From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.40.71; helo=nam03-co1-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0071.outbound.protection.outlook.com [104.47.40.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B2A7721F6A6FC for ; Wed, 28 Feb 2018 11:17:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fRpHNwBsZOgldT1Bw3uUVsQaNrl14M7JqC20lA0fj+8=; b=CutGxnZP5kLotfBxYavVoNxd9RKh7X/dzF+Lr3ACWuijFGKYKi5FhH6qFYoPbVrDJ55HbgkyRba/bkXSr1BU90H8hIUmqiKN8Z2Mfi7X/tMGZWYOEQ84QSGJwQQB4BMG5jUt4gFUT9XYY3/EAXtccSaOISgx5NJdbuNCrN5cspE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by DM2PR12MB0153.namprd12.prod.outlook.com (2a01:111:e400:50ce::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 19:23:13 +0000 Cc: brijesh.singh@amd.com, Tom Lendacky , Paolo Bonzini , Michael Kinney , Jordan Justen , Ard Biesheuvel To: Laszlo Ersek , edk2-devel@lists.01.org References: <20180228161415.28723-1-brijesh.singh@amd.com> <20180228161415.28723-2-brijesh.singh@amd.com> <7bfa8782-d85d-e2bb-e515-ae6dd1b37275@redhat.com> From: Brijesh Singh Message-ID: Date: Wed, 28 Feb 2018 13:23:01 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <7bfa8782-d85d-e2bb-e515-ae6dd1b37275@redhat.com> X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: MWHPR15CA0026.namprd15.prod.outlook.com (2603:10b6:300:ad::12) To DM2PR12MB0153.namprd12.prod.outlook.com (2a01:111:e400:50ce::16) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2ec46156-d495-4a36-b39c-08d57ee0b72f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0153; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 3:p7pB2y2jJVUtqigbHLIg1fea7hXlFKsiKCLnSZW2+1HwHIq9H0LMs7mJ7oqsRXEg9hl/Xw4ax81VKvUY+v/vvZh/ZDJ8uEJepi0FPIeJDoQ9FGG8SFJDSTiAi4lXw0WU/n1FWspV/2HYjgOjxSrghOob7XL1Vta+pMwfDhzR51exlwsm0GOFuRT1XPhgircUNQydpldI7nDqo4OfHuQWYWqF8wadx8sjJ19dlNxzD1aCdW3xs0/cH2JVszHwnpwS; 25:OQn66aT551+6tl0knLUJczx6M+VvfiF+4RxcQXsDetkmvKcBQ1ol0ROdpbe2CPKVx8siFL2Bp20LbzW7J4XtXOwf0kElOncaJXIosKnYNK+1HSUMVvdBhhphM96Hlnmm/+VFir0w/yz70pSsvdGovywwCC8nn5aPK9ddVBVlgTS3hnr3QTWssio86kBylOKKH7jALSRCSGjnsC4JEQAP2Zi0SIxbO8a/rh/VWKlBRiBu6pJhSpDSRGADwFr9sXNHwWUJrLNBUZfPfLGD1a9HOB4z+71scNgU5oAsPhXovAPDfzD69GQUPTL+/hKjFDb9PKB/Wbl9ZCX7sZWobjdBCg==; 31:B9/8tK8ZXdnuDb3OCd1GmYRFoQ8kGcm9nHzJxqpf68Vn5Uvv9kV9aBW/U6WlHLgskuDfWZMyjaei6WjZx0bSHTZhvEnXE4plqmsXzx+AzW8m4X73XG+lUEq0RYYfOeNpZRPjHR7a88KkzEKvMphLrVJPc8JTy3hkQY5j0wF7K0dNGE8aM2sx9IkIZiT2eJTauiNnT+D3Moeikb0wdrGSt+MK7JNzvK5ernTH0dZTUAw= X-MS-TrafficTypeDiagnostic: DM2PR12MB0153: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 20:zDK4ChKwVTiQOFbgylYglZyXqVVusrXoeStVfDJ6kJi3XaOPWV/W3MYy1ElzRtIR8qPI6xQjVVADS3UzYtKPlObeOr9SCbHDFBk2FF10kiiclqMgajs0EflhRu8s/wtIyCs9zcTaW7m/WO+R+ap3fWyXShAeQCGrH+sj2FGBfzVfYF8FPqUxEpNiTkKaD+Qla/l2A167mO7CPnbdWqmyy4DvX6FHt8RtVBDhFnXi72uz5v7wTnCXGN0Ghuf76D3SZL+/zSdexcA9vxC/p9SRXXECjukjtCbRN5RgPFpNmRVUaE581myDDXqIFZf6FRBXo8VtBmUASLMfz8UkIMCc1ABPj0S2a0nYCqnv9B/wVvJ8IO1sHpMbZNLw7quKMjkP08Up0bZdjXihVl+6DoH+YBNEs9J+T9qt9TZ94/mL8yKE7Hj5QFFF36O7Gduagju4wOVyLQ+sBw6GNp9Bg3t86LoFSUguMxCJFP482ZvNGT/tmo/FXAu6Groe4C0oa/qA; 