From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81]) by mx.groups.io with SMTP id smtpd.web10.9601.1580981386048303265 for ; Thu, 06 Feb 2020 01:29:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YoTfpSyW; spf=pass (domain: redhat.com, ip: 207.211.31.81, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580981385; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XQpygTjWArLmR9GDRhxWimyliETDQEZr8WACQ/vA9xw=; b=YoTfpSyW94S0pSWvPOlU6FcGzTlnSbo7/gMgPz/kyshsBvEqIC5rsRvnKLA1GzzzurC8xm iL3KxffUIARjAouvE2v021uPTbcJ6Wra7GewzmdcV6kNl9v3VQ1imfedl3DJUEyUbQFK5K VTopICDtyuo++yoM6U7QjPeosavcueg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-181-Dq5OlffZPXucUpwWEzbv3A-1; Thu, 06 Feb 2020 04:29:40 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C84B7101FC64; Thu, 6 Feb 2020 09:29:38 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-20.ams2.redhat.com [10.36.117.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 950B010018FF; Thu, 6 Feb 2020 09:29:36 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v4 38/40] OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh References: From: "Laszlo Ersek" Message-ID: <723be87c-dd70-17af-a6fd-8f45ce0b2e1e@redhat.com> Date: Thu, 6 Feb 2020 10:29:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: Dq5OlffZPXucUpwWEzbv3A-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 02/05/20 00:01, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > A hypervisor is not allowed to update an SEV-ES guest's register state, > so when booting an SEV-ES guest AP, the hypervisor is not allowed to > set the RIP to the guest requested value. Instead an SEV-ES AP must be > re-directed from within the guest to the actual requested staring location > as specified in the INIT-SIPI-SIPI sequence. > > Use the SEV-ES work area for the reset vector code that contains support > to jump to the desired RIP location after having been started. This is > required for only the very first AP reset. > > This new OVMF source file, ResetVectorVtf0.asm, is used in place of the > original file through the use of the include path order set in > OvmfPkg/ResetVector/ResetVector.inf under "[BuildOptions]". > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 100 +++++++++++++++++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 1 + > 2 files changed, 101 insertions(+) > create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > new file mode 100644 > index 000000000000..980e0138e7fe > --- /dev/null > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -0,0 +1,100 @@ > +;------------------------------------------------------------------------------ > +; @file > +; First code executed by processor after resetting. > +; Derived from UefiCpuPkg/ResetVector/Vtf0/Ia16/ResetVectorVtf0.asm > +; > +; Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
> +; SPDX-License-Identifier: BSD-2-Clause-Patent > +; > +;------------------------------------------------------------------------------ > + > +BITS 16 > + > +ALIGN 16 > + > +; > +; Pad the image size to 4k when page tables are in VTF0 > +; > +; If the VTF0 image has page tables built in, then we need to make > +; sure the end of VTF0 is 4k above where the page tables end. > +; > +; This is required so the page tables will be 4k aligned when VTF0 is > +; located just below 0x100000000 (4GB) in the firmware device. > +; > +%ifdef ALIGN_TOP_TO_4K_FOR_PAGING > + TIMES (0x1000 - ($ - EndOfPageTables) - 0x20) DB 0 > +%endif > + > +; > +; SEV-ES Processor Reset support > +; > +; sevEsResetBlock: > +; For the initial boot of an AP under SEV-ES, the "reset" RIP must be > +; programmed to the RAM area defined by SEV_ES_AP_RESET_IP. A known offset > +; and GUID will be used to locate this block in the firmware and extract > +; the build time RIP value. The GUID must always be 48 bytes from the > +; end of the firmware. > +; > +; 0xffffffca (-0x36) - IP value > +; 0xffffffcc (-0x34) - CS segment base [31:16] > +; 0xffffffce (-0x32) - Size of the SEV-ES reset block > +; 0xffffffd0 (-0x30) - SEV-ES reset block GUID > +; (00f771de-1a7e-4fcb-890e-68c77e2fb44e) > +; > +; A hypervisor reads the CS segement base and IP value. The CS segment base > +; value represents the high order 16-bits of the CS segment base, so the > +; hypervisor must left shift the value of the CS segement base by 16 bits to > +; form the full CS segment base for the CS segment register. It would then > +; program the EIP register with the IP value as read. > +; > + > +TIMES (32 - (sevEsResetBlockEnd - sevEsResetBlockStart)) DB 0 > + > +sevEsResetBlockStart: > + DD SEV_ES_AP_RESET_IP > + DW sevEsResetBlockEnd - sevEsResetBlockStart > + DB 0xDE, 0x71, 0xF7, 0x00, 0x7E, 0x1A, 0xCB, 0x4F > + DB 0x89, 0x0E, 0x68, 0xC7, 0x7E, 0x2F, 0xB4, 0x4E > +sevEsResetBlockEnd: > + > +ALIGN 16 > + > +applicationProcessorEntryPoint: > +; > +; Application Processors entry point > +; > +; GenFv generates code aligned on a 4k boundary which will jump to this > +; location. (0xffffffe0) This allows the Local APIC Startup IPI to be > +; used to wake up the application processors. > +; > + jmp EarlyApInitReal16 > + > +ALIGN 8 > + > + DD 0 > + > +; > +; The VTF signature > +; > +; VTF-0 means that the VTF (Volume Top File) code does not require > +; any fixups. > +; > +vtfSignature: > + DB 'V', 'T', 'F', 0 > + > +ALIGN 16 > + > +resetVector: > +; > +; Reset Vector > +; > +; This is where the processor will begin execution > +; > + nop > + nop > + jmp EarlyBspInitReal16 > + > +ALIGN 16 > + > +fourGigabytes: > + > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb > index 97e36ef591ab..12265e7746c1 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -82,5 +82,6 @@ > > %include "Main.asm" > > + %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) > %include "Ia16/ResetVectorVtf0.asm" > > Nice, thanks! Reviewed-by: Laszlo Ersek Laszlo