From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web12.11136.1617711423699872185
 for <devel@edk2.groups.io>;
 Tue, 06 Apr 2021 05:17:03 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=esxYQICG;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1617711422;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=4t6vWyRWip343Ym4wAG+M53/KxbXINjSfhKnyjPUGIY=;
	b=esxYQICGjlwD3SPR9OEUT7Rv0Mei5jm8kk8BtKdvpyCM6UWNM3pB+1Ac6tjeWZH4CroHdx
	F0l48XGTeaBdu2VXj+ahPW1TILF75IT4x/JZ/FkhQY+LJkAEcCvjwirXhqzv8wN09a2shx
	LAaGrSYyb9T0JOkfUaid7shGg0Gz5qI=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-428-TV1iihktNaaa2YG-2tys_w-1; Tue, 06 Apr 2021 08:16:59 -0400
X-MC-Unique: TV1iihktNaaa2YG-2tys_w-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C08861009E2D;
	Tue,  6 Apr 2021 12:16:57 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-134.ams2.redhat.com [10.36.115.134])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D3E0F5C559;
	Tue,  6 Apr 2021 12:16:55 +0000 (UTC)
Subject: Re: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for the SEV-SNP guest
To: "Xu, Min M" <min.m.xu@intel.com>, Brijesh Singh <brijesh.singh@amd.com>,
 "devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: James Bottomley <jejb@linux.ibm.com>, "Yao, Jiewen"
 <jiewen.yao@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>,
 "Justen, Jordan L" <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>
References: <20210324153215.17971-1-brijesh.singh@amd.com>
 <20210324153215.17971-2-brijesh.singh@amd.com>
 <PH0PR11MB5064BDC2E50B6ABC7DEB8661C5769@PH0PR11MB5064.namprd11.prod.outlook.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <dd31e832-898e-d8c2-e243-4ff0b9df6fe9@redhat.com>
Date: Tue, 6 Apr 2021 14:16:54 +0200
MIME-Version: 1.0
In-Reply-To: <PH0PR11MB5064BDC2E50B6ABC7DEB8661C5769@PH0PR11MB5064.namprd11.prod.outlook.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 04/06/21 10:11, Xu, Min M wrote:
> Hi, Singh
> I have a concern about the sevSnpBlock in ResetVectorVtf0.asm. Actually
> SEV has inserted 3 blocks in ResetVectorVtf0.asm and the total bytes are
> (26 + 22 + 20 = 68 bytes). If sevSnpBlock is added, then the total bytes
> will be (68 +26 = 94 bytes).
> 
> I am not sure whether there will be more blocks added in
> ResetVectorVtf0.asm in the future. But I don't think ResetVectorVtf0.asm
> is a good place to add these data blobs. Can these data be packed into a
> single file, for example, SevMetadata.asm, then a pointer is inserted in
> ResetVectorVtf0.asm which then points to the SevMetadata. In this way we
> can keep ResetVectorVtf0.asm clean, small and straight forward.
> 
> Another reason is that I am working on the Intel TDX which will update
> the ResetVectorVtf0.asm as well. My change depends on the assumption that
> the distance between ResetVector(0xfffffff0) and EarlyBspInitReal16 is
> less than 128 bytes. The blocks in ResetVectorVtf0.asm make it impossible.

That's a problem. These info blocks are placed in the reset vector
because then they can be found by QEMU easily -- they are not
compressed, and they appear at a known location in the guest physical
address space. (More precisely, a GUID-ed structure chain starts at a
known location, and then QEMU can traverse the chain of structures, for
learning various bits of information about the firmware.)

Do we absolutely need a short jump?

Thanks
Laszlo

> 
> Thanks!
> 
>> -----Original Message-----
>> From: Brijesh Singh <brijesh.singh@amd.com>
>> Sent: Wednesday, March 24, 2021 11:32 PM
>> To: devel@edk2.groups.io
>> Cc: Brijesh Singh <brijesh.singh@amd.com>; James Bottomley
>> <jejb@linux.ibm.com>; Xu, Min M <min.m.xu@intel.com>; Yao, Jiewen
>> <jiewen.yao@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>;
>> Justen, Jordan L <jordan.l.justen@intel.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>; Laszlo Ersek <lersek@redhat.com>
>> Subject: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for
>> the SEV-SNP guest
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
>>
>> During the SEV-SNP guest launch sequence, two special pages need to be
>> inserted, the secrets page and cpuid page. The secrets page, contain the VM
>> platform communication keys. The guest BIOS and OS can use this key to
>> communicate with the SEV firmware to get the attestation report. The Cpuid
>> page, contain the CPUIDs entries filtered through the AMD-SEV firmware.
>>
>> The VMM will locate the secrets and cpuid page addresses through a fixed
>> GUID and pass them to SEV firmware to populate further.
>> For more information about the page content, see the SEV-SNP spec.
>>
>> To simplify the pre-validation range calculation in the next patch, the CPUID
>> and Secrets pages are moved to the start of the MEMFD_BASE_ADDRESS.
>>
>> Cc: James Bottomley <jejb@linux.ibm.com>
>> Cc: Min Xu <min.m.xu@intel.com>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>> ---
>>  OvmfPkg/OvmfPkg.dec                          |  8 +++++++
>>  OvmfPkg/OvmfPkgX64.fdf                       | 24 ++++++++++++--------
>>  OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 19 ++++++++++++++++
>>  OvmfPkg/ResetVector/ResetVector.inf          |  4 ++++
>>  OvmfPkg/ResetVector/ResetVector.nasmb        |  2 ++
>>  5 files changed, 48 insertions(+), 9 deletions(-)
>>
>> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index
>> 4348bb45c6..062926772d 100644
>> --- a/OvmfPkg/OvmfPkg.dec
>> +++ b/OvmfPkg/OvmfPkg.dec
>> @@ -317,6 +317,14 @@
>>    gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42
>>    gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43
>>
>> +  ## The base address of the CPUID page used by SEV-SNP
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x48
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x49
>> +
>> +  ## The base address of the Secrets page used by SEV-SNP
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x50
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x51
>> +
>>  [PcdsDynamic, PcdsDynamicEx]
>>    gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
>>
>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN
>> |0x10
>> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index
>> d519f85328..ea214600be 100644
>> --- a/OvmfPkg/OvmfPkgX64.fdf
>> +++ b/OvmfPkg/OvmfPkgX64.fdf
>> @@ -67,27 +67,33 @@ ErasePolarity = 1
>>  BlockSize     = 0x10000
>>  NumBlocks     = 0xD0
>>
>> -0x000000|0x006000
>> +0x000000|0x001000
>> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenS
>> paceGu
>> +id.PcdOvmfSnpCpuidSize
>> +
>> +0x001000|0x001000
>> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgToken
>> Space
>> +Guid.PcdOvmfSnpSecretsSize
>> +
>> +0x002000|0x006000
>>
>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTok
>> enSpaceGuid.PcdOvmfSecPageTablesSize
>>
>> -0x006000|0x001000
>> +0x008000|0x001000
>>
>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTo
>> kenSpaceGuid.PcdOvmfLockBoxStorageSize
>>
>> -0x007000|0x001000
>> +0x009000|0x001000
>>
>> gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvm
>> fPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
>>
>> -0x008000|0x001000
>> +0x00A000|0x001000
>>
>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkg
>> TokenSpaceGuid.PcdOvmfSecGhcbPageTableSize
>>
>> -0x009000|0x002000
>> +0x00B000|0x002000
>>
>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpa
>> ceGuid.PcdOvmfSecGhcbSize
>>
>> -0x00B000|0x001000
>> -
>> gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpac
>> eGuid.PcdSevEsWorkAreaSize
>> -
>> -0x00C000|0x001000
>> +0x00D000|0x001000
>>
>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTo
>> kenSpaceGuid.PcdOvmfSecGhcbBackupSize
>>
>> +0x00F000|0x001000
>> +gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpa
>> ceGui
>> +d.PcdSevEsWorkAreaSize
>> +
>>  0x010000|0x010000
>>
>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTo
>> kenSpaceGuid.PcdOvmfSecPeiTempRamSize
>>
>> diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
>> b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
>> index 9c0b5853a4..5456f02924 100644
>> --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
>> +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
>> @@ -47,6 +47,25 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart
>> + 15) % 16)) DB 0  ;
>>  guidedStructureStart:
>>
>> +;
>> +; SEV-SNP boot support
>> +;
>> +; sevSnpBlock:
>> +;   For the initial boot of SEV-SNP guest, a Secrets and CPUID page must be
>> +;   reserved by the BIOS at a RAM area defined by SEV_SNP_SECRETS_PAGE
>> +;   and SEV_SNP_CPUID_PAGE. A VMM will locate this information using the
>> +;   SEV-SNP boot block.
>> +;
>> +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9
>> +;
>> +sevSnpBootBlockStart:
>> +    DD      SEV_SNP_SECRETS_PAGE
>> +    DD      SEV_SNP_CPUID_PAGE
>> +    DW      sevSnpBootBlockEnd - sevSnpBootBlockStart
>> +    DB      0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42
>> +    DB      0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9
>> +sevSnpBootBlockEnd:
>> +
>>  ;
>>  ; SEV Secret block
>>  ;
>> diff --git a/OvmfPkg/ResetVector/ResetVector.inf
>> b/OvmfPkg/ResetVector/ResetVector.inf
>> index dc38f68919..d890bb6b29 100644
>> --- a/OvmfPkg/ResetVector/ResetVector.inf
>> +++ b/OvmfPkg/ResetVector/ResetVector.inf
>> @@ -37,6 +37,10 @@
>>    gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableSize
>>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
>> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb
>> b/OvmfPkg/ResetVector/ResetVector.nasmb
>> index 5fbacaed5f..2c194958f4 100644
>> --- a/OvmfPkg/ResetVector/ResetVector.nasmb
>> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb
>> @@ -75,6 +75,8 @@
>>    %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase))
>>    %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32
>> (PcdSevEsWorkAreaBase) + 8)
>>    %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32
>> (PcdSevEsWorkAreaBase) + 16)
>> +  %define SEV_SNP_SECRETS_PAGE FixedPcdGet32 (PcdOvmfSnpSecretsBase)
>> + %define SEV_SNP_CPUID_PAGE  FixedPcdGet32 (PcdOvmfSnpCpuidBase)
>>    %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32
>> (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32
>> (PcdOvmfSecPeiTempRamSize))  %include "Ia32/Flat32ToFlat64.asm"
>>  %include "Ia32/PageTables64.asm"
>> --
>> 2.17.1
>