From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124])
 by mx.groups.io with SMTP id smtpd.web10.9520.1607053815734683963
 for <devel@edk2.groups.io>;
 Thu, 03 Dec 2020 19:50:15 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SU7k+wY0;
 spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1607053814;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=FQzjIrVW1AQgau2zSwB/HdAigWt1S0DgE0l73Qg9WXA=;
	b=SU7k+wY09LRXdG5OBPLB+i+NSFNrCuxUPuTej8LYDwHHG/dVsMuENW50X06dwK4SFbTyJk
	Ia8GYvu9nYmfNeUAZ6IbAU/o4hnbG4lZjHYL9opMsuIlWJBIR0o2jxM/+9YiI7u2QVXdrI
	5+4OoLDzE34/QXsnv3ggGvacu5dDfSc=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-12-YQZyy5OlMLq4g9hRP2Kkgw-1; Thu, 03 Dec 2020 22:50:11 -0500
X-MC-Unique: YQZyy5OlMLq4g9hRP2Kkgw-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 47DDF107ACE8;
	Fri,  4 Dec 2020 03:50:09 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-157.ams2.redhat.com [10.36.114.157])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C6B9D60854;
	Fri,  4 Dec 2020 03:50:06 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v3 0/3] SEV Page Encryption Bitmap support for OVMF.
To: devel@edk2.groups.io, ashish.kalra@amd.com
Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com,
 Jon.Grimm@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com,
 frankeh@us.ibm.com, dgilbert@redhat.com, jordan.l.justen@intel.com,
 ard.biesheuvel@arm.com
References: <cover.1607038824.git.ashish.kalra@amd.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <6f1ebc14-879d-53fd-74f9-0085d869f090@redhat.com>
Date: Fri, 4 Dec 2020 04:50:05 +0100
MIME-Version: 1.0
In-Reply-To: <cover.1607038824.git.ashish.kalra@amd.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 12/04/20 01:03, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@amd.com>
> 
> By default all the SEV guest memory regions are considered encrypted,
> if a guest changes the encryption attribute of the page (e.g mark a
> page as decrypted) then notify hypervisor. Hypervisor will need to
> track the unencrypted pages. The information will be used during
> guest live migration, guest page migration and guest debugging.
> 
> The patch-set also adds a new SEV and SEV-ES hypercall abstraction
> library to support SEV Page encryption/decryption status hypercalls
> for SEV and SEV-ES guests.
> 
> BaseMemEncryptSevLib invokes hypercalls via this new hypercall library.
> 
> A branch containing these patches is available here:
> https://github.com/ashkalra/edk2/tree/sev_page_encryption_bitmap_v3
> 
> Changes since v2:
>  - GHCB_BASE setup during reset-vector as decrypted is marked explicitly
>    in the hypervisor page encryption bitmap after setting the 
>    PcdSevEsIsEnabled PCD.
> 
> Changes since v1:
>  - Mark GHCB_BASE setup during reset-vector as decrypted explicitly in
>    the hypervisor page encryption bitmap.
>  - Resending the series with correct shallow threading.
> 
> Ashish Kalra (2):
>   OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls.
>   OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap.
> 
> Brijesh Singh (1):
>   OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall
> 
>  .../Include/Library/MemEncryptHypercallLib.h  |  37 ++++++
>  .../BaseMemEncryptSevLib.inf                  |   1 +
>  .../BaseMemEncryptSevLib/X64/VirtualMemory.c  |  18 +++
>  .../MemEncryptHypercallLib.c                  | 105 ++++++++++++++++++
>  .../MemEncryptHypercallLib.inf                |  39 +++++++
>  .../X64/AsmHelperStub.nasm                    |  39 +++++++
>  OvmfPkg/OvmfPkgX64.dsc                        |   1 +
>  OvmfPkg/PlatformPei/AmdSev.c                  |  10 ++
>  8 files changed, 250 insertions(+)
>  create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h
>  create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c
>  create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
>  create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm
> 

I'll need some time to get to this series.

I'm fairly certain though, from a quick skim, that this series breaks
all DSC files under OvmfPkg except X64. Please fix that.

Thanks
Laszlo