From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
To: <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Erdem Aktas <erdemaktas@google.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Michael D Kinney <michael.d.kinney@intel.com>,
Min Xu <min.m.xu@intel.com>,
Zhiguang Liu <zhiguang.liu@intel.com>,
"Rahul Kumar" <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [PATCH 15/16] Ovmfpkg/CcExitLib: Provide SVSM discovery support
Date: Fri, 26 Jan 2024 16:13:14 -0600 [thread overview]
Message-ID: <b88a48fde7ffb69ae823db5fbc39b7a04b78e972.1706307195.git.thomas.lendacky@amd.com> (raw)
In-Reply-To: <cover.1706307195.git.thomas.lendacky@amd.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification documents an alternative method of discovery for
the SVSM using a reserved CPUID bit and a reserved MSR.
For the CPUID support, the #VC handler of an SEV-SNP guest should modify
the returned value in the EAX register for the 0x8000001f CPUID function
by setting bit 28 when an SVSM is present.
For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC
should be generated when accessing this MSR. The #VC handler is expected
to ignore writes to this MSR and return the physical calling area address
(CAA) on reads of this MSR.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++++++++++++++++++++
OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 21 ++++++++++++++
OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 ++++++++++++++++++--
3 files changed, 77 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.h b/OvmfPkg/Library/CcExitLib/CcExitSvsm.h
new file mode 100644
index 000000000000..2325e7a98910
--- /dev/null
+++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.h
@@ -0,0 +1,29 @@
+/** @file
+ Secure VM Service Module (SVSM) functions.
+
+ Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Specification Reference:
+ Secure VM Service Module Specification
+
+**/
+
+#ifndef __CCEXITLIB_CCEXITSVSM_H__
+#define __CCEXITLIB_CCEXITSVSM_H__
+
+/**
+ Return the physical address of SVSM Call Area (CAA).
+
+ Determines the physical address of the SVSM CAA.
+
+ @return The physical address of the SVSM CAA
+
+**/
+UINT64
+EFIAPI
+SvsmGetCaaPa (
+ VOID
+ );
+
+#endif
diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c
index 3459338b2033..e4c600d2a46b 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c
+++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c
@@ -44,6 +44,27 @@ SvsmTerminate (
CpuDeadLoop ();
}
+/**
+ Return the physical address of SVSM Call Area (CAA).
+
+ Determines the physical address of the SVSM CAA.
+
+ @return The physical address of the SVSM CAA
+
+**/
+UINT64
+EFIAPI
+SvsmGetCaaPa (
+ VOID
+ )
+{
+ SVSM_INFORMATION *SvsmInfo;
+
+ SvsmInfo = (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase);
+
+ return CcExitSnpSvsmPresent () ? SvsmInfo->SvsmCaa : 0;
+}
+
/**
Return the address of SVSM Call Area (CAA).
diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
index 0fc30f7bc4f6..950e7c34e37f 100644
--- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
+++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c
@@ -1,7 +1,7 @@
/** @file
X64 #VC Exception Handler functon.
- Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+ Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -18,6 +18,7 @@
#include "CcExitVcHandler.h"
#include "CcInstruction.h"
+#include "CcExitSvsm.h"
//
// Non-automatic Exit function prototype
@@ -713,10 +714,29 @@ MsrExit (
IN CC_INSTRUCTION_DATA *InstructionData
)
{
- UINT64 ExitInfo1, Status;
+ MSR_SVSM_CAA_REGISTER Msr;
+ UINT64 ExitInfo1;
+ UINT64 Status;
ExitInfo1 = 0;
+ //
+ // The SVSM CAA MSR is a software implemented MSR and not supported
+ // by the hardware, handle it directly.
+ //
+ if (Regs->Rax == MSR_SVSM_CAA) {
+ // Writes to the SVSM CAA MSR are ignored
+ if (*(InstructionData->OpCodes + 1) == 0x30) {
+ return 0;
+ }
+
+ Msr.Uint64 = SvsmGetCaaPa ();
+ Regs->Rax = Msr.Bits.Lower32Bits;
+ Regs->Rdx = Msr.Bits.Upper32Bits;
+
+ return 0;
+ }
+
switch (*(InstructionData->OpCodes + 1)) {
case 0x30: // WRMSR
ExitInfo1 = 1;
@@ -1388,6 +1408,11 @@ GetCpuidFw (
*Ebx = (*Ebx & 0xFFFFFF00) | (Ebx2 & 0x000000FF);
/* node ID */
*Ecx = (*Ecx & 0xFFFFFF00) | (Ecx2 & 0x000000FF);
+ } else if (EaxIn == 0x8000001F) {
+ /* Set the SVSM feature bit if running under an SVSM */
+ if (CcExitSnpSvsmPresent ()) {
+ *Eax |= BIT28;
+ }
}
Out:
--
2.42.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114641): https://edk2.groups.io/g/devel/message/114641
Mute This Topic: https://groups.io/mt/103986477/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-01-26 22:15 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 22:12 [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 01/16] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-01-29 12:59 ` Gerd Hoffmann
2024-01-29 15:39 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 02/16] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-01-29 13:12 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 03/16] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
2024-01-29 13:22 ` Gerd Hoffmann
2024-01-29 15:51 ` Lendacky, Thomas via groups.io
2024-01-30 11:51 ` Gerd Hoffmann
2024-01-31 18:30 ` Lendacky, Thomas via groups.io
2024-02-01 8:35 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 04/16] UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM Lendacky, Thomas via groups.io
2024-02-02 6:06 ` Ni, Ray
2024-01-26 22:13 ` [edk2-devel] [PATCH 05/16] Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 06/16] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 07/16] OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
2024-01-29 14:40 ` Gerd Hoffmann
2024-01-29 17:34 ` Lendacky, Thomas via groups.io
2024-01-31 18:40 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 08/16] OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-01-29 14:46 ` Gerd Hoffmann
2024-01-29 17:37 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 09/16] UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-02-02 6:07 ` Ni, Ray
2024-01-26 22:13 ` [edk2-devel] [PATCH 10/16] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-01-29 14:52 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 11/16] UefiCpuPkg: Create APIC ID list PCD Lendacky, Thomas via groups.io
2024-01-29 14:57 ` Gerd Hoffmann
2024-02-02 6:08 ` Ni, Ray
2024-02-02 22:56 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 12/16] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
2024-01-29 15:00 ` Gerd Hoffmann
2024-01-29 17:49 ` Lendacky, Thomas via groups.io
2024-01-30 11:25 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 13/16] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Lendacky, Thomas via groups.io
2024-01-29 15:21 ` Gerd Hoffmann
2024-01-29 18:00 ` Lendacky, Thomas via groups.io
2024-02-02 6:20 ` Ni, Ray
2024-02-02 22:58 ` Lendacky, Thomas via groups.io
2024-02-05 5:06 ` Ni, Ray
2024-01-26 22:13 ` [edk2-devel] [PATCH 14/16] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-01-29 15:21 ` Gerd Hoffmann
2024-02-02 6:48 ` Ni, Ray
2024-01-26 22:13 ` Lendacky, Thomas via groups.io [this message]
2024-01-29 15:23 ` [edk2-devel] [PATCH 15/16] Ovmfpkg/CcExitLib: Provide SVSM discovery support Gerd Hoffmann
2024-01-29 18:04 ` Lendacky, Thomas via groups.io
2024-01-30 11:38 ` Gerd Hoffmann
2024-01-30 16:13 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 16/16] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-01-29 15:24 ` Gerd Hoffmann
2024-01-27 4:04 ` [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM Yao, Jiewen
2024-01-27 17:48 ` Lendacky, Thomas via groups.io
2024-01-28 4:11 ` Yao, Jiewen
[not found] ` <17AE677D909D4A42.23935@groups.io>
2024-02-09 8:11 ` Yao, Jiewen
2024-02-09 16:17 ` Lendacky, Thomas via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b88a48fde7ffb69ae823db5fbc39b7a04b78e972.1706307195.git.thomas.lendacky@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox