From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from AUS01-SY4-obe.outbound.protection.outlook.com (AUS01-SY4-obe.outbound.protection.outlook.com [40.92.62.178]) by mx.groups.io with SMTP id smtpd.web10.11983.1637846520951653653 for ; Thu, 25 Nov 2021 05:22:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=bKT30M7Q; spf=pass (domain: outlook.com, ip: 40.92.62.178, mailfrom: atmgnd@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NG0EKabllACezz6gmeUjf3GW1Gp5CtxbHbZgMG1A+Tz+BzL0r1FSFyhIsEilI6VJvofSHq2yF5v0Wh6jsHUxCZhwoliXi3JDaTGT9fQeCIf8PZbH+tArvxRbAtvJzkHZ1BT0FdkHTavB0EIpTn7X8ZNtNsyl5oyOqhTj0Ut5B5dDMMwd9hk1uDmI6OsNSSIbMfa1gGgSpnEO2Fxb3TRTUXTTGtk31JgZvVMNAruEoRMzqfJLf2IOFgn1Ysi4kdAHCnmJkfSEN0IF4Uynu4kAaNrm2anjr0JPK1GIqyE/rPlP/4xZKlu0PBiNOFVhmkCXGdJTXBpvILhDU2GQ0rqWKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RzjM+pk7QZ53+5Kgx/OfrNyYqLIZ19XZFJyqMu/kWHs=; b=PsZT/zq5wnjREyYfH8aO9QBw551fWCtDLZz55WVjUU7OlXVq9vKlnoTWnEbmPFvS3ZmBc8zlzv5iiNZIWqWE7przcgvGNlgbQ4Af04ccmp9HgGM7M/ELPqeulrzmu+2/K/nR8KYTIAzyTdgW9o1s9rQ9XGg2f8mEcnvwi3FtgbeBN3UwVLQf2ehJM0AoVaJOW0rIArCaiPjb1AXYuCOvl+obFpZnw/lIIqaVIJNJRy923p7tOiG0lcZd3O8jCizv7mPYvIpLg/jq0LSZ4E1SoabqatShZi/YZyHlN2Cvgr0XTCj04KA56FkVJWSQQuAXGefuRT8Uo4dVfztHfoDaag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RzjM+pk7QZ53+5Kgx/OfrNyYqLIZ19XZFJyqMu/kWHs=; b=bKT30M7QEioUwBGUUiP4M5s2am1qclEpCAtUvsyMGV0iKIYQ1nJ2lTSPWQ18+za0vf7BV66dht6AapGamKNVN8nkwl3jxKgb+Nyp2zyNFWtzVFyU9qOPTZgGAIID3FAz7EQ5Kig54VfEIt7F0brnb2keaAfyknSi5QcsZtR/Ozo/t2AhpP9ALxz0FGEwdHTSHJlyFoaoQxfUZjPy6CjILANRZRMNTUjX06p/URbgplQXde2Qlfbde/DbdO6zbWOtlRWt1U97xyTCFBBVgd3DGn7YTuwLDR3PIFuk1VPhG30DBxtOVT09acg+uij71lyHCAFn7GQjqsVlCXUdGQ0zBA== Received: from SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:169::6) by SYBP282MB2978.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:155::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.21; Thu, 25 Nov 2021 13:21:56 +0000 Received: from SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM ([fe80::e824:64d3:baaa:3d0a]) by SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM ([fe80::e824:64d3:baaa:3d0a%6]) with mapi id 15.20.4713.027; Thu, 25 Nov 2021 13:21:56 +0000 From: "qi zhou" To: "devel@edk2.groups.io" CC: "brijesh.singh@amd.com" , "erdemaktas@google.com" , "jejb@linux.ibm.com" , "jiewen.yao@intel.com" , "min.m.xu@intel.com" , "thomas.lendacky@amd.com" Subject: Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase Thread-Topic: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase Thread-Index: AQHX4f2b4kgqpIwgKUWr38R05chesawUOTav Date: Thu, 25 Nov 2021 13:21:56 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: 2683b5aa-6ff4-8912-d4c2-957025740aab x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [fcSMF8CQwdERR7oOZSO3/1b+6MeyMFpM] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5615ce34-9d14-433e-bd88-08d9b0168dfd x-ms-traffictypediagnostic: SYBP282MB2978: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 2IBOdWpwZNp3cGx2GiN45sw0Uy1UuvTRGAo+naRR+kLqSjARQ2nb5/wI9K1Os8GxruybpmCKYExKNgN0vxUW66E2hy/hZ8otRl5M6T6H03jVOg+oEvoUvVmG8Apns5xbBq5SCrve1Bh906Hs8kOZpQ0bZ3GfH41mJCsWI32ADzSPJ30mLAmqcUbuYrliJB9W5iMG7RCiTHoap53hqH4Cv3WYpTKLzPq2/miXPLFUZ/D2FogOhTz55ylVBMbmovsap/5ZiJS1gg9rHhhKgcT/8CPUqddPdKuLkWge0e5cxNcF9UDtAfELgV/4Wg1Vn9aosIL27/Z8FduK2wXd+uRAiw+V1tOyFEQMMQBTuJqFF4YTVbTSOJJc2Sv7uSf7VYEirsycvVna2kj82Ih7S4+OvDQg5xlJuy30hiF1LZh+6p+sdvYUm/dXx3AO4nQM03VKKtW82IPtfpMcYYFySSK9yeOHOIhhlWsvqbF2bg4e5XR1OXdVpXKrQvQrC00hNqjxa3erClb97ssUo1BI5omzepNJ/rvuAPjJGKDoDQxAuVqfAtj9YF/uGM1sOdPBcn44SEERKtXoXYUAKFPEv/Whd0DyzvC0YuJWkBjOnW6THBn/pC3x9CDIdGjYbRInSBGoDFcVOzxktWPRm6MGEqCjCg== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: b1QwhyF3U8DCvgwMomrrC1pYOsuF1BqGZSmJrn5SgSDVGuNjCjQ8plP4xsHBjEZfLgVczTwUZgHeehGIPdBrhYEi/361oW/22b8PLHNeUJYBnfQktlUbajjp9jCWg39D9ofQNYymOO29Nc+KzabS3lQRjlAIq3hiTDfnTwRHluzPCNjjequuLt9X6egKTuVEXz5/InhEr1vGxKGgca60Fm7774JMrf7H8DyDz1dB2ONrd01/JbGs6GHVj5s+S30qBR+Xfx0nZI6eJsIB1p/DO8dkdz1Ngynsa2YIR2zMsAbBYJ2ygzuAU2y3tdFXD1tMcopPc+xJRwsXKfVpSBHy7V0eU97GyjzwJVIgI9DBYtfnlUHQ3JQRR9zsOpxMMI5XRiT+Y7XWYOBxZ4GKiIevQM2PBeWPn7i9sKbNm+98RkB3rcGu0NWBD9CF/k/yK1cFG3yUUqIHqgsK2CysoYu4gk8ZX3fLq/gQKlHjZpE6PEn+UagFAgwfqwXMEWa1OoxStf05/l393BqlHk9rlJeo0WlGpT0AL/V4o2dp73gT99HGvUDojb1qdidvQH3PddpkWiraYpjYiF2RBGyYufa7bvjUaZv2i8z4hy9GFpKtn3P2KSyaG8+vUddyyrduoVuZk3zel1Mb3uORNpJ/oQPFGHpA8EhGGWm3M9lyTVxXSr4etzQ7YpplDNNobYHJ2UyqgYbiDUqmb+xkc6Gs0bxr7g== MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 5615ce34-9d14-433e-bd88-08d9b0168dfd X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2021 13:21:56.6825 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBP282MB2978 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Here I will add some debug infomation about the reboot issue. on the maste= r branch, I added some logs, see below:=0A= =0A= https://1drv.ms/u/s!As-Ec5SPH0fuimANnT5FPm8cmeM6=0A= ---=0A= .../Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 3 +++=0A= 1 file changed, 3 insertions(+)=0A= =0A= diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c= =0A= index e2fd109d12..8ab5849386 100644=0A= --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c=0A= +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c=0A= @@ -44,6 +44,7 @@ InternalMemEncryptSevStatus (=0A= ReadSevMsr =3D FALSE;=0A= =0A= SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase);=0A= + DEBUG ((DEBUG_INFO, "SevEsWorkAera: %p, SevEsWorkArea->EncryptionMask: %= lu\n", SevEsWorkArea, SevEsWorkArea ? SevEsWorkArea->EncryptionMask : 0));= =0A= if (SevEsWorkArea !=3D NULL && SevEsWorkArea->EncryptionMask !=3D 0) {= =0A= //=0A= // The MSR has been read before, so it is safe to read it again and av= oid=0A= @@ -71,7 +72,9 @@ InternalMemEncryptSevStatus (=0A= //=0A= // Check MSR_0xC0010131 Bit 0 (Sev Enabled)=0A= //=0A= + DEBUG ((DEBUG_INFO, "Begin read msr\n"));=0A= Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);=0A= + DEBUG ((DEBUG_INFO, "End read msr\n"));=0A= if (Msr.Bits.SevBit) {=0A= mSevStatus =3D TRUE;=0A= }=0A= -- =0A= 2.25.1=0A= =0A= Then rebuild the ovmf package, launch qemu with windows 10 guest os install= ed, repeat reboot win10 guest os 4-10 times, then there may got reboot fail= =0A= see this screenshot: https://1drv.ms/u/s!As-Ec5SPH0fuil9hsVV_ooZG0mcw?e=3Dx= gfJoL=0A= =0A= From: qi zhou =0A= Sent: Thursday, November 25, 2021 21:12=0A= To: devel@edk2.groups.io =0A= Cc: brijesh.singh@amd.com ; erdemaktas@google.com ; jejb@linux.ibm.com ; jiewen.yao@= intel.com ; min.m.xu@intel.com ; = thomas.lendacky@amd.com =0A= Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during= PEI phase =0A= =A0=0A= >>From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001=0A= From: Qi Zhou =0A= Date: Thu, 25 Nov 2021 20:25:55 +0800=0A= Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during= =0A= =A0PEI phase=0A= =0A= Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by= =0A= os(Windows etc), and will not restored on reboot, the=0A= SevEsWorkArea->EncryptionMask may have a random value after reboot. then it= =0A= may casue fail on reboot. The msr bits already cached by mSevStatusChecked,= =0A= there is no need to try cache again in PEI phase.