From: "Dong, Eric" <eric.dong@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>
Cc: "Justen, Jordan L" <jordan.l.justen@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"Gao, Liming" <liming.gao@intel.com>,
"Ni, Ray" <ray.ni@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
"You, Benjamin" <benjamin.you@intel.com>,
"Bi, Dandan" <dandan.bi@intel.com>,
"Dong, Guo" <guo.dong@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Ma, Maurice" <maurice.ma@intel.com>
Subject: Re: [edk2-devel] [PATCH v6 00/42] SEV-ES guest support
Date: Fri, 17 Apr 2020 09:10:02 +0000 [thread overview]
Message-ID: <ED077930C258884BBCB450DB737E66225A024822@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <7962a752-c6b7-41ac-7764-a13157df2f25@amd.com>
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Lendacky, Thomas
> Sent: Thursday, April 16, 2020 9:47 PM
> To: devel@edk2.groups.io; Dong, Eric <eric.dong@intel.com>
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>; Brijesh Singh
> <brijesh.singh@amd.com>; You, Benjamin <benjamin.you@intel.com>; Bi,
> Dandan <dandan.bi@intel.com>; Dong, Guo <guo.dong@intel.com>; Wu,
> Hao A <hao.a.wu@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Ma,
> Maurice <maurice.ma@intel.com>
> Subject: Re: [edk2-devel] [PATCH v6 00/42] SEV-ES guest support
>
> On 4/14/20 10:30 AM, Dong, Eric via groups.io wrote:
> >>> -----Original Message-----
> >>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf
> Of
> >>> Lendacky, Thomas
> >>> Sent: Thursday, April 2, 2020 4:42 AM
> >>> To: Dong, Eric <eric.dong@intel.com>; devel@edk2.groups.io
> >>> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> >>> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>;
> >>> Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> >>> <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>; Brijesh Singh
> >>> <brijesh.singh@amd.com>; You, Benjamin <benjamin.you@intel.com>;
> Bi,
> >>> Dandan <dandan.bi@intel.com>; Dong, Guo <guo.dong@intel.com>;
> Wu,
> >> Hao
> >>> A <hao.a.wu@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Ma,
> >>> Maurice <maurice.ma@intel.com>
> >>> Subject: Re: [edk2-devel] [PATCH v6 00/42] SEV-ES guest support
> >>>
> >>> On 3/30/20 7:47 PM, Dong, Eric wrote:
> >>>> Hi Tom,
> >>>>
> >>>> Sorry for late response. It’s a huge patch, please give me two more
> >>>> weeks to detail review them.
> >>>>
> >>>> I have rough go through these patches and have some basic comments
> >>>> for them now:
> >>>>
> >>>> 1.It’s better to spit patch if changes files not in same package.
> >>>> Like patch 1/42.
> >>>
> >>> Ok, will do.
> >>>
> >>>>
> >>>> 2.All functions need to have comments for them. Miss comments in
> >>>> patch
> >>>> 10/42 and others.
> >>>
> >>> Just external functions or both external and internal (STATIC) functions,
> too?
> >>
> >> All the functions.
> >
> > you can use ECC tool to help you find all the coding style related issues.
> > You can reference link
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FECC-
> tool&data=02%7C01%7Cthomas.lendacky%40amd.com%7C437e3b872cc
> 046cf645208d7e088d6dc%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0
> %7C637224752713456520&sdata=rjRgLrtyDu2dXoRddbaTWkPtENLLZK93
> MEsmxR36Fkc%3D&reserved=0 to know how to run this tool.
>
> Thanks for the pointer. I have addressed all issues identified by ECC with
> respect to the code that I have added with these patches.
>
> Are you waiting for another version with these changes before reviewing
> further? If so, I'll submit that now, otherwise I'll wait for your review
> of the current version.
>
I have detail go through all your changes, I think it's good and should have no
impact for existing code if we don't enable this feature.
If you already fixed all the ECC issues, please send your new patches.
I will base on latest code to give my review-by tag.
Thanks,
Eric
> Thanks,
> Tom
>
> >
> > Thanks,
> > Eric
> >>
> >> Thanks,
> >> Eric
> >>
> >>>
> >>> Thanks,
> >>> Tom
> >>>
> >>>>
> >>>> Please update patches to fix above basic checks first.
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Eric
> >>>>
> >>>> *From:*devel@edk2.groups.io [mailto:devel@edk2.groups.io] *On
> >> Behalf
> >>>> Of *Lendacky, Thomas
> >>>> *Sent:* Tuesday, March 31, 2020 12:54 AM
> >>>> *To:* devel@edk2.groups.io
> >>>> *Cc:* Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> >>>> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>;
> >>>> Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> >>>> <liming.gao@intel.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ray
> >>>> <ray.ni@intel.com>; Brijesh Singh <brijesh.singh@amd.com>; You,
> >>>> Benjamin <benjamin.you@intel.com>; Bi, Dandan
> >> <dandan.bi@intel.com>;
> >>>> Dong, Guo <guo.dong@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
> >>> Wang,
> >>>> Jian J <jian.j.wang@intel.com>; Ma, Maurice <maurice.ma@intel.com>
> >>>> *Subject:* Re: [edk2-devel] [PATCH v6 00/42] SEV-ES guest support
> >>>>
> >>>> I've gotten some nice feedback from Laszlo, especially on the
> >>>> OvmfPkg side of this patchset, but haven't seen much response from
> >>>> the other maintainers. Is there any feedback on the MdePkg,
> >>>> MdeModulePkg and UefiCpuPkg changes that needs to be addressed
> in
> >> order to merge this?
> >>>>
> >>>> I do have some minor changes on ensuring the per-CPU variable page
> >>>> stays encrypted, but not much beyond that. Those changes can be
> >>>> submitted afterwards or as a new version before inclusion.
> >>>>
> >>>> Thanks,
> >>>> Tom
> >>>>
> >>>> On 3/24/20 12:40 PM, Tom Lendacky wrote:
> >>>>> This patch series provides support for running EDK2/OVMF under
> SEV-
> >> ES.
> >>>>>
> >>>>> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands
> >>>>> on the SEV support to protect the guest register state from the
> >>>>> hypervisor. See
> >>>>> "AMD64 Architecture Programmer's Manual Volume 2: System
> >>>>> Programming", section "15.35 Encrypted State (SEV-ES)" [1].
> >>>>>
> >>>>> In order to allow a hypervisor to perform functions on behalf of a
> >>>>> guest, there is architectural support for notifying a guest's
> >>>>> operating system when certain types of VMEXITs are about to occur.
> >>>>> This allows the guest to selectively share information with the
> >>>>> hypervisor to satisfy the requested function. The notification is
> >>>>> performed using a new exception, the VMM Communication
> exception
> >>>>> (#VC). The information is shared through the Guest-Hypervisor
> >>> Communication Block (GHCB) using the VMGEXIT instruction.
> >>>>> The GHCB format and the protocol for using it is documented in
> >>>>> "SEV-ES Guest-Hypervisor Communication Block Standardization" [2].
> >>>>>
> >>>>> The main areas of the EDK2 code that are updated to support SEV-ES
> >>>>> are around the exception handling support and the AP boot support.
> >>>>>
> >>>>> Exception support is required starting in Sec, continuing through
> >>>>> Pei and into Dxe in order to handle #VC exceptions that are generated.
> >>>>> Each AP requires it's own GHCB page as well as a page to hold
> >>>>> values specific to that AP.
> >>>>>
> >>>>> AP booting poses some interesting challenges. The INIT-SIPI-SIPI
> >>>>> sequence is typically used to boot the APs. However, the hypervisor
> >>>>> is not allowed to update the guest registers. The GHCB document [2]
> >>>>> talks about how SMP booting under SEV-ES is performed.
> >>>>>
> >>>>> Since the GHCB page must be a shared (unencrypted) page, the
> >>>>> processor must be running in long mode in order for the guest and
> >>>>> hypervisor to communicate with each other. As a result, SEV-ES is
> >>>>> only supported under the X64 architecture.
