From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.81]) by mx.groups.io with SMTP id smtpd.web10.19173.1627907595418748200 for ; Mon, 02 Aug 2021 05:33:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=ca1zADA/; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.96.81, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mdiIUuDrIphjSQfudK1wEAGav+32cVA3wpwm7mEk1y3xkERZYv+lIYTZZeZDuo/ekBr2rTgLtuhRw6IVqh3IipE2mdt9fEnI42O5zK97euOaMg6r2fzDlMs6PZYBhHdV6a/h3ZR21iZsE+e9Fmb88L5tLlpyGgrmlaYHwv9+RXx+dAHgcHm8TsuAmlr1nfCRZrWtXIKNVTzXcMh8uvUT+B0FqQMViQ0o2g0UQ+MJJ5dDPmIwbqFb1hVDV5Z0DU5JgvJyy/04256L3N80YOszS1MApiArn9c9na4ABtJk/wHLeK1wDEONxGki7aBONY5BHHnJBNDwIadBpkOqAxjT5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iSW7FhssemJySQFDeOkS69RYSbquqEk79caf/V+lVOc=; b=GXT9UNueWYIwu1DSFyIE6FzTPCFmlQIQrofuNkWrQLEMYlkGL+SFDZxdVP+13W7zQFJryqdaXPh2YdLbBb4axnSkGg3GK/+vNT8oqCk8UkVbtn3J/wDQRPfP57CDMrQZCfZPV6TDpdMDhhESClEOsBkXnAe9SpScGkIxcF7B6g0qDysMEFeToUA4sYpyhZ7Sv5spcgmZ/8AtkseMqiNtD6RQIU2UaYCXo4fqOvrI8+fZGetIXoFN1tb70Bxe5oWvzbRDBhnVgGeAgYFCZLKFYU89iMjEFWt6M2jBG3OymQtRqnTomTy/plViuN29cj6jPbMODqo2LxqxjsVGrCznFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iSW7FhssemJySQFDeOkS69RYSbquqEk79caf/V+lVOc=; b=ca1zADA/eVbvdihJ1hLRH+3+F7bS3ZJYPP9hiru1pq/xqqUnFvf3vUitEfRXKkT9tqpvlVIDHJSWRiM1qU+lKwBK7yznheFXDJpnMJLJI2BY2WqLPEgD+wOSeznDSx+rKE8uZiK+9B9UszY4P22c/LkER9MYXpVkP7im8VSlmGM= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2445.namprd12.prod.outlook.com (2603:10b6:802:31::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.25; Mon, 2 Aug 2021 12:33:12 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Mon, 2 Aug 2021 12:33:11 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [PATCH v6 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Date: Mon, 2 Aug 2021 12:33:00 +0000 Message-Id: <6a410c4d48bb9d9ea26e4fc590d831a1bf871098.1627906232.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0401CA0025.namprd04.prod.outlook.com (2603:10b6:803:2a::11) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0401CA0025.namprd04.prod.outlook.com (2603:10b6:803:2a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18 via Frontend Transport; Mon, 2 Aug 2021 12:33:11 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2a15808a-be2d-4d39-bc50-08d955b1b0f8 X-MS-TrafficTypeDiagnostic: SN1PR12MB2445: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IhXXKiR7P9JcfEAt309wO4HW3GaGswW+bFhuZ7uCMEzoFpWMBQekYyoKhYDjR29OFTmLXkwff0fO98Yx4RYapFwQTHwQKlSS8wVK3ajBPE6Na2a1GFq8M70KtP6slDrCUbbwPbLCgGNRdD/QHcLiKVBpJKf0QKoHrsCR2YH+k0LxRCFp/YwNj56DXpnOzp6pfYlSIhDT1QFxPVxR+j1e/OcEtVJ0UOzMG9VtMncZ2SHXKDzzH8B60We9l0j2hi69NX/LvgFHktRQ3lOQZbHqawbQ6zOWBRjLy43npVWrtciIkhWvGjD542Otv2SUCv9KbvV97+PmU4U/MjTzpc0cZEBJJKGENMQLL8mPFXevzMBboqyLOWTqJB4/fdzvqRxq6BFHTkQGxly81aL0yrh7J10djd9zkGKkOcFhC5ZMBSO1QEGeeAuuqg2EkMbjBqFMZ+8sdRv4SevqH7DdG3sZpz5Q3d8cNuC9WiWwXt8wwPRs7jY4cRZUOC9/0b5f1FdH+PdIeMdRRxjd5N/neSuI96RiDc/hyQgAiyu1GKB+2Xmzpzil9Rx8aemvGHpYDwmnCeiTgq39NLnDHStXLqc7x7PnWO6ftJd+S6Kd1zQOeLs96GRYGZjspTwVwEEZ+x3AA5x8TTVZh81cCBROBeaRHix3pN3Wgq+ffMIctFA7/OGG+1KlVwDUQCPNfxGylk2ZJcjJyS0x0yp7Egnj3Ek6XQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(396003)(376002)(366004)(39860400002)(346002)(956004)(6916009)(5660300002)(4326008)(316002)(7696005)(66946007)(66556008)(66476007)(6486002)(8676002)(478600001)(36756003)(19627235002)(86362001)(52116002)(8936002)(38100700002)(6666004)(38350700002)(2906002)(2616005)(186003)(26005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?wG2IONtqh8pvvI9LkpjAyZgM2WXMchAZJA84QZV2VI4ZTjRnQkfM50lyskYY?= =?us-ascii?Q?VCct8VENlBCTp0lZvSAAOGmIEbuOn/oRIJMu3ySVL0gGY8MMCB4I69q35tqZ?= =?us-ascii?Q?32BTJAdMW4jnOJEW1FKK+TlBR2ZtG0FQqQTtkxn/EtGntIdzR06k4CObMUcL?= =?us-ascii?Q?sxPu8I/csIIVHCYIlBWQ2t7xGEeNLuttcS3Sh0a8xJtJh/kxj4bUwog1f8T+?= =?us-ascii?Q?/WVccZJHIi7t/wBDKRgy0EzDx49AXBQAdeau2/IUwrcJIYin+IC2KgQ7PRe9?= =?us-ascii?Q?BL2ck0XTZRnkfjr3qfdcnWiKfsz9OMewBlqRUm+MenQmyMe+BaAIvnMJhAcD?= =?us-ascii?Q?zRuQteHsgwYL2SoDPIdOMfmce7DpudEtYFGzu6wjCqeGEUOj0k6kmxrwoG0x?= =?us-ascii?Q?UlM+HPB/XPMnsicNoS1lSzxepILDmWHn/1mV6pQRwF6r9jqxBw0F8szsY5qo?= =?us-ascii?Q?QNG1nlBQlN+XHOeJ3Cap/wLJWRL1TxY4pAKLUCAdsCPwwoDhWNMykjCClHXS?= =?us-ascii?Q?nqWk2gaaUI++9wwN07YL1d9U6iOM0IQX8iTPGVDOJdXkLcEgEm/F/AWytJdp?= =?us-ascii?Q?iuCkiylJSNa+2AX7xxYKX6yTUYaUPe1Dehmj/+1w0LucJYWFr1hW+QZs5QlF?= =?us-ascii?Q?fZLRE1wvo9Xw6FTIwj9lh3RuCOmKjKT4XmQRKJ7rvA5EtJi0C2oG9YDykQxR?= =?us-ascii?Q?Q0qJfy6B+UHTrdJ/qrVUZX/BlCwo8vAM9CcGjHh5l26R8Id6xtcrXjtNI85h?= =?us-ascii?Q?qSpebevBKbHjhpcb6gSlChrh843Xbe2PPL5a4ZB2L/PmOvWqr2i9OJQKwQZe?= =?us-ascii?Q?v3COG2I0JMiIYj1vaSbnJn6aiWysodE4MD+2dRkmBtVPDb074WAdDilAMJwW?= =?us-ascii?Q?sTFabPoScMatiwIsVpEyrgawwSb9t3lfR9bPXQ380tt5YkuFmD6QMz/fbM3H?= =?us-ascii?Q?ZQ6Ha9EvLztGbbt2VElga1L5IV0HgsoGE0I6elQTFUxfGZubKDofEPLMxPM7?= =?us-ascii?Q?nVY8N9OScZBFxZMngSebmoCtPRHzlZwFwPFOmJDgnvVGM0CnGZwkiKZERvAl?= =?us-ascii?Q?VA/fxpmdk+6oQ9+lDDqmZu7gtfPB0/m1pqaJpfTdGnOYpg5/OTsj8oQ7z7Ml?= =?us-ascii?Q?d9Arx0C4TvLSSY+Tll/q93qTXnEA1wE7GifoBm9O5bnfcvcoGFwqOEI/h5Ud?= =?us-ascii?Q?gxW6ZOd9bzSoJAV2dScQYUhgkDWLGxn7zJu3Z2ik0zAp9SVT26LOAk/unob3?= =?us-ascii?Q?qgVppypMHQq+drheFdr5PTueYYbtbNAxycO+w6qFm4CmzPU8blSrp1A6xkSq?= =?us-ascii?Q?panH6+DFazG9Xdqwm+EWPz8O?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2a15808a-be2d-4d39-bc50-08d955b1b0f8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Aug 2021 12:33:11.7798 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2RxdriGz3376AusaB3YDO18qf2WGycjTcKGLJZjbJpvTxpCT5AtOm3U23SdXO9j3bhDsUb/0sN7smeov8ntFJw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2445 Content-Type: text/plain From: Ashish Kalra Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor's guest page encryption state tracking. Cc: Jordan Justen Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..1d38056ec0 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -52,6 +52,17 @@ AmdSevEsInitialize ( PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + // + // The SEC Ghcb setup during reset-vector needs to be marked as + // decrypted in the hypervisor's guest page encryption state + // tracking. + // + SetMemoryEncDecHypercall3 ( + FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), + FALSE + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition -- 2.17.1