From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web12.2111.1627460213569165438 for ; Wed, 28 Jul 2021 01:16:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=HTMLBHhL; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10058"; a="210725491" X-IronPort-AV: E=Sophos;i="5.84,275,1620716400"; d="scan'208";a="210725491" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jul 2021 01:16:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,275,1620716400"; d="scan'208";a="580606810" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga001.fm.intel.com with ESMTP; 28 Jul 2021 01:16:49 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 28 Jul 2021 01:16:49 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Wed, 28 Jul 2021 01:16:48 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Wed, 28 Jul 2021 01:16:48 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.174) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Wed, 28 Jul 2021 01:16:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N5HsRxe+mjMGdxCi0JQRs9R0F310Yr/5BxsZz64X1BbX+3BFsFueT5CTilLNBsLEapYxZBIubmPC30tBe86p88LDK+uhFhLtcsJ9clQO55y6ozCK4DoW2HB9OCWxUyO3B4Opgty5ZK/l6LhOyG/vT5FdZD0ARVulOurGHUcqwZDGWkUQnkX+04GIiooG3ApiV8daUC+xOHZKVTk4nGIYwRdkSg/Rm4ORIfZ3Z+FGXSbMLH1oMY3EjllupmEsstcZGrwFu9jfy9sXyvdYCAfaKTBG+sMzwpubm034HHFwubvFBcFO8R1ualVwKRywnwlaV6oB4c1jdtRhpCCx8BZaWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iEEKZ/I4VnMfA9EX0M7LArgKPHJv2JZtBp3wjt+oyVs=; b=DpI1tm3TqsWUiirb+IqUvYABNkwJI6uHZWqHfhZEZ+8aHgS5Xs9mDOmgq6wuWspz+cjhwgZG77MXLqhJ4VqadHtwcUiLSDap1YMgZ5S9iEo86RJvQBkvxheSTGfj7x/ncbozy/lf9F/fpT0n8bGFrB2GvkrFG12yTldNR31TFVoklJIZxxxSJrxGxBvXWupfKm1bFvg/4tIY+jq+acxSHuBvlnis5B9L6oawE6/z2VkfbXybbX1wDEcXQ9rQWAzRMLRZeLQn0FRAh1w/FvrSDIJ7YmvyiGofoR/KSLcgwGmoT3GUWHkxEhBLbYrP9gWINUFAgfJLch792nhrhUEOUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iEEKZ/I4VnMfA9EX0M7LArgKPHJv2JZtBp3wjt+oyVs=; b=HTMLBHhL8UOdRcwFjYUOtbT4+QT5G5kVYpd90nYdv4BD6x/IoBvfJPTaNdWxOrPSLvTTBi/ZetRS42rTpyAdICjqxCyylNgdIt7T95cWkSx+s1fLtB2rBb1HCBln4O9/6v8HBuJtfx0wIxSavfToRr0Ev2uTj/ELSUjqV1hGo1A= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5095.namprd11.prod.outlook.com (2603:10b6:510:3b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.26; Wed, 28 Jul 2021 08:16:46 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::6c99:8170:1c3c:9121]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::6c99:8170:1c3c:9121%3]) with mapi id 15.20.4352.031; Wed, 28 Jul 2021 08:16:46 +0000 From: "Yao, Jiewen" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Xu, Min M" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , "Dong, Eric" , "Ni, Ray" , "Kumar, Rahul1" , "Kinney, Michael D" , Liming Gao , "Liu, Zhiguang" , Michael Roth Subject: Re: [RFC PATCH v4 00/27] Add AMD Secure Nested Paging (SEV-SNP) support Thread-Topic: [RFC PATCH v4 00/27] Add AMD Secure Nested Paging (SEV-SNP) support Thread-Index: AQHXbEUe0OJdKZm7ykimI2AJrn8auKtYNNJw Date: Wed, 28 Jul 2021 08:16:46 +0000 Message-ID: References: <20210628174223.1302-1-brijesh.singh@amd.com> In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c65b225c-c2b6-4ec3-6891-08d951a00abc x-ms-traffictypediagnostic: PH0PR11MB5095: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: r4cuvZ/IkS3vj3whBurMQ3tOHmdshO8VYUeD2E3X/fQjcS3H1p6Au7VcyoWrEtl/InLJK8MwgdYcC5Vtp7b3HzUUU1VjGA9R8uLNS7TVHzTcZVPEhrDqOc9qYwkadecMG0AT69/BC+0U50ukQfD4SeZjmZ2i7gGtpuT8OloHUeKE+MuqQh4jPUsdHvz68mthZ58vP6oR7spbnlq9K4+kbSeY+8LkxQNNDeWc0xdIWRnkvMNOgbnhVodYuVsgADXSSLwIJnnuZTVbIYzA+8mT+8RIJOppfqMbwWRIy35x/2Xd3Bhuq+DKZnUqPfRcsc7RGmI+ips9xsRlfGNUGqtaVXJIHBpUmTVutz92aWMJIMM1ePC8+Y9+zBPs7esilBXWB/VeJD0DosJLYnytrQoYzAw5pjcOa4x353muabAs73tuTzMd2/m/BFWwnk7+OLSKhCorBQf3oAnQE9KnyTFgeFGmyT86olLJl11ubFWDcL0temMsR76O9TQtj7V4iKOTJ0WcudR3VaSSyeOQMoRCh+ZMQKHOrfmrKbze/H8PqOJtVr4dzCmuPtz92NN5+gGyNSZaLFgk9nX8s9QnFXK631u0cjLzrO0riXrpnC8xmHwa6LzNiLjRFSSARMs12iPX0aviTtOKX1pp2rzgCaRwvMJlOD/aj9qEQ2pMVdheoxVBStQBRcB0bFuF4S0J1kTwnpxA4GwemBKBY+CNECr+kAq1DEkHJ0NNFX1zSUZIqdZC7/fEEpZR6hSOn/joaOluGC2lrGFSoP5vTehyRSdxppAjNr28nEb9wvDnqzjA9eS/7yPQBNw8UDum1SOWHG8OmdzAvkSerbbLEZ/3PdDatg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(39860400002)(396003)(136003)(366004)(7696005)(4326008)(186003)(66446008)(2906002)(966005)(110136005)(54906003)(66946007)(8676002)(9686003)(33656002)(55016002)(8936002)(316002)(66556008)(66476007)(64756008)(76116006)(478600001)(5660300002)(38100700002)(83380400001)(122000001)(86362001)(52536014)(19627235002)(6506007)(53546011)(71200400001)(26005)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?lealRNyY273Gt5BZZA7J3X83HrMudrbwD7dQxFeaf7qYn4FNY9NDQVv2Xwmk?= =?us-ascii?Q?k6NSqcY81tadJm5UiqUOWE39XWEQp8dQpxHTdtStX/29hAYSvCTCJYnEPecY?= =?us-ascii?Q?5HfXkMMYH0NQIaVqlTE0BmA9/3RxYdSYbxyvr/ECcHrwbndNg7PiNcuI1euO?= =?us-ascii?Q?ReTZqyfsj4jd9XQ3g0itfpkQIxWbijpt56E8RDe44Ci1y8BsX3kgZj5sAZh1?= =?us-ascii?Q?Ppi0MHTlLWquKaDTGWjpLkDbBWBAf5c2enIrGUtpI5Z6pAosNt69zJIuTcna?= =?us-ascii?Q?wCdYyKSh4ja7EY6QzP/1ZoTnVyAyXzlIEIiMA1/M6xC088VZrx0xw15IO0xj?= =?us-ascii?Q?KMyD3sb3uBkHwmKXycsFQ7UxnLK4ve4smhI5QJe8tuBHODar6r3bmouoObis?= =?us-ascii?Q?MdtCaMuL2Sn6dTdS3akj5FnD6Wv2y6q1ws633x38LgtsTEF0zyMDjtMGmFgl?= =?us-ascii?Q?SfLCzllGUUmrwR+7QdeyVevPNdEfjAnnNQ7eKxQuEgdkSSltwY4FRiw7PkQB?= =?us-ascii?Q?fndvocmnjMAITYrjJ3Sy0oOD56cLH5exKfRxWw35uAtqSZbM28zRMPNb37d5?= =?us-ascii?Q?DeZbwYFInR+bdB4HQKtyeyWGoaYEMGnHyemVzjAwURxM0x8hNqag3Rx5OrV7?= =?us-ascii?Q?WZaf9Y4YfsTBUWiwZzdr/VMSr6x+fYfwhbYqSdB6WwSHee5m0LrJ+hhBIBhU?= =?us-ascii?Q?6vo3JZTr2NwLXpu6cGNvn5kwbmuDv1VKw7S44vozfgYJ3ZN4X9SSW3YUN46U?= =?us-ascii?Q?pQ3ue+f8YO83xbOP8DMQM0W2Dkcm8it0qNN6vYOlOZf219vEZZ0hajh1I0p5?= =?us-ascii?Q?nmGX31dwl+QMiPlBP+r7aGK8yX46RWts9XW6kFg0vsB3aS7RROBJWkKltbGo?= =?us-ascii?Q?Kr8UghbnZAfM32brRXh4jO6KWYwX3XpC43A3igAUnQIaaZKvGVw8tVy7Ayc6?= =?us-ascii?Q?dDPnWHrE8NRP9xeZCNGgWrvWg5OCJrT84q0t9cNFzUJyrA/EQBLL2j5O6ueR?= =?us-ascii?Q?I71TgHTfXbPDgIFP++p0/RQIhxpjy7zfOz0x2lqNWIS9WfC8mQ7SvLleGTCZ?= =?us-ascii?Q?mfP3NGmeiXYjqc1RsAV9Lf7ctD1gbbmJ+iY0p1j0UP6+SoPY5aUL31bJ32jW?= =?us-ascii?Q?fZXsNMveLoBPjgx7uUTGNfCJ8X1J3GY0FPHGtChS4DDKsP1atgaTS+qtkNi5?