From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.48])
 by mx.groups.io with SMTP id smtpd.web10.47411.1624283858389813809
 for <devel@edk2.groups.io>;
 Mon, 21 Jun 2021 06:57:38 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=Q7H+jg0c;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.48, mailfrom: ashish.kalra@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=fKkByn1qvGRQ73ve9YREoU67Edoe7qP0KCF8jGqxa7B28HNWo5QBwOo84xbtQKhwm5tRVIISooqne31fIPOYMcs9SNkc1Rd6zRJmPV4cLW9dIfCqeWibSvp2zSH3T2UgT423UO+y9P4ZEJo2Dywayx8+CSfw4bsNWeq7bvLlZcrD3KqoVpdjQZ4XNFTqNCoEi3ayXnlmJhij8dom9V6ZCVbg8P0rrjYjB5akns+xFsX/YuGyzFUP9wwuvxnX6DxhAx1SKDGuL5dJ17wHi5WIoRI/fysyakEE6+sBzy1Irc04cNgQhh2yYJyjP8zY7PCd/YUG8u+bjXgrm/lkpTPNUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Pj+T23vRP2RRj0JLDBl6yXOoMaD9gar4LRqW0xkUO3A=;
 b=I9eMIFd/tQ8FdroDPM66TEZ1mR9Z0bNfwdU7m2qZRqra+h1sd2yEUyhoKgHi3nZFDPeZtSkuVQL3LEtPQZk7xVUTmJP1BNURY8W7CIeVPyXIUQWvtewc54346n3OtcEmu1MuO9M40EiNZDXOg7C09ERBHEn1LFyWyqJmSbR4dJrDruZoCoyoj38qEG1z1vNYFOQpf5t23X8X2+cUy0yUBv78axWaQSbY33+FuYGEJYXIK10Jx2ZvSJX9KmzJEcGpa7j4sGOwtrXmOuukRiJP9Fgz51/w8HBY8gZ3pHvhz+Oxs1NEKVaore5NPyHEEKoMGxx0hY1Yedw6FXSNor6hmQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Pj+T23vRP2RRj0JLDBl6yXOoMaD9gar4LRqW0xkUO3A=;
 b=Q7H+jg0ciTuVdGBqR/Hs77Biw2ZzvjwzYvIWGDwOic/j1dGnhq67Y8BB+HRXVdIbdvfrGr9jevaxNjB4Qc3YjX4vn7mH56TuEvSlTduG24oJtOuxSt9HkgYe9Kg/EqLyNbDCFQ1//fLpI4mfnq50clhB/80GOpSYrhZpU45SeQY=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23)
 by SN6PR12MB2781.namprd12.prod.outlook.com (2603:10b6:805:67::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.23; Mon, 21 Jun
 2021 13:57:36 +0000
Received: from SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::958d:2e44:518c:744c]) by SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::958d:2e44:518c:744c%7]) with mapi id 15.20.4242.023; Mon, 21 Jun 2021
 13:57:36 +0000
From: "Ashish Kalra" <ashish.kalra@amd.com>
To: devel@edk2.groups.io
Cc: brijesh.singh@amd.com,
	Thomas.Lendacky@amd.com,
	jejb@linux.ibm.com,
	erdemaktas@google.com,
	jiewen.yao@intel.com,
	min.m.xu@intel.com,
	lersek@redhat.com,
	jordan.l.justen@intel.com,
	ard.biesheuvel@arm.com
Subject: [PATCH v4 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall
Date: Mon, 21 Jun 2021 13:57:27 +0000
Message-Id: <f1cdfd9926364f9997d9608ccf015987825ba504.1624281247.git.ashish.kalra@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <cover.1624281247.git.ashish.kalra@amd.com>
References: <cover.1624281247.git.ashish.kalra@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SN4PR0701CA0046.namprd07.prod.outlook.com
 (2603:10b6:803:2d::33) To SN6PR12MB2767.namprd12.prod.outlook.com
 (2603:10b6:805:75::23)
Return-Path: Ashish.Kalra@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0701CA0046.namprd07.prod.outlook.com (2603:10b6:803:2d::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.16 via Frontend Transport; Mon, 21 Jun 2021 13:57:36 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: cd7bbf02-131f-4cf2-eb36-08d934bc8668
X-MS-TrafficTypeDiagnostic: SN6PR12MB2781:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SN6PR12MB27810852D658ED565F85F8DA8E0A9@SN6PR12MB2781.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6430;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	B5jwkpBdl1Juk9bHXQDavgT6SYXD1BchOLRSsV5NWD6UaYXoUVwJzhLCkFsr/3S+z+POmeMY46Xsoq9O5VKrClzS2iPZovJOt7gu4Xz1a9mUthyAJ029+Q6J7fiwdH0qJRT8HiJ0+ZqJxSqZ8QXvk+yKK35WooTVarNZrDacQYOsrlHwEa5KGGKK84NByyThv4t38bc5WbnThr9V6GMDxNV0rdlVrwpzI2YQZ0UignYAJrgVn5ti/6/3spJDfmx2GhwU1Sje+W4qYSCa/Ph4va3SX2ub2l21mJn20SX20P8ADS2LFInL79Qbqd91JMWYo9yZppPY/irDNdF+aEDbWyFLTsDBjzJJMMLk7+XMmQ/jjIE5SGHDaqaZQYeVL3Rk8s2ajDvPubUP0FirknfY/3ZDJS+T8MSy36UV1w6xXUiHsmDBpLm9/QxE44zXsHXbdxtle78Vt4I682DO8qUHPLCFQLHhbeyjwO+IhKmGPDYRrVt6EffXpMEty0Tc9eg0rE9n+IHeLWgUTaxMMmsCaMfn26OjXjWOjeNnAGAyFaFJocS2vSQhpUBEEFNg9nEgFIadANS7uYbnbwAOCT0lVBSUuEjUXqM33UeHbHfgHEwiQIRNcKhPpDeYCiQmyJq0uzpOUlZ++ooDW/UEFgjyztNi9qTixkz4ZvpmIbxOet0=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(346002)(396003)(366004)(136003)(66556008)(66476007)(5660300002)(86362001)(7696005)(66946007)(2616005)(2906002)(38100700002)(38350700002)(956004)(6486002)(36756003)(52116002)(8936002)(26005)(4326008)(6666004)(478600001)(16526019)(186003)(8676002)(6916009)(19627235002)(316002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?VQfIFc42+Pz6aqmo5EgITqE4yWMCgMX9NEgiIfxAvSiOy+ZjQ4g7duVjaFB8?=
 =?us-ascii?Q?YBMyZIJHHiDPw4t4wMaA8E2+dOJD66wcIGLREaEWMYdLtHF4Gd79iTgI+/Yo?=
 =?us-ascii?Q?Vx9bEbq2JVqLQcXyqUCMymE7XTiaDfhsosC3fBIh0poBkLyk/czXJdA9wzqE?=
 =?us-ascii?Q?a14cWAftYD/4phbazSJqJ1nbFDWPqMyw8i9P3leS1XVSNrANW6mhcD4ZEnkG?=
 =?us-ascii?Q?Tj9hQdvNSiEovuukg4GupdX3qbxqp690y7hzFPMw84aiTtuy3HkG3dCnHlB/?=
 =?us-ascii?Q?SBM2f0CIfwYggjy0xZICEurp7mLGEDLX9WCyxWS67CSBOrT4qdADYKaNi89z?=
 =?us-ascii?Q?wCDs+aKCOsLtSjmoIivhqTuOUybpgzzgzEMTpozKmara2p+GdK6/9PqzcuT8?=
 =?us-ascii?Q?6PSkiRrvQbeWTKie0ZuVxX4Js2OYOpsG9nwdsmTdwQeaaOBIj9YKa4V55Pki?=
 =?us-ascii?Q?CBr7clVXxdXsfHpY/tAOWe2w0tPNZONVrOyO1PM/vt/pkNktl7J/ebHXYU7W?=
 =?us-ascii?Q?erTbKe7zTLxXN6BeP9TYNYQqoM1iEU/BrdJ3wY2ziX+MIOLXo72lnR1MiXZr?=
 =?us-ascii?Q?ufl+D005TyKZC0k7FJiTJfPbHRgYf4nB4lzJKiFTSdq+Vj3rbGtxIzKkjYwz?=
 =?us-ascii?Q?Ivsl9KlOjrDm0tGHicO9l7AULgRw1iYrTUkkxLR7EIS+rWA8Mbu/O9apYLG3?=
 =?us-ascii?Q?OSt1fch8JyN4OnNTuHJOMZzMmCr1B31dlBpNcGoHi3ZFwd/+pUPd1LyZY1HO?=
 =?us-ascii?Q?EukVF4kYU03IZAe3YBe2NAGQVSO6N4RRyN7ZJkOKZXUvUNogKgQNLNKfzRNJ?=
 =?us-ascii?Q?nQ0erSNGSay1nnP+XFp4HSm/rmySnaXkYosAlkYRk7Uq3UYFyAtdTCPtWgKj?=
 =?us-ascii?Q?L+X2WLFtV8kn0HJJNSRKnvjfU9A9/6ofQZgLS/i3CWFBfwZPmgCDKJUfSmUb?=
 =?us-ascii?Q?NPACsx0BBGCoZKwzh+jKw068oXdLWCqkaDJJcMm+JGb1JvbmJmOeWH1+PbSh?=
 =?us-ascii?Q?q4M6f9+SWfDruzZLG4FLkpXHqsdNWKygRT1s7/TfGcesu+1P0LXTi53+7X84?=
 =?us-ascii?Q?jU95j36IMY6BJOtgelZMCQNyz5xSI/ykcdV/JbY5YZuaQpgEaf4PiAl7JEpc?=
 =?us-ascii?Q?+n7usGyt+xjBQXIY19/0TupKL8oIBoREGkxe0P7rdxEOmJWkWgL8qi7UpLTZ?=
 =?us-ascii?Q?b5GGJpNMcKsrlegh55WGMBHwG85qXfrxmBXk+759haOSOxLosRaVFKEa98S1?=
 =?us-ascii?Q?DL72vn5SDohbzJiTlq+fejVg5l8dADi8i3Y4nll45BEySac9uUviLfaEaMtO?=
 =?us-ascii?Q?ffBWMMbMDpWBY6rc1zJctVnU?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cd7bbf02-131f-4cf2-eb36-08d934bc8668
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2021 13:57:36.5413
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 6mDVb6GUeOQk87JJVZqPk1x4+FIIi4+ORPOzPNqJGSsdBC+D+XLcj4paq3Rd3YLOGKTHC9IpbEc8OMjlz9VDoQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2781
Content-Type: text/plain

From: Ashish Kalra <ashish.kalra@amd.com>

Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor page status tracking.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022..3f642ecb06 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -15,6 +15,7 @@
 #include <Library/HobLib.h>
 #include <Library/MemEncryptSevLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include <Library/MemEncryptHypercallLib.h>
 #include <Library/PcdLib.h>
 #include <PiPei.h>
 #include <Register/Amd/Msr.h>
@@ -52,6 +53,15 @@ AmdSevEsInitialize (
   PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
   ASSERT_RETURN_ERROR (PcdStatus);
 
+  //
+  // GHCB_BASE setup during reset-vector needs to be marked as
+  // decrypted in the hypervisor page encryption bitmap.
+  //
+  SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
+    EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
+    KVM_MAP_GPA_RANGE_DECRYPTED
+    );
+
   //
   // Allocate GHCB and per-CPU variable pages.
   //   Since the pages must survive across the UEFI to OS transition
-- 
2.17.1