From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.5867.1653028594018190118
 for <devel@edk2.groups.io>;
 Thu, 19 May 2022 23:36:34 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ah569wVo;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 41DC561DB2
	for <devel@edk2.groups.io>; Fri, 20 May 2022 06:36:33 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 16E05C36AE3
	for <devel@edk2.groups.io>; Fri, 20 May 2022 06:36:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1653028592;
	bh=ee0LVzQRuj2a/AsgZ5d8KLAY4mgc4fvXiOBo3yVbEOQ=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=ah569wVoQsZpZdPUkVmjhtCEldVY/5O1D0MPaH8ukKf8hbLTRLKrlQ+xm+0RMja2c
	 DLgVFtgqX7XeiMGhKVvFXJjrAlVFxY0AL5Rt5UPTUxKnwcUKzQ0X3XB0bTmf5ep8zD
	 Mkjh4mNZ590RINRVENmn9d9fSUkqz5ynYdnXa1GpDlSgG1F/RKZMZhlxJhcTRbDQE8
	 aSUqpB29nxAxSHYqqjMOm7e5tZuNViMBMojnOw94lOn/GFwx6Wh7YfclGnp1taLBgN
	 RhY2ojmmDmYGFIVkXybGDwElfd+Vi18ErO1polTCrvcJ2sx0J8g1HHimBoEaKuDmpY
	 ohCPASF9ERBqQ==
Received: by mail-ot1-f45.google.com with SMTP id m6-20020a05683023a600b0060612720715so4954225ots.10
        for <devel@edk2.groups.io>; Thu, 19 May 2022 23:36:32 -0700 (PDT)
X-Gm-Message-State: AOAM532clrQtWYLaIfcD6k2TUl2fQYbytQNNgEJ8o6vCgq5W7oSgRRXA
	+YJsMoPJdTOcp09g1koSca4doA20eH5aSuf5hr8=
X-Google-Smtp-Source: ABdhPJwsNDDpUdagi4Jl3i9/4bzwPkUA870ILimsLGNUXMuUtXPaWhRYj37MgHvXu7X1bCMJ0DskjIvuGXtaXuqWc9g=
X-Received: by 2002:a05:6830:9c2:b0:606:1e0a:cc8d with SMTP id
 y2-20020a05683009c200b006061e0acc8dmr3306394ott.265.1653028591150; Thu, 19
 May 2022 23:36:31 -0700 (PDT)
MIME-Version: 1.0
References: <16EFAF988BEBA4A6.18257@groups.io> <cb419378-b8f4-a3f6-e9fd-607d675a2d86@amd.com>
 <CAMj1kXESwrhiHvejt+jt9AYQ8Us_3yfnrR_-V4RkYOecthaOag@mail.gmail.com>
 <14338646-5653-c3d2-8bf4-62b77f46c2d4@amd.com> <000501d86beb$0f9a0bb0$2ece2310$@byosoft.com.cn>
In-Reply-To: <000501d86beb$0f9a0bb0$2ece2310$@byosoft.com.cn>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Fri, 20 May 2022 08:36:19 +0200
X-Gmail-Original-Message-ID: <CAMj1kXFtbPbLNUEyJH6NKSDeqTBA1+mkD5RayN5v4M7K5AQjUg@mail.gmail.com>
Message-ID: <CAMj1kXFtbPbLNUEyJH6NKSDeqTBA1+mkD5RayN5v4M7K5AQjUg@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Make an Ia32/X64 hybrid build work with SEV
To: edk2-devel-groups-io <devel@edk2.groups.io>, 
	"Liming Gao (Byosoft address)" <gaoliming@byosoft.com.cn>
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>, 
	Jiewen Yao <jiewen.yao@intel.com>, Jordan Justen <jordan.l.justen@intel.com>, 
	Gerd Hoffmann <kraxel@redhat.com>, Erdem Aktas <erdemaktas@google.com>, 
	James Bottomley <jejb@linux.ibm.com>, Michael Roth <michael.roth@amd.com>, Min Xu <min.m.xu@intel.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 20 May 2022 at 03:44, gaoliming <gaoliming@byosoft.com.cn> wrote:
>
> Tom:
>   This patch fixes the regression issue. So, I am OK to merge it for this=
 stable tag.
>

Merged as #2910

Thanks all,


> > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6-----
> > =E5=8F=91=E4=BB=B6=E4=BA=BA: Tom Lendacky <thomas.lendacky@amd.com>
> > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B45=E6=9C=8820=E6=97=
=A5 6:02
> > =E6=94=B6=E4=BB=B6=E4=BA=BA: Ard Biesheuvel <ardb@kernel.org>; Liming G=
ao
> > <gaoliming@byosoft.com.cn>
> > =E6=8A=84=E9=80=81: edk2-devel-groups-io <devel@edk2.groups.io>; Ard Bi=
esheuvel
> > <ardb+tianocore@kernel.org>; Jiewen Yao <jiewen.yao@intel.com>; Jordan
> > Justen <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>;
> > Erdem Aktas <erdemaktas@google.com>; James Bottomley
> > <jejb@linux.ibm.com>; Michael Roth <michael.roth@amd.com>; Min Xu
> > <min.m.xu@intel.com>
> > =E4=B8=BB=E9=A2=98: Re: [edk2-devel] [PATCH] OvmfPkg: Make an Ia32/X64 =
hybrid build
> > work with SEV
> >
> > Explicitly adding Liming to the To: line for visibility.
> >
> > Thanks,
> > Tom
> >
> > On 5/17/22 11:29, Ard Biesheuvel wrote:
> > > On Tue, 17 May 2022 at 18:26, Tom Lendacky <thomas.lendacky@amd.com>
> > wrote:
> > >>
> > >> On 5/16/22 15:24, Lendacky, Thomas via groups.io wrote:
> > >>> The BaseMemEncryptSevLib functionality was updated to rely on the u=
se
> > of
> > >>> the OVMF/SEV workarea to check for SEV guests. However, this area i=
s
> > only
> > >>> updated when running the X64 OVMF build, not the hybrid Ia32/X64
> > build.
> > >>> Base SEV support is allowed under the Ia32/X64 build, but it now fa=
ils
> > >>> to boot as a result of the change.
> > >>>
> > >>> Update the ResetVector code to check for SEV features when built fo=
r
> > >>> 32-bit mode, not just 64-bit mode (requiring updates to both the Ia=
32
> > >>> and Ia32X64 fdf files).
> > >>
> > >> So this is a regression and it would be great if it could be applied=
 to
> > >> the 202205 release. Can folks take a look and make sure it looks saf=
e to
> > >> them for applying during hard feature freeze?
> > >>
> > >> If it's ok to be applied now, is there a particular process for appl=
ying
> > >> this during hard freeze?
> > >>
> > >
> > > For the change itself:
> > >
> > > Acked-by: Ard Biesheuvel <ardb@kernel.org>
> > >
> > > and I am fine with taking this during hard freeze, but I'll defer to
> > > Liming to make the final call.
> > >
> > >
> > >
> > >>
> > >>>
> > >>> Fixes: f1d1c337e7c0575da7fd248b2dd9cffc755940df
> > >>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > >>> Cc: Jiewen Yao <jiewen.yao@intel.com>
> > >>> Cc: Jordan Justen <jordan.l.justen@intel.com>
> > >>> Cc: Gerd Hoffmann <kraxel@redhat.com>
> > >>> Cc: Erdem Aktas <erdemaktas@google.com>
> > >>> Cc: James Bottomley <jejb@linux.ibm.com>
> > >>> Cc: Michael Roth <michael.roth@amd.com>
> > >>> Cc: Min Xu <min.m.xu@intel.com>
> > >>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> > >>> ---
> > >>>    OvmfPkg/OvmfPkgIa32.fdf               | 11 +++
> > >>>    OvmfPkg/OvmfPkgIa32X64.fdf            |  8 +++
> > >>>    OvmfPkg/OvmfPkgX64.fdf                |  3 +-
> > >>>    OvmfPkg/ResetVector/Ia32/AmdSev.asm   |  4 ++
> > >>>    OvmfPkg/ResetVector/Main.asm          |  6 ++
> > >>>    OvmfPkg/ResetVector/ResetVector.nasmb | 72 ++++++++++----------
> > >>>    6 files changed, 67 insertions(+), 37 deletions(-)
> > >>>
> > >>> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> > >>> index 3ab1755749d4..57d13b7130bc 100644
> > >>> --- a/OvmfPkg/OvmfPkgIa32.fdf
> > >>> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> > >>> @@ -76,6 +76,9 @@ [FD.MEMFD]
> > >>>    0x007000|0x001000
> > >>>
> > gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOv
> > mfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
> > >>>
> > >>> +0x008000|0x001000
> > >>>
> > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgToken
> > SpaceGuid.PcdOvmfWorkAreaSize
> > >>> +
> > >>>    0x010000|0x010000
> > >>>
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgT
> > okenSpaceGuid.PcdOvmfSecPeiTempRamSize
> > >>>
> > >>> @@ -87,6 +90,14 @@ [FD.MEMFD]
> > >>>
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgToken
> > SpaceGuid.PcdOvmfDxeMemFvSize
> > >>>    FV =3D DXEFV
> > >>>
> > >>>
> > +#############################################################
> > #############################
> > >>> +# Set the SEV-ES specific work area PCDs (used for all forms of SE=
