Date 1 - 1 of 1
TianoCore Community Design Meeting Minutes - Dec 13
1. Extending secure encrypted virtualization with SEV-ES (AMD)
Presenter: Tom Lendacky
What's SEV (page #3~#5)
SEV = Secure Encrypted Virtualization. A way of encryption of guest memory.
Number of keys is increased from 15 to several hundred in latest silicon.
Enabled in EDKII in 2018
What's SEV-ES (page #6~)
SEV-ES = Secure Encrypted Virtualization - Encrypted State. A way of encryption of guest register state.
GHCB (Guest-Hypervisor Communication Block) is used for register sharing between hypervisor and guest.
VMEXIT types consist of Automatic Exit (AE) + Non-Automatic Exit (NAE).
NAE generates an exception #VC (VMM Communication Exception, vector # = 29)
#VC handler shares the registers in GHCB and uses VMGEXIT to enter to hypervisor.
#VC handler updates the register state when hypervisor returns.
Page #11 shows a picture about how GHCB is setup and SEV-ES works through GHCB.
@Mike: Is there any runtime (in OS) impact?
@Tom: Probably no. Will think more about that.
@Mike: Does this SEV-ES work in firmware all phases: SEC/PEI/DXE/SMM?
@Tom: No support in SMM now. OVMF with SMM disabled.
@Ray: What will happen if SMI in VM invokes CPUID/MSR/MMIO access?
@Tom: No boot (hang) for such case.
@Nate: What will happen if ring0 fires SMI through port IO B2?
@Tom: Initialization of SMM environment will fail. Cannot go that far.
@Jiewen: How is #VC exception handler implemented?
@Tom: #VC handler is setup only when SEV-ES is detected and enabled in HW.
@Nate: Is #VC handler needed in SEC?
@Tom: Yes. Lots of port IO operations (caused by DEBUG macro) in SEC trigger lots of #VC.
@Jiewen: That means #VC handler cannot print debug message. Otherwise recursive #VC will happen.
@Jiewen: So, SEC needs the communication buffer (GHCB) setup very early?
@Tom: GHCB setup needs invoking CPUID. So, there is a side-channel CPUID protocol for SEV-ES that can be used for setup phase.
@Mike: Does this feature work in 64PEI?
@Tom: Yes. This feature works only in 64bit mode because the extra bits are provided by 64bit page table. Each AP has its own GHCB so lots of memory is needed for many-thread platform.
@Tom: The patches in open source mailing list consists of several parts: OVMF platform change, CpuExceptionLib change for #VC handler and MpInitLib change for waking up AP when SEV-ES is enabled. Is trying to alter the patches to avoid changing CPU_ARCH protocol or submit PI spec ECR for the CPU_ARCH protocol change.
@Mike: Community review will focus more on content landing part.
@Nate: Require having information in source files regarding which public documents/specs the code is referring to.
@Ray: Such information can be in the file header.
@Ray: The CpuExceptionLib change looks good to me. Will review the MpInitLib change in detail and may come to Tom for further questions.
|1 - 1 of 1|