From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2681ED80CA0 for ; Thu, 22 Feb 2024 17:30:21 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=7gQriP4vO0UJNGYDt1M9/01ANxcKpScYnQ2446/p+/g=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1708623020; v=1; b=ai1PHQ4JUO/vugUHibawFNkHB0S5Pp8UJJGrr5a5Ycc+rVvfdEEvTsDDmG6q9BVYkcHenn7g IRu/ED81z6tXaAUSBm6Vwboj0dV4aMu9+rzStJjWRTihtM0uGNC/XxlyQJGW42N2FC3A75mtbDX BVOrcgDT/Uf1w0aDP21qoNg4= X-Received: by 127.0.0.2 with SMTP id wgofYY7687511xaauSKgTWaP; Thu, 22 Feb 2024 09:30:20 -0800 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.67]) by mx.groups.io with SMTP id smtpd.web11.18766.1708623019966054677 for ; Thu, 22 Feb 2024 09:30:20 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LrSI3LRIQLYTGeTCQkW2ewCFtGMWTlqhA6zX4gcAhL6xN4qUUClWw2vLtXoLOS4jM9dkkJfzr8GDQI27DGnC6xJ/G7CT8Q2QsCjq9OUwDOus2tVFAYP6i89IGqA11vkal1H1OlhyvE3n1jf9vckjcMa1cHXBNwY6CSarusEZfQksXkTAE+MPfl29CpY5iKh3Otn6O3WkZ5S6FoSpiKDhvPqGSEyXHpHguHzBUy0ZHbiivHLAdzl+l8ni1Z2Xfc58vO1vby4GKhn7rcEWDSpzaS6U29KBuJ6J8KRT7nEZ7dplHelutnkEjdrAIAGuGNuJspQtu0HAQpRHLBM7qcxrfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2I6p4tXRIDz0Z9lB0e1NxHdyhA7NRav00R9lg1uLwc8=; b=Ew6C+qWCMV41/MsDBzQgaNqW3VKRfmX/GrII5FcO7mhqm1AHkb00412bRKjEhpLlk9FOaaec24SuycAGvnavOETFxEuwjOppRCBjh7Eemzbx10KlhbSeu4e6GoSSJff2hVKnZa/8TKEQwhVVm8G/qA/nA/AwEI/kZnjtYE/Ts1ham2zbpE7HICn2Yp61szhJML+hhyHhjKXypH8cuW+3Dwb2SV74+Rz2xoy3R7u2ncjzxTvpUNPDo3meJKcG/bh3VEMoQAy0anQhQoXZpexDf3ysu8In8DcqqbAsvl/I8t0RmzVofLknL/Lg8nZf68bVnbIn/hzycdN6V8q+u+m93A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BN9PR03CA0210.namprd03.prod.outlook.com (2603:10b6:408:f9::35) by SJ2PR12MB8884.namprd12.prod.outlook.com (2603:10b6:a03:547::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.20; Thu, 22 Feb 2024 17:30:17 +0000 X-Received: from BN3PEPF0000B071.namprd04.prod.outlook.com (2603:10b6:408:f9:cafe::70) by BN9PR03CA0210.outlook.office365.com (2603:10b6:408:f9::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.43 via Frontend Transport; Thu, 22 Feb 2024 17:30:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B071.mail.protection.outlook.com (10.167.243.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:30:16 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 22 Feb 2024 11:30:11 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Date: Thu, 22 Feb 2024 11:29:39 -0600 Message-ID: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B071:EE_|SJ2PR12MB8884:EE_ X-MS-Office365-Filtering-Correlation-Id: 0f60f267-48f5-4689-0980-08dc33cbef72 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: g+cxiPz0EwEOb0aiQ+NEU81MsnAYwy5ltM7Np36aZeYgi1Mg0jjmyRVA4QIyr+8ijIhUwXfRz/t67Ev086Do8PgUhfLXZywY56kGKCU/N+PJNz2RPOHu0PBq3EW5uk1ECVnIUyYahsClksxZIyGgRWse+bjHKNI7GMPA7lq4YFwRox5B4RKPp20/a1x3ZOwHZK/M8E2OmPxQDyJ62Dwvo40uWfM2dl1MY9r+jFjYh0vOhUnYgfS5vnbDg93YEwLXfe4Q1+dsUntPa9sN3R89DUv+l8tvVNI6GS4X9SUCpAoFw/5L5WssoRRxi3m0kNZrvOjonWSrFktAoX5eFSME5pH+nnVYKOoWEqIG+ftwcpjOd/Sisy9Z3tTKsdtAVsJk2VJ9aquxbRW7eVzbB7fuNRYRlL4Q6qxzwdGonGh7rcPqwStloM59XqpzHFYp2WT2e14X5sWz3BDNPiiHkTAj8uPxyKQsRxA5Rl0Uv2aeIO4pTVrkXd8ZdAna35yfdYJM5CjijoaeVBOwPiQgXiN4cw72JZVuZatZe6W5uVc2C8FApWCCkgXvwctW6s9kduvP+uYoLbbY2waBdx3qcGsdPyYMR/yFMDgbHRzvcArKbfSstZCniw4tljmCSqLeYbBwRb2Atdg/0a7oZEF8oCIUkA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:30:16.7904 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0f60f267-48f5-4689-0980-08dc33cbef72 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B071.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8884 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: e4EDf31MuqDPM0gTX6L8fsscx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ai1PHQ4J; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=pass (policy=none) header.from=groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 This series adds SEV-SNP support for running OVMF under an Secure VM Service Module (SVSM) at a less privileged VM Privilege Level (VMPL). By running at a less priviledged VMPL, the SVSM can be used to provide services, e.g. a virtual TPM, for the guest OS within the SEV-SNP confidential VM (CVM) rather than trust such services from the hypervisor. Currently, OVMF expects to run at the highest VMPL, VMPL0, and there are certain SNP related operations that require that VMPL level. Specifically, the PVALIDATE instruction and the RMPADJUST instruction when setting the the VMSA attribute of a page (used when starting APs). If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must use an SVSM (which is running at VMPL0) to perform the operations that it is no longer able to perform. When running under an SVSM, OVMF must know the APIC IDs of the vCPUs that it will be starting. As a result, the GHCB APIC ID retrieval action must be performed. Since this service can also work with SEV-SNP running at VMPL0, the patches to make use of this feature are near the beginning of the series. How OVMF interacts with and uses the SVSM is documented in the SVSM specification [1] and the GHCB specification [2]. This support creates a new CcSvsmLib library that is used by MpInitLib. This requires an update to the edk2-platform DSC files to add the new library. The edk2-platform change would be needed after patch 12, but before patch 15. This series introduces support to run OVMF under an SVSM. It consists of: - Retrieving the list of vCPU APIC IDs and starting up all APs without performing a broadcast SIPI - Reorganizing the page state change support to not directly use the GHCB buffer since an SVSM will use the calling area buffer, instead - Detecting the presence of an SVSM - When not running at VMPL0, invoking the SVSM for page validation and VMSA page creation/deletion - Detecting and allowing OVMF to run in a VMPL other than 0 when an SVSM is present The series is based off of commit: 2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first before loc= k cmpxchg") [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/sp= ecifications/58019.pdf [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/sp= ecifications/56421.pdf --- Changes in v2: - Move the APIC IDs retrieval support to the beginning of the patch series - Use a GUIDed HOB to hold the APIC ID list instead of a PCD - Split up Page State Change reorganization into multiple patches - Created CcSvsmLib library instead of extending CcExitLib - This will require a corresponding update to edk2-platform DSC files - Removed Ray Ni's Acked-by since it is not a minor change - Variable name changes and other misc changes Tom Lendacky (23): OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() MdePkg: GHCB APIC ID retrieval support definitions OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change MdePkg: Avoid hardcoded value for number of Page State Change entries OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency MdePkg/Register/Amd: Define the SVSM related information MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate pages OvmfPkg: Create a calling area used to communicate with the SVSM OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls UefiCpuPkg/MpInitLib: AP creation support under an SVSM Ovmfpkg/CcExitLib: Provide SVSM discovery support OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 MdePkg/MdePkg.dec | = 5 +- OvmfPkg/OvmfPkg.dec | = 4 + UefiCpuPkg/UefiCpuPkg.dec | = 5 +- OvmfPkg/AmdSev/AmdSevX64.dsc | = 1 + OvmfPkg/Bhyve/BhyveX64.dsc | = 1 + OvmfPkg/CloudHv/CloudHvX64.dsc | = 1 + OvmfPkg/IntelTdx/IntelTdxX64.dsc | = 1 + OvmfPkg/Microvm/MicrovmX64.dsc | = 1 + OvmfPkg/OvmfPkgIa32.dsc | = 1 + OvmfPkg/OvmfPkgIa32X64.dsc | = 3 +- OvmfPkg/OvmfPkgX64.dsc | = 1 + OvmfPkg/OvmfXen.dsc | = 1 + UefiCpuPkg/UefiCpuPkg.dsc | = 4 +- UefiPayloadPkg/UefiPayloadPkg.dsc | = 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | = 9 +- OvmfPkg/OvmfPkgX64.fdf | = 3 + MdePkg/Library/BaseLib/BaseLib.inf | = 2 + OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | = 3 +- OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | = 3 +- OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | = 3 +- OvmfPkg/Library/CcExitLib/CcExitLib.inf | = 3 +- OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | = 3 +- OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf | 3= 8 ++ OvmfPkg/PlatformPei/PlatformPei.inf | = 3 + OvmfPkg/ResetVector/ResetVector.inf | = 2 + UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf | 2= 7 ++ UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | = 2 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | = 2 + MdePkg/Include/Library/BaseLib.h | 3= 9 ++ MdePkg/Include/Register/Amd/Fam17Msr.h | 1= 9 +- MdePkg/Include/Register/Amd/Ghcb.h | 2= 3 +- MdePkg/Include/Register/Amd/Msr.h | = 3 +- MdePkg/Include/Register/Amd/Svsm.h | 10= 1 ++++ MdePkg/Include/Register/Amd/SvsmMsr.h | 3= 5 ++ OvmfPkg/Include/WorkArea.h | = 9 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | = 6 +- UefiCpuPkg/Include/Library/CcSvsmLib.h | 10= 1 ++++ UefiCpuPkg/Library/MpInitLib/MpLib.h | 2= 9 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 1= 1 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 2= 7 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 2= 2 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 3= 1 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 20= 6 ++++---- OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 2= 9 +- OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c | 50= 0 ++++++++++++++++++++ OvmfPkg/PlatformPei/AmdSev.c | 10= 2 +++- UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c | 10= 8 +++++ UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 2= 1 +- UefiCpuPkg/Library/MpInitLib/MpLib.c | = 9 +- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 13= 4 ++++-- MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 3= 9 ++ MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 9= 4 ++++ OvmfPkg/ResetVector/ResetVector.nasmb | = 6 +- OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 1= 1 +- UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni | 1= 3 + 55 files changed, 1628 insertions(+), 233 deletions(-) create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf create mode 100644 MdePkg/Include/Register/Amd/Svsm.h create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115835): https://edk2.groups.io/g/devel/message/115835 Mute This Topic: https://groups.io/mt/104512925/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-