From: "Min Xu" <min.m.xu@intel.com>
To: Brijesh Singh <brijesh.singh@amd.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
"Justen, Jordan L" <jordan.l.justen@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
"James Bottomley" <jejb@linux.ibm.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH V3 06/10] OvmfPkg: Add AmdSev.asm in ResetVector
Date: Thu, 29 Jul 2021 11:53:38 +0000 [thread overview]
Message-ID: <CO1PR11MB50583F1D6E9A8196712A2405C5EB9@CO1PR11MB5058.namprd11.prod.outlook.com> (raw)
In-Reply-To: <61da69ab-31fa-7179-53bf-0142badc5f9d@amd.com>
On July 29, 2021 6:08 PM, Brijesh Singh wrote:
> On 7/29/21 1:07 AM, Xu, Min M wrote:
> > On July 29, 2021 12:29 PM, Brijesh Singh wrote:
> >> On 7/28/21 9:44 PM, Xu, Min M wrote:
> >>> Jiewen & Singh
> >>>
> >>> From the discussion I am thinking we have below rules to follow to
> >>> the design the structure of TEE_WORK_AREA:
> >>> 1. Design should be flexible but not too complicated 2. Reuse the
> >>> current SEV_ES_WORK_AREA (PcdSevEsWorkAreaBase) as
> TEE_WORK_AREA 3.
> >>> TEE_WORK_AREA should be initialized to all-0 at the beginning of
> >>> ResetVecotr 4. Reduce the changes to exiting code if possible
> >>>
> >>> So I try to make below conclusions below: (Please review) 1.
> >>> SEV_ES_WORK_AREA is used as the TEE_WORK_AREA by both TDX and
> SEV,
> >>> maybe in the future it can be used by other CC technologies.
> >>>
> >>> 2. In MEMFD, add below initial value. So that TEE_WORK_AREA is
> >>> guaranteed to be cleared in legacy guest. In TDX this memory region
> >>> is initialized to be all-0 by host VMM. In SEV the memory region is
> cleared as well.
> >>> 0x00B000|0x001000
> >>>
> >>
> gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpa
> ce
> >> Guid.PcdSevEsWorkAreaSize
> >>> DATA = {
> >>> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >>> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >>> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >>> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
> >>> }
> >> Hmm, I thought the contents of the data pages are controlled by the host
> VMM.
> >> If the backing pages are not zero filled then there is no guarantee
> >> that memory will be zero. To verify it:
> >>
> >> 1. I applied your above change in OvmfPkgX86.fdt. I modified the DATA
> >> values from 0x00 -> 0xCC
> >>
> >> 2. Modified the SecMain.c to dump the SevEsWorkArea on entry
> >>
> >> And dump does not contain the 0xcc.
> >>
> >> And to confirm further, I attached to the qemu with the GDB before
> >> the booting the OVMF, and modified the SevEsWorkArea with some
> >> garbage number and this time the dump printed garbage value I put
> through the debugger.
> >>
> >> In summary, the OVMF to zero the workarea memory on the entry and
> we
> >> cannot rely on the DATA={0x00, 0x00...} to zero the CCWorkArea.
> > So in legacy guest, CCWorkArea is cleared to all-0 without the
> DATA={0x00,0x00...}, right?
>
> Okay, maybe I was not able to communicate it correctly.
>
> The run I did is for the legacy guest. For the legacy guest, the contents of the
> CCWorkArea may *not* be always zero even when you use the DATA={0x00,
> 0x00...}.
>
> Currently, Qemu uses zero filled backing pages, so we will get a zero filled
> CCWorkArea; but nothing says that a backing page *must* be zero.
> Another VMM may choose to do things differently. In summary, the OVMF
> reset vector code must zero the CCWorkArea before calling SEV or TDX
> probes.
>
Ah, I see.
In current CheckSevFeatures, byte[SEV_ES_WORK_AREA] is cleared to0.
Then its values is set based on the result of SEV probe.
There is a bug here. CheckTdxFeatures does the similar work and it sets the
WORK_AREA to 2. If CheckSevFeatures is called after CheckTdxFeatures, then
WORK_AREA is cleared and it is set to 0 because it is not SEV. The value is override.
I think there are 2 options:
Option 1:
Neither CheckTdxFeatures nor CheckSevFeatures should clear WORK_AREA. Instead
It should be cleared to 0 outside and before these 2 calls. So in Main16 after
TransitionFromReal16To32BitFlat WORK_AREA is cleared to 0. In Tdx guest this WORK_AREA
is initialized to 0 by host VMM.
Option 2:
Another option is to figure out a mechanism that only one CheckXXXFeatures is called.
Since there are 2 entry point in Main.asm: Main16 and Main32.
In Main16 CheckSevFeatures is called after TransitionFromReal16To32BitFlat. (eax should
be saved because it is used in SetCr3ForPageTables64)
In Main32 CheckTdxFeatures is called after ReloadFlat32.
What's your opinion?
next prev parent reply other threads:[~2021-07-29 11:53 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1627364332.git.min.m.xu@intel.com>
2021-07-27 5:42 ` [PATCH V3 01/10] OvmfPkg: Add Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Min Xu
2021-07-27 5:42 ` [PATCH V3 02/10] OvmfPkg: Add Tdx metadata Min Xu
2021-07-27 5:42 ` [PATCH V3 03/10] OvmfPkg: Set TdMailbox initial value and macros Min Xu
2021-07-27 5:42 ` [PATCH V3 04/10] OvmfPkg: Add TDX_PT_ADDR defition in ResetVector.nasmb Min Xu
2021-07-27 5:42 ` [PATCH V3 05/10] OvmfPkg: Add IntelTdx.asm in ResetVector Min Xu
2021-07-27 5:42 ` [PATCH V3 06/10] OvmfPkg: Add AmdSev.asm " Min Xu
2021-07-27 10:56 ` Brijesh Singh
2021-07-27 11:51 ` Min Xu
2021-07-27 12:31 ` Brijesh Singh
2021-07-27 12:46 ` Yao, Jiewen
2021-07-28 5:07 ` Min Xu
2021-07-28 6:04 ` Yao, Jiewen
2021-07-28 6:58 ` Min Xu
2021-07-28 7:54 ` Yao, Jiewen
2021-07-28 8:34 ` Min Xu
2021-07-28 14:34 ` Brijesh Singh
2021-07-28 15:22 ` [edk2-devel] " Yao, Jiewen
2021-07-28 15:59 ` Brijesh Singh
2021-07-28 16:26 ` Yao, Jiewen
2021-07-28 18:58 ` Brijesh Singh
2021-07-28 23:48 ` Yao, Jiewen
2021-07-29 2:44 ` Min Xu
2021-07-29 4:29 ` Brijesh Singh
2021-07-29 5:17 ` Yao, Jiewen
2021-07-29 6:07 ` Min Xu
2021-07-29 10:07 ` Brijesh Singh
2021-07-29 11:53 ` Min Xu [this message]
2021-07-29 12:12 ` Yao, Jiewen
2021-07-29 12:46 ` Brijesh Singh
2021-07-29 13:22 ` Min Xu
2021-07-29 15:37 ` Yao, Jiewen
2021-07-28 0:40 ` Min Xu
2021-07-27 5:42 ` [PATCH V3 07/10] OvmfPkg: Add ReloadFlat32 Min Xu
2021-07-27 5:42 ` [PATCH V3 08/10] OvmfPkg: Add Init32 Min Xu
2021-07-27 5:42 ` [PATCH V3 09/10] OvmfPkg: Create Main.asm in ResetVector Min Xu
2021-07-27 5:42 ` [PATCH V3 10/10] OvmfPkg: Update ResetVector to support Tdx Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO1PR11MB50583F1D6E9A8196712A2405C5EB9@CO1PR11MB5058.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox