCountValid) {
+ FreePages (ApicIds, (UINTN)PageCount);
+ return;
+ }
+
+ GuidData = (UINT64)(UINTN)ApicIds;
+ BuildGuidDataHob (&gGhcbApicIdsGuid, &GuidData, sizeof (GuidData));
+}
+
/**
Initialize SEV-SNP support if running as an SEV-SNP guest.
@@ -78,6 +160,14 @@ AmdSevSnpInitialize (
}
}
}
+
+ //
+ // Retrieve the APIC IDs if the hypervisor supports it. These will be used
+ // to always start APs using SNP AP Create.
+ //
+ if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) == GHCB_HV_FEATURES_APIC_ID_LIST) {
+ AmdSevSnpGetApicIds ();
+ }
}
/**
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116529): https://edk2.groups.io/g/devel/message/116529
Mute This Topic: https://groups.io/mt/104810685/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 05/24] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (3 preceding siblings ...)
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 04/24] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
@ 2024-03-08 15:30 ` Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 06/24] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
` (20 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In prep for follow-on patches, fix an area of the code that does not meet
the uncrustify coding standards.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 27 +++++++++++---------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 46c6682760d5..6a11adb06efb 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -2,7 +2,7 @@
SEV-SNP Page Validation functions.
- Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -78,7 +78,9 @@ PvalidateRange (
IN BOOLEAN Validate
)
{
- UINTN RmpPageSize, Ret, i;
+ UINTN RmpPageSize;
+ UINTN Index;
+ UINTN Ret;
EFI_PHYSICAL_ADDRESS Address;
for ( ; StartIndex <= EndIndex; StartIndex++) {
@@ -96,7 +98,7 @@ PvalidateRange (
// the RMP entry is 4K and we are validating it as a 2MB.
//
if ((Ret == PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize == PvalidatePageSize2MB)) {
- for (i = 0; i < PAGES_PER_LARGE_ENTRY; i++) {
+ for (Index = 0; Index < PAGES_PER_LARGE_ENTRY; Index++) {
Ret = AsmPvalidate (PvalidatePageSize4K, Validate, Address);
if (Ret) {
break;
@@ -135,18 +137,19 @@ BuildPageStateBuffer (
)
{
EFI_PHYSICAL_ADDRESS NextAddress;
- UINTN i, RmpPageSize;
+ UINTN RmpPageSize;
+ UINTN Index;
// Clear the page state structure
SetMem (Info, sizeof (*Info), 0);
- i = 0;
+ Index = 0;
NextAddress = EndAddress;
//
// Populate the page state entry structure
//
- while ((BaseAddress < EndAddress) && (i < SNP_PAGE_STATE_MAX_ENTRY)) {
+ while ((BaseAddress < EndAddress) && (Index < SNP_PAGE_STATE_MAX_ENTRY)) {
//
// Is this a 2MB aligned page? Check if we can use the Large RMP entry.
//
@@ -160,14 +163,14 @@ BuildPageStateBuffer (
NextAddress = BaseAddress + EFI_PAGE_SIZE;
}
- Info->Entry[i].GuestFrameNumber = BaseAddress >> EFI_PAGE_SHIFT;
- Info->Entry[i].PageSize = RmpPageSize;
- Info->Entry[i].Operation = MemoryStateToGhcbOp (State);
- Info->Entry[i].CurrentPage = 0;
- Info->Header.EndEntry = (UINT16)i;
+ Info->Entry[Index].GuestFrameNumber = BaseAddress >> EFI_PAGE_SHIFT;
+ Info->Entry[Index].PageSize = RmpPageSize;
+ Info->Entry[Index].Operation = MemoryStateToGhcbOp (State);
+ Info->Entry[Index].CurrentPage = 0;
+ Info->Header.EndEntry = (UINT16)Index;
BaseAddress = NextAddress;
- i++;
+ Index++;
}
return NextAddress;
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116530): https://edk2.groups.io/g/devel/message/116530
Mute This Topic: https://groups.io/mt/104810690/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 06/24] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (4 preceding siblings ...)
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 05/24] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
@ 2024-03-08 15:30 ` Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
` (19 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Calculate the amount of memory that can be use to build the Page State
Change data (SNP_PAGE_STATE_CHANGE_INFO) instead of using a hard-coded
size. This allows for changes to the GHCB shared buffer size without
having to make changes to the page state change code.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 6a11adb06efb..60b176ab14b8 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -133,23 +133,26 @@ BuildPageStateBuffer (
IN EFI_PHYSICAL_ADDRESS EndAddress,
IN SEV_SNP_PAGE_STATE State,
IN BOOLEAN UseLargeEntry,
- IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info,
+ IN UINTN InfoSize
)
{
EFI_PHYSICAL_ADDRESS NextAddress;
UINTN RmpPageSize;
UINTN Index;
+ UINTN IndexMax;
// Clear the page state structure
- SetMem (Info, sizeof (*Info), 0);
+ SetMem (Info, InfoSize, 0);
Index = 0;
+ IndexMax = (InfoSize - sizeof (Info->Header)) / sizeof (Info->Entry[0]);
NextAddress = EndAddress;
//
// Populate the page state entry structure
//
- while ((BaseAddress < EndAddress) && (Index < SNP_PAGE_STATE_MAX_ENTRY)) {
+ while ((BaseAddress < EndAddress) && (Index < IndexMax)) {
//
// Is this a 2MB aligned page? Check if we can use the Large RMP entry.
//
@@ -265,7 +268,8 @@ InternalSetPageState (
EndAddress,
State,
UseLargeEntry,
- Info
+ Info,
+ sizeof (Ghcb->SharedBuffer)
);
//
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116531): https://edk2.groups.io/g/devel/message/116531
Mute This Topic: https://groups.io/mt/104810694/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (5 preceding siblings ...)
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 06/24] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
@ 2024-03-08 15:30 ` Lendacky, Thomas via groups.io
2024-03-14 10:42 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
` (18 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:30 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
structure maps the full GHCB shared buffer based on the shared buffer size
being 2032 bytes.
Instead of using a hardcoded value for SNP_PAGE_STATE_MAX_ENTRY, use a
build calculated value. Since the SNP_PAGE_STATE_CHANGE_INFO is used as a
mapping, eliminate the hardcoded array size so that the structure can be
used based on any size buffer.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
MdePkg/Include/Register/Amd/Ghcb.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/Amd/Ghcb.h
index bd7bf986d03f..ae1486b526a6 100644
--- a/MdePkg/Include/Register/Amd/Ghcb.h
+++ b/MdePkg/Include/Register/Amd/Ghcb.h
@@ -197,13 +197,14 @@ typedef struct {
UINT32 Reserved;
} SNP_PAGE_STATE_HEADER;
-#define SNP_PAGE_STATE_MAX_ENTRY 253
-
typedef struct {
SNP_PAGE_STATE_HEADER Header;
- SNP_PAGE_STATE_ENTRY Entry[SNP_PAGE_STATE_MAX_ENTRY];
+ SNP_PAGE_STATE_ENTRY Entry[];
} SNP_PAGE_STATE_CHANGE_INFO;
+#define SNP_PAGE_STATE_MAX_ENTRY \
+ ((sizeof (((GHCB *)0)->SharedBuffer) - sizeof (SNP_PAGE_STATE_HEADER)) / sizeof (SNP_PAGE_STATE_ENTRY))
+
//
// Get APIC IDs
//
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116532): https://edk2.groups.io/g/devel/message/116532
Mute This Topic: https://groups.io/mt/104810697/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 09/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (7 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 10/24] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
` (16 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When building the Page State Change entries for a range of memory, it can
happen that multiple calls to BuildPageStateBuffer() need to be made. If
the size of the input work area passed to BuildPageStateBuffer() exceeds
the number of entries that can be passed to the hypervisor using the GHCB
shared buffer, the Page State Change VMGEXIT support will issue multiple
VMGEXITs to process all entries in the buffer.
However, it could be that the final VMGEXIT for each round of Page State
Changes is only for a small number of entries and subsequent VMGEXITs may
still be issued to handle the full range of memory requested. To maximize
the number of entries processed during the Page State Change VMGEXIT,
limit BuildPageStateBuffer() to not build entries that exceed the maximum
number of entries that can be handled in a single Page State Change
VMGEXIT.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index bcc0798d6b02..f1883239a661 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -145,6 +145,7 @@ BuildPageStateBuffer (
UINTN RmpPageSize;
UINTN Index;
UINTN IndexMax;
+ UINTN PscIndexMax;
// Clear the page state structure
SetMem (Info, InfoSize, 0);
@@ -153,6 +154,16 @@ BuildPageStateBuffer (
IndexMax = (InfoSize - sizeof (Info->Header)) / sizeof (Info->Entry[0]);
NextAddress = EndAddress;
+ //
+ // Make the use of the work area as efficient as possible relative to
+ // exiting from the guest to the hypervisor. Maximize the number of entries
+ // that can be processed per exit.
+ //
+ PscIndexMax = (IndexMax / SNP_PAGE_STATE_MAX_ENTRY) * SNP_PAGE_STATE_MAX_ENTRY;
+ if (PscIndexMax > 0) {
+ IndexMax = MIN (IndexMax, PscIndexMax);
+ }
+
//
// Populate the page state entry structure
//
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116534): https://edk2.groups.io/g/devel/message/116534
Mute This Topic: https://groups.io/mt/104810705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (6 preceding siblings ...)
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-03-14 10:43 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 09/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
` (17 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.
Currently, the page state change logic directly uses the GHCB shared
buffer to build the page state change structures. However, this will be
in conflict with the use of the GHCB should an SVSM call be required.
Instead, use a separate buffer (an area in the workarea during SEC and
an allocated page during PEI/DXE) to hold the page state change request
and only update the GHCB shared buffer as needed.
Since the information is copied to, and operated on, in the GHCB shared
buffer this has the added benefit of not requiring to save the start and
end entries for use when validating the memory during the page state
change sequence.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Include/WorkArea.h | 9 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 6 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 11 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 27 ++++-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 22 +++-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 14 ++-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 109 +++++++++++++-------
7 files changed, 146 insertions(+), 52 deletions(-)
diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index b1c7045ce18c..e3b415db2caa 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -2,7 +2,7 @@
Work Area structure definition
- Copyright (c) 2021, AMD Inc.
+ Copyright (c) 2021 - 2024, AMD Inc.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -54,6 +54,13 @@ typedef struct _SEC_SEV_ES_WORK_AREA {
// detection in OvmfPkg/ResetVector/Ia32/AmdSev.c
//
UINT8 ReceivedVc;
+ UINT8 Reserved[7];
+
+ // Used by SEC to generate Page State Change requests. This should be
+ // sized less than an equal to the GHCB shared buffer area to allow a
+ // single call to the hypervisor.
+ //
+ UINT8 WorkBuffer[1024];
} SEC_SEV_ES_WORK_AREA;
//
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
index 43319cc9ed17..5d23d1828b25 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
@@ -2,7 +2,7 @@
SEV-SNP Page Validation functions.
- Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -24,7 +24,9 @@ InternalSetPageState (
IN EFI_PHYSICAL_ADDRESS BaseAddress,
IN UINTN NumPages,
IN SEV_SNP_PAGE_STATE State,
- IN BOOLEAN UseLargeEntry
+ IN BOOLEAN UseLargeEntry,
+ IN VOID *PscBuffer,
+ IN UINTN PscBufferSize
);
VOID
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
index cbcdd46f528f..2515425e467a 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
@@ -2,7 +2,7 @@
SEV-SNP Page Validation functions.
- Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -16,6 +16,8 @@
#include "SnpPageStateChange.h"
#include "VirtualMemory.h"
+STATIC VOID *mPscBuffer = NULL;
+
/**
Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@@ -52,5 +54,10 @@ MemEncryptSevSnpPreValidateSystemRam (
}
}
- InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+ if (mPscBuffer == NULL) {
+ mPscBuffer = AllocateReservedPages (1);
+ ASSERT (mPscBuffer != NULL);
+ }
+
+ InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE, mPscBuffer, EFI_PAGE_SIZE);
}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index dee3fb8914ca..337a7d926b15 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -3,7 +3,7 @@
Virtual Memory Management Services to set or clear the memory encryption bit
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
- Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2017 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -23,6 +23,8 @@ STATIC BOOLEAN mAddressEncMaskChecked = FALSE;
STATIC UINT64 mAddressEncMask;
STATIC PAGE_TABLE_POOL *mPageTablePool = NULL;
+STATIC VOID *mPscBuffer = NULL;
+
typedef enum {
SetCBit,
ClearCBit
@@ -786,7 +788,19 @@ SetMemoryEncDec (
// The InternalSetPageState() is used for setting the page state in the RMP table.
//
if (!Mmio && (Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) {
- InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), SevSnpPageShared, FALSE);
+ if (mPscBuffer == NULL) {
+ mPscBuffer = AllocateReservedPages (1);
+ ASSERT (mPscBuffer != NULL);
+ }
+
+ InternalSetPageState (
+ PhysicalAddress,
+ EFI_SIZE_TO_PAGES (Length),
+ SevSnpPageShared,
+ FALSE,
+ mPscBuffer,
+ EFI_PAGE_SIZE
+ );
}
//
@@ -975,11 +989,18 @@ SetMemoryEncDec (
// The InternalSetPageState() is used for setting the page state in the RMP table.
//
if ((Mode == SetCBit) && MemEncryptSevSnpIsEnabled ()) {
+ if (mPscBuffer == NULL) {
+ mPscBuffer = AllocateReservedPages (1);
+ ASSERT (mPscBuffer != NULL);
+ }
+
InternalSetPageState (
OrigPhysicalAddress,
EFI_SIZE_TO_PAGES (OrigLength),
SevSnpPagePrivate,
- FALSE
+ FALSE,
+ mPscBuffer,
+ EFI_PAGE_SIZE
);
}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
index 497016544482..0040700f03f3 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
@@ -2,7 +2,7 @@
SEV-SNP Page Validation functions.
- Copyright (c) 2021 AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -17,6 +17,8 @@
#include "SnpPageStateChange.h"
#include "VirtualMemory.h"
+STATIC UINT8 mPscBufferPage[EFI_PAGE_SIZE];
+
typedef struct {
UINT64 StartAddress;
UINT64 EndAddress;
@@ -113,7 +115,14 @@ MemEncryptSevSnpPreValidateSystemRam (
if (BaseAddress < OverlapRange.StartAddress) {
NumPages = EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAddress);
- InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+ InternalSetPageState (
+ BaseAddress,
+ NumPages,
+ SevSnpPagePrivate,
+ TRUE,
+ mPscBufferPage,
+ sizeof (mPscBufferPage)
+ );
}
BaseAddress = OverlapRange.EndAddress;
@@ -122,7 +131,14 @@ MemEncryptSevSnpPreValidateSystemRam (
// Validate the remaining pages.
NumPages = EFI_SIZE_TO_PAGES (EndAddress - BaseAddress);
- InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+ InternalSetPageState (
+ BaseAddress,
+ NumPages,
+ SevSnpPagePrivate,
+ TRUE,
+ mPscBufferPage,
+ sizeof (mPscBufferPage)
+ );
BaseAddress = EndAddress;
}
}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index be43a44e4e1d..ca279d77274b 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -10,6 +10,7 @@
#include <Uefi/UefiBaseType.h>
#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
#include <Library/MemEncryptSevLib.h>
#include "SnpPageStateChange.h"
@@ -65,6 +66,8 @@ MemEncryptSevSnpPreValidateSystemRam (
IN UINTN NumPages
)
{
+ SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
+
if (!MemEncryptSevSnpIsEnabled ()) {
return;
}
@@ -78,5 +81,14 @@ MemEncryptSevSnpPreValidateSystemRam (
SnpPageStateFailureTerminate ();
}
- InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+ SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);
+
+ InternalSetPageState (
+ BaseAddress,
+ NumPages,
+ SevSnpPagePrivate,
+ TRUE,
+ SevEsWorkArea->WorkBuffer,
+ sizeof (SevEsWorkArea->WorkBuffer)
+ );
}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 60b176ab14b8..bcc0798d6b02 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -72,16 +72,19 @@ SnpPageStateFailureTerminate (
STATIC
VOID
PvalidateRange (
- IN SNP_PAGE_STATE_CHANGE_INFO *Info,
- IN UINTN StartIndex,
- IN UINTN EndIndex,
- IN BOOLEAN Validate
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
)
{
UINTN RmpPageSize;
+ UINTN StartIndex;
+ UINTN EndIndex;
UINTN Index;
UINTN Ret;
EFI_PHYSICAL_ADDRESS Address;
+ BOOLEAN Validate;
+
+ StartIndex = Info->Header.CurrentEntry;
+ EndIndex = Info->Header.EndEntry;
for ( ; StartIndex <= EndIndex; StartIndex++) {
//
@@ -89,6 +92,7 @@ PvalidateRange (
//
Address = ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
RmpPageSize = Info->Entry[StartIndex].PageSize;
+ Validate = Info->Entry[StartIndex].Operation == SNP_PAGE_STATE_PRIVATE;
Ret = AsmPvalidate (RmpPageSize, Validate, Address);
@@ -182,11 +186,29 @@ BuildPageStateBuffer (
STATIC
VOID
PageStateChangeVmgExit (
- IN GHCB *Ghcb,
- IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ IN GHCB *Ghcb,
+ IN SNP_PAGE_STATE_ENTRY *Start,
+ IN UINT16 Count
)
{
- EFI_STATUS Status;
+ SNP_PAGE_STATE_CHANGE_INFO *GhcbInfo;
+ EFI_STATUS Status;
+ BOOLEAN InterruptState;
+
+ ASSERT (Count <= SNP_PAGE_STATE_MAX_ENTRY);
+ if (Count > SNP_PAGE_STATE_MAX_ENTRY) {
+ SnpPageStateFailureTerminate ();
+ }
+
+ //
+ // Initialize the GHCB
+ //
+ CcExitVmgInit (Ghcb, &InterruptState);
+
+ GhcbInfo = (SNP_PAGE_STATE_CHANGE_INFO *)Ghcb->SharedBuffer;
+ GhcbInfo->Header.CurrentEntry = 0;
+ GhcbInfo->Header.EndEntry = Count - 1;
+ CopyMem (GhcbInfo->Entry, Start, sizeof (*Start) * Count);
//
// As per the GHCB specification, the hypervisor can resume the guest before
@@ -197,7 +219,7 @@ PageStateChangeVmgExit (
// page state was not successful, then later memory access will result
// in the crash.
//
- while (Info->Header.CurrentEntry <= Info->Header.EndEntry) {
+ while (GhcbInfo->Header.CurrentEntry <= GhcbInfo->Header.EndEntry) {
Ghcb->SaveArea.SwScratch = (UINT64)Ghcb->SharedBuffer;
CcExitVmgSetOffsetValid (Ghcb, GhcbSwScratch);
@@ -211,6 +233,34 @@ PageStateChangeVmgExit (
SnpPageStateFailureTerminate ();
}
}
+
+ CcExitVmgDone (Ghcb, InterruptState);
+}
+
+STATIC
+VOID
+PageStateChange (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ )
+{
+ GHCB *Ghcb;
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ SNP_PAGE_STATE_HEADER *Header;
+ UINT16 Index;
+ UINT16 Count;
+
+ Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+ Ghcb = Msr.Ghcb;
+
+ Header = &Info->Header;
+
+ for (Index = Header->CurrentEntry; Index <= Header->EndEntry;) {
+ Count = MIN (Header->EndEntry - Index + 1, SNP_PAGE_STATE_MAX_ENTRY);
+
+ PageStateChangeVmgExit (Ghcb, &Info->Entry[Index], Count);
+
+ Index += Count;
+ }
}
/**
@@ -226,18 +276,14 @@ InternalSetPageState (
IN EFI_PHYSICAL_ADDRESS BaseAddress,
IN UINTN NumPages,
IN SEV_SNP_PAGE_STATE State,
- IN BOOLEAN UseLargeEntry
+ IN BOOLEAN UseLargeEntry,
+ IN VOID *PscBuffer,
+ IN UINTN PscBufferSize
)
{
- GHCB *Ghcb;
EFI_PHYSICAL_ADDRESS NextAddress, EndAddress;
- MSR_SEV_ES_GHCB_REGISTER Msr;
- BOOLEAN InterruptState;
SNP_PAGE_STATE_CHANGE_INFO *Info;
- Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
- Ghcb = Msr.Ghcb;
-
EndAddress = BaseAddress + EFI_PAGES_TO_SIZE (NumPages);
DEBUG ((
@@ -251,57 +297,40 @@ InternalSetPageState (
UseLargeEntry
));
- while (BaseAddress < EndAddress) {
- UINTN CurrentEntry, EndEntry;
-
- //
- // Initialize the GHCB
- //
- CcExitVmgInit (Ghcb, &InterruptState);
+ Info = (SNP_PAGE_STATE_CHANGE_INFO *)PscBuffer;
+ for (NextAddress = BaseAddress; NextAddress < EndAddress;) {
//
// Build the page state structure
//
- Info = (SNP_PAGE_STATE_CHANGE_INFO *)Ghcb->SharedBuffer;
NextAddress = BuildPageStateBuffer (
- BaseAddress,
+ NextAddress,
EndAddress,
State,
UseLargeEntry,
- Info,
- sizeof (Ghcb->SharedBuffer)
+ PscBuffer,
+ PscBufferSize
);
- //
- // Save the current and end entry from the page state structure. We need
- // it later.
- //
- CurrentEntry = Info->Header.CurrentEntry;
- EndEntry = Info->Header.EndEntry;
-
//
// If the caller requested to change the page state to shared then
// invalidate the pages before making the page shared in the RMP table.
//
if (State == SevSnpPageShared) {
- PvalidateRange (Info, CurrentEntry, EndEntry, FALSE);
+ PvalidateRange (Info);
}
//
// Invoke the page state change VMGEXIT.
//
- PageStateChangeVmgExit (Ghcb, Info);
+ PageStateChange (Info);
//
// If the caller requested to change the page state to private then
// validate the pages after it has been added in the RMP table.
//
if (State == SevSnpPagePrivate) {
- PvalidateRange (Info, CurrentEntry, EndEntry, TRUE);
+ PvalidateRange (Info);
}
-
- CcExitVmgDone (Ghcb, InterruptState);
-
- BaseAddress = NextAddress;
}
}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116533): https://edk2.groups.io/g/devel/message/116533
Mute This Topic: https://groups.io/mt/104810704/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 10/24] MdePkg/Register/Amd: Define the SVSM related information
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (8 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 09/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 11/24] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
` (15 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The Secure VM Service Module specification defines the interfaces needed
to allow multi-VMPL level execution of an SEV-SNP guest.
Define the SVSM related structures for the SVSM Calling Area as well as
the SVSM CAA MSR. The SVSM CAA MSR is an MSR register that is reserved for
software use and will not be implemented in hardware.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +++-
MdePkg/Include/Register/Amd/Msr.h | 3 +-
MdePkg/Include/Register/Amd/Svsm.h | 101 ++++++++++++++++++++
MdePkg/Include/Register/Amd/SvsmMsr.h | 35 +++++++
4 files changed, 156 insertions(+), 2 deletions(-)
diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Register/Amd/Fam17Msr.h
index bb4e143e2456..f2d5ccb39dc7 100644
--- a/MdePkg/Include/Register/Amd/Fam17Msr.h
+++ b/MdePkg/Include/Register/Amd/Fam17Msr.h
@@ -6,7 +6,7 @@
returned is a single 32-bit or 64-bit value, then a data structure is not
provided for that MSR.
- Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>
+ Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
@@ -71,9 +71,24 @@ typedef union {
UINT32 ErrorCode;
} SnpPageStateChangeResponse;
+ struct {
+ UINT64 Function : 12;
+ UINT64 Reserved1 : 20;
+ UINT64 Vmpl : 8;
+ UINT64 Reserved2 : 56;
+ } SnpVmplRequest;
+
+ struct {
+ UINT32 Function : 12;
+ UINT32 Reserved : 20;
+ UINT32 ErrorCode;
+ } SnpVmplResponse;
+
VOID *Ghcb;
UINT64 GhcbPhysicalAddress;
+
+ UINT64 Uint64;
} MSR_SEV_ES_GHCB_REGISTER;
#define GHCB_INFO_SEV_INFO 1
@@ -84,6 +99,8 @@ typedef union {
#define GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE 19
#define GHCB_INFO_SNP_PAGE_STATE_CHANGE_REQUEST 20
#define GHCB_INFO_SNP_PAGE_STATE_CHANGE_RESPONSE 21
+#define GHCB_INFO_SNP_VMPL_REQUEST 22
+#define GHCB_INFO_SNP_VMPL_RESPONSE 23
#define GHCB_HYPERVISOR_FEATURES_REQUEST 128
#define GHCB_HYPERVISOR_FEATURES_RESPONSE 129
#define GHCB_INFO_TERMINATE_REQUEST 256
diff --git a/MdePkg/Include/Register/Amd/Msr.h b/MdePkg/Include/Register/Amd/Msr.h
index 084eb892cdd9..04a3cbeb4315 100644
--- a/MdePkg/Include/Register/Amd/Msr.h
+++ b/MdePkg/Include/Register/Amd/Msr.h
@@ -6,7 +6,7 @@
returned is a single 32-bit or 64-bit value, then a data structure is not
provided for that MSR.
- Copyright (c) 2017 - 2019, Advanced Micro Devices. All rights reserved.<BR>
+ Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
@@ -19,5 +19,6 @@
#include <Register/Intel/ArchitecturalMsr.h>
#include <Register/Amd/Fam17Msr.h>
+#include <Register/Amd/SvsmMsr.h>
#endif
diff --git a/MdePkg/Include/Register/Amd/Svsm.h b/MdePkg/Include/Register/Amd/Svsm.h
new file mode 100644
index 000000000000..9a989f803107
--- /dev/null
+++ b/MdePkg/Include/Register/Amd/Svsm.h
@@ -0,0 +1,101 @@
+/** @file
+ Secure VM Service Module (SVSM) Definition.
+
+ Provides data types allowing an SEV-SNP guest to interact with the SVSM.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Specification Reference:
+ Secure VM Service Module Specification
+
+**/
+
+#ifndef SVSM_H_
+#define SVSM_H_
+
+#include <Base.h>
+#include <Uefi.h>
+#include <Library/BaseLib.h>
+
+//
+// The SVSM definitions are part of the SNP Secrets Page:
+// An SVSM is considered present if the SvsmSize field is non-zero.
+//
+typedef PACKED struct {
+ UINT8 Reserved1[320];
+
+ UINT64 SvsmBase;
+ UINT64 SvsmSize;
+ UINT64 SvsmCaa;
+ UINT32 SvsmMaxVersion;
+ UINT8 SvsmGuestVmpl;
+ UINT8 Reserved2[3];
+} SVSM_INFORMATION;
+
+typedef PACKED struct {
+ UINT8 SvsmCallPending;
+ UINT8 SvsmMemAvailable;
+ UINT8 Reserved1[6];
+
+ //
+ // The remainder of the CAA 4KB area can be used for argument
+ // passing to the SVSM.
+ //
+ UINT8 SvsmBuffer[SIZE_4KB - 8];
+} SVSM_CAA;
+
+#define SVSM_SUCCESS 0x00000000
+#define SVSM_ERR_INCOMPLETE 0x80000000
+#define SVSM_ERR_UNSUPPORTED_PROTOCOL 0x80000001
+#define SVSM_ERR_UNSUPPORTED_CALL 0x80000002
+#define SVSM_ERR_INVALID_ADDRESS 0x80000003
+#define SVSM_ERR_INVALID_FORMAT 0x80000004
+#define SVSM_ERR_INVALID_PARAMETER 0x80000005
+#define SVSM_ERR_INVALID_REQUEST 0x80000006
+#define SVSM_ERR_BUSY 0x80000007
+
+#define SVSM_ERR_PVALIDATE_FAIL_INPUT 0x80001001
+#define SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH 0x80001006
+#define SVSM_ERR_PVALIDATE_FAIL_NO_CHANGE 0x80001010
+
+typedef PACKED struct {
+ UINT16 Entries;
+ UINT16 Next;
+
+ UINT8 Reserved[4];
+} SVSM_PVALIDATE_HEADER;
+
+typedef union {
+ struct {
+ UINT64 PageSize : 2;
+ UINT64 Action : 1;
+ UINT64 IgnoreCf : 1;
+ UINT64 Reserved_2 : 8;
+ UINT64 Address : 52;
+ } Bits;
+ UINT64 Uint64;
+} SVSM_PVALIDATE_ENTRY;
+
+typedef PACKED struct {
+ SVSM_PVALIDATE_HEADER Header;
+ SVSM_PVALIDATE_ENTRY Entry[];
+} SVSM_PVALIDATE_REQUEST;
+
+#define SVSM_PVALIDATE_MAX_ENTRY \
+ ((sizeof (((SVSM_CAA *)0)->SvsmBuffer) - sizeof (SVSM_PVALIDATE_HEADER)) / sizeof (SVSM_PVALIDATE_ENTRY))
+
+typedef union {
+ SVSM_PVALIDATE_REQUEST PvalidateRequest;
+} SVSM_REQUEST;
+
+typedef union {
+ struct {
+ UINT32 CallId;
+ UINT32 Protocol;
+ } Id;
+
+ UINT64 Uint64;
+} SVSM_FUNCTION;
+
+#endif
diff --git a/MdePkg/Include/Register/Amd/SvsmMsr.h b/MdePkg/Include/Register/Amd/SvsmMsr.h
new file mode 100644
index 000000000000..9e7fca880ba5
--- /dev/null
+++ b/MdePkg/Include/Register/Amd/SvsmMsr.h
@@ -0,0 +1,35 @@
+/** @file
+ MSR Definitions.
+
+ Provides defines for Machine Specific Registers(MSR) indexes. Data structures
+ are provided for MSRs that contain one or more bit fields. If the MSR value
+ returned is a single 32-bit or 64-bit value, then a data structure is not
+ provided for that MSR.
+
+ Copyright (c) 2024, Advanced Micro Devices. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef SVSM_MSR_H_
+#define SVSM_MSR_H_
+
+/**
+ Secure VM Service Module CAA register
+
+**/
+#define MSR_SVSM_CAA 0xc001f000
+
+/**
+ MSR information returned for #MSR_SVSM_CAA
+**/
+typedef union {
+ struct {
+ UINT32 Lower32Bits;
+ UINT32 Upper32Bits;
+ } Bits;
+
+ UINT64 Uint64;
+} MSR_SVSM_CAA_REGISTER;
+
+#endif
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116535): https://edk2.groups.io/g/devel/message/116535
Mute This Topic: https://groups.io/mt/104810708/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 11/24] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (9 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 10/24] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
` (14 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR Protocol or a GHCB NAE event.
Create a new version of the VMGEXIT instruction that will adhere to this
calling convention and load the SVSM function arguments into the proper
register before invoking the VMGEXIT instruction. On return, perform the
atomic exchange on the SVSM call pending value as specified in the SVSM
specification.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
MdePkg/Library/BaseLib/BaseLib.inf | 2 +
MdePkg/Include/Library/BaseLib.h | 39 ++++++++
MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++++++++
MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++++++++++++++++++
4 files changed, 174 insertions(+)
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
index 4dbe94be71e1..26e66a8d67cf 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -187,6 +187,7 @@ [Sources.Ia32]
Ia32/XGetBv.nasm
Ia32/XSetBv.nasm
Ia32/VmgExit.nasm
+ Ia32/VmgExitSvsm.nasm
Ia32/DivS64x64Remainder.c
Ia32/InternalSwitchStack.c | MSFT
@@ -328,6 +329,7 @@ [Sources.X64]
X64/XGetBv.nasm
X64/XSetBv.nasm
X64/VmgExit.nasm
+ X64/VmgExitSvsm.nasm
ChkStkGcc.c | GCC
[Sources.EBC]
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 1fff0fb224f1..95f805599d9d 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -7876,6 +7876,45 @@ AsmVmgExit (
VOID
);
+///
+/// The structure used to supply and return data to and from the SVSM.
+///
+typedef struct {
+ VOID *Caa;
+ UINT64 RaxIn;
+ UINT64 RcxIn;
+ UINT64 RdxIn;
+ UINT64 R8In;
+ UINT64 R9In;
+ UINT64 RaxOut;
+ UINT64 RcxOut;
+ UINT64 RdxOut;
+ UINT64 R8Out;
+ UINT64 R9Out;
+ UINT8 *CallPending;
+} SVSM_CALL_DATA;
+
+/**
+ Executes a VMGEXIT instruction (VMMCALL with a REP prefix) with arguments
+ and return code
+
+ Executes a VMGEXIT instruction placing the specified arguments in the
+ corresponding registers before invocation. Upon return an XCHG is done to
+ atomically clear and retrieve the SVSM call pending value. The returned RAX
+ register value becomes the function return code. This function is intended
+ for use with an SVSM. This function is only available on IA-32 and x64.
+
+ @param[in,out] SvsmCallPending Pointer to the location of the SVSM call data
+
+ @return Value of the RAX register on return
+
+**/
+UINT32
+EFIAPI
+AsmVmgExitSvsm (
+ IN OUT SVSM_CALL_DATA *SvsmCallData
+ );
+
/**
Patch the immediate operand of an IA32 or X64 instruction such that the byte,
word, dword or qword operand is encoded at the end of the instruction's
diff --git a/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
new file mode 100644
index 000000000000..14717bd1af02
--- /dev/null
+++ b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
@@ -0,0 +1,39 @@
+;------------------------------------------------------------------------------
+;
+; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+; VmgExitSvsm.Asm
+;
+; Abstract:
+;
+; AsmVmgExitSvsm function
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+ DEFAULT REL
+ SECTION .text
+
+;------------------------------------------------------------------------------
+; UINT32
+; EFIAPI
+; AsmVmgExitSvsm (
+; SVSM_CALL_DATA *SvsmCallData
+; );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmVmgExitSvsm)
+ASM_PFX(AsmVmgExitSvsm):
+;
+; NASM doesn't support the vmmcall instruction in 32-bit mode and NASM versions
+; before 2.12 cannot translate the 64-bit "rep vmmcall" instruction into elf32
+; format. Given that VMGEXIT does not make sense on IA32, provide a stub
+; implementation that is identical to CpuBreakpoint(). In practice,
+; AsmVmgExitSvsm() should never be called on IA32.
+;
+ int 3
+ ret
+
diff --git a/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
new file mode 100644
index 000000000000..b8af78890611
--- /dev/null
+++ b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
@@ -0,0 +1,94 @@
+;------------------------------------------------------------------------------
+;
+; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+; VmgExitSvsm.Asm
+;
+; Abstract:
+;
+; AsmVmgExitSvsm function
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+ DEFAULT REL
+ SECTION .text
+
+;------------------------------------------------------------------------------
+; typedef struct {
+; VOID *Caa;
+; UINT64 RaxIn;
+; UINT64 RcxIn;
+; UINT64 RdxIn;
+; UINT64 R8In;
+; UINT64 R9In;
+; UINT64 RaxOut;
+; UINT64 RcxOut;
+; UINT64 RdxOut;
+; UINT64 R8Out;
+; UINT64 R9Out;
+; UINT8 *CallPending;
+; } SVSM_CALL_DATA;
+;
+; UINT32
+; EFIAPI
+; AsmVmgExitSvsm (
+; SVSM_CALL_DATA *SvsmCallData
+; );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmVmgExitSvsm)
+ASM_PFX(AsmVmgExitSvsm):
+ push r10
+ push r11
+ push r12
+
+;
+; Calling convention has SvsmCallData in RCX. Move RCX to R12 in order to
+; properly populate the SVSM register state.
+;
+ mov r12, rcx
+
+ mov rax, [r12 + 8]
+ mov rcx, [r12 + 16]
+ mov rdx, [r12 + 24]
+ mov r8, [r12 + 32]
+ mov r9, [r12 + 40]
+
+;
+; Set CA call pending
+;
+ mov r10, [r12]
+ mov byte [r10], 1
+
+ rep vmmcall
+
+ mov [r12 + 48], rax
+ mov [r12 + 56], rcx
+ mov [r12 + 64], rdx
+ mov [r12 + 72], r8
+ mov [r12 + 80], r9
+
+;
+; Perform the atomic exchange and return the CA call pending value.
+; The call pending value is a one-byte field at offset 0 into the CA,
+; which is currently the value in R10.
+;
+
+ mov r11, [r12 + 88] ; Get CallPending address
+ mov cl, byte [r11]
+ xchg byte [r10], cl
+ mov byte [r11], cl ; Return the exchanged value
+
+ pop r12
+ pop r11
+ pop r10
+
+;
+; RAX has the value to be returned from the SVSM
+;
+ ret
+
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116536): https://edk2.groups.io/g/devel/message/116536
Mute This Topic: https://groups.io/mt/104810711/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (10 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 11/24] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-04-03 7:06 ` Ni, Ray
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
` (13 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
lower, a new library must be created.
This library includes an interface to detect if running under an SVSM, an
interface to return the current VMPL, an interface to perform memory
validation and an interface to set or clear the attribute that allows a
page to be used as a VMSA.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiCpuPkg/UefiCpuPkg.dec | 3 +
UefiCpuPkg/UefiCpuPkg.dsc | 4 +-
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf | 27 +++++
UefiCpuPkg/Include/Library/AmdSvsmLib.h | 101 ++++++++++++++++++
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c | 108 ++++++++++++++++++++
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni | 13 +++
6 files changed, 255 insertions(+), 1 deletion(-)
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index c31d8b6736cf..d1bff93ae2e0 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64]
## @libraryclass Provides function to support CcExit processing.
CcExitLib|Include/Library/CcExitLib.h
+ ## @libraryclass Provides function to support AmdSvsm processing.
+ AmdSvsmLib|Include/Library/AmdSvsmLib.h
+
## @libraryclass Provides function to get CPU cache information.
CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index 10b33594e586..422e50c92b48 100644
--- a/UefiCpuPkg/UefiCpuPkg.dsc
+++ b/UefiCpuPkg/UefiCpuPkg.dsc
@@ -2,7 +2,7 @@
# UefiCpuPkg Package
#
# Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -61,6 +61,7 @@ [LibraryClasses]
PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
@@ -159,6 +160,7 @@ [Components.IA32, Components.X64]
UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf
UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf
UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
UefiCpuPkg/SecCore/SecCore.inf
diff --git a/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
new file mode 100644
index 000000000000..45a189540941
--- /dev/null
+++ b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
@@ -0,0 +1,27 @@
+## @file
+# AmdSvsm Base Support Library.
+#
+# Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.29
+ BASE_NAME = AmdSvsmLibNull
+ MODULE_UNI_FILE = AmdSvsmLibNull.uni
+ FILE_GUID = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = AmdSvsmLib
+
+[Sources.common]
+ AmdSvsmLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
+
+[LibraryClasses]
+ BaseLib
+
diff --git a/UefiCpuPkg/Include/Library/AmdSvsmLib.h b/UefiCpuPkg/Include/Library/AmdSvsmLib.h
new file mode 100644
index 000000000000..40e0e5bd4259
--- /dev/null
+++ b/UefiCpuPkg/Include/Library/AmdSvsmLib.h
@@ -0,0 +1,101 @@
+/** @file
+ Public header file for the AmdSvsmLib.
+
+ This library class defines some routines used for invoking an SVSM when the
+ guest is not running at VMPL0.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef AMD_SVSM_LIB_H_
+#define AMD_SVSM_LIB_H_
+
+#include <Protocol/DebugSupport.h>
+#include <Register/Amd/Ghcb.h>
+
+/**
+ Report the presence of an Secure Virtual Services Module (SVSM).
+
+ Determines the presence of an SVSM.
+
+ @retval TRUE An SVSM is present
+ @retval FALSE An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmIsSvsmPresent (
+ VOID
+ );
+
+/**
+ Report the VMPL level at which the SEV-SNP guest is running.
+
+ Determines the VMPL level at which the guest is running. If an SVSM is
+ not present, then it must be VMPL0, otherwise return what is reported
+ by the SVSM.
+
+ @return The VMPL level
+
+**/
+UINT8
+EFIAPI
+AmdSvsmSnpGetVmpl (
+ VOID
+ );
+
+/**
+ Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+ If an SVSM is present, the CAA for the BSP is returned.
+
+ @return The CAA
+
+**/
+UINT64
+EFIAPI
+AmdSvsmSnpGetCaa (
+ VOID
+ );
+
+/**
+ Perform a PVALIDATE operation for the page ranges specified.
+
+ Validate or rescind the validation of the specified pages.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+AmdSvsmSnpPvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ );
+
+/**
+ Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+ Add or remove the VMSA attribute for a page.
+
+ @param[in] Vmsa Pointer to an SEV-ES save area page
+ @param[in] ApicId APIC ID associated with the VMSA
+ @param[in] SetVmsa Boolean indicator as to whether to set or
+ or clear the VMSA setting for the page
+
+ @retval EFI_SUCCESS RMPADJUST operation successful
+ @retval EFI_UNSUPPORTED Operation is not supported
+ @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
+ parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+AmdSvsmSnpVmsaRmpAdjust (
+ IN SEV_ES_SAVE_AREA *Vmsa,
+ IN UINT32 ApicId,
+ IN BOOLEAN SetVmsa
+ );
+
+#endif
diff --git a/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
new file mode 100644
index 000000000000..a83fcbd6ce7b
--- /dev/null
+++ b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
@@ -0,0 +1,108 @@
+/** @file
+ AmdSvsm Base Support Library.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Uefi.h>
+#include <Library/AmdSvsmLib.h>
+
+/**
+ Report the presence of an Secure Virtual Services Module (SVSM).
+
+ Determines the presence of an SVSM.
+
+ @retval TRUE An SVSM is present
+ @retval FALSE An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmIsSvsmPresent (
+ VOID
+ )
+{
+ return FALSE;
+}
+
+/**
+ Report the VMPL level at which the SEV-SNP guest is running.
+
+ Determines the VMPL level at which the guest is running. If an SVSM is
+ not present, then it must be VMPL0, otherwise return what is reported
+ by the SVSM.
+
+ @return The VMPL level
+
+**/
+UINT8
+EFIAPI
+AmdSvsmSnpGetVmpl (
+ VOID
+ )
+{
+ return 0;
+}
+
+/**
+ Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+ If an SVSM is present, the CAA for the BSP is returned.
+
+ @return The CAA
+
+**/
+UINT64
+EFIAPI
+AmdSvsmSnpGetCaa (
+ VOID
+ )
+{
+ return 0;
+}
+
+/**
+ Perform a PVALIDATE operation for the page ranges specified.
+
+ Validate or rescind the validation of the specified pages.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+AmdSvsmSnpPvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ )
+{
+}
+
+/**
+ Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+ Add or remove the VMSA attribute for a page.
+
+ @param[in] Vmsa Pointer to an SEV-ES save area page
+ @param[in] ApicId APIC ID associated with the VMSA
+ @param[in] SetVmsa Boolean indicator as to whether to set or
+ or clear the VMSA setting for the page
+
+ @retval EFI_SUCCESS RMPADJUST operation successful
+ @retval EFI_UNSUPPORTED Operation is not supported
+ @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
+ parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+AmdSvsmSnpVmsaRmpAdjust (
+ IN SEV_ES_SAVE_AREA *Vmsa,
+ IN UINT32 ApicId,
+ IN BOOLEAN SetVmsa
+ )
+{
+ return EFI_UNSUPPORTED;
+}
diff --git a/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
new file mode 100644
index 000000000000..5e998030de5b
--- /dev/null
+++ b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
@@ -0,0 +1,13 @@
+// /** @file
+// AmdSvsmLib instance.
+//
+// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "AmdSvsmLib NULL instance"
+
+#string STR_MODULE_DESCRIPTION #language en-US "AmdSvsmLib NULL instance."
+
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116537): https://edk2.groups.io/g/devel/message/116537
Mute This Topic: https://groups.io/mt/104810717/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (11 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-04-12 18:43 ` Guo Dong
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
` (12 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth, Gua Guo, Guo Dong, James Lu,
Sean Rhodes
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new AmdSvsmLib library.
To prevent any build breakage, update the UefiPayloadPkg DSC file to
include the AmdSvsmLib NULL library.
Cc: Gua Guo <gua.guo@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: James Lu <james.lu@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 433fb51a5695..e1b9d5ecf182 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -313,6 +313,7 @@ [LibraryClasses]
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
FdtLib|MdePkg/Library/BaseFdtLib/BaseFdtLib.inf
[LibraryClasses.common]
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116538): https://edk2.groups.io/g/devel/message/116538
Mute This Topic: https://groups.io/mt/104810720/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (12 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-03-14 10:39 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
` (11 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth, Anatol Belski, Jianyong Wu
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Add initial support for the new AmdSvsmLib library to OvmfPkg. The initial
implementation fully implements the library interfaces.
The SVSM presence check, AmdSvsmIsSvsmPresent(), determines the presence
of an SVSM by checking if an SVSM has been advertised in the SEV-SNP
Secrets Page.
The VMPL API, AmdSvsmSnpGetVmpl(), returns the VMPL level at which OVMF is
currently running.
The CAA API, AmdSvsmSnpGetCaa(), returns the Calling Area Address when an
SVSM is present, 0 otherwise.
The PVALIDATE API, AmdSvsmSnpPvalidate(), copies the PVALIDATE logic from
the BaseMemEncryptSevLib library for the initial implementation. The
BaseMemEncryptSevLib library will be changed to use this new API so that
the decision as to whether the SVSM is needed to perform the operation
can be isolated to this library.
The VMSA API, AmdSvsmSnpVmsaRmpAdjust(), copies the RMPUPDATE logic from
the MpInitLib library for the initial implementation. The MpInitLib
library will be changed to use this new API so that the decision as to
whether the SVSM is needed to perform the operation can be isolated to
this library.
Cc: Anatol Belski <anbelski@linux.microsoft.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jianyong Wu <jianyong.wu@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf | 38 +++
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 267 ++++++++++++++++++++
6 files changed, 309 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 140c4208f5b7..a7540bb6367f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -204,7 +204,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
- AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
+ AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 4dad0a36e757..b1911d6ab4ac 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -242,7 +242,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
- AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
+ AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index cc84ee3c2956..1f2f8b5bb618 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -246,7 +246,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
- AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
+ AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 87e210d4409c..540c1ed8da63 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -268,7 +268,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
- AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
+ AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
new file mode 100644
index 000000000000..cfd2663adc3a
--- /dev/null
+++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
@@ -0,0 +1,38 @@
+## @file
+# CcExitLib Library.
+#
+# Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.29
+ BASE_NAME = AmdSvsmLib
+ FILE_GUID = 288e3588-87d8-4c2c-b568-bf900de0fb36
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = AmdSvsmLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = X64
+#
+
+[Sources.common]
+ AmdSvsmLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
new file mode 100644
index 000000000000..861bf9591ae3
--- /dev/null
+++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
@@ -0,0 +1,267 @@
+/** @file
+ SVSM Support Library.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Uefi.h>
+#include <Library/AmdSvsmLib.h>
+#include <Register/Amd/Msr.h>
+#include <Register/Amd/Svsm.h>
+
+#define PAGES_PER_2MB_ENTRY 512
+
+/**
+ Issue a GHCB termination request for termination.
+
+ Request termination using the GHCB MSR protocol.
+
+**/
+STATIC
+VOID
+SnpTerminate (
+ VOID
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+
+ //
+ // Use the GHCB MSR Protocol to request termination by the hypervisor
+ //
+ Msr.Uint64 = 0;
+ Msr.GhcbTerminate.Function = GHCB_INFO_TERMINATE_REQUEST;
+ Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB;
+ Msr.GhcbTerminate.ReasonCode = GHCB_TERMINATE_GHCB_GENERAL;
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64);
+
+ AsmVmgExit ();
+
+ ASSERT (FALSE);
+ CpuDeadLoop ();
+}
+
+/**
+ Report the presence of an Secure Virtual Services Module (SVSM).
+
+ Determines the presence of an SVSM.
+
+ @retval TRUE An SVSM is present
+ @retval FALSE An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmIsSvsmPresent (
+ VOID
+ )
+{
+ SVSM_INFORMATION *SvsmInfo;
+
+ SvsmInfo = (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase);
+
+ return (SvsmInfo != NULL && SvsmInfo->SvsmSize != 0);
+}
+
+/**
+ Report the VMPL level at which the SEV-SNP guest is running.
+
+ Determines the VMPL level at which the guest is running. If an SVSM is
+ not present, then it must be VMPL0, otherwise return what is reported
+ by the SVSM.
+
+ @return The VMPL level
+
+**/
+UINT8
+EFIAPI
+AmdSvsmSnpGetVmpl (
+ VOID
+ )
+{
+ SVSM_INFORMATION *SvsmInfo;
+
+ SvsmInfo = (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase);
+
+ return AmdSvsmIsSvsmPresent () ? SvsmInfo->SvsmGuestVmpl : 0;
+}
+
+/**
+ Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+ If an SVSM is present, the CAA for the BSP is returned.
+
+ @return The CAA
+
+**/
+UINT64
+EFIAPI
+AmdSvsmSnpGetCaa (
+ VOID
+ )
+{
+ SVSM_INFORMATION *SvsmInfo;
+
+ SvsmInfo = (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase);
+
+ return AmdSvsmIsSvsmPresent () ? SvsmInfo->SvsmCaa : 0;
+}
+
+/**
+ Perform a native PVALIDATE operation for the page ranges specified.
+
+ Validate or rescind the validation of the specified pages.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+STATIC
+VOID
+BasePvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ )
+{
+ UINTN RmpPageSize;
+ UINTN StartIndex;
+ UINTN EndIndex;
+ UINTN Index;
+ UINTN Ret;
+ EFI_PHYSICAL_ADDRESS Address;
+ BOOLEAN Validate;
+
+ StartIndex = Info->Header.CurrentEntry;
+ EndIndex = Info->Header.EndEntry;
+
+ for ( ; StartIndex <= EndIndex; StartIndex++) {
+ //
+ // Get the address and the page size from the Info.
+ //
+ Address = ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
+ RmpPageSize = Info->Entry[StartIndex].PageSize;
+ Validate = Info->Entry[StartIndex].Operation == SNP_PAGE_STATE_PRIVATE;
+
+ Ret = AsmPvalidate (RmpPageSize, Validate, Address);
+
+ //
+ // If we fail to validate due to size mismatch then try with the
+ // smaller page size. This senario will occur if the backing page in
+ // the RMP entry is 4K and we are validating it as a 2MB.
+ //
+ if ((Ret == PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize == PvalidatePageSize2MB)) {
+ for (Index = 0; Index < PAGES_PER_2MB_ENTRY; Index++) {
+ Ret = AsmPvalidate (PvalidatePageSize4K, Validate, Address);
+ if (Ret) {
+ break;
+ }
+
+ Address = Address + EFI_PAGE_SIZE;
+ }
+ }
+
+ //
+ // If validation failed then do not continue.
+ //
+ if (Ret) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a:%a: Failed to %a address 0x%Lx Error code %d\n",
+ gEfiCallerBaseName,
+ __func__,
+ Validate ? "Validate" : "Invalidate",
+ Address,
+ Ret
+ ));
+
+ SnpTerminate ();
+ }
+ }
+}
+
+/**
+ Perform a PVALIDATE operation for the page ranges specified.
+
+ Validate or rescind the validation of the specified pages.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+AmdSvsmSnpPvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ )
+{
+ BasePvalidate (Info);
+}
+
+/**
+ Perform a native RMPADJUST operation to alter the VMSA setting of a page.
+
+ Add or remove the VMSA attribute for a page.
+
+ @param[in] Vmsa Pointer to an SEV-ES save area page
+ @param[in] SetVmsa Boolean indicator as to whether to set or
+ or clear the VMSA setting for the page
+
+ @retval EFI_SUCCESS RMPADJUST operation successful
+ @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
+ parameter was supplied
+
+**/
+STATIC
+EFI_STATUS
+BaseVmsaRmpAdjust (
+ IN SEV_ES_SAVE_AREA *Vmsa,
+ IN BOOLEAN SetVmsa
+ )
+{
+ UINT64 Rdx;
+ UINT32 Ret;
+
+ //
+ // The RMPADJUST instruction is used to set or clear the VMSA bit for a
+ // page. The VMSA change is only made when running at VMPL0 and is ignored
+ // otherwise. If too low a target VMPL is specified, the instruction can
+ // succeed without changing the VMSA bit when not running at VMPL0. Using a
+ // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error if
+ // not running at VMPL0, thus ensuring that the VMSA bit is set appropriately
+ // when no error is returned.
+ //
+ Rdx = 1;
+ if (SetVmsa) {
+ Rdx |= RMPADJUST_VMSA_PAGE_BIT;
+ }
+
+ Ret = AsmRmpAdjust ((UINT64)(UINTN)Vmsa, 0, Rdx);
+
+ return (Ret == 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER;
+}
+
+/**
+ Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+ Add or remove the VMSA attribute for a page.
+
+ @param[in] Vmsa Pointer to an SEV-ES save area page
+ @param[in] ApicId APIC ID associated with the VMSA
+ @param[in] SetVmsa Boolean indicator as to whether to set or
+ or clear the VMSA setting for the page
+
+ @retval EFI_SUCCESS RMPADJUST operation successful
+ @retval EFI_UNSUPPORTED Operation is not supported
+ @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
+ parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+AmdSvsmSnpVmsaRmpAdjust (
+ IN SEV_ES_SAVE_AREA *Vmsa,
+ IN UINT32 ApicId,
+ IN BOOLEAN SetVmsa
+ )
+{
+ return BaseVmsaRmpAdjust (Vmsa, SetVmsa);
+}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116539): https://edk2.groups.io/g/devel/message/116539
Mute This Topic: https://groups.io/mt/104810723/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (13 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
@ 2024-03-08 15:31 ` Lendacky, Thomas via groups.io
2024-03-14 9:34 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
` (10 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:31 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth, Anatol Belski, Anthony Perard,
Corvin Köhne, Jianyong Wu, Rebecca Cran
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new AmdSvsmLib library.
To prevent any build breakage, update the OvmfPkg DSCs file to include
the AmdSvsmLib NULL library.
Cc: Anatol Belski <anbelski@linux.microsoft.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Corvin Köhne <corvink@freebsd.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jianyong Wu <jianyong.wu@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
OvmfPkg/Microvm/MicrovmX64.dsc | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 3 ++-
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfXen.dsc | 1 +
9 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 60e916b4fd18..140c4208f5b7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -204,6 +204,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 9689a2f14efa..6f305d690dda 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -232,6 +232,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index b522fa10594d..4dad0a36e757 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -242,6 +242,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 7a767324ffda..6a78d1133880 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -212,6 +212,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 2c6bb83beb85..cc84ee3c2956 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -246,6 +246,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 713f08764b07..15fadc2fdc6e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -247,6 +247,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 90b15dc27097..6e55b50a9641 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -4,7 +4,7 @@
# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) Microsoft Corporation.
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -252,6 +252,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 56c920168d25..87e210d4409c 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -268,6 +268,7 @@ [LibraryClasses]
!include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 976b795d41c9..fa1a570e746a 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -233,6 +233,7 @@ [LibraryClasses]
!endif
[LibraryClasses.common]
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116540): https://edk2.groups.io/g/devel/message/116540
Mute This Topic: https://groups.io/mt/104810724/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (14 preceding siblings ...)