> >>>>>
> >>>>> [1]
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
> w.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=02%7
> C01%7Cthomas.lendacky%40amd.com%7C437e3b872cc046cf645208d7e088d6
> dc%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637224752713456
> 520&sdata=Lau3rXHXtoEXdfQaq8BH3XpHzLQbBEcEUfgiQWSfwwU%3D&
> amp;reserved=0
> >>>>
> >>>
> >>
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw
> >>> ww
> >>>> .amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=02%7C
> 01%
> >>> 7Cthomas
> >>>> .lendacky%40amd.com%7C2ee33c1d932a4906558f08d7d50d1ca2%7C3d
> d8
> >> 9
> >>> 61fe4884
> >>>>
> >>>
> >>
> e608e11a82d994e183d%7C0%7C0%7C637212125835211690&sdata=Q%2BIjeq
> >>> %2FRDgi
> >>>> ovKtPeA4TGDVorCK07jQVNZ7N9kvD%2BuE%3D&reserved=0>
> >>>>> [2]
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdev
> eloper.amd.com%2Fwp-
> content%2Fresources%2F56421.pdf&data=02%7C01%7Cthomas.lendac
> ky%40amd.com%7C437e3b872cc046cf645208d7e088d6dc%7C3dd8961fe4884
> e608e11a82d994e183d%7C0%7C0%7C637224752713456520&sdata=Htm
> OAIvANBFusy3WrliSbrPUiuMQmjFjURttM5IXuk4%3D&reserved=0
> >>>>
> >>>
> >>
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fde
> >>> v
> >>>> eloper.amd.com%2Fwp-
> >>> content%2Fresources%2F56421.pdf&data=02%7C01%7Ctho
> >>>>
> >>>
> >>
> mas.lendacky%40amd.com%7C2ee33c1d932a4906558f08d7d50d1ca2%7C3dd
> >>> 8961fe4
> >>>>
> >>>
> >>
> 884e608e11a82d994e183d%7C0%7C0%7C637212125835221679&sdata=bos02
> >>> T0YR3i5
> >>>> xji9rhjPl7jpS5uJPKt1Q0hhdy%2FoMR0%3D&reserved=0>
> >>>>>
> >>>>> ---
> >>>>>
> >>>>> These patches are based on commit:
> >>>>> 2f524a745e23 ("BaseTools:Fix build tools print traceback info
> >>>>> issue")
> >>>>>
> >>>>> Proper execution of SEV-ES relies on Bugzilla 2340 being fixed.
> >>>>>
> >>>>> A version of the tree (with an extra patch to workaround Bugzilla
> >>>>> 2340) can be found at:
> >>>>>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es-
> v13&data=02%7C01%7Cthomas.lendacky%40amd.com%7C437e3b872cc
> 046cf645208d7e088d6dc%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0
> %7C637224752713456520&sdata=%2BxdUQmdZo1vnkRB4v8kVHUGToX
> xNICpWpUxd4BPZx%2Bs%3D&reserved=0
> >>>>
> >>>
> >>
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit
> >>>> hub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es-
> >>> v13&data=02%7C01%7Cthomas.lend
> >>>>
> >>>
> >>
> acky%40amd.com%7C2ee33c1d932a4906558f08d7d50d1ca2%7C3dd8961fe48
> >>> 84e608e
> >>>>
> >>>
> >>
> 11a82d994e183d%7C0%7C0%7C637212125835221679&sdata=fmIyS5QBB7YG
> >>> DSqTFiBI
> >>>> e%2BBdH1zatcEplUdNC2wi%2Fhc%3D&reserved=0>
> >>>>>
> >>>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org
> >>>>> <mailto:ard.biesheuvel@linaro.org>>
> >>>>> Cc: Benjamin You <benjamin.you@intel.com
