From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web09.5039.1628140640907434236
 for <devel@edk2.groups.io>;
 Wed, 04 Aug 2021 22:17:21 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=QbnCUVkd;
 spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10066"; a="193665459"
X-IronPort-AV: E=Sophos;i="5.84,296,1620716400"; 
   d="scan'208";a="193665459"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2021 22:17:19 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.84,296,1620716400"; 
   d="scan'208";a="512417613"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14])
  by FMSMGA003.fm.intel.com with ESMTP; 04 Aug 2021 22:17:19 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10; Wed, 4 Aug 2021 22:17:19 -0700
Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by
 ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10; Wed, 4 Aug 2021 22:17:18 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10 via Frontend Transport; Wed, 4 Aug 2021 22:17:18 -0700
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.44) by
 edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.10; Wed, 4 Aug 2021 22:17:18 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=cJSUgkb69Whn+VNEAH353LkVb/8vmnC+yXJbAgsb770FlWX6YcOtjNEP1rPk6uD/IFyFrOxwe0kDhKW0xyPSBXtjp6iwujH5d2CcS84pzHcJag8oQlhZ/zonAyiCQAiK5W9mQSRLi2x+WSW1pBfpPNNk9lKKKAvZHTHn06m4ZePe+YSGQA9og65gyot+dq8hy3/0OeZSvHaFcaH4yR9WpnGnXnFVNEFB0uOHavKEQRkDkjrwHvzsdluTrO8Rk7OtGdBbuM4Bz2fhDZubptITPscx/vis4KWBPaq9r5D4gkVqyYBHAd6ZXeeCPlSNrMWZSLcP22zMf4/1oP5CU0AUBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Q5b4GiXcG1qLfdk9TPm0b7cgyBwzN81TFul26fPl8VY=;
 b=XckKf7MJGqgx2EPHBLnyFsKZ00qhH1ocGCrD7GPfJBaXb4Q9yURHuYGv6+qAZHpUUF03ArdHkaI0144YIKpU/jEky0pT8HDy6uyVVmTPWbIvdFDQp3yX5wZPU4jRjuBPIdMhEcE4sWZaftX08FUA37koa0AkP6aqHiBXAKlsnIhNjzkBI0qj6+H/dbjq9wfakzCUR7MURZqLo9sEBa300lfivl8bNrJDLGscfkDzenhHRb8oGCBdwAOId0QgPqZ30Ee1XCQ2Bs0OimI8Mn3rRrJNOGW9Izvu/cR933Rd84n8qEAVf8lskQpHeMXFRtorxJItkE6yBdYfQwgjhGgjqA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Q5b4GiXcG1qLfdk9TPm0b7cgyBwzN81TFul26fPl8VY=;
 b=QbnCUVkdMAU2Y+ZWYkigeuRl2xjJyVaiJCJPbtOc51KYRLgQ4WuviKyr6ZoUoNuMnTGChpiwfeAGkRfYRbzvFAMn8yLHEcxb6XRbwCaMRmuxkk90AnVgSsB1Ehu2kJMEZhfUxQDXAu9gGj6uBXnjH41NYnwPCTp1MqmoRbQSRWE=
Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14)
 by PH0PR11MB5046.namprd11.prod.outlook.com (2603:10b6:510:3b::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Thu, 5 Aug
 2021 05:17:16 +0000
Received: from PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::6c99:8170:1c3c:9121]) by PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::6c99:8170:1c3c:9121%3]) with mapi id 15.20.4373.026; Thu, 5 Aug 2021
 05:17:16 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "ashish.kalra@amd.com"
	<ashish.kalra@amd.com>
CC: "dovmurik@linux.vnet.ibm.com" <dovmurik@linux.vnet.ibm.com>,
	"brijesh.singh@amd.com" <brijesh.singh@amd.com>, "tobin@ibm.com"
	<tobin@ibm.com>, "Thomas.Lendacky@amd.com" <Thomas.Lendacky@amd.com>,
	"jejb@linux.ibm.com" <jejb@linux.ibm.com>, "Justen, Jordan L"
	<jordan.l.justen@intel.com>, "ard.biesheuvel@arm.com"
	<ard.biesheuvel@arm.com>, "erdemaktas@google.com" <erdemaktas@google.com>,
	"Xu, Min M" <min.m.xu@intel.com>
Subject: Re: [edk2-devel] [PATCH v6 0/6] SEV Live Migration support for OVMF.
Thread-Topic: [edk2-devel] [PATCH v6 0/6] SEV Live Migration support for OVMF.
Thread-Index: AQHXh5pVmf1ecxAg2kuP+YPei5j2B6tkYWQQ
Date: Thu, 5 Aug 2021 05:17:15 +0000
Message-ID: <PH0PR11MB4885EF1D15AF5FC078F9885A8CF29@PH0PR11MB4885.namprd11.prod.outlook.com>
References: <cover.1627900864.git.ashish.kalra@amd.com>
In-Reply-To: <cover.1627900864.git.ashish.kalra@amd.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e152aa94-eab7-435e-2055-08d957d04a4a
x-ms-traffictypediagnostic: PH0PR11MB5046:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB5046166ECC89DBEEBCE319A98CF29@PH0PR11MB5046.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Onuk9sme8TsJ2m4BjGZjjwChQF7PnCG+Wj+TuqMcE0O+A3uaWaC9UyirRssWC4hZcyblM2dru6fGw/cYBF8Y/nFofgEUxYIf6e27zEcClII3b0gJo1sa7uAGsuMOiEgzKzTYEPYVwpx4usdvI25/t0cfTo8B/chQDZlmgNl0q4HDT36mUffWxNtP/0dqH9iilCET2jfsqj8nhfe6UzR+JRBG3/wF2ahMuKw3BfPLfrtvbrGx4eCWIwhYOYXAfYkGHQ7QEKGkKWL0qfRXHd9wH9NmLa5OSchB9gIVkQn0aUuCoVeB//o6/ZZ2qwLMKL2JPRsQWLD/XQnadM0EaWSAluNfeBIaa5M7VuI/WJVRj7CrREgtMo8NzAGaLKvUTRv3zygziy7PR9kKDUiBNI/Hq3dq0ud5bz3zR5UhSONzlTCcJR+sUhk1UwodZAxRgADP+xxZHEsoBcu5AzF11xIklL5gCdQ+8KJ04+kZlDanQT2GtkjPi9zhY947DzM+Gi3zjFKFIubSX+9oGYGD4WbIFwcZE/ceMHb1VhMAS6FodtGeCLD6V8kf2Lp07Go7A7+SJubgk/j5hGTNkv2xCmnwG7V2pvrPTgLVuEn9EDOfofCJQoHTn2B/bKqMtsYyBpe2wtcKh+hlOK7rswT6f41Ows+Zq8SeqjFwIgyvSjoN0rmKtq2F8jWJmAKFUuYrQVSvw2Omm3efojbqDnX/MAjGf7z8UIRuoYJf23zjzXPpC7Qmgb8ARizf6hHOqMD3udbnfAdU+Teiran/UyhjOQcE7kA+cguTeeaIdX79r53cXP48OlfObMz/0dNcPMfIZYpA35+6w2yPeYH+vysoEOQ0BA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(86362001)(83380400001)(7696005)(5660300002)(33656002)(966005)(66946007)(55016002)(38100700002)(2906002)(8936002)(8676002)(38070700005)(107886003)(508600001)(316002)(122000001)(71200400001)(76116006)(186003)(66446008)(19627235002)(6506007)(26005)(52536014)(54906003)(4326008)(64756008)(110136005)(53546011)(66556008)(9686003)(66476007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?S+j+rP6+Owo2KlDl9LsVrro1CEnFCUQ+elaZpgc3vzKCHErjzQaajICRyb+A?=
 =?us-ascii?Q?zPtraCIC1dYtrWkL7SzQK9iLD5gOUkKsLS76WNOfkQFdiJ4Rmx47BB24Za3a?=
 =?us-ascii?Q?jhSXceUC1rE/ROKdAgcibWF6Qkn3bs6GFjL0RrdGqr7BN0lVgL8Ue67CFi8P?=
 =?us-ascii?Q?1cKuUUwH6cxIIGq83nrYbMIdQ/2n2c58uAiXOFa4Z1WbP+2AiJ4hy/LCgvHF?=
 =?us-ascii?Q?tbwAvalNNJUTsFNWpGph1XJTm5oxxUz7s2VjmZLah4k50r6cuPAZxpDVd6bi?=
 =?us-ascii?Q?b6fREHIB9zNKY5XZYSP5DXejhA4U3ZYjNQmcnsac5vmjnC7gEX2MUDHdltfu?=
 =?us-ascii?Q?ySrVAWHEhXim6xp1TmZqALR/5cZZedHGTtTe1xO7SqMObaC9wwL97bCMIAvY?=
 =?us-ascii?Q?neyNCcCFFqbWuedI9OukH0EA12Dt5lIz1qmn9z+WduDAjPjOcVEV+bB1XL04?=
 =?us-ascii?Q?BPwFFxViJG2feoxo0kZJrSvqq6HmXwnOxj0N5pAXAil43CC5FAyRgaSSK3BN?=
 =?us-ascii?Q?q62BiCPoUc86mGbomYokxOKS+DhLakdx/9VsLg/0Zo5lztooAtVrgwyqVy+l?=
 =?us-ascii?Q?R1S6IZ5eoI+yTljalwN2tPVZfRAcfVu0SVrn9Haxg141LuxXIz232xEyrpbz?=
 =?us-ascii?Q?iPdzkxvg5jVBE85PS/NYovKD43RNbE/nMe05S0Yy7hoUF5FMSxF1cNXzs2kF?=
