From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.47]) by mx.groups.io with SMTP id smtpd.web11.10981.1682003791620598870 for ; Thu, 20 Apr 2023 08:16:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Y0MQqXco; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.47, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P7mfKXgqLYIaycoAMMjw3leLZXx7oWVsrRc0LooHlzSq/DNEKj4jMDQjCvaCdXtekT0D/4o1N3TgzdCO7WtBglbZbxK5KuNAy/K7w2atIYQe3kjKp0ew7hoQScbb3hihLutKG0prM+Dd9P6m1c9mi25kycveQw1bo+RWLOy+mA9oocVXtDjJnT+m8BYfkCVGEgtCp+BLebr5mrlFIjygemzvJ7KM0TC8cVqt8gsp50rMruswziABwZzJ6h5IdxYHFcr7jHwZbDYxRgG4BwO8Dnn3ad+HBcM56UYt1f6KQSbBcRb3QGSsFq9qcZoAHQUEW3ROZxQxWiuoBeq/F9e94w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eepUWAeKO97vefA6LrCtOZFqAqdXl8w5EzXzsxlk9oQ=; b=aSbVhh46KEe049je3iJLXNzhcqzgPdPtbiipy19Y+Hd+aT+is/cUWW1iYhav19saYlkuHG+6Jds1JMJoC41mdv4Zw7l5C0NtDLHI2vC4I2gwpSeiUVlKjGAB+40Q+dGOA647CkchnHkywAf6LthNsjbcensfo1iOUE0XKfhw8YHmT1EJsc8bvOKOjbzx1UGwVU0LtXipiodasc+vw7BxMU3RbHtA+65MAOukrcg7R9VuNU/RRb/NAzFgb9K4vyRX4MHlIiVlHAFAcjZXde6XHImNi0bziamK/OMMkNXLvpObXsKZMAhY8m7mU+Q/ls5qghgcOp+93iIBj8WIGoMBfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eepUWAeKO97vefA6LrCtOZFqAqdXl8w5EzXzsxlk9oQ=; b=Y0MQqXco4CYWQtss1KLL6fk5MzOZsf9JJ4BqiLvsTPyxfyan3YQADi4Y6R1yJGa1m+uBFeMWo0EvBVi2r4NqjIx9yW4wsFNpNLPDUc/AVg/+r9lLQW+snT48dwIRCwp5IBY//sEnEHSCppy4vl7EHn8ny6/vu5UTcall+lP3eqE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DS7PR12MB6048.namprd12.prod.outlook.com (2603:10b6:8:9f::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.20; Thu, 20 Apr 2023 15:16:29 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648%7]) with mapi id 15.20.6319.022; Thu, 20 Apr 2023 15:16:29 +0000 Message-ID: Date: Thu, 20 Apr 2023 10:16:26 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest To: Gerd Hoffmann Cc: "Xu, Min M" , joeyli , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth References: <5d170680-0a9e-2d5f-ecc1-e9f587548e3c@amd.com> <7a06aa46-4c10-fc85-48a6-826a4d82991e@amd.com> <2xjjrifeaa7khaha4se7gs3hmtdz2kkg2dv4t7njwf5z5mbn2f@qb5s2k7c6225> <03fed1d7-cbd8-ee45-ebd8-8ecf60971e61@amd.com> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: SA0PR11CA0208.namprd11.prod.outlook.com (2603:10b6:806:1bc::33) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|DS7PR12MB6048:EE_ X-MS-Office365-Filtering-Correlation-Id: 7456d6fd-2e70-4de3-5c51-08db41b2379e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UWfhFRRz5THnI2u/L2JAjgNLC2pS4TL1rCgl6Ecroo7Q0LzroN1Vh3hFQJH81HmJQF+jinpYCsQZsfDUjmfqE9bRXvSFfE/OpSGy8crs1BNlF0+PiwXNb7eeqkNT6ogchdnJbxXfPlSP7DFmmxUzAg9zyi18LF9et/iydf13pCKudZ8wLu+OdSUx4g2MDYX/owxWNTD3vwUCJjtwi8/4Mz7Tyn09taLDM1Pd+2rRXEVWmJvdL+Ld8oQq0OAeT6sdQyXQe6pFZsSRRxP6LrFtFr74uqoe1t+L9hfKjZvEap9WTr1m2hgPeagsofwx0ULGVP1dq45aoyEuU/WrOS57Fdy3IwdrJ7K+E+H1ZxJmryIjAcNW7Q+tHfL2bbs6PNZfiC4aY1jwWGEcCNUbXbHp8FdKWv7u5Ioopq72dtz9CF/FWzmJvSi5kVQ78UsRt4VV/r5uPtm2JfprDbLbdPuh+oW1WbxMkSt/RaXztSeEDCs1WVdZLNmqY6pHHubkL4n1z+6ldRN9TK6cGzIwRErpq/xR+1PTGrB/oFAmxgRhLuShT/7HWLKTDP/zZKildhmMAYRgG65pP3nW3pPMrttWLIHpWLa4f0uHEGvjqdXmGoHCirm4JW88Ul9KLmQlVcb8XMiFwbO1YwMVeF1y8mkCdQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(4636009)(376002)(366004)(396003)(346002)(39860400002)(136003)(451199021)(2906002)(2616005)(478600001)(6666004)(86362001)(53546011)(31696002)(26005)(6506007)(6512007)(6486002)(36756003)(186003)(41300700001)(54906003)(8936002)(8676002)(38100700002)(31686004)(4326008)(66556008)(66476007)(83380400001)(66946007)(6916009)(316002)(5660300002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RXBlM0ZyYzhxZXJTQkNTeUh6YUZ3cUx3WVRJQWVjdkt3MDlocnRkNFBqcWxT?= =?utf-8?B?SWhaSkZvbzNYMHA1R25Oa3IrOHBHbXR4VERUNTF0bEQxZ3hmRXozcld1UlEy?= =?utf-8?B?THlYV2VVVkprSW1RWWRzZWhiTC9OQmJFaWpqNkxyUnpsMkNUNlJEcFc1Y1dx?= =?utf-8?B?SldRZHJxR3VlZEpGdDkxaHdBTy82MjdJK1VycnVlUkxTb2RWZ3BiaktWRExN?= =?utf-8?B?OVdBbDRtNzFWLzFaUmpLeWNsR3JjYVZPem9VejE4Z3dzL0NUK2lyNUhoMmNu?= =?utf-8?B?RVQ2QVNFOFFOOWxaOVpPZnY3Vk1mOHIrTlJydVBrbVEvcFo2UFJHWlkvSGl0?= =?utf-8?B?eXVxNjhxQ1Y2VE1ob2RWWkZkS1FOMi9YS2xNOXMxbkZuUi9MQ29KMzFIY1RW?= =?utf-8?B?Y2xwQkZHRHBHaHFURzBJNFZ4MmFKMXNrQjlBVG5ZMHJ1YVczOEJGOERVVHFG?= =?utf-8?B?TEx6VUhOVFlMT1R6UU9xeUE3UDF0bG9IK1g1SWlaRDhHYnYyVWF1eEVJYTg0?= =?utf-8?B?UmRBVWRWZ29lMUx6ZkhIM2VBd0doZVBJZ09xditzdFB2K2pVd090Y3dGc0tx?= =?utf-8?B?Mkk5WGNjUGxtWWhQRUVpMUxHT1pqeSsrVENJSUdJTXFrNnZqckxnOWwzeDRx?= =?utf-8?B?K2tTZXlwbjV0ckZsVHpnSDFNeUU1V2JLNUthaWozcXA2ZFNya0UyWnROajdp?= =?utf-8?B?eFpNbUR6RTZscTJ2QkdMa0c0ekN0ZnZDYUkvQmhMTGZ1YWdpZEN4WHpIc2hG?= =?utf-8?B?TjNpUDA4elpaNWxLZXR0NjNWTHVWRGpBZ0pMOEpiWVVqZCtYR01QNGtIK0Vo?= =?utf-8?B?MGlkWDdTVWhsQTUrNG1iNko0d2ZZd09vZFErVlVHTXBjd3hZZVlKTFBRYWxj?= =?utf-8?B?U3RRMElnTUhzQk9rSHowMjZnOGpmK0dZRUkxWjFkTEV2eHU1UUNpUThZN3lt?= =?utf-8?B?VUpiTDYxNlFNRGRBT3M0V3NoVVhobEZzcjZYMjRDRm9lanBJQmJlOFBJbjFz?= =?utf-8?B?eWxqc3p3Qm1OMVZqUlMzV0xuWTVNT28rNEI5REs4cXFKY1pyeVZtaVNoU201?= =?utf-8?B?ZnV6ZXlpM1JtdzJQOHJkWTg4S1kwZGUzTDhlTmNNYUhXOXVRRk8xdkFrdlpo?= =?utf-8?B?RHBkQUZEY0pLbUVyL0VTVFF0UUNlcS9SL3YrREJvVDNGVWREUHNYNFBKdlJS?= =?utf-8?B?UWsyWkxmMzY2c2d1SnJES2xHRWZzUEs1bjNQV3NpTXRLU1dxenNHbUQyTmw5?= =?utf-8?B?N0tVRGlVbFgwVlM2Z2s2KzMrU3FoczVNZE5lZVlJTG1uczN4emtNZHhNdEho?= =?utf-8?B?a3F1bTJUWnoweENJcVRWRGIzRi9uTnZwNTBoT3FVVFVKdkxiYnJjU1RpdzhB?= =?utf-8?B?M2lKRDViZjAyNWJ0NVA2SlZVd0dPU2k5MWRjTXUzdE0zaHY4cDRrNExYejgx?= =?utf-8?B?eWh1MDFhNVZkdStnM0REN2dvbVZOTGVKTWIwUktiOGcxQ3pKVkNDMXhvRksz?= =?utf-8?B?RGNlRndNR25MNzZYZTVENytOdHdsUzdNc3BjS1BBTlpzanlrWWNlZTJyUGox?= =?utf-8?B?Ri94Q1NQZVhUeWxyaDZqdFlNU2xjVFJoejAzMXVVT21LNEo4eGkwbWlLMnJX?= =?utf-8?B?UlRWbVNqTFJ1V0dXazdOeVNua0p1RjFSUFRDN3RwZGxoazNlNDJ1d1dYbjdw?= =?utf-8?B?eDg3cGlmMGlzYTdFaEpvSm1yTFp5eldocUxXSXJUVkNYbllQOGFEQllra1kz?= =?utf-8?B?dm55RG1vakxwMGFPa3IxSTRTZy9xUHN3N2xRK3JDVnAvc1dwVnVWdDQ5Q3pH?= =?utf-8?B?QlRTOU0xT2lTV040czUrc2tWejd5VkVBWm9DWU1BUWUreTN3REdjam5RdVc0?= =?utf-8?B?MW42S1JsRkd3UzdkOFczNUthQ2F0d0l0cHZiZ3Y2bmpPTFlEeVpnNThkbS9Y?= =?utf-8?B?UVN0U3dsa0tNOEI4Y0lvS01HSFhhU3ByVWNHTDJNanhaTEZ2MFV1Z2RwOGNM?= =?utf-8?B?RTg1aUk2aWttdENodThvKy83bVgyVit3V09laldZWmtqSENYUGJLdXdZU1RZ?= =?utf-8?B?SjU0aDQyd2xLNUtuS0g4L215VXdjdzhEZ0JkdSthcGJWQ3oyQlhyWGVodjl1?= =?utf-8?Q?mx3wLAmoPlobFa4qRMMfqBeld?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7456d6fd-2e70-4de3-5c51-08db41b2379e X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2023 15:16:29.8066 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HuNjZqPkKEbuD0eM9Epsj+qTpYzRjNauHPMw0MUMroCKaxMzgcdC0+B9eOHHF0RSbG1W7/1b82wwYogmpoFgPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6048 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/14/23 05:20, Gerd Hoffmann wrote: > Hi, > >> -drive if=pflash,format=raw,unit=0,file=/root/kernels/qemu-install/OVMF_CODE.fd,readonly=on >> -drive if=pflash,format=raw,unit=1,file=./fedora.fd > >> In this case, only OVMF_CODE.fd will be encrypted. >> The fedora.fd (OVMF_VARS.fd) will be unencrypted. > >> -drive if=pflash,format=raw,unit=0,file=/root/kernels/qemu-install/OVMF.fd,readonly=on > >> In this case, OVMF.fd will be encrypted, which includes the now memory >> backed variable store. > >>> Can AmdSevInitialize() setup the mappings? >> >> Is there a way to tell when OVMF.fd vs OVMF_VARS.fd/OVMF_CODE.fd is used? > > Hmm, good question. Can the guest figure what memory ranges are part > of the launch measurement? > > I have a patch here (attached below) which refines flash detection and > can detect whenever varstore flash is writable or not. I suspect that > doesn't help much though as flash probing requires mappings already > being correct. Sorry for the delay, but, yeah, doesn't help. SEV and SEV-ES assert and SEV-SNP terminates because of accessing a shared page (in the RMP) as a private page (we don't support the generated 0x404 error code in the #VC handler). Thanks, Tom > > take care, > Gerd > > commit fdab276a9f8a25f505b083b5e15180d093f515e3 > Author: Gerd Hoffmann > Date: Tue Apr 4 11:25:37 2023 +0200 > > OvmfPkg/QemuFlashFvbServicesRuntimeDxe: refine flash detection > > diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c > index 82b2b70441bf..c088d560f829 100644 > --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c > +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c > @@ -118,8 +118,17 @@ QemuFlashDetected ( > *Ptr = OriginalUint8; > } else if (ProbeUint8 == CLEARED_ARRAY_STATUS) { > DEBUG ((DEBUG_INFO, "QemuFlashDetected => FD behaves as FLASH\n")); > - FlashDetected = TRUE; > - *Ptr = READ_ARRAY_CMD; > + *Ptr = WRITE_BYTE_CMD; > + *Ptr = OriginalUint8; > + *Ptr = READ_STATUS_CMD; > + ProbeUint8 = *Ptr; > + if (ProbeUint8 & 0x10 /* programming error */) { > + DEBUG ((DEBUG_INFO, "QemuFlashDetected => FLASH is readonly\n")); > + } else { > + DEBUG ((DEBUG_INFO, "QemuFlashDetected => FLASH is writable\n")); > + FlashDetected = TRUE; > + } > + *Ptr = READ_ARRAY_CMD; > } > } > >