From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.68]) by mx.groups.io with SMTP id smtpd.web10.6678.1587044800419276266 for ; Thu, 16 Apr 2020 06:46:40 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=c6dQRSiP; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.220.68, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MlyAx+UoOslvbtlLCTKT149jo9QsCYbtYVBxu7CwoOmgRkuDINrkuDum/l3Jv+pdOjm3gsGoTGOVHf9IPmFrOg7kYJiPwa5Sb8H1dXvGSqnDKKI0YhqG4Fd9RTDRHi1aoPFgHDNrRLu831d+4O1GZl3XLu3bYiKiZf3YAo5DILPrdL521xVKljyaNWRAZ+jb7s1i6YOUfNO5YBD1BjCTvjKyt3qntYmjAdVRpjpgNtQJJdwifPjUB78QlNGfSKSizQWmbjbIvihswK5hKoH7ZGVJ2pi6Pok61Ae4uNsrTT1L9fP6Md8TIb2BxPFpIeCCSDFFdgW9R4j+VdxOzjujPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JyJV4ux8C0fdSE+qqCkMUofEg8uGTVg/bTD3b+vmTW0=; b=U2jHL2LxWEAko6oDG1RSzQRN6Zv6ceMhxCFo5x0aP9B54uxYA0GyQXir+vJtDpf6IJUabLcXzMBlYxkblEcVvDT+nzYjBprLOVOd37iJRHUNo8oX3aeJRcJRFZtZUFFBFLyv6doQX3wdrVf8h/iy8p596ONoGNrVebreFr3Sk2ZliFsa7Jgz6qxZWLvL7EaZKdrcgUSzffvVaR5D+vkiSPhXRDQKX9sq3pNsmJ67j5YGLIkDZf3E05W+usHYMDLl4LAn3szGxxJzUoIx6zqwyvMJjcf8Yr05WLHeT4D0P4UZe5txY6jy/JnfOeO3Jl4c2l0YisxL1TpRM6T6KcWViw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JyJV4ux8C0fdSE+qqCkMUofEg8uGTVg/bTD3b+vmTW0=; b=c6dQRSiPZutITpeVoaCLq/9NxiPzDatXpEQqs6Ck9vmT9H1PE1MBnns7fTuIim//ncERDQKOoJRyBIhkqA5SYET3dKtOBKKXWrLJ8Z7D7KXQO20//toRx3IQFdmpfR94P5MsgWmpEzKXWJTUtFcJlhnbVQOLhfsV98UmwvjRTNc= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) by DM6PR12MB3036.namprd12.prod.outlook.com (2603:10b6:5:119::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.19; Thu, 16 Apr 2020 13:46:38 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::f0f9:a88f:f840:2733]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::f0f9:a88f:f840:2733%7]) with mapi id 15.20.2900.028; Thu, 16 Apr 2020 13:46:38 +0000 Subject: Re: [edk2-devel] [PATCH v6 00/42] SEV-ES guest support To: devel@edk2.groups.io, eric.dong@intel.com CC: "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , "Kinney, Michael D" , "Gao, Liming" , "Ni, Ray" , Brijesh Singh , "You, Benjamin" , "Bi, Dandan" , "Dong, Guo" , "Wu, Hao A" , "Wang, Jian J" , "Ma, Maurice" References: <08f76458-2df2-5e08-3731-8a32dc6454e0@amd.com> <1601D84A636A7BFC.25844@groups.io> From: "Lendacky, Thomas" Message-ID: <7962a752-c6b7-41ac-7764-a13157df2f25@amd.com> Date: Thu, 16 Apr 2020 08:46:35 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 In-Reply-To: X-ClientProxiedBy: SN4PR0201CA0057.namprd02.prod.outlook.com (2603:10b6:803:20::19) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0201CA0057.namprd02.prod.outlook.com (2603:10b6:803:20::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.26 via Frontend Transport; Thu, 16 Apr 2020 13:46:37 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ac343905-b315-4d47-767d-08d7e20c9624 X-MS-TrafficTypeDiagnostic: DM6PR12MB3036:|DM6PR12MB3036: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-Forefront-PRVS: 0375972289 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB3163.