From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web12.30626.1630982218681133952 for ; Mon, 06 Sep 2021 19:36:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=ooQLZocG; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10099"; a="207303295" X-IronPort-AV: E=Sophos;i="5.85,273,1624345200"; d="scan'208";a="207303295" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Sep 2021 19:36:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,273,1624345200"; d="scan'208";a="579801834" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga004.jf.intel.com with ESMTP; 06 Sep 2021 19:36:56 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 6 Sep 2021 19:36:56 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 6 Sep 2021 19:36:56 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 6 Sep 2021 19:36:56 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.171) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Mon, 6 Sep 2021 19:36:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZK35THsnWcNnumc/F03Q+hlBm4UEPyRvUol6wXxHgsdpBIvRQbw3LRrCCkesJxYHEEz2W6+Mr9otZPZyd23MfDOpe3K6uMq+HI/91/1MQ+2KtdbFiti4wIk7d8N4pbKhNHKg9NETzzEJwc3uFT0w2Zl5NOJYw817Se0TyJMLMdFmemFgvNiKEismJK+J5jiuUTyU4lZGnYtiObAy6owamYZTxSNp/wz6YGNFZXme87sflwgRbnSveCgYjyHEc34nZsUFpYAf9IQhlH99Gnhz0hvXZs0lgNx/TLafqFip1CtoQClq1qOZ9OJuTFnbPiOpLfPSLfa4jafAvWPHjFXAwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3s5Q/ZV9re0rXTFNmWTUsU2dYOqYHxTHV0eQ8NGzSgg=; b=VULwwOhwU1DVWob/kTqlnUARvlYzX8BCLdZBvmep2sDsJp/E6xogm7K7bY2ehxla+NCDnuRObfS7ctNeMIBzGW8d07Fa/XE3XRVqnWzKgDdqsYWLC7sWlRPnxxF6Nlffsj5TgD6LQKNx50jRzR1T+qPyqWkGDBV8aXDRsquWtEEhCYODSrbcRsDKT3jUa0wZuD0YmNnlRZBmP8HV9N1u0IEu71zc4Z+VFMLsUzFbZY67hSB/ZWtyvm2ujYBOi/2+mjHtQ7+Ia7LupozQLr4+zY5N3eZatQ4JGeAimQb/BfjnT9Rt2RcVi0yxBabNHeDV3vBq8O7qumNd5u9+il51xA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3s5Q/ZV9re0rXTFNmWTUsU2dYOqYHxTHV0eQ8NGzSgg=; b=ooQLZocGA3ouBR8JwimOCVVoabF996m5wru52HSLvtHKAQ/SdIAV52aGJVerGuIzgyL34/9Xed1zQKzhIa0hDAXgJ29HA96+p1rNizNhkDVJ3W5J0bC4hTu/wnIbtWr802mByePs99eenljeCO7kSJTXMLI//lAWzckCzjq5uUk= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5175.namprd11.prod.outlook.com (2603:10b6:510:3d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.21; Tue, 7 Sep 2021 02:36:54 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306%5]) with mapi id 15.20.4478.025; Tue, 7 Sep 2021 02:36:54 +0000 From: "Yao, Jiewen" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Xu, Min M" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann Subject: Re: [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support Thread-Topic: [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support Thread-Index: AQHXn00B059wRY98pU27Y2OZJ6b/8KuXyo8A Date: Tue, 7 Sep 2021 02:36:54 +0000 Message-ID: References: <20210901161646.24763-1-brijesh.singh@amd.com> In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e6fc6288-d1af-4697-df91-08d971a85b10 x-ms-traffictypediagnostic: PH0PR11MB5175: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GCUovkd7DGsialaerJIs1MAEAAUtRofz7qQ1y51bZN1udvGV1ay5BH1neRzpg/yl7kLnFoSPWKYNlQpnnc3eseVU616tLqNxzhWm6OWNmnAVESWAAvSu7gO0ekzg18tSgWPPyPKn0dZxrNMQdf6vnIPJdd9O7bUgSFI/nBofR81oO3K1B0pRpZZMv1E55ZsjMijs7ZDaWTwnva6eafo3rZgaBKM3FK2uUZh2WFZoOrN52PveI2YEXfEWRZGlu7L9S/fziGYCqw8HNiGzKkbJm4XuFMHC/AxAszd8RuYKqKZFYQVFOUIVk4TluoSyV8TKT//1gUI/2UA/Hp8bCFOE8Ejb+1Xhm/5Zpm1m7mWJRvEi0pEwL/cKZcMX5DCOr7jRUrkdY92L9Br5Idx6zhbsPsGN8oWVC+nDnEogl9G8LweFkgzzQ7k8fz1P9zFYV1HZ+3Zi51E923y3oChUBsvtqqPXEq5Pi9qCXic7VaLp8OWayoD6yatBC8sZ+GoIAQyZ0jFU8Wc+zhqSdZVzxm8WBslynQzpla4oDPzHxH88vN9jG8otMVAXwWmmgeuY7k0BsgaYNaiSZFL8+fExdpUlLcpPvBMZ9VrQm5HAJAHSxLSVAtEqUcVmjmm2pSmxpOQZcIKwFsPLUUTVC/Ny6hjMzGrMgCqQRg00qagpLYg6Y3WXH+Yai9nnKWk4ZeUXLQMU+42RNRo79GRJRewehok9paz2Ihn5/RON5vKakTk9WkziVFVv6TH6jaShOm9WxTvasP4dMlMasNj+s52jf6jiVOc8Y/b99MRwjKL81X/hsju6zH9xQGHrgxpuMTTXe0QzHIBkKBgroTv/uirh5PNo8w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(66946007)(66476007)(508600001)(64756008)(83380400001)(66556008)(86362001)(6506007)(33656002)(110136005)(4326008)(26005)(966005)(76116006)(7696005)(30864003)(66446008)(9686003)(71200400001)(122000001)(52536014)(2906002)(38070700005)(186003)(19627235002)(55016002)(5660300002)(54906003)(8936002)(316002)(8676002)(53546011)(38100700002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?FMEmhjQcrwSRWaaTDweSeN6Qr2Vg/pCG4sLIr16JA+9UdbmoibWSG0KBUvdA?= =?us-ascii?Q?wIJeIujRI7oFaQxm2bipx5bA0n+OKhN4xmZp8u1OfW9TK2hLB8NCybNW2HCp?= =?us-ascii?Q?bfM6G/BbQX+6qf8U2I0tVQs5/lbTXL8VwIUWlsXmEmPMDlFvriaZziecNRVl?= =?us-ascii?Q?wCix9yQZX4qIG0ePZRE7XyOrSJ+agFQbAxURlTKVeX4NwxSw+Em3Q/NsKyys?= =?us-ascii?Q?izedz1kcs8H9fA4YD6kSIoWsU1+Kl99Z9a1BuavT/c0h+AbQa9tMJ51LGUsb?= =?us-ascii?Q?/RQILGVpNkf/FM7qtadyRKRb6vqKcjk/lkgMRf1L+suSCfODfye9pvHPyDIb?= =?us-ascii?Q?wjPJxL/3sOVtJOxwgrJYteTJ2pp2calSSbkbW4K4OHY71ZWecqn+nYhHKiSO?= =?us-ascii?Q?iBpK31u7S52sk/cpvZ/jcZQ2G5s6yLuIXneEKNDF+Qw5mpRxnNORYIf8vemz?= =?us-ascii?Q?yELqTxTVuGQbnDEIZ2G0Gd6dj2Nkd+FRnn+PC9oZ7uKfTJqlslO2Te9rlDll?= =?us-ascii?Q?IyLQdjmYayUbDCoVc+pjvUu3RTNfmP1+5lZ2hH64USrhcc+4sEtxBAm/4irK?= =?us-ascii?Q?A+WExc4WIUPKAuPYXCKefrwvmbRD/5R/k58XOShPGWfA+HOOTmG0zFzbLcHo?= =?us-ascii?Q?Nuiw1tFHXwFA5u5eiR+hgmygYrL1oPSwFFvlEkLDadMSi63Ee8n17tIuHFm+?= =?us-ascii?Q?CQKPblR9u1ZIt1uNIjHV/gu0aDJYC0ZeUZsF/GeHpc2Dr3AQT+yYh7xBPhPc?= =?us-ascii?Q?Miys1+7JObCvSF7lK/iynILQ8z9JjWm2p3fcaIxDJwDtjAj63ZCYH6WmSEk4?= =?us-ascii?Q?IufHMXT7YZrpYcc4Xhyxp2chJ3MG1p6YOG9LPhk874QClIqfKkDBPix9G+1j?= =?us-ascii?Q?PK5gKCH+4fIaFQvJugUA8OiH3TfqpQCQW3JIVfXzrUDCTRHNZ5Jf3e0WlS/r?= =?us-ascii?Q?gM/ijs2IWQFwbqnZla9tDmxZOwsO6QbDjdYDtm92n77RmWOqI1233ibWzd9F?= =?us-ascii?Q?bZKMStWL3uRLeTwSO9xGmqzEYXs81f4dpmWW7KOujBzRcwADkdHCzpxT/CuK?= =?us-ascii?Q?HnUzqUCAJh5CVCTwIasefmPWbePDdWfh6fFDWwswtORjYd/BYboKX2SWWeyx?= =?us-ascii?Q?/uj2LZ5WWXs+UENiUlUhAeiUV4wmZJ0MimRfOwfQrseiHO9lr4jKOlnYIocP?= =?us-ascii?Q?0XJglJPTW9eVMY6EdWl24gcyRmvqbCBzc8wDr+WTKvk5k5szE67QzwlB3G75?= =?us-ascii?Q?N1jUOet8bhn1Xd7rsoRoQTqrxUlk+6uLpv6z4uWMxW1XVs3L/4SBVcApw6cD?= =?us-ascii?Q?aNQpxYfVUoboE1IxIXXXwIhd?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e6fc6288-d1af-4697-df91-08d971a85b10 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2021 02:36:54.4210 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: f+G6BTSuFG0x8A0Ip2PWc81AM781tP6Uy8zfocMez3a0OSRISnjI0oQsanOWnooKZS585Z9zUtqmitEMZc5fOw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5175 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thank you Brijesh It took me a while to review this series. Here is my feedback. I am not sure what you prefer, to put all comment together? Or reply 29 ema= il separately? Let me put them together in this version. If you prefer a different way, pl= ease let me know. My strategy is same as previous. I will focus on common part and review as = detail as possible. For SEV specific thing, I will ACK and let AMD people make decision unless = I have big concern on the design. You can add my A-B and R-B in next version. 