Date   

[PATCH v8 09/32] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled()

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Create a function that can be used to determine if VM is running as an
SEV-SNP guest.

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Acked-by: Jiewen Yao <Jiewen.yao@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++++++++
.../DxeMemEncryptSevLibInternal.c | 27 +++++++++++++++++++
.../PeiMemEncryptSevLibInternal.c | 27 +++++++++++++++++++
.../SecMemEncryptSevLibInternal.c | 19 +++++++++++++
4 files changed, 85 insertions(+)

diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index adc490e466ec..796de62ec2f8 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -47,6 +47,18 @@ typedef enum {
MemEncryptSevAddressRangeError,
} MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;

+/**
+ Returns a boolean to indicate whether SEV-SNP is enabled
+
+ @retval TRUE SEV-SNP is enabled
+ @retval FALSE SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+ VOID
+ );
+
/**
Returns a boolean to indicate whether SEV-ES is enabled.

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
index 2816f859a0c4..057129723824 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
@@ -19,6 +19,7 @@

STATIC BOOLEAN mSevStatus = FALSE;
STATIC BOOLEAN mSevEsStatus = FALSE;
+STATIC BOOLEAN mSevSnpStatus = FALSE;
STATIC BOOLEAN mSevStatusChecked = FALSE;

STATIC UINT64 mSevEncryptionMask = 0;
@@ -82,11 +83,37 @@ InternalMemEncryptSevStatus (
if (Msr.Bits.SevEsBit) {
mSevEsStatus = TRUE;
}
+
+ //
+ // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+ //
+ if (Msr.Bits.SevSnpBit) {
+ mSevSnpStatus = TRUE;
+ }
}

mSevStatusChecked = TRUE;
}

+/**
+ Returns a boolean to indicate whether SEV-SNP is enabled.
+
+ @retval TRUE SEV-SNP is enabled
+ @retval FALSE SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+ VOID
+ )
+{
+ if (!mSevStatusChecked) {
+ InternalMemEncryptSevStatus ();
+ }
+
+ return mSevSnpStatus;
+}
+
/**
Returns a boolean to indicate whether SEV-ES is enabled.

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index e2fd109d120f..b561f211f577 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -19,6 +19,7 @@

STATIC BOOLEAN mSevStatus = FALSE;
STATIC BOOLEAN mSevEsStatus = FALSE;
+STATIC BOOLEAN mSevSnpStatus = FALSE;
STATIC BOOLEAN mSevStatusChecked = FALSE;

STATIC UINT64 mSevEncryptionMask = 0;
@@ -82,11 +83,37 @@ InternalMemEncryptSevStatus (
if (Msr.Bits.SevEsBit) {
mSevEsStatus = TRUE;
}
+
+ //
+ // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+ //
+ if (Msr.Bits.SevSnpBit) {
+ mSevSnpStatus = TRUE;
+ }
}

mSevStatusChecked = TRUE;
}

+/**
+ Returns a boolean to indicate whether SEV-SNP is enabled.
+
+ @retval TRUE SEV-SNP is enabled
+ @retval FALSE SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+ VOID
+ )
+{
+ if (!mSevStatusChecked) {
+ InternalMemEncryptSevStatus ();
+ }
+
+ return mSevSnpStatus;
+}
+
/**
Returns a boolean to indicate whether SEV-ES is enabled.

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
index 56d8f3f3183f..69852779e2ff 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
@@ -62,6 +62,25 @@ InternalMemEncryptSevStatus (
return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0;
}

+/**
+ Returns a boolean to indicate whether SEV-SNP is enabled.
+
+ @retval TRUE SEV-SNP is enabled
+ @retval FALSE SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+ VOID
+ )
+{
+ MSR_SEV_STATUS_REGISTER Msr;
+
+ Msr.Uint32 = InternalMemEncryptSevStatus ();
+
+ return Msr.Bits.SevSnpBit ? TRUE : FALSE;
+}
+
/**
Returns a boolean to indicate whether SEV-ES is enabled.

--
2.25.1


[PATCH v8 08/32] OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values

Brijesh Singh
 

From: Michael Roth <michael.roth@...>

CPUID instructions are issued during early boot to do things like probe
for SEV support. Currently these are handled by a minimal #VC handler
that uses the MSR-based GHCB protocol to fetch the CPUID values from
the hypervisor. When SEV-SNP is enabled, use the firmware-validated
CPUID values from the CPUID page instead [1].

[1]: SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Acked-by: Jiewen Yao <Jiewen.yao@...>
Signed-off-by: Michael Roth <michael.roth@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 80 +++++++++++++++++++++++++++--
1 file changed, 75 insertions(+), 5 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 48d9178168b0..1f827da3b929 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -34,6 +34,18 @@ BITS 32
%define GHCB_CPUID_REGISTER_SHIFT 30
%define CPUID_INSN_LEN 2

+; #VC handler offsets/sizes for accessing SNP CPUID page
+;
+%define SNP_CPUID_ENTRY_SZ 48
+%define SNP_CPUID_COUNT 0
+%define SNP_CPUID_ENTRY 16
+%define SNP_CPUID_ENTRY_EAX_IN 0
+%define SNP_CPUID_ENTRY_ECX_IN 4
+%define SNP_CPUID_ENTRY_EAX 24
+%define SNP_CPUID_ENTRY_EBX 28
+%define SNP_CPUID_ENTRY_ECX 32
+%define SNP_CPUID_ENTRY_EDX 36
+

%define SEV_GHCB_MSR 0xc0010130
%define SEV_STATUS_MSR 0xc0010131
@@ -335,11 +347,61 @@ SevEsIdtNotCpuid:
TerminateVmgExit TERM_VC_NOT_CPUID
iret

- ;
- ; Total stack usage for the #VC handler is 44 bytes:
- ; - 12 bytes for the exception IRET (after popping error code)
- ; - 32 bytes for the local variables.
- ;
+; Use the SNP CPUID page to handle the cpuid lookup
+;
+; Modified: EAX, EBX, ECX, EDX
+;
+; Relies on the stack setup/usage in #VC handler:
+;
+; On entry,
+; [esp + VC_CPUID_FUNCTION] contains EAX input to cpuid instruction
+;
+; On return, stores corresponding results of CPUID lookup in:
+; [esp + VC_CPUID_RESULT_EAX]
+; [esp + VC_CPUID_RESULT_EBX]
+; [esp + VC_CPUID_RESULT_ECX]
+; [esp + VC_CPUID_RESULT_EDX]
+;
+SnpCpuidLookup:
+ mov eax, [esp + VC_CPUID_FUNCTION]
+ mov ebx, [CPUID_BASE + SNP_CPUID_COUNT]
+ mov ecx, CPUID_BASE + SNP_CPUID_ENTRY
+ ; Zero these out now so we can simply return if lookup fails
+ mov dword[esp + VC_CPUID_RESULT_EAX], 0
+ mov dword[esp + VC_CPUID_RESULT_EBX], 0
+ mov dword[esp + VC_CPUID_RESULT_ECX], 0
+ mov dword[esp + VC_CPUID_RESULT_EDX], 0
+
+SnpCpuidCheckEntry:
+ cmp ebx, 0
+ je VmmDoneSnpCpuid
+ cmp dword[ecx + SNP_CPUID_ENTRY_EAX_IN], eax
+ jne SnpCpuidCheckEntryNext
+ ; As with SEV-ES handler we assume requested CPUID sub-leaf/index is 0
+ cmp dword[ecx + SNP_CPUID_ENTRY_ECX_IN], 0
+ je SnpCpuidEntryFound
+
+SnpCpuidCheckEntryNext:
+ dec ebx
+ add ecx, SNP_CPUID_ENTRY_SZ
+ jmp SnpCpuidCheckEntry
+
+SnpCpuidEntryFound:
+ mov eax, [ecx + SNP_CPUID_ENTRY_EAX]
+ mov [esp + VC_CPUID_RESULT_EAX], eax
+ mov eax, [ecx + SNP_CPUID_ENTRY_EBX]
+ mov [esp + VC_CPUID_RESULT_EBX], eax
+ mov eax, [ecx + SNP_CPUID_ENTRY_EDX]
+ mov [esp + VC_CPUID_RESULT_ECX], eax
+ mov eax, [ecx + SNP_CPUID_ENTRY_ECX]
+ mov [esp + VC_CPUID_RESULT_EDX], eax
+ jmp VmmDoneSnpCpuid
+
+;
+; Total stack usage for the #VC handler is 44 bytes:
+; - 12 bytes for the exception IRET (after popping error code)
+; - 32 bytes for the local variables.
+;
SevEsIdtVmmComm:
;
; If we're here, then we are an SEV-ES guest and this
@@ -367,6 +429,13 @@ SevEsIdtVmmComm:
; Save the CPUID function being requested
mov [esp + VC_CPUID_FUNCTION], eax

+ ; If SEV-SNP is enabled, use the CPUID page to handle the CPUID
+ ; instruction.
+ mov ecx, SEV_STATUS_MSR
+ rdmsr
+ bt eax, 2
+ jc SnpCpuidLookup
+
; The GHCB CPUID protocol uses the following mapping to request
; a specific register:
; 0 => EAX, 1 => EBX, 2 => ECX, 3 => EDX
@@ -424,6 +493,7 @@ VmmDone:
mov ecx, SEV_GHCB_MSR
wrmsr

+VmmDoneSnpCpuid:
mov eax, [esp + VC_CPUID_RESULT_EAX]
mov ebx, [esp + VC_CPUID_RESULT_EBX]
mov ecx, [esp + VC_CPUID_RESULT_ECX]
--
2.25.1


[PATCH v8 07/32] OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
must be validated before being accessed.

The validation process consist of the following sequence:

1) Set the memory encryption attribute in the page table (aka C-bit).
Note: If the processor is in non-PAE mode, then all the memory accesses
are considered private.
2) Add the memory range as private in the RMP table. This can be performed
using the Page State Change VMGEXIT defined in the GHCB specification.
3) Use the PVALIDATE instruction to set the Validated Bit in the RMP table.

During the guest creation time, the VMM encrypts the OVMF_CODE.fd using
the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In addition to
encrypting the content, the command also validates the memory region.
This allows us to execute the code without going through the validation
sequence.

During execution, the reset vector need to access some data pages
(such as page tables, SevESWorkarea, Sec stack). The data pages are
accessed as private memory. The data pages are not part of the
OVMF_CODE.fd, so they were not validated during the guest creation.

There are two approaches we can take to validate the data pages before
the access:

a) Enhance the OVMF reset vector code to validate the pages as described
above (go through step 2 - 3).
OR
b) Validate the pages during the guest creation time. The SEV firmware
provides a command which can be used by the VMM to validate the pages
without affecting the measurement of the launch.

Approach #b seems much simpler; it does not require any changes to the
OVMF reset vector code.

Update the OVMF metadata with the list of regions that must be
pre-validated by the VMM before the boot.

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/ResetVector/ResetVector.inf | 7 +++
OvmfPkg/ResetVector/ResetVector.nasmb | 29 +++++++++++++
OvmfPkg/ResetVector/X64/OvmfMetadata.asm | 54 ++++++++++++++++++++++++
3 files changed, 90 insertions(+)

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index 4cb81a3233f0..af3cf610a2cd 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -37,6 +37,8 @@ [Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
@@ -44,6 +46,11 @@ [Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
+ gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress
+ gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize

[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 84cb5ae81b66..dc4dde2ff9d2 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -70,6 +70,7 @@
%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))

%define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase))
+ %define GHCB_PT_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbPageTableSize))
%define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase))
%define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize))
%define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase))
@@ -81,6 +82,34 @@
%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
%define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase))
%define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize))
+ %define SEC_PAGE_TABLE_BASE (FixedPcdGet32 (PcdOvmfSecPageTablesBase))
+ %define SEC_PAGE_TABLE_SIZE (FixedPcdGet32 (PcdOvmfSecPageTablesSize))
+ %define LOCK_BOX_STORAGE_BASE (FixedPcdGet32 (PcdOvmfLockBoxStorageBase))
+ %define LOCK_BOX_STORAGE_SIZE (FixedPcdGet32 (PcdOvmfLockBoxStorageSize))
+ ;
+ ; The PcdGuidedExtractHandlerTableAddress is a 64-bit PCD. The FixedPcdGet64() returns
+ ; a number suffix with 'ULL' (e.g 0x1111ULL). NASM does not like the constant ending
+ ; with anything other than 'h'. So, instead of using the FixedPcdGet64(), calculate
+ ; the base address of GuidedExtractHandlerTableBase
+ ;
+ %define GUID_EXTRACT_HANDLER_TABLE_BASE (LOCK_BOX_STORAGE_BASE + LOCK_BOX_STORAGE_SIZE)
+ %define GUID_EXTRACT_HANDLER_TABLE_SIZE (FixedPcdGet32 (PcdGuidedExtractHandlerTableSize))
+ %define WORK_AREA_BASE (FixedPcdGet32 (PcdOvmfWorkAreaBase))
+ %define WORK_AREA_SIZE (FixedPcdGet32 (PcdOvmfWorkAreaSize))
+ %define SEC_PEI_TEMP_RAM_BASE (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase))
+ %define SEC_PEI_TEMP_RAM_SIZE (FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
+
+ ;
+ ; The PcdOvmfSecGhcbBase reserves two GHCB pages. The first page is used
+ ; as GHCB shared page and second is used for bookkeeping to support the
+ ; nested GHCB in SEC phase. The bookkeeping page is mapped private. The VMM
+ ; does not need to validate the shared page but it need to validate the
+ ; bookkeeping page
+ ;
+ %define GHCB_SEC_BACKUP_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBackupBase))
+ %define GHCB_SEC_BACKUP_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbBackupSize))
+ %define GHCB_BOOKKEEPING_BASE (GHCB_BASE + 0x1000)
+ %define GHCB_BOOKKEEPING_SIZE (GHCB_SIZE - 0x1000)

%include "Ia32/Flat32ToFlat64.asm"
%include "Ia32/AmdSev.asm"
diff --git a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
index 3f4b017104fc..8df170e8e649 100644
--- a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
+++ b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
@@ -35,6 +35,12 @@ BITS 64
; AMD SEV-SNP specific sections
%define OVMF_SECTION_TYPE_SNP_SECRETS 0x200

+; The section must be validated by the VMM before the boot.
+; The section is used for the GHCB memory. The GHCB memory is used as mailbox
+; in the TDX guest. This special section is similar to the
+; OVMF_SECTION_TYPE_SEC_MEM but its applicable for the SEV guest only.
+%define OVMF_SECTION_TYPE_SNP_SEC_MEM 0x201
+
ALIGN 16

TIMES (15 - ((OvmfGuidedStructureEnd - OvmfGuidedStructureStart + 15) % 16)) DB 0
@@ -53,6 +59,48 @@ _Descriptor:
DD OVMF_METADATA_VERSION ; Version
DD (OvmfGuidedStructureEnd - _Descriptor - 16) / 12 ; Number of sections

+; Page table used during SEC
+SecPageTable:
+ DD SEC_PAGE_TABLE_BASE
+ DD SEC_PAGE_TABLE_SIZE
+ DD OVMF_SECTION_TYPE_SEC_MEM
+
+; Lockbox storage
+LockBoxStorage:
+ DD LOCK_BOX_STORAGE_BASE
+ DD LOCK_BOX_STORAGE_SIZE
+ DD OVMF_SECTION_TYPE_SEC_MEM
+
+; Guided Extract Handler Table
+ExtractHandlerTable:
+ DD GUID_EXTRACT_HANDLER_TABLE_BASE
+ DD GUID_EXTRACT_HANDLER_TABLE_SIZE
+ DD OVMF_SECTION_TYPE_SEC_MEM
+
+; GHCB page table
+GhcbPageTable:
+ DD GHCB_PT_ADDR
+ DD GHCB_PT_SIZE
+ DD OVMF_SECTION_TYPE_SNP_SEC_MEM
+
+; GHCB bookkeeping page used in SEC phase
+GhcbBookkeeping:
+ DD GHCB_BOOKKEEPING_BASE
+ DD GHCB_BOOKKEEPING_SIZE
+ DD OVMF_SECTION_TYPE_SNP_SEC_MEM
+
+; Confidential computing work area
+WorkArea:
+ DD WORK_AREA_BASE
+ DD WORK_AREA_SIZE
+ DD OVMF_SECTION_TYPE_SEC_MEM
+
+; GHCB backup page used in SEC
+GhcbBackup:
+ DD GHCB_SEC_BACKUP_BASE
+ DD GHCB_SEC_BACKUP_SIZE
+ DD OVMF_SECTION_TYPE_SNP_SEC_MEM
+
; SEV-SNP Secrets page
SevSnpSecrets:
DD SEV_SNP_SECRETS_BASE
@@ -65,5 +113,11 @@ CpuidSec:
DD CPUID_SIZE
DD OVMF_SECTION_TYPE_CPUID

+; Temporary RAM used in SEC phase
+SecPeiTempRam:
+ DD SEC_PEI_TEMP_RAM_BASE
+ DD SEC_PEI_TEMP_RAM_SIZE
+ DD OVMF_SECTION_TYPE_SEC_MEM
+
OvmfGuidedStructureEnd:
ALIGN 16
--
2.25.1


[PATCH v8 06/32] OvmfPkg: reserve CPUID page

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.

Add a new section in Ovmf metadata structure so that hypervisor can
locate and populate the CPUID values before the boot.

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Acked-by: Jiewen Yao <Jiewen.yao@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/OvmfPkg.dec | 7 +++++++
OvmfPkg/OvmfPkgX64.fdf | 3 +++
OvmfPkg/ResetVector/ResetVector.inf | 2 ++
OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++
OvmfPkg/ResetVector/X64/OvmfMetadata.asm | 15 +++++++++++++++
5 files changed, 29 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6266fdef6054..efa0de6d0600 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -347,6 +347,13 @@ [PcdsFixedAtBuild]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x52
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x53

+ ## The base address and size of a CPUID Area that contains the hypervisor
+ # provided CPUID results. In the case of SEV-SNP, the CPUID results are
+ # filtered by the SEV-SNP firmware. If this is set in the .fdf, the
+ # platform is responsible to reserve this area from DXE phase overwrites.
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|0|UINT32|0x54
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize|0|UINT32|0x55
+
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 5b871db20ab2..b38c123b8341 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -91,6 +91,9 @@ [FD.MEMFD]
0x00D000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize

+0x00E000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
+
0x010000|0x010000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index 09454d0797e6..4cb81a3233f0 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -46,6 +46,8 @@ [Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase

[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index f7d09acd33ed..84cb5ae81b66 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -79,6 +79,8 @@
%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
%define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase))
%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
+ %define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase))
+ %define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize))

%include "Ia32/Flat32ToFlat64.asm"
%include "Ia32/AmdSev.asm"
diff --git a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
index bb348e1c6a79..3f4b017104fc 100644
--- a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
+++ b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
@@ -23,6 +23,15 @@ BITS 64
; The section must be accepted or validated by the VMM before the boot
%define OVMF_SECTION_TYPE_SEC_MEM 0x102

+;
+; The section contains the hypervisor pre-populated CPUID values.
+; In the case of SEV-SNP, the CPUID values are filtered and measured by
+; the SEV-SNP firmware.
+; The CPUID format is documented in SEV-SNP firmware spec 0.9 section 7.1
+; (CPUID function structure).
+;
+%define OVMF_SECTION_TYPE_CPUID 0x103
+
; AMD SEV-SNP specific sections
%define OVMF_SECTION_TYPE_SNP_SECRETS 0x200

@@ -50,5 +59,11 @@ SevSnpSecrets:
DD SEV_SNP_SECRETS_SIZE
DD OVMF_SECTION_TYPE_SNP_SECRETS

+; CPUID values
+CpuidSec:
+ DD CPUID_BASE
+ DD CPUID_SIZE
+ DD OVMF_SECTION_TYPE_CPUID
+
OvmfGuidedStructureEnd:
ALIGN 16
--
2.25.1


[PATCH v8 05/32] OvmfPkg: reserve SNP secrets page

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to the PSP.

The purpose of the secrets page in the SEV-SNP is different from the one
used in SEV guests. In SEV, the secrets page contains the guest owner's
private data after the remote attestation.

Add a new section for the secrets page in the OVMF metadata structure so
that hypervisor can locate it.

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Acked-by: Jiewen Yao <Jiewen.yao@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/OvmfPkg.dec | 6 ++++++
OvmfPkg/OvmfPkgX64.fdf | 3 +++
OvmfPkg/ResetVector/ResetVector.inf | 2 ++
OvmfPkg/ResetVector/ResetVector.nasmb | 3 +++
OvmfPkg/ResetVector/X64/OvmfMetadata.asm | 9 +++++++++
5 files changed, 23 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index c37dafad49bb..6266fdef6054 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -340,6 +340,12 @@ [PcdsFixedAtBuild]
# header definition.
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|0|UINT32|0x51

+ ## The base address and size of the SEV-SNP Secrets Area that contains
+ # the VM platform communication key used to send and recieve the
+ # messages to the PSP. If this is set in the .fdf, the platform
+ # is responsible to reserve this area from DXE phase overwrites.
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x52
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x53

[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 23936242e74a..5b871db20ab2 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -88,6 +88,9 @@ [FD.MEMFD]
0x00C000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize

+0x00D000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+
0x010000|0x010000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index a2520dde5508..09454d0797e6 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -50,3 +50,5 @@ [FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase
gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index bc61b1d05a24..f7d09acd33ed 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -77,6 +77,9 @@
%define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8)
%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16)
%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
+ %define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase))
+ %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
+
%include "Ia32/Flat32ToFlat64.asm"
%include "Ia32/AmdSev.asm"
%include "Ia32/PageTables64.asm"
diff --git a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
index a1260a1ed029..bb348e1c6a79 100644
--- a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
+++ b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
@@ -23,6 +23,9 @@ BITS 64
; The section must be accepted or validated by the VMM before the boot
%define OVMF_SECTION_TYPE_SEC_MEM 0x102

+; AMD SEV-SNP specific sections
+%define OVMF_SECTION_TYPE_SNP_SECRETS 0x200
+
ALIGN 16

TIMES (15 - ((OvmfGuidedStructureEnd - OvmfGuidedStructureStart + 15) % 16)) DB 0
@@ -41,5 +44,11 @@ _Descriptor:
DD OVMF_METADATA_VERSION ; Version
DD (OvmfGuidedStructureEnd - _Descriptor - 16) / 12 ; Number of sections

+; SEV-SNP Secrets page
+SevSnpSecrets:
+ DD SEV_SNP_SECRETS_BASE
+ DD SEV_SNP_SECRETS_SIZE
+ DD OVMF_SECTION_TYPE_SNP_SECRETS
+
OvmfGuidedStructureEnd:
ALIGN 16
--
2.25.1


[PATCH v8 04/32] OvmfPkg/ResetVector: introduce metadata descriptor for VMM use

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The OvmfPkgX86 build reserves memory regions in MEMFD. The memory regions
get accessed in the SEC phase. Both Intel TDX and AMD SEV-SNP require
that the guest's private memory be accepted or validated before access.

Introduce a Guided metadata structure that describes the reserved memory
regions. The VMM can locate the metadata structure by iterating through
the reset vector guid and process the areas based on the platform
specific requirements.

Min Xu introduced the metadata structure conceptin the TDX patch
series [1].

[1] https://www.mail-archive.com/devel@edk2.groups.io/msg33605.html

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Suggested-by: Gerd Hoffmann <kraxel@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 17 ++++++++
OvmfPkg/ResetVector/ResetVector.nasmb | 1 +
OvmfPkg/ResetVector/X64/OvmfMetadata.asm | 45 ++++++++++++++++++++
3 files changed, 63 insertions(+)
create mode 100644 OvmfPkg/ResetVector/X64/OvmfMetadata.asm

diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
index 7ec3c6e980c3..f0e509d0672e 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -47,6 +47,23 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + 15) % 16)) DB 0
;
guidedStructureStart:

+%ifdef ARCH_X64
+;
+; OVMF metadata descriptor for the TDX and SEV-SNP
+;
+; Provide the start offset of the metadata blob within the OVMF binary.
+
+; GUID : e47a6535-984a-4798-865e-4685a7bf8ec2
+;
+OvmfMetadataOffsetStart:
+ DD (fourGigabytes - OvmfMetadataGuid - 16)
+ DW OvmfMetadataOffsetEnd - OvmfMetadataOffsetStart
+ DB 0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47
+ DB 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2
+OvmfMetadataOffsetEnd:
+
+%endif
+
; SEV Hash Table Block
;
; This describes the guest ram area where the hypervisor should
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index d1d800c56745..bc61b1d05a24 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -80,6 +80,7 @@
%include "Ia32/Flat32ToFlat64.asm"
%include "Ia32/AmdSev.asm"
%include "Ia32/PageTables64.asm"
+%include "X64/OvmfMetadata.asm"
%endif

%include "Ia16/Real16ToFlat32.asm"
diff --git a/OvmfPkg/ResetVector/X64/OvmfMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
new file mode 100644
index 000000000000..a1260a1ed029
--- /dev/null
+++ b/OvmfPkg/ResetVector/X64/OvmfMetadata.asm
@@ -0,0 +1,45 @@
+;-----------------------------------------------------------------------------
+; @file
+; OVMF metadata for the confidential computing guests (TDX and SEV-SNP)
+;
+; Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2021, AMD Inc. All rights reserved.<BR>
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;-----------------------------------------------------------------------------
+
+BITS 64
+
+%define OVMF_METADATA_VERSION 1
+
+%define OVMF_SECTION_TYPE_UNDEFINED 0
+
+;The section contains the code
+%define OVMF_SECTION_TYPE_CODE 0x100
+
+; The section contains the varaibles
+%define OVMF_SECTION_TYPE_VARS 0x101
+
+; The section must be accepted or validated by the VMM before the boot
+%define OVMF_SECTION_TYPE_SEC_MEM 0x102
+
+ALIGN 16
+
+TIMES (15 - ((OvmfGuidedStructureEnd - OvmfGuidedStructureStart + 15) % 16)) DB 0
+
+OvmfGuidedStructureStart:
+;
+; Ovmf metadata descriptor
+;
+OvmfMetadataGuid:
+ DB 0xf3, 0xf9, 0xea, 0xe9, 0x8e, 0x16, 0xd5, 0x44
+ DB 0xa8, 0xeb, 0x7f, 0x4d, 0x87, 0x38, 0xf6, 0xae
+
+_Descriptor:
+ DB 'O','V','M','F' ; Signature
+ DD OvmfGuidedStructureEnd - _Descriptor ; Length
+ DD OVMF_METADATA_VERSION ; Version
+ DD (OvmfGuidedStructureEnd - _Descriptor - 16) / 12 ; Number of sections
+
+OvmfGuidedStructureEnd:
+ ALIGN 16
--
2.25.1


[PATCH v8 03/32] OvmfPkg/ResetVector: move clearing GHCB in SecMain

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

In preparation for SEV-SNP support move clearing of the GHCB memory from
the ResetVector/AmdSev.asm to SecMain/AmdSev.c. The GHCB page is not
accessed until SevEsProtocolCheck() switch to full GHCB. So, the move
does not make any changes in the code flow or logic. The move will
simplify the SEV-SNP support.

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/Sec/AmdSev.c | 2 +-
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 6 ------
2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/OvmfPkg/Sec/AmdSev.c b/OvmfPkg/Sec/AmdSev.c
index 3b4adaae32c7..7f74e8bfe88e 100644
--- a/OvmfPkg/Sec/AmdSev.c
+++ b/OvmfPkg/Sec/AmdSev.c
@@ -95,7 +95,7 @@ SevEsProtocolCheck (
AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);

Ghcb = Msr.Ghcb;
- SetMem (Ghcb, sizeof (*Ghcb), 0);
+ SetMem (Ghcb, FixedPcdGet32 (PcdOvmfSecGhcbSize), 0);

//
// Set the version to the maximum that can be supported
diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 250ac8d8b180..48d9178168b0 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -177,12 +177,6 @@ pageTableEntries4kLoop:
mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12
mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0

- mov ecx, GHCB_SIZE / 4
- xor eax, eax
-clearGhcbMemoryLoop:
- mov dword[ecx * 4 + GHCB_BASE - 4], eax
- loop clearGhcbMemoryLoop
-
SevClearPageEncMaskForGhcbPageExit:
OneTimeCallRet SevClearPageEncMaskForGhcbPage

--
2.25.1


[PATCH v8 02/32] UefiCpuPkg/MpInitLib: move SEV specific routines in AmdSev.c

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Move all the SEV specific function in AmdSev.c.

No functional change intended.

