From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (AUS01-SY4-obe.outbound.protection.outlook.com [40.92.62.188])
 by mx.groups.io with SMTP id smtpd.web10.11911.1637845961260923533
 for <devel@edk2.groups.io>;
 Thu, 25 Nov 2021 05:12:42 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@outlook.com header.s=selector1 header.b=FSDNl1wX;
 spf=pass (domain: outlook.com, ip: 40.92.62.188, mailfrom: atmgnd@outlook.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Ue9Yg6oBae03xXsN/X2X4mEM2azZd3iOR879HCUTYLBm3ACPxnYT64Z2T3IklElAGb6gTS+yYuKJlb6kT73KX77uxJAqoqX+Z/xGNMIqhZY6a1zvV8epO6s9bitJRze8VN9l3WsCb8Bo/2Uk7AEga7h4vSury4lZBSdk+8WFYRuVWkY+acZ33PHuNgHcX+EwPbMvT56U2hja62Lj91EqXx3XCDKCQReZI8XAHRJhXIugoN8wAMggcCO8fgAYE/oKDIHJ/c2zT6Hh6a0dMdbdwnB7o2ibgTLsxDhq4OG8MjXDcTcE/tkntM6OIVkge3U7jCBLnr/1a4XumKCu17VKxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=5TeKVFImKTVG6/5fvSBauN63evUN+WYuWJEq3JaC5S0=;
 b=It9aeHxgXacpPzAAXPnb4xvCLTD73wvG+BRzgv6qhQHNiBuEgeXCehi/BByYiy72x8IxEMSxWf0wJpkOB+p1I9KmrieSKa395pyTmLsSLiARwR1LNP5UCA1EdgZoaJXuQ12vt+Qzl8wUIwFXediA2b7ebOxXW5VW+5t/1LhiAFS5GQeOC5Q+yTD0OwfZvPJh84/MsoHGJaCYA+Ss0iYoXfHOdluLy82zdMaYfsWaqFX2/9xM32sP0WsaxqaGDBLT2LtVLJeiKl9mDJXjWuB+CY5HiBvHs6C6bUhPHMEHqWVnjXfX8Y6aMzdADhqD8MBeRe/xPNv7KqFoOLy/F6Ui6Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=5TeKVFImKTVG6/5fvSBauN63evUN+WYuWJEq3JaC5S0=;
 b=FSDNl1wXTgbM5uJc1FZkf7vKJCKASC2Z+VNNFTVflNeTIYYPrytnlqpoxamWz4xH8Df7RcjjAy51F1zxbRf7Btmaev+B6RLged18n0KcnPLYGvO+QNl21QQlD24Vy9A0PTqk4A9IAyk8MbQQ2RTPDe1bTrGPIYqczKp74vm0aOYsQeii3c3x5GIeuIWrJyO3NkiTUR5OGLKSpod6BHgtdLg6vK4d74bqPDU6MLoXk+3++GHsLMs6qPpk9g2ANWeHAXuKu+XxFzm9lJ4KMA4OiM3EUQsqK4HKZcq7Vx0YfQB+gI34a+Ps8IBYVJWeawSFbNiPH/yqbAo4pIipZsdb9Q==
Received: from SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:169::6) by
 SYBP282MB2978.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:155::10) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4713.21; Thu, 25 Nov 2021 13:12:36 +0000
Received: from SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM
 ([fe80::e824:64d3:baaa:3d0a]) by SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM
 ([fe80::e824:64d3:baaa:3d0a%6]) with mapi id 15.20.4713.027; Thu, 25 Nov 2021
 13:12:37 +0000
From: "qi zhou" <atmgnd@outlook.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "brijesh.singh@amd.com" <brijesh.singh@amd.com>, "erdemaktas@google.com"
	<erdemaktas@google.com>, "jejb@linux.ibm.com" <jejb@linux.ibm.com>,
	"jiewen.yao@intel.com" <jiewen.yao@intel.com>, "min.m.xu@intel.com"
	<min.m.xu@intel.com>, "thomas.lendacky@amd.com" <thomas.lendacky@amd.com>
Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
Thread-Topic: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr
 during PEI phase
Thread-Index: AQHX4f2b4kgqpIwgKUWr38R05chesQ==
Date: Thu, 25 Nov 2021 13:12:36 +0000
Message-ID: 
 <SYZP282MB32522731273150B71736A880C9629@SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM>
Accept-Language: en-US, zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
suggested_attachment_session_id: 2b5c4d60-9dc4-03ec-03fe-f6dc62d0c975
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [Q0YhwGRssMm7n+tKwooGhcONwJZl6Z6Q]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a132bd7b-b714-4b7a-6f05-08d9b015405a
x-ms-traffictypediagnostic: SYBP282MB2978:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 2q/Gbxu4eHWRixy/QRSx4h78TWWqRd+3bLxgRZx1bjcnuU2MHQIuFgYqE4ZvB+WYUDiQujS90MLusbluqJ37jnaFNcjuHHXztPSaTsK3VYU7jc+NRsRJuyQIkVDasWse2cvQIBM2CkVqYZSsxMU+NGVQNQkPbb6uzxiNuLjpz0RvAEOdJmB7KKewbbD6M+U+AoYfMMUkhriZE+bLVcqTlxEqJsENPwRzszkqtCLzrFFAlco11DZXHMioDkKV7xVddaFXKnFL3ZI/CgZwk2S5nx/vQGocP6Zz/iLwJWUpyZFkGl2GacodCh6Tj7H1aC48FOiuA59YezvTfWTaAYQJDq+zV4m0QQi9fp90jpbmqcyy4tt/D6cOl4fcYpaS6PnR0/5OvP45oQbZBPTurdqBsWMHLT5Unkt3qKfC4g8x5K2zZkgMzOKTA5RnIKaOHduMj/l9C2DyxdtzN9RCztUnl/+akFq4tolXuYS23n5yXCgBb2nqZQxXECfkLTc3+Uc+lgXYBezfgKMpD++gWy4QzqKstF3iNTIZFIEDHFAi7BVmvnFHnX0N4eucgzeGxGKhVeHP41ufzRvIuFjgvXX1mw==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 rhSxw2qbtfWV9bVIq0r4/sH5VWWuq02FJkqjtqc0GowiWQaOKjkbHJtZZZeQkZDFU6bGvun9CcZE16jhaiKiUeKCkQ05pR77RfaxNmD0iCg82X0cSGn76fbiUFWijEA2g8aZwhrLMRb9bqHxKUYO7KW4mM2ZLzLppBVJXIDchpOxHriLI9F92lb7SF0o5c9RS+gmZX9ZO+PeyxIKNynqlImzH/K4h7mW2KKMboS3MMAMMLJth3t1HFM8tvLGYTeZPmN7lUdbYTdrsydVY6h+amQLTAdULbvm7hSWZCdpWm0G4YpNXu9fP497rBnbmHXFg5uxsaC64eKfRjM72CbeHN0i1eE5KUcGEjybHkPpoOp8NN8r8VNh0JDxYpfaPxvN5fWJLlESYZGfmQhhBa7Gijt9YoG1RCRnkbjTlId2YndTnOL3rI6cSgKfPcEWJJKv0bv+xRs21W05LsvH1CyOrOwf/YKV2aKydG91UH3lQ3+zEersltC6vqW29TrzVyqegV+2lQ0YBBIZkRDfFhzo+XMg42NJ/4x4d0lHFGYnU8cLroMbxX+G/rs5yC6F069Qzb5D+l/zCodnD3T+pOYcN1ObkzEbhe2QbwCRmGxUbupDmU+7d25teKBLk6J2eRqX/6YHVxUdzCHq2bZoU4gpVrMzfmh/0epcPTP7IiYXX/+LFUEDsLoSJZgqtsO1VIjYmKCBT6XQ/5fNATVeY6kPug==
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: a132bd7b-b714-4b7a-6f05-08d9b015405a
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2021 13:12:36.8881
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBP282MB2978
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

>>From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001=0A=
From: Qi Zhou <atmgnd@outlook.com>=0A=
Date: Thu, 25 Nov 2021 20:25:55 +0800=0A=
Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during=
=0A=
 PEI phase=0A=
=0A=
Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by=
=0A=
os(Windows etc), and will not restored on reboot, the=0A=
SevEsWorkArea->EncryptionMask may have a random value after reboot. then it=
=0A=
may casue fail on reboot. The msr bits already cached by mSevStatusChecked,=
=0A=
there is no need to try cache again in PEI phase.=0A=
=0A=
Signed-off-by: Qi Zhou <atmgnd@outlook.com>=0A=
---=0A=
 .../PeiMemEncryptSevLibInternal.c             | 55 +++++++------------=0A=
 1 file changed, 19 insertions(+), 36 deletions(-)=0A=
=0A=
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern=
al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c=
=0A=
index e2fd109d12..0819f50669 100644=0A=
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c=0A=
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c=0A=
@@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (=0A=
   UINT32                            RegEax;=0A=
   MSR_SEV_STATUS_REGISTER           Msr;=0A=
   CPUID_MEMORY_ENCRYPTION_INFO_EAX  Eax;=0A=
-  BOOLEAN                           ReadSevMsr;=0A=
-  SEC_SEV_ES_WORK_AREA              *SevEsWorkArea;=0A=
 =0A=
-  ReadSevMsr =3D FALSE;=0A=
-=0A=
-  SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr=
eaBase);=0A=
-  if (SevEsWorkArea !=3D NULL && SevEsWorkArea->EncryptionMask !=3D 0) {=
=0A=
-    //=0A=
-    // The MSR has been read before, so it is safe to read it again and av=
oid=0A=
-    // having to validate the CPUID information.=0A=
+  //=0A=
+  // Check if memory encryption leaf exist=0A=
+  //=0A=
+  AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);=0A=
+  if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) {=0A=
     //=0A=
-    ReadSevMsr =3D TRUE;=0A=
-  } else {=0A=
+    // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)=0A=
     //=0A=
-    // Check if memory encryption leaf exist=0A=
-    //=0A=
-    AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);=0A=
-    if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) {=0A=
+    AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL)=
;=0A=
+=0A=
+    if (Eax.Bits.SevBit) {=0A=
       //=0A=
-      // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)=0A=
+      // Check MSR_0xC0010131 Bit 0 (Sev Enabled)=0A=
       //=0A=
-      AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NUL=
L);=0A=
-=0A=
-      if (Eax.Bits.SevBit) {=0A=
-        ReadSevMsr =3D TRUE;=0A=
+      Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);=0A=
+      if (Msr.Bits.SevBit) {=0A=
+        mSevStatus =3D TRUE;=0A=
       }=0A=
-    }=0A=
-  }=0A=
-=0A=
-  if (ReadSevMsr) {=0A=
-    //=0A=
-    // Check MSR_0xC0010131 Bit 0 (Sev Enabled)=0A=
-    //=0A=
-    Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);=0A=
-    if (Msr.Bits.SevBit) {=0A=
-      mSevStatus =3D TRUE;=0A=
-    }=0A=
 =0A=
-    //=0A=
-    // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)=0A=
-    //=0A=
-    if (Msr.Bits.SevEsBit) {=0A=
-      mSevEsStatus =3D TRUE;=0A=
+      //=0A=
+      // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)=0A=
+      //=0A=
+      if (Msr.Bits.SevEsBit) {=0A=
+        mSevEsStatus =3D TRUE;=0A=
+      }=0A=
     }=0A=
   }=0A=
 =0A=
-- =0A=
2.25.1=0A=
=0A=