From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web12.11136.1617711423699872185 for ; Tue, 06 Apr 2021 05:17:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=esxYQICG; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617711422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4t6vWyRWip343Ym4wAG+M53/KxbXINjSfhKnyjPUGIY=; b=esxYQICGjlwD3SPR9OEUT7Rv0Mei5jm8kk8BtKdvpyCM6UWNM3pB+1Ac6tjeWZH4CroHdx F0l48XGTeaBdu2VXj+ahPW1TILF75IT4x/JZ/FkhQY+LJkAEcCvjwirXhqzv8wN09a2shx LAaGrSYyb9T0JOkfUaid7shGg0Gz5qI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-428-TV1iihktNaaa2YG-2tys_w-1; Tue, 06 Apr 2021 08:16:59 -0400 X-MC-Unique: TV1iihktNaaa2YG-2tys_w-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C08861009E2D; Tue, 6 Apr 2021 12:16:57 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-134.ams2.redhat.com [10.36.115.134]) by smtp.corp.redhat.com (Postfix) with ESMTP id D3E0F5C559; Tue, 6 Apr 2021 12:16:55 +0000 (UTC) Subject: Re: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for the SEV-SNP guest To: "Xu, Min M" , Brijesh Singh , "devel@edk2.groups.io" Cc: James Bottomley , "Yao, Jiewen" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel References: <20210324153215.17971-1-brijesh.singh@amd.com> <20210324153215.17971-2-brijesh.singh@amd.com> From: "Laszlo Ersek" Message-ID: Date: Tue, 6 Apr 2021 14:16:54 +0200 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 04/06/21 10:11, Xu, Min M wrote: > Hi, Singh > I have a concern about the sevSnpBlock in ResetVectorVtf0.asm. Actually > SEV has inserted 3 blocks in ResetVectorVtf0.asm and the total bytes are > (26 + 22 + 20 = 68 bytes). If sevSnpBlock is added, then the total bytes > will be (68 +26 = 94 bytes). > > I am not sure whether there will be more blocks added in > ResetVectorVtf0.asm in the future. But I don't think ResetVectorVtf0.asm > is a good place to add these data blobs. Can these data be packed into a > single file, for example, SevMetadata.asm, then a pointer is inserted in > ResetVectorVtf0.asm which then points to the SevMetadata. In this way we > can keep ResetVectorVtf0.asm clean, small and straight forward. > > Another reason is that I am working on the Intel TDX which will update > the ResetVectorVtf0.asm as well. My change depends on the assumption that > the distance between ResetVector(0xfffffff0) and EarlyBspInitReal16 is > less than 128 bytes. The blocks in ResetVectorVtf0.asm make it impossible. That's a problem. These info blocks are placed in the reset vector because then they can be found by QEMU easily -- they are not compressed, and they appear at a known location in the guest physical address space. (More precisely, a GUID-ed structure chain starts at a known location, and then QEMU can traverse the chain of structures, for learning various bits of information about the firmware.) Do we absolutely need a short jump? Thanks Laszlo > > Thanks! > >> -----Original Message----- >> From: Brijesh Singh >> Sent: Wednesday, March 24, 2021 11:32 PM >> To: devel@edk2.groups.io >> Cc: Brijesh Singh ; James Bottomley >> ; Xu, Min M ; Yao, Jiewen >> ; Tom Lendacky ; >> Justen, Jordan L ; Ard Biesheuvel >> ; Laszlo Ersek >> Subject: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for >> the SEV-SNP guest >> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 >> >> During the SEV-SNP guest launch sequence, two special pages need to be >> inserted, the secrets page and cpuid page. The secrets page, contain the VM >> platform communication keys. The guest BIOS and OS can use this key to >> communicate with the SEV firmware to get the attestation report. The Cpuid >> page, contain the CPUIDs entries filtered through the AMD-SEV firmware. >> >> The VMM will locate the secrets and cpuid page addresses through a fixed >> GUID and pass them to SEV firmware to populate further. >> For more information about the page content, see the SEV-SNP spec. >> >> To simplify the pre-validation range calculation in the next patch, the CPUID >> and Secrets pages are moved to the start of the MEMFD_BASE_ADDRESS. >> >> Cc: James Bottomley >> Cc: Min Xu >> Cc: Jiewen Yao >> Cc: Tom Lendacky >> Cc: Jordan Justen >> Cc: Ard Biesheuvel >> Cc: Laszlo Ersek >> Signed-off-by: Brijesh Singh >> --- >> OvmfPkg/OvmfPkg.dec | 8 +++++++ >> OvmfPkg/OvmfPkgX64.fdf | 24 ++++++++++++-------- >> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 19 ++++++++++++++++ >> OvmfPkg/ResetVector/ResetVector.inf | 4 ++++ >> OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ >> 5 files changed, 48 insertions(+), 9 deletions(-) >> >> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index >> 4348bb45c6..062926772d 100644 >> --- a/OvmfPkg/OvmfPkg.dec >> +++ b/OvmfPkg/OvmfPkg.dec >> @@ -317,6 +317,14 @@ >> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 >> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 >> >> + ## The base address of the CPUID page used by SEV-SNP >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x48 >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x49 >> + >> + ## The base address of the Secrets page used by SEV-SNP >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x50 >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x51 >> + >> [PcdsDynamic, PcdsDynamicEx] >> gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 >> >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN >> |0x10 >> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index >> d519f85328..ea214600be 100644 >> --- a/OvmfPkg/OvmfPkgX64.fdf >> +++ b/OvmfPkg/OvmfPkgX64.fdf >> @@ -67,27 +67,33 @@ ErasePolarity = 1 >> BlockSize = 0x10000 >> NumBlocks = 0xD0 >> >> -0x000000|0x006000 >> +0x000000|0x001000 >> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenS >> paceGu >> +id.PcdOvmfSnpCpuidSize >> + >> +0x001000|0x001000 >> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgToken >> Space >> +Guid.PcdOvmfSnpSecretsSize >> + >> +0x002000|0x006000 >> >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTok >> enSpaceGuid.PcdOvmfSecPageTablesSize >> >> -0x006000|0x001000 >> +0x008000|0x001000 >> >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTo >> kenSpaceGuid.PcdOvmfLockBoxStorageSize >> >> -0x007000|0x001000 >> +0x009000|0x001000 >> >> gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvm >> fPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize >> >> -0x008000|0x001000 >> +0x00A000|0x001000 >> >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkg >> TokenSpaceGuid.PcdOvmfSecGhcbPageTableSize >> >> -0x009000|0x002000 >> +0x00B000|0x002000 >> >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpa >> ceGuid.PcdOvmfSecGhcbSize >> >> -0x00B000|0x001000 >> - >> gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpac >> eGuid.PcdSevEsWorkAreaSize >> - >> -0x00C000|0x001000 >> +0x00D000|0x001000 >> >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTo >> kenSpaceGuid.PcdOvmfSecGhcbBackupSize >> >> +0x00F000|0x001000 >> +gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpa >> ceGui >> +d.PcdSevEsWorkAreaSize >> + >> 0x010000|0x010000 >> >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTo >> kenSpaceGuid.PcdOvmfSecPeiTempRamSize >> >> diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >> b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >> index 9c0b5853a4..5456f02924 100644 >> --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >> +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >> @@ -47,6 +47,25 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart >> + 15) % 16)) DB 0 ; >> guidedStructureStart: >> >> +; >> +; SEV-SNP boot support >> +; >> +; sevSnpBlock: >> +; For the initial boot of SEV-SNP guest, a Secrets and CPUID page must be >> +; reserved by the BIOS at a RAM area defined by SEV_SNP_SECRETS_PAGE >> +; and SEV_SNP_CPUID_PAGE. A VMM will locate this information using the >> +; SEV-SNP boot block. >> +; >> +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 >> +; >> +sevSnpBootBlockStart: >> + DD SEV_SNP_SECRETS_PAGE >> + DD SEV_SNP_CPUID_PAGE >> + DW sevSnpBootBlockEnd - sevSnpBootBlockStart >> + DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 >> + DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 >> +sevSnpBootBlockEnd: >> + >> ; >> ; SEV Secret block >> ; >> diff --git a/OvmfPkg/ResetVector/ResetVector.inf >> b/OvmfPkg/ResetVector/ResetVector.inf >> index dc38f68919..d890bb6b29 100644 >> --- a/OvmfPkg/ResetVector/ResetVector.inf >> +++ b/OvmfPkg/ResetVector/ResetVector.inf >> @@ -37,6 +37,10 @@ >> gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableSize >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase >> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb >> b/OvmfPkg/ResetVector/ResetVector.nasmb >> index 5fbacaed5f..2c194958f4 100644 >> --- a/OvmfPkg/ResetVector/ResetVector.nasmb >> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb >> @@ -75,6 +75,8 @@ >> %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) >> %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 >> (PcdSevEsWorkAreaBase) + 8) >> %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 >> (PcdSevEsWorkAreaBase) + 16) >> + %define SEV_SNP_SECRETS_PAGE FixedPcdGet32 (PcdOvmfSnpSecretsBase) >> + %define SEV_SNP_CPUID_PAGE FixedPcdGet32 (PcdOvmfSnpCpuidBase) >> %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 >> (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 >> (PcdOvmfSecPeiTempRamSize)) %include "Ia32/Flat32ToFlat64.asm" >> %include "Ia32/PageTables64.asm" >> -- >> 2.17.1 >