From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.73]) by mx.groups.io with SMTP id smtpd.web09.19047.1627907511305528987 for ; Mon, 02 Aug 2021 05:31:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=0XucDMWH; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.96.73, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Gu91oIAkPCgicK9ja0c07xF5WGvkJg+bZ5VCfm4psoRjpponqk8WBW2vjoA5F1jkZCwYgJekA1LsgygF4xAwwee4blOxjoPJHF0c+VY9PpBrwIW/42JYDARfVy64LUdt9FUQUtIXhmCtxOrqWmscu0oygswrc5nZCeG0l2P9n7L3dJKtdVLT49drwTRGkv4v4vMsEsBqya/+4bz6IniLArz7/vtyWahhFx0HxfiYSikra4XPLg1Twj3q8OlWKUXAKyGiDKBb/3zbapfHvZKVfFqWeQ1d2gL9iaoiuYOtHgkm2FVOz+A39Zd/FRAeNrvM3YTtUill9llMCzyu3yjHVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=obpi6x/lPQI7joLp+x52d+nwRhhFc7Lq4YaqAY1HsZc=; b=htaN1fdhX1BXML3wng10vzWB89eCS08gn2lo0aHpqd9AZw2DLqeScUfgtkPgxnCt66K6c/J0DRFuEgoGjqpa61FZx5P3VBVcwh6aoGYmvQBjaCIzsxI+JfEjlHfI2XMdrefcy7gPSyfqha5RpOKMZe1k0145m6AwCk1Awj6r3uYelgGK1YmD7+/MLaO/IRS42d+gZFMGDJDt+4E1cZiibfPmg5Id3RVHCbmNglZogb6Ay5qpTCRiO2E3Cqh9ZP5ZwRpePgLUT2P0A1bW8up3zdjyV8aO59tne/IgSmwHurCYbD7otGLvbs3jid64/adi+BI/8kTLpOKZ4XEAZCiudw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=obpi6x/lPQI7joLp+x52d+nwRhhFc7Lq4YaqAY1HsZc=; b=0XucDMWHxO0WSKPslWnj+pmNMtTwgSdcRrmoz7/hlz7syA+lY5fJWMm7BxNpbPUR6nwPoG3srMPzQQn/RNUrrr8W5JEPb5bhSCEHJXLaR7pvhO6aJnJT7prbU6osJHf8dEdjuaeDk/AL+e4NRXCrKeiciFaEft0aVmt9H9IC2rE= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2445.namprd12.prod.outlook.com (2603:10b6:802:31::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.25; Mon, 2 Aug 2021 12:31:47 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Mon, 2 Aug 2021 12:31:47 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [PATCH v6 1/6] OvmfPkg/BaseMemEncryptLib: Detect SEV live migration feature. Date: Mon, 2 Aug 2021 12:31:35 +0000 Message-Id: <812023de6c20a9d8fc62a561cedefb93640effab.1627906232.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0201CA0049.namprd02.prod.outlook.com (2603:10b6:803:20::11) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0201CA0049.namprd02.prod.outlook.com (2603:10b6:803:20::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18 via Frontend Transport; Mon, 2 Aug 2021 12:31:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 04249bf0-37c3-45ce-1f6a-08d955b17e74 X-MS-TrafficTypeDiagnostic: SN1PR12MB2445: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uS+o+7SAcJ1upyvrcye4p+qiV4syRA+K0dlqXHdnssXaNcwOU6JHIDj65ltZxKW1u+HmZZRG9elQg/kwD8462ejrlbYzlRbUZkklOMwhf3AD4PyDHKeAbBY5bQBtMPJE5KRcoGQPeES5Jc6EQbtSdiHhjcYV/y901IFjy1pB46ToqmPv9Kpe/HpbQsWMt623JlkWMZCT9LgR/lNxWkgqkNhugwRi/TXUBe0iAsLR63nMLcGHM2K8Flr6IXJ+sCqxNjZmOoxeAEkwkBWsNC5g2K5rVVeKpglk1UOXwzAXZwT3AmlO03GSPy3/w/z1o7xGi4CuEwmCzL6vuMUuVJ/LATLEVJmnOadxPkW0YPHxqM8PnssyPEszl5Vtkr2aUHvnhOBtk/CSpv2MSa7w9j7FsmVfgj8dE0XMio7aRXZeB6k8mrkCemkMTisHQcwSiLqKZQEwmTk1MRrjrWjPapeFcKAJPOGSEBPgO5pzgDmxdWterti2r/RinuTd0q0N8//EAlkLTApYwwVcfre94CpKrM9HBnOq78TX6aupT39oYbgGTeUkqxP7rm0TGpCpcqaNHA1+wKHNA+1/i1ymTHgd4FhmJ0AokVSvEbqAWW4vNyToaUos+UNmTVuYEfjNXEWIbc8nYga6+cIXzg5P7YFKZxzRKKRfmIiVslRpfBEU30ccEq5UD3uUkY1+87mACYoR97BmpaYLg61/b9OTU2yotw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(396003)(376002)(366004)(39860400002)(346002)(956004)(6916009)(5660300002)(4326008)(316002)(7696005)(66946007)(66556008)(66476007)(6486002)(8676002)(478600001)(36756003)(86362001)(52116002)(8936002)(38100700002)(6666004)(83380400001)(38350700002)(2906002)(2616005)(186003)(26005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?OYqO48I2FiZ7X5BS0SmRv8U/u8zWC2IESlS6ya8a3Eqdr4/TZ7rcbJXKGKYW?