From: "Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>
To: Ashish Kalra <ashish.kalra@amd.com>
Cc: devel@edk2.groups.io, Dov Murik <dovmurik@linux.vnet.ibm.com>,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
James Bottomley <jejb@linux.ibm.com>,
Hubertus Franke <frankeh@us.ibm.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Jon Grimm <jon.grimm@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration.
Date: Wed, 3 Mar 2021 11:47:51 -0500 [thread overview]
Message-ID: <9fe30bee-f11e-bc11-404b-e93561226a28@linux.ibm.com> (raw)
In-Reply-To: <20210303164123.GB31638@ashkalra_ubuntu_server>
On 3/3/21 11:41 AM, Ashish Kalra wrote:
> Hello Tobin,
>
> You don't need this patch for MH support, this patch is only required
> for (SEV) slow migration support.
If the SevLiveMigrationEnabled variable is not set, the bitmap sync does
not work correctly (bitmap all zeros), at least for the version of the
kernel we have been using. Since the bitmap will be replaced, this might
not be necessary in the future but it is for our setup at the moment.
-Tobin
>
> Thanks,
> Ashish
>
> On Tue, Mar 02, 2021 at 03:48:28PM -0500, Tobin Feldman-Fitzthum wrote:
>> From: Ashish Kalra <ashish.kalra@amd.com>
>>
>> Detect for KVM hypervisor and check for SEV live migration
>> feature support via KVM_FEATURE_CPUID, if detected setup a new
>> UEFI enviroment variable to indicate OVMF support for SEV
>> live migration.
>>
>> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
>> ---
>> OvmfPkg/OvmfPkg.dec | 1 +
>> OvmfPkg/PlatformDxe/Platform.inf | 2 +
>> OvmfPkg/Include/Guid/MemEncryptLib.h | 16 +++++
>> OvmfPkg/PlatformDxe/PlatformConfig.h | 5 ++
>> OvmfPkg/PlatformDxe/AmdSev.c | 99 ++++++++++++++++++++++++++++
>> OvmfPkg/PlatformDxe/Platform.c | 6 ++
>> 6 files changed, 129 insertions(+)
>> create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h
>> create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c
>>
>> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
>> index 4348bb45c6..4450d78b91 100644
>> --- a/OvmfPkg/OvmfPkg.dec
>> +++ b/OvmfPkg/OvmfPkg.dec
>> @@ -122,6 +122,7 @@
>> gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
>> gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
>> gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
>> + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
>>
>> [Ppis]
>> # PPI whose presence in the PPI database signals that the TPM base address
>> diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf
>> index 14727c1220..2896f0a1d1 100644
>> --- a/OvmfPkg/PlatformDxe/Platform.inf
>> +++ b/OvmfPkg/PlatformDxe/Platform.inf
>> @@ -24,6 +24,7 @@
>> PlatformConfig.c
>> PlatformConfig.h
>> PlatformForms.vfr
>> + AmdSev.c
>>
>> [Packages]
>> MdePkg/MdePkg.dec
>> @@ -56,6 +57,7 @@
>> [Guids]
>> gEfiIfrTianoGuid
>> gOvmfPlatformConfigGuid
>> + gMemEncryptGuid
>>
>> [Depex]
>> gEfiHiiConfigRoutingProtocolGuid AND
>> diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h
>> new file mode 100644
>> index 0000000000..8264a647af
>> --- /dev/null
>> +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h
>> @@ -0,0 +1,16 @@
>> +/** @file
>> + AMD Memory Encryption GUID, define a new GUID for defining
>> + new UEFI enviroment variables assocaiated with SEV Memory Encryption.
>> + Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +**/
>> +
>> +#ifndef __MEMENCRYPT_LIB_H__
>> +#define __MEMENCRYPT_LIB_H__
>> +
>> +#define MEMENCRYPT_GUID \
>> +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
>> +
>> +extern EFI_GUID gMemEncryptGuid;
>> +
>> +#endif
>> diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h
>> index 716514da21..4f662aafa4 100644
>> --- a/OvmfPkg/PlatformDxe/PlatformConfig.h
>> +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h
>> @@ -44,6 +44,11 @@ PlatformConfigLoad (
>> OUT UINT64 *OptionalElements
>> );
>>
>> +VOID
>> +AmdSevSetConfig(
>> + VOID
>> + );
>> +
>> //
>> // Feature flags for OptionalElements.
>> //
>> diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c
>> new file mode 100644
>> index 0000000000..1f804984b7
>> --- /dev/null
>> +++ b/OvmfPkg/PlatformDxe/AmdSev.c
>> @@ -0,0 +1,99 @@
>> +/**@file
>> + Detect KVM hypervisor support for SEV live migration and if
>> + detected, setup a new UEFI enviroment variable indicating
>> + OVMF support for SEV live migration.
>> + Copyright (c) 2020, Advanced Micro Devices. All rights reserved.<BR>
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +**/
>> +//
>> +// The package level header files this module uses
>> +//
>> +
>> +#include <Library/BaseLib.h>
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/DebugLib.h>
>> +#include <Library/UefiBootServicesTableLib.h>
>> +#include <Library/UefiRuntimeServicesTableLib.h>
>> +#include <Guid/MemEncryptLib.h>
>> +
>> +/**
>> + Figures out if we are running inside KVM HVM and
>> + KVM HVM supports SEV Live Migration feature.
>> + @retval TRUE KVM was detected and Live Migration supported
>> + @retval FALSE KVM was not detected or Live Migration not supported
>> +**/
>> +BOOLEAN
>> +KvmDetectSevLiveMigrationFeature(
>> + VOID
>> + )
>> +{
>> + UINT8 Signature[13];
>> + UINT32 mKvmLeaf = 0;
>> + UINT32 RegEax, RegEbx, RegEcx, RegEdx;
>> +
>> + Signature[12] = '\0';
>> + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) {
>> + AsmCpuid (mKvmLeaf,
>> + NULL,
>> + (UINT32 *) &Signature[0],
>> + (UINT32 *) &Signature[4],
>> + (UINT32 *) &Signature[8]);
>> +
>> + if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) {
>> + DEBUG ((
>> + DEBUG_ERROR,
>> + "%a: KVM Detected, signature = %s\n",
>> + __FUNCTION__,
>> + Signature
>> + ));
>> +
>> + RegEax = 0x40000001;
>> + RegEcx = 0;
>> + AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx);
>> + if (RegEax & (1 << 14)) {
>> + DEBUG ((
>> + DEBUG_ERROR,
>> + "%a: Live Migration feature supported\n",
>> + __FUNCTION__
>> + ));
>> + return TRUE;
>> + }
>> + }
>> + }
>> +
>> + return FALSE;
>> +}
>> +
>> +/**
>> + Function checks if SEV Live Migration support is available, if present then it sets
>> + a UEFI enviroment variable to be queried later using Runtime services.
>> + **/
>> +VOID
>> +AmdSevSetConfig(
>> + VOID
>> + )
>> +{
>> + EFI_STATUS Status;
>> + BOOLEAN SevLiveMigrationEnabled;
>> +
>> + SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature();
>> +
>> + if (SevLiveMigrationEnabled) {
>> + Status = gRT->SetVariable (
>> + L"SevLiveMigrationEnabled",
>> + &gMemEncryptGuid,
>> + EFI_VARIABLE_NON_VOLATILE |
>> + EFI_VARIABLE_BOOTSERVICE_ACCESS |
>> + EFI_VARIABLE_RUNTIME_ACCESS,
>> + sizeof (BOOLEAN),
>> + &SevLiveMigrationEnabled
>> + );
>> +
>> + DEBUG ((
>> + DEBUG_ERROR,
>> + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n",
>> + __FUNCTION__,
>> + Status
>> + ));
>> + }
>> +}
>> diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c
>> index f2e51960ce..9a19b9f6b1 100644
>> --- a/OvmfPkg/PlatformDxe/Platform.c
>> +++ b/OvmfPkg/PlatformDxe/Platform.c
>> @@ -763,6 +763,12 @@ PlatformInit (
>> {
>> EFI_STATUS Status;
>>
>> + //
>> + // Set Amd Sev configuation
>> + //
>> + AmdSevSetConfig();
>> +
>> +
>> ExecutePlatformConfig ();
>>
>> mConfigAccess.ExtractConfig = &ExtractConfig;
>> --
>> 2.20.1
>>
next prev parent reply other threads:[~2021-03-03 16:48 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-02 20:48 [RFC PATCH 00/14] Firmware Support for Fast Live Migration for AMD SEV Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 01/14] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 02/14] OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap Tobin Feldman-Fitzthum
2021-03-03 0:16 ` Ashish Kalra
2021-03-03 14:56 ` [edk2-devel] " Tobin Feldman-Fitzthum
2021-03-03 15:01 ` Ashish Kalra
2021-03-02 20:48 ` [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration Tobin Feldman-Fitzthum
2021-03-03 16:41 ` Ashish Kalra
2021-03-03 16:47 ` Tobin Feldman-Fitzthum [this message]
2021-03-03 16:57 ` Ashish Kalra
2021-03-02 20:48 ` [RFC PATCH 04/14] OvmfPkg/AmdSev: Base for Confidential Migration Handler Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 05/14] OvmfPkg/PlatfomPei: Set Confidential Migration PCD Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 06/14] OvmfPkg/AmdSev: Setup Migration Handler Mailbox Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 07/14] OvmfPkg/AmdSev: MH support for mailbox protocol Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 08/14] UefiCpuPkg/MpInitLib: temp removal of MpLib cleanup Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 09/14] UefiCpuPkg/MpInitLib: Allocate MP buffer as runtime memory Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 10/14] UefiCpuPkg/CpuExceptionHandlerLib: Exception handling " Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 11/14] OvmfPkg/AmdSev: Build page table for migration handler Tobin Feldman-Fitzthum
2021-03-03 16:32 ` Ashish Kalra
2021-03-03 18:58 ` Dov Murik
2021-03-02 20:48 ` [RFC PATCH 12/14] OvmfPkg/AmdSev: Don't overwrite mailbox or pagetables Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 13/14] OvmfPkg/AmdSev: Don't overwrite MH stack Tobin Feldman-Fitzthum
2021-03-02 20:48 ` [RFC PATCH 14/14] OvmfPkg/AmdSev: MH page encryption POC Tobin Feldman-Fitzthum
2021-03-03 16:14 ` [edk2-devel] [RFC PATCH 00/14] Firmware Support for Fast Live Migration for AMD SEV Laszlo Ersek
2021-03-03 18:25 ` Tobin Feldman-Fitzthum
2021-03-04 17:35 ` Laszlo Ersek
2021-03-05 10:44 ` Ashish Kalra
2021-03-05 16:10 ` Ashish Kalra
2021-03-05 21:22 ` Tobin Feldman-Fitzthum
2021-03-04 1:49 ` Yao, Jiewen
2021-03-04 9:21 ` Paolo Bonzini
2021-03-04 20:45 ` Laszlo Ersek
2021-03-04 21:18 ` Laszlo Ersek
2021-03-05 8:59 ` Paolo Bonzini
[not found] ` <166900903D364B89.9163@groups.io>
2021-03-13 2:32 ` Yao, Jiewen
2021-03-16 17:05 ` Singh, Brijesh
2021-03-16 17:47 ` Tobin Feldman-Fitzthum
2021-03-17 15:30 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9fe30bee-f11e-bc11-404b-e93561226a28@linux.ibm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox