From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.48]) by mx.groups.io with SMTP id smtpd.web10.47411.1624283858389813809 for ; Mon, 21 Jun 2021 06:57:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Q7H+jg0c; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.48, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fKkByn1qvGRQ73ve9YREoU67Edoe7qP0KCF8jGqxa7B28HNWo5QBwOo84xbtQKhwm5tRVIISooqne31fIPOYMcs9SNkc1Rd6zRJmPV4cLW9dIfCqeWibSvp2zSH3T2UgT423UO+y9P4ZEJo2Dywayx8+CSfw4bsNWeq7bvLlZcrD3KqoVpdjQZ4XNFTqNCoEi3ayXnlmJhij8dom9V6ZCVbg8P0rrjYjB5akns+xFsX/YuGyzFUP9wwuvxnX6DxhAx1SKDGuL5dJ17wHi5WIoRI/fysyakEE6+sBzy1Irc04cNgQhh2yYJyjP8zY7PCd/YUG8u+bjXgrm/lkpTPNUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pj+T23vRP2RRj0JLDBl6yXOoMaD9gar4LRqW0xkUO3A=; b=I9eMIFd/tQ8FdroDPM66TEZ1mR9Z0bNfwdU7m2qZRqra+h1sd2yEUyhoKgHi3nZFDPeZtSkuVQL3LEtPQZk7xVUTmJP1BNURY8W7CIeVPyXIUQWvtewc54346n3OtcEmu1MuO9M40EiNZDXOg7C09ERBHEn1LFyWyqJmSbR4dJrDruZoCoyoj38qEG1z1vNYFOQpf5t23X8X2+cUy0yUBv78axWaQSbY33+FuYGEJYXIK10Jx2ZvSJX9KmzJEcGpa7j4sGOwtrXmOuukRiJP9Fgz51/w8HBY8gZ3pHvhz+Oxs1NEKVaore5NPyHEEKoMGxx0hY1Yedw6FXSNor6hmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pj+T23vRP2RRj0JLDBl6yXOoMaD9gar4LRqW0xkUO3A=; b=Q7H+jg0ciTuVdGBqR/Hs77Biw2ZzvjwzYvIWGDwOic/j1dGnhq67Y8BB+HRXVdIbdvfrGr9jevaxNjB4Qc3YjX4vn7mH56TuEvSlTduG24oJtOuxSt9HkgYe9Kg/EqLyNbDCFQ1//fLpI4mfnq50clhB/80GOpSYrhZpU45SeQY= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2781.namprd12.prod.outlook.com (2603:10b6:805:67::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.23; Mon, 21 Jun 2021 13:57:36 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::958d:2e44:518c:744c%7]) with mapi id 15.20.4242.023; Mon, 21 Jun 2021 13:57:36 +0000 From: "Ashish Kalra" To: devel@edk2.groups.io Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: [PATCH v4 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Date: Mon, 21 Jun 2021 13:57:27 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0701CA0046.namprd07.prod.outlook.com (2603:10b6:803:2d::33) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: Ashish.Kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0701CA0046.namprd07.prod.outlook.com (2603:10b6:803:2d::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.16 via Frontend Transport; Mon, 21 Jun 2021 13:57:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cd7bbf02-131f-4cf2-eb36-08d934bc8668 X-MS-TrafficTypeDiagnostic: SN6PR12MB2781: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: B5jwkpBdl1Juk9bHXQDavgT6SYXD1BchOLRSsV5NWD6UaYXoUVwJzhLCkFsr/3S+z+POmeMY46Xsoq9O5VKrClzS2iPZovJOt7gu4Xz1a9mUthyAJ029+Q6J7fiwdH0qJRT8HiJ0+ZqJxSqZ8QXvk+yKK35WooTVarNZrDacQYOsrlHwEa5KGGKK84NByyThv4t38bc5WbnThr9V6GMDxNV0rdlVrwpzI2YQZ0UignYAJrgVn5ti/6/3spJDfmx2GhwU1Sje+W4qYSCa/Ph4va3SX2ub2l21mJn20SX20P8ADS2LFInL79Qbqd91JMWYo9yZppPY/irDNdF+aEDbWyFLTsDBjzJJMMLk7+XMmQ/jjIE5SGHDaqaZQYeVL3Rk8s2ajDvPubUP0FirknfY/3ZDJS+T8MSy36UV1w6xXUiHsmDBpLm9/QxE44zXsHXbdxtle78Vt4I682DO8qUHPLCFQLHhbeyjwO+IhKmGPDYRrVt6EffXpMEty0Tc9eg0rE9n+IHeLWgUTaxMMmsCaMfn26OjXjWOjeNnAGAyFaFJocS2vSQhpUBEEFNg9nEgFIadANS7uYbnbwAOCT0lVBSUuEjUXqM33UeHbHfgHEwiQIRNcKhPpDeYCiQmyJq0uzpOUlZ++ooDW/UEFgjyztNi9qTixkz4ZvpmIbxOet0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(346002)(396003)(366004)(136003)(66556008)(66476007)(5660300002)(86362001)(7696005)(66946007)(2616005)(2906002)(38100700002)(38350700002)(956004)(6486002)(36756003)(52116002)(8936002)(26005)(4326008)(6666004)(478600001)(16526019)(186003)(8676002)(6916009)(19627235002)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?VQfIFc42+Pz6aqmo5EgITqE4yWMCgMX9NEgiIfxAvSiOy+ZjQ4g7duVjaFB8?= =?us-ascii?Q?YBMyZIJHHiDPw4t4wMaA8E2+dOJD66wcIGLREaEWMYdLtHF4Gd79iTgI+/Yo?= =?us-ascii?Q?Vx9bEbq2JVqLQcXyqUCMymE7XTiaDfhsosC3fBIh0poBkLyk/czXJdA9wzqE?= =?us-ascii?Q?a14cWAftYD/4phbazSJqJ1nbFDWPqMyw8i9P3leS1XVSNrANW6mhcD4ZEnkG?= =?us-ascii?Q?Tj9hQdvNSiEovuukg4GupdX3qbxqp690y7hzFPMw84aiTtuy3HkG3dCnHlB/?= =?us-ascii?Q?SBM2f0CIfwYggjy0xZICEurp7mLGEDLX9WCyxWS67CSBOrT4qdADYKaNi89z?= =?us-ascii?Q?wCDs+aKCOsLtSjmoIivhqTuOUybpgzzgzEMTpozKmara2p+GdK6/9PqzcuT8?= =?us-ascii?Q?6PSkiRrvQbeWTKie0ZuVxX4Js2OYOpsG9nwdsmTdwQeaaOBIj9YKa4V55Pki?= =?us-ascii?Q?CBr7clVXxdXsfHpY/tAOWe2w0tPNZONVrOyO1PM/vt/pkNktl7J/ebHXYU7W?= =?us-ascii?Q?erTbKe7zTLxXN6BeP9TYNYQqoM1iEU/BrdJ3wY2ziX+MIOLXo72lnR1MiXZr?= =?us-ascii?Q?ufl+D005TyKZC0k7FJiTJfPbHRgYf4nB4lzJKiFTSdq+Vj3rbGtxIzKkjYwz?= =?us-ascii?Q?Ivsl9KlOjrDm0tGHicO9l7AULgRw1iYrTUkkxLR7EIS+rWA8Mbu/O9apYLG3?= =?us-ascii?Q?OSt1fch8JyN4OnNTuHJOMZzMmCr1B31dlBpNcGoHi3ZFwd/+pUPd1LyZY1HO?= =?us-ascii?Q?EukVF4kYU03IZAe3YBe2NAGQVSO6N4RRyN7ZJkOKZXUvUNogKgQNLNKfzRNJ?= =?us-ascii?Q?nQ0erSNGSay1nnP+XFp4HSm/rmySnaXkYosAlkYRk7Uq3UYFyAtdTCPtWgKj?= =?us-ascii?Q?L+X2WLFtV8kn0HJJNSRKnvjfU9A9/6ofQZgLS/i3CWFBfwZPmgCDKJUfSmUb?= =?us-ascii?Q?NPACsx0BBGCoZKwzh+jKw068oXdLWCqkaDJJcMm+JGb1JvbmJmOeWH1+PbSh?= =?us-ascii?Q?q4M6f9+SWfDruzZLG4FLkpXHqsdNWKygRT1s7/TfGcesu+1P0LXTi53+7X84?= =?us-ascii?Q?jU95j36IMY6BJOtgelZMCQNyz5xSI/ykcdV/JbY5YZuaQpgEaf4PiAl7JEpc?= =?us-ascii?Q?+n7usGyt+xjBQXIY19/0TupKL8oIBoREGkxe0P7rdxEOmJWkWgL8qi7UpLTZ?= =?us-ascii?Q?b5GGJpNMcKsrlegh55WGMBHwG85qXfrxmBXk+759haOSOxLosRaVFKEa98S1?= =?us-ascii?Q?DL72vn5SDohbzJiTlq+fejVg5l8dADi8i3Y4nll45BEySac9uUviLfaEaMtO?= =?us-ascii?Q?ffBWMMbMDpWBY6rc1zJctVnU?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd7bbf02-131f-4cf2-eb36-08d934bc8668 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2021 13:57:36.5413 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6mDVb6GUeOQk87JJVZqPk1x4+FIIi4+ORPOzPNqJGSsdBC+D+XLcj4paq3Rd3YLOGKTHC9IpbEc8OMjlz9VDoQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2781 Content-Type: text/plain From: Ashish Kalra Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor page status tracking. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..3f642ecb06 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,15 @@ AmdSevEsInitialize ( PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + // + // GHCB_BASE setup during reset-vector needs to be marked as + // decrypted in the hypervisor page encryption bitmap. + // + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), + KVM_MAP_GPA_RANGE_DECRYPTED + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition -- 2.17.1