= =?us-ascii?Q?u2GR31m6cMj8ONbB+uul9218EDA/QEQZ4vBb50Oa9aR+71SvU4WjpaYG/aDj?= =?us-ascii?Q?VLYQi6j2OXuM9JZBTypsC1Eo1dhKhi6KjCcUhluVn7mYYJwpiiLVOqf979UM?= =?us-ascii?Q?6OiZZIRMefN5lAB2EVc7cj55?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c65b225c-c2b6-4ec3-6891-08d951a00abc X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2021 08:16:46.4471 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iLzYCcBPD/OeoqyUbJdUFP2C9Ud0NTpv8qnLB9nNQ+m62LR9c8Pi6057wE9/FFJlaqZeHvtNQEhjYB/45CmGnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5095 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Brijesh I reviewed the patch set. I have some basic questions. Please help me understand before I post my comment If a platform supports SEV-SNP, can we assume SEV-ES is supported? Or is it a valid case that SecSnp=3D=3DYES, SevEs=3D=3DNO? I am trying to understand how many cases we need support. I think we want to support below: +------------------------+ | SEV | SEV_ES | SEV_SNP | +------------------------+ | 0 | 0 | 0 | | 1 | 0 | 0 | | 1 | 1 | 0 | | 1 | 1 | 1 | +------------------------+ Any other combination we need support? Such as below: +------------------------+ | SEV | SEV_ES | SEV_SNP | +------------------------+ | 0 | 1 | 0 | | 0 | 0 | 1 | | 0 | 1 | 1 | | 1 | 0 | 1 | +------------------------+ Thank you Yao Jiewen > -----Original Message----- > From: Brijesh Singh > Sent: Tuesday, June 29, 2021 1:42 AM > To: devel@edk2.groups.io > Cc: James Bottomley ; Xu, Min M ; > Yao, Jiewen ; Tom Lendacky > ; Justen, Jordan L ; > Ard Biesheuvel ; Laszlo Ersek > ; Erdem Aktas ; Dong, Eric > ; Ni, Ray ; Kumar, Rahul1 > ; Kinney, Michael D ; > Liming Gao ; Liu, Zhiguang > ; Michael Roth ; Brijesh > Singh > Subject: [RFC PATCH v4 00/27] Add AMD Secure Nested Paging (SEV-SNP) > support >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 >=20 > SEV-SNP builds upon existing SEV and SEV-ES functionality while adding > new hardware-based memory protections. SEV-SNP adds strong memory > integrity > protection to help prevent malicious hypervisor-based attacks like data > replay, memory re-mapping and more in order to create an isolated memory > encryption environment. >=20 > This series provides the basic building blocks to support booting the SEV= -SNP > VMs, it does not cover all the security enhancement introduced by the SEV= -SNP > such as interrupt protection. >=20 > Many of the integrity guarantees of SEV-SNP are enforced through a new > structure called the Reverse Map Table (RMP). Adding a new page to SEV-SN= P > VM requires a 2-step process. First, the hypervisor assigns a page to the > guest using the new RMPUPDATE instruction. This transitions the page to > guest-invalid. Second, the guest validates the page using the new PVALIDA= TE > instruction. The SEV-SNP VMs can use the new "Page State Change Request > NAE" > defined in the GHCB specification to ask hypervisor to add or remove page > from the RMP table. >=20 > Each page assigned to the SEV-SNP VM can either be validated or unvalidat= ed, > as indicated by the Validated flag in the page's RMP entry. There are two > approaches that can be taken for the page validation: Pre-validation and > Lazy Validation. >=20 > Under pre-validation, the pages are validated prior to first use. And und= er > lazy validation, pages are validated when first accessed. An access to a > unvalidated page results in a #VC exception, at which time the exception > handler may validate the page. Lazy validation requires careful tracking = of > the validated pages to avoid validating the same GPA more than once. The > recently introduced "Unaccepted" memory type can be used to communicate > the > unvalidated memory ranges to the Guest OS. >=20 > At this time we only support the pre-validation. OVMF detects all the ava= ilable > system RAM in the PEI phase. When SEV-SNP is enabled, the memory is valid= ated > before it is made available to the EDK2 core. >=20 > This series does not implements the following SEV-SNP features yet: >=20 > * CPUID filtering > * Lazy validation > * Interrupt security >=20 > Additional resources > --------------------- > SEV-SNP whitepaper > https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm- > isolation-with-integrity-protection-and-more.pdf >=20 > APM 2: https://www.amd.com/system/files/TechDocs/24593.pdf (section 15.36= ) >=20 > The complete source is available at > https://github.com/AMDESE/ovmf/tree/sev-snp-rfc-4 >=20 > GHCB spec: > https://developer.amd.com/wp-content/resources/56421.pdf >=20 > SEV-SNP firmware specification: > https://www.amd.com/system/files/TechDocs/56860.pdf >=20 > Brijesh Singh (26): > OvmfPkg/ResetVector: move SEV specific code in a separate file > OvmfPkg/ResetVector: add the macro to invoke MSR protocol based > VMGEXIT > OvmfPkg/ResetVector: add the macro to request guest termination > OvmfPkg: reserve SNP secrets page > OvmfPkg: reserve CPUID page for SEV-SNP > OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID > OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase > OvmfPkg/ResetVector: invalidate the GHCB page > UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs > OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() > OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest > OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest > OvmfPkg/AmdSevDxe: do not use extended PCI config space > OvmfPkg/MemEncryptSevLib: add support to validate system RAM > OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM > OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI > phase > OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv > OvmfPkg/PlatformPei: validate the system RAM when SNP is active > OvmfPkg/PlatformPei: set the SEV-SNP enabled PCD > OvmfPkg/PlatformPei: set the Hypervisor Features PCD > MdePkg/GHCB: increase the GHCB protocol max version > UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is > enabled > OvmfPkg/MemEncryptSevLib: change the page