From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.52]) by mx.groups.io with SMTP id smtpd.web12.7619.1589295599218772519 for ; Tue, 12 May 2020 07:59:59 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=slZgiesN; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.237.52, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SlwPMJwtf6wM8kZb6/GutsDfudju09bHh1FfZA5jAtrDXen1D7Q6591hHZZStR25PLbrQOJ1us5L96z+QsST4079fpBslPXnCnoDBWmvSAeYVlMNiJ0x61XH6PMZmz5zPA+s0G1rxCZFwGo1izpChS1R9D625DCsdGz0Afpp3I7j2thL3VvhMRvcs60Ev05rijBgQYUTSnGJUZrmursukVXo0qJezgQjXGAZcwJsBkXg4g9+f8OadmB3Gj5ul2Mx/qxxfLyo2Im29rWcLWi+ZHdw6W+BKkcRsbPocDXgZYCIRA4BuCEZQhhjGXr2oRyTtdKDM/VNvdC/UoJgcF6O6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u8kbe1jNC83CMhtpN+o/7qEkHlQKz/6efwfUyGbbZqc=; b=m/CLjqO7LXhw16xQpOZJ1fpw5h0LWQ96A4ixILXBvH30JQdQe06ghy0XzREe8nBq280u1a/cW4zlJfrarcuT6+WxlyCjt1xQV94RZfucMZ6Vlv5Y/vXMqPcivi+GqdxulnXhc5Iz3L7nArJ77cWUUSxW5Zbid3qyPTnkgizoeTmwNBZzfOEzwIO7ziwtET/goZo8PdE0DnYZoMy2cQVzSXtd0VIkSzqlkkL6KeOzNPfV9QsvyKQzwWh7VWeBisjzkxf+Y5ZvYupGhxqt8vgo0TbxrZomeiP/873aQ3cLHbw8LxffCeHQgomChcGbmntkba61l7CBOHx8X/P59CeUVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u8kbe1jNC83CMhtpN+o/7qEkHlQKz/6efwfUyGbbZqc=; b=slZgiesNFUb54dUygOMNv3gkXD0UK5PZYTkujdTt4fXadPTHSI+z6QEnLnd+2Uf/1qsgnRg9EyV+e3ZFEwWaGHBtD3+bxikZoLF12qJ8EH0L7HuaxKa9D4SmgOspLSn5VeURgpah5xZfpEcKQTCmVX6nYvbw4oegZzAWF5hPfFg= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1563.namprd12.prod.outlook.com (2603:10b6:4:a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.34; Tue, 12 May 2020 14:59:56 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.2979.033; Tue, 12 May 2020 14:59:56 +0000 Subject: Re: [edk2-devel] [PATCH v7 00/43] SEV-ES guest support To: "Ni, Ray" , "devel@edk2.groups.io" , "afish@apple.com" CC: "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , "Kinney, Michael D" , "Gao, Liming" , "Dong, Eric" , Brijesh Singh , "You, Benjamin" , "Bi, Dandan" , "Dong, Guo" , "Wu, Hao A" , "Wang, Jian J" , "Ma, Maurice" References: <4da69262-e6a8-1374-2853-dab2a8f193d3@amd.com> <734D49CCEBEEF84792F5B80ED585239D5C530D55@SHSMSX104.ccr.corp.intel.com> <734D49CCEBEEF84792F5B80ED585239D5C535775@SHSMSX104.ccr.corp.intel.com> From: "Lendacky, Thomas" Message-ID: Date: Tue, 12 May 2020 09:59:53 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: <734D49CCEBEEF84792F5B80ED585239D5C535775@SHSMSX104.ccr.corp.intel.com> X-ClientProxiedBy: SN6PR2101CA0014.namprd21.prod.outlook.com (2603:10b6:805:106::24) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN6PR2101CA0014.namprd21.prod.outlook.com (2603:10b6:805:106::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.2 via Frontend Transport; Tue, 12 May 2020 14:59:54 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2a116816-46ce-4f98-6325-08d7f6852234 X-MS-TrafficTypeDiagnostic: DM5PR12MB1563:|DM5PR12MB1563: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-Forefront-PRVS: 0401647B7F X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: c5ZFuJG9GzRy9UD+SJAPooVrMJPBHXbPg9TVRfPtSVld5bzdOkEoKBfcJCGx4sOO78jV/KlziD5VTQM++2bfvG2nDpTJ4mhdt15CwsEsp15AftnwX062YzVd0Ztdx2yeQKa1QyFyJXr83IzW/2axEy+O3DmDVGCTlvE13lkvD9pLUdh5GFR05AN8e+yubeiBy8tB1X2SgI3zjM8KicykmMS+L+2COBtnDEiWxg3jHgUpuBesYxxmhiFFB9xlramyTXI9He6sGEZ2NqwL2PbO0denQidyfBG2p3GB3OylneTebkeU0lYcHaXE0tXUgGCmL//u6/SWHrRAtig2aQgmV6SmA1MkzxK3Lp5Y6h3PDmPvVnTlXDIoJK/vkRn/PMR9acVV8LrFvWV+rjkIALWWgq58k5NvB4krqAA7EggHP6E83z/vyD+6llPGQyEXEL0CCTRAtnFOtkLfWI25HSBzSsaPd/FvFOJSg0O1YLnDcJHg4BFFlTyg/RM5j5Ead4C6uDYiSsq24/m/SPqgMGkwe2Cv2PwrQtFpiAlPAutY+ymeNIrat+OoSa9wmC030Ox8XQg9s4KN4l+ICJzzdkbnlrsOdwzWeE36ZnAlkDh/6oT10BmOptnPghamTMcdUcvv76nyunCvJF/YtHNt3qt0fQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(39860400002)(366004)(376002)(346002)(136003)(33430700001)(966005)(19627235002)(110136005)(2906002)(956004)(30864003)(66476007)(4326008)(54906003)(66556008)(2616005)(86362001)(6512007)(6486002)(66946007)(316002)(45080400002)(36756003)(31686004)(7416002)(8936002)(8676002)(33440700001)(16526019)(186003)(26005)(52116002)(31696002)(5660300002)(478600001)(53546011)(6506007)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: oa/5qFPI/nRHNvg412U+zWk1Yfs1lHv37yvRzeCRg6psa5OsbWFpNMqiss011aXXSMx4niEXYVrcfB0qy3QLt8sDTizftDbIWuLY4PApY8Ve/CW1XC+BUbL4P4JCPfSkFOuH1rulgZ6MvnmQPMSvxCxUSOz7UpmJvg3iXyFfVuznVUAnA7RhQjRxPylMPoF+8tIt/cIvxaFWmEZ1SYCw+O6ecBMzs8XxvYw057o2yU6pXFoPuwvfxSCV8ihvrto1vo0jj/IekzIO/ih/uYbje/LuqFCD944W5eeJ1xbaYNHBw2QMYIZfwEvT08FuT+wAh+1nzsiZ9EoNE9GxUDjCxdzEHA61qnutERQqmOT1jcQT+XjHQsb06zb1GaGlXn0/BnsxDLXl+Zo7XL35v11jHo315H8NMk5dY3Pd9uarwzf4EumbO6ae3vZYvHIaFzcSiANhm20Z3X8/ctB9ZwNZJRmTvlcrd0WnaC6P4gKesD0= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2a116816-46ce-4f98-6325-08d7f6852234 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 14:59:56.5364 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QAecIwRfwHZ0hBTxGmwymfBf+Ld0uH7zjW+PBbiECPx4oyTauUtJKzzvd7YTy8UUeFS+dE3HvYYlpAW618ix7w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1563 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 5/11/20 12:24 AM, Ni, Ray wrote: > Tom, >=20 > I agree with the first issue. I am not quite clear on the second one. In regards to the exception propagation, the hypervisor is allowed to=20 request an exception as part of the return information. For example, the= =20 guest issues a RDMSR instruction for an invalid MSR. The hypervisor would= =20 normally inject a #GP into the guest. With SEV-ES, the VC handler has to= =20 do this. Hence the need to possibly propogate to other exception handlers= =20 after handling the #VC. >=20 > SourceLevelDebugPkg provides source level debugging support early in SEC > through SourceLevelDebugPkg\Library\DebugAgent\SecPeiDebugAgent\. >=20 > It hooks all Intel SDM defined exceptions. It hooks INT32 additionally t= o=20 > support breaking from HOST. >=20 > It doesn=92t use CpuExceptionLib because it hooks in very early SEC phas= e. >=20 > Can you use the same way? I can look at trying to do something like this. I guess the source level= =20 debug needs to be aware of all the exceptions, which is why it hooks all= =20 them. The SEV-ES support is only concerned with the #VC exception. It just= = =20 seems like a lot of duplicated and extra code vs. checking for / handling= =20 the #VC exception in the CpuExceptionHandler library. My plan for v8 is/was to have a NULL VmgExitLib library, of which the #VC= =20 handler would be part of the interface, with the CpuExceptionHandler=20 library invoking the #VC handler on #VC exception and having the OvmfPkg= =20 provide a VmgExitLib library with all the functionality. Thanks, Tom >=20 > Thanks, > Ray >=20 > *From:* devel@edk2.groups.io *On Behalf Of *Andre= w=20 > Fish via groups.io > *Sent:* Sunday, May 10, 2020 3:10 AM > *To:* devel@edk2.groups.io; thomas.lendacky@amd.com > *Cc:* Ni, Ray ; Justen, Jordan L=20 > ; Laszlo Ersek ; Ard=20 > Biesheuvel ; Kinney, Michael D=20 > ; Gao, Liming ; Dong,= =20 > Eric ; Brijesh Singh ; You,= =20 > Benjamin ; Bi, Dandan ; Don= g,=20 > Guo ; Wu, Hao A ; Wang, Jian J= =20 > ; Ma, Maurice > *Subject:* Re: [edk2-devel] [PATCH v7 00/43] SEV-ES guest support >=20 >=20 >=20 > On May 9, 2020, at 7:34 AM, Lendacky, Thomas > wrote: >=20 > On 5/9/20 1:44 AM, Ni, Ray wrote: >=20 > Tom, >=20 >=20 > Hi Ray, >=20 >=20 > I have a bit concern on your change that directly modifies > CpuExceptionHandlerLib to handle > exception #29. Today's CpuExceptionHandlerLib simplify dumps the > exception context for > every exception. Any component which wants to do specific handli= ng > of certain exceptions > should call RegisterCpuInterruptHandler(). Such as code in CpuDx= e > driver: > =A0=A0if (HEAP_GUARD_NONSTOP_MODE || NULL_DETECTION_NONSTOP_MOD= E) { > =A0=A0=A0=A0RegisterCpuInterruptHandler (EXCEPT_IA32_DEBUG, > DebugExceptionHandler); > =A0=A0=A0=A0RegisterCpuInterruptHandler (EXCEPT_IA32_PAGE_FAULT= , > PageFaultExceptionHandler); > =A0=A0} > Is it possible for your feature to follow the same pattern? >=20 >=20 > There are two problems: >=20 > The first is that RegisterCpuInterruptHandler() is not implemented f= or > both the SEC and PEI phases, so it is not currently possible to > register a handler that early. >=20 > The second is that I need to be able to propagate an exception reque= st > from the hypervisor. With the current implementation there doesn't > appear to be an easy way to perform this propagation. >=20 > If there's a way to accomplish both of the above I wouldn't be oppos= ed > to using RegisterCpuInterruptHandler() as long as there are no #VCs > that can occur between initializing exception handling and and > registering the #VC handler. >=20 > Thomas, >=20 > As you point out it is tricky dealing with XIP code. You can't have=20 > globals that you can write and generally you use a PEI service to look= =20 > tings up, the most common thing being using a HOB. But SEC has no servic= es=20 > and I'm not sure you really want to be calling into the PEI Core on a=20 > random =A0exception. >=20 > Here are the best options that popped into my head after reading your em= ail >=20 > 1) IDT in RAM >=20 > If your code populates the IDT the IDTR gives you access to the address = of=20 > the IDTR via an instruction. The PI Spec reserves IDT - sizeof (UNITN) f= or=20 > a cached copy of the PEI Services Table, but otther than that you are go= od=20 > to go. It should be possible to have a global so you can have the table= =20 > required to implement RegisterCpuInterruptHandler(). There might be some= = =20 > usage =A0of IDT - ( 2* sizeof(UINTN)), I know I'm guilty, so storing dat= a=20 > after the IDT would be a good option. In general if your code allocates= =20 > the memory for the IDT then you can treat the IDT as part of your privat= e=20 > context data structure and that gives you access >=20 > 2) IDT in ROM. >=20 > For this it seems like you need a library to link in to=20 > the=A0CpuExceptionHandlerLib that allows you to override the handler. If= = =20 > CpuInterruptHandlerOverride() returns NULL you do the current behavior i= f=20 > not NULL then you call the returned handler. >=20 > EFI_CPU_INTERRUPT_HANDLER >=20 > EFIAPI >=20 > OverrideCpuInterruptHandler ( >=20 > =A0=A0IN EFI_EXCEPTION_TYPE =A0 =A0 =A0 =A0 =A0 =A0InterruptType >=20 > =A0 ); >=20 > Thanks, >=20 > Andrew Fish >=20 > PS Off topic, but it would also be useful to have a library that overrid= es=20 > the state dump display. For example using Xcode you can always display a= = =20 > stack frame from the exception handler. >=20 >=20 >=20 > Thanks, > Tom >=20 >=20 > Thanks, > Ray >=20 > -----Original Message----- > From: Tom Lendacky > > Sent: Saturday, May 9, 2020 3:16 AM > To: devel@edk2.groups.io > Cc: Justen, Jordan L >; Laszlo Ersek > >; Ard Biesheuv= el > >; Kinney, Michael D > >; Gao, Liming > >; Dong, > Eric >; Ni, > Ray >; Brijesh > Singh >= ; > You, Benjamin > >; Bi= , > Dandan >; > Dong, Guo >; > Wu, Hao A > >; Wang, Jian= J > >; Ma, > Maurice > > Subject: Re: [PATCH v7 00/43] SEV-ES guest support >=20 > I was able to use the pull request method that Laszlo > documented and fixed > up all of the issues identified by the VS compiler. >=20 > An additional change I'm planning to make for the next versi= on > (v8) of the > patches is to create a NULL library instance of the VmgExitL= ib > that will > also include the #VC handler function. This will reduce the > amount of code > associated with this feature for platforms that don't > use/support SEV-ES. >=20 > Laszlo, this will mean that I will introduce a version of th= e > VmgExitLib > under OvmfPkg that will provide the majority of the > functionality that is > present today in UefiCpuPkg. In essence, the functionality i= n > v7 patches 8 > and 11 - 25 will now live under OvmfPkg instead of UefiCpuPk= g. > I think > this is the better way to do this. Let me know if you have a= ny > concerns. >=20 > Thanks, > Tom >=20 > On 4/22/20 12:41 PM, Tom Lendacky wrote: >=20 > This patch series provides support for running EDK2/OVMF > under SEV-ES. >=20 > Secure Encrypted Virtualization - Encrypted State (SEV-E= S) > expands on the > SEV support to protect the guest register state from the > hypervisor. See > "AMD64 Architecture Programmer's Manual Volume 2: System > Programming", > section "15.35 Encrypted State (SEV-ES)" [1]. >=20 > In order to allow a hypervisor to perform functions on > behalf of a guest, > there is architectural support for notifying a guest's > operating system > when certain types of VMEXITs are about to occur. This > allows the guest to > selectively share information with the hypervisor to > satisfy the requested > function. The notification is performed using a new > exception, the VMM > Communication exception (#VC). The information is shared > through the > Guest-Hypervisor Communication Block (GHCB) using the > VMGEXIT instruction. > The GHCB format and the protocol for using it is > documented in "SEV-ES > Guest-Hypervisor Communication Block Standardization" [2= ]. >=20 > The main areas of the EDK2 code that are updated to > support SEV-ES are > around the exception handling support and the AP boot su= pport. >=20 > Exception support is required starting in Sec, continuin= g > through Pei > and into Dxe in order to handle #VC exceptions that are > generated. =A0Each > AP requires it's own GHCB page as well as a page to hold > values specific > to that AP. >=20 > AP booting poses some interesting challenges. The > INIT-SIPI-SIPI sequence > is typically used to boot the APs. However, the hypervis= or > is not allowed > to update the guest registers. The GHCB document [2] tal= ks > about how SMP > booting under SEV-ES is performed. >=20 > Since the GHCB page must be a shared (unencrypted) page, > the processor > must be running in long mode in order for the guest and > hypervisor to > communicate with each other. As a result, SEV-ES is only > supported under > the X64 architecture. >=20 > [1]https://nam11.safelinks.protection.outlook.com/?url= =3Dhttps%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&d= ata=3D02%7C01%7Cthomas.lendacky%40amd.com%7Cf5d7875dfcf54e45c42208d7f3e4676= b%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637246036118033165&sdata= = =3DH74fQl1n2sXzCMSoGm1tGOKc5epMtVkGJFCidwLMl5c%3D&reserved=3D0 > > [2]https://nam11.safelinks.protection.outlook.com/?url= =3Dhttps%3A%2F%2Fdeveloper.amd.com%2Fwp-content%2Fresources%2F56421.pdf&am= p;data=3D02%7C01%7Cthomas.lendacky%40amd.com%7Cf5d7875dfcf54e45c42208d7f3e4= 676b%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637246036118033165&sd= ata=3DEwW9575nJMaWxizo2XrLHjrbUMJIB0WFTDLjwy%2BM%2F4k%3D&reserved=3D0 > >=20 > --- >=20 > These patches are based on commit: > be7295b36405 (".python/SpellCheck: Increase SpellCheck > plugin max failures") >=20 > Proper execution of SEV-ES relies on Bugzilla 2340 being > fixed. >=20 > A version of the tree (with an extra patch to workaround > Bugzilla 2340) can > be found at: > https://nam11.safelinks.protection.outlook.com/?url=3Dht= tps%3A%2F%2Fgithub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es-v14&data=3D02%7C= 01%7Cthomas.lendacky%40amd.com%7Cf5d7875dfcf54e45c42208d7f3e4676b%7C3dd8961= fe4884e608e11a82d994e183d%7C0%7C0%7C637246036118033165&sdata=3DU8fIzb%2= F4A8WBaiVbScxUuGDw22kyxxnRP5olSyTedvE%3D&reserved=3D0 > >=20 > Cc: Ard Biesheuvel > > Cc: Benjamin You > > Cc: Dandan Bi > > Cc: Eric Dong > > Cc: Guo Dong > > Cc: Hao A Wu > > Cc: Jian J Wang > > Cc: Jordan Justen > > Cc: Laszlo Ersek > > Cc: Liming Gao > > Cc: Maurice Ma > > Cc: Michael D Kinney > > Cc: Ray Ni > >=20 > Changes since v6: > - Add function comments to all functions, including loca= l > functions > - Add function parameter direction to all functions (in/= out) > - Add support for MMIO MOVZX/MOVSX instructions > - Ensure the per-CPU variable page remains encrypted > - Coding-style fixes as identified by Ecc >=20 > Changes since v5: > - Remove extraneous VmgExitLib usage > - Miscellaneous changes to address feedback (coding styl= e, > etc.) >=20 > Changes since v4: > - Move the SEV-ES protocol negotiation out of the SEC > exception handler > =A0=A0=A0and into the SecMain.c file. As a result: > =A0=A0=A0- Move the SecGhcb related PCDs out of UefiCpu= Pkg and > into OvmfPkg > =A0=A0=A0- Combine SecAMDSevVcHandler.c and > PeiDxeAMDSevVcHandler.c into a > =A0=A0=A0=A0=A0single AMDSevVcHandler.c > - Consolidate VmgExitLib usage into common LibraryClasse= s > sections > - Add documentation comments to the VmgExitLib functions >=20 > Changes since v3: > - Remove the need for the MP library finalization routin= e. > The AP > =A0=A0=A0jump table address will be held by the hypervi= sor > rather than > =A0=A0=A0communicated via the GHCB MSR. This removes so= me > fragility around > =A0=A0=A0the UEFI to OS transition. > - Rename the SEV-ES RIP reset area to SEV-ES workarea an= d > use it to > =A0=A0=A0communicate the SEV-ES status, so that SEC CPU > exception handling is > =A0=A0=A0only established for an SEV-ES guest. > - Fix SMM build breakageAdd around QemuFlashPtrWrite(). > - Fix SMM build breakage by adding VC exception support > the SMM CPU > =A0=A0=A0exception handling. > - Add memory fencing around the invocation of AsmVmgExit= (). > - Clarify comments around the SEV-ES AP reset RIP values > and usage. > - Move some PCD definitions from MdeModulePkg to UefiCpu= Pkg. > - Remove the 16-bit code selector definition from MdeMod= ulePkg >=20 > Changes since v2: > - Added a way to locate the SEV-ES fixed AP RIP address > for starting > =A0=A0=A0AP's to avoid updating the actual flash image = (build > time location > =A0=A0=A0that is identified with a GUID value). > - Create a VmgExit library to replace static inline func= tions. > - Move some PCDs to the appropriate packages > - Add support for writing to QEMU flash under SEV-ES > - Add additional MMIO opcode support > - Cleaned up the GHCB MSR CPUID protocol support >=20 > Changes since v1: > - Patches reworked to be more specific to the > component/area being updated > =A0=A0=A0and order of definition/usage > - Created a library for VMGEXIT-related functions to > replace use of inline > =A0=A0=A0functions > - Allocation method for GDT changed from AllocatePool to > AllocatePages > - Early caching only enabled for SEV-ES guests > - Ensure AP loop mode set to halt loop mode for SEV-ES g= uests > - Reserved SEC GHCB-related memory areas when S3 is enab= led >=20 > Tom Lendacky (43): > =A0=A0=A0MdeModulePkg: Create PCDs to be used in suppor= t of SEV-ES > =A0=A0=A0UefiCpuPkg: Create PCD to be used in support o= f SEV-ES > =A0=A0=A0MdePkg: Add the MSR definition for the GHCB re= gister > =A0=A0=A0MdePkg: Add a structure definition for the GHC= B > =A0=A0=A0MdeModulePkg/DxeIplPeim: Support GHCB pages wh= en > creating page tables > =A0=A0=A0MdePkg/BaseLib: Add support for the XGETBV ins= truction > =A0=A0=A0MdePkg/BaseLib: Add support for the VMGEXIT in= struction > =A0=A0=A0UefiCpuPkg: Implement library support for VMGE= XIT > =A0=A0=A0OvmfPkg: Prepare OvmfPkg to use the VmgExitLib= library > =A0=A0=A0UefiPayloadPkg: Prepare UefiPayloadPkg to use = the > VmgExitLib library > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add base suppo= rt for > the #VC exception > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r > IOIO_PROT NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Support string= IO for > IOIO_PROT NAE > =A0=A0=A0=A0=A0events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r CPUID > NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r > MSR_PROT NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r NPF > NAE events (MMIO) > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r WBINVD > NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r RDTSC > NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r RDPMC > NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r INVD > NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r > VMMCALL NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r RDTSCP > NAE events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r > MONITOR/MONITORX NAE > =A0=A0=A0=A0=A0events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r > MWAIT/MWAITX NAE > =A0=A0=A0=A0=A0events > =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support fo= r DR7 > Read/Write NAE > =A0=A0=A0=A0=A0events > =A0=A0=A0OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest > indicator function > =A0=A0=A0OvmfPkg: Add support to perform SEV-ES initial= ization > =A0=A0=A0OvmfPkg: Create a GHCB page for use during Sec= phase > =A0=A0=A0OvmfPkg/PlatformPei: Reserve GHCB-related area= s if S3 > is supported > =A0=A0=A0OvmfPkg: Create GHCB pages for use during Pei = and Dxe > phase > =A0=A0=A0OvmfPkg/PlatformPei: Move early GDT into ram w= hen > SEV-ES is enabled > =A0=A0=A0UefiCpuPkg: Create an SEV-ES workarea PCD > =A0=A0=A0OvmfPkg: Reserve a page in memory for the SEV-= ES usage > =A0=A0=A0OvmfPkg/ResetVector: Add support for a 32-bit = SEV check > =A0=A0=A0OvmfPkg/Sec: Add #VC exception handling for Se= c phase > =A0=A0=A0OvmfPkg/Sec: Enable cache early to speed up bo= oting > =A0=A0=A0OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass= flash > detection with > =A0=A0=A0=A0=A0SEV-ES is enabled > =A0=A0=A0UefiCpuPkg: Add a 16-bit protected mode code s= egment > descriptor > =A0=A0=A0UefiCpuPkg/MpInitLib: Add CPU MP data flag to = indicate > if SEV-ES is > =A0=A0=A0=A0=A0enabled > =A0=A0=A0UefiCpuPkg: Allow AP booting under SEV-ES > =A0=A0=A0OvmfPkg: Use the SEV-ES work area for the SEV-= ES AP > reset vector > =A0=A0=A0OvmfPkg: Move the GHCB allocations into reserv= ed memory > =A0=A0=A0UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs= for OS use >=20 > =A0=A0MdeModulePkg/MdeModulePkg.dec =A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A09 + > =A0=A0OvmfPkg/OvmfPkg.dec =A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A09 + > =A0=A0UefiCpuPkg/UefiCpuPkg.dec =A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A017 + > =A0=A0OvmfPkg/OvmfPkgIa32.dsc =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A06 + > =A0=A0OvmfPkg/OvmfPkgIa32X64.dsc =A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A06 + > =A0=A0OvmfPkg/OvmfPkgX64.dsc =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A06 + > =A0=A0OvmfPkg/OvmfXen.dsc =A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A01 + > =A0=A0UefiCpuPkg/UefiCpuPkg.dsc =A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A02 + > =A0=A0UefiPayloadPkg/UefiPayloadPkgIa32.dsc =A0=A0=A0= =A0=A0=A0=A0=A0| =A0=A0=A02 + > =A0=A0UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc =A0=A0= =A0=A0=A0| =A0=A0=A02 + > =A0=A0OvmfPkg/OvmfPkgX64.fdf =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A09 + > =A0=A0MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf =A0=A0=A0= = =A0=A0=A0| =A0=A0=A02 + > =A0=A0MdePkg/Library/BaseLib/BaseLib.inf =A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0| =A0=A0=A04 + > =A0=A0OvmfPkg/PlatformPei/PlatformPei.inf =A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0| =A0=A0=A07 + > =A0=A0.../FvbServicesRuntimeDxe.inf =A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A02 + > =A0=A0OvmfPkg/ResetVector/ResetVector.inf =A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0| =A0=A0=A08 + > =A0=A0OvmfPkg/Sec/SecMain.inf =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A04 + > =A0=A0.../DxeCpuExceptionHandlerLib.inf =A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0| =A0=A0=A05 + > =A0=A0.../PeiCpuExceptionHandlerLib.inf =A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0| =A0=A0=A05 + > =A0=A0.../SecPeiCpuExceptionHandlerLib.inf =A0=A0=A0=A0= = =A0=A0=A0=A0=A0| =A0=A0=A05 + > =A0=A0.../SmmCpuExceptionHandlerLib.inf =A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0| =A0=A0=A05 + > =A0=A0UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | = =A0=A0=A04 + > =A0=A0UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | = =A0=A0=A04 + > =A0=A0UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf =A0|= =A0=A033 + > =A0=A0.../Core/DxeIplPeim/X64/VirtualMemory.h =A0=A0=A0= = =A0=A0=A0| =A0=A012 +- > =A0=A0MdePkg/Include/Library/BaseLib.h =A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0| =A0=A031 + > =A0=A0MdePkg/Include/Register/Amd/Fam17Msr.h =A0=A0=A0= =A0=A0=A0=A0| =A0=A042 + > =A0=A0MdePkg/Include/Register/Amd/Ghcb.h =A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0| =A0136 ++ > =A0=A0OvmfPkg/Include/Library/MemEncryptSevLib.h =A0=A0= = =A0| =A0=A012 + > =A0=A0.../QemuFlash.h =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A013 + > =A0=A0UefiCpuPkg/CpuDxe/CpuGdt.h =A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A04 +- > =A0=A0UefiCpuPkg/Include/Library/VmgExitLib.h =A0=A0=A0= = =A0=A0=A0| =A0117 ++ > =A0=A0.../CpuExceptionHandlerLib/AMDSevVcCommon.h =A0= =A0| =A0=A049 + > =A0=A0.../CpuExceptionCommon.h =A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A02 + > =A0=A0UefiCpuPkg/Library/MpInitLib/MpLib.h =A0=A0=A0=A0= = =A0=A0=A0=A0=A0| =A0=A068 +- > =A0=A0.../Core/DxeIplPeim/Ia32/DxeLoadFunc.c =A0=A0=A0= =A0=A0=A0=A0| =A0=A0=A04 +- > =A0=A0.../Core/DxeIplPeim/X64/DxeLoadFunc.c =A0=A0=A0= =A0=A0=A0=A0=A0| =A0=A011 +- > =A0=A0.../Core/DxeIplPeim/X64/VirtualMemory.c =A0=A0=A0= = =A0=A0=A0| =A0=A057 +- > =A0=A0MdePkg/Library/BaseLib/Ia32/GccInline.c =A0=A0=A0= = =A0=A0=A0| =A0=A045 + > =A0=A0MdePkg/Library/BaseLib/X64/GccInline.c =A0=A0=A0= =A0=A0=A0=A0| =A0=A047 + > =A0=A0.../MemEncryptSevLibInternal.c =A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A075 +- > =A0=A0OvmfPkg/PlatformPei/AmdSev.c =A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A089 + > =A0=A0OvmfPkg/PlatformPei/MemDetect.c =A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A023 + > =A0=A0.../QemuFlash.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A023 +- > =A0=A0.../QemuFlashDxe.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A022 + > =A0=A0.../QemuFlashSmm.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A016 + > =A0=A0OvmfPkg/Sec/SecMain.c =A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0188 +- > =A0=A0UefiCpuPkg/CpuDxe/CpuGdt.c =A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A08 +- > =A0=A0.../CpuExceptionHandlerLib/AMDSevVcHandler.c =A0|= =A0=A040 + > =A0=A0.../CpuExceptionCommon.c =A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A02 +- > =A0=A0.../Ia32/ArchAMDSevVcHandler.c =A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A038 + > =A0=A0.../PeiDxeSmmCpuException.c =A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A016 + > =A0=A0.../SecPeiCpuException.c =A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A016 + > =A0=A0.../X64/ArchAMDSevVcHandler.c =A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| 1699 > +++++++++++++++++ > =A0=A0UefiCpuPkg/Library/MpInitLib/DxeMpLib.c =A0=A0=A0= = =A0=A0=A0| =A0113 +- > =A0=A0UefiCpuPkg/Library/MpInitLib/MpLib.c =A0=A0=A0=A0= = =A0=A0=A0=A0=A0| =A0265 ++- > =A0=A0UefiCpuPkg/Library/MpInitLib/PeiMpLib.c =A0=A0=A0= = =A0=A0=A0| =A0=A019 + > =A0=A0UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c =A0=A0= = =A0| =A0293 +++ > =A0=A0UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c =A0|= =A0=A0=A02 +- > =A0=A0MdeModulePkg/MdeModulePkg.uni =A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A08 + > =A0=A0MdePkg/Library/BaseLib/Ia32/VmgExit.nasm =A0=A0= =A0=A0=A0| =A0=A037 + > =A0=A0MdePkg/Library/BaseLib/Ia32/XGetBv.nasm =A0=A0=A0= = =A0=A0=A0| =A0=A031 + > =A0=A0MdePkg/Library/BaseLib/X64/VmgExit.nasm =A0=A0=A0= = =A0=A0=A0| =A0=A032 + > =A0=A0MdePkg/Library/BaseLib/X64/XGetBv.nasm =A0=A0=A0= =A0=A0=A0=A0| =A0=A034 + > =A0=A0OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm =A0|= =A0100 + > =A0=A0OvmfPkg/ResetVector/Ia32/PageTables64.asm =A0=A0= =A0=A0| =A0350 +++- > =A0=A0OvmfPkg/ResetVector/ResetVector.nasmb =A0=A0=A0= =A0=A0=A0=A0=A0| =A0=A020 + > =A0=A0.../X64/ExceptionHandlerAsm.nasm =A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0| =A0=A017 + > =A0=A0UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc =A0= =A0| =A0=A0=A02 +- > =A0=A0.../Library/MpInitLib/Ia32/MpFuncs.nasm =A0=A0=A0= = =A0=A0=A0| =A0=A015 + > =A0=A0UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc =A0=A0= = =A0| =A0=A0=A04 +- > =A0=A0UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | = =A0370 +++- > =A0=A0UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni =A0|= =A0=A015 + > =A0=A0.../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm =A0|= =A0=A0=A09 + > =A0=A0UefiCpuPkg/UefiCpuPkg.uni =A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A011 + > =A0=A075 files changed, 4707 insertions(+), 102 deletio= ns(-) > =A0=A0create mode 100644 > UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf > =A0=A0create mode 100644 MdePkg/Include/Register/Amd/Gh= cb.h > =A0=A0create mode 100644 UefiCpuPkg/Include/Library/Vmg= ExitLib.h > =A0=A0create mode 100644 > UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon= .h > =A0=A0create mode 100644 > UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcHandle= r.c > =A0=A0create mode 100644 > UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchAMDSe= vVcHandler.c > =A0=A0create mode 100644 > UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSev= VcHandler.c > =A0=A0create mode 100644 > UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c > =A0=A0create mode 100644 MdePkg/Library/BaseLib/Ia32/Vm= gExit.nasm > =A0=A0create mode 100644 MdePkg/Library/BaseLib/Ia32/XG= etBv.nasm > =A0=A0create mode 100644 MdePkg/Library/BaseLib/X64/Vmg= Exit.nasm > =A0=A0create mode 100644 MdePkg/Library/BaseLib/X64/XGe= tBv.nasm > =A0=A0create mode 100644 > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > =A0=A0create mode 100644 > UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni >=20 >=20 >=20 >=20 >=20