* [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase @ 2021-11-25 13:12 qi zhou 2021-11-25 13:21 ` qi zhou 2021-11-29 19:04 ` Lendacky, Thomas 0 siblings, 2 replies; 6+ messages in thread From: qi zhou @ 2021-11-25 13:12 UTC (permalink / raw) To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com, thomas.lendacky@amd.com >From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001 From: Qi Zhou <atmgnd@outlook.com> Date: Thu, 25 Nov 2021 20:25:55 +0800 Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by os(Windows etc), and will not restored on reboot, the SevEsWorkArea->EncryptionMask may have a random value after reboot. then it may casue fail on reboot. The msr bits already cached by mSevStatusChecked, there is no need to try cache again in PEI phase. Signed-off-by: Qi Zhou <atmgnd@outlook.com> --- .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------ 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..0819f50669 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus ( UINT32 RegEax; MSR_SEV_STATUS_REGISTER Msr; CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; - BOOLEAN ReadSevMsr; - SEC_SEV_ES_WORK_AREA *SevEsWorkArea; - ReadSevMsr = FALSE; - - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { - // - // The MSR has been read before, so it is safe to read it again and avoid - // having to validate the CPUID information. + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { // - ReadSevMsr = TRUE; - } else { + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) // - // Check if memory encryption leaf exist - // - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { // - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); - - if (Eax.Bits.SevBit) { - ReadSevMsr = TRUE; + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + mSevStatus = TRUE; } - } - } - - if (ReadSevMsr) { - // - // Check MSR_0xC0010131 Bit 0 (Sev Enabled) - // - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); - if (Msr.Bits.SevBit) { - mSevStatus = TRUE; - } - // - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) - // - if (Msr.Bits.SevEsBit) { - mSevEsStatus = TRUE; + // + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) + // + if (Msr.Bits.SevEsBit) { + mSevEsStatus = TRUE; + } } } -- 2.25.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase 2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou @ 2021-11-25 13:21 ` qi zhou 2021-11-29 19:04 ` Lendacky, Thomas 1 sibling, 0 replies; 6+ messages in thread From: qi zhou @ 2021-11-25 13:21 UTC (permalink / raw) To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com, thomas.lendacky@amd.com Here I will add some debug infomation about the reboot issue. on the master branch, I added some logs, see below: https://1drv.ms/u/s!As-Ec5SPH0fuimANnT5FPm8cmeM6 --- .../Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..8ab5849386 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -44,6 +44,7 @@ InternalMemEncryptSevStatus ( ReadSevMsr = FALSE; SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); + DEBUG ((DEBUG_INFO, "SevEsWorkAera: %p, SevEsWorkArea->EncryptionMask: %lu\n", SevEsWorkArea, SevEsWorkArea ? SevEsWorkArea->EncryptionMask : 0)); if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { // // The MSR has been read before, so it is safe to read it again and avoid @@ -71,7 +72,9 @@ InternalMemEncryptSevStatus ( // // Check MSR_0xC0010131 Bit 0 (Sev Enabled) // + DEBUG ((DEBUG_INFO, "Begin read msr\n")); Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); + DEBUG ((DEBUG_INFO, "End read msr\n")); if (Msr.Bits.SevBit) { mSevStatus = TRUE; } -- 2.25.1 Then rebuild the ovmf package, launch qemu with windows 10 guest os installed, repeat reboot win10 guest os 4-10 times, then there may got reboot fail see this screenshot: https://1drv.ms/u/s!As-Ec5SPH0fuil9hsVV_ooZG0mcw?e=xgfJoL From: qi zhou <atmgnd@outlook.com> Sent: Thursday, November 25, 2021 21:12 To: devel@edk2.groups.io <devel@edk2.groups.io> Cc: brijesh.singh@amd.com <brijesh.singh@amd.com>; erdemaktas@google.com <erdemaktas@google.com>; jejb@linux.ibm.com <jejb@linux.ibm.com>; jiewen.yao@intel.com <jiewen.yao@intel.com>; min.m.xu@intel.com <min.m.xu@intel.com>; thomas.lendacky@amd.com <thomas.lendacky@amd.com> Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase >From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001 From: Qi Zhou <atmgnd@outlook.com> Date: Thu, 25 Nov 2021 20:25:55 +0800 Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by os(Windows etc), and will not restored on reboot, the SevEsWorkArea->EncryptionMask may have a random value after reboot. then it may casue fail on reboot. The msr bits already cached by mSevStatusChecked, there is no need to try cache again in PEI phase. Signed-off-by: Qi Zhou <atmgnd@outlook.com> --- .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------ 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..0819f50669 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus ( UINT32 RegEax; MSR_SEV_STATUS_REGISTER Msr; CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; - BOOLEAN ReadSevMsr; - SEC_SEV_ES_WORK_AREA *SevEsWorkArea; - ReadSevMsr = FALSE; - - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { - // - // The MSR has been read before, so it is safe to read it again and avoid - // having to validate the CPUID information. + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { // - ReadSevMsr = TRUE; - } else { + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) // - // Check if memory encryption leaf exist - // - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { // - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); - - if (Eax.Bits.SevBit) { - ReadSevMsr = TRUE; + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + mSevStatus = TRUE; } - } - } - - if (ReadSevMsr) { - // - // Check MSR_0xC0010131 Bit 0 (Sev Enabled) - // - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); - if (Msr.Bits.SevBit) { - mSevStatus = TRUE; - } - // - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) - // - if (Msr.Bits.SevEsBit) { - mSevEsStatus = TRUE; + // + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) + // + if (Msr.Bits.SevEsBit) { + mSevEsStatus = TRUE; + } } } -- 2.25.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase 2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou 2021-11-25 13:21 ` qi zhou @ 2021-11-29 19:04 ` Lendacky, Thomas 2021-11-29 19:28 ` Brijesh Singh 1 sibling, 1 reply; 6+ messages in thread From: Lendacky, Thomas @ 2021-11-29 19:04 UTC (permalink / raw) To: qi zhou, devel@edk2.groups.io Cc: brijesh.singh@amd.com, erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com On 11/25/21 7:12 AM, qi zhou wrote: > From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001 > From: Qi Zhou <atmgnd@outlook.com> > Date: Thu, 25 Nov 2021 20:25:55 +0800 > Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during > PEI phase > > Tested on Intel Platform, It is like 'SEV-ES work area' can be modified by > os(Windows etc), and will not restored on reboot, the > SevEsWorkArea->EncryptionMask may have a random value after reboot. then it > may casue fail on reboot. The msr bits already cached by mSevStatusChecked, > there is no need to try cache again in PEI phase. > > Signed-off-by: Qi Zhou <atmgnd@outlook.com> > --- > .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------ > 1 file changed, 19 insertions(+), 36 deletions(-) > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > index e2fd109d12..0819f50669 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus ( > UINT32 RegEax; > MSR_SEV_STATUS_REGISTER Msr; > CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; > - BOOLEAN ReadSevMsr; > - SEC_SEV_ES_WORK_AREA *SevEsWorkArea; > > - ReadSevMsr = FALSE; > - > - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); > - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { > - // > - // The MSR has been read before, so it is safe to read it again and avoid > - // having to validate the CPUID information. > + // > + // Check if memory encryption leaf exist > + // > + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); > + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { This now defeats the purpose of the workarea the already validated CPUID information. This CPUID information will now require validating. Wouldn't the best thing be to clear the workarea in the early boot code? Thanks, Tom > // > - ReadSevMsr = TRUE; > - } else { > + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) > // > - // Check if memory encryption leaf exist > - // > - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); > - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { > + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); > + > + if (Eax.Bits.SevBit) { > // > - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) > + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) > // > - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); > - > - if (Eax.Bits.SevBit) { > - ReadSevMsr = TRUE; > + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); > + if (Msr.Bits.SevBit) { > + mSevStatus = TRUE; > } > - } > - } > - > - if (ReadSevMsr) { > - // > - // Check MSR_0xC0010131 Bit 0 (Sev Enabled) > - // > - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); > - if (Msr.Bits.SevBit) { > - mSevStatus = TRUE; > - } > > - // > - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) > - // > - if (Msr.Bits.SevEsBit) { > - mSevEsStatus = TRUE; > + // > + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) > + // > + if (Msr.Bits.SevEsBit) { > + mSevEsStatus = TRUE; > + } > } > } > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase 2021-11-29 19:04 ` Lendacky, Thomas @ 2021-11-29 19:28 ` Brijesh Singh 2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann 0 siblings, 1 reply; 6+ messages in thread From: Brijesh Singh @ 2021-11-29 19:28 UTC (permalink / raw) To: Tom Lendacky, qi zhou, devel@edk2.groups.io Cc: brijesh.singh, erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com On 11/29/21 1:04 PM, Tom Lendacky wrote: > On 11/25/21 7:12 AM, qi zhou wrote: >> From 5b10265fa5c7b5ca728b4f18488089de6535ed28 Mon Sep 17 00:00:00 2001 >> From: Qi Zhou <atmgnd@outlook.com> >> Date: Thu, 25 Nov 2021 20:25:55 +0800 >> Subject: [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr >> during >> PEI phase >> >> Tested on Intel Platform, It is like 'SEV-ES work area' can be >> modified by >> os(Windows etc), and will not restored on reboot, the >> SevEsWorkArea->EncryptionMask may have a random value after reboot. >> then it >> may casue fail on reboot. The msr bits already cached by >> mSevStatusChecked, >> there is no need to try cache again in PEI phase. >> >> Signed-off-by: Qi Zhou <atmgnd@outlook.com> >> --- >> .../PeiMemEncryptSevLibInternal.c | 55 +++++++------------ >> 1 file changed, 19 insertions(+), 36 deletions(-) >> >> diff --git >> a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c >> b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c >> index e2fd109d12..0819f50669 100644 >> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c >> @@ -38,49 +38,32 @@ InternalMemEncryptSevStatus ( >> UINT32 RegEax; >> MSR_SEV_STATUS_REGISTER Msr; >> CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; >> - BOOLEAN ReadSevMsr; >> - SEC_SEV_ES_WORK_AREA *SevEsWorkArea; >> - ReadSevMsr = FALSE; >> - >> - SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 >> (PcdSevEsWorkAreaBase); >> - if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { >> - // >> - // The MSR has been read before, so it is safe to read it again >> and avoid >> - // having to validate the CPUID information. >> + // >> + // Check if memory encryption leaf exist >> + // >> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); >> + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { > What is missing in the original patch set is that now with the common work area we need to check the Guest Type before accessing the SevEs workarea type. I have a patch in my wip to cleanup the SEV feature detection check and patiently waiting for the SEV-SNP series to land so that I can submit other patches. You need something like IsSevGuest() before accessing the SevEs workarea, see how its done for the SEC. https://github.com/AMDESE/ovmf/blob/snp-v13/OvmfPkg/Sec/AmdSev.c#L234 In my WIP I am moving that to common BaseMemEncryptLib. thanks > This now defeats the purpose of the workarea the already validated CPUID > information. This CPUID information will now require validating. > > Wouldn't the best thing be to clear the workarea in the early boot code? > > Thanks, > Tom > >> // >> - ReadSevMsr = TRUE; >> - } else { >> + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) >> // >> - // Check if memory encryption leaf exist >> - // >> - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); >> - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { >> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, >> NULL); >> + >> + if (Eax.Bits.SevBit) { >> // >> - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) >> + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) >> // >> - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, >> NULL, NULL); >> - >> - if (Eax.Bits.SevBit) { >> - ReadSevMsr = TRUE; >> + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); >> + if (Msr.Bits.SevBit) { >> + mSevStatus = TRUE; >> } >> - } >> - } >> - >> - if (ReadSevMsr) { >> - // >> - // Check MSR_0xC0010131 Bit 0 (Sev Enabled) >> - // >> - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); >> - if (Msr.Bits.SevBit) { >> - mSevStatus = TRUE; >> - } >> - // >> - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) >> - // >> - if (Msr.Bits.SevEsBit) { >> - mSevEsStatus = TRUE; >> + // >> + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) >> + // >> + if (Msr.Bits.SevEsBit) { >> + mSevEsStatus = TRUE; >> + } >> } >> } >> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase 2021-11-29 19:28 ` Brijesh Singh @ 2021-11-30 15:51 ` Gerd Hoffmann 2021-11-30 17:18 ` Brijesh Singh 0 siblings, 1 reply; 6+ messages in thread From: Gerd Hoffmann @ 2021-11-30 15:51 UTC (permalink / raw) To: devel, brijesh.singh Cc: Tom Lendacky, qi zhou, erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com Hi, > What is missing in the original patch set is that now with the common work > area we need to check the Guest Type before accessing the SevEs workarea > type. I have a patch in my wip to cleanup the SEV feature detection check > and patiently waiting for the SEV-SNP series to land so that I can submit > other patches. Can you prepare a version of the fix which does not depend on the snp series and can be applied to edk2-stable202111? thanks, Gerd ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase 2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann @ 2021-11-30 17:18 ` Brijesh Singh 0 siblings, 0 replies; 6+ messages in thread From: Brijesh Singh @ 2021-11-30 17:18 UTC (permalink / raw) To: Gerd Hoffmann, devel Cc: brijesh.singh, Tom Lendacky, qi zhou, erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com On 11/30/21 9:51 AM, Gerd Hoffmann wrote: > Hi, > >> What is missing in the original patch set is that now with the common work >> area we need to check the Guest Type before accessing the SevEs workarea >> type. I have a patch in my wip to cleanup the SEV feature detection check >> and patiently waiting for the SEV-SNP series to land so that I can submit >> other patches. > Can you prepare a version of the fix which does not depend on the snp > series and can be applied to edk2-stable202111? Ack. > thanks, > Gerd > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-11-30 17:18 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-11-25 13:12 [PATCH] OvmfPkg/MemEncryptSevLib: check CPUID when read msr during PEI phase qi zhou 2021-11-25 13:21 ` qi zhou 2021-11-29 19:04 ` Lendacky, Thomas 2021-11-29 19:28 ` Brijesh Singh 2021-11-30 15:51 ` [edk2-devel] " Gerd Hoffmann 2021-11-30 17:18 ` Brijesh Singh
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox