From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8040F7803D9 for ; Thu, 29 Feb 2024 14:07:00 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=TZMaRieHCw9itQW4/96Zy6UyTE0IIGJEG0hv4zh3a6w=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1709215619; v=1; b=mu9WkMMIR5+I0GiwX+KyULFMxPFrXRWh+pMf6zzo5rxbxZClIZBSpf2bOE+/OEFwJ7hBNSJ0 jJOjL8g4fODS3HznrilVxvhAaG9l9OexL1/X72CA2tH13sPp3f/XeUIYY1yZsKCQgXcub921aIr vQodGRPP4qmP/fssaIKxo/yQ= X-Received: by 127.0.0.2 with SMTP id D4iXYY7687511xS9pV20NCql; Thu, 29 Feb 2024 06:06:59 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) by mx.groups.io with SMTP id smtpd.web11.25578.1709215618103729450 for ; Thu, 29 Feb 2024 06:06:58 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10998"; a="3850966" X-IronPort-AV: E=Sophos;i="6.06,194,1705392000"; d="scan'208";a="3850966" X-Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Feb 2024 06:06:57 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,194,1705392000"; d="scan'208";a="38863301" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmviesa001.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 29 Feb 2024 06:06:54 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 29 Feb 2024 06:06:52 -0800 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 29 Feb 2024 06:06:52 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.100) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 29 Feb 2024 06:06:50 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ipiIoJcaVl8xVjQkQkJARj3Vjby/7GOikNbaPe6tBQ2WM2xqyBW5f0v7GE7YGBvWkeQ9OIHDTgMQWbPX54TTo+1q3vwIRg58p0bWsLcc46Z8LrTiYmoL9Ol4MEKk9CjhQ1NlM+sLB7V+peOQvKF5j3Qy/lYLre0HnKXDRF5Q1LTXCAfQivZ2vtq9oQSabgzV5clR/CPr2JaswM0EcAO1EC26/9hVC04W2N8D/DOzQ+m4Kq2uIKLLYgk7oxXBXdRFBgnuu4fVBF/192q3Ny/qqmVICPLarKSXu+qd1yYXZi42gxVFHBGC0C2CgatJud2VV/uMcr//01QtKE1/CSsE+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YQSg5kzi+ojpsXvmX/xDbjHyfyFJGpVSqGggZXJQgNE=; b=DK3Z3v/lmC5wV8bp5sKa93kt2hA5CBjC+P0wLea0UblRxXPJwSvEiSvUSWbGD5zGpPpIjxW0m31H+PhKXcIWT9aU9hy3VNkZvzTlLjNjNGKAY0+foVfoOXfbrRaM4R4UyxDWg2YN2uj2vtnlaZCAix3J6sBpy+3Zu1d0Zo8JSOUf8L2xE4JOCgJBT4e0kSKMWqdYBT75dXKQNFelF/faZFygV1rw203GruhRAtWJDBPYYKqbUhtekLneyR62lfziNOakVRUfOqmDEKlNEuZE/viej8+gxhWIk6Ew1b0xoS8mLVa7mNYIjrUXxUdVNbyPwmBayehpxOE0fnKZAuW0DQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by DM4PR11MB6286.namprd11.prod.outlook.com (2603:10b6:8:a7::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.26; Thu, 29 Feb 2024 14:06:40 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::92a7:f6a2:9262:d150]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::92a7:f6a2:9262:d150%3]) with mapi id 15.20.7339.024; Thu, 29 Feb 2024 14:06:37 +0000 From: "Yao, Jiewen" To: Tom Lendacky , "devel@edk2.groups.io" CC: Ard Biesheuvel , "Aktas, Erdem" , Gerd Hoffmann , Laszlo Ersek , Liming Gao , "Kinney, Michael D" , "Xu, Min M" , "Liu, Zhiguang" , "Kumar, Rahul R" , "Ni, Ray" , Michael Roth Subject: Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Thread-Topic: [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Thread-Index: AQHaZbTc60y9/Hu0z0i4XilPD6y8CrEfSzVwgACtPoCAAWhogA== Date: Thu, 29 Feb 2024 14:06:37 +0000 Message-ID: References: <30de7630-870b-41d4-9da3-5486c8fc44fe@amd.com> In-Reply-To: <30de7630-870b-41d4-9da3-5486c8fc44fe@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|DM4PR11MB6286:EE_ x-ms-office365-filtering-correlation-id: 110332a1-cc17-49ee-863e-08dc392fa4d4 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: OI3849WTaF5EWzHSj0C3UDqUmCWzRdA9K68ES4fyxVwhFZAi0BH3aY8D3y/dgMn2vZ8rcn13UX0FvAPdxLpbHdmDydi9D72MLoW/g5w20beKFgZW6dD0V/aGeu18nuvoY6GqLJVfVsYq6H+YfZGwHvGb6wAVmlDwdKxNQffu22S6zlhPfQh38iaGH78GZBQ8SEeo1dEA0pp/t5zYL4VpVvCiAyR5CyQHxSrhl/KTsM2hrd4JsRL95Od1ZnNOZ9S9tbYKe6Ga+2RCoRAtUN1PP/g9ySXulzEWUruYUIyHMkq+/i/SmZx9XHiRTIVof7rzP3a7qafieIZiynPYGfMT0YGnys5yUkhVZ8wa1tp+dQkLfWiMcZ1PY+oqyVdXdtxD6l78pBJkHpdOGhA/N1xA4eOXKm0RhtT6zODAPlH96BFDjnIoUVdISozKoF5QaeDSNvzVS8pj84UHpW+aEanGyevfmZfq7+dpg346u/jYIXZpDQuAkHBY9DbopvAXnR85afGqnXv62wNxP7vWHBtoI6EDts37lSDBNOvcxJUJqR0zS9xPGqRiHXvj3Js5XwZtG/mZPIfaHXGnxF66srxsoi6m7YjN/3vCY92Hg2WLyARy7zmKbgDXW3Nm8z3E7MPDjdTB49i7J4hsnft0ez5V3iMj75hzYjcmsmCGESyI7nCDsr6RXFU/zDgUGqQoRlp7 x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?NGIsOlmRFlaxKb5/sKJfcMZ6jlgajrUzz9tX+UFIHGwM5pY51DH8awITXbAr?= =?us-ascii?Q?CzVVi03vSocLaJEqET1FTrRRe1RIEHp+Qfx5b39NXGHDA6lmxrWZO6hDY7us?= =?us-ascii?Q?1NNjnzE5vRZL8SQH2/BIDIojBqGuz5NJjd+T4TD8nRtCILQdJfI6xSP6sdbV?= =?us-ascii?Q?UgmWdCY9Ut0rioP21rvkTa/ByTRDqjWdl26HVTaIdLJ3JSfXNmBV/d5JmT5e?= =?us-ascii?Q?LhAhiav3wOt5c0qpZuTsGzjdeskBi6WHBT/KJKfpuIRJqbOgEP7q2j69ynJO?= =?us-ascii?Q?LFMbnVcdjJyE5SZ0DMo54XfxKV8fdX/n34sJCQw0deDDooNSHXs+tMLcYE6D?= =?us-ascii?Q?TK8vIuWg8nYUjzHPAZ+B5l7p1SDjOzuQNtcs/F2Kzejiz21kYfHil29r8VtY?= =?us-ascii?Q?FvU2mLFQb6jYQeRPHeVJDJlNoNLIiHwG1UDzLpb1m6zFCdKi0rHl1ZYTu3gh?= =?us-ascii?Q?0PszYqj4u9/Xgz370Bbfz5BFP30sucl8McHhD4lxBNDZIfxSIvgo+i371S/Y?= =?us-ascii?Q?Wuw/tgm3TPKRf5yi54qxjzhnFIdnNuyc861mFlpPQkQdzP67O8f2qAVkO99y?= =?us-ascii?Q?xODjp0/XEGs42GoIs8l3/EgPzztlZbD1vlrPSA0s5cTverLeUjWPPSJElKen?= =?us-ascii?Q?OcN28XMgDFFzN8aDuu+EDWBMgxGQ0d6Ve12n2DDDGhYBnu+9+2xYusL0u6ep?= =?us-ascii?Q?VZaPsnWUPp6zkJsQ1M/5IlUgb9tc5/zqWoCQ5iEZjqpg+ddCYnal1+GfeyEi?= =?us-ascii?Q?rozZy5yvZfFdU2GzNG/r3yDscSnEfiRpxfntX7UQFaCSeCCeHrJ3QPjvZqHM?= =?us-ascii?Q?G0KYIKZ5HsyAay3O/T+deX37bj9m5Jbi7SZQRinLFN7jSPdaabN9z4pN5d2j?= =?us-ascii?Q?9bRAnxA24ciDbjZVXvwC0vuj0o5d3w3lSDsVr+ciQ/KPN8z+T4FCuKAwKgtq?= =?us-ascii?Q?cDeeRr9VN0GBgkA5rwPe5Qrg6AkKidPvMWthFFlwWxR/FaIplmfs7LWCrwL8?= =?us-ascii?Q?gKJrnSf+2CPuWzpOV46s/FMs6ykKgYcZpV+GQ+sXTbrfJRsngkuCtOeQdkMk?= =?us-ascii?Q?yTWWmYeax8lap7QGngLcM/GnKh1EEMTXJFDf6apAdfdFzlxSomc5XJWSHc/w?= =?us-ascii?Q?bDmGCShHQiSwN4AA0o8nNOONvIcYqwBklbgtl3V9jAdUY/X9Rv+4jYg+18Sp?= =?us-ascii?Q?jBDTDSDqcsN0mYdM3k8o2DA8CBkBmmXszoFItfB2Nw07XDVJb7e37rRdfJjJ?= =?us-ascii?Q?Sg+OUstzh68fMOV/tHpQYaR7QI9O2EdiXc/39WCHyTXQSTHCnZc9753Mk3mM?= =?us-ascii?Q?nnbaNnfCtMfxX458394q2ORiSXwgJn/R5VSbdRxrsPPhl/eWqyatzs1IeP5p?= =?us-ascii?Q?kLy+cfg9mClXgtdYX0EwV6c6/gndf07Ut8c+g+Ik1xfpNH0uSqxY/h9E/E5P?= =?us-ascii?Q?EtDlFk/AIanaO/uGtk7ci3feBQvMBSBNkMwQFLp/nJiWGyUGnitxWkPOr+04?= =?us-ascii?Q?zF4WzCbyYGcr4ny35wqLIYu+hc2xkKV9P9QtSEsQdJS25GOqiksi7+xH+qZF?= =?us-ascii?Q?z+xUGsoJeI4DSWuqiDoEHcTHnGnmug6zyNZt/ep/?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 110332a1-cc17-49ee-863e-08dc392fa4d4 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Feb 2024 14:06:37.0975 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: M7VPxJnAQ1+GHwjt+dPEZyMfNjnFDWnC+m4+cgw6C+nn+r7DuKsabAjeey3c4qqUfhMlpL+I5WQbtP124coP6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6286 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: RNXPveLhdOg6j6LqGyTlwQnbx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=mu9WkMMI; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Below: > -----Original Message----- > From: Tom Lendacky > Sent: Thursday, February 29, 2024 12:20 AM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: Ard Biesheuvel ; Aktas, Erdem > ; Gerd Hoffmann ; Laszlo Ersek > ; Liming Gao ; Kinney, Micha= el > D ; Xu, Min M ; Liu, > Zhiguang ; Kumar, Rahul R ; > Ni, Ray ; Michael Roth > Subject: Re: [PATCH v2 00/23] Provide SEV-SNP support for running under a= n > SVSM >=20 > On 2/28/24 00:14, Yao, Jiewen