From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.84]) by mx.groups.io with SMTP id smtpd.web10.3189.1670616405545000694 for ; Fri, 09 Dec 2022 12:06:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=xmDFwduQ; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.96.84, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ES0WOBtY03J0r6sNyNZJRKFpBYcXcmHi9lbxZmlsJi1XmN+6i6OTdWReoi0H3/quZbYbSHk3zRjUBzEXAoqx6bFu2iN6DwTq7WOy1p5KHoELFi0SqZyneriIhZF2A6yfpEBdyEUAbEtIUrZzhlCDvkR05iaeeGNIOaZyxR/msd7+jheZTHbhBxcYaeh6bhY99yY8k9vGPyne18rOPtEkff+5Zh+B9vNP0Tk6XmG5bidMFjX/oyybaBiN8IFcq6XDttlnKinkJooGD1eC6D4JT/DdsAAy9PChAacZqwy0u6RuVCn8tN3Od2BmSDOJV9o5Fq5FsoXBQ2yH65S7ddrreA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EDki7FH0wwBQO0AtUzwu40Ywn1xHw22XDDs+Rf/dSVE=; b=hrfrqkjkQMfsgIaImFHkOFdJbR9s36Xo0iqrLIhCHcycjlrJ3mYw5RxEURsURFk06+Z1C+0vur0s3D1Zz0gg1t3GOGjm7bw1MyTTepeFzAQHnOhD7iGpVpgPwxOjsMx/Z6su5tyYGSfu3irZ1SHyeBQLUIlRDy7fgxlkd9Uk+4afZRASMfvU+gBp5IuRDJxgGj8ut/fYvCLQ/VTevPZWn9C+5GPH5JiNKl+NUMkmUAatnECVuEYhbgjXtA5iy15D1U3KnVw3jrMJ+K3L0zwofRthxe911SFwY4A3SuQFRaPvisdFJYKHp9/sdW4GqnF+syiqaNhGii1wl4JsROnbXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EDki7FH0wwBQO0AtUzwu40Ywn1xHw22XDDs+Rf/dSVE=; b=xmDFwduQVPofqzUYzlXm0/orwJPV4S6u1H7YRpytEuEekwTDpZJbeDgeyiiH2OHP6F67NMNq+hTURoQyhLLj36rr4oZi1ygzYmAqimUwtgPZSMnf1lPcC3ERopaUX+FFrTzTj2bIrJNgF09Em7RsY+dGpPP6DF59z91VUMU4DkI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH0PR12MB7906.namprd12.prod.outlook.com (2603:10b6:510:26c::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.18; Fri, 9 Dec 2022 20:06:43 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7%4]) with mapi id 15.20.5880.017; Fri, 9 Dec 2022 20:06:43 +0000 Message-ID: Date: Fri, 9 Dec 2022 14:06:40 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH v2] OvmfPkg/PlatformPei: Validate SEC's GHCB page To: Adam Dunlap , devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Brijesh Singh , Erdem Aktas , James Bottomley , Min Xu , Dionna Glaze References: <9b9c4946b7b825d2dc6ba2d6aab9ea703db81bf7.1670611881.git.acdunlap@google.com> From: "Lendacky, Thomas" In-Reply-To: <9b9c4946b7b825d2dc6ba2d6aab9ea703db81bf7.1670611881.git.acdunlap@google.com> X-ClientProxiedBy: SA9PR13CA0005.namprd13.prod.outlook.com (2603:10b6:806:21::10) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH0PR12MB7906:EE_ X-MS-Office365-Filtering-Correlation-Id: 9fe29df1-7ce9-4d47-8835-08dada20e424 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tSvz+kaNsfN+7fe0f1d7fkaRzdtUO2TU+BN+2E6bgq9yxem4Zx6kYNlH+3eHfCORusyki1dAh33tUaHy8K+0itA2n7lqY7X7UHDYqsSXAxw1Q0TD54Fq8QrQtm02HeTAyYvt4KHwJh3ov8HlYMq30qxN4rsIeoXXxF3dziKaxEmfmk+jVr30w5RTjVkts3s11t1waRP99s8N9cgMmWmIOjxjKT1suEKIO/tqB2zrssGOwGEoeUrD8lEx7lHFf3yB1RzzrAUGZdsAdQpm108IOIoIO19xzphRGIZoMrtHLGwbx0m0I556124P+UppDDpTSya1yu4JDhxfpZOGAGqVY9xUSRGuTMJCh5fh5qnrnenVmT0P1GRdXqqHvpDcZxeUg+eoLS2ngyU1my6NSQ7dgW0s459lfgbf1ghTmJFaT9bkiF5tX5qYcdmOdF3al6O30OCAdH0Rzt0g1Kr+Wloj4099+fLuKWsjiqsqgT/IF2QAla+L67YR4tza7j7MDywD0V1Dynk8oZS0nHr4pKc489Zx8nxVvRaEbsu3KgEhVpblhQC0m9Pb298mRHRzqwbPcpStO0PxWTsfzTUrleYAA3gj8y6zWfwerX2b1hYQ/SKnI4vaGLiCmpFjyaMduxSI4lb0Gdlr//v8jyj7n5zl44BEfx7bm41tZaKZ/R1nqNx8PqC56ItH0Efk0N0VmI5GFVmuUpFLk81Jln7EUOuIzpgzOWBin5kTFLOlciX6Ngo= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(396003)(136003)(346002)(39860400002)(376002)(366004)(451199015)(66476007)(31686004)(4326008)(66556008)(66946007)(38100700002)(5660300002)(7416002)(41300700001)(83380400001)(54906003)(316002)(2906002)(15650500001)(36756003)(2616005)(186003)(26005)(6512007)(478600001)(53546011)(6486002)(8936002)(6506007)(8676002)(86362001)(31696002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?S0hxUi9jcVdaaDdCOTREeXZwMjlWaGJOWUNUUFZqS2VOdVYvL1dMSzFBc3BL?= =?utf-8?B?Y251UW8rRFpKZEhSRkpod0ZuZGRrYzQ0b2xINUdmdVRQQU80VldXWDRwNndu?= =?utf-8?B?QzlGVUo5Tmt1dWwvNGYwZGYvT3J4L3NwSDNrV2VoTE5UMTZFaTVPMGNEUGU4?= =?utf-8?B?MnE0OTYrSVJTQWo5Y25tb0hLU1kxY0UvNGhONlhJWVZCYklIQXNreSt0RjI5?= =?utf-8?B?OUVybk5KNWdsS01lamc3OEJETjNtL2F6YzVNYnJvWXduMTU2cEkySWd1Rndl?= =?utf-8?B?RGJsNzBsTmJacDVOdWFubnE4V2lWRWVQRHZ4Tjgydllsa0k0WHZoKzRUOG1I?= =?utf-8?B?UjhFTkZVbHdMaXBnajV6aGlzOTNCTlFRdFNYWDNQenYrcG5hVWZwRG9GcUNn?= =?utf-8?B?WG5KZWJ3QWVWUHJiakVIV2Zkb0tUSEd1WWc2ZG94N01TRXZqaXZvYVgrMnIv?= =?utf-8?B?akhJNERYMHNxekdWMVc0UW5OUjVnWFB0N2tXZmpySDJrWGgzaE5pZXh6anp0?= =?utf-8?B?cXVkL095cy81M3ovckpQQVFLaHZIRkp4dUR0c2xpY1V5Ry9NOG95U1pHWGEz?= =?utf-8?B?WWFad1dOcCtDUUExNlpmSC9GS0hQd1o0dERGa1ArV1YrMG1oSnZhQ3JSdHYw?= =?utf-8?B?K2FvbDl3Z2ZHRGFNUmRNT1lpam95SGs1bWNqeFM5d1VyY2hBenIvUGdzRkZ4?= =?utf-8?B?UVFpOVQ0c2Jid0pZTU1NSFVXVFZiY2dUUFFrSUJaeHlNc2JTTHRYUjlDaTk1?= =?utf-8?B?Z0tEbTF3ZUFuUW5VMnRBdEhQOC9CVS9LOHlwT3pYSVlrNWlHd2d1NWl3c1Za?= =?utf-8?B?b0VHMHgwUHN2RTI4QmxxdVpPV3BuWFl3eWk5bkFsOWpyTFVwMUhDY09PdFJ6?= =?utf-8?B?WitVT2VteVBnZHNabk9VV25FZ0JzSVBtZllYbzRJN3JwelZDanFPOElNbjky?= =?utf-8?B?RW9wemZJd3lIVW5zZGRhWlI4ZktDSS9oemkxZGM4aU5hcGNORVFYWS94aFZz?