From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+114638+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id E2412D80477
	for <rebecca@openfw.io>; Fri, 26 Jan 2024 22:15:00 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=va+3VJ2cTPY3PDtEn7c35hgwKgwxkbqfR7TorNx9FRo=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1706307299; v=1;
 b=EkCjlKZyHOSF+Mjm6RL/L8iFEYbleoiD/TOj0vBrqq8Q/bEpnqKGroojujVZB+XDzI95xqtb
 TU9kvhgxp/Rwycig8CejmJdhsZoLbvL3SHWYEQ9PWBtkYumkF2V4yD6ztqGWjTt89LUhCjCTKKa
 LEXu8BHfNQF6IuwHRPAnjwB0=
X-Received: by 127.0.0.2 with SMTP id tm8gYY7687511xPTCwgwK2cV; Fri, 26 Jan 2024 14:14:59 -0800
X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.68])
 by mx.groups.io with SMTP id smtpd.web10.2889.1706307298960833489
 for <devel@edk2.groups.io>;
 Fri, 26 Jan 2024 14:14:59 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Hz2TLWlVjDX5rkw2coJdHgXOR9V09tBd59ort3CAn77a5bwUYP6WWWc1jBgTy0rS2BxPM3yEnykhvMhjIo9H5mzo3yGwY+dya7gu6hoO1U1rnebt9zul+JRIIPbOku3b6peToQbGiRk6kaCVCmaXX4FXupEfdPad6tgQ3X6U/VNvsvQFt0Fm01waQ9GNryDp9ZaDQvmOBAXqxu3GupzuYPWT9PIQFtZo/NGdMsLRoocSBj032lNZ9XUdysSJIncf6F09bO9FCRxDk9Vs9dG/Y4X8XHE+5KqOCEBpHIzF1lLXcI41q+arqyor8r6zBl1yE7dp69YWImvmvTsjEE0/1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=olX00rkqV64+bdwe74by9x3guj2NaCl9TDuKFNIig+k=;
 b=d3UMdedtDYVvYn1ZvDqnJ162zvYcxZ2NbpH3TVkllTbcE5ad+4/IpT19Rqdd6TIgr+OGV0DExMmrxyC/xd2abo9xUzOq5o8m5sSXdQ8snQvcF9Cjqg+1P+88eZY6JD5GbopEZ8fA9CAjdIP6e39iE0oIVZGagD3f423oItitcCLg7wNU4RWOmwopsJTT6bFC0a/WoRVNjYhxdoB4sTAT/8meL4K1ZyvAdRx/1rq3l0VWBekbKLXVsdAv0MowZKkiPUfSW3KntuwwKMZ9TuIUAxUW8wUpxRt62Cy2/O/jw2ckKT8e6G+Mxc1vtFsnVsdH6VZO3ZxScCe3EwTeTHDH9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none (0)
X-Received: from DM6PR13CA0032.namprd13.prod.outlook.com (2603:10b6:5:bc::45) by
 DM6PR12MB4386.namprd12.prod.outlook.com (2603:10b6:5:28f::21) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7228.27; Fri, 26 Jan 2024 22:14:56 +0000
X-Received: from DS2PEPF00003439.namprd02.prod.outlook.com
 (2603:10b6:5:bc:cafe::da) by DM6PR13CA0032.outlook.office365.com
 (2603:10b6:5:bc::45) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.14 via Frontend
 Transport; Fri, 26 Jan 2024 22:14:56 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:56 +0000
X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by
 SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.34; Fri, 26 Jan 2024 16:14:55 -0600
From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Ard Biesheuvel <ardb+tianocore@kernel.org>, Erdem Aktas
	<erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>, Jiewen Yao
	<jiewen.yao@intel.com>, Laszlo Ersek <lersek@redhat.com>, Liming Gao
	<gaoliming@byosoft.com.cn>, Michael D Kinney <michael.d.kinney@intel.com>,
	Min Xu <min.m.xu@intel.com>, Zhiguang Liu <zhiguang.liu@intel.com>, "Rahul
 Kumar" <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>, Michael Roth
	<michael.roth@amd.com>
Subject: [edk2-devel] [PATCH 12/16] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
Date: Fri, 26 Jan 2024 16:13:11 -0600
Message-ID: <d718094462670faa075a86eb7317d55911d7bcf0.1706307195.git.thomas.lendacky@amd.com>
In-Reply-To: <cover.1706307195.git.thomas.lendacky@amd.com>
References: <cover.1706307195.git.thomas.lendacky@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|DM6PR12MB4386:EE_
X-MS-Office365-Filtering-Correlation-Id: 4aba98c0-2fd1-4fd6-5a3a-08dc1ebc3ac0
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
	NU/xIoOtkAK98NlYN3rFQn9+rFASTnsvkX8xYXL7fZNnZoQjOhz2CvxAsenuIRHZdf7GhLDfSbwnmMtBd7J8EzSCAEp4HtXeyZLudpIJOOrr7BkeUVBWI2Fr6HAapCL0jLyTL79ru+F/HPTEhMJ/0wojPX19ufbKwD8OMz36BvvC9k7SDwPBpdXIyLfbCcIknLjHhTMIa3SqNz5Ive6R0NOoTBlyOkUNA8Ezv7y6DF/OEO5ritv+cUquVIIFNLVrS2fyxBJgv28FYqAYV7oedPqnnV2wm17VtHS08Ms2lmrHhCO35vWxxCaWk+egAAg7MMha4iqIXTtClNoOkYbe20eH5eJP2LJiVaDOFGhhQMMH0OJGkpFVqluPx76zc40mLXGSmXCVnAHbGkAI0VaPQiijg/M/0bfqrr9Q1a51uft/DNZfDEFZpxd7lT1/LefPZzmaruEGt6B6g9qIi72nS8F8xxKisYxvwyEOTU9E2Gbz9EWWu6yyriujGcQOuHIlQZIiC64+inct1t3jdLcxHA5sZA4ZwytWjYkDkJXGIF5PCLMxuKF68StYgdg7h5e+/hdakyBtfDxDV0013x65iBkrAiU2I2yiQmds1o5/QOkk/dXxh12dCahl/35P+TSsMXP/D9D2vZ7/TutqkUSnyu+jCQC+hxEeb66XYkZ/72+jtIXCFE/kLtE21U7Omrv25qjtnQstfbov15+IOkisfMqKzp7HKF5WN09E31zpxdFw36nMIp9hNGAaK9wfuiJoy+Th9jdyyaMRVDp3Y620wQ==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:56.7356
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4aba98c0-2fd1-4fd6-5a3a-08dc1ebc3ac0
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	DS2PEPF00003439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4386
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: 08fwPf0w2UNTNYeqfyGhdRThx7686176AA=
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=EkCjlKZy;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=none;
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}")

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654

If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an SVSM.

After retrieving the APIC IDs, save the address of the APIC ID data
structure in the PcdSevSnpApicIds PCD.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
 OvmfPkg/PlatformPei/AmdSev.c        | 87 ++++++++++++++++++++
 2 files changed, 88 insertions(+)

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat=
formPei.inf
index 6907cc72669e..6379f66b627d 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -116,6 +116,7 @@ [Pcd]
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
   gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
+  gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds
=20
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index af832d3e535e..d8a30b6e1613 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -31,6 +31,85 @@ GetHypervisorFeature (
   VOID
   );
=20
+/**
+  Retrieve APIC IDs from the hypervisor.
+
+**/
+STATIC
+VOID
+AmdSevSnpGetApicIds (
+  VOID
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  GHCB                      *Ghcb;
+  BOOLEAN                   InterruptState;
+  UINT64                    VmgExitStatus;
+  UINT64                    PageCount;
+  BOOLEAN                   PageCountValid;
+  VOID                      *ApicIds;
+  RETURN_STATUS             Status;
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+  Ghcb                    =3D Msr.Ghcb;
+
+  PageCount      =3D 0;
+  PageCountValid =3D FALSE;
+
+  CcExitVmgInit (Ghcb, &InterruptState);
+  Ghcb->SaveArea.Rax =3D PageCount;
+  CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+  VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0);
+  if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) {
+    PageCount      =3D Ghcb->SaveArea.Rax;
+    PageCountValid =3D TRUE;
+  }
+
+  CcExitVmgDone (Ghcb, InterruptState);
+
+  ASSERT (VmgExitStatus =3D=3D 0);
+  ASSERT (PageCountValid);
+  if ((VmgExitStatus !=3D 0) || !PageCountValid) {
+    return;
+  }
+
+  //
+  // Allocate the memory for the APIC IDs
+  //
+  ApicIds =3D AllocateReservedPages ((UINTN)PageCount);
+  ASSERT (ApicIds !=3D NULL);
+
+  Status =3D MemEncryptSevClearPageEncMask (
+             0,
+             (UINTN)ApicIds,
+             (UINTN)PageCount
+             );
+  ASSERT_RETURN_ERROR (Status);
+
+  ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount));
+
+  PageCountValid =3D FALSE;
+
+  CcExitVmgInit (Ghcb, &InterruptState);
+  Ghcb->SaveArea.Rax =3D PageCount;
+  CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+  VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)Api=
cIds, 0);
+  if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax =3D=3D=
 PageCount)) {
+    PageCountValid =3D TRUE;
+  }
+
+  CcExitVmgDone (Ghcb, InterruptState);
+
+  ASSERT (VmgExitStatus =3D=3D 0);
+  ASSERT (PageCountValid);
+  if ((VmgExitStatus !=3D 0) || !PageCountValid) {
+    FreePages (ApicIds, (UINTN)PageCount);
+    return;
+  }
+
+  Status =3D PcdSet64S (PcdSevSnpApicIds, (UINTN)ApicIds);
+}
+
 /**
   Initialize SEV-SNP support if running as an SEV-SNP guest.
=20
@@ -78,6 +157,14 @@ AmdSevSnpInitialize (
       }
     }
   }
+
+  //
+  // Retrieve the APIC IDs if the hypervisor supports it. These will be us=
ed
+  // to always start APs using SNP AP Create.
+  //
+  if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) =3D=3D GHCB_HV_FEATURES=
_APIC_ID_LIST) {
+    AmdSevSnpGetApicIds ();
+  }
 }
=20
 /**
--=20
2.42.0



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114638): https://edk2.groups.io/g/devel/message/114638
Mute This Topic: https://groups.io/mt/103986465/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-