From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.71]) by mx.groups.io with SMTP id smtpd.web09.2789.1609793299973750399 for ; Mon, 04 Jan 2021 12:48:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=cLLFYRZ7; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.71, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mwch/Ib1FK75mZOW3eXwQTqapmlcSJOIy5MiRwtSRRs3EqPqYI5ZWst5CNiigKYar07oqmx+Mlf93RT/nNKpiPqfvrmJLSthWw7s/4NTXv9rj2ONCGpB55qZY8A2cwXhb9VVwvqWOm1O7U7Loi3aOGQHmWym6cUv1DklDgI34NYrI5rrwqKrhbs7EKm+7VCGK+Mi4azkR/sVmjy+I9OZEL4WdKiYVtRCameYhu1qFSkn4/jWngDVtZhzBAHF+ViY6MnPriGcIzW86+wxcl+mJyXqmVLe8CzKdWm7SH+BuY3uzku2n/Zw+nylJ8lKwGqIlT2Ah+FhbStsao++5qjP8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C2a8Bp+7Gn1En5QfFClnUmwYA5YXLkb2+T/Rjs7WDog=; b=KWOceqrXt9Oq8qdHvDdxFpfnVkoPpbXEfpVEAX2S/iqTJgnXUel6EerTpGlSIgDpLGQ4DqfYHwprnR3Ak0IER4V4ywBOjsSMnqhbXXJPao7jEs0eZ+iXH8jTAX3TAOUZzUlTsI/6rtZfzlFU0JbXF6UzqkQfemt4g4GPNHk2oA0xzXaAwougq72kc7FbGLEKHgh3/Dau9W94u/rMYVTXVOuxLpk0jVlxgVY4kDc7S9Af7lIRG7Bl5uxEu4GW7VlTv1RMU83FVkzigbCM8iPxvRopmuuVIin56Qjru4JMadiPdUv3PZ6H0awFge2YVnoJg7C5g/kKa+V+35MjROFXQQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C2a8Bp+7Gn1En5QfFClnUmwYA5YXLkb2+T/Rjs7WDog=; b=cLLFYRZ7mUv19LT8fslE5LMyxh7l5d7iqRQmDe6+lx7KzBDSMRB1dqaBf7kLOIzXNwYQpDpIZgXK3LHWuTAiAR6xv0lBI1wxx8G82Br4cG0Q9ONw0zfA8zPIE6Iz/4t8rggmIcGKeXfTvz+2y+8hg+unoIwanbMXRoR2YEwLeH8= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4960.namprd12.prod.outlook.com (2603:10b6:5:1bc::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.21; Mon, 4 Jan 2021 20:48:19 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Mon, 4 Jan 2021 20:48:18 +0000 Subject: Re: [edk2-devel] [PATCH 04/12] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check To: Laszlo Ersek , devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <17a60d57656bd9351f318d325b9bd6ef64026769.1608065471.git.thomas.lendacky@amd.com> From: "Lendacky, Thomas" Message-ID: Date: Mon, 4 Jan 2021 14:48:16 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SA9PR13CA0120.namprd13.prod.outlook.com (2603:10b6:806:24::35) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SA9PR13CA0120.namprd13.prod.outlook.com (2603:10b6:806:24::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.4 via Frontend Transport; Mon, 4 Jan 2021 20:48:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2392460c-5e5a-4b2a-ff8f-08d8b0f2112a X-MS-TrafficTypeDiagnostic: DM6PR12MB4960: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8z+X6IKnnFgXNBfhWcweznjQKWSofj1+qQUUyGt1Ee21WdwFXjprNBMN1xVvPuLOwY6J4Xo2IZNUGXUfZvouzSnbJd49dMZUiV06Eq1hajGt5c0RmxPTI3W2XbigeNOr0wJGYoIdCvogeY/HT1WPTm+5r7wE8g3Li7Rpr8DMP+EXWMQ6ry0ye5720t2raPQG9/R3C5eUT2R2gg3IxqedFBSubCLnSCHC02QHH4xUEIn6yZgnGq3xtS2Y9e/lhqSpqPClr5ZkZ/2t4L/rXtvgmF2WbrCbpyxpeeIiX2pb4LBVcwKcHG1Nx7PU0OEOGtEAY87MUjABOQWsdwybQH2/bCnWCgtXdbOCJqVNq2InRvSdcVKveYHzLGCAoOgBbvvhrU6wVYONt750F1ed9gNH1mCvQXHbnFI/1B84xo9A08i+8GNQZx7I/HDKQUw0ubfFfPAIP5H112nRzJg4Hy5R1PwpChFqxkW3yqcqapSPc7Jp498NxphWDTfg1myFc78VB0iTLEuxv+DWmVS0IUWxMm3QUhaRoXTI5Cmq0b/KEhQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(396003)(366004)(39860400002)(54906003)(31686004)(316002)(8676002)(26005)(6506007)(186003)(66946007)(53546011)(16526019)(86362001)(31696002)(52116002)(36756003)(4326008)(45080400002)(19627235002)(6512007)(6486002)(966005)(2906002)(66556008)(8936002)(66476007)(956004)(478600001)(5660300002)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?ZU84bE10YVJYbTd5dFVzckEwYlhqZTRqTkxNalJYY2FUL1NYQVpEYStPc21h?