From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.55]) by mx.groups.io with SMTP id smtpd.web12.495.1609968193589323093 for ; Wed, 06 Jan 2021 13:23:13 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=w4Go3U4j; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.55, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a/6fosukDC9KwoUSrT1YZ/akfIo0yD8LnyHTP6hm0c9ohRADSXQ2Ai1RycihSnsXUdhm9uC6kpyLYNYiXWEXcuxe524mhstRAwJy6cadXz4yeoclHDEMGTIYhUnbCfqJIO8Ec2CY3flr3s3RiYLRAQFyYjC0DwQG6UlHmtrcm1Dxe+XqVRt1ix4x55AcZkveqmF8sCE/PwqxUnIPkQyomjMz4STl8bl9mE6guWAaOSNRVFqJHAKCKcdRJSDZfiGiSJQetXC2RpCh9EUtuu+WcyHzUrzBOEPywZ8rYCA45Ma1UXfoNt6Fh0IpL0TThUQk2IqHmHHU6hDL9N92dsab0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jeEgzUb8t61v+Ua9D81FBAr9Kebe9Nr/1KOjQARlENE=; b=Ox6HpGQH9+p96K5voApQarW6MpVD0FTjfP3zrz3so0Wwm8Cy9755LxU7O2daH0V/PsyYUblqBj9oN8bbjyMTfWKtbJVGDVb6LbqkgoSbFc9wz8z+nTf+lbHKEIeEcaNcfpIQgqlKhSWC1+7cC8u7XQvfGloBgngDOfA0n5tNoCU39q91F6IalTUdRZjWEPQOL6DPK+MEjj2c9PoPjrNvwip6VsewumlIUX6oH5bC5nmBLKnsEnwMdW3o1oOadlBBOF3cjRr2Ynch5AK/YqL28rLoAR7shbLFbgVMx7zyPH6Bg/5y5no+WqeIWt5dn/bVTst8SWWci3q1MulKdngvwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jeEgzUb8t61v+Ua9D81FBAr9Kebe9Nr/1KOjQARlENE=; b=w4Go3U4jSm95x8xiIOctYNSdtMkLyQF5mA3TCz/xic6kQcsaSbt4pDcuaP61113Pr4lTyMTGjdZVQ3x9Xt/9nXxaXcsCdubMYwCIcl6WyNvNtP+qmSLYm/RsLARf0E6nwvovsYE2UaAU85k1/CXY3MbJI8upvRu1jk8XBodK9r8= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1259.namprd12.prod.outlook.com (2603:10b6:3:75::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Wed, 6 Jan 2021 21:23:12 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Wed, 6 Jan 2021 21:23:12 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Rebecca Cran , Peter Grehan , Anthony Perard , Julien Grall Subject: [PATCH v2 07/15] OvmfPkg/MemEncryptSevLib: Obtain encryption mask using the new interface Date: Wed, 6 Jan 2021 15:21:33 -0600 Message-ID: X-Mailer: git-send-email 2.30.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0043.namprd11.prod.outlook.com (2603:10b6:806:d0::18) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SA0PR11CA0043.namprd11.prod.outlook.com (2603:10b6:806:d0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Wed, 6 Jan 2021 21:23:11 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d666010c-63c6-41e9-c8ed-08d8b2894592 X-MS-TrafficTypeDiagnostic: DM5PR12MB1259: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2Vcjn8HhfGH32Dni6EUYre+bm1AaISPULxaG+EpuM1Kgyv8q5ACiHrSyqPcrYtZNUoy37IKZRSz1y2NdmuUAToqyr+f8SfXMV6rCuxvMoKG7okO2Rh9sPnxh4JSNBhUsIHdRv44tHvT3sGu3vbXLqF7VOHc/bpuCgG8g0jIutWHRRq7VG5bwZNGlMh8XfaX1C0yI21++VpIzoDoFIQbpLjAFYmA73jL7jvmtHOzp+TFn76ICOJGSGtHTndjHAT6Yy/6Ufj1Wq8pFUPMYDsu99Mltlo+LxgMlZENMOEydIalsuq5iL/I13V8DtfMf0M008paPGiNvyJkDbcDUzASRABqwio6SpDZWL5nKSXGD0n7BnKy5NwUo7QrL8jOwyRC4gKz041se7WmLDP6VvZiKM3RLeitkNr7FEDjRo5IfL38/l4kNYX85u2DNtSwqbOPEEhDi9S66Z1tnPlD4TYnCEg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(6666004)(316002)(83380400001)(5660300002)(2906002)(52116002)(7696005)(36756003)(8676002)(8936002)(478600001)(54906003)(966005)(66946007)(86362001)(2616005)(186003)(16526019)(4326008)(66476007)(26005)(6486002)(956004)(6916009)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?I2ppsACoPR/dIOJsnCIhSod1DrA8h3umLzV72f1Hoe/YdovrOh3TFjBAOb+7?= =?us-ascii?Q?vmH8olzcRrjmp8aA2m4pTJ8DGTXg7UFpHZ94IG3JGJ4prYcH6UxWv71oA5j1?= =?us-ascii?Q?wi846Uf2NB0f9tdG1RY359Z9o5YgiArMhan6i6UK/RF7I2dGDz+Wy+/3Stxy?= =?us-ascii?Q?uXllHRYEDoTvvwSw3oJ/Elm+xDErnddkx5hhtVpVmuoqh68jBlxXC0vXPit9?= =?us-ascii?Q?rjuXfzILThLMA/Pa3SBvj2urTCMVGec2QzSLnTE+A7fbsOGmBs9W1knSJuFz?= =?us-ascii?Q?nqHbadMU652h9p75UDly+Nkc92U5rpl30aY8pBZRGNPPGvOBM+QDKut5I7D6?= =?us-ascii?Q?bs/4Ma/RLjNu+m4hX8LepGinSc9whvpUbna7ycOkeje1bmw/RSw+RCvXenTS?= =?us-ascii?Q?AmaZdFOgLxkdCWhD3yb3JQRWIIloRzFSpDBfcUCFBxk6KmcTfxeL/L49umzY?= =?us-ascii?Q?L3JA46Bkqz2aYMW0OGyw83Mc0HcBkjvLmp5i5NogLmj3/4Qwhij+DMjICEjg?= =?us-ascii?Q?TZu7o/h/obwpCxDoOLxl+arPRgT9+LrUphPq9l5K0HNwzCTgPM6bVL4k/l70?= =?us-ascii?Q?U7YzDQPauJ6bi2MFILrct11wD9uBE4lYRmZVfpNCQ+n4KNKwqzCejnTD3sao?= =?us-ascii?Q?ygXypT6vD3/XSxIYnHJdMoO4qypeVW/HGxo8XKnzYO1QpFoNSbVtniv/JwPJ?= =?us-ascii?Q?0PWCvQt40xWxDl+TQSIUQf4voXnBzSkXhlJfOStVumI+1tx7eBW7WADyzqmA?= =?us-ascii?Q?Cmh65i0291zJEeCQO14F4vpQoRNWqzy7bz34kZBBpsuqbjPuzGBOf0KDXYFF?= =?us-ascii?Q?+TT7O+FXS1iOOWOunWmVJ8Qe8kwz38vVX9DDqqnohcMLNSH98QxOSSVIKLjz?= =?us-ascii?Q?NuORHKfY/0IXirpDLok7nYSFkPTfhNoJtNwq7HZaecb/qcS30Yo7VmvZPKLO?= =?us-ascii?Q?fy6Uz1l/x5t4VwnCPmQOYoblgH5Wb456uX+TDLv11trKj5VXVWpqkj6HkfB/?= =?us-ascii?Q?Zr4d?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2021 21:23:11.9047 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: d666010c-63c6-41e9-c8ed-08d8b2894592 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KiVmcUlZE7Gk6+jHk2IhxQaelJExNleQ+LB2Sx0NP8yhEl1yKqbML3lMTZS8StS1+rpiqJoIs7lEZpy2qg001Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1259 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3108 The early assembler code performs validation for some of the SEV-related information, specifically the encryption bit position. The new MemEncryptSevGetEncryptionMask() interface provides access to this validated value. To ensure that we always use a validated encryption mask for an SEV-ES guest, update all locations that use CPUID to calculate the encryption mask to use the new interface. Also, clean up some call areas where extra masking was being performed and where a function call was being used instead of the local variable that was just set using the function. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Rebecca Cran Cc: Peter Grehan Cc: Brijesh Singh Cc: Anthony Perard Cc: Julien Grall Signed-off-by: Tom Lendacky --- OvmfPkg/Bhyve/PlatformPei/AmdSev.c | 12 ++---------- OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 15 +++++-------= --- OvmfPkg/PlatformPei/AmdSev.c | 12 ++---------- OvmfPkg/XenPlatformPei/AmdSev.c | 12 ++---------- 4 files changed, 11 insertions(+), 40 deletions(-) diff --git a/OvmfPkg/Bhyve/PlatformPei/AmdSev.c b/OvmfPkg/Bhyve/PlatformPei= /AmdSev.c index e484f4b311fe..e3ed78581c1b 100644 --- a/OvmfPkg/Bhyve/PlatformPei/AmdSev.c +++ b/OvmfPkg/Bhyve/PlatformPei/AmdSev.c @@ -1,7 +1,7 @@ /**@file Initialize Secure Encrypted Virtualization (SEV) support =20 - Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<= BR> =20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -15,8 +15,6 @@ #include #include #include -#include -#include #include =20 #include "Platform.h" @@ -32,7 +30,6 @@ AmdSevInitialize ( VOID ) { - CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; UINT64 EncryptionMask; RETURN_STATUS PcdStatus; =20 @@ -43,15 +40,10 @@ AmdSevInitialize ( return; } =20 - // - // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) - // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); - EncryptionMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); - // // Set Memory Encryption Mask PCD // + EncryptionMask =3D MemEncryptSevGetEncryptionMask (); PcdStatus =3D PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, Encryption= Mask); ASSERT_RETURN_ERROR (PcdStatus); =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c index 5e110c84ff81..6422bc53bd5d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c @@ -3,7 +3,7 @@ Virtual Memory Management Services to set or clear the memory encryption= bit =20 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
- Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -12,6 +12,7 @@ **/ =20 #include +#include #include #include =20 @@ -39,17 +40,12 @@ GetMemEncryptionAddressMask ( ) { UINT64 EncryptionMask; - CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; =20 if (mAddressEncMaskChecked) { return mAddressEncMask; } =20 - // - // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) - // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); - EncryptionMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); + EncryptionMask =3D MemEncryptSevGetEncryptionMask (); =20 mAddressEncMask =3D EncryptionMask & PAGING_1G_ADDRESS_MASK_64; mAddressEncMaskChecked =3D TRUE; @@ -289,8 +285,7 @@ SetPageTablePoolReadOnly ( LevelSize[3] =3D SIZE_1GB; LevelSize[4] =3D SIZE_512GB; =20 - AddressEncMask =3D GetMemEncryptionAddressMask() & - PAGING_1G_ADDRESS_MASK_64; + AddressEncMask =3D GetMemEncryptionAddressMask(); PageTable =3D (UINT64 *)(UINTN)PageTableBase; PoolUnitSize =3D PAGE_TABLE_POOL_UNIT_SIZE; =20 @@ -437,7 +432,7 @@ Split1GPageTo2M ( =20 AddressEncMask =3D GetMemEncryptionAddressMask (); ASSERT (PageDirectoryEntry !=3D NULL); - ASSERT (*PageEntry1G & GetMemEncryptionAddressMask ()); + ASSERT (*PageEntry1G & AddressEncMask); // // Fill in 1G page entry. // diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 4a515a484720..954d53eba4e8 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -1,7 +1,7 @@ /**@file Initialize Secure Encrypted Virtualization (SEV) support =20 - Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<= BR> =20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -17,9 +17,7 @@ #include #include #include -#include #include -#include #include =20 #include "Platform.h" @@ -116,7 +114,6 @@ AmdSevInitialize ( VOID ) { - CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; UINT64 EncryptionMask; RETURN_STATUS PcdStatus; =20 @@ -127,15 +124,10 @@ AmdSevInitialize ( return; } =20 - // - // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) - // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); - EncryptionMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); - // // Set Memory Encryption Mask PCD // + EncryptionMask =3D MemEncryptSevGetEncryptionMask (); PcdStatus =3D PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, Encryption= Mask); ASSERT_RETURN_ERROR (PcdStatus); =20 diff --git a/OvmfPkg/XenPlatformPei/AmdSev.c b/OvmfPkg/XenPlatformPei/AmdSe= v.c index 7ebbb5cc1fd2..4ed448632ae2 100644 --- a/OvmfPkg/XenPlatformPei/AmdSev.c +++ b/OvmfPkg/XenPlatformPei/AmdSev.c @@ -1,7 +1,7 @@ /**@file Initialize Secure Encrypted Virtualization (SEV) support =20 - Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<= BR> Copyright (c) 2019, Citrix Systems, Inc. =20 SPDX-License-Identifier: BSD-2-Clause-Patent @@ -14,8 +14,6 @@ #include #include #include -#include -#include =20 #include "Platform.h" =20 @@ -30,7 +28,6 @@ AmdSevInitialize ( VOID ) { - CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; UINT64 EncryptionMask; RETURN_STATUS PcdStatus; =20 @@ -41,15 +38,10 @@ AmdSevInitialize ( return; } =20 - // - // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) - // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); - EncryptionMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); - // // Set Memory Encryption Mask PCD // + EncryptionMask =3D MemEncryptSevGetEncryptionMask (); PcdStatus =3D PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, Encryption= Mask); ASSERT_RETURN_ERROR (PcdStatus); =20 --=20 2.30.0