public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Brijesh Singh <brijesh.ksingh@gmail.com>
To: Jordan Justen <jordan.l.justen@intel.com>
Cc: edk2-devel@lists.01.org, Laszlo Ersek <lersek@redhat.com>,
	 Tom Lendacky <Thomas.Lendacky@amd.com>,
	Leo Duran <leo.duran@amd.com>,
	brijesh.singh@amd.com
Subject: Re: [RFC PATCH v1 1/5] OvmfPkg/ResetVector: Set memory encryption when SEV is active
Date: Wed, 8 Mar 2017 12:42:15 -0600	[thread overview]
Message-ID: <CA+HCGMY_AgPFbhyE082jgDtG-P4J3LBW4UuebaiGLn+ukmuhhQ@mail.gmail.com> (raw)
In-Reply-To: <148899829524.16179.6226467722763003659@jljusten-skl>

On Wed, Mar 8, 2017 at 12:38 PM, Jordan Justen <jordan.l.justen@intel.com>
wrote:

> On 2017-03-06 15:27:35, Brijesh Singh wrote:
> > SEV guest VMs have the concept of private and shared memory. Private
> > memory is encrypted with the guest-specific key, while shared memory
> > may be encrypted with hypervisor key. The C-bit (encryption attribute)
> > in PTE indicates whether the page is private or shared.
> >
> > If SEV is active, set the memory encryption attribute while building
> > the page table.
> >
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> > ---
> >  OvmfPkg/ResetVector/Ia32/PageTables64.asm |   52
> +++++++++++++++++++++++++++++
> >  1 file changed, 52 insertions(+)
> >
> > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> > index 6201cad..eaf9732 100644
> > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> > @@ -26,6 +26,7 @@ BITS    32
> >  %define PAGE_GLOBAL           0x0100
> >  %define PAGE_2M_MBO            0x080
> >  %define PAGE_2M_PAT          0x01000
> > +%define KVM_FEATURE_SEV         0x08
> >
> >  %define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \
> >                            PAGE_ACCESSED + \
> > @@ -37,6 +38,33 @@ BITS    32
> >                         PAGE_READ_WRITE + \
> >                         PAGE_PRESENT)
> >
> > +; Check if Secure Encrypted Virtualization (SEV) feature
> > +; is enabled in KVM
> > +;
> > +;  If SEV is enabled, then EAX will contain Memory encryption bit
> position
> > +;
> > +CheckKVMSEVFeature:
>
> Code style would be CheckKvmSevFeature.
>
>

Thanks Jordan, I will fix the coding style in next rev




> > +    ; Check for SEV feature
> > +    ;  CPUID KVM_FEATURE - Bit 8
> > +    mov       eax, 0x40000001
> > +    cpuid
> > +    bt        eax, KVM_FEATURE_SEV
> > +    jnc       NoSev
> > +
> > +    ; Get memory encryption information
> > +    ; CPUID Fn8000_001F[EBX] - Bits 5:0
> > +    ;
> > +    mov       eax,  0x8000001f
> > +    cpuid
> > +    mov       eax, ebx
> > +    and       eax, 0x3f
> > +    jmp       SevExit
> > +
> > +NoSev:
> > +    xor       eax, eax
> > +
> > +SevExit:
> > +    OneTimeCallRet CheckKVMSEVFeature
> >
> >  ;
> >  ; Modified:  EAX, ECX
> > @@ -60,18 +88,41 @@ clearPageTablesMemoryLoop:
> >      mov     dword[ecx * 4 + PT_ADDR (0) - 4], eax
> >      loop    clearPageTablesMemoryLoop
> >
> > +    ; Check if it SEV-enabled Guest
> > +    ;
> > +    OneTimeCall   CheckKVMSEVFeature
> > +    xor     edx, edx
> > +    test    eax, eax
> > +    jz      SevNotActive
> > +
> > +    ; If SEV is enabled, Memory encryption bit is always above 31
> > +    mov     ebx, 32
> > +    sub     ebx, eax
> > +    bts     edx, eax
> > +
> > +SevNotActive:
> > +
> > +    ;
> >      ;
> >      ; Top level Page Directory Pointers (1 * 512GB entry)
> >      ;
> > +    ; edx contain the memory encryption bit mask, must be applied
> > +    ; to upper 31 bit on 64-bit address
> > +    ;
> >      mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR
> > +    mov     dword[PT_ADDR (4)], edx
> >
> >      ;
> >      ; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
> >      ;
> >      mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR
> > +    mov     dword[PT_ADDR (0x1004)], edx
> >      mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR
> > +    mov     dword[PT_ADDR (0x100C)], edx
> >      mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR
> > +    mov     dword[PT_ADDR (0x1004)], edx
> >      mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR
> > +    mov     dword[PT_ADDR (0x100C)], edx
> >
> >      ;
> >      ; Page Table Entries (2048 * 2MB entries => 4GB)
> > @@ -83,6 +134,7 @@ pageTableEntriesLoop:
> >      shl     eax, 21
> >      add     eax, PAGE_2M_PDE_ATTR
> >      mov     [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
> > +    mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
> >      loop    pageTableEntriesLoop
> >
> >      ;
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel
>



-- 
Confusion is always the most honest response.


  reply	other threads:[~2017-03-08 18:42 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-06 23:27 [RFC PATCH v1 0/5] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-03-06 23:27 ` [RFC PATCH v1 1/5] OvmfPkg/ResetVector: Set memory encryption when SEV is active Brijesh Singh
     [not found]   ` <3ec1cf2d-952d-97fa-108d-a6c70e613277@amd.com>
2017-03-07 16:34     ` Brijesh Singh
2017-03-07 16:35     ` Laszlo Ersek
2017-03-08 18:38   ` Jordan Justen
2017-03-08 18:42     ` Brijesh Singh [this message]
2017-03-06 23:27 ` [RFC PATCH v1 2/5] OvmfPkg/MemcryptSevLib: Add SEV helper library Brijesh Singh
2017-03-07 17:06   ` Laszlo Ersek
2017-03-07 19:14     ` Brijesh Singh
2017-03-07 22:08       ` Laszlo Ersek
2017-03-07 22:36         ` Brijesh Singh
2017-03-08  8:40           ` Laszlo Ersek
2017-03-17  2:02             ` Brijesh Singh
2017-03-17 10:29               ` Laszlo Ersek
2017-03-17 14:08                 ` Brijesh Singh
2017-03-08 14:56         ` Duran, Leo
2017-03-08 15:19           ` Laszlo Ersek
2017-03-06 23:27 ` [RFC PATCH v1 3/5] OvmfPkg/PlatformPei: Initialize SEV support Brijesh Singh
2017-03-07 17:08   ` Laszlo Ersek
2017-03-07 19:17     ` Brijesh Singh
2017-03-06 23:27 ` [RFC PATCH v1 4/5] OvmfPkg/BaseIoLibIntrinsic: import BaseIoLibIntrinsic package Brijesh Singh
2017-03-07 17:20   ` Laszlo Ersek
2017-03-07 20:06     ` Jordan Justen
2017-03-07 22:18       ` Laszlo Ersek
2017-03-08 15:41       ` Gao, Liming
2017-03-08 16:26         ` Brijesh Singh
2017-03-09  1:43           ` Gao, Liming
2017-03-08 18:58         ` Jordan Justen
2017-03-09  1:48           ` Gao, Liming
2017-03-09 15:36             ` Duran, Leo
2017-03-09 16:36               ` Laszlo Ersek
2017-03-06 23:28 ` [RFC PATCH v1 5/5] OvmfPkg/BaseIoLibIntrinsic: Unroll String I/O when SEV is active Brijesh Singh
     [not found]   ` <5a66f334-27e1-3b49-150e-c01209ecb2f6@amd.com>
2017-03-07 18:43     ` Brijesh Singh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+HCGMY_AgPFbhyE082jgDtG-P4J3LBW4UuebaiGLn+ukmuhhQ@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox