From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM03-CO1-obe.outbound.protection.outlook.com (NAM03-CO1-obe.outbound.protection.outlook.com [40.107.79.54]) by mx.groups.io with SMTP id smtpd.web11.31691.1574376545213290139 for ; Thu, 21 Nov 2019 14:49:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=JEuJYQSM; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.79.54, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jMh4iQ6KUQ9N5vGR6wps5frOAeu5zslmThioJLGRCtybA1/8+ESHV4dIBAn9BIL0yPftJqx4PVYC6ATNz1/BYfflETnwzLdDFDd4+QFfGj2iH425Ksd/d5z8auh7HzAlSfy3NVPhWvyOg58uAmqsbNbBWSYpUsr3K017IiAKqErAuBmuX0N5Qpea03QCtitT58PzN8JfVz7sUUbzjOgQt7j6CWeYORTbWmILNm6PQPCIV/ItUYIMoi28GSf8w8+ddhZrmQHH4j1nEcSNoauJmbwZlCPKIIJllDGuEgBqCMtTIEHkAq/3+/m2Gqr5qjtF9vqARQaklEoT+2ctFIs1sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8P2Aex/u2OkUf1xRJR02RcSczcLdEMu+29jjNTYRIUg=; b=k04YOcvuYSqs2JSZ5yGvVeUnPee5o0Y8y3NR+d2OlAcux/Ot2gwaTQZEpqJ2QewPNSUvjZfKBPlXcWt75INN7LqVGtG1quMFe9IjWNq+81cPCGZV1C9AlltqkLA0vDZagE2Uwsr2i6nt+TazYjIfAwQGL3qw3BUFlQkFP+PNiiCUQ4LTGqm4982pj2bZ7EasIwqoUKLdC0NEnjNgjxI5mvmfDebRi9V7R4Pxm7HkJ8sE08pp3nzi85FowL1oANmGBfDNUi1E+3wg+j62EzoU1DzVOcTbkKLFGtq9rm4oa4rfeK9AhvL7Sl4nRznc3lT3P5t+kcYLdm5hEKr3k1ru7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8P2Aex/u2OkUf1xRJR02RcSczcLdEMu+29jjNTYRIUg=; b=JEuJYQSMUB85QXI5RhSc2CL9AiiLkcEF4i/9lD48Qcln7wLjlqmwSvf75q9g1qF9//p5ivUfbohbgEo+bJZ7sNgU8+k4PdZuKVYqJ2UIg4VVk1LASRMAomMLpKsF/GqA4qq+z6rL9kviBCA1dlS87AoQRg7AJMilwELlWrzOSZA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from DM6PR12MB3163.namprd12.prod.outlook.com (20.179.71.154) by DM6PR12MB3689.namprd12.prod.outlook.com (10.255.76.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.19; Thu, 21 Nov 2019 22:49:03 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::dd0c:8e53:4913:8ef4]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::dd0c:8e53:4913:8ef4%5]) with mapi id 15.20.2474.019; Thu, 21 Nov 2019 22:49:03 +0000 Subject: Re: [edk2-devel] [RFC PATCH v3 37/43] OvmfPkg: Reserve a page in memory for the SEV-ES AP reset vector To: Laszlo Ersek , devel@edk2.groups.io Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh References: <706f17aa0ea3ed3f57c1e933e93164a94ba1a0cf.1574280425.git.thomas.lendacky@amd.com> <85a5bcf3-25e2-7298-bca6-cef09cdb5d47@redhat.com> From: "Lendacky, Thomas" Openpgp: preference=signencrypt Message-ID: Date: Thu, 21 Nov 2019 16:49:01 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 In-Reply-To: <85a5bcf3-25e2-7298-bca6-cef09cdb5d47@redhat.com> X-ClientProxiedBy: SN6PR04CA0084.namprd04.prod.outlook.com (2603:10b6:805:f2::25) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 198a7500-1289-4bb4-ff5c-08d76ed501ac X-MS-TrafficTypeDiagnostic: DM6PR12MB3689:|DM6PR12MB3689: X-MS-Exchange-PUrlCount: 1 X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 0228DDDDD7 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(136003)(396003)(376002)(39860400002)(346002)(366004)(189003)(199004)(66556008)(66066001)(65956001)(66476007)(14444005)(36756003)(14454004)(54906003)(45080400002)(66946007)(65806001)(478600001)(19627235002)(99286004)(305945005)(7736002)(58126008)(316002)(5660300002)(446003)(2616005)(11346002)(25786009)(47776003)(31696002)(23746002)(86362001)(3846002)(230700001)(76176011)(52116002)(386003)(8676002)(6486002)(229853002)(186003)(6512007)(6306002)(6436002)(53546011)(8936002)(26005)(81156014)(4326008)(2906002)(966005)(81166006)(6506007)(6116002)(31686004)(50466002)(6246003);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3689;H:DM6PR12MB3163.