From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.71]) by mx.groups.io with SMTP id smtpd.web11.65642.1597755873788587714 for ; Tue, 18 Aug 2020 06:04:34 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=fMqHvNtD; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.236.71, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gaFidhG6p63ekT1O0fQmER3hqtE/DPP44BIvieGDmOoAmt4gxJBgA3rCJHMwTBbVGVUNgmPHs7qa5kYHSMlfGqWd0SzxdZXHvzM0x9vmNTe/Qhxu7VURzwhvZUWyveRcGb57QuSmIhqqUln1FV9fS9/Ey77oa9xPc0P9cS9+FkC9lZV+SEdEE3iAVo6J8UsQdO8O/7pEqn7Pe+AWRc4+8jrNR8YsHJisioB3B4pQt278RElOXO8Kruxc3tiFk1Lt98Wd/9vD/ggYslk6qLfCv04XpdQTYdE7Cm2AA9Tt0W/BHWNq+s1uTdrvgawVao/xqaCzmHpZ8BXVS4TqsXvEwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6ICd6YST5LXc8ArR5z9RRlSFY0MGru2aaZpfmjMVEr4=; b=H5B5woSi7X1hIDCsnFpIm7G3BTXQ49VePTKAFwvD4IVBD0nhqlvE0hHNktsvLhUZBYuYGCT44P7VK5ISgH44OpsoIUl4PC+14y8WPLUpZ+ifM0V6MOW1jYRtK2hvJLODnxJjPoh0ey5fmmfghBDiU6E9lmshp/gcBI0NDXi8AG95QlIsnfUg9UKuxJWsVKirYcrFRwxTmz8NVWowBF25b13YuKFsltW2WWNvl3rwhFpPtipv716IQJ0gG+thP1hP3yM7w1TUb3YJ4O/RzE6qoSincrkIu4LGAfeJhkSCTCnJOT9J7OhMDQL9Wjb91i1yVr3fBluXfnxyypq+SL26eQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6ICd6YST5LXc8ArR5z9RRlSFY0MGru2aaZpfmjMVEr4=; b=fMqHvNtDHucnPZ30+JDoMFIVloA/EPeb/Ac4FZqqhoXoPxYPJwn1d6oWwzc2ojIgtlD2YzhmX1P4b4EBlY0WLSeNnwNrLTsl0QJ1NidZ3Tjl2k95JtPHgGQl6eGeen/wYN8Yr+f7WOyVitIwVaDG/y7/J8EIq+Yf3Pr+y+Wgku8= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB3580.namprd12.prod.outlook.com (2603:10b6:5:11e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16; Tue, 18 Aug 2020 13:04:30 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::299a:8ed2:23fc:6346]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::299a:8ed2:23fc:6346%3]) with mapi id 15.20.3283.027; Tue, 18 Aug 2020 13:04:30 +0000 Subject: Re: [edk2-devel] [PATCH v15 00/46] SEV-ES guest support To: "Gao, Liming" , "devel@edk2.groups.io" , Laszlo Ersek CC: Brijesh Singh , Ard Biesheuvel , "Dong, Eric" , "Justen, Jordan L" , "Kinney, Michael D" , "Ni, Ray" , Andrew Fish , Anthony Perard , "You, Benjamin" , "Bi, Dandan" , "Dong, Guo" , "Wu, Hao A" , "Wang, Jian J" , Julien Grall , Leif Lindholm , "Ma, Maurice" References: <3bdffcbb-dba1-ce8b-5b3c-ed7d94dc1db5@redhat.com> <162AFDBB197F7CE0.20848@groups.io> <8d901d1e-b24b-b54e-c8ae-a56563d20ff3@redhat.com> <181620f1-947c-9475-f19c-6a5178c50352@amd.com> From: "Lendacky, Thomas" Message-ID: <9142513a-3a3a-ace2-24ce-8db7ade9063a@amd.com> Date: Tue, 18 Aug 2020 08:04:27 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: X-ClientProxiedBy: SN4PR0201CA0044.namprd02.prod.outlook.com (2603:10b6:803:2e::30) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.118] (165.204.77.1) by SN4PR0201CA0044.namprd02.prod.outlook.com (2603:10b6:803:2e::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.15 via Frontend Transport; Tue, 18 Aug 2020 13:04:29 +0000 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 69722150-a399-46e9-a333-08d843773e93 X-MS-TrafficTypeDiagnostic: DM6PR12MB3580: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hwSCh/Yznjxz8Qt+DMs5pHDrf+G6/dVADhuSYCP77hm9a+AEXR2MjwFCGLOJpRMC7wucHVdIfsE+JFiLSkCvRKm4w43tilH/vLwJ7fEmpeyQGq+5TjtaHJowShCUs21UodlPCAy83s8kciaGTJGpU/gpiHURtvrs2FaPuUT6w1hlKLTvVz4/IV/09Fr0qZ/7c+4zuCRA+ioSm71wz7Tw1u8kJ6laQe/azx3R3j6Uz/pHUPkBh2E+g8icGgp6gd+v6fbV9fXBLoUSIXFl+hncnqhgN7iF1d2PjauZSE0savHLJGMDwznORXSgtGKjZTWhkRUihSs+ZRvuxrQmbJDQ/qITgumwhUZtmzII3xNK1a5wkWYkURjCBjyuidu62N/bsrOnxFLl14/f41CoP9XhRBDw1BO9rorjClHPZr7gaoZ1Rw2KxlOdw4Zyt/XZxZTAdz1xAXB84wI3PtcekD/lag== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(396003)(376002)(39860400002)(366004)(136003)(956004)(16576012)(316002)(110136005)(966005)(5660300002)(53546011)(83380400001)(7416002)(16526019)(30864003)(8676002)(66946007)(31686004)(186003)(54906003)(31696002)(2906002)(8936002)(6486002)(4326008)(66476007)(36756003)(45080400002)(86362001)(26005)(66556008)(52116002)(478600001)(2616005)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 6agwNFWB6jal+0R9TuPIyV02w5nKZ28yFlEWvGbLpC9tOyftgdH2+erGA99fyHF1dwNRmpxNynoeyEUtfzCJYJVB6oCZkf+XXm7+q4xLrq93n24EqFz/D/+7RUjVFo+4PeKHvepTKVaAqpWLC0/z603rj8bwHZVpZJuKgh0//zCkyF23glbN0Sqj3aH+7w0eQKkRT+WvkURLQ0Pmxu6vTrDeJdVm6qfHqMr+YrhxJrfxNQRHYLhCoR3FRwoPVNOtsOA+gIilhxOhBNMt6hLEGOP/KSfLHKSpHxzYQEjM6iXLLegLPIedzoj7vrfzR/E/qkEjmXAeTWOQGFpeql7lBCaKDo7RCfmvN20AwTOIMTEXkC18gU9X60GRjd+pgEfJGvisfZMTUk8PW6leEY5cj9dGNT5FwWQ4NkJ+4/lCHByX6oZISZ6hTJQCYjBQ5d+cpWSCfjUQ6/E+Xx7QoEQq5hDv4KowRapl6gi91DbjuLZhX/lKpXN0ZcawnZilUIhL5huagzWu7XVb88oQYgsEU2KyQVECuHNBRTN6MhHE80N3LqZe6ccwng3xifmwU0f5PXAj+oFM4oj8ijFXkytiS1OIdtmebQbXeuSizaOAJ3abQEtoXzjAYDsGIyHCY4tqvKf1KG2R851NLuqsn+glHg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 69722150-a399-46e9-a333-08d843773e93 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Aug 2020 13:04:30.5036 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 91Ajv4znyRV2m6F1X9PKZQMQ4Jp0IGZ4DB5yuRjJNKdrqm/tyuR7hyV1cqmGvoWQZQQBl+O8I5mvfl+VVMWpzA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3580 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 8/17/20 8:16 PM, Gao, Liming wrote: > Tom: > One build issue is found with CLANGPDB and XCODE tool chain. BZ has be= en submitted https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A= %2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2901&data=3D02%7C01%= 7Cthomas.lendacky%40amd.com%7Cf97832814a0342233e0b08d843146463%7C3dd8961fe4= 884e608e11a82d994e183d%7C0%7C0%7C637333103486393371&sdata=3DRcyTNxi29uH= p0TnsQz2ofcl%2BwdIF%2F2PfLYdxUEeUaHU%3D&reserved=3D0. Can you fix it fo= r this stable tag? Hi Liming, Yes, fix is on the way. Thanks, Tom >=20 > Thanks > Liming >> -----Original Message----- >> From: devel@edk2.groups.io On Behalf Of Lendacky= , Thomas >> Sent: Tuesday, August 18, 2020 1:56 AM >> To: Laszlo Ersek ; Gao, Liming ; devel@edk2.groups.io >> Cc: Brijesh Singh ; Ard Biesheuvel ; Dong, Eric ; Justen, >> Jordan L ; Kinney, Michael D ; Ni, Ray ; Andrew Fish >> ; Anthony Perard ; You, Ben= jamin ; Bi, Dandan >> ; Dong, Guo ; Wu, Hao A ; Wang, Jian J ; >> Julien Grall ; Leif Lindholm ; Ma, M= aurice >> Subject: Re: [edk2-devel] [PATCH v15 00/46] SEV-ES guest support >> >> Yes, a big thank you to everyone involved! >> >> Tom >> >> On 8/17/20 12:03 PM, Laszlo Ersek wrote: >>> On 08/17/20 06:09, Gao, Liming wrote: >>>> This patch set have been merged edk2 >> 7f7f511c5a74676523ed48435350f6e35282b62b..7f0b28415cb464832155d5b3ff6eb= 63612f58645 >>> >>> Thank you! >>> Laszlo >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io On Behalf Of Liming= Gao >>>> Sent: 2020=E5=B9=B48=E6=9C=8814=E6=97=A5 9:20 >>>> To: Laszlo Ersek ; Tom Lendacky ; devel@edk2.groups.io >>>> Cc: Brijesh Singh ; Ard Biesheuvel ; Dong, Eric ; Justen, >> Jordan L ; Kinney, Michael D ; Ni, Ray ; Andrew Fish >> ; Anthony Perard ; You, Ben= jamin ; Bi, Dandan >> ; Dong, Guo ; Wu, Hao A ; Wang, Jian J ; >> Julien Grall ; Leif Lindholm ; Ma, M= aurice >>>> Subject: Re: [edk2-devel] [PATCH v15 00/46] SEV-ES guest support >>>> >>>> Laszlo: >>>> >>>> -----Original Message----- >>>> From: Laszlo Ersek >>>> Sent: 2020=E5=B9=B48=E6=9C=8814=E6=97=A5 3:54 >>>> To: Tom Lendacky ; devel@edk2.groups.io >>>> Cc: Brijesh Singh ; Ard Biesheuvel ; Dong, Eric ; Justen, >> Jordan L ; Gao, Liming ; Kinney, Michael D ; Ni, Ray >> ; Andrew Fish ; Anthony Perard ; You, Benjamin >> ; Bi, Dandan ; Dong, Guo <= guo.dong@intel.com>; Wu, Hao A >> ; Wang, Jian J ; Julien Gral= l ; Leif Lindholm ; Ma, >> Maurice >>>> Subject: Re: [PATCH v15 00/46] SEV-ES guest support >>>> >>>> On 08/13/20 15:22, Tom Lendacky wrote: >>>>> From: Tom Lendacky >>>>> >>>>> This patch series provides support for running EDK2/OVMF under SEV-E= S. >>>>> >>>>> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands o= n >>>>> the SEV support to protect the guest register state from the >>>>> hypervisor. See >>>>> "AMD64 Architecture Programmer's Manual Volume 2: System Programming= ", >>>>> section "15.35 Encrypted State (SEV-ES)" [1]. >>>>> >>>>> In order to allow a hypervisor to perform functions on behalf of a >>>>> guest, there is architectural support for notifying a guest's >>>>> operating system when certain types of VMEXITs are about to occur. >>>>> This allows the guest to selectively share information with the >>>>> hypervisor to satisfy the requested function. The notification is >>>>> performed using a new exception, the VMM Communication exception >>>>> (#VC). The information is shared through the Guest-Hypervisor Commun= ication Block (GHCB) using the VMGEXIT instruction. >>>>> The GHCB format and the protocol for using it is documented in "SEV-= ES >>>>> Guest-Hypervisor Communication Block Standardization" [2]. >>>>> >>>>> The main areas of the EDK2 code that are updated to support SEV-ES a= re >>>>> around the exception handling support and the AP boot support. >>>>> >>>>> Exception support is required starting in Sec, continuing through Pe= i >>>>> and into Dxe in order to handle #VC exceptions that are generated. >>>>> Each AP requires it's own GHCB page as well as a page to hold values >>>>> specific to that AP. >>>>> >>>>> AP booting poses some interesting challenges. The INIT-SIPI-SIPI >>>>> sequence is typically used to boot the APs. However, the hypervisor = is >>>>> not allowed to update the guest registers. The GHCB document [2] tal= ks >>>>> about how SMP booting under SEV-ES is performed. >>>>> >>>>> Since the GHCB page must be a shared (unencrypted) page, the process= or >>>>> must be running in long mode in order for the guest and hypervisor t= o >>>>> communicate with each other. As a result, SEV-ES is only supported >>>>> under the X64 architecture. >>>>> >>>>> This series adds a new library requirement for the VmgExitLib librar= y >>>>> against the UefiCpuPkg CpuExceptionHandlerLib library and the >>>>> UefiCpuPkg MpInitLib library. The edk2-platforms repo requires >>>>> updates/patches to add the new library requirement. To accomodate >>>>> that, this series could be split between: >>>>> >>>>> patch number 10: >>>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib libra= ry >>>>> >>>>> and patch number 11: >>>>> UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC >>>>> exception >>>>> >>>>> The updates to edk2-platforms can be applied at the split. >>>>> >>>>> [1] >> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww= .amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf& >> amp;data=3D02%7C01%7Cthomas.lendacky%40amd.com%7C9f8ac7054fe14b45410108= d842cf75d6%7C3dd8961fe4884e608e11a82d994e1 >> 83d%7C0%7C0%7C637332807380740132&sdata=3D2%2BQLHjbgwrn8p0ac7MCq17nw= SZ%2BqEEadZk9yhTDUlPg%3D&reserved=3D >> 0 >>>>> [2] https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2= F%2Fdeveloper.amd.com%2Fwp- >> content%2Fresources%2F56421.pdf&data=3D02%7C01%7Cthomas.lendacky%40= amd.com%7C9f8ac7054fe14b45410108d842cf75d6% >> 7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637332807380740132&sda= ta=3Dmz43rsp%2F9py2d5eWmimrC9HilcF8pnbEK >> hkbJzJ%2BP40%3D&reserved=3D0 >>>>> >>>>> --- >>>>> >>>>> These patches are based on commit: >>>>> 65904cdbb33c ("UefiCpuPkg/MtrrLibUnitTest: Change to use static arra= y >>>>> for CI test") >>>>> >>>>> A version of the tree can be found at: >>>>> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F= github.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es- >> v24&data=3D02%7C01%7Cthomas.lendacky%40amd.com%7C9f8ac7054fe14b4541= 0108d842cf75d6%7C3dd8961fe4884e608e11a82d9 >> 94e183d%7C0%7C0%7C637332807380740132&sdata=3DJglZJ9Ts5ZmFLLYQYb1iIB= cY1HWXh6UosOh%2BtSjFm5Q%3D&reserved=3D0 >>>>> >>>>> Cc: Andrew Fish >>>>> Cc: Anthony Perard >>>>> Cc: Ard Biesheuvel >>>>> Cc: Benjamin You >>>>> Cc: Dandan Bi >>>>> Cc: Eric Dong >>>>> Cc: Guo Dong >>>>> Cc: Hao A Wu >>>>> Cc: Jian J Wang >>>>> Cc: Jordan Justen >>>>> Cc: Julien Grall >>>>> Cc: Laszlo Ersek >>>>> Cc: Leif Lindholm >>>>> Cc: Liming Gao >>>>> Cc: Maurice Ma >>>>> Cc: Michael D Kinney >>>>> Cc: Ray Ni >>>>> >>>>> Changes since v14: >>>>> - Address ECC errors >>>>> - Fix non-boolean comparison to use a comparison operator >>>>> - Separate declaration and initialization of variables >>>>> - Add period to first line of block comments >>>>> - Split single-line multiple declaration into multiple lines >>>> >>>> The changes look good to me, thanks! >>>> >>>> In this particular case, the updates do not invalidate my "Regression= -tested-by" given under v14: >>>> >>>> >> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk= 2.groups.io%2Fg%2Fdevel%2Fmessage%2F63921&data >> =3D02%7C01%7Cthomas.lendacky%40amd.com%7C9f8ac7054fe14b45410108d842cf75= d6%7C3dd8961fe4884e608e11a82d994e183d%7C0 >> %7C0%7C637332807380740132&sdata=3D0ZQ3oULPfbBeSX5cvOfkGjCS4si%2FH2c= qnkceyQcrUdY%3D&reserved=3D0 >>>> >>>> """ >>>> For all patches except #10 ("UefiPayloadPkg: Prepare UefiPayloadPkg t= o use the VmgExitLib library") and #46 ("Maintainers.txt: Add >> reviewers for the OvmfPkg SEV-related files"): >>>> >>>> Regression-tested-by: Laszlo Ersek """ >>>> >>>> So whoever merges this series should please apply that to the respect= ive patches. >>>> >>>> [Liming] Got it. This patch set has passed all review. I will help me= rge it for this stable tag stable202008. >>>> >>>> Thanks! >>>> Laszlo >>>> >>>> >>>> >>>> >>> >> >>=20 >=20