From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.2580.1592466210003954417 for ; Thu, 18 Jun 2020 00:43:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=WYt+hvtx; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: eric.dong@intel.com) IronPort-SDR: m75aPVyd4SQSIMv6Vogf0K3jrFtEAJm3sZHn8VbngPakDZIlSRDWv6j5TzwI2yU2w7Z/u/P7Nq APA3cwF+FmOw== X-IronPort-AV: E=McAfee;i="6000,8403,9655"; a="143985811" X-IronPort-AV: E=Sophos;i="5.73,525,1583222400"; d="scan'208";a="143985811" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jun 2020 00:43:26 -0700 IronPort-SDR: WMgiGhvtywe5n/FuojVmLMYG8mgXpj6swhTgScA7pO163bLrNucfKfrwtsrmKngyAu5wbnQ4iT OShs3IXEsu0A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,525,1583222400"; d="scan'208";a="352339372" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga001.jf.intel.com with ESMTP; 18 Jun 2020 00:43:26 -0700 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 18 Jun 2020 00:43:26 -0700 Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 18 Jun 2020 00:43:25 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.177) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 18 Jun 2020 00:43:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mFIjUNZvQ8rKXzc3ZGgBMeuoU63fzetWdn3tWbDAiJ9DauFfrNkLs8s7ghJ8Lc+53EFAOKjdRRbKbXcqJwDTG8efjRhXi/GfdljN6+SF/8OYfbUu0EH/QT9ndl5xiQ92ZRkqHWpxrtV8NHJkP4y8PZYwRbE2SUgKKtp2NPuCHA8o1CrXDxeLjwtVhx0FWHpHtSW165XuBJtx+hO3LRkVrsv/fDkqtpKnHivo8NrspTlM2u5Jxp7fdmf5VYDl22pKGdrZ4a0DlpiPVY+aGlPBoUXKHQZuLWwK1hul7zTyTuHNHyFVxu8eDzYAsPov4nwO+JM/Kdtl4G8mBzYcNEtL2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3LOSlVA1ka8Om9mc9mXz6dtJadT2b+57T7cTht5QggY=; b=KD3veKI+9hIMD9jpCrJpRbVfb4p3mgK6QseXRT9bI7bJ29sIgddupSc+3wXVL3oD+oeoLNaJ2DV61dvqyQbROst4tjOG4xgWcT7RgWfAeTAG63WeRP5dOlp14amYZlyMbH5m25eopZnJ3a1LdV+nO/N9ES5VZhYy+xL1Y9mxHahEpcLHHMkvfEq8FtJnX05iSprYIJ9vapdwR4LgnW4RK2Dn4eXr92UW30vjCPhWQTGfAOftG/l3ckTPLSV07mpjajGzv9NaeDHthAw+b5TyvRBg8Z4ZtvurQlcMF5FmsfCTNG9hPOTJxSAYeXQiEW20CY+k5JdAT6IxdQmRE/pXqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3LOSlVA1ka8Om9mc9mXz6dtJadT2b+57T7cTht5QggY=; b=WYt+hvtxUudsP0Y8nHQPKaDFYi4V+XcR8qSMQu7RtXeaqqUKKZosgQ7s5dcDQhVs+c2630k2ZfZlMdnpdEMZPWrJxpkTUFapYXq966ko+bBFn+KejMJQ6cxyxbF0DlrzPbtFOKJp0ZsPpbcLkC9vVylsci+b8zFpjMHBzqJvHUM= Received: from DM6PR11MB3274.namprd11.prod.outlook.com (2603:10b6:5:b::26) by DM6PR11MB3691.namprd11.prod.outlook.com (2603:10b6:5:146::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.24; Thu, 18 Jun 2020 07:43:23 +0000 Received: from DM6PR11MB3274.namprd11.prod.outlook.com ([fe80::cc01:6f05:1402:e7d7]) by DM6PR11MB3274.namprd11.prod.outlook.com ([fe80::cc01:6f05:1402:e7d7%6]) with mapi id 15.20.3109.021; Thu, 18 Jun 2020 07:43:23 +0000 From: "Dong, Eric" To: Tom Lendacky , "devel@edk2.groups.io" CC: Brijesh Singh , Ard Biesheuvel , "Justen, Jordan L" , Laszlo Ersek , "Gao, Liming" , "Kinney, Michael D" , "Ni, Ray" Subject: Re: [PATCH v9 43/46] OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector Thread-Topic: [PATCH v9 43/46] OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector Thread-Index: AQHWOz1kZVK1UMTPS0aES6f6hsMTGqjeEPMw Date: Thu, 18 Jun 2020 07:43:23 +0000 Message-ID: References: <317d1e819a82e8c1f4890a0ec8bd06dc194a5390.1591363657.git.thomas.lendacky@amd.com> In-Reply-To: <317d1e819a82e8c1f4890a0ec8bd06dc194a5390.1591363657.git.thomas.lendacky@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.55.46.36] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1b834f5e-455c-4948-c0ec-08d8135b47ad x-ms-traffictypediagnostic: DM6PR11MB3691: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0438F90F17 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ZjzkjrwE74tcOSSR+rmGAOoLJFzqrodlOwSmaMPL9woPyz8dK2m9mghigKeMNw1rdQZAGRtZEorTzRa6Dokxn1+QcMJFCzm2exsQcg9Hw0fQNta6FZfN4dfp6NmHybRtw0FS3J7NHACzAfjPZ+8a3tUdsv11ltY6RB/OpW0ZHKttk1UePFPrv0aaCqm8UIZY0PFIBSm46cRsFosedrHGMzNFfVivrNmvM0U/490eJ11E/tl73jsHmGnSCOcXOiqEwZ/1LkQeLRvHWdV/YzZCThEtEJBpJiJrzSPdhBrAtxjKVScYpXz2TgGfh/S/HcOBTX2xz5Mbv4dEM3FxMCQRPHFRYqiJ2DEVHOzl/I18cSbGGeOmy69g8kLJCRBJz6WLa9Qj8dolM3G7zVWbErpH/w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB3274.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(39860400002)(346002)(136003)(376002)(366004)(33656002)(54906003)(110136005)(19627235002)(7696005)(71200400001)(5660300002)(316002)(52536014)(76116006)(66556008)(86362001)(53546011)(66476007)(64756008)(107886003)(4326008)(66946007)(478600001)(966005)(8936002)(9686003)(83380400001)(26005)(55016002)(6506007)(8676002)(186003)(2906002)(66446008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: vgL4KKEWzc3IC8IEpGJOw0Zhjg11abjP1MX2HbSUXvNnl46jzR10Q7BxCrxweWrBqdd3T3irSb3TIt49Ae/3sXoPoYV6ugQxIUR5aIz1ZA38ftiteOVaLQ9ZPsivERVqtnKms2GVH0Yif6WX2HR2B4ihFacvirb/y3loQMfcB+/sCLsAYEYUPG8z0ZhW4fryPwyH22NAjt/Z/ALXfWGAzGRnZRDNgoH3M0IFHR15WbjKrar41ee3al/68SD76y5oxDKdUIvn9ZTY+L75+CJZ3pJA4ilUlUjJkihODdrsxrHQInXhXOurT95lyy7hfAfVkHoqaZqM6M2GhJsyO1U1Tk0BiILeYXV7ETZ5UWyRrPmrsIzPTG1at//XGi9xuqtEbiXpLGNrmcqwQ0BXrOdTRSi60WTbFP723lO/6giHxeg4naRBEUEPuaIb9MLnTxARqlI0snXbHCApAw9qKwOcFi8qI6/qBthUYLZI7O31+mE= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 1b834f5e-455c-4948-c0ec-08d8135b47ad X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2020 07:43:23.6917 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 5F38MmymeMbGE/Sg9YugZ+cSZtYktWMljRT+OY3ElGFh/b2hvlIXtT/L2EJ5QD3XDGH+73SdSxB2Cq58X4eJJg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3691 Return-Path: eric.dong@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Tom, We use GCC5 to build the OVMF platform and report below errors, please help= to check and fix it. I/opt/TCAgent/work/f9b29f3e80472c44/Edk2/MdeModulePkg/ -I/opt/TCAgent/work/= f9b29f3e80472c44/Edk2/MdeModulePkg/Include/ -I/opt/TCAgent/work/f9b29f3e804= 72c44/Edk2/UefiCpuPkg/ -I/opt/TCAgent/work/f9b29f3e80472c44/Edk2/UefiCpuPkg= /Include/ -I/opt/TCAgent/work/f9b29f3e80472c44/Edk2/UefiCpuPkg/ResetVector/= Vtf0/ -o /opt/TCAgent/work/f9b29f3e80472c44/Edk2/Build/OvmfX64/DEBUG_GCC5/X= 64/OvmfPkg/ResetVector/ResetVector/OUTPUT/ResetVector.bin /opt/TCAgent/work= /f9b29f3e80472c44/Edk2/Build/OvmfX64/DEBUG_GCC5/X64/OvmfPkg/ResetVector/Res= etVector/OUTPUT/ResetVector.iii /opt/TCAgent/work/f9b29f3e80472c44/Edk2/Build/OvmfX64/DEBUG_GCC5/X64/OvmfPk= g/ResetVector/ResetVector/OUTPUT/ResetVector.iii:72: error: expression synt= ax error /opt/TCAgent/work/f9b29f3e80472c44/Edk2/Build/OvmfX64/DEBUG_GCC5/X64/OvmfPk= g/ResetVector/ResetVector/OUTPUT/ResetVector.iii:74: error: label or instru= ction expected at start of line Ia32/PageTables64.asm:27: error: label or instruction expected at start of = line Ia32/PageTables64.asm:29: error: label or instruction expected at start of = line Ia32/PageTables64.asm:30: error: label or instruction expected at start of = line Ia32/PageTables64.asm:369: error: expression syntax error GNUmakefile:319: recipe for target '/opt/TCAgent/work/f9b29f3e80472c44/Edk2= /Build/OvmfX64/DEBUG_GCC5/X64/OvmfPkg/ResetVector/ResetVector/OUTPUT/ResetV= ector.bin' failed make: *** [/opt/TCAgent/work/f9b29f3e80472c44/Edk2/Build/OvmfX64/DEBUG_GCC5= /X64/OvmfPkg/ResetVector/ResetVector/OUTPUT/ResetVector.bin] Error 1 build.py... : error 7000: Failed to execute command make tbuild [/opt/TCAgent/work/f9b29f3e80472c44/Edk2/Build/OvmfX64/DEBUG_G= CC5/X64/OvmfPkg/ResetVector/ResetVector] build.py... : error F002: Failed to build module /opt/TCAgent/work/f9b29f3e80472c44/Edk2/OvmfPkg/ResetVector/ResetVector.in= f [X64, GCC5, DEBUG] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Related platform build configuration like below: WORKSPACE =3D /opt/TCAgent/work/f9b29f3e80472c44/Edk2 EDK_TOOLS_PATH =3D /opt/TCAgent/work/f9b29f3e80472c44/Edk2/BaseTools CONF_PATH =3D /opt/TCAgent/work/f9b29f3e80472c44/Edk2/Conf PYTHON_COMMAND =3D /usr/bin/python3.5 Architecture(s) =3D X64 Build target =3D DEBUG Toolchain =3D GCC5 Active Platform =3D /opt/TCAgent/work/f9b29f3e80472c44/Edk2/OvmfPk= g/OvmfPkgX64.dsc Thanks, Eric > -----Original Message----- > From: Tom Lendacky > Sent: Friday, June 5, 2020 9:28 PM > To: devel@edk2.groups.io > Cc: Brijesh Singh ; Ard Biesheuvel > ; Dong, Eric ; Justen, > Jordan L ; Laszlo Ersek ; > Gao, Liming ; Kinney, Michael D > ; Ni, Ray > Subject: [PATCH v9 43/46] OvmfPkg: Use the SEV-ES work area for the SEV- > ES AP reset vector >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2198 >=20 > A hypervisor is not allowed to update an SEV-ES guest's register state, > so when booting an SEV-ES guest AP, the hypervisor is not allowed to > set the RIP to the guest requested value. Instead an SEV-ES AP must be > re-directed from within the guest to the actual requested staring locatio= n > as specified in the INIT-SIPI-SIPI sequence. >=20 > Use the SEV-ES work area for the reset vector code that contains support > to jump to the desired RIP location after having been started. This is > required for only the very first AP reset. >=20 > This new OVMF source file, ResetVectorVtf0.asm, is used in place of the > original file through the use of the include path order set in > OvmfPkg/ResetVector/ResetVector.inf under "[BuildOptions]". >=20 > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Reviewed-by: Laszlo Ersek > Signed-off-by: Tom Lendacky > --- > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 100 > ++++++++++++++++++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 1 + > 2 files changed, 101 insertions(+) >=20 > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > new file mode 100644 > index 000000000000..980e0138e7fe > --- /dev/null > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -0,0 +1,100 @@ > +;-----------------------------------------------------------------------= ------- >=20 > +; @file >=20 > +; First code executed by processor after resetting. >=20 > +; Derived from UefiCpuPkg/ResetVector/Vtf0/Ia16/ResetVectorVtf0.asm >=20 > +; >=20 > +; Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
>=20 > +; SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > +; >=20 > +;-----------------------------------------------------------------------= ------- >=20 > + >=20 > +BITS 16 >=20 > + >=20 > +ALIGN 16 >=20 > + >=20 > +; >=20 > +; Pad the image size to 4k when page tables are in VTF0 >=20 > +; >=20 > +; If the VTF0 image has page tables built in, then we need to make >=20 > +; sure the end of VTF0 is 4k above where the page tables end. >=20 > +; >=20 > +; This is required so the page tables will be 4k aligned when VTF0 is >=20 > +; located just below 0x100000000 (4GB) in the firmware device. >=20 > +; >=20 > +%ifdef ALIGN_TOP_TO_4K_FOR_PAGING >=20 > + TIMES (0x1000 - ($ - EndOfPageTables) - 0x20) DB 0 >=20 > +%endif >=20 > + >=20 > +; >=20 > +; SEV-ES Processor Reset support >=20 > +; >=20 > +; sevEsResetBlock: >=20 > +; For the initial boot of an AP under SEV-ES, the "reset" RIP must be >=20 > +; programmed to the RAM area defined by SEV_ES_AP_RESET_IP. A > known offset >=20 > +; and GUID will be used to locate this block in the firmware and extra= ct >=20 > +; the build time RIP value. The GUID must always be 48 bytes from the >=20 > +; end of the firmware. >=20 > +; >=20 > +; 0xffffffca (-0x36) - IP value >=20 > +; 0xffffffcc (-0x34) - CS segment base [31:16] >=20 > +; 0xffffffce (-0x32) - Size of the SEV-ES reset block >=20 > +; 0xffffffd0 (-0x30) - SEV-ES reset block GUID >=20 > +; (00f771de-1a7e-4fcb-890e-68c77e2fb44e) >=20 > +; >=20 > +; A hypervisor reads the CS segement base and IP value. The CS segment > base >=20 > +; value represents the high order 16-bits of the CS segment base, so t= he >=20 > +; hypervisor must left shift the value of the CS segement base by 16 b= its to >=20 > +; form the full CS segment base for the CS segment register. It would = then >=20 > +; program the EIP register with the IP value as read. >=20 > +; >=20 > + >=20 > +TIMES (32 - (sevEsResetBlockEnd - sevEsResetBlockStart)) DB 0 >=20 > + >=20 > +sevEsResetBlockStart: >=20 > + DD SEV_ES_AP_RESET_IP >=20 > + DW sevEsResetBlockEnd - sevEsResetBlockStart >=20 > + DB 0xDE, 0x71, 0xF7, 0x00, 0x7E, 0x1A, 0xCB, 0x4F >=20 > + DB 0x89, 0x0E, 0x68, 0xC7, 0x7E, 0x2F, 0xB4, 0x4E >=20 > +sevEsResetBlockEnd: >=20 > + >=20 > +ALIGN 16 >=20 > + >=20 > +applicationProcessorEntryPoint: >=20 > +; >=20 > +; Application Processors entry point >=20 > +; >=20 > +; GenFv generates code aligned on a 4k boundary which will jump to this >=20 > +; location. (0xffffffe0) This allows the Local APIC Startup IPI to be >=20 > +; used to wake up the application processors. >=20 > +; >=20 > + jmp EarlyApInitReal16 >=20 > + >=20 > +ALIGN 8 >=20 > + >=20 > + DD 0 >=20 > + >=20 > +; >=20 > +; The VTF signature >=20 > +; >=20 > +; VTF-0 means that the VTF (Volume Top File) code does not require >=20 > +; any fixups. >=20 > +; >=20 > +vtfSignature: >=20 > + DB 'V', 'T', 'F', 0 >=20 > + >=20 > +ALIGN 16 >=20 > + >=20 > +resetVector: >=20 > +; >=20 > +; Reset Vector >=20 > +; >=20 > +; This is where the processor will begin execution >=20 > +; >=20 > + nop >=20 > + nop >=20 > + jmp EarlyBspInitReal16 >=20 > + >=20 > +ALIGN 16 >=20 > + >=20 > +fourGigabytes: >=20 > + >=20 > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb > b/OvmfPkg/ResetVector/ResetVector.nasmb > index 762661115d50..4913b379a993 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -82,5 +82,6 @@ >=20 >=20 > %include "Main.asm" >=20 >=20 >=20 > + %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) >=20 > %include "Ia16/ResetVectorVtf0.asm" >=20 >=20 >=20 > -- > 2.27.0