From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.77]) by mx.groups.io with SMTP id smtpd.web11.4154.1607402649538171922 for ; Mon, 07 Dec 2020 20:44:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=IwT4JGbo; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.77, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fhFe0eGKuMS4IWuSUtMv7QrlWjk63wINJ+FColPp688avIK/m2x5/L09hxeuOIqZxFNrga+6YKWtWiDa786l4RU35PtWDRnYFfRvyG2Oz07Thgapw5LC0VW5k/W0q3VuyLcm4CXiPdTxMwGrQa+DEGCdIqdmUc4XdPDvsYeGyo4kvtcELYqn0/EIehRRHQAWFKcsQxQAjkNK19vKc6S1Dvo0htkR4GVCn05j90xejWNK0k2808rdW9T0piK1FPlKkBf8qeNliTmokC8PAynZB4K2fqyf3U64AZNtDUrnQLv0IREZLwBMjKmwvYa6ab+dGDMIkNGuFTC/5Lw6bCvg1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NQ27lnh2f+RXVlKhTWr8roVyYy8HpLUJCYBvsNGOV9o=; b=eh9tDT/Cb9DCk+z1pxRwS1iz2qyGW4jm03DDRyBzagttrUmjUSHBXnuSGYC1lvjRdX3RFv57f+qg3kvvAahizY7uLODTJiD0UA1dsH3dASkMVV8BBSTWYiAAVaHTvZAzkI7mFpnfG88olLoJ/ExWv0qUN9FRU6YwraKSIvLAW3y4NnxVhrkbOwSPKTBCUfuM5/3lCBh29xT99cTsnNA6n9gBUDvEtq3pMXGSJ4dzEEup0uIHDeXFXMH8Fflc3sa5hxoPztcFU1fFK5uZJP0E+vaS+7/vq2YTcuVHDmRwE2tetmMFvyF3Ep4V5rJbOg6x6bqjcVlMUpvfDIHztnrCug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NQ27lnh2f+RXVlKhTWr8roVyYy8HpLUJCYBvsNGOV9o=; b=IwT4JGbooIdtDCqMfcQek2AXbU1dfOtSZEwwEHXGZrrrvZyIBpRPqlzelz1o8jkKdjv0ZPT0Yome/D26LqeMKdkFbii5L3baKviaa2HIWwDMZMnrX7tGyEqMhKgxjH7dwm8Ig+GN4/PiHpCjFO8248SpvnlWKI9FrBEIZr46MVE= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2413.namprd12.prod.outlook.com (2603:10b6:802:2b::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Tue, 8 Dec 2020 04:44:06 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::18a2:699:70b3:2b8a]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::18a2:699:70b3:2b8a%6]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 04:44:06 +0000 Cc: brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, Jon.Grimm@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: Re: [edk2-devel] [PATCH v3 0/3] SEV Page Encryption Bitmap support for OVMF. To: Laszlo Ersek , devel@edk2.groups.io, ashish.kalra@amd.com References: <6f1ebc14-879d-53fd-74f9-0085d869f090@redhat.com> <20201204081009.GA767@ashkalra_ubuntu_server> From: Brijesh Singh Message-ID: Date: Mon, 7 Dec 2020 22:44:04 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 In-Reply-To: X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: SN6PR05CA0032.namprd05.prod.outlook.com (2603:10b6:805:de::45) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN6PR05CA0032.namprd05.prod.outlook.com (2603:10b6:805:de::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Tue, 8 Dec 2020 04:44:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 52a4cf0d-fbe7-4596-8c01-08d89b33e51e X-MS-TrafficTypeDiagnostic: SN1PR12MB2413: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: G2E9kF3RhBm63CP2pHADPqzceXkvrb8VadgpoQF9peQXj1OdbbSsqLJpZMZ9rpIxm8zMg5d/mdoEQelZYiVVSn8An/ao+GGOMGgEfn/yB+VIjdwGckA7HW6dmee+xhm+M0+CdGmx9SNr7T8h5h0oVP8dnt+U34ZJLNBXzi5xDAdncUsWq3p0sB8dExwVbIp+DAKlGWLO8tS+vtGtkJBriN7uTE8r3PmoAEb763XZV6/ZtWa2YIiVbMgwTr4p0Xw9bLs5ej8vL/y2l9oUnir9M6BoW0qtTUQ1yizKO/88+UNobKlOXDrIN1rGP/s6Ao/416/IHxWo5TwWiUsAFy2iJv2Jod0up2FsH3zX/CcRAetQi36/WlO+cxpJM3oJeBKBTndl2TWAL8O+iOrWH+1IQb+Pgaxaqf8k3/gwFZjl8WECShXNWgh3qAQb/VkEPugHUEKat78WMkKSsbIgPWfjM7+Rk0EZZKNB2WmTAGoD4ZNuQZurMeEGNxgdGQVI0ha6 