state in the RMP table > OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address > OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map > OvmfPkg/AmdSev: expose the SNP reserved pages through configuration > table >=20 > Tom Lendacky (1): > UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs >=20 > OvmfPkg/OvmfPkg.dec | 24 + > UefiCpuPkg/UefiCpuPkg.dec | 11 + > OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +- > OvmfPkg/Bhyve/BhyveX64.dsc | 5 +- > OvmfPkg/OvmfPkgIa32.dsc | 1 + > OvmfPkg/OvmfPkgIa32X64.dsc | 6 +- > OvmfPkg/OvmfPkgX64.dsc | 5 +- > OvmfPkg/OvmfXen.dsc | 5 +- > OvmfPkg/OvmfPkgX64.fdf | 14 +- > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 7 + > .../DxeMemEncryptSevLib.inf | 3 + > .../PeiMemEncryptSevLib.inf | 7 + > .../SecMemEncryptSevLib.inf | 3 + > OvmfPkg/PlatformPei/PlatformPei.inf | 8 + > OvmfPkg/ResetVector/ResetVector.inf | 6 + > OvmfPkg/Sec/SecMain.inf | 3 + > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 4 + > UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 4 + > MdePkg/Include/Register/Amd/Ghcb.h | 2 +- > .../Guid/ConfidentialComputingSecret.h | 18 + > OvmfPkg/Include/Library/MemEncryptSevLib.h | 26 ++ > .../X64/SnpPageStateChange.h | 31 ++ > .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 + > UefiCpuPkg/Library/MpInitLib/MpLib.h | 19 + > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 23 + > .../DxeMemEncryptSevLibInternal.c | 27 ++ > .../Ia32/MemEncryptSevLib.c | 17 + > .../PeiMemEncryptSevLibInternal.c | 27 ++ > .../SecMemEncryptSevLibInternal.c | 19 + > .../X64/DxeSnpSystemRamValidate.c | 40 ++ > .../X64/PeiDxeVirtualMemory.c | 167 ++++++- > .../X64/PeiSnpSystemRamValidate.c | 126 ++++++ > .../X64/SecSnpSystemRamValidate.c | 36 ++ > .../X64/SnpPageStateChangeInternal.c | 295 +++++++++++++ > OvmfPkg/PlatformPei/AmdSev.c | 192 ++++++++ > OvmfPkg/PlatformPei/MemDetect.c | 21 + > OvmfPkg/Sec/SecMain.c | 111 +++++ > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 11 +- > .../MpInitLib/Ia32/SevSnpRmpAdjustInternal.c | 31 ++ > UefiCpuPkg/Library/MpInitLib/MpLib.c | 275 +++++++++++- > .../MpInitLib/X64/SevSnpRmpAdjustInternal.c | 44 ++ > OvmfPkg/FvmainCompactScratchEnd.fdf.inc | 5 + > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 27 ++ > .../Ia32/{PageTables64.asm =3D> AmdSev.asm} | 415 +++++++++--------- > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 404 +---------------- > OvmfPkg/ResetVector/ResetVector.nasmb | 7 + > UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + > UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++ > 48 files changed, 1978 insertions(+), 630 deletions(-) > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c > create mode 100644 > OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c > create mode 100644 > UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c > create mode 100644 > UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c > copy OvmfPkg/ResetVector/Ia32/{PageTables64.asm =3D> AmdSev.asm} (67%) >=20 > -- > 2.17.1