From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.73]) by mx.groups.io with SMTP id smtpd.web10.9472.1607439434304849648 for ; Tue, 08 Dec 2020 06:57:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=vpU/fmsR; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.73, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cbfCN6aMACTmCUATdaGZmiQzcMaSJ8nYS7j3Gw6SfeeWDCekKN9RRl+j01yay0Xp5SJGfQYVFI9JfbfpBYMzauTS+vMnpl9X0Pek6frM4MiZpNIJSKTX1zIFU/j6pmcfg6jCoaHV7+xKEVAqpi2OIsnelByzi85pczzQr9qG3Nlbfe1cSrDE0eKUyftIq4TYwLZZGI20lBou99E3T5eNAtkPgrHoK3gm79MBnlrGo+PmYMGibFFU63G+wnj6A9kr5N03pzdvFA5lxnlc2kE9qqSrnNc8ku1WQRFEBZbA3ZRbbIDC21kBRMfAK25c5oX1djtPqE0p7iY8aungH/50Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qAT7ncJIo/rNPAUAbaRMXqKpiO9M0K/nP3tefE7VInE=; b=L0k8IkPA8nHUkyoB38aNSvEGP5L8icI6Ra1l2P2EL2NM80zg7gEIQVVWpZGCjiuJrwOCTNm6uemhZMKlhMuXxwhKRMPyyHxRjyLEg868GuvM6sRJMG5R9ay2utcynuLKwy6+KlN67Hc6h67DktagQy5hM+YOiuddK09YDQ3m3HF+BYaqj1OSS46Elr7bCE+ebjHlUpGliAa4L7g9kqBN80jK2qLdPsAd+kWwWqvEYuTfzcH2+Br4yOR3B60BchlWMHqHJKuST2ISyi39G9MmpMIrLBACC15BC+jPITKWOvqL01VPl0ProqVFlwVIlYWMkAEKFpQSlNc5LRN9jsMLcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qAT7ncJIo/rNPAUAbaRMXqKpiO9M0K/nP3tefE7VInE=; b=vpU/fmsRMi6H1s7ml+1FRPevlmqpNqu0jiu14AISGgqKKFwl8HRcwwSaRruMN0ftnkwiOfsluqckWcvVQm2vA2l3K0SW9H0pu+OQXhGUYbo5eb4jtDt01SmkjaHXy5qA2TDS5RfLTVxHgAPZmGZ7vso8cj/CHF88kEhTi1BViTQ= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB3178.namprd12.prod.outlook.com (2603:10b6:5:18d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 14:57:12 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3632.023; Tue, 8 Dec 2020 14:57:12 +0000 Subject: Re: [edk2-devel] [PATCH v3 0/3] SEV Page Encryption Bitmap support for OVMF. To: Laszlo Ersek , devel@edk2.groups.io, ashish.kalra@amd.com Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com References: <6f1ebc14-879d-53fd-74f9-0085d869f090@redhat.com> <20201204081009.GA767@ashkalra_ubuntu_server> From: "Lendacky, Thomas" Message-ID: Date: Tue, 8 Dec 2020 08:57:10 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR07CA0012.namprd07.prod.outlook.com (2603:10b6:610:20::25) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.118] (165.204.77.1) by CH2PR07CA0012.namprd07.prod.outlook.com (2603:10b6:610:20::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 14:57:11 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7211d1b3-8d44-4124-6bd8-08d89b898b8e X-MS-TrafficTypeDiagnostic: DM6PR12MB3178: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: atezzXh3sDPXOCW1PDATbKJdsToIyzik2Bf4/qUexq4I5jqH9JaA2SWYA9FwhIgRi0fM1HZ4kPHjzb85UVU04cgtA7yi48pR6AYzFFglDcqTb8Kt3oOy8KargaxZCWuqztoti0cZ+CKgKzMRVdpQDWSnePCvlmNSoiNjsOxUGdf0rbx0Umnb+mpAJ/dwdJuFp1AEVCrwr9n4fYYQmgL9ZgoDc/3/QO0woIwlchg3HEPlvH1OTW9U5t2ih/RUwDx6NcSFUMg155o/Cp7FGX721AxBdUnaw7x0zQ0doNA9p29qTihWh4TLKN2yjZrr537kGVFjWVlXmfvxZvN1r0vXaApn7dRsMAk/UT1x2IPfhi8J2JK4biv6uTc7P/vTiWxaJ2M78l6MDESf6tkTcn0GewRhC9FoJ0lKTJGPsQHZj6BIDv1/rGa1vv90KItM4TiE1QA7BuFsiae6U6HdrvtLsFXTpBlzhznySgtiLxUBJWrkledgB1xJ+lbEnLs1Wn3A X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(376002)(396003)(39860400002)(346002)(66946007)(8676002)(4326008)(26005)(2616005)(478600001)(6636002)(66556008)(2906002)(86362001)(19627235002)(6486002)(8936002)(186003)(966005)(956004)(31696002)(5660300002)(16526019)(53546011)(16576012)(52116002)(66476007)(316002)(83380400001)(45080400002)(36756003)(31686004)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?OTY3dzJFaFFtaGxjODBVKzZiU0FVclpBU1c2MkV1ZnMzMVJOZVpONWZjZklK?