> >>>>> <mailto:benjamin.you@intel.com>>
> >>>>> Cc: Dandan Bi <dandan.bi@intel.com <mailto:dandan.bi@intel.com>>
> >>>>> Cc: Eric Dong <eric.dong@intel.com <mailto:eric.dong@intel.com>>
> >>>>> Cc: Guo Dong <guo.dong@intel.com <mailto:guo.dong@intel.com>>
> >>>>> Cc: Hao A Wu <hao.a.wu@intel.com <mailto:hao.a.wu@intel.com>>
> >>>>> Cc: Jian J Wang <jian.j.wang@intel.com
> >>>>> <mailto:jian.j.wang@intel.com>>
> >>>>> Cc: Jordan Justen <jordan.l.justen@intel.com
> >>>>> <mailto:jordan.l.justen@intel.com>>
> >>>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
> >>>>> Cc: Liming Gao <liming.gao@intel.com <mailto:liming.gao@intel.com>>
> >>>>> Cc: Maurice Ma <maurice.ma@intel.com
> >> <mailto:maurice.ma@intel.com>>
> >>>>> Cc: Michael D Kinney <michael.d.kinney@intel.com
> >>>>> <mailto:michael.d.kinney@intel.com>>
> >>>>> Cc: Ray Ni <ray.ni@intel.com <mailto:ray.ni@intel.com>>
> >>>>>
> >>>>> Changes since v5:
> >>>>> - Remove extraneous VmgExitLib usage
> >>>>> - Miscellaneous changes to address feedback (coding style, etc.)
> >>>>>
> >>>>> Changes since v4:
> >>>>> - Move the SEV-ES protocol negotiation out of the SEC exception
> >> handler
> >>>>> and into the SecMain.c file. As a result:
> >>>>> - Move the SecGhcb related PCDs out of UefiCpuPkg and into
> >> OvmfPkg
> >>>>> - Combine SecAMDSevVcHandler.c and PeiDxeAMDSevVcHandler.c
> >> into
> >>> a
> >>>>> single AMDSevVcHandler.c
> >>>>> - Consolidate VmgExitLib usage into common LibraryClasses sections
> >>>>> - Add documentation comments to the VmgExitLib functions
> >>>>>
> >>>>> Changes since v3:
> >>>>> - Remove the need for the MP library finalization routine. The AP
> >>>>> jump table address will be held by the hypervisor rather than
> >>>>> communicated via the GHCB MSR. This removes some fragility
> around
> >>>>> the UEFI to OS transition.
> >>>>> - Rename the SEV-ES RIP reset area to SEV-ES workarea and use it to
> >>>>> communicate the SEV-ES status, so that SEC CPU exception handling
> is
> >>>>> only established for an SEV-ES guest.
> >>>>> - Fix SMM build breakageAdd around QemuFlashPtrWrite().
> >>>>> - Fix SMM build breakage by adding VC exception support the SMM
> CPU
> >>>>> exception handling.
> >>>>> - Add memory fencing around the invocation of AsmVmgExit().
> >>>>> - Clarify comments around the SEV-ES AP reset RIP values and usage.
> >>>>> - Move some PCD definitions from MdeModulePkg to UefiCpuPkg.
> >>>>> - Remove the 16-bit code selector definition from MdeModulePkg
> >>>>>
> >>>>> Changes since v2:
> >>>>> - Added a way to locate the SEV-ES fixed AP RIP address for starting
> >>>>> AP's to avoid updating the actual flash image (build time location
> >>>>> that is identified with a GUID value).
> >>>>> - Create a VmgExit library to replace static inline functions.