4:vXUgELtl+lRBCnxIEb9A31lgrFGLsNncv7b3ZyUqaUES9+115It+XXPGu6VP9KGrU2ilQGFhUP5v7HmY6+O3o62jx2xDAMOXuFKBYprZpzzuzh3h8WnlH3UTH+CUD6CqWAeN+ikQYN0dlOfWbpeWMUIp+omN1ceBCv+RCI2K+c4oOoH0S7jTiH0mIjGRy///s1gm28jNSveZlSXwB/7T3Jg+XV/N6ZdMR8O31AlD3xTkRjEtpIV1KebDYs7lngo9M0d+GsqdQmC4AyniD/q9MHssBUCK14wt1oO0hZXUN/N6dT5nPAyFB875IQxRFknq5KGiAlssaY1NJi1BSYWbFpzSv4XCPkD1sgVcS3uJKVQ= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231220)(944501217)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:DM2PR12MB0153; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0153; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(979002)(396003)(39380400002)(39860400002)(366004)(346002)(376002)(199004)(189003)(2870700001)(31696002)(64126003)(229853002)(68736007)(50466002)(7736002)(305945005)(76176011)(2486003)(6666003)(8676002)(81156014)(52146003)(105586002)(6246003)(316002)(52116002)(53936002)(58126008)(54906003)(81166006)(6512007)(86362001)(8936002)(4326008)(65956001)(65806001)(66066001)(47776003)(386003)(53546011)(25786009)(23676004)(97736004)(65826007)(36756003)(16526019)(186003)(3846002)(59450400001)(2950100002)(6486002)(6506007)(26005)(31686004)(2906002)(478600001)(5660300001)(6116002)(106356001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0153; H:Brijeshs-MacBook-Pro.local; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTUzOzIzOklaeTRrOFZnYzFUUnJyVUFZdkFnVnlPZ2ZG?= =?utf-8?B?V0ZmVWhTaHNkQmp5UGFURE5Oa01CbExXV2RvNVpwVGJ5SWlhUm9lWWdOU0ow?= =?utf-8?B?aXljSUxlVGI4aUlZUHJ4V2EvdUplMmRzNUFHYWY2K3ZvVHRjSFhKMkdlWWt4?= =?utf-8?B?UVcvSzQrZUxXaDdBSGZra2FKVGpiQ2NmTldzSTRtaXp2QWhHR0lVYW5Vdzd4?= =?utf-8?B?V1FENlN3OHRubWhEd1o2Zk9SY0gvd0tQQkdybzFsRWtQNkZMMk1CTkliWjdR?= =?utf-8?B?dmpZdVhkek9zb0dQaHJmNkhyc1R0ZHhON1phMXJuNy9TaWUzWG9MeGpWY3hG?= =?utf-8?B?djlkTjBTd0k0NDllUFFDeUMraFJtM2s4VEpKTHdZanYwUVAvZURtT3lyVVNG?= =?utf-8?B?aHFHNzlpMm51M2ROTEhyMDY3dzFaazNYVXZNTEVKR2lQbzJOcHpPeld5U2sw?= =?utf-8?B?Zks0WHFycWMwUmRXc0l6NG81VUNQME5DWWZUb1ArV3VPS2dqcUlpR1RnTUQ3?= =?utf-8?B?K1lOeVFva04yT2RPWlV5WHA2RTVGbjJIQTJHeGZVWmN4S0trSk5FVERLcFVX?= =?utf-8?B?Q0tVUHVENTk2azJLS2tId0lWa0ZyaGxCa3JLaTRJajZwbi83bGt4dzlaSkNN?= =?utf-8?B?aEptc0pTbVVqNEJzUDM5ZzFURGJUcFRNakpiZklSYW5LQkF3eEVHcUVaR1VU?= =?utf-8?B?K1FEWU5qNDRrMEZHUjdlalVmbzJEWGRLVStBUkJRR1ZWc2EyMGhDVXZsWHgv?= =?utf-8?B?am4raEpBcmF5c2ZyVEFIL2x0MDRsV0lRSHpJS3B1TTBOSFVyWDMwZUNWMUNP?= =?utf-8?B?VXhocnZ1ZWl4cVRYZ3hYWGJYWWtucXlaMFdqajVENGVaU3RkUnB0N2FxKzZU?= =?utf-8?B?M3F4NlR1S1NGWTRYczFvS3BpVW9rL1dRWlVCV2ROci9LT0VFdTR2Q3NERUhk?= =?utf-8?B?L1hGa053N0FrZmtrZFZoSEpjSXZmYjRsdnpsYWNjRVhIQWF4MzBhd2MwcDVD?= =?utf-8?B?SU9nWVlXR0l0aXZZTXdybGc0NlFNdHJPZW92VSs4UGtVRmtIV3BnZUFBR3JR?= =?utf-8?B?eFBIK2pNeHhUNGt2WDFTM3gybGpNVTRqeXdNTDJaV3poVXZ3V0pybzVMcXdN?= =?utf-8?B?WlhOek9IU3VGdkZuN05IVjVzbkNlTXJZdURVVkxZUHkxdWtnY1JzRXhNQXlv?= =?utf-8?B?c1Vub0RqdzF2S1htRnN4QTRDVjVsc1oyN21rMFBnT3JyV1RDQzcycnhQZXRr?= =?utf-8?B?dnpPb01ZNSswZW5KeVVFYkhONlRSN0VlMkVIbGtKOVdoRXF0UW50QXdKMEZo?= =?utf-8?B?emhUdEQ4aER6ZmNvaTVSR3g4TGdCQm1RUzU3ZnpyNVkxa2hFR2JTN1FwTG9S?= =?utf-8?B?ZmwwRlhaR2JIV2ZTYUZiaVBWSnJQKytyM05SOTNnY0txQWhZYWxFYVYzWkZM?= =?utf-8?B?YXdNaGVqWmtGWHY2ZmNlT0UwMTU5SGpmb3p6OFJsa0FteCtxY0V4dmRGUWJm?= =?utf-8?B?dWJIVE41Wm5xQ3pndHloSFNPZkxCejdmeE5OTTMzaThBRlhnWTUrQ0VYV0h0?= =?utf-8?B?dm4xN2pTMXNYMU5lY3NJWk1mVGg3OG82M1BveWpaWmNhdkJRb0F4RDZINWFn?= =?utf-8?B?YlYvNkU3THByb0wxSjh5R2VDNUliRWN0UFRXR01URmtuNDMwZ1VMRzM1MGJE?= =?utf-8?B?RzF6YjAwUDYxWVJhc1ROWXZ3MzNEYk1lUml0aHZKOU1tYmRpNVdJOVB5RGFj?= =?utf-8?B?WjhyNXhKVXkycm1SZ3RIaCtNME1HOENLU0JCMXZaWkV2MmtmZVJ4aU5udnVY?= =?utf-8?B?Z3dVR0M5TlhDbktFMXpNdnR1bjh4K3Z2VFhoSG0rcE9kcm42WGZ0SFN5STFD?= =?utf-8?B?dCtOMDdXR2pTVjUzb2dDMWJJcUNxaXJ2K1VyRmxNTDJTbE1UVTIwZUNiWWJt?= =?utf-8?Q?RQ4ntxJWsXsztcsSrAPw3Lwc+WJ3pw=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 6:WYBeDX0eihcX4PVQ9dE+4Jg7kbmb8AVO/JyDQ4I/ff7byqRpfh4KvF8bvkuJW4NTJrJYyYKjCFfSxG0u4A9G4bWcPPcSpRUaQQnBv2HRDsEAKA/e++HvRkIZ8FIKwFzgwRD9TP/u5uFMe6oUrfJTj40vacki0+ILkfQGBrxWo2qoqg8wZdxDMgdH0yTQcavxR9gIRyRB50mRZdPRsGu5QZ/4hElWBKypWU4fjupmvYypvCLn2ueIW5gHagr5T7cAESLP8q+UorjBkRtDAE0ElGxPl5zZgeaM+EyNXcPTEMdsIBPt/EtPx5u8ESW8CZqZCzyuY+895YR1N+uukmv05B5Krk+y5pSehHA5ckc0lk8=; 5:xo58PwGOTBTeEoBzxIMy2yelu7i23nvLic27//uFRm6L3hqWKMu3pFNGl+NGUKzUgxYVepL/F+HWc3I9WNn/3RBLiPHgpEIEUNAoO4ia7BMrqDKII2WwRq/4zMLJ/L0fP7X3adI1of75XFghVZT9vP1u1nztAGYNPdo+MM2H7XM=; 24:C4hWw2elhX5SNyF/AajrUMJCLCu3phY6diszUeP2DST3ke0gf2nHpeEJvcNfWArz+R3FAdXTP8B30+zH6oYgdfucjZYcCbN8i0IkfuR84KU=; 7:fc9ddM7DwGTNMbugN9e4sZrv5JgZZjvPAUCnroLzncefV9/D6Z4FFT+uHKk0GzngdVfMUl7+tSyOtZhs7NcSWvtgXCdZcDUYdu3bIXqa25tW68DCRR2PN3s0aqrbvFG+uYt+cbGjaZL4p0E7hvx7BsiudIMkzcquO6/axyqWijQVhlh8/0n0v1u+grFdSKQNJfcYtvxZ4UO/RLfTApW3P99NdY/31FrjLf5fqk6Fpx/crww8FuT0AnCLoBMnqkYR SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 20:BRx1Q3Dx08OKrYj4i4U8DRzoP+xhlGBV0SY9SLBtSYT6ycRniQWSXI0QXJxYA8uLtwb4yowLuW2oFLzxD1CK8jXCEQKa4aJddiqb3vbiLTS2/3dUZ8k1BF4B1rhGaI7FfdMycDt16gB8MTNJYoeAISakd9eTnmIQn8R32MfMrP4G5SyyYQkKWUfaPHArt3Yny2EEEaEy0UiD4ZQydyJCLdVdjcOhuUtaZR6uC0JNfMeN9HG4hpztwNhFreU/CL8+ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 19:23:13.6577 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2ec46156-d495-4a36-b39c-08d57ee0b72f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0153 Subject: Re: [PATCH v2 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 19:17:10 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Hi Laszlo, On 2/28/18 1:06 PM, Laszlo Ersek wrote: > Hi Brijesh, > > On 02/28/18 17:14, Brijesh Singh wrote: >> When OVMF is built with SMM, SMMSaved State area (SMM_DEFAULT_SMBASE + >> SMRAM_SAVE_STATE_MAP_OFFSET) contains data which need to be accessed by >> both guest and hypervisor. Since the data need to be accessed by both >> hence we must map the SMMSaved State area as unencrypted (i.e C-bit >> cleared). >> >> This patch clears the SavedStateArea address before SMBASE relocation. >> Currently, we do not clear the SavedStateArea address after SMBASE is >> relocated due to the following reasons: >> >> 1) Guest BIOS never access the relocated SavedStateArea. >> >> 2) The C-bit works on page-aligned address, but the SavedStateArea >> address is not a page-aligned. Theoretically, we could roundup the address >> and clear the C-bit of aligned address but looking carefully we found >> that some portion of the page contains code -- which will causes a bigger >> issue for the SEV guest. When SEV is enabled, all the code must be >> encrypted otherwise hardware will cause trap. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Brijesh Singh >> --- >> OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 +++ >> OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf | 1 + >> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 35 ++++++++++++++++++++ >> OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 21 ++++++++++++ >> 4 files changed, 61 insertions(+) > I've been staring at this patch for ~2 hours now (I've also read your > other email). I like this approach (and the comments / commit message), > but IMO an important detail is missing. > > I started writing up my notes, but the list got very long. Is it OK with > you if I send my ideas as a patch set (replacing just this patch)? I > think I'd like to turn this patch into 3-4 patches. Yes,  patches are appreciated.  thanks. > > Thanks! > Laszlo > > >> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf >> index 41635a57a454..162ed98a2fbe 100644 >> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf >> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf >> @@ -29,6 +29,7 @@ [Packages] >> MdePkg/MdePkg.dec >> MdeModulePkg/MdeModulePkg.dec >> OvmfPkg/OvmfPkg.dec >> + UefiCpuPkg/UefiCpuPkg.dec >> >> [LibraryClasses] >> BaseLib >> @@ -41,3 +42,6 @@ [LibraryClasses] >> >> [Depex] >> TRUE >> + >> +[FeaturePcd] >> + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire >> diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf >> index 31edf3a9c1fd..ba564abb787b 100644 >> --- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf >> +++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf >> @@ -36,3 +36,4 @@ [LibraryClasses] >> PcdLib >> DebugLib >> SmmServicesTableLib >> + MemEncryptSevLib >> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c >> index e472096320ea..5803e8655049 100644 >> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c >> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c >> @@ -25,6 +25,8 @@ >> #include >> #include >> #include >> +#include >> +#include >> >> EFI_STATUS >> EFIAPI >> @@ -71,5 +73,38 @@ AmdSevDxeEntryPoint ( >> FreePool (AllDescMap); >> } >> >> + // >> + // When SMM is enabled, clear the C-bit from SMM Saved State Area >> + // >> + // NOTES: The SavedStateArea address cleared here is before SMBASE >> + // relocation. Currently, we do not clear the SavedStateArea address after >> + // SMBASE is relocated due to the following reasons: >> + // >> + // 1) Guest BIOS never access the relocated SavedStateArea. >> + // >> + // 2) The C-bit works on page-aligned address, but the SavedStateArea >> + // address is not a page-aligned. Theoretically, we could roundup the address >> + // and clear the C-bit of aligned address but looking carefully we found >> + // that some portion of the page contains code -- which will causes a bigger >> + // issues for SEV guest. When SEV is enabled, all the code must be encrypted >> + // otherwise hardware will cause trap. >> + // >> + // We restore the C-bit for this SMM Saved State Area after SMBASE relocation >> + // is completed (See OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c). >> + // >> + if (FeaturePcdGet (PcdSmmSmramRequire)) { >> + EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress; >> + >> + SmmSavedStateAreaAddress = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET; >> + >> + Status = MemEncryptSevClearPageEncMask ( >> + 0, >> + SmmSavedStateAreaAddress, >> + EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)), >> + FALSE >> + ); >> + ASSERT_EFI_ERROR (Status); >> + } >> + >> return EFI_SUCCESS; >> } >> diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c >> index a307f64c9c61..946294701c62 100644 >> --- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c >> +++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c >> @@ -20,6 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> #include >> #include >> #include >> +#include >> #include >> >> // >> @@ -183,6 +184,26 @@ SmmCpuFeaturesSmmRelocationComplete ( >> VOID >> ) >> { >> + EFI_STATUS Status; >> + EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress; >> + >> + // >> + // When SEV is enabled, the SMM SavedState is mapped with C=0 >> + // (See OvmfPkg/AmdSevDxe/AmdSevDxe.c). Now the SMBASE is relocated hence we >> + // remap the address with C=1. >> + // >> + if (!MemEncryptSevIsEnabled ()) { >> + return; >> + } >> + >> + SmmSavedStateAreaAddress = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET; >> + Status = MemEncryptSevSetPageEncMask ( >> + 0, >> + SmmSavedStateAreaAddress, >> + EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)), >> + FALSE >> + ); >> + ASSERT_EFI_ERROR (Status); >> } >> >> /** >>