From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-BN3-obe.outbound.protection.outlook.com (NAM04-BN3-obe.outbound.protection.outlook.com [40.107.68.46]) by mx.groups.io with SMTP id smtpd.web10.118.1589314212923685688 for ; Tue, 12 May 2020 13:10:13 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=mPgL+3hE; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.68.46, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JuvfTdRpJZj6iQ8IBv/A3/j4yylm9vqyhVoMiaiAaNOj3M9EIajq0K4s2XRqQbBM+gVv20iiNiK9eUHb9vvvW1ZX8ySCZbn2VSmiUGR1vVkC5K34hSDqpUB8wG+KFg5vJ+hceb1am/BLazESzgoIbo0dsnKeL9rDZFDjRjiSrHzWmcTpec41Ej2B1BosUAYgquwomYsFCe+uNLNMb8rK9CBE03mNB5YNz5qudnMw6QgsAmr5onwwhj7O02sqRvYQpiXHh6JyEhQEob6jAwaq1FGsZzRcE2bRb1gpyagntPVZp7SzRabebCSsGIs4zAb/SAJHWZmoNmpvAuJ637y8Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=29R8PF4qVyxiL5RVfSb1GOByDVwgPYB70v3Wo3KtmBQ=; b=auvpiGBkjZn4fO8jXEsjt9dMtzQ750/QgUz1f/9hMtGSJ6imSdt37W/Pz/i9hIvw0BpzUxxe8X4+OeJzULadXwJwIWc5hjwJgJWMIe0nCrDAP/lkLBtHiPyPn+dlFEQBdoxJWUaD1Sn7Ca4kLizRIl2OgsnfH61KyZTe2s8y+f7JnP4iQ0epbg29WBDULNs/COYTeMubbBCEdRgrXWXWatRwm0qI717XOooqe4bJ9xzG6A+W93HEcRUv/dZWr1axjKQZ5zG6yUEDC8l10FChxcjBSVir26qU95hpaXc+BGXUH9sz1UvkJ2JVoK+/SZh5/BGocWjF+ugCkqzI5w6ssA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=29R8PF4qVyxiL5RVfSb1GOByDVwgPYB70v3Wo3KtmBQ=; b=mPgL+3hEr4Xb2AN7KEtUM+T9IKDA78M7jmN83iARGQ4eqV9QAOIyyIhro3p/IrYSZjsF99Gcplw2eteU929RYElIBzy0TCNtSGlTqvYh+ElVGlHkvC9isbWDgtZdr83+i0OW7XReejImOOi3PPvTJRb/RoE+PfzOtsoLrDIYKEA= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB2360.namprd12.prod.outlook.com (2603:10b6:4:bb::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.34; Tue, 12 May 2020 20:10:10 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.2979.033; Tue, 12 May 2020 20:10:10 +0000 Subject: Re: [edk2-devel] [PATCH v7 00/43] SEV-ES guest support From: "Lendacky, Thomas" To: Andrew Fish , devel@edk2.groups.io CC: "Ni, Ray" , Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Mike Kinney , "Gao, Liming" , "Dong, Eric" , Brijesh Singh , "You, Benjamin" , "Bi, Dandan" , "Dong, Guo" , "Wu, Hao A" , "Wang, Jian J" , "Ma, Maurice" References: <4da69262-e6a8-1374-2853-dab2a8f193d3@amd.com> <734D49CCEBEEF84792F5B80ED585239D5C530D55@SHSMSX104.ccr.corp.intel.com> <0392c73c-dc2f-0117-1952-532e33c9948c@amd.com> <59567653-77fd-f9b2-e030-284eb5528b23@amd.com> Message-ID: Date: Tue, 12 May 2020 15:10:07 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: <59567653-77fd-f9b2-e030-284eb5528b23@amd.com> X-ClientProxiedBy: SN1PR12CA0107.namprd12.prod.outlook.com (2603:10b6:802:21::42) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN1PR12CA0107.namprd12.prod.outlook.com (2603:10b6:802:21::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 20:10:08 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: efc9d177-b6b4-4328-f353-08d7f6b078ef X-MS-TrafficTypeDiagnostic: DM5PR12MB2360:|DM5PR12MB2360: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 0401647B7F X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SJxKta2KpPEOvboiA/mketnsV7BKEQjFxqK9rw7twBJuOxJRgQA6eQWWuv8Bzm/xoOQcOHClGn0LWQHqTza4nD8voMwvJYESPgnm5LZV3tMo92AIcwMKCqwiduzhqC5Os2tlfejPgamR6X0Rr3olxX9Dq++f3IEaBraaiqcbE1P++53ObQFXUBM++4Mb4aft7XOzaLiHdRN+AOddtJpXPEFfley6zIQ4EnxnMxq/wPNPGX3Mmm+q6Qucq14KXLOYEMmamGfHPYx0nDQ6SfUtLIavnT68iA1l0rGe9gD2Cvm+o4HgBj/ff0xVYvPkBmC7ofPrKZtPpTFvrS/TQql7r38fOoAaMeTkQcBPUzw289T/ZoDJaZD4fcwsax47x/Cv/14ra55Jo0sBZ9/Pu9BxFcy1Iwk/fSRQ1l09JYXGbRrlzCpns16XpEJ5bCGoi/yQtFURKhqok4mkvhROgbZ4kt2xPqK+ucgf8ILctaGKcPO85lYJnRqJh5/cvq7y0TXkQsHOh44O4uginfQA+M2byx3N853fhXMwmmtpmUWPFnBsLUBjKoj6oACkYz4zLlMMt2MRuU3ciIx1xbF2shGFb7YzI5oCnxXJu8FnbknfVPzB24UhQoTPuINShQ6wp3MkmOWO05Ts/OEFkUetQ4smuQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(396003)(346002)(376002)(366004)(39860400002)(33430700001)(54906003)(5660300002)(8676002)(8936002)(16526019)(186003)(52116002)(31686004)(26005)(33440700001)(86362001)(36756003)(2906002)(31696002)(30864003)(6512007)(4326008)(45080400002)(966005)(6486002)(316002)(6506007)(53546011)(66946007)(66556008)(7416002)(66476007)(478600001)(19627235002)(2616005)(956004)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: wA/c32xfE3UUWkYd8rHlYBmQHhHonr6Pa4BHtjHW48MjRGBXVe4kIncoEpF7xwc8zO+0EA8tXBzmakp/m1aF870HkNgXXBy/q5kI9IcI/6/wHuO9GYEs5zpV9CASIKRmNX5A/xr2DTywEpk9oxTINv14YQ5Q6VQWHobPoRBEmGvUzbpFi82H6R4bzzZr7UlB2QOVDaaGvjZSCu9vKjjLHj2Sx5Zfx3we+0IBqb/nXYGaiS64+/K8juVuX/xR2QeohIRAoe3hAQ4bzHxN0CFDCWQRFwI+QkY8WGdH/6Rb3BNFn/I6yCAn4fHulDTfgGvai7kUVACk9SYHeGmu+3SXEMlMTh9/PZ+w3o/HjHAqdyLNFY7YMP/r1xyb6rShlfLWAqpdPmmkFeBCnwCKwauVSUlHxq4b3oexiMpzguzC+4s2cGI9Y7kP3FtRonVLe6YXy4WwLznsC3aTMWQF3GR/KdIzrTDms4NkxOYEuVEHIcU= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: efc9d177-b6b4-4328-f353-08d7f6b078ef X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 20:10:10.4370 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Rpq+bXdwezPeCbMd94QRcGQRTl2BVWPLnlhU9IbIXy2fCzTnIsMl5JMPdz8rb4zTdWq0t0InAc6dhDNImgDpkA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB2360 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 5/12/20 12:44 PM, Tom Lendacky wrote: > On 5/12/20 11:49 AM, Tom Lendacky wrote: >> On 5/9/20 2:09 PM, Andrew Fish wrote: >>> >>> >>>> On May 9, 2020, at 7:34 AM, Lendacky, Thomas >>> > wrote: >>>> >>>> On 5/9/20 1:44 AM, Ni, Ray wrote: >>>>> Tom, >>>> >>>> Hi Ray, >>>> >>>>> I have a bit concern on your change that directly modifies=20 >>>>> CpuExceptionHandlerLib to handle >>>>> exception #29. Today's CpuExceptionHandlerLib simplify dumps the=20 >>>>> exception context for >>>>> every exception. Any component which wants to do specific handling o= f=20 >>>>> certain exceptions >>>>> should call RegisterCpuInterruptHandler(). Such as code in CpuDxe=20 >>>>> driver: >>>>> =A0=A0if (HEAP_GUARD_NONSTOP_MODE || NULL_DETECTION_NONSTOP_MODE) { >>>>> =A0=A0=A0=A0RegisterCpuInterruptHandler (EXCEPT_IA32_DEBUG,=20 >>>>> DebugExceptionHandler); >>>>> =A0=A0=A0=A0RegisterCpuInterruptHandler (EXCEPT_IA32_PAGE_FAULT,=20 >>>>> PageFaultExceptionHandler); >>>>> =A0=A0} >>>>> Is it possible for your feature to follow the same pattern? >>>> >>>> There are two problems: >>>> >>>> The first is that RegisterCpuInterruptHandler() is not implemented fo= r=20 >>>> both the SEC and PEI phases, so it is not currently possible to=20 >>>> register a handler that early. >>>> >>>> The second is that I need to be able to propagate an exception reques= t=20 >>>> from the hypervisor. With the current implementation there doesn't=20 >>>> appear to be an easy way to perform this propagation. >>>> >>>> If there's a way to accomplish both of the above I wouldn't be oppose= d=20 >>>> to using RegisterCpuInterruptHandler() as long as there are no #VCs= =20 >>>> that can occur between initializing exception handling and and=20 >>>> registering the #VC handler. >>>> >>> >>> Thomas, >>> >>> As you point out it is tricky dealing with XIP code. You can't have=20 >>> globals that you can write and generally you use a PEI service to look= = =20 >>> tings up, the most common thing being using a HOB. But SEC has no=20 >>> services and I'm not sure you really want to be calling into the PEI= =20 >>> Core on a random =A0exception. >>> >>> Here are the best options that popped into my head after reading your= =20 >>> email >>> 1) IDT in RAM >>> If your code populates the IDT the IDTR gives you access to the addres= s=20 >>> of the IDTR via an instruction. The PI Spec reserves IDT - sizeof=20 >>> (UNITN) for a cached copy of the PEI Services Table, but otther than= =20 >>> that you are good to go. It should be possible to have a global so you= = =20 >>> can have the table required to implement RegisterCpuInterruptHandler()= .=20 >>> There might be some usage =A0of IDT - ( 2* sizeof(UINTN)), I know I'm= =20 >>> guilty, so storing data after the IDT would be a good option. In=20 >>> general if your code allocates the memory for the IDT then you can=20 >>> treat the IDT as part of your private context data structure and that= =20 >>> gives you access >>> >>> 2) IDT in ROM. >>> For this it seems like you need a library to link in to=20 >>> the=A0CpuExceptionHandlerLib that allows you to override the handler. = If=20 >>> CpuInterruptHandlerOverride() returns NULL you do the current behavior= = =20 >>> if not NULL then you call the returned handler. >>> >>> EFI_CPU_INTERRUPT_HANDLER >>> EFIAPI >>> OverrideCpuInterruptHandler ( >>> =A0=A0=A0IN EFI_EXCEPTION_TYPE =A0 =A0 =A0 =A0 =A0 =A0InterruptType >>> =A0=A0 ); >> >> I like the override idea in general, if that works for everyone. There= =20 >> could be a NULL instance that never overrides the exception. Then it ca= n=20 >> be implemented by those packages that need it. In this case a library= =20 >> can be created in OvmfPkg that provides an override for #VC and the=20 >> override return code can determine if further processing is performed. >=20 > Hmm... so the problem is that EFI_CPU_INTERRUPT_HANDLER does not return = a=20 > value. So maybe just create an override type specific to the override=20 > library? I don't think that would present any issues. >=20 > =A0 typedef > =A0 EFI_STATUS > =A0 (EFIAPI *CPU_INTERRUPT_OVERRRIDE) ( > =A0=A0=A0 IN EFI_EXCEPTION_TYPE=A0 ExceptionType, > =A0=A0=A0 IN EFI_SYSTEM_CONTEXT=A0 SystemContext > =A0=A0=A0 ); >=20 > =A0 CPU_INTERRUPT_OVERRIDE > =A0 EFIAPI > =A0 OverrideCpuInterruptHandler ( > =A0=A0=A0 IN EFI_EXCEPTION_TYPE=A0 ExceptionType, > =A0=A0=A0 IN EFI_SYSTEM_CONTEXT=A0 SystemContext > =A0=A0=A0 ); Then again, you don't need two routines to do this. Just have the return= =20 code from the OverrideCpuInterruptHandler() indicate whether it was=20 overridden or not. Thanks, Tom >=20 > Thanks, > Tom >=20 >> >> Thanks, >> Tom >> >>> >>> Thanks, >>> >>> Andrew Fish >>> >>> PS Off topic, but it would also be useful to have a library that=20 >>> overrides the state dump display. For example using Xcode you can=20 >>> always display a stack frame from the exception handler. >>> >>> >>>> Thanks, >>>> Tom >>>> >>>>> Thanks, >>>>> Ray >>>>>> -----Original Message----- >>>>>> From: Tom Lendacky >>>>> > >>>>>> Sent: Saturday, May 9, 2020 3:16 AM >>>>>> To: devel@edk2.groups.io >>>>>> Cc: Justen, Jordan L >>>>> >; Laszlo Ersek >>>>> >; Ard Biesheuvel >>>>>> >;=20 >>>>>> Kinney, Michael D >>>>> >; Gao, Liming=20 >>>>>> >; Dong, >>>>>> Eric >; Ni, Ray=20 >>>>>> >; Brijesh Singh=20 >>>>>> >; You, Benjam= in >>>>>> >; Bi, Danda= n=20 >>>>>> >; Dong, Guo=20 >>>>>> >; Wu, Hao A >>>>>> >; Wang, Jian J=20 >>>>>> >; Ma, Maurice= = =20 >>>>>> > >>>>>> Subject: Re: [PATCH v7 00/43] SEV-ES guest support >>>>>> >>>>>> I was able to use the pull request method that Laszlo documented an= d=20 >>>>>> fixed >>>>>> up all of the issues identified by the VS compiler. >>>>>> >>>>>> An additional change I'm planning to make for the next version (v8)= = =20 >>>>>> of the >>>>>> patches is to create a NULL library instance of the VmgExitLib that= = =20 >>>>>> will >>>>>> also include the #VC handler function. This will reduce the amount= =20 >>>>>> of code >>>>>> associated with this feature for platforms that don't use/support= =20 >>>>>> SEV-ES. >>>>>> >>>>>> Laszlo, this will mean that I will introduce a version of the=20 >>>>>> VmgExitLib >>>>>> under OvmfPkg that will provide the majority of the functionality= =20 >>>>>> that is >>>>>> present today in UefiCpuPkg. In essence, the functionality in v7=20 >>>>>> patches 8 >>>>>> and 11 - 25 will now live under OvmfPkg instead of UefiCpuPkg. I th= ink >>>>>> this is the better way to do this. Let me know if you have any=20 >>>>>> concerns. >>>>>> >>>>>> Thanks, >>>>>> Tom >>>>>> >>>>>> On 4/22/20 12:41 PM, Tom Lendacky wrote: >>>>>>> This patch series provides support for running EDK2/OVMF under SEV= -ES. >>>>>>> >>>>>>> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands= = =20 >>>>>>> on the >>>>>>> SEV support to protect the guest register state from the=20 >>>>>>> hypervisor. See >>>>>>> "AMD64 Architecture Programmer's Manual Volume 2: System Programmi= ng", >>>>>>> section "15.35 Encrypted State (SEV-ES)" [1]. >>>>>>> >>>>>>> In order to allow a hypervisor to perform functions on behalf of a= = =20 >>>>>>> guest, >>>>>>> there is architectural support for notifying a guest's operating= =20 >>>>>>> system >>>>>>> when certain types of VMEXITs are about to occur. This allows the= =20 >>>>>>> guest to >>>>>>> selectively share information with the hypervisor to satisfy the= =20 >>>>>>> requested >>>>>>> function. The notification is performed using a new exception, the= VMM >>>>>>> Communication exception (#VC). The information is shared through t= he >>>>>>> Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT=20 >>>>>>> instruction. >>>>>>> The GHCB format and the protocol for using it is documented in "SE= V-ES >>>>>>> Guest-Hypervisor Communication Block Standardization" [2]. >>>>>>> >>>>>>> The main areas of the EDK2 code that are updated to support SEV-ES= are >>>>>>> around the exception handling support and the AP boot support. >>>>>>> >>>>>>> Exception support is required starting in Sec, continuing through = Pei >>>>>>> and into Dxe in order to handle #VC exceptions that are generated.= = =20 >>>>>>> =A0Each >>>>>>> AP requires it's own GHCB page as well as a page to hold values=20 >>>>>>> specific >>>>>>> to that AP. >>>>>>> >>>>>>> AP booting poses some interesting challenges. The INIT-SIPI-SIPI= =20 >>>>>>> sequence >>>>>>> is typically used to boot the APs. However, the hypervisor is not= =20 >>>>>>> allowed >>>>>>> to update the guest registers. The GHCB document [2] talks about= =20 >>>>>>> how SMP >>>>>>> booting under SEV-ES is performed. >>>>>>> >>>>>>> Since the GHCB page must be a shared (unencrypted) page, the proce= ssor >>>>>>> must be running in long mode in order for the guest and hypervisor= to >>>>>>> communicate with each other. As a result, SEV-ES is only supported= = =20 >>>>>>> under >>>>>>> the X64 architecture. >>>>>>> >>>>>>> [1]https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%= 2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=3D02%7C01= %7Cthomas.lendacky%40amd.com%7Cf5d7875dfcf54e45c42208d7f3e4676b%7C3dd8961fe= 4884e608e11a82d994e183d%7C0%7C0%7C637246036118033165&sdata=3DH74fQl1n2s= XzCMSoGm1tGOKc5epMtVkGJFCidwLMl5c%3D&reserved=3D0=20 >>>>>>> =20 >>>>>>> >>>>>>> [2]https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%= 2F%2Fdeveloper.amd.com%2Fwp-content%2Fresources%2F56421.pdf&data=3D02%7= C01%7Cthomas.lendacky%40amd.com%7Cf5d7875dfcf54e45c42208d7f3e4676b%7C3dd896= 1fe4884e608e11a82d994e183d%7C0%7C0%7C637246036118033165&sdata=3DEwW9575= nJMaWxizo2XrLHjrbUMJIB0WFTDLjwy%2BM%2F4k%3D&reserved=3D0=20 >>>>>>> =20 >>>>>>> >>>>>>> >>>>>>> --- >>>>>>> >>>>>>> These patches are based on commit: >>>>>>> be7295b36405 (".python/SpellCheck: Increase SpellCheck plugin max= =20 >>>>>>> failures") >>>>>>> >>>>>>> Proper execution of SEV-ES relies on Bugzilla 2340 being fixed. >>>>>>> >>>>>>> A version of the tree (with an extra patch to workaround Bugzilla= =20 >>>>>>> 2340) can >>>>>>> be found at: >>>>>>> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%= 2Fgithub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es-v14&data=3D02%7C01%7Cthoma= s.lendacky%40amd.com%7Cf5d7875dfcf54e45c42208d7f3e4676b%7C3dd8961fe4884e608= e11a82d994e183d%7C0%7C0%7C637246036118033165&sdata=3DU8fIzb%2F4A8WBaiVb= ScxUuGDw22kyxxnRP5olSyTedvE%3D&reserved=3D0=20 >>>>>>> =20 >>>>>>> >>>>>>> >>>>>>> Cc: Ard Biesheuvel >>>>>> > >>>>>>> Cc: Benjamin You >>>>>> > >>>>>>> Cc: Dandan Bi > >>>>>>> Cc: Eric Dong > >>>>>>> Cc: Guo Dong > >>>>>>> Cc: Hao A Wu > >>>>>>> Cc: Jian J Wang > >>>>>>> Cc: Jordan Justen >>>>>> > >>>>>>> Cc: Laszlo Ersek > >>>>>>> Cc: Liming Gao = > >>>>>>> Cc: Maurice Ma = > >>>>>>> Cc: Michael D Kinney >>>>>> > >>>>>>> Cc: Ray Ni > >>>>>>> >>>>>>> Changes since v6: >>>>>>> - Add function comments to all functions, including local function= s >>>>>>> - Add function parameter direction to all functions (in/out) >>>>>>> - Add support for MMIO MOVZX/MOVSX instructions >>>>>>> - Ensure the per-CPU variable page remains encrypted >>>>>>> - Coding-style fixes as identified by Ecc >>>>>>> >>>>>>> Changes since v5: >>>>>>> - Remove extraneous VmgExitLib usage >>>>>>> - Miscellaneous changes to address feedback (coding style, etc.) >>>>>>> >>>>>>> Changes since v4: >>>>>>> - Move the SEV-ES protocol negotiation out of the SEC exception=20 >>>>>>> handler >>>>>>> =A0=A0=A0and into the SecMain.c file. As a result: >>>>>>> =A0=A0=A0- Move the SecGhcb related PCDs out of UefiCpuPkg and int= o OvmfPkg >>>>>>> =A0=A0=A0- Combine SecAMDSevVcHandler.c and PeiDxeAMDSevVcHandler.= c into a >>>>>>> =A0=A0=A0=A0=A0single AMDSevVcHandler.c >>>>>>> - Consolidate VmgExitLib usage into common LibraryClasses sections >>>>>>> - Add documentation comments to the VmgExitLib functions >>>>>>> >>>>>>> Changes since v3: >>>>>>> - Remove the need for the MP library finalization routine. The AP >>>>>>> =A0=A0=A0jump table address will be held by the hypervisor rather = than >>>>>>> =A0=A0=A0communicated via the GHCB MSR. This removes some fragilit= y around >>>>>>> =A0=A0=A0the UEFI to OS transition. >>>>>>> - Rename the SEV-ES RIP reset area to SEV-ES workarea and use it t= o >>>>>>> =A0=A0=A0communicate the SEV-ES status, so that SEC CPU exception= =20 >>>>>>> handling is >>>>>>> =A0=A0=A0only established for an SEV-ES guest. >>>>>>> - Fix SMM build breakageAdd around QemuFlashPtrWrite(). >>>>>>> - Fix SMM build breakage by adding VC exception support the SMM CP= U >>>>>>> =A0=A0=A0exception handling. >>>>>>> - Add memory fencing around the invocation of AsmVmgExit(). >>>>>>> - Clarify comments around the SEV-ES AP reset RIP values and usage= . >>>>>>> - Move some PCD definitions from MdeModulePkg to UefiCpuPkg. >>>>>>> - Remove the 16-bit code selector definition from MdeModulePkg >>>>>>> >>>>>>> Changes since v2: >>>>>>> - Added a way to locate the SEV-ES fixed AP RIP address for starti= ng >>>>>>> =A0=A0=A0AP's to avoid updating the actual flash image (build time= location >>>>>>> =A0=A0=A0that is identified with a GUID value). >>>>>>> - Create a VmgExit library to replace static inline functions. >>>>>>> - Move some PCDs to the appropriate packages >>>>>>> - Add support for writing to QEMU flash under SEV-ES >>>>>>> - Add additional MMIO opcode support >>>>>>> - Cleaned up the GHCB MSR CPUID protocol support >>>>>>> >>>>>>> Changes since v1: >>>>>>> - Patches reworked to be more specific to the component/area being= = =20 >>>>>>> updated >>>>>>> =A0=A0=A0and order of definition/usage >>>>>>> - Created a library for VMGEXIT-related functions to replace use o= f=20 >>>>>>> inline >>>>>>> =A0=A0=A0functions >>>>>>> - Allocation method for GDT changed from AllocatePool to AllocateP= ages >>>>>>> - Early caching only enabled for SEV-ES guests >>>>>>> - Ensure AP loop mode set to halt loop mode for SEV-ES guests >>>>>>> - Reserved SEC GHCB-related memory areas when S3 is enabled >>>>>>> >>>>>>> Tom Lendacky (43): >>>>>>> =A0=A0=A0MdeModulePkg: Create PCDs to be used in support of SEV-ES >>>>>>> =A0=A0=A0UefiCpuPkg: Create PCD to be used in support of SEV-ES >>>>>>> =A0=A0=A0MdePkg: Add the MSR definition for the GHCB register >>>>>>> =A0=A0=A0MdePkg: Add a structure definition for the GHCB >>>>>>> =A0=A0=A0MdeModulePkg/DxeIplPeim: Support GHCB pages when creating= page=20 >>>>>>> tables >>>>>>> =A0=A0=A0MdePkg/BaseLib: Add support for the XGETBV instruction >>>>>>> =A0=A0=A0MdePkg/BaseLib: Add support for the VMGEXIT instruction >>>>>>> =A0=A0=A0UefiCpuPkg: Implement library support for VMGEXIT >>>>>>> =A0=A0=A0OvmfPkg: Prepare OvmfPkg to use the VmgExitLib library >>>>>>> =A0=A0=A0UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExit= Lib=20 >>>>>>> library >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add base support for the = #VC=20 >>>>>>> exception >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT= NAE=20 >>>>>>> events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Support string IO for IOI= O_PROT NAE >>>>>>> =A0=A0=A0=A0=A0events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for CPUID NAE= events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT = NAE events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE e= vents=20 >>>>>>> (MMIO) >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NA= E events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC NAE= events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC NAE= events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for INVD NAE = events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL N= AE events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP NA= E events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for MONITOR/M= ONITORX=20 >>>>>>> NAE >>>>>>> =A0=A0=A0=A0=A0events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWA= ITX NAE >>>>>>> =A0=A0=A0=A0=A0events >>>>>>> =A0=A0=A0UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/= Write NAE >>>>>>> =A0=A0=A0=A0=A0events >>>>>>> =A0=A0=A0OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator f= unction >>>>>>> =A0=A0=A0OvmfPkg: Add support to perform SEV-ES initialization >>>>>>> =A0=A0=A0OvmfPkg: Create a GHCB page for use during Sec phase >>>>>>> =A0=A0=A0OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is = supported >>>>>>> =A0=A0=A0OvmfPkg: Create GHCB pages for use during Pei and Dxe pha= se >>>>>>> =A0=A0=A0OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES = is enabled >>>>>>> =A0=A0=A0UefiCpuPkg: Create an SEV-ES workarea PCD >>>>>>> =A0=A0=A0OvmfPkg: Reserve a page in memory for the SEV-ES usage >>>>>>> =A0=A0=A0OvmfPkg/ResetVector: Add support for a 32-bit SEV check >>>>>>> =A0=A0=A0OvmfPkg/Sec: Add #VC exception handling for Sec phase >>>>>>> =A0=A0=A0OvmfPkg/Sec: Enable cache early to speed up booting >>>>>>> =A0=A0=A0OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash dete= ction with >>>>>>> =A0=A0=A0=A0=A0SEV-ES is enabled >>>>>>> =A0=A0=A0UefiCpuPkg: Add a 16-bit protected mode code segment desc= riptor >>>>>>> =A0=A0=A0UefiCpuPkg/MpInitLib: Add CPU MP data flag to indicate if= SEV-ES is >>>>>>> =A0=A0=A0=A0=A0enabled >>>>>>> =A0=A0=A0UefiCpuPkg: Allow AP booting under SEV-ES >>>>>>> =A0=A0=A0OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset= vector >>>>>>> =A0=A0=A0OvmfPkg: Move the GHCB allocations into reserved memory >>>>>>> =A0=A0=A0UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use >>>>>>> >>>>>>> =A0=A0MdeModulePkg/MdeModulePkg.dec =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0| =A0=A0=A09 + >>>>>>> =A0=A0OvmfPkg/OvmfPkg.dec =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A09 + >>>>>>> =A0=A0UefiCpuPkg/UefiCpuPkg.dec =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A017 + >>>>>>> =A0=A0OvmfPkg/OvmfPkgIa32.dsc =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A06 + >>>>>>> =A0=A0OvmfPkg/OvmfPkgIa32X64.dsc =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A06 + >>>>>>> =A0=A0OvmfPkg/OvmfPkgX64.dsc =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A06 + >>>>>>> =A0=A0OvmfPkg/OvmfXen.dsc =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A01 + >>>>>>> =A0=A0UefiCpuPkg/UefiCpuPkg.dsc =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A02 + >>>>>>> =A0=A0UefiPayloadPkg/UefiPayloadPkgIa32.dsc =A0=A0=A0=A0=A0=A0=A0= =A0| =A0=A0=A02 + >>>>>>> =A0=A0UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc =A0=A0=A0=A0=A0| = =A0=A0=A02 + >>>>>>> =A0=A0OvmfPkg/OvmfPkgX64.fdf =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A09 + >>>>>>> =A0=A0MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf =A0=A0=A0=A0=A0=A0| = = =A0=A0=A02 + >>>>>>> =A0=A0MdePkg/Library/BaseLib/BaseLib.inf =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0| =A0=A0=A04 + >>>>>>> =A0=A0OvmfPkg/PlatformPei/PlatformPei.inf =A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0| =A0=A0=A07 + >>>>>>> =A0=A0.../FvbServicesRuntimeDxe.inf =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0| =A0=A0=A02 + >>>>>>> =A0=A0OvmfPkg/ResetVector/ResetVector.inf =A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0| =A0=A0=A08 + >>>>>>> =A0=A0OvmfPkg/Sec/SecMain.inf =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A04 + >>>>>>> =A0=A0.../DxeCpuExceptionHandlerLib.inf =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0| =A0=A0=A05 + >>>>>>> =A0=A0.../PeiCpuExceptionHandlerLib.inf =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0| =A0=A0=A05 + >>>>>>> =A0=A0.../SecPeiCpuExceptionHandlerLib.inf =A0=A0=A0=A0=A0=A0=A0= =A0=A0| =A0=A0=A05 + >>>>>>> =A0=A0.../SmmCpuExceptionHandlerLib.inf =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0| =A0=A0=A05 + >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | =A0=A0=A04 + >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | =A0=A0=A04 + >>>>>>> =A0=A0UefiCpuPkg/Library/VmgExitLib/VmgExitLib.inf =A0| =A0=A033 + >>>>>>> =A0=A0.../Core/DxeIplPeim/X64/VirtualMemory.h =A0=A0=A0=A0=A0=A0| = = =A0=A012 +- >>>>>>> =A0=A0MdePkg/Include/Library/BaseLib.h =A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0| =A0=A031 + >>>>>>> =A0=A0MdePkg/Include/Register/Amd/Fam17Msr.h =A0=A0=A0=A0=A0=A0=A0= | =A0=A042 + >>>>>>> =A0=A0MdePkg/Include/Register/Amd/Ghcb.h =A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0| =A0136 ++ >>>>>>> =A0=A0OvmfPkg/Include/Library/MemEncryptSevLib.h =A0=A0=A0| =A0=A0= 12 + >>>>>>> =A0=A0.../QemuFlash.h =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A013 + >>>>>>> =A0=A0UefiCpuPkg/CpuDxe/CpuGdt.h =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A04 +- >>>>>>> =A0=A0UefiCpuPkg/Include/Library/VmgExitLib.h =A0=A0=A0=A0=A0=A0| = = =A0117 ++ >>>>>>> =A0=A0.../CpuExceptionHandlerLib/AMDSevVcCommon.h =A0=A0| =A0=A049= + >>>>>>> =A0=A0.../CpuExceptionCommon.h =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A02 + >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/MpLib.h =A0=A0=A0=A0=A0=A0=A0= =A0=A0| =A0=A068 +- >>>>>>> =A0=A0.../Core/DxeIplPeim/Ia32/DxeLoadFunc.c =A0=A0=A0=A0=A0=A0=A0= | =A0=A0=A04 +- >>>>>>> =A0=A0.../Core/DxeIplPeim/X64/DxeLoadFunc.c =A0=A0=A0=A0=A0=A0=A0= =A0| =A0=A011 +- >>>>>>> =A0=A0.../Core/DxeIplPeim/X64/VirtualMemory.c =A0=A0=A0=A0=A0=A0| = = =A0=A057 +- >>>>>>> =A0=A0MdePkg/Library/BaseLib/Ia32/GccInline.c =A0=A0=A0=A0=A0=A0| = = =A0=A045 + >>>>>>> =A0=A0MdePkg/Library/BaseLib/X64/GccInline.c =A0=A0=A0=A0=A0=A0=A0= | =A0=A047 + >>>>>>> =A0=A0.../MemEncryptSevLibInternal.c =A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0| =A0=A075 +- >>>>>>> =A0=A0OvmfPkg/PlatformPei/AmdSev.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0| =A0=A089 + >>>>>>> =A0=A0OvmfPkg/PlatformPei/MemDetect.c =A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0| =A0=A023 + >>>>>>> =A0=A0.../QemuFlash.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A023 +- >>>>>>> =A0=A0.../QemuFlashDxe.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A022 + >>>>>>> =A0=A0.../QemuFlashSmm.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A016 + >>>>>>> =A0=A0OvmfPkg/Sec/SecMain.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0188 +- >>>>>>> =A0=A0UefiCpuPkg/CpuDxe/CpuGdt.