From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from rn-mailsvcp-ppex-lapp15.apple.com (rn-mailsvcp-ppex-lapp15.apple.com [17.179.253.34]) by mx.groups.io with SMTP id smtpd.web11.4252.1619043871443369079 for ; Wed, 21 Apr 2021 15:24:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@apple.com header.s=20180706 header.b=bRehPEq/; spf=pass (domain: apple.com, ip: 17.179.253.34, mailfrom: afish@apple.com) Received: from pps.filterd (rn-mailsvcp-ppex-lapp15.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp15.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 13LMNCJm015102; Wed, 21 Apr 2021 15:24:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=NXoFH0LHy344GW8VOaOsWmz2SEfhL7dF1U0D30U4iZg=; b=bRehPEq/n5JKqLOhouQ7962Avz2n+hlAjJ2KCz+M74fB23IEq+LT7Jc3dmFe/79yXw7o Bv7Iig8b68mMy7doBJmEpHpPX6q3EygvWg2kLBPlxZOyCoou/jycqeT8NBJvB8ajWtaN 3Vh0pDJbpA7GNNKfU8FneT2P9t4phWqp5xcD6MBCHTrIRlDsh5ZEJwszF3uTbfknf4OT w7yxYBc5eZI2Ki2lUwVnjhRrHeu5koczj8WUY2D2LBxPblbdCg9MgCdWFyyXgfHgGs2h 7RFEsDDagu4XL+7K15mpI2lHSjYd6z1y4h9KE5rCIfe/yhbPxRKegkr7XwbgsLJjldCm Bg== Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by rn-mailsvcp-ppex-lapp15.rno.apple.com with ESMTP id 37yyj73gye-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 21 Apr 2021 15:24:24 -0700 Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QRX00O1JQ8OPFH0@rn-mailsvcp-mta-lapp01.rno.apple.com>; Wed, 21 Apr 2021 15:24:24 -0700 (PDT) Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QRX00H00PZNFI00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Wed, 21 Apr 2021 15:24:24 -0700 (PDT) X-Va-A: X-Va-T-CD: 317f26bf0275bffe3f0cef8f7f7fdd72 X-Va-E-CD: ca2682b6c31e4ae53e5ae8b165e051bf X-Va-R-CD: 606f8fa8b8fc7e222f9029ddd8d8be7f X-Va-CD: 0 X-Va-ID: b7aee284-a9a0-43e6-86fb-f54f336af49f X-V-A: X-V-T-CD: 317f26bf0275bffe3f0cef8f7f7fdd72 X-V-E-CD: ca2682b6c31e4ae53e5ae8b165e051bf X-V-R-CD: 606f8fa8b8fc7e222f9029ddd8d8be7f X-V-CD: 0 X-V-ID: f4f88e38-b3e7-420b-b217-3a25b42d1d6e X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-04-21_06:2021-04-21,2021-04-21 signatures=0 Received: from [17.235.26.13] (unknown [17.235.26.13]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QRX007IMQ8IRK00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Wed, 21 Apr 2021 15:24:23 -0700 (PDT) From: "Andrew Fish" Message-id: MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.1\)) Subject: Re: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV Date: Wed, 21 Apr 2021 15:24:18 -0700 In-reply-to: Cc: evantass@amd.com, Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu To: edk2-devel-groups-io , Tom Lendacky References: <831dc0af-e5b8-ead1-6ef7-f94aff8df0b5@amd.com> <1677E4DA25FD7265.31957@groups.io> X-Mailer: Apple Mail (2.3654.20.0.2.1) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-04-21_06:2021-04-21,2021-04-21 signatures=0 Content-type: multipart/alternative; boundary="Apple-Mail=_2839F16E-23A0-43AB-9081-1A8F589F0D0A" --Apple-Mail=_2839F16E-23A0-43AB-9081-1A8F589F0D0A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Sorry Tom! It was hard to follow the mangled threading on my iPhone, especially befor= e my 1st cup of coffee! Thanks, Andrew Fish=20 > On Apr 21, 2021, at 10:45 AM, Lendacky, Thomas = wrote: >=20 > On 4/21/21 12:20 PM, Andrew Fish wrote: >> Tom, >=20 > I think you meant this for Eric, who orignally asked the question. >=20 > Thanks, > Tom >=20 >>=20 >> The phases are defined by the UEFI Platform Initialization Specificatio= n >> [1] (PI Spec). Basically the UEFI Specification defines how to write EF= I >> OS Loaders and Option ROMs and EFI is just defined in the context of ho= w >> EFI services are passed into applications or drivers. The UEFI Platform >> Initialization Specification is how to write modular bits of the firmwa= re >> that interoperate. So all PI systems produce UEFI, but not all UEFI >> systems are built out of PI. There are also some schemes that use the >> early parts of PI, but not all of it but this is confusing enough witho= ut >> talking about that.