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-04-03 7:05 ` Ni, Ray
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
` (9 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to change the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. To
prepare for running at a less priviledged VMPL, use the AmdSvsmLib library
API to perform the RMPADJUST. The AmdSvsmLib library will perform the
proper operation on behalf of the caller.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/MpLib.h | 14 -----
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 20 --------
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 54 +++-----------------
5 files changed, 9 insertions(+), 81 deletions(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 69950fcd1289..19745437f005 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -57,6 +57,7 @@ [LibraryClasses]
SynchronizationLib
PcdLib
CcExitLib
+ AmdSvsmLib
MicrocodeLib
[LibraryClasses.X64]
CpuPageTableLib
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index 22f74a814534..679e51a1acd5 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -53,6 +53,7 @@ [LibraryClasses]
PeiServicesLib
PcdLib
CcExitLib
+ AmdSvsmLib
MicrocodeLib
[Pcd]
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index 65e05c4806f5..179f8e585b5d 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -883,20 +883,6 @@ FillExchangeInfoDataSevEs (
IN volatile MP_CPU_EXCHANGE_INFO *ExchangeInfo
);
-/**
- Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
- @param[in] PageAddress
- @param[in] VmsaPage
-
- @return RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
- IN EFI_PHYSICAL_ADDRESS PageAddress,
- IN BOOLEAN VmsaPage
- );
-
/**
Create an SEV-SNP AP save area (VMSA) for use in running the vCPU.
diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
index 0478e92317f1..963bd62494b9 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
@@ -49,26 +49,6 @@ SevSnpCreateAP (
ASSERT (FALSE);
}
-/**
- Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
- @param[in] PageAddress
- @param[in] VmsaPage
-
- @return RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
- IN EFI_PHYSICAL_ADDRESS PageAddress,
- IN BOOLEAN VmsaPage
- )
-{
- //
- // RMPADJUST is not supported in 32-bit mode
- //
- return RETURN_UNSUPPORTED;
-}
-
/**
Determine if the SEV-SNP AP Create protocol should be used.
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index bd12a5ee2fcb..981135621384 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -10,6 +10,7 @@
#include "MpLib.h"
#include <Library/CcExitLib.h>
+#include <Library/AmdSvsmLib.h>
#include <Register/Amd/Fam17Msr.h>
#include <Register/Amd/Ghcb.h>
@@ -38,20 +39,15 @@ SevSnpPerformApAction (
BOOLEAN InterruptState;
UINT64 ExitInfo1;
UINT64 ExitInfo2;
- UINT32 RmpAdjustStatus;
UINT64 VmgExitStatus;
+ EFI_STATUS VmsaStatus;
if (Action == SVM_VMGEXIT_SNP_AP_CREATE) {
//
- // To turn the page into a recognized VMSA page, issue RMPADJUST:
- // Target VMPL but numerically higher than current VMPL
- // Target PermissionMask is not used
+ // Turn the page into a recognized VMSA page.
//
- RmpAdjustStatus = SevSnpRmpAdjust (
- (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
- TRUE
- );
- if (RmpAdjustStatus != 0) {
+ VmsaStatus = AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE);
+ if (EFI_ERROR (VmsaStatus)) {
DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n"));
ASSERT (FALSE);
@@ -94,11 +90,8 @@ SevSnpPerformApAction (
// Make the current VMSA not runnable and accessible to be
// reprogrammed.
//
- RmpAdjustStatus = SevSnpRmpAdjust (
- (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
- FALSE
- );
- if (RmpAdjustStatus != 0) {
+ VmsaStatus = AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE);
+ if (EFI_ERROR (VmsaStatus)) {
DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n"));
ASSERT (FALSE);
@@ -328,39 +321,6 @@ SevSnpCreateAP (
}
}
-/**
- Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
- @param[in] PageAddress
- @param[in] VmsaPage
-
- @return RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
- IN EFI_PHYSICAL_ADDRESS PageAddress,
- IN BOOLEAN VmsaPage
- )
-{
- UINT64 Rdx;
-
- //
- // The RMPADJUST instruction is used to set or clear the VMSA bit for a
- // page. The VMSA change is only made when running at VMPL0 and is ignored
- // otherwise. If too low a target VMPL is specified, the instruction can
- // succeed without changing the VMSA bit when not running at VMPL0. Using a
- // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error if
- // not running at VMPL0, thus ensuring that the VMSA bit is set appropriately
- // when no error is returned.
- //
- Rdx = 1;
- if (VmsaPage) {
- Rdx |= RMPADJUST_VMSA_PAGE_BIT;
- }
-
- return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx);
-}
-
/**
Determine if the SEV-SNP AP Create protocol should be used.
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116541): https://edk2.groups.io/g/devel/message/116541
Mute This Topic: https://groups.io/mt/104810728/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (15 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-03-14 10:40 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 18/24] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
` (8 subsequent siblings)
25 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction is used to change the SNP validation of a page,
but that can only be done when running at VMPL0. To prepare for running at
a less priviledged VMPL, use the AmdSvsmLib library API to perform the
PVALIDATE. The AmdSvsmLib library will perform the proper operation on
behalf of the caller.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 3 +-
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 3 +-
OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | 3 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 74 +-------------------
4 files changed, 9 insertions(+), 74 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index cc24961c9265..312ee73e5474 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
## @file
# Library provides the helper functions for SEV guest
#
-# Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -52,6 +52,7 @@ [LibraryClasses]
MemoryAllocationLib
PcdLib
CcExitLib
+ AmdSvsmLib
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 8f56783da55e..1e0b5600eb1d 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
## @file
# Library provides the helper functions for SEV guest
#
-# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -52,6 +52,7 @@ [LibraryClasses]
MemoryAllocationLib
PcdLib
CcExitLib
+ AmdSvsmLib
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
index b6d76e7e630f..a06ea6188eab 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
## @file
# Library provides the helper functions for SEV guest
#
-# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -49,6 +49,7 @@ [LibraryClasses]
DebugLib
PcdLib
CcExitLib
+ AmdSvsmLib
[FixedPcd]
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index f1883239a661..c8c0c4ef0e95 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -14,14 +14,13 @@
#include <Library/MemEncryptSevLib.h>
#include <Library/DebugLib.h>
#include <Library/CcExitLib.h>
+#include <Library/AmdSvsmLib.h>
#include <Register/Amd/Ghcb.h>
#include <Register/Amd/Msr.h>
#include "SnpPageStateChange.h"
-#define PAGES_PER_LARGE_ENTRY 512
-
STATIC
UINTN
MemoryStateToGhcbOp (
@@ -63,73 +62,6 @@ SnpPageStateFailureTerminate (
CpuDeadLoop ();
}
-/**
- This function issues the PVALIDATE instruction to validate or invalidate the memory
- range specified. If PVALIDATE returns size mismatch then it retry validating with
- smaller page size.
-
- */
-STATIC
-VOID
-PvalidateRange (
- IN SNP_PAGE_STATE_CHANGE_INFO *Info
- )
-{
- UINTN RmpPageSize;
- UINTN StartIndex;
- UINTN EndIndex;
- UINTN Index;
- UINTN Ret;
- EFI_PHYSICAL_ADDRESS Address;
- BOOLEAN Validate;
-
- StartIndex = Info->Header.CurrentEntry;
- EndIndex = Info->Header.EndEntry;
-
- for ( ; StartIndex <= EndIndex; StartIndex++) {
- //
- // Get the address and the page size from the Info.
- //
- Address = ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
- RmpPageSize = Info->Entry[StartIndex].PageSize;
- Validate = Info->Entry[StartIndex].Operation == SNP_PAGE_STATE_PRIVATE;
-
- Ret = AsmPvalidate (RmpPageSize, Validate, Address);
-
- //
- // If we fail to validate due to size mismatch then try with the
- // smaller page size. This senario will occur if the backing page in
- // the RMP entry is 4K and we are validating it as a 2MB.
- //
- if ((Ret == PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize == PvalidatePageSize2MB)) {
- for (Index = 0; Index < PAGES_PER_LARGE_ENTRY; Index++) {
- Ret = AsmPvalidate (PvalidatePageSize4K, Validate, Address);
- if (Ret) {
- break;
- }
-
- Address = Address + EFI_PAGE_SIZE;
- }
- }
-
- //
- // If validation failed then do not continue.
- //
- if (Ret) {
- DEBUG ((
- DEBUG_ERROR,
- "%a:%a: Failed to %a address 0x%Lx Error code %d\n",
- gEfiCallerBaseName,
- __func__,
- Validate ? "Validate" : "Invalidate",
- Address,
- Ret
- ));
- SnpPageStateFailureTerminate ();
- }
- }
-}
-
STATIC
EFI_PHYSICAL_ADDRESS
BuildPageStateBuffer (
@@ -328,7 +260,7 @@ InternalSetPageState (
// invalidate the pages before making the page shared in the RMP table.
//
if (State == SevSnpPageShared) {
- PvalidateRange (Info);
+ AmdSvsmSnpPvalidate (Info);
}
//
@@ -341,7 +273,7 @@ InternalSetPageState (
// validate the pages after it has been added in the RMP table.
//
if (State == SevSnpPagePrivate) {
- PvalidateRange (Info);
+ AmdSvsmSnpPvalidate (Info);
}
}
}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116542): https://edk2.groups.io/g/devel/message/116542
Mute This Topic: https://groups.io/mt/104810729/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 18/24] OvmfPkg: Create a calling area used to communicate with the SVSM
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (16 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 19/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
` (7 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
An SVSM requires a calling area page whose address (CAA) is used by the
SVSM to communicate and process the SVSM request.
Add a pre-defined page area to the OvmfPkg and AmdSev packages and define
corresponding PCDs used to communicate the location and size of the area.
Keep the AmdSev package in sync with the OvmfPkg and adjust the AmdSev
launch and hash area memory locations.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/OvmfPkg.dec | 4 ++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++---
OvmfPkg/OvmfPkgX64.fdf | 3 +++
OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
OvmfPkg/ResetVector/ResetVector.inf | 2 ++
OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++
OvmfPkg/ResetVector/ResetVector.nasmb | 6 ++++--
OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 ++++++++++-
8 files changed, 42 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index fbc81e4c8070..2f7bded9260b 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -338,6 +338,10 @@ [PcdsFixedAtBuild]
## Restrict boot to EFI applications in firmware volumes.
gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|FALSE|BOOLEAN|0x6c
+ ## The base address and size of the initial SVSM Calling Area.
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|0|UINT32|0x70
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize|0|UINT32|0x71
+
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index b84981e7ba04..d49555c6c873 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -68,13 +68,16 @@ [FD.MEMFD]
0x00E000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
-0x00F000|0x000C00
+0x00F000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
+
+0x010000|0x000C00
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
-0x00FC00|0x000400
+0x010C00|0x000400
gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
-0x010000|0x010000
+0x011000|0x00F000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
0x020000|0x0E0000
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index eb3fb90cb8b6..d41d8ea7370d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -94,6 +94,9 @@ [FD.MEMFD]
0x00E000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
+0x00F000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
+
0x010000|0x010000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 2206316fec9e..20b1b9829225 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -128,6 +128,8 @@ [FixedPcd]
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index 65f71b05a02e..7bd517e63a0d 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -62,6 +62,8 @@ [FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase
gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a9de33074a69..e6724cf493a7 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -555,5 +555,16 @@ SevInitializeRam (
(UINT64)(UINTN)PcdGet32 (PcdOvmfCpuidSize),
EfiReservedMemoryType
);
+
+ //
+ // The calling area memory needs to be protected until the OS can create
+ // its own calling area. Mark it as EfiReservedMemoryType so that the
+ // guest firmware and OS do not use it as a system memory.
+ //
+ BuildMemoryAllocationHob (
+ (EFI_PHYSICAL_ADDRESS)(UINTN)PcdGet32 (PcdOvmfSecSvsmCaaBase),
+ (UINT64)(UINTN)PcdGet32 (PcdOvmfSecSvsmCaaSize),
+ EfiReservedMemoryType
+ );
}
}
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 2bd80149e58b..7279ac64b17a 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -3,7 +3,7 @@
; This file includes all other code files to assemble the reset vector code
;
; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.<BR>
-; Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; Copyright (c) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
; SPDX-License-Identifier: BSD-2-Clause-Patent
;
;------------------------------------------------------------------------------
@@ -69,6 +69,8 @@
%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
%define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase))
%define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize))
+%define SVSM_CAA_BASE (FixedPcdGet32 (PcdOvmfSecSvsmCaaBase))
+%define SVSM_CAA_SIZE (FixedPcdGet32 (PcdOvmfSecSvsmCaaSize))
%if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0)
; There's a reserved page for SEV secrets and hashes; the VMM will fill and
; validate the page, or mark it as a zero page.
@@ -89,7 +91,7 @@
;
%define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000)
%define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE_DESC_2)
-%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
+%define SNP_SEC_MEM_BASE_DESC_3 (SVSM_CAA_BASE + SVSM_CAA_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
%define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
%ifdef ARCH_X64
diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
index 8aa77d870123..2511073a466f 100644
--- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
+++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
@@ -2,7 +2,7 @@
; @file
; OVMF metadata for the AMD SEV confidential computing guests
;
-; Copyright (c) 2021, AMD Inc. All rights reserved.<BR>
+; Copyright (c) 2021 - 2024, AMD Inc. All rights reserved.<BR>
;
; SPDX-License-Identifier: BSD-2-Clause-Patent
;-----------------------------------------------------------------------------
@@ -26,6 +26,9 @@ BITS 64
;
%define OVMF_SECTION_TYPE_CPUID 0x3
+; The SVSM Calling Area Address (CAA)
+%define OVMF_SECTION_TYPE_SVSM_CAA 0x4
+
; Kernel hashes section for measured direct boot
%define OVMF_SECTION_TYPE_KERNEL_HASHES 0x10
@@ -67,6 +70,12 @@ CpuidSec:
DD CPUID_SIZE
DD OVMF_SECTION_TYPE_CPUID
+; SVSM CAA page
+SvsmCaa:
+ DD SVSM_CAA_BASE
+ DD SVSM_CAA_SIZE
+ DD OVMF_SECTION_TYPE_SVSM_CAA
+
%if (SEV_SNP_KERNEL_HASHES_BASE > 0)
; Kernel hashes for measured direct boot, or zero page if
; there are no kernel hashes / SEV secrets
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116543): https://edk2.groups.io/g/devel/message/116543
Mute This Topic: https://groups.io/mt/104810730/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 19/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (17 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 18/24] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 20/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
` (6 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction can only be performed at VMPL0. An SVSM will
be present when running at VMPL1 or higher.
When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform
memory validation instead of issuing the PVALIDATE instruction directly.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 183 +++++++++++++++++++-
1 file changed, 182 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
index 861bf9591ae3..fb3fda70e948 100644
--- a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
+++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
@@ -8,6 +8,7 @@
#include <Base.h>
#include <Uefi.h>
+#include <Library/BaseMemoryLib.h>
#include <Library/AmdSvsmLib.h>
#include <Register/Amd/Msr.h>
#include <Register/Amd/Svsm.h>
@@ -43,6 +44,78 @@ SnpTerminate (
CpuDeadLoop ();
}
+/**
+ Issue an SVSM request.
+
+ Invokes the SVSM to process a request on behalf of the guest.
+
+ @param[in,out] SvsmCallData Pointer to the SVSM call data
+
+ @return Contents of RAX upon return from VMGEXIT
+**/
+STATIC
+UINTN
+SvsmMsrProtocol (
+ IN OUT SVSM_CALL_DATA *SvsmCallData
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ UINT64 CurrentMsr;
+ UINT8 Pending;
+ BOOLEAN InterruptState;
+ UINTN Ret;
+
+ do {
+ //
+ // Be sure that an interrupt can't cause a #VC while the GHCB MSR protocol
+ // is being used (#VC handler will ASSERT if lower 12-bits are not zero).
+ //
+ InterruptState = GetInterruptState ();
+ if (InterruptState) {
+ DisableInterrupts ();
+ }
+
+ Pending = 0;
+ SvsmCallData->CallPending = &Pending;
+
+ CurrentMsr = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+ Msr.Uint64 = 0;
+ Msr.SnpVmplRequest.Function = GHCB_INFO_SNP_VMPL_REQUEST;
+ Msr.SnpVmplRequest.Vmpl = 0;
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64);
+
+ //
+ // Guest memory is used for the guest-SVSM communication, so fence the
+ // invocation of the VMGEXIT instruction to ensure VMSA accesses are
+ // synchronized properly.
+ //
+ MemoryFence ();
+ Ret = AsmVmgExitSvsm (SvsmCallData);
+ MemoryFence ();
+
+ Msr.Uint64 = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr);
+
+ if (InterruptState) {
+ EnableInterrupts ();
+ }
+
+ if (Pending != 0) {
+ SnpTerminate ();
+ }
+
+ if ((Msr.SnpVmplResponse.Function != GHCB_INFO_SNP_VMPL_RESPONSE) ||
+ (Msr.SnpVmplResponse.ErrorCode != 0))
+ {
+ SnpTerminate ();
+ }
+ } while (Ret == SVSM_ERR_INCOMPLETE || Ret == SVSM_ERR_BUSY);
+
+ return Ret;
+}
+
/**
Report the presence of an Secure Virtual Services Module (SVSM).
@@ -109,6 +182,114 @@ AmdSvsmSnpGetCaa (
return AmdSvsmIsSvsmPresent () ? SvsmInfo->SvsmCaa : 0;
}
+/**
+ Issue an SVSM request to perform the PVALIDATE instruction.
+
+ Invokes the SVSM to process the PVALIDATE instruction on behalf of the
+ guest to validate or invalidate the memory range specified.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+STATIC
+VOID
+SvsmPvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ )
+{
+ SVSM_CALL_DATA SvsmCallData;
+ SVSM_CAA *Caa;
+ SVSM_PVALIDATE_REQUEST *Request;
+ SVSM_FUNCTION Function;
+ BOOLEAN Validate;
+ UINTN Entry;
+ UINTN EntryLimit;
+ UINTN Index;
+ UINTN EndIndex;
+ UINT64 Gfn;
+ UINT64 GfnEnd;
+ UINTN Ret;
+
+ Caa = (SVSM_CAA *)AmdSvsmSnpGetCaa ();
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+
+ Function.Id.Protocol = 0;
+ Function.Id.CallId = 1;
+
+ Request = (SVSM_PVALIDATE_REQUEST *)Caa->SvsmBuffer;
+ EntryLimit = ((sizeof (Caa->SvsmBuffer) - sizeof (*Request)) /
+ sizeof (Request->Entry[0])) - 1;
+
+ SvsmCallData.Caa = Caa;
+ SvsmCallData.RaxIn = Function.Uint64;
+ SvsmCallData.RcxIn = (UINT64)(UINTN)Request;
+
+ Entry = 0;
+ Index = Info->Header.CurrentEntry;
+ EndIndex = Info->Header.EndEntry;
+
+ while (Index <= EndIndex) {
+ Validate = Info->Entry[Index].Operation == SNP_PAGE_STATE_PRIVATE;
+
+ Request->Header.Entries++;
+ Request->Entry[Entry].Bits.PageSize = Info->Entry[Index].PageSize;
+ Request->Entry[Entry].Bits.Action = (Validate == TRUE) ? 1 : 0;
+ Request->Entry[Entry].Bits.IgnoreCf = 0;
+ Request->Entry[Entry].Bits.Address = Info->Entry[Index].GuestFrameNumber;
+
+ Entry++;
+ if ((Entry > EntryLimit) || (Index == EndIndex)) {
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+ if ((Ret == SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH) &&
+ (Request->Entry[Request->Header.Next].Bits.PageSize != 0))
+ {
+ // Calculate the Index of the entry after the entry that failed
+ // before clearing the buffer so that processing can continue
+ // from that point
+ Index = Index - (Entry - Request->Header.Next) + 2;
+
+ // Obtain the failing GFN before clearing the buffer
+ Gfn = Request->Entry[Request->Header.Next].Bits.Address;
+
+ // Clear the buffer in prep for creating all new entries
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+ Entry = 0;
+
+ GfnEnd = Gfn + PAGES_PER_2MB_ENTRY - 1;
+ for ( ; Gfn <= GfnEnd; Gfn++) {
+ Request->Header.Entries++;
+ Request->Entry[Entry].Bits.PageSize = 0;
+ Request->Entry[Entry].Bits.Action = (Validate == TRUE) ? 1 : 0;
+ Request->Entry[Entry].Bits.IgnoreCf = 0;
+ Request->Entry[Entry].Bits.Address = Gfn;
+
+ Entry++;
+ if ((Entry > EntryLimit) || (Gfn == GfnEnd)) {
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+ if (Ret != 0) {
+ SnpTerminate ();
+ }
+
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+ Entry = 0;
+ }
+ }
+
+ continue;
+ }
+
+ if (Ret != 0) {
+ SnpTerminate ();
+ }
+
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+ Entry = 0;
+ }
+
+ Index++;
+ }
+}
+
/**
Perform a native PVALIDATE operation for the page ranges specified.
@@ -193,7 +374,7 @@ AmdSvsmSnpPvalidate (
IN SNP_PAGE_STATE_CHANGE_INFO *Info
)
{
- BasePvalidate (Info);
+ AmdSvsmIsSvsmPresent () ? SvsmPvalidate (Info) : BasePvalidate (Info);
}
/**
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116544): https://edk2.groups.io/g/devel/message/116544
Mute This Topic: https://groups.io/mt/104810732/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 20/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (18 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 19/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 21/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
` (5 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Similar to the Page State Change optimization added previously, also take
into account the possiblity of using the SVSM for PVALIDATE instructions.
Conditionally adjust the maximum number of entries based on how many
entries the SVSM calling area can support.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index c8c0c4ef0e95..e073f3937c41 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -18,6 +18,7 @@
#include <Register/Amd/Ghcb.h>
#include <Register/Amd/Msr.h>
+#include <Register/Amd/Svsm.h>
#include "SnpPageStateChange.h"
@@ -78,6 +79,7 @@ BuildPageStateBuffer (
UINTN Index;
UINTN IndexMax;
UINTN PscIndexMax;
+ UINTN SvsmIndexMax;
// Clear the page state structure
SetMem (Info, InfoSize, 0);
@@ -96,6 +98,11 @@ BuildPageStateBuffer (
IndexMax = MIN (IndexMax, PscIndexMax);
}
+ SvsmIndexMax = (IndexMax / SVSM_PVALIDATE_MAX_ENTRY) * SVSM_PVALIDATE_MAX_ENTRY;
+ if (SvsmIndexMax > 0) {
+ IndexMax = MIN (IndexMax, SvsmIndexMax);
+ }
+
//
// Populate the page state entry structure
//
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116545): https://edk2.groups.io/g/devel/message/116545
Mute This Topic: https://groups.io/mt/104810737/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 21/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (19 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 20/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 22/24] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
` (4 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to alter the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. When
an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU
calls to add or remove the VMSA attribute on a page instead of issuing
the RMPADJUST instruction directly.
Implement the AmdSvsmSnpVmsaRmpAdjust() API to perform the proper operation
to update the VMSA attribute.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 54 +++++++++++++++++++-
1 file changed, 53 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
index fb3fda70e948..6c79ee7d916b 100644
--- a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
+++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
@@ -377,6 +377,57 @@ AmdSvsmSnpPvalidate (
AmdSvsmIsSvsmPresent () ? SvsmPvalidate (Info) : BasePvalidate (Info);
}
+/**
+ Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+ Add or remove the VMSA attribute for a page.
+
+ @param[in] Vmsa Pointer to an SEV-ES save area page
+ @param[in] ApicId APIC ID associated with the VMSA
+ @param[in] SetVmsa Boolean indicator as to whether to set or
+ or clear the VMSA setting for the page
+
+ @retval EFI_SUCCESS RMPADJUST operation successful
+ @retval EFI_UNSUPPORTED Operation is not supported
+ @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
+ parameter was supplied
+
+**/
+STATIC
+EFI_STATUS
+SvsmVmsaRmpAdjust (
+ IN SEV_ES_SAVE_AREA *Vmsa,
+ IN UINT32 ApicId,
+ IN BOOLEAN SetVmsa
+ )
+{
+ SVSM_CALL_DATA SvsmCallData;
+ SVSM_FUNCTION Function;
+ UINTN Ret;
+
+ SvsmCallData.Caa = (SVSM_CAA *)AmdSvsmSnpGetCaa ();
+
+ Function.Id.Protocol = 0;
+
+ if (SetVmsa) {
+ Function.Id.CallId = 2;
+
+ SvsmCallData.RaxIn = Function.Uint64;
+ SvsmCallData.RcxIn = (UINT64)(UINTN)Vmsa;
+ SvsmCallData.RdxIn = (UINT64)(UINTN)Vmsa + SIZE_4KB;
+ SvsmCallData.R8In = ApicId;
+ } else {
+ Function.Id.CallId = 3;
+
+ SvsmCallData.RaxIn = Function.Uint64;
+ SvsmCallData.RcxIn = (UINT64)(UINTN)Vmsa;
+ }
+
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+
+ return (Ret == 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER;
+}
+
/**
Perform a native RMPADJUST operation to alter the VMSA setting of a page.
@@ -444,5 +495,6 @@ AmdSvsmSnpVmsaRmpAdjust (
IN BOOLEAN SetVmsa
)
{
- return BaseVmsaRmpAdjust (Vmsa, SetVmsa);
+ return AmdSvsmIsSvsmPresent () ? SvsmVmsaRmpAdjust (Vmsa, ApicId, SetVmsa)
+ : BaseVmsaRmpAdjust (Vmsa, SetVmsa);
}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116546): https://edk2.groups.io/g/devel/message/116546
Mute This Topic: https://groups.io/mt/104810739/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 22/24] UefiCpuPkg/MpInitLib: AP creation support under an SVSM
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (20 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 21/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 23/24] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
` (3 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When running under an SVSM, the VMPL level of the APs that are started
must match the VMPL level provided by the SVSM. Additionally, each AP
must have a Calling Area for use with the SVSM protocol. Update the AP
creation to properly support running under an SVSM.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Acked-by: Ray Ni <ray.ni@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 28 +++++++++++++-------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index 981135621384..bbdc47b5a314 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -44,7 +44,8 @@ SevSnpPerformApAction (
if (Action == SVM_VMGEXIT_SNP_AP_CREATE) {
//
- // Turn the page into a recognized VMSA page.
+ // Turn the page into a recognized VMSA page. When an SVSM is present
+ // the page following the VMSA is the Calling Area page.
//
VmsaStatus = AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE);
if (EFI_ERROR (VmsaStatus)) {
@@ -56,6 +57,7 @@ SevSnpPerformApAction (
}
ExitInfo1 = (UINT64)ApicId << 32;
+ ExitInfo1 |= (UINT64)SaveArea->Vmpl << 16;
ExitInfo1 |= Action;
ExitInfo2 = (UINT64)(UINTN)SaveArea;
@@ -87,8 +89,9 @@ SevSnpPerformApAction (
if (Action == SVM_VMGEXIT_SNP_AP_DESTROY) {
//
- // Make the current VMSA not runnable and accessible to be
- // reprogrammed.
+ // Make the current VMSA not runnable and accessible to be reprogrammed.
+ // When an SVSM is present the page following the VMSA is the Calling Area
+ // page.
//
VmsaStatus = AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE);
if (EFI_ERROR (VmsaStatus)) {
@@ -116,6 +119,7 @@ SevSnpCreateSaveArea (
UINT32 ApicId
)
{
+ UINTN PageCount;
UINT8 *Pages;
SEV_ES_SAVE_AREA *SaveArea;
IA32_CR0 ApCr0;
@@ -125,13 +129,19 @@ SevSnpCreateSaveArea (
UINTN StartIp;
UINT8 SipiVector;
+ //
+ // When running under an SVSM, a Calling Area page is also needed and is
+ // always the page following the VMSA.
+ //
+ PageCount = AmdSvsmIsSvsmPresent () ? 2 : 1;
+
if (CpuData->SevEsSaveArea == NULL) {
//
// Allocate a page for the SEV-ES Save Area and initialize it. Due to AMD
// erratum #1467 (VMSA cannot be on a 2MB boundary), allocate an extra page
// to choose from to work around the issue.
//
- Pages = AllocateReservedPages (2);
+ Pages = AllocateReservedPages (PageCount + 1);
if (!Pages) {
return;
}
@@ -140,12 +150,12 @@ SevSnpCreateSaveArea (
// Since page allocation works by allocating downward in the address space,
// try to always free the first (lower address) page to limit possible holes
// in the memory map. So, if the address of the second page is 2MB aligned,
- // then use the first page and free the second page. Otherwise, free the
+ // then use the first page and free the last page. Otherwise, free the
// first page and use the second page.
//
if (_IS_ALIGNED (Pages + EFI_PAGE_SIZE, SIZE_2MB)) {
SaveArea = (SEV_ES_SAVE_AREA *)Pages;
- FreePages (Pages + EFI_PAGE_SIZE, 1);
+ FreePages (Pages + (EFI_PAGE_SIZE * PageCount), 1);
} else {
SaveArea = (SEV_ES_SAVE_AREA *)(Pages + EFI_PAGE_SIZE);
FreePages (Pages, 1);
@@ -163,7 +173,7 @@ SevSnpCreateSaveArea (
}
}
- ZeroMem (SaveArea, EFI_PAGE_SIZE);
+ ZeroMem (SaveArea, EFI_PAGE_SIZE * PageCount);
//
// Propogate the CR0.NW and CR0.CD setting to the AP
@@ -239,10 +249,10 @@ SevSnpCreateSaveArea (
//
// Set the SEV-SNP specific fields for the save area:
- // VMPL - always VMPL0
+ // VMPL - based on current mode
// SEV_FEATURES - equivalent to the SEV_STATUS MSR right shifted 2 bits
//
- SaveArea->Vmpl = 0;
+ SaveArea->Vmpl = AmdSvsmSnpGetVmpl ();
SaveArea->SevFeatures = AsmReadMsr64 (MSR_SEV_STATUS) >> 2;
SevSnpPerformApAction (SaveArea, ApicId, SVM_VMGEXIT_SNP_AP_CREATE);
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116547): https://edk2.groups.io/g/devel/message/116547
Mute This Topic: https://groups.io/mt/104810744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 23/24] Ovmfpkg/CcExitLib: Provide SVSM discovery support
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (21 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 22/24] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
@ 2024-03-08 15:32 ` Lendacky, Thomas via groups.io
2024-03-08 15:33 ` [edk2-devel] [PATCH v3 24/24] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
` (2 subsequent siblings)
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:32 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification documents an alternative method of discovery for
the SVSM using a reserved CPUID bit and a reserved MSR.
For the CPUID support, the #VC handler of an SEV-SNP guest should modify
the returned value in the EAX register for the 0x8000001f CPUID function
by setting bit 28 when an SVSM is present.
For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC
should be generated when accessing this MSR. The #VC handler is expected
to ignore writes to this MSR and return the physical calling area address
(CAA) on reads of this MSR.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/CcExitLib/CcExitLib.inf | 3 +-
OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 3 +-
OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 ++++++++++++++++++--
3 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/Library/CcExitLib/CcExitLib.inf b/OvmfPkg/Library/CcExitLib/CcExitLib.inf
index bc75cd5f5a04..e09f18453ac9 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitLib.inf
+++ b/OvmfPkg/Library/CcExitLib/CcExitLib.inf
@@ -1,7 +1,7 @@
## @file
# CcExitLib Library.
#
-# Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
# Copyright (C) 2020 - 2022, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -41,6 +41,7 @@ [LibraryClasses]
DebugLib
LocalApicLib
MemEncryptSevLib
+ AmdSvsmLib
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
diff --git a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf b/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
index 811269dd2c06..dff6cd2761ca 100644
--- a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
+++ b/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
@@ -1,7 +1,7 @@
## @file
# VMGEXIT Support Library.
#
-# Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -41,6 +41,7 @@ [LibraryClasses]
LocalApicLib
MemEncryptSevLib
PcdLib
+ AmdSvsmLib
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
index 0fc30f7bc4f6..0b61d28f8b94 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
+++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
@@ -1,7 +1,7 @@
/** @file
X64 #VC Exception Handler functon.
- Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -12,6 +12,7 @@
#include <Library/LocalApicLib.h>
#include <Library/MemEncryptSevLib.h>
#include <Library/CcExitLib.h>
+#include <Library/AmdSvsmLib.h>
#include <Register/Amd/Msr.h>
#include <Register/Intel/Cpuid.h>
#include <IndustryStandard/InstructionParsing.h>
@@ -713,10 +714,29 @@ MsrExit (
IN CC_INSTRUCTION_DATA *InstructionData
)
{
- UINT64 ExitInfo1, Status;
+ MSR_SVSM_CAA_REGISTER Msr;
+ UINT64 ExitInfo1;
+ UINT64 Status;
ExitInfo1 = 0;
+ //
+ // The SVSM CAA MSR is a software implemented MSR and not supported
+ // by the hardware, handle it directly.
+ //
+ if (Regs->Rax == MSR_SVSM_CAA) {
+ // Writes to the SVSM CAA MSR are ignored
+ if (*(InstructionData->OpCodes + 1) == 0x30) {
+ return 0;
+ }
+
+ Msr.Uint64 = AmdSvsmSnpGetCaa ();
+ Regs->Rax = Msr.Bits.Lower32Bits;
+ Regs->Rdx = Msr.Bits.Upper32Bits;
+
+ return 0;
+ }
+
switch (*(InstructionData->OpCodes + 1)) {
case 0x30: // WRMSR
ExitInfo1 = 1;
@@ -1388,6 +1408,11 @@ GetCpuidFw (
*Ebx = (*Ebx & 0xFFFFFF00) | (Ebx2 & 0x000000FF);
/* node ID */
*Ecx = (*Ecx & 0xFFFFFF00) | (Ecx2 & 0x000000FF);
+ } else if (EaxIn == 0x8000001F) {
+ /* Set the SVSM feature bit if running under an SVSM */
+ if (AmdSvsmIsSvsmPresent ()) {
+ *Eax |= BIT28;
+ }
}
Out:
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116548): https://edk2.groups.io/g/devel/message/116548
Mute This Topic: https://groups.io/mt/104810747/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH v3 24/24] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (22 preceding siblings ...)
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 23/24] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
@ 2024-03-08 15:33 ` Lendacky, Thomas via groups.io
2024-03-26 18:34 ` [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library Lendacky, Thomas via groups.io
25 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 15:33 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, an SEV-SNP guest will terminate if it is not running at VMPL0.
The requirement for running at VMPL0 is removed if an SVSM is present.
Update the current VMPL0 check to additionally check for the presence of
an SVSM is the guest is not running at VMPL0.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index ca279d77274b..227e33339910 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -12,6 +12,7 @@
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/MemEncryptSevLib.h>
+#include <Library/AmdSvsmLib.h>
#include "SnpPageStateChange.h"
@@ -74,10 +75,12 @@ MemEncryptSevSnpPreValidateSystemRam (
//
// The page state change uses the PVALIDATE instruction. The instruction
- // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate
- // the boot.
+ // can be run at VMPL-0 only. If its not a VMPL-0 guest, then an SVSM must
+ // be present to perform the operation on behalf of the guest. If the guest
+ // is not running at VMPL-0 and an SVSM is not present, then terminate the
+ // boot.
//
- if (!SevSnpIsVmpl0 ()) {
+ if (!SevSnpIsVmpl0 () && !AmdSvsmIsSvsmPresent ()) {
SnpPageStateFailureTerminate ();
}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116549): https://edk2.groups.io/g/devel/message/116549
Mute This Topic: https://groups.io/mt/104810750/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
@ 2024-03-14 9:34 ` Gerd Hoffmann
0 siblings, 0 replies; 57+ messages in thread
From: Gerd Hoffmann @ 2024-03-14 9:34 UTC (permalink / raw)
To: Tom Lendacky
Cc: devel, Ard Biesheuvel, Erdem Aktas, Jiewen Yao, Laszlo Ersek,
Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu, Rahul Kumar,
Ray Ni, Michael Roth, Anatol Belski, Anthony Perard,
Corvin Köhne, Jianyong Wu, Rebecca Cran
On Fri, Mar 08, 2024 at 09:29:42AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> The MpInitLib library will be updated to use the new AmdSvsmLib library.
> To prevent any build breakage, update the OvmfPkg DSCs file to include
> the AmdSvsmLib NULL library.
>
> Cc: Anatol Belski <anbelski@linux.microsoft.com>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Corvin Köhne <corvink@freebsd.org>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Jianyong Wu <jianyong.wu@arm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116735): https://edk2.groups.io/g/devel/message/116735
Mute This Topic: https://groups.io/mt/104810724/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
@ 2024-03-14 10:39 ` Gerd Hoffmann
0 siblings, 0 replies; 57+ messages in thread
From: Gerd Hoffmann @ 2024-03-14 10:39 UTC (permalink / raw)
To: Tom Lendacky
Cc: devel, Ard Biesheuvel, Erdem Aktas, Jiewen Yao, Laszlo Ersek,
Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu, Rahul Kumar,
Ray Ni, Michael Roth, Anatol Belski, Jianyong Wu
On Fri, Mar 08, 2024 at 09:29:43AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> Add initial support for the new AmdSvsmLib library to OvmfPkg. The initial
> implementation fully implements the library interfaces.
>
> The SVSM presence check, AmdSvsmIsSvsmPresent(), determines the presence
> of an SVSM by checking if an SVSM has been advertised in the SEV-SNP
> Secrets Page.
>
> The VMPL API, AmdSvsmSnpGetVmpl(), returns the VMPL level at which OVMF is
> currently running.
>
> The CAA API, AmdSvsmSnpGetCaa(), returns the Calling Area Address when an
> SVSM is present, 0 otherwise.
>
> The PVALIDATE API, AmdSvsmSnpPvalidate(), copies the PVALIDATE logic from
> the BaseMemEncryptSevLib library for the initial implementation. The
> BaseMemEncryptSevLib library will be changed to use this new API so that
> the decision as to whether the SVSM is needed to perform the operation
> can be isolated to this library.
>
> The VMSA API, AmdSvsmSnpVmsaRmpAdjust(), copies the RMPUPDATE logic from
> the MpInitLib library for the initial implementation. The MpInitLib
> library will be changed to use this new API so that the decision as to
> whether the SVSM is needed to perform the operation can be isolated to
> this library.
>
> Cc: Anatol Belski <anbelski@linux.microsoft.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Jianyong Wu <jianyong.wu@arm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116738): https://edk2.groups.io/g/devel/message/116738
Mute This Topic: https://groups.io/mt/104810723/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
@ 2024-03-14 10:40 ` Gerd Hoffmann
0 siblings, 0 replies; 57+ messages in thread
From: Gerd Hoffmann @ 2024-03-14 10:40 UTC (permalink / raw)
To: Tom Lendacky
Cc: devel, Ard Biesheuvel, Erdem Aktas, Jiewen Yao, Laszlo Ersek,
Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu, Rahul Kumar,
Ray Ni, Michael Roth
On Fri, Mar 08, 2024 at 09:29:45AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> The PVALIDATE instruction is used to change the SNP validation of a page,
> but that can only be done when running at VMPL0. To prepare for running at
> a less priviledged VMPL, use the AmdSvsmLib library API to perform the
> PVALIDATE. The AmdSvsmLib library will perform the proper operation on
> behalf of the caller.
>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116739): https://edk2.groups.io/g/devel/message/116739
Mute This Topic: https://groups.io/mt/104810729/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
@ 2024-03-14 10:42 ` Gerd Hoffmann
0 siblings, 0 replies; 57+ messages in thread
From: Gerd Hoffmann @ 2024-03-14 10:42 UTC (permalink / raw)
To: devel, thomas.lendacky
Cc: Ard Biesheuvel, Erdem Aktas, Jiewen Yao, Laszlo Ersek,
Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu, Rahul Kumar,
Ray Ni, Michael Roth
On Fri, Mar 08, 2024 at 07:30:56AM -0800, Lendacky, Thomas via groups.io wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
> fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
> structure maps the full GHCB shared buffer based on the shared buffer size
> being 2032 bytes.
>
> Instead of using a hardcoded value for SNP_PAGE_STATE_MAX_ENTRY, use a
> build calculated value. Since the SNP_PAGE_STATE_CHANGE_INFO is used as a
> mapping, eliminate the hardcoded array size so that the structure can be
> used based on any size buffer.
>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116740): https://edk2.groups.io/g/devel/message/116740
Mute This Topic: https://groups.io/mt/104810697/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
@ 2024-03-14 10:43 ` Gerd Hoffmann
0 siblings, 0 replies; 57+ messages in thread
From: Gerd Hoffmann @ 2024-03-14 10:43 UTC (permalink / raw)
To: devel, thomas.lendacky
Cc: Ard Biesheuvel, Erdem Aktas, Jiewen Yao, Laszlo Ersek,
Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu, Rahul Kumar,
Ray Ni, Michael Roth
On Fri, Mar 08, 2024 at 07:31:11AM -0800, Lendacky, Thomas via groups.io wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> In preparation for running under an SVSM at VMPL1 or higher (higher
> numerically, lower privilege), re-organize the way a page state change
> is performed in order to free up the GHCB for use by the SVSM support.
>
> Currently, the page state change logic directly uses the GHCB shared
> buffer to build the page state change structures. However, this will be
> in conflict with the use of the GHCB should an SVSM call be required.
>
> Instead, use a separate buffer (an area in the workarea during SEC and
> an allocated page during PEI/DXE) to hold the page state change request
> and only update the GHCB shared buffer as needed.
>
> Since the information is copied to, and operated on, in the GHCB shared
> buffer this has the added benefit of not requiring to save the start and
> end entries for use when validating the memory during the page state
> change sequence.
>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116741): https://edk2.groups.io/g/devel/message/116741
Mute This Topic: https://groups.io/mt/104810704/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (23 preceding siblings ...)
2024-03-08 15:33 ` [edk2-devel] [PATCH v3 24/24] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
@ 2024-03-26 18:34 ` Lendacky, Thomas via groups.io
2024-04-02 18:16 ` Lendacky, Thomas via groups.io
[not found] ` <17C28950368F582E.9676@groups.io>
2024-04-15 15:01 ` [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library Lendacky, Thomas via groups.io
25 siblings, 2 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-26 18:34 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu, Rahul Kumar,
Ray Ni, Michael Roth, Anatol Belski, Anthony Perard,
Corvin Köhne, Gua Guo, Guo Dong, James Lu, Jianyong Wu,
Rebecca Cran, Sean Rhodes
Any issues with this version of the series? Still looking for
Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related patches.
Once I get those, I'll submit the edk2-platform patches to support the new
library as a response to these patches for a quick review.
Thanks,
Tom
On 3/8/24 09:29, Tom Lendacky wrote:
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> This series adds SEV-SNP support for running OVMF under an Secure VM
> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> By running at a less priviledged VMPL, the SVSM can be used to provide
> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> confidential VM (CVM) rather than trust such services from the hypervisor.
>
> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> certain SNP related operations that require that VMPL level. Specifically,
> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> the VMSA attribute of a page (used when starting APs).
>
> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> use an SVSM (which is running at VMPL0) to perform the operations that
> it is no longer able to perform.
>
> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
> it will be starting. As a result, the GHCB APIC ID retrieval action must
> be performed. Since this service can also work with SEV-SNP running at
> VMPL0, the patches to make use of this feature are near the beginning of
> the series.
>
> How OVMF interacts with and uses the SVSM is documented in the SVSM
> specification [1] and the GHCB specification [2].
>
> This support creates a new AmdSvsmLib library that is used by MpInitLib.
> The edk2-platforms repo requires updates/patches to add the new library
> requirement. To accomodate that, this series could be split between:
>
> patch number 12:
> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
>
> and patch number 13:
> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>
> The updates to edk2-platforms can be applied at the split.
>
> This series introduces support to run OVMF under an SVSM. It consists
> of:
> - Retrieving the list of vCPU APIC IDs and starting up all APs without
> performing a broadcast SIPI
> - Reorganizing the page state change support to not directly use the
> GHCB buffer since an SVSM will use the calling area buffer, instead
> - Detecting the presence of an SVSM
> - When not running at VMPL0, invoking the SVSM for page validation and
> VMSA page creation/deletion
> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
> SVSM is present
>
> The series is based off of commit:
>
> e60529df58e4 ("UefiPayloadPkg: Make Dsc accomodative of other archs")
>
> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
>
> Cc: Anatol Belski <anbelski@linux.microsoft.com>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Corvin Köhne <corvink@freebsd.org>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Gua Guo <gua.guo@intel.com>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: James Lu <james.lu@intel.com>
> Cc: Jianyong Wu <jianyong.wu@arm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Sean Rhodes <sean@starlabs.systems>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>
> ---
>
> Changes in v3:
> - Renamed CcSvsmLib to a more AMD-specific AmdSvsmLib with corresponding
> function name changes
> - Moved the GHCB APIC ID list GUID definition from MdePkg to UefiCpuPkg
> and change the name from gEfiApicIdsGuid to gGhcbApicIdsGuid
> - Separated the OvmfPkg changes for the AmdSvsmLib into two patches:
> - First patch adds usage of the AmdSvsmLib NULL library
> - Second patch adds the OVMF AmdSvsmLib implementation
> - Updated the commit message for the OVMF AmdSvsmLib implementation to
> indicate that the base functionality for PVALIDATE and RMPADJUST was
> copied from the original locations in prep for converting those sites
> to using the library API.
>
> Changes in v2:
> - Move the APIC IDs retrieval support to the beginning of the patch series
> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
> - Split up Page State Change reorganization into multiple patches
> - Created CcSvsmLib library instead of extending CcExitLib
> - This will require a corresponding update to edk2-platform DSC files
> - Removed Ray Ni's Acked-by since it is not a minor change
> - Variable name changes and other misc changes
>
> Tom Lendacky (24):
> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
> MdePkg: GHCB APIC ID retrieval support definitions
> UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is
> present
> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
> Change
> MdePkg: Avoid hardcoded value for number of Page State Change entries
> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
> MdePkg/Register/Amd: Define the SVSM related information
> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
> SVSM
> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
> Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
> Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
> UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
> OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate
> pages
> OvmfPkg: Create a calling area used to communicate with the SVSM
> OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
> OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls
> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
> Ovmfpkg/CcExitLib: Provide SVSM discovery support
> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
> VMPL0
>
> OvmfPkg/OvmfPkg.dec | 4 +
> UefiCpuPkg/UefiCpuPkg.dec | 8 +-
> OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
> OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
> OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
> OvmfPkg/Microvm/MicrovmX64.dsc | 1 +
> OvmfPkg/OvmfPkgIa32.dsc | 1 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 3 +-
> OvmfPkg/OvmfPkgX64.dsc | 1 +
> OvmfPkg/OvmfXen.dsc | 1 +
> UefiCpuPkg/UefiCpuPkg.dsc | 4 +-
> UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
> OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +-
> OvmfPkg/OvmfPkgX64.fdf | 3 +
> MdePkg/Library/BaseLib/BaseLib.inf | 2 +
> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf | 38 ++
> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 3 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 3 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | 3 +-
> OvmfPkg/Library/CcExitLib/CcExitLib.inf | 3 +-
> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 3 +-
> OvmfPkg/PlatformPei/PlatformPei.inf | 3 +
> OvmfPkg/ResetVector/ResetVector.inf | 2 +
> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf | 27 ++
> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 2 +
> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 2 +
> MdePkg/Include/Library/BaseLib.h | 39 ++
> MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +-
> MdePkg/Include/Register/Amd/Ghcb.h | 19 +-
> MdePkg/Include/Register/Amd/Msr.h | 3 +-
> MdePkg/Include/Register/Amd/Svsm.h | 101 ++++
> MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++
> OvmfPkg/Include/WorkArea.h | 9 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 6 +-
> UefiCpuPkg/Include/Guid/GhcbApicIds.h | 17 +
> UefiCpuPkg/Include/Library/AmdSvsmLib.h | 101 ++++
> UefiCpuPkg/Library/MpInitLib/MpLib.h | 29 +-
> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 500 ++++++++++++++++++++
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 11 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 27 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 22 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 31 +-
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 206 ++++----
> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +-
> OvmfPkg/PlatformPei/AmdSev.c | 103 +++-
> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c | 108 +++++
> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 21 +-
> UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 +-
> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 134 ++++--
> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++
> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++
> OvmfPkg/ResetVector/ResetVector.nasmb | 6 +-
> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 +-
> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni | 13 +
> 55 files changed, 1641 insertions(+), 232 deletions(-)
> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
> create mode 100644 UefiCpuPkg/Include/Guid/GhcbApicIds.h
> create mode 100644 UefiCpuPkg/Include/Library/AmdSvsmLib.h
> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117137): https://edk2.groups.io/g/devel/message/117137
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
2024-03-26 18:34 ` [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
@ 2024-04-02 18:16 ` Lendacky, Thomas via groups.io
2024-04-03 7:09 ` Ni, Ray
[not found] ` <17C28950368F582E.9676@groups.io>
1 sibling, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-04-02 18:16 UTC (permalink / raw)
To: devel, Jiewen Yao, Liming Gao, Ray Ni, Zhiguang Liu,
Michael D Kinney, Gua Guo, Guo Dong, James Lu, Sean Rhodes,
Rahul Kumar
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Min Xu, Michael Roth,
Anatol Belski, Anthony Perard, Corvin Köhne, Jianyong Wu,
Rebecca Cran
Re-pinging the list/maintainers. Still awaiting feedback/reviews/acks on
the changes.
Thanks,
Tom
On 3/26/24 13:34, Tom Lendacky wrote:
> Any issues with this version of the series? Still looking for
> Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related
> patches.
>
> Once I get those, I'll submit the edk2-platform patches to support the
> new library as a response to these patches for a quick review.
>
> Thanks,
> Tom
>
> On 3/8/24 09:29, Tom Lendacky wrote:
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>
>> This series adds SEV-SNP support for running OVMF under an Secure VM
>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>> By running at a less priviledged VMPL, the SVSM can be used to provide
>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>> confidential VM (CVM) rather than trust such services from the
>> hypervisor.
>>
>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>> certain SNP related operations that require that VMPL level.
>> Specifically,
>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>> the VMSA attribute of a page (used when starting APs).
>>
>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>> use an SVSM (which is running at VMPL0) to perform the operations that
>> it is no longer able to perform.
>>
>> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
>> it will be starting. As a result, the GHCB APIC ID retrieval action must
>> be performed. Since this service can also work with SEV-SNP running at
>> VMPL0, the patches to make use of this feature are near the beginning of
>> the series.
>>
>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>> specification [1] and the GHCB specification [2].
>>
>> This support creates a new AmdSvsmLib library that is used by MpInitLib.
>> The edk2-platforms repo requires updates/patches to add the new library
>> requirement. To accomodate that, this series could be split between:
>>
>> patch number 12:
>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
>> SVSM
>>
>> and patch number 13:
>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>>
>> The updates to edk2-platforms can be applied at the split.
>>
>> This series introduces support to run OVMF under an SVSM. It consists
>> of:
>> - Retrieving the list of vCPU APIC IDs and starting up all APs without
>> performing a broadcast SIPI
>> - Reorganizing the page state change support to not directly use the
>> GHCB buffer since an SVSM will use the calling area buffer, instead
>> - Detecting the presence of an SVSM
>> - When not running at VMPL0, invoking the SVSM for page validation and
>> VMSA page creation/deletion
>> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>> SVSM is present
>>
>> The series is based off of commit:
>>
>> e60529df58e4 ("UefiPayloadPkg: Make Dsc accomodative of other archs")
>>
>> [1]
>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
>> [2]
>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
>>
>> Cc: Anatol Belski <anbelski@linux.microsoft.com>
>> Cc: Anthony Perard <anthony.perard@citrix.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Corvin Köhne <corvink@freebsd.org>
>> Cc: Erdem Aktas <erdemaktas@google.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>> Cc: Gua Guo <gua.guo@intel.com>
>> Cc: Guo Dong <guo.dong@intel.com>
>> Cc: James Lu <james.lu@intel.com>
>> Cc: Jianyong Wu <jianyong.wu@arm.com>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>> Cc: Michael Roth <michael.roth@amd.com>
>> Cc: Min Xu <min.m.xu@intel.com>
>> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Rebecca Cran <rebecca@bsdio.com>
>> Cc: Sean Rhodes <sean@starlabs.systems>
>> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>>
>> ---
>>
>> Changes in v3:
>> - Renamed CcSvsmLib to a more AMD-specific AmdSvsmLib with corresponding
>> function name changes
>> - Moved the GHCB APIC ID list GUID definition from MdePkg to UefiCpuPkg
>> and change the name from gEfiApicIdsGuid to gGhcbApicIdsGuid
>> - Separated the OvmfPkg changes for the AmdSvsmLib into two patches:
>> - First patch adds usage of the AmdSvsmLib NULL library
>> - Second patch adds the OVMF AmdSvsmLib implementation
>> - Updated the commit message for the OVMF AmdSvsmLib implementation to
>> indicate that the base functionality for PVALIDATE and RMPADJUST was
>> copied from the original locations in prep for converting those sites
>> to using the library API.
>>
>> Changes in v2:
>> - Move the APIC IDs retrieval support to the beginning of the patch
>> series
>> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
>> - Split up Page State Change reorganization into multiple patches
>> - Created CcSvsmLib library instead of extending CcExitLib
>> - This will require a corresponding update to edk2-platform DSC
>> files
>> - Removed Ray Ni's Acked-by since it is not a minor change
>> - Variable name changes and other misc changes
>>
>> Tom Lendacky (24):
>> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>> MdePkg: GHCB APIC ID retrieval support definitions
>> UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is
>> present
>> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>> Change
>> MdePkg: Avoid hardcoded value for number of Page State Change entries
>> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>> MdePkg/Register/Amd: Define the SVSM related information
>> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
>> SVSM
>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>> Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
>> Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
>> UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
>> OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate
>> pages
>> OvmfPkg: Create a calling area used to communicate with the SVSM
>> OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>> OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls
>> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>> Ovmfpkg/CcExitLib: Provide SVSM discovery support
>> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>> VMPL0
>>
>>
>> OvmfPkg/OvmfPkg.dec
>> | 4 +
>>
>> UefiCpuPkg/UefiCpuPkg.dec
>> | 8 +-
>>
>> OvmfPkg/AmdSev/AmdSevX64.dsc
>> | 1 +
>>
>> OvmfPkg/Bhyve/BhyveX64.dsc
>> | 1 +
>>
>> OvmfPkg/CloudHv/CloudHvX64.dsc
>> | 1 +
>>
>> OvmfPkg/IntelTdx/IntelTdxX64.dsc
>> | 1 +
>>
>> OvmfPkg/Microvm/MicrovmX64.dsc
>> | 1 +
>>
>> OvmfPkg/OvmfPkgIa32.dsc
>> | 1 +
>>
>> OvmfPkg/OvmfPkgIa32X64.dsc
>> | 3 +-
>>
>> OvmfPkg/OvmfPkgX64.dsc
>> | 1 +
>>
>> OvmfPkg/OvmfXen.dsc
>> | 1 +
>>
>> UefiCpuPkg/UefiCpuPkg.dsc
>> | 4 +-
>>
>> UefiPayloadPkg/UefiPayloadPkg.dsc
>> | 1 +
>>
>> OvmfPkg/AmdSev/AmdSevX64.fdf
>> | 9 +-
>>
>> OvmfPkg/OvmfPkgX64.fdf
>> | 3 +
>>
>> MdePkg/Library/BaseLib/BaseLib.inf
>> | 2 +
>>
>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
>> | 38 ++
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/CcExitLib/CcExitLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
>> | 3 +-
>>
>> OvmfPkg/PlatformPei/PlatformPei.inf
>> | 3 +
>>
>> OvmfPkg/ResetVector/ResetVector.inf
>> | 2 +
>>
>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>> | 27 ++
>>
>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
>> | 2 +
>>
>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
>> | 2 +
>>
>> MdePkg/Include/Library/BaseLib.h
>> | 39 ++
>>
>> MdePkg/Include/Register/Amd/Fam17Msr.h
>> | 19 +-
>>
>> MdePkg/Include/Register/Amd/Ghcb.h
>> | 19 +-
>>
>> MdePkg/Include/Register/Amd/Msr.h
>> | 3 +-
>>
>> MdePkg/Include/Register/Amd/Svsm.h
>> | 101 ++++
>>
>> MdePkg/Include/Register/Amd/SvsmMsr.h
>> | 35 ++
>>
>> OvmfPkg/Include/WorkArea.h
>> | 9 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
>> | 6 +-
>>
>> UefiCpuPkg/Include/Guid/GhcbApicIds.h
>> | 17 +
>>
>> UefiCpuPkg/Include/Library/AmdSvsmLib.h
>> | 101 ++++
>>
>> UefiCpuPkg/Library/MpInitLib/MpLib.h
>> | 29 +-
>>
>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
>> | 500 ++++++++++++++++++++
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
>> | 11 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> | 27 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
>> | 22 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
>> | 31 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
>> | 206 ++++----
>>
>> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
>> | 29 +-
>>
>> OvmfPkg/PlatformPei/AmdSev.c
>> | 103 +++-
>>
>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
>> | 108 +++++
>>
>> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
>> | 21 +-
>>
>> UefiCpuPkg/Library/MpInitLib/MpLib.c
>> | 9 +-
>>
>> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
>> | 134 ++++--
>>
>> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>> | 39 ++
>>
>> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>> | 94 ++++
>>
>> OvmfPkg/ResetVector/ResetVector.nasmb
>> | 6 +-
>>
>> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
>> | 11 +-
>>
>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>> | 13 +
>> 55 files changed, 1641 insertions(+), 232 deletions(-)
>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>> create mode 100644 UefiCpuPkg/Include/Guid/GhcbApicIds.h
>> create mode 100644 UefiCpuPkg/Include/Library/AmdSvsmLib.h
>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117337): https://edk2.groups.io/g/devel/message/117337
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
@ 2024-04-03 7:05 ` Ni, Ray
0 siblings, 0 replies; 57+ messages in thread
From: Ni, Ray @ 2024-04-03 7:05 UTC (permalink / raw)
To: Tom Lendacky, devel
Cc: Ard Biesheuvel, Aktas, Erdem, Gerd Hoffmann, Yao, Jiewen,
Laszlo Ersek, Liming Gao, Kinney, Michael D, Xu, Min M, Liu,
Zhiguang, Kumar, Rahul R, Michael Roth
[-- Attachment #1: Type: text/plain, Size: 7529 bytes --]
Acked-by: Ray Ni <ray.ni@intel.com>
Thanks,
Ray
________________________________
From: Tom Lendacky <thomas.lendacky@amd.com>
Sent: Friday, March 8, 2024 23:29
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
Subject: [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to change the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. To
prepare for running at a less priviledged VMPL, use the AmdSvsmLib library
API to perform the RMPADJUST. The AmdSvsmLib library will perform the
proper operation on behalf of the caller.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/MpLib.h | 14 -----
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 20 --------
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 54 +++-----------------
5 files changed, 9 insertions(+), 81 deletions(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 69950fcd1289..19745437f005 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -57,6 +57,7 @@ [LibraryClasses]
SynchronizationLib
PcdLib
CcExitLib
+ AmdSvsmLib
MicrocodeLib
[LibraryClasses.X64]
CpuPageTableLib
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index 22f74a814534..679e51a1acd5 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -53,6 +53,7 @@ [LibraryClasses]
PeiServicesLib
PcdLib
CcExitLib
+ AmdSvsmLib
MicrocodeLib
[Pcd]
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index 65e05c4806f5..179f8e585b5d 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -883,20 +883,6 @@ FillExchangeInfoDataSevEs (
IN volatile MP_CPU_EXCHANGE_INFO *ExchangeInfo
);
-/**
- Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
- @param[in] PageAddress
- @param[in] VmsaPage
-
- @return RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
- IN EFI_PHYSICAL_ADDRESS PageAddress,
- IN BOOLEAN VmsaPage
- );
-
/**
Create an SEV-SNP AP save area (VMSA) for use in running the vCPU.
diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
index 0478e92317f1..963bd62494b9 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
@@ -49,26 +49,6 @@ SevSnpCreateAP (
ASSERT (FALSE);
}
-/**
- Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
- @param[in] PageAddress
- @param[in] VmsaPage
-
- @return RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
- IN EFI_PHYSICAL_ADDRESS PageAddress,
- IN BOOLEAN VmsaPage
- )
-{
- //
- // RMPADJUST is not supported in 32-bit mode
- //
- return RETURN_UNSUPPORTED;
-}
-
/**
Determine if the SEV-SNP AP Create protocol should be used.
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index bd12a5ee2fcb..981135621384 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -10,6 +10,7 @@
#include "MpLib.h"
#include <Library/CcExitLib.h>
+#include <Library/AmdSvsmLib.h>
#include <Register/Amd/Fam17Msr.h>
#include <Register/Amd/Ghcb.h>
@@ -38,20 +39,15 @@ SevSnpPerformApAction (
BOOLEAN InterruptState;
UINT64 ExitInfo1;
UINT64 ExitInfo2;
- UINT32 RmpAdjustStatus;
UINT64 VmgExitStatus;
+ EFI_STATUS VmsaStatus;
if (Action == SVM_VMGEXIT_SNP_AP_CREATE) {
//
- // To turn the page into a recognized VMSA page, issue RMPADJUST:
- // Target VMPL but numerically higher than current VMPL
- // Target PermissionMask is not used
+ // Turn the page into a recognized VMSA page.
//
- RmpAdjustStatus = SevSnpRmpAdjust (
- (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
- TRUE
- );
- if (RmpAdjustStatus != 0) {
+ VmsaStatus = AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE);
+ if (EFI_ERROR (VmsaStatus)) {
DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n"));
ASSERT (FALSE);
@@ -94,11 +90,8 @@ SevSnpPerformApAction (
// Make the current VMSA not runnable and accessible to be
// reprogrammed.
//
- RmpAdjustStatus = SevSnpRmpAdjust (
- (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
- FALSE
- );
- if (RmpAdjustStatus != 0) {
+ VmsaStatus = AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE);
+ if (EFI_ERROR (VmsaStatus)) {
DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n"));
ASSERT (FALSE);
@@ -328,39 +321,6 @@ SevSnpCreateAP (
}
}
-/**
- Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
- @param[in] PageAddress
- @param[in] VmsaPage
-
- @return RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
- IN EFI_PHYSICAL_ADDRESS PageAddress,
- IN BOOLEAN VmsaPage
- )
-{
- UINT64 Rdx;
-
- //
- // The RMPADJUST instruction is used to set or clear the VMSA bit for a
- // page. The VMSA change is only made when running at VMPL0 and is ignored
- // otherwise. If too low a target VMPL is specified, the instruction can
- // succeed without changing the VMSA bit when not running at VMPL0. Using a
- // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error if
- // not running at VMPL0, thus ensuring that the VMSA bit is set appropriately
- // when no error is returned.
- //
- Rdx = 1;
- if (VmsaPage) {
- Rdx |= RMPADJUST_VMSA_PAGE_BIT;
- }
-
- return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx);
-}
-
/**
Determine if the SEV-SNP AP Create protocol should be used.
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117343): https://edk2.groups.io/g/devel/message/117343
Mute This Topic: https://groups.io/mt/104810728/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 12912 bytes --]
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
@ 2024-04-03 7:06 ` Ni, Ray
0 siblings, 0 replies; 57+ messages in thread
From: Ni, Ray @ 2024-04-03 7:06 UTC (permalink / raw)
To: devel, thomas.lendacky
Cc: Ard Biesheuvel, Aktas, Erdem, Gerd Hoffmann, Yao, Jiewen,
Laszlo Ersek, Liming Gao, Kinney, Michael D, Xu, Min M, Liu,
Zhiguang, Kumar, Rahul R, Michael Roth
[-- Attachment #1: Type: text/plain, Size: 11719 bytes --]
Acked-by: Ray Ni <ray.ni@intel.com>
Thanks,
Ray
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Lendacky, Thomas via groups.io <thomas.lendacky=amd.com@groups.io>
Sent: Friday, March 8, 2024 23:31
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
lower, a new library must be created.
This library includes an interface to detect if running under an SVSM, an
interface to return the current VMPL, an interface to perform memory
validation and an interface to set or clear the attribute that allows a
page to be used as a VMSA.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiCpuPkg/UefiCpuPkg.dec | 3 +
UefiCpuPkg/UefiCpuPkg.dsc | 4 +-
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf | 27 +++++
UefiCpuPkg/Include/Library/AmdSvsmLib.h | 101 ++++++++++++++++++
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c | 108 ++++++++++++++++++++
UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni | 13 +++
6 files changed, 255 insertions(+), 1 deletion(-)
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index c31d8b6736cf..d1bff93ae2e0 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64]
## @libraryclass Provides function to support CcExit processing.
CcExitLib|Include/Library/CcExitLib.h
+ ## @libraryclass Provides function to support AmdSvsm processing.
+ AmdSvsmLib|Include/Library/AmdSvsmLib.h
+
## @libraryclass Provides function to get CPU cache information.
CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index 10b33594e586..422e50c92b48 100644
--- a/UefiCpuPkg/UefiCpuPkg.dsc
+++ b/UefiCpuPkg/UefiCpuPkg.dsc
@@ -2,7 +2,7 @@
# UefiCpuPkg Package
#
# Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -61,6 +61,7 @@ [LibraryClasses]
PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
@@ -159,6 +160,7 @@ [Components.IA32, Components.X64]
UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf
UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf
UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
UefiCpuPkg/SecCore/SecCore.inf
diff --git a/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
new file mode 100644
index 000000000000..45a189540941
--- /dev/null
+++ b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
@@ -0,0 +1,27 @@
+## @file
+# AmdSvsm Base Support Library.
+#
+# Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.29
+ BASE_NAME = AmdSvsmLibNull
+ MODULE_UNI_FILE = AmdSvsmLibNull.uni
+ FILE_GUID = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = AmdSvsmLib
+
+[Sources.common]
+ AmdSvsmLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
+
+[LibraryClasses]
+ BaseLib
+
diff --git a/UefiCpuPkg/Include/Library/AmdSvsmLib.h b/UefiCpuPkg/Include/Library/AmdSvsmLib.h
new file mode 100644
index 000000000000..40e0e5bd4259
--- /dev/null
+++ b/UefiCpuPkg/Include/Library/AmdSvsmLib.h
@@ -0,0 +1,101 @@
+/** @file
+ Public header file for the AmdSvsmLib.
+
+ This library class defines some routines used for invoking an SVSM when the
+ guest is not running at VMPL0.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef AMD_SVSM_LIB_H_
+#define AMD_SVSM_LIB_H_
+
+#include <Protocol/DebugSupport.h>
+#include <Register/Amd/Ghcb.h>
+
+/**
+ Report the presence of an Secure Virtual Services Module (SVSM).
+
+ Determines the presence of an SVSM.
+
+ @retval TRUE An SVSM is present
+ @retval FALSE An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmIsSvsmPresent (
+ VOID
+ );
+
+/**
+ Report the VMPL level at which the SEV-SNP guest is running.
+
+ Determines the VMPL level at which the guest is running. If an SVSM is
+ not present, then it must be VMPL0, otherwise return what is reported
+ by the SVSM.
+
+ @return The VMPL level
+
+**/
+UINT8
+EFIAPI
+AmdSvsmSnpGetVmpl (
+ VOID
+ );
+
+/**
+ Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+ If an SVSM is present, the CAA for the BSP is returned.
+
+ @return The CAA
+
+**/
+UINT64
+EFIAPI
+AmdSvsmSnpGetCaa (
+ VOID
+ );
+
+/**
+ Perform a PVALIDATE operation for the page ranges specified.
+
+ Validate or rescind the validation of the specified pages.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+AmdSvsmSnpPvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ );
+
+/**
+ Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+ Add or remove the VMSA attribute for a page.
+
+ @param[in] Vmsa Pointer to an SEV-ES save area page
+ @param[in] ApicId APIC ID associated with the VMSA
+ @param[in] SetVmsa Boolean indicator as to whether to set or
+ or clear the VMSA setting for the page
+
+ @retval EFI_SUCCESS RMPADJUST operation successful
+ @retval EFI_UNSUPPORTED Operation is not supported
+ @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
+ parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+AmdSvsmSnpVmsaRmpAdjust (
+ IN SEV_ES_SAVE_AREA *Vmsa,
+ IN UINT32 ApicId,
+ IN BOOLEAN SetVmsa
+ );
+
+#endif
diff --git a/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
new file mode 100644
index 000000000000..a83fcbd6ce7b
--- /dev/null
+++ b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
@@ -0,0 +1,108 @@
+/** @file
+ AmdSvsm Base Support Library.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Uefi.h>
+#include <Library/AmdSvsmLib.h>
+
+/**
+ Report the presence of an Secure Virtual Services Module (SVSM).
+
+ Determines the presence of an SVSM.
+
+ @retval TRUE An SVSM is present
+ @retval FALSE An SVSM is not present
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmIsSvsmPresent (
+ VOID
+ )
+{
+ return FALSE;
+}
+
+/**
+ Report the VMPL level at which the SEV-SNP guest is running.
+
+ Determines the VMPL level at which the guest is running. If an SVSM is
+ not present, then it must be VMPL0, otherwise return what is reported
+ by the SVSM.
+
+ @return The VMPL level
+
+**/
+UINT8
+EFIAPI
+AmdSvsmSnpGetVmpl (
+ VOID
+ )
+{
+ return 0;
+}
+
+/**
+ Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
+
+ If an SVSM is present, the CAA for the BSP is returned.
+
+ @return The CAA
+
+**/
+UINT64
+EFIAPI
+AmdSvsmSnpGetCaa (
+ VOID
+ )
+{
+ return 0;
+}
+
+/**
+ Perform a PVALIDATE operation for the page ranges specified.
+
+ Validate or rescind the validation of the specified pages.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+VOID
+EFIAPI
+AmdSvsmSnpPvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ )
+{
+}
+
+/**
+ Perform an RMPADJUST operation to alter the VMSA setting of a page.
+
+ Add or remove the VMSA attribute for a page.
+
+ @param[in] Vmsa Pointer to an SEV-ES save area page
+ @param[in] ApicId APIC ID associated with the VMSA
+ @param[in] SetVmsa Boolean indicator as to whether to set or
+ or clear the VMSA setting for the page
+
+ @retval EFI_SUCCESS RMPADJUST operation successful
+ @retval EFI_UNSUPPORTED Operation is not supported
+ @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid
+ parameter was supplied
+
+**/
+EFI_STATUS
+EFIAPI
+AmdSvsmSnpVmsaRmpAdjust (
+ IN SEV_ES_SAVE_AREA *Vmsa,
+ IN UINT32 ApicId,
+ IN BOOLEAN SetVmsa
+ )
+{
+ return EFI_UNSUPPORTED;
+}
diff --git a/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
new file mode 100644
index 000000000000..5e998030de5b
--- /dev/null
+++ b/UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
@@ -0,0 +1,13 @@
+// /** @file
+// AmdSvsmLib instance.
+//
+// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "AmdSvsmLib NULL instance"
+
+#string STR_MODULE_DESCRIPTION #language en-US "AmdSvsmLib NULL instance."
+
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117344): https://edk2.groups.io/g/devel/message/117344
Mute This Topic: https://groups.io/mt/104810717/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 19568 bytes --]
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present Lendacky, Thomas via groups.io
@ 2024-04-03 7:07 ` Ni, Ray
0 siblings, 0 replies; 57+ messages in thread
From: Ni, Ray @ 2024-04-03 7:07 UTC (permalink / raw)
To: devel, thomas.lendacky
Cc: Ard Biesheuvel, Aktas, Erdem, Gerd Hoffmann, Yao, Jiewen,
Laszlo Ersek, Liming Gao, Kinney, Michael D, Xu, Min M, Liu,
Zhiguang, Kumar, Rahul R, Michael Roth
[-- Attachment #1: Type: text/plain, Size: 12311 bytes --]
Acked-by: Ray Ni <ray.ni@intel.com>
Thanks,
Ray
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Lendacky, Thomas via groups.io <thomas.lendacky=amd.com@groups.io>
Sent: Friday, March 8, 2024 23:30
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, the first time an AP is started for an SEV-SNP guest, it relies
on the VMSA as set by the hypervisor. If the list of APIC IDs has been
retrieved, this is not necessary. The list of APIC IDs will be identified
by a GUIDed HOB. If the GUIDed HOB is present, use the SEV-SNP AP Create
protocol to start the AP for the first time and each time thereafter.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiCpuPkg/UefiCpuPkg.dec | 5 +-
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 +
UefiCpuPkg/Include/Guid/GhcbApicIds.h | 17 +++++
UefiCpuPkg/Library/MpInitLib/MpLib.h | 15 +++-
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 21 +++++-
UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 ++-
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 78 ++++++++++++++++++--
8 files changed, 133 insertions(+), 14 deletions(-)
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 571b59b36f0a..c31d8b6736cf 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -2,7 +2,7 @@
# This Package provides UEFI compatible CPU modules and libraries.
#
# Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -91,6 +91,9 @@ [Guids]
## Include/Guid/MpInformation2.h
gMpInformation2HobGuid = { 0x417a7f64, 0xf4e9, 0x4b32, {0x84, 0x6a, 0x5c, 0xc4, 0xd8, 0x62, 0x18, 0x79 }}
+ ## Include/Guid/GhcbApicIds.h
+ gGhcbApicIdsGuid = { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80, 0x1b }}
+
[Protocols]
## Include/Protocol/SmmCpuService.h
gEfiSmmCpuServiceProtocolGuid = { 0x1d202cab, 0xc8ab, 0x4d5c, { 0x94, 0xf7, 0x3c, 0xfc, 0xc0, 0xd3, 0xd3, 0x35 }}
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 55e46d4a1fad..69950fcd1289 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -68,6 +68,7 @@ [Guids]
gEfiEventExitBootServicesGuid ## CONSUMES ## Event
gEfiEventLegacyBootGuid ## SOMETIMES_CONSUMES ## Event
gEdkiiMicrocodePatchHobGuid ## SOMETIMES_CONSUMES ## HOB
+ gGhcbApicIdsGuid ## SOMETIMES_CONSUMES ## HOB
[Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber ## CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index bc3d716aa951..22f74a814534 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -76,3 +76,4 @@ [Ppis]
[Guids]
gEdkiiS3SmmInitDoneGuid
gEdkiiMicrocodePatchHobGuid
+ gGhcbApicIdsGuid ## SOMETIMES_CONSUMES
diff --git a/UefiCpuPkg/Include/Guid/GhcbApicIds.h b/UefiCpuPkg/Include/Guid/GhcbApicIds.h
new file mode 100644
index 000000000000..9d5bfcb0de22
--- /dev/null
+++ b/UefiCpuPkg/Include/Guid/GhcbApicIds.h
@@ -0,0 +1,17 @@
+/** @file
+ APIC ID list retrieved for an SEV-ES/SEV-SNP guest via the GHCB.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef GHCB_APIC_IDS_H_
+#define GHCB_APIC_IDS_H_
+
+#define GHCB_APIC_IDS_GUID \
+ { 0xbc964338, 0xee39, 0x4fc8, { 0xa2, 0x24, 0x10, 0x10, 0x8b, 0x17, 0x80, 0x1b }}
+
+extern EFI_GUID gGhcbApicIdsGuid;
+
+#endif
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index d26035559f22..65e05c4806f5 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -2,7 +2,7 @@
Common header file for MP Initialize Library.
Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
- Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+ Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -924,6 +924,19 @@ SevSnpCreateAP (
IN INTN ProcessorNumber
);
+/**
+ Determine if the SEV-SNP AP Create protocol should be used.
+
+ @param[in] CpuMpData Pointer to CPU MP Data
+
+ @retval TRUE Use SEV-SNP AP Create protocol
+ @retval FALSE Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+ IN CPU_MP_DATA *CpuMpData
+ );
+
/**
Get pointer to CPU MP Data structure from GUIDed HOB.
diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
index c83144285b68..0478e92317f1 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
@@ -2,7 +2,7 @@
AMD SEV helper function.
- Copyright (c) 2021, AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -68,3 +68,22 @@ SevSnpRmpAdjust (
//
return RETURN_UNSUPPORTED;
}
+
+/**
+ Determine if the SEV-SNP AP Create protocol should be used.
+
+ @param[in] CpuMpData Pointer to CPU MP Data
+
+ @retval TRUE Use SEV-SNP AP Create protocol
+ @retval FALSE Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+ IN CPU_MP_DATA *CpuMpData
+ )
+{
+ //
+ // SEV-SNP is not supported on 32-bit build.
+ //
+ return FALSE;
+}
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index 9bac62f289e0..d7244565029d 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -2,7 +2,7 @@
CPU MP Initialize Library common functions.
Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.<BR>
- Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+ Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -1303,9 +1303,10 @@ WakeUpAP (
//
// Wakeup all APs
// Must use the INIT-SIPI-SIPI method for initial configuration in
- // order to obtain the APIC ID.
+ // order to obtain the APIC ID if not an SEV-SNP guest and the
+ // list of APIC IDs is not available.
//
- if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag != ApInitConfig)) {
+ if (CanUseSevSnpCreateAP (CpuMpData)) {
SevSnpCreateAP (CpuMpData, -1);
} else {
if ((CpuMpData->InitFlag == ApInitConfig) && FixedPcdGetBool (PcdFirstTimeWakeUpAPsBySipi)) {
@@ -1415,7 +1416,7 @@ WakeUpAP (
SetSevEsJumpTable (ExchangeInfo->BufferStart);
}
- if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag != ApInitConfig)) {
+ if (CanUseSevSnpCreateAP (CpuMpData)) {
SevSnpCreateAP (CpuMpData, (INTN)ProcessorNumber);
} else {
SendInitSipiSipi (
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
index c9f0984f41a2..bd12a5ee2fcb 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -2,7 +2,7 @@
AMD SEV helper function.
- Copyright (c) 2021, AMD Incorporated. All rights reserved.<BR>
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -268,20 +268,55 @@ SevSnpCreateAP (
IN INTN ProcessorNumber
)
{
- CPU_INFO_IN_HOB *CpuInfoInHob;
- CPU_AP_DATA *CpuData;
- UINTN Index;
- UINT32 ApicId;
+ CPU_INFO_IN_HOB *CpuInfoInHob;
+ CPU_AP_DATA *CpuData;
+ UINTN Index;
+ UINTN MaxIndex;
+ UINT32 ApicId;
+ EFI_HOB_GUID_TYPE *GuidHob;
+ GHCB_APIC_IDS *GhcbApicIds;
ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000);
CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
if (ProcessorNumber < 0) {
- for (Index = 0; Index < CpuMpData->CpuCount; Index++) {
+ if (CpuMpData->InitFlag == ApInitConfig) {
+ //
+ // APs have not been started, so CpuCount is not "known" yet. Use the
+ // retrieved APIC IDs to start the APs and fill out the MpLib CPU
+ // information properly. CanUseSevSnpCreateAP() guarantees we have a
+ // HOB when InitFlag is ApInitConfig.
+ //
+ GuidHob = GetFirstGuidHob (&gGhcbApicIdsGuid);
+ GhcbApicIds = (GHCB_APIC_IDS *)(*(UINTN *)GET_GUID_HOB_DATA (GuidHob));
+ MaxIndex = MIN (GhcbApicIds->NumEntries, PcdGet32 (PcdCpuMaxLogicalProcessorNumber));
+ } else {
+ //
+ // APs have been previously started.
+ //
+ MaxIndex = CpuMpData->CpuCount;
+ }
+
+ for (Index = 0; Index < MaxIndex; Index++) {
if (Index != CpuMpData->BspNumber) {
CpuData = &CpuMpData->CpuData[Index];
- ApicId = CpuInfoInHob[Index].ApicId,
+
+ if (CpuMpData->InitFlag == ApInitConfig) {
+ ApicId = GhcbApicIds->ApicIds[Index];
+
+ //
+ // For the first boot, use the BSP register information.
+ //
+ CopyMem (
+ &CpuData->VolatileRegisters,
+ &CpuMpData->CpuData[0].VolatileRegisters,
+ sizeof (CpuData->VolatileRegisters)
+ );
+ } else {
+ ApicId = CpuInfoInHob[Index].ApicId;
+ }
+
SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId);
}
}
@@ -325,3 +360,32 @@ SevSnpRmpAdjust (
return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx);
}
+
+/**
+ Determine if the SEV-SNP AP Create protocol should be used.
+
+ @param[in] CpuMpData Pointer to CPU MP Data
+
+ @retval TRUE Use SEV-SNP AP Create protocol
+ @retval FALSE Do not use SEV-SNP AP Create protocol
+**/
+BOOLEAN
+CanUseSevSnpCreateAP (
+ IN CPU_MP_DATA *CpuMpData
+ )
+{
+ //
+ // The AP Create protocol is used for an SEV-SNP guest if
+ // - The initial configuration has been performed already or
+ // - The APIC IDs GUIDed HOB is non-zero.
+ //
+ if (!CpuMpData->SevSnpIsEnabled) {
+ return FALSE;
+ }
+
+ if ((CpuMpData->InitFlag == ApInitConfig) && (GetFirstGuidHob (&gGhcbApicIdsGuid) == NULL)) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117345): https://edk2.groups.io/g/devel/message/117345
Mute This Topic: https://groups.io/mt/104810684/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 20290 bytes --]
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
2024-04-02 18:16 ` Lendacky, Thomas via groups.io
@ 2024-04-03 7:09 ` Ni, Ray
2024-04-03 15:03 ` Lendacky, Thomas via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Ni, Ray @ 2024-04-03 7:09 UTC (permalink / raw)
To: devel, Yao, Jiewen, Liming Gao, Liu, Zhiguang, Kinney, Michael D,
Guo, Gua, Dong, Guo, Lu, James, Rhodes, Sean, Kumar, Rahul R,
thomas.lendacky
Cc: Ard Biesheuvel, Aktas, Erdem, Gerd Hoffmann, Xu, Min M,
Michael Roth, Anatol Belski, Anthony Perard, Corvin Köhne,
Jianyong Wu, Rebecca Cran
[-- Attachment #1: Type: text/plain, Size: 13139 bytes --]
I think I've acked all patches in UefiCpuPkg.
Please let me know if any other patches need my review.
Thanks,
Ray
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Lendacky, Thomas via groups.io <thomas.lendacky=amd.com@groups.io>
Sent: Wednesday, April 3, 2024 2:16
To: devel@edk2.groups.io <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Ni, Ray <ray.ni@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Guo, Gua <gua.guo@intel.com>; Dong, Guo <guo.dong@intel.com>; Lu, James <james.lu@intel.com>; Rhodes, Sean <sean@starlabs.systems>; Kumar, Rahul R <rahul.r.kumar@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Xu, Min M <min.m.xu@intel.com>; Michael Roth <michael.roth@amd.com>; Anatol Belski <anbelski@linux.microsoft.com>; Anthony Perard <anthony.perard@citrix.com>; Corvin Köhne <corvink@freebsd.org>; Jianyong Wu <jianyong.wu@arm.com>; Rebecca Cran <rebecca@bsdio.com>
Subject: Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
Re-pinging the list/maintainers. Still awaiting feedback/reviews/acks on
the changes.
Thanks,
Tom
On 3/26/24 13:34, Tom Lendacky wrote:
> Any issues with this version of the series? Still looking for
> Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related
> patches.
>
> Once I get those, I'll submit the edk2-platform patches to support the
> new library as a response to these patches for a quick review.
>
> Thanks,
> Tom
>
> On 3/8/24 09:29, Tom Lendacky wrote:
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>
>> This series adds SEV-SNP support for running OVMF under an Secure VM
>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>> By running at a less priviledged VMPL, the SVSM can be used to provide
>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>> confidential VM (CVM) rather than trust such services from the
>> hypervisor.
>>
>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>> certain SNP related operations that require that VMPL level.
>> Specifically,
>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>> the VMSA attribute of a page (used when starting APs).
>>
>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>> use an SVSM (which is running at VMPL0) to perform the operations that
>> it is no longer able to perform.
>>
>> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
>> it will be starting. As a result, the GHCB APIC ID retrieval action must
>> be performed. Since this service can also work with SEV-SNP running at
>> VMPL0, the patches to make use of this feature are near the beginning of
>> the series.
>>
>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>> specification [1] and the GHCB specification [2].
>>
>> This support creates a new AmdSvsmLib library that is used by MpInitLib.
>> The edk2-platforms repo requires updates/patches to add the new library
>> requirement. To accomodate that, this series could be split between:
>>
>> patch number 12:
>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
>> SVSM
>>
>> and patch number 13:
>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>>
>> The updates to edk2-platforms can be applied at the split.
>>
>> This series introduces support to run OVMF under an SVSM. It consists
>> of:
>> - Retrieving the list of vCPU APIC IDs and starting up all APs without
>> performing a broadcast SIPI
>> - Reorganizing the page state change support to not directly use the
>> GHCB buffer since an SVSM will use the calling area buffer, instead
>> - Detecting the presence of an SVSM
>> - When not running at VMPL0, invoking the SVSM for page validation and
>> VMSA page creation/deletion
>> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>> SVSM is present
>>
>> The series is based off of commit:
>>
>> e60529df58e4 ("UefiPayloadPkg: Make Dsc accomodative of other archs")
>>
>> [1]
>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
>> [2]
>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
>>
>> Cc: Anatol Belski <anbelski@linux.microsoft.com>
>> Cc: Anthony Perard <anthony.perard@citrix.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Corvin Köhne <corvink@freebsd.org>
>> Cc: Erdem Aktas <erdemaktas@google.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>> Cc: Gua Guo <gua.guo@intel.com>
>> Cc: Guo Dong <guo.dong@intel.com>
>> Cc: James Lu <james.lu@intel.com>
>> Cc: Jianyong Wu <jianyong.wu@arm.com>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>> Cc: Michael Roth <michael.roth@amd.com>
>> Cc: Min Xu <min.m.xu@intel.com>
>> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Rebecca Cran <rebecca@bsdio.com>
>> Cc: Sean Rhodes <sean@starlabs.systems>
>> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>>
>> ---
>>
>> Changes in v3:
>> - Renamed CcSvsmLib to a more AMD-specific AmdSvsmLib with corresponding
>> function name changes
>> - Moved the GHCB APIC ID list GUID definition from MdePkg to UefiCpuPkg
>> and change the name from gEfiApicIdsGuid to gGhcbApicIdsGuid
>> - Separated the OvmfPkg changes for the AmdSvsmLib into two patches:
>> - First patch adds usage of the AmdSvsmLib NULL library
>> - Second patch adds the OVMF AmdSvsmLib implementation
>> - Updated the commit message for the OVMF AmdSvsmLib implementation to
>> indicate that the base functionality for PVALIDATE and RMPADJUST was
>> copied from the original locations in prep for converting those sites
>> to using the library API.
>>
>> Changes in v2:
>> - Move the APIC IDs retrieval support to the beginning of the patch
>> series
>> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
>> - Split up Page State Change reorganization into multiple patches
>> - Created CcSvsmLib library instead of extending CcExitLib
>> - This will require a corresponding update to edk2-platform DSC
>> files
>> - Removed Ray Ni's Acked-by since it is not a minor change
>> - Variable name changes and other misc changes
>>
>> Tom Lendacky (24):
>> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>> MdePkg: GHCB APIC ID retrieval support definitions
>> UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is
>> present
>> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>> Change
>> MdePkg: Avoid hardcoded value for number of Page State Change entries
>> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>> MdePkg/Register/Amd: Define the SVSM related information
>> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
>> SVSM
>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>> Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
>> Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
>> UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
>> OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate
>> pages
>> OvmfPkg: Create a calling area used to communicate with the SVSM
>> OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>> OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls
>> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>> Ovmfpkg/CcExitLib: Provide SVSM discovery support
>> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>> VMPL0
>>
>>
>> OvmfPkg/OvmfPkg.dec
>> | 4 +
>>
>> UefiCpuPkg/UefiCpuPkg.dec
>> | 8 +-
>>
>> OvmfPkg/AmdSev/AmdSevX64.dsc
>> | 1 +
>>
>> OvmfPkg/Bhyve/BhyveX64.dsc
>> | 1 +
>>
>> OvmfPkg/CloudHv/CloudHvX64.dsc
>> | 1 +
>>
>> OvmfPkg/IntelTdx/IntelTdxX64.dsc
>> | 1 +
>>
>> OvmfPkg/Microvm/MicrovmX64.dsc
>> | 1 +
>>
>> OvmfPkg/OvmfPkgIa32.dsc
>> | 1 +
>>
>> OvmfPkg/OvmfPkgIa32X64.dsc
>> | 3 +-
>>
>> OvmfPkg/OvmfPkgX64.dsc
>> | 1 +
>>
>> OvmfPkg/OvmfXen.dsc
>> | 1 +
>>
>> UefiCpuPkg/UefiCpuPkg.dsc
>> | 4 +-
>>
>> UefiPayloadPkg/UefiPayloadPkg.dsc
>> | 1 +
>>
>> OvmfPkg/AmdSev/AmdSevX64.fdf
>> | 9 +-
>>
>> OvmfPkg/OvmfPkgX64.fdf
>> | 3 +
>>
>> MdePkg/Library/BaseLib/BaseLib.inf
>> | 2 +
>>
>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
>> | 38 ++
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/CcExitLib/CcExitLib.inf
>> | 3 +-
>>
>> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
>> | 3 +-
>>
>> OvmfPkg/PlatformPei/PlatformPei.inf
>> | 3 +
>>
>> OvmfPkg/ResetVector/ResetVector.inf
>> | 2 +
>>
>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>> | 27 ++
>>
>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
>> | 2 +
>>
>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
>> | 2 +
>>
>> MdePkg/Include/Library/BaseLib.h
>> | 39 ++
>>
>> MdePkg/Include/Register/Amd/Fam17Msr.h
>> | 19 +-
>>
>> MdePkg/Include/Register/Amd/Ghcb.h
>> | 19 +-
>>
>> MdePkg/Include/Register/Amd/Msr.h
>> | 3 +-
>>
>> MdePkg/Include/Register/Amd/Svsm.h
>> | 101 ++++
>>
>> MdePkg/Include/Register/Amd/SvsmMsr.h
>> | 35 ++
>>
>> OvmfPkg/Include/WorkArea.h
>> | 9 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
>> | 6 +-
>>
>> UefiCpuPkg/Include/Guid/GhcbApicIds.h
>> | 17 +
>>
>> UefiCpuPkg/Include/Library/AmdSvsmLib.h
>> | 101 ++++
>>
>> UefiCpuPkg/Library/MpInitLib/MpLib.h
>> | 29 +-
>>
>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
>> | 500 ++++++++++++++++++++
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
>> | 11 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> | 27 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
>> | 22 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
>> | 31 +-
>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
>> | 206 ++++----
>>
>> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
>> | 29 +-
>>
>> OvmfPkg/PlatformPei/AmdSev.c
>> | 103 +++-
>>
>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
>> | 108 +++++
>>
>> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
>> | 21 +-
>>
>> UefiCpuPkg/Library/MpInitLib/MpLib.c
>> | 9 +-
>>
>> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
>> | 134 ++++--
>>
>> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>> | 39 ++
>>
>> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>> | 94 ++++
>>
>> OvmfPkg/ResetVector/ResetVector.nasmb
>> | 6 +-
>>
>> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
>> | 11 +-
>>
>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>> | 13 +
>> 55 files changed, 1641 insertions(+), 232 deletions(-)
>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>> create mode 100644 UefiCpuPkg/Include/Guid/GhcbApicIds.h
>> create mode 100644 UefiCpuPkg/Include/Library/AmdSvsmLib.h
>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117346): https://edk2.groups.io/g/devel/message/117346
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 30516 bytes --]
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
2024-04-03 7:09 ` Ni, Ray
@ 2024-04-03 15:03 ` Lendacky, Thomas via groups.io
0 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-04-03 15:03 UTC (permalink / raw)
To: Ni, Ray, devel, Yao, Jiewen, Liming Gao, Liu, Zhiguang, Kinney,
Michael D, Guo, Gua, Dong, Guo, Lu, James, Rhodes, Sean, Kumar,
Rahul R
Cc: Ard Biesheuvel, Aktas, Erdem, Gerd Hoffmann, Xu, Min M,
Michael Roth, Anatol Belski, Anthony Perard, Corvin Köhne,
Jianyong Wu, Rebecca Cran
On 4/3/24 02:09, Ni, Ray wrote:
> I think I've acked all patches in UefiCpuPkg.
> Please let me know if any other patches need my review.
Thanks, Ray!
Tom
>
> Thanks,
> Ray
> ------------------------------------------------------------------------
> *From:* devel@edk2.groups.io <devel@edk2.groups.io> on behalf of
> Lendacky, Thomas via groups.io <thomas.lendacky=amd.com@groups.io>
> *Sent:* Wednesday, April 3, 2024 2:16
> *To:* devel@edk2.groups.io <devel@edk2.groups.io>; Yao, Jiewen
> <jiewen.yao@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Ni, Ray
> <ray.ni@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Guo, Gua <gua.guo@intel.com>;
> Dong, Guo <guo.dong@intel.com>; Lu, James <james.lu@intel.com>; Rhodes,
> Sean <sean@starlabs.systems>; Kumar, Rahul R <rahul.r.kumar@intel.com>
> *Cc:* Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Xu, Min M
> <min.m.xu@intel.com>; Michael Roth <michael.roth@amd.com>; Anatol Belski
> <anbelski@linux.microsoft.com>; Anthony Perard
> <anthony.perard@citrix.com>; Corvin Köhne <corvink@freebsd.org>;
> Jianyong Wu <jianyong.wu@arm.com>; Rebecca Cran <rebecca@bsdio.com>
> *Subject:* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for
> running under an SVSM
> Re-pinging the list/maintainers. Still awaiting feedback/reviews/acks on
> the changes.
>
> Thanks,
> Tom
>
> On 3/26/24 13:34, Tom Lendacky wrote:
>> Any issues with this version of the series? Still looking for
>> Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related
>> patches.
>>
>> Once I get those, I'll submit the edk2-platform patches to support the
>> new library as a response to these patches for a quick review.
>>
>> Thanks,
>> Tom
>>
>> On 3/8/24 09:29, Tom Lendacky wrote:
>>>
>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> <https://bugzilla.tianocore.org/show_bug.cgi?id=4654>
>>>
>>> This series adds SEV-SNP support for running OVMF under an Secure VM
>>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>>> By running at a less priviledged VMPL, the SVSM can be used to provide
>>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>>> confidential VM (CVM) rather than trust such services from the
>>> hypervisor.
>>>
>>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>>> certain SNP related operations that require that VMPL level.
>>> Specifically,
>>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>>> the VMSA attribute of a page (used when starting APs).
>>>
>>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>>> use an SVSM (which is running at VMPL0) to perform the operations that
>>> it is no longer able to perform.
>>>
>>> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
>>> it will be starting. As a result, the GHCB APIC ID retrieval action must
>>> be performed. Since this service can also work with SEV-SNP running at
>>> VMPL0, the patches to make use of this feature are near the beginning of
>>> the series.
>>>
>>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>>> specification [1] and the GHCB specification [2].
>>>
>>> This support creates a new AmdSvsmLib library that is used by MpInitLib.
>>> The edk2-platforms repo requires updates/patches to add the new library
>>> requirement. To accomodate that, this series could be split between:
>>>
>>> patch number 12:
>>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
>>> SVSM
>>>
>>> and patch number 13:
>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>>>
>>> The updates to edk2-platforms can be applied at the split.
>>>
>>> This series introduces support to run OVMF under an SVSM. It consists
>>> of:
>>> - Retrieving the list of vCPU APIC IDs and starting up all APs without
>>> performing a broadcast SIPI
>>> - Reorganizing the page state change support to not directly use the
>>> GHCB buffer since an SVSM will use the calling area buffer, instead
>>> - Detecting the presence of an SVSM
>>> - When not running at VMPL0, invoking the SVSM for page validation and
>>> VMSA page creation/deletion
>>> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>>> SVSM is present
>>>
>>> The series is based off of commit:
>>>
>>> e60529df58e4 ("UefiPayloadPkg: Make Dsc accomodative of other archs")
>>>
>>> [1]
>>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf <https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf>
>>> [2]
>>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf <https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf>
>>>
>>> Cc: Anatol Belski <anbelski@linux.microsoft.com>
>>> Cc: Anthony Perard <anthony.perard@citrix.com>
>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>> Cc: Corvin Köhne <corvink@freebsd.org>
>>> Cc: Erdem Aktas <erdemaktas@google.com>
>>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>>> Cc: Gua Guo <gua.guo@intel.com>
>>> Cc: Guo Dong <guo.dong@intel.com>
>>> Cc: James Lu <james.lu@intel.com>
>>> Cc: Jianyong Wu <jianyong.wu@arm.com>
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>>> Cc: Michael Roth <michael.roth@amd.com>
>>> Cc: Min Xu <min.m.xu@intel.com>
>>> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>>> Cc: Ray Ni <ray.ni@intel.com>
>>> Cc: Rebecca Cran <rebecca@bsdio.com>
>>> Cc: Sean Rhodes <sean@starlabs.systems>
>>> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>>>
>>> ---
>>>
>>> Changes in v3:
>>> - Renamed CcSvsmLib to a more AMD-specific AmdSvsmLib with corresponding
>>> function name changes
>>> - Moved the GHCB APIC ID list GUID definition from MdePkg to UefiCpuPkg
>>> and change the name from gEfiApicIdsGuid to gGhcbApicIdsGuid
>>> - Separated the OvmfPkg changes for the AmdSvsmLib into two patches:
>>> - First patch adds usage of the AmdSvsmLib NULL library
>>> - Second patch adds the OVMF AmdSvsmLib implementation
>>> - Updated the commit message for the OVMF AmdSvsmLib implementation to
>>> indicate that the base functionality for PVALIDATE and RMPADJUST was
>>> copied from the original locations in prep for converting those sites
>>> to using the library API.
>>>
>>> Changes in v2:
>>> - Move the APIC IDs retrieval support to the beginning of the patch
>>> series
>>> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
>>> - Split up Page State Change reorganization into multiple patches
>>> - Created CcSvsmLib library instead of extending CcExitLib
>>> - This will require a corresponding update to edk2-platform DSC
>>> files
>>> - Removed Ray Ni's Acked-by since it is not a minor change
>>> - Variable name changes and other misc changes
>>>
>>> Tom Lendacky (24):
>>> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>>> MdePkg: GHCB APIC ID retrieval support definitions
>>> UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is
>>> present
>>> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>>> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>>> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>>> Change
>>> MdePkg: Avoid hardcoded value for number of Page State Change entries
>>> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>> MdePkg/Register/Amd: Define the SVSM related information
>>> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
>>> SVSM
>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>>> Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
>>> Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
>>> UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
>>> OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate
>>> pages
>>> OvmfPkg: Create a calling area used to communicate with the SVSM
>>> OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>> OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls
>>> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>>> Ovmfpkg/CcExitLib: Provide SVSM discovery support
>>> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>>> VMPL0
>>>
>>>
>>> OvmfPkg/OvmfPkg.dec
>>> | 4 +
>>>
>>> UefiCpuPkg/UefiCpuPkg.dec
>>> | 8 +-
>>>
>>> OvmfPkg/AmdSev/AmdSevX64.dsc
>>> | 1 +
>>>
>>> OvmfPkg/Bhyve/BhyveX64.dsc
>>> | 1 +
>>>
>>> OvmfPkg/CloudHv/CloudHvX64.dsc
>>> | 1 +
>>>
>>> OvmfPkg/IntelTdx/IntelTdxX64.dsc
>>> | 1 +
>>>
>>> OvmfPkg/Microvm/MicrovmX64.dsc
>>> | 1 +
>>>
>>> OvmfPkg/OvmfPkgIa32.dsc
>>> | 1 +
>>>
>>> OvmfPkg/OvmfPkgIa32X64.dsc
>>> | 3 +-
>>>
>>> OvmfPkg/OvmfPkgX64.dsc
>>> | 1 +
>>>
>>> OvmfPkg/OvmfXen.dsc
>>> | 1 +
>>>
>>> UefiCpuPkg/UefiCpuPkg.dsc
>>> | 4 +-
>>>
>>> UefiPayloadPkg/UefiPayloadPkg.dsc
>>> | 1 +
>>>
>>> OvmfPkg/AmdSev/AmdSevX64.fdf
>>> | 9 +-
>>>
>>> OvmfPkg/OvmfPkgX64.fdf
>>> | 3 +
>>>
>>> MdePkg/Library/BaseLib/BaseLib.inf
>>> | 2 +
>>>
>>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
>>> | 38 ++
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
>>> | 3 +-
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
>>> | 3 +-
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
>>> | 3 +-
>>>
>>> OvmfPkg/Library/CcExitLib/CcExitLib.inf
>>> | 3 +-
>>>
>>> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
>>> | 3 +-
>>>
>>> OvmfPkg/PlatformPei/PlatformPei.inf
>>> | 3 +
>>>
>>> OvmfPkg/ResetVector/ResetVector.inf
>>> | 2 +
>>>
>>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>>> | 27 ++
>>>
>>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
>>> | 2 +
>>>
>>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
>>> | 2 +
>>>
>>> MdePkg/Include/Library/BaseLib.h
>>> | 39 ++
>>>
>>> MdePkg/Include/Register/Amd/Fam17Msr.h
>>> | 19 +-
>>>
>>> MdePkg/Include/Register/Amd/Ghcb.h
>>> | 19 +-
>>>
>>> MdePkg/Include/Register/Amd/Msr.h
>>> | 3 +-
>>>
>>> MdePkg/Include/Register/Amd/Svsm.h
>>> | 101 ++++
>>>
>>> MdePkg/Include/Register/Amd/SvsmMsr.h
>>> | 35 ++
>>>
>>> OvmfPkg/Include/WorkArea.h
>>> | 9 +-
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
>>> | 6 +-
>>>
>>> UefiCpuPkg/Include/Guid/GhcbApicIds.h
>>> | 17 +
>>>
>>> UefiCpuPkg/Include/Library/AmdSvsmLib.h
>>> | 101 ++++
>>>
>>> UefiCpuPkg/Library/MpInitLib/MpLib.h
>>> | 29 +-
>>>
>>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
>>> | 500 ++++++++++++++++++++
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
>>> | 11 +-
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>>> | 27 +-
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
>>> | 22 +-
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
>>> | 31 +-
>>>
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
>>> | 206 ++++----
>>>
>>> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
>>> | 29 +-
>>>
>>> OvmfPkg/PlatformPei/AmdSev.c
>>> | 103 +++-
>>>
>>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
>>> | 108 +++++
>>>
>>> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
>>> | 21 +-
>>>
>>> UefiCpuPkg/Library/MpInitLib/MpLib.c
>>> | 9 +-
>>>
>>> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
>>> | 134 ++++--
>>>
>>> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>>> | 39 ++
>>>
>>> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>> | 94 ++++
>>>
>>> OvmfPkg/ResetVector/ResetVector.nasmb
>>> | 6 +-
>>>
>>> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
>>> | 11 +-
>>>
>>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>>> | 13 +
>>> 55 files changed, 1641 insertions(+), 232 deletions(-)
>>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
>>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>>> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>>> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>>> create mode 100644 UefiCpuPkg/Include/Guid/GhcbApicIds.h
>>> create mode 100644 UefiCpuPkg/Include/Library/AmdSvsmLib.h
>>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
>>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
>>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>>>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117372): https://edk2.groups.io/g/devel/message/117372
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
[not found] ` <17C28950368F582E.9676@groups.io>
@ 2024-04-12 14:02 ` Lendacky, Thomas via groups.io
2024-04-12 15:05 ` Ard Biesheuvel
0 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-04-12 14:02 UTC (permalink / raw)
To: devel, Jiewen Yao, Liming Gao, Zhiguang Liu, Michael D Kinney,
Gua Guo, Guo Dong, James Lu, Sean Rhodes, Rahul Kumar
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Min Xu, Michael Roth,
Anatol Belski, Anthony Perard, Corvin Köhne, Jianyong Wu,
Rebecca Cran, Ray Ni
Re-pinging the list/maintainers, again. I need reviews from the
maintainers on patches #2, #7, #10, #11 and #13.
Once I get final approval, I'll submit the change to edk2-platforms for
the new library as a reply to this series for a quick review.
Thanks,
Tom
On 4/2/24 13:16, Lendacky, Thomas via groups.io wrote:
> Re-pinging the list/maintainers. Still awaiting feedback/reviews/acks on
> the changes.
>
> Thanks,
> Tom
>
> On 3/26/24 13:34, Tom Lendacky wrote:
>> Any issues with this version of the series? Still looking for
>> Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related
>> patches.
>>
>> Once I get those, I'll submit the edk2-platform patches to support the
>> new library as a response to these patches for a quick review.
>>
>> Thanks,
>> Tom
>>
>> On 3/8/24 09:29, Tom Lendacky wrote:
>>>
>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>>>
>>> This series adds SEV-SNP support for running OVMF under an Secure VM
>>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>>> By running at a less priviledged VMPL, the SVSM can be used to provide
>>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>>> confidential VM (CVM) rather than trust such services from the hypervisor.
>>>
>>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
>>> certain SNP related operations that require that VMPL level. Specifically,
>>> the PVALIDATE instruction and the RMPADJUST instruction when setting the
>>> the VMSA attribute of a page (used when starting APs).
>>>
>>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>>> use an SVSM (which is running at VMPL0) to perform the operations that
>>> it is no longer able to perform.
>>>
>>> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
>>> it will be starting. As a result, the GHCB APIC ID retrieval action must
>>> be performed. Since this service can also work with SEV-SNP running at
>>> VMPL0, the patches to make use of this feature are near the beginning of
>>> the series.
>>>
>>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>>> specification [1] and the GHCB specification [2].
>>>
>>> This support creates a new AmdSvsmLib library that is used by MpInitLib.
>>> The edk2-platforms repo requires updates/patches to add the new library
>>> requirement. To accomodate that, this series could be split between:
>>>
>>> patch number 12:
>>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
>>>
>>> and patch number 13:
>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>>>
>>> The updates to edk2-platforms can be applied at the split.
>>>
>>> This series introduces support to run OVMF under an SVSM. It consists
>>> of:
>>> - Retrieving the list of vCPU APIC IDs and starting up all APs without
>>> performing a broadcast SIPI
>>> - Reorganizing the page state change support to not directly use the
>>> GHCB buffer since an SVSM will use the calling area buffer, instead
>>> - Detecting the presence of an SVSM
>>> - When not running at VMPL0, invoking the SVSM for page validation and
>>> VMSA page creation/deletion
>>> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
>>> SVSM is present
>>>
>>> The series is based off of commit:
>>>
>>> e60529df58e4 ("UefiPayloadPkg: Make Dsc accomodative of other archs")
>>>
>>> [1]
>>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
>>> [2]
>>> https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
>>>
>>> Cc: Anatol Belski <anbelski@linux.microsoft.com>
>>> Cc: Anthony Perard <anthony.perard@citrix.com>
>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>> Cc: Corvin Köhne <corvink@freebsd.org>
>>> Cc: Erdem Aktas <erdemaktas@google.com>
>>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>>> Cc: Gua Guo <gua.guo@intel.com>
>>> Cc: Guo Dong <guo.dong@intel.com>
>>> Cc: James Lu <james.lu@intel.com>
>>> Cc: Jianyong Wu <jianyong.wu@arm.com>
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>>> Cc: Michael Roth <michael.roth@amd.com>
>>> Cc: Min Xu <min.m.xu@intel.com>
>>> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>>> Cc: Ray Ni <ray.ni@intel.com>
>>> Cc: Rebecca Cran <rebecca@bsdio.com>
>>> Cc: Sean Rhodes <sean@starlabs.systems>
>>> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>>>
>>> ---
>>>
>>> Changes in v3:
>>> - Renamed CcSvsmLib to a more AMD-specific AmdSvsmLib with corresponding
>>> function name changes
>>> - Moved the GHCB APIC ID list GUID definition from MdePkg to UefiCpuPkg
>>> and change the name from gEfiApicIdsGuid to gGhcbApicIdsGuid
>>> - Separated the OvmfPkg changes for the AmdSvsmLib into two patches:
>>> - First patch adds usage of the AmdSvsmLib NULL library
>>> - Second patch adds the OVMF AmdSvsmLib implementation
>>> - Updated the commit message for the OVMF AmdSvsmLib implementation to
>>> indicate that the base functionality for PVALIDATE and RMPADJUST was
>>> copied from the original locations in prep for converting those sites
>>> to using the library API.
>>>
>>> Changes in v2:
>>> - Move the APIC IDs retrieval support to the beginning of the patch series
>>> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
>>> - Split up Page State Change reorganization into multiple patches
>>> - Created CcSvsmLib library instead of extending CcExitLib
>>> - This will require a corresponding update to edk2-platform DSC files
>>> - Removed Ray Ni's Acked-by since it is not a minor change
>>> - Variable name changes and other misc changes
>>>
>>> Tom Lendacky (24):
>>> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>>> MdePkg: GHCB APIC ID retrieval support definitions
>>> UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is
>>> present
>>> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>>> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>>> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>>> Change
>>> MdePkg: Avoid hardcoded value for number of Page State Change entries
>>> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
>>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>> MdePkg/Register/Amd: Define the SVSM related information
>>> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>>> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an
>>> SVSM
>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>>> Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
>>> Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
>>> UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA
>>> OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate
>>> pages
>>> OvmfPkg: Create a calling area used to communicate with the SVSM
>>> OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
>>> OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls
>>> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>>> Ovmfpkg/CcExitLib: Provide SVSM discovery support
>>> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at
>>> VMPL0
>>>
>>> OvmfPkg/OvmfPkg.dec | 4 +
>>> UefiCpuPkg/UefiCpuPkg.dec | 8 +-
>>> OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
>>> OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
>>> OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
>>> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
>>> OvmfPkg/Microvm/MicrovmX64.dsc | 1 +
>>> OvmfPkg/OvmfPkgIa32.dsc | 1 +
>>> OvmfPkg/OvmfPkgIa32X64.dsc | 3 +-
>>> OvmfPkg/OvmfPkgX64.dsc | 1 +
>>> OvmfPkg/OvmfXen.dsc | 1 +
>>> UefiCpuPkg/UefiCpuPkg.dsc | 4 +-
>>> UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
>>> OvmfPkg/AmdSev/AmdSevX64.fdf | 9 +-
>>> OvmfPkg/OvmfPkgX64.fdf | 3 +
>>> MdePkg/Library/BaseLib/BaseLib.inf | 2 +
>>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf | 38 ++
>>> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 3 +-
>>> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 3 +-
>>> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | 3 +-
>>> OvmfPkg/Library/CcExitLib/CcExitLib.inf | 3 +-
>>> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 3 +-
>>> OvmfPkg/PlatformPei/PlatformPei.inf | 3 +
>>> OvmfPkg/ResetVector/ResetVector.inf | 2 +
>>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf | 27 ++
>>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 2 +
>>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 2 +
>>> MdePkg/Include/Library/BaseLib.h | 39 ++
>>> MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +-
>>> MdePkg/Include/Register/Amd/Ghcb.h | 19 +-
>>> MdePkg/Include/Register/Amd/Msr.h | 3 +-
>>> MdePkg/Include/Register/Amd/Svsm.h | 101 ++++
>>> MdePkg/Include/Register/Amd/SvsmMsr.h | 35 ++
>>> OvmfPkg/Include/WorkArea.h | 9 +-
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 6 +-
>>> UefiCpuPkg/Include/Guid/GhcbApicIds.h | 17 +
>>> UefiCpuPkg/Include/Library/AmdSvsmLib.h | 101 ++++
>>> UefiCpuPkg/Library/MpInitLib/MpLib.h | 29 +-
>>> OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 500 ++++++++++++++++++++
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c |
>>> 11 +-
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 27 +-
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c |
>>> 22 +-
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c |
>>> 31 +-
>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
>>> 206 ++++----
>>> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 +-
>>> OvmfPkg/PlatformPei/AmdSev.c | 103 +++-
>>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c | 108 +++++
>>> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 21 +-
>>> UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 +-
>>> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 134 ++++--
>>> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++
>>> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++
>>> OvmfPkg/ResetVector/ResetVector.nasmb | 6 +-
>>> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 +-
>>> UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni | 13 +
>>> 55 files changed, 1641 insertions(+), 232 deletions(-)
>>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
>>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>>> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>>> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>>> create mode 100644 UefiCpuPkg/Include/Guid/GhcbApicIds.h
>>> create mode 100644 UefiCpuPkg/Include/Library/AmdSvsmLib.h
>>> create mode 100644 OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
>>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
>>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>> create mode 100644 UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
>>>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117667): https://edk2.groups.io/g/devel/message/117667
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
2024-04-12 14:02 ` Lendacky, Thomas via groups.io
@ 2024-04-12 15:05 ` Ard Biesheuvel
2024-04-12 15:14 ` Lendacky, Thomas via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Ard Biesheuvel @ 2024-04-12 15:05 UTC (permalink / raw)
To: Tom Lendacky, Liming Gao, Michael D Kinney, Ray Ni
Cc: devel, Jiewen Yao, Zhiguang Liu, Gua Guo, Guo Dong, James Lu,
Sean Rhodes, Rahul Kumar, Erdem Aktas, Gerd Hoffmann, Min Xu,
Michael Roth, Anatol Belski, Anthony Perard, Corvin Köhne,
Jianyong Wu, Rebecca Cran
On Fri, 12 Apr 2024 at 16:02, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
> Re-pinging the list/maintainers, again. I need reviews from the
> maintainers on patches #2, #7, #10, #11 and #13.
