From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <bounce+27952+116169+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
by spool.mail.gandi.net (Postfix) with ESMTPS id 8040F7803D9
for <rebecca@openfw.io>; Thu, 29 Feb 2024 14:07:00 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=TZMaRieHCw9itQW4/96Zy6UyTE0IIGJEG0hv4zh3a6w=;
c=relaxed/simple; d=groups.io;
h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
s=20140610; t=1709215619; v=1;
b=mu9WkMMIR5+I0GiwX+KyULFMxPFrXRWh+pMf6zzo5rxbxZClIZBSpf2bOE+/OEFwJ7hBNSJ0
jJOjL8g4fODS3HznrilVxvhAaG9l9OexL1/X72CA2tH13sPp3f/XeUIYY1yZsKCQgXcub921aIr
vQodGRPP4qmP/fssaIKxo/yQ=
X-Received: by 127.0.0.2 with SMTP id D4iXYY7687511xS9pV20NCql; Thu, 29 Feb 2024 06:06:59 -0800
X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17])
by mx.groups.io with SMTP id smtpd.web11.25578.1709215618103729450
for <devel@edk2.groups.io>;
Thu, 29 Feb 2024 06:06:58 -0800
X-IronPort-AV: E=McAfee;i="6600,9927,10998"; a="3850966"
X-IronPort-AV: E=Sophos;i="6.06,194,1705392000";
d="scan'208";a="3850966"
X-Received: from fmviesa001.fm.intel.com ([10.60.135.141])
by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Feb 2024 06:06:57 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.06,194,1705392000";
d="scan'208";a="38863301"
X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16])
by fmviesa001.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 29 Feb 2024 06:06:54 -0800
X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.35; Thu, 29 Feb 2024 06:06:52 -0800
X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.35 via Frontend Transport; Thu, 29 Feb 2024 06:06:52 -0800
X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.100)
by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.1.2507.35; Thu, 29 Feb 2024 06:06:50 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=ipiIoJcaVl8xVjQkQkJARj3Vjby/7GOikNbaPe6tBQ2WM2xqyBW5f0v7GE7YGBvWkeQ9OIHDTgMQWbPX54TTo+1q3vwIRg58p0bWsLcc46Z8LrTiYmoL9Ol4MEKk9CjhQ1NlM+sLB7V+peOQvKF5j3Qy/lYLre0HnKXDRF5Q1LTXCAfQivZ2vtq9oQSabgzV5clR/CPr2JaswM0EcAO1EC26/9hVC04W2N8D/DOzQ+m4Kq2uIKLLYgk7oxXBXdRFBgnuu4fVBF/192q3Ny/qqmVICPLarKSXu+qd1yYXZi42gxVFHBGC0C2CgatJud2VV/uMcr//01QtKE1/CSsE+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=YQSg5kzi+ojpsXvmX/xDbjHyfyFJGpVSqGggZXJQgNE=;
b=DK3Z3v/lmC5wV8bp5sKa93kt2hA5CBjC+P0wLea0UblRxXPJwSvEiSvUSWbGD5zGpPpIjxW0m31H+PhKXcIWT9aU9hy3VNkZvzTlLjNjNGKAY0+foVfoOXfbrRaM4R4UyxDWg2YN2uj2vtnlaZCAix3J6sBpy+3Zu1d0Zo8JSOUf8L2xE4JOCgJBT4e0kSKMWqdYBT75dXKQNFelF/faZFygV1rw203GruhRAtWJDBPYYKqbUhtekLneyR62lfziNOakVRUfOqmDEKlNEuZE/viej8+gxhWIk6Ew1b0xoS8mLVa7mNYIjrUXxUdVNbyPwmBayehpxOE0fnKZAuW0DQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
dkim=pass header.d=intel.com; arc=none
X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
by DM4PR11MB6286.namprd11.prod.outlook.com (2603:10b6:8:a7::8) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7339.26; Thu, 29 Feb 2024 14:06:40 +0000
X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com
([fe80::92a7:f6a2:9262:d150]) by MW4PR11MB5872.namprd11.prod.outlook.com
([fe80::92a7:f6a2:9262:d150%3]) with mapi id 15.20.7339.024; Thu, 29 Feb 2024
14:06:37 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Tom Lendacky <thomas.lendacky@amd.com>, "devel@edk2.groups.io"
<devel@edk2.groups.io>
CC: Ard Biesheuvel <ardb+tianocore@kernel.org>, "Aktas, Erdem"
<erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>, Laszlo Ersek
<lersek@redhat.com>, Liming Gao <gaoliming@byosoft.com.cn>, "Kinney, Michael
D" <michael.d.kinney@intel.com>, "Xu, Min M" <min.m.xu@intel.com>, "Liu,
Zhiguang" <zhiguang.liu@intel.com>, "Kumar, Rahul R"
<rahul.r.kumar@intel.com>, "Ni, Ray" <ray.ni@intel.com>, Michael Roth
<michael.roth@amd.com>
Subject: Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM
Thread-Topic: [PATCH v2 00/23] Provide SEV-SNP support for running under an
SVSM
Thread-Index: AQHaZbTc60y9/Hu0z0i4XilPD6y8CrEfSzVwgACtPoCAAWhogA==
Date: Thu, 29 Feb 2024 14:06:37 +0000
Message-ID: <MW4PR11MB58729FA7A88818D5D934DE868C5F2@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <cover.1708623001.git.thomas.lendacky@amd.com>
<MW4PR11MB5872D32CACF8BA6B0574A60C8C582@MW4PR11MB5872.namprd11.prod.outlook.com>
<30de7630-870b-41d4-9da3-5486c8fc44fe@amd.com>
In-Reply-To: <30de7630-870b-41d4-9da3-5486c8fc44fe@amd.com>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|DM4PR11MB6286:EE_
x-ms-office365-filtering-correlation-id: 110332a1-cc17-49ee-863e-08dc392fa4d4
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: OI3849WTaF5EWzHSj0C3UDqUmCWzRdA9K68ES4fyxVwhFZAi0BH3aY8D3y/dgMn2vZ8rcn13UX0FvAPdxLpbHdmDydi9D72MLoW/g5w20beKFgZW6dD0V/aGeu18nuvoY6GqLJVfVsYq6H+YfZGwHvGb6wAVmlDwdKxNQffu22S6zlhPfQh38iaGH78GZBQ8SEeo1dEA0pp/t5zYL4VpVvCiAyR5CyQHxSrhl/KTsM2hrd4JsRL95Od1ZnNOZ9S9tbYKe6Ga+2RCoRAtUN1PP/g9ySXulzEWUruYUIyHMkq+/i/SmZx9XHiRTIVof7rzP3a7qafieIZiynPYGfMT0YGnys5yUkhVZ8wa1tp+dQkLfWiMcZ1PY+oqyVdXdtxD6l78pBJkHpdOGhA/N1xA4eOXKm0RhtT6zODAPlH96BFDjnIoUVdISozKoF5QaeDSNvzVS8pj84UHpW+aEanGyevfmZfq7+dpg346u/jYIXZpDQuAkHBY9DbopvAXnR85afGqnXv62wNxP7vWHBtoI6EDts37lSDBNOvcxJUJqR0zS9xPGqRiHXvj3Js5XwZtG/mZPIfaHXGnxF66srxsoi6m7YjN/3vCY92Hg2WLyARy7zmKbgDXW3Nm8z3E7MPDjdTB49i7J4hsnft0ez5V3iMj75hzYjcmsmCGESyI7nCDsr6RXFU/zDgUGqQoRlp7
