From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.42]) by mx.groups.io with SMTP id smtpd.web09.77.1615914318926089438 for ; Tue, 16 Mar 2021 10:05:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Y/apJbWF; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.42, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SlxEIzQ9etfnoxRfZn3ymZmWKpezMV7Dc1zjSEI0BHCWP6wudR+cDIGu1jyYqy+4BVtZC027r/8KjahA2hH2EV8zX/p218zsI7PNIL7UshkPKrFnjm/2yw75NGuWkk6ncDrd9t3BKVMeTfDuWI92N5GraV7VvGLG0Jd1bndFPMPKCSeCvsBPev79ezLM9Ic+3JddCo0bkRexw0jBWIopE4PBX/b3Wnk4XI+CAFsy/jILtuIi/ZxdlHfFjL/GUvlDOvRHx0Wfi3BCZoJ1+827EkukjjwP5UOSITwGAp9wZrRGQiJBgdB/kHlR6pacKfUig9OswnfybjIYfHMa2czQEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DrGcqzhrklE/v6NxoEgDAEhQp5TBpVn0jWDvvwfhdS8=; b=jJ1Zt7R9qik7SJ/ht9AT+k+T53LJWWirIpOq3Gqk0FKhkgzvTTuMN5ezM3tdE00b5lJtn+oKfhOW5X59TdYOxIMjld+hBgxf/FcO4rsg7ac7Ptnj9eiUN2zFiTt+KtGKxzjF0mrhTSBfZjuglKyPqujbcpbkv+6cXVTofCiXEBnu/tUXyUpyj7fFisLfpUWNA2PKnC9DsHBgDVHX851FQ0VYkftDa5Ebq5JTgbgvSAIznTbW1MHcvkyFjWXhq+6s0dU7RHa9V44GOW93Swj8BcUAuPe9KlYhxcNkgmt6Z191X3zch6kelo14VN0sxDkZov9BC6IuFy/sxJhq9HBdvw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DrGcqzhrklE/v6NxoEgDAEhQp5TBpVn0jWDvvwfhdS8=; b=Y/apJbWFlzztw7PAGSNNd0MjU6leay9HdEElddnb+M0S/fptnvOGivxRoO2EmgCNAepx/+TdG2nZeIlrvy4s9RQqtT+Vir+ZJNHe5kFNVok121KP1UJTQQIWC3exEXADUP8C+wNsU87lCA/R+jLCZbitwOqLzI4TB/Xuj/fHzXg= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2688.namprd12.prod.outlook.com (2603:10b6:805:6f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Tue, 16 Mar 2021 17:05:16 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d%3]) with mapi id 15.20.3933.032; Tue, 16 Mar 2021 17:05:16 +0000 From: "Singh, Brijesh" To: "Yao, Jiewen" , "devel@edk2.groups.io" , "tobin@linux.ibm.com" CC: Dov Murik , Tobin Feldman-Fitzthum , James Bottomley , Hubertus Franke , "Kalra, Ashish" , "Grimm, Jon" , "Lendacky, Thomas" Subject: Re: [edk2-devel] [RFC PATCH 00/14] Firmware Support for Fast Live Migration for AMD SEV Thread-Topic: [edk2-devel] [RFC PATCH 00/14] Firmware Support for Fast Live Migration for AMD SEV Thread-Index: AQHXD6V19yexIeymZ0+vAQjyki9Vd6pzERzwgA4kddCABao/wA== Date: Tue, 16 Mar 2021 17:05:15 +0000 Message-ID: References: <20210302204839.82042-1-tobin@linux.ibm.com> <166900903D364B89.9163@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_76546daa-41b6-470c-bb85-f6f40f044d7f_ActionId=7b9ab069-84ce-4606-88b6-56f13d78de37;MSIP_Label_76546daa-41b6-470c-bb85-f6f40f044d7f_ContentBits=0;MSIP_Label_76546daa-41b6-470c-bb85-f6f40f044d7f_Enabled=true;MSIP_Label_76546daa-41b6-470c-bb85-f6f40f044d7f_Method=Standard;MSIP_Label_76546daa-41b6-470c-bb85-f6f40f044d7f_Name=Internal Use Only - Unrestricted;MSIP_Label_76546daa-41b6-470c-bb85-f6f40f044d7f_SetDate=2021-03-16T16:15:17Z;MSIP_Label_76546daa-41b6-470c-bb85-f6f40f044d7f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d; authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; x-originating-ip: [70.112.153.56] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 149f15ed-2c8b-4a26-f171-08d8e89dabbf x-ms-traffictypediagnostic: SN6PR12MB2688: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vRFAiznCpKb/jf2jPXLtVcKA8oseJgyJDcQsBmVwlBwAjz684iofN87X55IsL+gXRare8pK1BbZYwSNS9VFFdd4Rl7Ky44kAvtCbX11pxtaa55AHvn8EehJjPFdiaTP5Vvuet4Mkk96AdQ/r8HABVan2fJBplnVhSkVW3TgbABv5PO0Xsvlgw+z6EHth/31Qgcobizf+KguWPi0zNGc7nHRP3G0felMq+BA4KnQ7Xrqx5YklIqtqDudzqsb8XJBLA+Sker+84gGbpuYeYfVZchsLiTepzUv2ZxE70tzALz5f6nmUIFvFJNiSm8u6/SE2rgD9yF9dgv1lHUkzOVn/V2/U6v8tSKxA4eZwMdkNhDXsKL0FR0eUxfMwdr6A5s3Wdu6KOfB7+ZvLP8k0FtiWjylB2+9r1XpcJllI51DXMQJpNTU/296IYghmup2ugWxkTu9jjM2yVKDrmV/4MuSC8cwrVn2HAvHDHWig9rV+YXQtIPHrlQ6yCRSq3M8Q/gnHVhN+uga/lsVlvl5S/xdK38HxSpKq2cmnH2D73etzMAsEaXBbrawRggOKrcqaegjM6FcOCNrV8LZnKCyz2/hmPLwC+axjixUJRqZcahi5ZLB4kiqih8Jwb1ldKm1kkFM9SN3Aa2yMy7NbDL/PkFZt+w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(39860400002)(136003)(346002)(376002)(366004)(30864003)(55016002)(45080400002)(316002)(110136005)(966005)(478600001)(54906003)(9686003)(33656002)(86362001)(26005)(2906002)(186003)(76116006)(66446008)(66556008)(64756008)(7696005)(52536014)(66476007)(66946007)(53546011)(71200400001)(19627235002)(6506007)(8936002)(83380400001)(4326008)(5660300002)(8676002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?mCHPxbCB+Nx0Xo4bbi82aN95x6t3K2pdrPHPdWWq9ONsx+LDLE9hESqbZCmp?= =?us-ascii?Q?hlsdiTRF2hw3M8Npaey33NLrhxbOvbJzMXS9dmhUb3W4hngAIgcQqVw6WOqY?= =?us-ascii?Q?XvuXKtSOgyBHZcQI/w21fWRa+O2vOfcyuVLMNo9bOCnNCnomTkI+8jsXyLM7?= =?us-ascii?Q?izU3m5LofktnNMjAGkMHq6U66M9Ruj5+jcTosdAvltvq0fJ2txJF0EAMtjlu?= =?us-ascii?Q?bLOjzj4eyDSkcztWMZMOaUNgEbTBIsN1ubyMcTQAAbKgiHTc5hTR6byhoJKD?= =?us-ascii?Q?VIrgUMJH8fYBKijiiqO72OsD+D8F9vXYxiTkvJ/MIM4H89LP9hMkq5z5nLSk?= =?us-ascii?Q?gHzG87vxQVOlsfeYF3wfX9FibjOS3/WfB+2dVz00AHzFiPTt1hqlO1F/TuUB?= =?us-ascii?Q?lqpbN8531lZfmhEbRPut2jJQhmMe4+Gr4vwrhqePg0DwHyf9doHlc26Bb1mv?= =?us-ascii?Q?a7qV9eDZwYl7uUSOtiRYrbpfbgo2yyw4xyzeZ6ns1qMvjtGT6RjddFb1vJc/?= =?us-ascii?Q?A9yxGshTdD1/cgqx+KTSwoXpD8oogdry7Y0YPKbqJS5mwnXQBM16dsD85p2Z?= =?us-ascii?Q?rpW20HR+BxHZKeIn62YsV8/Lx/ZTUJ/g/VUKnRoEOdN6lT0QJpkqgBKdVw/W?= =?us-ascii?Q?wD82bhsm/xIao/jqa5v7qbN2GhpKEB+ttuRWTA9Nzl7QKwLxOxYb2qTmhNBX?= =?us-ascii?Q?BIULIv/DK1aspGzRv9NAxU0tgsOYmqUuuOxcCqzsWbAO2mE3U6Yna9tJRHE+?= =?us-ascii?Q?EUpUGNopY8FrtqJo7h5BPKqV+LgZ8hQQkbbnVq4Vn29KIav1UcK7uUG7L9uO?= =?us-ascii?Q?jdlKdisVqnqDv2pRd0b6nFE4x5+rL5B7Audv0W1ZmVQhQ5800I0oVBblrQxf?= =?us-ascii?Q?a+pCMVOW945DL/VhW1chDr4VakmjDTdqPVUXwPbw4WLGQR1ECW5//HPpHPu7?= =?us-ascii?Q?cs5l2hi+HhtBoFEiL4uEx5lEl4xLPyJer3LfWYP0r0M0nhfXTmNMlBeN50IR?= =?us-ascii?Q?WtPq9HEsqSIAlSH80b48awSRICJbF09ZHJ+197BkZx8Xh+THBVKKjM5k63Z0?= =?us-ascii?Q?8oHCD9CfKh6ScTSYeC0kC400cihzCIro55B8JG0mdla68c94g5bIWk/pXrX1?= =?us-ascii?Q?k/F4Z7ce8oCCIPxMBl5xOUxgoiFVO18cnDXXYQOpns4oAZuF/MlLf/41Vlig?= =?us-ascii?Q?YwlCNqtg+iQ8POf1ZM0qrp7DJGNA25uYWaOX+ORfIth9UH6MzReQ2RHMGrt8?= =?us-ascii?Q?OwHSan2K84zazbIQ7yUGM2c/YRt0hYcM6e4BfmRzs+NK7xmY4doDgaWKkQvr?= =?us-ascii?Q?KO0m1H0csoDg19aHjVl5Z3xv?= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 149f15ed-2c8b-4a26-f171-08d8e89dabbf X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2021 17:05:15.9908 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: /a2B3GK9lrajJLYIoRRelCWMeMI4sYdTPkd1hhU/vu97b9Paj/y8GZrDNJOrcfp7XipR20Wc9v52oQOCPL4baQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2688 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable [AMD Official Use Only - Internal Distribution Only] Hi Yao, In the current proposal the accelerated migration does not involve the PSP= . I will let Tobin and Dov comment on how things works in current prototype= . If PSP was involved in the migration, then flow would be like this: - During the guest creation time two things will happen (both source and d= estination VMs go through this step) a) create a random VM encryption key (VEK) -- the key is used for encryp= ting the guest pages. b) guest owner supplies a session blob to the PSP. The session blob cont= ains transport encryption key (TEK). The TEK is used to encrypt all the co= nfidential information exchanged between the PSP and the external entities = such as a guest owner or another PSP. During the migration i) source VMM asks PSP to get a page that can be migrated. ii) source PSP encrypt the guest pages using the TEK iii) source VMM write the encrypted pages on the wire iv) destination VMM will call PSP to put the received encrypted page in t= he guest memory. v) destination PSP will decrypt the received pages using TEK, then encrypt= it using the VEK before copying it to the guest memory. As you see in the flow, the PSP's never share the keys. The TEK is wrapped= in the session blob provided to the PSP on launch. You are correct that the SEV/SEV-ES does not support querying the attestat= ion report after the guest boot. All the attestation need to be done during= the guest creation time. With SEV-SNP, a guest OS/BIOS can call PSP to get the attestation report. = The SEV-SNP, provides a method in which the guest owner can provide an IMI = (Initial migration agent) through the launch process. The IMI will be measu= red separately and stored in IMD (Initial Migration Digest). When source VM= M is ready to migrate it will use a PSP command (VM_EXPORT) to export the d= ata from source to destination. The export will contains information about = IMD etc. The destination VMM will use the PSP command (ABSORB) to import th= e incoming data. During the absorb process the destination PSP will check t= he IMD to ensure that same IMI is used at the source end. I have cut short = few details in the email; See the SEV-SNP spec (section migration 4.11) for= more. Thanks Brijesh -----Original Message----- From: Yao, Jiewen Sent: Friday, March 12, 2021 8:32 PM To: devel@edk2.groups.io; Yao, Jiewen ; tobin@linux.= ibm.com Cc: Dov Murik ; Tobin Feldman-Fitzthum ; James Bottomley ; Hubertus Franke ; Singh, Brijesh ; Kalra, Ashish ; Grimm, Jon ; Lendacky, Thomas Subject: RE: [edk2-devel] [RFC PATCH 00/14] Firmware Support for Fast Live= Migration for AMD SEV Hi We discuss the patch internally. We do see PROs and CONs with this approac= h. The advantage is that it is very simple. In-VM migration can save lots of = effort on security context restore. On the other hand, we feel not so comfortable to reserve a dedicate CPU to= achieve that. Similar to the feedback in the community. Using Hot-Plug is not a solution for Intel TDX as well. It is unsupported = now. I like the idea to diverge the migration boot mode v.s. normal boot mode i= n SEC phase. We must be very carefully handle this migration boot mode, to avoid any to= uching on system memory. Intel TDX Virtual Firmware skips the PEI phase directly. If we choose this= approach, SEC-based migration is our preference. Besides this patch, we would like to understand a full picture. 1) How the key is passed from source VM to destination? I saw you mentions: "Key sharing is out of scope for this part of the RFC.= " "This will probably be implemented via inject-launch-secret in the future" Does that mean two PSP will sync with each other and negotiate the key, af= ter the Migration Agent (MA) checks the policy? 