From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.47])
by mx.groups.io with SMTP id smtpd.web11.10981.1682003791620598870
for <devel@edk2.groups.io>;
Thu, 20 Apr 2023 08:16:31 -0700
Authentication-Results: mx.groups.io;
dkim=pass header.i=@amd.com header.s=selector1 header.b=Y0MQqXco;
spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.47, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=P7mfKXgqLYIaycoAMMjw3leLZXx7oWVsrRc0LooHlzSq/DNEKj4jMDQjCvaCdXtekT0D/4o1N3TgzdCO7WtBglbZbxK5KuNAy/K7w2atIYQe3kjKp0ew7hoQScbb3hihLutKG0prM+Dd9P6m1c9mi25kycveQw1bo+RWLOy+mA9oocVXtDjJnT+m8BYfkCVGEgtCp+BLebr5mrlFIjygemzvJ7KM0TC8cVqt8gsp50rMruswziABwZzJ6h5IdxYHFcr7jHwZbDYxRgG4BwO8Dnn3ad+HBcM56UYt1f6KQSbBcRb3QGSsFq9qcZoAHQUEW3ROZxQxWiuoBeq/F9e94w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=eepUWAeKO97vefA6LrCtOZFqAqdXl8w5EzXzsxlk9oQ=;
b=aSbVhh46KEe049je3iJLXNzhcqzgPdPtbiipy19Y+Hd+aT+is/cUWW1iYhav19saYlkuHG+6Jds1JMJoC41mdv4Zw7l5C0NtDLHI2vC4I2gwpSeiUVlKjGAB+40Q+dGOA647CkchnHkywAf6LthNsjbcensfo1iOUE0XKfhw8YHmT1EJsc8bvOKOjbzx1UGwVU0LtXipiodasc+vw7BxMU3RbHtA+65MAOukrcg7R9VuNU/RRb/NAzFgb9K4vyRX4MHlIiVlHAFAcjZXde6XHImNi0bziamK/OMMkNXLvpObXsKZMAhY8m7mU+Q/ls5qghgcOp+93iIBj8WIGoMBfg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=eepUWAeKO97vefA6LrCtOZFqAqdXl8w5EzXzsxlk9oQ=;
b=Y0MQqXco4CYWQtss1KLL6fk5MzOZsf9JJ4BqiLvsTPyxfyan3YQADi4Y6R1yJGa1m+uBFeMWo0EvBVi2r4NqjIx9yW4wsFNpNLPDUc/AVg/+r9lLQW+snT48dwIRCwp5IBY//sEnEHSCppy4vl7EHn8ny6/vu5UTcall+lP3eqE=
Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=amd.com;
Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12)
by DS7PR12MB6048.namprd12.prod.outlook.com (2603:10b6:8:9f::5) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6319.20; Thu, 20 Apr 2023 15:16:29 +0000
Received: from DM4PR12MB5229.namprd12.prod.outlook.com
([fe80::ea32:baf8:cc85:9648]) by DM4PR12MB5229.namprd12.prod.outlook.com
([fe80::ea32:baf8:cc85:9648%7]) with mapi id 15.20.6319.022; Thu, 20 Apr 2023
15:16:29 +0000
Message-ID: <eff2d185-c20c-7d01-8970-5aa0a008afc0@amd.com>
Date: Thu, 20 Apr 2023 10:16:26 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.9.0
Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: "Xu, Min M" <min.m.xu@intel.com>, joeyli <jlee@suse.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Aktas, Erdem" <erdemaktas@google.com>, James Bottomley
<jejb@linux.ibm.com>, "Yao, Jiewen" <jiewen.yao@intel.com>,
Michael Roth <michael.roth@amd.com>
References: <PH0PR11MB5064B1575F38459DE8989675C5919@PH0PR11MB5064.namprd11.prod.outlook.com>
<5d170680-0a9e-2d5f-ecc1-e9f587548e3c@amd.com>
<PH0PR11MB50645A2DFD5D861D9D5194C4C5969@PH0PR11MB5064.namprd11.prod.outlook.com>
<7a06aa46-4c10-fc85-48a6-826a4d82991e@amd.com>
<shlx36de2yoszmxy3wuapqsjek3uqtmg6xgqkw76ihstu2qysq@h5dabwczhcxk>
<a4c50453-db09-22e4-4f12-1465d7a7500d@amd.com>
<2xjjrifeaa7khaha4se7gs3hmtdz2kkg2dv4t7njwf5z5mbn2f@qb5s2k7c6225>
<03fed1d7-cbd8-ee45-ebd8-8ecf60971e61@amd.com>
<ujqoq42nx67qyjcujfoyoa3aid66hwga7j2klzbv3c4xjg2qj2@btai6jne2j54>
<c5a1ce9d-47b9-0afd-3f27-ce073ae44360@amd.com>
<gux3maqgxayg6r6wvi4ucbypfsvcbu4smsbvwrjtiggzukltd4@qh53i4jlbxun>
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
In-Reply-To: <gux3maqgxayg6r6wvi4ucbypfsvcbu4smsbvwrjtiggzukltd4@qh53i4jlbxun>
X-ClientProxiedBy: SA0PR11CA0208.namprd11.prod.outlook.com
(2603:10b6:806:1bc::33) To DM4PR12MB5229.namprd12.prod.outlook.com
(2603:10b6:5:398::12)
Return-Path: Thomas.Lendacky@amd.com
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|DS7PR12MB6048:EE_
X-MS-Office365-Filtering-Correlation-Id: 7456d6fd-2e70-4de3-5c51-08db41b2379e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
UWfhFRRz5THnI2u/L2JAjgNLC2pS4TL1rCgl6Ecroo7Q0LzroN1Vh3hFQJH81HmJQF+jinpYCsQZsfDUjmfqE9bRXvSFfE/OpSGy8crs1BNlF0+PiwXNb7eeqkNT6ogchdnJbxXfPlSP7DFmmxUzAg9zyi18LF9et/iydf13pCKudZ8wLu+OdSUx4g2MDYX/owxWNTD3vwUCJjtwi8/4Mz7Tyn09taLDM1Pd+2rRXEVWmJvdL+Ld8oQq0OAeT6sdQyXQe6pFZsSRRxP6LrFtFr74uqoe1t+L9hfKjZvEap9WTr1m2hgPeagsofwx0ULGVP1dq45aoyEuU/WrOS57Fdy3IwdrJ7K+E+H1ZxJmryIjAcNW7Q+tHfL2bbs6PNZfiC4aY1jwWGEcCNUbXbHp8FdKWv7u5Ioopq72dtz9CF/FWzmJvSi5kVQ78UsRt4VV/r5uPtm2JfprDbLbdPuh+oW1WbxMkSt/RaXztSeEDCs1WVdZLNmqY6pHHubkL4n1z+6ldRN9TK6cGzIwRErpq/xR+1PTGrB/oFAmxgRhLuShT/7HWLKTDP/zZKildhmMAYRgG65pP3nW3pPMrttWLIHpWLa4f0uHEGvjqdXmGoHCirm4JW88Ul9KLmQlVcb8XMiFwbO1YwMVeF1y8mkCdQ==
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(4636009)(376002)(366004)(396003)(346002)(39860400002)(136003)(451199021)(2906002)(2616005)(478600001)(6666004)(86362001)(53546011)(31696002)(26005)(6506007)(6512007)(6486002)(36756003)(186003)(41300700001)(54906003)(8936002)(8676002)(38100700002)(31686004)(4326008)(66556008)(66476007)(83380400001)(66946007)(6916009)(316002)(5660300002)(45980500001)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
=?utf-8?B?RXBlM0ZyYzhxZXJTQkNTeUh6YUZ3cUx3WVRJQWVjdkt3MDlocnRkNFBqcWxT?=
=?utf-8?B?SWhaSkZvbzNYMHA1R25Oa3IrOHBHbXR4VERUNTF0bEQxZ3hmRXozcld1UlEy?=
=?utf-8?B?THlYV2VVVkprSW1RWWRzZWhiTC9OQmJFaWpqNkxyUnpsMkNUNlJEcFc1Y1dx?=
=?utf-8?B?SldRZHJxR3VlZEpGdDkxaHdBTy82MjdJK1VycnVlUkxTb2RWZ3BiaktWRExN?=
=?utf-8?B?OVdBbDRtNzFWLzFaUmpLeWNsR3JjYVZPem9VejE4Z3dzL0NUK2lyNUhoMmNu?=
=?utf-8?B?RVQ2QVNFOFFOOWxaOVpPZnY3Vk1mOHIrTlJydVBrbVEvcFo2UFJHWlkvSGl0?=
=?utf-8?B?eXVxNjhxQ1Y2VE1ob2RWWkZkS1FOMi9YS2xNOXMxbkZuUi9MQ29KMzFIY1RW?=
=?utf-8?B?Y2xwQkZHRHBHaHFURzBJNFZ4MmFKMXNrQjlBVG5ZMHJ1YVczOEJGOERVVHFG?=
=?utf-8?B?TEx6VUhOVFlMT1R6UU9xeUE3UDF0bG9IK1g1SWlaRDhHYnYyVWF1eEVJYTg0?=
=?utf-8?B?UmRBVWRWZ29lMUx6ZkhIM2VBd0doZVBJZ09xditzdFB2K2pVd090Y3dGc0tx?=
=?utf-8?B?Mkk5WGNjUGxtWWhQRUVpMUxHT1pqeSsrVENJSUdJTXFrNnZqckxnOWwzeDRx?=
=?utf-8?B?K2tTZXlwbjV0ckZsVHpnSDFNeUU1V2JLNUthaWozcXA2ZFNya0UyWnROajdp?=
=?utf-8?B?eFpNbUR6RTZscTJ2QkdMa0c0ekN0ZnZDYUkvQmhMTGZ1YWdpZEN4WHpIc2hG?=
=?utf-8?B?TjNpUDA4elpaNWxLZXR0NjNWTHVWRGpBZ0pMOEpiWVVqZCtYR01QNGtIK0Vo?=
=?utf-8?B?MGlkWDdTVWhsQTUrNG1iNko0d2ZZd09vZFErVlVHTXBjd3hZZVlKTFBRYWxj?=
=?utf-8?B?U3RRMElnTUhzQk9rSHowMjZnOGpmK0dZRUkxWjFkTEV2eHU1UUNpUThZN3lt?=
=?utf-8?B?VUpiTDYxNlFNRGRBT3M0V3NoVVhobEZzcjZYMjRDRm9lanBJQmJlOFBJbjFz?=
=?utf-8?B?eWxqc3p3Qm1OMVZqUlMzV0xuWTVNT28rNEI5REs4cXFKY1pyeVZtaVNoU201?=
=?utf-8?B?ZnV6ZXlpM1JtdzJQOHJkWTg4S1kwZGUzTDhlTmNNYUhXOXVRRk8xdkFrdlpo?=
=?utf-8?B?RHBkQUZEY0pLbUVyL0VTVFF0UUNlcS9SL3YrREJvVDNGVWREUHNYNFBKdlJS?=
=?utf-8?B?UWsyWkxmMzY2c2d1SnJES2xHRWZzUEs1bjNQV3NpTXRLU1dxenNHbUQyTmw5?=
=?utf-8?B?N0tVRGlVbFgwVlM2Z2s2KzMrU3FoczVNZE5lZVlJTG1uczN4emtNZHhNdEho?=
=?utf-8?B?a3F1bTJUWnoweENJcVRWRGIzRi9uTnZwNTBoT3FVVFVKdkxiYnJjU1RpdzhB?=
=?utf-8?B?M2lKRDViZjAyNWJ0NVA2SlZVd0dPU2k5MWRjTXUzdE0zaHY4cDRrNExYejgx?=
=?utf-8?B?eWh1MDFhNVZkdStnM0REN2dvbVZOTGVKTWIwUktiOGcxQ3pKVkNDMXhvRksz?=
=?utf-8?B?RGNlRndNR25MNzZYZTVENytOdHdsUzdNc3BjS1BBTlpzanlrWWNlZTJyUGox?=
=?utf-8?B?Ri94Q1NQZVhUeWxyaDZqdFlNU2xjVFJoejAzMXVVT21LNEo4eGkwbWlLMnJX?=
=?utf-8?B?UlRWbVNqTFJ1V0dXazdOeVNua0p1RjFSUFRDN3RwZGxoazNlNDJ1d1dYbjdw?=
=?utf-8?B?eDg3cGlmMGlzYTdFaEpvSm1yTFp5eldocUxXSXJUVkNYbllQOGFEQllra1kz?=
=?utf-8?B?dm55RG1vakxwMGFPa3IxSTRTZy9xUHN3N2xRK3JDVnAvc1dwVnVWdDQ5Q3pH?=
=?utf-8?B?QlRTOU0xT2lTV040czUrc2tWejd5VkVBWm9DWU1BUWUreTN3REdjam5RdVc0?=
=?utf-8?B?MW42S1JsRkd3UzdkOFczNUthQ2F0d0l0cHZiZ3Y2bmpPTFlEeVpnNThkbS9Y?=
=?utf-8?B?UVN0U3dsa0tNOEI4Y0lvS01HSFhhU3ByVWNHTDJNanhaTEZ2MFV1Z2RwOGNM?=
=?utf-8?B?RTg1aUk2aWttdENodThvKy83bVgyVit3V09laldZWmtqSENYUGJLdXdZU1RZ?=
=?utf-8?B?SjU0aDQyd2xLNUtuS0g4L215VXdjdzhEZ0JkdSthcGJWQ3oyQlhyWGVodjl1?=
=?utf-8?Q?mx3wLAmoPlobFa4qRMMfqBeld?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7456d6fd-2e70-4de3-5c51-08db41b2379e
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2023 15:16:29.8066
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: HuNjZqPkKEbuD0eM9Epsj+qTpYzRjNauHPMw0MUMroCKaxMzgcdC0+B9eOHHF0RSbG1W7/1b82wwYogmpoFgPg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6048
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
On 4/14/23 05:20, Gerd Hoffmann wrote:
> Hi,
>
>> -drive if=pflash,format=raw,unit=0,file=/root/kernels/qemu-install/OVMF_CODE.fd,readonly=on
>> -drive if=pflash,format=raw,unit=1,file=./fedora.fd
>
>> In this case, only OVMF_CODE.fd will be encrypted.
>> The fedora.fd (OVMF_VARS.fd) will be unencrypted.
>
>> -drive if=pflash,format=raw,unit=0,file=/root/kernels/qemu-install/OVMF.fd,readonly=on
>
>> In this case, OVMF.fd will be encrypted, which includes the now memory
>> backed variable store.
>
>>> Can AmdSevInitialize() setup the mappings?
>>
>> Is there a way to tell when OVMF.fd vs OVMF_VARS.fd/OVMF_CODE.fd is used?
>
> Hmm, good question. Can the guest figure what memory ranges are part
> of the launch measurement?
>
> I have a patch here (attached below) which refines flash detection and
> can detect whenever varstore flash is writable or not. I suspect that
> doesn't help much though as flash probing requires mappings already
> being correct.
Sorry for the delay, but, yeah, doesn't help. SEV and SEV-ES assert and
SEV-SNP terminates because of accessing a shared page (in the RMP) as a
private page (we don't support the generated 0x404 error code in the #VC
handler).
Thanks,
Tom
>
> take care,
> Gerd
>
> commit fdab276a9f8a25f505b083b5e15180d093f515e3
> Author: Gerd Hoffmann <kraxel@redhat.com>
> Date: Tue Apr 4 11:25:37 2023 +0200
>
> OvmfPkg/QemuFlashFvbServicesRuntimeDxe: refine flash detection
>
> diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
> index 82b2b70441bf..c088d560f829 100644
> --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
> +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
> @@ -118,8 +118,17 @@ QemuFlashDetected (
> *Ptr = OriginalUint8;
> } else if (ProbeUint8 == CLEARED_ARRAY_STATUS) {
> DEBUG ((DEBUG_INFO, "QemuFlashDetected => FD behaves as FLASH\n"));
> - FlashDetected = TRUE;
> - *Ptr = READ_ARRAY_CMD;
> + *Ptr = WRITE_BYTE_CMD;
> + *Ptr = OriginalUint8;
> + *Ptr = READ_STATUS_CMD;
> + ProbeUint8 = *Ptr;
> + if (ProbeUint8 & 0x10 /* programming error */) {
> + DEBUG ((DEBUG_INFO, "QemuFlashDetected => FLASH is readonly\n"));
> + } else {
> + DEBUG ((DEBUG_INFO, "QemuFlashDetected => FLASH is writable\n"));
> + FlashDetected = TRUE;
> + }
> + *Ptr = READ_ARRAY_CMD;
> }
> }
>
>