=20 >>=20 >> [1] https://uefi.org/specifications >> > >>=20 >> Thanks, >>=20 >> Andrew Fish >>=20 >>=20 >>> On Apr 21, 2021, at 7:09 AM, Andrew Fish via groups.io >>> > >>> >> wrot= e: >>>=20 >>> https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discu= ssion/23_boot_sequence >>> > >>>=20 >>>=20 >>>> On Apr 20, 2021, at 11:34 PM, Eric van Tassell >>>> >> wrote: >>>>=20 >>>> =EF=BB=BF >>>>=20 >>>> On 4/20/21 5:54 PM, Tom Lendacky wrote: >>>>> From: Tom Lendacky >>>>> >> >>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 >>>>> > >>>>> The TPM support in OVMF performs MMIO accesses during the PEI phase.= At >>>>=20 >>>> where are the phases defined and how many other are there? >>>>=20 >>>>> this point, MMIO ranges have not been marked un-encyrpted, so an SEV= -ES >>>>> guest will fail attempting to perform MMIO to an encrypted address. >>>>> Read the PcdTpmBaseAddress and mark the specification defined range >>>>> (0x5000 in length) as un-encrypted, to allow an SEV-ES guest to proc= ess >>>>> the MMIO requests. >>>>> Cc: Laszlo Ersek >> >>>>> Cc: Ard Biesheuvel >>>>> = >> >>>>> Cc: Jordan Justen >>>>> = >> >>>>> Cc: Brijesh Singh >> >>>>> Cc: James Bottomley = >> >>>>> Cc: Jiewen Yao <= mailto:jiewen.yao@intel.com >> >>>>> Cc: Min Xu >> >>>>> Signed-off-by: Tom Lendacky >>>>> >> >>>>> --- >>>>> OvmfPkg/PlatformPei/PlatformPei.inf | 1 + >>>>> OvmfPkg/PlatformPei/AmdSev.c | 19 +++++++++++++++++++ >>>>> 2 files changed, 20 insertions(+) >>>>> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf >>>>> b/OvmfPkg/PlatformPei/PlatformPei.inf >>>>> index 6ef77ba7bb21..de60332e9390 100644 >>>>> --- a/OvmfPkg/PlatformPei/PlatformPei.inf >>>>> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf >>>>> @@ -113,6 +113,7 @@ [Pcd] >>>>> [FixedPcd] >>>>> gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress >>>>> + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress >>>>> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS >>>>> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory >>>>> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType >>>>> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdS= ev.c >>>>> index dddffdebda4b..d524929f9e10 100644 >>>>> --- a/OvmfPkg/PlatformPei/AmdSev.c >>>>> +++ b/OvmfPkg/PlatformPei/AmdSev.c >>>>> @@ -141,6 +141,7 @@ AmdSevInitialize ( >>>>> ) >>>>> { >>>>> UINT64 EncryptionMask; >>>>> + UINT64 TpmBaseAddress; >>>>> RETURN_STATUS PcdStatus; >>>>> // >>>>> @@ -206,6 +207,24 @@ AmdSevInitialize ( >>>>> } >>>>> } >>>>> + // >>>>> + // PEI TPM support will perform MMIO accesses, be sure this range >>>>> is not >>>>> + // marked encrypted. >>>>> + // >>>>> + TpmBaseAddress =3D PcdGet64 (PcdTpmBaseAddress); >>>>> + if (TpmBaseAddress !=3D 0) { >>>>> + RETURN_STATUS DecryptStatus; >>>>> + >>>>> + DecryptStatus =3D MemEncryptSevClearPageEncMask ( >>>>> + 0, >>>>> + TpmBaseAddress, >>>>> + EFI_SIZE_TO_PAGES (0x5000), >>>>> + FALSE >>>>> + ); >>>>> + >>>>> + ASSERT_RETURN_ERROR (DecryptStatus); >>>>> + } >>>>> + >>>>> // >>>>> // Check and perform SEV-ES initialization if required. >>>>> // >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>=20 >>=20 >=20 >=20 >=20 --Apple-Mail=_2839F16E-23A0-43AB-9081-1A8F589F0D0A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Sorry Tom!

It was hard to follow the mangled thr= eading on my iPhone, especially before my 1st cup of coffee!

Thanks,
Andrew Fish 
On Apr 21,= 2021, at 10:45 AM, Lendacky, Thomas <thomas.lendacky@amd.com> wrote:

On 4/21/21 12:20 PM, Andrew Fish wrote:
Tom,

I think you meant this for = Eric, who orignally asked the question.

Thanks,
Tom

<= br class=3D"">The phases are defined by the UEFI Platform Initialization Sp= ecification
[1] (PI Spec). Basically the UEFI Specification d= efines how to write EFI
OS Loaders and Option ROMs and EFI is= just defined in the context of how
EFI services are passed i= nto applications or drivers. The UEFI Platform
Initialization= Specification is how to write modular bits of the firmware
t= hat interoperate. So all PI systems produce UEFI, but not all UEFI
systems are built out of PI. There are also some schemes that use th= e
early parts of PI, but not all of it but this is confusing = enough without
talking about that. 

[1] ht= tps://uefi.org/specifications
<https://nam11.safelinks.protection.o= utlook.com/?url=3Dhttps%3A%2F%2Fuefi.org%2Fspecifications&data=3D04%7C0= 1%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da40%7C3dd8961f= e4884e608e11a82d994e183d%7C0%7C0%7C637546224695823638%7CUnknown%7CTWFpbGZsb= 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C100= 0&sdata=3DzItDTPHlE2ff245VNo1pf6EmpmWk9Huz5HLLCTFQqA0%3D&reserved= =3D0>

Thanks,

Andrew Fish


On Apr 21, 2021, at 7:09 AM, Andrew Fish via groups.io
<https://nam11.safelinks.protection.outlook.com/?url=3Dhtt= p%3A%2F%2Fgroups.io%2F&data=3D04%7C01%7Cthomas.lendacky%40amd.com%7C76e= da3b94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C= 637546224695833632%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu= MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3DfdsetjCVemD2frKffZYzJ= cWrhGHsIu%2BtnYQDvHnf5RE%3D&reserved=3D0>
<afish=3Dapple.com@gro= ups.io <mailto:afish=3Dapple.com@gr= oups.io>> wrote:

https://edk2-docs.gitbook.io/edk-ii-build-specificati= on/2_design_discussion/23_boot_sequence
<https://nam11.safelinks.protection= .outlook.com/?url=3Dhttps%3A%2F%2Fedk2-docs.gitbook.io%2Fedk-ii-build-speci= fication%2F2_design_discussion%2F23_boot_sequence&data=3D04%7C01%7Cthom= as.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e60= 8e11a82d994e183d%7C0%7C0%7C637546224695833632%7CUnknown%7CTWFpbGZsb3d8eyJWI= joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sd= ata=3DBhCNrQ503bWtQDO%2FwqvHLd5lJeMm2erXW3ToJy8VTJQ%3D&reserved=3D0= >


On Apr 20, 2021, at 11:34 PM, Eric van Tassell <evantass@amd.com
<mailto:evantass@amd.com>= ;> wrote:

=EF=BB=BF

On 4/20/21 5:54 PM, Tom Lendacky wrote:
From: Tom Lendacky <thomas.lendacky@amd.com
<mailto:thomas.lendacky@am= d.com>>
BZ:&n= bsp;https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345
<https://nam11.safelinks.protection.outlook.com/?= url=3Dhttps%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3345&d= ata=3D04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da4= 0%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546224695843628%7CUnknown= %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6= Mn0%3D%7C1000&sdata=3D9qC2wXomC0SXSzCnl0NxPWbZBydPoe8447j4Sq8%2BaRo%3D&= amp;reserved=3D0>
The TPM support in OVMF performs MMI= O accesses during the PEI phase. At

where are the phases defined and how many other are there?

this point, MMIO range= s have not been marked un-encyrpted, so an SEV-ES
guest will = fail attempting to perform MMIO to an encrypted address.
Read= the PcdTpmBaseAddress and mark the specification defined range
(0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process<= br class=3D"">the MMIO requests.
Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
Cc: Ar= d Biesheuvel <ar= db+tianocore@kernel.org
<mailto:ardb+tianocore@kernel.org>>
Cc: Jordan Justen <jordan.l.justen@intel.com
<mailto:jordan.l.justen@intel.com= >>
Cc: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
Cc: James Bo= ttomley <jejb@linux.ibm= .com <mailto:jejb@linux.ibm.com>><= br class=3D"">Cc: Jiewen Yao <jiewen.yao@intel.com&nbs= p;<mailto:jiew= en.yao@intel.com>>
Cc: Min Xu <min.m.xu@intel.com <mailto:min.m.xu@intel.com>>
Signed-off-by: = Tom Lendacky <thom= as.lendacky@amd.com
<mailto:thomas.lendacky@amd.com>>
---
 OvmfPkg/PlatformPei/PlatformPei.inf |  1 +<= br class=3D""> OvmfPkg/PlatformPei/AmdSev.c     &n= bsp;  | 19 +++++++++++++++++++
 2 files change= d, 20 insertions(+)
diff --git a/OvmfPkg/PlatformPei/Platform= Pei.inf
b/OvmfPkg/PlatformPei/PlatformPei.inf
i= ndex 6ef77ba7bb21..de60332e9390 100644
--- a/OvmfPkg/Platform= Pei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf=
@@ -113,6 +113,7 @@ [Pcd]
   [F= ixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExp= ressBaseAddress
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmB= aseAddress
   gEmbeddedTokenSpaceGuid.PcdMemor= yTypeEfiACPIMemoryNVS
   gEmbeddedTokenSpaceGu= id.PcdMemoryTypeEfiACPIReclaimMemory
   gEmbed= dedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType
diff --g= it a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index dddffdebda4b..d524929f9e10 100644
--- a/OvmfPkg/= PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -141,6 +141,7 @@ AmdSevInitialize (
  &= nbsp;)
 {
   UINT64  &= nbsp;           &nbs= p;            &= nbsp;EncryptionMask;
+  UINT64     &= nbsp;           &nbs= p;          TpmBaseAddres= s;
   RETURN_STATUS     &n= bsp;            = ;   PcdStatus;
     /= /
@@ -206,6 +207,24 @@ AmdSevInitialize (
 = ;    }
   }
=  +  //
+  // PEI TPM support will perform MMIO= accesses, be sure this range
is not
+  //= marked encrypted.
+  //
+  TpmBaseAd= dress =3D PcdGet64 (PcdTpmBaseAddress);
+  if (TpmBaseAd= dress !=3D 0) {
+    RETURN_STATUS  Decry= ptStatus;
+
+    DecryptStatus = =3D MemEncryptSevClearPageEncMask (
+    &nbs= p;            &= nbsp;    0,
+     &nb= sp;            =     TpmBaseAddress,
+    &= nbsp;           &nbs= p;     EFI_SIZE_TO_PAGES (0x5000),
+=             &n= bsp;        FALSE
+ &= nbsp;           &nbs= p;        );
+
+    ASSERT_RETURN_ERROR (DecryptStatus);
+  }
+
   //
   // Check and perform SEV-ES initialization if requ= ired.
   //










--Apple-Mail=_2839F16E-23A0-43AB-9081-1A8F589F0D0A--