public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP
@ 2022-12-21 15:50 Roth, Michael
  2022-12-21 15:50 ` [PATCH v4 1/4] MdePkg: Add header for SEV-SNP secrets page struct Roth, Michael
                   ` (4 more replies)
  0 siblings, 5 replies; 7+ messages in thread
From: Roth, Michael @ 2022-12-21 15:50 UTC (permalink / raw)
  To: devel; +Cc: Tom Lendacky, ray.ni

A full-featured SEV-SNP guest will not rely on the AP jump table, and
will instead use the AP Creation interface defined by the GHCB. However,
a guest is still allowed to use the AP jump table if desired.

However, unlike with SEV-ES guests, SEV-SNP guests should not
store/retrieve the jump table address via GHCB requests to the
hypervisor, they should instead store/retrieve it via the SEV-SNP
secrets page.

This series implements the store side of this for OVMF by introducing a
PCD that can be used to pass the SEV-SNP secrets page address to
UefiCpuPkg, where the jump table address is allocated. It also
introduces a struct that defines the SEV-SNP secrets page format
according to the GHCB v2.01 and SEV-SNP FW ABI specifications.

v4:
 - Move storing of jump table address after relevant comment rather
   than before it. (Tom)

v3:
 - Break up single patch into a set of patches containing the specific
   changes for each package. (Ray)

v2:
 - Update Secrets OS area to match latest GHCB 2.01 spec (Tom)
 - Move Secrets header file into ./Register/AMD subdirectory (Tom)
 - Fix CI EccCheck due to assignment in variable declaration

----------------------------------------------------------------
Michael Roth (4):
      MdePkg: Add header for SEV-SNP secrets page struct
      MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page
      OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase
      UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page

 MdePkg/Include/Register/Amd/SnpSecretsPage.h  | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 MdePkg/MdePkg.dec                             |  4 ++++
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |  3 +++
 OvmfPkg/CloudHv/CloudHvX64.dsc                |  3 +++
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  3 +++
 OvmfPkg/Microvm/MicrovmX64.dsc                |  3 +++
 OvmfPkg/OvmfPkgIa32.dsc                       |  3 +++
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  3 +++
 OvmfPkg/OvmfPkgX64.dsc                        |  3 +++
 OvmfPkg/PlatformPei/AmdSev.c                  |  5 +++++
 OvmfPkg/PlatformPei/PlatformPei.inf           |  1 +
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       | 10 ++++++++++
 13 files changed, 98 insertions(+)
 create mode 100644 MdePkg/Include/Register/Amd/SnpSecretsPage.h



^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH v4 1/4] MdePkg: Add header for SEV-SNP secrets page struct
  2022-12-21 15:50 [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
@ 2022-12-21 15:50 ` Roth, Michael
  2022-12-21 15:50 ` [PATCH v4 2/4] MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page Roth, Michael
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 7+ messages in thread
From: Roth, Michael @ 2022-12-21 15:50 UTC (permalink / raw)
  To: devel; +Cc: Tom Lendacky, ray.ni

This will be needed so that the AP Jump Table address can be stored for
use by the operating system later, and possibly for other things in the
future.

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 MdePkg/Include/Register/Amd/SnpSecretsPage.h | 56 ++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 MdePkg/Include/Register/Amd/SnpSecretsPage.h

diff --git a/MdePkg/Include/Register/Amd/SnpSecretsPage.h b/MdePkg/Include/Register/Amd/SnpSecretsPage.h
new file mode 100644
index 0000000000..3188459150
--- /dev/null
+++ b/MdePkg/Include/Register/Amd/SnpSecretsPage.h
@@ -0,0 +1,56 @@
+/** @file
+Definitions for AMD SEV-SNP Secrets Page
+
+Copyright (c) 2022 AMD Inc. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef SNP_SECRETS_PAGE_H_
+#define SNP_SECRETS_PAGE_H_
+
+//
+// OS-defined area of secrets page
+//
+// As defined by "SEV-ES Guest-Hypervisor Communication Block Standardization",
+// revision 2.01, section 2.7, "SEV-SNP Secrets Page".
+//
+typedef PACKED struct _SNP_SECRETS_OS_AREA {
+  UINT32    Vmpl0MsgSeqNumLo;
+  UINT32    Vmpl1MsgSeqNumLo;
+  UINT32    Vmpl2MsgSeqNumLo;
+  UINT32    Vmpl3MsgSeqNumLo;
+  UINT64    ApJumpTablePa;
+  UINT32    Vmpl0MsgSeqNumHi;
+  UINT32    Vmpl1MsgSeqNumHi;
+  UINT32    Vmpl2MsgSeqNumHi;
+  UINT32    Vmpl3MsgSeqNumHi;
+  UINT8     Reserved2[22];
+  UINT16    Version;
+  UINT8     GuestUsage[32];
+} SNP_SECRETS_OS_AREA;
+
+#define VMPCK_KEY_LEN  32
+
+//
+// SEV-SNP Secrets page
+//
+// As defined by "SEV-SNP Firmware ABI", revision 1.51, section 8.17.2.5,
+// "PAGE_TYPE_SECRETS".
+//
+typedef PACKED struct _SNP_SECRETS_PAGE {
+  UINT32                 Version;
+  UINT32                 ImiEn    : 1,
+                         Reserved : 31;
+  UINT32                 Fms;
+  UINT32                 Reserved2;
+  UINT8                  Gosvw[16];
+  UINT8                  Vmpck0[VMPCK_KEY_LEN];
+  UINT8                  Vmpck1[VMPCK_KEY_LEN];
+  UINT8                  Vmpck2[VMPCK_KEY_LEN];
+  UINT8                  Vmpck3[VMPCK_KEY_LEN];
+  SNP_SECRETS_OS_AREA    OsArea;
+  UINT8                  Reserved3[3840];
+} SNP_SECRETS_PAGE;
+
+#endif
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH v4 2/4] MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page
  2022-12-21 15:50 [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
  2022-12-21 15:50 ` [PATCH v4 1/4] MdePkg: Add header for SEV-SNP secrets page struct Roth, Michael
@ 2022-12-21 15:50 ` Roth, Michael
  2022-12-21 15:50 ` [PATCH v4 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase Roth, Michael
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 7+ messages in thread
From: Roth, Michael @ 2022-12-21 15:50 UTC (permalink / raw)
  To: devel; +Cc: Tom Lendacky, ray.ni

OvmfPkg will initially use this to hand off the secrets page address to
UefiCpuPkg, which will need this PCD to access the SEV-SNP secrets page
address. Define this as an MdePkg PCD so it can be accessed by other
packages alongside the secrets page struct defined in MdePkg/Include.

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 MdePkg/MdePkg.dec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index e49b2d5b5f..a233a318ba 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -2429,5 +2429,9 @@
   # @Prompt Memory encryption attribute
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0|UINT64|0x0000002e
 
+  ## This dynamic PCD indicates the location of the SEV-SNP secrets page.
+  # @Prompt SEV-SNP secrets page address
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0|UINT64|0x0000002f
+
 [UserExtensions.TianoCore."ExtraFiles"]
   MdePkgExtra.uni
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH v4 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase
  2022-12-21 15:50 [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
  2022-12-21 15:50 ` [PATCH v4 1/4] MdePkg: Add header for SEV-SNP secrets page struct Roth, Michael
  2022-12-21 15:50 ` [PATCH v4 2/4] MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page Roth, Michael
@ 2022-12-21 15:50 ` Roth, Michael
  2023-01-06  9:19   ` [edk2-devel] " Yao, Jiewen
  2022-12-21 15:50 ` [PATCH v4 4/4] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page Roth, Michael
  2022-12-21 17:34 ` [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
  4 siblings, 1 reply; 7+ messages in thread
From: Roth, Michael @ 2022-12-21 15:50 UTC (permalink / raw)
  To: devel; +Cc: Tom Lendacky, ray.ni

This needs to be set so that UefiCpuPkg can locate the SEV-SNP secrets
page later to set the AP Jump Table address.

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc        | 3 +++
 OvmfPkg/CloudHv/CloudHvX64.dsc      | 3 +++
 OvmfPkg/IntelTdx/IntelTdxX64.dsc    | 3 +++
 OvmfPkg/Microvm/MicrovmX64.dsc      | 3 +++
 OvmfPkg/OvmfPkgIa32.dsc             | 3 +++
 OvmfPkg/OvmfPkgIa32X64.dsc          | 3 +++
 OvmfPkg/OvmfPkgX64.dsc              | 3 +++
 OvmfPkg/PlatformPei/AmdSev.c        | 5 +++++
 OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
 9 files changed, 27 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index bb91e8c734..6c3b78d424 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -528,6 +528,9 @@
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
 
+  # Set SEV-SNP Secrets page address default
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
+
 !include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
 
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 4d7107fd19..2cc73981b2 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -640,6 +640,9 @@
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
 
+  # Set SEV-SNP Secrets page address default
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
+
 [PcdsDynamicHii]
 !include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc
 
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index ea538fd783..b264eb9fc3 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -527,6 +527,9 @@
 
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 
+  # Set SEV-SNP Secrets page address default
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
+
 ################################################################################
 #
 # Components Section - list of all EDK II Modules needed by this Platform.
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 285ba50671..b2eaa11a85 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -644,6 +644,9 @@
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
 
+  # Set SEV-SNP Secrets page address default
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
+
 ################################################################################
 #
 # Components Section - list of all EDK II Modules needed by this Platform.
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index dcf46d207d..2e04a3f8b1 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -666,6 +666,9 @@
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
 
+  # Set SEV-SNP Secrets page address default
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
+
 !if $(CSM_ENABLE) == FALSE
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d0746cb72b..4ebf2aff34 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -675,6 +675,9 @@
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
 
+  # Set SEV-SNP Secrets page address default
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
+
 !if $(CSM_ENABLE) == FALSE
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 !endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 2caa4d2ecc..6f8f368977 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -703,6 +703,9 @@
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
 
+  # Set SEV-SNP Secrets page address default
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
+
 !if $(CSM_ENABLE) == FALSE
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 !endif
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index e4e7b72e67..fa88c9ebd8 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -422,6 +422,11 @@ AmdSevInitialize (
   //
   if (MemEncryptSevSnpIsEnabled ()) {
     PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSevSnp);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (
+                  PcdSevSnpSecretsAddress,
+                  (UINT64)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase)
+                  );
   } else if (MemEncryptSevEsIsEnabled ()) {
     PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSevEs);
   } else {
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 1fadadeb55..851af81248 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -115,6 +115,7 @@
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
   gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress
 
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH v4 4/4] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page
  2022-12-21 15:50 [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
                   ` (2 preceding siblings ...)
  2022-12-21 15:50 ` [PATCH v4 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase Roth, Michael
@ 2022-12-21 15:50 ` Roth, Michael
  2022-12-21 17:34 ` [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
  4 siblings, 0 replies; 7+ messages in thread
From: Roth, Michael @ 2022-12-21 15:50 UTC (permalink / raw)
  To: devel; +Cc: Tom Lendacky, ray.ni

A full-featured SEV-SNP guest will not rely on the AP jump table, and
will instead use the AP Creation interface defined by the GHCB. However,
a guest is still allowed to use the AP jump table if desired.

However, unlike with SEV-ES guests, SEV-SNP guests should not
store/retrieve the jump table address via GHCB requests to the
hypervisor, they should instead store/retrieve it via the SEV-SNP
secrets page. Implement the store side of this for OVMF.

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 8c8b81d933..0c36538d59 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -85,3 +85,4 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                      ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                           ## CONSUMES
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr           ## CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress                     ## CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
index beab06a5b1..8edc612772 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -15,6 +15,7 @@
 #include <Library/CcExitLib.h>
 #include <Register/Amd/Fam17Msr.h>
 #include <Register/Amd/Ghcb.h>
+#include <Register/Amd/SnpSecretsPage.h>
 
 #include <Protocol/Timer.h>
 
@@ -217,6 +218,15 @@ GetSevEsAPMemory (
 
   DEBUG ((DEBUG_INFO, "Dxe: SevEsAPMemory = %lx\n", (UINTN)StartAddress));
 
+  if (ConfidentialComputingGuestHas (CCAttrAmdSevSnp)) {
+    SNP_SECRETS_PAGE  *Secrets;
+
+    Secrets                       = (SNP_SECRETS_PAGE *)(INTN)PcdGet64 (PcdSevSnpSecretsAddress);
+    Secrets->OsArea.ApJumpTablePa = (UINT64)(UINTN)StartAddress;
+
+    return (UINTN)StartAddress;
+  }
+
   //
   // Save the SevEsAPMemory as the AP jump table.
   //
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP
  2022-12-21 15:50 [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
                   ` (3 preceding siblings ...)
  2022-12-21 15:50 ` [PATCH v4 4/4] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page Roth, Michael
@ 2022-12-21 17:34 ` Roth, Michael
  4 siblings, 0 replies; 7+ messages in thread
From: Roth, Michael @ 2022-12-21 17:34 UTC (permalink / raw)
  To: devel
  Cc: Tom Lendacky, ray.ni, Michael D Kinney, Liming Gao, Zhiguang Liu,
	Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann, Eric Dong, Rahul Kumar

On Wed, Dec 21, 2022 at 09:50:43AM -0600, Michael Roth wrote:
> A full-featured SEV-SNP guest will not rely on the AP jump table, and
> will instead use the AP Creation interface defined by the GHCB. However,
> a guest is still allowed to use the AP jump table if desired.
> 
> However, unlike with SEV-ES guests, SEV-SNP guests should not
> store/retrieve the jump table address via GHCB requests to the
> hypervisor, they should instead store/retrieve it via the SEV-SNP
> secrets page.
> 
> This series implements the store side of this for OVMF by introducing a
> PCD that can be used to pass the SEV-SNP secrets page address to
> UefiCpuPkg, where the jump table address is allocated. It also
> introduces a struct that defines the SEV-SNP secrets page format
> according to the GHCB v2.01 and SEV-SNP FW ABI specifications.
> 
> v4:
>  - Move storing of jump table address after relevant comment rather
>    than before it. (Tom)
> 
> v3:
>  - Break up single patch into a set of patches containing the specific
>    changes for each package. (Ray)
> 
> v2:
>  - Update Secrets OS area to match latest GHCB 2.01 spec (Tom)
>  - Move Secrets header file into ./Register/AMD subdirectory (Tom)
>  - Fix CI EccCheck due to assignment in variable declaration
> 
> ----------------------------------------------------------------
> Michael Roth (4):
>       MdePkg: Add header for SEV-SNP secrets page struct
>       MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page
>       OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase
>       UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page

Adding some Cc's from Maintainers.txt that I should have included originally:

Patch 1/2:
  Michael D Kinney <michael.d.kinney@intel.com>
  Liming Gao <gaoliming@byosoft.com.cn>
  Zhiguang Liu <zhiguang.liu@intel.com>

Patch 3:
  Ard Biesheuvel <ardb+tianocore@kernel.org>
  Jiewen Yao <jiewen.yao@intel.com>
  Gerd Hoffmann <kraxel@redhat.com>

Patch 4:
  Eric Dong <eric.dong@intel.com>
  Rahul Kumar <rahul1.kumar@intel.com>

Thanks,

Mike

> 
>  MdePkg/Include/Register/Amd/SnpSecretsPage.h  | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  MdePkg/MdePkg.dec                             |  4 ++++
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |  3 +++
>  OvmfPkg/CloudHv/CloudHvX64.dsc                |  3 +++
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  3 +++
>  OvmfPkg/Microvm/MicrovmX64.dsc                |  3 +++
>  OvmfPkg/OvmfPkgIa32.dsc                       |  3 +++
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |  3 +++
>  OvmfPkg/OvmfPkgX64.dsc                        |  3 +++
>  OvmfPkg/PlatformPei/AmdSev.c                  |  5 +++++
>  OvmfPkg/PlatformPei/PlatformPei.inf           |  1 +
>  UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
>  UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       | 10 ++++++++++
>  13 files changed, 98 insertions(+)
>  create mode 100644 MdePkg/Include/Register/Amd/SnpSecretsPage.h
> 
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [edk2-devel] [PATCH v4 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase
  2022-12-21 15:50 ` [PATCH v4 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase Roth, Michael
@ 2023-01-06  9:19   ` Yao, Jiewen
  0 siblings, 0 replies; 7+ messages in thread
From: Yao, Jiewen @ 2023-01-06  9:19 UTC (permalink / raw)
  To: devel@edk2.groups.io, Michael.Roth@amd.com; +Cc: Tom Lendacky, Ni, Ray

Acked-by: Jiewen Yao <jiewen.yao@intel.com>

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Roth,
> Michael via groups.io
> Sent: Wednesday, December 21, 2022 11:51 PM
> To: devel@edk2.groups.io
> Cc: Tom Lendacky <thomas.lendacky@amd.com>; Ni, Ray <ray.ni@intel.com>
> Subject: [edk2-devel] [PATCH v4 3/4] OvmfPkg: Initialize the
> PcdSevSnpSecretsAddress PCD during PEI phase
> 
> This needs to be set so that UefiCpuPkg can locate the SEV-SNP secrets
> page later to set the AP Jump Table address.
> 
> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
>  OvmfPkg/AmdSev/AmdSevX64.dsc        | 3 +++
>  OvmfPkg/CloudHv/CloudHvX64.dsc      | 3 +++
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc    | 3 +++
>  OvmfPkg/Microvm/MicrovmX64.dsc      | 3 +++
>  OvmfPkg/OvmfPkgIa32.dsc             | 3 +++
>  OvmfPkg/OvmfPkgIa32X64.dsc          | 3 +++
>  OvmfPkg/OvmfPkgX64.dsc              | 3 +++
>  OvmfPkg/PlatformPei/AmdSev.c        | 5 +++++
>  OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
>  9 files changed, 27 insertions(+)
> 
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc
> b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index bb91e8c734..6c3b78d424 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -528,6 +528,9 @@
>    # Set ConfidentialComputing defaults
> 
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
> 
> 
> 
> +  # Set SEV-SNP Secrets page address default
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
> 
> +
> 
>  !include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
> 
> 
> 
>    gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
> 
> diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc
> b/OvmfPkg/CloudHv/CloudHvX64.dsc
> index 4d7107fd19..2cc73981b2 100644
> --- a/OvmfPkg/CloudHv/CloudHvX64.dsc
> +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
> @@ -640,6 +640,9 @@
>    # Set ConfidentialComputing defaults
> 
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
> 
> 
> 
> +  # Set SEV-SNP Secrets page address default
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
> 
> +
> 
>  [PcdsDynamicHii]
> 
>  !include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc
> 
> 
> 
> diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> index ea538fd783..b264eb9fc3 100644
> --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> @@ -527,6 +527,9 @@
> 
> 
>    gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
> 
> 
> 
> +  # Set SEV-SNP Secrets page address default
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
> 
> +
> 
> 
> ################################################################
> ################
> 
>  #
> 
>  # Components Section - list of all EDK II Modules needed by this Platform.
> 
> diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc
> b/OvmfPkg/Microvm/MicrovmX64.dsc
> index 285ba50671..b2eaa11a85 100644
> --- a/OvmfPkg/Microvm/MicrovmX64.dsc
> +++ b/OvmfPkg/Microvm/MicrovmX64.dsc
> @@ -644,6 +644,9 @@
>    # Set ConfidentialComputing defaults
> 
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
> 
> 
> 
> +  # Set SEV-SNP Secrets page address default
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
> 
> +
> 
> 
> ################################################################
> ################
> 
>  #
> 
>  # Components Section - list of all EDK II Modules needed by this Platform.
> 
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index dcf46d207d..2e04a3f8b1 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -666,6 +666,9 @@
>    # Set ConfidentialComputing defaults
> 
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
> 
> 
> 
> +  # Set SEV-SNP Secrets page address default
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
> 
> +
> 
>  !if $(CSM_ENABLE) == FALSE
> 
>    gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
> 
>  !endif
> 
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index d0746cb72b..4ebf2aff34 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -675,6 +675,9 @@
>    # Set ConfidentialComputing defaults
> 
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
> 
> 
> 
> +  # Set SEV-SNP Secrets page address default
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
> 
> +
> 
>  !if $(CSM_ENABLE) == FALSE
> 
>    gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
> 
>  !endif
> 
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 2caa4d2ecc..6f8f368977 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -703,6 +703,9 @@
>    # Set ConfidentialComputing defaults
> 
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
> 
> 
> 
> +  # Set SEV-SNP Secrets page address default
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0
> 
> +
> 
>  !if $(CSM_ENABLE) == FALSE
> 
>    gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
> 
>  !endif
> 
> diff --git a/OvmfPkg/PlatformPei/AmdSev.c
> b/OvmfPkg/PlatformPei/AmdSev.c
> index e4e7b72e67..fa88c9ebd8 100644
> --- a/OvmfPkg/PlatformPei/AmdSev.c
> +++ b/OvmfPkg/PlatformPei/AmdSev.c
> @@ -422,6 +422,11 @@ AmdSevInitialize (
>    //
> 
>    if (MemEncryptSevSnpIsEnabled ()) {
> 
>      PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr,
> CCAttrAmdSevSnp);
> 
> +    ASSERT_RETURN_ERROR (PcdStatus);
> 
> +    PcdStatus = PcdSet64S (
> 
> +                  PcdSevSnpSecretsAddress,
> 
> +                  (UINT64)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase)
> 
> +                  );
> 
>    } else if (MemEncryptSevEsIsEnabled ()) {
> 
>      PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr,
> CCAttrAmdSevEs);
> 
>    } else {
> 
> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
> b/OvmfPkg/PlatformPei/PlatformPei.inf
> index 1fadadeb55..851af81248 100644
> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
> @@ -115,6 +115,7 @@
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> 
>    gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures
> 
>    gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
> 
> +  gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress
> 
> 
> 
>  [FixedPcd]
> 
>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
> 
> --
> 2.25.1
> 
> 
> 
> 
> 


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2023-01-06  9:19 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-21 15:50 [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael
2022-12-21 15:50 ` [PATCH v4 1/4] MdePkg: Add header for SEV-SNP secrets page struct Roth, Michael
2022-12-21 15:50 ` [PATCH v4 2/4] MdePkg: Add PcdSevSnpSecretsAddress to export SEV-SNP secrets page Roth, Michael
2022-12-21 15:50 ` [PATCH v4 3/4] OvmfPkg: Initialize the PcdSevSnpSecretsAddress PCD during PEI phase Roth, Michael
2023-01-06  9:19   ` [edk2-devel] " Yao, Jiewen
2022-12-21 15:50 ` [PATCH v4 4/4] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page Roth, Michael
2022-12-21 17:34 ` [PATCH v4 0/4] Fix AP Jump Table Handling for SEV-SNP Roth, Michael

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox