From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id E2412D80477 for ; Fri, 26 Jan 2024 22:15:00 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=va+3VJ2cTPY3PDtEn7c35hgwKgwxkbqfR7TorNx9FRo=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307299; v=1; b=EkCjlKZyHOSF+Mjm6RL/L8iFEYbleoiD/TOj0vBrqq8Q/bEpnqKGroojujVZB+XDzI95xqtb TU9kvhgxp/Rwycig8CejmJdhsZoLbvL3SHWYEQ9PWBtkYumkF2V4yD6ztqGWjTt89LUhCjCTKKa LEXu8BHfNQF6IuwHRPAnjwB0= X-Received: by 127.0.0.2 with SMTP id tm8gYY7687511xPTCwgwK2cV; Fri, 26 Jan 2024 14:14:59 -0800 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.68]) by mx.groups.io with SMTP id smtpd.web10.2889.1706307298960833489 for ; Fri, 26 Jan 2024 14:14:59 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hz2TLWlVjDX5rkw2coJdHgXOR9V09tBd59ort3CAn77a5bwUYP6WWWc1jBgTy0rS2BxPM3yEnykhvMhjIo9H5mzo3yGwY+dya7gu6hoO1U1rnebt9zul+JRIIPbOku3b6peToQbGiRk6kaCVCmaXX4FXupEfdPad6tgQ3X6U/VNvsvQFt0Fm01waQ9GNryDp9ZaDQvmOBAXqxu3GupzuYPWT9PIQFtZo/NGdMsLRoocSBj032lNZ9XUdysSJIncf6F09bO9FCRxDk9Vs9dG/Y4X8XHE+5KqOCEBpHIzF1lLXcI41q+arqyor8r6zBl1yE7dp69YWImvmvTsjEE0/1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=olX00rkqV64+bdwe74by9x3guj2NaCl9TDuKFNIig+k=; b=d3UMdedtDYVvYn1ZvDqnJ162zvYcxZ2NbpH3TVkllTbcE5ad+4/IpT19Rqdd6TIgr+OGV0DExMmrxyC/xd2abo9xUzOq5o8m5sSXdQ8snQvcF9Cjqg+1P+88eZY6JD5GbopEZ8fA9CAjdIP6e39iE0oIVZGagD3f423oItitcCLg7wNU4RWOmwopsJTT6bFC0a/WoRVNjYhxdoB4sTAT/8meL4K1ZyvAdRx/1rq3l0VWBekbKLXVsdAv0MowZKkiPUfSW3KntuwwKMZ9TuIUAxUW8wUpxRt62Cy2/O/jw2ckKT8e6G+Mxc1vtFsnVsdH6VZO3ZxScCe3EwTeTHDH9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DM6PR13CA0032.namprd13.prod.outlook.com (2603:10b6:5:bc::45) by DM6PR12MB4386.namprd12.prod.outlook.com (2603:10b6:5:28f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:14:56 +0000 X-Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:5:bc:cafe::da) by DM6PR13CA0032.outlook.office365.com (2603:10b6:5:bc::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.14 via Frontend Transport; Fri, 26 Jan 2024 22:14:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:56 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:55 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 12/16] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Date: Fri, 26 Jan 2024 16:13:11 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|DM6PR12MB4386:EE_ X-MS-Office365-Filtering-Correlation-Id: 4aba98c0-2fd1-4fd6-5a3a-08dc1ebc3ac0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: NU/xIoOtkAK98NlYN3rFQn9+rFASTnsvkX8xYXL7fZNnZoQjOhz2CvxAsenuIRHZdf7GhLDfSbwnmMtBd7J8EzSCAEp4HtXeyZLudpIJOOrr7BkeUVBWI2Fr6HAapCL0jLyTL79ru+F/HPTEhMJ/0wojPX19ufbKwD8OMz36BvvC9k7SDwPBpdXIyLfbCcIknLjHhTMIa3SqNz5Ive6R0NOoTBlyOkUNA8Ezv7y6DF/OEO5ritv+cUquVIIFNLVrS2fyxBJgv28FYqAYV7oedPqnnV2wm17VtHS08Ms2lmrHhCO35vWxxCaWk+egAAg7MMha4iqIXTtClNoOkYbe20eH5eJP2LJiVaDOFGhhQMMH0OJGkpFVqluPx76zc40mLXGSmXCVnAHbGkAI0VaPQiijg/M/0bfqrr9Q1a51uft/DNZfDEFZpxd7lT1/LefPZzmaruEGt6B6g9qIi72nS8F8xxKisYxvwyEOTU9E2Gbz9EWWu6yyriujGcQOuHIlQZIiC64+inct1t3jdLcxHA5sZA4ZwytWjYkDkJXGIF5PCLMxuKF68StYgdg7h5e+/hdakyBtfDxDV0013x65iBkrAiU2I2yiQmds1o5/QOkk/dXxh12dCahl/35P+TSsMXP/D9D2vZ7/TutqkUSnyu+jCQC+hxEeb66XYkZ/72+jtIXCFE/kLtE21U7Omrv25qjtnQstfbov15+IOkisfMqKzp7HKF5WN09E31zpxdFw36nMIp9hNGAaK9wfuiJoy+Th9jdyyaMRVDp3Y620wQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:56.7356 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4aba98c0-2fd1-4fd6-5a3a-08dc1ebc3ac0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4386 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 08fwPf0w2UNTNYeqfyGhdRThx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=EkCjlKZy; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=none; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve them before any APs are actually started. The APIC IDs can be used to start the APs for any SEV-SNP guest, but is a requirement for an SEV-SNP guest that is running under an SVSM. After retrieving the APIC IDs, save the address of the APIC ID data structure in the PcdSevSnpApicIds PCD. Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 87 ++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 6907cc72669e..6379f66b627d 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -116,6 +116,7 @@ [Pcd] gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds =20 [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index af832d3e535e..d8a30b6e1613 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -31,6 +31,85 @@ GetHypervisorFeature ( VOID ); =20 +/** + Retrieve APIC IDs from the hypervisor. + +**/ +STATIC +VOID +AmdSevSnpGetApicIds ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 VmgExitStatus; + UINT64 PageCount; + BOOLEAN PageCountValid; + VOID *ApicIds; + RETURN_STATUS Status; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + PageCount =3D 0; + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) { + PageCount =3D Ghcb->SaveArea.Rax; + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + return; + } + + // + // Allocate the memory for the APIC IDs + // + ApicIds =3D AllocateReservedPages ((UINTN)PageCount); + ASSERT (ApicIds !=3D NULL); + + Status =3D MemEncryptSevClearPageEncMask ( + 0, + (UINTN)ApicIds, + (UINTN)PageCount + ); + ASSERT_RETURN_ERROR (Status); + + ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount)); + + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)Api= cIds, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax =3D=3D= PageCount)) { + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + FreePages (ApicIds, (UINTN)PageCount); + return; + } + + Status =3D PcdSet64S (PcdSevSnpApicIds, (UINTN)ApicIds); +} + /** Initialize SEV-SNP support if running as an SEV-SNP guest. =20 @@ -78,6 +157,14 @@ AmdSevSnpInitialize ( } } } + + // + // Retrieve the APIC IDs if the hypervisor supports it. These will be us= ed + // to always start APs using SNP AP Create. + // + if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) =3D=3D GHCB_HV_FEATURES= _APIC_ID_LIST) { + AmdSevSnpGetApicIds (); + } } =20 /** --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114638): https://edk2.groups.io/g/devel/message/114638 Mute This Topic: https://groups.io/mt/103986465/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-