From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.55]) by mx.groups.io with SMTP id smtpd.web09.6135.1630585709829969348 for ; Thu, 02 Sep 2021 05:28:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=nbamCU4y; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.55, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FmDJr8bsshU+FqT74Hj3zd1SvngkbNhn5/LbO5K0S3Biurgz2IwqCSnmkdQk5JoB9idinuCQK6/q/MwvF1eLVRLzq1JJK1kLRhPquMPQrCnyHFZR5nqlyf1ZBu/LOjloDdN2F/8urPJXoY3R2SubN32XNlLfchj/4NCuBLFNQXq6aDH3T8WHjBmYFEWwS7cDkoXWjk5SvgYTqa1BpChpaayCiU6aGIcyexZNpO5QN80ESjgkwcz3aYzDwRzZHbw4FcowDQN3VRVyvc8m90B4zl5lz80zaaNhIk6K+soB40e/xJwJOSkg7cuQCIqXhmlntJ5eTlFYHorUrzjli2HQcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jaNukCMDoSCv8nE1/R0cYOhERWfZf3eVU3qS1MwB8Fs=; b=ZudfPv7gejsKvvM8TJskNbFyPxX3dfKWZkwwzLM4zFab+TKuaE/3Gs3Xg1WZWnIKbtjAPkiym8odaHrN2yMr+CmZt6nGPkIqRvT8Aa460oJmDRddVRJkaSJG6VxFxEhTbEhK4SX9wbUKwM+XLa3wB+NShHRNY2G+SDfZCfVaj2KMZqbEv44Ko9i6wgNa9SRAqrYdPLbAOvUBWH+FNLv9X69EQlYoqFCVOB599F5b9ToO+Edmlla57WPWL5E+wNLqU0DnbA6Spd9vhhMQ+rbPzC9m7mSP9wjnkCGDxYTqLK4gS5l/4o/5P13kyB/6Ds2UjLlXcVj0AXjTlL+k/yob2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jaNukCMDoSCv8nE1/R0cYOhERWfZf3eVU3qS1MwB8Fs=; b=nbamCU4yYUJ5URlgtphGCs9Et6Aligd4xJR091KMixI2KHl3B6DS5MQ23cAr/JpDPnmacXCWcxNChx4ux3D48xkT8cfn4OBmXB0s7UcThDq5JVTc1Jh6yXggPNwv3UeZFa7vc2JJXiK1qYMfywJ5LT3Mr5Eahkwc6gqDsTxkb44= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4365.namprd12.prod.outlook.com (2603:10b6:806:96::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19; Thu, 2 Sep 2021 12:28:28 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4478.021; Thu, 2 Sep 2021 12:28:28 +0000 Subject: Re: [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP To: Gerd Hoffmann Cc: devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth References: <20210901161646.24763-1-brijesh.singh@amd.com> <20210901161646.24763-3-brijesh.singh@amd.com> <20210902080448.jjigp62hsfo4o2h6@sirius.home.kraxel.org> From: "Brijesh Singh" Message-ID: Date: Thu, 2 Sep 2021 07:28:25 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 In-Reply-To: <20210902080448.jjigp62hsfo4o2h6@sirius.home.kraxel.org> X-ClientProxiedBy: SA0PR13CA0013.namprd13.prod.outlook.com (2603:10b6:806:130::18) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SA0PR13CA0013.namprd13.prod.outlook.com (2603:10b6:806:130::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.16 via Frontend Transport; Thu, 2 Sep 2021 12:28:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 80a887c9-7218-437c-8ed8-08d96e0d2a82 X-MS-TrafficTypeDiagnostic: SA0PR12MB4365: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:883; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /gbP3jqIrpDB/s4pNluasHcsj12QRvWXBxpPXmG134ijDwJWFsnp8u5wtyC8TMAgA3ix83EsvCxFyyCYretqy7H6WK3XdsGkRIE7oLCyzLBiLM8SjfpwN9Tthx5VmTY5BALDDUsVlG9wPAnzbL1fw9hM/wYRp2onM3495fC25ftK9yUhSAr2GurbmbYiEBrnuAzNLzp763Mw8b1eOWiQF7J2x9r5w8YzqQYhX5hUSKIMOk8mnLxDQSFnYdf7OJMVtrma9FdGdAZ/sArr4mas/4KSxrhmMTjsi04+7ofVGXnbEaFcBbpXg8G/w59OYKHZY35WPPgzyrcCX1TqdRy+dSRr8+WEx5Qg0HGjcw9rsVh+unoOaKHECFIFld55G4sH5g4T1c4e4ka+UsYctORTkUlMVppW3QdNTCNy4zn1CNNjWQ3IlIeeVgohvAkhPXJ451rCC4XvWb3L27BcTJ/T6KBaXLVXJOeW5pCN6DZJzYYAa7rZ+Z0SU5cC2jnnPfV+9ns991u3vb6SL0NX2HvEGHJZgA0fVHVQrmOyyJptO5BU1RHaKLNBpiLlef275Wz7LvJ7xiZ4zI77T3ycjY2EeTja78GHx06MJYy66wG/rbEvrjYbx1nGX1RHTjsN9ucMwgom2X4iybXEejGjBqI2bMkrl5r77HUBJHyaAU02JfpwTKZI/QhK2qVP6032PPTJwsQHrVXrjX1gAlInIf0AyTKrV3knSdJiIuf0SoLcyZ1xwrd7iTgrSK487RNYjYKr+TQD53a87XwLMf3S4mAf6ENIOsjmzU8KeQcVSPcBu7SzqPULjlkg8GuHUgaADv7Ir+ztug3HQpqYRsJL04KQB1zdV6Zqphp2sL0h+bneDl7kEqPj8OMz/g+i37Beyz9r X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(136003)(376002)(39860400002)(346002)(26005)(186003)(2616005)(44832011)(956004)(83380400001)(4326008)(6486002)(966005)(54906003)(38350700002)(31686004)(52116002)(8936002)(38100700002)(66476007)(66946007)(6916009)(8676002)(31696002)(316002)(66556008)(36756003)(53546011)(6506007)(478600001)(45080400002)(5660300002)(6512007)(2906002)(86362001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Qk0yY0QwQU9mL2hnL1EwcFEzNHZjWFdReVY5d1JRNXBnSUJtSit0eXdZTGRM?= =?utf-8?B?cE9YdnltSTF3U0VMc1QxMTMyY2dxWElzclh2NHhMbDFwR0MrZlAvL1ZkUENm?= =?utf-8?B?TnRQaVI4dFpGSUFrNGxGaGRMU0dOTWoreHZVZWQrQytJYkdTVXdZMktFclBn?= =?utf-8?B?amFmL0FSejlBNEVjRE9yS1lDNlIzZW56V0lNMm9uL2R5MlNpZFYvSXRyeGR0?= =?utf-8?B?dSthSG85L0x2V2VzY3pQa0NZMTNtTWlFZFhQQTFENXVWcGhGb0lsVWhiZ3ZG?= =?utf-8?B?Rk9jVm55bnRDcXVoaE12TnpsSmszMjY4TW5wM2pKMHBrTk9PMWtHd0ZRM0dl?= =?utf-8?B?NEVOU3JhdkhhU2lKcTNHWVlWOElDekRCUnNSaUxxbXJIbGQ3MnF3RkUyVTlI?= =?utf-8?B?SWFhWklIbUlxWHk2QW4xN0pBbUNKV2V6b05PSG5NUVBBYnJtR0dRZk1yVXIw?= =?utf-8?B?cWVvb2VvRnduS1dFbkkxN3FMTGdtVzBRdC9GeFJ1ZWxQTVZIOWtZREdlSHBR?= =?utf-8?B?QTYzTVZsSm9yeVFzWWtKVmMwdDdxN25ERENOOVhuVmVIM0ZaNERFTnpodWVm?= =?utf-8?B?NEVQK1VQNzdKazhGek9xVFN5V3lyZENSZkpGWG9ZVnJWK0JKNlNsNDlIdTVo?= =?utf-8?B?OWZtc29GVksvU3Y1K0JQZkc0dWY2OGVDSkdsVXN2SGpSdFNGaytJem1GM09Y?= =?utf-8?B?aS93RzdTNG1TK3I1WFZpTkF3Umh1YW56TTAzYno3UGNtQ3gxcHl1RHJCQUw0?= =?utf-8?B?dmdPZGt4QVRGeU1udUp1YjlIOU4vcm81ZE5ONVBWWVdKeTRLODg4RjVyQ1hX?= =?utf-8?B?c1hUUmV1VnJkRkpoS1hNMUhFbzVhcVRUSG5Ed3dCMnBjeXFveEw1NXBBYTJX?= =?utf-8?B?by80a095TmZ0UDRPNnZnYXp4VnhMdjhSQll3NWoyVjBQNUxWaU83d2YyR09n?= =?utf-8?B?empzSE9LZUtrZVdlTUs1VDE4MFY0NDRZREdkZFlCTmc3NUZCOVZieXlhWVZK?= =?utf-8?B?VkVoaVlIbHhWOVRZQ3VwQTE0eDF5Q2VwT1cwNkdTaExwdzRZODVpK3dkbG1E?= =?utf-8?B?b1NEeWE3QTBuTVJSQUVoUmZqcjVCZUVyVmIzZmkrRGJVNWl1OExldmk3REZQ?