From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web11.47935.1597683809179909182 for ; Mon, 17 Aug 2020 10:03:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UU7l79mi; spf=pass (domain: redhat.com, ip: 207.211.31.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597683808; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jvj8YRHdZzE/UM4JglDUwSE/zYlgPkm3frqeMlhiBD4=; b=UU7l79miSNnxgZgX2Ef2cj7P4WODoec49u056e9+vfjh7ZW+SP7RJAMOMihOaS7CbbWDmk dLvvWDxbFPHFZ1ArukD4vAPt3TRGRF/BFlxy5HsH3oZo0dFqcxTNhwmC0WMDUJi2d0RGf4 Lrnf48byVIrEzS+2Ur15nrRUOcJnjIw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-115-EiSFUsf9ONmbf-V5769CTw-1; Mon, 17 Aug 2020 13:03:10 -0400 X-MC-Unique: EiSFUsf9ONmbf-V5769CTw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 64C41425DC; Mon, 17 Aug 2020 17:03:07 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-161.ams2.redhat.com [10.36.112.161]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3E9EF5D9D2; Mon, 17 Aug 2020 17:03:03 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v15 00/46] SEV-ES guest support To: "Gao, Liming" , "devel@edk2.groups.io" , Tom Lendacky Cc: Brijesh Singh , Ard Biesheuvel , "Dong, Eric" , "Justen, Jordan L" , "Kinney, Michael D" , "Ni, Ray" , Andrew Fish , Anthony Perard , "You, Benjamin" , "Bi, Dandan" , "Dong, Guo" , "Wu, Hao A" , "Wang, Jian J" , Julien Grall , Leif Lindholm , "Ma, Maurice" References: <3bdffcbb-dba1-ce8b-5b3c-ed7d94dc1db5@redhat.com> <162AFDBB197F7CE0.20848@groups.io> From: "Laszlo Ersek" Message-ID: <8d901d1e-b24b-b54e-c8ae-a56563d20ff3@redhat.com> Date: Mon, 17 Aug 2020 19:03:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0.004 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit On 08/17/20 06:09, Gao, Liming wrote: > This patch set have been merged edk2 7f7f511c5a74676523ed48435350f6e35282b62b..7f0b28415cb464832155d5b3ff6eb63612f58645 Thank you! Laszlo > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Liming Gao > Sent: 2020年8月14日 9:20 > To: Laszlo Ersek ; Tom Lendacky ; devel@edk2.groups.io > Cc: Brijesh Singh ; Ard Biesheuvel ; Dong, Eric ; Justen, Jordan L ; Kinney, Michael D ; Ni, Ray ; Andrew Fish ; Anthony Perard ; You, Benjamin ; Bi, Dandan ; Dong, Guo ; Wu, Hao A ; Wang, Jian J ; Julien Grall ; Leif Lindholm ; Ma, Maurice > Subject: Re: [edk2-devel] [PATCH v15 00/46] SEV-ES guest support > > Laszlo: > > -----Original Message----- > From: Laszlo Ersek > Sent: 2020年8月14日 3:54 > To: Tom Lendacky ; devel@edk2.groups.io > Cc: Brijesh Singh ; Ard Biesheuvel ; Dong, Eric ; Justen, Jordan L ; Gao, Liming ; Kinney, Michael D ; Ni, Ray ; Andrew Fish ; Anthony Perard ; You, Benjamin ; Bi, Dandan ; Dong, Guo ; Wu, Hao A ; Wang, Jian J ; Julien Grall ; Leif Lindholm ; Ma, Maurice > Subject: Re: [PATCH v15 00/46] SEV-ES guest support > > On 08/13/20 15:22, Tom Lendacky wrote: >> From: Tom Lendacky >> >> This patch series provides support for running EDK2/OVMF under SEV-ES. >> >> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on >> the SEV support to protect the guest register state from the >> hypervisor. See >> "AMD64 Architecture Programmer's Manual Volume 2: System Programming", >> section "15.35 Encrypted State (SEV-ES)" [1]. >> >> In order to allow a hypervisor to perform functions on behalf of a >> guest, there is architectural support for notifying a guest's >> operating system when certain types of VMEXITs are about to occur. >> This allows the guest to selectively share information with the >> hypervisor to satisfy the requested function. The notification is >> performed using a new exception, the VMM Communication exception >> (#VC). The information is shared through the Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT instruction. >> The GHCB format and the protocol for using it is documented in "SEV-ES >> Guest-Hypervisor Communication Block Standardization" [2]. >> >> The main areas of the EDK2 code that are updated to support SEV-ES are >> around the exception handling support and the AP boot support. >> >> Exception support is required starting in Sec, continuing through Pei >> and into Dxe in order to handle #VC exceptions that are generated. >> Each AP requires it's own GHCB page as well as a page to hold values >> specific to that AP. >> >> AP booting poses some interesting challenges. The INIT-SIPI-SIPI >> sequence is typically used to boot the APs. However, the hypervisor is >> not allowed to update the guest registers. The GHCB document [2] talks >> about how SMP booting under SEV-ES is performed. >> >> Since the GHCB page must be a shared (unencrypted) page, the processor >> must be running in long mode in order for the guest and hypervisor to >> communicate with each other. As a result, SEV-ES is only supported >> under the X64 architecture. >> >> This series adds a new library requirement for the VmgExitLib library >> against the UefiCpuPkg CpuExceptionHandlerLib library and the >> UefiCpuPkg MpInitLib library. The edk2-platforms repo requires >> updates/patches to add the new library requirement. To accomodate >> that, this series could be split between: >> >> patch number 10: >> UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib library >> >> and patch number 11: >> UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC >> exception >> >> The updates to edk2-platforms can be applied at the split. >> >> [1] https://www.amd.com/system/files/TechDocs/24593.pdf >> [2] https://developer.amd.com/wp-content/resources/56421.pdf >> >> --- >> >> These patches are based on commit: >> 65904cdbb33c ("UefiCpuPkg/MtrrLibUnitTest: Change to use static array >> for CI test") >> >> A version of the tree can be found at: >> https://github.com/AMDESE/ovmf/tree/sev-es-v24 >> >> Cc: Andrew Fish >> Cc: Anthony Perard >> Cc: Ard Biesheuvel >> Cc: Benjamin You >> Cc: Dandan Bi >> Cc: Eric Dong >> Cc: Guo Dong >> Cc: Hao A Wu >> Cc: Jian J Wang >> Cc: Jordan Justen >> Cc: Julien Grall >> Cc: Laszlo Ersek >> Cc: Leif Lindholm >> Cc: Liming Gao >> Cc: Maurice Ma >> Cc: Michael D Kinney >> Cc: Ray Ni >> >> Changes since v14: >> - Address ECC errors >> - Fix non-boolean comparison to use a comparison operator >> - Separate declaration and initialization of variables >> - Add period to first line of block comments >> - Split single-line multiple declaration into multiple lines > > The changes look good to me, thanks! > > In this particular case, the updates do not invalidate my "Regression-tested-by" given under v14: > > https://edk2.groups.io/g/devel/message/63921 > > """ > For all patches except #10 ("UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib library") and #46 ("Maintainers.txt: Add reviewers for the OvmfPkg SEV-related files"): > > Regression-tested-by: Laszlo Ersek """ > > So whoever merges this series should please apply that to the respective patches. > > [Liming] Got it. This patch set has passed all review. I will help merge it for this stable tag stable202008. > > Thanks! > Laszlo > > > >