From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.57]) by mx.groups.io with SMTP id smtpd.web12.2989.1631649167880539318 for ; Tue, 14 Sep 2021 12:52:48 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=XG9XPS3i; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.57, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iZJy/7AG6pd6ONEbRdqVQ2W4tkV/1MHo/HOb2yPr95rpkTuHc2/1eHgl+94+cUTcYpqaJcgxTRi5uRG5/6+EMWW4eG2jf8KQuKKQlTqZ67Nd08fximSnYNDqJZKHn1ZBtxBuOtVHJS7A4GmeFOQcqqKGhrd0Z99tGDBMZTSFMpvTwqlOo8kr2TnaatJ0+Kb4V8ZF4PkXA8HbIgSoAf7XNIgJ1q76wXXtYbsBAneAPYWdvF+lOasp03iIKZwKDewElOH1dqTHmXag40MRzFtrnx82JYHOjTiy4s+DlBhqM7o6JL/vTsn97Q/0jXxqjPeabYWu/cywwxkeCbRwuKN6OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hBxmSwgiiwmqPFSVJnOgHjgZDX1+BeeE0O944q8FoXw=; b=j9QQJHnGtxgf0CzUI4d/tTWWSLPTK/MonSKx7QfNBwVYAMCpyQriVQ9ynpFsRSssBpV1xragZc78gSA3aQddtqg6BwmU0/fYMBXlcsC8C1Y0WxZBX11r39MuI9+XlOG9VKoZg8VkyW6erDQMC7B+SiuKOOgcyoHXIcuL0jyQGgmI+EATKKwXzch5k1U7nKZ3aK6PGony+VhQNyBToSX6vcEnL2Hppf37CHfYYE/CG/r8chM3Sqb4QhR+E96QmAGIeI9UIfdErcaN6GUufOf6KtL6pApzPmTFR27JkLBh7SIjGI3Ze+Rf+zBMOwSIcIhHa3VK7sM54anXkq9UquTi+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hBxmSwgiiwmqPFSVJnOgHjgZDX1+BeeE0O944q8FoXw=; b=XG9XPS3iCFqI3IoXEDZGIaKtvd37Eg+13vkeRkBb2HR1BHlg+jajV+gre0dtU9kEqOtHRlGEeipH7N9Ma9OpMJolHkrE476BrppV1rz4qu5DJHOXO5rCaz76ROuDbdJSddDODMtkabV1eitMKBiA14//JU1ZagmvUQ+jesIpIjM= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2543.namprd12.prod.outlook.com (2603:10b6:802:2a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Tue, 14 Sep 2021 19:52:45 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4500.019; Tue, 14 Sep 2021 19:52:45 +0000 CC: brijesh.singh@amd.com, Ard Biesheuvel , Jordan Justen , Gerd Hoffmann , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V6 1/1] OvmfPkg: Enable TDX in ResetVector To: Vishal Annapurve , devel@edk2.groups.io, Min Xu References: <2d085336-386b-8492-5f0e-ce9e0c49e8b6@amd.com> From: "Brijesh Singh" Message-ID: Date: Tue, 14 Sep 2021 14:52:44 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 In-Reply-To: X-ClientProxiedBy: SN7P220CA0028.NAMP220.PROD.OUTLOOK.COM (2603:10b6:806:123::33) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from [10.236.31.95] (165.204.77.1) by SN7P220CA0028.NAMP220.PROD.OUTLOOK.COM (2603:10b6:806:123::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.15 via Frontend Transport; Tue, 14 Sep 2021 19:52:45 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 36bfdcba-3ff0-4def-0377-08d977b938b8 X-MS-TrafficTypeDiagnostic: SN1PR12MB2543: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tKwzKv7mhI629T62Yi3uPE0cfQ5vYHoMoXxpVOEf4rS93JnJeycG+059ablTNG/eoLEtfo1IDKDy6TKF52Yof9ZQnSU+5kV/Lppgede3rXKRiCWE8a0bQSH3U35x7ptmb38rNrxZw5R3eYBOKqUym7VSOhkAJc/hGhXx4ZR4pZAkz0QD169RE8AT520Y33cPZaMEpxU+tLqXtBYidy2u/okhWfogXY9dQpo0CFRNIKXv7xOslrxlj9+g/DBGELIvrYd5xBQumzq1AzWkDSfVm9nHm4cuOI9JyVADNrUeNO44HHYp/ZuJ5wjE6pCbnD53CoCqMOx1JsyBlJ0j2g1cUriHUBW8fDpZuGNxojjRFKjT9PNOPL9zmokTNfn1b7W4SbDQ6K65w/fPUAlkdLXgCRf5UxIpI/sU9CsyQejW0KBGAx5WZvIrY6a66Wx8sCX0ow2cg8ysh0riOSzc9UGVyCfqfqmWisSogzmUlqAJzOmkmCK0l6cs+tOcp2XXY+JyXbVo/JDKGitxLi2vidy3Ilyh0DqdBGMZcIrARL0owAQ2FXaxpdPpVCpa52sS+9MwcIRkiyeR6QOxR4lwgcwNS/pHjRnvnDpgO+kA5E5UZ7RqK5fkmjvdKkHEV45iU3hIJADXm8OGd4ahLYdTMDR7M6WHcecg85saWOHs5BT8OdeHiZyOiExxV6kUVYrxjSFK+ALt1jSNGMhD+K7MxCULTShfgUO5a+VejBwAeh2aeP9tcSV6T1H1xNms5n+fNHzRtfSOUleTSB7FQoRkq/yoLump8qSKyh0FJNwbeiJ4NXFxlq4CbCVVxiL3912e54OicS4whKZiolAXDSgYE6+Lvvsl1otQeivl0w5CljmHNEDRd91beEDdHbu91RVTRyHPhEhAiS2qOVxLt5qwEQZJOQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(66946007)(66556008)(8676002)(66476007)(508600001)(5660300002)(45080400002)(316002)(44832011)(19627235002)(16576012)(54906003)(110136005)(2616005)(83380400001)(956004)(36756003)(966005)(26005)(86362001)(2906002)(4326008)(53546011)(31686004)(186003)(52116002)(8936002)(31696002)(38100700002)(38350700002)(6486002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?C884sJnTJpGsWe0FWIkwf7mBQX02R3sG+5jWEhWedplb0b41WtEywO5OGFYy?= =?us-ascii?Q?b2i+L65CJngpB2d+dFPU3dSvFUVyns322yyNBJhFc6fSpIAtRRoDAFBFrZlR?= =?us-ascii?Q?icsdRZ1PQy6nJcvfrF24p2cYNxk2434cr1G4bR7w320rrpflCqYZ7jDp7hYA?= =?us-ascii?Q?aHDw+JTWW0oI2Sq7PgQizPZNaButJeMsG5Ffx7QqMUlOTFUpDIgm0l+YsdgF?= =?us-ascii?Q?UGEcRfju5jkSF2PiIZKjFM/FHmKjHoe1MSkjVZWtFTjWEk5/U3YCdJzUO1Sq?= =?us-ascii?Q?fVtWJYrduFlstPWR0gdfG5r/r6tdKYL+X1JEQPlRBbGTQYTuKqGe1vquQehH?= =?us-ascii?Q?hwfT+0MKs8LzZXr08snLDMEMw4xpl2FRYpTqzN/bOEHQSKsSiw4WD6qSKr09?= =?us-ascii?Q?wY6/Kf0csm7gTsK22S7OGQncMbcpqLYRFhlFZJgyyKFNhzWPDV9KZxdJK43r?= =?us-ascii?Q?1BxeM5AJFq9SxTolDSqJCtvKlqP/Eeq1vlJi1aSB05thmgZWC5HgDiupMBRS?= =?us-ascii?Q?YI87S25wwSivYfSmw1rPYRv/Jq6gpaMjnKwav91g19cIABBnkVZI7wiYUG+F?= =?us-ascii?Q?3fx2CBfA6S+X4Dp/8aKbMRFaxvWeyKPlY+Ekgd2KlAmHu9tTLQDtJdzNXMxL?= =?us-ascii?Q?LLozgbzDjG4Kuju/7NbbMpc3Bu+5XRTGaYjc2Ej7Ys+N37MFz0fQfnnhMiAI?= =?us-ascii?Q?qr3ZZgmv8IQkY9SIy6c84rI+koHO7fm8/tjeHP82b5GzF1VSaXIXd1BhENCL?= =?us-ascii?Q?7vgTIuopG0QR4kngCYDT1pxu9Z03G8LGKjEsx6f3l01MrmaHlEJUKq7VlZWw?= =?us-ascii?Q?+GmRcMMVINuCMjl90rfdRg+KKanadBEIkx/ip0CNzArM1LNVTKFrmk1QdVaX?= =?us-ascii?Q?5m5BgFw/szHTLjt2kHkQDLKAO/1z23eww/65DtwdG4Ub7ztTwe1EkPyh/snI?= =?us-ascii?Q?7kvx30pZgisBE2UfHUbPcKeAXiM3yydteLjbk+tu0dRy3KdisJpEXMO8vojT?= =?us-ascii?Q?FMOG5QaCe2VPYKGRRBuOzvtA8yunL8tklNONFYWjgfHNTWE/isR+bmInKtVo?= =?us-ascii?Q?mk4gFjyIwiU8+RyLC0+4EIldjM1wlC3bN3a/SjOsByZDMnMCDtZJ7DISDfUS?= =?us-ascii?Q?IW9ZSi/j1dvdScgLwDc+6t+SQREfdiziZLundcKZQfQzwkkWelNQmMiRLaKb?= =?us-ascii?Q?6xuTG6wwZWobGk6SECKK18F8jSfw/I8PAhjSIt7vIXZRjEXa9rwy6mVZp3ZR?= =?us-ascii?Q?j0zpKQGoS4ghbFjVNP+NoADb9zxa441eujdVJ7ailDeg3nozTrzzGyqZroKr?= =?us-ascii?Q?+mrNbtKPdc6bQgWGlEKepza5?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 36bfdcba-3ff0-4def-0377-08d977b938b8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2021 19:52:45.5693 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Zq9NBrXbAxekjXioiOM5f2svzTqqXsUBoHdlJdULxy0JFP3/XJf5p5GYYGZu9+EUHpYgEU4up5gUFbqpZLIVBA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2543 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi Vishal, On 9/14/21 2:00 PM, Vishal Annapurve wrote: > Hi Min, Brijesh, >=20 > Regarding: >> diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/Rese= tVector/Ia16/ResetVectorVtf0.asm >> ... >> +%ifdef ARCH_IA32 >>=C2=A0 =C2=A0 =C2=A0nop >>=C2=A0 =C2=A0 =C2=A0nop >>=C2=A0 =C2=A0 =C2=A0jmp=C2=A0 =C2=A0 =C2=A0EarlyBspInitReal16 >> >>+%else >>+ >>+ smsw=C2=A0 =C2=A0 ax >=20 > We are having intermittent VM crashes with running this code in AMD-SEV= =20 > enabled VMs. As per the AMD64 manual=20 > =C2=A0section=20 > 15.8.1, executing "smsw" instruction=C2=A0doesn't result in bit 63 being = set=20 > in EXITINFO1 and KVM ends up emulating "smsw" instruction by trying to=20 > read encrypted guest VM memory as per the code=20 > .=20 > Since KVM tries to make sense of different random cipher texts in=20 > different boots, it seems to intermittently result in visible issues. >=20 The smsw does not provide decode assist, in those cases KVM reads the=20 guest memory and tries to decode. With encrypted guest, the memory=20 contains the ciphertext and hypervisor will not be able to decode the=20 instruction. But it brings a question to Min, why we are using the smsw ? why cannot=20 use mov CRx. The smsw was meant for very old processors (286 or 8086=20 etc) and is used for legacy compatibility. The recommendation is to use=20 the mov CRx. The mov CRx will provide the decode assist to HV. I looked at the Intel architecture manual [1] and it also recommends=20 using the mov CRx. The text from the Intel doc. SMSW is only useful in operating-system software. However, it is not a privileged instruction and can be used in application programs if CR4.UMIP =3D 0. It is provided for compatibility with the Intel 286 processor. Programs and procedures intended to run on IA-32 and Intel 64 processors beginning with the Intel386 processors should use the MOV CR instruction to load the machine status word. [1]=20 https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-= 32-architectures-software-developer-instruction-set-reference-manual-325383= .pdf > Is this expected behavior or do we miss some configuration or patches=20 > that are recommended by AMD? >=20 This is expected because the smsw does not provide a decode assist, and=20 encrypted guest will have issues with it. Lets understand the reason=20 behind using the smsw. > Regards, > Vishal >=20 > On Tue, Sep 14, 2021 at 4:54 PM Brijesh Singh via groups.io=20 > =20 > > wrote: >=20 > Hi Min, >=20 > A quick question below. >=20 > On 9/14/21 3:50 AM, Min Xu wrote: > > RFC=EF=BC=9A > https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fb= ugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3429&data=3D04%7C01%7Cbrije= sh.singh%40amd.com%7C2cca2f0a7fb44084da2b08d9775cb220%7C3dd8961fe4884e608e1= 1a82d994e183d%7C0%7C0%7C637672062275443867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi= MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata= =3D4zfuIDvTGDNCt%2BD3u7uUR0n6hHDzv%2FI8NkqoUJhsx8Y%3D&reserved=3D0 > > > > > Intel's Trust Domain Extensions (Intel TDX) refers to an Intel > technology > > that extends Virtual Machines Extensions (VMX) and Multi-Key > Total Memory > > Encryption (MKTME) with a new kind of virutal machines guest calle= d a > > Trust Domain (TD). A TD is desinged to run in a CPU mode that > protects the > > confidentiality of TD memory contents and the TD's CPU state from > other > > software, including the hosting Virtual-Machine Monitor (VMM), unl= ess > > explicitly shared by the TD itself. > > > > Note: Intel TDX is only available on X64, so the Tdx related > changes are > > in X64 path. In IA32 path, there may be null stub to make the buil= d > > success. > > > > This patch includes below major changes. > > > > 1. Definition of BFV & CFV > > Tdx Virtual Firmware (TDVF) includes one Firmware Volume (FV) know= n > > as the Boot Firmware Volume (BFV). The FV format is defined in the > > UEFI Platform Initialization (PI) spec. BFV includes all TDVF > components > > required during boot. > > > > TDVF also include a configuration firmware volume (CFV) that is > separated > > from the BFV. The reason is because the CFV is measured in RTMR, > while > > the BFV is measured in MRTD. > > > > In practice BFV is the code part of Ovmf image (OVMF_CODE.fd). > CFV is the > > vars part of Ovmf image (OVMF_VARS.fd). > > > > 2. PcdOvmfImageSizeInKb > > PcdOvmfImageSizeInKb indicates the size of Ovmf image. It is used = to > > calculate the offset of TdxMetadata in ResetVectorVtf0.asm. >=20 > In SEV-SNP v7 series, I implemented the metadata support. I did not s= ee > a need for the PcdOvmfImageSizeInKB. Why do you need it? I think your > calculation below will not work if someone is using the OVMF_CODE.fd > instead of OVMF.fd. Have you tried booting with OVMF_CODE.fd ? >=20 > thanks >=20 >=20 >=20 >=20 > =20 >=20 >=20