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(366004)(39860400002)(376002)(136003)(396003)(8936002)(86362001)(66556008)(966005)(16526019)(4326008)(26005)(66946007)(8676002)(5660300002)(53546011)(186003)(31686004)(6486002)(19627235002)(478600001)(2616005)(2906002)(6512007)(66476007)(956004)(6636002)(83380400001)(6506007)(45080400002)(44832011)(52116002)(31696002)(316002)(36756003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?R1VyYVM5NStMRStzR3RtQWkyZjNvZW4ydUwrOFhCam4wcG9LVzMzVU5jYkFH?= =?utf-8?B?cHhCZWZnK3hudW5jVjYwd0ljNWoybHhsWkZDVmRKcnRzYS9XQnFKdW1pb2s1?= =?utf-8?B?ampZd05VaVJFV0NPQmVIWnExbFlZYUFMN2I1dTRWa04rRlJKYTNlMk9ud0NV?= =?utf-8?B?QWllWGhNT1R5enl5Q0ZOQlQ4MDJ3dWMxTXA5YlRLWE5KS05IZndmMWZTZkNl?= =?utf-8?B?YlRlM0hBblJOMVI3YTJNck52eHhKQURYZFRYY0t1TG1QeCswQmlSYWIyRG1D?= =?utf-8?B?RWc3dnByd1I3cnViRlE0cVdrNnFvQ1FVT2dEVzZUOEZkSFpuc0hCenBNRTF2?= =?utf-8?B?Ym54aXBkZHBiaU4zcjNQRnFxRWNTNkpvb3VTZVBSaTRYSlFrNElEbkFRK3pk?= =?utf-8?B?b3YzclZ2aG1JZStnRksvcE5zb1lBT2V0WDZFdXlzd05OR1pzN3FHZVJRYi9O?= =?utf-8?B?TlpRN2FHT0ZmdEVnSmhSOTh2VXY1ODBrS29zK2ppMFpHRDBtRDFXTEMrbmE1?= =?utf-8?B?aXN6RUVpMC8xZ0RhMkdTQ2RTQWVXSXZpRW5qZlh6Qk5abEp0OGd3NUw1Q1B2?= =?utf-8?B?WEk2SGVoRyt5SDIwL2hqQlBJYWw3UU13QWZyMjdxZFN5M3YzRHBPTFB1NlVh?= =?utf-8?B?eXNNeW55by9OZWtpY1lzUG5ScEgybnZKbXBZR1czYVAxNDlTeEpJeXNJK3Aw?= =?utf-8?B?SVNxTUFpYVRKTDViNEMvN3AxakZ1eTRtOTVBUVFKb09LZHdKU2JpVnlUSlNm?= =?utf-8?B?YS9BbHhuQVhJWEhTYzhxUFQxQmdXQXhyMUJTK0ZWcXp0SnB4a254bnB6SjVk?= =?utf-8?B?ZjRXVGh3WU9JemIrU1dtYkY5bFdYT3JiR3FxREtIUUl6VXlQaFJ5cXB6UDBJ?= =?utf-8?B?dFp6YnlNeWdmYUNmSnFINjBsWWVxbGlHbFVwLzZCMDQwNVJQVkRaa3drbE5N?= =?utf-8?B?UXo2djZlUzROOTYzc1pCTGJIN2JNRFRZT3o1bHloSGR6OU1YSmpGYVQ1QU5N?= =?utf-8?B?R0R0UTAydHgyc0RDMFBVUlJER0g1NW1DZmc1V1ZHSXF2RHFlY2NiMnN1Snpl?= =?utf-8?B?Mit1elNpUmFvRWJ0TUlDSmZxSUJCeGdNUlJsQ2NPSTcwWDhkWlliQkxYUGhr?= =?utf-8?B?dTRBa0t0d0o2WThxdUlRQy91SzAxQmxaeEkxeTVLSWZKRDYwMEdDK29yMEFG?= =?utf-8?B?TTJOOVR5VkV6a0JWR3FESTRxeXUzcUdjbnZDVExkeXQ3Zm5WemY3Y2tOMXZp?= =?utf-8?B?eFJLbHhYajRVZ1FzRzEreGxlNUJ0R1VwaWFZLy9WblAzWnRybHFTc0tET043?= =?utf-8?Q?kaedBiYRr1JYaVai9Hmr580KR75QElYqNh?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 04:44:06.1727 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 52a4cf0d-fbe7-4596-8c01-08d89b33e51e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CPJ4XJK/zgDgcZ8xzNUyn8VA5Oy3yQk79I9+Nk5EVKckci3FM2O5MoZiqg7cGZRHgBidsY3HIUwUOt65VP314A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2413 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 12/7/20 8:44 PM, Laszlo Ersek wrote: > On 12/04/20 09:10, Ashish Kalra wrote: >> On Fri, Dec 04, 2020 at 04:50:05AM +0100, Laszlo Ersek wrote: >>> On 12/04/20 01:03, Ashish Kalra wrote: >>>> From: Ashish Kalra >>>> >>>> By default all the SEV guest memory regions are considered encrypted, >>>> if a guest changes the encryption attribute of the page (e.g mark a >>>> page as decrypted) then notify hypervisor. Hypervisor will need to >>>> track the unencrypted pages. The information will be used during >>>> guest live migration, guest page migration and guest debugging. >>>> >>>> The patch-set also adds a new SEV and SEV-ES hypercall abstraction >>>> library to support SEV Page encryption/decryption status hypercalls >>>> for SEV and SEV-ES guests. >>>> >>>> BaseMemEncryptSevLib invokes hypercalls via this new hypercall library. >>>> >>>> A branch containing these patches is available here: >>>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fashkalra%2Fedk2%2Ftree%2Fsev_page_encryption_bitmap_v3&data=04%7C01%7Cbrijesh.singh%40amd.com%7C13b084db30e246f25b3f08d89b233f99%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637429922982198583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wuYFXFyBtwZWSWOCb3OYK8I7MDFAxId%2BC63fsa0XcjQ%3D&reserved=0 >>>> >>>> Changes since v2: >>>> - GHCB_BASE setup during reset-vector as decrypted is marked explicitly >>>> in the hypervisor page encryption bitmap after setting the >>>> PcdSevEsIsEnabled PCD. >>>> >>>> Changes since v1: >>>> - Mark GHCB_BASE setup during reset-vector as decrypted explicitly in >>>> the hypervisor page encryption bitmap. >>>> - Resending the series with correct shallow threading. >>>> >>>> Ashish Kalra (2): >>>> OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. >>>> OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap. >>>> >>>> Brijesh Singh (1): >>>> OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall >>>> >>>> .../Include/Library/MemEncryptHypercallLib.h | 37 ++++++ >>>> .../BaseMemEncryptSevLib.inf | 1 + >>>> .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 +++ >>>> .../MemEncryptHypercallLib.c | 105 ++++++++++++++++++ >>>> .../MemEncryptHypercallLib.inf | 39 +++++++ >>>> .../X64/AsmHelperStub.nasm | 39 +++++++ >>>> OvmfPkg/OvmfPkgX64.dsc | 1 + >>>> OvmfPkg/PlatformPei/AmdSev.c | 10 ++ >>>> 8 files changed, 250 insertions(+) >>>> create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h >>>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c >>>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf >>>> create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm >>>> >>> I'll need some time to get to this series. >>> >>> I'm fairly certain though, from a quick skim, that this series breaks >>> all DSC files under OvmfPkg except X64. Please fix that. >>> >>> >> Ok thanks Laszlo, i will fix this. > Thanks. > > I can see a new comment for the series from Dov Murik, and I think > that's awesome. I'd welcome if there were lively exchanges around OVMF > patch sets. I'm selfish of course: I'd like to delegate reviews. > > So, on this patch set, I notice it does not add the new > (MemEncryptHypercallLib-related) files to Maintainers.txt, namely > section "OvmfPkg: SEV-related modules". > > Please include such a patch in v4 -- if Tom and Brijesh agree, I'd like > to put the new lib explicitly under their reviewership. I am okay with the ownership. > Also, I plan to review this series (v4, at this point) only for > formalities. I'd like to receive an R-b from Tom or Brijesh [*], and > another from Dov or a colleague at IBM, for this series; those together > should suffice for merging the library. Since this patch has dependency on HV feature, so I was going to review this patch after I see some confirmation coming from KVM upstream on the hypervcall approach. It appears that Sean may have some other ideas, so lets wait to hear those before we consider this patch. > > [*] Brijesh seems to be the original author of patch#2, so maybe Tom is > a better-poised reviewer for this. > > Thanks > Laszlo >