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4Jwm7j/yuyvpT0oNJr41hg62Vp38/Dikq3Xz1t++tEt+sTACzv5KvJ0q/900CgwFLy3JheCw8TXpPVX8pU747qjklT8aezpz6oamLXCUyn7KAA/l2qIeQQ54JLTsKHIpSE5IbgofoGH3ZE34pSgPFqERRhTBB94kBl6vPGq7CRj07Nq1HlxtMvcT+ua/mpO4GnaJjfJVBGvKPBUuNW9Yr//sG2r4kdXUT+oue3ihDkyHH8goaxlZ0g11/p6isb7zSUzngaiu0MM52hPaj8r7jmhs4QJKDy4yqxr5t6IebViBvB0h4QKPpLDTuMrVKG3V41wgoxgrM1EQk5eJullXX07qIQqbD2Qxg38yShr2bm65SFGRIOqSoThHsHYcqjCJf4nyWTlCl8TSX/Ld3V+NCVAoPFiOpawfQ+lsfiHsihvp9+ePBTUYwN6kVS12mzVSdbd8Kh3E6o8IeWYxKsQsosbZbveHcpbFrByBxL9erY4= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 198a7500-1289-4bb4-ff5c-08d76ed501ac X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Nov 2019 22:49:03.3437 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hacdqp1YKXI+4JAY9uVTrg+rUyizScdORYALdlWQmvJAC5f1R6h0GQBl/I8d3DxDtNkv5TPJjQXvj2b7YJxToA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3689 Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit On 11/21/19 1:27 PM, Laszlo Ersek wrote: > On 11/20/19 21:06, Lendacky, Thomas wrote: >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2198&data=02%7C01%7Cthomas.lendacky%40amd.com%7C0b8d41fe61b5434f088908d76eb8ee62%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637099612867835131&sdata=6A9VajzefK968qLjGCnZ4cAoL4AGGyRbtl%2FLYW2RC6Y%3D&reserved=0 >> >> Reserve a fixed area of memory for the SEV-ES AP reset vector and set >> the fixed PCD, PcdSevEsResetRipBase, to this value. >> >> A hypervisor is not allowed to update an SEV-ES guest's register state, >> so when booting an SEV-ES guest AP, the hypervisor is not allowed to >> set the RIP to the guest requested value. Instead an SEV-ES AP must be >> re-directed from within the guest to the actual requested staring location >> as specified in the INIT-SIPI-SIPI sequence. >> >> Provide reset vector code that contains support to jump to the desired >> RIP location after having been started. This is required for only the >> very first AP reset. > > (1) I suggest replacing "Provide reset vector code" with "Provide > *memory for* reset vector code" Will do. > >> >> This new reset vector code is used in place of the original code because > > (2) I suggest replacing "reset vector code" with "source file". Yup, makes sense. > >> of the include path order set in OvmfPkg/ResetVector/ResetVector.inf >> under "[BuildOptions]". >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/OvmfPkgX64.fdf | 3 + >> OvmfPkg/ResetVector/ResetVector.inf | 2 + >> OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 94 ++++++++++++++++++++ >> OvmfPkg/ResetVector/ResetVector.nasmb | 1 + >> 4 files changed, 100 insertions(+) >> create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >> >> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf >> index 973b19fdbf19..b7618b376430 100644 >> --- a/OvmfPkg/OvmfPkgX64.fdf >> +++ b/OvmfPkg/OvmfPkgX64.fdf >> @@ -82,6 +82,9 @@ [FD.MEMFD] >> 0x009000|0x002000 >> gEfiMdeModulePkgTokenSpaceGuid.PcdSecGhcbBase|gEfiMdeModulePkgTokenSpaceGuid.PcdSecGhcbSize >> >> +0x00B000|0x001000 >> +gUefiCpuPkgTokenSpaceGuid.PcdSevEsResetRipBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsResetRipSize >> + >> 0x010000|0x010000 >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize >> >> diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf >> index 266c5fc5c8b3..284f03c4fb1e 100644 >> --- a/OvmfPkg/ResetVector/ResetVector.inf >> +++ b/OvmfPkg/ResetVector/ResetVector.inf >> @@ -36,6 +36,8 @@ [BuildOptions] >> [Pcd] >> gEfiMdeModulePkgTokenSpaceGuid.PcdSecGhcbBase >> gEfiMdeModulePkgTokenSpaceGuid.PcdSecGhcbSize >> + gUefiCpuPkgTokenSpaceGuid.PcdSevEsResetRipBase >> + gUefiCpuPkgTokenSpaceGuid.PcdSevEsResetRipSize > > (3) "RipSize" looks quite strange; how about: > > - PcdSevEsResetVectorBase > - PcdSevEsResetVectorSize > > (i.e. s/Rip/Vector/) Yup, I'll change that. > > > (4) I think the module will not actually use the "size" PCD, so we can > remove it from the INF file. Done. > >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize >> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase >> diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >> new file mode 100644 >> index 000000000000..2a3c9bafb451 >> --- /dev/null >> +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm >> @@ -0,0 +1,94 @@ >> +;------------------------------------------------------------------------------ >> +; @file >> +; First code executed by processor after resetting. >> +; Derived from UefiCpuPkg/ResetVector/Vtf0/Ia16/ResetVectorVtf0.asm >> +; >> +; Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
>> +; SPDX-License-Identifier: BSD-2-Clause-Patent >> +; >> +;------------------------------------------------------------------------------ >> + >> +BITS 16 >> + >> +ALIGN 16 >> + >> +; >> +; Pad the image size to 4k when page tables are in VTF0 >> +; >> +; If the VTF0 image has page tables built in, then we need to make >> +; sure the end of VTF0 is 4k above where the page tables end. >> +; >> +; This is required so the page tables will be 4k aligned when VTF0 is >> +; located just below 0x100000000 (4GB) in the firmware device. >> +; >> +%ifdef ALIGN_TOP_TO_4K_FOR_PAGING >> + TIMES (0x1000 - ($ - EndOfPageTables) - 0x20) DB 0 >> +%endif >> + >> +; >> +; SEV-ES Processor Reset support >> +; >> +; sevEsResetBlock: >> +; For the initial boot of an AP under SEV-ES, the "reset" RIP must be >> +; programmed to the RAM area defined by SEV_ES_RESET_IP. A known offset >> +; and GUID will be used to locate this block in the firmware and extract >> +; the build time RIP value. The GUID must always be 48 bytes from the >> +; end of the firmware. >> +; >> +; 0xffffffca (-0x36) - IP value >> +; 0xffffffcc (-0x34) - CS selector value > > (5) I think the documentation of these four bytes is incorrect. > (Similarly in the previous patch, in the commit message.) We populate > these bytes with the *linear address* of the "reset trampoline" where > the host will have to boot the AP for the first time. It's not expressed > in real mode CS:IP notation / meaning. This is correct. The code will be in "big real mode" as you note below (the reset vector is actually 0xfffffff0, just below 4GB and running in 16-bit mode). If you look in Qemu, target/i386/cpu.c, x86_cpu_reset(), you'll see where the CS segment is being loaded with a base of 0xffff0000 and the eip gets loaded with 0xfff0. So the change to Qemu takes the "CS selector value" and effectively left shifts it 16-bits to set the base and sets the eip to the "IP value" (in actuality, Qemu reads this as a 32-bit value starting at the IP value and ANDs it with 0xffff0000 to get the base and 0x0000ffff to get the eip. > > > (6) Which brings me to my main point... Value 0x00B000 (for the "base" > PCD) is relative to the base address of FD.MEMFD, namely 8MB (see > MEMFD_BASE_ADDRESS). > > IOW, the ultimate value of SEV_ES_RESET_IP will be 0x0x0080_B000. That > address is larger than 1MB. Which is ok since Qemu will set up CS appropriately. > > Therefore, the host will have to launch the AP (for the first time) > above 1MB (in guest-phys address space). Which is also OK, just like the BSP was launched at 0xFFFF_FFF0. > > How can that work, if the AP is supposed to start in real mode? The > linear address 0x0x0080_B000 cannot be expressed in 16-bit real mode > CS:IP notation at all. > > Does the hypervisor start the AP in "big real mode" (16-bit mode with > 4GB segment limits, and CS containing a segment selector, not the actual > segment base)? > > ... I guess that would answer my question (6) -- and the last few > patches in this series, before this one, *do* suggest "big real mode" to > me --, but the documentation around (5), and in the commit message of > the previous patch, still doesn't match that. I'll expand on the commit message to indicate that Qemu, or others, must do something similar relative to the CS register setup. Thanks, Tom > > ... AFAICS I'm only requesting small cleanups for this patch (naming, > documentation, PCD listing), thus, conditional on everything addressed, > I feel comfortable giving > > Reviewed-by: Laszlo Ersek > > in advance. > > Thanks! > Laszlo > >> +; 0xffffffce (-0x32) - Size of SEV-ES reset block >> +; 0xffffffd0 (-0x30) - SEV-ES reset block GUID >> +; (00f771de-1a7e-4fcb-890e-68c77e2fb44e) >> +; >> + >> +TIMES (32 - (sevEsResetBlockEnd - sevEsResetBlockStart)) DB 0 >> + >> +sevEsResetBlockStart: >> + DD SEV_ES_RESET_IP >> + DW sevEsResetBlockEnd - sevEsResetBlockStart >> + DB 0xDE, 0x71, 0xF7, 0x00, 0x7E, 0x1A, 0xCB, 0x4F >> + DB 0x89, 0x0E, 0x68, 0xC7, 0x7E, 0x2F, 0xB4, 0x4E >> +sevEsResetBlockEnd: >> + >> +ALIGN 16 >> + >> +applicationProcessorEntryPoint: >> +; >> +; Application Processors entry point >> +; >> +; GenFv generates code aligned on a 4k boundary which will jump to this >> +; location. (0xffffffe0) This allows the Local APIC Startup IPI to be >> +; used to wake up the application processors. >> +; >> + jmp EarlyApInitReal16 >> + >> +ALIGN 8 >> + >> + DD 0 >> + >> +; >> +; The VTF signature >> +; >> +; VTF-0 means that the VTF (Volume Top File) code does not require >> +; any fixups. >> +; >> +vtfSignature: >> + DB 'V', 'T', 'F', 0 >> + >> +ALIGN 16 >> + >> +resetVector: >> +; >> +; Reset Vector >> +; >> +; This is where the processor will begin execution >> +; >> + nop >> + nop >> + jmp EarlyBspInitReal16 >> + >> +ALIGN 16 >> + >> +fourGigabytes: >> + >> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb >> index 708bbda6208f..2bf14681099e 100644 >> --- a/OvmfPkg/ResetVector/ResetVector.nasmb >> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb >> @@ -81,5 +81,6 @@ >> >> %include "Main.asm" >> >> + %define SEV_ES_RESET_IP FixedPcdGet32 (PcdSevEsResetRipBase) >> %include "Ia16/ResetVectorVtf0.asm" >> >> >