From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.54]) by mx.groups.io with SMTP id smtpd.web09.28058.1653314277045923450 for ; Mon, 23 May 2022 06:57:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=A57Asn6I; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.54, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X2X196NzQOc6XK/3bTguU5P0+Eg7LgyxyZbtylMFZeFEpoaw8x4rfZALDTqbgW0HVRaTKno1cw2I/MARHAzGACnFAIGqy3N6IuxGju4uUchy1d7P5MwMFFSIDubIOSHkD663pVeBGAOQk7aXm7csSl+s/UN5N4J9lP0GzFS31G9zSSQO+muZmSW3fUbEZmFYJlgqY9eGSFutCL4b8BfMZjfLK5Wx9n3+n9k9g7K8uUGN/MA8CIhYDS/zq9Da9h/qHPctfPhIvHXFgoejG3goiEObebtVZU5uCI6CPMADyl0vwTy80DlJrMG61HfxkWo81dlpBihlIFi1GNWC2z4UTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D6Q53RYjgPQFCTfq5QHFByyFLErJuzDVuOnaE3KS43g=; b=aw0ui4CAwCfmS+nebY0JqG3Tm49XnEWzLXgZXS9AxTR5arGTsP7cdtKNV1EEpz7n1JhenWLpXyrKEdul6+LHuaq2P+ln03fzq/Igfj9fUjmGWIVV1qpiPBAZDWw2ZKGg70LWaJS5fpOAkDYNeKRej1LxBe4aTVWuw+iSzXiz+hfnq0FBn8QaAqVXa+PshpSM1moNb3DHxb+iDbhj2dFcv+k7GVBtZVy9oTOvKXV3r1uiJ7zhTmu7Krd1W7CBvGt/O/3FV5KynmrCHiMxDWlrjpbzQlFOPdYICNCs+WZ9tNurrX1wx2kagTjqrxpO8qQtzISL9B9FobDEZ18gAaZsFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D6Q53RYjgPQFCTfq5QHFByyFLErJuzDVuOnaE3KS43g=; b=A57Asn6Iy2f2z7NSwcRyL0y8hskhmv0V4W7nzR3etdDxhwvmnqOmNbzujny5JOO5sZpLCX5PbLYW0bL3cfZTqtbpBMz6VhL3qVNabNhy/Cj99N6K6NwoVdJPul5oMe+VPBAJUWquxP38JX3Xx7jigDn+uNOLfgugy7l4C69wXWc= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by BL0PR12MB2420.namprd12.prod.outlook.com (2603:10b6:207:4c::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.14; Mon, 23 May 2022 13:57:54 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::db8:5b23:acf0:6f9a]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::db8:5b23:acf0:6f9a%4]) with mapi id 15.20.5273.019; Mon, 23 May 2022 13:57:54 +0000 Message-ID: Date: Mon, 23 May 2022 08:57:52 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH v3 4/4] UefiCpuPkg: Store SEV-SNP AP jump table in the secrets page To: Michael Roth , devel@edk2.groups.io Cc: "Ni, Ray" References: <20220520152730.7924-1-michael.roth@amd.com> <20220520152730.7924-5-michael.roth@amd.com> From: "Lendacky, Thomas" In-Reply-To: <20220520152730.7924-5-michael.roth@amd.com> X-ClientProxiedBy: SN4PR0401CA0029.namprd04.prod.outlook.com (2603:10b6:803:2a::15) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d7003735-0692-4da6-5b90-08da3cc43bac X-MS-TrafficTypeDiagnostic: BL0PR12MB2420:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7vj08V9CHt+bHz3kE6dyeipgy+Cn/XpEwiuIY4uMWrs62Vo1uhTL47mJYWMPorJwL/lULxNXKVNFx0ZxziAriseb1ajc7ZQERV4ewGLN25ZmOHlwC/TnH1e5Iy7yfbJ66zwOyblqfsc+CmwbDPwzt3dv/FA22iD4T9/2g5vdYAp1RAdB3tx2H6sSryqNNMdtKvkM1lTRH9GWf8Zd4+GmjUYr9z2dPmP7u2Yr8XQHNvpngU3Ht2K+LVHB0zaEIeCX9JaRpz2FQSB9IEHg5JX7bWlt6sosQ4VGmGdUnW+pMfzugJ1C/nlOEOvTO7fIsfF5e/2oiHyW7jo3Kw25YVsCiBq5bFf4SaCVKm6usI+LpATbqFPLLTx61i/iCum3T8ye2PmB0mMHPAAw3bfHoRYjPYCiS1BfGSsghvDFpRzb6JNq9Rpp82zgdxEmpAT0SbZHhAgDIUfHtJ+QGIMCTK/9FS9NypgZlAKaWhO/fYwBQJdOp/ZERLtQqrkqV9SGLb7zWDJ2HRpf/gyvcWYXggxOciH/rQT0zQcdJ83EOfmY7mRj+x1xUhodL7Eg6xpzVyaVvk9zNsGXygVnmRBXfGULuAJC6AkAyYNRw2jkRyIOVfarqKrtHw1EZi1r2Nsk+0d8Ze3+K7jXrqE+H6cLvvudrgnxy2TZauwBPBGGteokTrOUyFFB8GSxekyZh22YCy5c3UXxxNxxp6/KOiyR2gpwlv8Jsdt7iCfXQCCbHW0EpFQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(36756003)(31686004)(508600001)(6486002)(38100700002)(316002)(2616005)(83380400001)(26005)(2906002)(4326008)(8676002)(6506007)(66556008)(66476007)(66946007)(6512007)(53546011)(8936002)(86362001)(5660300002)(31696002)(186003)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?UVo2TGt0bEZlTWpDWTY0ZTNZTnNXeHl5ZExTZVVLTjE5RVBWbEdCZDJ2VmhN?= =?utf-8?B?ZS9hcUs2TnFsbFhjRWNET0MxTnFBdzFPangyRnJub0hMcjQ2MStDM2FUMkZQ?= =?utf-8?B?MG5KYVUxU2ljSjlXdlA5MDN4NUhodXMzNTNqRC8zZktoSml2NFRrb0hsSXp5?= =?utf-8?B?UlRsbFlRR1R5V3BUZ2JjMFJtY1c2RWRLYnhES3hiblNMK0txdDZ1RzFPTzZW?= =?utf-8?B?Njg1ZkQvQXU3TDBKZUNZMzBEWkJqK3ViSHB5Ri9DSHgySlcrdFZsMFgrMXBG?= =?utf-8?B?UG5Dc09lNGpNdDhtMEd6V1BFYUxEaGJubHk4d2VDNUtWeGkzVXN0TmVIMTlv?= =?utf-8?B?aTY5SjNqcTFMRHBFNUxpNnRXUzJ6NTZIeXdrZGpuTUZhamYrcW5zc3BMQXBu?= =?utf-8?B?M2YwOEIraGlDdVhnNTk1T01lYVVmeE1DSFNVV1QrMCtMallpNlJuUUplZ2U1?= =?utf-8?B?VjNOWHh3Uy80TGN6aERPa0RXcVluUllGcU0yakhNYkozeTlCNE00Nlo0NHVi?= =?utf-8?B?MlFCK1d5WGFBZzFiTEhvblJHeWlkanVqeU45elpaeFVxa3g2M2JRMWZYazRY?= =?utf-8?B?UUdNSkJ5T2JSM3JqaU8vMFJHM29udzk0bFFGRkV4T28wUGNFc09aNy9EMHRS?= =?utf-8?B?RWxKWGNJN3F5aEdrZHZmU2lYVDB5QmliUXJjbVdPVDFka3BUL0hYWWNqNDVS?= =?utf-8?B?dk1uckN3dUozaitEQUs3TXVtM0RGUGE5eC93cmowREg0MnAvSXl0d2lBYkZF?= =?utf-8?B?aVlPU2dFclRVa2FzMXFqaC9McGxRYk5LbmR2Z1RUdDlCM2IyWDhpZnhsL3pE?= =?utf-8?B?UmNJNUNKWE1uaHFaQmRoQTZ2OHJCN3Z0dVlnTHJBUUJabGF0RU1Dd204RUcv?= =?utf-8?B?dGxhNGZDUWNuK2czeC9CYXRidDlteGVmcFBLNFZyWThBQkJkV2JKRW4zNDUv?= =?utf-8?B?TmxxRFl5YkppN2lHRFNIbmFCNFJTTU1FcmhPNzlVRm5ZRjZ0NDJCUmU2cjIy?= =?utf-8?B?N0IzUDV6N1dSMmN6dzY5LzVKRGVJTjdkSEJTUW1kaFBBTXc3Z3hka0dkNmhL?= =?utf-8?B?cEh3STlISTF6eFNLdGpFNVhaQzRDZ0dub2lpdHZmRlAzMjNLTG9TTWtKb1hy?= =?utf-8?B?TytobTFlZ01Dd2FhNWhkT2V0aU0yWWpCTXNoZFpTMThTRi9xTkVwZkNHNE9i?= =?utf-8?B?T0Y1Yi9LYUo2SmkwdXpzekJxaXhCK2xraTl2UTc5UFdZdU5MMi81ckNBS3Bl?= =?utf-8?B?YmNjNkR3NzkvL2gvV0Q1d2RvK2tWaG1ZS2l4dUpMb3hWMTVOK0I1K2xzUC9j?= =?utf-8?B?WkduVmFVanZWOVhpckRJL0RxNGNOYVhQTncreEp2Y2tKWlJHM21BckcrK2dB?= =?utf-8?B?Zk5VTytuVDZiMjZpU3lORklqNC9KakxvTktickMyN0J5WTQvK0dxTFMvTElH?= =?utf-8?B?RWRYTFFjZU1VaDFFdmF5dTBGTnBDZVdCVVVVQ2VSMXMyYXhadmJZc0JHdFZG?= =?utf-8?B?VHBzWmNEenF3KzczS3RsUTlxVjVDYlNPeFExOHZGQkJkNzVpdjRNb0JuN0lR?= =?utf-8?B?Vml6cytYQzlFREpyN3JVZmlXYXE0TmtVVGZveTFmalVuazhjVHBwOGNob04w?= =?utf-8?B?bXB0SllidnNHazJueHpKbmFtYWdIdmlFYVdocWxyR2JOVVdUVEdxMWVlUlg4?= =?utf-8?B?VkxPRmFNWDZ2M2FSamxjV082M0o4OWpEOW15eUJlY1N4Vmc4bGZMNUl6RkZL?= =?utf-8?B?WlVoRVZ0U25JL2k0T2o3V1cweXMwdnRsRzFwY1ZzSVpNME05ZWlEVzZQUjdN?= =?utf-8?B?cFBUeHFnREpLYUtBRXF4NlBkWnpnVlJ3UmVZcmNxbFZVeUFLNFU0RytvNkk5?= =?utf-8?B?RDR3NllmcDY5N2hTMzJTOTEyTG56bXBSeDFxZDdndExJZDgzeXE1SUh3bU8z?= =?utf-8?B?S3BabGZzRHpCZkZiMWxSTUxxN3VuV25CRUxoQlBNK1NhL3M3bHFabEE1NlUy?= =?utf-8?B?UTY2Vkt0S0xxeTZQYkxmS0RVZUozUlRDbUova1d5TWFiZjArbUtrWHI3bU4x?= =?utf-8?B?d2RjWmh5eEpDYWFyRjdwVndkWWFHL0IzbkQ4NnlSYW1yUFE2c0VqVHFZS3Nm?= =?utf-8?B?alBhWnhvaDMwbS9TZmxrZmh0QVErZmhCZU5aMkNhdjY1azdabmYvWmJ3SytR?= =?utf-8?B?b1JmVG1yWSt3WGw0ZFA1WFMrSUc5enI1TllpUnhjZ295a2VxY0hGQjJmL2M3?= =?utf-8?B?WFM2azVYUWlMNHJoNzNyL2ZTUlYrNFllT0ZsdVZKUGpEaEgvTWpTVEIxSzcv?= =?utf-8?B?YmlUVXpNYmppbFBQMkpnYVFLYytmVkNNVHdvNmhORThiSEtoZi85Zz09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d7003735-0692-4da6-5b90-08da3cc43bac X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2022 13:57:54.1722 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CCK9fjqJ6nJuAZb1JaQlHavexmCIibLUsBpBf7apLCxKD8Cu9RaaO3U1e9MtJXaTX7V5T2a3sIhZXm2b1hDftw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2420 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 5/20/22 10:27, Michael Roth wrote: > A full-featured SEV-SNP guest will not rely on the AP jump table, and > will instead use the AP Creation interface defined by the GHCB. However, > a guest is still allowed to use the AP jump table if desired. > > However, unlike with SEV-ES guests, SEV-SNP guests should not > store/retrieve the jump table address via GHCB requests to the > hypervisor, they should instead store/retrieve it via the SEV-SNP > secrets page. Implement the store side of this for OVMF. > > Suggested-by: Tom Lendacky > Signed-off-by: Michael Roth > --- > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 10 ++++++++++ > 2 files changed, 11 insertions(+) > > diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > index e1cd0b3500..d8cfddcd82 100644 > --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > @@ -80,3 +80,4 @@ > gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES > gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES > + gEfiMdePkgTokenSpaceGuid.PcdSevSnpSecretsAddress ## CONSUMES > diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c > index 60d14a5a0e..4d6f7643db 100644 > --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c > +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c > @@ -15,6 +15,7 @@ > #include > #include > #include > +#include > > #include > > @@ -216,6 +217,15 @@ GetSevEsAPMemory ( > > DEBUG ((DEBUG_INFO, "Dxe: SevEsAPMemory = %lx\n", (UINTN)StartAddress)); > > + if (ConfidentialComputingGuestHas (CCAttrAmdSevSnp)) { > + SNP_SECRETS_PAGE *Secrets; > + > + Secrets = (SNP_SECRETS_PAGE *)(INTN)PcdGet64 (PcdSevSnpSecretsAddress); > + Secrets->OsArea.ApJumpTablePa = (UINT64)(UINTN)StartAddress; > + > + return (UINTN)StartAddress; > + } > + Just a nit, but I probably would have still put this under the comment below, because you are still saving the SevEsAPMemory as the AP jump table. It might look cleaner with the non-SNP path as the else and have the single return. Probably not worth another version, but up to you. Thanks, Tom > // > // Save the SevEsAPMemory as the AP jump table. > //