From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 767D27803CC for ; Fri, 2 Feb 2024 06:06:10 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=UvFYPbQZe3QMhX7729xBPz1nsLbcXNuzNc7Lrdgq52I=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706853969; v=1; b=ODsl89SJLc/mLk1F5LqVzBZFHtVcWPa7oivw/KgzlXncZ23pbdDnXPpO5uyo1u8mJUBPNt4K kAI1Ji8URehVEei4wGWkcM1MJP69uTBlvxWlnLb3dG/Ls0txMFxxim1LmiYdV+sub/9QSL4PJl0 eEG/Ssgq8mG1qe8GoFn1R2yc= X-Received: by 127.0.0.2 with SMTP id qFFOYY7687511xmyrtZFnFzK; Thu, 01 Feb 2024 22:06:09 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) by mx.groups.io with SMTP id smtpd.web10.17393.1706853968109281453 for ; Thu, 01 Feb 2024 22:06:08 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="5044" X-IronPort-AV: E=Sophos;i="6.05,237,1701158400"; d="scan'208";a="5044" X-Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2024 22:06:08 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,237,1701158400"; d="scan'208";a="60715" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmviesa007.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 01 Feb 2024 22:06:07 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 1 Feb 2024 22:06:06 -0800 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 1 Feb 2024 22:06:06 -0800 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.41) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 1 Feb 2024 22:06:06 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VrdN552SNoClxvnoN+hrANzI4hClpYEGF1Zza9VpP46npzMNKe1oktDI3v2SaBT7q8f0R+k2obWNHbuakE9zw66fQdElhRDQyVzWjP9tzW+CxoFCyD5VP7+Vdy4k9qpw5UGirjM2tbjSm462wsrOQ6j6xyzWB7NlvVV6K76lkl9UQM9QX7nU+0N65gs+RqWo7h8ZLLIdwYadl0bV3groi+dpjWwxG5Z4vVCMiYK/qhkFo4YgQSOOZPBJ9ZsT7kIUC1zKUC149mzcNwElt2jOJCaCV6QXMrQ302e+661Kol3W2oQsEwSfia+pdMtkudRz7FSUym5mX8njtHY6zGbuWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K8MZ4A/jqWNRNSx7WWDBuIV9j2/fdCK5DRbpEgChzgI=; b=ZYkpszJ4atVozoduBNVRQh9s8pfHjKD1zpJD/ZzLbiU3IPWdPXBE8EJi70GL3op7bIy6TSzLioKqlwT6z8X5Zh4NC92RbVXtSnrv2jZjxkDrYCylSckKx8zq6q00Kq5C6DyNnk/Y4XXxN2t/4nolozdNE8OwUDWhugqCn6xbGGPlfZW1SD/dGh/7Po86hxVshMezu9IgEwI3NEfC/ULu2vHkAAMqw7R2oQDyQt33AnGiIYSl2m5PO3ysn4oMFtq980aWnPcGb51Qli0EjRGBujkCiBr5H6+WcqRlsAhoIwJNkBUwJDL4LMcJcx/jpnJkSbzEuXnmj5a+ytxLApjeGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by PH7PR11MB7478.namprd11.prod.outlook.com (2603:10b6:510:269::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.22; Fri, 2 Feb 2024 06:06:03 +0000 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::fdd3:11d7:1c15:6c2d]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::fdd3:11d7:1c15:6c2d%7]) with mapi id 15.20.7228.029; Fri, 2 Feb 2024 06:06:03 +0000 From: "Ni, Ray" To: Tom Lendacky , "devel@edk2.groups.io" CC: Ard Biesheuvel , "Aktas, Erdem" , Gerd Hoffmann , "Yao, Jiewen" , Laszlo Ersek , Liming Gao , "Kinney, Michael D" , "Xu, Min M" , "Liu, Zhiguang" , "Kumar, Rahul R" , Michael Roth Subject: Re: [edk2-devel] [PATCH 04/16] UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM Thread-Topic: [PATCH 04/16] UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM Thread-Index: AQHaUKUEdwUocZs6BkiFzK04OUsPMLD2mnSg Date: Fri, 2 Feb 2024 06:06:03 +0000 Message-ID: References: <7061a9fb7a184fa0a2354842e834a260398aedc8.