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?NGIsOlmRFlaxKb5/sKJfcMZ6jlgajrUzz9tX+UFIHGwM5pY51DH8awITXbAr?=
=?us-ascii?Q?CzVVi03vSocLaJEqET1FTrRRe1RIEHp+Qfx5b39NXGHDA6lmxrWZO6hDY7us?=
=?us-ascii?Q?1NNjnzE5vRZL8SQH2/BIDIojBqGuz5NJjd+T4TD8nRtCILQdJfI6xSP6sdbV?=
=?us-ascii?Q?UgmWdCY9Ut0rioP21rvkTa/ByTRDqjWdl26HVTaIdLJ3JSfXNmBV/d5JmT5e?=
=?us-ascii?Q?LhAhiav3wOt5c0qpZuTsGzjdeskBi6WHBT/KJKfpuIRJqbOgEP7q2j69ynJO?=
=?us-ascii?Q?LFMbnVcdjJyE5SZ0DMo54XfxKV8fdX/n34sJCQw0deDDooNSHXs+tMLcYE6D?=
=?us-ascii?Q?TK8vIuWg8nYUjzHPAZ+B5l7p1SDjOzuQNtcs/F2Kzejiz21kYfHil29r8VtY?=
=?us-ascii?Q?FvU2mLFQb6jYQeRPHeVJDJlNoNLIiHwG1UDzLpb1m6zFCdKi0rHl1ZYTu3gh?=
=?us-ascii?Q?0PszYqj4u9/Xgz370Bbfz5BFP30sucl8McHhD4lxBNDZIfxSIvgo+i371S/Y?=
=?us-ascii?Q?Wuw/tgm3TPKRf5yi54qxjzhnFIdnNuyc861mFlpPQkQdzP67O8f2qAVkO99y?=
=?us-ascii?Q?xODjp0/XEGs42GoIs8l3/EgPzztlZbD1vlrPSA0s5cTverLeUjWPPSJElKen?=
=?us-ascii?Q?OcN28XMgDFFzN8aDuu+EDWBMgxGQ0d6Ve12n2DDDGhYBnu+9+2xYusL0u6ep?=
=?us-ascii?Q?VZaPsnWUPp6zkJsQ1M/5IlUgb9tc5/zqWoCQ5iEZjqpg+ddCYnal1+GfeyEi?=
=?us-ascii?Q?rozZy5yvZfFdU2GzNG/r3yDscSnEfiRpxfntX7UQFaCSeCCeHrJ3QPjvZqHM?=
=?us-ascii?Q?G0KYIKZ5HsyAay3O/T+deX37bj9m5Jbi7SZQRinLFN7jSPdaabN9z4pN5d2j?=
=?us-ascii?Q?9bRAnxA24ciDbjZVXvwC0vuj0o5d3w3lSDsVr+ciQ/KPN8z+T4FCuKAwKgtq?=
=?us-ascii?Q?cDeeRr9VN0GBgkA5rwPe5Qrg6AkKidPvMWthFFlwWxR/FaIplmfs7LWCrwL8?=
=?us-ascii?Q?gKJrnSf+2CPuWzpOV46s/FMs6ykKgYcZpV+GQ+sXTbrfJRsngkuCtOeQdkMk?=
=?us-ascii?Q?yTWWmYeax8lap7QGngLcM/GnKh1EEMTXJFDf6apAdfdFzlxSomc5XJWSHc/w?=
=?us-ascii?Q?bDmGCShHQiSwN4AA0o8nNOONvIcYqwBklbgtl3V9jAdUY/X9Rv+4jYg+18Sp?=
=?us-ascii?Q?jBDTDSDqcsN0mYdM3k8o2DA8CBkBmmXszoFItfB2Nw07XDVJb7e37rRdfJjJ?=
=?us-ascii?Q?Sg+OUstzh68fMOV/tHpQYaR7QI9O2EdiXc/39WCHyTXQSTHCnZc9753Mk3mM?=
=?us-ascii?Q?nnbaNnfCtMfxX458394q2ORiSXwgJn/R5VSbdRxrsPPhl/eWqyatzs1IeP5p?=
=?us-ascii?Q?kLy+cfg9mClXgtdYX0EwV6c6/gndf07Ut8c+g+Ik1xfpNH0uSqxY/h9E/E5P?=
=?us-ascii?Q?EtDlFk/AIanaO/uGtk7ci3feBQvMBSBNkMwQFLp/nJiWGyUGnitxWkPOr+04?=
=?us-ascii?Q?zF4WzCbyYGcr4ny35wqLIYu+hc2xkKV9P9QtSEsQdJS25GOqiksi7+xH+qZF?=
=?us-ascii?Q?z+xUGsoJeI4DSWuqiDoEHcTHnGnmug6zyNZt/ep/?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 110332a1-cc17-49ee-863e-08dc392fa4d4
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Feb 2024 14:06:37.0975
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: M7VPxJnAQ1+GHwjt+dPEZyMfNjnFDWnC+m4+cgw6C+nn+r7DuKsabAjeey3c4qqUfhMlpL+I5WQbtP124coP6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6286
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: RNXPveLhdOg6j6LqGyTlwQnbx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