> >>>>> - Move some PCDs to the appropriate packages
> >>>>> - Add support for writing to QEMU flash under SEV-ES
> >>>>> - Add additional MMIO opcode support
> >>>>> - Cleaned up the GHCB MSR CPUID protocol support
> >>>>>
> >>>>> Changes since v1:
> >>>>> - Patches reworked to be more specific to the component/area being
> >>> updated
> >>>>> and order of definition/usage
> >>>>> - Created a library for VMGEXIT-related functions to replace use of
> inline
> >>>>> functions
> >>>>> - Allocation method for GDT changed from AllocatePool to
> >>>>> AllocatePages
> >>>>> - Early caching only enabled for SEV-ES guests
> >>>>> - Ensure AP loop mode set to halt loop mode for SEV-ES guests
> >>>>> - Reserved SEC GHCB-related memory areas when S3 is enabled
> >>>>>
> >>>>> Tom Lendacky (42):
> >>>>> MdePkg: Create PCDs to be used in support of SEV-ES
> >>>>> MdePkg: Add the MSR definition for the GHCB register
> >>>>> MdePkg: Add a structure definition for the GHCB
> >>>>> MdeModulePkg/DxeIplPeim: Support GHCB pages when creating
> page
> >>> tables
> >>>>> MdePkg/BaseLib: Add support for the XGETBV instruction
> >>>>> MdePkg/BaseLib: Add support for the VMGEXIT instruction
> >>>>> UefiCpuPkg: Implement library support for VMGEXIT
> >>>>> OvmfPkg: Prepare OvmfPkg to use the VmgExitLib library
> >>>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib
> library
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC
> >>> exception
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE
> >>> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Support string IO for IOIO_PROT
> >> NAE
> >>>>> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for CPUID NAE
> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT NAE
> >>> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE
> events
> >>> (MMIO)
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE
> >>> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC NAE
> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC NAE
> >> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for INVD NAE
> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL NAE
> >>> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP NAE
> >> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for
> >>> MONITOR/MONITORX NAE
> >>>>> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for
> MWAIT/MWAITX
> >>> NAE
> >>>>> events
> >>>>> UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write
> >>> NAE
> >>>>> events
> >>>>> OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator
> function
> >>>>> OvmfPkg: Add support to perform SEV-ES initialization
> >>>>> OvmfPkg: Create a GHCB page for use during Sec phase
> >>>>> OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is
> supported
> >>>>> OvmfPkg: Create GHCB pages for use during Pei and Dxe phase
> >>>>> OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is
> >> enabled
> >>>>> UefiCpuPkg: Create an SEV-ES workarea PCD
> >>>>> OvmfPkg: Reserve a page in memory for the SEV-ES usage
> >>>>> OvmfPkg/ResetVector: Add support for a 32-bit SEV check
> >>>>> OvmfPkg/Sec: Add #VC exception handling for Sec phase
> >>>>> OvmfPkg/Sec: Enable cache early to speed up booting
> >>>>> OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash
> detection
> >>> with
> >>>>> SEV-ES is enabled
> >>>>> UefiCpuPkg: Add a 16-bit protected mode code segment descriptor
> >>>>> UefiCpuPkg/MpInitLib: Add CPU MP data flag to indicate if SEV-ES is
> >>>>> enabled
> >>>>> UefiCpuPkg: Allow AP booting under SEV-ES
> >>>>> OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector
> >>>>> OvmfPkg: Move the GHCB allocations into reserved memory
> >>>>> UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use
> >>>>>
> >>>>> MdeModulePkg/MdeModulePkg.dec | 9 +
> >>>>> OvmfPkg/OvmfPkg.dec | 9 +
> >>>>> UefiCpuPkg/UefiCpuPkg.dec | 17 +
> >>>>> OvmfPkg/OvmfPkgIa32.dsc | 6 +
> >>>>> OvmfPkg/OvmfPkgIa32X64.dsc | 6 +
> >>>>> OvmfPkg/OvmfPkgX64.dsc | 6 +
> >>>>> OvmfPkg/OvmfXen.dsc | 1 +
> >>>>> UefiCpuPkg/UefiCpuPkg.dsc | 2 +
> >>>>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 2 +
> >>>>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 2 +
> >>>>> OvmfPkg/OvmfPkgX64.fdf | 9 +
> >>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 2 +
> >>>>> MdePkg/Library/BaseLib/BaseLib.inf | 4 +
> >>>>> OvmfPkg/PlatformPei/PlatformPei.inf | 7 +
> >>>>> .../FvbServicesRuntimeDxe.inf | 2 +
> >>>>> OvmfPkg/ResetVector/ResetVector.inf | 8 +
> >>>>> OvmfPkg/Sec/SecMain.inf | 4 +
> >>>>> .../DxeCpuExceptionHandlerLib.inf | 5 +
> >>>>> .../PeiCpuExceptionHandlerLib.inf | 5 +
> >>>>> .../SecPeiCpuExceptionHandlerLib.inf | 5 +
> >>>>> .../SmmCpuExceptionHandlerLib.inf | 5 +
> >>>>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 +
> >>>>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 +
> >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf | 33 +
> >>>>> .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +-
> >>>>> MdePkg/Include/Library/BaseLib.h | 31 +
> >>>>> MdePkg/Include/Register/Amd/Fam17Msr.h | 42 +
> >>>>> MdePkg/Include/Register/Amd/Ghcb.h | 136 ++
> >>>>> OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +
> >>>>> .../QemuFlash.h | 6 +
> >>>>> UefiCpuPkg/CpuDxe/CpuGdt.h | 4 +-
> >>>>> UefiCpuPkg/Include/Library/VmgExitLib.h | 111 ++
> >>>>> .../CpuExceptionHandlerLib/AMDSevVcCommon.h | 26 +
> >>>>> .../CpuExceptionCommon.h | 2 +
> >>>>> UefiCpuPkg/Library/MpInitLib/MpLib.h | 68 +-
> >>>>> .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +-
> >>>>> .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +-
> >>>>> .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 +-
> >>>>> MdePkg/Library/BaseLib/Ia32/GccInline.c | 45 +
> >>>>> MdePkg/Library/BaseLib/X64/GccInline.c | 47 +
> >>>>> .../MemEncryptSevLibInternal.c | 75 +-
> >>>>> OvmfPkg/PlatformPei/AmdSev.c | 82 ++
> >>>>> OvmfPkg/PlatformPei/MemDetect.c | 23 +
> >>>>> .../QemuFlash.c | 23 +-
> >>>>> .../QemuFlashDxe.c | 15 +
> >>>>> .../QemuFlashSmm.c | 9 +
> >>>>> OvmfPkg/Sec/SecMain.c | 160 ++-
> >>>>> UefiCpuPkg/CpuDxe/CpuGdt.c | 8 +-
> >>>>> .../CpuExceptionHandlerLib/AMDSevVcHandler.c | 29 +
> >>>>> .../CpuExceptionCommon.c | 2 +-
> >>>>> .../Ia32/ArchAMDSevVcHandler.c | 24 +
> >>>>> .../PeiDxeSmmCpuException.c | 16 +
> >>>>> .../SecPeiCpuException.c | 16 +
> >>>>> .../X64/ArchAMDSevVcHandler.c | 1237
> +++++++++++++++++
> >>>>> UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 114 +-
> >>>>> UefiCpuPkg/Library/MpInitLib/MpLib.c | 257 +++-
> >>>>> UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 19 +
> >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c | 249 ++++
> >>>>> UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +-
> >>>>> MdePkg/Library/BaseLib/Ia32/VmgExit.nasm | 37 +
> >>>>> MdePkg/Library/BaseLib/Ia32/XGetBv.nasm | 31 +
> >>>>> MdePkg/Library/BaseLib/X64/VmgExit.nasm | 32 +
> >>>>> MdePkg/Library/BaseLib/X64/XGetBv.nasm | 34 +
> >>>>> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 100 ++
> >>>>> OvmfPkg/ResetVector/Ia32/PageTables64.asm | 351 ++++-
> >>>>> OvmfPkg/ResetVector/ResetVector.nasmb | 20 +
> >>>>> .../X64/ExceptionHandlerAsm.nasm | 17 +
> >>>>> UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc | 2 +-
> >>>>> .../Library/MpInitLib/Ia32/MpFuncs.nasm | 15 +
> >>>>> UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc | 4 +-
> >>>>> UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 370 ++++-
> >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni | 15 +
> >>>>> .../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 9 +
> >>>>> 73 files changed, 4061 insertions(+), 99 deletions(-)
> >>>>> create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf
> >>>>> create mode 100644 MdePkg/Include/Register/Amd/Ghcb.h
> >>>>> create mode 100644 UefiCpuPkg/Include/Library/VmgExitLib.h
> >>>>> create mode 100644
> >>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h
> >>>>> create mode 100644
> >>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcHandler.c
> >>>>> create mode 100644
> >>>
> >>
> UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchAMDSevVcHandler.c
> >>>>> create mode 100644
> >>>
> >>
> UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSevVcHandler.c
> >>>>> create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c
> >>>>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExit.nasm
> >>>>> create mode 100644 MdePkg/Library/BaseLib/Ia32/XGetBv.nasm
> >>>>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm
> >>>>> create mode 100644 MdePkg/Library/BaseLib/X64/XGetBv.nasm
> >>>>> create mode 100644
> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> >>>>> create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
> >
>
>
prev parent reply other threads:[~2020-04-17 9:10 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-24 17:40 [PATCH v6 00/42] SEV-ES guest support Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 01/42] MdePkg: Create PCDs to be used in support of SEV-ES Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 02/42] MdePkg: Add the MSR definition for the GHCB register Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 03/42] MdePkg: Add a structure definition for the GHCB Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 04/42] MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 05/42] MdePkg/BaseLib: Add support for the XGETBV instruction Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 06/42] MdePkg/BaseLib: Add support for the VMGEXIT instruction Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 07/42] UefiCpuPkg: Implement library support for VMGEXIT Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 08/42] OvmfPkg: Prepare OvmfPkg to use the VmgExitLib library Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 09/42] UefiPayloadPkg: Prepare UefiPayloadPkg " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 10/42] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 11/42] UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE events Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 12/42] UefiCpuPkg/CpuExceptionHandler: Support string IO " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 13/42] UefiCpuPkg/CpuExceptionHandler: Add support for CPUID " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 14/42] UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 15/42] UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE events (MMIO) Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 16/42] UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE events Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 17/42] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 18/42] UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 19/42] UefiCpuPkg/CpuExceptionHandler: Add support for INVD " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 20/42] UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 21/42] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 22/42] UefiCpuPkg/CpuExceptionHandler: Add support for MONITOR/MONITORX " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 23/42] UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWAITX " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 24/42] UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write " Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 25/42] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 26/42] OvmfPkg: Add support to perform SEV-ES initialization Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 27/42] OvmfPkg: Create a GHCB page for use during Sec phase Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 28/42] OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is supported Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 29/42] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 30/42] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 31/42] UefiCpuPkg: Create an SEV-ES workarea PCD Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 32/42] OvmfPkg: Reserve a page in memory for the SEV-ES usage Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 33/42] OvmfPkg/ResetVector: Add support for a 32-bit SEV check Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 34/42] OvmfPkg/Sec: Add #VC exception handling for Sec phase Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 36/42] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with SEV-ES is enabled Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 37/42] UefiCpuPkg: Add a 16-bit protected mode code segment descriptor Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 38/42] UefiCpuPkg/MpInitLib: Add CPU MP data flag to indicate if SEV-ES is enabled Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 39/42] UefiCpuPkg: Allow AP booting under SEV-ES Lendacky, Thomas
2020-03-24 17:40 ` [PATCH v6 40/42] OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector Lendacky, Thomas
2020-03-24 19:44 ` [PATCH v6 35/42] OvmfPkg/Sec: Enable cache early to speed up booting Lendacky, Thomas
2020-03-24 19:44 ` [PATCH v6 41/42] OvmfPkg: Move the GHCB allocations into reserved memory Lendacky, Thomas
2020-03-24 19:44 ` [PATCH v6 42/42] UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use Lendacky, Thomas
2020-03-30 16:53 ` [PATCH v6 00/42] SEV-ES guest support Lendacky, Thomas
2020-03-31 0:47 ` [edk2-devel] " Dong, Eric
2020-04-01 20:42 ` Lendacky, Thomas
2020-04-02 0:12 ` Dong, Eric
[not found] ` <1601D84A636A7BFC.25844@groups.io>
2020-04-14 15:30 ` Dong, Eric
2020-04-16 13:46 ` Lendacky, Thomas
2020-04-17 9:10 ` Dong, Eric [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ED077930C258884BBCB450DB737E66225A024822@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox