From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.groups.io with SMTP id smtpd.web12.11528.1610039496631659668 for ; Thu, 07 Jan 2021 09:11:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=iYNR3G0x; spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1610039495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QxINrKDEFCrYTahfv6Zo9Dmiv3QmEWwzfCH1CVK7V/0=; b=iYNR3G0xe36/tLXAcBpYxxJJbmpfUAbH4MfGuu3m6ENAqirp1zHGC46RdlHdymQSNyWTZr krncrIvdaLqAyFKeCsY9e/GXFgAfW1GXjPlhIfiGt7jwKFOsV8C3hfUZ1iSNG4zI+egO+4 7Q9CiJBONrV0DKBcx3CL/0Zx1J96518= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-416-2hv4PLwrOkGLDAvNZ4CfIw-1; Thu, 07 Jan 2021 12:11:31 -0500 X-MC-Unique: 2hv4PLwrOkGLDAvNZ4CfIw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 919D5107ACE3; Thu, 7 Jan 2021 17:11:27 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-164.ams2.redhat.com [10.36.112.164]) by smtp.corp.redhat.com (Postfix) with ESMTP id DA4CC19C48; Thu, 7 Jan 2021 17:11:25 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2 08/15] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: From: "Laszlo Ersek" Message-ID: Date: Thu, 7 Jan 2021 18:11:24 +0100 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 01/06/21 22:21, Lendacky, Thomas wrote: > From: Tom Lendacky > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108 > > The PCIe MMCONFIG range should be treated as an MMIO range. However, > there is a comment in the code explaining why AddIoMemoryBaseSizeHob() > is not called. The AmdSevDxe walks the GCD map looking for MemoryMappedIo > or NonExistent type memory and will clear the encryption bit for these > ranges. > > Since the MMCONFIG range does not have one of these types, the encryption > bit is not cleared for this range. Add support to detect the presence of > the MMCONFIG range and clear the encryption bit. This will be needed for > follow-on support that will validate that MMIO is not being performed to > an encrypted address range under SEV-ES. > > Even though the encryption bit was set for this range, this still worked > under both SEV and SEV-ES because the address range is marked by the > hypervisor as MMIO in the nested page tables: > - For SEV, access to this address range triggers a nested page fault (NPF) > and the hardware supplies the guest physical address (GPA) in the VMCB's > EXITINFO2 field as part of the exit information. However, the encryption > bit is not set in the GPA, so the hypervisor can process the request > without any issues. > - For SEV-ES, access to this address range triggers a #VC. Since OVMF runs > identity mapped (VA == PA), the virtual address is used to avoid the > lookup of the physical address. The virtual address does not have the > encryption bit set, so the hypervisor can process the request without > any issues. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Brijesh Singh > Reviewed-by: Laszlo Ersek > Signed-off-by: Tom Lendacky > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 8 +++++++- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 20 +++++++++++++++++++- > 2 files changed, 26 insertions(+), 2 deletions(-) Thanks for the updates! Laszlo > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > index dd9ecc789a20..0676fcc5b6a4 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > @@ -2,7 +2,7 @@ > # > # Driver clears the encryption attribute from MMIO regions when SEV is enabled > # > -# Copyright (c) 2017, AMD Inc. All rights reserved.
> +# Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.
> # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -39,3 +39,9 @@ [Depex] > > [FeaturePcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > + > +[FixedPcd] > + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress > + > +[Pcd] > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > index 595586617882..689bfb376d03 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > @@ -4,12 +4,13 @@ > in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when SEV > is enabled. > > - Copyright (c) 2017, AMD Inc. All rights reserved.
> + Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > > +#include > #include > #include > #include > @@ -65,6 +66,23 @@ AmdSevDxeEntryPoint ( > FreePool (AllDescMap); > } > > + // > + // If PCI Express is enabled, the MMCONFIG area has been reserved, rather > + // than marked as MMIO, and so the C-bit won't be cleared by the above walk > + // through the GCD map. Check for the MMCONFIG area and clear the C-bit for > + // the range. > + // > + if (PcdGet16 (PcdOvmfHostBridgePciDevId) == INTEL_Q35_MCH_DEVICE_ID) { > + Status = MemEncryptSevClearPageEncMask ( > + 0, > + FixedPcdGet64 (PcdPciExpressBaseAddress), > + EFI_SIZE_TO_PAGES (SIZE_256MB), > + FALSE > + ); > + > + ASSERT_EFI_ERROR (Status); > + } > + > // > // When SMM is enabled, clear the C-bit from SMM Saved State Area > // >