 =?us-ascii?Q?2OuSAzK+wA7bjmOvKJJMvyPEb7IkHAtba3urZmmUHSZhVbu8njhiMOBqGYhH?=
 =?us-ascii?Q?Ur2Mg/yFvwx+kTeCLazkwRFSV5zgW4bKSbZMg+4miq9NN0ojc6fLxCaRHWDu?=
 =?us-ascii?Q?VLUBvfN93TRddZnTDxHTfZcdzoliuImSCS1cahhTtePNAwCoMjPXqaGsV+YB?=
 =?us-ascii?Q?/9S77vZd+qFvyBxs0jdI4xZhwevUtcJzMc1TcqWrcMrQrYulLNMcDk0Ir9rO?=
 =?us-ascii?Q?TyB2h6rUKog9LueIRt0locP1Iz+RkSj1i8p4CLg3dO056Jw7jievEzO3rmed?=
 =?us-ascii?Q?exC7lRhR32RnKu1z2cGpCjp3qr9nc9lp1cCKZNRoy202EmhOhFddIn7VsvFN?=
 =?us-ascii?Q?CkB807Ju9a2yFoovvLMXeKfx3w7Te64YycpTo/ROkdKf57KVWwF7Fi7FbNUu?=
 =?us-ascii?Q?z85ezrA8fF2mzW53qPcsBMVsVCfPtevYy+GD71LpUTXLKVKQupFxwqt4brOp?=
 =?us-ascii?Q?cOf/7fo9lTolnQvV8l+ZeA761rc90Xpr4HMm5EtKF9N/XWTeGUV2dBjVvfmy?=
 =?us-ascii?Q?bJmrFeHKoW6Z83ARnKovsg426NqN5fJUsoMcZXh4PV7e/hOcwrHC7aH6XuyA?=
 =?us-ascii?Q?ra9K9yxCPMO6B3ZVeEJ9Otyg?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e152aa94-eab7-435e-2055-08d957d04a4a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2021 05:17:15.9527
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /k6od7bVAguufZxIAFgdVg1Fli9Y2999973VrSP/DVCg1mFpBHLv6IbFov+6SPU/QnH74N0kns2Kh1MGJpMxrw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5046
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi
I have some questions:

1) May I know what is the usage of this UEFI variable - SevLiveMigrationEn=
abled?=20
I only see it is created, but I do not see how it is consumed.

2) Is this a full live migration patch, or is this just a startup and ther=
e will be more on the way?

Thank you
Yao Jiewen


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ashish Ka=
lra
> via groups.io
> Sent: Monday, August 2, 2021 8:31 PM
> To: devel@edk2.groups.io
> Cc: dovmurik@linux.vnet.ibm.com; brijesh.singh@amd.com; tobin@ibm.com;
> Thomas.Lendacky@amd.com; jejb@linux.ibm.com; Justen, Jordan L
> <jordan.l.justen@intel.com>; ard.biesheuvel@arm.com;
> erdemaktas@google.com; Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M
> <min.m.xu@intel.com>
> Subject: [edk2-devel] [PATCH v6 0/6] SEV Live Migration support for OVMF=
.
>=20
> From: Ashish Kalra <ashish.kalra@amd.com>
>=20
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3467
>=20
> By default all the SEV guest memory regions are considered encrypted,
> if a guest changes the encryption attribute of the page (e.g mark a
> page as decrypted) then notify hypervisor. Hypervisor will need to
> track the unencrypted pages. The information will be used during
> guest live migration, guest page migration and guest debugging.
>=20
> The patch-set detects if it is running under KVM hypervisor and then
> checks for SEV live migration feature support via KVM_FEATURE_CPUID,
> if detected setup a new UEFI enviroment variable to indicate OVMF
> support for SEV live migration.
>=20
> A branch containing these patches is available here:
> https://github.com/ashkalra/edk2-1/tree/sev_live_migration_v5_10
>=20
> Changes since v5:
>  - Split first patch into three components, one patch for the
>    MemEncryptSevLiveMigrationIsEnabled() API, one patch for the
>    SetMemoryEncDecHypercall3() API, one patch to make use of the
>    SetMemoryEncDecHypercall3() API.
>  - Fix patch subject, in code and patch comments and
>    additionally add relevant comments.
>  - Replace SetMemoryEncDecHypercall3() API's Status argument
>    with a boolean IsEncrypted argument and corresponding fixes
>    to users of this API call.
>  - Fix AsciiStrCmp() usage in KVM hypervisor detection code.
>=20
> Changes since v4:
>  - Remove MemEncryptHypercallLib Library and add support to issue
>    hypercall in the BaseMemEncryptSevLib library itself.
>  - For SEV-ES, make the VC handler hypercall aware by comparing
>    the hypercall number and add the additional register values
>    in the GHCB.
>  - Fix comments in the hypercall API interface.
>  - The encryption bit is set/clear on the smallest page size, hence
>    use the 4k page size in MAP_GPA_RANGE hypercall.
>  - Make the hypercall expect the guest physical address to be
>    page-aligned.
>  - Add KVM live migration feature flag check in BaseMemEncryptSevLib
>    library similar to how BaseMemEncryptSevLib does for the
>    MemEncryptSevIsEnabled() and check it before invoking HC. Also
>    export the MemEncryptSevLiveMigrationIsEnabled() function as
>    part of the library.
>  - Add error handling on hypercall return, on failure, return error
>    code to caller which potentially will cause an assert() and
>    terminate the boot.
>=20
> Changes since v3:
>  - Fix all DSC files under OvmfPkg except X64 to add support for
>    BaseMemEncryptLib and add NULL instance of BaseMemEncryptLib
>    for 32 bit platforms.
>  - Add the MemEncryptHypercallLib-related files to Maintainers.txt,
>    in section "OvmfPkg: Confidential Computing".
>  - Add support for the new KVM_HC_MAP_GPA_RANGE hypercall interface.
>  - Add patch for SEV live migration support.
>=20
> Changes since v2:
>  - GHCB_BASE setup during reset-vector as decrypted is marked explicitly
>    in the hypervisor page encryption bitmap after setting the
>    PcdSevEsIsEnabled PCD.
>=20
> Changes since v1:
>  - Mark GHCB_BASE setup during reset-vector as decrypted explicitly in
>    the hypervisor page encryption bitmap.
>  - Resending the series with correct shallow threading.
>=20
> Ashish Kalra (6):
>   OvmfPkg/BaseMemEncryptLib: Detect SEV live migration feature.
>   OvmfPkg/BaseMemEncryptLib: Hypercall API for page encryption state
>     change
>   OvmfPkg/BaseMemEncryptLib: Invoke page encryption state change
>     hypercall
>   OvmfPkg/VmgExitLib: Encryption state change hypercall support in VC
>     handler
>   OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall
>   OvmfPkg/AmdSevDxe: Add support for SEV live migration.
>=20
>  OvmfPkg/AmdSevDxe/AmdSevDxe.c                 | 64 +++++++++++++++++
>  OvmfPkg/AmdSevDxe/AmdSevDxe.inf               |  4 ++
>  OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h    | 20 ++++++
>  OvmfPkg/Include/Library/MemEncryptSevLib.h    | 70 +++++++++++++++++++
>  .../DxeMemEncryptSevLib.inf                   |  1 +
>  .../DxeMemEncryptSevLibInternal.c             | 39 +++++++++++
>  .../Ia32/MemEncryptSevLib.c                   | 27 +++++++
>  .../PeiDxeMemEncryptSevLibInternal.c          | 52 ++++++++++++++
>  .../PeiMemEncryptSevLib.inf                   |  1 +
>  .../PeiMemEncryptSevLibInternal.c             | 39 +++++++++++
>  .../SecMemEncryptSevLibInternal.c             | 38 ++++++++++
>  .../X64/AsmHelperStub.nasm                    | 33 +++++++++
>  .../X64/MemEncryptSevLib.c                    | 62 ++++++++++++++++
>  .../X64/PeiDxeVirtualMemory.c                 | 20 ++++++
>  OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 13 ++++
>  OvmfPkg/OvmfPkg.dec                           |  1 +
>  OvmfPkg/PlatformPei/AmdSev.c                  | 11 +++
>  17 files changed, 495 insertions(+)
>  create mode 100644 OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h
>  create mode 100644
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm
>=20
> --
> 2.17.1
>=20
>=20
>=20
>=20
>=20