From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ma1-aaemail-dr-lapp02.apple.com (ma1-aaemail-dr-lapp02.apple.com [17.171.2.68]) by mx.groups.io with SMTP id smtpd.web10.15752.1619025670270951679 for ; Wed, 21 Apr 2021 10:21:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@apple.com header.s=20180706 header.b=Aos4FLt/; spf=pass (domain: apple.com, ip: 17.171.2.68, mailfrom: afish@apple.com) Received: from pps.filterd (ma1-aaemail-dr-lapp02.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp02.apple.com (8.16.0.42/8.16.0.42) with SMTP id 13LHHlxu024329; Wed, 21 Apr 2021 10:20:55 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=OOZKKLfq7PgRf5jS7z+DWZFfoKqY+4HpuI0EFO1Lu28=; b=Aos4FLt/Y9Xbv1aDTlYiFMk5Vx/Tp62d9vbp5fkS429mfbVxIacYfmKHlXWzTjTa8/69 WcoRJwHLJ6h59IUThr9RVcmpNZlbcoAGu0PtjlyRNQBcgRz5YoE9azzAaipRYPkf+rs6 XI+8tCLetm6SWRMNrNrXIoWgbTbZZ6Z7Q3VVzHyv+hUFjBE1qH7bkkq0OIOL5eLeyXNF d2HHb0wPjhmJjazw/RMGkTxznwry5chyaugSRGFrBmJElknPIAFDfh6/iw0Rbl51Hxni NeXjbidT3NshDzqWgzWvwCMPlAU3z8QN2l8j8ambzLOs1yssqf35/KqIY7Yy98sQ8DQu CQ== Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by ma1-aaemail-dr-lapp02.apple.com with ESMTP id 37yvbsk6xx-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 21 Apr 2021 10:20:55 -0700 Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QRX00L68C6VK7A0@rn-mailsvcp-mta-lapp02.rno.apple.com>; Wed, 21 Apr 2021 10:20:55 -0700 (PDT) Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QRX00P00C12NH00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Wed, 21 Apr 2021 10:20:55 -0700 (PDT) X-Va-A: X-Va-T-CD: f900b3001c7ef03eb53e4f1f41858654 X-Va-E-CD: ca2682b6c31e4ae53e5ae8b165e051bf X-Va-R-CD: 606f8fa8b8fc7e222f9029ddd8d8be7f X-Va-CD: 0 X-Va-ID: fb8e2ab6-a21b-486f-b8a0-fac30d3b5d8a X-V-A: X-V-T-CD: f900b3001c7ef03eb53e4f1f41858654 X-V-E-CD: ca2682b6c31e4ae53e5ae8b165e051bf X-V-R-CD: 606f8fa8b8fc7e222f9029ddd8d8be7f X-V-CD: 0 X-V-ID: c2adc9cd-157c-4e2a-b2e8-8a7774b23ece X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-04-21_05:2021-04-21,2021-04-21 signatures=0 Received: from [17.235.39.97] (unknown [17.235.39.97]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QRX002PRC6OAR00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Wed, 21 Apr 2021 10:20:53 -0700 (PDT) From: "Andrew Fish" Message-id: MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.1\)) Subject: Re: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV Date: Wed, 21 Apr 2021 10:20:48 -0700 In-reply-to: <1677E4DA25FD7265.31957@groups.io> Cc: evantass@amd.com, Tom Lendacky , Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu To: edk2-devel-groups-io , Andrew Fish References: <831dc0af-e5b8-ead1-6ef7-f94aff8df0b5@amd.com> <1677E4DA25FD7265.31957@groups.io> X-Mailer: Apple Mail (2.3654.20.0.2.1) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-04-21_05:2021-04-21,2021-04-21 signatures=0 Content-type: multipart/alternative; boundary="Apple-Mail=_C7DD6DFF-79CD-44F8-B535-A07E3250EBE6" --Apple-Mail=_C7DD6DFF-79CD-44F8-B535-A07E3250EBE6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Tom, The phases are defined by the UEFI Platform Initialization Specification [= 1] (PI Spec). Basically the UEFI Specification defines how to write EFI OS = Loaders and Option ROMs and EFI is just defined in the context of how EFI s= ervices are passed into applications or drivers. The UEFI Platform Initiali= zation Specification is how to write modular bits of the firmware that inte= roperate. So all PI systems produce UEFI, but not all UEFI systems are buil= t out of PI. There are also some schemes that use the early parts of PI, bu= t not all of it but this is confusing enough without talking about that.=20 [1] https://uefi.org/specifications Thanks, Andrew Fish > On Apr 21, 2021, at 7:09 AM, Andrew Fish via groups.io wrote: >=20 > https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discuss= ion/23_boot_sequence >=20 >=20 >> On Apr 20, 2021, at 11:34 PM, Eric van Tassell wrote= : >>=20 >> =EF=BB=BF >>=20 >> On 4/20/21 5:54 PM, Tom Lendacky wrote: >>> From: Tom Lendacky >>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 >>> The TPM support in OVMF performs MMIO accesses during the PEI phase. A= t >>=20 >> where are the phases defined and how many other are there? >>=20 >>> this point, MMIO ranges have not been marked un-encyrpted, so an SEV-E= S >>> guest will fail attempting to perform MMIO to an encrypted address. >>> Read the PcdTpmBaseAddress and mark the specification defined range >>> (0x5000 in length) as un-encrypted, to allow an SEV-ES guest to proces= s >>> the MMIO requests. >>> Cc: Laszlo Ersek >>> Cc: Ard Biesheuvel >>> Cc: Jordan Justen >>> Cc: Brijesh Singh >>> Cc: James Bottomley >>> Cc: Jiewen Yao >>> Cc: Min Xu >>> Signed-off-by: Tom Lendacky >>> --- >>> OvmfPkg/PlatformPei/PlatformPei.inf | 1 + >>> OvmfPkg/PlatformPei/AmdSev.c | 19 +++++++++++++++++++ >>> 2 files changed, 20 insertions(+) >>> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei= /PlatformPei.inf >>> index 6ef77ba7bb21..de60332e9390 100644 >>> --- a/OvmfPkg/PlatformPei/PlatformPei.inf >>> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf >>> @@ -113,6 +113,7 @@ [Pcd] >>> [FixedPcd] >>> gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress >>> + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress >>> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS >>> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory >>> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType >>> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev= .c >>> index dddffdebda4b..d524929f9e10 100644 >>> --- a/OvmfPkg/PlatformPei/AmdSev.c >>> +++ b/OvmfPkg/PlatformPei/AmdSev.c >>> @@ -141,6 +141,7 @@ AmdSevInitialize ( >>> ) >>> { >>> UINT64 EncryptionMask; >>> + UINT64 TpmBaseAddress; >>> RETURN_STATUS PcdStatus; >>> // >>> @@ -206,6 +207,24 @@ AmdSevInitialize ( >>> } >>> } >>> + // >>> + // PEI TPM support will perform MMIO accesses, be sure this range i= s not >>> + // marked encrypted. >>> + // >>> + TpmBaseAddress =3D PcdGet64 (PcdTpmBaseAddress); >>> + if (TpmBaseAddress !=3D 0) { >>> + RETURN_STATUS DecryptStatus; >>> + >>> + DecryptStatus =3D MemEncryptSevClearPageEncMask ( >>> + 0, >>> + TpmBaseAddress, >>> + EFI_SIZE_TO_PAGES (0x5000), >>> + FALSE >>> + ); >>> + >>> + ASSERT_RETURN_ERROR (DecryptStatus); >>> + } >>> + >>> // >>> // Check and perform SEV-ES initialization if required. >>> // >>=20 >>=20 >>=20 >>=20 >>=20 >=20 --Apple-Mail=_C7DD6DFF-79CD-44F8-B535-A07E3250EBE6 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Tom,

The phases are defined by the UEFI Platform= Initialization Specification [1] (PI Spec). Basically the UEFI Specificati= on defines how to write EFI OS Loaders and Option ROMs and EFI is just defi= ned in the context of how EFI services are passed into applications or driv= ers. The UEFI Platform Initialization Specification is how to write modular= bits of the firmware that interoperate. So all PI systems produce UEFI, bu= t not all UEFI systems are built out of PI. There are also some schemes tha= t use the early parts of PI, but not all of it but this is confusing enough= without talking about that. 

[1] https://uefi.org/specifications

Thanks,

Andrew Fish


On Apr 21, 2021= , at 7:09 AM, Andrew Fish via group= s.io <afis= h=3Dapple.com@groups.io> wrote:

https://edk2-d= ocs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_seque= nce


On Apr 20, 2021, at 11:34 PM, Eric van Tassell <evantass@amd.com> wrote= :

=EF=BB=BF

On 4/20/21 5:54 PM, Tom= Lendacky wrote:
= From: Tom Lendacky <thomas.lendacky@amd.com>
BZ: http= s://bugzilla.tianocore.org/show_bug.cgi?id=3D3345
=
The TPM = support in OVMF performs MMIO accesses during the PEI phase. At

where are the phases defined and how many other are there?
this point, MMIO ranges have not been marked = un-encyrpted, so an SEV-ES
guest will fail attempting to perfo= rm MMIO to an encrypted address.
Read the PcdTpmBaseAddress an= d mark the specification defined range
(0x5000 in length) as u= n-encrypted, to allow an SEV-ES guest to process
the MMIO requ= ests.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <= ardb+tianocore@kern= el.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
S= igned-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
&= nbsp;OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
<= /blockquote>
 Ovm= fPkg/PlatformPei/AmdSev.c        | 19 ++= +++++++++++++++++
 2 files changed, 20 insertions(+)
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/Platfor= mPei/PlatformPei.inf
index 6ef77ba7bb21..de60332e9390 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
=
+++ b/Ov= mfPkg/PlatformPei/PlatformPei.inf
@@ -113,6 +113,7 @@ [Pcd]
   [FixedPcd]
<= blockquote type=3D"cite" class=3D"">   gEfi= MdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
+  gEfiSecu= rityPkgTokenSpaceGuid.PcdTpmBaseAddress
<= blockquote type=3D"cite" class=3D"">   gEmb= eddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS
  =  gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryT= ype
= diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/Platfo= rmPei/AmdSev.c
index dddffdebda4b..d524929f9e10 100644<= br class=3D"">
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/Platfo= rmPei/AmdSev.c
@@ -141,6 +141,7 @@ AmdSevInitialize (
   )
 {
  &n= bsp;UINT64           &nbs= p;            &= nbsp;   EncryptionMask;
+  UINT64  &n= bsp;            = ;            &n= bsp;TpmBaseAddress;
   RETURN_STATUS  &nbs= p;            &= nbsp;     PcdStatus;
  &nbs= p;  //
@@ -206,6 +207,24 @@ AmdSevInitialize (
     }
<= blockquote type=3D"cite" class=3D"">   }
 +  //
+  // PEI TPM support will pe= rform MMIO accesses, be sure this range is not
+  // mark= ed encrypted.
+  //
+  TpmBaseAddress = =3D PcdGet64 (PcdTpmBaseAddress);
+  if (TpmBaseAddress = !=3D 0) {
+    RETURN_STATUS  DecryptStat= us;
= +
+    DecryptStatus =3D MemEn= cryptSevClearPageEncMask (
+      &nb= sp;            =    0,
+       &nb= sp;            =   TpmBaseAddress,
+      &n= bsp;            = ;   EFI_SIZE_TO_PAGES (0x5000),
+   &= nbsp;           &nbs= p;      FALSE
+   &nbs= p;            &= nbsp;     );
+
<= /blockquote>
+  &= nbsp; ASSERT_RETURN_ERROR (DecryptStatus);
+  }
+
   //
   = ;// Check and perform SEV-ES initialization if required.
 = ;  //
<= br class=3D"">




--Apple-Mail=_C7DD6DFF-79CD-44F8-B535-A07E3250EBE6--