From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.70455.1629382479363909973 for ; Thu, 19 Aug 2021 07:14:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=WmX/Qibv; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10080"; a="280297986" X-IronPort-AV: E=Sophos;i="5.84,334,1620716400"; d="scan'208";a="280297986" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Aug 2021 07:14:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,334,1620716400"; d="scan'208";a="512027182" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga004.fm.intel.com with ESMTP; 19 Aug 2021 07:14:37 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Thu, 19 Aug 2021 07:14:36 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Thu, 19 Aug 2021 07:14:36 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Thu, 19 Aug 2021 07:14:36 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.42) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Thu, 19 Aug 2021 07:14:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PDokX/pPL2skz+8sLJiTu+eof3fJ95/bTjhlJ6ATq1vQfbe/ji6qDFPlPrmV4MTMgw9JfM9aE2RtxSHPH30i8nWNOAGUOGObLq5Ze2Be5zLNr5gfa6Gvmm1v+je54dkzFsoSxPFgjGsUPTpThR016EnPkQnhiI9QRr6nlp76cPTNWtRY0FmsHgdlK8/67X7RjbPVX+k+d2xHKoGcBTrFD8RL78sZ2mOwNDfn9Eyqnwv3a6OH3Pj3mFXkFMjh49Q9tYMDlan/nTeDNq+vPL4qqL2Rvs0+SgMLNiER3DvwQVDh95AiJNVLweZfpKoIpq3IPcHdwC7Sq/vr7IJD/3vS6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X3k4k0clXCOhT058ZpetL7NwDCIYcLOP2XnLp1ByN2E=; b=LG8kher01v/Mx3zo/NdvNH4SCCG4Uzlx16zQtO0Xp9Qt3mfjYFYROHUXAnGEY1e4P1FbLnrBYqcvcoHVw5jZUPQFAYHTeOkaSVPHsLrqn92vQ3JUP6rSDrR/zQNxrm25WgD5bLAV73mbdLal44aMM1OUE/HWK3G/27lqPrO/bdH+GcclHkckmHufosudr0EM9LOEftGlKsWYRBtXKvVlIU607QlSRWpuzl8g2jsk2/5AH0VrkpQKgEsle/zcmNp1R6zAmz/NK2eyR+62djFE92tJyQHu3/+ASF1AQronrjh6SUhZOkWhGm9YDdbq6CPu9xLKvl6xsw92MG0EA0U+Ng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X3k4k0clXCOhT058ZpetL7NwDCIYcLOP2XnLp1ByN2E=; b=WmX/Qibvi+JvJX7AXp+KAwFD9Qt87cWk468fPWjeL3fNiObk3xyOouSnZ6NnATnqun/DUEH9iy1wi51JN8PtDbSvmzEN82a2fnvC6+krb7qkUBhwRB6rVNRGfazxGlk14JZ6SF3HmCRo5tCVjh3bz4rvrBsdq/E50Ld1lBylm+g= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4805.namprd11.prod.outlook.com (2603:10b6:510:32::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Thu, 19 Aug 2021 14:14:34 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b%3]) with mapi id 15.20.4415.024; Thu, 19 Aug 2021 14:14:34 +0000 From: "Min Xu" To: "devel@edk2.groups.io" , "brijesh.singh@amd.com" CC: James Bottomley , "Yao, Jiewen" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" Subject: Re: [edk2-devel] [PATCH v3 1/3] OvmfPkg: introduce a common work area Thread-Topic: [edk2-devel] [PATCH v3 1/3] OvmfPkg: introduce a common work area Thread-Index: AQHXk25rPlK05AnC/k2n4WVl+O+x5qt64gpg Date: Thu, 19 Aug 2021 14:14:33 +0000 Message-ID: References: <20210817134651.20444-1-brijesh.singh@amd.com> <20210817134651.20444-2-brijesh.singh@amd.com> In-Reply-To: <20210817134651.20444-2-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9bf99140-59ba-4b75-ac85-08d9631bab77 x-ms-traffictypediagnostic: PH0PR11MB4805: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 2rg8+2qr28U+1f8iicZ0Hv6h66bSUYHZpCReKGE8g1z3URtl6w8pA7gsROVg7XhIIeRLj/tkQmyLMxPUZJcxANY8nk/6qV6uNEHMsiKIE2WtfF9wofacC+FnXCl+Q9ZLMHA5Tlo6l+AwFd0gx22AoJpYd4cmXAF3G3JCqV7ZoQVB/1MWf7LihXc4XgFDS2yea8bdsq5IxxKr8qWJ1ORXY/HLGM5JJG4QF5/2qfAvVCKMC+zENqQ6FkitBMof9VnrFnFrqwCyWm/HiRhQyrFJIbLWyPWRrt7mja3K4CsTbzF+z9AL7IN08HWLtrwUyxiqKwsteIlz+1pa/ZHxbSPnQjskqkyfsFIJxTp1J96q8mnwJae+iNjsd81RtjObi/h2s/yh4iuTzhTY5esYPxdACJ0GGXQVhUbpBmzH9epIItj8/bkTvF3F11VgEZQWhdttR97jDMlE6xOvkbkXayNTE5YcL9A9RptfvjdiJjfR1FQ02U6bpmKSp43HurarxTQHDZPGnJ6y8zxYxVFn+81B8BkBYxry2AB05jY09X4eUAIrSsRB/oVpaY/BvW+DHatpOxjLhlrOf6/ZSXq8FRAlMnpNvlRsE78li6mnmRpcmV5zDXrhdP60U+a5VFXRXJRppiluw3p098diKdxDJIwtTw1dpmIYXUJ7U7SH4ucCcV4fpCeCbMJhCHRxDhOpiVzKcwYUTzLs3KaiW/RK0/tN4p5EJTHzY3J714ad2zOfvtk9P9JsNm0ZUj/xlS9d/H9Ls8WO2K7mBaetACPhtSq8Z6aGcBkX33ktFB1w28WslIqDuSlYZRPhh/YA1aWu7pMOOeQIhd80OwnOOj5xt+bvog== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(376002)(39860400002)(136003)(346002)(8676002)(186003)(316002)(9686003)(122000001)(33656002)(55016002)(4326008)(38100700002)(71200400001)(30864003)(19627235002)(54906003)(2906002)(478600001)(83380400001)(110136005)(66476007)(5660300002)(76116006)(66446008)(52536014)(66556008)(7696005)(26005)(8936002)(64756008)(53546011)(6506007)(86362001)(66946007)(966005)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?S2jbJF7Ow4T+5KuE7cEyIA4L2I+nr3gtMhTkxR4jTYnuW04mHHE5NFTife5O?= =?us-ascii?Q?5dHOmTct0bIXo3+AQgCfaaSazVW8Y4PElPR8GoOz8x3Jl/JWefeLoqXoDh11?= =?us-ascii?Q?2SaOayONyv9wfeLWxiAl7+j0x2leKGeBRfUUuHMgB/6VmuE1EXrhFkS0ikhI?= =?us-ascii?Q?e9DfP2tsaO78d51bBhsFe1ksL4v/kfdBdFOYDJwGHkPlvk1bzZd4IBU+35yL?= =?us-ascii?Q?5iMv14dIzqurjMPtGVVi/t81roLmS4p1NuTUYJupJnXZJjCGkpmARBdLdWMV?= =?us-ascii?Q?ZHNqtAmQ4f3DQdQmC5/rHM5ERSaSBDJP/FUnA9GzcCsTvoOD/6ZdN+6IHb92?= =?us-ascii?Q?Z2uT5g3APaTu5ZErXTyLJ5RDFpgBqbacCd2FJcar3b21h/E6Huv0lcuefn6V?= =?us-ascii?Q?R3IVCW8qIcc36S/hzrx+fxN10Ha0QloQx64OoyGKic0C3EDn9Pp0HoKAK76Z?= =?us-ascii?Q?j81Kqi7jGPVgXxjWmDPIcz1d9sPem+jI6TxNMUiQPa7eSOQ6tSiMPnSTDg6z?= =?us-ascii?Q?tnUykddFHLBqVeTBq47x0JVCZJtZeoAQLcs1NKZB4NLmhYGQbCHTkdiIIvPo?= =?us-ascii?Q?iZLujQNaaHmyNPeBvk+aGaz6PlPt+/sUbILEuK/tG5N9M5Cf6EuQRyvfheZc?= =?us-ascii?Q?Bh0d4WCKOFCNlVPAm1cTtSm08gNDnrH75GiyPknWguPWnI+AvSkXwX/h8Ox6?= =?us-ascii?Q?JZ7MQy36vX+fchWMsSFwAKtBxHUjqSbWPLmmzTOTJAIM7bw9/DiFOtLW+oAS?= =?us-ascii?Q?Sy7nYrPiPiSa1IpHxHST8B2BQ4uglqedg0w2a8JYsPOJkposfcziDNclLW5/?= =?us-ascii?Q?48+o0Qd6TRcR4kdoRRQHFig79i4iF/KzzV9TX7/0ZO7qfqi54pak9lTqnx+Y?= =?us-ascii?Q?TvKLIp12QmUZOlwYI+VcEpne4OprEhuLWf5lDtGAyZ07kfwJLXiX1bPVjDF+?= =?us-ascii?Q?RC+Rt3rDUugynMynkQUnCw8jlesau1dybjiv2R5obJuEe8vNzzZF6yoKtleM?= =?us-ascii?Q?4EHwbErBoPu4cYSP6s+XPrJ3WAX+igCDVgyajSCxnsqiqaI3zMv7rb+4XP1a?= =?us-ascii?Q?bsZKlaoA/KB9j+ncixh9gHQtthvaZK8NNq11HJH2pIy/rJI9RQzpT2Vn9Cte?= =?us-ascii?Q?P2cS0jQrhnA9fjownlxCfL3I/Fy2TKeb/5WgaNu5gzE6rLWBGYmTj0q4bT1q?= =?us-ascii?Q?lpOPcG9XNHKSjBRPl6q1wxXiLEhE4JIZjp3OyVc1HAPICC2xhEEm2LC75tcs?= =?us-ascii?Q?uVQYXPns/z2Mi0cWzyXMsn2GP9FJTgD1ZniR+IYPoc13dBtdjqD8NZtvJE9S?= =?us-ascii?Q?79uc8Pt73ISgrNTDfUobAs72?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9bf99140-59ba-4b75-ac85-08d9631bab77 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2021 14:14:34.0424 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hd3BRRMig0kwvfKNfUE06ZC3c02rWB65MzCEcHgM3vn7L8cvjcFp+rv3yb1omBZ+NCQNBlKuznF8eqcM7rSHyQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4805 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Min Xu > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Brijesh > Singh via groups.io > Sent: Tuesday, August 17, 2021 9:47 PM > To: devel@edk2.groups.io > Cc: James Bottomley ; Xu, Min M > ; Yao, Jiewen ; Tom Lendacky > ; Justen, Jordan L ; > Ard Biesheuvel ; Erdem Aktas > ; Michael Roth ; Brijesh > Singh > Subject: [edk2-devel] [PATCH v3 1/3] OvmfPkg: introduce a common work are= a >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 >=20 > Both the TDX and SEV support needs to reserve a page in MEMFD as a work > area. The page will contain meta data specific to the guest type. > Currently, the SEV-ES support reserves a page in MEMFD > (PcdSevEsWorkArea) for the work area. This page can be reused as a TDX wo= rk > area when Intel TDX is enabled. >=20 > Based on the discussion [1], it was agreed to rename the SevEsWorkArea to > the OvmfWorkArea, and add a header that can be used to indicate the work > area type. >=20 > [1] https://edk2.groups.io/g/devel/message/78262?p=3D,,,20,0,0,0::\ > created,0,SNP,20,2,0,84476064 >=20 > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Signed-off-by: Brijesh Singh > --- > OvmfPkg/OvmfPkg.dec | 12 ++++ > OvmfPkg/OvmfPkgX64.fdf | 9 ++- > OvmfPkg/PlatformPei/PlatformPei.inf | 4 +- > OvmfPkg/Include/Library/MemEncryptSevLib.h | 21 +------ > OvmfPkg/Include/WorkArea.h | 67 ++++++++++++++++++++++ > OvmfPkg/PlatformPei/MemDetect.c | 8 +-- > OvmfPkg/OvmfPkgDefines.fdf.inc | 6 ++ > 7 files changed, 100 insertions(+), 27 deletions(-) create mode 100644 > OvmfPkg/Include/WorkArea.h >=20 > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index > 8fb6f257e8e8..c37dafad49bb 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -329,6 +329,18 @@ [PcdsFixedAtBuild] > gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 > gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 >=20 > + ## The base address and size of the work area used during the SEC # > + phase by the SEV and TDX supports. > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|0|UINT32|0x49 > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize|0|UINT32|0x50 > + > + ## The work area contains a fixed size header in the Include/WorkArea.= h. > + # The size of this header is used early boot, and is provided through > + # a fixed PCD. It need to be kept in sync with any changes to the # > + header definition. > + > + > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHead > er| > + 0|UINT32|0x51 > + > + > [PcdsDynamic, PcdsDynamicEx] > gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN > |0x10 > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index > 5fa8c0895808..23936242e74a 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -83,7 +83,7 @@ [FD.MEMFD] >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpac > eGuid.PcdOvmfSecGhcbSize >=20 > 0x00B000|0x001000 > - > gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpac > eGuid.PcdSevEsWorkAreaSize > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenS > paceGu > +id.PcdOvmfWorkAreaSize >=20 > 0x00C000|0x001000 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTok > enSpaceGuid.PcdOvmfSecGhcbBackupSize > @@ -99,6 +99,13 @@ [FD.MEMFD] >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenS > paceGuid.PcdOvmfDxeMemFvSize > FV =3D DXEFV >=20 > +################################################################ > ####### > +################### # Set the SEV-ES specific work area PCDs # SET > +gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D > $(MEMFD_BASE_ADDRESS) > ++ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea > der > +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea > der > +################################################################ > ####### > +################### > + >=20 > ################################################################# > ############### >=20 > [FV.SECFV] > diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf > b/OvmfPkg/PlatformPei/PlatformPei.inf > index 89d1f7636870..67eb7aa7166b 100644 > --- a/OvmfPkg/PlatformPei/PlatformPei.inf > +++ b/OvmfPkg/PlatformPei/PlatformPei.inf > @@ -116,8 +116,8 @@ [FixedPcd] > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize > - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase > - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize >=20 > [FeaturePcd] > gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable > diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h > b/OvmfPkg/Include/Library/MemEncryptSevLib.h > index 76d06c206c8b..adc490e466ec 100644 > --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h > +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h > @@ -12,6 +12,7 @@ > #define _MEM_ENCRYPT_SEV_LIB_H_ >=20 > #include > +#include >=20 > // > // Define the maximum number of #VCs allowed (e.g. the level of nesting = @@ > -36,26 +37,6 @@ typedef struct { > VOID *GhcbBackupPages; > } SEV_ES_PER_CPU_DATA; >=20 > -// > -// Internal structure for holding SEV-ES information needed during SEC p= hase > -// and valid only during SEC phase and early PEI during platform -// > initialization. > -// > -// This structure is also used by assembler files: > -// OvmfPkg/ResetVector/ResetVector.nasmb > -// OvmfPkg/ResetVector/Ia32/PageTables64.asm > -// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm > -// any changes must stay in sync with its usage. > -// > -typedef struct _SEC_SEV_ES_WORK_AREA { > - UINT8 SevEsEnabled; > - UINT8 Reserved1[7]; > - > - UINT64 RandomData; > - > - UINT64 EncryptionMask; > -} SEC_SEV_ES_WORK_AREA; > - > // > // Memory encryption address range states. > // > diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h new > file mode 100644 index 000000000000..c16030e3ac0a > --- /dev/null > +++ b/OvmfPkg/Include/WorkArea.h > @@ -0,0 +1,67 @@ > +/** @file > + > + Work Area structure definition > + > + Copyright (c) 2021, AMD Inc. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent **/ > + > +#ifndef __OVMF_WORK_AREA_H__ > +#define __OVMF_WORK_AREA_H__ > + > +// > +// Guest type for the work area > +// > +typedef enum { > + GUEST_TYPE_NON_ENCRYPTED, > + GUEST_TYPE_AMD_SEV, > + GUEST_TYPE_INTEL_TDX, > + > +} GUEST_TYPE; > + > +// > +// Confidential computing work area header definition. Any change // to > +the structure need to be kept in sync with the // > +PcdOvmfConfidentialComputingWorkAreaHeader. > +// > +typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER { > + UINT8 GuestType; > + UINT8 Reserved1[3]; > +} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER; > + > +// > +// Internal structure for holding SEV-ES information needed during SEC > +phase // and valid only during SEC phase and early PEI during platform > +// initialization. > +// > +// This structure is also used by assembler files: > +// OvmfPkg/ResetVector/ResetVector.nasmb > +// OvmfPkg/ResetVector/Ia32/PageTables64.asm > +// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm > +// any changes must stay in sync with its usage. > +// > +typedef struct _SEC_SEV_ES_WORK_AREA { > + UINT8 SevEsEnabled; > + UINT8 Reserved1[7]; > + > + UINT64 RandomData; > + > + UINT64 EncryptionMask; > +} SEC_SEV_ES_WORK_AREA; > + > +// > +// The SEV work area definition. > +// > +typedef struct _SEV_WORK_AREA { > + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; > + > + SEC_SEV_ES_WORK_AREA SevEsWorkArea; > +} SEV_WORK_AREA; > + > +typedef union { > + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; > + SEV_WORK_AREA SevWorkArea; > +} OVMF_WORK_AREA; > + > +#endif > diff --git a/OvmfPkg/PlatformPei/MemDetect.c > b/OvmfPkg/PlatformPei/MemDetect.c index 2deec128f464..2c2c4641ec8a > 100644 > --- a/OvmfPkg/PlatformPei/MemDetect.c > +++ b/OvmfPkg/PlatformPei/MemDetect.c > @@ -939,9 +939,9 @@ InitializeRamRegions ( > } >=20 > #ifdef MDE_CPU_X64 > - if (MemEncryptSevEsIsEnabled ()) { > + if (FixedPcdGet32 (PcdOvmfWorkAreaSize) !=3D 0) { > // > - // If SEV-ES is enabled, reserve the SEV-ES work area. > + // Reserve the work area. > // > // Since this memory range will be used by the Reset Vector on S3 > // resume, it must be reserved as ACPI NVS. > @@ -951,8 +951,8 @@ InitializeRamRegions ( > // such that they would overlap the work area. > // > BuildMemoryAllocationHob ( > - (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 > (PcdSevEsWorkAreaBase), > - (UINT64)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaSize), > + (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 > (PcdOvmfWorkAreaBase), > + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaSize), > mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData > ); > } > diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.= inc > index 35fd454b97ab..3b5e45253916 100644 > --- a/OvmfPkg/OvmfPkgDefines.fdf.inc > +++ b/OvmfPkg/OvmfPkgDefines.fdf.inc > @@ -82,6 +82,12 @@ > SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize > SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D > $(VARS_SPARE_SIZE) >=20 > +# The OVMF WorkArea contains a fixed size header followed by the actual > data. > +# The size of header is accessed through a fixed PCD in the reset vector= code. > +# The value need to be kept in sync with the any changes to the > +Confidential # Computing Work Area header defined in the > +Include/WorkArea.h SET > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHea > der > +=3D 4 > + > !if $(SMM_REQUIRE) =3D=3D TRUE > SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase > SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase > -- > 2.17.1 >=20 >=20 >=20 >=20 >=20