= =?utf-8?B?VStEOTFkVVRCOUxKT3JXWTU4ZzV0dDdyci9ldXlUdUhaUTBVUG9xMTN6aGZy?= =?utf-8?B?N3crVlNPSzd4OGEyUUlQekt4cExjSzRjdTQrdjBqWHBSSm9MUCtYVXBNVUZz?= =?utf-8?B?dFdzL1RNelowSzhXUFRQMUFZVW90N2hPUDBUOG1FczVhOWVPRnREdWNPR2Fi?= =?utf-8?B?Y3VtcEVaRHpEVVBpdVBtdEsxcldQaU9wVnd3dUx1MzZmb2Rnak9xR0t3SW03?= =?utf-8?B?SllZdkdwVG1SRXYwYXlGMEZQditrNGowaDEyaHRXTDhaNTM2SFVCVXMvSHNS?= =?utf-8?B?MEp2Q3J1NExOS2xJa0Q5SmFIdlZwQktQVU9vUTZQNy9EcGw1Qm4zSGx1NEVl?= =?utf-8?B?UGRwUkp6WjlETzUrWVBMZThPU0tCVkxsc3JkeGM4MWtTZDB5RjRiWDRwV1BW?= =?utf-8?B?cjIyT0dmTzhsNUExRjdhWVBza2lnVXZONUNvWEtEbC9IOUdkc0MxajZNQmpB?= =?utf-8?B?NTNHUWNJV0N6dGlVVG1ZLzA1eWlFVDFST01CVnc2R2xxaDd6VG96NS9MQWth?= =?utf-8?B?aFFsTmFoT2lyTFJjeFFkOUFQRGlOMllTNHE4dHJ1V2M4Z1kxMG9KeVVZMTVT?= =?utf-8?B?elNwUGhaZDMzc3NTMmIzWU1KVXJuS1NUZXdKd1J5UkxFUTlvaG9DcVpWejFG?= =?utf-8?B?T0dSMEE1UjFCbVZoSFlRNC9EZkZSampPc0pvLzZFNnhYR0w1cEY5T0JyY2VF?= =?utf-8?B?RlNIU2V2OXBYNSs0bVora0RMUFJsYktNZitFYXJwbmprSVNOV1hxVzdwUE52?= =?utf-8?B?REFtdEJaRGRmVEhQT2NWY0haWGtFZjlTREloMGlGc09iSVJlaXdrY3BSWWNi?= =?utf-8?B?TDhRL3JzUVg1V0NDSFFEYnF2ejROWG8xK2ZHSkpLSlFSNVl4NTFSOHlRM210?= =?utf-8?B?WTB0Z09GaW15amhlWG85WjVrdXZ6QytMUjNVVnBjeUFoejVRejJCQU4vZ2ti?= =?utf-8?B?VzlZT2REL3hnVXFrQTgxTnk1ME9Idy9YL2ZIME1yalNvS2t1SW1odWlvTDF2?= =?utf-8?B?VW5nblc2QXdVMXZuNG94djhOZzdkVUFTWnYxRExxQlZEV3ZwVXNBZGxKY1VE?= =?utf-8?Q?rQG1z0s/N5hPHvXAas+DRRtZz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9fe29df1-7ce9-4d47-8835-08dada20e424 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2022 20:06:42.9330 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wj9cAScTMzkbQUXgfxhlkQs08CuGsXxV3HKkoeOqUoVsd3Sx+vf4U38bojSKyVqZvMC+CC+0EIXvWIWjd1XX2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7906 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/9/22 12:58, Adam Dunlap wrote: > When running under SEV-ES, a page of shared memory is allocated for the > GHCB during the SEC phase at address 0x809000. This page of memory is > eventually passed to the OS as EfiConventionalMemory. When running > SEV-SNP, this page is not PVALIDATE'd in the RMP table, meaning that if > the guest OS tries to access the page, it will think that the host has > voilated the security guarantees and will likely crash. > > This patch validates this page immediately after EDK2 switches to using > the GHCB page allocated for the PEI phase. > > This was tested by writing a UEFI application that reads to and writes > from one byte of each page of memory and checks to see if a #VC > exception is generated indicating that the page was not validated. > > Fixes: 6995a1b79bab ("OvmfPkg: Create a GHCB page for use during Sec phase") > > Signed-off-by: Adam Dunlap > --- > OvmfPkg/PlatformPei/AmdSev.c | 21 ++++++++++++++++++--- > 1 file changed, 18 insertions(+), 3 deletions(-) > > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index e1b9fd9b7f..df560a8679 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -212,7 +212,7 @@ AmdSevEsInitialize ( > UINTN GhcbBackupPageCount; > SEV_ES_PER_CPU_DATA *SevEsData; > UINTN PageCount; > - RETURN_STATUS PcdStatus, DecryptStatus; > + RETURN_STATUS PcdStatus, Status; I'm not sure if the CI will complain in this case, but it doesn't allow multiple variable definitions in a line. And with the change I suggested, this will now likely trigger a CI failure (you can check by submitting a pull request to the EDK2 project, which will run the CI but not actually commit anything, and seeing if you encounter any issues). > IA32_DESCRIPTOR Gdtr; > VOID *Gdt; > > @@ -240,12 +240,12 @@ AmdSevEsInitialize ( > // only clear the encryption mask for the GHCB pages. > // > for (PageCount = 0; PageCount < GhcbPageCount; PageCount += 2) { > - DecryptStatus = MemEncryptSevClearPageEncMask ( > + Status = MemEncryptSevClearPageEncMask ( > 0, > GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount), > 1 > ); You'll have to re-align the arguments under the lower-case "m" now. > - ASSERT_RETURN_ERROR (DecryptStatus); > + ASSERT_RETURN_ERROR (Status); > } > > ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount)); > @@ -295,6 +295,21 @@ AmdSevEsInitialize ( > > AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); > > + // > + // Now that the PEI GHCB is set up, the SEC GHCB page is no longer necessary > + // to keep shared. Later, it is exposed to the OS as EfiConventionalMemory, so > + // it needs to be marked private. The size of the region is hardcoded in > + // OvmfPkg/ResetVector/ResetVector.nasmb in the definition of > + // SNP_SEC_MEM_BASE_DESC_2. > + // > + Remove the blank line here. > + Status = MemEncryptSevSetPageEncMask ( > + 0, // Cr3 -- use system Cr3 > + FixedPcdGet32 (PcdOvmfSecGhcbBase), > + 1 // Number of pages > + ); These arguments need to be aligned under the lower case "m", too. Thanks, Tom > + ASSERT_RETURN_ERROR (Status); > + > // > // The SEV support will clear the C-bit from non-RAM areas. The early GDT > // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT