From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=y2X7VuGR; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.76.83, mailfrom: thomas.lendacky@amd.com) Received: from NAM02-CY1-obe.outbound.protection.outlook.com (NAM02-CY1-obe.outbound.protection.outlook.com [40.107.76.83]) by groups.io with SMTP; Thu, 19 Sep 2019 12:52:30 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fRGQJm/0x7ioUkYdZiRGgOi2mciT0MSJDsXhnH/M8uPymQXsRILv0vDFGrXqY/A3nPHwSzCA/Rm7LH4Zo7hAFzwCB83jRYGtD1j5jq6+wkO56PGiph0dOcsChdotDcfXYlHSGzp24REDFAu3PKkR2qlfujQsCWei3qS73ogjnOrhc38qJwvrVDvvkun7/7+O0NeIEZ5og3ksMKxMKVa0aINlR1kE0lYOvOxNMQd6w1SggtRWGfat1gjnUzz0hx7eFfM9T5Ue5+5En3zzVYCGYJGrcBI+2UygEIelWvjWPM3bl6BjbZUDDn5YFqi/Mls+Z/TihpEy0ID2gt8ReZpylw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vBG8QOl5rwGKLTp1ykBp80xyCO0cFXmEhdPgnvi7u7U=; b=hSwJkm80GhY5CJ228+vtU24nmFfJoiR9wZdyYvWBfhzMsR6Qestw3dATNIeQ65RZJtCUzpmARGmh0//ILMPUGh3ljZHmfMGBboCPw3qQut4GBs1cTegvwleVBDuY9hZmzoIfeAKc94MDquer4beMAzQUxNsm7m0YED3U1W32eYNscgmWjq4y93JfDJ7HoW5V0TJvYwfoIb996SVfwxFt+0KR0dXeU4uqygQ0cXojCQnA5fxbcqdiYiRcvo3KpSQWuEwJ/axjpawUvrMgb/oYVxk8vCMOhg+ouw0YawALkboiAOQ87jmxFlckLI8/T3JqpVtsoepX3ailQvHYly//Sg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vBG8QOl5rwGKLTp1ykBp80xyCO0cFXmEhdPgnvi7u7U=; b=y2X7VuGR+64Ek4q1RtkihqMtgFFiP5+hFrtbKktisPkTULe5jxXoERUqIudptA2tX9lB9A4sxuwkA5qJBXsPyT3lKbr3d0jF090nCyAGryFlpoTKhJjv/+y8SgMgQluFXnaqM4zzMbD4DOQgvUPJMFBr0queuiYJ46Ytu0pPOu0= Received: from DM6PR12MB3163.namprd12.prod.outlook.com (20.179.104.150) by DM6PR12MB3228.namprd12.prod.outlook.com (20.179.105.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.13; Thu, 19 Sep 2019 19:52:28 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::400e:f0c3:7ca:2fcc]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::400e:f0c3:7ca:2fcc%6]) with mapi id 15.20.2284.009; Thu, 19 Sep 2019 19:52:28 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [RFC PATCH v2 03/44] OvmfPkg: Add support to perform SEV-ES initialization Thread-Topic: [RFC PATCH v2 03/44] OvmfPkg: Add support to perform SEV-ES initialization Thread-Index: AQHVbyPDnwCe71ks/E2JwQ+3zy/eQQ== Date: Thu, 19 Sep 2019 19:52:27 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.17.1 x-clientproxiedby: SN4PR0501CA0146.namprd05.prod.outlook.com (2603:10b6:803:2c::24) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:182::22) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.78.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0755ee6a-f104-4311-7534-08d73d3ae62d x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020);SRVR:DM6PR12MB3228; x-ms-traffictypediagnostic: DM6PR12MB3228: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4941; x-forefront-prvs: 016572D96D x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(366004)(376002)(396003)(136003)(39860400002)(346002)(189003)(199004)(4326008)(26005)(446003)(25786009)(52116002)(19627235002)(71200400001)(71190400001)(8936002)(81156014)(81166006)(256004)(8676002)(186003)(50226002)(2351001)(2616005)(102836004)(486006)(11346002)(476003)(66066001)(386003)(6506007)(66446008)(14454004)(76176011)(99286004)(6486002)(36756003)(5640700003)(66556008)(118296001)(3846002)(316002)(7736002)(2501003)(1730700003)(6116002)(5660300002)(478600001)(54906003)(6916009)(966005)(6436002)(2906002)(64756008)(305945005)(86362001)(6512007)(6306002)(66476007)(66946007);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3228;H:DM6PR12MB3163.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: eCE/KY5eSQ+0rHvsERMGJnDwS0MTPuGh/MZ0P746rYPszeXgWywh/6al1ftjDai3bwD0uyp9q3Fxoo+0uN3JxMqsI5r10lDnTsimsL6b5AqhfpdgqL2N6jrI5TJMD/n4SRrl0FiGMLXWECFu2mDPRDF0yU8YuwbnlhFFFJ9QOjBAs3oPNAePrbgWFcnKuwQgEkiQyY3dMlDVkhk2evkfDYowiZeAqgkgT8Bz/ED/kJ6BA2I6Qc3fvIXJUyDJzfKyv3Hm4AmUF+VyLHlvl8+/DhAcEHMb55nxgnib8cxXODWb87if8b/aor4gbVZDld8W8sG6YPtZmbXQGJlnfbYHBh7t9wgb0tuWzNyKktjjcKvq3e+TPuFW06gFrxJMygoruNYTKAvzZ9ZPsLv4scUQbv1zsxnrYqhQbupQ+0jNJlQ= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0755ee6a-f104-4311-7534-08d73d3ae62d X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 19:52:27.9228 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dshoJ0iZkedJoZNJ8ugBDtRBLbOtSSP/tGWv7IMsm+b0iqXSslxPa3LHmCNfyQyuounohPuFN+rZROlYxuHvZg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3228 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2198 When SEV-ES is active, then SEV is also active. Add support to the SEV initialization function to also check for SEV-ES being active. If SEV-ES is active, set the SEV-ES active PCD (PcdSevEsActive). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 26 ++++++++++++++++++++++++++ 5 files changed, 36 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 6ab730018694..0ce5c01722ef 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -558,6 +558,9 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 =20 + # Set SEV-ES defaults + gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive|0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index f163aa267132..e7455e35a55d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -570,6 +570,9 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 =20 + # Set SEV-ES defaults + gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive|0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index fa98f16a3fb3..0b8305cd10a2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -569,6 +569,9 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 =20 + # Set SEV-ES defaults + gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive|0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index d9fd9c8f05b3..2736347a2e03 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -100,6 +100,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gEfiMdeModulePkgTokenSpaceGuid.PcdSevEsActive =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 2ae8126ccf8a..7ae2f26a2ba7 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -19,6 +19,27 @@ =20 #include "Platform.h" =20 +/** + + Initialize SEV-ES support if running an SEV-ES guest. + + **/ +STATIC +VOID +AmdSevEsInitialize ( + VOID + ) +{ + RETURN_STATUS PcdStatus; + + if (!MemEncryptSevEsIsEnabled ()) { + return; + } + + PcdStatus =3D PcdSetBoolS (PcdSevEsActive, 1); + ASSERT_RETURN_ERROR (PcdStatus); +} + /** =20 Function checks if SEV support is available, if present then it sets @@ -89,4 +110,9 @@ AmdSevInitialize ( EfiBootServicesData // MemoryType ); } + + // + // Check and perform SEV-ES initialization if required. + // + AmdSevEsInitialize (); } --=20 2.17.1