From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web11.9472.1614790081025631025
 for <devel@edk2.groups.io>;
 Wed, 03 Mar 2021 08:48:01 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=KoiSHQv+;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: tobin@linux.ibm.com)
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 123GX5rY019253;
	Wed, 3 Mar 2021 11:47:53 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc :
 references : from : message-id : date : mime-version : in-reply-to :
 content-type : content-transfer-encoding; s=pp1;
 bh=YFCc+Twrpv4gBx5XaMov3IN3Lw8+X78XEpyJK1cTetI=;
 b=KoiSHQv+6GTdOoKkTGD0tDSr5MpM2JHTdCfBw2Ae6obbNWW1zCJrwn8uSq70Yfs58YqO
 LRdCPpIsLWSpzuhqNylLpF/Fyz4WBZnJ82ZDjLkdQ3Scful7g4Mr7ewvW7E5nuEuKnGB
 xUCysGvP0FV9GBBC5Xw9uEZdHXV8hSe1YlsWrN1zWr62QmuqvQxlfjdrbQVWiyKUyCmd
 Mjlg6vOS7rsUvmLtPl6y8adOOmaArarMRavHaINclnVOLwnKjvKsdHUR2kR1QxDGicE/
 rXAfCslg05l5hW+MN2jxVOtfGM+yf+fqhYMj+W4VBZbexR4Sw0JFrMy6QCy0CWbtg58d tA== 
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253])
	by mx0b-001b2d01.pphosted.com with ESMTP id 372cj0d9gx-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 03 Mar 2021 11:47:53 -0500
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 123GbPJB003626;
	Wed, 3 Mar 2021 16:47:52 GMT
Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23])
	by ppma01wdc.us.ibm.com with ESMTP id 36ydq989rq-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 03 Mar 2021 16:47:52 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106])
	by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 123Glpa731588764
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 3 Mar 2021 16:47:51 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id DDC212805C;
	Wed,  3 Mar 2021 16:47:51 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id A65BA2805A;
	Wed,  3 Mar 2021 16:47:51 +0000 (GMT)
Received: from Tobins-MacBook-Pro-2.local (unknown [9.85.173.209])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  3 Mar 2021 16:47:51 +0000 (GMT)
Subject: Re: [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration.
To: Ashish Kalra <ashish.kalra@amd.com>
Cc: devel@edk2.groups.io, Dov Murik <dovmurik@linux.vnet.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        James Bottomley
 <jejb@linux.ibm.com>,
        Hubertus Franke <frankeh@us.ibm.com>,
        Brijesh Singh <brijesh.singh@amd.com>, Jon Grimm <jon.grimm@amd.com>,
        Tom Lendacky <thomas.lendacky@amd.com>
References: <20210302204839.82042-1-tobin@linux.ibm.com>
 <20210302204839.82042-4-tobin@linux.ibm.com>
 <20210303164123.GB31638@ashkalra_ubuntu_server>
From: "Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>
Message-ID: <9fe30bee-f11e-bc11-404b-e93561226a28@linux.ibm.com>
Date: Wed, 3 Mar 2021 11:47:51 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
 Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <20210303164123.GB31638@ashkalra_ubuntu_server>
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.761
 definitions=2021-03-03_05:2021-03-03,2021-03-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 bulkscore=0 spamscore=0 clxscore=1015 phishscore=0 mlxlogscore=999
 impostorscore=0 lowpriorityscore=0 suspectscore=0 malwarescore=0
 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2009150000 definitions=main-2103030121
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US


On 3/3/21 11:41 AM, Ashish Kalra wrote:
> Hello Tobin,
>
> You don't need this patch for MH support, this patch is only required
> for (SEV) slow migration support.

If the SevLiveMigrationEnabled variable is not set, the bitmap sync does 
not work correctly (bitmap all zeros), at least for the version of the 
kernel we have been using. Since the bitmap will be replaced, this might 
not be necessary in the future but it is for our setup at the moment.

-Tobin

>
> Thanks,
> Ashish
>
> On Tue, Mar 02, 2021 at 03:48:28PM -0500, Tobin Feldman-Fitzthum wrote:
>> From: Ashish Kalra <ashish.kalra@amd.com>
>>
>> Detect for KVM hypervisor and check for SEV live migration
>> feature support via KVM_FEATURE_CPUID, if detected setup a new
>> UEFI enviroment variable to indicate OVMF support for SEV
>> live migration.
>>
>> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
>> ---
>>   OvmfPkg/OvmfPkg.dec                  |  1 +
>>   OvmfPkg/PlatformDxe/Platform.inf     |  2 +
>>   OvmfPkg/Include/Guid/MemEncryptLib.h | 16 +++++
>>   OvmfPkg/PlatformDxe/PlatformConfig.h |  5 ++
>>   OvmfPkg/PlatformDxe/AmdSev.c         | 99 ++++++++++++++++++++++++++++
>>   OvmfPkg/PlatformDxe/Platform.c       |  6 ++
>>   6 files changed, 129 insertions(+)
>>   create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h
>>   create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c
>>
>> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
>> index 4348bb45c6..4450d78b91 100644
>> --- a/OvmfPkg/OvmfPkg.dec
>> +++ b/OvmfPkg/OvmfPkg.dec
>> @@ -122,6 +122,7 @@
>>     gQemuKernelLoaderFsMediaGuid          = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
>>     gGrubFileGuid                         = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
>>     gConfidentialComputingSecretGuid      = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
>> +  gMemEncryptGuid                       = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
>>   
>>   [Ppis]
>>     # PPI whose presence in the PPI database signals that the TPM base address
>> diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf
>> index 14727c1220..2896f0a1d1 100644
>> --- a/OvmfPkg/PlatformDxe/Platform.inf
>> +++ b/OvmfPkg/PlatformDxe/Platform.inf
>> @@ -24,6 +24,7 @@
>>     PlatformConfig.c
>>     PlatformConfig.h
>>     PlatformForms.vfr
>> +  AmdSev.c
>>   
>>   [Packages]
>>     MdePkg/MdePkg.dec
>> @@ -56,6 +57,7 @@
>>   [Guids]
>>     gEfiIfrTianoGuid
>>     gOvmfPlatformConfigGuid
>> +  gMemEncryptGuid
>>   
>>   [Depex]
>>     gEfiHiiConfigRoutingProtocolGuid  AND
>> diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h
>> new file mode 100644
>> index 0000000000..8264a647af
>> --- /dev/null
>> +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h
>> @@ -0,0 +1,16 @@
>> +/** @file
>> +  AMD Memory Encryption GUID, define a new GUID for defining
>> +  new UEFI enviroment variables assocaiated with SEV Memory Encryption.
>> +  Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
>> +**/
>> +
>> +#ifndef __MEMENCRYPT_LIB_H__
>> +#define __MEMENCRYPT_LIB_H__
>> +
>> +#define MEMENCRYPT_GUID \
>> +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
>> +
>> +extern EFI_GUID gMemEncryptGuid;
>> +
>> +#endif
>> diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h
>> index 716514da21..4f662aafa4 100644
>> --- a/OvmfPkg/PlatformDxe/PlatformConfig.h
>> +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h
>> @@ -44,6 +44,11 @@ PlatformConfigLoad (
>>     OUT UINT64          *OptionalElements
>>     );
>>   
>> +VOID
>> +AmdSevSetConfig(
>> +  VOID
>> +  );
>> +
>>   //
>>   // Feature flags for OptionalElements.
>>   //
>> diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c
>> new file mode 100644
>> index 0000000000..1f804984b7
>> --- /dev/null
>> +++ b/OvmfPkg/PlatformDxe/AmdSev.c
>> @@ -0,0 +1,99 @@
>> +/**@file
>> +  Detect KVM hypervisor support for SEV live migration and if
>> +  detected, setup a new UEFI enviroment variable indicating
>> +  OVMF support for SEV live migration.
>> +  Copyright (c) 2020, Advanced Micro Devices. All rights reserved.<BR>
>> +  SPDX-License-Identifier: BSD-2-Clause-Patent
>> +**/
>> +//
>> +// The package level header files this module uses
>> +//
>> +
>> +#include <Library/BaseLib.h>
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/DebugLib.h>
>> +#include <Library/UefiBootServicesTableLib.h>
>> +#include <Library/UefiRuntimeServicesTableLib.h>
>> +#include <Guid/MemEncryptLib.h>
>> +
>> +/**
>> +  Figures out if we are running inside KVM HVM and
>> +  KVM HVM supports SEV Live Migration feature.
>> +  @retval TRUE   KVM was detected and Live Migration supported
>> +  @retval FALSE  KVM was not detected or Live Migration not supported
>> +**/
>> +BOOLEAN
>> +KvmDetectSevLiveMigrationFeature(
>> +  VOID
>> +  )
>> +{
>> +  UINT8 Signature[13];
>> +  UINT32 mKvmLeaf = 0;
>> +  UINT32 RegEax, RegEbx, RegEcx, RegEdx;
>> +
>> +  Signature[12] = '\0';
>> +  for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) {
>> +    AsmCpuid (mKvmLeaf,
>> +              NULL,
>> +              (UINT32 *) &Signature[0],
>> +              (UINT32 *) &Signature[4],
>> +              (UINT32 *) &Signature[8]);
>> +
>> +    if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) {
>> +   DEBUG ((
>> +    DEBUG_ERROR,
>> +    "%a: KVM Detected, signature = %s\n",
>> +    __FUNCTION__,
>> +    Signature
>> +    ));
>> +
>> +    RegEax = 0x40000001;
>> +    RegEcx = 0;
>> +      AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx);
>> +      if (RegEax & (1 << 14)) {
>> +     DEBUG ((
>> +    DEBUG_ERROR,
>> +    "%a: Live Migration feature supported\n",
>> +    __FUNCTION__
>> +    ));
>> +    return TRUE;
>> +     }
>> +    }
>> +  }
>> +
>> +  return FALSE;
>> +}
>> +
>> +/**
>> +  Function checks if SEV Live Migration support is available, if present then it sets
>> +  a UEFI enviroment variable to be queried later using Runtime services.
>> +  **/
>> +VOID
>> +AmdSevSetConfig(
>> +  VOID
>> +  )
>> +{
>> +  EFI_STATUS Status;
>> +  BOOLEAN SevLiveMigrationEnabled;
>> +
>> +  SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature();
>> +
>> +  if (SevLiveMigrationEnabled) {
>> +   Status = gRT->SetVariable (
>> +    L"SevLiveMigrationEnabled",
>> +                &gMemEncryptGuid,
>> +    EFI_VARIABLE_NON_VOLATILE |
>> +                EFI_VARIABLE_BOOTSERVICE_ACCESS |
>> +          EFI_VARIABLE_RUNTIME_ACCESS,
>> +                sizeof (BOOLEAN),
>> +                &SevLiveMigrationEnabled
>> +               );
>> +
>> +   DEBUG ((
>> +    DEBUG_ERROR,
>> +    "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n",
>> +    __FUNCTION__,
>> +    Status
>> +    ));
>> +  }
>> +}
>> diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c
>> index f2e51960ce..9a19b9f6b1 100644
>> --- a/OvmfPkg/PlatformDxe/Platform.c
>> +++ b/OvmfPkg/PlatformDxe/Platform.c
>> @@ -763,6 +763,12 @@ PlatformInit (
>>   {
>>     EFI_STATUS Status;
>>   
>> +  //
>> +  // Set Amd Sev configuation
>> +  //
>> +  AmdSevSetConfig();
>> +
>> +
>>     ExecutePlatformConfig ();
>>   
>>     mConfigAccess.ExtractConfig = &ExtractConfig;
>> -- 
>> 2.20.1
>>