From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.66]) by mx.groups.io with SMTP id smtpd.web12.12608.1625753362234372883 for ; Thu, 08 Jul 2021 07:09:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=qPbMxDaI; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.66, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CusKNW5+ZXBrua+mdlwmAjbBTixaKUUjc8UYsvwXf65A+Xz727srPVUgxjc2JdpLaO7fxBa01fgqh3uVTIyxwvTWSuOQ7Vs/k28OSuojY65PstE3RifLviDNwsxPGx+k0W2IoMBg6FbUAkPfkaukHl+yRxs1bxOJ6oQv0eKTR+GtgjQrPZjmXj/nyEARvkaTdwUEFUIGzMp0dnTKEllZnQpW79Cjk093k+/b59fKwxQeltbF+j4/ndkDM8uyj+kUFgfivWO2hk1ZNOkBDYYsFM3CRsurTdgiwFsPw2OIRfrVZBfPav74wkyYmNpvtU6D+0MS7nL8JWdH1o3GhxM9KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S5tjDTzYsGMh2RJ2YgKz+XRmynbBaYjzRuIE/Zy8G7M=; b=Ga9shdH76lfW2QNjp5EXQFkmiBfzgdJEPKDukri1NW84S37JsoMk2nl1Y7U811cZjYpJPd3hHc5c6xAXMDfRQqEIk9/PemVbar3HMErzI2RFfuuupJpl/rGoFv2hNT5TEkObvFbB8CcrW4dKagi2/LBU3nKv3rS9VaiXltn0uQUGaK6Fl3TY+LObnXlyCsIvGsK7ywN2HsRZv5aKM0dRwCPT+YsY7/RSt3lFQwab52Av3JlagqUaRC2wVX12pgJez7nd4fbsF4//+0Z1j7CB/Al7iT/tlaWT8PYiLbJ3x2di810f/jLRHlqwvY5U2ymbGawYhaaLIGfFyHlxuWUy6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S5tjDTzYsGMh2RJ2YgKz+XRmynbBaYjzRuIE/Zy8G7M=; b=qPbMxDaIdbp5+GjQ09CLavP+OETukjg3S3z6q+RDpWW40ZE7t/S4EQshKgTlJpKDijhMbr9w3+AIOVH9ydc/m3X1LzmTYJ6PslAUTB6nzanzta8NLfQqsbS7VYaK7IdtgLl3INB4J4s/QBdd9mUV/ED6uyRrvTaY1KH1h0F0ACw= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2719.namprd12.prod.outlook.com (2603:10b6:805:6c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.19; Thu, 8 Jul 2021 14:09:19 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4287.035; Thu, 8 Jul 2021 14:09:19 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [PATCH v5 4/4] OvmfPkg/AmdSevDxe: Add support for SEV live migration. Date: Thu, 8 Jul 2021 14:09:05 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA0PR11CA0094.namprd11.prod.outlook.com (2603:10b6:806:d1::9) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0094.namprd11.prod.outlook.com (2603:10b6:806:d1::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Thu, 8 Jul 2021 14:09:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 51b3b98a-da9a-477d-c08f-08d94219fa86 X-MS-TrafficTypeDiagnostic: SN6PR12MB2719: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Z9TkaKeFXkHvGKUuOnPFbhai+nVmqmVyJHIj+w9fbDy1YgK12VAuE5Ai+IRnc4NmWQLc16eOaogux698UNOhfGADTzCcVoAZZKjE/xIox5//8e9kauFJuKoSnNBUNzKLkUTsfP7OMRBC2ktvSv9Hzv6xnUakAPi28/p5cAROuSfGEidzUZkVMya4AD+nt3SO4LnCvTBatPvflIClQGXM7nQNkQJPExrFGMOkU49qBLMM2yHdJojRr5gBGnUfHORh+0yhw8dms3bWciqd91/xzACW3iCEv9QdxlIJo2RQjm4K7eA8O//fDjyrZTidsCM7jXGGtE2PAMYa+xos713Ha46060BqpMeGTUSDu5STOwDrKJkwFRIHGd4yOzKAcNd4aKM5wiwH6ERfxhgiioCNkLb67IUM1Fv7jjVW9v3eLetYPiOf2NG6tmnpB8xGRL85BhI9Yr0/XLH+U1fIUd1qcRyNFf191Xz/JnGOwnx5NBgIWpWkVzwpusWtENrd8hMHFJ6PXLcYN1nibeTEUmUQlB9Sy6v7CMte8WoWh22JPUhbSupn34thTfoktSjfrsAixOPd6tzQQ9DloCJDJWVpk9CmuO3tNmpYNIHr4v+QKjlYL7D2uBhighoFAHMcOqblCW9XaPgQ75EZjH/AkmmzxtADWJMC4T6Kp+w7DCle00kh1LF8V56PHjXZDlwTLjanL8hBTld/DMek42XuTpAFbg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(39860400002)(396003)(136003)(38100700002)(26005)(66946007)(5660300002)(66556008)(66476007)(8936002)(38350700002)(86362001)(4326008)(6666004)(52116002)(7696005)(478600001)(6486002)(6916009)(2906002)(7416002)(2616005)(956004)(316002)(36756003)(8676002)(83380400001)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?GGhmZ8nG5qm5x2Sp93RIUF69wlh1E2cB+k4pOdKXkKtqub+V9Xv6XoqJ8WwR?= =?us-ascii?Q?mfAFk2vr++Xr9fEHHVl88Ikdnte9KOSW4ltPfZMAIe6hG0JshLuzIuo+jjmw?= =?us-ascii?Q?Psf10me0nMBSORoee/viSTBHtambnfL4NxhKpQ6ueHhLUiv8Y6onVMFQ8k7U?= =?us-ascii?Q?76Dc+5HS/ZYSXQj7ISNnSmRDe0RyU7HEzieQXBAA/6Dpleky8Ocyax4Z4qhE?= =?us-ascii?Q?2yOz3UQNHOUVfiSC29OCGAWgQiQ35bvMEwGfTWmJRq0u3zVJ8xeqn5xSxAYC?= =?us-ascii?Q?fR4DhIUiJDK1O5INC/SVwNkqAOby6k3x7OVX0nK8f8rocJIzMCZAeGhnWH9I?= =?us-ascii?Q?jZEOfRD1zpIO256E9Nqdna5AAtCd8ZaJJhfKCDutIhllVbvBWCdluZFljJEe?= =?us-ascii?Q?VQyJoYdeLrWMfj4Iz5ZVybfjBepWXFuPHIEdMEZ8vCnN+5lobI81ciOkbRI/?= =?us-ascii?Q?EnKGbv5KXHdvq7kYKvqj8rZbKPu+a7Zf4Q5kdi+4n+YkLN5jvpMxJxf24wcv?= =?us-ascii?Q?7XQcERsEbwOQfPxek6WF0yEv9xzApCoshewGDUMJq/v7ZWlQHIYb9y9XfoVs?= =?us-ascii?Q?OrbqjnMPAKrQ1kWrz+WXXOsR3MHmT4Ya++G4X/I1JL/uwNGOKJQiL/hq3NUm?= =?us-ascii?Q?iWXccwT6+ed66h3rgvjEGtDNXX4g1Z1xx2qyHyYQtJmSWyi7K7+8DKGXA1i+?= =?us-ascii?Q?W8ztm58I8Ng9MayBJ0MNw9Uy33a/eunatVQX74DhevACBj/qUsb3lep9vTS2?= =?us-ascii?Q?0wevIQLWDCcMrfobpliVSWjDSZeIGZO3i1kRbKfqcOp1qm4n73GysypJAS++?= =?us-ascii?Q?TLuUNX5ZF8u0jUy5XyqfudInbU5gOGFnRgHNXBoxSO+bU583oKHzJPS/Lygf?= =?us-ascii?Q?mkpSw/mEOtEEHIYa0SMMGu0oh4IYI1mJA9sB0wB0Fj25n2OLTJjI7IH81hQs?= =?us-ascii?Q?tTSwMtLn2zVVDF1vcOui6uKw2ilvgafplf1qTP2fZj9bIG0JXd8kYJhUnkOq?= =?us-ascii?Q?cRi2IpSPEa7jIneTmYnhdwurimN4eq0hR1fKJTu7vJ0Hqu41rHIPZlzU1RKG?= =?us-ascii?Q?Cbl+ASLh/Wd0DdXsig+3clFRcWnLUxaRBOeL5coJrJZNXrSQ5GUhDQJ4J7Vm?= =?us-ascii?Q?1MfwMdvszEhSA2flPD4XfpsE1PmmTGvzA2a42Ua0HRX973NnA9IlheKeoMqf?= =?us-ascii?Q?WWBy3Uj8YELeM/eD/TDJdqOy4GQhw67p1rU5MordySS89idXzJ+RUdPPfE7/?= =?us-ascii?Q?1YXwwS9wLjha3wwEt+2/xmZaf2//+9CexOHTT7GUixIBFjhbvEIfGQi3idF/?= =?us-ascii?Q?H/+IAsCn+zjEnxb93yToRTfS?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 51b3b98a-da9a-477d-c08f-08d94219fa86 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2021 14:09:19.5755 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WeGwPjSTuKs011MX5n4iiKNH1v1wDaNQmBUEJKXAbQ4yIaqE495BlV9Gzb2vKbJRYkYMequw66g0XmGmzSBAsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2719 Content-Type: text/plain From: Ashish Kalra Check for SEV live migration feature support, if detected setup a new UEFI enviroment variable to indicate OVMF support for SEV live migration. The new runtime UEFI environment variable is set via the notification function registered for the EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. Signed-off-by: Ashish Kalra --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 59 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ OvmfPkg/Include/Guid/MemEncryptLib.h | 20 +++++++ OvmfPkg/OvmfPkg.dec | 1 + 4 files changed, 84 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index c66c4e9b92..45adf3249c 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -15,10 +15,49 @@ #include #include #include +#include +#include #include #include +#include +#include #include +STATIC +VOID +EFIAPI +AmdSevDxeOnEndOfDxe ( + IN EFI_EVENT Event, + IN VOID *EventToSignal + ) +{ + EFI_STATUS Status; + BOOLEAN SevLiveMigrationEnabled; + + SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled(); + + if (SevLiveMigrationEnabled) { + Status = gRT->SetVariable ( + L"SevLiveMigrationEnabled", + &gMemEncryptGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (BOOLEAN), + &SevLiveMigrationEnabled + ); + + DEBUG (( + DEBUG_INFO, + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", + __FUNCTION__, + Status + )); + } + + DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__)); +} + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -30,6 +69,7 @@ AmdSevDxeEntryPoint ( EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; UINTN NumEntries; UINTN Index; + EFI_EVENT Event; // // Do nothing when SEV is not enabled @@ -130,5 +170,24 @@ AmdSevDxeEntryPoint ( } } + // + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. + // The notification function sets the runtime variable indicating OVMF + // support for SEV live migration. + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + AmdSevDxeOnEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &Event + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n", + __FUNCTION__, Status)); + } + return EFI_SUCCESS; } diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 0676fcc5b6..f4e40ff412 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -45,3 +45,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + +[Guids] + gMemEncryptGuid + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h new file mode 100644 index 0000000000..4c046ba439 --- /dev/null +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h @@ -0,0 +1,20 @@ +/** @file + + AMD Memory Encryption GUID, define a new GUID for defining + new UEFI enviroment variables assocaiated with SEV Memory Encryption. + + Copyright (c) 2020, AMD Inc. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __MEMENCRYPT_LIB_H__ +#define __MEMENCRYPT_LIB_H__ + +#define MEMENCRYPT_GUID \ +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} + +extern EFI_GUID gMemEncryptGuid; + +#endif diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6ae733f6e3..e452dc8494 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -122,6 +122,7 @@ gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} [Ppis] # PPI whose presence in the PPI database signals that the TPM base address -- 2.17.1