From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.groups.io with SMTP id smtpd.web10.2985.1607395496344659988 for ; Mon, 07 Dec 2020 18:44:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PDR7E3wl; spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607395495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=liEjzqSDSqqXmNaSIOil6Qs4Qof+RwZ+//CZ9z66nxQ=; b=PDR7E3wl4tnn3ZFjrzLN0OS17oTOBoOHQvbzZJwtm52vDqQXR9L1HVNtQdt2g0beeQG+9n lARdidqbLOUVQSV523c5fVribIRj+luMNdR2VoM/Ojph6dERwHzjn58e89FmPZGZKrlemI YtRLdWEPiAMkyZClr83RgFdic1NfDIU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-404-jSMJ4TNoMKSu-m-F9K3Rxw-1; Mon, 07 Dec 2020 21:44:51 -0500 X-MC-Unique: jSMJ4TNoMKSu-m-F9K3Rxw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C30AA1005504; Tue, 8 Dec 2020 02:44:49 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-30.ams2.redhat.com [10.36.112.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id F1F295C1A1; Tue, 8 Dec 2020 02:44:46 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v3 0/3] SEV Page Encryption Bitmap support for OVMF. To: devel@edk2.groups.io, ashish.kalra@amd.com Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com References: <6f1ebc14-879d-53fd-74f9-0085d869f090@redhat.com> <20201204081009.GA767@ashkalra_ubuntu_server> From: "Laszlo Ersek" Message-ID: Date: Tue, 8 Dec 2020 03:44:45 +0100 MIME-Version: 1.0 In-Reply-To: <20201204081009.GA767@ashkalra_ubuntu_server> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 12/04/20 09:10, Ashish Kalra wrote: > On Fri, Dec 04, 2020 at 04:50:05AM +0100, Laszlo Ersek wrote: >> On 12/04/20 01:03, Ashish Kalra wrote: >>> From: Ashish Kalra >>> >>> By default all the SEV guest memory regions are considered encrypted, >>> if a guest changes the encryption attribute of the page (e.g mark a >>> page as decrypted) then notify hypervisor. Hypervisor will need to >>> track the unencrypted pages. The information will be used during >>> guest live migration, guest page migration and guest debugging. >>> >>> The patch-set also adds a new SEV and SEV-ES hypercall abstraction >>> library to support SEV Page encryption/decryption status hypercalls >>> for SEV and SEV-ES guests. >>> >>> BaseMemEncryptSevLib invokes hypercalls via this new hypercall library. >>> >>> A branch containing these patches is available here: >>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fashkalra%2Fedk2%2Ftree%2Fsev_page_encryption_bitmap_v3&data=04%7C01%7Cashish.kalra%40amd.com%7Cbc3c88f21f1d40b322b408d89807b5c8%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637426506192800828%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VZzP2MVJSECgMhOyuCCASw58g74BiCVAH9JW8hZG3Tw%3D&reserved=0 >>> >>> Changes since v2: >>> - GHCB_BASE setup during reset-vector as decrypted is marked explicitly >>> in the hypervisor page encryption bitmap after setting the >>> PcdSevEsIsEnabled PCD. >>> >>> Changes since v1: >>> - Mark GHCB_BASE setup during reset-vector as decrypted explicitly in >>> the hypervisor page encryption bitmap. >>> - Resending the series with correct shallow threading. >>> >>> Ashish Kalra (2): >>> OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. >>> OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap. >>> >>> Brijesh Singh (1): >>> OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall >>> >>> .../Include/Library/MemEncryptHypercallLib.h | 37 ++++++ >>> .../BaseMemEncryptSevLib.inf | 1 + >>> .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 +++ >>> .../MemEncryptHypercallLib.c | 105 ++++++++++++++++++ >>> .../MemEncryptHypercallLib.inf | 39 +++++++ >>> .../X64/AsmHelperStub.nasm | 39 +++++++ >>> OvmfPkg/OvmfPkgX64.dsc | 1 + >>> OvmfPkg/PlatformPei/AmdSev.c | 10 ++ >>> 8 files changed, 250 insertions(+) >>> create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h >>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c >>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf >>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm >>> >> >> I'll need some time to get to this series. >> >> I'm fairly certain though, from a quick skim, that this series breaks >> all DSC files under OvmfPkg except X64. Please fix that. >> >> > > Ok thanks Laszlo, i will fix this. Thanks. I can see a new comment for the series from Dov Murik, and I think that's awesome. I'd welcome if there were lively exchanges around OVMF patch sets. I'm selfish of course: I'd like to delegate reviews. So, on this patch set, I notice it does not add the new (MemEncryptHypercallLib-related) files to Maintainers.txt, namely section "OvmfPkg: SEV-related modules". Please include such a patch in v4 -- if Tom and Brijesh agree, I'd like to put the new lib explicitly under their reviewership. Also, I plan to review this series (v4, at this point) only for formalities. I'd like to receive an R-b from Tom or Brijesh [*], and another from Dov or a colleague at IBM, for this series; those together should suffice for merging the library. [*] Brijesh seems to be the original author of patch#2, so maybe Tom is a better-poised reviewer for this. Thanks Laszlo