From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
James Bottomley <jejb@linux.ibm.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: [PATCH v3 08/15] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range
Date: Thu, 7 Jan 2021 12:48:18 -0600 [thread overview]
Message-ID: <711ae2dcb6cb29e4c60862c18330cff627269b81.1610045305.git.thomas.lendacky@amd.com> (raw)
In-Reply-To: <cover.1610045305.git.thomas.lendacky@amd.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
The PCIe MMCONFIG range should be treated as an MMIO range. However,
there is a comment in the code explaining why AddIoMemoryBaseSizeHob()
is not called. The AmdSevDxe walks the GCD map looking for MemoryMappedIo
or NonExistent type memory and will clear the encryption bit for these
ranges.
Since the MMCONFIG range does not have one of these types, the encryption
bit is not cleared for this range. Add support to detect the presence of
the MMCONFIG range and clear the encryption bit. This will be needed for
follow-on support that will validate that MMIO is not being performed to
an encrypted address range under SEV-ES.
Even though the encryption bit was set for this range, this still worked
under both SEV and SEV-ES because the address range is marked by the
hypervisor as MMIO in the nested page tables:
- For SEV, access to this address range triggers a nested page fault (NPF)
and the hardware supplies the guest physical address (GPA) in the VMCB's
EXITINFO2 field as part of the exit information. However, the encryption
bit is not set in the GPA, so the hypervisor can process the request
without any issues.
- For SEV-ES, access to this address range triggers a #VC. Since OVMF runs
identity mapped (VA == PA), the virtual address is used to avoid the
lookup of the physical address. The virtual address does not have the
encryption bit set, so the hypervisor can process the request without
any issues.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 8 +++++++-
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 20 +++++++++++++++++++-
2 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index dd9ecc789a20..0676fcc5b6a4 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -2,7 +2,7 @@
#
# Driver clears the encryption attribute from MMIO regions when SEV is enabled
#
-# Copyright (c) 2017, AMD Inc. All rights reserved.<BR>
+# Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -39,3 +39,9 @@ [Depex]
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
+
+[FixedPcd]
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 595586617882..689bfb376d03 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -4,12 +4,13 @@
in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when SEV
is enabled.
- Copyright (c) 2017, AMD Inc. All rights reserved.<BR>
+ Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
+#include <IndustryStandard/Q35MchIch9.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
@@ -65,6 +66,23 @@ AmdSevDxeEntryPoint (
FreePool (AllDescMap);
}
+ //
+ // If PCI Express is enabled, the MMCONFIG area has been reserved, rather
+ // than marked as MMIO, and so the C-bit won't be cleared by the above walk
+ // through the GCD map. Check for the MMCONFIG area and clear the C-bit for
+ // the range.
+ //
+ if (PcdGet16 (PcdOvmfHostBridgePciDevId) == INTEL_Q35_MCH_DEVICE_ID) {
+ Status = MemEncryptSevClearPageEncMask (
+ 0,
+ FixedPcdGet64 (PcdPciExpressBaseAddress),
+ EFI_SIZE_TO_PAGES (SIZE_256MB),
+ FALSE
+ );
+
+ ASSERT_EFI_ERROR (Status);
+ }
+
//
// When SMM is enabled, clear the C-bit from SMM Saved State Area
//
--
2.30.0
next prev parent reply other threads:[~2021-01-07 18:50 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-07 18:48 [PATCH v3 00/15] SEV-ES security mitigations Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 01/15] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 02/15] OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 03/15] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 04/15] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 05/15] OvmfPkg/ResetVector: Save the encryption mask at boot time Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 06/15] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 07/15] OvmfPkg: Obtain SEV encryption mask with the new MemEncryptSevLib API Lendacky, Thomas
2021-01-07 18:48 ` Lendacky, Thomas [this message]
2021-01-07 18:48 ` [PATCH v3 09/15] OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 10/15] OvmfPkg/MemEncryptSevLib: Coding style fixes in prep for SEC library Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 11/15] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC Lendacky, Thomas
2021-01-07 19:08 ` [edk2-devel] " Laszlo Ersek
2021-01-07 18:48 ` [PATCH v3 12/15] OvmfPkg/MemEncryptSevLib: Address range encryption state interface Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 13/15] OvmfPkg/VmgExitLib: Support nested #VCs Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 14/15] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Lendacky, Thomas
2021-01-07 18:48 ` [PATCH v3 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory Lendacky, Thomas
2021-01-07 19:41 ` [edk2-devel] [PATCH v3 00/15] SEV-ES security mitigations Laszlo Ersek
2021-01-07 19:50 ` Lendacky, Thomas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=711ae2dcb6cb29e4c60862c18330cff627269b81.1610045305.git.thomas.lendacky@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox