From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.107.212.57]) by mx.groups.io with SMTP id smtpd.web10.48041.1674660907283548344 for ; Wed, 25 Jan 2023 07:35:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Z76dCZiA; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.212.57, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E4f8JYYweMuQ9WnC/4eMbs/HPAbySSNnPrIaLhAg3JfEzkxxWzfJKG0fukwyBpoSIHv+ZtLyQMbM15Wp9dEg0RejyGuJUN2IbKcZuDQoxPnWmM9ENimHntQOmhIrRzKFKE0UBrHc+xGLg3kxHRdwIQqgziZi5TeD1FCcYCLU4m+JQKhZSzP04jmDnJT+iYYEcZ055jCL175chwyD7SAin4grIM8buEnlz76RXuLRJY6TWQ7j+W4j8vo8pUQUl8LvBfmcniCV4a8cOASwUfPioL6cHZ172MYtivKmLaM7La+5uqXRxkjpWNk2f6DhIEVD8K453D+1crMm9HBlXS7qbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AXxHvWdGcE3T3vRmd0udXchWzofFSSdIdcggrktigh0=; b=XubDPjdMBEsGrXNt68jcU07Z0k0uyC/P2Uhwxog0kNabSgKLD6k3V85gIve67ctbOBPusJAixr+GQq5Mb57eXFKtPR5z3sNefn3yra1WXQGf1j/4MLQvyn1XoA6CNWnE+LIsVLFSONrp7+uXslLkuJjA5JRqAgmhcU+FqRnPNVoEPw67QWDdMwPSzyaBOmtYqj9SYA4l3oAVHwmeozkufsA+z+vo1d+3VgzB9vNThaO+rtVIxv2MBDOyqBhuX7G3orVHnGTNg8hMamey9TZAclF2kC40NjYeeznfL86X24hdWs0+6Zof5KcB/wf73ba59QaTcNDiqquBf3KY+JqO/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AXxHvWdGcE3T3vRmd0udXchWzofFSSdIdcggrktigh0=; b=Z76dCZiAfG6NJz2gKOLnUtgSORMGgvxtgpfe6iyOhGkHfArvV5p7R8TpztcmgaMp0TiUdi6+YZAc6hSp+JW99E1YtLdck9K2cMUSIGdTLIpj8mR37Ok6PKU90nKRaeSLGLBPYYYIRqJ50btKj9pehNI6gVQNQuOGRS7wxzsq5gY= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by IA0PR12MB7506.namprd12.prod.outlook.com (2603:10b6:208:442::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.28; Wed, 25 Jan 2023 15:35:05 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7%3]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 15:35:05 +0000 Message-ID: Date: Wed, 25 Jan 2023 09:35:02 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [edk2-devel] [PATCH v4 3/5] OvmfPkg/PlatformInitLib: Add PlatformAddHobCB To: Gerd Hoffmann Cc: devel@edk2.groups.io, Jiewen Yao , Oliver Steffen , =?UTF-8?B?TMOhc3psw7Mgw4lyc2Vr?= , Ard Biesheuvel , Pawel Polawski , Jordan Justen References: <20230117121629.2149112-1-kraxel@redhat.com> <20230117121629.2149112-4-kraxel@redhat.com> <20230125091101.rtxlviabpxg5uqq3@sirius.home.kraxel.org> From: "Lendacky, Thomas" In-Reply-To: <20230125091101.rtxlviabpxg5uqq3@sirius.home.kraxel.org> X-ClientProxiedBy: CH0P220CA0005.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:ef::8) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|IA0PR12MB7506:EE_ X-MS-Office365-Filtering-Correlation-Id: 02cd1abd-f8a4-4120-5adc-08dafee9bb35 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: RN+SFM0Tkzu5PF0Vkm894jLLyXzrBs2DNv7g2xGO9rnHri/4ivevitOceJn740LsdnwH2RrAh5pmiXD4EQETYKbxFaDF5zMwimvQM6M5gIq4WuY9zPMSrPCE5kWXWeVdAerEWC/gHAxk72EPzsAeHPnSvUT6IL39T9it1NvfQM/WT3y1umdZaAvwrDBbtZAVj4E5PP7A30/BDmq62HznvuxdmK31RnN8610Xa3vXFCvc2NODfXT7fbpmpjdGRbP918Hx5Fm1kq93S8csvybEOMs8wjWCG2k9x8OGQed90+0gNwMdVP5tQmCcM7esIaIHf641EOfv5wO1KISrxi9nv87cL5qoz2p+J544DF0k8Qow7l2MzPadY/Sg2hGinx9MvETW06azDyeMQYd+El52k5bkdA8QBwY6u1fkpsFMJ1hoBeiF3varZ+o+7k1/Xt5la+jn22QHtP3tiFjppDSPmLl5O/Fz2NA3mAN+MDQlN/EB72iLlDFMVmUGica3TYcPOYWudyB8wvPvrCDWXjOCdZgj0y34x/UkyfmK5HcehnxEnTKVgQex3TAixboMGxh9xvOkAbZIeyalM3zWEuzD2XiidpoNGBDB2X+6DXJASIN+UOCyCkn/IpGw24Tj6HyI193Wwgi1X39MwqP6EKZ8VMElpkahH7HcbsRB+mZMYAD5lrbRobWkRzTB3cZwGzGKNMuTmnzt4Fn3t/pNocg2zPR6trrEr8R7hP5J58hWh5MbIInx8KmPDJ8SfbLxXGrwx0w0ZAuob/tih48YyP0c0w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(396003)(376002)(136003)(346002)(39860400002)(366004)(451199018)(31686004)(36756003)(41300700001)(478600001)(2616005)(6916009)(8676002)(26005)(6512007)(86362001)(66476007)(31696002)(83380400001)(66946007)(38100700002)(66556008)(2906002)(186003)(6506007)(54906003)(53546011)(6486002)(6666004)(316002)(8936002)(5660300002)(4326008)(145603002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?K011eUZRa1RWaUgzdVNPYVZyYUVvU0QybnBuYlMxeXNCc3hwT3FScnRIM2Za?= =?utf-8?B?eW0yQ1VHbzk2VFZZMjF3Ris2c2VOOUsyTUVLOE1tUHBnNjBPRm8wYXhhSS84?= =?utf-8?B?Y00wcFlHdzUzd1diMktMTVI4RWhEUFUwcTdEYTk5V3ZKcGV6TVV6b2lFaytr?= =?utf-8?B?Qzd4eEt5Yk56RHFGMktjbVFhcWdhZjk0UGcra2xIdmVseUVySndjR1FRNk42?= =?utf-8?B?ZXJra0pnYW92UXk3elhlS2xQMXh4a0RVSDhKWFFkSHhjbC9tTmU4OGtwOGRN?= =?utf-8?B?WkN2Yk1QVTRnb2x6anArc0J4WXRrZjFoUDVDK2V5V0tYc01sMHd0TlBLRmVF?= =?utf-8?B?S3dNczBzQ0xrY2p3eG5vWm53MTBpNlNldkRDSjZIZDZlTVM2dUlZcU1jMVFO?= =?utf-8?B?Q3c5Q2drb2RNYlljY1ZsalJ2czJ5aHppQWkzTUtBanBXaUFEMjlXMmY5TTBU?= =?utf-8?B?UGEvaXpHc2NuNXNzbUdoTmtEQ2cvWWpxR2ZPMDlWUm1Hd1dQL3AzOUw1bGdW?= =?utf-8?B?WlVQVnF3NUhrK3BpR0hlR3hBUERuaVJ2U3U2MS9RY1UzRmxjU1Z4QlRjcFBx?= =?utf-8?B?ZE9qaEc4WDI4T1dyYUlWR1RZeG9aMW00NHJxMFZYOE55QnNKWll1RkRoWjdZ?= =?utf-8?B?Rlc0MzRrY2o5QUpnUVhuZkdVVXBaWmc0clhyV3p3aXhETHdWeDVjZ0RlM1pv?= =?utf-8?B?RjZYbkRYU1pzUjZkZkdNRFM1SGRDQ0ovc1RJV2txN3VoVExKc25lVU8wZXVM?= =?utf-8?B?d0ZpdVJpRDZlb2U1MlJlOEo5OURDd09IanB4RzBFS2xObE5mV1FXYi94TnRi?= =?utf-8?B?RzdlVG0rTUNUbktyY2NMcHp6bzRaYlBPdjVDNEgwV1ZMRnRrQ3JrQ0hzQzJk?= =?utf-8?B?UlBIR0lndlpJRExtNTZvTExCMHFIQnlCWDJZMVJ5bkxUbi9ub1lCdHlxaW9L?= =?utf-8?B?czBSemcyMWdzNHpsZ0Y3NDdxR05jVVBISGRpaXFxTzBCRUpIQTRRYkVOWWRI?= =?utf-8?B?UUo0ZnVqRFRNNktqQnBwOXFMNnduWGxFMktzOEhEM3dXdVlYWCtVNDVYZitF?= =?utf-8?B?M0xyeGRvMXEvbTR6eU9rR3RuVjJJVXBmQWhwaXV1eXBtUFU4TElUait4dnRD?= =?utf-8?B?SkQwRWtEc3VjaStXTFRKUEpiY2JONTJlZ2dmQmtXam00WHpGWUFWSXVuMmsz?= =?utf-8?B?MVhBRGhONFVLMzY0M0F3cW9ET3B5bnA0aTZhNllqeUhWcDdIVVp4elZqMkd6?= =?utf-8?B?M1dBUjVON0p5UGhsSjJOTGdoZVQ0WnBsRllaZDAwVkNiZDVucUFhUHBzYjFR?= =?utf-8?B?a1BMNnIyVHcyaXhlelNNSzd2ZzdlbHkrYUhoeTlESmhCcHNoWWlkMlBNY2w0?= =?utf-8?B?NmQ0UG1XSVlHN20zN090NXY3QnNMM1M3c2hvTHBTWkZyZkRJazZoMEFwdm5s?= =?utf-8?B?Uk5nWXcxUko5NVF2ZEYwMlZZZGdRN0FkRVV6L0ZPbUU5R25lY3c3bGFCenNG?= =?utf-8?B?UVpESWV5Y1ZVaFJ6SDdqZy9QTGJ0OUtGL0F3TWpiZEtBSjdienRZbDcxbHln?= =?utf-8?B?OVJVYzhwTjViWi9YT3FmcDNDai94Z0tRalg5ZEg4YXhMVkMwRCt6V2dla3ZQ?= =?utf-8?B?U1ZKWnVTVCtRZ3BRemQ3NExjR0hVQ040bVQ3U0ZhQWV6VWRTZnI1NEN4aXNL?= =?utf-8?B?eitkZ1JSYXNNKzNidkk3WGgvTGNIbk4wajhDMWFxNzFIcEZKcXptSnQrUTlB?= =?utf-8?B?Wk5jK0V0ZHRaQVZXK1VMdUplNENxNkNzZ1RqR2NwN2tkLzdzckpSOEM1UlFM?= =?utf-8?B?cy9LejBscUJjRWQ4TnRjcUw3ODdhbUhFTnFOSGFBb1J2Ly9hbUN1YXhEM0dM?= =?utf-8?B?NDgvTi9ZdE9zYXBGajRxMkRtdGdJdGxhVE9xUGlvTGFmQmxQSzVBck9pS1Zs?= =?utf-8?B?TjhMQ0JqaE9hbmcyV09oaGRvamVHM2JMbE1za2hPMUFEMGpKTzRINmdYUHZq?= =?utf-8?B?c0U1S1BGMlNqU2RiSitVTmhTRnlKUXI5bWVUa011Z0ZMTGl1Sk9HTm1Ob3I1?= =?utf-8?B?Z1hVeEJtblRtdDltYzdoSUhGTWZKM0xtbzVpTzQ5UDhjTTkwNmNnNjBmTXI2?= =?utf-8?Q?jn2eldJip5bKvwqQ+sn6z932k?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 02cd1abd-f8a4-4120-5adc-08dafee9bb35 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 15:35:04.9423 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: aEhAVLlLXP3RrBmB4QNzGBaED9C8cI/O9qDKU9j/ox9Ty031mELVRG5nm+pN8o+7ws9zNipuY0x7vNUOIR5rqA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7506 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/25/23 03:11, Gerd Hoffmann wrote: > On Tue, Jan 24, 2023 at 04:33:48PM -0600, Tom Lendacky wrote: >> On 1/17/23 06:16, Gerd Hoffmann via groups.io wrote: >>> Add PlatformAddHobCB() callback function for use with >>> PlatformScanE820(). It adds HOBs for high memory and reservations (low >>> memory is handled elsewhere because there are some special cases to >>> consider). This replaces calls to PlatformScanOrAdd64BitE820Ram() with >>> AddHighHobs = TRUE. >>> >>> Write any actions done (adding HOBs, skip unknown types) to the firmware >>> log with INFO loglevel. >>> >>> Also remove PlatformScanOrAdd64BitE820Ram() which is not used any more. >> >> Hi Gerd, >> >> A problem was reported to me for an SEV-ES guest that I bisected to this >> patch. It only occurs when using the OVMF_CODE.fd file without specifying >> the OVMF_VARS.fd file (i.e. only the one pflash device on the qemu command >> line, but not using the OVMF.fd file). I don't ever boot without an >> OVMF_VARS.fd file, so I didn't catch this. >> >> With this patch, SEV-ES terminates now because it detects doing MMIO to >> encrypted memory area at 0xFFC00000 (where the OVMF_VARS.fd file would >> normally be mapped). Prior to this commit, an SEV-ES guest booted without >> issue in this configuration. >> >> First, is not specifying an OVMF_VARS.fd a valid configuration for booting >> given the CODE/VARS split build? > > No. Ok, good to know. > >> If it is valid, is the lack of the OVMF_VARS.fd resulting in the 0xFFC00000 >> address range getting marked reserved now (and thus mapped encrypted)? > > I have no clue offhand. The patch is not supposed to change OVMF > behavior. Adding the HOBs was done by the (increasingly messy) > PlatformScanOrAdd64BitE820Ram() function before, with this patch in > place PlatformScanE820() + PlatformAddHobCB() handle it instead. The > end result should be identical though. > > OVMF does MMIO access @ 0xFFC00000, to check whenever it finds flash > there or not (to handle the -bios OVMF.fd case). That happens at a > completely different place though (see > OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c). > >> Let me know if you need me to provide any output or testing if you can't >> boot an SEV-ES guest. > > Yes, the firmware log hopefully gives clues what is going on here. So here are the differences (with some debug message that I added) between booting at: 124b76505133 ("OvmfPkg/PlatformInitLib: Add PlatformGetLowMemoryCB") PlatformScanOrAdd64BitE820Ram: Reserved: Base=0xFEFFC000 Length=0x4000 ... *** DEBUG: AmdSevDxeEntryPoint:120 - Clearing encryption bit for FF000000 to FFFFFFFF - MMIO=0 *** DEBUG: AmdSevDxeEntryPoint:120 - Clearing encryption bit for 180000000 to 7FFFFFFFFFFF - MMIO=0 ... QEMU Flash: Failed to find probe location QEMU flash was not detected. Writable FVB is not being installed. and 328076cfdf45 ("OvmfPkg/PlatformInitLib: Add PlatformAddHobCB") PlatformAddHobCB: Reserved [0xFEFFC000, 0xFF000000) PlatformAddHobCB: HighMemory [0x100000000, 0x180000000) ... *** DEBUG: AmdSevDxeEntryPoint:120 - Clearing encryption bit for 1FDFFC000 to 7FFFFFFFFFFF - MMIO=0 ... MMIO using encrypted memory: FFC00000 !!!! X64 Exception Type - 0D(#GP - General Protection) CPU Apic ID - 00000000 !!!! So before the patch in question, we see that AmdSevDxeEntryPoint() in OvmfPkg/AmdSevDxe/AmdSevDxe.c found an entry in the GCD map for 0xFF000000 to 0xFFFFFFFF that was marked as EfiGcdMemoryTypeNonExistent and so the mapping was changed to unencrypted. But after that patch, that entry is not present and so the 0xFFC00000 address is mapped encrypted and results in the failure. Thanks, Tom > > thanks, > Gerd >