0001-OvmfPkg-reserve-SNP-secrets-page Reviewed-by: Jiewen Yao 0002-OvmfPkg-reserve-CPUID-page-for-SEV-SNP Reviewed-by: Jiewen Yao 0003-OvmfPkg-ResetVector-introduce-SEV-SNP-boot-block-GUID I am still thinking if it is possible to move all SEV define GUID blob to a= standalone file, and TDX define GUID blob to another file. Anyway, that can be done later. Reviewed-by: Jiewen Yao 0004-OvmfPkg-ResetVector-invalidate-the-GHCB-page Acked-by: Jiewen Yao 0005-OvmfPkg-ResetVector-check-the-vmpl-level Acked-by: Jiewen Yao 0006-OvmfPkg-ResetVector-pre-validate-the-data-pages-used-in-SEC-phase Acked-by: Jiewen Yao 0007-OvmfPkg-ResetVector-use-SEV-SNP-validated-CPUID-values Acked-by: Jiewen Yao 0008-UefiCpuPkg-Define-the-SEV-SNP-specific-dynamic-PCDs I really don't like the idea to use BOOL PcdSevEsIsEnabled and PcdSevSnpIsE= nabled. Can we define *one* PCD - such as PcdConfidentialComputingCategory? We can assign range 0x0000~0xFFFF to AMD SEV, 0x10000~0x1FFFF to Intel TDX. Then SEV=3D0x0000, SEV-ES=3D0x0001, SEV-SNP=3D0x0002, and TDX=3D0x10000 lat= er. I really don't want to keep adding PCD endlessly in the future, like PcdSev= XXXIsEnabled, PcdSevYYYIsEnabled, PcdTdxIsEnabled, PcdTdx20Enabled, PcdTdx3= 0Enabled, ...... 0009-OvmfPkg-MemEncryptSevLib-add-MemEncryptSevSnpEnabled() I am not sure since we have PCD in 0008, why we need to expose the function= - MemEncryptSevSnpIsEnabled() and MemEncryptSevEsIsEnabled()? Should we always use PCD anywhere else? Anyway, Acked-by: Jiewen Yao 0010-OvmfPkg-SecMain-move-SEV-specific-routines-in-AmdSev.c Reviewed-by: Jiewen Yao 0011-OvmfPkg-SecMain-register-GHCB-gpa-for-the-SEV-SNP-guest Acked-by: Jiewen Yao 0012-OvmfPkg-VmgExitLib-use-SEV-SNP-validated-CPUID-values Acked-by: Jiewen Yao 0013-OvmfPkg-PlatformPei-register-GHCB-gpa-for-the-SEV-SNP-guest Acked-by: Jiewen Yao 0014-OvmfPkg-AmdSevDxe-do-not-use-extended-PCI-config-space Acked-by: Jiewen Yao 0015-OvmfPkg-MemEncryptSevLib-add-support-to-validate-system-RAM Acked-by: Jiewen Yao 0016-OvmfPkg-BaseMemEncryptSevLib-skip-the-pre-validated-system-RAM Acked-by: Jiewen Yao 0017-OvmfPkg-MemEncryptSevLib-add-support-to-validate-4GB-memory-in-PEI-pha= se Acked-by: Jiewen Yao 0018-OvmfPkg-SecMain-pre-validate-the-memory-used-for-decompressing-Fv Acked-by: Jiewen Yao 0019-OvmfPkg-PlatformPei-validate-the-system-RAM-when-SNP-is-active Acked-by: Jiewen Yao 0020-OvmfPkg-PlatformPei-set-the-SEV-SNP-enabled-PCD See 0008 0021-OvmfPkg-PlatformPei-set-the-Hypervisor-Features-PCD Acked-by: Jiewen Yao 0022-MdePkg-GHCB-increase-the-GHCB-protocol-max-version Acked-by: Jiewen Yao 0023-UefiCpuPkg-MpLib-add-support-to-register-GHCB-GPA-when-SEV-SNP-is-enab= led 1) See 0008. 2) For MpFuncs.nasm, I recommend to move AmdSev specific initialization to = a standalone file, such as Sev.nasm 0024-UefiCpuPkg-MpInitLib-use-BSP-to-do-extended-topology-check See 0023 0025-OvmfPkg-MemEncryptSevLib-change-the-page-state-in-the-RMP-table Acked-by: Jiewen Yao 0026-OvmfPkg-MemEncryptSevLib-skip-page-state-change-for-Mmio-address Acked-by: Jiewen Yao 0027-OvmfPkg-PlatformPei-mark-cpuid-and-secrets-memory-reserved-in-EFI-map Would you please move SEV specific init to another Sev.c? Also I found MemEncryptSevEsIsEnabled() and MemEncryptSevSnpIsEnabled() are= there. I suggest just use one API MemEncryptSevEsIsEnabled() { DoSevInitializeRamRegions() } Then you can check more in DoSevInitializeRamRegions(). DoSevInitializeRamRegions() { MemEncryptSevSnpIsEnabled() { } } 0028-OvmfPkg-AmdSev-expose-the-SNP-reserved-pages-through-configuration-tab= le I am not convinced to include SEV specific data structure in a generic stru= cture in ConfidentialComputingSecret.h. I recommend moving it to SEV specific file. 0029-UefiCpuPkg-MpInitLib-Use-SEV-SNP-AP-Creation-NAE-event-to-launch-APs See 0008, 0023. I recommend to move SevSnpCreateSaveArea() to Sev.c. Thank you Yao Jiewen > -----Original Message----- > From: Brijesh Singh > Sent: Thursday, September 2, 2021 12:16 AM > To: devel@edk2.groups.io > Cc: James Bottomley ; Xu, Min M ; > Yao, Jiewen ; Tom Lendacky > ; Justen, Jordan L ; > Ard Biesheuvel ; Erdem Aktas > ; Michael Roth ; Gerd > Hoffmann ; Brijesh Singh > Subject: [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 >=20 > SEV-SNP builds upon existing SEV and SEV-ES functionality while adding > new hardware-based memory protections. SEV-SNP adds strong memory > integrity > protection to help prevent malicious hypervisor-based attacks like data > replay, memory re-mapping and more in order to create an isolated memory > encryption environment. >=20 > This series provides the basic building blocks to support booting the SEV= -SNP > VMs, it does not cover all the security enhancement introduced by the SEV= -SNP > such as interrupt protection. >=20 > Many of the integrity guarantees of SEV-SNP are enforced through a new > structure called the Reverse Map Table (RMP). Adding a new page to SEV-SN= P > VM requires a 2-step process. First, the hypervisor assigns a page to the > guest using the new RMPUPDATE instruction. This transitions the page to > guest-invalid. Second, the guest validates the page using the new PVALIDA= TE > instruction. The SEV-SNP VMs can use the new "Page State Change Request > NAE" > defined in the GHCB specification to ask hypervisor to add or remove page > from the RMP table. >=20 > Each page assigned to the SEV-SNP VM can either be validated or unvalidat= ed, > as indicated by the Validated flag in the page's RMP entry. There are two > approaches that can be taken for the page validation: Pre-validation and > Lazy Validation. >=20 > Under pre-validation, the pages are validated prior to first use. And und= er > lazy validation, pages are validated when first accessed. An access to a > unvalidated page results in a #VC exception, at which time the exception > handler may validate the page. Lazy validation requires careful tracking = of > the validated pages to avoid validating the same GPA more than once. The > recently introduced "Unaccepted" memory type can be used to communicate > the > unvalidated memory ranges to the Guest OS. >=20 > At this time we only support the pre-validation. OVMF detects all the ava= ilable > system RAM in the PEI phase. When SEV-SNP is enabled, the memory is valid= ated > before it is made available to the EDK2 core. >=20 > Now that series contains all the basic support required to launch SEV-SNP > guest. We are still missing the Interrupt security feature provided by th= e > SNP. The feature will