From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.42.76; helo=nam03-by2-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0076.outbound.protection.outlook.com [104.47.42.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3878A220F33CE for ; Thu, 1 Mar 2018 06:56:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gOinTzSRuPP68IuEO54wWGO+XI86/udBnjhN7iyy6oE=; b=agHZJXvssbJMlPabMeva/RS6nEiv+HQg+CLLMIFVd7mQN1fH8nHbCeZy/Mq4sE3WTuFpmV2A7AJr9lXYiwOMQTP1VzNoMVtKOdsr6vXkapuGs26rWP7PSMgP2TIEcJ1NE9LiwlYDqk7e2evMeUV/9y5KkbO0gvGeHGwjkZ9Yf8E= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [10.236.136.62] (165.204.77.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Thu, 1 Mar 2018 15:02:25 +0000 Cc: brijesh.singh@amd.com, Tom Lendacky , Paolo Bonzini , Michael Kinney , Jordan Justen , Ard Biesheuvel To: Laszlo Ersek , edk2-devel@lists.01.org References: <20180228161415.28723-1-brijesh.singh@amd.com> <20180228161415.28723-3-brijesh.singh@amd.com> From: Brijesh Singh Message-ID: Date: Thu, 1 Mar 2018 09:02:20 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: MWHPR2201CA0080.namprd22.prod.outlook.com (2603:10b6:301:5e::33) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 308b96a2-e273-4d2c-1597-08d57f85721d X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:e4eT7M0QQnx4LhH/T2YK/VDgQY2fsdp5MPQyELI6TS3QU+pbqZw0mKsWXIKM0IA9BjzLL2TdVdcqbORvZDf2E4VjGVLd2uK1r+vzxYOX+GqFNeSp2BtN0ORcytuvcGD7gRcpN2smWAixF6SAwkEMEyk05HYG5qlNKf3tDibHzIMvBwEN34TXmuxgduCBIrN+YiADyzGW7m4e+Bg/+PIoeF+oPnKaOvc3vQGsKKBe4sd4onouyntd+daicHjP6sjj; 25:5dD/snnkcN1ixJtFW1LSJ+2GDvZjeYUo+7K46n5ICW/vYLKwQvtG3A5ldlX92eE+2IbfHob4NXYeJqtIfOQZIDWGWkizzsVZCgZjP2g8tZyFWBq9fk9iz+t/86kjg4gewQsDvREOu8MRFbYzPojJL1uZ6mZhpcrKq3ET8wafNAhlvjbPH2j+hZDJv61g5mhx7BViS3JYc93yv02UelFjGzhOjKHPx7MdmR5sdHkcg2waOgaHeXrEgJH1ZlPMFit+NvNzYvV2rU6cvYv1zTd3eQZsvWlPEgXmG9BwUwNqyBL/9weFS0qSgsulmmmb9vmXTKScXDeQ69hYLhH/C7fq6A==; 31:S4Cbhp8R3Y5qeEyJ7nM/1f/fZpBJbFVHJO+1VIOrPusHDybg2bj0x21CFum7kmq8Vx1IWCleJK+eWlRR50AePHfQGT9vPKU7t86VXlOcrZOxWsES/ASbI9AnCvBzQH51XmNbjI5BjlzvZl7TWF/epFX5xanriVD2tf9skVbdxpvwSPPNu8YKK3ivj5uqfFOaS3IU3bn/2ew7ChN+Ps98R+6rqyVGlDE5W+SukR9QsAc= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:+hEJZ7IDd7xdh5flIVT+1jg7mNX7xpOEaSYVnOvl7NMnAxLeMZI8MyXXr202TS4IuVgV7wUjic9dxk3VAANSuIGCt8QYXqTf7Nxj7Z0xKr68+Pd5/1hY0YUHiprfiT4EJD568IdaXrPpMVXsqpDXbzJCRcaNTIm57vW7U5fImSGPOH/lpofUf08cBKUAgOsHqr6935Aqjc0zIaBBD17mB95s9q+lZnz08bM/8Yc47SfT585EakR5ynsfyAmjUPxbFebyscxBXk57KG7sH9bvx+UyB28jv9mm6qu4klxU0hGD8FXHJ6kRdML12OZSRTluoy6NvO6318H+06fc1DB0p1W5iogYLJ6ULB1LuP7lZBAE2lgTxjEjHFaJ+J8OQVLqt3IJvGCLw/qicKwE9FOHQnGMrg1XkWwCzz4Y16XBEBiqVBr9NlyfP1N8+ZiEQESUps+tYENN6VMxqB7VE/oz68/ppCLyAq7PdA514ebWFYPgaDiQDaQ+phxw9CpxclE2; 4:c1enTumomRIfr3YSwBGSdHnRi7GeXty0NPOuRDqHbncloHuX21hMFqk2fXP1Qt1rjPcfmGYaMablS3BLQWt4Na/trPv8W6H5/4aebBZzUfN5I1Q+qBx0RARBdc+0uK54mrfy3oD6c9wrSTndOmTEghTDCgydJCXGHSC0YedgdF5bfUZFUR3VN9rNuwyLEicujYWdve13Ukd3zna+x1tLRTrWD5BICSEGRd6Fp0htW4/pjWrHG+r62Jyhni6TgaeZInhdLcFjFV0Gidpm7jm1kilzgb0gg/heQf6jCOxnOPyIpF0fH6RWPAcDsBjlQRfJQDiApH6wWzWY5RhT0FtAM+2LWP3MppevYANbGTBRH1rvKBTCp1YXnRrjjXvVfTNE X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(788757137089)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(10201501046)(3231220)(944501161)(52105095)(93006095)(93001095)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 05986C03E0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(366004)(346002)(39860400002)(376002)(39380400002)(396003)(189003)(199004)(58126008)(65826007)(7736002)(52146003)(23676004)(52116002)(2486003)(229853002)(6486002)(81156014)(25786009)(4326008)(76176011)(6116002)(31686004)(47776003)(81166006)(77096007)(67846002)(478600001)(3846002)(305945005)(105586002)(68736007)(26005)(50466002)(2950100002)(8676002)(106356001)(65956001)(8936002)(6666003)(316002)(65806001)(186003)(66066001)(16576012)(53546011)(86362001)(386003)(31696002)(230700001)(97736004)(5660300001)(6246003)(54906003)(36756003)(59450400001)(2906002)(16526019)(64126003)(53936002)(213903007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:[10.236.136.62]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU2OzIzOllvTjFGbVAzdmFNOThidlFMWXAzVnY2R0R3?= =?utf-8?B?WFBYb2VxZldISnlSenllSDgvMHV4VUJLcmg5azRqZ3k5dFlHWmRDSTlDWGhG?= =?utf-8?B?R3o3K0podU5LOXFmcW9kTUNkZWNTaERNM0F2eE1pOVh1N2tGaGMzT0tKakln?= =?utf-8?B?emdjdlVFb3ZXK0lBekNLOEhPbEZ0eGJkV0FEN3pTb0FFSGNpU0JmdTlXU3I3?= =?utf-8?B?UEJmQTJ3SW95RGhlVmgxWU1PVWd5UERFOGgyNDRWRzBDejRWek1qQk5hZDBB?= =?utf-8?B?UER3dkd4K2pTZUhTekVMeE1XRkdVS1oyaUkwa0UrUnpha2tNOVZFZVgreDZ2?= =?utf-8?B?Z2QrR09LeWN6UGpBdHFLZnprSUdGVmdqTGVBQjBZYWV0bm0yWHJ5MFdmQUZ2?= =?utf-8?B?dEM5MGpFNUhJd1JXWWxEbHBqM0NXM29jMHlqNlE3ZHk3S2JkMXJaYmN2SkFB?= =?utf-8?B?dDV2NTlsdnNpaHBXckdzQ0MvMjh5dnRlOEk4NjZ5d1ZZby9tUE1ZYjh5UVp5?= =?utf-8?B?Yi9DcHJyL1JNSTN6eFcxMkFhVWppbkNvZldiWFlrWlpiNTMzb0FpOTlvM0hl?= =?utf-8?B?RmcvNkdFN1NaK05UcDVuSjBndk8xRTNLV3RQLy9XdysrOUVJVXFsdUFrbExB?= =?utf-8?B?N1prMkRGYStWT3J0ckNGMUQyUTQvdkJYa1NlWTZuOVorQmE2Zm9vaklCVnNi?= =?utf-8?B?UU9iNkk2YmEwQXFvQnk5VHJXdEpySStjVGxyQVJ2OGFFVFNKdmxpY1VqMWU2?= =?utf-8?B?T0s4Y01xdGtYbW51MGdrTjV6VWtuVGhyKzZlZVN0SS9EUnZpeGJ2Tm5rd1Nz?= =?utf-8?B?bFBHUWt0UHlDSWxUOVFWaXV0MG5ldEdyb2R5QlFDV0h1U3Z4dllCMkRDV0NK?= =?utf-8?B?M1lsdmtFNzkrZ0hVYmM4RGhNYW1sSStZZ2h4VzA0UWNTNGNuVUVTYWZneCtL?= =?utf-8?B?WjBxNC9RYng4cExRR3NYeXdyTGpzSTNsYlZINXgweWI5VTVIRXFDRTkwVVdx?= =?utf-8?B?Q052aU50N2dHaGhsempKaTYzZUprM2hsMWNzYlVsMC9zMjJoSDV6WmdiVkl4?= =?utf-8?B?ZzNjamJJbThkWE9mRHY0Mi9vUFNBZUhzakprcU9NSW9ZVXVCUEhDSWRnN2pX?= =?utf-8?B?T2QvRHdPbjNEMzhLZFNzVm92UVR6cE5uVjU0TEsxZXo5MC9MbEV3NXk3aTMx?= =?utf-8?B?ZXRFS2t1eEQ3ZUdhTVlpQzVhdzVDdUovUTkraXROc0dob0FDOVAxQTJRUFJO?= =?utf-8?B?OXR0Mzd6Q2ltd0t5MjgvWXNkUlRVbFR4NWNLcE40YW1XdHo1WEorQk1DQnI5?= =?utf-8?B?dkpqVU0xRDc3Y1FBYStMazd4RFNoNTc1MzRRb096cEpySnBSS3RYYVdKYlRj?= =?utf-8?B?aXpvSDN3M21hajUrT2RRRHQ4MXR4dThHZjZuRXU3VUxYME85UHo3WDllMnRJ?= =?utf-8?B?Yld3Vjl0d2hMZzNGMVZ4bVFZOW1XYW8rRWFXSXoxcHgvNW9JSHJhQ08xekZs?= =?utf-8?B?aHBHNW1NckM0ZUFoMGN2RDdtdnlreWJTVjVna0diY0s5cW9Wa0xyd2pYTjFh?= =?utf-8?B?TkxRVWJpRnE4TDY4TUV2ak1ab0hQTGxFNUtRVFVSUDBjT2hXUi9KZ1JROFk3?= =?utf-8?B?TjUyNUVoVlFQN3BBNHVVandMQWpaMFJTQmN5SHBsc0djZ3dBRTZMTVQ0a1VQ?= =?utf-8?B?MW9JN0tPS0pBTlFLZUN1VVRPWTF1dGg0ZUZPY0NKZUYrVDJ1U2kxbm1PMGtP?= =?utf-8?B?RUF5VHdtck1TQ3JPNTMyMEZDNXZwZDVGd2Q4SUZHZW5MTHB1OHVJWWtScDFQ?= =?utf-8?B?SlFzcWJ5ekhieGs0SHlTcENVV3RYRklpY1lvTGFRbFQ1K3pxN2ZOaGFOZXY2?= =?utf-8?Q?gCAjD8nItquVV8oOXRdVH7PcklMc//j4?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:8/4caWCj1clzD7rOpxCpK1Qn2dtZh9sOtUqLP6Pk+uFvNk+5A6yvonyhZZal8/LvA5/4BeGmuWkFMpPGtuJWtvoyzLB+93a2cnefdgUlWwDE00TswFTkfHnT/iQIVr3NnR6SVOAVDgJ8a+050qJ/BNCeWQnH8kvHVhfpofmpv04J6BzuzudSbNCXLHKGBli/3cV56y0wq9EajQ2VpY+7UjRYSIlASPrbt1wllmhcmJUbx4C+39MMjl3UQEYARyNopS01DRi9JYnCPAF0ft0rlRlA6L5w9PMIeNCgr/2WXV69RJQJDRK6QjXiwdGIRpggoNLBYC70xPmebkiExKMNgoAO2LZQKyL86d2BsC+YAAo=; 5:aE2WAR0dyixd6M16wVsnU+F5iF0NFU+C7Jq8XeV5XK+dRQmm4GU0NigQV5iK0BG79Au87r4tTi+Sc8YSqhgmaO9BjvrkIiE3qtxcKAoufF9MNIDpC2/LR73nSpn7/Qfm22KFMaYXHSrtsMdfIqgeHAoU7qbRx+AKMTkEpxG78/w=; 24:+P62Aonxo4KvJV6YZ97KUMp7z0Xb+4sf1stc8D23gMabuupjvWbtYh9HLUSLf51deQEQnyjmgjvsPQrvUzavkNkj52p9mlNWqMkxLsufvmE=; 7:Ax94pzZt9H4MMj9mQOL5y/WDCbvaHQ32TiCZKjKO9VFS2SxuT1uQDlaPicT7sVHdfkG/VnKkw11Y8uD3EPi3w9fmeE3Cb4If6TnQZh88KlpdB+zjRM0VRj+hBPFxrbFsaTSZ1E2tByeyyZVj8YcflfepOigjPHiv5reaA60IZnV/GHv9H9tQYCrup2fgj5PVkYKCs8zhoDsZju53kh5y1jH8fPntTIUl1v/FIyrjODjtlceO5KIcl0otWvhEYyka SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:8l71w5RkMBNGzAvk/6JWQGu0ygsUz9CJ+V0eLQbMpYSHIjxzD73a+inpbfuGSw5Vp7NYUC/dQG+2X4RYel4fENfs0giR/2OVRQtapJpqjDGaurtsNpN6vM9o7/ThJg05ikRzCAaer1nISb87XjfsHrczW0RYgf3X3vNruBEEQ4lm3mF1W0VI/2cKa48CpyWkZkb+0jQPBP5SSmxYFb3QTrkc1Hn9pWwmvN5pqt/VPHyMWLwMdhD37TuGbckIIafW X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2018 15:02:25.3742 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 308b96a2-e273-4d2c-1597-08d57f85721d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 Subject: Re: [PATCH v2 2/2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Clear C-bit when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 14:56:20 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 02/28/2018 01:41 PM, Laszlo Ersek wrote: > On 02/28/18 17:14, Brijesh Singh wrote: >> Commit:24e4ad7 (OvmfPkg: Add AmdSevDxe driver) added a driver which runs >> early in DXE phase and clears the C-bit from all MMIO regions (including >> Qemu Flash). > > (1) This appears incorrect / inexact; AmdSevDxe is dispatched from > APRIORI DXE before the flash driver is dispatched, and the MMIO GCD > entry is only added by the flash driver. So in this case, AmdSevDxe > clears the C-bit on a NonExistent entry that will later be split and > accommodate the flash MMIO range. > Okay, I will update it. >> When SMM is enabled, we build two sets of page tables; first >> page table is used when executing code in non SMM mode (SMM-less-pgtable) >> and second page table is used when we are executing code in SMM mode >> (SMM-pgtable). >> >> During boot time, AmdSevDxe driver clears the C-bit from the >> SMM-less-pgtable. But when SMM is enabled, Qemu Flash services are used >> from SMM mode. >> >> In this patch we explicitly clear the C-bit from Qemu flash MMIO range >> before we probe the flash. When OVMF is built with SMM_REQUIRE then >> call to initialize the flash services happen after the SMM-pgtable is >> created and processor is serving the first SMI. At this time we will >> have access to the SMM-pgtable. > > (2) Please replace "is serving" with "has served". > Will do >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Brijesh Singh >> --- >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf | 1 + >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h | 7 +++++ >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c | 12 +++++++ >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c | 33 ++++++++++++++++++++ >> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c | 6 ++++ >> 5 files changed, 59 insertions(+) >> >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf >> index ba2d3679a46d..d365e27cbe59 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf >> @@ -53,6 +53,7 @@ [LibraryClasses] >> DevicePathLib >> DxeServicesTableLib >> MemoryAllocationLib >> + MemEncryptSevLib >> PcdLib >> SmmServicesTableLib >> UefiBootServicesTableLib >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h >> index 8d83dca7a52c..6c4099c140e8 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h >> @@ -88,5 +88,12 @@ QemuFlashConvertPointers ( >> VOID >> ); >> >> +VOID >> +BeforeFlashProbe ( >> + EFI_PHYSICAL_ADDRESS BaseAddress, >> + UINTN FdBlockSize, >> + UINTN FdBlockCount >> + ); >> + >> #endif > > (3) Sorry that I'm again requesting a name change for this function. Can > we call it QemuFlashBeforeProbe()? To be consistent with the other > function names in this header file. > > (4) Please add "IN" decorators (also to the function definitions). > Will do >> >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c >> index 63b308658e36..a4614de3c901 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c >> @@ -155,3 +155,15 @@ InstallVirtualAddressChangeHandler ( >> ); >> ASSERT_EFI_ERROR (Status); >> } >> + >> +VOID >> +BeforeFlashProbe ( >> + EFI_PHYSICAL_ADDRESS BaseAddress, >> + UINTN FdBlockSize, >> + UINTN FdBlockCount >> + ) >> +{ >> + // >> + // Do nothing >> + // >> +} > > (5) This function definition should go into the existent file > "QemuFlashDxe.c". I will look into it. > >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c >> index e0617f2503a2..a6cad5af223b 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c >> @@ -17,6 +17,7 @@ >> #include >> #include >> #include >> +#include >> #include >> #include >> >> @@ -67,3 +68,35 @@ InstallVirtualAddressChangeHandler ( >> // Nothing. >> // >> } >> + >> +VOID >> +BeforeFlashProbe ( >> + EFI_PHYSICAL_ADDRESS BaseAddress, >> + UINTN FdBlockSize, >> + UINTN FdBlockCount >> + ) >> +{ >> + EFI_STATUS Status; >> + >> + ASSERT (FeaturePcdGet (PcdSmmSmramRequire)); >> + >> + if (!MemEncryptSevIsEnabled()) { >> + return; >> + } >> + >> + // >> + // When SEV is enabled, AmdSevDxe runs early in DXE phase and clears the C-bit >> + // from the MMIO space (including flash ranges) but the driver runs in non SMM > > (6) Please update the comment according to (1). > Will do >> + // context hence it cleared the flash ranges from non SMM page table. >> + // When SMM is enabled, the flash services are accessed from the SMM mode >> + // hence we explicitly clear the C-bit on flash ranges from SMM page table. >> + // >> + >> + Status = MemEncryptSevClearPageEncMask ( >> + 0, >> + BaseAddress, >> + EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount), >> + FALSE >> + ); > > (7) The closing paren is not indented correctly, it should be aligned > with the arguments. > Will fix it >> + ASSERT_EFI_ERROR (Status); >> +} > > (8) This function definition should go into a new file called > "QemuFlashSmm.c" -- please make sure you add a license block at the top, > and use CRLF line endings --, and the new file should be added to > "FvbServicesSmm.inf". > Will do >> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c >> index 5677b5ee119c..f63e11723415 100644 >> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c >> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c >> @@ -244,6 +244,12 @@ QemuFlashInitialize ( >> ASSERT(PcdGet32 (PcdOvmfFirmwareFdSize) % mFdBlockSize == 0); >> mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize; >> >> + // >> + // execute platform specific hooks before probing the flash >> + // > > (9) Please replace "platform" with "module type". > Will do >> + BeforeFlashProbe ((EFI_PHYSICAL_ADDRESS)(UINTN) mFlashBase, >> + mFdBlockSize, mFdBlockCount); >> + > > (10) The indentation is not idiomatic. > >> if (!QemuFlashDetected ()) { >> ASSERT (!FeaturePcdGet (PcdSmmSmramRequire)); >> return EFI_WRITE_PROTECTED; >> >