= =?utf-8?B?eW9CaXdCeHlSOXo0L2ZaQmxOeGVuTlpFSno5ZVlpaUQ4SHZ6cTBqTUFqellv?= =?utf-8?B?NVRlQVQxUVJVcDNDNklaVHVxbFppZ052RlEra2VGME93Qi8zSmlrbk5NVkhV?= =?utf-8?B?RGxxS1I3OGc3RmVaTmwzTjM3SmdNTXJkbldSUVVuU3V5ZWFObnQyajlqVkVD?= =?utf-8?B?cHVubzI2ZGVGVGdhSnpmZDhNSEh2TmdoWXQzVEhOVmR2NlJrckFZVXBqbUx4?= =?utf-8?B?bkVmR0EzekZLZnlDTUdKV28yemhMblhsMVZwczFUR0VCQ2pGTklIV3p0UTZL?= =?utf-8?B?djMxditNeXNaSjlaVFUvTFdqdXRXT1JnOSttL25Fb25oY1lpZnMzQjdIeFBS?= =?utf-8?B?bnpyOWZIQ0lSZHgwek5aNklGTzlCZjQ1YnBuYWs3YlhlbTZLL0gvSUFDUEta?= =?utf-8?B?Mk9HcGVKcGhwWW9ZMTFGVS9LbGpHenFCRkYwN2lTTGtpcEVwTVNjTDVpTzF3?= =?utf-8?B?NXJwQXZyU3cwK1hqcng0N3lHMFJ4WTdJb3dnNTRjZWxuTWRweEh5V0tKcXFx?= =?utf-8?B?ZEVSc3hhYTN3ZTYwbEtaVnJjMTRNVEpXVDI1U0VicThjekNPOGMwWm1iVmJ3?= =?utf-8?B?WkM4MFBqZzVkNy91dUVjdkpJejVrYXhUOXVPeEg0RUxYNjZaeGhHelZRSmF3?= =?utf-8?B?TmhZc3Y2R1NoZG5VT0JvTGtyU09xWkZXMWhYdTlWczg1cHkyTHJnS3ZoR00r?= =?utf-8?B?dEVsWVhKc2I3UnVsOEZXSFVMMUJ3K1Q3R0IyMUloMHZGQjJPT1JNbWhwaXAy?= =?utf-8?B?NU9TL0ZjWjR5WWFnazI3S0s4QlBYNGRON2YvdnArSE85UjE5enN0SGd5cm1C?= =?utf-8?B?eDI5Q2pGcWozKzJVZGQyWGxCaWN5Yk9lRGtjeGlBank0aW9adVVTM3dsemVU?= =?utf-8?B?WmYwSEVMWlcvUzJLNFpPbFJrVUoyY0J6elVXTWV3Y2hwT0dMTHVZZDMyK2Jr?= =?utf-8?B?QnBBMlE4VlVrV0d6aGtqalZpQVh0RjJGL25VVVJlZUQvWUZENGdXR0FMbVRn?= =?utf-8?B?c3ErVnFnVDZtaFVBOHMrcktuV3VOZHVYbEhHSC8xU2tOMlBHbDlDTjc0bGs4?= =?utf-8?B?cDQzK1UrUWFCZ1o2azllRTBza0FGOE5PZ2JGcU4yOWJXSUVCeGdFeXdXbWph?= =?utf-8?B?bVlBVFcvakNJNHZuVlp6cWJBc2UrTVhSNGZYaU9ZdWcwUTZWZUljRnpEK0la?= =?utf-8?B?YzcyMWZNTXAxRkhZSGFidEFUOXRDS1ExTHg4Nk9Wd2pZN2NzMzFmbkJHaVFl?= =?utf-8?Q?0UsoA7V65lkNnaR0tpQ4vJfB09auN/Ayf1?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jan 2021 20:48:18.7930 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 2392460c-5e5a-4b2a-ff8f-08d8b0f2112a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PwwqFzYAXsvoc/j/HcYFA1AYhuvU5k7AWUPjKF1feAOo663qvFtNwveFt2/ytcTuM1JMlQsqBrqjJZq0LoyAhA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4960 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 1/4/21 2:00 PM, Laszlo Ersek wrote: > On 12/15/20 21:51, Lendacky, Thomas wrote: >> From: Tom Lendacky >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7C653d18caa3484d3cd37608d8b0eb6075%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637453872278185152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=K8Tcu8N5gC3IxFtz2ZxNxa4hCJIAI72Gr8adBt6vaBU%3D&reserved=0 >> >> If a hypervisor incorrectly reports through CPUID that SEV-ES is not >> active, ensure that a #VC exception was not taken. If it is found that >> a #VC was taken, then the code enters a HLT loop. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Brijesh Singh >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/ResetVector/Ia32/PageTables64.asm | 15 +++++++++++++++ >> 1 file changed, 15 insertions(+) >> >> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm >> index 3cd909df4f09..b08f31157cbf 100644 >> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm >> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm >> @@ -153,6 +153,21 @@ SevEncBitLowHlt: >> jmp SevEncBitLowHlt >> >> NoSev: >> + ; >> + ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred. >> + ; >> + cmp byte[SEV_ES_WORK_AREA], 0 >> + jz NoSevPass >> + >> + ; >> + ; A #VC was received, yet CPUID indicates no SEV-ES support, something >> + ; isn't right. >> + ; >> +NoSevEsVcHlt: >> + hlt >> + jmp NoSevEsVcHlt >> + >> +NoSevPass: >> xor eax, eax >> >> SevExit: >> > > (Please consider the CLI question for this patch as well.) Yup, I'll add a CLI. Thanks, Tom > > Reviewed-by: Laszlo Ersek > > Thanks > Laszlo >