2) How the attestation is supported? I read the whitepaper https://nam11.safelinks.protection.outlook.com/?url= =3Dhttps%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2FSEV-SNP-strengt= hening-vm-isolation-with-integrity-protection-and-more.pdf&data=3D04%7C= 01%7Cbrijesh.singh%40amd.com%7Cb19ccecd6ca946abd0eb08d8e5c84177%7C3dd8961fe= 4884e608e11a82d994e183d%7C0%7C0%7C637511995981376795%7CUnknown%7CTWFpbGZsb3= d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000= &sdata=3Dh67VntbdjigZFvhRfP6%2FGYTE9eqrFDqJRojWqG0C25c%3D&reserved= =3D0. It seems SEV and SEV-ES only support attestation during launch, I don't be= lieve this migration feature will impact the attestation report. Am I right= ? SEV-SNP supports more flexible attestation, does it include any informatio= n about the new migrated content? > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, > Jiewen > Sent: Thursday, March 4, 2021 9:49 AM > To: devel@edk2.groups.io; tobin@linux.ibm.com > Cc: Dov Murik ; Tobin Feldman-Fitzthum > ; James Bottomley ; Hubertus Franke > ; Brijesh Singh ; Ashish > Kalra ; Jon Grimm ; Tom > Lendacky ; Yao, Jiewen > Subject: Re: [edk2-devel] [RFC PATCH 00/14] Firmware Support for Fast > Live Migration for AMD SEV > > Hi Tobin > Thanks for your patch. > You may that Intel is working on TDX for the same live migration feature= . > > Please give me some time (about 1 work week) to digest and evaluate > the patch and impact. > Then I will provide feedback. > > Thank you > Yao Jiewen > > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Tobin > > Feldman-Fitzthum > > Sent: Wednesday, March 3, 2021 4:48 AM > > To: devel@edk2.groups.io > > Cc: Dov Murik ; Tobin Feldman-Fitzthum > > ; Tobin Feldman-Fitzthum ; James > > Bottomley ; Hubertus Franke > > ; Brijesh Singh ; Ashish > > Kalra > ; > > Jon Grimm ; Tom Lendacky > > > > Subject: [edk2-devel] [RFC PATCH 00/14] Firmware Support for Fast > > Live Migration for AMD SEV > > > > This is a demonstration of fast migration for encrypted virtual > > machines using a Migration Handler that lives in OVMF. This demo > > uses AMD SEV, but the ideas may generalize to other confidential compu= ting platforms. > > With AMD SEV, guest memory is encrypted and the hypervisor cannot > > access or move it. This makes migration tricky. In this demo, we > > show how the HV can ask a Migration Handler (MH) in the firmware for > > an encrypted page. The MH encrypts the page with a transport key > > prior to releasing it to the HV. The target machine also runs an MH > > that decrypts the page once it is passed in by the target HV. These > > patches are not ready for production, but the are a full end-to-end > > solution that facilitates a fast live migration between two SEV VMs. > > > > Corresponding patches for QEMU have been posted my colleague Dov > > Murik on qemu-devel. Our approach needs little kernel support, > > requiring only one hypercall that the guest can use to mark a page > > as encrypted or shared. This series includes updated patches from > > Ashish Kalra and Brijesh Singh that allow OVMF to use this hypercall. > > > > The MH runs continuously in the guest, waiting for communication > > from the HV. The HV starts an additional vCPU for the MH but does > > not expose it to the guest OS via ACPI. We use the MpService to > > start the MH. The MpService is only available at runtime and > > processes that are started by it are usually cleaned up on > > ExitBootServices. Since we need the MH to run continuously, we had > > to make some modifications. Ideally a feature could be added to the > > MpService to allow for the starting of long-running processes. > > Besides migration, this could support other background processes > > that need to operate within the encryption boundary. For now, we > > have included a handful of patches that modify the MpService to > > allow the MH to keep running after ExitBootServices. These are tempora= ry. > > > > Ashish Kalra (2): > > OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitma= p. > > OvmfPkg/PlatformDxe: Add support for SEV live migration. > > > > Brijesh Singh (1): > > OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall > > > > Dov Murik (1): > > OvmfPkg/AmdSev: Build page table for migration handler > > > > Tobin Feldman-Fitzthum (10): > > OvmfPkg/AmdSev: Base for Confidential Migration Handler > > OvmfPkg/PlatfomPei: Set Confidential Migration PCD > > OvmfPkg/AmdSev: Setup Migration Handler Mailbox > > OvmfPkg/AmdSev: MH support for mailbox protocol > > UefiCpuPkg/MpInitLib: temp removal of MpLib cleanup > > UefiCpuPkg/MpInitLib: Allocate MP buffer as runtime memory > > UefiCpuPkg/CpuExceptionHandlerLib: Exception handling as runtime > > memory > > OvmfPkg/AmdSev: Don't overwrite mailbox or pagetables > > OvmfPkg/AmdSev: Don't overwrite MH stack > > OvmfPkg/AmdSev: MH page encryption POC > > > > OvmfPkg/OvmfPkg.dec | 11 + > > OvmfPkg/AmdSev/AmdSevX64.dsc | 2 + > > OvmfPkg/AmdSev/AmdSevX64.fdf | 13 +- > > .../ConfidentialMigrationDxe.inf | 45 +++ > > .../ConfidentialMigrationPei.inf | 35 ++ > > .../DxeMemEncryptSevLib.inf | 1 + > > .../PeiMemEncryptSevLib.inf | 1 + > > OvmfPkg/PlatformDxe/Platform.inf | 2 + > > OvmfPkg/PlatformPei/PlatformPei.inf | 2 + > > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 2 + > > UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 2 + > > OvmfPkg/AmdSev/ConfidentialMigration/MpLib.h | 235 +++++++++++++ > > .../ConfidentialMigration/VirtualMemory.h | 177 ++++++++++ > > OvmfPkg/Include/Guid/MemEncryptLib.h | 16 + > > OvmfPkg/PlatformDxe/PlatformConfig.h | 5 + > > .../ConfidentialMigrationDxe.c | 325 +++++++++++++++++= + > > .../ConfidentialMigrationPei.c | 25 ++ > > .../X64/PeiDxeVirtualMemory.c | 18 + > > OvmfPkg/PlatformDxe/AmdSev.c | 99 ++++++ > > OvmfPkg/PlatformDxe/Platform.c | 6 + > > OvmfPkg/PlatformPei/AmdSev.c | 10 + > > OvmfPkg/PlatformPei/Platform.c | 10 + > > .../CpuExceptionHandlerLib/DxeException.c | 8 +- > > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 21 +- > > UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +- > > 25 files changed, 1061 insertions(+), 17 deletions(-) create mode > > 100644 > > OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf > > create mode 100644 > > OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf > > create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/MpLib.h > > create mode 100644 > > OvmfPkg/AmdSev/ConfidentialMigration/VirtualMemory.h > > create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h > > create mode 100644 > > OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c > > create mode 100644 > > OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c > > create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c > > > > -- > > 2.20.1 > > > > > > > > > > > > > >=20 >