From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=qOB5OxbS; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.80.49, mailfrom: thomas.lendacky@amd.com) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (NAM03-DM3-obe.outbound.protection.outlook.com [40.107.80.49]) by groups.io with SMTP; Thu, 19 Sep 2019 12:52:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K2bU6Xzbo3pVRTB7S7mw6WaFtKOe/K6Z1VhqKFK+u9fZcqN+n+qrYx/vqj2AUJVfMPOsoUvXdkLfn5lHum6fmDTIHTCblvRnGFT3ivnYuIW+bJUuAZuYyoRk6xu2loqJC7KmFnhXIDdB3wmGD37p422AEK6ow9b1YxFApTtxCkmjWYKql16wrVmApDU0zytM1HcxUtH60lLuZasXIleYInYPdZcryCpkMd+lNsWSvm+kARFzDole70bNx2x3I0MLmcQt7yZOHuPWol9lpr6GhRrofICAUGMXolY2OzD6T+e26VbDaYO25UNoguNmD89fK5uXgDyzXESXCyZYllgJNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GLlqY5NQYtbpVpuHy7beXxC6YAP/VG/p9Bzvvz2TpOc=; b=Aewr4lPGbgTUGqyUTvcB9HJcemuvS/zUDnSMoGbvV9T4nNP8P5TArz4s3GmsFW87DybliPf2lwQMIr+DXZyHtUl5P1ydoc6Aw7aYvSfmE19P04h9WCXUZJ0e7zWRBT8PxfJhyncp+gPr+uapqzO4dZsQ71O84Y16Il7BHVW8lxs1Mp06D+O9sOW9mAXC/fyViOr4uclx5Oie+8aHHTpLLOEcUZZ1FPMa4T66uW/pvQKc+CrmUQg6S1mSTZrJoVwvaSKfZb3FQbjI4JodXytp/FMYYgOuc7bBO1MfJo2iwcicR1y9lez5gTzhMcf0jDMRlRreyL8GXxmiggv1560x1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GLlqY5NQYtbpVpuHy7beXxC6YAP/VG/p9Bzvvz2TpOc=; b=qOB5OxbSbkLiNnCYWYmzjUh6fTKWJeJWUmICb7Aq0+BlZCL33zZoEROxzxzQyGpQx05VOQeQLHh2embnvq56LRIl7sQKd8EbO2GpHJxPBD4BxU0nzP0Ymj0mCdGzHmnqkTktKrLGArqk2+XmI4x1/W6J24d2kVT4ISBTXvHoRjc= Received: from DM6PR12MB3163.namprd12.prod.outlook.com (20.179.104.150) by DM6PR12MB2890.namprd12.prod.outlook.com (20.179.71.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.23; Thu, 19 Sep 2019 19:52:33 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::400e:f0c3:7ca:2fcc]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::400e:f0c3:7ca:2fcc%6]) with mapi id 15.20.2284.009; Thu, 19 Sep 2019 19:52:33 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [RFC PATCH v2 08/44] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Thread-Topic: [RFC PATCH v2 08/44] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Thread-Index: AQHVbyPHXRDv/YGRIEiL4Ddvjs4NBA== Date: Thu, 19 Sep 2019 19:52:33 +0000 Message-ID: <9799d415f652618c8a960cdb0040918185588652.1568922728.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.17.1 x-clientproxiedby: SN4PR0501CA0146.namprd05.prod.outlook.com (2603:10b6:803:2c::24) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:182::22) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.78.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4756aa61-f346-4835-33c9-08d73d3ae9a1 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB2890; x-ms-traffictypediagnostic: DM6PR12MB2890: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 016572D96D x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(376002)(366004)(396003)(136003)(39860400002)(189003)(199004)(2501003)(99286004)(6486002)(86362001)(476003)(52116002)(11346002)(446003)(54906003)(2616005)(8936002)(19627235002)(3846002)(6436002)(64756008)(5660300002)(66556008)(66476007)(8676002)(66446008)(76176011)(66946007)(256004)(2351001)(486006)(6512007)(5640700003)(6116002)(50226002)(6916009)(6306002)(118296001)(71200400001)(71190400001)(2906002)(386003)(6506007)(966005)(14454004)(478600001)(4326008)(305945005)(66066001)(36756003)(26005)(102836004)(316002)(7736002)(14444005)(81166006)(186003)(1730700003)(25786009)(81156014);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB2890;H:DM6PR12MB3163.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Membm+uCOvEOnLnSOqln5UAByZnLMwmO2MUjfMGnWOL+2x9WmRXzcd0hyaRvToBMj3truTxujciks2Js59BZPNOlaiAIfOrl5oETxbrg2rM8NMMaG2WEXqk5q8m0qiiE9MviWzrhCoEHaAH4O0oprM9VsIoR+T//b/LqbkaCEqboxf3XN0p9B66nB7eMMcBBKTWYSO7+IxjVgnKEh45Pb+n+r1r5fi7MZm/sBxngETlCKgssjX/37QCFMEbpGDEBZWqDNoebuKU/sclVW9dKpqlJPJOnxuYfszmchJYv95WVhOX4zLORsr8UoUXsWkx6vL/XiHOpij0HJmuYNeSTn3QRv8gvumoDI889sU0f5ZhFEcsvrDhDYtZfIiGlGX/d1IM1dmQBehbLbmNkbk0wHjQQxazHEndS+CFku9/x3LE= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4756aa61-f346-4835-33c9-08d73d3ae9a1 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 19:52:33.5276 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jnrBrRiSgnuBSbVU25GmBx+MjdNCYnjnvv76N698zStP4741Xk1H+Z7vgPpZb1ywKasf9UWHYYkZ937FlFs0aw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2890 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-ID: <1D2FD5EBCDC4E2488ACE870DA98017A3@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2198 Allocate memory for the GHCB pages during SEV initialization for use during Pei and Dxe phases. The GHCB page(s) must be shared pages, so clear the encryption mask from the current page table entries. Upon successful allocation, set the GHCB PCDs (PcdGhcbBase and PcdGhcbSize). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkgIa32.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/PlatformPei/AmdSev.c | 36 ++++++++++++++++++++++++++++- 5 files changed, 43 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 0ce5c01722ef..4369cf6d55e5 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -560,6 +560,8 @@ [PcdsDynamicDefault] =20 # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 =20 !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index e7455e35a55d..a74f5028068e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -572,6 +572,8 @@ [PcdsDynamicDefault] =20 # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 =20 !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0b8305cd10a2..fd714d386e75 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -571,6 +571,8 @@ [PcdsDynamicDefault] =20 # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 =20 !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index a9e424a6012a..62abc99f4622 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -105,6 +105,8 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 7ae2f26a2ba7..30c0e4af7252 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -16,6 +16,9 @@ #include #include #include +#include +#include +#include =20 #include "Platform.h" =20 @@ -30,7 +33,10 @@ AmdSevEsInitialize ( VOID ) { - RETURN_STATUS PcdStatus; + VOID *GhcbBase; + PHYSICAL_ADDRESS GhcbBasePa; + UINTN GhcbPageCount; + RETURN_STATUS PcdStatus, DecryptStatus; =20 if (!MemEncryptSevEsIsEnabled ()) { return; @@ -38,6 +44,34 @@ AmdSevEsInitialize ( =20 PcdStatus =3D PcdSetBoolS (PcdSevEsActive, 1); ASSERT_RETURN_ERROR (PcdStatus); + + // + // Allocate GHCB pages. + // + GhcbPageCount =3D mMaxCpuCount; + GhcbBase =3D AllocatePages (GhcbPageCount); + ASSERT (GhcbBase); + + GhcbBasePa =3D (PHYSICAL_ADDRESS)(UINTN) GhcbBase; + + DecryptStatus =3D MemEncryptSevClearPageEncMask ( + 0, + GhcbBasePa, + GhcbPageCount, + TRUE + ); + ASSERT_RETURN_ERROR (DecryptStatus); + + SetMem (GhcbBase, GhcbPageCount * SIZE_4KB, 0); + + PcdStatus =3D PcdSet64S (PcdGhcbBase, (UINT64)GhcbBasePa); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdGhcbSize, (UINT64)EFI_PAGES_TO_SIZE (GhcbPag= eCount)); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting= at 0x%lx\n", GhcbPageCount, GhcbBase)); + + AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa); } =20 /** --=20 2.17.1