From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 927AED80591 for ; Fri, 9 Feb 2024 08:12:38 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=rqDyS/KZYLvK1e1n84ffRTM267aT2FintwgxM2Wv4nM=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1707466357; v=1; b=RPmqV42Zg1HWqTlv3S7OEmjT9nGXrBiRM4/JP63G/mPr9JRbJ7ATMvv/mfhMf5y/7YtncfN5 c30I2mLA4OZzp8p7NdLrx9yVJYd9hrca575SaUMuYcl253VX4S9KlTBYX4vIgOQSEoWc13PWzjt js/qmOh093gGVayTWASUDreM= X-Received: by 127.0.0.2 with SMTP id 6iNZYY7687511x9IOX6fBoAY; Fri, 09 Feb 2024 00:12:37 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) by mx.groups.io with SMTP id smtpd.web10.7075.1707466356414588371 for ; Fri, 09 Feb 2024 00:12:36 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10978"; a="5181991" X-IronPort-AV: E=Sophos;i="6.05,256,1701158400"; d="scan'208";a="5181991" X-Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Feb 2024 00:11:15 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,256,1701158400"; d="scan'208";a="1863367" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmviesa010.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 09 Feb 2024 00:11:14 -0800 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 9 Feb 2024 00:11:13 -0800 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Fri, 9 Feb 2024 00:11:13 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Fri, 9 Feb 2024 00:11:13 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GBuYWuL/hPfu0KrQ9fiLMWkf6MjfUKnM8Mxp8ycVWT0biEaak54HCzqd4PbgqeMTeVLlJwGIM5L2qAB0PYxT2hDL38lcHcHM++kwH/QKFXbXpKmlHnpietxlfJCYSK4ZShvBbOjxrf7uW5r/93cgvRjN8ruN6exW3PINXwLZFysym+Zi8JYCmSIsJP56aCG+X+1iCRuFfMJBKg6ZGqH90ylV+R1guiFGWSHswP41oo90BAoIF/OOvmzcG1+YPmEOmZVWjExvTquw1cbLGmvRKczutATs9qieBnekbxUmyV6XsutYc91XYBVjAbu41GaVF4jT4NdYN2b00hoWAhC+zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j1xM97CSIt6g5EB10IdiqhFTc5cwX7encroc4lGPC/I=; b=lSYSFASvAf0T5oQwvJAKE5P1LdBfvzYgHBLHzugT081J+gqIwvF06FWWhO8x8fEXuOnp5dujwW4bWiWi/RDuT2NbiZ6cAPmkGN6Td0owsqGizigvG3XDdL/3ihbZWTkZS3Yhs1knxYuTE1lOpENJpGv5BsKab7Yk96TrxvtSc54SAJz/jQ4QeDMKhR/gwxIr/RylMpGoeD2cutIJP3DxZHfr3N1NH7HI7/CIA5ivi7LfmfV/JKq0vv96pEaOUY18bVlyYhQ+fk/JXB45lmQW0u7i9rgBP/DmTe8RcsTv6CCulk4YwagnCex0qoR+wGh6+wCeH9vptPYCdMucXX7UhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by CH3PR11MB8519.namprd11.prod.outlook.com (2603:10b6:610:1ba::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.45; Fri, 9 Feb 2024 08:11:11 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::92a7:f6a2:9262:d150]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::92a7:f6a2:9262:d150%3]) with mapi id 15.20.7249.037; Fri, 9 Feb 2024 08:11:11 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" , Tom Lendacky CC: Ard Biesheuvel , "Aktas, Erdem" , Gerd Hoffmann , Laszlo Ersek , Liming Gao , "Kinney, Michael D" , "Xu, Min M" , "Liu, Zhiguang" , "Kumar, Rahul R" , "Ni, Ray" , Michael Roth Subject: Re: [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM Thread-Topic: [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM Thread-Index: AQHaUKTuVxCr7P66EEKoUxO1u8ud3rDtCaUAgADnKICAAKzYUIATHE4g Date: Fri, 9 Feb 2024 08:11:10 +0000 Message-ID: References: <0fa719f4-bdeb-ec82-1fe5-8e3254b6f3ee@amd.com> <17AE677D909D4A42.23935@groups.io> In-Reply-To: <17AE677D909D4A42.23935@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|CH3PR11MB8519:EE_ x-ms-office365-filtering-correlation-id: 8f1eda83-a3df-4915-72fb-08dc2946ad1c x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: L9kfGMEVhQ21oLmpYZFuCNpL/TnpYqbpowoRbwDi2MIOXYtj0UQQNoYM75x08MYQKi3koyoiQiEdnQFgqdwYZftufjBNC79wxR+Xh0b6xeblFOkexEfDSB/ww1eLvCi+WavR2BHAhQlLHIKUHVIFRzr0BckaQv1dHWYFo926dWcfVDEXC1wE68SGzQ3r+OHvu3JzCcfCVm2Dk4Q6tXLCbCjwjhDKhf9H/niEKwEIM8bQgvdBZm8xapWptQlqVkUvf5p8/3syDEP0BGfftUjKunQqGw7Hq0sc1pNeNwlWmAYvvmfnV3msreD7KbxgFumGDdP2JdATNrxliqUGB1mXMFOTZ6mhENQzum2gAYFcyHkJ7+KAGd4BKOp/2njk+U5n8JqmAvh8H7EAM83+fHJDyp6pDYsFv+QrgTzDWWVtoMTobiY8RWbOFz8UVNh1bbCAPiXM72uZgWkTw1zpCqKfRQEPw61UfGUmWQmbo+8Y/GNjEv6zg3raSSWAPuPdwE3kZ8IPk53TTpCEf1oofHOwvnpuW8hn4DiYqAhsTEYby6RwdTn8Go+05hICAC6cB0u9QCj/Zgk5Ry7FruJ0Poblia31KYPaDQSOo7VrqjLXpEWSS3hGJV6H1Ov7MwAWJzQiUZLy/kqsjJ4CzQ/coA4Gsg== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?bXny1EbUsCNGjaCgcyH6jlfTCqgSdCnJmyR+X2wFUq9RDnZ0FTlXROcdzOs7?= =?us-ascii?Q?iyXOWW76PXuJIOOFGNyE2gdwram3Z6xtyWLkhXAYWp2qgwxeEnL5O6Unfh1G?= =?us-ascii?Q?riSHt5XZM/xtLcr8PZWaGATc/8LScLBuvwzn6OL9wGNcWYnqLLbhK86XvvV2?= =?us-ascii?Q?DKIw5xboDPI3xfKle3VRjcrOl1Ob4SCvVnpzmG7Wi2LYK9ftuAW6GM7iG0KC?= =?us-ascii?Q?XtSpYILtJEnMCmmKTsTqPbcrzMJnuSfBHOz1MQoon4zxkyQgfMECyOBJgn9u?= =?us-ascii?Q?mUtdPzUwGSUePXAcW97d7GxStG14Oc7Zmix69f3gCANjnlJCaTtICE6ZyS5+?= =?us-ascii?Q?OnhqfAPI/lFs/mGUK45O349rxwthP2cWbh+gpmg72zo6OcSv6Pp0Z+lYT7eK?= =?us-ascii?Q?HBaMlxeBdZczMohF4eVO4Cb+QRN26QvSXM9nPTB5VBJWopFuyRGkdbgl1HLI?= =?us-ascii?Q?BN2+7UWUO2nqOrEkaQbvrReHagCgwE6gDIac9Syc9hFyIwqNoQOkV+hKqzHa?= =?us-ascii?Q?o/+YTAx4NUQth0P83Vifv5HyVdjTFW1MoqgBIfw4+lsyqbjO6LT914FxRqEK?= =?us-ascii?Q?PswNzg0oZJTD+qGHSSI2HSUyvsfMZyVnry5Y144uPvW5WoV/sw75CSmLGmrg?= =?us-ascii?Q?ZoqESAKdWuA45EXlPrwxY/dGEXWjgNGAIxn0SWvJLoh7aPvIhHmGF5sRRUFY?= =?us-ascii?Q?5qWpm3qnL4fwjn+ViLH/lVl+O3S8Ql6BGgkPhc9Wi5tBYvpIBsPXFk7WuZ2Y?= =?us-ascii?Q?uomKWbAotrxm/1kRofLwAmGT6nc05cRYgiO8TSOVseLm3xae9TIDoCb8lnbg?= =?us-ascii?Q?ud9nUczggnLlrTCqZFK+w/mJvvD76hqMDQUWmd94nQPmRL6sZjaTl8DZJQHh?= =?us-ascii?Q?nw2b45ajmovd6Kx4QIxS3zkNr6vZ62yeQF/MugIiNgN7bWiGUjDxgysix0Pn?= =?us-ascii?Q?en7+HVY0QZEGslgTR1koU/ZGg7Wfuw5/TWMBuC6jfecK6fH18XHdbsiLo3f7?= =?us-ascii?Q?By0rxfhVPJmX2kMfe8m+aeDSHKWM4F0YfljGc6zewqMd5e3lKRzfQ7jhKkq6?= =?us-ascii?Q?QhOuKE3oiLahAuhI4EksxkEMZyfVeO6hwWsQlkVSyVHPnfyHlkrPkvQqkTrZ?= =?us-ascii?Q?D6vVy5/DedUgNYopwPooKgPsCIFp5OneX68rAE3bAU6TZeFdPrJrmssfsUYv?= =?us-ascii?Q?bvRa71hiYVA/JuuvSJcL2H9KWL2mbYpv6qL8La7ZBxvaVse8i/thSINuR0ud?= =?us-ascii?Q?MlUYrC6vnSSqVqaHrXDZRBU/urQ2VbAQ84u7tGYz45jPNJrjeRY2+Ccs7TDK?= =?us-ascii?Q?j11vTug/KNH8pJnaoyjJnDwYzlFfh+oxeA+wdQIphHflXfrCrz7sq9Lxs/5p?= =?us-ascii?Q?A0Jj7RxgLkOF9eHi0EUfnySRrffoVWibhtB85eaF5CEDEGwiQ3mU/UVmV24H?= =?us-ascii?Q?Kmw6R8ENbpwNEcZa+yOzDLRNML+Ym6pHMIacEtgUS5DkqcRWmt9G9wtkMYTH?= =?us-ascii?Q?nkj9Mle4QpY19z1Ol5tLWuBUPWCOy2uCgMnZgyCK0S15ILwsBdAbgGchRxhK?= =?us-ascii?Q?YuvhlUuirKk234REQN6zmXBKMQHDsEshldmHYdda?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8f1eda83-a3df-4915-72fb-08dc2946ad1c X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2024 08:11:10.8172 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: T1FJ585oTGv/7ANf3vYi6z4ri8MiT7gJ5fbs6nslkD0jhMrtknFgOrVBuJCh0NbJi+vfS1vhQ6iNzlTKXmSNAw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8519 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: rms8Vv6oyXZUQ5jlOumTlIlrx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=RPmqV42Z; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Some initial feedback: Patch 1 - OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change suppo= rt Please split MdePkg update, since it requires different reviewer. Patch 4 - UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an = SVSM I am not sure why we need to expose SVSM API in CcExitLib. Why the Exceptio= n handle need to aware of SVSM? If other library need SVSM API, then why not create a SvsmLib? Patch 11 - UefiCpuPkg: Create APIC ID list PCD Why use PCD? Why not use HOB? Thank you Yao, Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiewe= n > Sent: Sunday, January 28, 2024 12:11 PM > To: Tom Lendacky ; devel@edk2.groups.io > Cc: Ard Biesheuvel ; Aktas, Erdem > ; Gerd Hoffmann ; Laszlo Ersek > ; Liming Gao ; Kinney, Micha= el > D ; Xu, Min M ; Liu, > Zhiguang ; Kumar, Rahul R ; > Ni, Ray ; Michael Roth > Subject: Re: [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for runni= ng > under an SVSM >=20 > Thanks Tom. Below is exactly what I am looking for: > "the decision to use the SVSM API will be based on the VMPL level at whic= h > OVMF is running." >=20 > OVMF needs to detect SEV-SNP, then make next level decision on VMPL. > Makes sense to me. >=20 > Thank you > Yao, Jiewen >=20 > > -----Original Message----- > > From: Tom Lendacky > > Sent: Sunday, January 28, 2024 1:49 AM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Ard Biesheuvel ; Aktas, Erdem > > ; Gerd Hoffmann ; Laszlo > Ersek > > ; Liming Gao ; Kinney, > Michael > > D ; Xu, Min M ; Liu, > > Zhiguang ; Kumar, Rahul R > ; > > Ni, Ray ; Michael Roth > > Subject: Re: [PATCH 00/16] Provide SEV-SNP support for running under an= SVSM > > > > On 1/26/24 22:04, Yao, Jiewen wrote: > > > Thanks Tom. > > > Please give me some time to digest this patch set before I can give s= ome > > feedback. > > > > > > One quick question to you: > > > With this patch, we need to support multiple SEV modes: > > > 1. SEV guest firmware > > > 2. SEV-ES guest firmware > > > 3. SEV-SNP guest firmware > > > 4. SEV-SNP SVSM guest firmware > > > > This last mode is still an SNP guest, it just requires invoking an API = to > > perform operations that require VMPL0 permissions. I'm not sure what yo= u > > mean by having firmware at the end of each mode. The same firmware is u= sed > > for all SEV guest modes as well as non-SEV guests. > > > > > And all these mode requires runtime detection. Am I right? > > > > Yes > > > > > If so, where is the flag to set those mode? > > > > There are function calls available to detect the SEV mode. See the > > implementation of MemEncryptSevIsEnabled(), MemEncryptSevEsIsEnabled() > and > > MemEncryptSevSnpIsEnabled(). > > > > OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c > > OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > > OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c > > > > (OvmfPkg/Sec/AmdSev.c also has some early detection support) > > > > Note: > > - An SEV-SNP guest is also considered an SEV-ES and SEV guest. > > - An SEV-ES guest is also considered an SEV guest. > > > > Within the CcExitLib library, the decision to use the SVSM API will be > > based on the VMPL level at which OVMF is running. > > > > Thanks, > > Tom > > > > > > > > Please correct me if my understanding is wrong. > > > > > > Thank you > > > Yao, Jiewen > > > > > >> -----Original Message----- > > >> From: Tom Lendacky > > >> Sent: Saturday, January 27, 2024 6:13 AM > > >> To: devel@edk2.groups.io > > >> Cc: Ard Biesheuvel ; Aktas, Erdem > > >> ; Gerd Hoffmann ; Yao, > > Jiewen > > >> ; Laszlo Ersek ; Liming Gao > > >> ; Kinney, Michael D > > ; > > >> Xu, Min M ; Liu, Zhiguang ; > > >> Kumar, Rahul R ; Ni, Ray = ; > > Michael > > >> Roth > > >> Subject: [PATCH 00/16] Provide SEV-SNP support for running under an = SVSM > > >> > > >> > > >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 > > >> > > >> This series adds SEV-SNP support for running OVMF under an Secure VM > > >> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL)= . > > >> By running at a less priviledged VMPL, the SVSM can be used to provi= de > > >> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP > > >> confidential VM (CVM) rather than trust such services from the hyper= visor. > > >> > > >> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there= are > > >> certain SNP related operations that require that VMPL level. Specifi= cally, > > >> the PVALIDATE instruction and the RMPADJUST instruction when setting= the > > >> the VMSA attribute of a page (used when starting APs). > > >> > > >> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it mus= t > > >> use an SVSM (which is running at VMPL0) to perform the operations th= at > > >> it is no longer able to perform. > > >> > > >> How OVMF interacts with and uses the SVSM is documented in the SVSM > > >> specification [1] and the GHCB specification [2]. > > >> > > >> This series introduces support to run OVMF under an SVSM. It consist= s > > >> of: > > >> - Reorganize the page state change support to not directly use th= e > > >> GHCB buffer since an SVSM will use the calling area buffer, ins= tead > > >> - Detecting the presence of an SVSM > > >> - When not running at VMPL0, invoking the SVSM for page validatio= n and > > >> VMSA page creation/deletion > > >> - Retrieving the list of vCPU APIC IDs and starting up all APs wi= thout > > >> performing a broadcast SIPI > > >> - Detecting and allowing OVMF to run in a VMPL other than 0 when = an > > >> SVSM is present > > >> > > >> The series is based off of commit: > > >> > > >> 7d7decfa3dc8 ("UefiPayloadPkg/Crypto: Support external Crypto dri= vers.") > > >> > > >> [1] https://www.amd.com/content/dam/amd/en/documents/epyc- > technical- > > >> docs/specifications/58019.pdf > > >> [2] https://www.amd.com/content/dam/amd/en/documents/epyc- > technical- > > >> docs/specifications/56421.pdf > > >> > > >> --- > > >> > > >> Tom Lendacky (16): > > >> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change suppo= rt > > >> MdePkg/Register/Amd: Define the SVSM related information > > >> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM > > >> UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an = SVSM > > >> Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related servic= es > > >> OvmfPkg: Create a calling area used to communicate with the SVSM > > >> OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call > > >> OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU ca= lls > > >> UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear V= MSA > > >> MdePkg: GHCB APIC ID retrieval support definitions > > >> UefiCpuPkg: Create APIC ID list PCD > > >> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor > > >> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is= set > > >> UefiCpuPkg/MpInitLib: AP creation support under an SVSM > > >> Ovmfpkg/CcExitLib: Provide SVSM discovery support > > >> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not > at > > >> VMPL0 > > >> > > >> OvmfPkg/OvmfPkg.dec = | 4 + > > >> UefiCpuPkg/UefiCpuPkg.dec = | 7 +- > > >> OvmfPkg/AmdSev/AmdSevX64.fdf = | 9 +- > > >> OvmfPkg/OvmfPkgX64.fdf = | 3 + > > >> MdePkg/Library/BaseLib/BaseLib.inf = | 2 + > > >> OvmfPkg/Library/CcExitLib/CcExitLib.inf = | 5 +- > > >> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf = | 5 +- > > >> OvmfPkg/PlatformPei/PlatformPei.inf = | 3 + > > >> OvmfPkg/ResetVector/ResetVector.inf = | 2 + > > >> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf = | 1 + > > >> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf = | 3 +- > > >> MdePkg/Include/Library/BaseLib.h = | 39 ++ > > >> MdePkg/Include/Register/Amd/Fam17Msr.h = | 19 +- > > >> MdePkg/Include/Register/Amd/Ghcb.h = | 19 +- > > >> MdePkg/Include/Register/Amd/Msr.h = | 3 +- > > >> MdePkg/Include/Register/Amd/Svsm.h = | 101 ++++ > > >> MdePkg/Include/Register/Amd/SvsmMsr.h = | 35 ++ > > >> OvmfPkg/Include/WorkArea.h = | 7 + > > >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h > | > > 4 > > >> +- > > >> OvmfPkg/Library/CcExitLib/CcExitSvsm.h = | 29 ++ > > >> UefiCpuPkg/Include/Library/CcExitLib.h = | 71 ++- > > >> UefiCpuPkg/Library/MpInitLib/MpLib.h = | 27 +- > > >> > OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > > | > > >> 16 +- > > >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > | > > 25 > > >> +- > > >> > OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > > | > > >> 20 +- > > >> > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c > > | > > >> 25 +- > > >> > > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c > | > > >> 203 ++++---- > > >> OvmfPkg/Library/CcExitLib/CcExitSvsm.c = | 532 > > >> ++++++++++++++++++++ > > >> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c = | 29 +- > > >> OvmfPkg/PlatformPei/AmdSev.c = | 100 +++- > > >> UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c = | 82 ++- > > >> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c = | 19 +- > > >> UefiCpuPkg/Library/MpInitLib/MpLib.c = | 7 +- > > >> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c = | 127 +++-- > > >> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm = | 39 ++ > > >> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm = | 94 ++++ > > >> OvmfPkg/ResetVector/ResetVector.nasmb = | 6 +- > > >> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm = | 9 + > > >> UefiCpuPkg/UefiCpuPkg.uni = | 3 + > > >> 39 files changed, 1524 insertions(+), 210 deletions(-) > > >> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h > > >> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h > > >> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.h > > >> create mode 100644 OvmfPkg/Library/CcExitLib/CcExitSvsm.c > > >> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm > > >> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm > > >> > > >> -- > > >> 2.42.0 > > > >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115289): https://edk2.groups.io/g/devel/message/115289 Mute This Topic: https://groups.io/mt/103986434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-