From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id E7E96941BBD for ; Fri, 26 Jan 2024 22:15:22 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=iC2ntABnap6LOPJJ4AxJZIZ3p9J+6muH87iWHRWDndw=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307321; v=1; b=HV4nQdO0QztrDBkTygJtpJyp46kN9OpGRr2NGcQbtrCguJ6ci8GZq6Fqv18OYMNiOBp0Lv+l +5LWzkf8NC6qqO/YAUYPEmlR1i0JmekChvklePaOfg5Yji8dKZ+9qciBVF7sWTb9nrXVVBbqhYO BVRcMIOEeCQcUtAXufJ/rWcU= X-Received: by 127.0.0.2 with SMTP id E055YY7687511xfZO17Q0zUj; Fri, 26 Jan 2024 14:15:21 -0800 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.70]) by mx.groups.io with SMTP id smtpd.web11.2988.1706307321050215484 for ; Fri, 26 Jan 2024 14:15:21 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b3c3DyTF+RcsEBBZQ+c6LxJo5mR9f6h4/CZA0b5LAXLg2n5yT7iuyxvhIaYAnC2wd6c5gw+F8lYRXYF5geQRYQA127CedbvNv1ix4kitiE1e+x6aEx7M7HM1F55HPGMhXchLCL4U3PgZy5CxA1nABpVA4VAMF4PnOMF9SAu63Dyz5YV7272uGis+6rVGi8EkX7K+e76cwVEq3t1x4IHHUMxWCcMVjhitfWA5htYBWU7t4kF9OOtONHXUTYOTWhnPd37tJvVG6HbaEN4z0GuC/jEeX2KZtMxCRK+IlW13UWqlnml/7DQXBSQSPiUS2lSxcbmUS7ps+53P7z/W0Z2Wog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QF/p9YOqpRjoVBZjZZX44Lyd5vHMmxFeL020E/2FOUI=; b=iBOztKbZzOKD7GZTNTKPFqq2qfzIQ+ULA1Lr5uYeuJahpl5BXWYLh/CuP2T9DUflWeUXRqJPVf07J1yWB9h6oLbdRB3/aFPCTe7B44IeVgzIWKXyxdKQ8j/V/wgqNmAbFKkD2FEXVVS5bsYZdTkMq7EcF/5cIBMnFSSFs+Zq939gkhrVLQuXpDk1YDJwJLVwWwT9N49Zrzn7WQ/lbBUVexIESqLiYt5c3r+JDjJO+rXRjiL51/u/JSukABK5PLpGWF7jfjRGxWCMFKs+6xyoGoIzTj6OrM6QI4DGPXI2EE8omqnE2jtFfrdWyqB4BCPciHSmVPJf/beQB5MECUBXww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from SJ0PR03CA0056.namprd03.prod.outlook.com (2603:10b6:a03:33e::31) by CY5PR12MB6455.namprd12.prod.outlook.com (2603:10b6:930:35::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.37; Fri, 26 Jan 2024 22:15:18 +0000 X-Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:a03:33e:cafe::ce) by SJ0PR03CA0056.outlook.office365.com (2603:10b6:a03:33e::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22 via Frontend Transport; Fri, 26 Jan 2024 22:15:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:15:18 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:15:17 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 15/16] Ovmfpkg/CcExitLib: Provide SVSM discovery support Date: Fri, 26 Jan 2024 16:13:14 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|CY5PR12MB6455:EE_ X-MS-Office365-Filtering-Correlation-Id: 33c72881-79bb-49c0-7ed8-08dc1ebc47a1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: flH1xTisaKBHwiSvWUNW6XeMtbS+mfATgEQGP4c7gp+mdmcoRte6swLOezaLXTUOdDtrDhLYqL9SD242P3VJjQINl2bBxm57/F7UWhiMLI0Oiwb6Rt9QCyv31M4CVH7PNJZhuqaWQh3H7TprJJp3IZiic63SPc4mj5urkWn8isl4cjB5iKcNtGIpAavmn9YZTU+mZRvMHqTWJh6bD9zwPirPFOGeOMSNOLcPb8A9mucB40EMAWpFCiVa/3nFiuG7oWJV0P5/ZWP7pmHvwmcIOhmEzWEMThohGUbHl8q4XHw0CCYU8eg7IOlixJDA5T4NufjyID3L25r1YpvezgPmCWOzyf7nnuaicFKxukHOWdgXHBdFn87JcamqADyUTfVYfOvHiMtmPdsZs0ZMRY/mGKfl9OO52kGjT1bgP0sGyyrFj4EA30LqPNLzVlpx+kIOXGglaZH0SotXjUZMMb4JEi21Qe2y8imxv8KTZ/agZhw3GCe3c1nyh8+45TqeNNV+BNuJYPxY3PkhSpYzShunBre+Kxd7frohtT+iINXv5CgMSUwOFrXIxvZsLU/ul7SYMtvmKMtaYh7+2SxN1ccWDrgn+eVu4mMc2hO7qRSAN0bgef6ScxEgSj/PeEe14CtPzerTn6J/eLGLpj//S27GEoWDvVO8cD6e+QTRPEoIFP8PmV6zgFrZI6f7seUW21SXqZGCjCYPMsPGYgJqPHG2N5tR+8M52X9cSEjFb2yqFy79p87guW3GL8V+ueqneLJp X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:15:18.3437 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 33c72881-79bb-49c0-7ed8-08dc1ebc47a1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6455 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: bi7hEv8lmDyFx6POWp4F0NRex7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=HV4nQdO0; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The SVSM specification documents an alternative method of discovery for the SVSM using a reserved CPUID bit and a reserved MSR. For the CPUID support, the #VC handler of an SEV-SNP guest should modify the returned value in the EAX register for the 0x8000001f CPUID function by setting bit 28 when an SVSM is present. For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC should be generated when accessing this MSR. The #VC handler is expected to ignore writes to this MSR and return the physical calling area address (CAA) on reads of this MSR. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++++++++++++++++++++ OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 21 ++++++++++++++ OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 ++++++++++++++++++-- 3 files changed, 77 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.h b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.h new file mode 100644 index 000000000000..2325e7a98910 --- /dev/null +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.h @@ -0,0 +1,29 @@ +/** @file + Secure VM Service Module (SVSM) functions. + + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + Secure VM Service Module Specification + +**/ + +#ifndef __CCEXITLIB_CCEXITSVSM_H__ +#define __CCEXITLIB_CCEXITSVSM_H__ + +/** + Return the physical address of SVSM Call Area (CAA). + + Determines the physical address of the SVSM CAA. + + @return The physical address of the SVSM CAA + +**/ +UINT64 +EFIAPI +SvsmGetCaaPa ( + VOID + ); + +#endif diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.c index 3459338b2033..e4c600d2a46b 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c @@ -44,6 +44,27 @@ SvsmTerminate ( CpuDeadLoop (); } =20 +/** + Return the physical address of SVSM Call Area (CAA). + + Determines the physical address of the SVSM CAA. + + @return The physical address of the SVSM CAA + +**/ +UINT64 +EFIAPI +SvsmGetCaaPa ( + VOID + ) +{ + SVSM_INFORMATION *SvsmInfo; + + SvsmInfo =3D (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase)= ; + + return CcExitSnpSvsmPresent () ? SvsmInfo->SvsmCaa : 0; +} + /** Return the address of SVSM Call Area (CAA). =20 diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/= CcExitLib/CcExitVcHandler.c index 0fc30f7bc4f6..950e7c34e37f 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c +++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c @@ -1,7 +1,7 @@ /** @file X64 #VC Exception Handler functon. =20 - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved. + Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -18,6 +18,7 @@ =20 #include "CcExitVcHandler.h" #include "CcInstruction.h" +#include "CcExitSvsm.h" =20 // // Non-automatic Exit function prototype @@ -713,10 +714,29 @@ MsrExit ( IN CC_INSTRUCTION_DATA *InstructionData ) { - UINT64 ExitInfo1, Status; + MSR_SVSM_CAA_REGISTER Msr; + UINT64 ExitInfo1; + UINT64 Status; =20 ExitInfo1 =3D 0; =20 + // + // The SVSM CAA MSR is a software implemented MSR and not supported + // by the hardware, handle it directly. + // + if (Regs->Rax =3D=3D MSR_SVSM_CAA) { + // Writes to the SVSM CAA MSR are ignored + if (*(InstructionData->OpCodes + 1) =3D=3D 0x30) { + return 0; + } + + Msr.Uint64 =3D SvsmGetCaaPa (); + Regs->Rax =3D Msr.Bits.Lower32Bits; + Regs->Rdx =3D Msr.Bits.Upper32Bits; + + return 0; + } + switch (*(InstructionData->OpCodes + 1)) { case 0x30: // WRMSR ExitInfo1 =3D 1; @@ -1388,6 +1408,11 @@ GetCpuidFw ( *Ebx =3D (*Ebx & 0xFFFFFF00) | (Ebx2 & 0x000000FF); /* node ID */ *Ecx =3D (*Ecx & 0xFFFFFF00) | (Ecx2 & 0x000000FF); + } else if (EaxIn =3D=3D 0x8000001F) { + /* Set the SVSM feature bit if running under an SVSM */ + if (CcExitSnpSvsmPresent ()) { + *Eax |=3D BIT28; + } } =20 Out: --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114641): https://edk2.groups.io/g/devel/message/114641 Mute This Topic: https://groups.io/mt/103986477/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-