From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (NAM04-CO1-obe.outbound.protection.outlook.com [40.107.69.89]) by mx.groups.io with SMTP id smtpd.web12.14350.1589553019266959857 for ; Fri, 15 May 2020 07:30:19 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=J6jh+l5C; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.69.89, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZDpWlUX7TstiGvy3bFL4KFgAbXCi5FB67uC3A81OP2197HpL3tcU9zYS6A6OfysVPC88P3GeNIjwrCRlnBbd39YH16xNiMo//pu8ZYT1UZlDkMqzQ7I+uwwnFDV/dSSp3+4NuQrX5IcQJt448g9HsLr1IXZnp/xuS7YDTrAJK/h2OQd3q4LZiibmRiYSwM922LZRrmHDsrRr0Kew5rVeQS4ez59ZqvUakOzp24fIlmmQ+Xi4ID1tV0L3FTtf3nKDHyKB+bh4clUz742gZNbdRTBNFD0KoThs+2PVCg/7XoTL52fzKpGZJQ83jcAZqdLdzc0a2mC1Ko/+8Bk7ev+n+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cGUkU2rNdA0C4pxZ7QU1rOk0ZbbfLSLPB7HVZJblq+I=; b=SQexA8ZqO3CB4J01im32LNjbwMxw+UK5i/kYRKb8K5lN1I2dQm+z9B3XPYxKSRIKCn+dYBovtCnTtfO3tmqNtitH+CY3/pMn5t17gOBcN1S9V+DYoLrlBT3ZC7T6FzlSLKG/KIxOqyHYsKYo8juPUD/n5xrQfwNvHZlbQp63RTZX0TAbHVWE4RN3mYzcxSme0UqLd6783nUdM+B+w4g+5WyYAHu86T2w2psF79xpLbZZ440LSmIVZdii2p0b/F3NwWkwA7443yH+fPgrDLnSaun4ma3ZKnHfUUarYZ0y7p0NW9s3JaNYAU2N3pQl2MG1A1CRkRUT9H/3QAtoATiMOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cGUkU2rNdA0C4pxZ7QU1rOk0ZbbfLSLPB7HVZJblq+I=; b=J6jh+l5Ca73b8PYnnzW9hMZF252aQy2cJ7InhaI985Pkho3YurXKTMVjq6/sKNvgzE2C9XE6cigAU+ZP1uHywplyMkMA5RoCqS626swOPdlaYcDL+zoOhVLAFAclSyLbaC1JxCteB4zKVD9f6AxXFZ3KJg4ZiN7kHf4264OS7j8= Authentication-Results: hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1161.namprd12.prod.outlook.com (2603:10b6:3:73::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.24; Fri, 15 May 2020 14:30:16 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.2979.033; Fri, 15 May 2020 14:30:16 +0000 Subject: Re: [edk2-devel] [PATCH v7 00/43] SEV-ES guest support To: "Ni, Ray" , "devel@edk2.groups.io" , "afish@apple.com" CC: "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , "Kinney, Michael D" , "Gao, Liming" , "Dong, Eric" , Brijesh Singh , "You, Benjamin" , "Bi, Dandan" , "Dong, Guo" , "Wu, Hao A" , "Wang, Jian J" , "Ma, Maurice" , Fan Jeff References: <4da69262-e6a8-1374-2853-dab2a8f193d3@amd.com> <734D49CCEBEEF84792F5B80ED585239D5C530D55@SHSMSX104.ccr.corp.intel.com> <734D49CCEBEEF84792F5B80ED585239D5C535775@SHSMSX104.ccr.corp.intel.com> <734D49CCEBEEF84792F5B80ED585239D5C54F7B4@SHSMSX104.ccr.corp.intel.com> <6a752620-bf92-26cc-2fcb-4faaccbe1f5b@amd.com> <734D49CCEBEEF84792F5B80ED585239D5C55F24F@SHSMSX104.ccr.corp.intel.com> From: "Lendacky, Thomas" Message-ID: Date: Fri, 15 May 2020 09:30:13 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: <734D49CCEBEEF84792F5B80ED585239D5C55F24F@SHSMSX104.ccr.corp.intel.com> X-ClientProxiedBy: SN1PR12CA0088.namprd12.prod.outlook.com (2603:10b6:802:21::23) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN1PR12CA0088.namprd12.prod.outlook.com (2603:10b6:802:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20 via Frontend Transport; Fri, 15 May 2020 14:30:14 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: dac49290-191b-452b-8f47-08d7f8dc7c61 X-MS-TrafficTypeDiagnostic: DM5PR12MB1161: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 04041A2886 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: K58ZHnFteQ9NQbTg3XMqqDVMbQerFbbzRyKCJDLuHs8Cavad0RWN3uPGNMkTHn2vRC1Gb56ZHjF3Yhw9M2dRH3XEGxRmSkggSnjoQ9ajNw9unouX2pzhGp6XrGCwFsQMAENwYxMPYGh+Gi6KbPNaRDyHK1dS0XPlE1Z3p+9nzt1GqvM/3HpuqtY0XFMCoaW9ywjvRuFrYCIAJA+PKFIGDN4ovVBv7Dxmh2VU5hV7xs3Y4f5ldLdXA7ulO+8dWA6VVS4D//Mrunv7fDjfcINZd4pWTbXh1TfWMAltlVwSA6qvGBGvlYwxkfLSQESzGLbfjZvxdFCPsL+EA4G2a+DgoN5aIHDx0TVpONB6E9lPfXRDgaf7MqwDYqv1vZcua7x3bTTbgjfhuVMXq7G685xVDvbGxEO/xSPJ3VT63r7oI5hjqamVICbPqxEVRPjEflHt1dq2Qnj91EzH1z0pACnm/w5qJzpKaIRd6jmdcb+ErvkykRQwBhRu+uNajtrIXWe6xcSDkmZ5PM7/Y9WcJw6OilEz8nCGEuFi/ZqHD77i2ymYIXdQdiWZ99S4SU32dniYEA1M6iKHsFYBONuMZ1Fyqw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(346002)(376002)(366004)(396003)(136003)(966005)(19627235002)(31686004)(8936002)(36756003)(45080400002)(16526019)(30864003)(186003)(956004)(478600001)(2616005)(26005)(4326008)(31696002)(6512007)(7416002)(53546011)(52116002)(6486002)(66946007)(316002)(8676002)(2906002)(54906003)(86362001)(5660300002)(110136005)(66476007)(66556008)(6506007)(43740500002)(579004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 0b6RzM2E7ERMD1brEMyjHuLer6swBwEqfQctXKUoNmiwEo1jN2uL1wnET6WI77APWpbw5MWbJWU6dXiMC7lQmwKjFUhzAAvG9uoi/IgxLPaCMkchQrfYf2iUVAMkylQI2TZnkWnr0l0ChWirf2jAU93CZR4PC66tPokpvibMmaOs4Bs3gDLWtvaU0HGv26U9FOV093g46g2Frg/zMc7Oj64teYWtzyNl9P6vQUd+BB99djskokyqO9Xq6LZr6kRU3AhZ/JDVtQbhYMPXiFOmi+7Gpw+onmZ5DEK/9DedQfoSpAl4CN0LfOk6fouixNLS2OWzLIhrTVI/Mdc6V+lHwe6g/Sq3BACBAICyyqtLINRBdJoDTHoKkHfAK3rzmECKmAt5hDKvXWGtTRnwMWHMB5/9BT54hesgnfuoVUweyNdoGgDPnJKkzCeRvdMVBrN5kZj1VB2dTgQobfEhI/OKj/nDnnyj5Xg53bBJw5Tc3Fc= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: dac49290-191b-452b-8f47-08d7f8dc7c61 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2020 14:30:16.5433 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: J3Jtktag/iJ0Ihw9uTe1wZ3sVDGHrtU9D2eQ+BdzwAnfMqXjWIjxww9bdp+mp6mfJpiKCCYyt4+Dmut86G5uSg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1161 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 5/15/20 12:47 AM, Ni, Ray wrote: > I just realized my solution doesn't cover some scenarios: > 1. SMM > 2. S3 boot path > 3. CapsuleX64 >=20 > If we want to hook #29 in all scenarios, your way > directly modifying CpuExceptionHandlerLib is the > easiest way because RegisterInterruptHandler() is supported > only in DXE/SMM case. > There is no way to use RegisterXXX() API for #2 and #3 because > PEI instance doesn't support. >=20 > Do we need to hook in all scenarios? What instructions could > cause #29? A #VC can only be genereted by an SEV-ES guest, so in the standard case=20 the hook will never be called. For an SEV-ES guest, a number of different= =20 instructions can cause a #VC. These include IO instructions (such as used= =20 to output debug message to the serial port), CPUID instructions, anything= =20 performing MMIO, RDMSR/WRMSR instructions, etc. So we need to hook it in= =20 all SEV-ES scenarios. To eliminate all of the handler code in the standard case, I'm planning on= = =20 providing a NULL VmgExitLib library that has a (near) empty #VC handler so= = =20 that the full #VC handler code will only be in the Ovmf package. >=20 >=20 > I don't see much difference between the new way > introducing OverrideCpuExceptionHandler () and directly modifying > the CpuExceptionHandlerLib. Both ways modifies the library. > Introducing OverrideCpuExceptionHandler() might be worse because > it creates an interface which encourages anyone to hook any exceptions. >=20 > Your current way only hooks #29. Ok, I can go back to the explicit check for exception #29. I'll work to get these changes and changes from other feedback into the=20 next version and out for review early next week. Thanks for taking the time to work through this with me! Tom >=20 > Thanks, > Ray >=20 >> -----Original Message----- >> From: devel@edk2.groups.io On Behalf Of Lendacky= , Thomas >> Sent: Friday, May 15, 2020 1:59 AM >> To: Ni, Ray ; devel@edk2.groups.io; afish@apple.com >> Cc: Justen, Jordan L ; Laszlo Ersek ; Ard Biesheuvel >> ; Kinney, Michael D ; Gao, Liming ; Dong, >> Eric ; Brijesh Singh ; You,= Benjamin ; Bi, >> Dandan ; Dong, Guo ; Wu, Hao A= ; Wang, Jian J >> ; Ma, Maurice ; Fan Jeff <= vanjeff_919@hotmail.com> >> Subject: Re: [edk2-devel] [PATCH v7 00/43] SEV-ES guest support >> >> On 5/14/20 8:10 AM, Ni, Ray wrote: >>> Tom, >> >> Hi Ray, >> >>> I just discussed with original CPU owner Jeff and went through how IDT= is setup in the boot flow. >>> Here is what I think you can do to avoid modifying the CpuExceptionHan= dlerLib. >>> 1. SecPlatformMain() modifies IDT[29] to point to your VC handler. Thi= s step helps to build the VC handler in whole 32bit >> mode SEC+PEI. >> >> That can probably be done, but duplicates a lot of code - all of the >> exception entry assembler code. >> >> Additionally, UefiCpuPkg/CpuMpPei/CpuMpPei.c will also invoke >> InitializeCpuExceptionHandlers() registering a new IDT[29] entry. >> >>> 2. Create a new DXE driver with dependency set to TRUE and call Regist= erCpuInteruptHandler(29, xx) in its entrypoint to >> register VC handler for whole 64bit mode DXE. >>> 3. Platform FDF uses apriori file mechanism to make sure the driver cr= eated in step #2 is dispatched as the 1st driver in >> DXE phase. This step is optional if you accept there is some time that = VC handler is not setup in early DXE phase. >> >> Tracing the execution of an apriori driver shows that this happens afte= r >> DXE has initialized its exception handler and #VCs occur before a handl= er >> can be reigstered by the new driver, causing a failure. >> >>> 4. In the new DXE driver, gets the EFI_VECTOR_HANDOFF_INFO (MdePkg\Inc= lude\Ppi\VectorHandoffInfo.h) from >> configuration table. >>> It reports failure if the vector_handoff table says DO_NOT_HOOK= for #29. >>> It re-produces vector_handoff table with #29 set to DO_NOT_HOOK= so that no one could use CpuArch protocol to >> override #29 handler. >>> >>> >>> In general, I want to use the API/capability provided by CpuExceptionH= andlerLib instead of directly modifying it for >> handler registration. >>> Directly modifying it gives an improper code reference/example for fut= ure developers. >> >> I also don't see how this method will allow me to easily propagate a ne= w >> exception value through the exception handling stack. >> >> My current plan was to create a CpuExceptionOverrideLib library that is >> invoked as part of exception handling. This allows immediate ability to >> hook any exception without having to wait for an opportunity to registe= r a >> handler - which in the case of #VC, is too late. Future developers that >> need immediate exception handling will be able to override the default >> library without any modification to CpuExceptionHandlerLib. >> >> >> The change would look something like this: >> >> diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExcepti= on.c >> b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c >> index 20148db74cf8..7ac86f56d7d2 100644 >> --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c >> +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c >> @@ -7,6 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent >> **/ >> >> #include >> +#include >> #include "CpuExceptionCommon.h" >> >> CONST UINTN mDoFarReturnFlag =3D 0; >> @@ -24,6 +25,22 @@ CommonExceptionHandler ( >> IN EFI_SYSTEM_CONTEXT SystemContext >> ) >> { >> + EFI_STATUS Status; >> + >> + // >> + // If the exception is overridden, exit early. >> + // >> + Status =3D OverrideCpuExceptionHandler (ExceptionType, SystemContext= ); >> + if (Status =3D=3D EFI_SUCCESS) { >> + return; >> + } >> + >> + // >> + // If the exception was not overridden, then the extract the excepti= on value >> + // to continue with. >> + // >> + ExceptionType =3D OVERRIDE_EXCEPTION (Status); >> + >> >> (To request vector 0 (#DE), the return is encoded to be non-zero and th= e >> exception value extracted) >> >> >> The NULL implementation of the override library would just return the >> current exception type so that exception processing continues as today. >> >> This seems to be the best way to handle the #VC exception without hard >> coding it into CpuExceptionHandlerLib and being able to catch a #VC as >> soon as possible. >> >> Thoughts? >> >> Thanks, >> Tom >> >>> >>> Thanks, >>> Ray >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io On Behalf Of Lendac= ky, Thomas >>>> Sent: Tuesday, May 12, 2020 11:00 PM >>>> To: Ni, Ray ; devel@edk2.groups.io; afish@apple.com >>>> Cc: Justen, Jordan L ; Laszlo Ersek ; Ard Biesheuvel >>>> ; Kinney, Michael D ; Gao, Liming ; >> Dong, >>>> Eric ; Brijesh Singh ; Yo= u, Benjamin ; Bi, >>>> Dandan ; Dong, Guo ; Wu, Hao= A ; Wang, Jian J >>>> ; Ma, Maurice >>>> Subject: Re: [edk2-devel] [PATCH v7 00/43] SEV-ES guest support >>>> >>>> On 5/11/20 12:24 AM, Ni, Ray wrote: >>>>> Tom, >>>>> >>>>> I agree with the first issue. I am not quite clear on the second one= . >>>> >>>> In regards to the exception propagation, the hypervisor is allowed to >>>> request an exception as part of the return information. For example, = the >>>> guest issues a RDMSR instruction for an invalid MSR. The hypervisor w= ould >>>> normally inject a #GP into the guest. With SEV-ES, the VC handler has= to >>>> do this. Hence the need to possibly propogate to other exception hand= lers >>>> after handling the #VC. >>>> >>>>> >>>>> SourceLevelDebugPkg provides source level debugging support early in= SEC >>>>> through SourceLevelDebugPkg\Library\DebugAgent\SecPeiDebugAgent\. >>>>> >>>>> It hooks all Intel SDM defined exceptions. It hooks INT32 additional= ly to >>>>> support breaking from HOST. >>>>> >>>>> It doesn't use CpuExceptionLib because it hooks in very early SEC ph= ase. >>>>> >>>>> Can you use the same way? >>>> >>>> I can look at trying to do something like this. I guess the source le= vel >>>> debug needs to be aware of all the exceptions, which is why it hooks = all >>>> them. The SEV-ES support is only concerned with the #VC exception. It= just >>>> seems like a lot of duplicated and extra code vs. checking for / hand= ling >>>> the #VC exception in the CpuExceptionHandler library. >>>> >>>> My plan for v8 is/was to have a NULL VmgExitLib library, of which the= #VC >>>> handler would be part of the interface, with the CpuExceptionHandler >>>> library invoking the #VC handler on #VC exception and having the Ovmf= Pkg >>>> provide a VmgExitLib library with all the functionality. >>>> >>>> Thanks, >>>> Tom >>>> >>>>> >>>>> Thanks, >>>>> Ray >>>>> >>>>> *From:* devel@edk2.groups.io *On Behalf Of *A= ndrew >>>>> Fish via groups.io >>>>> *Sent:* Sunday, May 10, 2020 3:10 AM >>>>> *To:* devel@edk2.groups.io; thomas.lendacky@amd.com >>>>> *Cc:* Ni, Ray ; Justen, Jordan L >>>>> ; Laszlo Ersek ; Ard >>>>> Biesheuvel ; Kinney, Michael D >>>>> ; Gao, Liming ; Do= ng, >>>>> Eric ; Brijesh Singh ; Y= ou, >>>>> Benjamin ; Bi, Dandan ;= Dong, >>>>> Guo ; Wu, Hao A ; Wang, Jian= J >>>>> ; Ma, Maurice >>>>> *Subject:* Re: [edk2-devel] [PATCH v7 00/43] SEV-ES guest support >>>>> >>>>> >>>>> >>>>> On May 9, 2020, at 7:34 AM, Lendacky, Thomas >>>> > wrote: >>>>> >>>>> On 5/9/20 1:44 AM, Ni, Ray wrote: >>>>> >>>>> Tom, >>>>> >>>>> >>>>> Hi Ray, >>>>> >>>>> >>>>> I have a bit concern on your change that directly modifies >>>>> CpuExceptionHandlerLib to handle >>>>> exception #29. Today's CpuExceptionHandlerLib simplify dum= ps the >>>>> exception context for >>>>> every exception. Any component which wants to do specific = handling >>>>> of certain exceptions >>>>> should call RegisterCpuInterruptHandler(). Such as code in= CpuDxe >>>>> driver: >>>>> =C2=A0=C2=A0if (HEAP_GUARD_NONSTOP_MODE || NULL_DETECTION= _NONSTOP_MODE) { >>>>> =C2=A0=C2=A0=C2=A0=C2=A0RegisterCpuInterruptHandler (EXCE= PT_IA32_DEBUG, >>>>> DebugExceptionHandler); >>>>> =C2=A0=C2=A0=C2=A0=C2=A0RegisterCpuInterruptHandler (EXCE= PT_IA32_PAGE_FAULT, >>>>> PageFaultExceptionHandler); >>>>> =C2=A0=C2=A0} >>>>> Is it possible for your feature to follow the same pattern= ? >>>>> >>>>> >>>>> There are two problems: >>>>> >>>>> The first is that RegisterCpuInterruptHandler() is not impleme= nted for >>>>> both the SEC and PEI phases, so it is not currently possible t= o >>>>> register a handler that early. >>>>> >>>>> The second is that I need to be able to propagate an exception= request >>>>> from the hypervisor. With the current implementation there doe= sn't >>>>> appear to be an easy way to perform this propagation. >>>>> >>>>> If there's a way to accomplish both of the above I wouldn't be= opposed >>>>> to using RegisterCpuInterruptHandler() as long as there are no= #VCs >>>>> that can occur between initializing exception handling and and >>>>> registering the #VC handler. >>>>> >>>>> Thomas, >>>>> >>>>> As you point out it is tricky dealing with XIP code. You can't have >>>>> globals that you can write and generally you use a PEI service to lo= ok >>>>> tings up, the most common thing being using a HOB. But SEC has no se= rvices >>>>> and I'm not sure you really want to be calling into the PEI Core on = a >>>>> random =C2=A0exception. >>>>> >>>>> Here are the best options that popped into my head after reading you= r email >>>>> >>>>> 1) IDT in RAM >>>>> >>>>> If your code populates the IDT the IDTR gives you access to the addr= ess of >>>>> the IDTR via an instruction. The PI Spec reserves IDT - sizeof (UNIT= N) for >>>>> a cached copy of the PEI Services Table, but otther than that you ar= e good >>>>> to go. It should be possible to have a global so you can have the ta= ble >>>>> required to implement RegisterCpuInterruptHandler(). There might be = some >>>>> usage =C2=A0of IDT - ( 2* sizeof(UINTN)), I know I'm guilty, so stor= ing data >>>>> after the IDT would be a good option. In general if your code alloca= tes >>>>> the memory for the IDT then you can treat the IDT as part of your pr= ivate >>>>> context data structure and that gives you access >>>>> >>>>> 2) IDT in ROM. >>>>> >>>>> For this it seems like you need a library to link in to >>>>> the=C2=A0CpuExceptionHandlerLib that allows you to override the hand= ler. If >>>>> CpuInterruptHandlerOverride() returns NULL you do the current behavi= or if >>>>> not NULL then you call the returned handler. >>>>> >>>>> EFI_CPU_INTERRUPT_HANDLER >>>>> >>>>> EFIAPI >>>>> >>>>> OverrideCpuInterruptHandler ( >>>>> >>>>> =C2=A0=C2=A0IN EFI_EXCEPTION_TYPE =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= = =A0 =C2=A0InterruptType >>>>> >>>>> =C2=A0 ); >>>>> >>>>> Thanks, >>>>> >>>>> Andrew Fish >>>>> >>>>> PS Off topic, but it would also be useful to have a library that ove= rrides >>>>> the state dump display. For example using Xcode you can always displ= ay a >>>>> stack frame from the exception handler. >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> Tom >>>>> >>>>> >>>>> Thanks, >>>>> Ray >>>>> >>>>> -----Original Message----- >>>>> From: Tom Lendacky >>>> > >>>>> Sent: Saturday, May 9, 2020 3:16 AM >>>>> To: devel@edk2.groups.io >>>>> Cc: Justen, Jordan L >>>> >; Laszlo Ersek >>>>> >; Ard Bi= esheuvel >>>>> >>>> >; Kinney, Michael D >>>>> >>>> >; Gao, Liming >>>>> >; = Dong, >>>>> Eric = >; Ni, >>>>> Ray >; Brij= esh >>>>> Singh >; >>>>> You, Benjamin >>>>> >; Bi, >>>>> Dandan >; >>>>> Dong, Guo >; >>>>> Wu, Hao A >>>>> >; Wang= , Jian J >>>>> >= ; Ma, >>>>> Maurice > >>>>> Subject: Re: [PATCH v7 00/43] SEV-ES guest support >>>>> >>>>> I was able to use the pull request method that Laszlo >>>>> documented and fixed >>>>> up all of the issues identified by the VS compiler. >>>>> >>>>> An additional change I'm planning to make for the next= version >>>>> (v8) of the >>>>> patches is to create a NULL library instance of the Vm= gExitLib >>>>> that will >>>>> also include the #VC handler function. This will reduc= e the >>>>> amount of code >>>>> associated with this feature for platforms that don't >>>>> use/support SEV-ES. >>>>> >>>>> Laszlo, this will mean that I will introduce a version= of the >>>>> VmgExitLib >>>>> under OvmfPkg that will provide the majority of the >>>>> functionality that is >>>>> present today in UefiCpuPkg. In essence, the functiona= lity in >>>>> v7 patches 8 >>>>> and 11 - 25 will now live under OvmfPkg instead of Uef= iCpuPkg. >>>>> I think >>>>> this is the better way to do this. Let me know if you = have any >>>>> concerns. >>>>> >>>>> Thanks, >>>>> Tom >>>>> >>>>> On 4/22/20 12:41 PM, Tom Lendacky wrote: >>>>> >>>>> This patch series provides support for running EDK= 2/OVMF >>>>> under SEV-ES. >>>>> >>>>> Secure Encrypted Virtualization - Encrypted State = (SEV-ES) >>>>> expands on the >>>>> SEV support to protect the guest register state fr= om the >>>>> hypervisor. See >>>>> "AMD64 Architecture Programmer's Manual Volume 2: = System >>>>> Programming", >>>>> section "15.35 Encrypted State (SEV-ES)" [1]. >>>>> >>>>> In order to allow a hypervisor to perform function= s on >>>>> behalf of a guest, >>>>> there is architectural support for notifying a gue= st's >>>>> operating system >>>>> when certain types of VMEXITs are about to occur. = This >>>>> allows the guest to >>>>> selectively share information with the hypervisor = to >>>>> satisfy the requested >>>>> function. The notification is performed using a ne= w >>>>> exception, the VMM >>>>> Communication exception (#VC). The information is = shared >>>>> through the >>>>> Guest-Hypervisor Communication Block (GHCB) using = the >>>>> VMGEXIT instruction. >>>>> The GHCB format and the protocol for using it is >>>>> documented in "SEV-ES >>>>> Guest-Hypervisor Communication Block Standardizati= on" [2]. >>>>> >>>>> The main areas of the EDK2 code that are updated t= o >>>>> support SEV-ES are >>>>> around the exception handling support and the AP b= oot support. >>>>> >>>>> Exception support is required starting in Sec, con= tinuing >>>>> through Pei >>>>> and into Dxe in order to handle #VC exceptions tha= t are >>>>> generated. =C2=A0Each >>>>> AP requires it's own GHCB page as well as a page t= o hold >>>>> values specific >>>>> to that AP. >>>>> >>>>> AP booting poses some interesting challenges. The >>>>> INIT-SIPI-SIPI sequence >>>>> is typically used to boot the APs. However, the hy= pervisor >>>>> is not allowed >>>>> to update the guest registers. The GHCB document [= 2] talks >>>>> about how SMP >>>>> booting under SEV-ES is performed. >>>>> >>>>> Since the GHCB page must be a shared (unencrypted)= page, >>>>> the processor >>>>> must be running in long mode in order for the gues= t and >>>>> hypervisor to >>>>> communicate with each other. As a result, SEV-ES i= s only >>>>> supported under >>>>> the X64 architecture. >>>>> >>>>> >>>> >> [1]https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F= www.amd.com%2Fsystem%2Ffiles%2FTechDocs%25 >> 25 >>>> >> 2F24593.pdf&data=3D02%7C01%7Cthomas.lendacky%40amd.com%7Cf5d7875dfc= f54e45c42208d7f3e4676b%7C3dd8961fe >>>> >> 4884e608e11a82d994e183d%7C0%7C0%7C637246036118033165&sdata=3DH74fQl= 1n2sXzCMSoGm1tGOKc5epMtVkGJFCid >>>> wLMl5c%3D&reserved=3D0 >>>>> >>>> >> > 52 >>>> >> F24593.pdf&data=3D02%7C01%7Cthomas.lendacky%40amd.com%7Ca6a68a0fea9147d= 39c2508d7f56ba3c1%7C3dd8961fe4884 >>>> >> e608e11a82d994e183d%7C0%7C0%7C637247716490462692&sdata=3Di3CuKMgAY08Cl%= 2FZWool7SIc3DTf%2BVA9HE%2BwpC8 >>>> lyZo0%3D&reserved=3D0> >>>>> [2]https://nam11.safelinks.protection.outlook.com/= ?url=3Dhttps%3A%2F%2Fdeveloper.amd.com%2Fwp- >>>> >> content%2Fresources%2F56421.pdf&data=3D02%7C01%7Cthomas.lendacky%40= amd.com%7Cf5d7875dfcf54e45c42208d7f >>>> >> 3e4676b%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637246036118033165= &sdata=3DEwW9575nJMaWxizo2 >>>> XrLHjrbUMJIB0WFTDLjwy%2BM%2F4k%3D&reserved=3D0 >>>>> >>> >> content%2Fresources%2F56421.pdf&data=3D02%7C01%7Cthomas.lendacky%40amd.= com%7Ca6a68a0fea9147d39c2508d7f56b >>>> >> a3c1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637247716490472688&sd= ata=3D7GPXxfEPOzDIg8uFx2rx108eY4B >>>> NIeKe0Of4K5Kuix4%3D&reserved=3D0> >>>>> >>>>> --- >>>>> >>>>> These patches are based on commit: >>>>> be7295b36405 (".python/SpellCheck: Increase SpellC= heck >>>>> plugin max failures") >>>>> >>>>> Proper execution of SEV-ES relies on Bugzilla 2340= being >>>>> fixed. >>>>> >>>>> A version of the tree (with an extra patch to work= around >>>>> Bugzilla 2340) can >>>>> be found at: >>>>> >>>> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fg= ithub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev- >> es- >>>> >> v14&data=3D02%7C01%7Cthomas.lendacky%40amd.com%7Cf5d7875dfcf54e45c4= 2208d7f3e4676b%7C3dd8961fe4884e60 >>>> >> 8e11a82d994e183d%7C0%7C0%7C637246036118033165&sdata=3DU8fIzb%2F4A8W= BaiVbScxUuGDw22kyxxnRP5olSyTedv >>>> E%3D&reserved=3D0 >>>>> >>>> >> >>> es- >>>> >> v14&data=3D02%7C01%7Cthomas.lendacky%40amd.com%7Ca6a68a0fea9147d39c2508= d7f56ba3c1%7C3dd8961fe4884e608e1 >>>> >> 1a82d994e183d%7C0%7C0%7C637247716490482690&sdata=3D27Er3PcupFhMsb%2F%2F= 5%2B9we7gW9NaDcjbVRgNp%2F%2F >>>> 6vqMg%3D&reserved=3D0> >>>>> >>>>> Cc: Ard Biesheuvel >>>> > >>>>> Cc: Benjamin You >>>> > >>>>> Cc: Dandan Bi >>>> > >>>>> Cc: Eric Dong >>>> > >>>>> Cc: Guo Dong > >>>>> Cc: Hao A Wu > >>>>> Cc: Jian J Wang >>>> > >>>>> Cc: Jordan Justen >>>> > >>>>> Cc: Laszlo Ersek >>>> > >>>>> Cc: Liming Gao >>>> > >>>>> Cc: Maurice Ma >>>> > >>>>> Cc: Michael D Kinney >>>> > >>>>> Cc: Ray Ni > >>>>> >>>>> Changes since v6: >>>>> - Add function comments to all functions, includin= g local >>>>> functions >>>>> - Add function parameter direction to all function= s (in/out) >>>>> - Add support for MMIO MOVZX/MOVSX instructions >>>>> - Ensure the per-CPU variable page remains encrypt= ed >>>>> - Coding-style fixes as identified by Ecc >>>>> >>>>> Changes since v5: >>>>> - Remove extraneous VmgExitLib usage >>>>> - Miscellaneous changes to address feedback (codin= g style, >>>>> etc.) >>>>> >>>>> Changes since v4: >>>>> - Move the SEV-ES protocol negotiation out of the = SEC >>>>> exception handler >>>>> =C2=A0=C2=A0=C2=A0and into the SecMain.c file. As= a result: >>>>> =C2=A0=C2=A0=C2=A0- Move the SecGhcb related PCDs= out of UefiCpuPkg and >>>>> into OvmfPkg >>>>> =C2=A0=C2=A0=C2=A0- Combine SecAMDSevVcHandler.c = and >>>>> PeiDxeAMDSevVcHandler.c into a >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0single AMDSevVcHand= ler.c >>>>> - Consolidate VmgExitLib usage into common Library= Classes >>>>> sections >>>>> - Add documentation comments to the VmgExitLib fun= ctions >>>>> >>>>> Changes since v3: >>>>> - Remove the need for the MP library finalization = routine. >>>>> The AP >>>>> =C2=A0=C2=A0=C2=A0jump table address will be held= by the hypervisor >>>>> rather than >>>>> =C2=A0=C2=A0=C2=A0communicated via the GHCB MSR. = This removes some >>>>> fragility around >>>>> =C2=A0=C2=A0=C2=A0the UEFI to OS transition. >>>>> - Rename the SEV-ES RIP reset area to SEV-ES worka= rea and >>>>> use it to >>>>> =C2=A0=C2=A0=C2=A0communicate the SEV-ES status, = so that SEC CPU >>>>> exception handling is >>>>> =C2=A0=C2=A0=C2=A0only established for an SEV-ES = guest. >>>>> - Fix SMM build breakageAdd around QemuFlashPtrWri= te(). >>>>> - Fix SMM build breakage by adding VC exception su= pport >>>>> the SMM CPU >>>>> =C2=A0=C2=A0=C2=A0exception handling. >>>>> - Add memory fencing around the invocation of AsmV= mgExit(). >>>>> - Clarify comments around the SEV-ES AP reset RIP = values >>>>> and usage. >>>>> - Move some PCD definitions from MdeModulePkg to U= efiCpuPkg. >>>>> - Remove the 16-bit code selector definition from = MdeModulePkg >>>>> >>>>> Changes since v2: >>>>> - Added a way to locate the SEV-ES fixed AP RIP ad= dress >>>>> for starting >>>>> =C2=A0=C2=A0=C2=A0AP's to avoid updating the actu= al flash image (build >>>>> time location >>>>> =C2=A0=C2=A0=C2=A0that is identified with a GUID = value). >>>>> - Create a VmgExit library to replace static inlin= e functions. >>>>> - Move some PCDs to the appropriate packages >>>>> - Add support for writing to QEMU flash under SEV-= ES >>>>> - Add additional MMIO opcode support >>>>> - Cleaned up the GHCB MSR CPUID protocol support >>>>> >>>>> Changes since v1: >>>>> - Patches reworked to be more specific to the >>>>> component/area being updated >>>>> =C2=A0=C2=A0=C2=A0and order of definition/usage >>>>> - Created a library for VMGEXIT-related functions = to >>>>> replace use of inline >>>>> =C2=A0=C2=A0=C2=A0functions >>>>> - Allocation method for GDT changed from AllocateP= ool to >>>>> AllocatePages >>>>> - Early caching only enabled for SEV-ES guests >>>>> - Ensure AP loop mode set to halt loop mode for SE= V-ES guests >>>>> - Reserved SEC GHCB-related memory areas when S3 i= s enabled >>>>> >>>>> Tom Lendacky (43): >>>>> =C2=A0=C2=A0=C2=A0MdeModulePkg: Create PCDs to be= used in support of SEV-ES >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg: Create PCD to be us= ed in support of SEV-ES >>>>> =C2=A0=C2=A0=C2=A0MdePkg: Add the MSR definition = for the GHCB register >>>>> =C2=A0=C2=A0=C2=A0MdePkg: Add a structure definit= ion for the GHCB >>>>> =C2=A0=C2=A0=C2=A0MdeModulePkg/DxeIplPeim: Suppor= t GHCB pages when >>>>> creating page tables >>>>> =C2=A0=C2=A0=C2=A0MdePkg/BaseLib: Add support for= the XGETBV instruction >>>>> =C2=A0=C2=A0=C2=A0MdePkg/BaseLib: Add support for= the VMGEXIT instruction >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg: Implement library s= upport for VMGEXIT >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg: Prepare OvmfPkg to use= the VmgExitLib library >>>>> =C2=A0=C2=A0=C2=A0UefiPayloadPkg: Prepare UefiPay= loadPkg to use the >>>>> VmgExitLib library >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add base support for >>>>> the #VC exception >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for >>>>> IOIO_PROT NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Support string IO for >>>>> IOIO_PROT NAE >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for CPUID >>>>> NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for >>>>> MSR_PROT NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for NPF >>>>> NAE events (MMIO) >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for WBINVD >>>>> NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for RDTSC >>>>> NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for RDPMC >>>>> NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for INVD >>>>> NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for >>>>> VMMCALL NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for RDTSCP >>>>> NAE events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for >>>>> MONITOR/MONITORX NAE >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for >>>>> MWAIT/MWAITX NAE >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0events >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/CpuExceptionHandler:= Add support for DR7 >>>>> Read/Write NAE >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0events >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg/MemEncryptSevLib: Add a= n SEV-ES guest >>>>> indicator function >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg: Add support to perform= SEV-ES initialization >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg: Create a GHCB page for= use during Sec phase >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg/PlatformPei: Reserve GH= CB-related areas if S3 >>>>> is supported >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg: Create GHCB pages for = use during Pei and Dxe >>>>> phase >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg/PlatformPei: Move early= GDT into ram when >>>>> SEV-ES is enabled >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg: Create an SEV-ES wo= rkarea PCD >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg: Reserve a page in memo= ry for the SEV-ES usage >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg/ResetVector: Add suppor= t for a 32-bit SEV check >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg/Sec: Add #VC exception = handling for Sec phase >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg/Sec: Enable cache early= to speed up booting >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg/QemuFlashFvbServicesRun= timeDxe: Bypass flash >>>>> detection with >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0SEV-ES is enabled >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg: Add a 16-bit protec= ted mode code segment >>>>> descriptor >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/MpInitLib: Add CPU M= P data flag to indicate >>>>> if SEV-ES is >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0enabled >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg: Allow AP booting un= der SEV-ES >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg: Use the SEV-ES work ar= ea for the SEV-ES AP >>>>> reset vector >>>>> =C2=A0=C2=A0=C2=A0OvmfPkg: Move the GHCB allocati= ons into reserved memory >>>>> =C2=A0=C2=A0=C2=A0UefiCpuPkg/MpInitLib: Prepare S= EV-ES guest APs for OS use >>>>> >>>>> =C2=A0=C2=A0MdeModulePkg/MdeModulePkg.dec =C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A09 + >>>>> =C2=A0=C2=A0OvmfPkg/OvmfPkg.dec =C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2= = =A0=C2=A0=C2=A09 + >>>>> =C2=A0=C2=A0UefiCpuPkg/UefiCpuPkg.dec =C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A017 + >>>>> =C2=A0=C2=A0OvmfPkg/OvmfPkgIa32.dsc =C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A06 + >>>>> =C2=A0=C2=A0OvmfPkg/OvmfPkgIa32X64.dsc =C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A06 + >>>>> =C2=A0=C2=A0OvmfPkg/OvmfPkgX64.dsc =C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A0= 6 + >>>>> =C2=A0=C2=A0OvmfPkg/OvmfXen.dsc =C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2= = =A0=C2=A0=C2=A01 + >>>>> =C2=A0=C2=A0UefiCpuPkg/UefiCpuPkg.dsc =C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 + >>>>> =C2=A0=C2=A0UefiPayloadPkg/UefiPayloadPkgIa32.dsc= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 + >>>>> =C2=A0=C2=A0UefiPayloadPkg/UefiPayloadPkgIa32X64.= dsc =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 + >>>>> =C2=A0=C2=A0OvmfPkg/OvmfPkgX64.fdf =C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A0= 9 + >>>>> =C2=A0=C2=A0MdeModulePkg/Core/DxeIplPeim/DxeIpl.i= nf =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 + >>>>> =C2=A0=C2=A0MdePkg/Library/BaseLib/BaseLib.inf = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0= = =C2=A0=C2=A04 + >>>>> =C2=A0=C2=A0OvmfPkg/PlatformPei/PlatformPei.inf = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0= = =C2=A07 + >>>>> =C2=A0=C2=A0.../FvbServicesRuntimeDxe.inf =C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 + >>>>> =C2=A0=C2=A0OvmfPkg/ResetVector/ResetVector.inf = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0= = =C2=A08 + >>>>> =C2=A0=C2=A0OvmfPkg/Sec/SecMain.inf =C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A04 + >>>>> =C2=A0=C2=A0.../DxeCpuExceptionHandlerLib.inf =C2= = =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2= = =A0=C2=A0=C2=A05 + >>>>> =C2=A0=C2=A0.../PeiCpuExceptionHandlerLib.inf =C2= = =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2= = =A0=C2=A0=C2=A05 + >>>>> =C2=A0=C2=A0.../SecPeiCpuExceptionHandlerLib.inf = = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A0= 5 + >>>>> =C2=A0=C2=A0.../SmmCpuExceptionHandlerLib.inf =C2= = =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2= = =A0=C2=A0=C2=A05 + >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/DxeMpIni= tLib.inf | =C2=A0=C2=A0=C2=A04 + >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/PeiMpIni= tLib.inf | =C2=A0=C2=A0=C2=A04 + >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/VmgExitLib/VmgExit= Lib.inf =C2=A0| =C2=A0=C2=A033 + >>>>> =C2=A0=C2=A0.../Core/DxeIplPeim/X64/VirtualMemory= .h =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A012 +- >>>>> =C2=A0=C2=A0MdePkg/Include/Library/BaseLib.h =C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0| =C2=A0=C2=A031 + >>>>> =C2=A0=C2=A0MdePkg/Include/Register/Amd/Fam17Msr.= h =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A042 + >>>>> =C2=A0=C2=A0MdePkg/Include/Register/Amd/Ghcb.h = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0= 136 ++ >>>>> =C2=A0=C2=A0OvmfPkg/Include/Library/MemEncryptSev= Lib.h =C2=A0=C2=A0=C2=A0| =C2=A0=C2=A012 + >>>>> =C2=A0=C2=A0.../QemuFlash.h =C2=A0=C2=A0=C2=A0=C2= = =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0| =C2=A0=C2=A013 + >>>>> =C2=A0=C2=A0UefiCpuPkg/CpuDxe/CpuGdt.h =C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A04 +- >>>>> =C2=A0=C2=A0UefiCpuPkg/Include/Library/VmgExitLib= .h =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0117 ++ >>>>> =C2=A0=C2=A0.../CpuExceptionHandlerLib/AMDSevVcCo= mmon.h =C2=A0=C2=A0| =C2=A0=C2=A049 + >>>>> =C2=A0=C2=A0.../CpuExceptionCommon.h =C2=A0=C2=A0= = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 + >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/MpLib.h = = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A068 +- >>>>> =C2=A0=C2=A0.../Core/DxeIplPeim/Ia32/DxeLoadFunc.= c =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A04 +- >>>>> =C2=A0=C2=A0.../Core/DxeIplPeim/X64/DxeLoadFunc.c= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A011 +- >>>>> =C2=A0=C2=A0.../Core/DxeIplPeim/X64/VirtualMemory= .c =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A057 +- >>>>> =C2=A0=C2=A0MdePkg/Library/BaseLib/Ia32/GccInline= .c =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A045 + >>>>> =C2=A0=C2=A0MdePkg/Library/BaseLib/X64/GccInline.