From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: qi zhou <atmgnd@outlook.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "brijesh.singh@amd.com" <brijesh.singh@amd.com>,
"erdemaktas@google.com" <erdemaktas@google.com>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"jiewen.yao@intel.com" <jiewen.yao@intel.com>,
"min.m.xu@intel.com" <min.m.xu@intel.com>
Subject: Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase
Date: Mon, 29 Nov 2021 13:04:36 -0600 [thread overview]
Message-ID: <daa9613e-c4d9-42d6-65c9-9a6b35aee91f@amd.com> (raw)
In-Reply-To: <SYZP282MB32522731273150B71736A880C9629@SYZP282MB3252.AUSP282.PROD.OUTLOOK.COM>
On 11/25/21 7:12 AM, qi zhou wrote:
> From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001
> From: Qi Zhou <atmgnd@outlook.com>
> Date: Thu, 25 Nov 2021 20:25:55 +0800
> Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during
> PEI phase
>
> Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by
> os(Windows etc), and will not restored on reboot, the
> SevEsWorkArea->EncryptionMask may have a random value after reboot. then it
> may casue fail on reboot. The msr bits already cached by mSevStatusChecked,
> there is no need to try cache again in PEI phase.
>
> Signed-off-by: Qi Zhou <atmgnd@outlook.com>
> ---
> .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------
> 1 file changed, 19 insertions(+), 36 deletions(-)
>
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> index e2fd109d12..0819f50669 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus (
> UINT32 RegEax;
> MSR_SEV_STATUS_REGISTER Msr;
> CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
> - BOOLEAN ReadSevMsr;
> - SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
>
> - ReadSevMsr = FALSE;
> -
> - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
> - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
> - //
> - // The MSR has been read before, so it is safe to read it again and avoid
> - // having to validate the CPUID information.
> + //
> + // Check if memory encryption leaf exist
> + //
> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
> + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
This now defeats the purpose of the workarea the already validated CPUID
information. This CPUID information will now require validating.
Wouldn't the best thing be to clear the workarea in the early boot code?
Thanks,
Tom
> //
> - ReadSevMsr = TRUE;
> - } else {
> + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
> //
> - // Check if memory encryption leaf exist
> - //
> - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
> - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
> +
> + if (Eax.Bits.SevBit) {
> //
> - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
> + // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
> //
> - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
> -
> - if (Eax.Bits.SevBit) {
> - ReadSevMsr = TRUE;
> + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
> + if (Msr.Bits.SevBit) {
> + mSevStatus = TRUE;
> }
> - }
> - }
> -
> - if (ReadSevMsr) {
> - //
> - // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
> - //
> - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
> - if (Msr.Bits.SevBit) {
> - mSevStatus = TRUE;
> - }
>
> - //
> - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
> - //
> - if (Msr.Bits.SevEsBit) {
> - mSevEsStatus = TRUE;
> + //
> + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
> + //
> + if (Msr.Bits.SevEsBit) {
> + mSevEsStatus = TRUE;
> + }
> }
> }
>
>
next prev parent reply other threads:[~2021-11-29 19:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou
2021-11-25 13:21 ` qi zhou
2021-11-29 19:04 ` Lendacky, Thomas [this message]
2021-11-29 19:28 ` Brijesh Singh
2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann
2021-11-30 17:18 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=daa9613e-c4d9-42d6-65c9-9a6b35aee91f@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox