From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.65]) by mx.groups.io with SMTP id smtpd.web10.12517.1625753338173491179 for ; Thu, 08 Jul 2021 07:08:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=EG4zXyVG; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.65, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LMaY+8e0Wg4J2Ss+NC+BvmGXp2u88Ep9O8f5o1E5lU0SRDZvOz2EIzVUZ8IIjUqY0qWSgi5l4d7Zaucw7bvUqNwm3A1faSENdl+iGxgORUiTlIhmegbYZZImtfP2neReLPoSqxg4nxEhWXaB7HkrG8GKRScvU1DsyWs1bRbgH3kty8JlMNifmsudSvNbaH/ZqZaNmEzShtNleluTz7GtzVb9IyHu4qZeHJ4eP8JYuivlA7TiZiMoYR3wA1n3DAVxOamhGGZyIVYUj7eFuJIcg2EzXMJH3DQg33FtGNAxpksjLDGmQEQrpT1J/8dFSmOrKwwBKAbbSgRzT3gIiVQ7lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XOr+t2+8q0VuuFQUcrfvaLLlapHmQDOoRDn5vnsYBfw=; b=CPOK1lNKiZTXSfMJOuLEJ6TL9DrNu1ynnpY0lziTXag+8tgPCmfmAes0pgaRDNL/BrsMzojPz6YK8DnGJbhBvSFvnAyULvZEyUM4kQDjFzQ/5HqMZ2HdO3g8ZB0cpLR9pbDhr0DDd4cPn/o5ZU2XH4kLiIpWPWwAPQnKg95gANEGFfOxbbGw6ZwqaznZerdZlxpzREwmU9aLsdujLKQbMcH++YNdjVvzGjte4kkoVtwLHZnZ1/HEms0wdq1kJqYacrr//Jryfpt3q6rQjuGfMkXl84POdgK/Y+ZIpukKumZyqpMdZk8tSoBN2oTzgZGab1MPz8EQLT3Q5h6G+2dFkA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XOr+t2+8q0VuuFQUcrfvaLLlapHmQDOoRDn5vnsYBfw=; b=EG4zXyVGOJoShFL5GmC+O1ALCqalPE9F9NuZ0ImcoJdZQ+VhxRdC0YGx+lQTBx8eO3hgDFyWvGSJHo5+L+dRHOPnMsrpL58hjxIkdtnQq0cX6nlQV4KL0NjzGGKqTsZPFxM1VV7vUF1CBFiLkhP9D8r6jN3WaA8vq4hbCkVlRl8= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4592.namprd12.prod.outlook.com (2603:10b6:806:9b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Thu, 8 Jul 2021 14:08:56 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4287.035; Thu, 8 Jul 2021 14:08:56 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [PATCH v5 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Date: Thu, 8 Jul 2021 14:08:45 +0000 Message-Id: <959ad1f27b83dd52524ef187ff9fc96c90a8ab86.1625687246.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN1PR12CA0108.namprd12.prod.outlook.com (2603:10b6:802:21::43) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN1PR12CA0108.namprd12.prod.outlook.com (2603:10b6:802:21::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.19 via Frontend Transport; Thu, 8 Jul 2021 14:08:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8b803d81-7430-41f1-6ce0-08d94219ecb0 X-MS-TrafficTypeDiagnostic: SA0PR12MB4592: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rmq5COFwhd3861PCu6S770GgyJ6Z2P0zxNBYgN55E8epjeq7Gwz0dixkBwJNw8951iCskwqLNBNdq9Rl4Gx0Iigwib0RiT3UpIGQmr0eRqp1Uo51598e8WPzMaUbybn4gSoozij5NNqabMqtu+/iJvVyIr6A9mAwzInOO0UWob3ANCv90I2jmQNy2CYpWT0Qp1fbQf/NvXsfifnhdhoP7F8eQjEVNYABqrKqpcm7DaBbda5uLP8hWl2Eo+NoTe2oQhkja/cWTlkJYHG/2H3lh68nuYZUfJ8ag6e9ocRVSgbPv8aMwhZsBgd1b+aERVh2aLpa2l4jX2HW4ssrzKcs0obsr4IolVH5dfHhJk1bQ1EDraleN7P+otMgZfPExjZveQ7AO7ips6pZSg0IyryLAHdNw3+pzDbInTTvWIW/2UJCBrpJO81OTYhf/4xXTUC2LRAAGv9BGJl6UQCUVYZgPPuBRzmenDjZrXkKSHD2REMWQt4kJVoiw5ZCwrXtqcp3J5zY942t4aU/Gw5yxAVUu2bMk8ooKvIa+1jn4P2CIb/nvgClwzwvMtcBbcfs8x2oP/YVBDIoGiiro5cQAveN28Q3Y1RqN/YfWgmQW9wlGZLr4AR/jUTJuuuNBgBhSEPSGBR0VyPhPb0SjrzBaxIdcNF/eCf5PsYbAHcEiup6g1ummLk88epDzXZvmvgUuV1IPNylI3+f+ftPWJ9wSI9BVg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(376002)(136003)(346002)(39860400002)(6486002)(86362001)(7416002)(36756003)(6916009)(52116002)(316002)(7696005)(8676002)(2616005)(956004)(66946007)(8936002)(26005)(478600001)(5660300002)(186003)(4326008)(66476007)(66556008)(19627235002)(6666004)(38100700002)(38350700002)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?QcO+4LdvUWmmQtJL5Wibh7+d6qe10hw9PPE+9Z1cbjJLJPBWW2kc3rAjCBKz?= =?us-ascii?Q?zGc8++1dhLTCANjzoDc38DMp+gh8uutWiBIaMGH6zDtUsoQJ2E5RIhTrGQPJ?= =?us-ascii?Q?1nMSSjOspQu/f5EWaxaEEKPcOPHkXR97akXBqkTpImOAdO3Tvk5jdHkMRVll?= =?us-ascii?Q?55dhZ620FtP5/nT16snX8uiNGSSlcL9DzNdDfpWgd5qQBC7D/5aB36zB+XMj?= =?us-ascii?Q?zgERprOlB0nDWTRb7T7pA5VXJbMP7XRsJDehwAmxej62hfQF3ZXnlwnZS1xZ?= =?us-ascii?Q?0pICKrUKztHQ2B0BtBtVoj2XqAwX3vc8VbImC05gwow7C+hn76Xpes95UlV3?= =?us-ascii?Q?LaEg3Z7O9b8D/y6Uxewdm0toesSmf2P2YKRSayFtHSr3EkY5aPU5W0kEC6n+?= =?us-ascii?Q?/N89ZQcMUWpbKDPCsw+GiMnf8h+f63eIJ3OH4SCk1ogVCCTRDEx8o/73XYwM?= =?us-ascii?Q?IqImiu6DIGwqn7pl/DvzpHKS7fH3IbWZIcMUccEg4y4bO/D4RwyMqMOjxpHi?= =?us-ascii?Q?88QM6efqL8TVxU7IkLL74aLEJBaB6OUzrTXvkeLZmHkiAaowpQX7EwThPyRJ?= =?us-ascii?Q?R7sf0gnYVjFz28NvmdOLcBbJNLr6HV7noF2zuwpDjyrlX0cIqYpK015dEGzv?= =?us-ascii?Q?d61qDD+ySdavBfroVqJPiCc69ARgTDzQBAn+/4eroBisSv+76jqBfAkgeNiu?= =?us-ascii?Q?TUksXBH9+e0HWijkXImPCwjIah6n+iJUM8wsSQiCjazvOSDoG/MnvrV5/rgp?= =?us-ascii?Q?swVQ6XMqU5TWbjXjnLNRvtDMxVIGQMyhPhht6H22GaEQwNsuEXBM4qu7Q0z/?= =?us-ascii?Q?0I1s37BUeDYnOMZpzEZCxSg28lNiH/9w9e9H9fesuwlWShU+UHixWD67Q9G5?= =?us-ascii?Q?8mtTs/VGMaa1X24IXwj4kVarGhC56aXGUj61pESpSdilHhwX1J03LwXbjs3J?= =?us-ascii?Q?pbDPRC9ZSqMr4DOKMv8c5wTsB3/uFVtkvRpm81mEzepF7Xmyv1H9QrffO1wO?= =?us-ascii?Q?nVx5gWgsxaaDCbCc92bH5/m/TBlj1Xy1LlnY/hQCl250FRGfBHOtUFSpRHcH?= =?us-ascii?Q?sWLSTIIcTFV9ZvUFriGXEOxFy4ERXnBt0McXgs2U2/n5BRjhaln8HwmMwIuw?= =?us-ascii?Q?JPWkHAkpXrpNv3Pnw6/zEjAZQZZR1dOM+v/HPwiqpAIZFuBxJn/x3b1n9Dmw?= =?us-ascii?Q?e92Xt7d5rROLSF3POzAQCXgm53c5kzIc+ir0YSsXJhzJPxez7ug678X6QP7+?= =?us-ascii?Q?zHV/LKK76xa8QUtcO4maBxFbFsemduhIRjhCWvlgWCv9CT97Fn6OY/ou3ysv?= =?us-ascii?Q?SdiBmc1wkh8QHeZvGdqUm1sJ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8b803d81-7430-41f1-6ce0-08d94219ecb0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2021 14:08:56.3785 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AM6G6cPHMCm/q4hrpd+mWr/qoEI69zycnOzzkJWvvfdqruNYgbdpz9jc48QMWxeKQZm+eonjWV2XEq34RVMF0w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4592 Content-Type: text/plain From: Ashish Kalra Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor page status tracking. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..1ec0de48fe 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -52,6 +52,15 @@ AmdSevEsInitialize ( PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + // + // GHCB_BASE setup during reset-vector needs to be marked as + // decrypted in the hypervisor page encryption bitmap. + // + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), + KVM_MAP_GPA_RANGE_DECRYPTED + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition -- 2.17.1