From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.49]) by mx.groups.io with SMTP id smtpd.web08.11266.1634312802741228651 for ; Fri, 15 Oct 2021 08:46:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=RoimUSC2; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.49, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gWp6TzC5bDQia7NjNnl0kVH6gkLXhXZ/7gQOYvoF03xbZwyeF32FQkQNXqgsI23/veyJ0jbAK64QhUyMph6AjpyBNcrjjdOsf44r3oDUuf/9GryiSRfgJbAumefb69c48559dMmID+EGH+6l4ES4MA2x3eIUqirvFFLSQQs9MdxwcWfl0b+8LVlj7Vx/22HRRURuElSlmygbrTgXCqAGiWMYyOZ2raFXm45eeyhLagv8lFBF9ZDpfNNT2e3R+DAkS6FEm+AZ6khiQYWZ9Q3UeIZGeiZGuBeLDK13v0iNCioA2qcI/0SD+DvknW1ZgEJhuKYORAzC1h8rIgBvft1YJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VRVCdFK2RqDoZS4kdXT0XcgEKKBj3N0niPi6CA8GBnQ=; b=V3Ym98YTCYc9J72G8TB/bqD81c3eq5aXsRLFN3yAX8pbU/xQk+MmDof/Rqx75e9/U1bTO0T87dqtXrE+SqAQGhc96InXu0xPiQpfyM0NwyWXdmswf4lP2p8Vjk5JZR+7iH1XV4NHCBerF6zC+a1OBEd5+XWbtI3g7HpAG0FQWAwD+KQsg3rzDJ+5NoAZQ6bhYNBNT1c13HUQfRyOhmhvyY0lvmgpiG0EBsKjJolbJL+8CKrIS/A3QFBSxnJfORaLZNcTEWpIbjXVuneNt8lfL3cuwS0YtKb+hMVfbtAw/W5oN8NFwmcPJk00H2lW/FqmUdmLLsAybB8695pbDgYzxg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VRVCdFK2RqDoZS4kdXT0XcgEKKBj3N0niPi6CA8GBnQ=; b=RoimUSC2T1qS9nn/Dx++BSaLcPwnsruRjPytGUIZdZUFDRL67LUIDlIUD2jmEFLHYbYa+Os05iXjNdviMP6HpoyGxJQUV0B4AGPKmTmC3rZRRoWXFn8Cs5EligcuTzaLlrYtTCrLjjk8zmqKdz3FUYt8PMwLIfeOOqpa/Fm+Da8= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2543.namprd12.prod.outlook.com (2603:10b6:802:2a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16; Fri, 15 Oct 2021 15:46:40 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4587.032; Fri, 15 Oct 2021 15:46:40 +0000 CC: brijesh.singh@amd.com, devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth Subject: Re: [PATCH v9 30/32] OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map To: Gerd Hoffmann References: <20211013165713.727815-1-brijesh.singh@amd.com> <20211013165713.727815-31-brijesh.singh@amd.com> <20211014085851.e5xtspfcyz75lgog@sirius.home.kraxel.org> <6bb1abde-3795-1917-92b1-6659ac98846d@amd.com> <20211015052648.rcr55juuhoit4efh@sirius.home.kraxel.org> From: "Brijesh Singh" Message-ID: <8689d369-b5a3-07ee-5df5-981637224fcd@amd.com> Date: Fri, 15 Oct 2021 10:46:36 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <20211015052648.rcr55juuhoit4efh@sirius.home.kraxel.org> X-ClientProxiedBy: BN6PR1201CA0017.namprd12.prod.outlook.com (2603:10b6:405:4c::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (165.204.84.11) by BN6PR1201CA0017.namprd12.prod.outlook.com (2603:10b6:405:4c::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16 via Frontend Transport; Fri, 15 Oct 2021 15:46:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8c671995-f4fc-4f8f-a058-08d98ff2fac0 X-MS-TrafficTypeDiagnostic: SN1PR12MB2543: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JDNFkcbVrZ/fhnfFUupGL7PljKXup++FctQkpSnKVQ6NiCCxuytcdp0P7USk/KGnnTvfDVp2Eu/HJPrXFz4Y+U96udck3ra8ynYoDEOrtSmxCUmH6AeGcRCa0PvTMDafMMC3OwVizY8x+6J5rzD4EXaHpWUtu2f1G9Nm+mR2B8jVoMWoyvVR8gYkWW+vD3iiusvpp6wtwoLqlDR2n2ugvS+s5ZjfnG75KAPa/R6HKmZ+1RWUVs2WSA9iS92SYeTNClDmA3NG1Ygnd4wTECZBq2mO1kGO2SeNCUt1cAlw8hpbJg9NYwitcZ7cxdGzStXESjVt3LSAjOJC6gnBpk4bEljD4DJ922EnkfENmGpeSZ7Z+LV/fLbnGNMweqjv8xYWdoMuhV3PhBgUTP7RvS9+zpUw4LbvcJup2k4KCttZTh9widiAISqsMkqKaydy588J4MBuWBp7OX86n/Owtd+gVULSJ7Jwdg0FnCV2H671ws1AaeadI846TTr8IsRmEenqrXAF+P8TioWcFEYEMIhm7QrorM2cOcqviz8oqKsp1Y/DBMsJtC63PWBENRQZjnV03rThGs8njyaz7603DnDapyy8kVg6DqlmqnexkZkEFtorQffUDql70mA6k3phiIbps8XcMd1r3lUxkjrlEg1NobJE5zGnpELHuIXCi2XUo7mTJl3jVjHamSMQwZ9CBb/7RbyyZZvi1WK/UK8C21nDRMPv10liAFj234rwtPaw1njzQpUe7GZyBnfsRjhOjkuB7thwO6nmZObA5tAHXFq6aH+s6MqaRdnSDbZ/Z+aP3/esacp3UCimHKTdJA77SuWA X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(8936002)(5660300002)(38100700002)(6512007)(86362001)(6486002)(31686004)(53546011)(26005)(44832011)(36756003)(2906002)(6506007)(186003)(956004)(66476007)(66946007)(2616005)(66556008)(8676002)(316002)(31696002)(83380400001)(4326008)(508600001)(966005)(54906003)(6916009)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Lko1HIwPdBExA7AQnUMZUfsKactoLKRE+ToE1/dslytnAozT9dGqtLapSobl?= =?us-ascii?Q?ahK09jXX2sF3LpsZX3U/mvt+MFzrVq5A45K6WkcimisIQZTG6cRSpWM2OM0C?= =?us-ascii?Q?5g0cTV6feQnYfXnoi0OsgjW/2/K/lJc4/i/J4ZSVRLdoBW2VB1Q7Rk0njxI/?= =?us-ascii?Q?DkTSSjWqNzyIME5vHY+lBruIYk46V1fggNc3WiYK53kYa33/SittVZwiE6f7?= =?us-ascii?Q?SC3Xpigi2GZSDVAYJhFqFDq2g/WgBF0xJjUzNsXfCe/qazFMvVojERTfyP2A?= =?us-ascii?Q?ZXxG0MDL3yVc0BopggM0ckzDesSkwV2ypGMwjwGyi267hVaV0qbOUii/FHgj?= =?us-ascii?Q?HfZcoDdUKiIi5BKmiNGel/dLi5/ZtVYyGNKi5ri/LQrIT/wbTamv/Af75vQ8?= =?us-ascii?Q?KXrVNgoophSbvhJ3jsAt4nqCqRl/GscKLgoG3UscYo5yqczOc8v7XdVkN2uX?= =?us-ascii?Q?ybmb+2oWLZRgaTCz4/O667ybTUX7SUdIy8kTfDA7c9sxkaYEfYQ7Nh7pVmBk?= =?us-ascii?Q?LY3dGChSNsVq7KCNGVeBrzp0YlGM7cloyuB8mJ6zWgWW2K5jNhjNh0no3Mc8?= =?us-ascii?Q?QDOC/Kz9Oxy5E7xn0ClkKa8Xc0wBaay2P7ptV1O6p3uJsY0BuTqjuiK1qh2X?= =?us-ascii?Q?ly093ZssAdS5VvmVnLsivDHDtKqqapRlsS23J7RVnS9kVTZ5ZLi92PQpA0FS?= =?us-ascii?Q?CpEiQbFWbc6OO18SluuUN1Gg9K85iileGZM0ACNNJd1NTDGkH6a1/opqimnL?= =?us-ascii?Q?CNfGocdhUjFOoOajODg++JKGHjxxvyfClZ9/9K19Ogn6nFO6+/wjriJ9qWLM?= =?us-ascii?Q?x32vV5hdO/N5ykRErtsw7Hil/f1p5wlT8OPy475k6eyO24C6Yo/R/cubTxfo?= =?us-ascii?Q?yK0/6eobESS6rgtfB0cx0nUZNTV4SzHU5UTgoUhtUJG2TsoBM6uHtNRw+FDj?= =?us-ascii?Q?ZAs1HQh2WY2C8FH2+SeHLwFCVsFLnZB5iESgyTA4zxFcksDaGRo4JzAkcckz?= =?us-ascii?Q?srGh1LdTLxOIlaw77NNWAljwSIoY25quOxKTdde7KiEdatkM7zrKVwFnp2ey?= =?us-ascii?Q?40sBUR+bQ8Qk+z7wAm4RRHeOFR4t2XHpen7f58trqzHc1U5ghYZO/b/kAuDr?= =?us-ascii?Q?WC7OGmagM8n2hxdjcf79Lyif0EgQJ5gDGhXAUH9GdJjXcNxJJyyrKFmlMgP0?= =?us-ascii?Q?RygDUjAHj7M34oNospi2uKosKJ0NMUn3BL3UMKEoZdQHZQcqK+im9YejXaSZ?= =?us-ascii?Q?AAhzUMYKhB8CV8Mi1UbXRKKGG13elvhgd+E5qZEWmKTtHw803U9eDKI0lvj1?= =?us-ascii?Q?/sO2KH35KgqYFsRMgemj6aIQ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8c671995-f4fc-4f8f-a058-08d98ff2fac0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2021 15:46:40.3230 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gUv3QoHe/eix771z0m0fzhSfF6eY6sYaEM0kjRyosPKOZS1BSuaJTjkTrSPMknhlYJK4nn82tYHIruGoDR5R7w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2543 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US On 10/14/21 10:26 PM, Gerd Hoffmann wrote: > On Thu, Oct 14, 2021 at 05:11:22PM -0500, Brijesh Singh wrote: >> On 10/14/21 