From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.69992.1629382507743145928 for ; Thu, 19 Aug 2021 07:15:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=cJnYbBEk; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10080"; a="302148099" X-IronPort-AV: E=Sophos;i="5.84,334,1620716400"; d="scan'208";a="302148099" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Aug 2021 07:15:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,334,1620716400"; d="scan'208";a="641713142" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga005.jf.intel.com with ESMTP; 19 Aug 2021 07:15:05 -0700 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Thu, 19 Aug 2021 07:15:04 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Thu, 19 Aug 2021 07:15:04 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.43) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Thu, 19 Aug 2021 07:15:03 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iv/q420A4Xo2p2fo2tqlsmM690pgJytNTmL8ENCY249VeSvaNPcLJx0L1mo7p152shS2Q1uBzVKGimCOxrhZDl+poVHGcwyQ6JOibBrUeoU9reSfxNbktk65+p5brBDEaKBgTKEgvEC2lrSxC1CcwYtH0K0fw+C4QsH0XVZJGYnbtEdeeeQEvoPvn3T/UWmlus1rsPxDe/9XPTPNwI1+Z3NhaMmsBFOrjXB8GEBi3tiuLax4BPphFTe2Jbd5IKkSOnm43tsMry0+BgHH5X8RFjWpkWsb2pWG8V73qRizxnI7sSySLpUbaWGVo+jMdgmr+iAk14dfdhGiAVQnIq0RFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QRFXJqpqO9KUxSc6mFppfXP7SCdung/wsv1OL0g7mrw=; b=BmhKXGzfnzXW545nkLIb7aq5Nz9bCMol0+tcM++/pBtRr6hx4TO9ZDh2pqBF3P1pOm69OWliFxzF70puB3XdiCStKc/B90PeAgn1QWW6Mz/oMPiKShwG9orFtVXzIEl+EcfYv2Oh5ejy0B4xArbP+CHJBVwhJnmRVjjZLrPSuUVPvLT4u9ZP5IiQ22hAxAVoXCXtmJrpJx7zRAVr1qyzqB2PTx9Lms9WS/5MWH+/RtHUNmT8wEMY6x2ALRTYQP8jxnwCQYj20h2jpxhGONDpUoVEGdv+jLeW5OmYN/i32kq965Sbu7zUIb//pDZ7LKQR0D85I2sSgsb/QfOqTeiqBg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QRFXJqpqO9KUxSc6mFppfXP7SCdung/wsv1OL0g7mrw=; b=cJnYbBEkeWyrCvQmLg4aRGChIpkMNY/eek5fx0STcHztiB/0aeZA5EeoIruWCYiC7S1PMr0BwVvYpf4a6SCNJHe+46qykevEpFjujDf4uWwpMpdf+bnG58ZL2zxN7CM1kNNscQV/OT9Y+Cj9UPE739/dIdnx9JwfdqK6cOiePxE= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4805.namprd11.prod.outlook.com (2603:10b6:510:32::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Thu, 19 Aug 2021 14:15:01 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b%3]) with mapi id 15.20.4415.024; Thu, 19 Aug 2021 14:15:01 +0000 From: "Min Xu" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Yao, Jiewen" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" Subject: Re: [PATCH v3 2/3] OvmfPkg/ResetVector: update SEV support to use new work area format Thread-Topic: [PATCH v3 2/3] OvmfPkg/ResetVector: update SEV support to use new work area format Thread-Index: AQHXk25nf6qqyPfhxkexIxGvAOxi4Kt64jvQ Date: Thu, 19 Aug 2021 14:15:01 +0000 Message-ID: References: <20210817134651.20444-1-brijesh.singh@amd.com> <20210817134651.20444-3-brijesh.singh@amd.com> In-Reply-To: <20210817134651.20444-3-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6c804636-2937-473b-f02d-08d9631bbbd0 x-ms-traffictypediagnostic: PH0PR11MB4805: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: UFhbjwvv3THOHsiUCV9EtR4v5CCMDYqr+C9Oagi6UEvKEimz3HShNMqlpXG7hY6lZuaV/HXGIwIJ4tZEpWFKU4KjDdZNlOdOnPTYCSHEbzCJaKVyLIYfhXlTJX/T9mTeJE9zEJI0jjTFgwZpTFw/oGiOTu7iap3fas44X6AZSXFl9qOLYEwE/s9LHdHR8jcIQsLafdtYIJgRH3UAdFbtfmmDrD5tyyJ0xOtqcVUqUvHPBeaBy4mR9barHOziHNgBgD8K5AW7YHZKAlgSZOh5Aq1HeV6Wzx29uy2QXVW/UWilvJL/hyBHVZl60WVRG0qnb+4oAbxc1vvC/TWZczy68JxY1yNPNrMR8jjf4bHx//+nZaXdJ/wKXhX1OA937y1Rtt1nBRlbTS7n1aoOqmfCYGZgnlTIiP4VMOhee7Mf+b8SZahea1MmDdRLK7k0AwDOavVXzkLGX4xNN9O+8uyxyaJzrMpklxk6tm6bln/AdZdFXGI+gJb4JgdSYdU4SSatfCuOW7XoMqjCsfoNwvjfs6OjWjH0dA+maHt5SxFAKUuwFugqETjRYMY3v9u/SPj6LUYVRi2toEaL5uVmUPEb8xJ864O4bMSV2X7CfaytEIKSaPrtZqVBKlENCG9roxHrEAJWpGc8v+diz+qOinEowoD1vG3A814qWBO5JX13OtLoe8ED0BvTEOlzS+rKP9i+6AuRdTNQQPduiG8T3Cbf0nfwq7E9gjF6y4gomqmCFCO70Ne1KMizJK8g/9vE6PygrDo1BcKfm46uY0YsvOainC3AaSZhBIpruCx/Mpv/wus= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(376002)(39860400002)(136003)(346002)(8676002)(186003)(316002)(9686003)(122000001)(33656002)(15650500001)(55016002)(4326008)(38100700002)(71200400001)(19627235002)(54906003)(2906002)(478600001)(83380400001)(110136005)(66476007)(5660300002)(76116006)(66446008)(52536014)(66556008)(7696005)(26005)(8936002)(64756008)(53546011)(6506007)(86362001)(66946007)(966005)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?YbL+BV3TGAkpQy25fJPTEMzmeASew2dFIiIMBNj2XCqLFfc8z66JaCygf8y4?= =?us-ascii?Q?SKECiUBeuRWPC46tMdRP+iQBYNXbuorGrwq+Ohp+AQbh1+vOMfLm0KNeCbrx?= =?us-ascii?Q?/GkorQerVHmDcafrzb3wVNTJpwgAvOX53nwYOPKcYfArj5kzMmvONDumbkUF?= =?us-ascii?Q?qLM1W7XMW9zDbmqaviqX6IUj7JQGQAXPybMieyOcQbMmQVoaUZiWoR5d2Fso?= =?us-ascii?Q?1WY4wW7cZkXD3SaLGoW5oXty+7ZryCKr/Dr7vG5eoJDLV1ysEqp1LHf9SD1Q?= =?us-ascii?Q?rbT8+5OsPtJJjeef962wNxPCZcCotl70rQpyA7cBwH5heEjAT3FbLuAvBCg3?= =?us-ascii?Q?mCBX7ikeAsAnmXhl2msrm9AhoE1V0kz3VG6wEa5BFqKX0LK2LsLz32GQ8cI3?= =?us-ascii?Q?KDPWT0WxeLg3vgeAYxVWpkZtkBMcEpMBWuaw1qwXhCNyvbFxNEJCXij/QxGN?= =?us-ascii?Q?ZqeXrzuBqaD3hMjfZcwbVAzlmKBV/dMVEWypgCHbYdmRzBhs7q6gpIVPN+3N?= =?us-ascii?Q?EeSGhM7JptGscm/eXv5RmsBHsPD4q7HUZUSkU+zsEvaLWTIpn+8emzPO6GYj?= =?us-ascii?Q?ARDLf2emaCJ+A4N6xrND4Mzbw6tPhoLiIE2kzgHDex7ViYq8lIMjg64X2ML4?= =?us-ascii?Q?f2BmgoBksrD7Pu/wskUmt6Z2nRs9naV7fElfbcj1+/rm67c0x6fbxwsZzill?= =?us-ascii?Q?ug32Pywz7kuVhnjwasMWDpcPAfYIhjUa262508VM0l870Zu4HPLQ82BWZvga?= =?us-ascii?Q?MsfhzeJamTVHzI4NKlEmuE/NqEV3X8vaGfdMgcNJqqz/Y8Lmpo4n4HMicc0c?= =?us-ascii?Q?LhZ/3SIVI5wG0We7rm1olF4nG9by6fZQcrnYypqIbjbgwozNiIwy8cq/k2zi?= =?us-ascii?Q?1WqmDIKTeOB9xPTdUtnvcEkWrvsLCB5F8rOz4EoU43YG9g5OAw8Gvog42MP7?= =?us-ascii?Q?Id9c2VclGBRRCc4iwgDkisZznuI6iaR0zvEzKNYd1y1/qmtPoihf5yxXlujF?= =?us-ascii?Q?jiBb5srpJCR6pkclfCz89wnM1JmO7ZhknsekdvFve5oK/Z24DgG5W5Zr0Zyp?= =?us-ascii?Q?Tc4Q6a3DOT5oZEPkL7krkrHO8k4ElbCqFoKxLmzy0Jj7m3eAp7nyGmEHO1ql?= =?us-ascii?Q?OUfuCPNRTlX61HKn2RF/iPMFo4BiT418DKL3JxWW8cM8CIyVtQbVY+oKll4w?= =?us-ascii?Q?Bn83ZrGCWLht30sxfgwF9oWlGuWLu8cIicSimOsV0gTsBQrI1C25u4q3wJ4d?= =?us-ascii?Q?O2B/e2vOLk4HV3a8JPic9MVFsatwgTS3MP9ZcCX0C/eyFkkfPH2pHZkYdjLf?= =?us-ascii?Q?98ww8337Hmgyf4sg9VXytfO2?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6c804636-2937-473b-f02d-08d9631bbbd0 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2021 14:15:01.4710 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: tcQTDPPUvA7W5ce94Rl3UaNjj6kC1le7og8UFlRUVtpNEGtxdCTvpVRJ7HHcgfhVZAbU2FTrBvjD4Hhjl9+jww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4805 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Min Xu > -----Original Message----- > From: Brijesh Singh > Sent: Tuesday, August 17, 2021 9:47 PM > To: devel@edk2.groups.io > Cc: James Bottomley ; Xu, Min M > ; Yao, Jiewen ; Tom Lendacky > ; Justen, Jordan L ; > Ard Biesheuvel ; Erdem Aktas > ; Michael Roth ; Brijesh > Singh > Subject: [PATCH v3 2/3] OvmfPkg/ResetVector: update SEV support to use ne= w > work area format >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 >=20 > Update the SEV support to switch to using the newer work area format. >=20 > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Signed-off-by: Brijesh Singh > --- > OvmfPkg/ResetVector/ResetVector.inf | 1 + > OvmfPkg/Sec/SecMain.inf | 2 ++ > OvmfPkg/Sec/SecMain.c | 36 ++++++++++++++++++++++- > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 8 +++++ > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 4 +++ > OvmfPkg/ResetVector/ResetVector.nasmb | 1 + > 6 files changed, 51 insertions(+), 1 deletion(-) >=20 > diff --git a/OvmfPkg/ResetVector/ResetVector.inf > b/OvmfPkg/ResetVector/ResetVector.inf > index d028c92d8cfa..a2520dde5508 100644 > --- a/OvmfPkg/ResetVector/ResetVector.inf > +++ b/OvmfPkg/ResetVector/ResetVector.inf > @@ -43,6 +43,7 @@ [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase >=20 > [FixedPcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase > diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index > 7f78dcee2772..ea4b9611f52d 100644 > --- a/OvmfPkg/Sec/SecMain.inf > +++ b/OvmfPkg/Sec/SecMain.inf > @@ -70,6 +70,8 @@ [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd > gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack > + > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHead > er > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase >=20 > [FeaturePcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index > 9db67e17b2aa..707b0d4bbff4 100644 > --- a/OvmfPkg/Sec/SecMain.c > +++ b/OvmfPkg/Sec/SecMain.c > @@ -807,6 +807,36 @@ SevEsProtocolCheck ( > Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE; } >=20 > +/** > + Determine if the SEV is active. > + > + During the early booting, GuestType is set in the work area. Verify > + that it is an SEV guest. > + > + @retval TRUE SEV is enabled > + @retval FALSE SEV is not enabled > + > +**/ > +STATIC > +BOOLEAN > +IsSevGuest ( > + VOID > + ) > +{ > + OVMF_WORK_AREA *WorkArea; > + > + // > + // Ensure that the size of the Confidential Computing work area > + header // is same as what is provided through a fixed PCD. > + // > + ASSERT ((UINTN) FixedPcdGet32 > (PcdOvmfConfidentialComputingWorkAreaHeader) =3D=3D > + sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER)); > + > + WorkArea =3D (OVMF_WORK_AREA *) FixedPcdGet32 > (PcdOvmfWorkAreaBase); > + > + return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D > +GUEST_TYPE_AMD_SEV)); } > + > /** > Determine if SEV-ES is active. >=20 > @@ -826,9 +856,13 @@ SevEsIsEnabled ( > { > SEC_SEV_ES_WORK_AREA *SevEsWorkArea; >=20 > + if (!IsSevGuest()) { > + return FALSE; > + } > + > SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 > (PcdSevEsWorkAreaBase); >=20 > - return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D= 0)); > + return (SevEsWorkArea->SevEsEnabled !=3D 0); > } >=20 > VOID > diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > index aa95d06eaddb..87d81b01e263 100644 > --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > @@ -171,6 +171,9 @@ CheckSevFeatures: > bt eax, 0 > jnc NoSev >=20 > + ; Set the work area header to indicate that the SEV is enabled > + mov byte[WORK_AREA_GUEST_TYPE], 1 > + > ; Check for SEV-ES memory encryption feature: > ; CPUID Fn8000_001F[EAX] - Bit 3 > ; CPUID raises a #VC exception if running as an SEV-ES guest > @@ -257,6 +260,11 @@ SevExit: > IsSevEsEnabled: > xor eax, eax >=20 > + ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set > + ; to 1 if SEV is enabled. > + cmp byte[WORK_AREA_GUEST_TYPE], 1 > + jne SevEsDisabled > + > ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if > ; SEV-ES is enabled. > cmp byte[SEV_ES_WORK_AREA], 1 > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > index eacdb69ddb9f..f688909f1c7d 100644 > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > @@ -42,6 +42,10 @@ BITS 32 > ; > SetCr3ForPageTables64: >=20 > + ; Clear the WorkArea header. The SEV probe routines will populate th= e > + ; work area when detected. > + mov byte[WORK_AREA_GUEST_TYPE], 0 > + > OneTimeCall CheckSevFeatures > xor edx, edx > test eax, eax > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb > b/OvmfPkg/ResetVector/ResetVector.nasmb > index acec46a32450..d1d800c56745 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -72,6 +72,7 @@ > %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) > %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) > %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) > + %define WORK_AREA_GUEST_TYPE (FixedPcdGet32 > (PcdOvmfWorkAreaBase)) > %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) > %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 > (PcdSevEsWorkAreaBase) + 8) > %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 > (PcdSevEsWorkAreaBase) + 16) > -- > 2.17.1