wrote: > > Some feedback: > > > > 1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions > > > > MdePkg only contains the definition in the standard. > > > > Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specificatio= n? >=20 > The structure is documented in the GHCB specification, but the GUID is no= t. >=20 > Is the request to move the GUID to someplace other than MdePkg? [Jiewen] Right. If the GUID is NOT in GHCB spec, then it should be in other= place, such as OvmfPkg. >=20 > > > > 2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an= - > SVSM > > > > I am not sure the position of SVSM. > > If the SVSM interface is AMD specific, the it should be AmdSvsmLib. >=20 > I believe TDX is also looking at the SVSM for TDX partitioning, but I'm > not certain of that. >=20 > > If the SVSM interface is generic, then we should define everything in a= generic > way. > > > > It is very confusing to mix a generic CcSvsm lib with AMD specific > . >=20 > I can certainly change the name to be AMD specific fow now. It can always > be changed to something else later if need be, much like VmgExitLib was > changed to CcExitLib. [Jiewen] Yes, Intel is planning for SVSM. But it is NOT ready yet. It is hard for me to discuss it now. Maybe, please help me understand: Is CcSvsmLib a generic library / common protocol between OVMF and Coconut-S= VSM? - Option 1 Or is CcSvsmLib an implementation specific library, and the current API can= not be shared with Intel TDX in future? - Option 2 I notice that some API is for option 1 - CcSvsmIsSvsmPresent(). But some API is for option 2 - CcSvsmSnpGetVmpl(), CcSvsmSnpGetCaa(), CcSvs= mSnpPvalidate(), CcSvsmSnpVmsaRmpAdjust(). How do you plan if TDX need to support SVSM later? How do you plan if we need to add some generic interaction between OVMF and= coconut-SVSM, such as vTPM? >=20 > Thanks, > Tom >=20 > > > > > > Thank you > > Yao, Jiewen > > > >> -----Original Message----- > >> From: Tom Lendacky > >> Sent: Friday, February 23, 2024 1:30 AM > >> To: devel@edk2.groups.io > >> Cc: Ard Biesheuvel ; Aktas, Erdem > >> ; Gerd Hoffmann ; Yao, > Jiewen > >> ; Laszlo Ersek ; Liming Gao > >> ; Kinney, Michael D > ; > >> Xu, Min M ; Liu, Zhiguang = ; > >> Kumar, Rahul R ; Ni, Ray ; > Michael > >> Roth > >> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an= SVSM > >> > >> > >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 > >> > >> This series adds SEV-SNP support for running OVMF under an Secure VM > >> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL). > >> By running at a less priviledged VMPL, the SVSM can be used to provide > >> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP > >> confidential VM (CVM) rather than trust such services from the hypervi= sor. > >> > >> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there a= re > >> certain SNP related operations that require that VMPL level. Specifica= lly, > >> the PVALIDATE instruction and the RMPADJUST instruction when setting t= he > >> the VMSA attribute of a page (used when starting APs). > >> > >> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must > >> use an SVSM (which is running at VMPL0) to perform the operations that > >> it is no longer able to perform. > >> > >> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs > that > >> it will be starting. As a result, the GHCB APIC ID retrieval action mu= st > >> be performed. Since this service can also work with SEV-SNP running at > >> VMPL0, the patches to make use of this feature are near the beginning = of > >> the series. > >> > >> How OVMF interacts with and uses the SVSM is documented in the SVSM > >> specification [1] and the GHCB specification [2]. > >> > >> This support creates a new CcSvsmLib library that is used by MpInitLib= . > >> This requires an update to the edk2-platform DSC files to add the new > >> library. The edk2-platform change would be needed after patch 12, but > >> before patch 15. > >> > >> This series introduces support to run OVMF under an SVSM. It consists > >> of: > >> - Retrieving the list of vCPU APIC IDs and starting up all APs with= out > >> performing a broadcast SIPI > >> - Reorganizing the page state change support to not directly use th= e > >> GHCB buffer since an SVSM will use the calling area buffer, inste= ad > >> - Detecting the presence of an SVSM > >> - When not running at VMPL0, invoking the SVSM for page validation = and > >> VMSA page creation/deletion > >> - Detecting and allowing OVMF to run in a VMPL other than 0 when an > >> SVSM is present > >> > >> The series is based off of commit: > >> > >> 2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first > before > >> lock cmpxchg") > >> > >> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical- > >> docs/specifications/58019.pdf > >> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical- > >> docs/specifications/56421.pdf > >> > >> --- > >> > >> Changes in v2: > >> - Move the APIC IDs retrieval support to the beginning of the patch se= ries > >> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD > >> - Split up Page State Change reorganization into multiple patches > >> - Created CcSvsmLib library instead of extending CcExitLib > >> - This will require a corresponding update to edk2-platform DSC f= iles > >> - Removed Ray Ni's Acked-by since it is not a minor change > >> - Variable name changes and other misc changes > >> > >> Tom Lendacky (23): > >> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() > >> MdePkg: GHCB APIC ID retrieval support definitions > >> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor > >> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is s= et > >> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors > >> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State > >> Change > >> MdePkg: Avoid hardcoded value for number of Page State Change entri= es > >> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support > >> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency > >> MdePkg/Register/Amd: Define the SVSM related information > >> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM > >> UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SV= SM > >> UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library > >> Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services > >> UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMS= A > >> OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate > >> pages > >> OvmfPkg: Create a calling area used to communicate with the SVSM > >> OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call > >> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency > >> OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU call= s > >> UefiCpuPkg/MpInitLib: AP creation support under an SVSM > >> Ovmfpkg/CcExitLib: Provide SVSM discovery support > >> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not a= t > >> VMPL0 > >> > >> MdePkg/MdePkg.dec = | 5 +- > >> OvmfPkg/OvmfPkg.dec = | 4 + > >> UefiCpuPkg/UefiCpuPkg.dec = | 5 +- > >> OvmfPkg/AmdSev/AmdSevX64.dsc = | 1 + > >> OvmfPkg/Bhyve/BhyveX64.dsc = | 1 + > >> OvmfPkg/CloudHv/CloudHvX64.dsc = | 1 + > >> OvmfPkg/IntelTdx/IntelTdxX64.dsc = | 1 + > >> OvmfPkg/Microvm/MicrovmX64.dsc = | 1 + > >> OvmfPkg/OvmfPkgIa32.dsc = | 1 + > >> OvmfPkg/OvmfPkgIa32X64.dsc = | 3 +- > >> OvmfPkg/OvmfPkgX64.dsc = | 1 + > >> OvmfPkg/OvmfXen.dsc = | 1 + > >> UefiCpuPkg/UefiCpuPkg.dsc = | 4 +- > >> UefiPayloadPkg/UefiPayloadPkg.dsc = | 1 + > >> OvmfPkg/AmdSev/AmdSevX64.fdf = | 9 +- > >> OvmfPkg/OvmfPkgX64.fdf = | 3 + > >> MdePkg/Library/BaseLib/BaseLib.inf = | 2 + > >> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf = | > 3 > >> +- > >> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf = | > 3 +- > >> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf = | > 3 > >> +- > >> OvmfPkg/Library/CcExitLib/CcExitLib.inf = | 3 +- > >> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf = | 3 +- > >> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf = | 38 ++ > >> OvmfPkg/PlatformPei/PlatformPei.inf = | 3 + > >> OvmfPkg/ResetVector/ResetVector.inf = | 2 + > >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf = | 27 ++ > >> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf = | 2 + > >> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf = | 2 + > >> MdePkg/Include/Library/BaseLib.h = | 39 ++ > >> MdePkg/Include/Register/Amd/Fam17Msr.h = | 19 +- > >> MdePkg/Include/Register/Amd/Ghcb.h = | 23 +- > >> MdePkg/Include/Register/Amd/Msr.h = | 3 +- > >> MdePkg/Include/Register/Amd/Svsm.h = | 101 ++++ > >> MdePkg/Include/Register/Amd/SvsmMsr.h = | 35 ++ > >> OvmfPkg/Include/WorkArea.h = | 9 +- > >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h = | > 6 > >> +- > >> UefiCpuPkg/Include/Library/CcSvsmLib.h = | 101 ++++ > >> UefiCpuPkg/Library/MpInitLib/MpLib.h = | 29 +- > >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > | > >> 11 +- > >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c = | > 27 > >> +- > >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > | > >> 22 +- > >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c > | > >> 31 +- > >> > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | > >> 206 ++++---- > >> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c = | 29 +- > >> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c = | 500 > >> ++++++++++++++++++++ > >> OvmfPkg/PlatformPei/AmdSev.c = | 102 +++- > >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c = | 108 +++++ > >> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c = | 21 +- > >> UefiCpuPkg/Library/MpInitLib/MpLib.c = | 9 +- > >> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c = | 134 ++++-- > >> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm = | 39 ++ > >> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm = | 94 ++++ > >> OvmfPkg/ResetVector/ResetVector.nasmb = | 6 +- > >> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm = | 11 +- > >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni = | 13 + > >> 55 files changed, 1628 insertions(+), 233 deletions(-) > >> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf > >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.in= f > >> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h > >> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h > >> create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h > >> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c > >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c > >> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm > >> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm > >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.un= i > >> > >> -- > >> 2.42.0 > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116169): https://edk2.groups.io/g/devel/message/116169 Mute This Topic: https://groups.io/mt/104512925/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-