From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.87]) by mx.groups.io with SMTP id smtpd.web08.2914.1608065537595584516 for ; Tue, 15 Dec 2020 12:52:17 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=27T2AtoL; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.87, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=df7/tTdIYz2bvyO8HpabYNZ9Bzv8wVc+JiIdsjWRhhI1C+0+XoBPFBDzEVxgzrffzadqrGkdHVya8Fp/uBFpKSg9OEKkvLgbyR6FRbTRdIIcA0blqrREQRc9Zrk7T8m4vafXPguBMatgxeFvZMrCqvLY3dFBWpZTN130k6Qt2kGFEhxt7LzznPj3bn7DfrXLrq2OvlU1JmpW/KYcM/d3bkipyhHw6X7Xkl3H1hqjDf+45MFWmn4RpAuaC+hIA0G6zY9qBWprmu6+lN+OsIg538Zz1Y8xmGEU9hTXQUMKR+XmYx2jI3KY3Bn70tlu/o/GS5IgEyJe4MCOo/0+lHi1eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IhQVMSYEr0MpqAPq9kN9zc/1u7MuiFh5ltXwi1U/TdE=; b=EpZLNyvtzMyW6Wz8pMXPqPe9Lpgqv5x0vVxduqs90hVsFd9hRa5E8bUqznGCLFsn2nOOQPPf3bz+rPv553MUiuxSnmtCT2uwkWpnuC8N7fxBSdmeiHD9Shusnrb8pF42dph05NpG8q6q3Nfd2Ly6lQVNxYaPfHk49ktLKyDOesrbUxOXdnjkZ3gJ7GrBsUfm+QhJe7cIL1GcGWOK0PHCjVbtkVz9pCSoBqpbUsl4ZNYKr4eGF2SpNAU5psJusCgW4bCuBVc6mmr3BEgg3fFUMH/3ImjGdCan6qduOZFZzrn0Fkia41OzSlIevYmz1/N08jv9eILOES/lW3BB29Kg8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IhQVMSYEr0MpqAPq9kN9zc/1u7MuiFh5ltXwi1U/TdE=; b=27T2AtoLZuIGqsFzoXYQUz3xFgew2qjycPGjA8XpSWTyqsePzIIUs9+YWt3bwkNahSm6ad5TM/1biD7ydfJIul99oge9o2uihIZT3LLmhNDB0Ln68y5RFkpDYVeOCUtQ+EnX8TKDxAy2kXnDzHiVudz+9yYDw4NrlvnpLTSCO94= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (10.168.234.7) by DM6PR12MB4155.namprd12.prod.outlook.com (10.141.8.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.15; Tue, 15 Dec 2020 20:52:14 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3654.025; Tue, 15 Dec 2020 20:52:14 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Jordan Justen , Laszlo Ersek , Ard Biesheuvel Subject: [PATCH 06/12] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range Date: Tue, 15 Dec 2020 14:51:05 -0600 Message-ID: <90152d0505354d270cc3af9e5838010e4dcbe114.1608065471.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR03CA0001.namprd03.prod.outlook.com (2603:10b6:610:59::11) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR03CA0001.namprd03.prod.outlook.com (2603:10b6:610:59::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 15 Dec 2020 20:52:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6e3b922a-7da9-4337-7c8d-08d8a13b4d89 X-MS-TrafficTypeDiagnostic: DM6PR12MB4155: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3cG5LXxPnvEf5s93D8ct00Lk1Ijbz4lx8l7jsj4vvdktXvGywsSbGmBsUQzVF5JFmYVfF5QAZeB2BauexCr4AEjC+R2FGSdx9bqPKxEy9ur21xWU3ZuBPRpvscvM6fzNHrrC5wszxoiiWvaOC8oPcrlpxg2up9trvrnG6azQ2Vsev6B7Hm5wz0M9IP7vIHY03J6yjO3iN8soYDfCfI/90k/hSMGA8j3xNEC8IrfYvrsYAkPzaAf6mbMcMQwVLNEyBmn2a9LKEKYBQnGkLprQMD7EizN1uINaTeiK8UEf5s5HxAVZBeROj7xBi/dpzB2bHJYl7+VLsXm56lY2GkKEACe4fnX5HlhzuUETmfK51cY11AMTVAI0/ov97PhKaZz9TdMNuHyGvQj9Rws2QbHZnAcR31Ii/nrqlx0LxFVQGvs2fHocFL/Q8SBXrzls3dCTXhePeZB1akCcgPHT2zYeng== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(136003)(346002)(66946007)(26005)(4326008)(16526019)(6916009)(8676002)(36756003)(508600001)(52116002)(6666004)(83380400001)(5660300002)(8936002)(966005)(186003)(54906003)(956004)(2616005)(66476007)(2906002)(86362001)(34490700003)(6486002)(66556008)(7696005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?tziqT6d0U737UY4wmSEzCUh1vwp2xziHliPWykb9TXF3z5+tarZoVP3vkFkD?= =?us-ascii?Q?eoNPVyusRIG/mt4flpG6+250qtV51GwjfBvUW166SVtKvT6tN5hbWaWQw4bk?= =?us-ascii?Q?kjzjS+wmzDzyex2Q7vstvTeAMr2LtlHjKv8R2Lm8AGhvgfg8kBz3SH7WR2Hp?= =?us-ascii?Q?sBJX3+fBQjKm/rH4+G/xNsrXx1geGP52Tgahz2hGgmOw0piWrpZ9LceBD+ka?= =?us-ascii?Q?gnREBTYYIZbAijRuKfs9mdTJrauYnnBJdsxEKQPgZbz9kETlzXRtly84w0nE?= =?us-ascii?Q?3V5R+o8gpf3YHUlaoJ0fD5o9WD55/AvF4+MvdjXs3YCJ5ngKvRSbFQYGfxd6?= =?us-ascii?Q?FMjeKVRQ1/17xUhSitTFt5TaKAXfDhHhO2BrxtZLcO8Qjog6uxEi+3pTnn4G?= =?us-ascii?Q?N//lZGt55NhztjBS0+KMDNuaH5JeGmaa9dAFW/MvC6z7WvHCtV0/pdmrBJ5Z?= =?us-ascii?Q?ovktBCYtsnBn3VLB7S8gCQEm7JUmH1+ViCwhgOv1paF/ORJD2uoSDFcgb/QG?= =?us-ascii?Q?itZ9hAGRVJjTKbqnkQNVRUMuRtqpqdf12H4YiirH/ODfdLUSjDaBf20eXtFn?= =?us-ascii?Q?XSVlm7VO50Apo6FY8Vky7vjeVmQxN1WDonMNmThf+VhdwGfxi4+bjFrGAPU0?= =?us-ascii?Q?JRWFKOndicEtdlQsNGJL1jRosDJk2MNhxFr+lc4Fu4Q3VEVWKkOQsJJLmOUS?= =?us-ascii?Q?VxNh4P1n6QBSM6wZQFoFbFLGQur/FBISWR1X4rTqHwRITzEwlwFdRk5nxfba?= =?us-ascii?Q?2Nj4KdtUosIyAkYh12bhpHCt45NVXPO2pCnljFySH9TL2KzBoBNV+3XFchCQ?= =?us-ascii?Q?eEIfIdw4Auo841N1zNKLq1bWxsHCweIK4XFjoM1xGm8d0+fTxPGeVLyRWE4J?= =?us-ascii?Q?jCEejXaJItGNjuvx1anDbB0EsvrPRnRPELKQER2gXrA/GS4VqaJUlzSZtyzD?= =?us-ascii?Q?dtQAdbgzYsawjYvZvxGu9ZmmPtT3liLmN5IPBHhjLQ+BY5hkgSOap6mT/rVD?= =?us-ascii?Q?HIQR?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Dec 2020 20:52:14.7714 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 6e3b922a-7da9-4337-7c8d-08d8a13b4d89 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xGPbbtaBS2IZU+b2C30Xwa1ej4jpouzv6Pc7w1y8IFQS2/2ttQJ7rxw0ID56DDu6O48EAzOp0vSXB0LQDZfxBg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4155 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3108 The PCIe MMCONFIG range should be treated as an MMIO range. However, there is a comment in the code explaining why AddIoMemoryBaseSizeHob() is not called. The AmdSevDxe walks the GCD map looking for MemoryMappedIo or NonExistent type memory and will clear the encryption bit for these ranges. Since the MMCONFIG range does not have one of these types, the encryption bit is not cleared for this range. Add support to detect the presence of the MMCONFIG range and clear the encryption bit. This will be needed for follow-on support that will validate MMIO under SEV-ES. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Brijesh Singh Signed-off-by: Tom Lendacky --- OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 8 +++++++- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 20 +++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index dd9ecc789a20..0676fcc5b6a4 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -2,7 +2,7 @@ # # Driver clears the encryption attribute from MMIO regions when SEV is en= abled # -# Copyright (c) 2017, AMD Inc. All rights reserved.
+# Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -39,3 +39,9 @@ [Depex] =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire + +[FixedPcd] + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 595586617882..ed516fcdf956 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -4,7 +4,7 @@ in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when = SEV is enabled. =20 - Copyright (c) 2017, AMD Inc. All rights reserved.
+ Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -17,6 +17,7 @@ #include #include #include +#include =20 EFI_STATUS EFIAPI @@ -65,6 +66,23 @@ AmdSevDxeEntryPoint ( FreePool (AllDescMap); } =20 + // + // If PCI Express is enabled, the MMCONFIG area has been reserved, rathe= r + // than marked as MMIO, and so the C-bit won't be cleared by the above w= alk + // through the GCD map. Check for the MMCONFIG area and clear the C-bit = for + // the range. + // + if (PcdGet16 (PcdOvmfHostBridgePciDevId) =3D=3D INTEL_Q35_MCH_DEVICE_ID)= { + Status =3D MemEncryptSevClearPageEncMask ( + 0, + FixedPcdGet64 (PcdPciExpressBaseAddress), + EFI_SIZE_TO_PAGES (SIZE_256MB), + FALSE + ); + + ASSERT_EFI_ERROR (Status); + } + // // When SMM is enabled, clear the C-bit from SMM Saved State Area // --=20 2.28.0