From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.59]) by mx.groups.io with SMTP id smtpd.web10.7364.1654089366492757019 for ; Wed, 01 Jun 2022 06:16:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=ZdXeqoQc; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.59, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lKPS6bZh8+TtbH52M6FdSNyh5IS/5O4PU+sJXI2uKJTNy6Zxb3eC+Adbl5mg355r5TIMPUjzGdCsHVx7Nr4q8I5S9G8RBUdgZWxDbRdLoMuVsamkjLmAHLgy3RbpKwfLcyI9GR7LKedzmCUQeIW8Yw9l2btM8ughOdRUA4PEyLqGm7UuWfC8NPgcTP4s/+/JbTaN0rFxoFUfs67Qe8NOZsU6RjqpDnjqoTV2X+AIRf2tM3cFkZ+EAv2Spx3AM0jl4b+2efrOfLd2+G+U4U/y49rykQMMwz4t/jGJsGkFO9616J1zJP2ghJpWU9LzuBzXAqRMTEJqb6HXZ3t0NJymUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+3ZX1Ayb9CNbDuyzoO4y5CkmtrpTb6p0MatlUEF70Qc=; b=obm9aTQ21//re5UAE3hzHVsqM+Lht3V9PrSvKBKDMl4vIfK+9fLj6hmn5PPzYwe0v+U0XgP8UBi5UmTT8XnacIdkZWPPeDNKeY+9mvtxcfjY0lsbQfwXtiWi4xnmfnServmV3HvAFUrRHI8qscOVRvxjDNAQsX6UsYllwOfpe4HTaMznyG1Yn3eLGm+xYj7C7GuW69HQVl/sZ9UKrK0D0jhN5o5noNAxC4SdbqdNiJkrvTbTs9FqB8y3YH7bdxbrnmI4GgRNbwww9OyX9imS+JjIT9ia+iKcMNl4zpIWEWowi+hVVEpli519RoBLQ4CJErRNcfhE9LGo82scgQGbeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+3ZX1Ayb9CNbDuyzoO4y5CkmtrpTb6p0MatlUEF70Qc=; b=ZdXeqoQccXgKm+AEz7B1k9BoQtoccC0nZ1Q/kRugdoy7GiSnCNHzDV+bgUDI0tNgDApr1bSjpqS8x3daHgRdyDWbL1IwnDrBHEaf7FHMcuD6rR4J8jzIeTMjXbwiBU+KNO2g9XRoppdI/00KOdd+dfsJOxDXyeEzWVnvEpzJ4gE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by BL1PR12MB5045.namprd12.prod.outlook.com (2603:10b6:208:310::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.13; Wed, 1 Jun 2022 13:16:02 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::db8:5b23:acf0:6f9a]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::db8:5b23:acf0:6f9a%4]) with mapi id 15.20.5314.013; Wed, 1 Jun 2022 13:16:02 +0000 Message-ID: <74af49fa-8f54-aa31-681b-f15e574a0d0f@amd.com> Date: Wed, 1 Jun 2022 08:16:00 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH V3] OvmfPkg/ResetVector: Removing SEV-ES CPUID bit check To: Ard Biesheuvel , Peter Gonda Cc: edk2-devel-groups-io , James Bottomley , Min Xu , Jiewen Yao , Jordan Justen , Laszlo Ersek , Erdem Aktas , Brijesh Singh , Marc Orr , Gerd Hoffmann References: From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: SA9PR13CA0156.namprd13.prod.outlook.com (2603:10b6:806:28::11) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1fbbda31-e714-40b1-dfa2-08da43d0e059 X-MS-TrafficTypeDiagnostic: BL1PR12MB5045:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: RgykfvY3qM9I6IYrD/i1PoUnrymojJpfEcI31UUq0hAivMynSljTgGgETHUIUYvZJIb8GJAsg2izgizU7ooxwxpAhGeIQUfowVCNlvZ0sSIZyLmyQObYTpCQAjumNsLKBNyEQF78Ne0p18du2+JaoNgHFPGX7LKBBhfTS1sMweqN30tJDN69d0kwotdpHfwCATu6yWDd7L89P820mSMVD6pwir01adjyeUEz6dN+vKQNJJZ6KXXQRG6SwsyQHaCGLJXM+FlNYf8nKuqSrZZ469zb8POquphr3vh+XFiv1EtWv5vyGtAnGwJ3v36bP9uoRD6nlL11cJ1vmN3I+Qe3jy2d61zlUAD4ntZf1l1z2rbvK0tWdd/zGu1idrI4bnljZEEW6XzFuJcUOodfvgTl9iapkRJXtfze1xxRVAtIA6g/6uooXMk4NQzMXrOhOXcKNcND37FXe4BhKBRkrzm0qUUiLkBlffCgN9qJ2aHb285pWrSGWZkztr3hM+4RsxZktmHftV6vDejObIBY76T4WufCr34owylChYh73BWioTpZitqh3aB2arULAO4rJyQMyeVyLhE/KPG431hgGqBWrVzREzVisFM9zmKMrXNrlZrL+NtEbsWcjP9i5nZzqTAlcz8F5FypoLwnndD+blKa/Ja4fIvpfEQLPw6ZYRPhpsZuUlWmsz3J87Aq0AQvlsRmjvhSg0HGEBkdH8/uoZeMicS/yesZO/d2wmtVwqQ1MK1GIjpQ1tF9r6KYeVboxXRb X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(7416002)(19627235002)(5660300002)(36756003)(38100700002)(8936002)(31686004)(83380400001)(2906002)(6512007)(31696002)(53546011)(6486002)(26005)(186003)(6506007)(2616005)(110136005)(508600001)(316002)(66556008)(66946007)(66476007)(8676002)(4326008)(54906003)(86362001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?T3ZjOGpUdm55SHFGZ3E1SGdVSkdlQ2FUTWIwdDRkNUZsd084NnRhQXRHWXVh?= =?utf-8?B?U3gya3pjeWhrU1JKSUJ0SGNrNXJRakN6anlCVUk1TXlIQnhkbnlieWwwanJj?= =?utf-8?B?Um1OYk90cFlkUDNQcmt0VlY2NjBrVTNldnNIMzltNGhNYzhSaEcwWDlNYU0w?= =?utf-8?B?cHhhQ3VnakJUZ2wvTFRaeTMrcWNzc1FxTWM0end4cm1DQklGUkJsajNuZXox?= =?utf-8?B?WFJqUGUzQ2ZWL3h2RTUzWWpPWHVYdVhyaVlYY3pOektYRDlBeXZmTUdsaFR2?= =?utf-8?B?eHcyMXF6TXJMSWxJTURxSzVlOWxkRmtiM0Rza3ZodGJsL05CMFE4N2NZcXAv?= =?utf-8?B?U3pzTUJDS3dFUHVPeFE5WUNiLzFlWFdUb3NONi9aRkFVblYyMnZpTS9OTlo1?= =?utf-8?B?eGVVQ2xmNGovWHlOT2g1OFR5am5jMEF1c1ZpdnI3c1dsL2NzT1RZRERSQVRo?= =?utf-8?B?SVVaTzlyZ3cxMGRSQ0hPeENaMWlUNDdHa3VndXFlTHE3SHRHcDN4Z0U3RVNw?= =?utf-8?B?TEZvaUM2dFlMMVVmUHNleE9XN0hTRVc4QkcyN0JrNU8vUnVpMU4zWWhVNVZj?= =?utf-8?B?RHdCZjZKdGpEQTBLNEpmMVZ4RjBXKzFHK3IvMzZaMFk3eXk5a1FxNEx2Yjgz?= =?utf-8?B?MlVWbHdtTGE5bUpBbk9PS0lma3hBU3JrMWVPSnlRZzBzcXR3alRYWFRxSEJr?= =?utf-8?B?ODM1UVRkWnVDZHR4d0xnWXVGR0pQWDRpc0hpcjIzdGFLTS95M2QrOExCV1dr?= =?utf-8?B?Z1BjRnY4Z2t1ajRoYVVpSkhwa1B2SGFwc2lNcVBIVkZHakUyVUpXWmdqRmlR?= =?utf-8?B?UjBkL2w4NFpISVVtZjlxOFRraTMyT3c1SSt1a2NzbERJWkNDT2ZWdlFHZ1Vq?= =?utf-8?B?c0wzNUdrLytzVHFSbHhnbkh0anpHTHVlNmk0TFE2d0haVktJV25lSXorYkpX?= =?utf-8?B?K2RSb2J3ZU5iZGRqQlY5TnVjZjJyM0pUWjZrTVhoY29WbTJrREp3aGp6cWRk?= =?utf-8?B?TFlxKzZIeE5NNFVHclZpNDdsUytTUHlRVU52ZHNKQlFiVnJnMmFnd0tkUnAr?= =?utf-8?B?cmZRNGhGOWFKQUtIdjlQd296aWlJVEJSL0dXaEFjY2VOY2xoVjM5cXp5bytQ?= =?utf-8?B?ZHFXSlJJMXluTUZuTERIeFFieWVNNjJWL2VKMjF0T2EvMDg0MWdiaTUzZWNE?= =?utf-8?B?aHRZUi8vZGltS1F2WFE2SWIzdFFsVU9TT0E2Z0o4MDRXdWl3bW5udDBjeGxF?= =?utf-8?B?MVc2cTNOK1BGNzZhSUUzMDVLVGxYYmRBaURTVytzYnIrODRESkRsTktNSDVM?= =?utf-8?B?dGZMaHJ0NDdlQ1B5NDdFYVFPZ05ZQ1dDK29HeGRGYVNtNTVsc09yL2FoTFdz?= =?utf-8?B?by9XenRFTzFWQUxEZDltblRQb1hDS21GR0hpRHovSWpvbXZWcnFSQTh4cUsx?= =?utf-8?B?QU9OczdESkRhSnU3bmNmWFl3M1Z5aTR0RnpiM0NFU0tyOFJkOGFsNkEzR2lv?= =?utf-8?B?NVN5UXJYcDBCM01PZkRFekRmRlRGV04xZUZiVlVVdmd1dlI3SlpKOWVqLy9h?= =?utf-8?B?Y0pBQVJkYi9IZFFFeitSN09HVUJtUDJYNGQra0w1QkZKMVR6TWIya0xKL21o?= =?utf-8?B?S0FBM3paZ2x1U2NMUHVlUnNHNDdEdGk1M1pZU2Y3Z0ZIVGhCTHNXUDR5cHBL?= =?utf-8?B?RkdRNnhLdXVMd0tRdDNNWU40OFhVUVUvdTFqMXI1ZUxiTjNiMkFpWGw2TGVi?= =?utf-8?B?QnEwQUlpclhCdU5Ld1M0MTlkQ09kb1BNOUNNUC9sYmZCamovL01SVlhBaElZ?= =?utf-8?B?MnNPdlVidDdhdFk4M3NFTnFHTWQ5aXQ0dHJwY1cyRkVGUCs0djRvUlE5TlFZ?= =?utf-8?B?OU91RnM1SVk1WlE5blpiUnpLV1NzRzJOYTJKVEZubXdQYzV1S2pEM1g3ZWhO?= =?utf-8?B?Y1kxbFl5cXhVZWVtZG5sbDhlbE1EVkV4WWkwcXJOM3JrSUpqUnB2bGFGZmxZ?= =?utf-8?B?ZTNZY25ob2RQelM5WlpiSDFDcllRQjJPTzduZGt6ZWJXYUtibzFzMW1HeFRw?= =?utf-8?B?aXExM1ZxKzIxWDg2MHIzaUNQOXczTG1XS2pHOXI4QUhtNVpNSEZTcDNWZ0JL?= =?utf-8?B?cjVialI0WW9nR1BwVFhndzRnMDVmYnhEa1RPRXFuZVIzTWpleDB1NWs4WGJh?= =?utf-8?B?MmdPTWtxUXozTGVUbXRBSnQwdHFEK0VZMmFJZUovdzZhOWVwUTBRRlN5UjlD?= =?utf-8?B?c29WQ0d5SEQ4NGV5YkQvb240Vm9neXIwWXZabkRuWlNUN0YwNEppVkdaT2RK?= =?utf-8?B?OWxZSzBwRUlTdEl1Um9HbzlnekVaRkRvSEw0L09mRWRHV0UrSU9WZz09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1fbbda31-e714-40b1-dfa2-08da43d0e059 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2022 13:16:02.3997 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: M/FjqNCGCkdcn6fRgT5mi9cwvI+Jy+DSRQ7aAjaUoASv7qcEvt9HRO4vqV6tVHVSZgRP9n+Wjp4DmWu/+y2/UA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5045 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 6/1/22 07:25, Ard Biesheuvel wrote: > On Tue, 31 May 2022 at 16:40, Peter Gonda wrote: >> >> The SEV-ES bit of Fn800-001F[EAX] - Bit 3 is used for a host to >> determine support for running SEV-ES guests. It should not be checked by >> a guest to determine if it is running under SEV-ES. The guest should use >> the SEV_STATUS MSR Bit 1 to determine if SEV-ES is enabled. This check >> was not part of the original SEV-ES support and was added in >> a91b700e38. Removing the check makes this code consistent with the >> Linux kernel >> >> Fixes: a91b700e38 (Ovmf/ResetVector: Simplify and consolidate the SEV features checks) >> >> Cc: James Bottomley >> Cc: Min Xu >> Cc: Jiewen Yao >> Cc: Tom Lendacky >> Cc: Jordan Justen >> Cc: Ard Biesheuvel >> Cc: Laszlo Ersek >> Cc: Erdem Aktas >> Cc: Brijesh Singh >> Cc: Erdem Aktas >> Cc: Marc Orr >> Signed-off-by: Peter Gonda >> Acked-by: Tom Lendacky >> >> --- >> OvmfPkg/ResetVector/Ia32/AmdSev.asm | 8 -------- >> 1 file changed, 8 deletions(-) >> >> diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm >> index 1f827da3b9..77692db27e 100644 >> --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm >> +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm >> @@ -265,14 +265,6 @@ CheckSevFeatures: >> ; Set the work area header to indicate that the SEV is enabled >> mov byte[WORK_AREA_GUEST_TYPE], 1 >> >> - ; Check for SEV-ES memory encryption feature: >> - ; CPUID Fn8000_001F[EAX] - Bit 3 >> - ; CPUID raises a #VC exception if running as an SEV-ES guest >> - mov eax, 0x8000001f >> - cpuid >> - bt eax, 3 >> - jnc GetSevEncBit >> - >> ; Check if SEV-ES is enabled >> ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) >> mov ecx, SEV_STATUS_MSR > > Thanks Peter, I have queued this up. > > I did wonder, though: the only remaining reference to GetSevEncBit is > a conditional branch that just precedes the label itself. This appears > to be a leftover from commit 63c50d3ff2854a76 ("OvmfPkg/ResetVector: > cache the SEV status MSR value in workarea") but it looks a bit dodgy. Yes, it looks like the rdmsr and the GetSevEncBit: label can all be removed since the MSR value is now cached (a few lines above) and used for checks. Thanks, Tom