From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2F392D80860 for ; Fri, 8 Mar 2024 16:10:57 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=UGrDVr/izb+ygBepgsRYfGHgpHPKzY1fiKi2i0jtTuw=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:User-Agent:Subject:To:Cc:References:From:Autocrypt:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1709914255; v=1; b=Q1hxotTwpOqxrIIEdVuhK/kLA3sDF26g2QKtuyf8kYG7DECeugq44DtS5FJCXMdMKPhQT2rG 8I1Sv7stI3u69/DvoTw4EZVpUdEV9etn6PmtOTKpicY6VX4itPuRWIqRDAukvDgUJlSSRhSW2qO +Tz419k9LiQ94M//o2sQVZ3yBYaZpHNA0LvU46wPeTkYhl+LLGxrEE6+JcfI+l5ZZBfRYdBYYHM +jSJ+nvonXc3o/xehpPIyaz8w9qwgAUW9kRh88w2nXVehlVoFBs+3ZI0qXNK7iLOaz7MH9VSkma ovbAXcXb+dG86RH/ITrCFi7aqzOXSKFAO+hxVQGlohoBg== X-Received: by 127.0.0.2 with SMTP id u6JrYY7687511xNyoSuLd67m; Fri, 08 Mar 2024 08:10:55 -0800 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.82]) by mx.groups.io with SMTP id smtpd.web10.25797.1709914254394901209 for ; Fri, 08 Mar 2024 08:10:54 -0800 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) by MW6PR12MB8867.namprd12.prod.outlook.com (2603:10b6:303:249::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.24; Fri, 8 Mar 2024 16:10:52 +0000 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::4c26:40af:e1fd:849e]) by BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::4c26:40af:e1fd:849e%7]) with mapi id 15.20.7362.024; Fri, 8 Mar 2024 16:10:51 +0000 Message-ID: Date: Fri, 08 Mar 2024 08:10:54 -0800 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM To: devel@edk2.groups.io Cc: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , Rahul Kumar , Ray Ni , Michael Roth , Anatol Belski , Anthony Perard , =?UTF-8?Q?Corvin_K=C3=B6hne?= , Gua Guo , Guo Dong , James Lu , Jianyong Wu , Rebecca Cran , Sean Rhodes References: <17BAD3BB1C3BF368.2608@groups.io> From: "Lendacky, Thomas via groups.io" Autocrypt: addr=thomas.lendacky@amd.com; keydata= xsFNBFaNZYkBEADxg5OW/ajpUG7zgnUQPsMqWPjeAxtu4YH3lCUjWWcbUgc2qDGAijsLTFv1 kEbaJdblwYs28z3chM7QkfCGMSM29JWR1fSwPH18WyAA84YtxfPD8bfb1Exwo0CRw1RLRScn 6aJhsZJFLKyVeaPO1eequEsFQurRhLyAfgaH9iazmOVZZmxsGiNRJkQv4YnM2rZYi+4vWnxN 1ebHf4S1puN0xzQsULhG3rUyV2uIsqBFtlxZ8/r9MwOJ2mvyTXHzHdJBViOalZAUo7VFt3Fb aNkR5OR65eTL0ViQiRgFfPDBgkFCSlaxZvc7qSOcrhol160bK87qn0SbYLfplwiXZY/b/+ez 