From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 17B41941980 for ; Fri, 8 Mar 2024 15:33:02 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=0zdBweF0PHOdBn/Y5ma0M5IkSPbGXA4kmr20/QZNRnI=; c=relaxed/simple; d=groups.io; h=Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20240206; t=1709911981; v=1; b=Rrmks29O0z5vWZPbGcGSjUF0g72APakcAgskmEdsgHUpADWF+8siEuOky+3oGQi+Blxwirin sxX2JZrq8zFVeulItEn+CjbxREtNmSemxWK4YS8O2biZcp9Bl8F1JALnHCSnkb/G7vftcTpgSsb ZHc9AodE8NXh3azqB/5hW2LcHc4VN5r5ZyKnlQqXFOphg/+r1XiLb0fvaEq/Nf1rt9c71GJXupm KMD9xZDbp7yLLEtu7Mudjcvmm5PlbHEyfvxq99hHpSCQIIKwXyu9Ziu7KIFgoIEM+Y1R971oXST ohuMSnVcdYZwV4iN/6LiZTmomrp8DC5e9/o3U+hSNgGeQ== X-Received: by 127.0.0.2 with SMTP id wwJVYY7687511xhzqF0hsbS7; Fri, 08 Mar 2024 07:33:01 -0800 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.89]) by mx.groups.io with SMTP id smtpd.web10.24852.1709911980918006575 for ; Fri, 08 Mar 2024 07:33:01 -0800 X-Received: from CYXPR02CA0011.namprd02.prod.outlook.com (2603:10b6:930:cf::25) by PH7PR12MB7428.namprd12.prod.outlook.com (2603:10b6:510:203::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.26; Fri, 8 Mar 2024 15:32:55 +0000 X-Received: from CY4PEPF0000E9D5.namprd05.prod.outlook.com (2603:10b6:930:cf:cafe::37) by CYXPR02CA0011.outlook.office365.com (2603:10b6:930:cf::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.29 via Frontend Transport; Fri, 8 Mar 2024 15:32:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D5.mail.protection.outlook.com (10.167.241.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7362.11 via Frontend Transport; Fri, 8 Mar 2024 15:32:54 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 8 Mar 2024 09:32:53 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v3 24/24] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Date: Fri, 08 Mar 2024 07:33:01 -0800 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D5:EE_|PH7PR12MB7428:EE_ X-MS-Office365-Filtering-Correlation-Id: 5a3542b1-68ab-482d-33d3-08dc3f85066d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: Zw6MfIBwHQwjiK1drjgwIhf9DJVqUYzghlWn0C5/tfXeN9MCw0SSZc7hGM49MdJ+n7YWLlXjhKuNo5/e5k5UkLjGQoVkmEYDQvx2aHNVPrM4z5sGf8os9x9hJz67Ra3ZD5oat3QJG9ZuxAVVjH79WGx8NGgM/rgSVzyRViLUgSFKwjzemu2U6tqIC4djxLuQdb7u/EJs1lx9NDRJ1wjcfr+B+YCq9tJILOZFBmEQhIJ9hBpxviunYRXgD2nQ2mZ8RzvrR8ezRlwYqdQUCmZq0J1M3c+7c+5CYZUHbYjoLUmhEZF5+GH1H/cYAknAhY3CPDZZtDV8L3IMwAvi0qJCT9mN5YD4KzAjI7XBT2RJQ0xY/EFkkCTMFZcxtJECYKy1a7rsTtSz/CxijpirPVOD+kaKtrLSFcbFbZH3UQ5Fo0WzeRtRAGghHa2x1BRgPmijMdS4Y0Z2YFDEznI98hVouiQnM7ZjfDz5sHNkfeW0vLwKEyb576BPqkxc+MHHNtwqARPheIRt9cmMdNNZ2yBRkiX3Hmvidl0PPmnKeC3KPhppSMg5Ugvr6gugW4OGyZ4SoSAaRxroY7bnyKbShZpdddgpTwtkAL+lX+8jEhKvH0tGReh+XO2oDMCWd4FCKB7oIsVUpESjH7vbu5QOjXAy9/HtlcxLBRCZYtHb7R0XCpBvZ9pNe4FSE+prtB0PIOnjx2bDYDjK5GADfvsTSVgb1A== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2024 15:32:54.9694 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5a3542b1-68ab-482d-33d3-08dc3f85066d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D5.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7428 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 7FqpeHFAuMgf7WicfbRXKhAEx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Rrmks29O; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Currently, an SEV-SNP guest will terminate if it is not running at VMPL0. The requirement for running at VMPL0 is removed if an SVSM is present. Update the current VMPL0 check to additionally check for the presence of an SVSM is the guest is not running at VMPL0. Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: Jiewen Yao Cc: Laszlo Ersek Cc: Michael Roth Cc: Min Xu Acked-by: Gerd Hoffmann Signed-off-by: Tom Lendacky --- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 9 +++= +++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c index ca279d77274b..227e33339910 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -12,6 +12,7 @@ #include #include #include +#include =20 #include "SnpPageStateChange.h" =20 @@ -74,10 +75,12 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 // // The page state change uses the PVALIDATE instruction. The instruction - // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate - // the boot. + // can be run at VMPL-0 only. If its not a VMPL-0 guest, then an SVSM mu= st + // be present to perform the operation on behalf of the guest. If the gu= est + // is not running at VMPL-0 and an SVSM is not present, then terminate t= he + // boot. // - if (!SevSnpIsVmpl0 ()) { + if (!SevSnpIsVmpl0 () && !AmdSvsmIsSvsmPresent ()) { SnpPageStateFailureTerminate (); } =20 --=20 2.43.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116549): https://edk2.groups.io/g/devel/message/116549 Mute This Topic: https://groups.io/mt/104810750/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-