From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web12.46370.1590479646961417527 for ; Tue, 26 May 2020 00:54:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GOMDQxSR; spf=pass (domain: redhat.com, ip: 207.211.31.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590479646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=60yJY3K6CNEiM7YCS/yq6k6ZOgly6Jsi5odb2wrOU60=; b=GOMDQxSRCGozXl1mNAap6XF14NgDdsimEeuopZ+6NFVGiut17MnHykjCkyaBVwRVcDHHIB kkOHVabSAIJSwdG13hbnzI+zWhuOLUe0wj/5h7ATr4rRjAZ6lrDsvH1gXvsTrGxU1aeQw2 Wf65P0UPngMiN7ayj8taMDpSwTBwju4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-47-FOJTK0yWMPqfM2RjF7CKHA-1; Tue, 26 May 2020 03:53:56 -0400 X-MC-Unique: FOJTK0yWMPqfM2RjF7CKHA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D27018015CE; Tue, 26 May 2020 07:53:54 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-136.ams2.redhat.com [10.36.114.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 49F6A5D9E5; Tue, 26 May 2020 07:53:51 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v8 35/46] OvmfPkg/PlatformPei: Reserve SEV-ES work area if S3 is supported To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Ard Biesheuvel , Anthony Perard , Julien Grall References: From: "Laszlo Ersek" Message-ID: <726e7958-5f58-bcaf-353e-65d120af6227@redhat.com> Date: Tue, 26 May 2020 09:53:50 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 05/19/20 23:51, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Protect the SEV-ES work area memory used by an SEV-ES guest. > > Regarding the lifecycle of the SEV-ES memory area: > PcdSevEsWorkArea > > (a) when and how it is initialized after first boot of the VM > > If SEV-ES is enabled, the SEV-ES area is initialized during > the SEC phase [OvmfPkg/ResetVector/Ia32/PageTables64.asm]. > > (b) how it is protected from memory allocations during DXE > > If SEV-ES is enabled, then InitializeRamRegions() > [OvmfPkg/PlatformPei/MemDetect.c] protects the ranges with either > an AcpiNVS (S3 enabled) or BootServicesData (S3 disabled) memory > allocation HOB, in PEI. > > (c) how it is protected from the OS > > If S3 is enabled, then (b) reserves it from the OS too. > > If S3 is disabled, then the range needs no protection. > > (d) how it is accessed on the S3 resume path > > It is rewritten same as in (a), which is fine because (b) reserved it. > > (e) how it is accessed on the warm reset path > > It is rewritten same as in (a). > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Anthony Perard > Cc: Julien Grall > Signed-off-by: Tom Lendacky > --- > OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ > OvmfPkg/PlatformPei/MemDetect.c | 20 ++++++++++++++++++++ > 2 files changed, 22 insertions(+) > > diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf > index 4742e1bdf42b..c53be2f4925c 100644 > --- a/OvmfPkg/PlatformPei/PlatformPei.inf > +++ b/OvmfPkg/PlatformPei/PlatformPei.inf > @@ -118,6 +118,8 @@ [FixedPcd] > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData > + gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase > + gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize > > [FeaturePcd] > gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable > diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c > index 6b5fee166b5d..ffbbef891a11 100644 > --- a/OvmfPkg/PlatformPei/MemDetect.c > +++ b/OvmfPkg/PlatformPei/MemDetect.c > @@ -940,5 +940,25 @@ InitializeRamRegions ( > ); > } > } > + > +#ifdef MDE_CPU_X64 > + if (MemEncryptSevEsIsEnabled ()) { > + // > + // If SEV-ES is enabled, reserve the SEV-ES work area. > + // > + // Since this memory range will be used by the Reset Vector on S3 > + // resume, it must be reserved as ACPI NVS. > + // > + // If S3 is unsupported, then various drivers might still write to the > + // work area. We ought to prevent DXE from serving allocation requests > + // such that they would overlap the work area. > + // > + BuildMemoryAllocationHob ( > + (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase), > + (UINT64)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaSize), > + mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData > + ); > + } > +#endif > } > } > Reviewed-by: Laszlo Ersek