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A08 +- >>>>>>> =A0=A0.../CpuExceptionHandlerLib/AMDSevVcHandler.c =A0| =A0=A040 + >>>>>>> =A0=A0.../CpuExceptionCommon.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A0=A02 +- >>>>>>> =A0=A0.../Ia32/ArchAMDSevVcHandler.c =A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0| =A0=A038 + >>>>>>> =A0=A0.../PeiDxeSmmCpuException.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0| =A0=A016 + >>>>>>> =A0=A0.../SecPeiCpuException.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A016 + >>>>>>> =A0=A0.../X64/ArchAMDSevVcHandler.c =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0| 1699=20 >>>>>>> +++++++++++++++++ >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/DxeMpLib.c =A0=A0=A0=A0=A0=A0| = = =A0113 +- >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/MpLib.c =A0=A0=A0=A0=A0=A0=A0= =A0=A0| =A0265 ++- >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/PeiMpLib.c =A0=A0=A0=A0=A0=A0| = = =A0=A019 + >>>>>>> =A0=A0UefiCpuPkg/Library/VmgExitLib/VmgExitLib.c =A0=A0=A0| =A0293= +++ >>>>>>> =A0=A0UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c =A0| =A0=A0=A02= +- >>>>>>> =A0=A0MdeModulePkg/MdeModulePkg.uni =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0=A0=A0| =A0=A0=A08 + >>>>>>> =A0=A0MdePkg/Library/BaseLib/Ia32/VmgExit.nasm =A0=A0=A0=A0=A0| = =A0=A037 + >>>>>>> =A0=A0MdePkg/Library/BaseLib/Ia32/XGetBv.nasm =A0=A0=A0=A0=A0=A0| = = =A0=A031 + >>>>>>> =A0=A0MdePkg/Library/BaseLib/X64/VmgExit.nasm =A0=A0=A0=A0=A0=A0| = = =A0=A032 + >>>>>>> =A0=A0MdePkg/Library/BaseLib/X64/XGetBv.nasm =A0=A0=A0=A0=A0=A0=A0= | =A0=A034 + >>>>>>> =A0=A0OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm =A0| =A0100 + >>>>>>> =A0=A0OvmfPkg/ResetVector/Ia32/PageTables64.asm =A0=A0=A0=A0| =A03= 50 +++- >>>>>>> =A0=A0OvmfPkg/ResetVector/ResetVector.nasmb =A0=A0=A0=A0=A0=A0=A0= =A0| =A0=A020 + >>>>>>> =A0=A0.../X64/ExceptionHandlerAsm.nasm =A0=A0=A0=A0=A0=A0=A0=A0=A0= = =A0=A0=A0=A0| =A0=A017 + >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc =A0=A0| =A0=A0= =A02 +- >>>>>>> =A0=A0.../Library/MpInitLib/Ia32/MpFuncs.nasm =A0=A0=A0=A0=A0=A0| = = =A0=A015 + >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc =A0=A0=A0| =A0=A0= = =A04 +- >>>>>>> =A0=A0UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | =A0370 +++- >>>>>>> =A0=A0UefiCpuPkg/Library/VmgExitLib/VmgExitLib.uni =A0| =A0=A015 + >>>>>>> =A0=A0.../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm =A0| =A0=A0=A09= + >>>>>>> =A0=A0UefiCpuPkg/UefiCpuPkg.uni =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0| =A0=A011 + >>>>>>> =A0=A075 files changed, 4707 insertions(+), 102 deletions(-) >>>>>>> =A0=A0create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.= inf >>>>>>> =A0=A0create mode 100644 MdePkg/Include/Register/Amd/Ghcb.h >>>>>>> =A0=A0create mode 100644 UefiCpuPkg/Include/Library/VmgExitLib.h >>>>>>> =A0=A0create mode 100644=20 >>>>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h >>>>>>> =A0=A0create mode 100644=20 >>>>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcHandler.c >>>>>>> =A0=A0create mode 100644=20 >>>>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ArchAMDSevVcHandler= .c >>>>>>> =A0=A0create mode 100644=20 >>>>>>> UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSevVcHandler.= c >>>>>>> =A0=A0create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.= c >>>>>>> =A0=A0create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExit.nasm >>>>>>> =A0=A0create mode 100644 MdePkg/Library/BaseLib/Ia32/XGetBv.nasm >>>>>>> =A0=A0create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm >>>>>>> =A0=A0create mode 100644 MdePkg/Library/BaseLib/X64/XGetBv.nasm >>>>>>> =A0=A0create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.= asm >>>>>>> =A0=A0create mode 100644 UefiCpuPkg/Library/VmgExitLib/VmgExitLib.= uni >>>>>>> >>>> >>>>=20 >>>