1:58 AM, Gerd Hoffmann wrote: >>> On Wed, Oct 13, 2021 at 11:57:11AM -0500, Brijesh Singh wrote: >>>> When SEV-SNP is active, the CPUID and Secrets memory range contains th= e >>>> information that is used during the VM boot. The content need to be pe= rsist >>>> across the kexec boot. Mark the memory range as Reserved in the EFI ma= p >>>> so that guest OS or firmware does not use the range as a system RAM. >>> Why is this needed? Isn't the complete firmware memory tagged as >>> reserved anyway? >> PlatformPei detects all the guest memory and marks it as a SYSTEM_RAM >> unless its an MMIO or added as reserved in e820 map file. Since the >> Secrets and CPUID pages are part of system RAM so we need to explicitly >> exclude these region. > secret and cpuid are in memfd which in turn is part of the firmware > image mapping which is reserved in the e820 map: > > kraxel@rhel8 ~# dmesg | grep -i e820 > [ ... some lines snipped ... ] > [ 0.000000] BIOS-e820: [mem 0x000000007ff7c000-0x000000007fffffff] res= erved > [ 0.000000] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff] res= erved > [ 0.000000] BIOS-e820: [mem 0x00000000ffc00000-0x00000000ffffffff] res= erved <=3D here > [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000027fffffff] usa= ble > > I think they should be covered already ... The MEMFD range is outside of the firmware image map,=C2=A0 MEMFD begins wi= th 0x800000 [1] and in my boots I don't see it reserved in e820. Here is the snippet. [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x0000000000000000-0x00000000= 0009ffff] usable [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000= 007fffff] usable [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x0000000000800000-0x00000000= 00807fff] ACPI NVS [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x0000000000808000-0x00000000= 0080afff] usable [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000000080b000-0x00000000= 0080bfff] ACPI NVS [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000000080c000-0x00000000= 0080ffff] usable [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x0000000000810000-0x00000000= 008fffff] ACPI NVS [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x0000000000900000-0x00000000= 7f4eefff] usable [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000007f4ef000-0x00000000= 7f76efff] reserved [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000007f76f000-0x00000000= 7f77efff] ACPI data [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000007f77f000-0x00000000= 7f7fefff] ACPI NVS [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000007f7ff000-0x00000000= 7fcfbfff] usable [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000007fcfc000-0x00000000= 7fd7ffff] reserved [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x000000007fd80000-0x00000000= 7fffffff] ACPI NVS [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x00000000b0000000-0x00000000= bfffffff] reserved [=C2=A0=C2=A0=C2=A0 0.000000] BIOS-e820: [mem 0x0000000100000000-0x00000001= 7fffffff] usable [1] https://github.com/tianocore/edk2/blob/master/OvmfPkg/OvmfPkgDefines.fdf.in= c#L97