>
> Once I get final approval, I'll submit the change to edk2-platforms for
> the new library as a reply to this series for a quick review.
>
So this is MdePkg and UefiCpuPkg, right?
@Liming, Mike, Ray: please let me know if you are ok with these
changes, or whether there are any objections.
I intend to merge this somewhere next week unless there are issues raised.
Thanks,
Ard.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117709): https://edk2.groups.io/g/devel/message/117709
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
2024-04-12 15:05 ` Ard Biesheuvel
@ 2024-04-12 15:14 ` Lendacky, Thomas via groups.io
2024-04-16 8:41 ` Ard Biesheuvel
0 siblings, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-04-12 15:14 UTC (permalink / raw)
To: Ard Biesheuvel, Liming Gao, Michael D Kinney, Ray Ni, Gua Guo,
Guo Dong, Zhiguang Liu, James Lu, Sean Rhodes
Cc: devel, Jiewen Yao, Rahul Kumar, Erdem Aktas, Gerd Hoffmann,
Min Xu, Michael Roth, Anatol Belski, Anthony Perard,
Corvin Köhne, Jianyong Wu, Rebecca Cran
On 4/12/24 10:05, Ard Biesheuvel wrote:
> On Fri, 12 Apr 2024 at 16:02, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>>
>> Re-pinging the list/maintainers, again. I need reviews from the
>> maintainers on patches #2, #7, #10, #11 and #13.
>>
>> Once I get final approval, I'll submit the change to edk2-platforms for
>> the new library as a reply to this series for a quick review.
>>
>
> So this is MdePkg and UefiCpuPkg, right?
MdePkg and UefiPayloadPkg.
>
> @Liming, Mike, Ray: please let me know if you are ok with these
Ray already reviewed/acked the UefiCpuPkg patches.
Looking for
MdePkg: Liming, Mike or Zhiguang
UefiPayloadPkg: Gua, Guo, James or Sean
> changes, or whether there are any objections.
>
> I intend to merge this somewhere next week unless there are issues raised.
I'll submit the edk2-platforms series (2 patches, one for Platform/AMD and
one for Platform/Intel) on Monday, just to have out there.
Thanks,
Tom
>
> Thanks,
> Ard.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117717): https://edk2.groups.io/g/devel/message/117717
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
@ 2024-04-12 18:43 ` Guo Dong
0 siblings, 0 replies; 57+ messages in thread
From: Guo Dong @ 2024-04-12 18:43 UTC (permalink / raw)
To: Tom Lendacky, devel
Cc: Ard Biesheuvel, Aktas, Erdem, Gerd Hoffmann, Yao, Jiewen,
Laszlo Ersek, Liming Gao, Kinney, Michael D, Xu, Min M, Liu,
Zhiguang, Kumar, Rahul R, Ni, Ray, Michael Roth, Guo, Gua, Lu,
James, Rhodes, Sean
Reviewed-by: Guo Dong <guo.dong@intel.com>
-----Original Message-----
From: Tom Lendacky <thomas.lendacky@amd.com>
Sent: Friday, March 8, 2024 8:30 AM
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>; Guo, Gua <gua.guo@intel.com>; Dong, Guo <guo.dong@intel.com>; Lu, James <james.lu@intel.com>; Rhodes, Sean <sean@starlabs.systems>
Subject: [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new AmdSvsmLib library.
To prevent any build breakage, update the UefiPayloadPkg DSC file to include the AmdSvsmLib NULL library.
Cc: Gua Guo <gua.guo@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: James Lu <james.lu@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 433fb51a5695..e1b9d5ecf182 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -313,6 +313,7 @@ [LibraryClasses]
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
FdtLib|MdePkg/Library/BaseFdtLib/BaseFdtLib.inf
[LibraryClasses.common]
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117718): https://edk2.groups.io/g/devel/message/117718
Mute This Topic: https://groups.io/mt/104810720/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
` (24 preceding siblings ...)
2024-03-26 18:34 ` [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
@ 2024-04-15 15:01 ` Lendacky, Thomas via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files Lendacky, Thomas via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 2/2] Platform/Intel: " Lendacky, Thomas via groups.io
25 siblings, 2 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-04-15 15:01 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Gerd Hoffmann, Michael Roth, Min Xu,
Leif Lindholm, Michael D Kinney, Laszlo Ersek, Abner Chang,
Abdul Lateef Attar, Eric Xing, Sai Chaganty, Nate DeSimone,
Chasel Chiu, Kelly Steele, Zailiang Sun
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library was recently updated to use a new library,
AmdSvsmLib. This series adds the AmdSvsmLib library to all DSC files
that use the (non UP) MpInitLib library.
It is meant to be applied in conjunction with the SVSM support series,
after patch number 12:
UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
and before patch number 13:
UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
The series is based off of commit:
b0c48acdc6a0 ("VirtualKeyboardFeaturePkg: Update the comments of ReadKeyStroke and ReadKeyStrokeEx - mantis #2131")
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Abdul Lateef Attar <abdattar@amd.com>
Cc: Eric Xing <eric.xing@amd.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Abdul Lateef Attar <abdattar@amd.com>
Cc: Eric Xing <eric.xing@amd.com>
Cc: Sai Chaganty <rangasai.v.chaganty@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
---
Tom Lendacky (2):
Platform/AMD: Add AmdSvsmLib to required DSC files
Platform/Intel: Add AmdSvsmLib to required DSC files
Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc | 3 ++-
Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc | 1 +
Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkg.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 1 +
Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc | 1 +
6 files changed, 7 insertions(+), 1 deletion(-)
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117789): https://edk2.groups.io/g/devel/message/117789
Mute This Topic: https://groups.io/mt/105537725/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-15 15:01 ` [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library Lendacky, Thomas via groups.io
@ 2024-04-15 15:01 ` Lendacky, Thomas via groups.io
2024-04-18 0:59 ` Chang, Abner via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 2/2] Platform/Intel: " Lendacky, Thomas via groups.io
1 sibling, 1 reply; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-04-15 15:01 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Gerd Hoffmann, Michael Roth, Min Xu,
Leif Lindholm, Michael D Kinney, Abner Chang, Abdul Lateef Attar,
Eric Xing
Any DSC file that uses the UefiCpuPkg MpInitLib library now requires the
AmdSvsmLib library. Update the DSC files to include the AmdSvsmLib NULL
library implementation. Also, fix the specification of VmgExitLib as it
was renamed to CcExitLib.
Cc: Abner Chang <abner.chang@amd.com>
Cc: Abdul Lateef Attar <abdattar@amd.com>
Cc: Eric Xing <eric.xing@amd.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
index 20f06dd851..e478e0b0c2 100644
--- a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
+++ b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
@@ -371,7 +371,8 @@
[LibraryClasses.common]
RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf
- VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+ CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
[PcdsFixedAtBuild]
gEfiAmdAgesaPkgTokenSpaceGuid.PcdFchOemBeforePciRestoreSwSmi|0xEA
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117791): https://edk2.groups.io/g/devel/message/117791
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* [edk2-devel] [PATCH 2/2] Platform/Intel: Add AmdSvsmLib to required DSC files
2024-04-15 15:01 ` [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library Lendacky, Thomas via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files Lendacky, Thomas via groups.io
@ 2024-04-15 15:01 ` Lendacky, Thomas via groups.io
1 sibling, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-04-15 15:01 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Gerd Hoffmann, Michael Roth, Min Xu,
Leif Lindholm, Michael D Kinney, Sai Chaganty, Nate DeSimone,
Chasel Chiu, Kelly Steele, Zailiang Sun
Any DSC file that uses the UefiCpuPkg MpInitLib library now requires the
AmdSvsmLib library. Update the DSC files to include the AmdSvsmLib NULL
library implementation.
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sai Chaganty <rangasai.v.chaganty@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc | 1 +
Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkg.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 1 +
Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc | 1 +
5 files changed, 5 insertions(+)
diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc
index 80cc129042..55a67f88b7 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeLib.dsc
@@ -38,6 +38,7 @@
Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
[LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
VariableReadLib|MinPlatformPkg/Library/DxeRuntimeVariableReadLib/DxeRuntimeVariableReadLib.inf
diff --git a/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkg.dsc b/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkg.dsc
index 3257156d23..95214a6333 100644
--- a/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkg.dsc
+++ b/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkg.dsc
@@ -133,6 +133,7 @@
PeiResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
#####################################
# Silicon Package
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index 0c66705377..6e5ad2006d 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -163,6 +163,7 @@
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
#
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 0689f275f1..31e15d1479 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -165,6 +165,7 @@
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
#
diff --git a/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc b/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc
index 9452867edb..aae5d05cc5 100644
--- a/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc
+++ b/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc
@@ -596,6 +596,7 @@
PciSegmentInfoLib|$(PLATFORM_PKG)/Pci/Library/PciSegmentInfoLibSimple/PciSegmentInfoLibSimple.inf
PlatformOpromPolicyLib|$(RP_PKG)/Library/PlatformOpromPolicyLibNull/PlatformOpromPolicyLibNull.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
+ AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
CrcLib|WhitleyOpenBoardPkg/Library/BaseCrcLib/BaseCrcLib.inf
PlatformSpecificAcpiTableLib|WhitleyOpenBoardPkg/Library/PlatformSpecificAcpiTableLibNull/PlatformSpecificAcpiTableLibNull.inf
BuildAcpiTablesLib|WhitleyOpenBoardPkg/Library/BuildAcpiTablesLib/DxeBuildAcpiTablesLib.inf
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117790): https://edk2.groups.io/g/devel/message/117790
Mute This Topic: https://groups.io/mt/105537730/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
2024-04-12 15:14 ` Lendacky, Thomas via groups.io
@ 2024-04-16 8:41 ` Ard Biesheuvel
0 siblings, 0 replies; 57+ messages in thread
From: Ard Biesheuvel @ 2024-04-16 8:41 UTC (permalink / raw)
To: Tom Lendacky, Leif Lindholm, Andrew Fish
Cc: Liming Gao, Michael D Kinney, Ray Ni, Gua Guo, Guo Dong,
Zhiguang Liu, James Lu, Sean Rhodes, devel, Jiewen Yao,
Rahul Kumar, Erdem Aktas, Gerd Hoffmann, Min Xu, Michael Roth,
Anatol Belski, Anthony Perard, Corvin Köhne, Jianyong Wu,
Rebecca Cran
(cc'ing the stewards)
On Fri, 12 Apr 2024 at 17:14, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
> On 4/12/24 10:05, Ard Biesheuvel wrote:
> > On Fri, 12 Apr 2024 at 16:02, Tom Lendacky <thomas.lendacky@amd.com> wrote:
> >>
> >> Re-pinging the list/maintainers, again. I need reviews from the
> >> maintainers on patches #2, #7, #10, #11 and #13.
> >>
> >> Once I get final approval, I'll submit the change to edk2-platforms for
> >> the new library as a reply to this series for a quick review.
> >>
> >
> > So this is MdePkg and UefiCpuPkg, right?
>
> MdePkg and UefiPayloadPkg.
>
> >
> > @Liming, Mike, Ray: please let me know if you are ok with these
>
> Ray already reviewed/acked the UefiCpuPkg patches.
>
> Looking for
> MdePkg: Liming, Mike or Zhiguang
> UefiPayloadPkg: Gua, Guo, James or Sean
>
Given the lack of objections by these maintainers, I will go ahead and
merge this series tomorrow.
> > changes, or whether there are any objections.
> >
> > I intend to merge this somewhere next week unless there are issues raised.
>
> I'll submit the edk2-platforms series (2 patches, one for Platform/AMD and
> one for Platform/Intel) on Monday, just to have out there.
>
Noted. I will merge this in two phases, and merge the [trivial]
edk2-platforms pieces in between to preserve some notion of
monotonicity between the repos.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117867): https://edk2.groups.io/g/devel/message/117867
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-15 15:01 ` [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files Lendacky, Thomas via groups.io
@ 2024-04-18 0:59 ` Chang, Abner via groups.io
2024-04-18 1:53 ` Xing, Eric via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Chang, Abner via groups.io @ 2024-04-18 0:59 UTC (permalink / raw)
To: Lendacky, Thomas, devel
Cc: Ard Biesheuvel, Gerd Hoffmann, Roth, Michael, Min Xu,
Leif Lindholm, Michael D Kinney, Attar,
AbdulLateef (Abdul Lateef),
Xing, Eric
[AMD Official Use Only - General]
Reviewed-by: <abner.chang@amd.com>
Thanks
> -----Original Message-----
> From: Lendacky, Thomas <Thomas.Lendacky@amd.com>
> Sent: Monday, April 15, 2024 11:01 PM
> To: devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann
> <kraxel@redhat.com>; Roth, Michael <Michael.Roth@amd.com>; Min Xu
> <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Michael D
> Kinney <michael.d.kinney@intel.com>; Chang, Abner
> <Abner.Chang@amd.com>; Attar, AbdulLateef (Abdul Lateef)
> <AbdulLateef.Attar@amd.com>; Xing, Eric <Eric.Xing@amd.com>
> Subject: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
>
> Any DSC file that uses the UefiCpuPkg MpInitLib library now requires the
> AmdSvsmLib library. Update the DSC files to include the AmdSvsmLib NULL
> library implementation. Also, fix the specification of VmgExitLib as it
> was renamed to CcExitLib.
>
> Cc: Abner Chang <abner.chang@amd.com>
> Cc: Abdul Lateef Attar <abdattar@amd.com>
> Cc: Eric Xing <eric.xing@amd.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> index 20f06dd851..e478e0b0c2 100644
> --- a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> +++ b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> @@ -371,7 +371,8 @@
>
> [LibraryClasses.common]
>
> RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf
> - VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
> + CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> + AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>
> [PcdsFixedAtBuild]
> gEfiAmdAgesaPkgTokenSpaceGuid.PcdFchOemBeforePciRestoreSwSmi|0xEA
> --
> 2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117939): https://edk2.groups.io/g/devel/message/117939
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-18 0:59 ` Chang, Abner via groups.io
@ 2024-04-18 1:53 ` Xing, Eric via groups.io
[not found] ` <DS0PR12MB9445C820230BA65D290D6451F60E2@DS0PR12MB9445.namprd12.prod.outlook.com>
0 siblings, 1 reply; 57+ messages in thread
From: Xing, Eric via groups.io @ 2024-04-18 1:53 UTC (permalink / raw)
To: Chang, Abner, Lendacky, Thomas, devel, Zhai, MingXin (Duke), Yao, Ken
Cc: Ard Biesheuvel, Gerd Hoffmann, Roth, Michael, Min Xu,
Leif Lindholm, Michael D Kinney, Attar,
AbdulLateef (Abdul Lateef)
[AMD Official Use Only - General]
Thanks Thomas and Abner.
Reviewed-by: <eric.xing@amd.com>
For up-stream, please let us verify it first:
@Zhai, MingXin (Duke), Duke, please help verify this change on Chachani Board and feedback.
Thanks,
Eric
> -----Original Message-----
> From: Chang, Abner <Abner.Chang@amd.com>
> Sent: Thursday, April 18, 2024 8:59 AM
> To: Lendacky, Thomas <Thomas.Lendacky@amd.com>;
> devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann
> <kraxel@redhat.com>; Roth, Michael <Michael.Roth@amd.com>; Min Xu
> <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
> Michael D Kinney <michael.d.kinney@intel.com>; Attar, AbdulLateef (Abdul
> Lateef) <AbdulLateef.Attar@amd.com>; Xing, Eric <Eric.Xing@amd.com>
> Subject: RE: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
> files
>
> [AMD Official Use Only - General]
>
> Reviewed-by: <abner.chang@amd.com>
>
> Thanks
>
> > -----Original Message-----
> > From: Lendacky, Thomas <Thomas.Lendacky@amd.com>
> > Sent: Monday, April 15, 2024 11:01 PM
> > To: devel@edk2.groups.io
> > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann
> > <kraxel@redhat.com>; Roth, Michael <Michael.Roth@amd.com>; Min Xu
> > <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
> > Michael D Kinney <michael.d.kinney@intel.com>; Chang, Abner
> > <Abner.Chang@amd.com>; Attar, AbdulLateef (Abdul Lateef)
> > <AbdulLateef.Attar@amd.com>; Xing, Eric <Eric.Xing@amd.com>
> > Subject: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
> > files
> >
> > Any DSC file that uses the UefiCpuPkg MpInitLib library now requires
> > the AmdSvsmLib library. Update the DSC files to include the AmdSvsmLib
> > NULL library implementation. Also, fix the specification of VmgExitLib
> > as it was renamed to CcExitLib.
> >
> > Cc: Abner Chang <abner.chang@amd.com>
> > Cc: Abdul Lateef Attar <abdattar@amd.com>
> > Cc: Eric Xing <eric.xing@amd.com>
> > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> > ---
> > Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> > b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> > index 20f06dd851..e478e0b0c2 100644
> > --- a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> > +++ b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> > @@ -371,7 +371,8 @@
> >
> > [LibraryClasses.common]
> >
> > RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterL
> > RegisterFilterLib|ibNull.inf
> > - VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
> > + CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> > + AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
> >
> > [PcdsFixedAtBuild]
> >
> gEfiAmdAgesaPkgTokenSpaceGuid.PcdFchOemBeforePciRestoreSwSmi|0xEA
> > --
> > 2.43.2
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117941): https://edk2.groups.io/g/devel/message/117941
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
[not found] ` <fc020d25-6afa-8dcb-0b19-397b075be4e6@amd.com>
@ 2024-04-19 7:05 ` Zhai, MingXin (Duke) via groups.io
2024-04-19 8:10 ` Xing, Eric via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Zhai, MingXin (Duke) via groups.io @ 2024-04-19 7:05 UTC (permalink / raw)
To: Lendacky, Thomas, Xing, Eric, Chang, Abner, Yao, Ken, devel
Cc: Roth, Michael, Attar, AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm,
Leif Lindholm
[AMD Official Use Only - General]
Hi Thomas,
Yes, I agree with your opinion, edk2-platforms should be able to build against the latest edk2 repo. That is why we plan to update VanGoghBoard to support latest EDK2, In fact we are doing QA testing.
I think every change on VanGoghBoard need ensure system can works properly. But if I apply this patch and use the latest EDK2 version to build, it will encounter error because it requires other code changes(Such as including new libraries).
So my point is, Let me upload VanGoghBoard related changes after passing full QA testing.
Thanks!
-----Original Message-----
From: Lendacky, Thomas <Thomas.Lendacky@amd.com>
Sent: Friday, April 19, 2024 12:03 AM
To: Zhai, MingXin (Duke) <duke.zhai@amd.com>; Xing, Eric <Eric.Xing@amd.com>; Chang, Abner <Abner.Chang@amd.com>; Yao, Ken <Ken.Yao@amd.com>
Cc: Roth, Michael <Michael.Roth@amd.com>; Attar, AbdulLateef (Abdul Lateef) <AbdulLateef.Attar@amd.com>
Subject: Re: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
On 4/18/24 05:02, Zhai, MingXin (Duke) wrote:
> [AMD Official Use Only - General]
>
> Hi Thomas,
>
> this patch looks like for newer EDK2 codebase, but VanGoghBoard is based on EDK2_202208 now, and will encounter build issues if this patch is applied.
> We have plans to update the EDK2 codebase to EDK2_202402. So I thought
> it would be better to add this change when we update the EDK2 code
> base😊
I thought the latest edk2-platforms repo was supposed to be able to build against the latest edk2 repo. If your VanGoghBoard is based on a particular edk2 tag, then you should probably have a tag in edk2-platforms so that you can have a version of the edk2-platform code that works with a version of the edk2 code, no?
Why is this a private email? This discussion should be on the list so that the maintainer(s) can decide what to do based on the discussion.
Thanks,
Tom
>
>
> Thanks!
>
> -----Original Message-----
> From: Xing, Eric <Eric.Xing@amd.com>
> Sent: Thursday, April 18, 2024 9:54 AM
> To: Chang, Abner <Abner.Chang@amd.com>; Lendacky, Thomas
> <Thomas.Lendacky@amd.com>; devel@edk2.groups.io; Zhai, MingXin (Duke)
> <duke.zhai@amd.com>; Yao, Ken <Ken.Yao@amd.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann
> <kraxel@redhat.com>; Roth, Michael <Michael.Roth@amd.com>; Min Xu
> <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
> Michael D Kinney <michael.d.kinney@intel.com>; Attar, AbdulLateef
> (Abdul Lateef) <AbdulLateef.Attar@amd.com>
> Subject: RE: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
> files
>
> [AMD Official Use Only - General]
>
> Thanks Thomas and Abner.
> Reviewed-by: <eric.xing@amd.com>
>
> For up-stream, please let us verify it first:
> @Zhai, MingXin (Duke), Duke, please help verify this change on Chachani Board and feedback.
>
> Thanks,
> Eric
>
>> -----Original Message-----
>> From: Chang, Abner <Abner.Chang@amd.com>
>> Sent: Thursday, April 18, 2024 8:59 AM
>> To: Lendacky, Thomas <Thomas.Lendacky@amd.com>; devel@edk2.groups.io
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann
>> <kraxel@redhat.com>; Roth, Michael <Michael.Roth@amd.com>; Min Xu
>> <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
>> Michael D Kinney <michael.d.kinney@intel.com>; Attar, AbdulLateef
>> (Abdul
>> Lateef) <AbdulLateef.Attar@amd.com>; Xing, Eric <Eric.Xing@amd.com>
>> Subject: RE: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
>> files
>>
>> [AMD Official Use Only - General]
>>
>> Reviewed-by: <abner.chang@amd.com>
>>
>> Thanks
>>
>>> -----Original Message-----
>>> From: Lendacky, Thomas <Thomas.Lendacky@amd.com>
>>> Sent: Monday, April 15, 2024 11:01 PM
>>> To: devel@edk2.groups.io
>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann
>>> <kraxel@redhat.com>; Roth, Michael <Michael.Roth@amd.com>; Min Xu
>>> <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
>>> Michael D Kinney <michael.d.kinney@intel.com>; Chang, Abner
>>> <Abner.Chang@amd.com>; Attar, AbdulLateef (Abdul Lateef)
>>> <AbdulLateef.Attar@amd.com>; Xing, Eric <Eric.Xing@amd.com>
>>> Subject: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
>>> files
>>>
>>> Any DSC file that uses the UefiCpuPkg MpInitLib library now requires
>>> the AmdSvsmLib library. Update the DSC files to include the
>>> AmdSvsmLib NULL library implementation. Also, fix the specification
>>> of VmgExitLib as it was renamed to CcExitLib.
>>>
>>> Cc: Abner Chang <abner.chang@amd.com>
>>> Cc: Abdul Lateef Attar <abdattar@amd.com>
>>> Cc: Eric Xing <eric.xing@amd.com>
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>>> ---
>>> Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc | 3 ++-
>>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
>>> b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
>>> index 20f06dd851..e478e0b0c2 100644
>>> --- a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
>>> +++ b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
>>> @@ -371,7 +371,8 @@
>>>
>>> [LibraryClasses.common]
>>>
>>> RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilte
>>> RegisterFilterLib|rL
>>> RegisterFilterLib|ibNull.inf
>>> - VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
>>> + CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
>>> + AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
>>>
>>> [PcdsFixedAtBuild]
>>>
>> gEfiAmdAgesaPkgTokenSpaceGuid.PcdFchOemBeforePciRestoreSwSmi|0xEA
>>> --
>>> 2.43.2
>>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118007): https://edk2.groups.io/g/devel/message/118007
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 7:05 ` Zhai, MingXin (Duke) via groups.io
@ 2024-04-19 8:10 ` Xing, Eric via groups.io
2024-04-19 8:26 ` Ard Biesheuvel
0 siblings, 1 reply; 57+ messages in thread
From: Xing, Eric via groups.io @ 2024-04-19 8:10 UTC (permalink / raw)
To: Zhai, MingXin (Duke), Lendacky, Thomas, Chang, Abner, Yao, Ken, devel
Cc: Roth, Michael, Attar, AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm,
Leif Lindholm
[-- Attachment #1: Type: text/plain, Size: 9831 bytes --]
[AMD Official Use Only - General]
Thanks Duke.
Hi Thomas,
PATCH1/2 still cannot be checked in because today’s VanGoghBoard is based off EDK2_202208. Please hold on this PATCH check in.
Added my comments below.
Thanks,
Eric
> -----Original Message-----
> From: Zhai, MingXin (Duke) <duke.zhai@amd.com>
> Sent: Friday, April 19, 2024 3:06 PM
> To: Lendacky, Thomas <Thomas.Lendacky@amd.com>; Xing, Eric
> <Eric.Xing@amd.com>; Chang, Abner <Abner.Chang@amd.com>; Yao, Ken
> <Ken.Yao@amd.com>; devel@edk2.groups.io
> Cc: Roth, Michael <Michael.Roth@amd.com>; Attar, AbdulLateef (Abdul
> Lateef) <AbdulLateef.Attar@amd.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Gerd Hoffmann <kraxel@redhat.com>; Min
> Xu <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Leif
> Lindholm <quic_llindhol@quicinc.com>
> Subject: RE: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
> files
>
> [AMD Official Use Only - General]
>
> Hi Thomas,
>
> Yes, I agree with your opinion, edk2-platforms should be able to build
> against the latest edk2 repo. That is why we plan to update VanGoghBoard to
> support latest EDK2, In fact we are doing QA testing.
[Xing, Eric] It is incorrect for edk2-platforms board code. We will not verify edk2-platform build test with latest edk2. See my comments below.
> I think every change on VanGoghBoard need ensure system can works
> properly. But if I apply this patch and use the latest EDK2 version to build, it
> will encounter error because it requires other code changes(Such as including
> new libraries).
> So my point is, Let me upload VanGoghBoard related changes after passing
> full QA testing.
>
>
> Thanks!
