From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.49]) by mx.groups.io with SMTP id smtpd.web08.10212.1619716350715768253 for ; Thu, 29 Apr 2021 10:12:31 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=HHVaWq+p; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.49, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YwD7GWVOgZWXmD+mllwyGSzYVqdj1IcUjpTewgZOcIGK3mU8f8ArgbSkf5jVGTooLHvkSDtVex/4BBNgm8FfgGz4MNlqtjYjuE/8KsUwKRcFqYdU5LLBEc0EP/PvqSMuEPw9765oZMTk5tX8CzahHuvbCH72SDWNmQV1oBv3SA72I45pc65GoqzJTFUmxOGiQR2xX4C2cduTkyR2H798IkRpR1aPzfOOhP2kGymMWFkNiFr6JjiTFMtqcp8/aEOjXik6qmKSfQS+uXM1G8awCt9WjsiqmUGGPBRIwJ/hvhgCxQnS5vJpcsmO8njDSRQluV2679hqKrKjAUQDsFJbGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6Cv+2UPBbA3u1hSFgJbIsoHRaliRaR5N/NW8Bia2sMw=; b=nDbcQTSE+9mhCwA84n6rNp1/IdUO+fbsN8SIZf8hm0QugyoTwfGN9eIHUbVmfjS9Snov4/pN2/EzrbjPb/upE6zm81waRc81UpBhcKP5q8KMGYLJyTrNmA8a/uThIjvITNZL+nxeXNrKHfswIgVXoMbJ5FtoneI9EM0U32/a/NfbHrteM5seDQj31aHxUo28XoFW8XjBHp8BbCtNRb5Fz0kz/MhtrKbc8elSFq0JqpJu/UrywAT0iTjNQeN82A56oHOX0zo579V+7NZPUKthiPFObEULIJcDEihUzy2YcHU++jFm9WBsfgmNqm4vERFmKO0uvXFwonHHJw04MJnh2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6Cv+2UPBbA3u1hSFgJbIsoHRaliRaR5N/NW8Bia2sMw=; b=HHVaWq+p5/oaQFRxbO4kFQ1dv+wVhEDT7WF0JRePnNCSE1+sNXVOd7UOV/SHmS1oQfVDToHhsrI7Lq7F690WL/NJATbURDll1XFyK3Dk5kHABmRhRGoe1fQ0raO6Dj7TYy3mL2YRJ5QPKWXRoOJj38K4nsYhYvljOi2pou985vY= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4218.namprd12.prod.outlook.com (2603:10b6:5:21b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 29 Apr 2021 17:12:28 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Thu, 29 Apr 2021 17:12:28 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Stefan Berger Subject: [PATCH v3 0/5] SEV-ES TPM enablement fixes Date: Thu, 29 Apr 2021 12:12:09 -0500 Message-ID: X-Mailer: git-send-email 2.31.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0701CA0024.namprd07.prod.outlook.com (2603:10b6:803:28::34) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0701CA0024.namprd07.prod.outlook.com (2603:10b6:803:28::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Thu, 29 Apr 2021 17:12:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 78659a8c-f505-44fa-323a-08d90b31f734 X-MS-TrafficTypeDiagnostic: DM6PR12MB4218: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:989; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AfvXOpQv3r4De6SO6GpqyEcBs2XyZN9iuPLcjCSUdkNd1rMz5WMi+lGIX7tUWaqqCmBapFqdDwtfcmG19nLkPeOj0rtvmDDoQYU/R9ilV5QBw1VI7fG7QWv2RE+lcCJZL2Ydy0tR0FBBO9PQxw5p7EmZk4kjPSY669lnnQLM4C18cscjxsjXofIQiE3/dfHP65CnkXeV4xlYh1s/PJalT3mVZ64ynOxLgTqUc9vdhFl83OhZQBCyOqL9owjoVNKPtiS8Epxvhc/3os5NRu1QTdW3HMa042J+cP8hB6n5eilQtOvZf7CxKRMdUH1l9di/3opTFRkjocQmr9y8Fg7bJsks4HnRkr+Rk1fn1jaQX5f5KYs2E7DQU/pD5Hl5k9j5OkoGDi+xTl4CAqfhFXxERPg4/X5bKx3hnVf/MSV5Tnyfu2h8fVX07NPhbLcOQ8P4GARpWD6b83qFzixNdhZl+B1c3wRw6kCMIAp9AiMgzeupsOju7DWY/N60bIyWTxKvBhFqeZKKzjLxBd/aooqzzbFnqHrxIBFK923INHsM3ZdHXw0pd0EyFMQuQh3wlcMvcXh3mpwnYZwKvZHodi5hTRm2G3Xe1BJhVPauk+wF0MbiRGLKhxYFQT0ZwUY8sTSVzbuXwDqurtFW7vkihpYRDJek5/2+zvArOobnLhhdntbgTv/1BHh826fgpDtgaZxl0lVDscqCcuUUbM+OcwmCxmJDnxcwcsMwbhH3qRgDW2o= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(136003)(376002)(366004)(346002)(39860400002)(5660300002)(52116002)(66556008)(478600001)(66476007)(16526019)(54906003)(66946007)(83380400001)(956004)(2906002)(8676002)(8936002)(186003)(6916009)(19627235002)(2616005)(38100700002)(6666004)(966005)(26005)(86362001)(7416002)(7696005)(4326008)(38350700002)(6486002)(36756003)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?8EOWh20n2sq0ZC/b+p8/xkcabJmJtsPTgv9w307NAz3sYl4uh0qIPdA3Qklo?= =?us-ascii?Q?JcGZYcPIacuvWKan/G1TkHYGKaNZvkmLLuzBpoDNyfS0E7+34otpWHVk7J2p?= =?us-ascii?Q?tscfBcn46J9DLWzzUoVYb6HiN4PVoU1FbNxCD9YfxxPFV6h79KFXLMig+qG6?= =?us-ascii?Q?VZYtau3aNiYgb4coLVieIRuN7crc3xQ2obQIRFHWnHEP58D9ziEukw6Pw5Uv?= =?us-ascii?Q?k+aUtW0Ea7GgqnlRj0ZFaB8DwF/YeO1CVniQnd3oFd7RDSXao1pSzUK5+LkG?= =?us-ascii?Q?qusYbY6bTO8X76sk37DkYY/9aC0KU/eEVL/JXMWXhR0X7GvwWuceqRUFQrki?= =?us-ascii?Q?7EW/V66NvopOIbua1e1YRvwNgN8Kv/RycXIFc5zdA/8Cp1EsdYVssYro4Dxu?= =?us-ascii?Q?MXn3jzYNBKPdDjWNKe47CfDsJuZmT8NWO405a8yz4ZyyRkceCXMBgWMtAobE?= =?us-ascii?Q?TgISt+Sg4TurosoTorRvixJsLN3OnlUDSfx/3qiGxQEDWb9HLcdrnygh2f+P?= =?us-ascii?Q?zvLSdxSPFE7Qt0ksxf0AGqDAPIvpC88uNuKxo2UakhrfIZPsKWSVRN64DjUk?= =?us-ascii?Q?Q7qJTNhOqe/B7jceiNHYe+Pu8FE3miTAgHlQtP3E6sm3vtdEtKqS5uUxg1tb?= =?us-ascii?Q?Zp05s3rPVu1tQZW0srK1QYLos5+5+ZsxZpe0G8ut8EFF3gqVCefBYAUuKKkS?= =?us-ascii?Q?fKng4alYaemDYZwWCK8BVX04MmDOtzZ6AybdmzF8sKqT1Hle2E9Y2x0zVQwt?= =?us-ascii?Q?06uCr7clSgK8mLi7QC37f/B4DQYOd6anf1gvLlN/F/XfqWBc3B66HtTxVfNl?= =?us-ascii?Q?dNf9jC1L9AtJCT576P3/NsfgjslMaVboc42aEbo2zuOWW29z8BHfR0zWFzKb?= =?us-ascii?Q?zY5E0N6hTr5kqMP4cMPjXmJzAE0jM2tjSNjWknCtegl7LguERw8xxl2PJwlt?= =?us-ascii?Q?iz19y+yCqj0POe4C209HljqN5M5IhxvzzFVhPYBtcE8G+oFfMLuhVbZuUC8w?= =?us-ascii?Q?82dJEh+db82JwWFnVseKSCXeMbfzA2PRoN/TcF0r6nU+UmvUfXOdpAvnZ6wy?= =?us-ascii?Q?0Z13epS5z5Gwzjinn5zVbisShAblTPclURA5FYfceqPGa1ViN4QE0zrRRS/Y?= =?us-ascii?Q?CsXmGPghuZP53lbztO9uM6FUkfus8PXUJHofvnmSoORSlOYDiqVYpAh6KSro?= =?us-ascii?Q?WXA/KM2SrDbm3urMj4Vkvl7/e8iOdimvwXzVmat9rJaLl8Fr4hV/KsLiVqqJ?= =?us-ascii?Q?xwKFhSI6UmwhQNeQXRjL+R/StRkeg7w7Ld6931gT2VTGZ7X4l2CwY29MntcL?= =?us-ascii?Q?ykbizcTNeN4ISmTv0SfQTn8j?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 78659a8c-f505-44fa-323a-08d90b31f734 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2021 17:12:28.0580 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: sAE+6KxzS2iqk2w87BweY9OfSGOOZ/PLQ1zOCsq3n1qkhlTiF3nKO+ZOtGwU8oH3RKq2XVFLyHo01GWzm2KI2w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4218 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This patch series provides fixes for using TPM support with an SEV-ES guest. The fixes include: - Decode ModRM byte for MOVZX and MOVSX opcodes. - Add MMIO support for MOV opcodes 0xA0-0xA3. - Create a new TPM MMIO ready PPI guid, gOvmfTpmMmioAccessiblePpiGuid - Mark TPM MMIO range as un-encrypted during PEI phase for an SEV-ES guest and install the TPM MMIO ready PPI guid. - Update the Tcg2Config Depex to ensure the new PEIM runs before the Tcg2Config PEIM BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 --- These patches are based on commit: ab957f036f67 ("BaseTools/Source/Python: New Target/ToolChain/Arch in DSC [B= uildOptions]") Changes since: v2: - Update the TPM PEIM to only perform the mapping change when SEV-ES is active (with a comment in the code to explain why). - Update the TPM PEIM file header comment. - Updates to the INF file (INF_VERSION, Packages, LibraryClasses, etc.). - Updates to PEIM file order in DSC and FDF files. - Split out Tcg2Config Depex change to a separate patch. v1: - Create a TPM PEIM that will map the TPM address range as unencrypted and install a new PPI to indicate the mapping change is complete. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Marc-Andr=C3=A9 Lureau Cc: Stefan Berger Tom Lendacky (5): OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64 OvmfPkg/OvmfPkg.dec | 4 + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.fdf | 1 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 2 +- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf | 40 +++++++ OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 120 ++++++++++= +++++++++- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c | 87 ++++++++++= ++++ 13 files changed, 258 insertions(+), 3 deletions(-) create mode 100644 OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.i= nf create mode 100644 OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.= c --=20 2.31.0