dkim=pass header.d=groups.io header.s=20140610 header.b=mu9WkMMI;
arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}");
dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io
Below:
> -----Original Message-----
> From: Tom Lendacky <thomas.lendacky@amd.com>
> Sent: Thursday, February 29, 2024 12:20 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Laszlo Ersek
> <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Micha=
el
> D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.co=
m>;
> Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
> Subject: Re: [PATCH v2 00/23] Provide SEV-SNP support for running under a=
n
> SVSM
>=20
> On 2/28/24 00:14, Yao, Jiewen wrote:
> > Some feedback:
> >
> > 1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions
> >
> > MdePkg only contains the definition in the standard.
> >
> > Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specificatio=
n?
>=20
> The structure is documented in the GHCB specification, but the GUID is no=
t.
>=20
> Is the request to move the GUID to someplace other than MdePkg?
[Jiewen] Right. If the GUID is NOT in GHCB spec, then it should be in other=
place, such as OvmfPkg.
>=20
> >
> > 2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an=
-
> SVSM
> >
> > I am not sure the position of SVSM.
> > If the SVSM interface is AMD specific, the it should be AmdSvsmLib.
>=20
> I believe TDX is also looking at the SVSM for TDX partitioning, but I'm
> not certain of that.
>=20
> > If the SVSM interface is generic, then we should define everything in a=
generic
> way.
> >
> > It is very confusing to mix a generic CcSvsm lib with AMD specific
> <Register/Amd/Ghcb.h>.
>=20
> I can certainly change the name to be AMD specific fow now. It can always
> be changed to something else later if need be, much like VmgExitLib was
> changed to CcExitLib.
[Jiewen] Yes, Intel is planning for SVSM. But it is NOT ready yet.
It is hard for me to discuss it now.
Maybe, please help me understand:
Is CcSvsmLib a generic library / common protocol between OVMF and Coconut-S=
VSM? - Option 1
Or is CcSvsmLib an implementation specific library, and the current API can=
not be shared with Intel TDX in future? - Option 2
I notice that some API is for option 1 - CcSvsmIsSvsmPresent().
But some API is for option 2 - CcSvsmSnpGetVmpl(), CcSvsmSnpGetCaa(), CcSvs=
mSnpPvalidate(), CcSvsmSnpVmsaRmpAdjust().
How do you plan if TDX need to support SVSM later?
How do you plan if we need to add some generic interaction between OVMF and=
coconut-SVSM, such as vTPM?
>=20
> Thanks,
> Tom
>=20
> >
> >
> > Thank you
> > Yao, Jiewen
> >
> >> -----Original Message-----
> >> From: Tom Lendacky <thomas.lendacky@amd.com>
> >> Sent: Friday, February 23, 2024 1:30 AM
> >> To: devel@edk2.groups.io
> >> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
> >> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao,
> Jiewen
> >> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
> >> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>;
> >> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>=
;
> >> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>;
> Michael
> >> Roth <michael.roth@amd.com>
> >> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an=
SVSM
> >>
> >>
> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654
> >>
> >> This series adds SEV-SNP support for running OVMF under an Secure VM
> >> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
> >> By running at a less priviledged VMPL, the SVSM can be used to provide
> >> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
> >> confidential VM (CVM) rather than trust such services from the hypervi=
sor.
> >>
> >> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there a=
re
> >> certain SNP related operations that require that VMPL level. Specifica=
lly,
> >> the PVALIDATE instruction and the RMPADJUST instruction when setting t=
he
> >> the VMSA attribute of a page (used when starting APs).
> >>
> >> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
> >> use an SVSM (which is running at VMPL0) to perform the operations that
> >> it is no longer able to perform.
> >>
> >> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs
> that
> >> it will be starting. As a result, the GHCB APIC ID retrieval action mu=
st
> >> be performed. Since this service can also work with SEV-SNP running at
> >> VMPL0, the patches to make use of this feature are near the beginning =
of
> >> the series.
> >>
> >> How OVMF interacts with and uses the SVSM is documented in the SVSM
> >> specification [1] and the GHCB specification [2].
> >>
> >> This support creates a new CcSvsmLib library that is used by MpInitLib=
.
> >> This requires an update to the edk2-platform DSC files to add the new
> >> library. The edk2-platform change would be needed after patch 12, but
> >> before patch 15.
> >>
> >> This series introduces support to run OVMF under an SVSM. It consists
> >> of:
> >> - Retrieving the list of vCPU APIC IDs and starting up all APs with=
out
> >> performing a broadcast SIPI
> >> - Reorganizing the page state change support to not directly use th=
e
> >> GHCB buffer since an SVSM will use the calling area buffer, inste=
ad
> >> - Detecting the presence of an SVSM
> >> - When not running at VMPL0, invoking the SVSM for page validation =
and
> >> VMSA page creation/deletion
> >> - Detecting and allowing OVMF to run in a VMPL other than 0 when an
> >> SVSM is present
> >>
> >> The series is based off of commit:
> >>
> >> 2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first
> before
> >> lock cmpxchg")
> >>
> >> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/58019.pdf
> >> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
> >> docs/specifications/56421.pdf
> >>
> >> ---
> >>
> >> Changes in v2:
> >> - Move the APIC IDs retrieval support to the beginning of the patch se=
ries
> >> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
> >> - Split up Page State Change reorganization into multiple patches
> >> - Created CcSvsmLib library instead of extending CcExitLib
> >> - This will require a corresponding update to edk2-platform DSC f=
iles
> >> - Removed Ray Ni's Acked-by since it is not a minor change
> >> - Variable name changes and other misc changes
> >>
> >> Tom Lendacky (23):
> >> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
> >> MdePkg: GHCB APIC ID retrieval support definitions
> >> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
> >> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is s=
et
> >> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
> >> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
> >> Change
> >> MdePkg: Avoid hardcoded value for number of Page State Change entri=
es
> >> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
> >> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
> >> MdePkg/Register/Amd: Define the SVSM related information
> >> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
> >> UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SV=
SM
> >> UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library
> >> Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services
> >> UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMS=
A
> >> OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate
> >> pages
> >> OvmfPkg: Create a calling area used to communicate with the SVSM
> >> OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
> >> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
> >> OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU call=
s
> >> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
> >> Ovmfpkg/CcExitLib: Provide SVSM discovery support
> >> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not a=
t
> >> VMPL0
> >>
> >> MdePkg/MdePkg.dec =
| 5 +-
> >> OvmfPkg/OvmfPkg.dec =
| 4 +
> >> UefiCpuPkg/UefiCpuPkg.dec =
| 5 +-
> >> OvmfPkg/AmdSev/AmdSevX64.dsc =
| 1 +
> >> OvmfPkg/Bhyve/BhyveX64.dsc =
| 1 +
> >> OvmfPkg/CloudHv/CloudHvX64.dsc =
| 1 +
> >> OvmfPkg/IntelTdx/IntelTdxX64.dsc =
| 1 +
> >> OvmfPkg/Microvm/MicrovmX64.dsc =
| 1 +
> >> OvmfPkg/OvmfPkgIa32.dsc =
| 1 +
> >> OvmfPkg/OvmfPkgIa32X64.dsc =
| 3 +-
> >> OvmfPkg/OvmfPkgX64.dsc =
| 1 +
> >> OvmfPkg/OvmfXen.dsc =
| 1 +
> >> UefiCpuPkg/UefiCpuPkg.dsc =
| 4 +-
> >> UefiPayloadPkg/UefiPayloadPkg.dsc =
| 1 +
> >> OvmfPkg/AmdSev/AmdSevX64.fdf =
| 9 +-
> >> OvmfPkg/OvmfPkgX64.fdf =
| 3 +
> >> MdePkg/Library/BaseLib/BaseLib.inf =
| 2 +
> >> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf =
|
> 3
> >> +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf =
|
> 3 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf =
|
> 3
> >> +-
> >> OvmfPkg/Library/CcExitLib/CcExitLib.inf =
| 3 +-
> >> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf =
| 3 +-
> >> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf =
| 38 ++
> >> OvmfPkg/PlatformPei/PlatformPei.inf =
| 3 +
> >> OvmfPkg/ResetVector/ResetVector.inf =
| 2 +
> >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf =
| 27 ++
> >> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf =
| 2 +
> >> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf =
| 2 +
> >> MdePkg/Include/Library/BaseLib.h =
| 39 ++
> >> MdePkg/Include/Register/Amd/Fam17Msr.h =
| 19 +-
> >> MdePkg/Include/Register/Amd/Ghcb.h =
| 23 +-
> >> MdePkg/Include/Register/Amd/Msr.h =
| 3 +-
> >> MdePkg/Include/Register/Amd/Svsm.h =
| 101 ++++
> >> MdePkg/Include/Register/Amd/SvsmMsr.h =
| 35 ++
> >> OvmfPkg/Include/WorkArea.h =
| 9 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h =
|
> 6
> >> +-
> >> UefiCpuPkg/Include/Library/CcSvsmLib.h =
| 101 ++++
> >> UefiCpuPkg/Library/MpInitLib/MpLib.h =
| 29 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> |
> >> 11 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c =
|
> 27
> >> +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> |
> >> 22 +-
> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
> |
> >> 31 +-
> >>
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
> >> 206 ++++----
> >> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c =
| 29 +-
> >> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c =
| 500
> >> ++++++++++++++++++++
> >> OvmfPkg/PlatformPei/AmdSev.c =
| 102 +++-
> >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c =
| 108 +++++
> >> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c =
| 21 +-
> >> UefiCpuPkg/Library/MpInitLib/MpLib.c =
| 9 +-
> >> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c =
| 134 ++++--
> >> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm =
| 39 ++
> >> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm =
| 94 ++++
> >> OvmfPkg/ResetVector/ResetVector.nasmb =
| 6 +-
> >> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm =
| 11 +-
> >> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni =
| 13 +
> >> 55 files changed, 1628 insertions(+), 233 deletions(-)
> >> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
> >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.in=
f
> >> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
> >> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
> >> create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h
> >> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
> >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> >> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
> >> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
> >> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.un=
i
> >>
> >> --
> >> 2.42.0
> >
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116169): https://edk2.groups.io/g/devel/message/116169
Mute This Topic: https://groups.io/mt/104512925/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-