From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=2a01:111:f400:fe45::60e; helo=nam02-cy1-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on060e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::60e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 40604209574E1 for ; Tue, 27 Feb 2018 04:17:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=seM85lsx+O2atXHLENWd8Y9pxVnRE4KQayOM0dlcvJM=; b=rw4imfdcI7pUGPztWcohfhi8dbv7Fkm2QZ4mORxh9AtrLFpDw7FomNf+s2K46MC8UGcR5sQ9ROqs63k2wH1HgYVlgXNW6u+7rwLt0Dt6eAO+lGWRgxtHTy4aexIz/zJ4mAX/w6PTD7XxKsuK5h3YQCfvcDVS+u4YbNQPfad8grE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Tue, 27 Feb 2018 12:23:16 +0000 Cc: brijesh.singh@amd.com, Tom Lendacky , Jordan Justen , Ard Biesheuvel , Michael Kinney , Paolo Bonzini To: Laszlo Ersek , edk2-devel@lists.01.org References: <20180221165212.6643-1-brijesh.singh@amd.com> <20180221165212.6643-3-brijesh.singh@amd.com> <6a0cd77f-13d8-b8dd-8ad2-931347e72a7c@redhat.com> From: Brijesh Singh Message-ID: <8138d8c3-678f-fd42-c663-1ae5c2e539b9@amd.com> Date: Tue, 27 Feb 2018 06:23:11 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <6a0cd77f-13d8-b8dd-8ad2-931347e72a7c@redhat.com> X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: BN6PR11CA0029.namprd11.prod.outlook.com (2603:10b6:404:4b::15) To SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a8947faf-6b6b-42a6-1e75-08d57ddce14f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:PEPc1BF/faCwcXtS+jrsqIqpjGSb668pNVMF+ZX/o4rE1k15MIv1zqnjIha6LAOePEyBF4CBb3FZ8w/1la5/I8mGNa9Od1ibh2hsxNCC6gGqliCO46BCLHCsAtTyQcrqxO1XsocYKUoZp54FuILJTaJAz5F33aVn2trmKvn3r9oTZ2eMNXs9xW0rHkF7QlUSouXa1UdzveMHZRtwBtdT2T7YZeqPvNlsCoo2Pw7J5iJda0ocLV//cPYG4Bepb9Vk; 25:r9UZ2m7UrQxDo2Dds4JR/g0zQ/IjKVSa9xb6cw3DIK+X3QbYy0aZdzym7a97v4KGZ/s7LbnP6RlQGMwy6UUDXYA+r6o1wf0p4D8Vx4aUHdMqfBv5dpoK21YC5n1kKIW3/JA1Fv5SMFrOSZWIq6jMz8QTHNGQoCfvwkLKQ47x+6qCLPItELm8Tv4JF7vrQ/PNEjgib6KibAg09Qz7A0FJkBW/VuEKFZf3DgsbaXQRX6/28cpgdeQL6yPOiLo7jsYGRBpPiJ9cX7c4UZYpWfPBpGGpecWNCCFImlWoSuceBrZEMsM7z9j2o0Kxoyby7xst4AoOEXPv2CvidjwAgyDofAV5DTsayBXxbRl5KytCiAs=; 31:ityjMjRz3laN6SqafbGKp1o05qfhEBqni6ftje+AKQtqjfXT6vullYvT7AXuoJ5xKyiowzfUIEbkMwzQZAVWojshIYNx3m2vBZbVNxGJY7GIAWL7jJlA7NwDq625kpA3WSDZcGr9pD371prN+ZL4LR8FthYh5t48/TN9C2Q3PBkh51pFga0RHx4gRsl4r9h6usTbr56D71v9veNoRhaId7KXKw70uipXIupDdbgPEJY= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:rnZtzcyWDzaB/7PZRI+Obk2aWGCfPT9b+BeMpafUs/ig/rKzzVu5h0xEPjJAnOnzzJP4xyr5zY9l79Im8rFbeNL97rm7zsUvLhNPQNDSBjxpQ0MExxE1/HEHql9KqWAWMtD/P53JoyutRx7Mb74Vi2b2c2JRUT6EqZPuhG0fDX37TdJ64wOUyfT1XJ/+MgNt+tpjoAC6fnXDt2K13wg1eS5Cf4lZ6JcVLHC10yKY8CNHcR/UspzHUMz5yST14uYMomsF7wlOMmnV0ifmQNKdfXaMxvOne+6x9VXjYKMJzZ6E6IZYkag1UpdCdr5poOGX2wP/ei8cclHzqbwkJ3s3bOqwfnfHdmeSUgi8/BXzpH6oMsq8tWNnfgPCwSEbvbkUzRH20uD6dGlZ5G78WGLwGD3N7+eZtef5wp0uQr+khm7kUb6RiK2TGeMl6YY7Lr82uMh8idG76niZlZ0YFUq+L1W9+0dybmzjAo11OBE0pzrkW27gZXl76Q6NwbYmUMd6; 4:hX+wWh3Cv3gNlZ7hRyRDUX1YfjAMrdc23+5uG2AoNCT02RcawhDqgUNAdqOoM4c4RplWQFcnK5lOu+x0Id4MrLa6pXQj3dbrK4yjBA/FcKPOgkbx3O3qC/2+1sqUgjMB/UBPNNzZP+ZOVDKeUPr6s3PWmZFJAp7d1r2Wki8x7q05lPS1GHeDa3UUe9Oh0xh+rCcLCbPwsc9ubYXvGeEXO7n6rEQgv7j7YUmFpvrb2SzCQtCdtEbdCzWHh9NqKwjcy7g1acL1SDtbwBF81lrY5cT0yuzx8t0u+faukgegYap1beAeBUH3O1IBjPmRszPzbVVs/+ZEDbjRcNa7VgF93A== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501161)(52105095)(6055026)(6041288)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123562045)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05961EBAFC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(366004)(376002)(396003)(39380400002)(189003)(199004)(229853002)(230700001)(23676004)(50466002)(97736004)(2950100002)(53936002)(6486002)(2486003)(64126003)(6666003)(6246003)(76176011)(6512007)(31696002)(52146003)(105586002)(36756003)(52116002)(31686004)(478600001)(68736007)(106356001)(81156014)(8676002)(81166006)(59450400001)(65806001)(6506007)(8936002)(65956001)(66066001)(5660300001)(7736002)(25786009)(58126008)(53546011)(386003)(26005)(47776003)(305945005)(3846002)(4326008)(6116002)(86362001)(16526019)(186003)(54906003)(65826007)(2906002)(316002)(213903007); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:Brijeshs-MacBook-Pro.local; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU4OzIzOk1MbnNCd1d6TjBoUko5emE1UmpQem11TENE?= =?utf-8?B?Nis1cWhlZC9hb2lpdExxMGtBY0V2aHhoYVQ4VjJyRDJwc0d6bVRnQWV5ODRO?= =?utf-8?B?Tml1MnNnYkxzcGpkay9pa1I2SEhsbWdXbUg0bS9GTXA3bm9FRDllL2JSck1N?= =?utf-8?B?SmJFWFk0c09HSG9DSGdWeVFERGowYit6MXIvVTZMMEhJdG16TnlGU2NGcVl6?= =?utf-8?B?cGxxcFF6VUVDL04rUUhFUTB2cmdSTkE1UkRMZHN2VjNtVHZJcUdLbmZpNlov?= =?utf-8?B?dVZ5blhKWDFNekRLNUR4STJCNVM5U2dFc3ZWeGc4bWMvN2FDUWFFTlVjV29F?= =?utf-8?B?Z05VMHVlbHk4ZHZkQTZlc0o2TDBCaUhCUmovYTVlT21Pa25rL29GYWxuVmhn?= =?utf-8?B?czduOHkwYjJ6Q2s5MTZpajJWMGhWL2dCRllJNCttZFlIU1J5YlFQeE1OYW1i?= =?utf-8?B?dGt4SUFWeU5mU05DbkQvYzBFWlg4WjBVb3p0eFlYWnV2R0c3bDdFRmgycm5H?= =?utf-8?B?OU5pSVJHU0xUMDZTL3p2T1hVd3N0bUcvN3VUaSt1Y1hwWURRa2JCM3g4eVNp?= =?utf-8?B?NVRJNGpnNWQzdTFTZUpHYTltQ3laSHBzbm5FalZQMWdMR1VWdlEwYUk5Q3pJ?= =?utf-8?B?dDQ3RWZ6VkN5ckd3SytNbmloOE5JbENLaDRDVDBWRUQrcGplVlR4MTZ6bUhr?= =?utf-8?B?c1JLWjZScXJWL29seGtoaStMdUZBbTlSWGhXcHV5NEZvWUJJTUNqTHZzUHZz?= =?utf-8?B?YUoxeHBuOTRRTDNCWkcrOEd5RU43SnU1VmVEdHdDM2pJNHpoWFpYMm95d3Ni?= =?utf-8?B?MlI4aTdoK1FXSXo5OEVhTlpzYkRhZmdWWFovMWZlOFkwRzJuandDL3BqQkJq?= =?utf-8?B?RU95UEhuUEFMd05aWHRGSkxlZk80ZFNVeW5leDZoaGUveGljcjFIa1BIS3dH?= =?utf-8?B?V1p2eFVyRUdpZ0JscGY4U1JRZGN3L0JkUU1uYmo1U1FBejYvM3FBaUJmVUE0?= =?utf-8?B?Nk1nbmJDSjdPd1BPdDc1QnRWVkF0WXRWN2paTUlpMWdadXdLbFRpeWp0bHpK?= =?utf-8?B?SThsUDcvOHJLd24vcTV2MkhLcmdLNnNzak5zV1o4Und4WWJZMisrNklKanJa?= =?utf-8?B?TG1LRUFsVXFtV05yTTlBZnRiVm5KbE5uYVQyb3M4TTcxTmQzMEUxMFgzaVNV?= =?utf-8?B?MFpQQ0p0VnNEa20zZmxVOE5sdzV6LzlGTDBPbm1ZeXdDOEJxSHlUQjJFTGs3?= =?utf-8?B?cUx0WlY3bjVXYnc2UVZMWWlnUXZjdndHT0N0dzJPZjVDVDRTTHZDc1ZBT1No?= =?utf-8?B?NEo5V3RNMi9iSXZYbXdSaEcyZWhSbkUrTVpkZ0NycDBKTWhnNGVpTmwrWUF2?= =?utf-8?B?ODFVRW5RT1k5Ym5EV1JTUmRxb3orTTNQMEdmQTJOdWVaRWo4L2xiMU9TMnBt?= =?utf-8?B?dUdwbHRXVDgxZm01RU4vcllmL0l2b3pBZEdTN0RDSkdvK0dEaWRlOHh0SDlF?= =?utf-8?B?KzM3TTY4dVF2NFBFTWMrekc2VjlhZGRCZUFXaDlaNUdJb0UxeUVyUVc3eFQz?= =?utf-8?B?eXU1VzFlWEJlZFBKSEVNenVoSGFaSW9PUi9NNVRJakxtSFRrOWVpbWtBS2lR?= =?utf-8?B?ZHE1aGF6T3hEK25PekZWL1RMa3BoQWhSaDZZK2FpTG1jbWZoR0pITFRCWXNS?= =?utf-8?B?YVhHWmViRDUyR0NKMkUxL3FvcURYSUpyTzdiZllMY01OZVI2eFk0VU1qYy9w?= =?utf-8?B?OTlqaUNGcklTY0tDejRyZDhmSGU0ejVGZ0djZi9ibUwxTG96NHZSaFFSR0c5?= =?utf-8?B?aW1lOFhIQkxnamg5YzRaWWRGUWdSVEd6elhhS0ZJMGtma1E9PQ==?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:TCVpMsWm5FtO0kE4GjCnXsD/cMveIkKm7nEEY6JBOsVxpFp/e9eT8DAjOCsmTnpHNZdHhIV33qwM+2YH2/SAMyEkuAURIWW7iEgapPUn9WaTJOq6GTY681nl7FuRs/95KeJZ5xfoWPFv8o/TqCrzl2CWjIBKovKnVrr1h/0iLvGBAnDS9eeMvwguxoWImYh2t35TEAWpHpCvm+fsAx2aJxHvsqhxgLGVatG67iu+KYjIioY6i0irn45qxHB+0bKZ3GrEex7XwpIvl6hM+CMvThoC8m18Cwzy/ObCWJKH5kguaS/ikjxmlGuSM/Bhp9R4QGRLWcn+s6HT4HtPvCj3Z/agEK2wFxrT0aTHR41FPys=; 5:+b7AT/Si8gSPxhnS/gGmtjRlpvN5+ScMm4ZCoevMkrRHfQ5yncCCkWCh4G2zjPpRhKkFIXOR9zXd37fynMQDmcyb1Z+ca2zGzjN2jrT7MupjJQilow10/NbLvQ5cnuyO4dPGoW7PVVSkr+EaAmQ+A0gSDhPc0oGCxgwLk1pAZh4=; 24:9xZJmikDYjnp43xM5VF2WInhZUlbqDz5dhYslUEubDz3gwA16P8c7vbADLkyMBUXQ2jBCVpwtbjd3Ly+N50M8WsTZoVUeoG63DZBN/l1r1c=; 7:fy9gWe/Zqx/2gTAmN7lQOo0SHTU6s5DYECRwDmrfCZfLCPfweIF8hCQtgn7M+kmhXOcsV79Ibk61CxOqxDskV8CxuyW0mVarE53aH1r5moROGK5M76RKIfzEYAyQL4LHmXKE2qRRPdTN3GM08BAqi0Qhw/Z7Ru1vcT81l+2ew50FqKaJQ+zzuLfdi3L7hSLR02pXENlAhZVFbpq6No8O+AmrFOUW3kYjVclM4UbZoYtVU0TPmIiuuBQN7WUpO3Iw SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:Q5OFxfkcRo54Zzeb9GhB+3nDSwzqJG3VrEo+x370Kad9YZIA7mO4GTqJbmBv52IGOY90pjuVSmBoEGxBQnY26d+3CJVgv8xWkqrKH4v+15ErI2ToPvviaZPZDCUMgi0kzZPexmwOxR4OOByLVNGHDLyKybubilPsFYXSIAATfW5Q6XBTtqmyOzGD8uEVI1iZSCaXs/Yxtvecc5aTZSo9MyaMj486Px2Y19QC41XT3qrJeeDtlifACJMgef2U0BDK X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2018 12:23:16.0066 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a8947faf-6b6b-42a6-1e75-08d57ddce14f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Subject: Re: [PATCH 2/2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Clear C-bit when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 12:17:14 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 2/22/18 6:08 AM, Laszlo Ersek wrote: > On 02/21/18 17:52, Brijesh Singh wrote: >> Commit:24e4ad7 (OvmfPkg: Add AmdSevDxe driver) added a driver which runs >> early in PEI phase and clears the C-bit from all MMIO regions (including > s/PEI/DXE/ > > >> Qemu Flash). When SMM is enabled, we build two sets of page tables; first >> page table is used when executing code in non SMM mode (SMM-less-pgtable) >> and second page table is used when we are executing code in SMM mode >> (SMM-pgtable). >> >> During boot time, AmdSevDxe driver clears the C-bit from the >> SMM-less-pgtable. But when SMM is enabled, Qemu Flash services are used >> from SMM mode. >> >> In this patch we explicitly clear the C-bit from Qemu flash MMIO range >> before we probe the flash. When OVMF is built with SMM_REQUIRE then >> call to initialize the flash services happen after the SMM-pgtable is >> created and processor is serving the first SMI. At this time we will >> have access to the SMM-pgtable. > The problem statement is good (including the comment in the code). > > However, I would prefer if we could reflect the full AmdSevDxe logic to > the SMM page tables. In other words, when -- or shortly after -- the SMM > page tables are built, we should clear the C-bit in all those PTEs that > cover known MMIO and as-yet NonExistent memory ranges. We already have a > bunch of "mAddressEncMask" usage in PiSmmCpuDxeSmm. > > Can we investigate this a bit? If it turns out to be impossible, I guess > I might be OK with this patch. I will investigate this a bit. The reason why I didn't replicated full AmdSevDxe logic is because I thought in SMM world we don't need to do all those MMIO accesses etc but if its not the case then I agree we should implement the full logic here. > > I have more comments: > > >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Brijesh Singh >> --- >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf | 1 + >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h | 5 +++ >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c | 5 +++ >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c | 10 ++++++ >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c | 35 ++++++++++++++++++++ >> 5 files changed, 56 insertions(+) >> >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf >> index ba2d3679a46d..d365e27cbe59 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf >> @@ -53,6 +53,7 @@ [LibraryClasses] >> DevicePathLib >> DxeServicesTableLib >> MemoryAllocationLib >> + MemEncryptSevLib >> PcdLib >> SmmServicesTableLib >> UefiBootServicesTableLib >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h >> index 1f9287b08769..704ed477ba14 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h >> @@ -189,4 +189,9 @@ VOID >> InstallVirtualAddressChangeHandler ( >> VOID >> ); >> + >> +VOID >> +FvbBeforeFlashProbe ( >> + VOID >> + ); >> #endif > Please drop the "Fvb" prefix; this function is not an FVB protocol member. Will do. > > >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c >> index 558b395dff4a..b7b9bf1fb8d9 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c >> @@ -967,6 +967,11 @@ FvbInitialize ( >> UINTN NumOfBlocks; >> RETURN_STATUS PcdStatus; >> >> + // >> + // execute platform specific hooks before probing the flash >> + // >> + FvbBeforeFlashProbe (); >> + >> if (EFI_ERROR (QemuFlashInitialize ())) { >> // >> // Return an error so image will be unloaded >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c >> index 63b308658e36..7d274c08ad12 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c >> @@ -155,3 +155,13 @@ InstallVirtualAddressChangeHandler ( >> ); >> ASSERT_EFI_ERROR (Status); >> } >> + >> +VOID >> +FvbBeforeFlashProbe ( >> + VOID >> + ) >> +{ >> + // >> + // Do nothing >> + // >> +} >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c >> index e0617f2503a2..d97b13f47bf7 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c >> @@ -17,6 +17,7 @@ >> #include >> #include >> #include >> +#include >> #include >> #include >> >> @@ -67,3 +68,37 @@ InstallVirtualAddressChangeHandler ( >> // Nothing. >> // >> } >> + >> +VOID >> +FvbBeforeFlashProbe ( >> + VOID >> + ) >> +{ >> + >> + ASSERT (FeaturePcdGet (PcdSmmSmramRequire)); >> + >> + // >> + // When SEV is enabled, AmdSevDxe runs early in PEI phase and clears the C-bit > s/PEI/DXE/ Will do. > > >> + // from the MMIO space (including flash ranges) but the driver runs in non SMM >> + // context hence it cleared the flash ranges from non SMM page table. >> + // When SMM is enabled, the flash services are accessed from the SMM mode >> + // hence we explicitly clear the C-bit on flash ranges from SMM page table. >> + // >> + if (MemEncryptSevIsEnabled ()) { >> + EFI_STATUS Status; >> + EFI_PHYSICAL_ADDRESS BaseAddress; >> + UINTN FdBlockSize, FdBlockCount; >> + >> + BaseAddress = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfFdBaseAddress); >> + FdBlockSize = PcdGet32 (PcdOvmfFirmwareBlockSize); >> + FdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / FdBlockSize; >> + >> + Status = MemEncryptSevClearPageEncMask ( >> + 0, >> + BaseAddress, >> + EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount), >> + FALSE >> + ); >> + ASSERT_EFI_ERROR (Status); >> + } >> +} >> > I think it would be better to hook this logic into > QemuFlashInitialize(). That function already computes mFlashBase, > mFdBlockSize and mFdBlockCount. Right before the call to > QemuFlashDetected(), we could call BeforeFlashProbe(). The latter could > take the base address, the block size and count as parameters, or just > use the global variables. > Let me see what I can do. > But, again, my preference would be to mirror the AmdSevDxe logic into > (or right after) the SMM page table setup. Perhaps that can be done in > SmmCpuFeaturesInitializeProcessor(), when IsMonarch is TRUE -- this > function is called from SmmInitHandler(), and at that point, the SMM > page tables are already in use. (See above the SmmInitHandler() call > site in "UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmInit.nasm".) Ah, I didn't know this one. I got SMM working with very small patch set hence never looked in UefiCpuPkg for complete understanding of various SmmFeatureLib routines but now I am looking more into it and I think we may able to use SmmCpuFeatureInitializeProcessor() routines. > Thanks, > Laszlo