From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web08.25016.1626679886520598505 for ; Mon, 19 Jul 2021 00:31:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=beh3UJcY; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16J74Inl154619; Mon, 19 Jul 2021 03:31:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=RlMMfnFfft5ey8VRjP/+PRw14Gu3DQK4XaWnkaLVMLc=; b=beh3UJcYG7YFfVbm24CVQvkRFIyhntLbuFoIYpIzVx5P+ESgQ1G9Vjfl6EqQWt0plLXX j/0jjjpm8DfKVnRTAbKOiOpmve83FwVvLvRvB+iNd0y+rkmJqXlMeimhx3lBP+MvyYzf ZsrAkYZv+rQVjWtScKSSnEDYu8K/qivvMGd4e056k8Zbr9xDVqgjrqJhV8bQbnIQ06GU ipuVCiRdwqfLV9V+9hQT2tTakFW7uyzfJAUlKnb5WqqQU/JpI7SAXzfYx1WCE8PJpn0e X2pVPk+aeK1MrDiijOKXYybBP2ekRnwf+EUPQ62Ym6YO62yEq9GblJCoC0T46cZNHJXW /g== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 39w4afs80k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Jul 2021 03:31:21 -0400 Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 16J7Si5O089656; Mon, 19 Jul 2021 03:31:21 -0400 Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 39w4afs7xs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Jul 2021 03:31:20 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 16J7D0ae001298; Mon, 19 Jul 2021 07:31:18 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma04ams.nl.ibm.com with ESMTP id 39upu88k01-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Jul 2021 07:31:18 +0000 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 16J7VGpm19464528 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 19 Jul 2021 07:31:16 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 34FA7A4060; Mon, 19 Jul 2021 07:31:16 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D3751A4067; Mon, 19 Jul 2021 07:31:11 +0000 (GMT) Received: from [9.65.195.237] (unknown [9.65.195.237]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 19 Jul 2021 07:31:11 +0000 (GMT) Subject: Re: [PATCH v5 4/4] OvmfPkg/AmdSevDxe: Add support for SEV live migration. To: Ashish Kalra , devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com References: From: "Dov Murik" Message-ID: Date: Mon, 19 Jul 2021 10:31:10 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: X-TM-AS-GCONF: 00 X-Proofpoint-GUID: RI47uEwKbyBHsZkhp8VDoLRUKb0s5C7K X-Proofpoint-ORIG-GUID: ubPT03IfVV6ctwjhRl2Ia0lGaCBCzwnW X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790 definitions=2021-07-19_02:2021-07-16,2021-07-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 clxscore=1015 bulkscore=0 adultscore=0 mlxlogscore=999 mlxscore=0 malwarescore=0 spamscore=0 suspectscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107190040 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Ashish, On 08/07/2021 17:09, Ashish Kalra wrote: > From: Ashish Kalra > > Check for SEV live migration feature support, if detected > setup a new UEFI enviroment variable to indicate OVMF > support for SEV live migration. > > The new runtime UEFI environment variable is set via the > notification function registered for the > EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. > Why is this indirect notification needed? Why not simply call gRT->SetVariable in AmdSevDxeEntryPoint (instead of calling CreateEventEx)? If this is needed, please add a clarification (in the commit message and before the CreateEventEx call). > Signed-off-by: Ashish Kalra > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 59 ++++++++++++++++++++ > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ > OvmfPkg/Include/Guid/MemEncryptLib.h | 20 +++++++ > OvmfPkg/OvmfPkg.dec | 1 + > 4 files changed, 84 insertions(+) > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > index c66c4e9b92..45adf3249c 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > @@ -15,10 +15,49 @@ > #include > #include > #include > +#include > +#include > #include > #include > +#include > +#include > #include > > +STATIC > +VOID > +EFIAPI > +AmdSevDxeOnEndOfDxe ( > + IN EFI_EVENT Event, > + IN VOID *EventToSignal > + ) > +{ > + EFI_STATUS Status; > + BOOLEAN SevLiveMigrationEnabled; > + > + SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled(); > + > + if (SevLiveMigrationEnabled) { > + Status = gRT->SetVariable ( > + L"SevLiveMigrationEnabled", > + &gMemEncryptGuid, > + EFI_VARIABLE_NON_VOLATILE | > + EFI_VARIABLE_BOOTSERVICE_ACCESS | > + EFI_VARIABLE_RUNTIME_ACCESS, > + sizeof (BOOLEAN), Should be: sizeof SevLiveMigrationEnabled, > + &SevLiveMigrationEnabled > + ); > + > + DEBUG (( > + DEBUG_INFO, > + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", > + __FUNCTION__, > + Status > + )); > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__)); Remove debug print. > +} > + > EFI_STATUS > EFIAPI > AmdSevDxeEntryPoint ( > @@ -30,6 +69,7 @@ AmdSevDxeEntryPoint ( > EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; > UINTN NumEntries; > UINTN Index; > + EFI_EVENT Event; > > // > // Do nothing when SEV is not enabled > @@ -130,5 +170,24 @@ AmdSevDxeEntryPoint ( > } > } > > + // > + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. > + // The notification function sets the runtime variable indicating OVMF > + // support for SEV live migration. > + // > + Status = gBS->CreateEventEx ( > + EVT_NOTIFY_SIGNAL, > + TPL_CALLBACK, > + AmdSevDxeOnEndOfDxe, > + NULL, > + &gEfiEndOfDxeEventGroupGuid, > + &Event > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n", > + __FUNCTION__, Status)); > + } > + > return EFI_SUCCESS; > } > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > index 0676fcc5b6..f4e40ff412 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > @@ -45,3 +45,7 @@ > > [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId > + > +[Guids] > + gMemEncryptGuid > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event > diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h > new file mode 100644 > index 0000000000..4c046ba439 > --- /dev/null > +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h Should the filename, GUID #define name, and global var name include "AMD" or "SEV" in them? (and similarly in the corresponding Linux patch) Or: maybe the new "SevLiveMigrationEnabled" variable can be set in the confidential computing GUID? (not sure what are the guidelines for creating or reusing GUIDs). > @@ -0,0 +1,20 @@ > +/** @file > + > + AMD Memory Encryption GUID, define a new GUID for defining > + new UEFI enviroment variables assocaiated with SEV Memory Encryption. typos: environment, associated > + > + Copyright (c) 2020, AMD Inc. All rights reserved.
> + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __MEMENCRYPT_LIB_H__ > +#define __MEMENCRYPT_LIB_H__ > + > +#define MEMENCRYPT_GUID \ > +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > + > +extern EFI_GUID gMemEncryptGuid; > + > +#endif > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 6ae733f6e3..e452dc8494 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -122,6 +122,7 @@ > gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} > gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} > gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} > + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > > [Ppis] > # PPI whose presence in the PPI database signals that the TPM base address > -Dov