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(10009020)(4636009)(39860400002)(136003)(366004)(346002)(396003)(376002)(54906003)(478600001)(956004)(316002)(2616005)(186003)(16526019)(19627235002)(2906002)(6486002)(31686004)(26005)(6512007)(4326008)(966005)(66556008)(7416002)(36756003)(6506007)(83080400001)(5660300002)(81156014)(45080400002)(31696002)(52116002)(66946007)(30864003)(53546011)(66476007)(8676002)(8936002)(86362001);DIR:OUT;SFP:1101; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lacuqA3SwUVLWrg+oGp7oC7SqAzCLnwETutx7XopDYkEC212lXyCN55J8uptLq7nKmfl0iH465Epn5isMFxfkPebcgpl3Lpujph8Rgi4qfeRESYdqkpOVtKVT2RXd5dMQ8fpa4YdlyHzFLP8Ype7e7wYh2ZDyB4A1Se2Vs3WPwYhlPODPd4Z9T8iOBS6h6Jv2oEkeRbIyThMH1fXbmh5lR10fHGlMhSq7F3sQitQZQtAV6LRlVWW43Rv3aQKcvMoCtZTDK54rJPA/9wbKWcZxGrd0M2sqdtRraSF/pFHMwabWqy7P0Q1SS9BX2Wv85fAKuy1wBZbacbOhZ3C5EyQSQm2x7hTlh6cp41q3sl3p9O4xMDpOuRxBK3Gg1mWDcL0iXUoKwILQJo98cYwoNMvg3HOzqjVfq6DTJwsYTi9TvvjdHTq4IdcXMy1LEBqXQDW3vRqdIMaDCvJDxQLeyS6wYpJjtRAKKCcgqWFyUiolVVEzzdcLjXDIi0risQ5Llf2p6pfGgPiMSM+8uiWqUVLJA== X-MS-Exchange-AntiSpam-MessageData: MYR8INzNLm+De1vDS1TfYzSeXMXg58iczc9dJGN3mJxUAOb9Wf3Kedx+gs3aMMArp6YnErNd4lnFAYX2f70Gqid/K5HK7gaBxKVPtzPiSbhYL1fVDcfj1U8BfRIZ7fWbIfWNr1JYUZjvNDhNH7sA1g== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ac343905-b315-4d47-767d-08d7e20c9624 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Apr 2020 13:46:38.6379 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BwfQFBKoN1G19jbvGnR3VinQ8Q0XU6uyTtBkg6lps35ncHgY8FteQ3BunTWQavHW0fdPIOgomzEahyqehxJRTA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3036 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 4/14/20 10:30 AM, Dong, Eric via groups.io wrote: >>> -----Original Message----- >>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of >>> Lendacky, Thomas >>> Sent: Thursday, April 2, 2020 4:42 AM >>> To: Dong, Eric ; devel@edk2.groups.io >>> Cc: Justen, Jordan L ; Laszlo Ersek >>> ; Ard Biesheuvel ; >>> Kinney, Michael D ; Gao, Liming >>> ; Ni, Ray ; Brijesh Singh >>> ; You, Benjamin ; Bi, >>> Dandan ; Dong, Guo ; Wu, >> Hao >>> A ; Wang, Jian J ; Ma, >>> Maurice >>> Subject: Re: [edk2-devel] [PATCH v6 00/42] SEV-ES guest support >>> >>> On 3/30/20 7:47 PM, Dong, Eric wrote: >>>> Hi Tom, >>>> >>>> Sorry for late response. It=E2=80=99s a huge patch, please give me tw= o more >>>> weeks to detail review them. >>>> >>>> I have rough go through these patches and have some basic comments >>>> for them now: >>>> >>>> 1.It=E2=80=99s better to spit patch if changes files not in same pack= age. >>>> Like patch 1/42. >>> >>> Ok, will do. >>> >>>> >>>> 2.All functions need to have comments for them. Miss comments in >>>> patch >>>> 10/42 and others. >>> >>> Just external functions or both external and internal (STATIC) functio= ns, too? >> >> All the functions. >=20 > you can use ECC tool to help you find all the coding style related issue= s. > You can reference link https://nam11.safelinks.protection.outlook.com/?u= rl=3Dhttps%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FEC= C-tool&data=3D02%7C01%7Cthomas.lendacky%40amd.com%7C437e3b872cc046cf645= 208d7e088d6dc%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C6372247527134565= 20&sdata=3DrjRgLrtyDu2dXoRddbaTWkPtENLLZK93MEsmxR36Fkc%3D&reserved= =3D0 to know how to run this tool. Thanks for the pointer. I have addressed all issues identified by ECC with= = =20 respect to the code that I have added with these patches. Are you waiting for another version with these changes before reviewing=20 further? If so, I'll submit that now, otherwise I'll wait for your review= =20 of the current version. Thanks, Tom >=20 > Thanks, > Eric >> >> Thanks, >> Eric >> >>> >>> Thanks, >>> Tom >>> >>>> >>>> Please update patches to fix above basic checks first. >>>> >>>> Thanks, >>>> >>>> Eric >>>> >>>> *From:*devel@edk2.groups.io [mailto:devel@edk2.groups.io] *On >> Behalf >>>> Of *Lendacky, Thomas >>>> *Sent:* Tuesday, March 31, 2020 12:54 AM >>>> *To:* devel@edk2.groups.io >>>> *Cc:* Justen, Jordan L ; Laszlo Ersek >>>> ; Ard Biesheuvel ; >>>> Kinney, Michael D ; Gao, Liming >>>> ; Dong, Eric ; Ni, Ray >>>> ; Brijesh Singh ; You, >>>> Benjamin ; Bi, Dandan >> ; >>>> Dong, Guo ; Wu, Hao A ; >>> Wang, >>>> Jian J ; Ma, Maurice >>>> *Subject:* Re: [edk2-devel] [PATCH v6 00/42] SEV-ES guest support >>>> >>>> I've gotten some nice feedback from Laszlo, especially on the >>>> OvmfPkg side of this patchset, but haven't seen much response from >>>> the other maintainers. Is there any feedback on the MdePkg, >>>> MdeModulePkg and UefiCpuPkg changes that needs to be addressed in >> order to merge this? >>>> >>>> I do have some minor changes on ensuring the per-CPU variable page >>>> stays encrypted, but not much beyond that. Those changes can be >>>> submitted afterwards or as a new version before inclusion. >>>> >>>> Thanks, >>>> Tom >>>> >>>> On 3/24/20 12:40 PM, Tom Lendacky wrote: >>>>> This patch series provides support for running EDK2/OVMF under SEV- >> ES. >>>>> >>>>> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands >>>>> on the SEV support to protect the guest register state from the >>>>> hypervisor. See >>>>> "AMD64 Architecture Programmer's Manual Volume 2: System >>>>> Programming", section "15.35 Encrypted State (SEV-ES)" [1]. >>>>> >>>>> In order to allow a hypervisor to perform functions on behalf of a >>>>> guest, there is architectural support for notifying a guest's >>>>> operating system when certain types of VMEXITs are about to occur. >>>>> This allows the guest to selectively share information with the >>>>> hypervisor to satisfy the requested function. The notification is >>>>> performed using a new exception, the VMM Communication exception >>>>> (#VC). The information is shared through the Guest-Hypervisor >>> Communication Block (GHCB) using the VMGEXIT instruction. >>>>> The GHCB format and the protocol for using it is documented in >>>>> "SEV-ES Guest-Hypervisor Communication Block Standardization" [2]. >>>>> >>>>> The main areas of the EDK2 code that are updated to support SEV-ES >>>>> are around the exception handling support and the AP boot support. >>>>> >>>>> Exception support is required starting in Sec, continuing through >>>>> Pei and into Dxe in order to handle #VC exceptions that are generate= d. >>>>> Each AP requires it's own GHCB page as well as a page to hold >>>>> values specific to that AP. >>>>> >>>>> AP booting poses some interesting challenges. The INIT-SIPI-SIPI >>>>> sequence is typically used to boot the APs. However, the hypervisor >>>>> is not allowed to update the guest registers. The GHCB document [2] >>>>> talks about how SMP booting under SEV-ES is performed. >>>>> >>>>> Since the GHCB page must be a shared (unencrypted) page, the >>>>> processor must be running in long mode in order for the guest and >>>>> hypervisor to communicate with each other. As a result, SEV-ES is >>>>> only supported under the X64 architecture. >>>>> >>>>> [1] https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2= F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=3D02%7C01%= 7Cthomas.lendacky%40amd.com%7C437e3b872cc046cf645208d7e088d6dc%7C3dd8961fe4= 884e608e11a82d994e183d%7C0%7C0%7C637224752713456520&sdata=3DLau3rXHXtoE= XdfQaq8BH3XpHzLQbBEcEUfgiQWSfwwU%3D&reserved=3D0 >>>> >>> >> >> ww >>>> .amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=3D02%7C01% >>> 7Cthomas >>>> .lendacky%40amd.com%7C2ee33c1d932a4906558f08d7d50d1ca2%7C3dd8 >> 9 >>> 61fe4884 >>>> >>> >> e608e11a82d994e183d%7C0%7C0%7C637212125835211690&sdata=3DQ%2BIjeq >>> %2FRDgi >>>> ovKtPeA4TGDVorCK07jQVNZ7N9kvD%2BuE%3D&reserved=3D0> >>>>> [2] https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2= F%2Fdeveloper.amd.com%2Fwp-content%2Fresources%2F56421.pdf&data=3D02%7C= 01%7Cthomas.lendacky%40amd.com%7C437e3b872cc046cf645208d7e088d6dc%7C3dd8961= fe4884e608e11a82d994e183d%7C0%7C0%7C637224752713456520&sdata=3DHtmOAIvA= NBFusy3WrliSbrPUiuMQmjFjURttM5IXuk4%3D&reserved=3D0 >>>> >>> >> >> v >>>> eloper.amd.com%2Fwp- >>> content%2Fresources%2F56421.pdf&data=3D02%7C01%7Ctho >>>> >>> >> mas.lendacky%40amd.com%7C2ee33c1d932a4906558f08d7d50d1ca2%7C3dd >>> 8961fe4 >>>> >>> >> 884e608e11a82d994e183d%7C0%7C0%7C637212125835221679&sdata=3Dbos02 >>> T0YR3i5 >>>> xji9rhjPl7jpS5uJPKt1Q0hhdy%2FoMR0%3D&reserved=3D0> >>>>> >>>>> --- >>>>> >>>>> These patches are based on commit: >>>>> 2f524a745e23 ("BaseTools:Fix build tools print traceback info >>>>> issue") >>>>> >>>>> Proper execution of SEV-ES relies on Bugzilla 2340 being fixed. >>>>> >>>>> A version of the tree (with an extra patch to workaround Bugzilla >>>>> 2340) can be found at: >>>>> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F= github.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es-v13&data=3D02%7C01%7Cthomas.= lendacky%40amd.com%7C437e3b872cc046cf645208d7e088d6dc%7C3dd8961fe4884e608e1= 1a82d994e183d%7C0%7C0%7C637224752713456520&sdata=3D%2BxdUQmdZo1vnkRB4v8= kVHUGToXxNICpWpUxd4BPZx%2Bs%3D&reserved=3D0 >>>> >>> >> >>> hub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es- >>> v13&data=3D02%7C01%7Cthomas.lend >>>> >>> >> acky%40amd.com%7C2ee33c1d932a4906558f08d7d50d1ca2%7C3dd8961fe48 >>> 84e608e >>>> >>> >> 11a82d994e183d%7C0%7C0%7C637212125835221679&sdata=3DfmIyS5QBB7YG >>> DSqTFiBI >>>> e%2BBdH1zatcEplUdNC2wi%2Fhc%3D&reserved=3D0> >>>>> >>>>> Cc: Ard Biesheuvel >>>> > >>>>> Cc: Benjamin You >>>> > >>>>> Cc: Dandan Bi > >>>>> Cc: Eric Dong > >>>>> Cc: Guo Dong > >>>>> Cc: Hao A Wu > >>>>> Cc: Jian J Wang >>>> > >>>>> Cc: Jordan Justen >>>> > >>>>> Cc: Laszlo Ersek > >>>>> Cc: Liming Gao > >>>>> Cc: Maurice Ma > > >>>>> Cc: Michael D Kinney >>>> > >>>>> Cc: Ray Ni > >>>>> >>>>> Changes since v5: >>>>> - Remove extraneous VmgExitLib usage >>>>> - Miscellaneous changes to address feedback (coding style, etc.) >>>>> >>>>> Changes since v4: >>>>> - Move the SEV-ES protocol negotiation out of the SEC exception >> handler >>>>> and into the SecMain.c file. As a result: >>>>> - Move the SecGhcb related PCDs out of UefiCpuPkg and into >> OvmfPkg >>>>> - Combine SecAMDSevVcHandler.c and PeiDxeAMDSevVcHandler.c >> into >>> a >>>>> single AMDSevVcHandler.c >>>>> - Consolidate VmgExitLib usage into common LibraryClasses sections >>>>> - Add documentation comments to the VmgExitLib functions >>>>> >>>>> Changes since v3: >>>>> - Remove the need for the MP library finalization routine. The AP >>>>> jump table address will be held by the hypervisor rather than >>>>> communicated via the GHCB MSR. This removes some fragility aroun= d >>>>> the UEFI to OS transition. >>>>> - Rename the SEV-ES RIP reset area to SEV-ES workarea and use it to >>>>> communicate the SEV-ES status, so that SEC CPU exception handlin= g is >>>>> only established for an SEV-ES guest. >>>>> - Fix SMM build breakageAdd around QemuFlashPtrWrite(). >>>>> - Fix SMM build breakage by adding VC exception support the SMM CPU >>>>> exception handling. >>>>> - Add memory fencing around the invocation of AsmVmgExit(). >>>>> - Clarify comments around the SEV-ES AP reset RIP values and usage. >>>>> - Move some PCD definitions from MdeModulePkg to UefiCpuPkg. >>>>> - Remove the 16-bit code selector definition from MdeModulePkg >>>>> >>>>> Changes since v2: >>>>> - Added a way to locate the SEV-ES fixed AP RIP address for starting >>>>> AP's to avoid updating the actual flash image (build time locati= on >>>>> that is identified with a GUID value). >>>>> - Create a VmgExit library to replace static inline functions. >>>>> - Move some PCDs to the appropriate packages >>>>> - Add support for writing to QEMU flash under SEV-ES >>>>> - Add additional MMIO opcode support >>>>> - Cleaned up the GHCB MSR CPUID protocol support >>>>> >>>>> Changes since v1: >>>>> - Patches reworked to be more specific to the component/area being >>> updated >>>>> and order of definition/usage >>>>> - Created a library for VMGEXIT-related functions to replace use of = inline >>>>> functions >>>>> - Allocation method for GDT changed from AllocatePool to >>>>> AllocatePages >>>>> - Early caching only enabled for SEV-ES guests >>>>> - Ensure AP loop mode set to halt loop mode for SEV-ES guests >>>>> - Reserved SEC GHCB-related memory areas when S3 is enabled >>>>> >>>>> Tom Lendacky (42): >>>>> MdePkg: Create PCDs to be used in support of SEV-ES >>>>> MdePkg: Add the MSR definition for the GHCB register >>>>> MdePkg: Add a structure definition for the GHCB >>>>> MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page >>> tables >>>>> MdePkg/BaseLib: Add support for the XGETBV instruction >>>>> MdePkg/BaseLib: Add support for the VMGEXIT instruction >>>>> UefiCpuPkg: Implement library support for VMGEXIT >>>>> OvmfPkg: Prepare OvmfPkg to use the VmgExitLib library >>>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib lib= rary >>>>> UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC >>> exception >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE >>> events >>>>> UefiCpuPkg/CpuExceptionHandler: Support string IO for IOIO_PROT >> NAE >>>>> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for CPUID NAE events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT NAE >>> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE events >>> (MMIO) >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE >>> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC NAE events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC NAE >> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for INVD NAE events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL NAE >>> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP NAE >> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for >>> MONITOR/MONITORX NAE >>>>> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWAITX >>> NAE >>>>> events >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write >>> NAE >>>>> events >>>>> OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function >>>>> OvmfPkg: Add support to perform SEV-ES initialization >>>>> OvmfPkg: Create a GHCB page for use during Sec phase >>>>> OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is support= ed >>>>> OvmfPkg: Create GHCB pages for use during Pei and Dxe phase >>>>> OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is >> enabled >>>>> UefiCpuPkg: Create an SEV-ES workarea PCD >>>>> OvmfPkg: Reserve a page in memory for the SEV-ES usage >>>>> OvmfPkg/ResetVector: Add support for a 32-bit SEV check >>>>> OvmfPkg/Sec: Add #VC exception handling for Sec phase >>>>> OvmfPkg/Sec: Enable cache early to speed up booting >>>>> OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection >>> with >>>>> SEV-ES is enabled >>>>> UefiCpuPkg: Add a 16-bit protected mode code segment descriptor >>>>> UefiCpuPkg/MpInitLib: Add CPU MP data flag to indicate if SEV-ES= is >>>>> enabled >>>>> UefiCpuPkg: Allow AP booting under SEV-ES >>>>> OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector >>>>> OvmfPkg: Move the GHCB allocations into reserved memory >>>>> UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use >>>>> >>>>> MdeModulePkg/MdeModulePkg.dec | 9 + >>>>> OvmfPkg/OvmfPkg.dec | 9 + >>>>> UefiCpuPkg/UefiCpuPkg.dec | 17 + >>>>> OvmfPkg/OvmfPkgIa32.dsc | 6 + >>>>> OvmfPkg/OvmfPkgIa32X64.dsc | 6 + >>>>> OvmfPkg/OvmfPkgX64.dsc | 6 + >>>>> OvmfPkg/OvmfXen.dsc | 1 + >>>>> UefiCpuPkg/UefiCpuPkg.dsc | 2 + >>>>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 2 + >>>>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 2 + >>>>> OvmfPkg/OvmfPkgX64.fdf | 9 + >>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 2 + >>>>> MdePkg/Library/BaseLib/BaseLib.inf | 4 + >>>>> OvmfPkg/PlatformPei/PlatformPei.inf | 7 + >>>>> .../FvbServicesRuntimeDxe.inf | 2 + >>>>> OvmfPkg/ResetVector/ResetVector.inf | 8 + >>>>> OvmfPkg/Sec/SecMain.inf | 4 + >>>>> .../DxeCpuExceptionHandlerLib.inf | 5 + >>>>> .../PeiCpuExceptionHandlerLib.inf | 5 + >>>>> .../SecPeiCpuExceptionHandlerLib.inf | 5 + >>>>> .../SmmCpuExceptionHandlerLib.inf | 5 + >>>>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 + >>>>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 + >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf | 33 + >>>>> .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +- >>>>> MdePkg/Include/Library/BaseLib.h | 31 + >>>>> MdePkg/Include/Register/Amd/Fam17Msr.h | 42 + >>>>> MdePkg/Include/Register/Amd/Ghcb.h | 136 ++ >>>>> OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 + >>>>> .../QemuFlash.h | 6 + >>>>> UefiCpuPkg/CpuDxe/CpuGdt.h | 4 +- >>>>> UefiCpuPkg/Include/Library/VmgExitLib.h | 111 ++ >>>>> .../CpuExceptionHandlerLib/AMDSevVcCommon.h | 26 + >>>>> .../CpuExceptionCommon.h | 2 + >>>>> UefiCpuPkg/Library/MpInitLib/MpLib.h | 68 +- >>>>> .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +- >>>>> .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +- >>>>> .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 +- >>>>> MdePkg/Library/BaseLib/Ia32/GccInline.c | 45 + >>>>> MdePkg/Library/BaseLib/X64/GccInline.c | 47 + >>>>> .../MemEncryptSevLibInternal.c | 75 +- >>>>> OvmfPkg/PlatformPei/AmdSev.c | 82 ++ >>>>> OvmfPkg/PlatformPei/MemDetect.c | 23 + >>>>> .../QemuFlash.c | 23 +- >>>>> .../QemuFlashDxe.c | 15 + >>>>> .../QemuFlashSmm.c | 9 + >>>>> OvmfPkg/Sec/SecMain.c | 160 ++- >>>>> UefiCpuPkg/CpuDxe/CpuGdt.c | 8 +- >>>>> .../CpuExceptionHandlerLib/AMDSevVcHandler.c | 29 + >>>>> .../CpuExceptionCommon.c | 2 +- >>>>> .../Ia32/ArchAMDSevVcHandler.c | 24 + >>>>> .../PeiDxeSmmCpuException.c | 16 + >>>>> .../SecPeiCpuException.c | 16 + >>>>> .../X64/ArchAMDSevVcHandler.c | 1237 ++++++++++++= +++++ >>>>> UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 114 +- >>>>> UefiCpuPkg/Library/MpInitLib/MpLib.c | 257 +++- >>>>> UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 19 + >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c | 249 ++++ >>>>> UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- >>>>> MdePkg/Library/BaseLib/Ia32/VmgExit.nasm | 37 + >>>>> MdePkg/Library/BaseLib/Ia32/XGetBv.nasm | 31 + >>>>> MdePkg/Library/BaseLib/X64/VmgExit.nasm | 32 + >>>>> MdePkg/Library/BaseLib/X64/XGetBv.nasm | 34 + >>>>> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 100 ++ >>>>> OvmfPkg/ResetVector/Ia32/PageTables64.asm | 351 ++++- >>>>> OvmfPkg/ResetVector/ResetVector.nasmb | 20 + >>>>> .../X64/ExceptionHandlerAsm.nasm | 17 + >>>>> UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc | 2 +- >>>>> .../Library/MpInitLib/Ia32/MpFuncs.nasm | 15 + >>>>> UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc | 4 +- >>>>> UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 370 ++++- >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni | 15 + >>>>> .../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 9 + >>>>> 73 files changed, 4061 insertions(+), 99 deletions(-) >>>>> create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf >>>>> create mode 100644 MdePkg/Include/Register/Amd/Ghcb.h >>>>> create mode 100644 UefiCpuPkg/Include/Library/VmgExitLib.h >>>>> create mode 100644 >>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h >>>>> create mode 100644 >>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcHandler.c >>>>> create mode 100644 >>> >> UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchAMDSevVcHandler.c >>>>> create mode 100644 >>> >> UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSevVcHandler.c >>>>> create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c >>>>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExit.nasm >>>>> create mode 100644 MdePkg/Library/BaseLib/Ia32/XGetBv.nasm >>>>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm >>>>> create mode 100644 MdePkg/Library/BaseLib/X64/XGetBv.nasm >>>>> create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >>>>> create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni >>>>> >>>> >>>> >>>> >>> >>> >> >> >=20 >=20 >=20