From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.77]) by mx.groups.io with SMTP id smtpd.web08.35396.1623070811490178853 for ; Mon, 07 Jun 2021 06:00:12 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=NOu1n8LI; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.77, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NMKtSlHDmJI2J0qFczF9lvKt82u08lbOZwW0dcsT7uvwPrzuej9T8Z39BE93IWKMXvqbkgb0XkBKatZSl416hSypOcCMqGvB7mXNjfMhKFujBSiHdYYggbTwJh+PEUUP0hGIXrW6N5o5wp42AVZiLztERvbqX/X4gkCVu0malEoFFPC9tW0U1lKBORssyJVURjhiEyU/k8QzOErQST2vhAjN43h9cXHRFbWYjaRzNHCgmrDBFcqdcxvHYYsxwPALD8mIv3JQvoMVuJuN87bdYIcLX1MyE1jvOQYHCV0gpFyXXCbCiueL4m44dAbbCK6IMUVyMa+ZhmhNjPrYFPKbvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yoZsLvIrTWwGH5tanHQ6HBWIKcRJ9Qke3pdwDQFsSUI=; b=E5B91RQPbEHPUvXKaXIp2hG7RseCjDjHwIq/WEzZaZzvwzy/VEwKOUMyjbvhiy3eLxK4pekBSnQhIZ+fvPnY4Urep1w/lTCOzcUc2piSgnV56xIb8RmI+8zX0msfcaBnn7U4TiiiA/eJIZrsigDkDuU4/hGzYyk/+TB0NxaUfleCgbHPAPRoguKT+iRApXSiA0N0+UckDJ46ZnTbkpLFC/EmvWfyz+AUWhM4AqPqgTRPnWbxNlCshRKeHE2LJbSm6Ds4zEZUnDV3vMheUxKFSPdYHChy2dNuLsvjagMUw3sHSX7hjPRdBNLt740CtoXNf+7gkGxzEcB7qcDw4G1WGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yoZsLvIrTWwGH5tanHQ6HBWIKcRJ9Qke3pdwDQFsSUI=; b=NOu1n8LIa6lCH88ZD386Y60YiN146PAxLAxhr9hsIR+eqJdFXrfXUn2WspGWA5qHzipaJPcTFXZwQtNrUY+N9DsQ6MDgvzNSrOezUi+TPi+qX/TCEEJRqwf17FWIAYOQc0ubyNqrFRPQR7PvvcmHELJXiDcP86suhLKEUQTOxGk= Authentication-Results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.26; Mon, 7 Jun 2021 13:00:08 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4195.030; Mon, 7 Jun 2021 13:00:08 +0000 CC: brijesh.singh@amd.com, Ard Biesheuvel Subject: Re: [edk2-devel] [PATCH RFC v3 03/22] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field To: devel@edk2.groups.io, lersek@redhat.com, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar References: <20210526231118.12946-1-brijesh.singh@amd.com> <20210526231118.12946-4-brijesh.singh@amd.com> <75ef7f40-4a2b-5aeb-7859-d8a5cfdd7f2d@redhat.com> From: "Brijesh Singh" Message-ID: Date: Mon, 7 Jun 2021 08:00:06 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 In-Reply-To: <75ef7f40-4a2b-5aeb-7859-d8a5cfdd7f2d@redhat.com> X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: SN7PR04CA0171.namprd04.prod.outlook.com (2603:10b6:806:125::26) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN7PR04CA0171.namprd04.prod.outlook.com (2603:10b6:806:125::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.22 via Frontend Transport; Mon, 7 Jun 2021 13:00:07 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 440fcfa4-ec17-4c24-fa80-08d929b42d43 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4s+F00SVAbeFKKCl3El2fyvzPqLZb54WMt+nsS3VdwhFiesvPmwCrv+kwPClDo7imXqrl+xFF3wF+hBkrjqzHPUqTorhrdIFGgIwZHe8zQ9UxvGUWTC8CbMozdiXprjgND/47xlGCUGUI/WnFOqR86CHYkn43cvA2y9bOWb1zzoeFBFj9DacMWplDLSL5xkzXLJuXPwtQYySjcNSz2lHsWC7ZsTri+EKWA4TeCO40iuEupNLT6I3vHcc6aJF1bwHKnukadyU3ZHuFSzMCPg277uBCJ2aDHoOtdGxGohlsW51HqTVo5udTjYGCJKaF4DQFm2CPWX+YIDen1Uf9r5j1XXrAs+B6uBo+e72Sps4XWXdCFSRuDug4ML/yaf3xkQGrMbLuLKkCgq/Rvvo8kzyfT37ZxJQF0Gd/1u34gl0AyXdLEipOET4iBdVblLrn0H7rBYnMe7+NGLvHatdbC1mJymEk0qq5G+SA9VpKs5FnUk00GsN/dzTD5EB0eoXsNKU/uHJYTHouIPJWbVwq2S7gFiAZY4QyBVW9tNeCfUri1uR7jf32anUh9n0VeKcBrqVAQTSWa2K0v0b2qzJVoJn2bhErI0ekCySMXIRLtH7DSrX11m/NidOjCITyA2SI3TgE4vSEJmdgN3DFehI9NqmeeVIhHyyGYpcmqxG2ugI3Tkez/A6OpMGwmVLO7zby/EfXtf1atYIyPmybnq1P5542W2ByKugUhTfcHJBCtITH0D+/SsgPHyTdx+YqBf80ti2CBkeeCQkqNRzpsMsf7uSBiVCk2WfwP4Gs+YPk7AmXaE74lAMpqA+fSy8LAD+FsC71j26dNVivtaM2fUWEgWMaYo3PlVNabjwkyRLqbS0Mxc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(396003)(39860400002)(136003)(366004)(346002)(30864003)(44832011)(86362001)(83380400001)(53546011)(316002)(31696002)(6512007)(110136005)(4326008)(6506007)(31686004)(186003)(66946007)(52116002)(26005)(38100700002)(16526019)(38350700002)(8936002)(2616005)(45080400002)(66556008)(19627235002)(6486002)(966005)(478600001)(921005)(956004)(66476007)(7416002)(5660300002)(2906002)(8676002)(36756003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?Pc+DpnqeP5HWu7Yzm5D6kaFOnJV2VthctFeWuaEMEbnTpHepvrTDvqLuj97O?= =?us-ascii?Q?cD0hTKaGDUX4MpTlmOePv8c15uBGKxX8Nyca6+Rr3sb0ju9dk+C5Zyjk0/SF?= =?us-ascii?Q?99QTENUtFeUoafE5cdD6ruvkhxZ6yD8o50TLl4gCfhkxww/iL+X2yfzj2MVL?= =?us-ascii?Q?XYP7oBOa7m8+ISjuq3b5WL7X/p0OoRYfl1MqoW1wpq3lGWlm222PzCFYDrId?= =?us-ascii?Q?bJxtPawVqa4H9locpit0t9PXsZ6yPnFvIvqqDU9QX6YvWTBAdKwbc0ILtmMZ?= =?us-ascii?Q?Oklpi6PQvybiJESS/MVB5Lu8THWjMNpCLqIUSoD20jzp9kby/FW/eU5BPZZc?= =?us-ascii?Q?HAdFYbINmZtX1GhjVvzOZfuauGx2bSboya5+EqIPOIjd8aVZ/vc7fwynNx/M?= =?us-ascii?Q?1q3ERTCLKMU/iMpQHiftxc6aZGgy91PkMRFf/KgdIr7HYYWQRXOZL3poKRiX?= =?us-ascii?Q?KeKOc+vA6FRdfQDYMG0mgXEyr59DK/YEjI4f5wvLqJsH4pnpqcDt9ASxJJrA?= =?us-ascii?Q?hSz4n9Edi0vtpFOWoJkT6eDHJ8fvuEe0kOx+OwsF/1tMkw7LoC5VnhLIxrlL?= =?us-ascii?Q?GdxJXWviHGnTf4+zKaM1b25E6uERx+CGr3ZRqc9V6eh8MdzTSXJnLn2Luvim?= =?us-ascii?Q?IXno/a8gFle6Gq+91UadCCOPv2w00aUcI/ZOdUW35gcmXKZEhvGGEUPmpF66?= =?us-ascii?Q?8EUFc+CaIPu3uTfM2u89tUN6GFdp2vA77N0e1I1T0RYnw4CIXEvf4Sl4Ns1r?= =?us-ascii?Q?nOlqpHuRmn6yhbwta0idMXvzSDuaRqZTzCNT7AUQliYpAaORDtPfO7UjzI0v?= =?us-ascii?Q?zcT4njLRojQFjxXWYM/UHL7G/VTe8VN8phj2xKswUlhZiHlwe2ocqacS6boE?= =?us-ascii?Q?jEjvmh7GVRgSeBREDF2DBPv9TBUxQVDbW2WTLLFi5dfAdmn5UmGRuQjb0anX?= =?us-ascii?Q?R7LVFpcUoQ7/CuMxfF51maKxixGFox/5JZr355RgMyuv4I+sGxdUwZO8MCZf?= =?us-ascii?Q?VqaeZOypp+RkuPAzAiyPvufWr/EHb0iJpf+CMcPxLFmImSE1Lj3FY+Irjlml?= =?us-ascii?Q?C4X07Z7IarFzr8yLk6Z3rs5ndu0R/C2eLYauGXbRNaKzwW6bPTxJ4uat+Qw9?= =?us-ascii?Q?gBZpfQVjWDAIJStFML2+F/3msutGaJZs4EBpRROBI035iGb4TcrYPcKOd48j?= =?us-ascii?Q?otW6sj6312uy9URicvbkO5Y1Kph/1paMqgZ4Usf2mZY5m4TUY8Q/maIOwBFy?= =?us-ascii?Q?8PpIPukh9sjSKwNEGgEOdn+rBXWFpJcmW0Rx3eNwU2qByDxADp/l7jKf6AXF?= =?us-ascii?Q?1kW8j4QwLO/O8Eg26zawFlKt?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 440fcfa4-ec17-4c24-fa80-08d929b42d43 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jun 2021 13:00:08.0877 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FfA4q6/sQNpZTe/3JmBU7TFzLc2KJ7MzRxie2FO8eqlf+TQwF1RePWn30FMyPtEgR2y6jpuItlQ+KFDLLUyWUQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Hi Laszlo, On 6/7/21 6:20 AM, Laszlo Ersek via groups.io wrote: > On 06/04/21 16:15, Laszlo Ersek wrote: >> On 05/27/21 01:10, Brijesh Singh wrote: >>> BZ: https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%= 2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=3D04%7C01%7Cbr= ijesh.singh%40amd.com%7C4b1c71cc4cef4dd250f608d929a640cb%7C3dd8961fe4884e60= 8e11a82d994e183d%7C0%7C0%7C637586616293720447%7CUnknown%7CTWFpbGZsb3d8eyJWI= joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sd= ata=3DWulen9mRG3lzBHDOwrwP6%2BnV6F95LgnsgDxuEadi9Ng%3D&reserved=3D0 >>> >>> Extend the workarea to include the SEV-SNP enabled fields. This will b= e set >>> when SEV-SNP is active in the guest VM. >>> >>> Cc: James Bottomley >>> Cc: Min Xu >>> Cc: Jiewen Yao >>> Cc: Tom Lendacky >>> Cc: Jordan Justen >>> Cc: Ard Biesheuvel >>> Cc: Laszlo Ersek >>> Cc: Erdem Aktas >>> Signed-off-by: Brijesh Singh >>> --- >>> OvmfPkg/PlatformPei/PlatformPei.inf | 1 + >>> OvmfPkg/Include/Library/MemEncryptSevLib.h | 3 ++- >>> OvmfPkg/PlatformPei/AmdSev.c | 26 +++++++++++++++++++++= + >>> OvmfPkg/ResetVector/Ia32/PageTables64.asm | 12 ++++++++++ >>> OvmfPkg/ResetVector/ResetVector.nasmb | 1 + >>> 5 files changed, 42 insertions(+), 1 deletion(-) >> (1) Please split this in two patches -- the PlatformPei changes should >> be a separate patch. And, I think those should come second, the >> ResetVector + header file change should come first. >> >>> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei= /PlatformPei.inf >>> index 6ef77ba7bb21..bc1dcac48343 100644 >>> --- a/OvmfPkg/PlatformPei/PlatformPei.inf >>> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf >>> @@ -110,6 +110,7 @@ [Pcd] >>> gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber >>> gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize >>> gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled >>> + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled >>> >>> [FixedPcd] >>> gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress >>> diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Incl= ude/Library/MemEncryptSevLib.h >>> index 2425d8ba0a36..24507de55c5d 100644 >>> --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h >>> +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h >>> @@ -49,7 +49,8 @@ typedef struct { >>> // >>> typedef struct _SEC_SEV_ES_WORK_AREA { >>> UINT8 SevEsEnabled; >>> - UINT8 Reserved1[7]; >>> + UINT8 SevSnpEnabled; >>> + UINT8 Reserved2[6]; >>> >>> UINT64 RandomData; >>> >>> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev= .c >>> index a8bf610022ba..67b78fd5fa36 100644 >>> --- a/OvmfPkg/PlatformPei/AmdSev.c >>> +++ b/OvmfPkg/PlatformPei/AmdSev.c >>> @@ -22,6 +22,27 @@ >>> >>> #include "Platform.h" >>> >>> +/** >>> + >>> + Initialize SEV-SNP support if running as an SEV-SNP guest. >>> + >>> + **/ >>> +STATIC >>> +VOID >>> +AmdSevSnpInitialize ( >>> + VOID >>> + ) >>> +{ >>> + RETURN_STATUS PcdStatus; >>> + >>> + if (!MemEncryptSevSnpIsEnabled ()) { >>> + return; >>> + } >>> + >>> + PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); >>> + ASSERT_RETURN_ERROR (PcdStatus); >>> +} >>> + >>> /** >>> >>> Initialize SEV-ES support if running as an SEV-ES guest. >>> @@ -209,4 +230,9 @@ AmdSevInitialize ( >>> // Check and perform SEV-ES initialization if required. >>> // >>> AmdSevEsInitialize (); >>> + >>> + // >>> + // Check and perform SEV-SNP initialization if required. >>> + // >>> + AmdSevSnpInitialize (); >>> } >>> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/Reset= Vector/Ia32/PageTables64.asm >>> index 5fae8986d9da..6838cdeec9c3 100644 >>> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm >>> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm >>> @@ -81,6 +81,11 @@ CheckSevFeatures: >>> ; the MSR check below will set the first byte of the workarea to = one. >>> mov byte[SEV_ES_WORK_AREA], 0 >>> >>> + ; Set the SevSnpEnabled field in workarea to zero to communicate = to the SEC >>> + ; phase that SEV-SNP is not enabled. If SEV-SNP is enabled, this = function >>> + ; will set it to 1. >>> + mov byte[SEV_ES_WORK_AREA_SNP], 0 >>> + >>> ; >>> ; Set up exception handlers to check for SEV-ES >>> ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm f= or >>> @@ -136,6 +141,13 @@ CheckSevFeatures: >>> ; phase that SEV-ES is enabled. >>> mov byte[SEV_ES_WORK_AREA], 1 >>> >>> + bt eax, 2 >>> + jnc GetSevEncBit >>> + >>> + ; Set the second byte of the workarea to one to communicate to th= e SEC >>> + ; phase that the SEV-SNP is enabled >>> + mov byte[SEV_ES_WORK_AREA_SNP], 1 >>> + >>> GetSevEncBit: >>> ; Get pte bit position to enable memory encryption >>> ; CPUID Fn8000_001F[EBX] - Bits 5:0 >> (2) Please mention in the commit message (of the ResetVector patch), >> and/or a comment here in the code, that SEV-SNP is never enabled if >> SEV-ES is disabled. >> >> Section "15.34.10 SEV_STATUS MSR" in the APM (doc#24593 v3.37) does not >> spell out this dependency. >> >> Furthermore, the mSevStatus / mSevEsStatus / mSevSnpStatus variable >> assignments in patch#2 do not form a "dependency cascade" like the one >> seen here in the reset vector code. >> >> While "SEV-ES depends on SEV" seems obvious to me (and so the related, >> existent jumps in the assembly code are not surprising), the statement >> "SEV-SNP depends on SEV-ES" is not *that* obvious to me. Thus a comment >> would be welcome. >> >> For *both* patches split out of this one: >> >> Reviewed-by: Laszlo Ersek > (3) Actually, no. > > This patch should be reduced to the following files only: > > - OvmfPkg/PlatformPei/AmdSev.c > - OvmfPkg/PlatformPei/PlatformPei.inf > > and the following changes should be dropped completely: > > - OvmfPkg/Include/Library/MemEncryptSevLib.h > - OvmfPkg/ResetVector/Ia32/PageTables64.asm > - OvmfPkg/ResetVector/ResetVector.nasmb > > Specifically, the "SEC_SEV_ES_WORK_AREA.SevSnpEnabled" field should > never be introduced. > > The reason is apparent only from patch #10 -- "OvmfPkg/PlatformPei: > register GHCB gpa for the SEV-SNP guest". > > The core idea is that in patch#10, in the SEC module, you can implement > SevSnpIsEnabled() by just reading MSR_SEV_STATUS, and checking the SNP > bit. Namely, while the SevSnpIsEnabled() call is made in > SevEsProtocolCheck(), i.e., before exception handling is set up in the > SEC module -- and so you indeed cannot call CPUID --, you don't *have* > to call CPUID at that call site. Where you call SevSnpIsEnabled() in > SevEsProtocolCheck(), you already know that SEV-ES is enabled, so it's > safe to just read the exact same SEV status MSR that the SEV-ES status > comes from in the first place, without any CPUID safety check. We must check the SNP Enabled inside the assembly code for the page invalidate functions, and I decided to cache the value. A similar SNP-enabled check is required in SEC phase before the ProcessLibraryConstrctorList() is called. There are two options on how we can go about doing the SNP enabled check inside the SEC phase 1. Call the SEV_STATUS MSR after reading the SEC_SEV_ES_WORK_AREA.SevEnabled. As you said, we need to be sure that ES is enabled before calling the SEV_STATUS MSR. 2. SEV_STATUS MSR is read in Reset vector for the SNP enabled check purpose. Extend the SevEsWorkArea to cache the state. =C2=A0I chose #2 because it avoids checking for ES enabled before checking the SNP enabled. I understand that in the current code path, SNP check is called inside the SevEsProtocolCheck() -- ES is already enabled, and its safe to call SEV_STATUS MSR. What if we need to check for the SNP state outside the ES-specific code block in the future? Then we will need to extend the SevEsWorkArea. So I went ahead with option #2. I have no problem reverting to option #1 and simplify the patch. I hope you understand that sometimes it's difficult to foresee which option will be preferred by the community, so I, as a contributor, can do one thing and, based on the feedback, change the course. Thanks > ( > > General request: please be explicit in the commit messages about the > data flow between modules, and why you are doing what you are doing. > Arriving at the above analysis took me 3+ hours this morning, when -- > while reviewing patch#4 -- I took issue with the proliferation of the > new fields in SEC_SEV_ES_WORK_AREA. SEC_SEV_ES_WORK_AREA is *not* a > convenience dump. We should restrict its use as much as possible. > > I double-checked how SEC_SEV_ES_WORK_AREA had evolved historically: > > > * SEC_SEV_ES_WORK_AREA.SevEsEnabled: > > 1 43c3df78460d OvmfPkg: Reserve a page in memory for the SEV-ES us= age > 2 0731236fc108 OvmfPkg/PlatformPei: Reserve SEV-ES work area if S3= is supported > 3 8a2732186a53 OvmfPkg/ResetVector: Add support for a 32-bit SEV c= heck > 4 13e5492bfdf3 OvmfPkg/Sec: Add #VC exception handling for Sec pha= se > > The "SEC_SEV_ES_WORK_AREA.SevEsEnabled" field is important for the > following reason: > > - in an SEV-ES guest, just learning about SEV requires exception > handling; thus, the Reset Vector sets up exception handling > *unconditionally*, > > - in SEC, we deal with exception handling regardless of SEV-ES, but > *how* we do that is conditional on SEV-ES. > > This means that caching the SEV-ES presence from the Reset Vector to > SEC makes a lot of sense. Given that in the Reset Vector we have > unconditional exception handling, and then in SEC we have a cached > result, we are allowed to only have conditional exception handling in > SEC. > > > * SEC_SEV_ES_WORK_AREA.RandomData, SEC_SEV_ES_WORK_AREA.EncryptionMask= : > > 1 7cb96c47a94e OvmfPkg/ResetVector: Validate the encryption bit po= sition for SEV/SEV-ES > 2 bd0c1c8e225b OvmfPkg/ResetVector: Perform a simple SEV-ES sanity= check > 3 3b32be7e7192 OvmfPkg/ResetVector: Save the encryption mask at bo= ot time > 4 b97dc4b92ba1 OvmfPkg/MemEncryptSevLib: Add an interface to retri= eve the encryption mask > > The "RandomData" and "EncryptionMask" fields in the > SEC_SEV_ES_WORK_AREA structure seem justified because they implement > some serious work (which must be done as early as possible, i.e., in > the Reset Vector), *and* caching the result of that work for the rest > of the firmware saves significant complexity (and the result is > security-related even). > > "SEC_SEV_ES_WORK_AREA.SevSnpEnabled" is unlike any of these three > fields. > > ) > > Thanks > Laszlo > >>> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVect= or/ResetVector.nasmb >>> index 5fbacaed5f9d..1971557b1c00 100644 >>> --- a/OvmfPkg/ResetVector/ResetVector.nasmb >>> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb >>> @@ -73,6 +73,7 @@ >>> %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) >>> %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) >>> %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) >>> + %define SEV_ES_WORK_AREA_SNP (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 1) >>> %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBas= e) + 8) >>> %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaB= ase) + 16) >>> %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRam= Base) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) >>> >> >> >> >> >> > > >=20 > >