=0A= =0A= Signed-off-by: Qi Zhou =0A= ---=0A= =A0.../PeiMemEncryptSevLibInternal.c=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 | = 55 +++++++------------=0A= =A01 file changed, 19 insertions(+), 36 deletions(-)=0A= =0A= diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c= =0A= index e2fd109d12..0819f50669 100644=0A= --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c=0A= +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c=0A= @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (=0A= =A0=A0 UINT32=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0 RegEax;=0A= =A0=A0 MSR_SEV_STATUS_REGISTER=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Msr;=0A= =A0=A0 CPUID_MEMORY_ENCRYPTION_INFO_EAX=A0 Eax;=0A= -=A0 BOOLEAN=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0 ReadSevMsr;=0A= -=A0 SEC_SEV_ES_WORK_AREA=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 *SevEsWork= Area;=0A= =A0=0A= -=A0 ReadSevMsr =3D FALSE;=0A= -=0A= -=A0 SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWork= AreaBase);=0A= -=A0 if (SevEsWorkArea !=3D NULL && SevEsWorkArea->EncryptionMask !=3D 0) {= =0A= -=A0=A0=A0 //=0A= -=A0=A0=A0 // The MSR has been read before, so it is safe to read it again = and avoid=0A= -=A0=A0=A0 // having to validate the CPUID information.=0A= +=A0 //=0A= +=A0 // Check if memory encryption leaf exist=0A= +=A0 //=0A= +=A0 AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);=0A= +=A0 if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) {=0A= =A0=A0=A0=A0 //=0A= -=A0=A0=A0 ReadSevMsr =3D TRUE;=0A= -=A0 } else {=0A= +=A0=A0=A0 // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)=0A= =A0=A0=A0=A0 //=0A= -=A0=A0=A0 // Check if memory encryption leaf exist=0A= -=A0=A0=A0 //=0A= -=A0=A0=A0 AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);= =0A= -=A0=A0=A0 if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) {=0A= +=A0=A0=A0 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL,= NULL);=0A= +=0A= +=A0=A0=A0 if (Eax.Bits.SevBit) {=0A= =A0=A0=A0=A0=A0=A0 //=0A= -=A0=A0=A0=A0=A0 // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)=0A= +=A0=A0=A0=A0=A0 // Check MSR_0xC0010131 Bit 0 (Sev Enabled)=0A= =A0=A0=A0=A0=A0=A0 //=0A= -=A0=A0=A0=A0=A0 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL,= NULL, NULL);=0A= -=0A= -=A0=A0=A0=A0=A0 if (Eax.Bits.SevBit) {=0A= -=A0=A0=A0=A0=A0=A0=A0 ReadSevMsr =3D TRUE;=0A= +=A0=A0=A0=A0=A0 Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);=0A= +=A0=A0=A0=A0=A0 if (Msr.Bits.SevBit) {=0A= +=A0=A0=A0=A0=A0=A0=A0 mSevStatus =3D TRUE;=0A= =A0=A0=A0=A0=A0=A0 }=0A= -=A0=A0=A0 }=0A= -=A0 }=0A= -=0A= -=A0 if (ReadSevMsr) {=0A= -=A0=A0=A0 //=0A= -=A0=A0=A0 // Check MSR_0xC0010131 Bit 0 (Sev Enabled)=0A= -=A0=A0=A0 //=0A= -=A0=A0=A0 Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);=0A= -=A0=A0=A0 if (Msr.Bits.SevBit) {=0A= -=A0=A0=A0=A0=A0 mSevStatus =3D TRUE;=0A= -=A0=A0=A0 }=0A= =A0=0A= -=A0=A0=A0 //=0A= -=A0=A0=A0 // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)=0A= -=A0=A0=A0 //=0A= -=A0=A0=A0 if (Msr.Bits.SevEsBit) {=0A= -=A0=A0=A0=A0=A0 mSevEsStatus =3D TRUE;=0A= +=A0=A0=A0=A0=A0 //=0A= +=A0=A0=A0=A0=A0 // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)=0A= +=A0=A0=A0=A0=A0 //=0A= +=A0=A0=A0=A0=A0 if (Msr.Bits.SevEsBit) {=0A= +=A0=A0=A0=A0=A0=A0=A0 mSevEsStatus =3D TRUE;=0A= +=A0=A0=A0=A0=A0 }=0A= =A0=A0=A0=A0 }=0A= =A0=A0 }=0A= =A0=0A= -- =0A= 2.25.1=0A=