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: <7061a9fb7a184fa0a2354842e834a260398aedc8.1706307195.git.thomas.lendacky@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|PH7PR11MB7478:EE_ x-ms-office365-filtering-correlation-id: 64ec6696-3250-491d-1853-08dc23b50942 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: 2b3ijZCsYdIa2eLJW51UvYkhRfzb8L0321KjEXgJ1lK0EfMZ5LwW6PNs5d801Ve2oxJtJb0tCd7b03hkfFiFQJgZz9CX6jv0zE5x7VY3wzGuj7ckCsFe3l9KsFWO/b+nk+JFjEDlM+K97n/IloMNxjwLuNYySUn4LzVR2sRzTKoLTEyiK75rs3V93omBvZaRbNfbdzZ6cfzg8u6Gl8qdPkZfNh1cTx2FlCxAUsHWkHz2iBxu6rVqU9nOCLRFnQ2OP39htY9LZ+rZ9DfK8FLlV7En9rHrPg+Mq0Sq23uzIZFG7ciZOtvLcGbQeCjstOogC5DsK23z1S+Qqj2K+j8IWVOBqaoS9u1E8stwpYGD34xuY2eQJgmil54R8DFIuNA9lg8byPHQIOwEsmD9/7aF7ZvYARafkAWZuGIbqwSNK7IZmWgTVBfj5fbtYoKhNTEL5Vqn6htYMLX0PGteDTo1C4rltmm3ZKJoVFoWu/k0DTuHHbkL6lR5WH7iZhaOlGzBLDLR5V0he5L5NUPN1nK8p9uXpNLru7Hk+x/nig/udt0uoRqaUvhkxfYcEA4PkVb3p2rLjFg9EkKcXrxx/rIQVxJrnH+EAXK3kA7ShWmXof8= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?dloMTussXRArZ7BklDk6kFYVgYN40ecDVZMtfJAdLuB1nSSHqv6CNnkEZ2vH?= =?us-ascii?Q?ExNWMow5C/GbOBGdgwHY6F3pYk0Gvlc2Q8YegVljbUeNZVWigXOXHFJ+Xbvq?= =?us-ascii?Q?M0xo7A5XVk3vNg/F3QVnDfXxrP6M6kC/bRmrRzPr86EwPqaIIWrSpYgg8N3+?= =?us-ascii?Q?nsUd1imo1J99jifZoTH14kM2JcB/qgyioY5GX39jEMaTjFqJVCZlWg4C163X?= =?us-ascii?Q?Xp9j7i1vsBzjkYQdHTmLuJCmihMVusKIC4HoInHhoKnkQVQoS1xzHWTCO0Yh?= =?us-ascii?Q?UF0GoQ/EAud+a5RYARj0VkDLP6hMR7dFZeY0oVw8oy/Q38xFSwknCE1McnvN?= =?us-ascii?Q?tyYsbwxrpyjBlS+O3zqZ0ec9llKNelcEcu9cBZK1GMGpX0jdsfSTk9dnWq45?= =?us-ascii?Q?TO156RUlyepnpv1z1Lu+lBgfGg6EANgVDGQ87890HGBjih1vkk4sqXPKHYHW?= =?us-ascii?Q?GgHhwNMuGE8XYN7Dft/PvhN/oBwNsamBkgWuh44M55yI7ZQOK3y0ChXNEmJ/?= =?us-ascii?Q?DWwOHCHcmaCch4HTV5Kq4aOaTHQ2djplFR5zaGlRQMY84sfBTgGFyyT9iL2C?= =?us-ascii?Q?U2HgXdw6UAT/vzjSw1ZlBIwVZ4FwXhszV+KXhvVecd7C06HGOmaE31+InXkP?= =?us-ascii?Q?S3QzQqjnOYkHHz0HPu9ljr2pqIoBLX8ma02m678V1AzM2NhEMJHC1iBkAgIK?= =?us-ascii?Q?RHxnYrmMIRI/3603O2oXq0pHLlrbAM0YguE19u78G04r1jdfkBhc8m2NOgVe?= =?us-ascii?Q?k6YqV9nSjuQWS0gW+hQ3G7mqiWYmVKmwEfOwCO2uz/6wk8Hoc6uVBpTdiTvU?= =?us-ascii?Q?njaQx+OsAxS7qTUEv+Vtcm38Cli1iFZX8WFwnTM9BBxaeFiLj62ExSxdTU8e?= =?us-ascii?Q?xVf3tIjZfYvVuZ7W5XrJZ/yxYGJIc9nKBUXFnZvuNRi4WmlpCDckCF7zFv41?= =?us-ascii?Q?/KsYJ8y3D/F3NwVTLyFpbZTEcmScqVrNm3mmlYVtOnu/q9CvRmq0EXvKlnmB?= =?us-ascii?Q?zl51zhYkn8a7gLRBA0EOMzUfjJ0eE7KjfXkWBMutfpiQisYyBMnlrI2h+nAB?= =?us-ascii?Q?LuX+0zEWpVW7j8XBgPxxCWwb3MNEf5LjvmBdajSJd+5mHWWp0uFRxEYk+czI?= =?us-ascii?Q?i29hUxMatRw0DggQYeAu4wJ3Pryg5zpCj/z+IXLugsxj9EDoPkVToDMYZaE6?= =?us-ascii?Q?Wyqg3vrXrqg4tKQgBeTmTf+H/urLt+djQcpgC8Tc7IDljq/Q0tFGlyJ5Htb7?= =?us-ascii?Q?ltspuxMu/WJ+jbGzZYGvU1sElyZNZc11Pl3MYyvbCkkJTIZwaZkl94AApExs?= =?us-ascii?Q?RlSnOgSMc+F/NB99mw7A2UGWmPEvgseuAYUkuVnKNKueqHlzXG+/2zXveyf4?= =?us-ascii?Q?4PlFWjc8rjdlpTaKqVKNFYF43z0rwatlOgdUHwJ4xwikfEVqJEKMbINLW7FX?= =?us-ascii?Q?8BajqW762mMlt1Vy9fUbzxJqW/87wKsCL4JkC8meb+tvI781WS8tznhwolqY?= =?us-ascii?Q?/T0OhWg7pjRsCS2roxgVsfVZMpTeLu5uNmxOjgbpHL6xNFyQ1fiPngbsRObw?= =?us-ascii?Q?HJgcXWakd2XY+VnNGvA=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 64ec6696-3250-491d-1853-08dc23b50942 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2024 06:06:03.1021 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: B2dU8+mRkQihctcDZi4Ma5p7r/NqPSW5F7WyXLCMJHlKHoQPJO+P4t/jAbL1BV0XAqo2evYIps4wXzHz1Ygc/w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB7478 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ray.ni@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: oNOByeemLhMFzIW6Gkp1Kd1cx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ODsl89SJ; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Acked-by: Ray Ni Thanks, Ray > -----Original Message----- > From: Tom Lendacky > Sent: Saturday, January 27, 2024 6:13 AM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel ; Aktas, Erdem > ; Gerd Hoffmann ; Yao, > Jiewen ; Laszlo Ersek ; Liming > Gao ; Kinney, Michael D > ; Xu, Min M ; Liu, > Zhiguang ; Kumar, Rahul R > ; Ni, Ray ; Michael Roth > > Subject: [PATCH 04/16] UefiCpuPkg/CcExitLib: Extend the CcExitLib library= to > support an SVSM >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 >=20 > In order to support an SEV-SNP guest running under an SVSM at VMPL1 or > lower, the CcExitLib library must be extended with new intefaces. >=20 > This includes an interface to detect if running under an SVSM, an > interface to return the current VMPL, an interface to perform memory > validation and an interface to set or clear the attribute that allows a > page to be used as a VMSA. >=20 > Signed-off-by: Tom Lendacky > --- > UefiCpuPkg/Include/Library/CcExitLib.h | 71 ++++++++++++++++- > UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c | 82 > +++++++++++++++++++- > 2 files changed, 151 insertions(+), 2 deletions(-) >=20 > diff --git a/UefiCpuPkg/Include/Library/CcExitLib.h > b/UefiCpuPkg/Include/Library/CcExitLib.h > index 3381d583691f..2a9de5d5e8e7 100644 > --- a/UefiCpuPkg/Include/Library/CcExitLib.h > +++ b/UefiCpuPkg/Include/Library/CcExitLib.h > @@ -6,7 +6,7 @@ > #VC exceptions. > - Handle #VE exception in TDX. >=20 > - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<= BR> > + Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights > reserved.
> Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > @@ -147,6 +147,75 @@ CcExitHandleVc ( > IN OUT EFI_SYSTEM_CONTEXT SystemContext > ); >=20 > +/** > + Report the presence of an Secure Virtual Services Module (SVSM). > + > + Determines the presence of an SVSM. > + > + @retval TRUE An SVSM is present > + @retval FALSE An SVSM is not present > + > +**/ > +BOOLEAN > +EFIAPI > +CcExitSnpSvsmPresent ( > + VOID > + ); > + > +/** > + Report the VMPL level at which the SEV-SNP guest is running. > + > + Determines the VMPL level at which the guest is running. If an SVSM is > + not present, then it must be VMPL0, otherwise return what is reported > + by the SVSM. > + > + @return The VMPL level > + > +**/ > +UINT8 > +EFIAPI > +CcExitSnpGetVmpl ( > + VOID > + ); > + > +/** > + Perform a PVALIDATE operation for the page ranges specified. > + > + Validate or rescind the validation of the specified pages. > + > + @param[in] Info Pointer to a page state change structu= re > + > +**/ > +VOID > +EFIAPI > +CcExitSnpPvalidate ( > + IN SNP_PAGE_STATE_CHANGE_INFO *Info > + ); > + > +/** > + Perform an RMPADJUST operation to alter the VMSA setting of a page. > + > + Add or remove the VMSA attribute for a page. > + > + @param[in] Vmsa Pointer to an SEV-ES save area page > + @param[in] ApicId APIC ID associated with the VMSA > + @param[in] SetVmsa Boolean indicator as to whether to set= or > + or clear the VMSA setting for the page > + > + @retval EFI_SUCCESS RMPADJUST operation successful > + @retval EFI_UNSUPPORTED Operation is not supported > + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid > + parameter was supplied > + > +**/ > +EFI_STATUS > +EFIAPI > +CcExitSnpVmsaRmpAdjust ( > + IN SEV_ES_SAVE_AREA *Vmsa, > + IN UINT32 ApicId, > + IN BOOLEAN SetVmsa > + ); > + > /** > Handle a #VE exception. >=20 > diff --git a/UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c > b/UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c > index 230e50705b4a..60b19c0433c7 100644 > --- a/UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c > +++ b/UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c > @@ -1,7 +1,7 @@ > /** @file > CcExit Base Support Library. >=20 > - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<= BR> > + Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights > reserved.
> Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > @@ -165,6 +165,86 @@ CcExitHandleVc ( > return EFI_UNSUPPORTED; > } >=20 > +/** > + Report the presence of an Secure Virtual Services Module (SVSM). > + > + Determines the presence of an SVSM. > + > + @retval TRUE An SVSM is present > + @retval FALSE An SVSM is not present > + > +**/ > +BOOLEAN > +EFIAPI > +CcExitSnpSvsmPresent ( > + VOID > + ) > +{ > + return FALSE; > +} > + > +/** > + Report the VMPL level at which the SEV-SNP guest is running. > + > + Determines the VMPL level at which the guest is running. If an SVSM is > + not present, then it must be VMPL0, otherwise return what is reported > + by the SVSM. > + > + @return The VMPL level > + > +**/ > +UINT8 > +EFIAPI > +CcExitSnpGetVmpl ( > + VOID > + ) > +{ > + return 0; > +} > + > +/** > + Perform a PVALIDATE operation for the page ranges specified. > + > + Validate or rescind the validation of the specified pages. > + > + @param[in] Info Pointer to a page state change structu= re > + > +**/ > +VOID > +EFIAPI > +CcExitSnpPvalidate ( > + IN SNP_PAGE_STATE_CHANGE_INFO *Info > + ) > +{ > +} > + > +/** > + Perform an RMPADJUST operation to alter the VMSA setting of a page. > + > + Add or remove the VMSA attribute for a page. > + > + @param[in] Vmsa Pointer to an SEV-ES save area page > + @param[in] ApicId APIC ID associated with the VMSA > + @param[in] SetVmsa Boolean indicator as to whether to set= or > + or clear the VMSA setting for the page > + > + @retval EFI_SUCCESS RMPADJUST operation successful > + @retval EFI_UNSUPPORTED Operation is not supported > + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid > + parameter was supplied > + > +**/ > +EFI_STATUS > +EFIAPI > +CcExitSnpVmsaRmpAdjust ( > + IN SEV_ES_SAVE_AREA *Vmsa, > + IN UINT32 ApicId, > + IN BOOLEAN SetVmsa > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > /** > Handle a #VE exception. >=20 > -- > 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115019): https://edk2.groups.io/g/devel/message/115019 Mute This Topic: https://groups.io/mt/103986445/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-