From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web10.4466.1620196978213042023
 for <devel@edk2.groups.io>;
 Tue, 04 May 2021 23:42:59 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=n+gbxv/e;
 spf=none, err=permanent DNS error (domain: linux.vnet.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.vnet.ibm.com)
Received: from pps.filterd (m0098417.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 1456WllP009164;
	Wed, 5 May 2021 02:42:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc :
 references : from : message-id : date : in-reply-to : content-type :
 content-transfer-encoding : mime-version; s=pp1;
 bh=b8Yy5gy+W7gtt2b4LbJ8LjlFUntOMmM2HfJfYBBcucA=;
 b=n+gbxv/eHQEKYSwTMN6HnlaU+MifbwYiO7Aue9sSQp0D9mQtWMKzDXHg4f0H9GEavFYp
 jj+iJnF5A0HzRNiFcASN7/OohxigTx1pMMj95HMJLIP3+AZrR0WDhpQFEyG3IgboD+d/
 bqAyf/AAMKJaXgCq1HCqFhlNquVVOdX4zFeU+4VwJloGAFzfdjcYCPH/wCRhmTDH50hI
 S4FdhU+gf9rOlFODEzf8x6ph+Xa2T8FgR2dxNGkJrrWW/Z79TwsRnd20xSDovbc1WBz5
 n961G1c5fJKQzKqfxSa5ufjoxtf/pEWWVhWka+pLMp/zdCUqP3Ca1GQZprNgX3RglSrx Og== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 38bnhs92bs-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 05 May 2021 02:42:55 -0400
Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1456YqHE017509;
	Wed, 5 May 2021 02:42:55 -0400
Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108])
	by mx0a-001b2d01.pphosted.com with ESMTP id 38bnhs92b5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 05 May 2021 02:42:55 -0400
Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1])
	by ppma05fra.de.ibm.com (8.16.0.43/8.16.0.43) with SMTP id 1456UhXS030480;
	Wed, 5 May 2021 06:42:53 GMT
Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195])
	by ppma05fra.de.ibm.com with ESMTP id 38beea82kv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 05 May 2021 06:42:53 +0000
Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62])
	by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1456goBU21299518
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 5 May 2021 06:42:50 GMT
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 5234BAE04D;
	Wed,  5 May 2021 06:42:50 +0000 (GMT)
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 305B3AE045;
	Wed,  5 May 2021 06:42:47 +0000 (GMT)
Received: from [9.160.96.23] (unknown [9.160.96.23])
	by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP;
	Wed,  5 May 2021 06:42:46 +0000 (GMT)
Subject: Re: [edk2-devel] [PATCH RFC v2 11/28] OvmfPkg: Reserve Secrets page in MEMFD
To: devel@edk2.groups.io, brijesh.singh@amd.com
Cc: James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
        Jiewen Yao <jiewen.yao@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Laszlo Ersek
 <lersek@redhat.com>, Erdem Aktas <erdemaktas@google.com>,
        "tobin@ibm.com" <tobin@ibm.com>
References: <20210430115148.22267-1-brijesh.singh@amd.com>
 <20210430115148.22267-12-brijesh.singh@amd.com>
From: "Dov Murik" <dovmurik@linux.vnet.ibm.com>
Message-ID: <8b46fe32-beda-0195-8c67-c7ef19194f85@linux.vnet.ibm.com>
Date: Wed, 5 May 2021 09:42:45 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.0
In-Reply-To: <20210430115148.22267-12-brijesh.singh@amd.com>
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: sHWnB0SPypZyb4TvYeOUKAfttHCtXYyV
X-Proofpoint-GUID: MDgmkSaeOwZI2LcIZUUERmxaQJTFJdXH
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761
 definitions=2021-05-05_02:2021-05-04,2021-05-05 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0
 adultscore=0 lowpriorityscore=0 phishscore=0 suspectscore=0
 mlxlogscore=999 priorityscore=1501 mlxscore=0 impostorscore=0 bulkscore=0
 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2104060000 definitions=main-2105050046
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

[+cc: Tobin]

Hi Brijesh,

On 30/04/2021 14:51, Brijesh Singh wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
> 
> When AMD SEV is enabled in the guest VM, a hypervisor need to insert a
> secrets page.
> 
> When SEV-SNP is enabled, the secrets page contains the VM platform
> communication keys. The guest BIOS and OS can use this key to communicate
> with the SEV firmware to get attesation report. See the SEV-SNP firmware
> spec for more details for the content of the secrets page.
> 
> When SEV and SEV-ES is enabled, the secrets page contains the information
> provided by the guest owner after the attestation. See the SEV
> LAUNCH_SECRET command for more details.
> 
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  OvmfPkg/AmdSev/SecretPei/SecretPei.c   | 16 +++++++++++++++-
>  OvmfPkg/AmdSev/SecretPei/SecretPei.inf |  1 +
>  OvmfPkg/OvmfPkgX64.dsc                 |  2 ++
>  OvmfPkg/OvmfPkgX64.fdf                 |  5 +++++
>  4 files changed, 23 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
> index ad491515dd..92836c562c 100644
> --- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
> +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
> @@ -7,6 +7,7 @@
>  #include <PiPei.h>
>  #include <Library/HobLib.h>
>  #include <Library/PcdLib.h>
> +#include <Library/MemEncryptSevLib.h>
> 
>  EFI_STATUS
>  EFIAPI
> @@ -15,10 +16,23 @@ InitializeSecretPei (
>    IN CONST EFI_PEI_SERVICES     **PeiServices
>    )
>  {
> +  UINTN   Type;
> +
> +  //
> +  // The secret page should be mapped encrypted by the guest OS and must not
> +  // be treated as a system RAM. Mark it as ACPI NVS so that guest OS maps it
> +  // encrypted.
> +  //
> +  if (MemEncryptSevSnpIsEnabled ()) {
> +    Type = EfiACPIMemoryNVS;
> +  } else {
> +    Type = EfiBootServicesData;
> +  }
> +

Would it make sense to always use EfiACPIMemoryNVS for the injected secret area, even for regular SEV (non-SNP)?

-Dov



>    BuildMemoryAllocationHob (
>      PcdGet32 (PcdSevLaunchSecretBase),
>      PcdGet32 (PcdSevLaunchSecretSize),
> -    EfiBootServicesData
> +    Type
>      );
> 
>    return EFI_SUCCESS;
> diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf b/OvmfPkg/AmdSev/SecretPei/SecretPei.inf
> index 08be156c4b..9265f8adee 100644
> --- a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf
> +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.inf
> @@ -26,6 +26,7 @@
>    HobLib
>    PeimEntryPoint
>    PcdLib
> +  MemEncryptSevLib
> 
>  [FixedPcd]
>    gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index a7d747f6b4..593c0e69f6 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -716,6 +716,7 @@
>    OvmfPkg/SmmAccess/SmmAccessPei.inf
>  !endif
>    UefiCpuPkg/CpuMpPei/CpuMpPei.inf
> +  OvmfPkg/AmdSev/SecretPei/SecretPei.inf
> 
>  !if $(TPM_ENABLE) == TRUE
>    OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> @@ -965,6 +966,7 @@
>    OvmfPkg/PlatformDxe/Platform.inf
>    OvmfPkg/AmdSevDxe/AmdSevDxe.inf
>    OvmfPkg/IoMmuDxe/IoMmuDxe.inf
> +  OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
> 
>  !if $(SMM_REQUIRE) == TRUE
>    OvmfPkg/SmmAccess/SmmAccess2Dxe.inf
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index d519f85328..b04175f77c 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -88,6 +88,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevE
>  0x00C000|0x001000
>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
> 
> +0x00D000|0x001000
> +gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
> +
>  0x010000|0x010000
>  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
> 
> @@ -178,6 +181,7 @@ INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
>  INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
>  INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
>  !endif
> +INF  OvmfPkg/AmdSev/SecretPei/SecretPei.inf
> 
>  ################################################################################
> 
> @@ -313,6 +317,7 @@ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
>  INF  ShellPkg/Application/Shell/Shell.inf
> 
>  INF MdeModulePkg/Logo/LogoDxe.inf
> +INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
> 
>  #
>  # Network modules
>