= =?utf-8?B?bE04S2U1VGpteHBDM0R3U3hMT2l2aVBWRHB1eHMrVWtxajJoSFBpTjk3SkJn?= =?utf-8?B?WjlhMFhoalBZV2F3VEVQaXlITmdYeFRWSnBYQkRNSGE0enIzQjljamQ2UlYz?= =?utf-8?B?TEo2UnNoUEhFZzkySHNOenUyYWlCVjRwcTRWRldCdHpyc01MOUV0djNCWmhu?= =?utf-8?B?VllZSlpuTCt5TE1nM1ZTektMVEx5RzFWZy9JekhmaTNBeEgzTjMxQ0Q3dmUw?= =?utf-8?B?QktFUW5XVDVUcVZYNW9KbGo5NmdXYVdrZTBFbTJjb3JQd3lHdGRHNVRhRkxR?= =?utf-8?B?dStuZjN2UlNabTdLZjRzWUlQSTRmRE15a0dUNHBPUWxweFdSSlhKOFhsRmVJ?= =?utf-8?B?K2tveGVVUUJCekJYaytZd2xTenBtNGtaTEVsa094WXZEY0pYUEdnZkJ1akRB?= =?utf-8?B?RkxkdUNhSWo4N2tpWTUvR09ybWJ1ZjYva255UFR0MHpBaHdodEhOTmt1YmVp?= =?utf-8?B?VitvSUxZWGRRYVpEb0svVTVKUW9zS0ZsZ0dibXlyMU1FQ0JTWDNwamE3UjhV?= =?utf-8?B?V1BoZjFFbzFuSEdPSUxmamdHY0EzR0tyMnMwdmd4Ynh5M2dUbHdBeEIrQnRX?= =?utf-8?Q?FKZjo/RbEwGxe09IMOsJQr539cDLCeiPSEVRvPl?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 80a887c9-7218-437c-8ed8-08d96e0d2a82 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2021 12:28:27.8634 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EAeIcoHa5/7xGyPsxPcIHykBQRX27nzeXIwjO1OBfFQXswhzU12mRp9BYHdxGykasniLqelsku8npJdgU++CLA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4365 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Hi Gerd, On 9/2/21 3:04 AM, Gerd Hoffmann wrote: > On Wed, Sep 01, 2021 at 11:16:19AM -0500, Brijesh Singh wrote: >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cbrijesh.singh%40amd.com%7C13c81a39aa2e4f22430e08d96de85a69%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637661666978547521%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4b22Sv6xoUGQ3xutPYdsqb4cNh1SS9Z8MOQG7dHiqYU%3D&reserved=0 >> >> Platform features and capabilities are traditionally discovered via the >> CPUID instruction. Hypervisors typically trap and emulate the CPUID >> instruction for a variety of reasons. There are some cases where incorrect >> CPUID information can potentially lead to a security issue. The SEV-SNP >> firmware provides a feature to filter the CPUID results through the PSP. >> The filtered CPUID values are saved on a special page for the guest to >> consume. Reserve a page in MEMFD that will contain the results of >> filtered CPUID values. > Is the format of the page documented somewhere? Yes, it is documented in the SEV-SNP spec [1] section 7.1 and the checks performed by the SEV-SNP firmware are documented in the PPR [2] section 2.1.5.3. I will document these link in the commit message. [1] https://www.amd.com/system/files/TechDocs/56860.pdf [2] https://www.amd.com/en/support/tech-docs/processor-programming-reference-ppr-for-amd-family-19h-model-01h-revision-b1 > Is this snp-specific? Or could this also be used without snp? This is SNP specific format and cannot be used without SNP. thanks Brijesh