>
> -----Original Message-----
> From: Lendacky, Thomas <Thomas.Lendacky@amd.com<mailto:Thomas.Lendacky@amd.com>>
> Sent: Friday, April 19, 2024 12:03 AM
> To: Zhai, MingXin (Duke) <duke.zhai@amd.com<mailto:duke.zhai@amd.com>>; Xing, Eric
> <Eric.Xing@amd.com<mailto:Eric.Xing@amd.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Yao, Ken
> <Ken.Yao@amd.com<mailto:Ken.Yao@amd.com>>
> Cc: Roth, Michael <Michael.Roth@amd.com<mailto:Michael.Roth@amd.com>>; Attar, AbdulLateef (Abdul
> Lateef) <AbdulLateef.Attar@amd.com<mailto:AbdulLateef.Attar@amd.com>>
> Subject: Re: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
> files
>
> On 4/18/24 05:02, Zhai, MingXin (Duke) wrote:
> > [AMD Official Use Only - General]
> >
> > Hi Thomas,
> >
> > this patch looks like for newer EDK2 codebase, but VanGoghBoard is based
> on EDK2_202208 now, and will encounter build issues if this patch is applied.
> > We have plans to update the EDK2 codebase to EDK2_202402. So I thought
> > it would be better to add this change when we update the EDK2 code
> > base😊
>
> I thought the latest edk2-platforms repo was supposed to be able to build
> against the latest edk2 repo.
[Xing, Eric] No. It will easily impact edk2-platforms BIOS if we pull in the latest edk2 repo. So, edk2-platforms will pull in a stable edk2 tag instead of latest edk2 repo.
>If your VanGoghBoard is based on a particular
> edk2 tag, then you should probably have a tag in edk2-platforms so that you
> can have a version of the edk2-platform code that works with a version of
> the edk2 code, no?
[Xing, Eric] I don’t think we will create tag for VanGoghBoard. Instead, we will have user guide/readme to let user know which EDK2 tag is supported in current board code.
The board code owner can decide when to update edk2 kernel and which Tage. I think it is the same for ALL board code, not only VanGoghBoard.
>
> Why is this a private email? This discussion should be on the list so that the
> maintainer(s) can decide what to do based on the discussion.
>
> Thanks,
> Tom
>
> >
> >
> > Thanks!
> >
> > -----Original Message-----
> > From: Xing, Eric <Eric.Xing@amd.com<mailto:Eric.Xing@amd.com>>
> > Sent: Thursday, April 18, 2024 9:54 AM
> > To: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Lendacky, Thomas
> > <Thomas.Lendacky@amd.com<mailto:Thomas.Lendacky@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Zhai, MingXin
> (Duke)
> > <duke.zhai@amd.com<mailto:duke.zhai@amd.com>>; Yao, Ken <Ken.Yao@amd.com<mailto:Ken.Yao@amd.com>>
> > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Gerd Hoffmann
> > <kraxel@redhat.com<mailto:kraxel@redhat.com>>; Roth, Michael <Michael.Roth@amd.com<mailto:Michael.Roth@amd.com>>; Min Xu
> > <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <quic_llindhol@quicinc.com<mailto:quic_llindhol@quicinc.com>>;
> > Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Attar, AbdulLateef
> > (Abdul Lateef) <AbdulLateef.Attar@amd.com<mailto:AbdulLateef.Attar@amd.com>>
> > Subject: RE: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
> > files
> >
> > [AMD Official Use Only - General]
> >
> > Thanks Thomas and Abner.
> > Reviewed-by: <eric.xing@amd.com<mailto:eric.xing@amd.com>>
> >
> > For up-stream, please let us verify it first:
> > @Zhai, MingXin (Duke), Duke, please help verify this change on Chachani
> Board and feedback.
> >
> > Thanks,
> > Eric
> >
> >> -----Original Message-----
> >> From: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>
> >> Sent: Thursday, April 18, 2024 8:59 AM
> >> To: Lendacky, Thomas <Thomas.Lendacky@amd.com<mailto:Thomas.Lendacky@amd.com>>;
> devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> >> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Gerd Hoffmann
> >> <kraxel@redhat.com<mailto:kraxel@redhat.com>>; Roth, Michael <Michael.Roth@amd.com<mailto:Michael.Roth@amd.com>>; Min Xu
> >> <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <quic_llindhol@quicinc.com<mailto:quic_llindhol@quicinc.com>>;
> >> Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Attar, AbdulLateef
> >> (Abdul
> >> Lateef) <AbdulLateef.Attar@amd.com<mailto:AbdulLateef.Attar@amd.com>>; Xing, Eric <Eric.Xing@amd.com<mailto:Eric.Xing@amd.com>>
> >> Subject: RE: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required
> DSC
> >> files
> >>
> >> [AMD Official Use Only - General]
> >>
> >> Reviewed-by: <abner.chang@amd.com<mailto:abner.chang@amd.com>>
> >>
> >> Thanks
> >>
> >>> -----Original Message-----
> >>> From: Lendacky, Thomas <Thomas.Lendacky@amd.com<mailto:Thomas.Lendacky@amd.com>>
> >>> Sent: Monday, April 15, 2024 11:01 PM
> >>> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> >>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Gerd Hoffmann
> >>> <kraxel@redhat.com<mailto:kraxel@redhat.com>>; Roth, Michael <Michael.Roth@amd.com<mailto:Michael.Roth@amd.com>>; Min
> Xu
> >>> <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <quic_llindhol@quicinc.com<mailto:quic_llindhol@quicinc.com>>;
> >>> Michael D Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Chang, Abner
> >>> <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Attar, AbdulLateef (Abdul Lateef)
> >>> <AbdulLateef.Attar@amd.com<mailto:AbdulLateef.Attar@amd.com>>; Xing, Eric <Eric.Xing@amd.com<mailto:Eric.Xing@amd.com>>
> >>> Subject: [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC
> >>> files
> >>>
> >>> Any DSC file that uses the UefiCpuPkg MpInitLib library now requires
> >>> the AmdSvsmLib library. Update the DSC files to include the
> >>> AmdSvsmLib NULL library implementation. Also, fix the specification
> >>> of VmgExitLib as it was renamed to CcExitLib.
> >>>
> >>> Cc: Abner Chang <abner.chang@amd.com<mailto:abner.chang@amd.com>>
> >>> Cc: Abdul Lateef Attar <abdattar@amd.com<mailto:abdattar@amd.com>>
> >>> Cc: Eric Xing <eric.xing@amd.com<mailto:eric.xing@amd.com>>
> >>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com<mailto:thomas.lendacky@amd.com>>
> >>> ---
> >>> Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc | 3 ++-
> >>> 1 file changed, 2 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git
> a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> >>> b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> >>> index 20f06dd851..e478e0b0c2 100644
> >>> --- a/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> >>> +++ b/Platform/AMD/VanGoghBoard/ChachaniBoardPkg/Project.dsc
> >>> @@ -371,7 +371,8 @@
> >>>
> >>> [LibraryClasses.common]
> >>>
> >>> RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilte
> >>> RegisterFilterLib|rL
> >>> RegisterFilterLib|ibNull.inf
> >>> - VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
> >>> + CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> >>> +
> AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
> >>>
> >>> [PcdsFixedAtBuild]
> >>>
> >>
> gEfiAmdAgesaPkgTokenSpaceGuid.PcdFchOemBeforePciRestoreSwSmi|0xE
> A
> >>> --
> >>> 2.43.2
> >>
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118009): https://edk2.groups.io/g/devel/message/118009
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 22691 bytes --]
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 8:10 ` Xing, Eric via groups.io
@ 2024-04-19 8:26 ` Ard Biesheuvel
2024-04-19 9:06 ` Xing, Eric via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Ard Biesheuvel @ 2024-04-19 8:26 UTC (permalink / raw)
To: devel, eric.xing
Cc: Zhai, MingXin (Duke),
Lendacky, Thomas, Chang, Abner, Yao, Ken, Roth, Michael, Attar,
AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm
On Fri, 19 Apr 2024 at 10:10, Xing, Eric via groups.io
<eric.xing=amd.com@groups.io> wrote:
>
> [AMD Official Use Only - General]
>
>
> Thanks Duke.
>
>
>
> Hi Thomas,
>
>
>
> PATCH1/2 still cannot be checked in because today’s VanGoghBoard is based off EDK2_202208. Please hold on this PATCH check in.
>
>
Apologies, but I already merged this patch two days ago.
edk2-platforms should build in combination with edk2. If your platform
has other dependencies that are not in edk2, edk2-platforms or
edk2-non-osi, please host and maintain the platform elsewhere.
I also noticed that
Platform/AMD/VanGoghBoard/ChachaniBoardPkg/build.sh requires that the
various repo checkouts are inside the workspace, but the BaseTools
don't actually require this. Personally, I use
$HOME/edk2-workspace for the builds
$HOME/edk2
$HOME/edk2-platforms
$HOME/edk2-non-osi
for the checkouts, which keeps things separate, and allow me to wipe
the workspace entirely without touching the repos.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118010): https://edk2.groups.io/g/devel/message/118010
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 8:26 ` Ard Biesheuvel
@ 2024-04-19 9:06 ` Xing, Eric via groups.io
2024-04-19 9:25 ` Ard Biesheuvel
0 siblings, 1 reply; 57+ messages in thread
From: Xing, Eric via groups.io @ 2024-04-19 9:06 UTC (permalink / raw)
To: Ard Biesheuvel, devel
Cc: Zhai, MingXin (Duke),
Lendacky, Thomas, Chang, Abner, Yao, Ken, Roth, Michael, Attar,
AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm
[AMD Official Use Only - General]
Hi Ard,
This checkin causes VanGoghBoard build fail now. Would you help revert it?
I will merge PATCH to VanGoghBoard after the code review process done and code changes are verified pass on real board.
Thanks,
Eric
> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Friday, April 19, 2024 4:27 PM
> To: devel@edk2.groups.io; Xing, Eric <Eric.Xing@amd.com>
> Cc: Zhai, MingXin (Duke) <duke.zhai@amd.com>; Lendacky, Thomas
> <Thomas.Lendacky@amd.com>; Chang, Abner <Abner.Chang@amd.com>;
> Yao, Ken <Ken.Yao@amd.com>; Roth, Michael <Michael.Roth@amd.com>;
> Attar, AbdulLateef (Abdul Lateef) <AbdulLateef.Attar@amd.com>; Ard
> Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann
> <kraxel@redhat.com>; Min Xu <min.m.xu@intel.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>
> Subject: Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to
> required DSC files
>
> Caution: This message originated from an External Source. Use proper
> caution when opening attachments, clicking links, or responding.
>
>
> On Fri, 19 Apr 2024 at 10:10, Xing, Eric via groups.io
> <eric.xing=amd.com@groups.io> wrote:
> >
> > [AMD Official Use Only - General]
> >
> >
> > Thanks Duke.
> >
> >
> >
> > Hi Thomas,
> >
> >
> >
> > PATCH1/2 still cannot be checked in because today’s VanGoghBoard is
> based off EDK2_202208. Please hold on this PATCH check in.
> >
> >
>
> Apologies, but I already merged this patch two days ago.
>
> edk2-platforms should build in combination with edk2. If your platform has
> other dependencies that are not in edk2, edk2-platforms or edk2-non-osi,
> please host and maintain the platform elsewhere.
>
> I also noticed that
> Platform/AMD/VanGoghBoard/ChachaniBoardPkg/build.sh requires that the
> various repo checkouts are inside the workspace, but the BaseTools don't
> actually require this. Personally, I use
>
> $HOME/edk2-workspace for the builds
>
> $HOME/edk2
> $HOME/edk2-platforms
> $HOME/edk2-non-osi
>
> for the checkouts, which keeps things separate, and allow me to wipe the
> workspace entirely without touching the repos.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118014): https://edk2.groups.io/g/devel/message/118014
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 9:06 ` Xing, Eric via groups.io
@ 2024-04-19 9:25 ` Ard Biesheuvel
2024-04-19 11:32 ` Xing, Eric via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Ard Biesheuvel @ 2024-04-19 9:25 UTC (permalink / raw)
To: Xing, Eric
Cc: devel, Zhai, MingXin (Duke),
Lendacky, Thomas, Chang, Abner, Yao, Ken, Roth, Michael, Attar,
AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm
On Fri, 19 Apr 2024 at 11:06, Xing, Eric <Eric.Xing@amd.com> wrote:
>
> [AMD Official Use Only - General]
>
> Hi Ard,
>
> This checkin causes VanGoghBoard build fail now. Would you help revert it?
> I will merge PATCH to VanGoghBoard after the code review process done and code changes are verified pass on real board.
>
Please provide a solution instead that makes upstream edk2 work with
upstream edk2-platforms.
For downstream builds, you can combine the old EDK2_202208 with an
older checkout of edk2-platforms, right?
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118015): https://edk2.groups.io/g/devel/message/118015
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 9:25 ` Ard Biesheuvel
@ 2024-04-19 11:32 ` Xing, Eric via groups.io
2024-04-19 13:00 ` Chang, Abner via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Xing, Eric via groups.io @ 2024-04-19 11:32 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: devel, Zhai, MingXin (Duke),
Lendacky, Thomas, Chang, Abner, Yao, Ken, Roth, Michael, Attar,
AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm
[AMD Official Use Only - General]
Hi Ard,
Agree with you, reverting code looks not a good way now. We will think about new method to resolve this issue. Just need a bit more time and I will hold on checking in code to VanGoghBoard before it.
Thanks again for your suggestion and help us improve code in VanGoghBoard.
Thanks,
Eric
> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Friday, April 19, 2024 5:25 PM
> To: Xing, Eric <Eric.Xing@amd.com>
> Cc: devel@edk2.groups.io; Zhai, MingXin (Duke) <duke.zhai@amd.com>;
> Lendacky, Thomas <Thomas.Lendacky@amd.com>; Chang, Abner
> <Abner.Chang@amd.com>; Yao, Ken <Ken.Yao@amd.com>; Roth, Michael
> <Michael.Roth@amd.com>; Attar, AbdulLateef (Abdul Lateef)
> <AbdulLateef.Attar@amd.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Gerd Hoffmann <kraxel@redhat.com>; Min
> Xu <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>
> Subject: Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to
> required DSC files
>
> Caution: This message originated from an External Source. Use proper
> caution when opening attachments, clicking links, or responding.
>
>
> On Fri, 19 Apr 2024 at 11:06, Xing, Eric <Eric.Xing@amd.com> wrote:
> >
> > [AMD Official Use Only - General]
> >
> > Hi Ard,
> >
> > This checkin causes VanGoghBoard build fail now. Would you help revert it?
> > I will merge PATCH to VanGoghBoard after the code review process done
> and code changes are verified pass on real board.
> >
>
> Please provide a solution instead that makes upstream edk2 work with
> upstream edk2-platforms.
>
> For downstream builds, you can combine the old EDK2_202208 with an older
> checkout of edk2-platforms, right?
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118019): https://edk2.groups.io/g/devel/message/118019
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 11:32 ` Xing, Eric via groups.io
@ 2024-04-19 13:00 ` Chang, Abner via groups.io
2024-04-19 14:11 ` Ard Biesheuvel
0 siblings, 1 reply; 57+ messages in thread
From: Chang, Abner via groups.io @ 2024-04-19 13:00 UTC (permalink / raw)
To: Xing, Eric, Ard Biesheuvel
Cc: devel, Zhai, MingXin (Duke),
Lendacky, Thomas, Yao, Ken, Roth, Michael, Attar,
AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm
[AMD Official Use Only - General]
I guess my RB misled contributors thought the patch is good to merge. However, I was thinking Eric's team should give the final RB after the validation as they are the maintainers for the subordinate VanGoghBoard platform. Suppose the impacted packages should be built successfully with the patches applied, as this is considered the base requirement of the code change. Nevertheless, the special build sauce for VanGoghBoard may be not easy for contributors to verify the build.
Eric, I have few suggestions for this failure, for the short term, you can commit another change to remove this change, as the build failure has impacts on our customer support. You can decide to recover this or not depends on your business requirement.
For the long term, besides of code base upgrade, we could consider to revise VanGoghBoard to use native edk2 build script. Maybe we can leverage prebuild mechanism to cover the platform specific build requirements.
Thanks
Abner
> -----Original Message-----
> From: Xing, Eric <Eric.Xing@amd.com>
> Sent: Friday, April 19, 2024 7:32 PM
> To: Ard Biesheuvel <ardb@kernel.org>
> Cc: devel@edk2.groups.io; Zhai, MingXin (Duke) <duke.zhai@amd.com>;
> Lendacky, Thomas <Thomas.Lendacky@amd.com>; Chang, Abner
> <Abner.Chang@amd.com>; Yao, Ken <Ken.Yao@amd.com>; Roth, Michael
> <Michael.Roth@amd.com>; Attar, AbdulLateef (Abdul Lateef)
> <AbdulLateef.Attar@amd.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Gerd Hoffmann <kraxel@redhat.com>; Min Xu <min.m.xu@intel.com>; Leif
> Lindholm <quic_llindhol@quicinc.com>
> Subject: RE: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to
> required DSC files
>
> [AMD Official Use Only - General]
>
> Hi Ard,
>
> Agree with you, reverting code looks not a good way now. We will think about
> new method to resolve this issue. Just need a bit more time and I will hold on
> checking in code to VanGoghBoard before it.
> Thanks again for your suggestion and help us improve code in VanGoghBoard.
>
> Thanks,
> Eric
>
>
> > -----Original Message-----
> > From: Ard Biesheuvel <ardb@kernel.org>
> > Sent: Friday, April 19, 2024 5:25 PM
> > To: Xing, Eric <Eric.Xing@amd.com>
> > Cc: devel@edk2.groups.io; Zhai, MingXin (Duke) <duke.zhai@amd.com>;
> > Lendacky, Thomas <Thomas.Lendacky@amd.com>; Chang, Abner
> > <Abner.Chang@amd.com>; Yao, Ken <Ken.Yao@amd.com>; Roth, Michael
> > <Michael.Roth@amd.com>; Attar, AbdulLateef (Abdul Lateef)
> > <AbdulLateef.Attar@amd.com>; Ard Biesheuvel
> > <ardb+tianocore@kernel.org>; Gerd Hoffmann <kraxel@redhat.com>; Min
> > Xu <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>
> > Subject: Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to
> > required DSC files
> >
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > On Fri, 19 Apr 2024 at 11:06, Xing, Eric <Eric.Xing@amd.com> wrote:
> > >
> > > [AMD Official Use Only - General]
> > >
> > > Hi Ard,
> > >
> > > This checkin causes VanGoghBoard build fail now. Would you help revert it?
> > > I will merge PATCH to VanGoghBoard after the code review process done
> > and code changes are verified pass on real board.
> > >
> >
> > Please provide a solution instead that makes upstream edk2 work with
> > upstream edk2-platforms.
> >
> > For downstream builds, you can combine the old EDK2_202208 with an older
> > checkout of edk2-platforms, right?
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118028): https://edk2.groups.io/g/devel/message/118028
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 13:00 ` Chang, Abner via groups.io
@ 2024-04-19 14:11 ` Ard Biesheuvel
2024-04-21 15:16 ` Xing, Eric via groups.io
0 siblings, 1 reply; 57+ messages in thread
From: Ard Biesheuvel @ 2024-04-19 14:11 UTC (permalink / raw)
To: Chang, Abner
Cc: Xing, Eric, devel, Zhai, MingXin (Duke),
Lendacky, Thomas, Yao, Ken, Roth, Michael, Attar,
AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm
On Fri, 19 Apr 2024 at 15:00, Chang, Abner <Abner.Chang@amd.com> wrote:
>
> [AMD Official Use Only - General]
>
> I guess my RB misled contributors thought the patch is good to merge. However, I was thinking Eric's team should give the final RB after the validation as they are the maintainers for the subordinate VanGoghBoard platform. Suppose the impacted packages should be built successfully with the patches applied, as this is considered the base requirement of the code change. Nevertheless, the special build sauce for VanGoghBoard may be not easy for contributors to verify the build.
>
> Eric, I have few suggestions for this failure, for the short term, you can commit another change to remove this change, as the build failure has impacts on our customer support. You can decide to recover this or not depends on your business requirement.
Keeping edk2-platforms synced with edk2 is already complicated enough.
So I object to changes to retain compatibility with downstream forks
of EDK2. Surely, you are not telling your customers to use EDK202208
with whatever the top-of-tree of edk2-platforms is at any given
moment?
In any case, if upstream edk2 is important to you, please fix the
current situation in edk2 first. If it is not important to you, I
don't see a reason to revert anything, and you can fix it in your
downstream.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118029): https://edk2.groups.io/g/devel/message/118029
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files
2024-04-19 14:11 ` Ard Biesheuvel
@ 2024-04-21 15:16 ` Xing, Eric via groups.io
0 siblings, 0 replies; 57+ messages in thread
From: Xing, Eric via groups.io @ 2024-04-21 15:16 UTC (permalink / raw)
To: Ard Biesheuvel, Chang, Abner
Cc: devel, Zhai, MingXin (Duke),
Lendacky, Thomas, Yao, Ken, Roth, Michael, Attar,
AbdulLateef (Abdul Lateef),
Ard Biesheuvel, Gerd Hoffmann, Min Xu, Leif Lindholm
[AMD Official Use Only - General]
Hi Ard,
Please let me merge VangoGh board code next time after we finished the review process and build/verification test since I am maintainer and responsible for Vangogh Board platform code.
I will discuss it inside AMD to how to resolve current Platform/AMD/VanGoghBoard platform code build fail issue and reduce customer impact.
I will also discuss with Abner and other AMD reviewers to make a solution we want to move on.
Thanks,
Eric
> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Friday, April 19, 2024 10:12 PM
> To: Chang, Abner <Abner.Chang@amd.com>
> Cc: Xing, Eric <Eric.Xing@amd.com>; devel@edk2.groups.io; Zhai, MingXin
> (Duke) <duke.zhai@amd.com>; Lendacky, Thomas
> <Thomas.Lendacky@amd.com>; Yao, Ken <Ken.Yao@amd.com>; Roth,
> Michael <Michael.Roth@amd.com>; Attar, AbdulLateef (Abdul Lateef)
> <AbdulLateef.Attar@amd.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Gerd Hoffmann <kraxel@redhat.com>; Min
> Xu <min.m.xu@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>
> Subject: Re: [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to
> required DSC files
>
> Caution: This message originated from an External Source. Use proper
> caution when opening attachments, clicking links, or responding.
>
>
> On Fri, 19 Apr 2024 at 15:00, Chang, Abner <Abner.Chang@amd.com> wrote:
> >
> > [AMD Official Use Only - General]
> >
> > I guess my RB misled contributors thought the patch is good to merge.
> However, I was thinking Eric's team should give the final RB after the
> validation as they are the maintainers for the subordinate VanGoghBoard
> platform. Suppose the impacted packages should be built successfully with
> the patches applied, as this is considered the base requirement of the code
> change. Nevertheless, the special build sauce for VanGoghBoard may be not
> easy for contributors to verify the build.
> >
> > Eric, I have few suggestions for this failure, for the short term, you can
> commit another change to remove this change, as the build failure has
> impacts on our customer support. You can decide to recover this or not
> depends on your business requirement.
>
> Keeping edk2-platforms synced with edk2 is already complicated enough.
> So I object to changes to retain compatibility with downstream forks of EDK2.
> Surely, you are not telling your customers to use EDK202208 with whatever
> the top-of-tree of edk2-platforms is at any given moment?
>
> In any case, if upstream edk2 is important to you, please fix the current
> situation in edk2 first. If it is not important to you, I don't see a reason to
> revert anything, and you can fix it in your downstream.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118055): https://edk2.groups.io/g/devel/message/118055
Mute This Topic: https://groups.io/mt/105537744/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM
[not found] <17BAD3BB1C3BF368.2608@groups.io>
@ 2024-03-08 16:10 ` Lendacky, Thomas via groups.io
0 siblings, 0 replies; 57+ messages in thread
From: Lendacky, Thomas via groups.io @ 2024-03-08 16:10 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Erdem Aktas, Gerd Hoffmann, Jiewen Yao,
Laszlo Ersek, Liming Gao, Michael D Kinney, Min Xu, Zhiguang Liu,
Rahul Kumar, Ray Ni, Michael Roth, Anatol Belski, Anthony Perard,
Corvin Köhne, Gua Guo, Guo Dong, James Lu, Jianyong Wu,
Rebecca Cran, Sean Rhodes
On 3/8/24 09:30, Lendacky, Thomas via groups.io wrote:
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
>
> This series adds SEV-SNP support for running OVMF under an Secure VM
> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> By running at a less priviledged VMPL, the SVSM can be used to provide
> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> confidential VM (CVM) rather than trust such services from the hypervisor.
>
> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are
> certain SNP related operations that require that VMPL level. Specifically,
> the PVALIDATE instruction and the RMPADJUST instruction when setting the
> the VMSA attribute of a page (used when starting APs).
>
> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> use an SVSM (which is running at VMPL0) to perform the operations that
> it is no longer able to perform.
>
> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that
> it will be starting. As a result, the GHCB APIC ID retrieval action must
> be performed. Since this service can also work with SEV-SNP running at
> VMPL0, the patches to make use of this feature are near the beginning of
> the series.
>
> How OVMF interacts with and uses the SVSM is documented in the SVSM
> specification [1] and the GHCB specification [2].
>
> This support creates a new AmdSvsmLib library that is used by MpInitLib.
> The edk2-platforms repo requires updates/patches to add the new library
> requirement. To accomodate that, this series could be split between:
>
> patch number 12:
> UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
>
> and patch number 13:
> UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
>
> The updates to edk2-platforms can be applied at the split.
I have the edk2-platforms patch series prepared but will hold off on
sending until this series settles and is ready to merge.
Thanks,
Tom
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116551): https://edk2.groups.io/g/devel/message/116551
Mute This Topic: https://groups.io/mt/104810672/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 57+ messages in thread
end of thread, other threads:[~2024-04-21 15:16 UTC | newest]
Thread overview: 57+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 01/24] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 02/24] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present Lendacky, Thomas via groups.io
2024-04-03 7:07 ` Ni, Ray
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 04/24] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 05/24] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 06/24] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
2024-03-14 10:42 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-03-14 10:43 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 09/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 10/24] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 11/24] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
2024-04-03 7:06 ` Ni, Ray
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
2024-04-12 18:43 ` Guo Dong
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-03-14 10:39 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
2024-03-14 9:34 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-04-03 7:05 ` Ni, Ray
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
2024-03-14 10:40 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 18/24] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 19/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 20/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 21/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 22/24] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 23/24] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
2024-03-08 15:33 ` [edk2-devel] [PATCH v3 24/24] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-03-26 18:34 ` [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-04-02 18:16 ` Lendacky, Thomas via groups.io
2024-04-03 7:09 ` Ni, Ray
2024-04-03 15:03 ` Lendacky, Thomas via groups.io
[not found] ` <17C28950368F582E.9676@groups.io>
2024-04-12 14:02 ` Lendacky, Thomas via groups.io
2024-04-12 15:05 ` Ard Biesheuvel
2024-04-12 15:14 ` Lendacky, Thomas via groups.io
2024-04-16 8:41 ` Ard Biesheuvel
2024-04-15 15:01 ` [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library Lendacky, Thomas via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files Lendacky, Thomas via groups.io
2024-04-18 0:59 ` Chang, Abner via groups.io
2024-04-18 1:53 ` Xing, Eric via groups.io
[not found] ` <DS0PR12MB9445C820230BA65D290D6451F60E2@DS0PR12MB9445.namprd12.prod.outlook.com>
[not found] ` <fc020d25-6afa-8dcb-0b19-397b075be4e6@amd.com>
2024-04-19 7:05 ` Zhai, MingXin (Duke) via groups.io
2024-04-19 8:10 ` Xing, Eric via groups.io
2024-04-19 8:26 ` Ard Biesheuvel
2024-04-19 9:06 ` Xing, Eric via groups.io
2024-04-19 9:25 ` Ard Biesheuvel
2024-04-19 11:32 ` Xing, Eric via groups.io
2024-04-19 13:00 ` Chang, Abner via groups.io
2024-04-19 14:11 ` Ard Biesheuvel
2024-04-21 15:16 ` Xing, Eric via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 2/2] Platform/Intel: " Lendacky, Thomas via groups.io
[not found] <17BAD3BB1C3BF368.2608@groups.io>
2024-03-08 16:10 ` [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox