From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.57]) by mx.groups.io with SMTP id smtpd.web08.119.1649179979410138693 for ; Tue, 05 Apr 2022 10:32:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Z+i/JJR0; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.57, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mm/zcJbKJLPdKjv2qtlkh/LD5UUonUQPDyB918YhXSpIxLI4nT+FuOyWT9oPqCVIAO3JDhuE2rSEUim4ujUJCK+4tWuGRk3iGDmkWHu2t8XGnYlR8TaM+mvP0zhyEgVibnZCfaBufpm6pNu3z1yvBiObewQm2Sc9OGvFYV/+46gI7IdDTD1eT9ugWXIbjBsNzH3SovBcEu1sB1hctfyrQaGSJefgdxf/rKZKZ011piLgwnvsM49COHM8PPYLcrwfMCnceVz8bLFfKX/y2SWRaTdR9gH8vpeQdxSHN/79cRnJtKuCpmeD0lPzbaIyhIATwF61d8uyimpK360CW5ZYKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CU3+GEe99feGPclKoByxGzoSNLj6a11DxI9T1A0rYcs=; b=ngNOhhG9wNGpWyai/oetQ80aOhNoxw9tqfpdrIag0owQUr22OkZ96qqfsi8HRw0USeAItGQ5Fnx86nEocLU3qqvjS/ghCFEbgIs6IqWrCAJ3qtvrBjWtWZM23b2ptR6rzV1Z3iJNoZ6cXHOKZggfCTReXKUONEez+QPblR0Pgw0sE89qT0nx3hHNkwiqZPJ/4caIQme2n0dl2gCUKEaqXfANMvR9MLhoJIi5h8LU3O7oPl7lDUvdqi+2oro267SGvgWaEDbAiw7QBGAY7xjwf2WsI4Y9DrlkAFdkPUVfweZUuebd3yFic61iMAByI6EV5YcXxMgmOEt1UgY/gRVjqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CU3+GEe99feGPclKoByxGzoSNLj6a11DxI9T1A0rYcs=; b=Z+i/JJR0siBxfFchskP0jcqfcYmSIDK2g3cb0k4X5tt2orHoCoXYICBOYtiYRhBNY3dTALoVUwp+4xbCiAd7swffMzAmtx2Ej9yO1ApvefWFFS42hQbshcqy5RsJs2ngC8wWqXTiIGJPKxkBmY8SunAiZbXXJnbCEAAIVDG9zwI= Received: from BN9PR03CA0607.namprd03.prod.outlook.com (2603:10b6:408:106::12) by MN2PR12MB3021.namprd12.prod.outlook.com (2603:10b6:208:c2::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Tue, 5 Apr 2022 17:32:56 +0000 Received: from BN8NAM11FT032.eop-nam11.prod.protection.outlook.com (2603:10b6:408:106:cafe::d) by BN9PR03CA0607.outlook.office365.com (2603:10b6:408:106::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31 via Frontend Transport; Tue, 5 Apr 2022 17:32:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT032.mail.protection.outlook.com (10.13.177.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5144.20 via Frontend Transport; Tue, 5 Apr 2022 17:32:56 +0000 Received: from ashkalraubuntuserver.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 5 Apr 2022 12:32:54 -0500 From: "Ashish Kalra" To: CC: , , , , , , , , Subject: [PATCH v8 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Date: Tue, 5 Apr 2022 17:32:45 +0000 Message-ID: <8e98ccac7867d922f0f4c76ccc17fadef738623e.1649178155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Return-Path: Ashish.Kalra@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4161e02b-3fb2-4a00-7b19-08da172a5260 X-MS-TrafficTypeDiagnostic: MN2PR12MB3021:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: seTZVXczUUEDNpz+sYC0I2TY5fb0nJsFaDiUEXpmdkDau5hVlH6MkO9wjq/gvAevFRmBNnQFE2LFdDooiRn27k/CbZcZ8g/yWQ0jct7F6JDD/WG0vlZZlsLXLwfLAk1wpX7ADLdT6GnVKtxZq+XF22XaXOK2bxoSqbuQlyKM9szPq0uINnrGMz+SNQGk92Flnc7BWB0+EiyPnfayJZHvWM0jxZUi0jlNgxD5dINO/Nsv2IxEg+nc+SOwVRZWitjGJb+qqPE90SGnI9QK4fu+uPbMM7/OL4X/pnvhNu0qq6Foiycq76rcBGjr1jUysiF3wsYQeD23uxvG+9Scb+YLnV5sysKnSPXjryujtzeyYwyrl3nctlmxRZnYfsb4eGbLv8N0lkSa23B9HdbniE0YLKpXCY6c//JcivdFvm7s8YCRps49KupAltLVjmSJjkl9HpFETmHHzpaND59y8CVyaELV56V208BFTHSgsmn0Ynx+b3VZ0qGEq9nkbKUBZJNwF4QDmkdSierrOQ+sdg77Q55Thx/Yghx+VQWApH02JHSeJ01PM+G+6uAb3SB3N36hjDZapfQxUKt7HjatZdkC6jRoSRr8RO9/dzYsiqQa7/EDQK7echoxECHS42leZ7kaEZxxNdTY/YfHeM0qdy2iiVHpQES+h9jZFaKrwekEMoEswkiGwyVzQIFObBB8vunQRj1bOCiF7jvxV/nyCnzhzQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(26005)(47076005)(426003)(186003)(336012)(36860700001)(70586007)(70206006)(40460700003)(8936002)(2906002)(86362001)(81166007)(36756003)(2616005)(5660300002)(8676002)(356005)(54906003)(16526019)(82310400005)(508600001)(4326008)(316002)(6916009)(7696005)(6666004)(19627235002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2022 17:32:56.3841 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4161e02b-3fb2-4a00-7b19-08da172a5260 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT032.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3021 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Ashish Kalra Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor's guest page encryption state tracking. Cc: Jordan Justen Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 385562b44c..cd96fc23bd 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -223,6 +223,17 @@ AmdSevEsInitialize ( PcdStatus =3D PcdSetBoolS (PcdSevEsIsEnabled, TRUE);=0D ASSERT_RETURN_ERROR (PcdStatus);=0D =0D + //=0D + // The SEC Ghcb setup during reset-vector needs to be marked as=0D + // decrypted in the hypervisor's guest page encryption state=0D + // tracking.=0D + //=0D + SetMemoryEncDecHypercall3 (=0D + FixedPcdGet32 (PcdOvmfSecGhcbBase),=0D + EFI_SIZE_TO_PAGES (FixedPcdGet32 (PcdOvmfSecGhcbSize)),=0D + FALSE=0D + );=0D +=0D //=0D // Allocate GHCB and per-CPU variable pages.=0D // Since the pages must survive across the UEFI to OS transition=0D --=20 2.25.1