From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.67]) by mx.groups.io with SMTP id smtpd.web11.9707.1652804798976919511 for ; Tue, 17 May 2022 09:26:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=XRtW09fY; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.67, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cY+eMsB4mXLntU51OOZuW/AqE335xPQa0q5qT5s1ThJJFSLeT5JB5oBbYbkpAK6Fe+16qSU5B2BwFePSaEtO7KVr+ZpbVZUgZm9kidG/H+MK6ZOQEYgh0YFNNW3AbjDlDBR7pteHWBMz6j0xvqzU/Kj1LmY3/KJavdphi9x3FSh5dMLciIzb/EcoDznwAsF32Sx7QAwdQR+Ec9RMI0h4OHfNaxkBPimBcO8wJsHnrzaW+wwZCYnwTibYryp69+GVWsrZZTnNfuDmg8OylEl6pMCOhtO6N9JglRF0GcHzv/+tWiB2bzUKXLh6uP9VgsRhkoJk/D8b93WAar6HY1GhEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ydCUWyZlRrvXundVu+LboBkxt49cYpBl8gsOpIkVeCk=; b=azqVIni54rNxbZY9+R8W+UwCICXKkZbcgPma51CofjIB9H8wQDl0KuQX7vFVuk+l6Uz2efXAa8AkvA9HWk+uHcm0T3C9mXWjKt/Qf6jfFkT9+NdjPHcb9tP6sJuoVOn1QU0haIukLBCui3SnvuF2KVEPzyAiSGf8lxI5OOH1yGkXFPsu3kP7IEqY7oicVFofEsUWEVh60Kgvc/JdzY98mXoSwhNdzXrJYmayy9IeQoiv/qyndTG/Vv188uwErjj0GgWY8uKpKLOO6LsoynKLYRiBLuOQT7KaasjghCCuB+qYp62nL4t9MB6fGDLbZG3543bcbiXNle7gMpI4ojHcWA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ydCUWyZlRrvXundVu+LboBkxt49cYpBl8gsOpIkVeCk=; b=XRtW09fYFbd32iR/kKoNPP1AMH2sxW8YRDdOx3USjoB8EClNwZ+OWRSXyB3GQ5zYORAvlJMua3IJ4cH8wHIiAyXXwCiv3JNcXO1kxJJbDEi4uCjErJ5xFfSmaRqZ05Ukd91jD1Ed8/uiTQ5h3vSe3ZtODKJlANY2aaXNw1pJhsw= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by MN2PR12MB3968.namprd12.prod.outlook.com (2603:10b6:208:16f::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Tue, 17 May 2022 16:26:35 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::db8:5b23:acf0:6f9a]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::db8:5b23:acf0:6f9a%4]) with mapi id 15.20.5250.018; Tue, 17 May 2022 16:26:35 +0000 Message-ID: Date: Tue, 17 May 2022 11:26:33 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Make an Ia32/X64 hybrid build work with SEV To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Erdem Aktas , James Bottomley , Michael Roth , Min Xu References: <16EFAF988BEBA4A6.18257@groups.io> From: "Lendacky, Thomas" In-Reply-To: <16EFAF988BEBA4A6.18257@groups.io> X-ClientProxiedBy: CH0PR04CA0113.namprd04.prod.outlook.com (2603:10b6:610:75::28) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6ce2b73d-d41f-4507-5c3f-08da382202e8 X-MS-TrafficTypeDiagnostic: MN2PR12MB3968:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WFmYVzo8Dj//IHeYxH5OTv92/qX9IbQHyi/Dg++A1yZsxo/XMcEDS+1B8dwTXttzJxFoXisGKrAFTETZ22SmdWCkZFxSKwFYRNFwlJd1dX/U1r8AvjCDC2cJR0l1c+koz4mffem4H5BWRH8ymxzrbN3ngkeLR3tsHwoeWqh4AF8hhQwQvB8pewclbVVS4zhIgbieeu2gJFpJiAhswIIL5ASd387KC9txQ4xjeIfblybzRIT2Sx+FzH6j0Ev9Kkv4TsIcle0esd48ecc9GJz3EqEZGRx8oq24fxn7hLhPu+RlZCBSGhfwN7/PXXR/2Z0a/ZZZk7eJmuXOGcVeU8SYxu682+7kw3c3GaGWvg0XXbPHjtcwsyzYfBsGTdRpVKjIrWWRBD/P2aWPswbFDlFhgf7OJnPvrN8ulWCkTByywFzbljeQEMyHoucLyxPaliP7WErkn+6SzPsi2AaANCBarjsQotWjT+Z2W+fl32Huci6W4flGIcbNiniSNYd4G8T5rC223Xan0QM01UfSTjo1ByteQLOSvd8QHeTJhFw9tFJAUe6Z7HUvF6y11UdDwkwtxS+OzNW4lbuyfRblTs90XZa7rLxq9RoWSrAFd/uVtU4+VGJg6nhgcIh6z42Hx4I92eQcSJubGvuh5qgSEz3hGEsUqVgryWy/EXAG3UciYD9Trvc1jWtyPZJm6rFtvcUyBb4K4Cxf1ODz4evJIG20+tUODG2dEP+i1DChIEHyFpuRa/+XW/yflvAWzDxBOXPg X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(19627235002)(31686004)(186003)(36756003)(5660300002)(83380400001)(316002)(38100700002)(6916009)(54906003)(6512007)(30864003)(2906002)(26005)(31696002)(86362001)(2616005)(4326008)(8676002)(66476007)(66556008)(66946007)(8936002)(508600001)(53546011)(6506007)(6486002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?R0FvNFpVQllmMnZIZDdwdG5Ld2dhSGNMSURFbmtaNUlNRXhJeHQrYUdJbVo1?= =?utf-8?B?SXdSbXU4SUVOOTRzNEhpckVIZ2lZNjRnWmE1T3lLU1FFeVhpK0dhZEVxUS9J?= =?utf-8?B?QVBlRDFCT1duMFNGT1FKMzBzMGpocUNoUCt4K2ZYRllLUXNuOFFZM3lpeGlw?= =?utf-8?B?QlBoU1M2STR5MmFPV0RsK3EzZi8vK2VSYlEzeVdpamJBZ2xnVVJsQWt0REZ5?= =?utf-8?B?RUxUbDBLUlNDbjZPWWNZK3R4VW1HZElxQ0U4Q1lVVzRjOGZ3MUZSTVZXY3Er?= =?utf-8?B?UXlvcWN1NmlGMGR6dTEyaThBOFBFeVhLUGRCK2s3aGV5eUtySmMrK1dnQVV6?= =?utf-8?B?cytibGJ5aTd6Nml5ZlJNaCs3TmNwR00rbXRaSXJaRWRja1RDTkp5S2luNnkx?= =?utf-8?B?aUpyakNpcE9Ja1ZMeFdzb0pka0F5WGJuRE1ybU4vdFk1ZFhrVVo4VnRSeHZy?= =?utf-8?B?OVJ6azNhMGtGbG9yZDdjVXV5dktxVDNNV0VJZkxxSmZyd3o0ZmE0OFUycVU0?= =?utf-8?B?Qk1UaW03RUJHUzBYSEhkdGdsSGVremo3K1Mrbm50am40Y1NmbDB3d2drMDIz?= =?utf-8?B?TjBod0cvdThvQVE3K1NLS2lkUHpPWjhEZEh5aERVQ0hxeFRMdUZ1TTZuNkli?= =?utf-8?B?REwyODROeXFWSG1IV3RJczZueGVFTVpxNkJ6MWxiN0ZuSlAxaGt6emwzU3gz?= =?utf-8?B?cW1NQWZjVjVSNHphM2Z6czFvT05JaWg4RExYanlXcWVXdmM0ejlJTlZpTk5q?= =?utf-8?B?N1hYdWRSYXM5QUkzZm5FTVVQZE9pNFBkeFBNRytLU3gyRyt5WmZ0QUdHamFQ?= =?utf-8?B?N0M0N3pDN09MSktmQVQrQ0pkaEhzVU9YR1RPejQxSXJITm9mN2F5THN3ajNv?= =?utf-8?B?bGFvMHpPNHZzQzB3eVRLamdjSGUyTUprM2xwRWIzcjFQN2JyUDkxQysxRnBB?= =?utf-8?B?VVVpbHpyVm01Z1VXMWw1ank3UjRNU05iR2t0eHZUVGVIdllWcUZYSFpQYXds?= =?utf-8?B?NG9CQ0c3Vlpyd3VPQTRQM1NoQk5hYy9ZZ1dlWHlwaEd3dGp3SmxIT2FIWkVC?= =?utf-8?B?WGRlek9PZStTQTA0QzY3aXJYQ2xJRjR0Tk9JTHdQc0w5S0FCZHdqUGprMmNG?= =?utf-8?B?V2liaWtJT1pJRno4bnJ3TTA4OUo3cWJXWGpWRm85d2JPMDEvaGxsY1cvU2dS?= =?utf-8?B?RHlEWVBSL0dmZWZYbE9VTy81NmFwQStmVDJlTkw3dVZBT1lwaDlOVWRiQzdL?= =?utf-8?B?RFcvVjVwaG9uY0h6akZXcTBJRjlna2xDMnhiK0N3b09NUmUyVDZmclVRa1o2?= =?utf-8?B?QklyVldLd0d4RjBwTXcydXhkeGtMelBvT0c0RW1xWmpuaDNBREVGVGU5Q2No?= =?utf-8?B?UWRXRHJHdWpCS0RwN0dJcFRvOURvY3ZFUTVEMVpMYVpEVVE2aVpLNGhPRWJ4?= =?utf-8?B?dk9KcGo2NDlUYmttb3ZoLzIxcUV5bW12WjN6TG1EUXhKNTJzN3VsWnFGaVpW?= =?utf-8?B?aFFld3RuRHIyRnNWSzROVkp4QlUxWDJPazRFMFV1Y3dSbmxZelR1OTNiUVNT?= =?utf-8?B?dlVBSXgzbHNVYVVvME1yK0xST0N4dGxKcnorWHN1ekNXLzcydDM4QlJOUjNo?= =?utf-8?B?V1U4c1BRMG1yZUhhYUJwVHlpcnEzbzliV2JrWnZ2Vy8yelRUZ21JSEZlRi9y?= =?utf-8?B?SG1nQmpiSWo2cnB0ZVpMUTZXc2N6L3F0TTJiWUk4UjZzekxnMjFkc2NoOU9O?= =?utf-8?B?OC9tNnp4aldRS1FNQXMwTXBETG5qMGkxemNoS3dObGtiZG9ZWVBHbmRTS0RM?= =?utf-8?B?Q3hSYy9PRCswbkNnbzk0YVQwdGhuNUI4Rng1bkYrcGxwSkhqRDNSRlN2ZXZG?= =?utf-8?B?U1B6OXdnZldhcDJMbjZSSTNpaHMyTmhab1RCMG8yY0pCSjN2ZmtuWHdZckFq?= =?utf-8?B?TTVmeTBRY3hLSGZQcmdLRjFrcnRGVzJwQkh4Q0JHRk5mK3dxRWtvaVIrZjBU?= =?utf-8?B?Q2taTUIrWjd4WkF3VTFxY08wVHJrcjc0dXhid1BPV0hrOGNuVmxNNTgzRlNI?= =?utf-8?B?cWFMSGl5TjNkdjlITTNoUFNnM2kyN0ZGU2R1b2RvZnV6UFd5T2RYWXVrditV?= =?utf-8?B?MUJMWnJ3VUVqeTk4T1NUWUlVYkoxNXFzTTNJbGRYSldOTWN3OHZJT2RkMk0y?= =?utf-8?B?eUljaG9SaHdJMHNGS1RYVWVOL3hQck53Z3JjSzF0TUluZWtUc1duRzNxb2hK?= =?utf-8?B?K3dKZEthdjZHeThUSzhqYjJoYW4xbGJRS3ZZOVlHcTVKMjU0Ukd0TENuaDFi?= =?utf-8?B?dHZISWVtVmpnNlpBSFIxTFJsUnJhcm8vWGcyUG5zWFVpSlR0M2laZz09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6ce2b73d-d41f-4507-5c3f-08da382202e8 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2022 16:26:35.6864 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AJcI2bL1TOja49/qa2H49zGsrlNtKvDCdGgvt+01kVVc4zPnBcjGzT/6oo4KWKb9OW1///pUm+Btc9fJJ0/0yw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3968 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 5/16/22 15:24, Lendacky, Thomas via groups.io wrote: > The BaseMemEncryptSevLib functionality was updated to rely on the use of > the OVMF/SEV workarea to check for SEV guests. However, this area is only > updated when running the X64 OVMF build, not the hybrid Ia32/X64 build. > Base SEV support is allowed under the Ia32/X64 build, but it now fails > to boot as a result of the change. > > Update the ResetVector code to check for SEV features when built for > 32-bit mode, not just 64-bit mode (requiring updates to both the Ia32 > and Ia32X64 fdf files). So this is a regression and it would be great if it could be applied to the 202205 release. Can folks take a look and make sure it looks safe to them for applying during hard feature freeze? If it's ok to be applied now, is there a particular process for applying this during hard freeze? Thanks, Tom > > Fixes: f1d1c337e7c0575da7fd248b2dd9cffc755940df > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Cc: Jordan Justen > Cc: Gerd Hoffmann > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Michael Roth > Cc: Min Xu > Signed-off-by: Tom Lendacky > --- > OvmfPkg/OvmfPkgIa32.fdf | 11 +++ > OvmfPkg/OvmfPkgIa32X64.fdf | 8 +++ > OvmfPkg/OvmfPkgX64.fdf | 3 +- > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 4 ++ > OvmfPkg/ResetVector/Main.asm | 6 ++ > OvmfPkg/ResetVector/ResetVector.nasmb | 72 ++++++++++---------- > 6 files changed, 67 insertions(+), 37 deletions(-) > > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > index 3ab1755749d4..57d13b7130bc 100644 > --- a/OvmfPkg/OvmfPkgIa32.fdf > +++ b/OvmfPkg/OvmfPkgIa32.fdf > @@ -76,6 +76,9 @@ [FD.MEMFD] > 0x007000|0x001000 > gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize > > +0x008000|0x001000 > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize > + > 0x010000|0x010000 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize > > @@ -87,6 +90,14 @@ [FD.MEMFD] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize > FV = DXEFV > > +########################################################################################## > +# Set the SEV-ES specific work area PCDs (used for all forms of SEV since the > +# the SEV STATUS MSR is now saved in the work area) > +# > +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader > +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader > +########################################################################################## > + > ################################################################################ > > [FV.SECFV] > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > index e1638fa6ea38..ccde366887a9 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > @@ -90,6 +90,14 @@ [FD.MEMFD] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize > FV = DXEFV > > +########################################################################################## > +# Set the SEV-ES specific work area PCDs (used for all forms of SEV since the > +# the SEV STATUS MSR is now saved in the work area) > +# > +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader > +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader > +########################################################################################## > + > ################################################################################ > > [FV.SECFV] > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > index aa9a83032d9b..438806fba8f1 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -106,7 +106,8 @@ [FD.MEMFD] > FV = DXEFV > > ########################################################################################## > -# Set the SEV-ES specific work area PCDs > +# Set the SEV-ES specific work area PCDs (used for all forms of SEV since the > +# the SEV STATUS MSR is now saved in the work area) > # > SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader > SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader > diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > index 864d68385342..9350b0406833 100644 > --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > @@ -150,6 +150,8 @@ BITS 32 > SevEsUnexpectedRespTerminate: > TerminateVmgExit TERM_UNEXPECTED_RESP_CODE > > +%ifdef ARCH_X64 > + > ; If SEV-ES is enabled then initialize and make the GHCB page shared > SevClearPageEncMaskForGhcbPage: > ; Check if SEV is enabled > @@ -209,6 +211,8 @@ GetSevCBitMaskAbove31: > GetSevCBitMaskAbove31Exit: > OneTimeCallRet GetSevCBitMaskAbove31 > > +%endif > + > ; Check if Secure Encrypted Virtualization (SEV) features are enabled. > ; > ; Register usage is tight in this routine, so multiple calls for the > diff --git a/OvmfPkg/ResetVector/Main.asm b/OvmfPkg/ResetVector/Main.asm > index 5cfc0b5c72b1..46cfa87c4c0a 100644 > --- a/OvmfPkg/ResetVector/Main.asm > +++ b/OvmfPkg/ResetVector/Main.asm > @@ -75,6 +75,12 @@ SearchBfv: > > %ifdef ARCH_IA32 > > + ; > + ; SEV support can be built and run using the Ia32/X64 split environment. > + ; Set the OVMF/SEV work area as appropriate. > + ; > + OneTimeCall CheckSevFeatures > + > ; > ; Restore initial EAX value into the EAX register > ; > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb > index 9421f4818907..94fbb0a87b37 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -47,7 +47,36 @@ > %include "Ia32/SearchForBfvBase.asm" > %include "Ia32/SearchForSecEntry.asm" > > -%define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase)) > +%define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase)) > +%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset)) > + > +%define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) > +%define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) > +%define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) > +%define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) > +%define SEV_ES_WORK_AREA_SIZE 25 > +%define SEV_ES_WORK_AREA_STATUS_MSR (FixedPcdGet32 (PcdSevEsWorkAreaBase)) > +%define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8) > +%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16) > +%define SEV_ES_WORK_AREA_RECEIVED_VC (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 24) > +%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) > +%define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase)) > +%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize)) > +%define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase)) > +%define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize)) > +%define SNP_SEC_MEM_BASE_DESC_1 (FixedPcdGet32 (PcdOvmfSecPageTablesBase)) > +%define SNP_SEC_MEM_SIZE_DESC_1 (FixedPcdGet32 (PcdOvmfSecGhcbBase) - SNP_SEC_MEM_BASE_DESC_1) > +; > +; The PcdOvmfSecGhcbBase reserves two GHCB pages. The first page is used > +; as GHCB shared page and second is used for bookkeeping to support the > +; nested GHCB in SEC phase. The bookkeeping page is mapped private. The VMM > +; does not need to validate the shared page but it need to validate the > +; bookkeeping page. > +; > +%define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000) > +%define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE_DESC_2) > +%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE) > +%define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3) > > %ifdef ARCH_X64 > #include > @@ -94,43 +123,14 @@ > %define TDX_WORK_AREA_PGTBL_READY (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 4) > %define TDX_WORK_AREA_GPAW (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 8) > > - %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset)) > + %include "X64/IntelTdxMetadata.asm" > + %include "Ia32/Flat32ToFlat64.asm" > + %include "Ia32/PageTables64.asm" > + %include "Ia32/IntelTdx.asm" > + %include "X64/OvmfSevMetadata.asm" > +%endif > > - %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) > - %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) > - %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) > - %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) > - %define SEV_ES_WORK_AREA_SIZE 25 > - %define SEV_ES_WORK_AREA_STATUS_MSR (FixedPcdGet32 (PcdSevEsWorkAreaBase)) > - %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8) > - %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16) > - %define SEV_ES_WORK_AREA_RECEIVED_VC (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 24) > - %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) > - %define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase)) > - %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize)) > - %define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase)) > - %define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize)) > - %define SNP_SEC_MEM_BASE_DESC_1 (FixedPcdGet32 (PcdOvmfSecPageTablesBase)) > - %define SNP_SEC_MEM_SIZE_DESC_1 (FixedPcdGet32 (PcdOvmfSecGhcbBase) - SNP_SEC_MEM_BASE_DESC_1) > - ; > - ; The PcdOvmfSecGhcbBase reserves two GHCB pages. The first page is used > - ; as GHCB shared page and second is used for bookkeeping to support the > - ; nested GHCB in SEC phase. The bookkeeping page is mapped private. The VMM > - ; does not need to validate the shared page but it need to validate the > - ; bookkeeping page. > - ; > - %define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000) > - %define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE_DESC_2) > - %define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE) > - %define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3) > - > -%include "X64/IntelTdxMetadata.asm" > -%include "Ia32/Flat32ToFlat64.asm" > %include "Ia32/AmdSev.asm" > -%include "Ia32/PageTables64.asm" > -%include "Ia32/IntelTdx.asm" > -%include "X64/OvmfSevMetadata.asm" > -%endif > > %include "Ia16/Real16ToFlat32.asm" > %include "Ia16/Init16.asm"