Cc: Eric Dong <eric.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Rahul Kumar <rahul1.kumar@...>
Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Suggested-by: Jiewen Yao <Jiewen.yao@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 +
UefiCpuPkg/Library/MpInitLib/MpLib.h | 33 +++
UefiCpuPkg/Library/MpInitLib/AmdSev.c | 239 ++++++++++++++++++
UefiCpuPkg/Library/MpInitLib/MpLib.c | 218 +---------------
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm | 119 +++++++++
UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 100 ++------
7 files changed, 413 insertions(+), 298 deletions(-)
create mode 100644 UefiCpuPkg/Library/MpInitLib/AmdSev.c
create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index d34419c2a524..6e510aa89120 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -28,6 +28,7 @@ [Sources.X64]
X64/MpFuncs.nasm

[Sources.common]
+ AmdSev.c
MpEqu.inc
DxeMpLib.c
MpLib.c
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index 36fcb96b5852..2cbd9b8b8acc 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -28,6 +28,7 @@ [Sources.X64]
X64/MpFuncs.nasm

[Sources.common]
+ AmdSev.c
MpEqu.inc
PeiMpLib.c
MpLib.c
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index e88a5355c983..3d4446df8ce6 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -34,6 +34,9 @@
#include <Library/PcdLib.h>
#include <Library/MicrocodeLib.h>

+#include <Register/Amd/Fam17Msr.h>
+#include <Register/Amd/Ghcb.h>
+
#include <Guid/MicrocodePatchHob.h>

#define WAKEUP_AP_SIGNAL SIGNATURE_32 ('S', 'T', 'A', 'P')
@@ -741,5 +744,35 @@ PlatformShadowMicrocode (
IN OUT CPU_MP_DATA *CpuMpData
);

+/**
+ Allocate the SEV-ES AP jump table buffer.
+
+ @param[in, out] CpuMpData The pointer to CPU MP Data structure.
+**/
+VOID
+AllocateSevEsAPMemory (
+ IN OUT CPU_MP_DATA *CpuMpData
+ );
+
+/**
+ Program the SEV-ES AP jump table buffer.
+
+ @param[in] SipiVector The SIPI vector used for the AP Reset
+**/
+VOID
+SetSevEsJumpTable (
+ IN UINTN SipiVector
+ );
+
+/**
+ The function puts the AP in halt loop.
+
+ @param[in] CpuMpData The pointer to CPU MP Data structure.
+**/
+VOID
+SevEsPlaceApHlt (
+ CPU_MP_DATA *CpuMpData
+ );
+
#endif

diff --git a/UefiCpuPkg/Library/MpInitLib/AmdSev.c b/UefiCpuPkg/Library/MpInitLib/AmdSev.c
new file mode 100644
index 000000000000..7dbf117c2b71
--- /dev/null
+++ b/UefiCpuPkg/Library/MpInitLib/AmdSev.c
@@ -0,0 +1,239 @@
+/** @file
+ CPU MP Initialize helper function for AMD SEV.
+
+ Copyright (c) 2021, AMD Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "MpLib.h"
+#include <Library/VmgExitLib.h>
+
+/**
+ Get Protected mode code segment with 16-bit default addressing
+ from current GDT table.
+
+ @return Protected mode 16-bit code segment value.
+**/
+STATIC
+UINT16
+GetProtectedMode16CS (
+ VOID
+ )
+{
+ IA32_DESCRIPTOR GdtrDesc;
+ IA32_SEGMENT_DESCRIPTOR *GdtEntry;
+ UINTN GdtEntryCount;
+ UINT16 Index;
+
+ Index = (UINT16) -1;
+ AsmReadGdtr (&GdtrDesc);
+ GdtEntryCount = (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR);
+ GdtEntry = (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base;
+ for (Index = 0; Index < GdtEntryCount; Index++) {
+ if (GdtEntry->Bits.L == 0 &&
+ GdtEntry->Bits.DB == 0 &&
+ GdtEntry->Bits.Type > 8) {
+ break;
+ }
+ GdtEntry++;
+ }
+ ASSERT (Index != GdtEntryCount);
+ return Index * 8;
+}
+
+/**
+ Get Protected mode code segment with 32-bit default addressing
+ from current GDT table.
+
+ @return Protected mode 32-bit code segment value.
+**/
+STATIC
+UINT16
+GetProtectedMode32CS (
+ VOID
+ )
+{
+ IA32_DESCRIPTOR GdtrDesc;
+ IA32_SEGMENT_DESCRIPTOR *GdtEntry;
+ UINTN GdtEntryCount;
+ UINT16 Index;
+
+ Index = (UINT16) -1;
+ AsmReadGdtr (&GdtrDesc);
+ GdtEntryCount = (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR);
+ GdtEntry = (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base;
+ for (Index = 0; Index < GdtEntryCount; Index++) {
+ if (GdtEntry->Bits.L == 0 &&
+ GdtEntry->Bits.DB == 1 &&
+ GdtEntry->Bits.Type > 8) {
+ break;
+ }
+ GdtEntry++;
+ }
+ ASSERT (Index != GdtEntryCount);
+ return Index * 8;
+}
+
+/**
+ Reset an AP when in SEV-ES mode.
+
+ If successful, this function never returns.
+
+ @param[in] Ghcb Pointer to the GHCB
+ @param[in] CpuMpData Pointer to CPU MP Data
+
+**/
+VOID
+MpInitLibSevEsAPReset (
+ IN GHCB *Ghcb,
+ IN CPU_MP_DATA *CpuMpData
+ )
+{
+ EFI_STATUS Status;
+ UINTN ProcessorNumber;
+ UINT16 Code16, Code32;
+ AP_RESET *APResetFn;
+ UINTN BufferStart;
+ UINTN StackStart;
+
+ Status = GetProcessorNumber (CpuMpData, &ProcessorNumber);
+ ASSERT_EFI_ERROR (Status);
+
+ Code16 = GetProtectedMode16CS ();
+ Code32 = GetProtectedMode32CS ();
+
+ if (CpuMpData->WakeupBufferHigh != 0) {
+ APResetFn = (AP_RESET *) (CpuMpData->WakeupBufferHigh + CpuMpData->AddressMap.SwitchToRealNoNxOffset);
+ } else {
+ APResetFn = (AP_RESET *) (CpuMpData->MpCpuExchangeInfo->BufferStart + CpuMpData->AddressMap.SwitchToRealOffset);
+ }
+
+ BufferStart = CpuMpData->MpCpuExchangeInfo->BufferStart;
+ StackStart = CpuMpData->SevEsAPResetStackStart -
+ (AP_RESET_STACK_SIZE * ProcessorNumber);
+
+ //
+ // This call never returns.
+ //
+ APResetFn (BufferStart, Code16, Code32, StackStart);
+}
+
+/**
+ Allocate the SEV-ES AP jump table buffer.
+
+ @param[in, out] CpuMpData The pointer to CPU MP Data structure.
+**/
+VOID
+AllocateSevEsAPMemory (
+ IN OUT CPU_MP_DATA *CpuMpData
+ )
+{
+ if (CpuMpData->SevEsAPBuffer == (UINTN) -1) {
+ CpuMpData->SevEsAPBuffer =
+ CpuMpData->SevEsIsEnabled ? GetSevEsAPMemory () : 0;
+ }
+}
+
+/**
+ Program the SEV-ES AP jump table buffer.
+
+ @param[in] SipiVector The SIPI vector used for the AP Reset
+**/
+VOID
+SetSevEsJumpTable (
+ IN UINTN SipiVector
+ )
+{
+ SEV_ES_AP_JMP_FAR *JmpFar;
+ UINT32 Offset, InsnByte;
+ UINT8 LoNib, HiNib;
+
+ JmpFar = (SEV_ES_AP_JMP_FAR *) (UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+ ASSERT (JmpFar != NULL);
+
+ //
+ // Obtain the address of the Segment/Rip location in the workarea.
+ // This will be set to a value derived from the SIPI vector and will
+ // be the memory address used for the far jump below.
+ //
+ Offset = FixedPcdGet32 (PcdSevEsWorkAreaBase);
+ Offset += sizeof (JmpFar->InsnBuffer);
+ LoNib = (UINT8) Offset;
+ HiNib = (UINT8) (Offset >> 8);
+
+ //
+ // Program the workarea (which is the initial AP boot address) with
+ // far jump to the SIPI vector (where XX and YY represent the
+ // address of where the SIPI vector is stored.
+ //
+ // JMP FAR [CS:XXYY] => 2E FF 2E YY XX
+ //
+ InsnByte = 0;
+ JmpFar->InsnBuffer[InsnByte++] = 0x2E; // CS override prefix
+ JmpFar->InsnBuffer[InsnByte++] = 0xFF; // JMP (FAR)
+ JmpFar->InsnBuffer[InsnByte++] = 0x2E; // ModRM (JMP memory location)
+ JmpFar->InsnBuffer[InsnByte++] = LoNib; // YY offset ...
+ JmpFar->InsnBuffer[InsnByte++] = HiNib; // XX offset ...
+
+ //
+ // Program the Segment/Rip based on the SIPI vector (always at least
+ // 16-byte aligned, so Rip is set to 0).
+ //
+ JmpFar->Rip = 0;
+ JmpFar->Segment = (UINT16) (SipiVector >> 4);
+}
+
+/**
+ The function puts the AP in halt loop.
+
+ @param[in] CpuMpData The pointer to CPU MP Data structure.
+**/
+VOID
+SevEsPlaceApHlt (
+ CPU_MP_DATA *CpuMpData
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ GHCB *Ghcb;
+ UINT64 Status;
+ BOOLEAN DoDecrement;
+ BOOLEAN InterruptState;
+
+ DoDecrement = (BOOLEAN) (CpuMpData->InitFlag == ApInitConfig);
+
+ while (TRUE) {
+ Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+ Ghcb = Msr.Ghcb;
+
+ VmgInit (Ghcb, &InterruptState);
+
+ if (DoDecrement) {
+ DoDecrement = FALSE;
+
+ //
+ // Perform the delayed decrement just before issuing the first
+ // VMGEXIT with AP_RESET_HOLD.
+ //
+ InterlockedDecrement ((UINT32 *) &CpuMpData->MpCpuExchangeInfo->NumApsExecuting);
+ }
+
+ Status = VmgExit (Ghcb, SVM_EXIT_AP_RESET_HOLD, 0, 0);
+ if ((Status == 0) && (Ghcb->SaveArea.SwExitInfo2 != 0)) {
+ VmgDone (Ghcb, InterruptState);
+ break;
+ }
+
+ VmgDone (Ghcb, InterruptState);
+ }
+
+ //
+ // Awakened in a new phase? Use the new CpuMpData
+ //
+ if (CpuMpData->NewCpuMpData != NULL) {
+ CpuMpData = CpuMpData->NewCpuMpData;
+ }
+
+ MpInitLibSevEsAPReset (Ghcb, CpuMpData);
+}
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index b9a06747edbf..890945bc5994 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -596,117 +596,6 @@ InitializeApData (
SetApState (&CpuMpData->CpuData[ProcessorNumber], CpuStateIdle);
}

-/**
- Get Protected mode code segment with 16-bit default addressing
- from current GDT table.
-
- @return Protected mode 16-bit code segment value.
-**/
-STATIC
-UINT16
-GetProtectedMode16CS (
- VOID
- )
-{
- IA32_DESCRIPTOR GdtrDesc;
- IA32_SEGMENT_DESCRIPTOR *GdtEntry;
- UINTN GdtEntryCount;
- UINT16 Index;
-
- Index = (UINT16) -1;
- AsmReadGdtr (&GdtrDesc);
- GdtEntryCount = (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR);
- GdtEntry = (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base;
- for (Index = 0; Index < GdtEntryCount; Index++) {
- if (GdtEntry->Bits.L == 0 &&
- GdtEntry->Bits.DB == 0 &&
- GdtEntry->Bits.Type > 8) {
- break;
- }
- GdtEntry++;
- }
- ASSERT (Index != GdtEntryCount);
- return Index * 8;
-}
-
-/**
- Get Protected mode code segment with 32-bit default addressing
- from current GDT table.
-
- @return Protected mode 32-bit code segment value.
-**/
-STATIC
-UINT16
-GetProtectedMode32CS (
- VOID
- )
-{
- IA32_DESCRIPTOR GdtrDesc;
- IA32_SEGMENT_DESCRIPTOR *GdtEntry;
- UINTN GdtEntryCount;
- UINT16 Index;
-
- Index = (UINT16) -1;
- AsmReadGdtr (&GdtrDesc);
- GdtEntryCount = (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR);
- GdtEntry = (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base;
- for (Index = 0; Index < GdtEntryCount; Index++) {
- if (GdtEntry->Bits.L == 0 &&
- GdtEntry->Bits.DB == 1 &&
- GdtEntry->Bits.Type > 8) {
- break;
- }
- GdtEntry++;
- }
- ASSERT (Index != GdtEntryCount);
- return Index * 8;
-}
-
-/**
- Reset an AP when in SEV-ES mode.
-
- If successful, this function never returns.
-
- @param[in] Ghcb Pointer to the GHCB
- @param[in] CpuMpData Pointer to CPU MP Data
-
-**/
-STATIC
-VOID
-MpInitLibSevEsAPReset (
- IN GHCB *Ghcb,
- IN CPU_MP_DATA *CpuMpData
- )
-{
- EFI_STATUS Status;
- UINTN ProcessorNumber;
- UINT16 Code16, Code32;
- AP_RESET *APResetFn;
- UINTN BufferStart;
- UINTN StackStart;
-
- Status = GetProcessorNumber (CpuMpData, &ProcessorNumber);
- ASSERT_EFI_ERROR (Status);
-
- Code16 = GetProtectedMode16CS ();
- Code32 = GetProtectedMode32CS ();
-
- if (CpuMpData->WakeupBufferHigh != 0) {
- APResetFn = (AP_RESET *) (CpuMpData->WakeupBufferHigh + CpuMpData->AddressMap.SwitchToRealNoNxOffset);
- } else {
- APResetFn = (AP_RESET *) (CpuMpData->MpCpuExchangeInfo->BufferStart + CpuMpData->AddressMap.SwitchToRealOffset);
- }
-
- BufferStart = CpuMpData->MpCpuExchangeInfo->BufferStart;
- StackStart = CpuMpData->SevEsAPResetStackStart -
- (AP_RESET_STACK_SIZE * ProcessorNumber);
-
- //
- // This call never returns.
- //
- APResetFn (BufferStart, Code16, Code32, StackStart);
-}
-
/**
This function will be called from AP reset code if BSP uses WakeUpAP.

@@ -884,47 +773,7 @@ ApWakeupFunction (
while (TRUE) {
DisableInterrupts ();
if (CpuMpData->SevEsIsEnabled) {
- MSR_SEV_ES_GHCB_REGISTER Msr;
- GHCB *Ghcb;
- UINT64 Status;
- BOOLEAN DoDecrement;
- BOOLEAN InterruptState;
-
- DoDecrement = (BOOLEAN) (CpuMpData->InitFlag == ApInitConfig);
-
- while (TRUE) {
- Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
- Ghcb = Msr.Ghcb;
-
- VmgInit (Ghcb, &InterruptState);
-
- if (DoDecrement) {
- DoDecrement = FALSE;
-
- //
- // Perform the delayed decrement just before issuing the first
- // VMGEXIT with AP_RESET_HOLD.
- //
- InterlockedDecrement ((UINT32 *) &CpuMpData->MpCpuExchangeInfo->NumApsExecuting);
- }
-
- Status = VmgExit (Ghcb, SVM_EXIT_AP_RESET_HOLD, 0, 0);
- if ((Status == 0) && (Ghcb->SaveArea.SwExitInfo2 != 0)) {
- VmgDone (Ghcb, InterruptState);
- break;
- }
-
- VmgDone (Ghcb, InterruptState);
- }
-
- //
- // Awakened in a new phase? Use the new CpuMpData
- //
- if (CpuMpData->NewCpuMpData != NULL) {
- CpuMpData = CpuMpData->NewCpuMpData;
- }
-
- MpInitLibSevEsAPReset (Ghcb, CpuMpData);
+ SevEsPlaceApHlt (CpuMpData);
} else {
CpuSleep ();
}
@@ -1252,71 +1101,6 @@ FreeResetVector (
}
}

-/**
- Allocate the SEV-ES AP jump table buffer.
-
- @param[in, out] CpuMpData The pointer to CPU MP Data structure.
-**/
-VOID
-AllocateSevEsAPMemory (
- IN OUT CPU_MP_DATA *CpuMpData
- )
-{
- if (CpuMpData->SevEsAPBuffer == (UINTN) -1) {
- CpuMpData->SevEsAPBuffer =
- CpuMpData->SevEsIsEnabled ? GetSevEsAPMemory () : 0;
- }
-}
-
-/**
- Program the SEV-ES AP jump table buffer.
-
- @param[in] SipiVector The SIPI vector used for the AP Reset
-**/
-VOID
-SetSevEsJumpTable (
- IN UINTN SipiVector
- )
-{
- SEV_ES_AP_JMP_FAR *JmpFar;
- UINT32 Offset, InsnByte;
- UINT8 LoNib, HiNib;
-
- JmpFar = (SEV_ES_AP_JMP_FAR *) (UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase);
- ASSERT (JmpFar != NULL);
-
- //
- // Obtain the address of the Segment/Rip location in the workarea.
- // This will be set to a value derived from the SIPI vector and will
- // be the memory address used for the far jump below.
- //
- Offset = FixedPcdGet32 (PcdSevEsWorkAreaBase);
- Offset += sizeof (JmpFar->InsnBuffer);
- LoNib = (UINT8) Offset;
- HiNib = (UINT8) (Offset >> 8);
-
- //
- // Program the workarea (which is the initial AP boot address) with
- // far jump to the SIPI vector (where XX and YY represent the
- // address of where the SIPI vector is stored.
- //
- // JMP FAR [CS:XXYY] => 2E FF 2E YY XX
- //
- InsnByte = 0;
- JmpFar->InsnBuffer[InsnByte++] = 0x2E; // CS override prefix
- JmpFar->InsnBuffer[InsnByte++] = 0xFF; // JMP (FAR)
- JmpFar->InsnBuffer[InsnByte++] = 0x2E; // ModRM (JMP memory location)
- JmpFar->InsnBuffer[InsnByte++] = LoNib; // YY offset ...
- JmpFar->InsnBuffer[InsnByte++] = HiNib; // XX offset ...
-
- //
- // Program the Segment/Rip based on the SIPI vector (always at least
- // 16-byte aligned, so Rip is set to 0).
- //
- JmpFar->Rip = 0;
- JmpFar->Segment = (UINT16) (SipiVector >> 4);
-}
-
/**
This function will be called by BSP to wakeup AP.

diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm
new file mode 100644
index 000000000000..0ccafe25eca4
--- /dev/null
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm
@@ -0,0 +1,119 @@
+;------------------------------------------------------------------------------ ;
+; Copyright (c) 2021, AMD Inc. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+; AmdSev.nasm
+;
+; Abstract:
+;
+; This provides helper used by the MpFunc.nasm. If AMD SEV-ES is active
+; then helpers perform the additional setups (such as GHCB).
+;
+;-------------------------------------------------------------------------------
+
+%define SIZE_4KB 0x1000
+
+;
+; The function checks whether SEV-ES is enabled, if enabled
+; then setup the GHCB page.
+;
+SevEsSetupGhcb:
+ lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)]
+ cmp byte [edi], 1 ; SevEsIsEnabled
+ jne SevEsSetupGhcbExit
+
+ ;
+ ; program GHCB
+ ; Each page after the GHCB is a per-CPU page, so the calculation programs
+ ; a GHCB to be every 8KB.
+ ;
+ mov eax, SIZE_4KB
+ shl eax, 1 ; EAX = SIZE_4K * 2
+ mov ecx, ebx
+ mul ecx ; EAX = SIZE_4K * 2 * CpuNumber
+ mov edi, esi
+ add edi, MP_CPU_EXCHANGE_INFO_FIELD (GhcbBase)
+ add rax, qword [edi]
+ mov rdx, rax
+ shr rdx, 32
+ mov rcx, 0xc0010130
+ wrmsr
+
+SevEsSetupGhcbExit:
+ OneTimeCallRet SevEsSetupGhcb
+
+;
+; The function checks whether SEV-ES is enabled, if enabled, use
+; the GHCB
+;
+SevEsGetApicId:
+ lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)]
+ cmp byte [edi], 1 ; SevEsIsEnabled
+ jne SevEsGetApicIdExit
+
+ ;
+ ; Since we don't have a stack yet, we can't take a #VC
+ ; exception. Use the GHCB protocol to perform the CPUID
+ ; calls.
+ ;
+ mov rcx, 0xc0010130
+ rdmsr
+ shl rdx, 32
+ or rax, rdx
+ mov rdi, rax ; RDI now holds the original GHCB GPA
+
+ mov rdx, 0 ; CPUID function 0
+ mov rax, 0 ; RAX register requested
+ or rax, 4
+ wrmsr
+ rep vmmcall
+ rdmsr
+ cmp edx, 0bh
+ jb NoX2ApicSevEs ; CPUID level below CPUID_EXTENDED_TOPOLOGY
+
+ mov rdx, 0bh ; CPUID function 0x0b
+ mov rax, 040000000h ; RBX register requested
+ or rax, 4
+ wrmsr
+ rep vmmcall
+ rdmsr
+ test edx, 0ffffh
+ jz NoX2ApicSevEs ; CPUID.0BH:EBX[15:0] is zero
+
+ mov rdx, 0bh ; CPUID function 0x0b
+ mov rax, 0c0000000h ; RDX register requested
+ or rax, 4
+ wrmsr
+ rep vmmcall
+ rdmsr
+
+ ; Processor is x2APIC capable; 32-bit x2APIC ID is now in EDX
+ jmp RestoreGhcb
+
+NoX2ApicSevEs:
+ ; Processor is not x2APIC capable, so get 8-bit APIC ID
+ mov rdx, 1 ; CPUID function 1
+ mov rax, 040000000h ; RBX register requested
+ or rax, 4
+ wrmsr
+ rep vmmcall
+ rdmsr
+ shr edx, 24
+
+RestoreGhcb:
+ mov rbx, rdx ; Save x2APIC/APIC ID
+
+ mov rdx, rdi ; RDI holds the saved GHCB GPA
+ shr rdx, 32
+ mov eax, edi
+ wrmsr
+
+ mov rdx, rbx
+
+ ; x2APIC ID or APIC ID is in EDX
+ jmp GetProcessorNumber
+
+SevEsGetApicIdExit:
+ OneTimeCallRet SevEsGetApicId
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
index 50df802d1fca..f7f2937fafad 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
@@ -15,6 +15,15 @@
%include "MpEqu.inc"
extern ASM_PFX(InitializeFloatingPointUnits)

+%macro OneTimeCall 1
+ jmp %1
+%1 %+ OneTimerCallReturn:
+%endmacro
+
+%macro OneTimeCallRet 1
+ jmp %1 %+ OneTimerCallReturn
+%endmacro
+
DEFAULT REL

SECTION .text
@@ -144,6 +153,12 @@ SkipEnable5LevelPaging:
jmp far [edi]

BITS 64
+
+;
+; Required for the AMD SEV helper functions
+;
+%include "AmdSev.nasm"
+
LongModeStart:
mov esi, ebx
lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (InitFlag)]
@@ -175,94 +190,17 @@ LongModeStart:
add rax, qword [edi]
mov rsp, rax

- lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)]
- cmp byte [edi], 1 ; SevEsIsEnabled
- jne CProcedureInvoke
-
;
- ; program GHCB
- ; Each page after the GHCB is a per-CPU page, so the calculation programs
- ; a GHCB to be every 8KB.
+ ; Setup the GHCB when AMD SEV-ES active.
;
- mov eax, SIZE_4KB
- shl eax, 1 ; EAX = SIZE_4K * 2
- mov ecx, ebx
- mul ecx ; EAX = SIZE_4K * 2 * CpuNumber
- mov edi, esi
- add edi, MP_CPU_EXCHANGE_INFO_FIELD (GhcbBase)
- add rax, qword [edi]
- mov rdx, rax
- shr rdx, 32
- mov rcx, 0xc0010130
- wrmsr
+ OneTimeCall SevEsSetupGhcb
jmp CProcedureInvoke

GetApicId:
- lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)]
- cmp byte [edi], 1 ; SevEsIsEnabled
- jne DoCpuid
-
;
- ; Since we don't have a stack yet, we can't take a #VC
- ; exception. Use the GHCB protocol to perform the CPUID
- ; calls.
+ ; Use the GHCB protocol to get the ApicId when SEV-ES is active.
;
- mov rcx, 0xc0010130
- rdmsr
- shl rdx, 32
- or rax, rdx
- mov rdi, rax ; RDI now holds the original GHCB GPA
-
- mov rdx, 0 ; CPUID function 0
- mov rax, 0 ; RAX register requested
- or rax, 4
- wrmsr
- rep vmmcall
- rdmsr
- cmp edx, 0bh
- jb NoX2ApicSevEs ; CPUID level below CPUID_EXTENDED_TOPOLOGY
-
- mov rdx, 0bh ; CPUID function 0x0b
- mov rax, 040000000h ; RBX register requested
- or rax, 4
- wrmsr
- rep vmmcall
- rdmsr
- test edx, 0ffffh
- jz NoX2ApicSevEs ; CPUID.0BH:EBX[15:0] is zero
-
- mov rdx, 0bh ; CPUID function 0x0b
- mov rax, 0c0000000h ; RDX register requested
- or rax, 4
- wrmsr
- rep vmmcall
- rdmsr
-
- ; Processor is x2APIC capable; 32-bit x2APIC ID is now in EDX
- jmp RestoreGhcb
-
-NoX2ApicSevEs:
- ; Processor is not x2APIC capable, so get 8-bit APIC ID
- mov rdx, 1 ; CPUID function 1
- mov rax, 040000000h ; RBX register requested
- or rax, 4
- wrmsr
- rep vmmcall
- rdmsr
- shr edx, 24
-
-RestoreGhcb:
- mov rbx, rdx ; Save x2APIC/APIC ID
-
- mov rdx, rdi ; RDI holds the saved GHCB GPA
- shr rdx, 32
- mov eax, edi
- wrmsr
-
- mov rdx, rbx
-
- ; x2APIC ID or APIC ID is in EDX
- jmp GetProcessorNumber
+ OneTimeCall SevEsGetApicId

DoCpuid:
mov eax, 0
--
2.25.1


[PATCH v8 01/32] OvmfPkg/SecMain: move SEV specific routines in AmdSev.c

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Move all the SEV specific function in AmdSev.c.

No functional change intended.

Cc: Michael Roth <michael.roth@...>
Cc: James Bottomley <jejb@...>
Cc: Min Xu <min.m.xu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: Gerd Hoffmann <kraxel@...>
Acked-by: Jiewen Yao <Jiewen.yao@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
---
OvmfPkg/Sec/SecMain.inf | 1 +
OvmfPkg/Sec/AmdSev.h | 72 ++++++++++++++++++
OvmfPkg/Sec/AmdSev.c | 161 ++++++++++++++++++++++++++++++++++++++++
OvmfPkg/Sec/SecMain.c | 153 +-------------------------------------
4 files changed, 236 insertions(+), 151 deletions(-)
create mode 100644 OvmfPkg/Sec/AmdSev.h
create mode 100644 OvmfPkg/Sec/AmdSev.c

diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index ea4b9611f52d..9523a8ea6c8f 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -23,6 +23,7 @@ [Defines]

[Sources]
SecMain.c
+ AmdSev.c

[Sources.IA32]
Ia32/SecEntry.nasm
diff --git a/OvmfPkg/Sec/AmdSev.h b/OvmfPkg/Sec/AmdSev.h
new file mode 100644
index 000000000000..adad96d23189
--- /dev/null
+++ b/OvmfPkg/Sec/AmdSev.h
@@ -0,0 +1,72 @@
+/** @file
+ File defines the Sec routines for the AMD SEV
+
+ Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _AMD_SEV_SEC_INTERNAL_H__
+#define _AMD_SEV_SEC_INTERNAL_H__
+
+/**
+ Handle an SEV-ES/GHCB protocol check failure.
+
+ Notify the hypervisor using the VMGEXIT instruction that the SEV-ES guest
+ wishes to be terminated.
+
+ @param[in] ReasonCode Reason code to provide to the hypervisor for the
+ termination request.
+
+**/
+VOID
+SevEsProtocolFailure (
+ IN UINT8 ReasonCode
+ );
+
+
+/**
+ Validate the SEV-ES/GHCB protocol level.
+
+ Verify that the level of SEV-ES/GHCB protocol supported by the hypervisor
+ and the guest intersect. If they don't intersect, request termination.
+
+**/
+VOID
+SevEsProtocolCheck (
+ VOID
+ );
+
+/**
+ Determine if the SEV is active.
+
+ During the early booting, GuestType is set in the work area. Verify that it
+ is an SEV guest.
+
+ @retval TRUE SEV is enabled
+ @retval FALSE SEV is not enabled
+
+**/
+BOOLEAN
+IsSevGuest (
+ VOID
+ );
+
+/**
+ Determine if SEV-ES is active.
+
+ During early booting, SEV-ES support code will set a flag to indicate that
+ SEV-ES is enabled. Return the value of this flag as an indicator that SEV-ES
+ is enabled.
+
+ @retval TRUE SEV-ES is enabled
+ @retval FALSE SEV-ES is not enabled
+
+**/
+BOOLEAN
+SevEsIsEnabled (
+ VOID
+ );
+
+#endif
diff --git a/OvmfPkg/Sec/AmdSev.c b/OvmfPkg/Sec/AmdSev.c
new file mode 100644
index 000000000000..3b4adaae32c7
--- /dev/null
+++ b/OvmfPkg/Sec/AmdSev.c
@@ -0,0 +1,161 @@
+/** @file
+ File defines the Sec routines for the AMD SEV
+
+ Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemEncryptSevLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Register/Amd/Ghcb.h>
+#include <Register/Amd/Msr.h>
+
+#include "AmdSev.h"
+
+/**
+ Handle an SEV-ES/GHCB protocol check failure.
+
+ Notify the hypervisor using the VMGEXIT instruction that the SEV-ES guest
+ wishes to be terminated.
+
+ @param[in] ReasonCode Reason code to provide to the hypervisor for the
+ termination request.
+
+**/
+VOID
+SevEsProtocolFailure (
+ IN UINT8 ReasonCode
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+
+ //
+ // Use the GHCB MSR Protocol to request termination by the hypervisor
+ //
+ Msr.GhcbPhysicalAddress = 0;
+ Msr.GhcbTerminate.Function = GHCB_INFO_TERMINATE_REQUEST;
+ Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB;
+ Msr.GhcbTerminate.ReasonCode = ReasonCode;
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+ AsmVmgExit ();
+
+ ASSERT (FALSE);
+ CpuDeadLoop ();
+}
+
+/**
+ Validate the SEV-ES/GHCB protocol level.
+
+ Verify that the level of SEV-ES/GHCB protocol supported by the hypervisor
+ and the guest intersect. If they don't intersect, request termination.
+
+**/
+VOID
+SevEsProtocolCheck (
+ VOID
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ GHCB *Ghcb;
+
+ //
+ // Use the GHCB MSR Protocol to obtain the GHCB SEV-ES Information for
+ // protocol checking
+ //
+ Msr.GhcbPhysicalAddress = 0;
+ Msr.GhcbInfo.Function = GHCB_INFO_SEV_INFO_GET;
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+ AsmVmgExit ();
+
+ Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+ if (Msr.GhcbInfo.Function != GHCB_INFO_SEV_INFO) {
+ SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+ }
+
+ if (Msr.GhcbProtocol.SevEsProtocolMin > Msr.GhcbProtocol.SevEsProtocolMax) {
+ SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
+ }
+
+ if ((Msr.GhcbProtocol.SevEsProtocolMin > GHCB_VERSION_MAX) ||
+ (Msr.GhcbProtocol.SevEsProtocolMax < GHCB_VERSION_MIN)) {
+ SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
+ }
+
+ //
+ // SEV-ES protocol checking succeeded, set the initial GHCB address
+ //
+ Msr.GhcbPhysicalAddress = FixedPcdGet32 (PcdOvmfSecGhcbBase);
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+ Ghcb = Msr.Ghcb;
+ SetMem (Ghcb, sizeof (*Ghcb), 0);
+
+ //
+ // Set the version to the maximum that can be supported
+ //
+ Ghcb->ProtocolVersion = MIN (Msr.GhcbProtocol.SevEsProtocolMax, GHCB_VERSION_MAX);
+ Ghcb->GhcbUsage = GHCB_STANDARD_USAGE;
+}
+
+/**
+ Determine if the SEV is active.
+
+ During the early booting, GuestType is set in the work area. Verify that it
+ is an SEV guest.
+
+ @retval TRUE SEV is enabled
+ @retval FALSE SEV is not enabled
+
+**/
+BOOLEAN
+IsSevGuest (
+ VOID
+ )
+{
+ OVMF_WORK_AREA *WorkArea;
+
+ //
+ // Ensure that the size of the Confidential Computing work area header
+ // is same as what is provided through a fixed PCD.
+ //
+ ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) ==
+ sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER));
+
+ WorkArea = (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
+
+ return ((WorkArea != NULL) && (WorkArea->Header.GuestType == GUEST_TYPE_AMD_SEV));
+}
+
+/**
+ Determine if SEV-ES is active.
+
+ During early booting, SEV-ES support code will set a flag to indicate that
+ SEV-ES is enabled. Return the value of this flag as an indicator that SEV-ES
+ is enabled.
+
+ @retval TRUE SEV-ES is enabled
+ @retval FALSE SEV-ES is not enabled
+
+**/
+BOOLEAN
+SevEsIsEnabled (
+ VOID
+ )
+{
+ SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
+
+ if (!IsSevGuest()) {
+ return FALSE;
+ }
+
+ SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+
+ return (SevEsWorkArea->SevEsEnabled != 0);
+}
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 707b0d4bbff4..406e3a25d0cd 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -26,12 +26,11 @@
#include <Library/ExtractGuidedSectionLib.h>
#include <Library/LocalApicLib.h>
#include <Library/CpuExceptionHandlerLib.h>
-#include <Library/MemEncryptSevLib.h>
-#include <Register/Amd/Ghcb.h>
-#include <Register/Amd/Msr.h>

#include <Ppi/TemporaryRamSupport.h>

+#include "AmdSev.h"
+
#define SEC_IDT_ENTRY_COUNT 34

typedef struct _SEC_IDT_TABLE {
@@ -717,154 +716,6 @@ FindAndReportEntryPoints (
return;
}

-/**
- Handle an SEV-ES/GHCB protocol check failure.
-
- Notify the hypervisor using the VMGEXIT instruction that the SEV-ES guest
- wishes to be terminated.
-
- @param[in] ReasonCode Reason code to provide to the hypervisor for the
- termination request.
-
-**/
-STATIC
-VOID
-SevEsProtocolFailure (
- IN UINT8 ReasonCode
- )
-{
- MSR_SEV_ES_GHCB_REGISTER Msr;
-
- //
- // Use the GHCB MSR Protocol to request termination by the hypervisor
- //
- Msr.GhcbPhysicalAddress = 0;
- Msr.GhcbTerminate.Function = GHCB_INFO_TERMINATE_REQUEST;
- Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB;
- Msr.GhcbTerminate.ReasonCode = ReasonCode;
- AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
-
- AsmVmgExit ();
-
- ASSERT (FALSE);
- CpuDeadLoop ();
-}
-
-/**
- Validate the SEV-ES/GHCB protocol level.
-
- Verify that the level of SEV-ES/GHCB protocol supported by the hypervisor
- and the guest intersect. If they don't intersect, request termination.
-
-**/
-STATIC
-VOID
-SevEsProtocolCheck (
- VOID
- )
-{
- MSR_SEV_ES_GHCB_REGISTER Msr;
- GHCB *Ghcb;
-
- //
- // Use the GHCB MSR Protocol to obtain the GHCB SEV-ES Information for
- // protocol checking
- //
- Msr.GhcbPhysicalAddress = 0;
- Msr.GhcbInfo.Function = GHCB_INFO_SEV_INFO_GET;
- AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
-
- AsmVmgExit ();
-
- Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
-
- if (Msr.GhcbInfo.Function != GHCB_INFO_SEV_INFO) {
- SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
- }
-
- if (Msr.GhcbProtocol.SevEsProtocolMin > Msr.GhcbProtocol.SevEsProtocolMax) {
- SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
- }
-
- if ((Msr.GhcbProtocol.SevEsProtocolMin > GHCB_VERSION_MAX) ||
- (Msr.GhcbProtocol.SevEsProtocolMax < GHCB_VERSION_MIN)) {
- SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
- }
-
- //
- // SEV-ES protocol checking succeeded, set the initial GHCB address
- //
- Msr.GhcbPhysicalAddress = FixedPcdGet32 (PcdOvmfSecGhcbBase);
- AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
-
- Ghcb = Msr.Ghcb;
- SetMem (Ghcb, sizeof (*Ghcb), 0);
-
- //
- // Set the version to the maximum that can be supported
- //
- Ghcb->ProtocolVersion = MIN (Msr.GhcbProtocol.SevEsProtocolMax, GHCB_VERSION_MAX);
- Ghcb->GhcbUsage = GHCB_STANDARD_USAGE;
-}
-
-/**
- Determine if the SEV is active.
-
- During the early booting, GuestType is set in the work area. Verify that it
- is an SEV guest.
-
- @retval TRUE SEV is enabled
- @retval FALSE SEV is not enabled
-
-**/
-STATIC
-BOOLEAN
-IsSevGuest (
- VOID
- )
-{
- OVMF_WORK_AREA *WorkArea;
-
- //
- // Ensure that the size of the Confidential Computing work area header
- // is same as what is provided through a fixed PCD.
- //
- ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) ==
- sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER));
-
- WorkArea = (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
-
- return ((WorkArea != NULL) && (WorkArea->Header.GuestType == GUEST_TYPE_AMD_SEV));
-}
-
-/**
- Determine if SEV-ES is active.
-
- During early booting, SEV-ES support code will set a flag to indicate that
- SEV-ES is enabled. Return the value of this flag as an indicator that SEV-ES
- is enabled.
-
- @retval TRUE SEV-ES is enabled
- @retval FALSE SEV-ES is not enabled
-
-**/
-STATIC
-BOOLEAN
-SevEsIsEnabled (
- VOID
- )
-{
- SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
-
- if (!IsSevGuest()) {
- return FALSE;
- }
-
- SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
-
- return (SevEsWorkArea->SevEsEnabled != 0);
-}
-
VOID
EFIAPI
SecCoreStartupWithStack (
--
2.25.1


[PATCH v8 00/32] Add AMD Secure Nested Paging (SEV-SNP) support

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based memory protections. SEV-SNP adds strong memory integrity
protection to help prevent malicious hypervisor-based attacks like data
replay, memory re-mapping and more in order to create an isolated memory
encryption environment.

This series provides the basic building blocks to support booting the SEV-SNP
VMs, it does not cover all the security enhancement introduced by the SEV-SNP
such as interrupt protection.

Many of the integrity guarantees of SEV-SNP are enforced through a new
structure called the Reverse Map Table (RMP). Adding a new page to SEV-SNP
VM requires a 2-step process. First, the hypervisor assigns a page to the
guest using the new RMPUPDATE instruction. This transitions the page to
guest-invalid. Second, the guest validates the page using the new PVALIDATE
instruction. The SEV-SNP VMs can use the new "Page State Change Request NAE"
defined in the GHCB specification to ask hypervisor to add or remove page
from the RMP table.

Each page assigned to the SEV-SNP VM can either be validated or unvalidated,
as indicated by the Validated flag in the page's RMP entry. There are two
approaches that can be taken for the page validation: Pre-validation and
Lazy Validation.

Under pre-validation, the pages are validated prior to first use. And under
lazy validation, pages are validated when first accessed. An access to a
unvalidated page results in a #VC exception, at which time the exception
handler may validate the page. Lazy validation requires careful tracking of
the validated pages to avoid validating the same GPA more than once. The
recently introduced "Unaccepted" memory type can be used to communicate the
unvalidated memory ranges to the Guest OS.

At this time we only support the pre-validation. OVMF detects all the available
system RAM in the PEI phase. When SEV-SNP is enabled, the memory is validated
before it is made available to the EDK2 core.

Now that series contains all the basic support required to launch SEV-SNP
guest. We are still missing the Interrupt security feature provided by the
SNP. The feature will be added after the base support is accepted.

Additional resources
---------------------
SEV-SNP whitepaper
https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf

APM 2: https://www.amd.com/system/files/TechDocs/24593.pdf (section 15.36)

The complete source is available at
https://github.com/AMDESE/ovmf/tree/snp-v8

GHCB spec:
https://developer.amd.com/wp-content/resources/56421.pdf

SEV-SNP firmware specification:
https://www.amd.com/system/files/TechDocs/56860.pdf

Changes since v7:
* Move SEV specific changes in MpLib in AmdSev file
* Update the GHCB register function to not restore the GHCB MSR because
we were already in the MSR protocol mode.
* Drop the SNP name from PcdSnpSecPreValidate.
* Add new section for GHCB memory in the OVMF metadata.

Change since v6:
* Drop the SNP boot block GUID and switch to using the Metadata guided structure
proposed by Min in TDX series.
* Exclude the GHCB page from the pre-validated region. It simplifies the reset
vector code where we do not need to unvalidate the GHCB page.
* Now that GHCB page is not validated so move the VMPL check from reset vector
code to the MemEncryptSevLib on the first page validation.
* Introduce the ConfidentialComputingGuestAttr PCD to communicate which
memory encryption is active so that MpInitLib can make use of it.
* Drop the SEVES specific PCD as the information can be communicated via
the ConfidentialComputingGuestAttr.
* Move the SNP specific AP creation function in AmdSev.c.
* Define the SNP Blob GUID in a new file.

Change since v5:
* When possible use the CPUID value from CPUID page
* Move the SEV specific functions from SecMain.c in AmdSev.c
* Rebase to the latest code
* Add the review feedback from Yao.

Change since v4:
* Use the correct MSR for the SEV_STATUS
* Add VMPL-0 check

Change since v3:
* ResetVector: move all SEV specific code in AmdSev.asm and add macros to keep
the code readable.
* Drop extending the EsWorkArea to contain SNP specific state.
* Drop the GhcbGpa library and call the VmgExit directly to register GHCB GPA.
* Install the CC blob config table from AmdSevDxe instead of extending the
AmdSev/SecretsDxe for it.
* Add the separate PCDs for the SNP Secrets.

Changes since v2:
* Add support for the AP creation.
* Use the module-scoping override to make AmdSevDxe use the IO port for PCI reads.
* Use the reserved memory type for CPUID and Secrets page.
*
Changes since v1:
* Drop the interval tree support to detect the pre-validated overlap region.
* Use an array to keep track of pre-validated regions.
* Add support to query the Hypervisor feature and verify that SNP feature is supported.
* Introduce MemEncryptSevClearMmioPageEncMask() to clear the C-bit from MMIO ranges.
* Pull the SevSecretDxe and SevSecretPei into OVMF package build.
* Extend the SevSecretDxe to expose confidential computing blob location through
EFI configuration table.

Brijesh Singh (28):
OvmfPkg/SecMain: move SEV specific routines in AmdSev.c
UefiCpuPkg/MpInitLib: move SEV specific routines in AmdSev.c
OvmfPkg/ResetVector: move clearing GHCB in SecMain
OvmfPkg/ResetVector: introduce metadata descriptor for VMM use
OvmfPkg: reserve SNP secrets page
OvmfPkg: reserve CPUID page
OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase
OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled()
OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest
OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest
OvmfPkg/AmdSevDxe: do not use extended PCI config space
OvmfPkg/MemEncryptSevLib: add support to validate system RAM
OvmfPkg/MemEncryptSevLib: add function to check the VMPL0
OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM
OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI
phase
OvmfPkg/SecMain: validate the memory used for decompressing Fv
OvmfPkg/PlatformPei: validate the system RAM when SNP is active
UefiCpuPkg: Define ConfidentialComputingGuestAttr
OvmfPkg/PlatformPei: set PcdConfidentialComputingAttr when SEV is
active
UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV
status
UefiCpuPkg: add PcdGhcbHypervisorFeatures
OvmfPkg/PlatformPei: set the Hypervisor Features PCD
MdePkg/GHCB: increase the GHCB protocol max version
UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is
enabled
OvmfPkg/MemEncryptSevLib: change the page state in the RMP table
OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address
OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map
OvmfPkg/AmdSev: expose the SNP reserved pages through configuration
table

Michael Roth (3):
OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values
OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values
UefiCpuPkg/MpInitLib: use BSP to do extended topology check

Tom Lendacky (1):
UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs

OvmfPkg/OvmfPkg.dec | 18 +
UefiCpuPkg/UefiCpuPkg.dec | 9 +
OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +-
OvmfPkg/Bhyve/BhyveX64.dsc | 5 +-
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 6 +-
OvmfPkg/OvmfPkgX64.dsc | 5 +-
OvmfPkg/OvmfXen.dsc | 5 +-
OvmfPkg/OvmfPkgX64.fdf | 6 +
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 7 +
.../DxeMemEncryptSevLib.inf | 3 +
.../PeiMemEncryptSevLib.inf | 25 +
.../SecMemEncryptSevLib.inf | 3 +
OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 2 +
OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 3 +
OvmfPkg/PlatformPei/PlatformPei.inf | 8 +
OvmfPkg/ResetVector/ResetVector.inf | 11 +
OvmfPkg/Sec/SecMain.inf | 4 +
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 6 +-
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 6 +-
MdePkg/Include/Register/Amd/Ghcb.h | 2 +-
.../Guid/ConfidentialComputingSevSnpBlob.h | 33 ++
OvmfPkg/Include/Library/MemEncryptSevLib.h | 26 +
.../X64/SnpPageStateChange.h | 36 ++
.../BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 +
OvmfPkg/PlatformPei/Platform.h | 5 +
OvmfPkg/Sec/AmdSev.h | 95 ++++
.../Include/ConfidentialComputingGuestAttr.h | 25 +
UefiCpuPkg/Library/MpInitLib/MpLib.h | 93 ++++
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 23 +
.../DxeMemEncryptSevLibInternal.c | 27 ++
.../Ia32/MemEncryptSevLib.c | 17 +
.../PeiMemEncryptSevLibInternal.c | 27 ++
.../SecMemEncryptSevLibInternal.c | 19 +
.../X64/DxeSnpSystemRamValidate.c | 40 ++
.../X64/PeiDxeVirtualMemory.c | 167 ++++++-
.../X64/PeiSnpSystemRamValidate.c | 163 +++++++
.../X64/SecSnpSystemRamValidate.c | 82 ++++
.../X64/SnpPageStateChangeInternal.c | 294 ++++++++++++
OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 444 ++++++++++++++++--
OvmfPkg/PlatformPei/AmdSev.c | 235 +++++++++
OvmfPkg/PlatformPei/MemDetect.c | 2 +
OvmfPkg/Sec/AmdSev.c | 299 ++++++++++++
OvmfPkg/Sec/SecMain.c | 158 +------
UefiCpuPkg/Library/MpInitLib/AmdSev.c | 239 ++++++++++
UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 16 +-
UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 70 +++
UefiCpuPkg/Library/MpInitLib/MpLib.c | 338 ++++---------
UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 4 +-
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 261 ++++++++++
OvmfPkg/FvmainCompactScratchEnd.fdf.inc | 5 +
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 17 +
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 86 +++-
OvmfPkg/ResetVector/ResetVector.nasmb | 35 ++
OvmfPkg/ResetVector/X64/OvmfMetadata.asm | 123 +++++
UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 2 +
UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm | 200 ++++++++
UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 100 +---
58 files changed, 3437 insertions(+), 528 deletions(-)
create mode 100644 OvmfPkg/Include/Guid/ConfidentialComputingSevSnpBlob.h
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
create mode 100644 OvmfPkg/Sec/AmdSev.h
create mode 100644 UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
create mode 100644 OvmfPkg/Sec/AmdSev.c
create mode 100644 UefiCpuPkg/Library/MpInitLib/AmdSev.c
create mode 100644 UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
create mode 100644 OvmfPkg/ResetVector/X64/OvmfMetadata.asm
create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm

--
2.25.1


Re: [edk2-platforms][PATCH V1 1/1] WhitleyOpenBoardPkg/Build: Reduce debug output for default boot.

Oram, Isaac W
 

It is a noticeable impact on performance. At some point we need to build out more optimal options for DEBUG and RELEASE but the server code isn't really built that way currently as very often people want the logs all the time and choose verbosity over the infrequent boot performance impact. A lot of the code could be productively refactored to leverage message levels towards common debug scenarios. For now, I just want to reduce the volume of output to a good default level that indicates the system is progressing through boot and let people customize the level for their debug activity.

Regards,
Isaac

-----Original Message-----
From: Desimone, Nathaniel L <nathaniel.l.desimone@...>
Sent: Thursday, September 16, 2021 2:09 PM
To: Oram, Isaac W <isaac.w.oram@...>; devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@...>
Subject: RE: [edk2-devel][edk2-platforms][PATCH V1 1/1] WhitleyOpenBoardPkg/Build: Reduce debug output for default boot.

Is it a big increase in messages to have both INFO and LOAD?

-----Original Message-----
From: Oram, Isaac W <isaac.w.oram@...>
Sent: Wednesday, September 8, 2021 3:35 PM
To: devel@edk2.groups.io
Cc: Desimone, Nathaniel L <nathaniel.l.desimone@...>; Chiu, Chasel <chasel.chiu@...>
Subject: [edk2-devel][edk2-platforms][PATCH V1 1/1] WhitleyOpenBoardPkg/Build: Reduce debug output for default boot.

Replace Info with Load, so we still get component loading details

Cc: Isaac Oram <isaac.w.oram@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Chasel Chiu <chasel.chiu@...>
Signed-off-by: Isaac Oram <isaac.w.oram@...>
---
Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc b/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc
index fa41ae923d..64ba4a4dae 100644
--- a/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc
+++ b/Platform/Intel/WhitleyOpenBoardPkg/PlatformPkg.dsc
@@ -365,7 +365,7 @@
#

gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 # Enable status codes for debug, progress, and errors
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000042 # Displayed messages: Error, Info, warn
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000006 # Displayed messages: Error, Load, Warn

gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
gUefiCpuPkgTokenSpaceGuid.PcdCpuNumberOfReservedVariableMtrrs|0
--
2.27.0.windows.1


Re: [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

Bassa, Damian <damian.bassa@...>
 

Thank you for input. Submitted V2.

 

Damian

 

From: Ni, Ray <ray.ni@...>
Sent: Friday, September 17, 2021 6:31 PM
To: Bassa, Damian <damian.bassa@...>; Wu, Hao A <hao.a.wu@...>; devel@edk2.groups.io
Cc: Kolakowski, Jacek <Jacek.Kolakowski@...>
Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

If a device is a RCiEP, PciIoDev->Parent points to a virtual PCI_IO_DEVICE for the RootComplex.

The PCI_IO_EVICE.Parent equals to NULL for RootComplex.

 

Which means, we can create a helper function

BOOLEAN IsRootBridge(PciIo) { return (BOOLEAN) (PciIo->Parent == NULL); }

 

your code can call this helper function.

 

From: Bassa, Damian <damian.bassa@...>
Sent: Friday, September 17, 2021 12:02 AM
To: Ni, Ray <ray.ni@...>; Wu, Hao A <hao.a.wu@...>; devel@edk2.groups.io
Cc: Kolakowski, Jacek <Jacek.Kolakowski@...>
Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

I was looking for anything that wouldn’t include reading register but only thing that distinguish device PCI_IO_DEVICE instances with root bridge instances is population of BusNumberRanges structure.

This technically could be used since this is populated only for root bridges and not devices but using this would be just confusing since there is no self-explanatory field there.

For my knowledge this is best way to tackle this issue. Please let me know if there are have some other worth exploring ideas.

 

Damian

 

From: Ni, Ray <ray.ni@...>
Sent: Wednesday, September 15, 2021 3:21 PM
To: Bassa, Damian <damian.bassa@...>; Wu, Hao A <hao.a.wu@...>; devel@edk2.groups.io
Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

Extending PciBus to support such case is valid.

 

But can you check if there is other pure software way to detect whether it’s an ECiEP?

 

From: Bassa, Damian <damian.bassa@...>
Sent: Wednesday, September 15, 2021 7:54 PM
To: Wu, Hao A <hao.a.wu@...>; devel@edk2.groups.io; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

Should we consider this workaround? I’m having issues interpreting this part of PCIe spec.

My understanding of this quote is that this capability can exist in but it shouldn’t be considered.

I would assume it’s possible option that it needs to be considered? Is that wrong?

 

Damian

 

 

From: Wu, Hao A <hao.a.wu@...>
Sent: Wednesday, September 8, 2021 9:17 AM
To: Bassa, Damian <damian.bassa@...>; devel@edk2.groups.io; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

Really sorry for the late response.

 

So this is a workaround for RCiEP device that is not compliant to the PCIe spec:

|>  ARI is an optional capability. This capability must be implemented by each

|>  Function in an ARI Device. It is not applicable to a Root Port, a Switch

|>  Downstream Port, an RCiEP, or a Root Complex Event Collector.

 

If this the case, could you help to:

* Add a comment that briefly describe this workaround before the newly added code

* Also mention this workaround information in the commit log message.

* Send out a V2 version of the patch?

Thanks in advance.

 

Hello Ray, please help to raise if you have concern on this.

 

Best Regards,

Hao Wu

 

From: Bassa, Damian <damian.bassa@...>
Sent: Wednesday, September 1, 2021 1:45 AM
To: Wu, Hao A <hao.a.wu@...>; devel@edk2.groups.io; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

It refers to access to the root port device that doesn’t exist in case we are dealing with RCiEP device.

There can be specific case where RCiEP device has ARI extended capability ID (even though it’s unsupported in this case).

In such a case PciSearchDevice goes to CreatePciIoDevice through GatherDeviceInfo. And in this case parent is PCI_IO_DEVICE instance created from CreateRootBridge function, which isn’t valid PCIe device and doesn’t have specific bus, only a range of buses. In that case enumerator tries to use this instance to read operation using default 0 bus number, which isn’t correct.

 

Damian

 

From: Wu, Hao A <hao.a.wu@...>
Sent: Tuesday, August 31, 2021 6:28 AM
To: devel@edk2.groups.io; Wu, Hao A <hao.a.wu@...>; Bassa, Damian <damian.bassa@...>; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wu, Hao A
Sent: Tuesday, August 31, 2021 12:25 PM
To: devel@edk2.groups.io; Bassa, Damian <damian.bassa@...>
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

Really sorry,

 

Could you help to provide more information on the below statement?

“undefined parent register accesses”

 

Thanks in advance.

 

Best Regards,

Hao Wu

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bassa, Damian
Sent: Tuesday, August 24, 2021 11:15 PM
To: devel@edk2.groups.io
Subject: [edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

 

Before trying to access parent root port to check ARI capabilities,

enumerator should see if Endpoint device is not Root Complex integrated

to avoid undefined parent register accesses in these cases.

 

Signed-off-by: Damian Bassa damian.bassa@...

 

---

.../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c         | 12 +++++++++++-

1 file changed, 11 insertions(+), 1 deletion(-)

 

diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

index db1b35f8ef..6451fb8af9 100644

--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

@@ -2153,6 +2153,7 @@ CreatePciIoDevice (

   PCI_IO_DEVICE        *PciIoDevice;

   EFI_PCI_IO_PROTOCOL  *PciIo;

   EFI_STATUS           Status;

+  PCI_REG_PCIE_CAPABILITY Capability;

 

   PciIoDevice = AllocateZeroPool (sizeof (PCI_IO_DEVICE));

   if (PciIoDevice == NULL) {

@@ -2229,7 +2230,16 @@ CreatePciIoDevice (

     return NULL;

   }

 

-  if (PcdGetBool (PcdAriSupport)) {

+  PciIo->Pci.Read (

+                PciIo,

+                EfiPciIoWidthUint16,

+                PciIoDevice->PciExpressCapabilityOffset + OFFSET_OF (PCI_CAPABILITY_PCIEXP, Capability),

+                1,

+                &Capability.Uint16

+                );

+

+  if (PcdGetBool (PcdAriSupport) &&

+    Capability.Bits.DevicePortType != PCIE_DEVICE_PORT_TYPE_ROOT_COMPLEX_INTEGRATED_ENDPOINT) {

     //

     // Check if the device is an ARI device.

     //

--

2.27.0.windows.1

 


Intel Technology Poland sp. z o.o.
ul. Słowackiego 173 | 80-298 Gdańsk | Sąd Rejonowy Gdańsk Północ | VII Wydział Gospodarczy Krajowego Rejestru Sądowego - KRS 101882 | NIP 957-07-52-316 | Kapitał zakładowy 200.000 PLN.

Ta wiadomość wraz z załącznikami jest przeznaczona dla określonego adresata i może zawierać informacje poufne. W razie przypadkowego otrzymania tej wiadomości, prosimy o powiadomienie nadawcy oraz trwałe jej usunięcie; jakiekolwiek przeglądanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.

 


Intel Technology Poland sp. z o.o.
ul. Słowackiego 173 | 80-298 Gdańsk | Sąd Rejonowy Gdańsk Północ | VII Wydział Gospodarczy Krajowego Rejestru Sądowego - KRS 101882 | NIP 957-07-52-316 | Kapitał zakładowy 200.000 PLN.

Ta wiadomość wraz z załącznikami jest przeznaczona dla określonego adresata i może zawierać informacje poufne. W razie przypadkowego otrzymania tej wiadomości, prosimy o powiadomienie nadawcy oraz trwałe jej usunięcie; jakiekolwiek przeglądanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.


[PATCH V2] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

Bassa, Damian <damian.bassa@...>
 

Before trying to access parent root port to check ARI capabilities,

enumerator should see if Endpoint device is not Root Complex integrated

to avoid undefined parent register accesses.

 

Signed-off-by: Damian Bassa damian.bassa@...

 

Change-Id: Ib782a9d73daab9164d4189a50e06273660400695

---

.../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c  | 26 ++++++++++++++++++-

1 file changed, 25 insertions(+), 1 deletion(-)

 

diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

index db1b35f8ef..687d055f49 100644

--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

@@ -2128,6 +2128,27 @@ AuthenticatePciDevice (

   return EFI_SUCCESS;

}

+/**

+  Checks if PCI device is Root Bridge

+

+  @param Bridge            Instance of PCI device

+

+  @retval TRUE             Device is Root Bridge

+  @return FALSE            Device is not Root Bridge

+

+**/

+BOOLEAN

+IsRootBridge (

+  IN PCI_IO_DEVICE                    *PciIoDevice

+  )

+{

+  if (PciIoDevice->Parent == NULL) {

+    return TRUE;

+  } else {

+    return FALSE;

+  }

+}

+

/**

   Create and initialize general PCI I/O device instance for

   PCI device/bridge device/hotplug bridge device.

@@ -2229,7 +2250,10 @@ CreatePciIoDevice (

     return NULL;

   }

-  if (PcdGetBool (PcdAriSupport)) {

+  //

+  // Check if device's parent is not Root Bridge

+  //

+  if (PcdGetBool (PcdAriSupport) && !IsRootBridge(Bridge)) {

     //

     // Check if the device is an ARI device.

     //

--


Intel Technology Poland sp. z o.o.
ul. Słowackiego 173 | 80-298 Gdańsk | Sąd Rejonowy Gdańsk Północ | VII Wydział Gospodarczy Krajowego Rejestru Sądowego - KRS 101882 | NIP 957-07-52-316 | Kapitał zakładowy 200.000 PLN.

Ta wiadomość wraz z załącznikami jest przeznaczona dla określonego adresata i może zawierać informacje poufne. W razie przypadkowego otrzymania tej wiadomości, prosimy o powiadomienie nadawcy oraz trwałe jej usunięcie; jakiekolwiek przeglądanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.


Re: [PATCH] UefiCpuPkg: Fix CPU stack guard support by aligning GDT buffer

Vitaly Cheptsov
 

Just to make it clear, this is an immediate solution that is good enough to fix the bug. However, a more proper solution would be to introduce the _Alignas concept to EDK II. I would suggest the following macro in Base.h:

/**
  Enforce custom alignment for a variable definition.
  Similar to C11 alignas macro from stdalign.h, except it must be functional to support MSVC.

  @param  Alignment  Numeric alignment to require.
**/
#ifdef _MSC_EXTENSIONS
  #define ALIGNAS(Alignment) __declspec(align(Alignment))
#else
  #define ALIGNAS(Alignment) _Alignas(Alignment)
#endif

If there is no disagreement on this, I can imagine submitting an update after this patch is merged.



Re: [PATCH V6 1/1] OvmfPkg: Enable TDX in ResetVector

Brijesh Singh
 

On 9/18/21 10:14 PM, Xu, Min M wrote:
Hi, Brijesh
On September 18, 2021 7:30 PM, Brijesh Singh wrote:
Hi Min,

On 9/18/21 12:16 AM, Xu, Min M wrote:
Hi, Brijesh

On September 17, 2021 11:52 PM, Brijesh Singh wrote:
Hi Min,

On 9/17/21 7:55 AM, Xu, Min M wrote:
...

As I mentioned in my last mail, in the beginning I missed the
limitation of
smsw.
So I update the code (ResetVectorVtf0.asm) as below using mov CRx.
<1> BITS 16
176 00000800 0F20C0 <1> mov eax, cr0 <-- previously it
was smsw
177 00000803 A801 <1> test al, 1
178 00000805 7405 <1> jz .Real
179 <1> BITS 32
180 00000807 E951FFFFFF <1> jmp Main32
181 <1> BITS 16
182 <1> .Real:
183 0000080C E939FF <1> jmp EarlyBspInitReal16

I test the code in a AMD SEV server and try to launch a SEV guest.
This time
it stuck at the *mov eax, cr0*.
I am curious if *mov eax, cr0* works in real mode in a SEV guest?
I also test the code in a legacy vm guest and td guest, all passed.
Did I miss something?
Hmm, I am not aware of any limitation w.r.t encrypted VMs. I just
added the below code in my branch and I do not see any issues, my
SEV, SEV-ES and SEV-SNP all are able to boot fine. And KVM trace
confirms that code it read

diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
index f0e509d0672e..98e34332b04c 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -175,9 +175,21 @@ resetVector:
;
; This is where the processor will begin execution
;
+%ifdef ARCH_IA32
nop
nop
jmp EarlyBspInitReal16
+%else
+ mov eax, cr0
+ test al, 1
+ jz .Real
+BITS 32
+ hlt
+ ;jmp Main32
+BITS 16
+.Real:
+ jmp EarlyBspInitReal16
+%endif

ALIGN 16


And KVM trace:

kvm_exit: vcpu 0 reason npf rip 0xfff0 info1 0x0000000500000014 info2
0x00000000fffff000 intr_info 0x00000000 error_code 0x00000000
kvm_page_fault: address fffff000 error_code 500000014
kvm_entry: vcpu 0, rip 0xfff0
kvm_exit: vcpu 0 reason read_cr0 rip 0xfff0 info1 0x8000000000000000
info2 0x0000000000000000 intr_info 0x00000000 error_code 0x00000000
kvm_cr: cr_read 0 = 0x60000010
kvm_entry: vcpu 0, rip 0xfff3

As we can see from the kvm trace, the first instruction here is the
Cr0 read and it was successfully intercepted and rip moved to next
instruction.

Can you please provide me KVM trace for your failure case ? Also,
provide me the output of "lscpu" and "dmesg" from the host.
The OVMF image you tested is built with GCC tool chain, right?
Yes, we have been using the GCC tool chain only.
Is VS Tool chain (VS2017, VS2019, etc) supported by AMD SEV in OVMF?
I am a little nervous when the Ovmf img failed to be launched in AMD SEV
server after my TDX patch is applied.


I usually do the development in windows and build the OVMF image with
VS2019.
If the new feature works, then I cherry-pick the patch-sets to code
base in ubuntu
18.04 and build/test the new feature.

The weird thing is that, with VS2019, even the OVMF image is built
from edk2-master, such image doesn't work on AMD SEV server either.
But if the image is built by Ubuntu 18.04, it does work on AMD SEV server.
This seems very strange that we are failing to execute the hand written
assembly code.
Actually even the OvmfPkg from edk2-master (without any changes) cannot be
launched on AMD SEV server if it is built with VS2019 tool chain.
This is the qemu-kvm used:
$/usr/libexec/qemu-kvm --version
QEMU emulator version 4.2.0 (qemu-kvm-4.2.0-48.module_el8.4.0+885+5e18b468.3)
Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers
This is the launch scripts.
QEMU=/usr/libexec/qemu-kvm
DRIVE=rhel-8.qcow2
${QEMU} \
-enable-kvm -cpu EPYC -machine q35 \
-smp 4,maxcpus=64 \
-m 4096M,slots=5,maxmem=30G \
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly \
-drive if=pflash,format=raw,unit=1,file=OVMF_VARS.fd \
-netdev user,id=vmnic \
-device e1000,netdev=vmnic,romfile= \
-drive file=${DRIVE},if=none,id=disk0,format=qcow2 \
-device virtio-scsi-pci,id=scsi,disable-legacy=on,iommu_platform=true \
-device scsi-hd,drive=disk0 \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \
-machine memory-encryption=sev0 \
-nographic

I am wondering if somehow the VS compiler is generating a
wrong byte code and thus causing a trap on KVM that requires emulation.
Since the guest memory is encrypted, so KVM emulation code will not be
able to decode the instruction bytes and thus leading in repetitive nested
fault. Only way I could verify my theory is if I can get a KVM trace or an OVMF
binary. If you have have KVM trace or OVMF_CODE.fd handy then please
share.
The OVMF_CODE.fd and OVMF_VARS.fd are attached.
The code base is :
ac6388add4 2021-09-15 (HEAD -> master, origin/master, origin/HEAD) ArmPkg/ProcessorSubClassDxe: Fix the format of ProcessorId
This is the build command:
build -p OvmfPkgX64.dsc -a X64 -t VS2019

Actually, I am not able to boot a non SEV guest with your attached binary. It appears that sometime during an easy boot, we are getting a triple fault (maybe guest is accessing invalid memory) and thus KVM issues a SHUTDOWN. The same is seen with the SEV guest.

I don't know what VS compiler is doing to cause this.

-Brijesh


[PATCH v2 1/1] MdeModulePkg: Add MpServicesTest application to exercise MP Services

Rebecca Cran <rebecca@...>
 

Add a new MpServicesTest application under MdeModulePkg/Application that
exercises the EFI_MP_SERVICES_PROTOCOL.

Signed-off-by: Rebecca Cran <rebecca@...>
---
MdeModulePkg/Application/MpServicesTest/MpServicesTest.c | 433 ++++++++++++++++++++
MdeModulePkg/Application/MpServicesTest/MpServicesTest.inf | 38 ++
MdeModulePkg/MdeModulePkg.dsc | 2 +
3 files changed, 473 insertions(+)

diff --git a/MdeModulePkg/Application/MpServicesTest/MpServicesTest.c b/MdeModulePkg/Application/MpServicesTest/MpServicesTest.c
new file mode 100644
index 000000000000..4eb06e6b7cbd
--- /dev/null
+++ b/MdeModulePkg/Application/MpServicesTest/MpServicesTest.c
@@ -0,0 +1,433 @@
+/** @file
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+#include <Library/DebugLib.h>
+#include <Library/RngLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Pi/PiMultiPhase.h>
+#include <Protocol/MpService.h>
+
+#define MAX_RANDOM_PROCESSOR_RETRIES 10
+
+#define AP_STARTUP_TEST_TIMEOUT_US 50000
+#define INFINITE_TIMEOUT 0
+
+#define RETURN_IF_EFI_ERROR(x) \
+ if (EFI_ERROR (x)) { \
+ Print (L"failed: %r\n", x); \
+ return; \
+ } \
+ else { \
+ Print (L"done.\n"); \
+ }
+
+/** The procedure to run with the MP Services interface.
+
+ @param Buffer The procedure argument.
+
+**/
+STATIC
+VOID
+EFIAPI
+ApFunction (
+ IN OUT VOID *Buffer
+ )
+{
+}
+
+/** Displays information returned from MP Services Protocol.
+
+ @param Mp The MP Services Protocol
+
+ @return The number of CPUs in the system.
+
+**/
+STATIC
+UINTN
+PrintProcessorInformation (
+ IN EFI_MP_SERVICES_PROTOCOL *Mp
+ )
+{
+ EFI_STATUS Status;
+ EFI_PROCESSOR_INFORMATION CpuInfo;
+ UINTN Index;
+ UINTN NumCpu;
+ UINTN NumEnabledCpu;
+
+ Status = Mp->GetNumberOfProcessors (Mp, &NumCpu, &NumEnabledCpu);
+ if (EFI_ERROR (Status)) {
+ Print (L"GetNumberOfProcessors failed: %r\n", Status);
+ } else {
+ Print (L"Number of CPUs: %ld, Enabled: %d\n", NumCpu, NumEnabledCpu);
+ }
+
+ for (Index = 0; Index < NumCpu; Index++) {
+ Status = Mp->GetProcessorInfo (Mp, CPU_V2_EXTENDED_TOPOLOGY | Index, &CpuInfo);
+ if (EFI_ERROR (Status)) {
+ Print (L"GetProcessorInfo for Processor %d failed: %r\n", Index, Status);
+ } else {
+ Print (
+ L"Processor %d:\n"
+ L"\tID: %016lx\n"
+ L"\tStatus: %s | ",
+ Index,
+ CpuInfo.ProcessorId,
+ (CpuInfo.StatusFlag & PROCESSOR_AS_BSP_BIT) ? L"BSP" : L"AP"
+ );
+
+ Print (L"%s | ", (CpuInfo.StatusFlag & PROCESSOR_ENABLED_BIT) ? L"Enabled" : L"Disabled");
+ Print (L"%s\n", (CpuInfo.StatusFlag & PROCESSOR_HEALTH_STATUS_BIT) ? L"Healthy" : L"Faulted");
+
+ Print (
+ L"\tLocation: Package %d, Core %d, Thread %d\n"
+ L"\tExtended Information: Package %d, Module %d, Tile %d, Die %d, Core %d, Thread %d\n\n",
+ CpuInfo.Location.Package,
+ CpuInfo.Location.Core,
+ CpuInfo.Location.Thread,
+ CpuInfo.ExtendedInformation.Location2.Package,
+ CpuInfo.ExtendedInformation.Location2.Module,
+ CpuInfo.ExtendedInformation.Location2.Tile,
+ CpuInfo.ExtendedInformation.Location2.Die,
+ CpuInfo.ExtendedInformation.Location2.Core,
+ CpuInfo.ExtendedInformation.Location2.Thread
+ );
+ }
+ }
+
+ return NumCpu;
+}
+
+/** Returns the index of an enabled AP selected at random.
+
+ @param Mp The MP Services Protocol.
+ @param ProcessorIndex The index of a random enabled AP.
+
+ @retval EFI_SUCCESS An enabled processor was found and returned.
+ @retval EFI_NOT_FOUND A processor was unable to be selected.
+
+**/
+STATIC
+EFI_STATUS
+GetRandomEnabledProcessorIndex (
+ IN EFI_MP_SERVICES_PROTOCOL *Mp,
+ OUT UINTN *ProcessorIndex
+ )
+{
+ UINTN Index;
+ UINTN IndexOfEnabledCpu;
+ UINTN NumCpus;
+ UINTN NumEnabledCpus;
+ UINTN IndexOfEnabledCpuToUse;
+ UINT16 RandomNumber;
+ BOOLEAN Success;
+ EFI_STATUS Status;
+ EFI_PROCESSOR_INFORMATION CpuInfo;
+
+ IndexOfEnabledCpu = 0;
+
+ Success = GetRandomNumber16 (&RandomNumber);
+ ASSERT (Success == TRUE);
+
+ Status = Mp->GetNumberOfProcessors (Mp, &NumCpus, &NumEnabledCpus);
+ ASSERT_EFI_ERROR (Status);
+
+ if (NumEnabledCpus == 1) {
+ Print (L"All APs are disabled\n");
+ return EFI_NOT_FOUND;
+ }
+
+ IndexOfEnabledCpuToUse = RandomNumber % NumEnabledCpus;
+
+ for (Index = 0; Index < NumCpus; Index++) {
+ Status = Mp->GetProcessorInfo (Mp, Index, &CpuInfo);
+ ASSERT_EFI_ERROR (Status);
+ if ((CpuInfo.StatusFlag & PROCESSOR_ENABLED_BIT) &&
+ !(CpuInfo.StatusFlag & PROCESSOR_AS_BSP_BIT)) {
+ if (IndexOfEnabledCpuToUse == IndexOfEnabledCpu) {
+ *ProcessorIndex = Index;
+ Status = EFI_SUCCESS;
+ break;
+ }
+
+ IndexOfEnabledCpu++;
+ }
+ }
+
+ if (Index == NumCpus) {
+ Status = EFI_NOT_FOUND;
+ }
+
+ return Status;
+}
+
+/** Tests for the StartupThisAP function.
+
+ @param Mp The MP Services Protocol.
+
+**/
+STATIC
+VOID
+StartupThisApTests (
+ IN EFI_MP_SERVICES_PROTOCOL *Mp
+ )
+{
+ EFI_STATUS Status;
+ UINTN ProcessorIndex;
+ UINT32 Retries;
+
+ Retries = 0;
+
+ do {
+ Status = GetRandomEnabledProcessorIndex (Mp, &ProcessorIndex);
+ } while (EFI_ERROR (Status) && Retries++ < MAX_RANDOM_PROCESSOR_RETRIES);
+
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ Print (
+ L"StartupThisAP on Processor %d with 0 (infinite) timeout...",
+ ProcessorIndex
+ );
+
+ Status = Mp->StartupThisAP (
+ Mp,
+ ApFunction,
+ ProcessorIndex,
+ NULL,
+ INFINITE_TIMEOUT,
+ NULL,
+ NULL
+ );
+
+ RETURN_IF_EFI_ERROR (Status);
+
+ Retries = 0;
+
+ do {
+ Status = GetRandomEnabledProcessorIndex (Mp, &ProcessorIndex);
+ } while (EFI_ERROR (Status) && Retries++ < MAX_RANDOM_PROCESSOR_RETRIES);
+
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ Print (
+ L"StartupThisAP on Processor %d with %dms timeout...",
+ ProcessorIndex,
+ AP_STARTUP_TEST_TIMEOUT_US / 1000
+ );
+ Status = Mp->StartupThisAP (
+ Mp,
+ ApFunction,
+ ProcessorIndex,
+ NULL,
+ AP_STARTUP_TEST_TIMEOUT_US,
+ NULL,
+ NULL
+ );
+ RETURN_IF_EFI_ERROR (Status);
+}
+
+/** Tests for the StartupAllAPs function.
+
+ @param Mp The MP Services Protocol.
+ @param NumCpus The number of CPUs in the system.
+
+**/
+STATIC
+VOID
+StartupAllAPsTests (
+ IN EFI_MP_SERVICES_PROTOCOL *Mp,
+ IN UINTN NumCpus
+ )
+{
+ EFI_STATUS Status;
+ UINTN Timeout;
+
+ Print (L"Running with SingleThread FALSE, 0 (infinite) timeout...");
+ Status = Mp->StartupAllAPs (Mp, ApFunction, FALSE, NULL, INFINITE_TIMEOUT, NULL, NULL);
+ RETURN_IF_EFI_ERROR (Status);
+
+ Timeout = NumCpus * AP_STARTUP_TEST_TIMEOUT_US;
+
+ Print (L"Running with SingleThread TRUE, %dms timeout...", Timeout / 1000);
+ Status = Mp->StartupAllAPs (
+ Mp,
+ ApFunction,
+ TRUE,
+ NULL,
+ Timeout,
+ NULL,
+ NULL
+ );
+ RETURN_IF_EFI_ERROR (Status);
+}
+
+/** Tests for the EnableDisableAP function.
+
+ @param Mp The MP Services Protocol.
+ @param NumCpus The number of CPUs in the system.
+
+**/
+STATIC
+VOID
+EnableDisableAPTests (
+ IN EFI_MP_SERVICES_PROTOCOL *Mp,
+ IN UINTN NumCpus
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+ UINT32 HealthFlag;
+
+ HealthFlag = 0;
+
+ for (Index = 1; Index < NumCpus; Index++) {
+ Print (L"Disabling Processor %d with HealthFlag faulted...", Index);
+ Status = Mp->EnableDisableAP (Mp, Index, FALSE, &HealthFlag);
+ RETURN_IF_EFI_ERROR (Status);
+ }
+
+ HealthFlag = PROCESSOR_HEALTH_STATUS_BIT;
+
+ for (Index = 1; Index < NumCpus; Index++) {
+ Print (L"Enabling Processor %d with HealthFlag healthy...", Index);
+ Status = Mp->EnableDisableAP (Mp, Index, TRUE, &HealthFlag);
+ RETURN_IF_EFI_ERROR (Status);
+ }
+}
+
+/** Tests for the SwitchBSP function.
+
+ @param Mp The MP Services Protocol.
+ @param NumCpus The number of CPUs in the system.
+
+**/
+STATIC
+VOID
+SwitchBSPTests (
+ IN EFI_MP_SERVICES_PROTOCOL *Mp,
+ IN UINTN NumCpus
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+
+ for (Index = 1; Index < NumCpus; Index++) {
+ Print (L"Switching BSP to Processor %d with EnableOldBSP FALSE...", Index);
+ Status = Mp->SwitchBSP (Mp, Index, FALSE);
+ RETURN_IF_EFI_ERROR (Status);
+ }
+
+ for (Index = 0; Index < NumCpus; Index++) {
+ Print (L"Switching BSP to Processor %d with EnableOldBSP TRUE...", Index);
+ Status = Mp->SwitchBSP (Mp, Index, TRUE);
+ RETURN_IF_EFI_ERROR (Status);
+ }
+}
+
+/**
+ The user Entry Point for Application. The user code starts with this function
+ as the real entry point for the application.
+
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The entry point is executed successfully.
+ @retval other Some error occurs when executing this entry point.
+
+**/
+EFI_STATUS
+EFIAPI
+UefiMain (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ EFI_MP_SERVICES_PROTOCOL *Mp;
+ EFI_HANDLE *pHandle;
+ UINTN HandleCount;
+ UINTN BspId;
+ UINTN NumCpus;
+ UINTN Index;
+
+ pHandle = NULL;
+ HandleCount = 0;
+ BspId = 0;
+
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiMpServiceProtocolGuid,
+ NULL,
+ &HandleCount,
+ &pHandle
+ );
+
+ if (EFI_ERROR (Status)) {
+ Print (L"Failed to locate EFI_MP_SERVICES_PROTOCOL (%r). Not installed on platform?\n", Status);
+ return EFI_NOT_FOUND;
+ }
+
+ for (Index = 0; Index < HandleCount; Index++) {
+ Status = gBS->OpenProtocol (
+ *pHandle,
+ &gEfiMpServiceProtocolGuid,
+ (VOID **)&Mp,
+ NULL,
+ gImageHandle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ pHandle++;
+ }
+
+ Print (L"Exercising WhoAmI\n\n");
+ Status = Mp->WhoAmI (Mp, &BspId);
+ if (EFI_ERROR (Status)) {
+ Print (L"WhoAmI failed: %r\n", Status);
+ return Status;
+ } else {
+ Print (L"WhoAmI: %016lx\n", BspId);
+ }
+
+ Print (L"\n");
+ Print (
+ L"Exercising GetNumberOfProcessors and GetProcessorInformation with "
+ L"CPU_V2_EXTENDED_TOPOLOGY\n\n"
+ );
+ NumCpus = PrintProcessorInformation (Mp);
+ if (NumCpus < 2) {
+ Print (L"UP system found. Not running further tests.\n");
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Print (L"\n");
+ Print (L"Exercising StartupThisAP:\n\n");
+ StartupThisApTests (Mp);
+
+ Print (L"\n");
+ Print (L"Exercising StartupAllAPs:\n\n");
+ StartupAllAPsTests (Mp, NumCpus);
+
+ Print (L"\n");
+ Print (L"Exercising EnableDisableAP:\n\n");
+ EnableDisableAPTests (Mp, NumCpus);
+
+ Print (L"\n");
+ Print (L"Exercising SwitchBSP\n\n");
+ SwitchBSPTests (Mp, NumCpus);
+
+ gBS->CloseProtocol (pHandle, &gEfiMpServiceProtocolGuid, gImageHandle, NULL);
+ return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Application/MpServicesTest/MpServicesTest.inf b/MdeModulePkg/Application/MpServicesTest/MpServicesTest.inf
new file mode 100644
index 000000000000..8a21ca70d8fa
--- /dev/null
+++ b/MdeModulePkg/Application/MpServicesTest/MpServicesTest.inf
@@ -0,0 +1,38 @@
+## @file
+# UEFI Application to exercise EFI_MP_SERVICES_PROTOCOL.
+#
+# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.29
+ BASE_NAME = MpServicesTest
+ FILE_GUID = 43e9defa-7209-4b0d-b136-cc4ca02cb469
+ MODULE_TYPE = UEFI_APPLICATION
+ VERSION_STRING = 0.1
+ ENTRY_POINT = UefiMain
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ MpServicesTest.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ BaseLib
+ RngLib
+ UefiApplicationEntryPoint
+ UefiLib
+
+[Protocols]
+ gEfiMpServiceProtocolGuid ## CONSUMES
+
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index b1d83461865e..1cf5ccd30d40 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -164,6 +164,7 @@
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
+ RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf

[LibraryClasses.common.MM_STANDALONE]
HobLib|MdeModulePkg/Library/BaseHobLibNull/BaseHobLibNull.inf
@@ -215,6 +216,7 @@
MdeModulePkg/Application/HelloWorld/HelloWorld.inf
MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf
MdeModulePkg/Application/MemoryProfileInfo/MemoryProfileInfo.inf
+ MdeModulePkg/Application/MpServicesTest/MpServicesTest.inf

MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
MdeModulePkg/Logo/Logo.inf
--
2.31.1


[PATCH v2 0/1] MdeModulePkg: Add MpServicesTest.efi to exercise EFI_MP_SERVICES_PROTOCOL

Rebecca Cran <rebecca@...>
 

Add a new application to MdeModulePkg to exercise
EFI_MP_SERVICES_PROTOCOL.

Changes from v1 to v2:

Added Doxygen comments to the functions.

Rebecca Cran (1):
MdeModulePkg: Add MpServicesTest application to exercise MP Services

MdeModulePkg/Application/MpServicesTest/MpServicesTest.c | 433 ++++++++++++++++++++
MdeModulePkg/Application/MpServicesTest/MpServicesTest.inf | 38 ++
MdeModulePkg/MdeModulePkg.dsc | 2 +
3 files changed, 473 insertions(+)
create mode 100644 MdeModulePkg/Application/MpServicesTest/MpServicesTest.c
create mode 100644 MdeModulePkg/Application/MpServicesTest/MpServicesTest.inf

--
2.31.1


Re: 回复: [PATCH] [edk2-devel] RecordAssertion function parameter issue.

G Edhaya Chandran
 

The patch is upstreamed through the commit: https://github.com/tianocore/edk2-test/commit/92a0343c1553342c53fae9d9d646b763add232c0


Re: [PATCH] UefiPayloadPkg: Add Macro to enable or diable some drivers.

Ma, Maurice <maurice.ma@...>
 

Reviewed-by: Maurice Ma <maurice.ma@...>

-----Original Message-----
From: Liu, Zhiguang <zhiguang.liu@...>
Sent: Saturday, September 18, 2021 0:49
To: devel@edk2.groups.io
Cc: Dong, Guo <guo.dong@...>; Ni, Ray <ray.ni@...>; Ma,
Maurice <maurice.ma@...>; You, Benjamin
<benjamin.you@...>
Subject: [PATCH] UefiPayloadPkg: Add Macro to enable or diable some
drivers.

Add Macro to enable or diable RamDiskDxe and SioBusDxe drivers.

Cc: Guo Dong <guo.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Maurice Ma <maurice.ma@...>
Cc: Benjamin You <benjamin.you@...>

Signed-off-by: Zhiguang Liu <zhiguang.liu@...>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 10 ++++++++--
UefiPayloadPkg/UefiPayloadPkg.fdf | 7 +++++--
2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc
b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 9d7f311343..fb805dc772 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -28,6 +28,8 @@
DEFINE SOURCE_DEBUG_ENABLE = FALSE DEFINE
PS2_KEYBOARD_ENABLE = FALSE+ DEFINE RAM_DISK_ENABLE =
FALSE+ DEFINE SIO_BUS_ENABLE = FALSE DEFINE
UNIVERSAL_PAYLOAD = FALSE #@@ -536,8 +538,10 @@
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf-
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf +!if
$(RAM_DISK_ENABLE) == TRUE+
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf+!endif # #
SD/eMMC Support #@@ -562,8 +566,10 @@
!if $(SERIAL_DRIVER_ENABLE) == TRUE
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf !endif-!if
$(PS2_KEYBOARD_ENABLE) == TRUE+!if $(SIO_BUS_ENABLE) == TRUE
OvmfPkg/SioBusDxe/SioBusDxe.inf+!endif+!if $(PS2_KEYBOARD_ENABLE)
== TRUE
MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf !endif
MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.infdiff --git
a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf
index 6caa134081..6b48bfc869 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -142,8 +142,10 @@ INF
MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf
!if $(SERIAL_DRIVER_ENABLE) == TRUE INF
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf !endif-!if
$(PS2_KEYBOARD_ENABLE) == TRUE+!if $(SIO_BUS_ENABLE) == TRUE INF
OvmfPkg/SioBusDxe/SioBusDxe.inf+!endif+!if $(PS2_KEYBOARD_ENABLE)
== TRUE INF
MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf !endif INF
MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf@@ -171,8 +173,9
@@ INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf INF
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf INF
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf+!if
$(RAM_DISK_ENABLE) == TRUE INF
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf-+!endif INF
FatPkg/EnhancedFatDxe/Fat.inf #--
2.32.0.windows.2


[PATCH] UefiCpuPkg: Fix CPU stack guard support by aligning GDT buffer

Vitaly Cheptsov
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3639

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Eric Dong <eric.dong@...>
Cc: Michael Kinney <michael.d.kinney@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Jeff Fan <vanjeff_919@...>
Cc: Mikhail Krichanov <krichanov@...>
Cc: Marvin Häuser <mhaeuser@...>
Signed-off-by: Vitaly Cheptsov <cheptsov@...>
---
.../Library/CpuExceptionHandlerLib/DxeException.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c
index fd59f09ecd..12874811e1 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c
@@ -22,7 +22,7 @@ EXCEPTION_HANDLER_DATA mExceptionHandlerData;

UINT8 mNewStack[CPU_STACK_SWITCH_EXCEPTION_NUMBER *
CPU_KNOWN_GOOD_STACK_SIZE];
-UINT8 mNewGdt[CPU_TSS_GDT_SIZE];
+UINT8 mNewGdt[CPU_TSS_GDT_SIZE + IA32_GDT_ALIGNMENT];

/**
Common exception handler.
@@ -238,6 +238,7 @@ InitializeCpuExceptionHandlersEx (
CPU_EXCEPTION_INIT_DATA EssData;
IA32_DESCRIPTOR Idtr;
IA32_DESCRIPTOR Gdtr;
+ UINT8 *Gdt;

//
// To avoid repeat initialization of default handlers, the caller should pass
@@ -259,6 +260,7 @@ InitializeCpuExceptionHandlersEx (
if (PcdGetBool (PcdCpuStackGuard)) {
if (InitData == NULL) {
SetMem (mNewGdt, sizeof (mNewGdt), 0);
+ Gdt = ALIGN_POINTER (mNewGdt, IA32_GDT_ALIGNMENT);

AsmReadIdtr (&Idtr);
AsmReadGdtr (&Gdtr);
@@ -270,11 +272,11 @@ InitializeCpuExceptionHandlersEx (
EssData.X64.StackSwitchExceptionNumber = CPU_STACK_SWITCH_EXCEPTION_NUMBER;
EssData.X64.IdtTable = (VOID *)Idtr.Base;
EssData.X64.IdtTableSize = Idtr.Limit + 1;
- EssData.X64.GdtTable = mNewGdt;
- EssData.X64.GdtTableSize = sizeof (mNewGdt);
- EssData.X64.ExceptionTssDesc = mNewGdt + Gdtr.Limit + 1;
+ EssData.X64.GdtTable = Gdt;
+ EssData.X64.GdtTableSize = CPU_TSS_GDT_SIZE;
+ EssData.X64.ExceptionTssDesc = Gdt + Gdtr.Limit + 1;
EssData.X64.ExceptionTssDescSize = CPU_TSS_DESC_SIZE;
- EssData.X64.ExceptionTss = mNewGdt + Gdtr.Limit + 1 + CPU_TSS_DESC_SIZE;
+ EssData.X64.ExceptionTss = Gdt + Gdtr.Limit + 1 + CPU_TSS_DESC_SIZE;
EssData.X64.ExceptionTssSize = CPU_TSS_SIZE;

InitData = &EssData;
--
2.30.1 (Apple Git-130)

11401 - 11420 of 92217