From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.7768.1652797081078605289 for ; Tue, 17 May 2022 07:18:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=b6AMeYm4; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: ray.ni@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652797081; x=1684333081; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=+GZxvvqW1dNXCm9VIC7FGsmd9Eu10xxMjFtwb0fTSH4=; b=b6AMeYm4t3LicxwpooNoerGv3Vb0rszXbLDD3hRIYBP2DQOrydHcGc8O PZQMLHN31zb4pq1/XmQCZfCotny4jO84CGHH1KWd39WsuRstULBpHCu2Z /nGGO8I/oNY/W1s/55TKE9ulhLAXBEJzNqDRGOCwNsrhfCQx/Fk0S7+US 395VMsIScKNyQzkUft1sf3UL5gLIXtTvUPzb32t0hQX3YdQb2QLa41r1d nYrsyANCm+0EdHqV8eMv6MispBJNvusCG04cHeX7FVG8vBhcvK/sR19GS Jzz/BR3AZV/qryvvwi2VD7BZWw+DScmIiZhGaZ07UnwDnEAl1utvfNa3C Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10349"; a="331812322" X-IronPort-AV: E=Sophos;i="5.91,233,1647327600"; d="scan'208";a="331812322" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2022 07:17:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,233,1647327600"; d="scan'208";a="672871476" Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by fmsmga002.fm.intel.com with ESMTP; 17 May 2022 07:17:32 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 17 May 2022 07:17:31 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 17 May 2022 07:17:31 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Tue, 17 May 2022 07:17:31 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.107) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Tue, 17 May 2022 07:17:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NT5xJdiZJKNeUwloN03yf/zzy5mhOhuTtxIZYv2nYf4YFXJrj3RKjzGPrp3LZ0YUnkuJSFxpdz+TvnJiQPFXtVCPQjPaX1RrOUlN9SG/bBPmv8tNd5PydKja7BclGgf8hrzajJmrX90rIX44ekUuuTffSVS0EX9IoNol3Xom9Z+p9cbkZ5500MlT5C8YDB1T3hWe9tx+/GB3ALV0bBkNG0vzjyz4g6dV8ZprL+cZ0McXXXv1RgUgyyhg+Md6UQTUPwf1G3ImVzcu/CfwkEaurNLExvPWoOsVbjx8LwdrMZMMyHaaXQde0uJDF3IZexFnyfrhARFSp0RA2h9gNSh9ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vK+hJSItwOOFKyQOV3vRPlxqcVASlC4HVo+qEuIHVXQ=; b=hOgTR09uEZklW4dC9lvatx1l6W2o/rbGUVpmiSJA3Pfl9E/8uVwZjU7pY9OVID7Tdm2awB9dETFuGCQmWN/voy9n3rBBrNGiyFWVtKAsoox7eIt74jI43dWIz1ZxHBOtn2rpEbdV+bVo+wU09VqvgedaIXFFR2HSAKKRBwjZfYyF6dTl8xoHnDJkQV3RIgsJILN//thi9moPTlLl7b8K5Kt2HJgyEMsF79C/n/EitfTfFeAuHJFOtvjv4EDx9O9TaGoH4sMgmApE38J0GSgmopKv4vCGyidHE7eMGdHt6V5Lhdd3r76kDvclyrNO/6LIqhKM1VbSRrAb8jDxF63u7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MWHPR11MB1631.namprd11.prod.outlook.com (2603:10b6:301:10::10) by DM5PR1101MB2091.namprd11.prod.outlook.com (2603:10b6:4:57::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.13; Tue, 17 May 2022 14:17:28 +0000 Received: from MWHPR11MB1631.namprd11.prod.outlook.com ([fe80::2d8b:3e7f:83d7:1e56]) by MWHPR11MB1631.namprd11.prod.outlook.com ([fe80::2d8b:3e7f:83d7:1e56%8]) with mapi id 15.20.5250.018; Tue, 17 May 2022 14:17:28 +0000 From: "Ni, Ray" To: "devel@edk2.groups.io" , "michael.roth@amd.com" CC: Tom Lendacky Subject: Re: [edk2-devel] [PATCH v2] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page Thread-Topic: [edk2-devel] [PATCH v2] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page Thread-Index: AQHYaSpWGzNqwve/w0u1xEdHmAVuG60iYhtg Date: Tue, 17 May 2022 14:17:28 +0000 Message-ID: References: <20220516120217.553061-1-michael.roth@amd.com> In-Reply-To: <20220516120217.553061-1-michael.roth@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-reaction: no-action dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9d923a6a-bfa0-4c27-154a-08da380ff980 x-ms-traffictypediagnostic: DM5PR1101MB2091:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: NWKFtWLPKrKM7TVsF08rx9XGQuwl5zMkEJVv8sVYmvjVyT4oMQCPHQspKQCTVDVHAEaep3roAIJrWJIxES+SP3s9kNBkkMF0pDrZnqBo/ub3Fi+fln8z3u4DQ2iuZ6CJi5inJ2MgzzukJKK+H9Xv+LSTXUsSLZiZaLsJsAj8vZSS9KuzvV1LjuH5MIhu6MLGqSiC2ZuNpd7nzX5rjmyXczHBqXRo1HU93JMUkC200Gp3PFG9b4LkGVB4IKdyol1NbRSpaTnZ3/MqPyPDWsW/dRnM0JfQsUGde2ho/fT26mc7mLXsf4ErwMMOQzPMP7J/m64A8jKFB7hV4TfLbtBNsV0Gxi9QGSjiC12XGRqTh7A3/qqEHlZvvjaSdcVu1sQUiqqJS2q1wcu1gSRiO6SApVeyvuFcEz6K+kdF06oom/gzufZUJUrjLNZlaMtCnSsG/tQ9tsjNkIqRitY3gNiPLVwzhE5oJrBxDyyiZzJCgy0NrmHzhYyhhz4eDugX6LBoB6OiqTY/YSg4vPFR9kMTGv43Znl6mfzQCl8BFfXDHwdg6AsCkgndhbyRkowyjCoNcE0/sEqh7kCezZYPSruHTDslNBf4swmEGfW/xpL8xCTMavEMARZ0TDHUeC/5W7pJOdSc3YtmXZP4ShbZmIqP/x90yJIyMO8YMNyI7TME6XcBO/EKSO2ZDU3MRHGJNIXoG4Q/Nx5Iuhdi6SClcBdAT6Im8OEVG9/344IoOai5ta3Oxx9whlPcOLhOOX3G9mBR2300TTYMaB1MzuylSLo5qjEzHkZznXBYABNwRjCBCoFQUV8S3ITEmqGYaS0OraQLOePBsV1qojcvgaMC0OEWMg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR11MB1631.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(8676002)(6506007)(5660300002)(26005)(19627235002)(122000001)(33656002)(2906002)(4326008)(38100700002)(9686003)(7696005)(30864003)(86362001)(110136005)(66446008)(66556008)(66946007)(64756008)(186003)(66476007)(53546011)(316002)(38070700005)(83380400001)(71200400001)(55016003)(76116006)(52536014)(8936002)(82960400001)(508600001)(966005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GxWJrI/uDN8H1q5gvb5Aq9hT328cTiNuApsw5vFCObzHpXt+zX5rr7+FZtpc?= =?us-ascii?Q?AR0lVOM16bN7/FoGd/ypBiv1j+DfjJzdVLji0wEc0bHjbeGwLsi79+JYRKT9?= =?us-ascii?Q?FWxI/mnhSvOZmrhVEcHizxYkcVIIqKC4q5CBphLrEsHzgn9mJ0IfI5emogav?= =?us-ascii?Q?wbNC/OUtlwvZaHQX6e8AKaxsENViEf1vurtzE3esU5murKTZSPAsUDT9eK+A?= =?us-ascii?Q?bQ9kQHE3MNoGL9HyQ78myzFUTXXYd2GRn3g8xTFlPR+NA/kcb0OdxNv5qZo7?= =?us-ascii?Q?h4D6X8S0bYfGmJjOknjDyGohQ8tgfr8d2s8128cj1k9Aj4AanTJ6jPHHK9ac?= =?us-ascii?Q?cMef3e38tb2OCDBlEZbyusFYJncOuLKlORGAp+FYYhgwt72Er15vCL3kpYhp?= =?us-ascii?Q?2mbNErFS7Rbu851ibbsibjLtZ1aiRwqbkkc7WmrTE3dB8VoEHRT7b1vMH3UJ?= =?us-ascii?Q?mShcxFz5VYQ3v3U0C+kTjhNQ466jYEykwkh4/X+EXXETsUHat0asYc6YLM36?= =?us-ascii?Q?YlYOOXv0r0lC/BhB4T3SdUsbKrPJ5DkZX4DM1Ic8DpMaNut13gkD11m9dpRi?= =?us-ascii?Q?DcEFE8mfHa73plFFaqWBB+QUbXaA2fskf4ydbh/ZglyETb8UDN9jSYrF8iPC?= =?us-ascii?Q?G1v1gH7cixwFHEcYbdAKbrVsXsA2KBGCTPpZLpd2tGjAt+eE8ytYPtl5HmWM?= =?us-ascii?Q?czwvIMWbCM0iJSMh8/RqIZx2XAyS2InKOYq0TkCMSKgW/TMKEUDmF1abUTCd?= =?us-ascii?Q?BQRDpf+FGe6hDQrq0PLUECTx0EoRUxv7+0BW04/MTn/RlqyW/E3SSS+AY0g7?= =?us-ascii?Q?n151ztk2bTKm2ZeSnDRHb3V701hT61hIhaUYkiWA5YumRAycrjU2TB1k6mn/?= =?us-ascii?Q?UOnBR0de0oV4aMhVie8L7OETrhoLj7u0iDGFinDPOjyl5fDhM/CFaoDKT5hc?= =?us-ascii?Q?aPOBvhIxqY3+OG2l6oJ1/kapauReMIKfDbzgdnPLl1vuSXqH9UNmhs65HN4/?= =?us-ascii?Q?mX9+52Alaep5BYdC05VOW1vOWZCXiAeXVt9a3EJvib88BWEomP05tj6LbNRD?= =?us-ascii?Q?w8nonQemljeXUvP6ZBuB1wn4Uct0YpzT5GKKFD9XUWeLvvVATuRnlr8vlqyW?= =?us-ascii?Q?5vmFlJgMQRFoyUiJsNiG/OIU9ngzYCTrSHNO9VvvzVCDgi5KRjF7YESoa6O0?= =?us-ascii?Q?07U1mMLd9VwRXes/DFclPRLzsXQ2ipNjZZ05oznciGBSPCLQl4qkKtWMvhkC?= =?us-ascii?Q?ngB2fZlmJnRfQP/Gknz5dwfXOdA6YT5Yx61xD/Ad1MUli0gF8KXuQviNoQiJ?= =?us-ascii?Q?TbgRbNi6pYEsWlvFEzxP0txj/9CkaLJYbMhC6ZCUOiZARpOjG8fZnnP0cbab?= =?us-ascii?Q?stG+DcURR/haNsCX+op9t8wYHbxFtjoz34yHe4LOTvC2SsQPw8aTQiV4vBsE?= =?us-ascii?Q?SQb1HnOxJnrFpJyaAaT86Hi2fIpdS/dJgyYBHqya/byWJnOWdITtNghJ9bMl?= =?us-ascii?Q?+ArA1Cyyy5jjFxGzRzei0AVWADTfxPiwT4HVSFBa+iQsNSTNYWNCHBEWLT3T?= =?us-ascii?Q?CwbDBuKvwW5cJG6uh353fQLBdz5vf0EAEzBVKl7nkbz5IlEMxz4xk1MrlZPB?= =?us-ascii?Q?/gm7mqWAqcMMuA5ROllmF7l4t+NIC9z8dHW/7tRh2dsxlachFpHAwru3zDJV?= =?us-ascii?Q?wTS9BOKCHfxze0wBe/NDd85XzyqBOkKFSgLqk9wY9ke6etXPXBpW/r6LBgeu?= =?us-ascii?Q?ZBTzr6SgdQ=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1631.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9d923a6a-bfa0-4c27-154a-08da380ff980 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 May 2022 14:17:28.7307 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: OLXgdw95gwd06kdxBN1coA/Yeb8OmNdKhREePYFDDuewEPEFmub0AXmE9zHWz7Of/uA15JwTugNWp0YmpWwujQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2091 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable can you please split the patches so one patch for one package? > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Michael Ro= th via groups.io > Sent: Monday, May 16, 2022 8:02 PM > To: devel@edk2.groups.io > Cc: Tom Lendacky > Subject: [edk2-devel] [PATCH v2] UefiCpuPkg: Store SEV-SNP AP jump table = in the secrets page >=20 > A full-featured SEV-SNP guest will not rely on the AP jump table, and > will instead use the AP Creation interface defined by the GHCB. However, > a guest is still allowed to use the AP jump table if desired. >=20 > However, unlike with SEV-ES guests, SEV-SNP guests should not > store/retrieve the jump table address via GHCB requests to the > hypervisor, they should instead store/retrieve it via the SEV-SNP > secrets page. Implement the store side of this for OVMF. >=20 > Suggested-by: Tom Lendacky > Signed-off-by: Michael Roth > --- > v2: > - Update Secrets OS area to match latest GHCB 2.01 spec > - Move Secrets header file into ./Register/AMD subdirectory > - Fix CI EccCheck due to assignment in variable declaration >=20 > MdePkg/Include/Register/Amd/SnpSecretsPage.h | 56 +++++++++++++++++++ > MdePkg/MdePkg.dec | 4 ++ > OvmfPkg/AmdSev/AmdSevX64.dsc | 3 + > OvmfPkg/CloudHv/CloudHvX64.dsc | 3 + > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 + > OvmfPkg/Microvm/MicrovmX64.dsc | 3 + > OvmfPkg/OvmfPkgIa32.dsc | 3 + > OvmfPkg/OvmfPkgIa32X64.dsc | 3 + > OvmfPkg/OvmfPkgX64.dsc | 3 + > OvmfPkg/PlatformPei/AmdSev.c | 5 ++ > OvmfPkg/PlatformPei/PlatformPei.inf | 1 + > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 10 ++++ > 13 files changed, 98 insertions(+) > create mode 100644 MdePkg/Include/Register/Amd/SnpSecretsPage.h >=20 > diff --git a/MdePkg/Include/Register/Amd/SnpSecretsPage.h b/MdePkg/Includ= e/Register/Amd/SnpSecretsPage.h > new file mode 100644 > index 0000000000..3188459150 > --- /dev/null > +++ b/MdePkg/Include/Register/Amd/SnpSecretsPage.h > @@ -0,0 +1,56 @@ > +/** @file >=20 > +Definitions for AMD SEV-SNP Secrets Page >=20 > + >=20 > +Copyright (c) 2022 AMD Inc. All rights reserved.
>=20 > +SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > + >=20 > +**/ >=20 > + >=20 > +#ifndef SNP_SECRETS_PAGE_H_ >=20 > +#define SNP_SECRETS_PAGE_H_ >=20 > + >=20 > +// >=20 > +// OS-defined area of secrets page >=20 > +// >=20 > +// As defined by "SEV-ES Guest-Hypervisor Communication Block Standardiz= ation", >=20 > +// revision 2.01, section 2.7, "SEV-SNP Secrets Page". >=20 > +// >=20 > +typedef PACKED struct _SNP_SECRETS_OS_AREA { >=20 > + UINT32 Vmpl0MsgSeqNumLo; >=20 > + UINT32 Vmpl1MsgSeqNumLo; >=20 > + UINT32 Vmpl2MsgSeqNumLo; >=20 > + UINT32 Vmpl3MsgSeqNumLo; >=20 > + UINT64 ApJumpTablePa; >=20 > + UINT32 Vmpl0MsgSeqNumHi; >=20 > + UINT32 Vmpl1MsgSeqNumHi; >=20 > + UINT32 Vmpl2MsgSeqNumHi; >=20 > + UINT32 Vmpl3MsgSeqNumHi; >=20 > + UINT8 Reserved2[22]; >=20 > + UINT16 Version; >=20 > + UINT8 GuestUsage[32]; >=20 > +} SNP_SECRETS_OS_AREA; >=20 > + >=20 > +#define VMPCK_KEY_LEN 32 >=20 > + >=20 > +// >=20 > +// SEV-SNP Secrets page >=20 > +// >=20 > +// As defined by "SEV-SNP Firmware ABI", revision 1.51, section 8.17.2.5= , >=20 > +// "PAGE_TYPE_SECRETS". >=20 > +// >=20 > +typedef PACKED struct _SNP_SECRETS_PAGE { >=20 > + UINT32 Version; >=20 > + UINT32 ImiEn : 1, >=20 > + Reserved : 31; >=20 > + UINT32 Fms; >=20 > + UINT32 Reserved2; >=20 > + UINT8 Gosvw[16]; >=20 > + UINT8 Vmpck0[VMPCK_KEY_LEN]; >=20 > + UINT8 Vmpck1[VMPCK_KEY_LEN]; >=20 > + UINT8 Vmpck2[VMPCK_KEY_LEN]; >=20 > + UINT8 Vmpck3[VMPCK_KEY_LEN]; >=20 > + SNP_SECRETS_OS_AREA OsArea; >=20 > + UINT8 Reserved3[3840]; >=20 > +} SNP_SECRETS_PAGE; >=20 > + >=20 > +#endif >=20 > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec > index f1ebf9e251..a365bfcfe8 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -2417,5 +2417,9 @@ > # @Prompt Memory encryption attribute >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0|UINT64|0x= 0000002e >=20 >=20 >=20 > + ## This dynamic PCD indicates the location of the SEV-SNP secrets page= . >=20 > + # @Prompt SEV-SNP secrets page address >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0|UINT64|0x0000002f >=20 > + >=20 > [UserExtensions.TianoCore."ExtraFiles"] >=20 > MdePkgExtra.uni >=20 > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc > index f0700035c1..02306945fd 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc > @@ -575,6 +575,9 @@ > # Set ConfidentialComputing defaults >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 >=20 >=20 >=20 > + # Set SEV-SNP Secrets page address default >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0 >=20 > + >=20 > !include OvmfPkg/OvmfTpmPcds.dsc.inc >=20 >=20 >=20 > gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000 >=20 > diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.= dsc > index d1c85f60c7..7143698253 100644 > --- a/OvmfPkg/CloudHv/CloudHvX64.dsc > +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc > @@ -630,6 +630,9 @@ > # Set ConfidentialComputing defaults >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 >=20 >=20 >=20 > + # Set SEV-SNP Secrets page address default >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0 >=20 > + >=20 > [PcdsDynamicHii] >=20 > !include OvmfPkg/OvmfTpmPcdsHii.dsc.inc >=20 >=20 >=20 > diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdx= X64.dsc > index 80c331ea23..b19718c572 100644 > --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc > +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc > @@ -512,6 +512,9 @@ >=20 >=20 > gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000 >=20 >=20 >=20 > + # Set SEV-SNP Secrets page address default >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0 >=20 > + >=20 > ########################################################################= ######## >=20 > # >=20 > # Components Section - list of all EDK II Modules needed by this Platfor= m. >=20 > diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.= dsc > index 20c3c9c4d8..42673c29ee 100644 > --- a/OvmfPkg/Microvm/MicrovmX64.dsc > +++ b/OvmfPkg/Microvm/MicrovmX64.dsc > @@ -613,6 +613,9 @@ > # Set ConfidentialComputing defaults >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 >=20 >=20 >=20 > + # Set SEV-SNP Secrets page address default >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0 >=20 > + >=20 > ########################################################################= ######## >=20 > # >=20 > # Components Section - list of all EDK II Modules needed by this Platfor= m. >=20 > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 533bbdb435..8ffef069a3 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -649,6 +649,9 @@ > # Set ConfidentialComputing defaults >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 >=20 >=20 >=20 > + # Set SEV-SNP Secrets page address default >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0 >=20 > + >=20 > !if $(CSM_ENABLE) =3D=3D FALSE >=20 > gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000 >=20 > !endif >=20 > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index cb68e612bd..0b4d5001b2 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -657,6 +657,9 @@ > # Set ConfidentialComputing defaults >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 >=20 >=20 >=20 > + # Set SEV-SNP Secrets page address default >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0 >=20 > + >=20 > !if $(CSM_ENABLE) =3D=3D FALSE >=20 > gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000 >=20 > !endif >=20 > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 71526bba31..3a3223be6b 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -680,6 +680,9 @@ > # Set ConfidentialComputing defaults >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 >=20 >=20 >=20 > + # Set SEV-SNP Secrets page address default >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress|0 >=20 > + >=20 > !if $(CSM_ENABLE) =3D=3D FALSE >=20 > gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000 >=20 > !endif >=20 > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index 385562b44c..70352ca43b 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -408,6 +408,11 @@ AmdSevInitialize ( > // >=20 > if (MemEncryptSevSnpIsEnabled ()) { >=20 > PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAm= dSevSnp); >=20 > + ASSERT_RETURN_ERROR (PcdStatus); >=20 > + PcdStatus =3D PcdSet64S ( >=20 > + PcdSevSnpSecretsAddress, >=20 > + (UINT64)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase) >=20 > + ); >=20 > } else if (MemEncryptSevEsIsEnabled ()) { >=20 > PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAm= dSevEs); >=20 > } else { >=20 > diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Pl= atformPei.inf > index 00372fa0eb..c688e4ee24 100644 > --- a/OvmfPkg/PlatformPei/PlatformPei.inf > +++ b/OvmfPkg/PlatformPei/PlatformPei.inf > @@ -114,6 +114,7 @@ > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr >=20 > gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress >=20 >=20 >=20 > [FixedPcd] >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase >=20 > diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/L= ibrary/MpInitLib/DxeMpInitLib.inf > index e1cd0b3500..d8cfddcd82 100644 > --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > @@ -80,3 +80,4 @@ > gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard #= # CONSUMES >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase #= # CONSUMES >=20 > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr #= # CONSUMES >=20 > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress #= # CONSUMES >=20 > diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library= /MpInitLib/DxeMpLib.c > index 60d14a5a0e..4d6f7643db 100644 > --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c > +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c > @@ -15,6 +15,7 @@ > #include >=20 > #include >=20 > #include >=20 > +#include >=20 >=20 >=20 > #include >=20 >=20 >=20 > @@ -216,6 +217,15 @@ GetSevEsAPMemory ( >=20 >=20 > DEBUG ((DEBUG_INFO, "Dxe: SevEsAPMemory =3D %lx\n", (UINTN)StartAddres= s)); >=20 >=20 >=20 > + if (ConfidentialComputingGuestHas (CCAttrAmdSevSnp)) { >=20 > + SNP_SECRETS_PAGE *Secrets; >=20 > + >=20 > + Secrets =3D (SNP_SECRETS_PAGE *)(INTN)PcdGet64= (PcdSevSnpSecretsAddress); >=20 > + Secrets->OsArea.ApJumpTablePa =3D (UINT64)(UINTN)StartAddress; >=20 > + >=20 > + return (UINTN)StartAddress; >=20 > + } >=20 > + >=20 > // >=20 > // Save the SevEsAPMemory as the AP jump table. >=20 > // >=20 > -- > 2.25.1 >=20 >=20 >=20 >=20 >=20