From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.63]) by mx.groups.io with SMTP id smtpd.web10.6926.1589950024845127069 for ; Tue, 19 May 2020 21:47:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=yN0xahnN; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.243.63, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A5/0A7TYBKIaDqmeQJyXHiJAtlHd5eXIX12GyfDb4D1ugxOuLR1GWfvP1LkEK8nxDDXvfVbBPbsz5baOY7XOe41V+Z8zmFYgyd1aIyner+JmrRYt2h8OP9K6IEiA2LQfcEMtlpVSP3EY7LmFfbzYp7/D1xblaBS0/lqBqIxUnjn/KldqfOIsFYLq1eWDUMYwvSGYydLmLihJZ1pp5ljsQgeNwO7fIIEZPnhI81YTLwmU8gvKPtq7/Voy1j7cHaiRUZUshNfVMSDUXWjavWWrK0LUuYCpWDPtkcqG6ZQ0Cagz1+Y6DRA5IIsRmRBRJXB+c/eLQT2Kc6hZuJrBuLp7FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MjDUdx3Oq5snIL7OG/GxOVkIf3tWdH6DzT0AeHFLpo0=; b=Gtcx3f8wYxHQJNbeUwfLanwrUkr4RhgO3zhrB9Le9OifVgA5icz5QHN8DVhSqIDimAynQBgszeytPObsbBZm6RrhBCNquG0bJFZM4RORhzbohb/VfBVNZog5lqTMSPU0Uuzr3IKtrn8Fu2WRzOOttGFpDoJy5pdwv68BDAowm1sjN09WAv5VacOjNyYOPrC7h+Nymb7UFldDBlS6FbunA1NFJqyFXBOlIiiQS9Vda6LKpIq7y3LkjIgs5khCmLkKkj0OWjRYKLYwTJhSYI4Dv2uu6rnb2LHc3w+IkWnKeHQS2jYQeE56Vr5AB1Bz8HhQyF+Y+L61e3cMQDRaJwtWkg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MjDUdx3Oq5snIL7OG/GxOVkIf3tWdH6DzT0AeHFLpo0=; b=yN0xahnNgW3qZC9iJTCLIHHMpfglbjQxIxpYS9Tum8HB29c/tXKtEXrqEjI3mo/7JLwAkkjddP7J3FnOsX9yoeEer44frQNC2AmGNUDscWbQFcQs0tqmEw1PjD/UU4lZPbm2cHU41jajtdOhaZHZgAr5K3P+9cnf+roqZGHo0MY= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1129.namprd12.prod.outlook.com (2603:10b6:3:7a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.26; Wed, 20 May 2020 04:47:02 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.3000.034; Wed, 20 May 2020 04:47:02 +0000 Subject: Re: [PATCH v8 00/46] SEV-ES guest support From: "Lendacky, Thomas" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Anthony Perard , Benjamin You , Dandan Bi , Guo Dong , Hao A Wu , Jian J Wang , Julien Grall , Maurice Ma References: Message-ID: <91916415-9af2-4fd7-9882-63982c47ccb5@amd.com> Date: Tue, 19 May 2020 23:46:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: X-ClientProxiedBy: SN2PR01CA0060.prod.exchangelabs.com (2603:10b6:800::28) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN2PR01CA0060.prod.exchangelabs.com (2603:10b6:800::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.25 via Frontend Transport; Wed, 20 May 2020 04:47:00 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 264de366-0bcb-47ce-a4b5-08d7fc78d674 X-MS-TrafficTypeDiagnostic: DM5PR12MB1129: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1388; X-Forefront-PRVS: 04097B7F7F X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bkB3B3fxxUmakEHBFjf8f39WoJCnDdynANxqNoXxFDW6PZi7x+/IE1Pl7/4hFtZGQNxl8dxcRzPaSBKZCWGJRbaXJR2Ai+xImPplw/3HMGiMLeEJarmi/eZBf9Wor/r5zbE9MenDa2uYa/KUUiUw1BXOS9YjC62yHKZR6if6PGR0IL/8Riejd6+9nGmG8WNYEPINtGGyib+KgGsa01ShxNmf60QXHd8hNfTIY545Skyu5x0V6goNJLy5cKl3rlSBUVxDF1a1n9svktxThp33IvFP6xkLBkzaQN2nhL+HncyjpXglfx2Ffb3+sp4ahgOZ6uFCanOcrl8KF4HwCo2mjzQnjzGM1c5qeTa3PiwyJ0CyDsSekI6oSH5clLpkkxcnctPthA+nVT/t+Bkei0pMOxgTep4uPnvKG9HMlI3zjM5zjYaiTEhgYQtwYUmMpuS7Wy+uKIzfpLKrpkf2qcNZBKvw9kV4XqMPqlCvlevY+BEfI6G06x/0/28FoFqHW0LAAkD6TpxW2GQY6D0tCXuvd43QF8FU5yzN5cSHALs9ox3+KevZHAeuLFDEvsi97EsXJSrFnoRYfW9LxiMA84Q4Cg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(376002)(346002)(136003)(396003)(366004)(53546011)(52116002)(30864003)(26005)(6486002)(16526019)(186003)(966005)(86362001)(5660300002)(54906003)(8676002)(2906002)(66556008)(31696002)(316002)(478600001)(36756003)(6506007)(6916009)(66476007)(2616005)(6512007)(956004)(66946007)(19627235002)(31686004)(4326008)(8936002)(7416002)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: xJXk6D+Rh2d55P4S/TdPneCBW88zK1krrEKoNtqdSATYSWr23mlMbJA+MQInNF3FDO1lNXHCm5agIdQaZA98AqTWQCxxaRQw08eNvKIoaVS8jTQt2iVNmgbwawVfiiJEPpTj++q2bx9+52KB3uxz3mvnYM28wJgkjCVLzV5DKHYzEhCMrm5cMyq/lVLhGfydmQNO3GRvQMjVtYM6sJBPGbAAyqYRotd+sXV2arZlqadbPplKxummwCMqjfzbAmC4Tdxwhe/V2p6L5MAkFdXu4GkMNvFWL78IqLdTq8UgM0MZQPR9IkV1+bk55mokdPZuS5xwt7XEF3vhLcAWDVG+yatYVcBP4XbaK+WyZkzqpdNOZ5ccKRMjvz6+sZ+Sppru1TLPfF9+LEDcUOZvJ55SFoLeEsmeYBvrayqKuH1veYhLsPJgNHYRpAn4BzqW31NAmQv78cz4aHbeXAvzJu5raxT7ULmbuluXGt4WxdYu4GN8gu3s3wi2yAEoAui8hDJU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 264de366-0bcb-47ce-a4b5-08d7fc78d674 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2020 04:47:02.7035 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZbNlZQU74tDyZ/bPhH8ajzxkD+sByDparfwQmuilEseKIc6bT8gR2NwzN8h+XhxjeCOxLQtFJ0AS51dLMMjTHw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1129 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 5/19/20 4:50 PM, Tom Lendacky wrote: > This patch series provides support for running EDK2/OVMF under SEV-ES. Over the next few days I'll work on the Wiki page that has been requested, as well as getting the feature added to the request plan page. Thanks, Tom > > Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the > SEV support to protect the guest register state from the hypervisor. See > "AMD64 Architecture Programmer's Manual Volume 2: System Programming", > section "15.35 Encrypted State (SEV-ES)" [1]. > > In order to allow a hypervisor to perform functions on behalf of a guest, > there is architectural support for notifying a guest's operating system > when certain types of VMEXITs are about to occur. This allows the guest to > selectively share information with the hypervisor to satisfy the requested > function. The notification is performed using a new exception, the VMM > Communication exception (#VC). The information is shared through the > Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT instruction. > The GHCB format and the protocol for using it is documented in "SEV-ES > Guest-Hypervisor Communication Block Standardization" [2]. > > The main areas of the EDK2 code that are updated to support SEV-ES are > around the exception handling support and the AP boot support. > > Exception support is required starting in Sec, continuing through Pei > and into Dxe in order to handle #VC exceptions that are generated. Each > AP requires it's own GHCB page as well as a page to hold values specific > to that AP. > > AP booting poses some interesting challenges. The INIT-SIPI-SIPI sequence > is typically used to boot the APs. However, the hypervisor is not allowed > to update the guest registers. The GHCB document [2] talks about how SMP > booting under SEV-ES is performed. > > Since the GHCB page must be a shared (unencrypted) page, the processor > must be running in long mode in order for the guest and hypervisor to > communicate with each other. As a result, SEV-ES is only supported under > the X64 architecture. > > [1] https://www.amd.com/system/files/TechDocs/24593.pdf > [2] https://developer.amd.com/wp-content/resources/56421.pdf > > --- > > These patches are based on commit: > 7b6327ff03bb ("OvmfPkg/PlatformPei: increase memory type info defaults") > > A version of the tree can be found at: > https://github.com/AMDESE/ovmf/tree/sev-es-v16 > > Cc: Anthony Perard > Cc: Ard Biesheuvel > Cc: Benjamin You > Cc: Dandan Bi > Cc: Eric Dong > Cc: Guo Dong > Cc: Hao A Wu > Cc: Jian J Wang > Cc: Jordan Justen > Cc: Julien Grall > Cc: Laszlo Ersek > Cc: Liming Gao > Cc: Maurice Ma > Cc: Michael D Kinney > Cc: Ray Ni > > Changes since v7: > - Reserve the SEV-ES workarea when S3 is enabled > - Fix warnings issued by the Visual Studio compiler > - Create a NULL VmgExitLib instance that is used for VMGEXIT > related operations as well as #VC handling. Then create the full > VmgExitLib support only in OvmfPkg - where it will be used. This > removes a bunch of implementation code from platforms that will > not be using the functionality. > - Remove single use interfaces from the VmgExitLib (VmgMmioWrite > and VmgSetApJumpTable) > > Changes since v6: > - Add function comments to all functions, including local functions > - Add function parameter direction to all functions (in/out) > - Add support for MMIO MOVZX/MOVSX instructions > - Ensure the per-CPU variable page remains encrypted > - Coding-style fixes as identified by Ecc > > Changes since v5: > - Remove extraneous VmgExitLib usage > - Miscellaneous changes to address feedback (coding style, etc.) > > Changes since v4: > - Move the SEV-ES protocol negotiation out of the SEC exception handler > and into the SecMain.c file. As a result: > - Move the SecGhcb related PCDs out of UefiCpuPkg and into OvmfPkg > - Combine SecAMDSevVcHandler.c and PeiDxeAMDSevVcHandler.c into a > single AMDSevVcHandler.c > - Consolidate VmgExitLib usage into common LibraryClasses sections > - Add documentation comments to the VmgExitLib functions > > Changes since v3: > - Remove the need for the MP library finalization routine. The AP > jump table address will be held by the hypervisor rather than > communicated via the GHCB MSR. This removes some fragility around > the UEFI to OS transition. > - Rename the SEV-ES RIP reset area to SEV-ES workarea and use it to > communicate the SEV-ES status, so that SEC CPU exception handling is > only established for an SEV-ES guest. > - Fix SMM build breakageAdd around QemuFlashPtrWrite(). > - Fix SMM build breakage by adding VC exception support the SMM CPU > exception handling. > - Add memory fencing around the invocation of AsmVmgExit(). > - Clarify comments around the SEV-ES AP reset RIP values and usage. > - Move some PCD definitions from MdeModulePkg to UefiCpuPkg. > - Remove the 16-bit code selector definition from MdeModulePkg > > Changes since v2: > - Added a way to locate the SEV-ES fixed AP RIP address for starting > AP's to avoid updating the actual flash image (build time location > that is identified with a GUID value). > - Create a VmgExit library to replace static inline functions. > - Move some PCDs to the appropriate packages > - Add support for writing to QEMU flash under SEV-ES > - Add additional MMIO opcode support > - Cleaned up the GHCB MSR CPUID protocol support > > Changes since v1: > - Patches reworked to be more specific to the component/area being updated > and order of definition/usage > - Created a library for VMGEXIT-related functions to replace use of inline > functions > - Allocation method for GDT changed from AllocatePool to AllocatePages > - Early caching only enabled for SEV-ES guests > - Ensure AP loop mode set to halt loop mode for SEV-ES guests > - Reserved SEC GHCB-related memory areas when S3 is enabled > > Tom Lendacky (46): > MdeModulePkg: Create PCDs to be used in support of SEV-ES > UefiCpuPkg: Create PCD to be used in support of SEV-ES > MdePkg: Add the MSR definition for the GHCB register > MdePkg: Add a structure definition for the GHCB > MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables > MdePkg/BaseLib: Add support for the XGETBV instruction > MdePkg/BaseLib: Add support for the VMGEXIT instruction > UefiCpuPkg: Implement library support for VMGEXIT > OvmfPkg: Prepare OvmfPkg to use the VmgExitLib library > UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib library > UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception > OvmfPkg/VmgExitLib: Implement library support for VmgExitLib in OVMF > OvmfPkg/VmgExitLib: Add support for IOIO_PROT NAE events > OvmfPkg/VmgExitLib: Support string IO for IOIO_PROT NAE events > OvmfPkg/VmgExitLib: Add support for CPUID NAE events > OvmfPkg/VmgExitLib: Add support for MSR_PROT NAE events > OvmfPkg/VmgExitLib: Add support for NPF NAE events (MMIO) > OvmfPkg/VmgExitLib: Add support for WBINVD NAE events > OvmfPkg/VmgExitLib: Add support for RDTSC NAE events > OvmfPkg/VmgExitLib: Add support for RDPMC NAE events > OvmfPkg/VmgExitLib: Add support for INVD NAE events > OvmfPkg/VmgExitLib: Add support for VMMCALL NAE events > OvmfPkg/VmgExitLib: Add support for RDTSCP NAE events > OvmfPkg/VmgExitLib: Add support for MONITOR/MONITORX NAE events > OvmfPkg/VmgExitLib: Add support for MWAIT/MWAITX NAE events > OvmfPkg/VmgExitLib: Add support for DR7 Read/Write NAE events > OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function > OvmfPkg: Add support to perform SEV-ES initialization > OvmfPkg: Create a GHCB page for use during Sec phase > OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is supported > OvmfPkg: Create GHCB pages for use during Pei and Dxe phase > OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled > UefiCpuPkg: Create an SEV-ES workarea PCD > OvmfPkg: Reserve a page in memory for the SEV-ES usage > OvmfPkg/PlatformPei: Reserve SEV-ES work area if S3 is supported > OvmfPkg/ResetVector: Add support for a 32-bit SEV check > OvmfPkg/Sec: Add #VC exception handling for Sec phase > OvmfPkg/Sec: Enable cache early to speed up booting > OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with > SEV-ES > UefiCpuPkg: Add a 16-bit protected mode code segment descriptor > UefiCpuPkg/MpInitLib: Add CPU MP data flag to indicate if SEV-ES is > enabled > UefiCpuPkg: Allow AP booting under SEV-ES > OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector > OvmfPkg: Move the GHCB allocations into reserved memory > UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use > Maintainers.txt: Add reviewers for the OvmfPkg SEV-related files > > MdeModulePkg/MdeModulePkg.dec | 9 + > OvmfPkg/OvmfPkg.dec | 9 + > UefiCpuPkg/UefiCpuPkg.dec | 17 + > OvmfPkg/OvmfPkgIa32.dsc | 6 + > OvmfPkg/OvmfPkgIa32X64.dsc | 6 + > OvmfPkg/OvmfPkgX64.dsc | 6 + > OvmfPkg/OvmfXen.dsc | 1 + > UefiCpuPkg/UefiCpuPkg.dsc | 2 + > UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 2 + > UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 2 + > OvmfPkg/OvmfPkgX64.fdf | 9 + > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 2 + > MdePkg/Library/BaseLib/BaseLib.inf | 4 + > OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 36 + > OvmfPkg/PlatformPei/PlatformPei.inf | 9 + > .../FvbServicesRuntimeDxe.inf | 2 + > OvmfPkg/ResetVector/ResetVector.inf | 8 + > OvmfPkg/Sec/SecMain.inf | 4 + > .../DxeCpuExceptionHandlerLib.inf | 1 + > .../PeiCpuExceptionHandlerLib.inf | 1 + > .../SecPeiCpuExceptionHandlerLib.inf | 1 + > .../SmmCpuExceptionHandlerLib.inf | 1 + > .../Xcode5SecPeiCpuExceptionHandlerLib.inf | 1 + > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 + > UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 + > .../Library/VmgExitLibNull/VmgExitLibNull.inf | 27 + > .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +- > MdePkg/Include/Library/BaseLib.h | 31 + > MdePkg/Include/Register/Amd/Fam17Msr.h | 42 + > MdePkg/Include/Register/Amd/Ghcb.h | 134 ++ > OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 + > .../QemuFlash.h | 13 + > UefiCpuPkg/CpuDxe/CpuGdt.h | 4 +- > UefiCpuPkg/Include/Library/VmgExitLib.h | 103 + > UefiCpuPkg/Library/MpInitLib/MpLib.h | 68 +- > .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +- > .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +- > .../Core/DxeIplPeim/X64/VirtualMemory.c | 57 +- > MdePkg/Library/BaseLib/Ia32/GccInline.c | 45 + > MdePkg/Library/BaseLib/X64/GccInline.c | 47 + > .../MemEncryptSevLibInternal.c | 75 +- > OvmfPkg/Library/VmgExitLib/VmgExitLib.c | 155 ++ > .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 1721 +++++++++++++++++ > OvmfPkg/PlatformPei/AmdSev.c | 89 + > OvmfPkg/PlatformPei/MemDetect.c | 43 + > .../QemuFlash.c | 23 +- > .../QemuFlashDxe.c | 40 + > .../QemuFlashSmm.c | 16 + > OvmfPkg/Sec/SecMain.c | 188 +- > UefiCpuPkg/CpuDxe/CpuGdt.c | 8 +- > .../CpuExceptionCommon.c | 10 +- > .../PeiDxeSmmCpuException.c | 20 +- > .../SecPeiCpuException.c | 19 + > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 120 +- > UefiCpuPkg/Library/MpInitLib/MpLib.c | 313 ++- > UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 19 + > .../Library/VmgExitLibNull/VmgExitLibNull.c | 121 ++ > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- > Maintainers.txt | 10 + > MdeModulePkg/MdeModulePkg.uni | 8 + > MdePkg/Library/BaseLib/Ia32/VmgExit.nasm | 37 + > MdePkg/Library/BaseLib/Ia32/XGetBv.nasm | 31 + > MdePkg/Library/BaseLib/X64/VmgExit.nasm | 32 + > MdePkg/Library/BaseLib/X64/XGetBv.nasm | 34 + > OvmfPkg/Library/VmgExitLib/VmgExitLib.uni | 15 + > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 100 + > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 348 +++- > OvmfPkg/ResetVector/ResetVector.nasmb | 20 + > .../X64/ExceptionHandlerAsm.nasm | 17 + > .../X64/Xcode5ExceptionHandlerAsm.nasm | 17 + > UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc | 2 +- > .../Library/MpInitLib/Ia32/MpFuncs.nasm | 15 + > UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc | 4 +- > UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 370 +++- > .../Library/VmgExitLibNull/VmgExitLibNull.uni | 15 + > .../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 9 + > UefiCpuPkg/UefiCpuPkg.uni | 11 + > 77 files changed, 4730 insertions(+), 104 deletions(-) > create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.inf > create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf > create mode 100644 MdePkg/Include/Register/Amd/Ghcb.h > create mode 100644 UefiCpuPkg/Include/Library/VmgExitLib.h > create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.c > create mode 100644 OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c > create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.c > create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExit.nasm > create mode 100644 MdePkg/Library/BaseLib/Ia32/XGetBv.nasm > create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm > create mode 100644 MdePkg/Library/BaseLib/X64/XGetBv.nasm > create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.uni > create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.uni >