From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 84B19AC13CB for ; Fri, 8 Mar 2024 15:30:37 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Wnhz/xmDgjrYQXSZP8dLu89cCBW8I0hAj9TNCBLwWJw=; c=relaxed/simple; d=groups.io; h=Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20240206; t=1709911836; v=1; b=rOoC26/K22e5XfExHIazvqOM+afTlBRItymiUyVYwaIczMPBJzUFS2FjQAWHLlvmAXT/jrkC Q3zGcHe+oZn6ur8p5Xr2LmZzbuaIMiaP90Tju4QPVwsfFnyaNff+XKdxbCTommV1qpEinZ+e5I3 da9cXJn4arIy6eiLlSRP04Gq2UTFRuFrFLdZhoPrnbwmlrY/p9Y17/mKMk9CkY5Q1vDgJGiTXMJ OIDc/OS6CviRY5FqBsAa29kP2B0zRcC5qfkRCfRD3zOyU+zuHdO7foR4hi8VHVSBrUiR70txKh1 bCbBsUQJgu5LXZVhSzzCz+562QXaC6ikEBFA/B6l6cd9g== X-Received: by 127.0.0.2 with SMTP id LCzaYY7687511xs0KH9wUW7D; Fri, 08 Mar 2024 07:30:36 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.42]) by mx.groups.io with SMTP id smtpd.web10.24763.1709911835597274146 for ; Fri, 08 Mar 2024 07:30:35 -0800 X-Received: from CYXPR02CA0007.namprd02.prod.outlook.com (2603:10b6:930:cf::15) by CH3PR12MB9343.namprd12.prod.outlook.com (2603:10b6:610:1c0::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.27; Fri, 8 Mar 2024 15:30:33 +0000 X-Received: from CY4PEPF0000E9D5.namprd05.prod.outlook.com (2603:10b6:930:cf:cafe::f4) by CYXPR02CA0007.outlook.office365.com (2603:10b6:930:cf::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.28 via Frontend Transport; Fri, 8 Mar 2024 15:30:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D5.mail.protection.outlook.com (10.167.241.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7362.11 via Frontend Transport; Fri, 8 Mar 2024 15:30:32 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 8 Mar 2024 09:30:31 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v3 04/24] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Date: Fri, 08 Mar 2024 07:30:35 -0800 Message-ID: <8a7f5f4f224ed2679484492931495d915f028711.1709911792.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D5:EE_|CH3PR12MB9343:EE_ X-MS-Office365-Filtering-Correlation-Id: 10a12539-8a71-4dcf-8df3-08dc3f84b197 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: ejdXdryx/Hn7GHlm8hh3L0VSayJ/APLNrDXtXXd6FLa6lXhzXEK7JdmjYlBISkCQ24N6AfFnKdlZZ0xzGL8gpO4PKkGcVhN+vWxYJAM73bUqldD2Q2nS+UUrobq4WZk0MARoXr6eVMKnCoA9hgdXXfnhgMKvrS+r4eHNwWnRNtlG8PNxlwRP+fEnUEwzrjA9tFAr4fKwHrcjjHK5/UxHghnAuXSqeocTM3kQ4wyi3JlMzgLgXDM6+Fy0X29MtesELlhxvtBsaHDnopMeO1Y71q+rMtijQzumpn7v2ZYj/51E/G47xNq3/3ftorURCVl/2Y8Z3NK1xwZFd+6xjvrEnrD2NQUJgBLBIwUcP/pyh2z8v6AIHG4p2D5KIFj98jJalFESMndR8BeI3P9YYwLiu7KJN1ies+okpCWg5yOhPaaqwtqwm0zGvuG3bCALJsgwx9CB9+q93hT3SnRFvWeCqZusPi1+P692qEPnVyTr99pK4KvhSVLH4n0VuBjE1VJLPKiEyO22EmssslDXC8Ek5GJWt0XTaSWzn8Nae+XujTfpUAr/JtNKzw1U8v8P25/HiJuPQdCh/bndpT33E20MGR0QWFcsY07RzzICv3V8hmFRAgXpEU2i92hWnyCgrsJLybv39DA1MErFrJmuJaIRMKMfZW1eATj4tl5g7rOvDAN6rLAY1oig0pSW9vTqn0PGLP5O/QkzV9oaHRSLVywvXQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2024 15:30:32.6562 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 10a12539-8a71-4dcf-8df3-08dc3f84b197 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D5.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9343 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: nHjRGFIVD3Qx4LkFoaLJ5rdjx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="rOoC26/K"; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve them before any APs are actually started. The APIC IDs can be used to start the APs for any SEV-SNP guest, but is a requirement for an SEV-SNP guest that is running under an SVSM. After retrieving the APIC IDs, save the address of the APIC ID data structure in a GUIDed HOB. Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: Jiewen Yao Cc: Laszlo Ersek Cc: Michael Roth Cc: Min Xu Reviewed-by: Gerd Hoffmann Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 92 +++++++++++++++++++- 2 files changed, 92 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index ad52be306560..2206316fec9e 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -45,6 +45,7 @@ [Guids] gEfiMemoryTypeInformationGuid gFdtHobGuid gUefiOvmfPkgPlatformInfoGuid + gGhcbApicIdsGuid =20 [LibraryClasses] BaseLib diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e6b602d79a05..a9de33074a69 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -1,7 +1,7 @@ /**@file Initialize Secure Encrypted Virtualization (SEV) support =20 - Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<= BR> + Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<= BR> =20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -9,6 +9,7 @@ // // The package level header files this module uses // +#include #include #include #include @@ -31,6 +32,87 @@ GetHypervisorFeature ( VOID ); =20 +/** + Retrieve APIC IDs from the hypervisor. + +**/ +STATIC +VOID +AmdSevSnpGetApicIds ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 VmgExitStatus; + UINT64 PageCount; + BOOLEAN PageCountValid; + VOID *ApicIds; + RETURN_STATUS Status; + UINT64 GuidData; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + PageCount =3D 0; + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) { + PageCount =3D Ghcb->SaveArea.Rax; + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + return; + } + + // + // Allocate the memory for the APIC IDs + // + ApicIds =3D AllocateReservedPages ((UINTN)PageCount); + ASSERT (ApicIds !=3D NULL); + + Status =3D MemEncryptSevClearPageEncMask ( + 0, + (UINTN)ApicIds, + (UINTN)PageCount + ); + ASSERT_RETURN_ERROR (Status); + + ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount)); + + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)Api= cIds, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax =3D=3D= PageCount)) { + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + FreePages (ApicIds, (UINTN)PageCount); + return; + } + + GuidData =3D (UINT64)(UINTN)ApicIds; + BuildGuidDataHob (&gGhcbApicIdsGuid, &GuidData, sizeof (GuidData)); +} + /** Initialize SEV-SNP support if running as an SEV-SNP guest. =20 @@ -78,6 +160,14 @@ AmdSevSnpInitialize ( } } } + + // + // Retrieve the APIC IDs if the hypervisor supports it. These will be us= ed + // to always start APs using SNP AP Create. + // + if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) =3D=3D GHCB_HV_FEATURES= _APIC_ID_LIST) { + AmdSevSnpGetApicIds (); + } } =20 /** --=20 2.43.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116529): https://edk2.groups.io/g/devel/message/116529 Mute This Topic: https://groups.io/mt/104810685/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-