= =?utf-8?B?Y3M0bFlGcjJKWklQR0F4Rm9HWEcvb0FjVHhPQ2N6OEV2c2xINUkwYlM0RXJX?= =?utf-8?B?Z3RLWE15Z3d3aDZPVkYwNnlqOFNDc1EzeFQ5SzNQN0hwN3duRjZVWmhMN0Fa?= =?utf-8?B?YkVUSnhEN0pNNXRpS05HYlBlZFcySlV0bDZNd2dEckJqcDQ2WkFhZnNodmJi?= =?utf-8?B?WUhyYWRqTzNMNUdLSTgweXNaZG11cm5icWtxNVIrMGhXSVhIMHRqeWRFYWdM?= =?utf-8?B?MU5IQ2thNEtKYmZNbW5PdURhVmZWTGthcTVQQ3JSakxnVlRIYjJzN0JWNjF0?= =?utf-8?B?S0s3M0tHSUUwank5eThXQ0hPMHpURE51ZGpTRG5rNTRDSDdQa09nRmdlVk95?= =?utf-8?B?bDVtdEFOVVphbFNZMDZmbGhHSGhRdjluMkJVaEhpL0hZZ3JsNnFmYTRCeXVu?= =?utf-8?B?ZVZUbTZsVjFkSlB6RVZhOTI0ZVdDdjBSVWpMa0xCV2dPSTVXTDc0RkZBYnBy?= =?utf-8?B?SjJvSlZBS2NVTklDMGlNQzFldEdZMXFWTGNWYU55QlpHd0Q0dmFaL096NVND?= =?utf-8?B?cm5JT0xsTUZVZTBSbHRQaXUwYTNGTnZWQUNDbHRVMm9DU0lOWkNueWFrcXF3?= =?utf-8?B?YnZiS3hzN2g3c2ZtekQrT0RNTEU1L3FJdmM4Njl1aGdTMEFQRGhzRkYxWmdN?= =?utf-8?B?YVVvZ1NSRFBvTkliZGk5dGdOb3ladmJPT0drNDUxenZuMnlZSVZjMlo1bEdr?= =?utf-8?B?MXVhQzFvSEJuWU94UU5ST2szeVd6U0VTV1FSdWNrK0ovUnpYUkU4dUNuSnpv?= =?utf-8?B?Ri9vd1FEYm9oQS9SdUR6RmN3MUtGWEtmSUpFLzUrNlZ0TS8vNTAydThvNmtl?= =?utf-8?B?YWN6Q0p5QndPZ2ZxT0ZQQzNBU0w0Y0cxeElPQzFOMitTV29WSHhzMFlnT2xM?= =?utf-8?B?aG9MREZQNHF1aUh3K3crMzdxQjNmUGxqVnBBZmliQnJsWUxHcWNQdlZJYk1k?= =?utf-8?B?V0pCQWpNZW4zV0tpcVJ2T0Z1R0w4RXQ5S09pWXlEanNOc2N4azlNamxVNXVk?= =?utf-8?B?dHlpY0JzR2xQdmIvaU5MY25uRkVwRTd6aTdGd0RsT1Z2SmVTcWkwNjVwSVpW?= =?utf-8?B?Y3Y1Z0lNeEZGUG9Ud1VmeWVQZjVtTE5RYlRkclRIa3BqZGlhd3FLelNUT2ds?= =?utf-8?B?R1BmYjJTZ3RQQ0szRHZnZ05qR3VhY29PMjQ3NElTRHFla0dHYUlxRU53QThE?= =?utf-8?B?ckVLQ29ZZVFTalVMN3VyOUVITGN0amF0citPMVBHcFFQMWVvaEFLRTM4c3Rl?= =?utf-8?Q?wZwQptEna0hsvvynzN4MROpNXPjD/i6o/+?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 14:57:12.5347 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 7211d1b3-8d44-4124-6bd8-08d89b898b8e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: leBqgrbT1xno50DKDDg1AUE0bMZmHIavQaVWW3TmF5lgDEs7sIVsHKIGpM+phZ3O0gCegUPMxAH6Pfo7/MS2Ow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3178 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 12/7/20 8:44 PM, Laszlo Ersek wrote: > On 12/04/20 09:10, Ashish Kalra wrote: >> On Fri, Dec 04, 2020 at 04:50:05AM +0100, Laszlo Ersek wrote: >>> On 12/04/20 01:03, Ashish Kalra wrote: >>>> From: Ashish Kalra >>>> >>>> By default all the SEV guest memory regions are considered encrypted, >>>> if a guest changes the encryption attribute of the page (e.g mark a >>>> page as decrypted) then notify hypervisor. Hypervisor will need to >>>> track the unencrypted pages. The information will be used during >>>> guest live migration, guest page migration and guest debugging. >>>> >>>> The patch-set also adds a new SEV and SEV-ES hypercall abstraction >>>> library to support SEV Page encryption/decryption status hypercalls >>>> for SEV and SEV-ES guests. >>>> >>>> BaseMemEncryptSevLib invokes hypercalls via this new hypercall library. >>>> >>>> A branch containing these patches is available here: >>>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fashkalra%2Fedk2%2Ftree%2Fsev_page_encryption_bitmap_v3&data=04%7C01%7Cthomas.lendacky%40amd.com%7Caa286d7e06864008110008d89b233ebc%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637429922982193672%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EjrGD2LNlji8ualk8KClh%2BhqJa5Fm0UzlmPc4%2FQvb2g%3D&reserved=0 >>>> >>>> Changes since v2: >>>> - GHCB_BASE setup during reset-vector as decrypted is marked explicitly >>>> in the hypervisor page encryption bitmap after setting the >>>> PcdSevEsIsEnabled PCD. >>>> >>>> Changes since v1: >>>> - Mark GHCB_BASE setup during reset-vector as decrypted explicitly in >>>> the hypervisor page encryption bitmap. >>>> - Resending the series with correct shallow threading. >>>> >>>> Ashish Kalra (2): >>>> OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. >>>> OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap. >>>> >>>> Brijesh Singh (1): >>>> OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall >>>> >>>> .../Include/Library/MemEncryptHypercallLib.h | 37 ++++++ >>>> .../BaseMemEncryptSevLib.inf | 1 + >>>> .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 +++ >>>> .../MemEncryptHypercallLib.c | 105 ++++++++++++++++++ >>>> .../MemEncryptHypercallLib.inf | 39 +++++++ >>>> .../X64/AsmHelperStub.nasm | 39 +++++++ >>>> OvmfPkg/OvmfPkgX64.dsc | 1 + >>>> OvmfPkg/PlatformPei/AmdSev.c | 10 ++ >>>> 8 files changed, 250 insertions(+) >>>> create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h >>>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c >>>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf >>>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm >>>> >>> >>> I'll need some time to get to this series. >>> >>> I'm fairly certain though, from a quick skim, that this series breaks >>> all DSC files under OvmfPkg except X64. Please fix that. >>> >>> >> >> Ok thanks Laszlo, i will fix this. > > Thanks. > > I can see a new comment for the series from Dov Murik, and I think > that's awesome. I'd welcome if there were lively exchanges around OVMF > patch sets. I'm selfish of course: I'd like to delegate reviews. > > So, on this patch set, I notice it does not add the new > (MemEncryptHypercallLib-related) files to Maintainers.txt, namely > section "OvmfPkg: SEV-related modules". > > Please include such a patch in v4 -- if Tom and Brijesh agree, I'd like > to put the new lib explicitly under their reviewership. Yes, no issues with that. > > Also, I plan to review this series (v4, at this point) only for > formalities. I'd like to receive an R-b from Tom or Brijesh [*], and > another from Dov or a colleague at IBM, for this series; those together > should suffice for merging the library. > > [*] Brijesh seems to be the original author of patch#2, so maybe Tom is > a better-poised reviewer for this. Will do. I know a new version is coming as well as discussion about the hypercall in general, so lets see where that goes. Thanks, Tom > > Thanks > Laszlo >