be added after the base support is accepted. >=20 > Additional resources > --------------------- > SEV-SNP whitepaper > https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm- > isolation-with-integrity-protection-and-more.pdf >=20 > APM 2: https://www.amd.com/system/files/TechDocs/24593.pdf (section 15.36= ) >=20 > The complete source is available at > https://github.com/AMDESE/ovmf/tree/sev-snp-rfc-5 >=20 > GHCB spec: > https://developer.amd.com/wp-content/resources/56421.pdf >=20 > SEV-SNP firmware specification: > https://www.amd.com/system/files/TechDocs/56860.pdf >=20 > Change since v5: > * When possible use the CPUID value from CPUID page > * Move the SEV specific functions from SecMain.c in AmdSev.c > * Rebase to the latest code > * Add the review feedback from Yao. >=20 > Change since v4: > * Use the correct MSR for the SEV_STATUS > * Add VMPL-0 check >=20 > Change since v3: > * ResetVector: move all SEV specific code in AmdSev.asm and add macros t= o > keep > the code readable. > * Drop extending the EsWorkArea to contain SNP specific state. > * Drop the GhcbGpa library and call the VmgExit directly to register GHC= B GPA. > * Install the CC blob config table from AmdSevDxe instead of extending t= he > AmdSev/SecretsDxe for it. > * Add the separate PCDs for the SNP Secrets. >=20 > Changes since v2: > * Add support for the AP creation. > * Use the module-scoping override to make AmdSevDxe use the IO port for = PCI > reads. > * Use the reserved memory type for CPUID and Secrets page. > * > Changes since v1: > * Drop the interval tree support to detect the pre-validated overlap reg= ion. > * Use an array to keep track of pre-validated regions. > * Add support to query the Hypervisor feature and verify that SNP featur= e is > supported. > * Introduce MemEncryptSevClearMmioPageEncMask() to clear the C-bit from > MMIO ranges. > * Pull the SevSecretDxe and SevSecretPei into OVMF package build. > * Extend the SevSecretDxe to expose confidential computing blob location > through > EFI configuration table. >=20 > Brijesh Singh (25): > OvmfPkg: reserve SNP secrets page > OvmfPkg: reserve CPUID page for SEV-SNP > OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID > OvmfPkg/ResetVector: invalidate the GHCB page > OvmfPkg/ResetVector: check the vmpl level > OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase > UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs > OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() > OvmfPkg/SecMain: move SEV specific routines in AmdSev.c > OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest > OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest > OvmfPkg/AmdSevDxe: do not use extended PCI config space > OvmfPkg/MemEncryptSevLib: add support to validate system RAM > OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM > OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI > phase > OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv > OvmfPkg/PlatformPei: validate the system RAM when SNP is active > OvmfPkg/PlatformPei: set the SEV-SNP enabled PCD > OvmfPkg/PlatformPei: set the Hypervisor Features PCD > MdePkg/GHCB: increase the GHCB protocol max version > UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is > enabled > OvmfPkg/MemEncryptSevLib: change the page state in the RMP table > OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address > OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map > OvmfPkg/AmdSev: expose the SNP reserved pages through configuration > table >=20 > Michael Roth (3): > OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values > OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values > UefiCpuPkg/MpInitLib: use BSP to do extended topology check >=20 > Tom Lendacky (1): > UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs >=20 > OvmfPkg/OvmfPkg.dec | 23 + > UefiCpuPkg/UefiCpuPkg.dec | 11 + > OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +- > OvmfPkg/Bhyve/BhyveX64.dsc | 5 +- > OvmfPkg/OvmfPkgIa32.dsc | 1 + > OvmfPkg/OvmfPkgIa32X64.dsc | 6 +- > OvmfPkg/OvmfPkgX64.dsc | 5 +- > OvmfPkg/OvmfXen.dsc | 5 +- > OvmfPkg/OvmfPkgX64.fdf | 12 +- > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 7 + > .../DxeMemEncryptSevLib.inf | 3 + > .../PeiMemEncryptSevLib.inf | 7 + > .../SecMemEncryptSevLib.inf | 3 + > OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 2 + > OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 3 + > OvmfPkg/PlatformPei/PlatformPei.inf | 10 + > OvmfPkg/ResetVector/ResetVector.inf | 6 + > OvmfPkg/Sec/SecMain.inf | 4 + > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 + > UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 + > MdePkg/Include/Register/Amd/Ghcb.h | 2 +- > .../Guid/ConfidentialComputingSecret.h | 18 + > OvmfPkg/Include/Library/MemEncryptSevLib.h | 26 + > .../X64/SnpPageStateChange.h | 31 ++ > .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 + > OvmfPkg/Sec/AmdSev.h | 95 ++++ > UefiCpuPkg/Library/MpInitLib/MpLib.h | 20 + > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 23 + > .../DxeMemEncryptSevLibInternal.c | 27 ++ > .../Ia32/MemEncryptSevLib.c | 17 + > .../PeiMemEncryptSevLibInternal.c | 27 ++ > .../SecMemEncryptSevLibInternal.c | 19 + > .../X64/DxeSnpSystemRamValidate.c | 40 ++ > .../X64/PeiDxeVirtualMemory.c | 167 ++++++- > .../X64/PeiSnpSystemRamValidate.c | 126 +++++ > .../X64/SecSnpSystemRamValidate.c | 36 ++ > .../X64/SnpPageStateChangeInternal.c | 295 ++++++++++++ > OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 444 ++++++++++++++++-- > OvmfPkg/PlatformPei/AmdSev.c | 192 ++++++++ > OvmfPkg/PlatformPei/MemDetect.c | 21 + > OvmfPkg/Sec/AmdSev.c | 267 +++++++++++ > OvmfPkg/Sec/SecMain.c | 160 +------ > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 11 +- > .../MpInitLib/Ia32/SevSnpRmpAdjustInternal.c | 31 ++ > UefiCpuPkg/Library/MpInitLib/MpLib.c | 286 ++++++++++- > .../MpInitLib/X64/SevSnpRmpAdjustInternal.c | 44 ++ > OvmfPkg/FvmainCompactScratchEnd.fdf.inc | 5 + > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 28 ++ > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 307 +++++++++++- > OvmfPkg/ResetVector/ResetVector.nasmb | 6 + > UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 2 + > UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 78 +++ > 52 files changed, 2771 insertions(+), 225 deletions(-) > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h > create mode 100644 OvmfPkg/Sec/AmdSev.h > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c > create mode 100644 OvmfPkg/Sec/AmdSev.c > create mode 100644 > UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c > create mode 100644 > UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c >=20 > -- > 2.17.1