From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id C36F0D80A20 for ; Fri, 26 Jan 2024 22:15:31 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ZSCv4Cq7oUZt9GShezOvkjoNwGuQUtiblIVM3KD9xFk=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307330; v=1; b=CBC7g+QML/rfCaLYhC29XSg4HrJEBJWOiqUN4wKyElnonbOj44u0OMj3aCOkOn1ki2xRjuvL +EJ28okhj81BAHguPGeGNgksU8OOxSHDc9yhRo/eCL61iup9KIhHo8OBSlTI9pj7y9lKRLiUTsm nblNUMoU3HKJFlIrdyqFhFLA= X-Received: by 127.0.0.2 with SMTP id zPCXYY7687511xkFcJUxZwJt; Fri, 26 Jan 2024 14:15:30 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.57]) by mx.groups.io with SMTP id smtpd.web10.2907.1706307329859428601 for ; Fri, 26 Jan 2024 14:15:30 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bG0cKUkMXL6+5wsiSbiHEXzwhCgb2hLJms8QNZu7voCKgM0V/i7PNuDHqljSCw7tiUpK0oOrupJ4QVqeJI4ryl4zsPfz1newSXSYzDyy2WNvmSZs5A1rwutiX/hK+9lJnCP8x7mOWHkOqk2YcR6EPimfjZxUMTniJwRYbChBb+Q2CiEgsrolgZjxLX5Tb8r6cV6l2y8JIeQQNCw4ARaCKUqi09/eWA1/Dsk6RtbCey7iVf5oPwf2hjeWV3ux3KrHQFvcO/OPoGmgrKUHb4DtrjS81laoaeZCj8zIbUMkHeaGxJqTkmVqZS5MWaJ8+nolAJLP2qS5YAhY02WzFv4Qsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZB678qpZ3N97fDKVrEZrB/lGAlYe4OlLKztAULe3aT0=; b=bqcBZEP3JICnUMHB0LbIOLflsmtOJPc1zE66cIeurWp4Vgh7Bttp3PEjenAb1rWuNs5r1uiME1/k2Rt7u2V188gA6sYiii/SoM1feEqtAngDgyeH5yQBlLKZFEfjHwstUVNz3aMgbNaPAAFurz2X48cbrVBRFp5n8Kk/32BlL4Og/l5XHqtADwaAaKUoUBIXF8xa2hBQ6JI4TmVr6FWKCbeqtn0Gd6mK2LBr3jYBA9rFH9qdgoH6WT7g1YzCqP3jSvTZpU1NZPfukW4UitI39Z2Ul6OepHX0CIFBDS8NyTRnvDG/g7oyl2LUq5Ze/hq8GZbsvRukRPt856oYRxqn5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DS7PR06CA0022.namprd06.prod.outlook.com (2603:10b6:8:2a::10) by CH3PR12MB9172.namprd12.prod.outlook.com (2603:10b6:610:198::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:15:25 +0000 X-Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:8:2a:cafe::ed) by DS7PR06CA0022.outlook.office365.com (2603:10b6:8:2a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:15:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:15:25 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:15:24 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 16/16] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Date: Fri, 26 Jan 2024 16:13:15 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|CH3PR12MB9172:EE_ X-MS-Office365-Filtering-Correlation-Id: ea07f081-0f0a-4f43-4c54-08dc1ebc4be3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: Qzl8EyFIKlhfgfJxxYkGkXVHQNIJ+guba56TBNE6VJKc4wu358UsSxN99LJ1hr6R2DgR3T7XPoFyNH9qiA83iwXw0Hj7j6H/kK2UH4oerIQHD0DmC94pkCu+LrXVIITz3nrSUJyorfc63PziohhpKK9kxTuPchtedVXqZpJbZK0Do1WK4tJOlvKYUQx5tQmDJ90zS9760PUFMbjD0QuWnl8nqGIWY2oW48NSDM1yA7tIp85ImHZYkN8bjgmvYLRyp30RRSjuGNL4Eq+DamwRByPhK4fu2yYO3r3vP4vK/NxpYGnq5F6tbZP6HMntSzG4JUCJ8+gHnLrgnGP2hNUPFoNRyd4i8mq/EiKct7pB/uhBXvbaPFTAC4aeYOIMMd57wbeZjeN4/LG7h4/gjB48u08AED01SYDQjE+3LUe1T19ZJ9FXVaKdJjcrvz3lHieqjE8uFARYT8Jbqm5b+UTxe0osSSB6FRs859InY0npnVCCKN9K2y8YAfZpuWQ9Yjr9ofK406bP1oFOEwMD6vJIslE/5f1xKZFi3aHGyEWdU3PRpWHF7WQ+wWS/h+ASDYNW2UXLOSht2vGJVtkWIZeNJnAhhHk9tP4IEYeZ1ykedHI8eVxiqQNLiWjs49ggGcGFMcxrdjp4mrjX3xjFVTAh7MAHxVG8kztBSVMnFLLysy9Hy0C7K3PaGCwIEp1YXiF9yTzU2a6ysPck6Npa2O0YuZClLs34qLOmWUw/NbrI/nfjk8JRf3TvNssEfKzEADx2uF+tC4oZT/burDHnvXyKgw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:15:25.4858 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ea07f081-0f0a-4f43-4c54-08dc1ebc4be3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9172 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 3QgVg9fzaJt9lda9kYIYhplox7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=CBC7g+QM; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=none; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Currently, an SEV-SNP guest will terminate if it is not running at VMPL0. The requirement for running at VMPL0 is removed if an SVSM is present. Update the current VMPL0 check to additionally check for the presence of an SVSM is the guest is not running at VMPL0. Additionally, fix an error in SevSnpIsVmpl0() where the Status variable should be compared to 0 and not use the EFI_ERROR() function to determine if an error occurred during AsmRmpAdjust(). Signed-off-by: Tom Lendacky --- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 11 ++= +++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c index 86af2ba0356e..803c835680e0 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -12,6 +12,7 @@ #include #include #include +#include =20 #include "SnpPageStateChange.h" =20 @@ -45,7 +46,7 @@ SevSnpIsVmpl0 ( Rdx =3D 1; =20 Status =3D AsmRmpAdjust ((UINT64)gVmpl0Data, 0, Rdx); - if (EFI_ERROR (Status)) { + if (Status !=3D 0) { return FALSE; } =20 @@ -74,10 +75,12 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 // // The page state change uses the PVALIDATE instruction. The instruction - // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate - // the boot. + // can be run at VMPL-0 only. If its not a VMPL-0 guest, then an SVSM mu= st + // be present to perform the operation on behalf of the guest. If the gu= est + // is not running at VMPL-0 and an SVSM is not present, then terminate t= he + // boot. // - if (!SevSnpIsVmpl0 ()) { + if (!SevSnpIsVmpl0 () && !CcExitSnpSvsmPresent ()) { SnpPageStateFailureTerminate (); } =20 --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114642): https://edk2.groups.io/g/devel/message/114642 Mute This Topic: https://groups.io/mt/103986479/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-