On Apr 21, 2021, at 10:45 AM, Lendacky, Thomas <thomas.lendacky@amd.com> wrote:

On 4/21/21 12:20 PM, Andrew Fish wrote:

Tom,

I think you meant this for Eric, who orignally asked the question.

Thanks,
Tom

The phases are defined by the UEFI Platform Initialization Specification
[1] (PI Spec). Basically the UEFI Specification defines how to write EFI
OS Loaders and Option ROMs and EFI is just defined in the context of how
EFI services are passed into applications or drivers. The UEFI Platform
Initialization Specification is how to write modular bits of the firmware
that interoperate. So all PI systems produce UEFI, but not all UEFI
systems are built out of PI. There are also some schemes that use the
early parts of PI, but not all of it but this is confusing enough without
talking about that. 

[1] https://uefi.org/specifications
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuefi.org%2Fspecifications&data=04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546224695823638%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zItDTPHlE2ff245VNo1pf6EmpmWk9Huz5HLLCTFQqA0%3D&reserved=0>

Thanks,

Andrew Fish

On Apr 21, 2021, at 7:09 AM, Andrew Fish via groups.io
<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgroups.io%2F&data=04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546224695833632%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fdsetjCVemD2frKffZYzJcWrhGHsIu%2BtnYQDvHnf5RE%3D&reserved=0>
<afish=apple.com@groups.io <mailto:afish=apple.com@groups.io>> wrote:

https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_sequence
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2-docs.gitbook.io%2Fedk-ii-build-specification%2F2_design_discussion%2F23_boot_sequence&data=04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546224695833632%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BhCNrQ503bWtQDO%2FwqvHLd5lJeMm2erXW3ToJy8VTJQ%3D&reserved=0>

On Apr 20, 2021, at 11:34 PM, Eric van Tassell <evantass@amd.com
<mailto:evantass@amd.com>> wrote:



On 4/20/21 5:54 PM, Tom Lendacky wrote:

From: Tom Lendacky <thomas.lendacky@amd.com
<mailto:thomas.lendacky@amd.com>>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3345&data=04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546224695843628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9qC2wXomC0SXSzCnl0NxPWbZBydPoe8447j4Sq8%2BaRo%3D&reserved=0>
The TPM support in OVMF performs MMIO accesses during the PEI phase. At

where are the phases defined and how many other are there?

this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES
guest will fail attempting to perform MMIO to an encrypted address.
Read the PcdTpmBaseAddress and mark the specification defined range
(0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process
the MMIO requests.
Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org
<mailto:ardb+tianocore@kernel.org>>
Cc: Jordan Justen <jordan.l.justen@intel.com
<mailto:jordan.l.justen@intel.com>>
Cc: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
Cc: James Bottomley <jejb@linux.ibm.com <mailto:jejb@linux.ibm.com>>
Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>
Cc: Min Xu <min.m.xu@intel.com <mailto:min.m.xu@intel.com>>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com
<mailto:thomas.lendacky@amd.com>>
---
 OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
 OvmfPkg/PlatformPei/AmdSev.c        | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
b/OvmfPkg/PlatformPei/PlatformPei.inf
index 6ef77ba7bb21..de60332e9390 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -113,6 +113,7 @@ [Pcd]
   [FixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index dddffdebda4b..d524929f9e10 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -141,6 +141,7 @@ AmdSevInitialize (
   )
 {
   UINT64                            EncryptionMask;
+  UINT64                            TpmBaseAddress;
   RETURN_STATUS                     PcdStatus;
     //
@@ -206,6 +207,24 @@ AmdSevInitialize (
     }
   }
 +  //
+  // PEI TPM support will perform MMIO accesses, be sure this range
is not
+  // marked encrypted.
+  //
+  TpmBaseAddress = PcdGet64 (PcdTpmBaseAddress);
+  if (TpmBaseAddress != 0) {
+    RETURN_STATUS  DecryptStatus;
+
+    DecryptStatus = MemEncryptSevClearPageEncMask (
+                      0,
+                      TpmBaseAddress,
+                      EFI_SIZE_TO_PAGES (0x5000),
+                      FALSE
+                      );
+
+    ASSERT_RETURN_ERROR (DecryptStatus);
+  }
+
   //
   // Check and perform SEV-ES initialization if required.
   //