V since
> > the
> > >>> +# the SEV STATUS MSR is now saved in the work area)
> > >>> +#
> > >>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D
> > $(MEMFD_BASE_ADDRESS) +
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase +
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea
> > der
> > >>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize -
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea
> > der
> > >>>
> > +#############################################################
> > #############################
> > >>> +
> > >>>
> > ##############################################################
> > ##################
> > >>>
> > >>>    [FV.SECFV]
> > >>> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf
> > b/OvmfPkg/OvmfPkgIa32X64.fdf
> > >>> index e1638fa6ea38..ccde366887a9 100644
> > >>> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> > >>> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> > >>> @@ -90,6 +90,14 @@ [FD.MEMFD]
> > >>>
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgToken
> > SpaceGuid.PcdOvmfDxeMemFvSize
> > >>>    FV =3D DXEFV
> > >>>
> > >>>
> > +#############################################################
> > #############################
> > >>> +# Set the SEV-ES specific work area PCDs (used for all forms of SE=
V since
> > the
> > >>> +# the SEV STATUS MSR is now saved in the work area)
> > >>> +#
> > >>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D
> > $(MEMFD_BASE_ADDRESS) +
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase +
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea
> > der
> > >>> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize -
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea
> > der
> > >>>
> > +#############################################################
> > #############################
> > >>> +
> > >>>
> > ##############################################################
> > ##################
> > >>>
> > >>>    [FV.SECFV]
> > >>> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> > >>> index aa9a83032d9b..438806fba8f1 100644
> > >>> --- a/OvmfPkg/OvmfPkgX64.fdf
> > >>> +++ b/OvmfPkg/OvmfPkgX64.fdf
> > >>> @@ -106,7 +106,8 @@ [FD.MEMFD]
> > >>>    FV =3D DXEFV
> > >>>
> > >>>
> > ##############################################################
> > ############################
> > >>> -# Set the SEV-ES specific work area PCDs
> > >>> +# Set the SEV-ES specific work area PCDs (used for all forms of SE=
V since
> > the
> > >>> +# the SEV STATUS MSR is now saved in the work area)
> > >>>    #
> > >>>    SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D
> > $(MEMFD_BASE_ADDRESS) +
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase +
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea
> > der
> > >>>    SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize -
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea
> > der
> > >>> diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> > b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> > >>> index 864d68385342..9350b0406833 100644
> > >>> --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> > >>> +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> > >>> @@ -150,6 +150,8 @@ BITS    32
> > >>>    SevEsUnexpectedRespTerminate:
> > >>>        TerminateVmgExit    TERM_UNEXPECTED_RESP_CODE
> > >>>
> > >>> +%ifdef ARCH_X64
> > >>> +
> > >>>    ; If SEV-ES is enabled then initialize and make the GHCB page sh=
ared
> > >>>    SevClearPageEncMaskForGhcbPage:
> > >>>        ; Check if SEV is enabled
> > >>> @@ -209,6 +211,8 @@ GetSevCBitMaskAbove31:
> > >>>    GetSevCBitMaskAbove31Exit:
> > >>>        OneTimeCallRet GetSevCBitMaskAbove31
> > >>>
> > >>> +%endif
> > >>> +
> > >>>    ; Check if Secure Encrypted Virtualization (SEV) features are en=
abled.
> > >>>    ;
> > >>>    ; Register usage is tight in this routine, so multiple calls for=
 the
> > >>> diff --git a/OvmfPkg/ResetVector/Main.asm
> > b/OvmfPkg/ResetVector/Main.asm
> > >>> index 5cfc0b5c72b1..46cfa87c4c0a 100644
> > >>> --- a/OvmfPkg/ResetVector/Main.asm
> > >>> +++ b/OvmfPkg/ResetVector/Main.asm
> > >>> @@ -75,6 +75,12 @@ SearchBfv:
> > >>>
> > >>>    %ifdef ARCH_IA32
> > >>>
> > >>> +    ;
> > >>> +    ; SEV support can be built and run using the Ia32/X64 split
> > environment.
> > >>> +    ; Set the OVMF/SEV work area as appropriate.
> > >>> +    ;
> > >>> +    OneTimeCall CheckSevFeatures
> > >>> +
> > >>>        ;
> > >>>        ; Restore initial EAX value into the EAX register
> > >>>        ;
> > >>> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb
> > b/OvmfPkg/ResetVector/ResetVector.nasmb
> > >>> index 9421f4818907..94fbb0a87b37 100644
> > >>> --- a/OvmfPkg/ResetVector/ResetVector.nasmb
> > >>> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb
> > >>> @@ -47,7 +47,36 @@
> > >>>    %include "Ia32/SearchForBfvBase.asm"
> > >>>    %include "Ia32/SearchForSecEntry.asm"
> > >>>
> > >>> -%define WORK_AREA_GUEST_TYPE (FixedPcdGet32
> > (PcdOvmfWorkAreaBase))
> > >>> +%define WORK_AREA_GUEST_TYPE          (FixedPcdGet32
> > (PcdOvmfWorkAreaBase))
> > >>> +%define PT_ADDR(Offset)               (FixedPcdGet32
> > (PcdOvmfSecPageTablesBase) + (Offset))
> > >>> +
> > >>> +%define GHCB_PT_ADDR                  (FixedPcdGet32
> > (PcdOvmfSecGhcbPageTableBase))
> > >>> +%define GHCB_BASE                     (FixedPcdGet32
> > (PcdOvmfSecGhcbBase))
> > >>> +%define GHCB_SIZE                     (FixedPcdGet32
> > (PcdOvmfSecGhcbSize))
> > >>> +%define SEV_ES_WORK_AREA              (FixedPcdGet32
> > (PcdSevEsWorkAreaBase))
> > >>> +%define SEV_ES_WORK_AREA_SIZE         25
> > >>> +%define SEV_ES_WORK_AREA_STATUS_MSR   (FixedPcdGet32
> > (PcdSevEsWorkAreaBase))
> > >>> +%define SEV_ES_WORK_AREA_RDRAND       (FixedPcdGet32
> > (PcdSevEsWorkAreaBase) + 8)
> > >>> +%define SEV_ES_WORK_AREA_ENC_MASK     (FixedPcdGet32
> > (PcdSevEsWorkAreaBase) + 16)
> > >>> +%define SEV_ES_WORK_AREA_RECEIVED_VC  (FixedPcdGet32
> > (PcdSevEsWorkAreaBase) + 24)
> > >>> +%define SEV_ES_VC_TOP_OF_STACK        (FixedPcdGet32
> > (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32
> > (PcdOvmfSecPeiTempRamSize))
> > >>> +%define SEV_SNP_SECRETS_BASE          (FixedPcdGet32
> > (PcdOvmfSnpSecretsBase))
> > >>> +%define SEV_SNP_SECRETS_SIZE          (FixedPcdGet32
> > (PcdOvmfSnpSecretsSize))
> > >>> +%define CPUID_BASE                    (FixedPcdGet32
> > (PcdOvmfCpuidBase))
> > >>> +%define CPUID_SIZE                    (FixedPcdGet32
> > (PcdOvmfCpuidSize))
> > >>> +%define SNP_SEC_MEM_BASE_DESC_1       (FixedPcdGet32
> > (PcdOvmfSecPageTablesBase))
> > >>> +%define SNP_SEC_MEM_SIZE_DESC_1       (FixedPcdGet32
> > (PcdOvmfSecGhcbBase) - SNP_SEC_MEM_BASE_DESC_1)
> > >>> +;
> > >>> +; The PcdOvmfSecGhcbBase reserves two GHCB pages. The first page i=
s
> > used
> > >>> +; as GHCB shared page and second is used for bookkeeping to suppor=
t
> > the
> > >>> +; nested GHCB in SEC phase. The bookkeeping page is mapped private=
.
> > The VMM
> > >>> +; does not need to validate the shared page but it need to validat=
e the
> > >>> +; bookkeeping page.
> > >>> +;
> > >>> +%define SNP_SEC_MEM_BASE_DESC_2       (GHCB_BASE + 0x1000)
> > >>> +%define SNP_SEC_MEM_SIZE_DESC_2
> > (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE_DESC_2)
> > >>> +%define SNP_SEC_MEM_BASE_DESC_3       (CPUID_BASE +
> > CPUID_SIZE)
> > >>> +%define SNP_SEC_MEM_SIZE_DESC_3       (FixedPcdGet32
> > (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
> > >>>
> > >>>    %ifdef ARCH_X64
> > >>>      #include <AutoGen.h>
> > >>> @@ -94,43 +123,14 @@
> > >>>      %define TDX_WORK_AREA_PGTBL_READY (FixedPcdGet32
> > (PcdOvmfWorkAreaBase) + 4)
> > >>>      %define TDX_WORK_AREA_GPAW        (FixedPcdGet32
> > (PcdOvmfWorkAreaBase) + 8)
> > >>>
> > >>> -  %define PT_ADDR(Offset) (FixedPcdGet32
> > (PcdOvmfSecPageTablesBase) + (Offset))
> > >>> +  %include "X64/IntelTdxMetadata.asm"
> > >>> +  %include "Ia32/Flat32ToFlat64.asm"
> > >>> +  %include "Ia32/PageTables64.asm"
> > >>> +  %include "Ia32/IntelTdx.asm"
> > >>> +  %include "X64/OvmfSevMetadata.asm"
> > >>> +%endif
> > >>>
> > >>> -  %define GHCB_PT_ADDR (FixedPcdGet32
> > (PcdOvmfSecGhcbPageTableBase))
> > >>> -  %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase))
> > >>> -  %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize))
> > >>> -  %define SEV_ES_WORK_AREA (FixedPcdGet32
> > (PcdSevEsWorkAreaBase))
> > >>> -  %define SEV_ES_WORK_AREA_SIZE 25
> > >>> -  %define SEV_ES_WORK_AREA_STATUS_MSR (FixedPcdGet32
> > (PcdSevEsWorkAreaBase))
> > >>> -  %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32
> > (PcdSevEsWorkAreaBase) + 8)
> > >>> -  %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32
> > (PcdSevEsWorkAreaBase) + 16)
> > >>> -  %define SEV_ES_WORK_AREA_RECEIVED_VC (FixedPcdGet32
> > (PcdSevEsWorkAreaBase) + 24)
> > >>> -  %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32
> > (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32
> > (PcdOvmfSecPeiTempRamSize))
> > >>> -  %define SEV_SNP_SECRETS_BASE  (FixedPcdGet32
> > (PcdOvmfSnpSecretsBase))
> > >>> -  %define SEV_SNP_SECRETS_SIZE  (FixedPcdGet32
> > (PcdOvmfSnpSecretsSize))
> > >>> -  %define CPUID_BASE  (FixedPcdGet32 (PcdOvmfCpuidBase))
> > >>> -  %define CPUID_SIZE  (FixedPcdGet32 (PcdOvmfCpuidSize))
> > >>> -  %define SNP_SEC_MEM_BASE_DESC_1 (FixedPcdGet32
> > (PcdOvmfSecPageTablesBase))
> > >>> -  %define SNP_SEC_MEM_SIZE_DESC_1 (FixedPcdGet32
> > (PcdOvmfSecGhcbBase) - SNP_SEC_MEM_BASE_DESC_1)
> > >>> -  ;
> > >>> -  ; The PcdOvmfSecGhcbBase reserves two GHCB pages. The first page
> > is used
> > >>> -  ; as GHCB shared page and second is used for bookkeeping to supp=
ort
> > the
> > >>> -  ; nested GHCB in SEC phase. The bookkeeping page is mapped priva=
te.
> > The VMM
> > >>> -  ; does not need to validate the shared page but it need to valid=
ate the
> > >>> -  ; bookkeeping page.
> > >>> -  ;
> > >>> -  %define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000)
> > >>> -  %define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE -
> > SNP_SEC_MEM_BASE_DESC_2)
> > >>> -  %define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE)
> > >>> -  %define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32
> > (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
> > >>> -
> > >>> -%include "X64/IntelTdxMetadata.asm"
> > >>> -%include "Ia32/Flat32ToFlat64.asm"
> > >>>    %include "Ia32/AmdSev.asm"
> > >>> -%include "Ia32/PageTables64.asm"
> > >>> -%include "Ia32/IntelTdx.asm"
> > >>> -%include "X64/OvmfSevMetadata.asm"
> > >>> -%endif
> > >>>
> > >>>    %include "Ia16/Real16ToFlat32.asm"
> > >>>    %include "Ia16/Init16.asm"
>
>
>
>
>=20
>
>