0zBtIt+uhZJ38HnOLWdda/8kuLX3qhGL5aNz1AeqcE5TW4D8v9ndYeAXFhQI7kbOhr0ruUpA udREH98EmVJsADuq0RBcIEkojnme4wVDoFt1EG93YOnqMuif76YGEl3iv9tYcESEeLNruDN6 LDbE8blkR3151tdg8IkgREJ+dK+q0p9UsGfdd+H7pni6Jjcxz8mjKCx6wAuzvArA0Ciq+Scg hfIgoiYQegZjh2vF2lCUzWWatXJoy7IzeAB5LDl/E9vz72cVD8CwQZoEx4PCsHslVpW6A/6U NRAz6ShU77jkoYoI4hoGC7qZcwy84mmJqRygFnb8dOjHI1KxqQARAQABzSZUb20gTGVuZGFj a3kgPHRob21hcy5sZW5kYWNreUBhbWQuY29tPsLBmQQTAQoAQwIbIwcLCQgHAwIBBhUIAgkK CwQWAgMBAh4BAheAAhkBFiEE3Vil58OMFCw3iBv13v+a5E8wTVMFAmWDAegFCRKq1F8ACgkQ 3v+a5E8wTVOG3xAAlLuT7f6oj+Wud8dbYCeZhEX6OLfyXpZgvFoxDu62OLGxwVGX3j5SMk0w IXiJRjde3pW+Rf1QWi/rbHoaIjbjmSGXvwGw3Gikj/FWb02cqTIOxSdqf7fYJGVzl2dfsAuj aW1Aqt61VhuKEoHzIj8hAanlwg2PW+MpB2iQ9F8Z6UShjx1PZ1rVsDAZ6JdJiG1G/UBJGHmV kS1G70ZqrqhA/HZ+nHgDoUXNqtZEBc9cZA9OGNWGuP9ao9b+bkyBqnn5Nj+n4jizT0gNMwVQ h5ZYwW/T6MjA9cchOEWXxYlcsaBstW7H7RZCjz4vlH4HgGRRIpmgz29Ezg78ffBj2q+eBe01 7AuNwla7igb0mk2GdwbygunAH1lGA6CTPBlvt4JMBrtretK1a4guruUL9EiFV2xt6ls7/YXP 3/LJl9iPk8eP44RlNHudPS9sp7BiqdrzkrG1CCMBE67mf1QWaRFTUDPiIIhrazpmEtEjFLqP r0P7OC7mH/yWQHvBc1S8n+WoiPjM/HPKRQ4qGX1T2IKW6VJ/f+cccDTzjsrIXTUdW5OSKvCG 6p1EFFxSHqxTuk3CQ8TSzs0ShaSZnqO1LBU7bMMB1blHy9msrzx7QCLTw6zBfP+TpPANmfVJ mHJcT3FRPk+9MrnvCMYmlJ95/5EIuA1nlqezimrwCdc5Y5qGBbbOwU0EVo1liQEQAL7ybY01 hvEg6pOh2G1Q+/ZWmyii8xhQ0sPjvEXWb5MWvIh7RxD9V5Zv144EtbIABtR0Tws7xDObe7bb r9nlSxZPur+JDsFmtywgkd778G0nDt3i7szqzcQPOcR03U7XPDTBJXDpNwVV+L8xvx5gsr2I bhiBQd9iX8kap5k3I6wfBSZm1ZgWGQb2mbiuqODPzfzNdKr/MCtxWEsWOAf/ClFcyr+c/Eh2 +gXgC5Keh2ZIb/xO+1CrTC3Sg9l9Hs5DG3CplCbVKWmaL1y7mdCiSt2b/dXE0K1nJR9ZyRGO lfwZw1aFPHT+Ay5p6rZGzadvu7ypBoTwp62R1o456js7CyIg81O61ojiDXLUGxZN/BEYNDC9 n9q1PyfMrD42LtvOP6ZRtBeSPEH5G/5pIt4FVit0Y4wTrpG7mjBM06kHd6V+pflB8GRxTq5M 7mzLFjILUl9/BJjzYBzesspbeoT/G7e5JqbiLWXFYOeg6XJ/iOCMLdd9RL46JXYJsBZnjZD8 Rn6KVO7pqs5J9K/nJDVyCdf8JnYD5Rq6OOmgP/zDnbSUSOZWrHQWQ8v3Ef665jpoXNq+Zyob pfbeihuWfBhprWUk0P/m+cnR2qeE4yXYl4qCcWAkRyGRu2zgIwXAOXCHTqy9TW10LGq1+04+ LmJHwpAABSLtr7Jgh4erWXi9mFoRABEBAAHCwXwEGAEKACYCGwwWIQTdWKXnw4wULDeIG/Xe /5rkTzBNUwUCZYMCBQUJEqrUfAAKCRDe/5rkTzBNU7pAD/9MUrEGaaiZkyPSs/5Ax6PNmolD h0+Q8Sl4Hwve42Kjky2GYXTjxW8vP9pxtk+OAN5wrbktZb3HE61TyyniPQ5V37jto8mgdslC zZsMMm2WIm9hvNEvTk/GW+hEvKmgUS5J6z+R5mXOeP/vX8IJNpiWsc7X1NlJghFq3A6Qas49 CT81ua7/EujW17odx5XPXyTfpPs+/dq/3eR3tJ06DNxnQfh7FdyveWWpxb/S2IhWRTI+eGVD ah54YVJcD6lUdyYB/D4Byu4HVrDtvVGUS1diRUOtDP2dBJybc7sZWaIXotfkUkZDzIM2m95K oczeBoBdOQtoHTJsFRqOfC9x4S+zd0hXklViBNQb97ZXoHtOyrGSiUCNXTHmG+4Rs7Oo0Dh1 UUlukWFxh5vFKSjr4uVuYk7mcx80rAheB9sz7zRWyBfTqCinTrgqG6HndNa0oTcqNI9mDjJr NdQdtvYxECabwtPaShqnRIE7HhQPu8Xr9adirnDw1Wruafmyxnn5W3rhJy06etmP0pzL6frN y46PmDPicLjX/srgemvLtHoeVRplL9ATAkmQ7yxXc6wBSwf1BYs9gAiwXbU1vMod0AXXRBym 0qhojoaSdRP5XTShfvOYdDozraaKx5Wx8X+oZvvjbbHhHGPL2seq97fp3nZ9h8TIQXRhO+aY vFkWitqCJg== In-Reply-To: <17BAD3BB1C3BF368.2608@groups.io> X-ClientProxiedBy: SN1PR12CA0081.namprd12.prod.outlook.com (2603:10b6:802:21::16) To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|MW6PR12MB8867:EE_ X-MS-Office365-Filtering-Correlation-Id: 489fc903-3ce2-461f-2e1a-08dc3f8a536a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: jYQJ8ehOP6uCCWyUIVlwbqmEHo09pstN1/7JEjsKhZVHJyy6zalovzudySIE03RkV/jA3DyOJJMV8dZh5AuMiieyEGXbtP74cYg6Up+xoVIM99VxvJzMJoduWZmmTFYWkMpYB4wZnkk/rxOmbloDrKZrlrO6mmfVV41i4EkrpEXKA/xVznRbYSDGHM5R3yx2R8GuZIO6S1PyQaMwsUO6LeQW/AfOyc/xJssyhqDonlLbDhy6JblJs+PQ6q5Cwb7Si2sCVHtTH/xfWwHU4976LxrxhoQNLRtelf5jvbgkgCV0IHqoNHWbaOAoTH7YCxYbrqnoNdiH5UfODIOam/k8Zwx+BEQTgJmaFP+Kq2dI+xJUDtzaz2cZ+gOqTQ61CJLInJD+mAaohjOqYfU+Av9UQOcCj+4/kAbHymqpM1/vZ3iPglWTEzCLrr1vzH+tCVC3Me0/qnBRLau7qKJLEXMJu27v2XHxssoyrtJUbNCelyVz0pFI6XAwSdPT8KgyIp7KFI7x2JsUk6Q71XxBMaDX3sBjje7MBIvrVP7HwrrZZSxJziqzP9naFUWZj6hE+JwVgnRvcG+hpLaZVHrteMWCN/CeKXz/8M0+97zrwl81Lrg= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MmxIVG9nUXlQeE41VzJqd1dSTURlcHk0dGZaMEdvQlUrSzVqTWc5Y3FmNDBP?= =?utf-8?B?U0pTejJYZE9RK0lhR1JEVmFHSGNzTVMybTJLdVdVUDYwVHNZTVdCOG5pc3Qx?= =?utf-8?B?Skt5eExnZnNaVk05VjBtL0F3bGJ4RE9YK1kzODRIbExDR0s4aytSdHM2RkJz?= =?utf-8?B?N3NEbFpKUm4vVThhSjdOcS8rbVZBbXBlVXgrQTVRSVI4N2RXODRTb0pvZUJP?= =?utf-8?B?UGNOcHZOV0U1MzlScER3VmRlSnc0Wml2TFNDS1dpNHdJd0FHU1dmMGY1RldV?= =?utf-8?B?dFZwWFNIZzg2VG5wOHU4M3NJdEhtdWZtcWZlWmxEZmpRQW52RWYzTDhXY1Jj?= =?utf-8?B?VkFJeXRNcVR0TENqdEJZNVZlSU1ZYWxBUUU5dDBGQWFqYWFVbFdYdnpyNGFv?= =?utf-8?B?bDZJN0ZZeXlnVGhEWm5nNC9HRzJsODVhUjA1azJvcyt4b2pSZzVqSGhCQWhs?= =?utf-8?B?MVNUeURZSkxNWkpBS1ZPaUtxUTd6V29CQWU4U0lNb0lETGgvZXRtZzlZa1M1?= =?utf-8?B?aVlVUEVlcVB5bDhHTS9xNUJxODRLWmVxM003R21kSFZEOEJQZFY0dmQzSWZK?= =?utf-8?B?S0w4UVRXa3FINzlnWFN4b2VWZFUvazFXSVFRVGpUVWVDTERYK1FXQlRXNWdm?= =?utf-8?B?WEFYeis0b01VSTRqY21EN29BUjhoanJxRzJKSS9WWU9NSU5EMENZcE5PS1Vj?= =?utf-8?B?aVZFbXg4a1FQSS81RXM1d0Zqc1U5RzY4MWc2SUhTa3ZENDQ3eWtYbFlaRjFH?= =?utf-8?B?dWdqbmlxNWVUQ2tGOFFBd0hzdHkzVExBYWhqRFZvcC9RZ1RvVWdpZERRUkU0?= =?utf-8?B?ejBEWWdZai9sT0ExajJ4OHR5cTVhbHhWSmJNazNGcXE4Sys5ZE5wcDJOTW9B?= =?utf-8?B?NHRhUXVGNmZvaDUzSlRnTTJQdUZBYnFGd1BhcTJYcDZHOW94RUdUSjdudGlB?= =?utf-8?B?eGxuSnZBSjNTSzZvbVBzVjlqMHlBLy9DRXE5RS82ckdGZWNmaGtwNUpWUDFD?= =?utf-8?B?dVJUMzk4RGZNemx2NDY1QW0zd1Z2Z3M2Q08rWThIWnI5Nk5zWWNxSGNxOWU5?= =?utf-8?B?dzAwMk9mYkYzMDZHZUVuRmlkSWxKR1lRaTVxay9lUmo3NkJaY3Q4cDBJbkhQ?= =?utf-8?B?bVBZZkQwMGFodE5RTm9xcWpTVUpiUzc2YXY1VGZxWGF1RHpPUWxpOEthelZG?= =?utf-8?B?TVhtZ0tHYXFIbVJxenZWL2tQSU5DRXVwYU1UYkZVVmdxSGdyMmp4REQrcnNR?= =?utf-8?B?bDcrYlRuY3NJSFJlNU1TdHpZMDZqNDU3MUhSbXlLV1FmbWNJK2JwSzJJVlZa?= =?utf-8?B?WWZHN291d205RkdYdHRHUDVCS3FYUlpMem0zWS9xVDVUTkVDVTYveExJOWVF?= =?utf-8?B?Q0xpWVUyM3pMUnJ0c1BIZ3hCcDBSUzRUdGlrdjV5dnBNejZMdGphTkZHU0tG?= =?utf-8?B?MUtGOFYwK1pWK3RMYVd1cm1oSnlYMDRRWElYRlMwRkwyYU9BSm9kaERkKzlL?= =?utf-8?B?MW1DWllmS1kwUHh4aHBHUlFyblVhT0NQZFFXUHhJc3lRUXI5cXhYNWZpYzlp?= =?utf-8?B?ZU14cVFRd28ybnpubzZxTFlPbkxTWGwzNkpjOHNNSmZSMUtXc2w4RTllNU5z?= =?utf-8?B?QzZwK2hKOEoyMjJuTE1KQnFYUklPUHlNZXVtek9EQWUrQmQ2bGNlMDVlOUxi?= =?utf-8?B?am5XaVV4NW1uZ21GUnBmVU04cHY1ZUdaQS9CMk9BZ24yMERoM29kQ0FNRG1Z?= =?utf-8?B?V0pHMU9DSDhxMWMyM1o3RFU3WDFnQ3FzKzlHZ2lkSWthSU05eDJwZ1NieFhk?= =?utf-8?B?Vm4vaCsyOEU4Vm9UcXAwQXl2anUzcDJwckF5ODMrRWNqQVhqaGN2VlVRaWxj?= =?utf-8?B?aDhwc0NYTEV2dnhtOGdkY3FtQTRUVEdvWVVtMDdVNDNtWGVlMjJUcGxyd0JS?= =?utf-8?B?NENFL1dvUG5WRDc2QWUwVzl2K1QraHFKVGt4cWJHam1GOEVWdEFpR1JPWjJU?= =?utf-8?B?cU5GN1AwdW55UFBQTXJSRG5HU2Fydk41K05SNXIxYm1lTUdjcytJYmh4cXFL?= =?utf-8?B?cC9LQTd0ZFIwTHJaamRhSUhHaDcrK1N6K0VBSVNXOUZUWW92bUM5bENrL3lZ?= =?utf-8?Q?3aDF8xko/RfSiRt+E3ztuQKSP?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 489fc903-3ce2-461f-2e1a-08dc3f8a536a X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2024 16:10:51.8502 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hS/vPW5kVidD8xSEfS0a0tMcjIqtXNf/63MooIEHaGj7HhbsUCAbYk9c61mMOAF+tm19SdR9ZvTyh0L/41ge9A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8867 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: cnbOGhZDGWleyhcLHzX6woozx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Q1hxotTw; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=pass (policy=none) header.from=groups.io On 3/8/24 09:30, Lendacky, Thomas via groups.io wrote: >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 >=20 > This series adds SEV-SNP support for running OVMF under an Secure VM > Service Module (SVSM) at a less privileged VM Privilege Level (VMPL). > By running at a less priviledged VMPL, the SVSM can be used to provide > services, e.g. a virtual TPM, for the guest OS within the SEV-SNP > confidential VM (CVM) rather than trust such services from the hypervisor= . >=20 > Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are > certain SNP related operations that require that VMPL level. Specifically= , > the PVALIDATE instruction and the RMPADJUST instruction when setting the > the VMSA attribute of a page (used when starting APs). >=20 > If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must > use an SVSM (which is running at VMPL0) to perform the operations that > it is no longer able to perform. >=20 > When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that > it will be starting. As a result, the GHCB APIC ID retrieval action must > be performed. Since this service can also work with SEV-SNP running at > VMPL0, the patches to make use of this feature are near the beginning of > the series. >=20 > How OVMF interacts with and uses the SVSM is documented in the SVSM > specification [1] and the GHCB specification [2]. >=20 > This support creates a new AmdSvsmLib library that is used by MpInitLib. > The edk2-platforms repo requires updates/patches to add the new library > requirement. To accomodate that, this series could be split between: >=20 > patch number 12: > UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVS= M >=20 > and patch number 13: > UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library >=20 > The updates to edk2-platforms can be applied at the split. I have the edk2-platforms patch series prepared but will hold off on=20 sending until this series settles and is ready to merge. Thanks, Tom >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116551): https://edk2.groups.io/g/devel/message/116551 Mute This Topic: https://groups.io/mt/104810672/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-