From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-x242.google.com (mail-qk0-x242.google.com [IPv6:2607:f8b0:400d:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8D2238036C for ; Wed, 8 Mar 2017 10:42:16 -0800 (PST) Received: by mail-qk0-x242.google.com with SMTP id n141so13605212qke.3 for ; Wed, 08 Mar 2017 10:42:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=p3Trpci8LdPiciPk/XK9Y4ry7SilHWT2kLnG8lxIJ+E=; b=Zudt/ST+d3iMmhg+qux0QkpDTfytEhQQRAAjlarpX4+qQnsv/Z08ZoZcc7thY3/Yoc NtFWFCbSdIN/bPvci9RxVWfvGcxEHh80jIssvXeoSLAcPsIsOFkzjsQvgyiea+R2A3uh qIMEEtKHuEFTZ6PUPIyS9O9yQMWm5Ty6To+GxKWmMMv5HQAcpDrfR0mASHLt7Xs24Vew sWfyIcWb5Z10bNJEqYL1kb7r9SQ1J3/61oKmnDBGvDUlYOgA8xB9q3hB12nibpZZ7XqK FWwY8J1OUeHw9SgfetF96LteCZxwxiSPnw7uwnzbTmYF1gxhj+uKFu6q16r3pPgkLWcU N9aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=p3Trpci8LdPiciPk/XK9Y4ry7SilHWT2kLnG8lxIJ+E=; b=rlWQNMjMGGNIFsYkgeQ/8kMsYSClMc+cz19coQMy4zb8OUGn9lRc7XDSUM8gI4Z8yi SVugUtDa0N45ALHTyX021URI4HOcQ9X3Mri7vi/yeDSY2GyxgWZ3hQ2l44Yq2euCc1LE zKaGEAPS0tdtpWJkvzzonKI3vra+Gyf6dQcAoPKkgBUc19KfMh2GwkkuHPmD2Gxw8gdD gpIWoCPRZJMJuc2fAnpxmcZMB9DOeWeZlJ/Q2oi/L9oPqmElVNnFeJ82fcmzC8/ue28G xIsBl/VoLiznKtJSve4jBa3Ra1imPplUllvgZ079ELIklko8jtuBMukKDcSh0HOYCdGe c9kQ== X-Gm-Message-State: AFeK/H1qKj9muqTk/OskzIKfSxGURS0ilaBkiMSOOwQ07F0yXQ6F/rsdguPZ7buxIoFaMdSnXXEKLaIogrQlnw== X-Received: by 10.55.47.69 with SMTP id v66mr8901339qkh.222.1488998535599; Wed, 08 Mar 2017 10:42:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.182.65 with HTTP; Wed, 8 Mar 2017 10:42:15 -0800 (PST) In-Reply-To: <148899829524.16179.6226467722763003659@jljusten-skl> References: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine> <148884285589.29188.3336162059588227554.stgit@brijesh-build-machine> <148899829524.16179.6226467722763003659@jljusten-skl> From: Brijesh Singh Date: Wed, 8 Mar 2017 12:42:15 -0600 Message-ID: To: Jordan Justen Cc: edk2-devel@lists.01.org, Laszlo Ersek , Tom Lendacky , Leo Duran , brijesh.singh@amd.com X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [RFC PATCH v1 1/5] OvmfPkg/ResetVector: Set memory encryption when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2017 18:42:16 -0000 Content-Type: text/plain; charset=UTF-8 On Wed, Mar 8, 2017 at 12:38 PM, Jordan Justen wrote: > On 2017-03-06 15:27:35, Brijesh Singh wrote: > > SEV guest VMs have the concept of private and shared memory. Private > > memory is encrypted with the guest-specific key, while shared memory > > may be encrypted with hypervisor key. The C-bit (encryption attribute) > > in PTE indicates whether the page is private or shared. > > > > If SEV is active, set the memory encryption attribute while building > > the page table. > > > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Brijesh Singh > > --- > > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 52 > +++++++++++++++++++++++++++++ > > 1 file changed, 52 insertions(+) > > > > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > > index 6201cad..eaf9732 100644 > > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > > @@ -26,6 +26,7 @@ BITS 32 > > %define PAGE_GLOBAL 0x0100 > > %define PAGE_2M_MBO 0x080 > > %define PAGE_2M_PAT 0x01000 > > +%define KVM_FEATURE_SEV 0x08 > > > > %define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \ > > PAGE_ACCESSED + \ > > @@ -37,6 +38,33 @@ BITS 32 > > PAGE_READ_WRITE + \ > > PAGE_PRESENT) > > > > +; Check if Secure Encrypted Virtualization (SEV) feature > > +; is enabled in KVM > > +; > > +; If SEV is enabled, then EAX will contain Memory encryption bit > position > > +; > > +CheckKVMSEVFeature: > > Code style would be CheckKvmSevFeature. > > Thanks Jordan, I will fix the coding style in next rev > > + ; Check for SEV feature > > + ; CPUID KVM_FEATURE - Bit 8 > > + mov eax, 0x40000001 > > + cpuid > > + bt eax, KVM_FEATURE_SEV > > + jnc NoSev > > + > > + ; Get memory encryption information > > + ; CPUID Fn8000_001F[EBX] - Bits 5:0 > > + ; > > + mov eax, 0x8000001f > > + cpuid > > + mov eax, ebx > > + and eax, 0x3f > > + jmp SevExit > > + > > +NoSev: > > + xor eax, eax > > + > > +SevExit: > > + OneTimeCallRet CheckKVMSEVFeature > > > > ; > > ; Modified: EAX, ECX > > @@ -60,18 +88,41 @@ clearPageTablesMemoryLoop: > > mov dword[ecx * 4 + PT_ADDR (0) - 4], eax > > loop clearPageTablesMemoryLoop > > > > + ; Check if it SEV-enabled Guest > > + ; > > + OneTimeCall CheckKVMSEVFeature > > + xor edx, edx > > + test eax, eax > > + jz SevNotActive > > + > > + ; If SEV is enabled, Memory encryption bit is always above 31 > > + mov ebx, 32 > > + sub ebx, eax > > + bts edx, eax > > + > > +SevNotActive: > > + > > + ; > > ; > > ; Top level Page Directory Pointers (1 * 512GB entry) > > ; > > + ; edx contain the memory encryption bit mask, must be applied > > + ; to upper 31 bit on 64-bit address > > + ; > > mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR > > + mov dword[PT_ADDR (4)], edx > > > > ; > > ; Next level Page Directory Pointers (4 * 1GB entries => 4GB) > > ; > > mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR > > + mov dword[PT_ADDR (0x1004)], edx > > mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR > > + mov dword[PT_ADDR (0x100C)], edx > > mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR > > + mov dword[PT_ADDR (0x1004)], edx > > mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR > > + mov dword[PT_ADDR (0x100C)], edx > > > > ; > > ; Page Table Entries (2048 * 2MB entries => 4GB) > > @@ -83,6 +134,7 @@ pageTableEntriesLoop: > > shl eax, 21 > > add eax, PAGE_2M_PDE_ATTR > > mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax > > + mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx > > loop pageTableEntriesLoop > > > > ; > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel > -- Confusion is always the most honest response.