From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.groups.io with SMTP id smtpd.web09.43637.1606170519987584488 for ; Mon, 23 Nov 2020 14:28:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Y8oZyGuR; spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606170519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EDOuxK+7t9nS3S666We5geb1ZPO0QCl3Aqu2Du1kGWw=; b=Y8oZyGuRfAuBDZ/WN6li8hGMlf0zmPIQN0CpPEkeZBo1wREKlSERxtSvTekRFeM63TJEWW D19NPonrQHXGdzDKLwmIOW8uZCqUfn1SD11sfOwadZUiKqIlsNImrINpAsdMbgVgJuYmQw 3hZDIxinjaWfHgzPYHNFXRX317ZELeQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-128--R01PGkMPCW_euh7GanFYw-1; Mon, 23 Nov 2020 17:28:36 -0500 X-MC-Unique: -R01PGkMPCW_euh7GanFYw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 301451074642; Mon, 23 Nov 2020 22:28:33 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-230.ams2.redhat.com [10.36.112.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id 33DEF5C1A3; Mon, 23 Nov 2020 22:28:30 +0000 (UTC) Subject: Re: [PATCH v2 4/6] OvmfPkg: create a SEV secret area in the AmdSev memfd To: James Bottomley , devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" References: <20201120184521.19437-1-jejb@linux.ibm.com> <20201120184521.19437-5-jejb@linux.ibm.com> From: "Laszlo Ersek" Message-ID: <7590cde3-e186-45cb-dbf5-3e64c7a3cc5e@redhat.com> Date: Mon, 23 Nov 2020 23:28:29 +0100 MIME-Version: 1.0 In-Reply-To: <20201120184521.19437-5-jejb@linux.ibm.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 11/20/20 19:45, James Bottomley wrote: > SEV needs an area to place an injected secret where OVMF can find it > and pass it up as a ConfigurationTable. This patch implements the > area itself as an addition to the SEV enhanced reset vector table using > an additional guid (4c2eb361-7d9b-4cc3-8081-127c90d3d294). > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 > Signed-off-by: James Bottomley > > --- > > v2: move guid to OVMF token space, separate patches > --- > OvmfPkg/OvmfPkg.dec | 6 ++++++ > OvmfPkg/ResetVector/ResetVector.inf | 4 ++++ > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 14 ++++++++++++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ > 4 files changed, 26 insertions(+) > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 3fbf7a0ee1a4..7d27f8e16040 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -304,6 +304,12 @@ [PcdsFixedAtBuild] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|0|UINT32|0x40 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize|0|UINT32|0x41 > > + ## The base address and size of the SEV Launch Secret Area provisioned > + # after remote attestation. If this is set in the .fdf, the platform > + # is responsible for protecting the area from DXE phase overwrites. > + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 > + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 > + > [PcdsDynamic, PcdsDynamicEx] > gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 > diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf > index a53ae6c194ae..dc38f68919cd 100644 > --- a/OvmfPkg/ResetVector/ResetVector.inf > +++ b/OvmfPkg/ResetVector/ResetVector.inf > @@ -43,3 +43,7 @@ [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize > + > +[FixedPcd] > + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase > + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > index baf9d09f3625..8d6600f17310 100644 > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -47,6 +47,20 @@ TIMES (32 - ((guidedStructureEnd - guidedStructureStart) % 32)) DB 0 > ; > guidedStructureStart: > > +; > +; SEV Secret block Guid: 4c2eb361-7d9b-4cc3-8081-127c90d3d294 > +; > +; This describes the guest ram area where the hypervisor may have > +; injected the secret (1) I suggest s/may have injected/should inject/, as this structure gets built into the uncompressed part of the pflash, and its intended consumer is the hypervisor. If you'd like to stick with the wording as posted, that's fine too, however. Reviewed-by: Laszlo Ersek Thanks Laszlo > +; > +sevSecretBlockStart: > + DD SEV_LAUNCH_SECRET_BASE > + DD SEV_LAUNCH_SECRET_SIZE > + DW sevSecretBlockEnd - sevSecretBlockStart > + DB 0x61, 0xB3, 0x2E, 0x4C, 0x9B, 0x7D, 0xC3, 0x4C > + DB 0x80, 0x81, 0x12, 0x7C, 0x90, 0xD3, 0xD2, 0x94 > +sevSecretBlockEnd: > + > ; > ; SEV-ES Processor Reset support > ; > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb > index 4913b379a993..c5e0fe93abf4 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -83,5 +83,7 @@ > %include "Main.asm" > > %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) > + %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) > + %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) > %include "Ia16/ResetVectorVtf0.asm" > >