From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.52]) by mx.groups.io with SMTP id smtpd.web09.26031.1628529507220617164 for ; Mon, 09 Aug 2021 10:18:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=zG0UdABf; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.52, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lOLQm4mm5+czY6RhnnBmMD09Sf3Jf7vAj8OqFXVUCjE2VrIIzlfQeC/rmDau+ogsj4rMRzEFl1PAbPgApMIB/JxVKsJQhCY+SsJ0IHaUBhFvjW0QYVC9Dhr6vPKT/nwdeM6gWz7/kJcuhDr/U2pRJ5xhKFRS54dpWeqxEifAfqHiC7QjAMgzMlUAQDzZra7g61g0fosFEqu7NaRrZTOjeSTVfaO+uWAWpu6gEwdFdkxk9Ojfl5FAaoa5PtGGHR2De07ZDqn79bnfNBPRnv3R6b0+MTpT7HOHFmp14CU6YSfySjuy7/H6X1FrzE7vk/bWt3/4RoqIOUgDC3U4HaP1Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ddow+9quYdXTQO20/O4MasQc8FS56uMCQZ7o6IGkn4A=; b=fKQVqRfknBn1zUTHU9Ddyt7VP3LpIIFX0P8HpHxPfWEeYx47670LKwfd9AyQHA/bOS3gi6MJUuIFw1289lbQzwnAgKCrv3CLUkzGJlq16xzLeKY3J9T7d4uHDl4jfQCDkQpjWrH/RduVAZDdQCuYniNZev1dKV1XpKIKHzqGcijnZ4jFU3YbS8tNp4DZ3I6ir7LATb7WNYIog9zF+QOkqzobIBuyi+GtUkcmGlx0p3FSqmb5y1pck9/2wOBEHV/rn+QrUaXgYkaieFqueuFqdkzx0XCGHeXHLeSELW3LlksM+9wzp9qmrEgxDBaMbJ7g4unS8mMWoLBbDLt+7XsKaw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ddow+9quYdXTQO20/O4MasQc8FS56uMCQZ7o6IGkn4A=; b=zG0UdABf410tKZ5P/iKFTdETmPSoU3yu2c+qX6rFZVMyCDL9cizZVT2ohm4Zyzfk8bbg9xCCboeuMEnLZoPIirvMAf8lxvCDp/njWkx7cqrBBLJohRFMImjqAnmWbMjyd+921plzFeHT+vtN6pwQKVX9gCTpNE90JTvccJsCp04= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4365.namprd12.prod.outlook.com (2603:10b6:806:96::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Mon, 9 Aug 2021 17:18:19 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4394.023; Mon, 9 Aug 2021 17:18:19 +0000 Cc: brijesh.singh@amd.com, James Bottomley , Min Xu , Jiewen Yao , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth Subject: Re: [PATCH 1/3] OvmfPkg: introduce a common work area To: Tom Lendacky , devel@edk2.groups.io References: <20210804202003.17543-1-brijesh.singh@amd.com> <20210804202003.17543-2-brijesh.singh@amd.com> From: "Brijesh Singh" Message-ID: Date: Mon, 9 Aug 2021 12:18:17 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: X-ClientProxiedBy: SN7PR04CA0177.namprd04.prod.outlook.com (2603:10b6:806:125::32) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.31.95] (165.204.77.1) by SN7PR04CA0177.namprd04.prod.outlook.com (2603:10b6:806:125::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Mon, 9 Aug 2021 17:18:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 686f0194-3213-4b0c-947e-08d95b59aecc X-MS-TrafficTypeDiagnostic: SA0PR12MB4365: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3ppQtskc6I8Uwv4iPrHRAtumHVpDCApo69TKhH3yk5Y+wT6oNESTOtxzOxFb9FnPtmII1aP0q45grE+6OP2Vy8p+c432f+LB0w7ofK09EcZNdoUbZY++xOhLb1VtyAgGrnpN+ZnOElKn0pbSiHUxo3ABvEXFSfT9rtld1R9PQrof/Yd6ZEsIH2aHiFVPPEo/mBsDtzf3zmgymDNW2AbmDjs7FZKhNa1Y77u5+TvgZVPrxmBQCibLuiC4xm4tSkj67DEAflWoxzUTO+2WGfty7VkAbwn59c1ywew1TO/RUOA05Op1kl1/jztPPD32uMfTEKKUR4oyZ8z81IVKsmWn4DTm+JaNiKgoobG1zVY4YLKp1pwoQzv4u9mMlVLdWML/6d2oo1aB8fgoXeR6h1ig9EPbp4Mw3JHNuWV7/HdwyUhgZSXEzkOGfouHosN178mlYkMF3x0ucBZQZMTkkulRQ3yKPPata0uMnw4GEsRHGFR8Lt7d9nC5UnycC413QeQr7LCSd2v47pUfSHclbB7gglwJ5Vj9WeMuqKxyfH8cSTrRvK0Y3lMTaG9breR8A3NPP2witfgT+gv9d6stu72YG3zwT7+/zplhGiaV8vci+kKSGm0Vyvt79xmfNEy52IxXbuPbt9VX6/uAqJCO+rGQZWZfxVGsjFPu/cITgBgU0IoE7wileWzzMWs5AnmI3yR84IfxYc1Kbq7guTb++TJnIlM5QeZouswRelPe8eL8W0O94YcYPXILz8P8HMfTQ0BRddUd/3UKTWj73G5CQhx/EKKrnCkXCzSR50SJGRUYooqe/weun7ZdXVdfsfCIYiOtrQOditTZmJc4q2DvKaKER6y7e8skN69H+TMGT78vjLM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(39860400002)(396003)(8936002)(2906002)(31686004)(19627235002)(54906003)(44832011)(36756003)(2616005)(66946007)(66556008)(66476007)(956004)(6486002)(186003)(83380400001)(53546011)(26005)(5660300002)(8676002)(16576012)(86362001)(31696002)(316002)(38100700002)(38350700002)(966005)(478600001)(52116002)(4326008)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?b05NRjJpeCtsQUZPOEcxaDNYMDdJNm50ZnF2UEFyNmNoSFdTOG9BZDBwL2Nn?= =?utf-8?B?aFIxWVZqZFNZcWVPVEJ3YWpteEo3RlVvZlVXR3lBOHdrbHhOSzc4V3I3N0hR?= =?utf-8?B?cjI3M3kvakNyWlpRU3hWWnA0aU9tS3VaYnN6UU9MdUlaeVRzRGFvNGR0dE1x?= =?utf-8?B?WkNNOHJOQmtna0F1MUEvNmRMVzY4M2ZlaG5Rd0Z3Z001Ylgwbk9QZDZLU2Fw?= =?utf-8?B?aGxpdWJaVjl2ektrTmtnM1NYSFhMeXRHZDZiREthVmR0eXA1a1ZvMC9HcHBa?= =?utf-8?B?akk2bUpTbVFkRnd0ZVJFelUzanM0Y1BpR1QvSWFOV0R2S0txSEZuak5EbXhl?= =?utf-8?B?RXdMNzhKd2x3K2FCSWpnb3dqVVBDVDk5WW9rWjdHeFpWRngyQkgxWEpOUmF2?= =?utf-8?B?dmljdTVGZjkvYW1EZE4wc09EQU9vaVAzUG9QY21FZHVaR2tSSWdGcUllYzVw?= =?utf-8?B?djdVMGRzU0x2bUNCTEwxUC8rOFBBYkpJQ00yZldJcDN6amlrR1YyVm9kRVRx?= =?utf-8?B?NXBINFhrcVdSSldIOTdJL250TDNLNTRlSmRsbmpwQmU2YiswZlA4YktYTXYy?= =?utf-8?B?RTdTUWtxeDh4UFhUcm5wbUZ5ME42MHd2ZEY3VHJkUTk3dzRHekFwYkNtd1pk?= =?utf-8?B?V3BTZGM4ZGI1UzR2VXBrN3FYcEJ2eFVIQkU3L1lhTjZJMXNNR21uM2k5L2pN?= =?utf-8?B?aTRpSGRVMTRXQS9wYWtiUjB6NHNjYkNkM2VKbEZlQXVyQjlJTkU1T25qS200?= =?utf-8?B?QVpkaHdXb09FYmx5TGxhNjBDWWFOWGlWVzg1Tlpjb3A2cTdZZXNXTVF0N1lt?= =?utf-8?B?YnFZSG8rUHg3UGZvNi9MamhSc0RwN1hTQ3NRbTNDdktnWU9JR1dPUWJTeFZF?= =?utf-8?B?disxc21aRTJFNnJGU3BSQUc0eTNnbWtqTFpZN2RlNUJtL2dUUnNhQU8yaUFs?= =?utf-8?B?d3RsUkNpNnZ6dE81VmVXdFpFNVB2OU9jWGVrT2tKR1lTZ29HZTJTc2N4WG90?= =?utf-8?B?UThnaXVBK29YYzlxSnFPTTBkQTRTUG50ZzBZZGFiSmdWSDdxTjd6RXhNQWxj?= =?utf-8?B?NGlkWUJGUWpCNUpXUkt0RjZGVlhSSUhBandhM3BjbnRDM05zdC9qV0VqbG01?= =?utf-8?B?QSs3K3pKYWc2Y05wZ1Izc0JwdjFUenRRcm51R1JlZkdVOWZmRTY5WnFlZzl1?= =?utf-8?B?ZWExTXdRZ1V5Tk5uQkRhalhEcFdKcXBuS3YwVDV1NmoyNUxPMkEwMlRUWWVt?= =?utf-8?B?WmFva0ZUdzlBZWZUdm9BSHJKMFh3QVhhMlBhSVNZQzRnbysyMXlvamhIcHBj?= =?utf-8?B?bng3clBhV2N0QXFtYjlOYTVCSnZpbHVkRmxUUXQ1bHlYNkNBWmxYcm95dTlt?= =?utf-8?B?elVPZFdzMGVIbEV2QXNheXBrUjdaTk42YWJMVG43eTJKVHd1bGdFSGNMTndX?= =?utf-8?B?UE5IenYzUzFGT0dwREw1SnVVOEtEVGtLTmNtRGhuTDl1ZExsc1Q3Z2Q2dW0r?= =?utf-8?B?dzIxRzlqZXozZlEyUDdaUlhYcmFnNUlYUXNKTWtpbU9OcTBIL3h4V2I4a0gr?= =?utf-8?B?Y0FaOXZHN0d4UzhMMVUreHdGS2UxcEgybDI0L1BwOWUrWEhjY3pDUm1lS1l3?