= c =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A047 + >>>>> =C2=A0=C2=A0.../MemEncryptSevLibInternal.c =C2=A0= = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0| =C2=A0=C2=A075 +- >>>>> =C2=A0=C2=A0OvmfPkg/PlatformPei/AmdSev.c =C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A089 + >>>>> =C2=A0=C2=A0OvmfPkg/PlatformPei/MemDetect.c =C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0| =C2=A0=C2=A023 + >>>>> =C2=A0=C2=A0.../QemuFlash.c =C2=A0=C2=A0=C2=A0=C2= = =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0| =C2=A0=C2=A023 +- >>>>> =C2=A0=C2=A0.../QemuFlashDxe.c =C2=A0=C2=A0=C2=A0= = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| = = =C2=A0=C2=A022 + >>>>> =C2=A0=C2=A0.../QemuFlashSmm.c =C2=A0=C2=A0=C2=A0= = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| = = =C2=A0=C2=A016 + >>>>> =C2=A0=C2=A0OvmfPkg/Sec/SecMain.c =C2=A0=C2=A0=C2= = =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0188 +- >>>>> =C2=A0=C2=A0UefiCpuPkg/CpuDxe/CpuGdt.c =C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A08 +- >>>>> =C2=A0=C2=A0.../CpuExceptionHandlerLib/AMDSevVcHa= ndler.c =C2=A0| =C2=A0=C2=A040 + >>>>> =C2=A0=C2=A0.../CpuExceptionCommon.c =C2=A0=C2=A0= = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 +- >>>>> =C2=A0=C2=A0.../Ia32/ArchAMDSevVcHandler.c =C2=A0= = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0| =C2=A0=C2=A038 + >>>>> =C2=A0=C2=A0.../PeiDxeSmmCpuException.c =C2=A0=C2= = =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A016 + >>>>> =C2=A0=C2=A0.../SecPeiCpuException.c =C2=A0=C2=A0= = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A016 + >>>>> =C2=A0=C2=A0.../X64/ArchAMDSevVcHandler.c =C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0| 1699 >>>>> +++++++++++++++++ >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/DxeMpLib= .c =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0113 +- >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/MpLib.c = = =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0265 ++- >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/PeiMpLib= .c =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A019 + >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/VmgExitLib/VmgExit= Lib.c =C2=A0=C2=A0=C2=A0| =C2=A0293 +++ >>>>> =C2=A0=C2=A0UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFunc= sArch.c =C2=A0| =C2=A0=C2=A0=C2=A02 +- >>>>> =C2=A0=C2=A0MdeModulePkg/MdeModulePkg.uni =C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A08 + >>>>> =C2=A0=C2=A0MdePkg/Library/BaseLib/Ia32/VmgExit.n= asm =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A037 + >>>>> =C2=A0=C2=A0MdePkg/Library/BaseLib/Ia32/XGetBv.na= sm =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A031 + >>>>> =C2=A0=C2=A0MdePkg/Library/BaseLib/X64/VmgExit.na= sm =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A032 + >>>>> =C2=A0=C2=A0MdePkg/Library/BaseLib/X64/XGetBv.nas= m =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A034 + >>>>> =C2=A0=C2=A0OvmfPkg/ResetVector/Ia16/ResetVectorV= tf0.asm =C2=A0| =C2=A0100 + >>>>> =C2=A0=C2=A0OvmfPkg/ResetVector/Ia32/PageTables64= .asm =C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0350 +++- >>>>> =C2=A0=C2=A0OvmfPkg/ResetVector/ResetVector.nasmb= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A020 + >>>>> =C2=A0=C2=A0.../X64/ExceptionHandlerAsm.nasm =C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0| =C2=A0=C2=A017 + >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/Ia32/MpE= qu.inc =C2=A0=C2=A0| =C2=A0=C2=A0=C2=A02 +- >>>>> =C2=A0=C2=A0.../Library/MpInitLib/Ia32/MpFuncs.na= sm =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A015 + >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/X64/MpEq= u.inc =C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A04 +- >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/MpInitLib/X64/MpFu= ncs.nasm | =C2=A0370 +++- >>>>> =C2=A0=C2=A0UefiCpuPkg/Library/VmgExitLib/VmgExit= Lib.uni =C2=A0| =C2=A0=C2=A015 + >>>>> =C2=A0=C2=A0.../ResetVector/Vtf0/Ia16/Real16ToFla= t32.asm =C2=A0| =C2=A0=C2=A0=C2=A09 + >>>>> =C2=A0=C2=A0UefiCpuPkg/UefiCpuPkg.uni =C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A011 + >>>>> =C2=A0=C2=A075 files changed, 4707 insertions(+),= 102 deletions(-) >>>>> =C2=A0=C2=A0create mode 100644 >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf >>>>> =C2=A0=C2=A0create mode 100644 MdePkg/Include/Reg= ister/Amd/Ghcb.h >>>>> =C2=A0=C2=A0create mode 100644 UefiCpuPkg/Include= /Library/VmgExitLib.h >>>>> =C2=A0=C2=A0create mode 100644 >>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVc= Common.h >>>>> =C2=A0=C2=A0create mode 100644 >>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVc= Handler.c >>>>> =C2=A0=C2=A0create mode 100644 >>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/Arc= hAMDSevVcHandler.c >>>>> =C2=A0=C2=A0create mode 100644 >>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Arch= AMDSevVcHandler.c >>>>> =C2=A0=C2=A0create mode 100644 >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c >>>>> =C2=A0=C2=A0create mode 100644 MdePkg/Library/Bas= eLib/Ia32/VmgExit.nasm >>>>> =C2=A0=C2=A0create mode 100644 MdePkg/Library/Bas= eLib/Ia32/XGetBv.nasm >>>>> =C2=A0=C2=A0create mode 100644 MdePkg/Library/Bas= eLib/X64/VmgExit.nasm >>>>> =C2=A0=C2=A0create mode 100644 MdePkg/Library/Bas= eLib/X64/XGetBv.nasm >>>>> =C2=A0=C2=A0create mode 100644 >>>>> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >>>>> =C2=A0=C2=A0create mode 100644 >>>>> UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> >> >>=20 >=20