From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0617.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe40::617]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1D1AB820D3 for ; Wed, 8 Feb 2017 09:29:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=lrIDgbGGoMw5el6SSFN7z3bVqd4tS1Y/t8iEfUpNZfk=; b=aFnbmDoFHYw5TGCCUBEK0aHqtawKJJQ3KlhspMptmJKU3vUT5fjzfwv4WtlMttn8zXRT99MQdPwOX7QGiuEiMwW8cIzp/m0n6N9PNb8wXR9aCJxDngA+SeYewYPa2XJw9zZG6QqnA6H8rOrr5M8j/+2MIPt4sSZCFiGDNevZD1k= Received: from DM5PR12MB1243.namprd12.prod.outlook.com (10.168.237.22) by DM5PR12MB1610.namprd12.prod.outlook.com (10.172.40.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Wed, 8 Feb 2017 17:28:57 +0000 Received: from DM5PR12MB1243.namprd12.prod.outlook.com ([10.168.237.22]) by DM5PR12MB1243.namprd12.prod.outlook.com ([10.168.237.22]) with mapi id 15.01.0888.026; Wed, 8 Feb 2017 17:28:56 +0000 From: "Duran, Leo" To: 'Laszlo Ersek' , "Yao, Jiewen" , "Zeng, Star" , "edk2-devel@ml01.01.org" CC: "Tian, Feng" , "Singh, Brijesh" Thread-Topic: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask Thread-Index: AQHSgXvpPu5JgE3+Q0eFw1PUQsHrO6FeYs2AgADyPgCAAAL8gIAAAYuAgAABHvA= Date: Wed, 8 Feb 2017 17:28:56 +0000 Message-ID: References: <1486497223-22694-1-git-send-email-leo.duran@amd.com> <1486497223-22694-2-git-send-email-leo.duran@amd.com> <0C09AFA07DD0434D9E2A0C6AEB0483103B8215CE@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EB0DA@shsmsx102.ccr.corp.intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=leo.duran@amd.com; x-originating-ip: [165.204.77.1] x-microsoft-exchange-diagnostics: 1; DM5PR12MB1610; 7:gaMfuxTx1xvSCq8zcaoBbbQ9OPyvrI7qqSpf+6eiRXk7g7UDi8jZy9NWygj9PH+qzt87wrm+1fCgelUJ33vIuruTEi0/BjHyRZczsezfargvtQ1cWCHW37PA3LzclAwWqWFyiJ+vfb+9C5Qrr4kLIkuvCh2b25hzegxOFur9nQcbGAr7KF8x5Pk9kn8LKWd9zbrRAKg3V5TP5UGCf3Gwu+j2cl6h0MKfSmFkDKR0iurc3UKCvvwWe3E0J+cAS9eRuXxGdX8xqNWASs+9d0jLJanHXj8E3aPTOdLVbs6HcxYROqzu6VupVoeHjbZRGGFwC7I9hDCD48VHUu2e27no9B0xuJhGSznXyuKxPrftpr70f33N+8pCxpzJGaxrOm0iC472zSYDkV4DIKcECeu+LPhKm4YbSAN4Z2voE8dbYm/oW8tWU7adDZ4bHTnMdUoi7iqN6n8LAt+MMy4BjJFPqou8n3Dfc8a7zq4fsaxy9+jDh/YLZODuSJFQiOFnnm+8YZ5DGcY77AbpP+hZtHwS/w==; 20:ckhZt1GsqOg2Lqi53h1i0HbT84Vhk5ErJVfJcaGed1XcbRCgepnPbI/aql6DUcmaxos1ambhv/5M4/lCVHjLVszPGVZhCxAc7aGj7bP4n1ADJm4v5SYCDmjrxtc4OlzRDB7VYIbP9qaAJxab6wJJheZ1VDgP6ZoB1A9wQNFVUOgipFDFwxdLW5f7lwBVgUI1vl7WZnhyYQLdJBg4+DilWVW1109AAODcifO+b5m9D1KpS+AAVK7BnFjL4aNgAvKy x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10009020)(6029001)(6009001)(7916002)(39840400002)(39850400002)(39860400002)(39410400002)(39450400003)(377454003)(199003)(24454002)(189002)(13464003)(81156014)(81166006)(229853002)(8936002)(93886004)(9686003)(189998001)(7696004)(55016002)(25786008)(99286003)(3280700002)(8676002)(2501003)(77096006)(3660700001)(6306002)(53936002)(6436002)(33656002)(6506006)(54906002)(2906002)(4326007)(68736007)(7736002)(97736004)(2950100002)(54356999)(2900100001)(76176999)(86362001)(3846002)(6116002)(102836003)(50986999)(53546003)(6246003)(74316002)(101416001)(38730400002)(5660300001)(305945005)(66066001)(122556002)(106116001)(92566002)(106356001)(105586002)(213903007)(19627235001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR12MB1610; H:DM5PR12MB1243.namprd12.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; x-ms-office365-filtering-correlation-id: fb6b7516-9106-45a7-3dd9-08d45047f634 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM5PR12MB1610; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(767451399110)(162533806227266)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(2017020702029)(20170203043)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123564025)(20161123555025)(20161123562025)(20161123560025)(20161123558025)(6072148); SRVR:DM5PR12MB1610; BCL:0; PCL:0; RULEID:; SRVR:DM5PR12MB1610; x-forefront-prvs: 0212BDE3BE received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2017 17:28:56.8720 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1610 Subject: Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2017 17:29:00 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Lazlo, et al, Please see reply below. Lleo > -----Original Message----- > From: Laszlo Ersek [mailto:lersek@redhat.com] > Sent: Wednesday, February 08, 2017 11:11 AM > To: Yao, Jiewen ; Duran, Leo > ; Zeng, Star ; edk2- > devel@ml01.01.org > Cc: Tian, Feng ; Singh, Brijesh > > Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD > PcdPteMemoryEncryptionAddressOrMask >=20 > On 02/08/17 18:05, Yao, Jiewen wrote: > > HI Leo > > > > Thanks to clarify that. > > > > > > > > If that is the case, do you think it will be better to limit this PCD > > to > > X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64] >=20 > Not sure if this is the best place to raise the following observation, bu= t it > should do: >=20 > please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE > if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases: > - both PEI and DXE are 32-bit, and > - both PEI and DXE are 64-bit. >=20 > This doesn't necessarily invalidate anything said thus fair in the thread= , but > the following statement from Leo: >=20 > The SEV feature requires 64-bit LongMode, so the > PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time >=20 > does not follow. The PCD is FALSE in OvmfPkgX64.dsc. [Duran, Leo]=20 Good points... I should have provided more context. 1) I had referred the "PEI is 32-bit and DXE is 64-bit." 2) If both PEI and DXE are 64-bit, then you would be executing the X64 of H= andOffToDxe(), which does *not* call Create4GPageTables(). That is, Create4GPageTables() only gets called in the "PEI is 32-bit" case. >=20 > Thanks, > Laszlo >=20 > > > > > > > > Thank you > > > > Yao Jiewen > > > > > > > > *From:*Duran, Leo [mailto:leo.duran@amd.com] > > *Sent:* Wednesday, February 8, 2017 9:00 AM > > *To:* Zeng, Star ; edk2-devel@ml01.01.org > > *Cc:* Laszlo Ersek ; Tian, Feng > > ; Singh, Brijesh ; Yao, > > Jiewen > > *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD > > PcdPteMemoryEncryptionAddressOrMask > > > > > > > > Pease see reply below. > > Leo > > > >> -----Original Message----- > >> From: Zeng, Star [mailto:star.zeng@intel.com] > >> Sent: Tuesday, February 07, 2017 8:27 PM > >> To: Duran, Leo >; > >> edk2-devel@ml01.01.org > > > >> Cc: Laszlo Ersek > >; Tian, Feng > >; > >> Singh, Brijesh > >; Zeng, Star > >; > >> Yao, Jiewen > > >> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD > >> PcdPteMemoryEncryptionAddressOrMask > >> > >> Does Create4GPageTablesIa32Pae() also need to be updated? > >> > >> Thanks, > >> Star > > [Duran, Leo] > > Hi Star, > > No, I do not think Create4GPageTablesIa32Pae() is in the execution path= . > > > > The SEV feature requires 64-bit LongMode, so the > > PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which > case Create4GPageTablesIa32Pae() would *not* be called by > HandOffToDxeCore(). > > > >> -----Original Message----- > >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf > >> Of Leo Duran > >> Sent: Wednesday, February 8, 2017 3:54 AM > >> To: edk2-devel@ml01.01.org > >> Cc: Laszlo Ersek > >; Tian, Feng > >; > >> Brijesh Singh > >; Zeng, Star > >; > >> Leo Duran > > >> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD > >> PcdPteMemoryEncryptionAddressOrMask > >> > >> From: Brijesh Singh >> > > >> > >> This dynamic PCD holds the address mask for page table entries when > >> memory encryption is enabled on AMD processors supporting the Secure > >> Encrypted Virtualization (SEV) feature. > >> > >> Cc: Feng Tian > > >> Cc: Star Zeng > > >> Cc: Laszlo Ersek > > >> Contributed-under: TianoCore Contribution Agreement 1.0 > >> Signed-off-by: Leo Duran >> > > >> --- > >> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++- > >> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 > ++++++++++-- > >> ------ > >> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++ > >> 3 files changed, 22 insertions(+), 9 deletions(-) > >> > >> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > >> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > >> index 2bc41be..d62bd9b 100644 > >> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > >> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > >> @@ -6,6 +6,8 @@ > >> # needed to run the DXE Foundation. > >> # > >> # Copyright (c) 2006 - 2016, Intel Corporation. All rights > >> reserved.
> >> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.
# > >> # This program and the accompanying materials # are licensed and > >> made available under the terms and conditions of the BSD License # > >> which accompanies this distribution. The full text of the license > >> may be found at @@ -111,7 +113,8 @@ [FeaturePcd] > >> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress > ## > >> CONSUMES > >> > >> [Pcd.IA32,Pcd.X64] > >> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## > >> SOMETIMES_CONSUMES > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable = ## > >> SOMETIMES_CONSUMES > >> + > >> > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM > >> ask ## CONSUMES > >> > >> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] > >> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## > >> SOMETIMES_CONSUMES > >> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > >> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > >> index 790f6ab..2c52389 100644 > >> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > >> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > >> @@ -16,6 +16,8 @@ > >> 3) IA-32 Intel(R) Architecture Software Developer's Manual > >> Volume 3:System Programmer's Guide, Intel > >> > >> Copyright (c) 2006 - 2016, Intel Corporation. All rights > >> reserved.
> >> +Copyright (c) 2017, AMD Incorporated. All rights reserved.
> >> + > >> This program and the accompanying materials are licensed and made > >> available under the terms and conditions of the BSD License which > >> accompanies this distribution. The full text of the license may be > >> found at @@ -71,14 +73,14 @@ Split2MPageTo4K ( > >> // > >> // Fill in 2M page entry. > >> // > >> - *PageEntry2M =3D (UINT64) (UINTN) PageTableEntry | IA32_PG_P | > >> IA32_PG_RW; > >> + *PageEntry2M =3D (UINT64) (UINTN) PageTableEntry | PcdGet64 > >> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | > IA32_PG_RW; > >> > >> PhysicalAddress4K =3D PhysicalAddress; > >> for (IndexOfPageTableEntries =3D 0; IndexOfPageTableEntries < 512; > >> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=3D > >> SIZE_4KB) { > >> // > >> // Fill in the Page Table entries > >> // > >> - PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K; > >> + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | PcdGet64 > >> + (PcdPteMemoryEncryptionAddressOrMask); > >> PageTableEntry->Bits.ReadWrite =3D 1; > >> PageTableEntry->Bits.Present =3D 1; > >> if ((PhysicalAddress4K >=3D StackBase) && (PhysicalAddress4K < > >> StackBase + > >> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M ( > >> // > >> // Fill in 1G page entry. > >> // > >> - *PageEntry1G =3D (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | > >> IA32_PG_RW; > >> + *PageEntry1G =3D (UINT64) (UINTN) PageDirectoryEntry | PcdGet64 > >> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | > IA32_PG_RW; > >> > >> PhysicalAddress2M =3D PhysicalAddress; > >> for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries > >> < 512; > >> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, > >> IndexOfPageDirectoryEntries++PhysicalAddress2M > >> +=3D SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M ( > >> // > >> // Fill in the Page Directory entries > >> // > >> - PageDirectoryEntry->Uint64 =3D (UINT64) PhysicalAddress2M; > >> + PageDirectoryEntry->Uint64 =3D (UINT64) PhysicalAddress2M | > >> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask); > >> PageDirectoryEntry->Bits.ReadWrite =3D 1; > >> PageDirectoryEntry->Bits.Present =3D 1; > >> PageDirectoryEntry->Bits.MustBe1 =3D 1; @@ -248,7 +250,7 @@ > >> CreateIdentityMappingPageTables ( > >> // > >> // Make a PML4 Entry > >> // > >> - PageMapLevel4Entry->Uint64 =3D > >> (UINT64)(UINTN)PageDirectoryPointerEntry; > >> + PageMapLevel4Entry->Uint64 =3D > >> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 > >> + (PcdPteMemoryEncryptionAddressOrMask); > >> PageMapLevel4Entry->Bits.ReadWrite =3D 1; > >> PageMapLevel4Entry->Bits.Present =3D 1; > >> > >> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables ( > >> // > >> // Fill in the Page Directory entries > >> // > >> - PageDirectory1GEntry->Uint64 =3D (UINT64)PageAddress; > >> + PageDirectory1GEntry->Uint64 =3D (UINT64)PageAddress | > >> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask); > >> PageDirectory1GEntry->Bits.ReadWrite =3D 1; > >> PageDirectory1GEntry->Bits.Present =3D 1; > >> PageDirectory1GEntry->Bits.MustBe1 =3D 1; @@ -280,7 +282,7 > >> @@ CreateIdentityMappingPageTables ( > >> // > >> // Fill in a Page Directory Pointer Entries > >> // > >> - PageDirectoryPointerEntry->Uint64 =3D > >> (UINT64)(UINTN)PageDirectoryEntry; > >> + PageDirectoryPointerEntry->Uint64 =3D > >> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 > >> + (PcdPteMemoryEncryptionAddressOrMask); > >> PageDirectoryPointerEntry->Bits.ReadWrite =3D 1; > >> PageDirectoryPointerEntry->Bits.Present =3D 1; > >> > >> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables ( > >> // > >> // Fill in the Page Directory entries > >> // > >> - PageDirectoryEntry->Uint64 =3D (UINT64)PageAddress; > >> + PageDirectoryEntry->Uint64 =3D (UINT64)PageAddress | > >> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask); > >> PageDirectoryEntry->Bits.ReadWrite =3D 1; > >> PageDirectoryEntry->Bits.Present =3D 1; > >> PageDirectoryEntry->Bits.MustBe1 =3D 1; diff --git > >> a/MdeModulePkg/MdeModulePkg.dec > b/MdeModulePkg/MdeModulePkg.dec index > >> 273cd7e..207384f 100644 > >> --- a/MdeModulePkg/MdeModulePkg.dec > >> +++ b/MdeModulePkg/MdeModulePkg.dec > >> @@ -6,6 +6,8 @@ > >> # Copyright (c) 2007 - 2017, Intel Corporation. All rights > >> reserved.
# Copyright (c) 2016, Linaro Ltd. All rights > >> reserved.
# (C) Copyright 2016 Hewlett Packard Enterprise > >> Development LP
> >> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.
# > >> # This program and the accompanying materials are licensed and made > >> available under # the terms and conditions of the BSD License that > >> accompanies this distribution. > >> # The full text of the license may be found at @@ -1738,5 +1740,11 > >> @@ [PcdsDynamic, PcdsDynamicEx] > >> # @Prompt If there is any test key used by the platform. > >> > >> > gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0 > >> 0030003 > >> > >> + ## This dynamic PCD holds the address mask for page table entries > >> + when memory encryption is # enabled on AMD processors supporting > >> + the > >> Secure Encrypted Virtualization (SEV) feature. > >> + # This mask should be applied when creating 1:1 virtual to > >> + physical > >> mapping tables. > >> + # > >> + > >> + > >> > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM > >> ask|0x0 > >> + |UINT64|0x00030004 > >> + > >> [UserExtensions.TianoCore."ExtraFiles"] > >> MdeModulePkgExtra.uni > >> -- > >> 1.9.1 > >> > >> _______________________________________________ > >> edk2-devel mailing list > >> edk2-devel@lists.01.org > >> https://lists.01.org/mailman/listinfo/edk2-devel > >