From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web11.9472.1614790081025631025 for ; Wed, 03 Mar 2021 08:48:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=KoiSHQv+; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: tobin@linux.ibm.com) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 123GX5rY019253; Wed, 3 Mar 2021 11:47:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=YFCc+Twrpv4gBx5XaMov3IN3Lw8+X78XEpyJK1cTetI=; b=KoiSHQv+6GTdOoKkTGD0tDSr5MpM2JHTdCfBw2Ae6obbNWW1zCJrwn8uSq70Yfs58YqO LRdCPpIsLWSpzuhqNylLpF/Fyz4WBZnJ82ZDjLkdQ3Scful7g4Mr7ewvW7E5nuEuKnGB xUCysGvP0FV9GBBC5Xw9uEZdHXV8hSe1YlsWrN1zWr62QmuqvQxlfjdrbQVWiyKUyCmd Mjlg6vOS7rsUvmLtPl6y8adOOmaArarMRavHaINclnVOLwnKjvKsdHUR2kR1QxDGicE/ rXAfCslg05l5hW+MN2jxVOtfGM+yf+fqhYMj+W4VBZbexR4Sw0JFrMy6QCy0CWbtg58d tA== Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0b-001b2d01.pphosted.com with ESMTP id 372cj0d9gx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Mar 2021 11:47:53 -0500 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 123GbPJB003626; Wed, 3 Mar 2021 16:47:52 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma01wdc.us.ibm.com with ESMTP id 36ydq989rq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Mar 2021 16:47:52 +0000 Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 123Glpa731588764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 3 Mar 2021 16:47:51 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DDC212805C; Wed, 3 Mar 2021 16:47:51 +0000 (GMT) Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A65BA2805A; Wed, 3 Mar 2021 16:47:51 +0000 (GMT) Received: from Tobins-MacBook-Pro-2.local (unknown [9.85.173.209]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 3 Mar 2021 16:47:51 +0000 (GMT) Subject: Re: [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration. To: Ashish Kalra Cc: devel@edk2.groups.io, Dov Murik , Tobin Feldman-Fitzthum , James Bottomley , Hubertus Franke , Brijesh Singh , Jon Grimm , Tom Lendacky References: <20210302204839.82042-1-tobin@linux.ibm.com> <20210302204839.82042-4-tobin@linux.ibm.com> <20210303164123.GB31638@ashkalra_ubuntu_server> From: "Tobin Feldman-Fitzthum" Message-ID: <9fe30bee-f11e-bc11-404b-e93561226a28@linux.ibm.com> Date: Wed, 3 Mar 2021 11:47:51 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: <20210303164123.GB31638@ashkalra_ubuntu_server> X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.761 definitions=2021-03-03_05:2021-03-03,2021-03-03 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 bulkscore=0 spamscore=0 clxscore=1015 phishscore=0 mlxlogscore=999 impostorscore=0 lowpriorityscore=0 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103030121 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US On 3/3/21 11:41 AM, Ashish Kalra wrote: > Hello Tobin, > > You don't need this patch for MH support, this patch is only required > for (SEV) slow migration support. If the SevLiveMigrationEnabled variable is not set, the bitmap sync does not work correctly (bitmap all zeros), at least for the version of the kernel we have been using. Since the bitmap will be replaced, this might not be necessary in the future but it is for our setup at the moment. -Tobin > > Thanks, > Ashish > > On Tue, Mar 02, 2021 at 03:48:28PM -0500, Tobin Feldman-Fitzthum wrote: >> From: Ashish Kalra >> >> Detect for KVM hypervisor and check for SEV live migration >> feature support via KVM_FEATURE_CPUID, if detected setup a new >> UEFI enviroment variable to indicate OVMF support for SEV >> live migration. >> >> Signed-off-by: Ashish Kalra >> --- >> OvmfPkg/OvmfPkg.dec | 1 + >> OvmfPkg/PlatformDxe/Platform.inf | 2 + >> OvmfPkg/Include/Guid/MemEncryptLib.h | 16 +++++ >> OvmfPkg/PlatformDxe/PlatformConfig.h | 5 ++ >> OvmfPkg/PlatformDxe/AmdSev.c | 99 ++++++++++++++++++++++++++++ >> OvmfPkg/PlatformDxe/Platform.c | 6 ++ >> 6 files changed, 129 insertions(+) >> create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h >> create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c >> >> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec >> index 4348bb45c6..4450d78b91 100644 >> --- a/OvmfPkg/OvmfPkg.dec >> +++ b/OvmfPkg/OvmfPkg.dec >> @@ -122,6 +122,7 @@ >> gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} >> gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} >> gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} >> + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} >> >> [Ppis] >> # PPI whose presence in the PPI database signals that the TPM base address >> diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf >> index 14727c1220..2896f0a1d1 100644 >> --- a/OvmfPkg/PlatformDxe/Platform.inf >> +++ b/OvmfPkg/PlatformDxe/Platform.inf >> @@ -24,6 +24,7 @@ >> PlatformConfig.c >> PlatformConfig.h >> PlatformForms.vfr >> + AmdSev.c >> >> [Packages] >> MdePkg/MdePkg.dec >> @@ -56,6 +57,7 @@ >> [Guids] >> gEfiIfrTianoGuid >> gOvmfPlatformConfigGuid >> + gMemEncryptGuid >> >> [Depex] >> gEfiHiiConfigRoutingProtocolGuid AND >> diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h >> new file mode 100644 >> index 0000000000..8264a647af >> --- /dev/null >> +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h >> @@ -0,0 +1,16 @@ >> +/** @file >> + AMD Memory Encryption GUID, define a new GUID for defining >> + new UEFI enviroment variables assocaiated with SEV Memory Encryption. >> + Copyright (c) 2020, AMD Inc. All rights reserved.
>> + SPDX-License-Identifier: BSD-2-Clause-Patent >> +**/ >> + >> +#ifndef __MEMENCRYPT_LIB_H__ >> +#define __MEMENCRYPT_LIB_H__ >> + >> +#define MEMENCRYPT_GUID \ >> +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} >> + >> +extern EFI_GUID gMemEncryptGuid; >> + >> +#endif >> diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h >> index 716514da21..4f662aafa4 100644 >> --- a/OvmfPkg/PlatformDxe/PlatformConfig.h >> +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h >> @@ -44,6 +44,11 @@ PlatformConfigLoad ( >> OUT UINT64 *OptionalElements >> ); >> >> +VOID >> +AmdSevSetConfig( >> + VOID >> + ); >> + >> // >> // Feature flags for OptionalElements. >> // >> diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c >> new file mode 100644 >> index 0000000000..1f804984b7 >> --- /dev/null >> +++ b/OvmfPkg/PlatformDxe/AmdSev.c >> @@ -0,0 +1,99 @@ >> +/**@file >> + Detect KVM hypervisor support for SEV live migration and if >> + detected, setup a new UEFI enviroment variable indicating >> + OVMF support for SEV live migration. >> + Copyright (c) 2020, Advanced Micro Devices. All rights reserved.
>> + SPDX-License-Identifier: BSD-2-Clause-Patent >> +**/ >> +// >> +// The package level header files this module uses >> +// >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +/** >> + Figures out if we are running inside KVM HVM and >> + KVM HVM supports SEV Live Migration feature. >> + @retval TRUE KVM was detected and Live Migration supported >> + @retval FALSE KVM was not detected or Live Migration not supported >> +**/ >> +BOOLEAN >> +KvmDetectSevLiveMigrationFeature( >> + VOID >> + ) >> +{ >> + UINT8 Signature[13]; >> + UINT32 mKvmLeaf = 0; >> + UINT32 RegEax, RegEbx, RegEcx, RegEdx; >> + >> + Signature[12] = '\0'; >> + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) { >> + AsmCpuid (mKvmLeaf, >> + NULL, >> + (UINT32 *) &Signature[0], >> + (UINT32 *) &Signature[4], >> + (UINT32 *) &Signature[8]); >> + >> + if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) { >> + DEBUG (( >> + DEBUG_ERROR, >> + "%a: KVM Detected, signature = %s\n", >> + __FUNCTION__, >> + Signature >> + )); >> + >> + RegEax = 0x40000001; >> + RegEcx = 0; >> + AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx); >> + if (RegEax & (1 << 14)) { >> + DEBUG (( >> + DEBUG_ERROR, >> + "%a: Live Migration feature supported\n", >> + __FUNCTION__ >> + )); >> + return TRUE; >> + } >> + } >> + } >> + >> + return FALSE; >> +} >> + >> +/** >> + Function checks if SEV Live Migration support is available, if present then it sets >> + a UEFI enviroment variable to be queried later using Runtime services. >> + **/ >> +VOID >> +AmdSevSetConfig( >> + VOID >> + ) >> +{ >> + EFI_STATUS Status; >> + BOOLEAN SevLiveMigrationEnabled; >> + >> + SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature(); >> + >> + if (SevLiveMigrationEnabled) { >> + Status = gRT->SetVariable ( >> + L"SevLiveMigrationEnabled", >> + &gMemEncryptGuid, >> + EFI_VARIABLE_NON_VOLATILE | >> + EFI_VARIABLE_BOOTSERVICE_ACCESS | >> + EFI_VARIABLE_RUNTIME_ACCESS, >> + sizeof (BOOLEAN), >> + &SevLiveMigrationEnabled >> + ); >> + >> + DEBUG (( >> + DEBUG_ERROR, >> + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", >> + __FUNCTION__, >> + Status >> + )); >> + } >> +} >> diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c >> index f2e51960ce..9a19b9f6b1 100644 >> --- a/OvmfPkg/PlatformDxe/Platform.c >> +++ b/OvmfPkg/PlatformDxe/Platform.c >> @@ -763,6 +763,12 @@ PlatformInit ( >> { >> EFI_STATUS Status; >> >> + // >> + // Set Amd Sev configuation >> + // >> + AmdSevSetConfig(); >> + >> + >> ExecutePlatformConfig (); >> >> mConfigAccess.ExtractConfig = &ExtractConfig; >> -- >> 2.20.1 >>