From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (NAM04-BN8-obe.outbound.protection.outlook.com [40.107.100.66])
 by mx.groups.io with SMTP id smtpd.web11.1087.1610045397079595040
 for <devel@edk2.groups.io>;
 Thu, 07 Jan 2021 10:49:57 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=0z7slRSu;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.100.66, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=OOf1S34RlUGKtW6zwwvTMO1lFwgwDopPmlq3dqU2ZXH+CDRD1dWgj+HXqhmDzVWGlMlmw8GI3RKVZD7AZACy4IgWITylVoJi09MuLh4/U22gv1LWS70mamO024BG+joHi5dHpsRSolNllChNduReONL+wugl4Iy+oNOMFrpWqQbqq8fZ8QARI7rq1kG3dVUn7B7QEQFwEeqahlUfZDwngfPFpx1wG8AsKacwIPbOSpQDhiVSeDvXTXkIDrN9mto8XqaEKBs/x6f+SK4pQw/Co55WVUHw0V4jmQOpI684aaYSfrPEwOSVStXWlO+SZpIJ4biItia/7DMd3dNFWh9mvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Fl5c+WUyti+6Z3EUPP8krTRnKF8JE7UIwuZUxS7tsxY=;
 b=I9vEHQm0EIRHcivkJ4W31+g7L9fd0O5+QnpAkFkMbO20wlijCvcb+d1NW7PmJ5vXj7I6xUWYjK68XQbbFxJHsEUKnzGnJut49CUd2dtQh3FIdNyIHPv2EbQWgbLcCbNi1UGxa4jD6f69ErhzPC4UGtHjsWgUPTAuFuh9zre3lVydxZc69Ql6J4tBI/60C8/tVRU5qO/H8VNpM6i3g9RNEskyr69qrYgHDoyCfVlCBqY1DO+LRMWFzLYh4YRI4umJCkbgzsvbF/pe5OKe24KTFBjqEnF1BJjAwOx/tJe5lnc4m6Hi2I3jn9APWjO1vjMTyNgUTR61e/q0uUc0CL9v2A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Fl5c+WUyti+6Z3EUPP8krTRnKF8JE7UIwuZUxS7tsxY=;
 b=0z7slRSuhGY3Sq3KliT2TVQ3aZxlWfzJ6eyZGxQlJvV31ZElh8g94ACQ8xhnatglWcKXX3v/uoChM0jrPW9dB1GnT09pZSTWv5wMkdGPE370E5ngQtKzOqG1yJe5m1mMVUKv9L0sHScD3yDCH84tYiqtIizzpGUdxaFj2PDmIC8=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by
 DM5PR1201MB0121.namprd12.prod.outlook.com (2603:10b6:4:56::9) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3721.23; Thu, 7 Jan 2021 18:49:54 +0000
Received: from DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Thu, 7 Jan 2021
 18:49:54 +0000
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: devel@edk2.groups.io
CC: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: [PATCH v3 04/15] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check
Date: Thu,  7 Jan 2021 12:48:14 -0600
Message-ID: <afa2030b95b852313b13982df82d472187e59b92.1610045305.git.thomas.lendacky@amd.com>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <cover.1610045305.git.thomas.lendacky@amd.com>
References: <cover.1610045305.git.thomas.lendacky@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: DM6PR02CA0113.namprd02.prod.outlook.com
 (2603:10b6:5:1b4::15) To DM5PR12MB1355.namprd12.prod.outlook.com
 (2603:10b6:3:6e::7)
Return-Path: thomas.lendacky@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR02CA0113.namprd02.prod.outlook.com (2603:10b6:5:1b4::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Thu, 7 Jan 2021 18:49:54 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: f3251cc0-05e4-4ad1-56f9-08d8b33d05e3
X-MS-TrafficTypeDiagnostic: DM5PR1201MB0121:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM5PR1201MB0121C24769A37EB4CF0309FBECAF0@DM5PR1201MB0121.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:1247;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	XQGAqrO7jQleTLPkjBZl9x4C2wm6wn6kFRJzkPjFvIdIvqxsGp+DL/RN5BE6UthDe/SwhXnFuGM4uEtKXznKo1mFe4sg43xs9JBhD/fKpcuNn4G9laeglC4Lnz/y0ItwTok5uEkElcPDDgohYeCuFqU25voTsBkItoBr70jMVuwejeurK/pqtY7aVXg2SK+Cq/mwpt/m8fPskcGbHGJXkTGNHEodT6DPhkx88YS3BxS4GSszQPccOPQFl4KoejvaJ+P9vUP91rBqaRclEqGVt0lPqZ8KKvT1WAmsoj1gVNU+orrGRFXz43r4oFlU6R96dyPgCjc9JdUx836S7oLPGXyes4TgrtNq/BpdxIpwNPQzChzxbgYaeF/WrWHokTj/8WhgAOqak0JeEBZD4svWZ2iNw6XJgjCP72YGYjOgtj23FPE9a2K5R1eRp8ln2WlifChT5h12PklEWH3LXSUpLw==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(366004)(346002)(376002)(396003)(54906003)(36756003)(316002)(52116002)(16526019)(186003)(6666004)(7696005)(4326008)(66556008)(66946007)(6916009)(956004)(2906002)(8936002)(5660300002)(6486002)(66476007)(8676002)(86362001)(478600001)(966005)(2616005)(26005)(19627235002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
	=?us-ascii?Q?vS0BT574Lkp1fcpx6SFEM4c83W6yfT3R5Djq97lNZ8aHasFPT+sH8/OT/td8?=
 =?us-ascii?Q?W1rL1/fVvkD4sewVDdhh1/klU+4L97AlymUuM7I8CC8cDcBSmw/KrbUfkfjN?=
 =?us-ascii?Q?06jPxIp3gIsDhyGHDQpLXSADT8XdVUd3Y0fHBIXDOFFG41qr5sGut57DbOt5?=
 =?us-ascii?Q?909qB99icQ5hD6X91UKjrjzb7SEqtx8C7hdyAH+G+0bVwNKP9MeDkm9YGXqW?=
 =?us-ascii?Q?T5PTcO5UmDPP9OFafA1Aj1fyAzYepuBzQxol9DN7eDxDS8T3go1JeCfG7+Lo?=
 =?us-ascii?Q?hy8uh6PUBqvk6Z+rLZ39QyJDmxzVM6fizt+rNcCyqotMgSlm6wlwS+1gwxJu?=
 =?us-ascii?Q?HCUXLR81w5+rboo2EMlH66kiM8AR1n/4EY8r5VX/merH8hYvTTjAf3y+t8nz?=
 =?us-ascii?Q?gunTdcp6J9nUgQ16C0BoBZiidaWc6qwqi67vABnwIkDgtaUDubZ0NnBiU8Cy?=
 =?us-ascii?Q?VvHJFs/45QvkiVgw7ccz5E88xXA0At6aU9d0jCzb5QTzeNK7qX0/esAiYHaz?=
 =?us-ascii?Q?286iXxcOTz8DFv2YfzrnKMgI1l+S6wbJENZW2kBOHtNeFn8D3sHQ7ErLjnkQ?=
 =?us-ascii?Q?WIvfAv4gD+XhUXvXRQcbp0m0jdi91CPVf8Nupx9gTV1qsD2mpuFxmlCCHJp5?=
 =?us-ascii?Q?W9q9eC1yrV0hZzPIRiMKQHZqoQDH1C6wEWOj+oI2tqA1LI6OlSmmW7iKOPr0?=
 =?us-ascii?Q?wobeG7lM77tO/ciWeaNfBeChWF67Z30azEhzyAhewauhzmSCb4nAwWHYVHpD?=
 =?us-ascii?Q?cXUUl9YCqQHfRxJUUQGHPcrFdmSb4DZCDD4eC2BMwbIuyFzBw4tEkeKVl5ru?=
 =?us-ascii?Q?VV5Q6qSusAMXJMS7ix+qR/b0UzlvRbrjHA4XiyC2Cr5Ber/fYVIB5FzG2VRx?=
 =?us-ascii?Q?MTRZPWoLJ7arYlLtaNcOWU4sCWl+Yj7pmPACImUER4l3XuAj3N5KJ5vM3lPy?=
 =?us-ascii?Q?0F3ouKTjSls7AmMqV2Bxy4zO8k99GthYy85lPeOYsIhVE5rUpu1QYjy0D9Fi?=
 =?us-ascii?Q?2qS8?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jan 2021 18:49:54.5797
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-Network-Message-Id: f3251cc0-05e4-4ad1-56f9-08d8b33d05e3
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 50/TDZL5bcze3VxmkkzWS0fyRCbAHRtYccZX6GtCdoYHlyyt126LG/y5MKGuGukcVRY+p6yO0Dk28rP84OeLZA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0121
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

From: Tom Lendacky <thomas.lendacky@amd.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3108

If a hypervisor incorrectly reports through CPUID that SEV-ES is not
active, ensure that a #VC exception was not taken. If it is found that
a #VC was taken, then the code enters a HLT loop.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index ccc95ad4715d..a1771dfdec23 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -154,6 +154,22 @@ SevEncBitLowHlt:
     jmp       SevEncBitLowHlt
=20
 NoSev:
+    ;
+    ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred=
.
+    ;
+    cmp       byte[SEV_ES_WORK_AREA], 0
+    jz        NoSevPass
+
+    ;
+    ; A #VC was received, yet CPUID indicates no SEV-ES support, something
+    ; isn't right.
+    ;
+NoSevEsVcHlt:
+    cli
+    hlt
+    jmp       NoSevEsVcHlt
+
+NoSevPass:
     xor       eax, eax
=20
 SevExit:
--=20
2.30.0