From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.80]) by mx.groups.io with SMTP id smtpd.web12.2068.1588285426832061411 for ; Thu, 30 Apr 2020 15:23:49 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=OymVY7QP; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.92.80, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZWSV8fbyEgPE0TpHVu640e8ygal4FpzUtZjiTw5rueM1QLraFmoKIYGyHmYmuXEsdd84SN/ainTGGbfpGegDmI1XUcrwLy6h7czKN+z2vRkYXqrceF6oAseYNIGZNWlwlTjoOnFtua5os28o5yERQ5YT0EBmscLX/yV8Ndvo0J3EDkGZmy1YfL6mH+aYcAXdZPmTp16PlBvYgkqjPsUypnV0TB1p0CYkuJEtFN9l7A6fNrTe0h8/socBpYIwNF0WO6n1dyVZGWjI1LZ5mLFWJmHdeV6VoFiEU4qFyAyLQm4ShUTLHfkkVUMt3TZ36AtR4HBBg/X3OOS23H4qIKdUeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ya42FvfdtJ0X4vL3Ae0nd4yaxo7PHWrena3H4/0CIns=; b=JIhdPpCI4wOCW7VDhohOwFNZKitWstbZZRmO+sQmhmwdatuvCLf5aywGdgHv7EZ476ZbolQ1i1rUA1qfukHhHwAX//yuhzo+w/mb5EVe4BLk3hunJSCXdunqmrOSvvfubjpy3ImcVIpL5n8ZJh1LJzaAlBB9+ESFWOBGxbO78bJe2P8vsx6yKhBd76GbL4giWMC0UK/pJb3YWe/bCVy9icotNbaduvTjeP+b9MasUQ/vObvgONpPQqjfmhcH1inAXtwN1NGmE13oQ1IjtNrowY95SpJ0C2Y+0AbRnrzO97lqMJMPhNmBybX0c/bzpy8deeZprBy844UNIsvaHTeL2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ya42FvfdtJ0X4vL3Ae0nd4yaxo7PHWrena3H4/0CIns=; b=OymVY7QPkp1o1pWV9HN/0bUW3NKcycnGfDaBFKST1Uzos3/oyXZTOGCWFlfzIICRT83nwy75cIm8CRoMFaPgOWMupCYr/cseIBJLUjnSRlT+VHTnBqoTkMWLkt2QB8FoQmwOZs2QaIA1OoeLrkX1EirGcr2lwj6NLW3yhh+jOtw= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1129.namprd12.prod.outlook.com (2603:10b6:3:7a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.20; Thu, 30 Apr 2020 22:09:33 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.2937.028; Thu, 30 Apr 2020 22:09:32 +0000 Subject: Re: [edk2-devel] [PATCH v7 33/43] OvmfPkg: Reserve a page in memory for the SEV-ES usage From: "Lendacky, Thomas" To: Laszlo Ersek , devel@edk2.groups.io CC: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh References: <458aea8874eaecec248c69a3ef809392226ad4e4.1587577317.git.thomas.lendacky@amd.com> <93f7386f-6e9e-52e1-4a81-d8b599687677@redhat.com> <4a86e0f1-48d2-31bb-7e5a-faf41f3c4a3a@amd.com> Message-ID: Date: Thu, 30 Apr 2020 17:09:30 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 In-Reply-To: <4a86e0f1-48d2-31bb-7e5a-faf41f3c4a3a@amd.com> X-ClientProxiedBy: SN6PR16CA0058.namprd16.prod.outlook.com (2603:10b6:805:ca::35) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN6PR16CA0058.namprd16.prod.outlook.com (2603:10b6:805:ca::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.20 via Frontend Transport; Thu, 30 Apr 2020 22:09:31 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ffd24ce3-c481-4a5d-1d3c-08d7ed532907 X-MS-TrafficTypeDiagnostic: DM5PR12MB1129:|DM5PR12MB1129: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-Forefront-PRVS: 0389EDA07F X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: L+uzJ0XzXrCg7fBMJizFRz83qY+t4nZgGSu9VEJXPRu4ooSokWOzYF2s4fDBBICmCsk2ctfMHR6stD2NpORzQlvzsCjO5egp3n3qZRV5rPhDEKBt9bWfvbjv5i22jL34X08R+1uNsim9MEUNJLO0usuxI2OtCcfELerYO4lAOglHNmAgEsVnAVVOMSZy82IlyuVx0lZTcBTika2OYLgyzqVQ1HtSqvy9HMRt+9tyX08nXg+qDBPh4hyGaJ9atRAihZCsaYnsEpVPUuxGeA2uphEN10v7DMaldqGLO62526dqwUoQybAFWUH7/O06AYbwTfMRNeVoWaWiVlnB+1ri1bKIzgBUmh8CPfhBlkZGSV7SIJWC0lEv83XQ0bMq0x5fugUSrqUhpoyMBn27Pld0Y25jRHv+TOOBTJsAd6GVO1r9BDmgopVGxCM30qDgjs6o3yICQ4twwf2nDt6vJsj5HQzEWff32LQ6XIX26xt7A+vvTAvbt4GW2DsSr+RgpwAiYHC6Yb1J+Bu/bqhZ3Qj7zg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(346002)(39860400002)(136003)(366004)(396003)(376002)(5660300002)(478600001)(45080400002)(4326008)(66946007)(31696002)(966005)(36756003)(66476007)(66556008)(16526019)(186003)(26005)(6512007)(19627235002)(31686004)(8676002)(6506007)(53546011)(8936002)(2906002)(956004)(86362001)(2616005)(54906003)(52116002)(316002)(6486002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: qIyR0O5sAWlo/XZ2qjeYFJvopkNyn0hudY8wWj0FhDTb2s9iWfP6LsjTxyv+6Y09Z9qzuHLdVAUPQahk6GQ0vHtOLVb/8hGCjXTBg41EWDA9IvehS9F1XjGM7K45fVMF1F1p8vo1jCvFg6WWXbFbKk6bVlUNDYvwW4/Gf6LsZTgpdKXIEXzt91iK9x2eI7Lkk3FjksgPoh8Lhu3GXAFhWTRhqyXYa7phiZrkUXO9JaN5qkioWFDBqrXPZgxxBXpUJ+HSxCe9W48RDQVzyz7ib8eh6/dD2kEB3A9aVyIhzhFLcqDHZykck1kn33yfDMzRTVqnyndNplcgX1g8jD0UdYTWtAZfolwU1qdPp6pykkFozDwpLsVWPIFpKS7Q6n5kaKpC57/msIvgGN5/Anj5/FC03hrF04jDELsT80O+V/A1wgZEpjAwU2wYNuyqVJ/BhTJIU+QyaR0M66IZu41/KCWiCVpVeaV/pmFkA+i2qeVIfpKl79yY2U8eab/86zKKIT4kPtvujEKVQrqFGYefJJnda7tkxQweg4uOqsuH0Nkw9yFfGWUjx4p899Iie8/pNJBKytpna9RnbwWRhi4I4CzO8n2fqdD3XxoNjH3YH+gK8veDBClUUBKJLQ0MPCQqeVEaESaYo4Ewg7Vpoe7DE5MaudDADJtAPoE13xUT3QrzvhFKMXTwaAR9+9+gEoU2v3Md81TCYCr/zeMqnDoV/abuUB+I80dbn72q7VZN9QC3zieSYqr2eMY6Xl3UwCvnHBhGc96+xnQro4fITfXvRlYhoFLuNoelxBOo4vycQA4= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ffd24ce3-c481-4a5d-1d3c-08d7ed532907 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2020 22:09:32.6793 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 0XhqUMOTZlkGcJNtziL0x9chqu9X7slxigLmPwUQtgN/5sn+zRS0rB/vP6Ctx/UdUFNrF/xXJq9G7KIiwpv+Uw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1129 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 4/30/20 4:12 PM, Tom Lendacky wrote: > On 4/30/20 1:58 PM, Laszlo Ersek wrote: >> Hi Tom, >=20 > Hi Laszlo, >=20 >> >> On 04/22/20 19:41, Lendacky, Thomas wrote: >>> BZ:=20 >>> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbug= zilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2198&data=3D02%7C01%7Cthomas.= lendacky%40amd.com%7Cce256f35aa2e4748e8e008d7ed3874ae%7C3dd8961fe4884e608e1= 1a82d994e183d%7C0%7C0%7C637238699042461059&sdata=3DtXX8nkBo3fB4OVTs2ave= vW8pwL6AcqJHvFhvlshKySI%3D&reserved=3D0=20 >>> >>> >>> Reserve a fixed area of memory for SEV-ES use and set a fixed PCD, >>> PcdSevEsWorkAreaBase, to this value. >>> >>> This area will be used by SEV-ES support for two purposes: >>> =A0=A0 1. Communicating the SEV-ES status during BSP boot to SEC: >>> =A0=A0=A0=A0=A0 Using a byte of memory from the page, the BSP reset vec= tor code can >>> =A0=A0=A0=A0=A0 communicate the SEV-ES status to SEC for use before exc= eption >>> =A0=A0=A0=A0=A0 handling can be enabled in SEC. After SEC, this field i= s no longer >>> =A0=A0=A0=A0=A0 valid and the standard way of determine if SEV-ES is ac= tive should >>> =A0=A0=A0=A0=A0 be used. >>> >>> =A0=A0 2. Establishing an area of memory for AP boot support: >>> =A0=A0=A0=A0=A0 A hypervisor is not allowed to update an SEV-ES guest's= register >>> =A0=A0=A0=A0=A0 state, so when booting an SEV-ES guest AP, the hypervis= or is not >>> =A0=A0=A0=A0=A0 allowed to set the RIP to the guest requested value. In= stead an >>> =A0=A0=A0=A0=A0 SEV-ES AP must be re-directed from within the guest to = the actual >>> =A0=A0=A0=A0=A0 requested staring location as specified in the INIT-SIP= I-SIPI >>> =A0=A0=A0=A0=A0 sequence. >>> >>> =A0=A0=A0=A0=A0 Use this memory for reset vector code that can be progr= ammed to have >>> =A0=A0=A0=A0=A0 the AP jump to the desired RIP location after starting = the AP. This >>> =A0=A0=A0=A0=A0 is required for only the very first AP reset. >>> >>> Cc: Jordan Justen >>> Cc: Laszlo Ersek >>> Cc: Ard Biesheuvel >>> Reviewed-by: Laszlo Ersek >>> Signed-off-by: Tom Lendacky >>> --- >>> =A0 OvmfPkg/OvmfPkgX64.fdf | 3 +++ >>> =A0 1 file changed, 3 insertions(+) >>> >>> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf >>> index 36414c1f8b49..a0bea86f9875 100644 >>> --- a/OvmfPkg/OvmfPkgX64.fdf >>> +++ b/OvmfPkg/OvmfPkgX64.fdf >>> @@ -82,6 +82,9 @@ [FD.MEMFD] >>> =A0 0x009000|0x002000 >>> =20 >>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSecGhcbSize=20 >>> >>> +0x00B000|0x001000 >>> +gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGu= id.PcdSevEsWorkAreaSize=20 >>> >>> + >>> =A0 0x010000|0x010000 >>> =20 >>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfSecPeiTempRamSize=20 >>> >>> >> >> in patch #28 ("OvmfPkg: Create a GHCB page for use during Sec phase"), >> we carve out two ranges in FD.MEMFD, and introduce a matching set of 4=20 >> PCDs. >> >> Then in patch #29 ("OvmfPkg/PlatformPei: Reserve GHCB-related areas if >> S3 is supported"), we reserve those ranges from the OS, as AcpiNVS, if >> S3 is supported. The reason we only reserve those ranges if S3 is >> enabled because the ranges are only needed in SEC. (See the details in >> the commit mesage of patch #29.) >> >> In this patch (patch #33), we carve out a third region in FD.MEMFD. We >> don't seem to ever reserve it. I think that's minimally a problem for >> S3; the same argument should apply as to the other two areas. Do you agr= ee? >=20 > Nice catch! Yes, I missed this one. >=20 >> >> >> Furthermore, I wonder if we should reserve this "work area" from the OS, >> and even from the DXE phase (!), *regardless* of S3. I can't immediately >> tell when it's the last time (with S3 disabled) when this area is used. >> >> As I understand it, it is only used the first time the APs are booted >> up. And that should happen still in the PEI phase, because CpuMpPei >> boots up all the APs and counts them. Afterwards (still in the PEI >> phase), the APs should be sleeping in ApWakeupFunction(), namely in the >> code added by patch #40 ("UefiCpuPkg: Allow AP booting under SEV-ES"). >> If the AP is woken again, it is actually only "released" by the >> hypervisor, and it goes through the special 64bit->16bit transition, >> again implemented in patch#40. >> >> So ultimately it shouldn't be necessary to reserve this third region (at >> PcdSevEsWorkAreaBase), if S3 is disabled, because it is never used past >> the very first AP boot (which happens when CpuMpPei counts the APs). >> >> Do I understand right? >=20 > Yes, that is correct. So I just need to do the same thing for this area=20 > that I did in patch #29. I think I might want to protect the area from DXE allocations, too. Is=20 there an easy way to detect that PEI is active vs DXE? Even so, will it=20 *always* be the case that PEI will start the APs first? I'd hate to see a=20 change down the road where PEI doesn't start the APs and then things break. Thanks, Tom >=20 > I can probably shift patch #29 after #33 and have one patch for the S3=20 > reservation instead of having two separate patches doing S3 reservation. >=20 > Thanks, > Tom >=20 >> >> Thanks! >> Laszlo >>