= =?us-ascii?Q?M8LV/+Crm9GXwq01tI264V/HnMJiIZTPH6Jay0kSkCl1ZTQW9d+WK55/T20f?= =?us-ascii?Q?//BmwbxBlB0klp1BzTNCVsX+OadSjecIS6xoNvZfqrKH6aEW/TSuXKkittbJ?= =?us-ascii?Q?HacqDsSoocTjCmaDyC7AZ51W1W4BwXWxtQpchkJVwZYz7jxQjMTfSXHLbNGB?= =?us-ascii?Q?WaZ3rPOxAt8IU32SP7gyyMkG8DY5M/Nst0se2DMOLC+B4kGo7IJh9wpfecwc?= =?us-ascii?Q?3C1i7XcO4EnuotDNghOCMv0PJ5XkfsQy4uqH2qfoUXbQdmvFpK4Ty/9rE/sn?= =?us-ascii?Q?pcCtpAM1RaQSARqx3XfGvvEqc0xUYG3dFcRKBydUU8AAb1xW9dWdgnsWg8Wg?= =?us-ascii?Q?8GJs31n4AI3gX278/CLlTFlK1+znveGivbJq5EmSrCgTcnHoUbCLPZBxIESx?= =?us-ascii?Q?ciDYPHnx5BnZPh7hFr9ReCWwdORD5boo9V33BDxBh1gpQ9ccbmWknoH5iiNk?= =?us-ascii?Q?wESW89iStC5caNMMjs/KHdrV5C5/MXI5Fjz9a5f4aB4HoUz7KnHAW8KoJqkU?= =?us-ascii?Q?XqjTa5ogtnsyJGfyjPc/J25T1f3QeGHt80iSfD51puWQ0f1GqF/gNj0ktmDZ?= =?us-ascii?Q?klzIUn2g85aMn96kb5KKLFm5P/BIycZVTgTmNfZ0U0jYpOjLqWnKoB7YJ350?= =?us-ascii?Q?s9Kf00UiEKA0Y24KAbSR5i8uKyr+2W82prcLTp40VYFr/OnIDDAuKhLye6Z5?= =?us-ascii?Q?bJKLlpFY61hnKyvs4mo41at3ub6oOzT0LKn8LYLYJ8M63JyvVT3IC112h0j+?= =?us-ascii?Q?45qZrb9cZIbu1SbyYzgKjIlM3pAFSrXUHP2N7lpz4OUCxXv1IeZerOoANKoK?= =?us-ascii?Q?iKqO1H/ntXVU/QAmXNg+URbp2YS9UNpwJUiDwsvMpPAkLX3EudfOk+kWl8x3?= =?us-ascii?Q?LZB0bHn9oVLqsyw+ojb4XaSaNguxVM4D0Xo7+TAaXQBJxnZC7/z8uquQHLbD?= =?us-ascii?Q?mmfjO0INsrCcxSgg++yrrTkWdWwDjTrrDUh1l0wWiLlEZecVmHjFUaBZb6hA?= =?us-ascii?Q?TN30AJLJxejo+XhFI9yBeNIR7637vUYb56dLJQp/TRCZTjba2aUf8TzdkzYN?= =?us-ascii?Q?ZUkKE4cAXO4nC5gSjiRcZcQ46xs2IKwS52GsxzAo0ZMd0ouk47AwfQFo/thE?= =?us-ascii?Q?c208MqrWO/zMH9xOHJD9SPj9AqoEgPULiTZXuCmAWujiYF6x3raGO+wJVhyA?= =?us-ascii?Q?LdvJ2LyZqaVOx2HBQFCp5po/g/KDgo00ANhIltE8J1ceUmjUPgYAt4epzhm8?= =?us-ascii?Q?OCQm9mJQzTuw8nutvXiqctNv?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 04249bf0-37c3-45ce-1f6a-08d955b17e74 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Aug 2021 12:31:47.0086 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gJWkXuD9jlarkUeLZiDqENapt4Si/mKVsEFXc3qtCwks7rx+BckzEsheN/s5BLlFifu3ayqjpgQ5VuSdRo+4sQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2445 Content-Type: text/plain From: Ashish Kalra Add support to check if we are running inside KVM HVM and KVM HVM supports SEV Live Migration feature. Cc: Jordan Justen Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 27 ++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 39 +++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c | 52 ++++++++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 39 +++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 18 +++++++ 5 files changed, 175 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index 76d06c206c..59f694fb8a 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -90,6 +90,18 @@ MemEncryptSevIsEnabled ( VOID ); +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ); + /** This function clears memory encryption bit for the memory region specified by BaseAddress and NumPages from the current page table context. @@ -222,4 +234,19 @@ MemEncryptSevClearMmioPageEncMask ( IN UINTN NumPages ); +#define KVM_FEATURE_MIGRATION_CONTROL BIT17 + +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. + + @retval TRUE SEV live migration is supported. + @retval FALSE SEV live migration is not supported. +**/ +BOOLEAN +EFIAPI +KvmDetectSevLiveMigrationFeature( + VOID + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 2816f859a0..ead754cd7b 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -20,6 +20,8 @@ STATIC BOOLEAN mSevStatus = FALSE; STATIC BOOLEAN mSevEsStatus = FALSE; STATIC BOOLEAN mSevStatusChecked = FALSE; +STATIC BOOLEAN mSevLiveMigrationStatus = FALSE; +STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE; STATIC UINT64 mSevEncryptionMask = 0; STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE; @@ -87,6 +89,24 @@ InternalMemEncryptSevStatus ( mSevStatusChecked = TRUE; } +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. +**/ +STATIC +VOID +EFIAPI +InternalDetectSevLiveMigrationFeature( + VOID + ) +{ + if (KvmDetectSevLiveMigrationFeature()) { + mSevLiveMigrationStatus = TRUE; + } + + mSevLiveMigrationStatusChecked = TRUE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. @@ -125,6 +145,25 @@ MemEncryptSevIsEnabled ( return mSevStatus; } +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ) +{ + if (!mSevLiveMigrationStatusChecked) { + InternalDetectSevLiveMigrationFeature (); + } + + return mSevLiveMigrationStatus; +} + /** Returns the SEV encryption mask. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c index b4a9f464e2..d7fc973134 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c @@ -61,3 +61,55 @@ MemEncryptSevLocateInitialSmramSaveStateMapPages ( return RETURN_SUCCESS; } + +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. + + @retval TRUE SEV live migration is supported. + @retval FALSE SEV live migration is not supported. +**/ +BOOLEAN +EFIAPI +KvmDetectSevLiveMigrationFeature( + VOID + ) +{ + CHAR8 Signature[13]; + UINT32 mKvmLeaf; + UINT32 RegEax, RegEbx, RegEcx, RegEdx; + + Signature[12] = '\0'; + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) { + AsmCpuid ( + mKvmLeaf, + NULL, + (UINT32 *) &Signature[0], + (UINT32 *) &Signature[4], + (UINT32 *) &Signature[8]); + + if (AsciiStrCmp (Signature, "KVMKVMKVM") == 0) { + DEBUG (( + DEBUG_INFO, + "%a: KVM Detected, signature = %a\n", + __FUNCTION__, + Signature + )); + + RegEax = mKvmLeaf + 1; + RegEcx = 0; + AsmCpuid (mKvmLeaf + 1, &RegEax, &RegEbx, &RegEcx, &RegEdx); + if ((RegEax & KVM_FEATURE_MIGRATION_CONTROL) != 0) { + DEBUG (( + DEBUG_INFO, + "%a: SEV Live Migration feature supported\n", + __FUNCTION__ + )); + + return TRUE; + } + } + } + + return FALSE; +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..9db6c2ef71 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -20,6 +20,8 @@ STATIC BOOLEAN mSevStatus = FALSE; STATIC BOOLEAN mSevEsStatus = FALSE; STATIC BOOLEAN mSevStatusChecked = FALSE; +STATIC BOOLEAN mSevLiveMigrationStatus = FALSE; +STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE; STATIC UINT64 mSevEncryptionMask = 0; STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE; @@ -87,6 +89,24 @@ InternalMemEncryptSevStatus ( mSevStatusChecked = TRUE; } +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. +**/ +STATIC +VOID +EFIAPI +InternalDetectSevLiveMigrationFeature( + VOID + ) +{ + if (KvmDetectSevLiveMigrationFeature()) { + mSevLiveMigrationStatus = TRUE; + } + + mSevLiveMigrationStatusChecked = TRUE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. @@ -125,6 +145,25 @@ MemEncryptSevIsEnabled ( return mSevStatus; } +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ) +{ + if (!mSevLiveMigrationStatusChecked) { + InternalDetectSevLiveMigrationFeature (); + } + + return mSevLiveMigrationStatus; +} + /** Returns the SEV encryption mask. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f318..d9f7befcd2 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -100,6 +100,24 @@ MemEncryptSevIsEnabled ( return Msr.Bits.SevBit ? TRUE : FALSE; } +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ) +{ + // + // Not used in SEC phase. + // + return FALSE; +} + /** Returns the SEV encryption mask. -- 2.17.1