From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.groups.io with SMTP id smtpd.web09.9212.1610030698710333489 for ; Thu, 07 Jan 2021 06:44:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=g6e2v/Z+; spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1610030697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X9tzgfUXOywYv39c2v73byUKn4qW2hm9CixtGJ+WkQA=; b=g6e2v/Z+dTYA4geI6WYNggZgfzpsLzQh2DMD0R8HJ/d272lQAAOBdca9UTaLjyo6ALKW1S HdU15/8MtQyusDNAJ8ubkCiELlKJ0I+kLkSLUUBbocYY4JZ9EoqF/AGIoY+Rjt1tPrN4yw Is0TuCYUUqA0h3/JxhS4khu7I0iob3Q= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-580-jQqYFKaBOCGTrYYwCLK2OA-1; Thu, 07 Jan 2021 09:44:54 -0500 X-MC-Unique: jQqYFKaBOCGTrYYwCLK2OA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E6CC3805EF1; Thu, 7 Jan 2021 14:44:52 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-119.ams2.redhat.com [10.36.114.119]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9D639177F8; Thu, 7 Jan 2021 14:44:51 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2 04/15] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <1c6e5ce7612f64fb1e4aea5f642d01572c063850.1609968101.git.thomas.lendacky@amd.com> From: "Laszlo Ersek" Message-ID: Date: Thu, 7 Jan 2021 15:44:50 +0100 MIME-Version: 1.0 In-Reply-To: <1c6e5ce7612f64fb1e4aea5f642d01572c063850.1609968101.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 01/06/21 22:21, Lendacky, Thomas wrote: > From: Tom Lendacky > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108 > > If a hypervisor incorrectly reports through CPUID that SEV-ES is not > active, ensure that a #VC exception was not taken. If it is found that > a #VC was taken, then the code enters a HLT loop. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Brijesh Singh > Reviewed-by: Laszlo Ersek > Signed-off-by: Tom Lendacky > --- > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) Thanks for the update! Laszlo > > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > index ccc95ad4715d..a1771dfdec23 100644 > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > @@ -154,6 +154,22 @@ SevEncBitLowHlt: > jmp SevEncBitLowHlt > > NoSev: > + ; > + ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred. > + ; > + cmp byte[SEV_ES_WORK_AREA], 0 > + jz NoSevPass > + > + ; > + ; A #VC was received, yet CPUID indicates no SEV-ES support, something > + ; isn't right. > + ; > +NoSevEsVcHlt: > + cli > + hlt > + jmp NoSevEsVcHlt > + > +NoSevPass: > xor eax, eax > > SevExit: >