= =?utf-8?B?aHNKNlp4bGtEV2tDMEZCdFc4RGZrMDRxWnJ3RjZyWmlhR1gvQ1pCQmNVdlhM?= =?utf-8?B?SVFTMDQvOXpNUUVZQWg2eVBTL1lPajNXYmdFZjdWMVRHMmJXL0dQOW5pamdo?= =?utf-8?Q?EPQ8QMtdMgRd+moq6rXPwK1s66KTCMGX6fu+YQo?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 686f0194-3213-4b0c-947e-08d95b59aecc X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Aug 2021 17:18:19.4134 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ecQh+WEqSdMieXNV2KwKHG0zIXk7vdB5ePVnIQxEU5CwmhsxYh8TSmxwOnUaGguBFrdvkWObpl/14QM19Av9Sg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4365 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 8/9/21 11:40 AM, Tom Lendacky wrote: > On 8/4/21 3:20 PM, Brijesh Singh wrote: >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 >> >> Both the TDX and SEV support needs to reserve a page in MEMFD as a work >> area. The page will contain meta data specific to the guest type. >> Currently, the SEV-ES support reserves a page in MEMFD >> (PcdSevEsWorkArea) for the work area. This page can be reused as a TDX >> work area when Intel TDX is enabled. >> >> Based on the discussion [1], it was agreed to rename the SevEsWorkArea >> to the OvmfWorkArea, and add a header that can be used to indicate the >> work area type. >> >> [1] https://edk2.groups.io/g/devel/message/78262?p=,,,20,0,0,0::\ >> created,0,SNP,20,2,0,84476064 >> >> Cc: James Bottomley >> Cc: Min Xu >> Cc: Jiewen Yao >> Cc: Tom Lendacky >> Cc: Jordan Justen >> Cc: Ard Biesheuvel >> Cc: Erdem Aktas >> Signed-off-by: Brijesh Singh >> --- >> OvmfPkg/OvmfPkg.dec | 6 +++ >> OvmfPkg/OvmfPkgX64.fdf | 9 +++- >> OvmfPkg/PlatformPei/PlatformPei.inf | 4 +- >> OvmfPkg/Include/Library/MemEncryptSevLib.h | 21 +-------- >> OvmfPkg/Include/WorkArea.h | 53 ++++++++++++++++++++++ >> OvmfPkg/PlatformPei/MemDetect.c | 32 ++++++------- >> 6 files changed, 85 insertions(+), 40 deletions(-) >> create mode 100644 OvmfPkg/Include/WorkArea.h >> >> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec >> index 2ab27f0c73c2..9d31ec45c78a 100644 >> --- a/OvmfPkg/OvmfPkg.dec >> +++ b/OvmfPkg/OvmfPkg.dec >> @@ -330,6 +330,12 @@ [PcdsFixedAtBuild] >> gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 >> gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 >> >> + ## The base address and size of the work area used during the SEC >> + # phase by the SEV and TDX supports. >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|0|UINT32|0x49 >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize|0|UINT32|0x50 >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaHeaderSize|4|UINT32|0x51 >> + >> [PcdsDynamic, PcdsDynamicEx] >> gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 >> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf >> index 5fa8c0895808..418e0ea5add4 100644 >> --- a/OvmfPkg/OvmfPkgX64.fdf >> +++ b/OvmfPkg/OvmfPkgX64.fdf >> @@ -83,7 +83,7 @@ [FD.MEMFD] >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize >> >> 0x00B000|0x001000 >> -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize >> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize >> >> 0x00C000|0x001000 >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize >> @@ -99,6 +99,13 @@ [FD.MEMFD] >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize >> FV = DXEFV >> >> +########################################################################################## >> +# SEV specific PCD settings >> +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaHeaderSize = 0x4 >> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaHeaderSize >> +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaHeaderSize >> +########################################################################################## >> + >> ################################################################################ >> >> [FV.SECFV] >> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf >> index 89d1f7636870..67eb7aa7166b 100644 >> --- a/OvmfPkg/PlatformPei/PlatformPei.inf >> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf >> @@ -116,8 +116,8 @@ [FixedPcd] >> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize >> - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase >> - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize >> >> [FeaturePcd] >> gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable >> diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h >> index 76d06c206c8b..adc490e466ec 100644 >> --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h >> +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h >> @@ -12,6 +12,7 @@ >> #define _MEM_ENCRYPT_SEV_LIB_H_ >> >> #include >> +#include >> >> // >> // Define the maximum number of #VCs allowed (e.g. the level of nesting >> @@ -36,26 +37,6 @@ typedef struct { >> VOID *GhcbBackupPages; >> } SEV_ES_PER_CPU_DATA; >> >> -// >> -// Internal structure for holding SEV-ES information needed during SEC phase >> -// and valid only during SEC phase and early PEI during platform >> -// initialization. >> -// >> -// This structure is also used by assembler files: >> -// OvmfPkg/ResetVector/ResetVector.nasmb >> -// OvmfPkg/ResetVector/Ia32/PageTables64.asm >> -// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm >> -// any changes must stay in sync with its usage. >> -// >> -typedef struct _SEC_SEV_ES_WORK_AREA { >> - UINT8 SevEsEnabled; >> - UINT8 Reserved1[7]; >> - >> - UINT64 RandomData; >> - >> - UINT64 EncryptionMask; >> -} SEC_SEV_ES_WORK_AREA; >> - >> // >> // Memory encryption address range states. >> // >> diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h >> new file mode 100644 >> index 000000000000..0aaad7e1da67 >> --- /dev/null >> +++ b/OvmfPkg/Include/WorkArea.h >> @@ -0,0 +1,53 @@ >> +/** @file >> + >> + Work Area structure definition >> + >> + Copyright (c) 2021, AMD Inc. >> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> +**/ >> + >> +#ifndef __OVMF_WORK_AREA_H__ >> +#define __OVMF_WORK_AREA_H__ >> + >> +// >> +// Internal structure for holding SEV-ES information needed during SEC phase >> +// and valid only during SEC phase and early PEI during platform >> +// initialization. >> +// >> +// This structure is also used by assembler files: >> +// OvmfPkg/ResetVector/ResetVector.nasmb >> +// OvmfPkg/ResetVector/Ia32/PageTables64.asm >> +// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm >> +// any changes must stay in sync with its usage. >> +// >> +typedef struct _SEC_SEV_ES_WORK_AREA { >> + UINT8 SevEsEnabled; >> + UINT8 Reserved1[7]; >> + >> + UINT64 RandomData; >> + >> + UINT64 EncryptionMask; >> +} SEC_SEV_ES_WORK_AREA; >> + >> +// >> +// Guest type for the work area >> +// >> +typedef enum { >> + GUEST_TYPE_NON_ENCRYPTED, >> + GUEST_TYPE_AMD_SEV, >> + GUEST_TYPE_INTEL_TDX, >> + >> +} GUEST_TYPE; >> + >> +// >> +// The work area structure header definition. >> +// >> +typedef struct _OVMF_WORK_AREA { >> + UINT8 GuestType; >> + UINT8 Reserved1[3]; >> + >> + SEC_SEV_ES_WORK_AREA SevEsWorkArea; >> +} OVMF_WORK_AREA; >> + >> +#endif >> diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c >> index 2deec128f464..4c53b0fdf2fe 100644 >> --- a/OvmfPkg/PlatformPei/MemDetect.c >> +++ b/OvmfPkg/PlatformPei/MemDetect.c >> @@ -939,23 +939,21 @@ InitializeRamRegions ( >> } >> >> #ifdef MDE_CPU_X64 >> - if (MemEncryptSevEsIsEnabled ()) { >> - // >> - // If SEV-ES is enabled, reserve the SEV-ES work area. >> - // >> - // Since this memory range will be used by the Reset Vector on S3 >> - // resume, it must be reserved as ACPI NVS. >> - // >> - // If S3 is unsupported, then various drivers might still write to the >> - // work area. We ought to prevent DXE from serving allocation requests >> - // such that they would overlap the work area. >> - // >> - BuildMemoryAllocationHob ( >> - (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase), >> - (UINT64)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaSize), >> - mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData >> - ); >> - } >> + // >> + // Reserve the work area. >> + // >> + // Since this memory range will be used by the Reset Vector on S3 >> + // resume, it must be reserved as ACPI NVS. >> + // >> + // If S3 is unsupported, then various drivers might still write to the >> + // work area. We ought to prevent DXE from serving allocation requests >> + // such that they would overlap the work area. >> + // >> + BuildMemoryAllocationHob ( >> + (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaBase), >> + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaSize), >> + mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData >> + ); > > If SEV-ES is enabled, then we previously had already verified that the > work area was present. Without that check now, it may not be. Just for > safety, it is probably worth replacing the: > > if (MemEncryptSevEsIsEnabled ()) { > > with > > if (FixedPcdGet32 (PcdOvmfWorkAreaSize) != 0) { > Noted. thanks