1. 22 Jul, 2022 1 commit
  2. 18 Jul, 2022 1 commit
    • Sami Mujawar's avatar
      DynamicTablesPkg: Add support to specify FADT minor revision · dbb764b8
      Sami Mujawar authored and Jagadeesh Ujja's avatar Jagadeesh Ujja committed
      
      
      The CM_STD_OBJ_ACPI_TABLE_INFO.AcpiTableRevision can be used to specify
      the major revision number of the ACPI table that the generator must use.
      Although most ACPI tables only have a major revision number, the FADT
      table additionally has a minor revision number.
      
      The FADT generator currently defaults to setting the latest supported
      ACPI revision for the FADT table i.e. ACPI 6.4. This means that the minor
      revision for the FADT table is always set to 4 and there is no provision
      for a user to specify the minor revision to be selected.
      
      Therefore, update CM_STD_OBJ_ACPI_TABLE_INFO to introduce a new field
      MinorRevision which can be used to specify the minor revision for an
      ACPI table. Also update the FADT generator to validate the supported
      FADT revisions ans use the specified minor revision for the FADT table
      if supported. If an unsupported minor revision is specified the FADT
      generator defaults to the latest supported minor revision.
      
      Since the CM_STD_OBJ_ACPI_TABLE_INFO.MinorRevision field is added to
      the end of the structure, it should not break existing platform code.
      Signed-off-by: default avatarSami Mujawar <sami.mujawar@arm.com>
      Reviewed-by: <pierre.gondois@arm.com>
      Tested-by: Jagadeesh Ujja's avatarJagadeesh Ujja <Jagadeesh.Ujja@arm.com>
      
      Upstream-cherry-pick: 0d23c447d6f574cbe511414b70df14119099c70f
      Change-Id: I0e2fc79c31d98307c07b5873ae3f7058cac74789
      dbb764b8
  3. 20 May, 2022 1 commit
  4. 17 Mar, 2022 2 commits
  5. 13 Dec, 2021 1 commit
  6. 09 Dec, 2021 34 commits
    • chandni cherukuri's avatar
    • Tom Lendacky's avatar
      UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs · 06544455
      Tom Lendacky authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Use the SEV-SNP AP Creation NAE event to create and launch APs under
      SEV-SNP. This capability will be advertised in the SEV Hypervisor
      Feature Support PCD (PcdSevEsHypervisorFeatures).
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarRay Ni <ray.ni@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      06544455
    • Brijesh Singh's avatar
      OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table · 67484aed
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Now that both the secrets and cpuid pages are reserved in the HOB,
      extract the location details through fixed PCD and make it available
      to the guest OS through the configuration table.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      67484aed
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map · ea3a12d9
      Brijesh Singh via groups.io authored
      
      
      When SEV-SNP is active, the CPUID and Secrets memory range contains the
      information that is used during the VM boot. The content need to be persist
      across the kexec boot. Mark the memory range as Reserved in the EFI map
      so that guest OS or firmware does not use the range as a system RAM.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      ea3a12d9
    • Brijesh Singh's avatar
      OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address · b7b88720
      Brijesh Singh authored
      
      
      The SetMemoryEncDec() is used by the higher level routines to set or clear
      the page encryption mask for system RAM and Mmio address. When SEV-SNP is
      active, in addition to set/clear page mask it also updates the RMP table.
      The RMP table updates are required for the system RAM address and not
      the Mmio address.
      
      Add a new parameter in SetMemoryEncDec() to tell whether the specified
      address is Mmio. If its Mmio then skip the page state change in the RMP
      table.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      b7b88720
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/MemEncryptSevLib: change the page state in the RMP table · b928eb44
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
      clear the memory encryption attribute in the page table. When SEV-SNP
      is active, we also need to change the page state in the RMP table so that
      it is in sync with the memory encryption attribute change.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      b928eb44
    • Michael Roth's avatar
      UefiCpuPkg/MpInitLib: use BSP to do extended topology check · d4d7c9ad
      Michael Roth authored
      
      
      During AP bringup, just after switching to long mode, APs will do some
      cpuid calls to verify that the extended topology leaf (0xB) is available
      so they can fetch their x2 APIC IDs from it. In the case of SEV-ES,
      these cpuid instructions must be handled by direct use of the GHCB MSR
      protocol to fetch the values from the hypervisor, since a #VC handler
      is not yet available due to the AP's stack not being set up yet.
      
      For SEV-SNP, rather than relying on the GHCB MSR protocol, it is
      expected that these values would be obtained from the SEV-SNP CPUID
      table instead. The actual x2 APIC ID (and 8-bit APIC IDs) would still
      be fetched from hypervisor using the GHCB MSR protocol however, so
      introducing support for the SEV-SNP CPUID table in that part of the AP
      bring-up code would only be to handle the checks/validation of the
      extended topology leaf.
      
      Rather than introducing all the added complexity needed to handle these
      checks via the CPUID table, instead let the BSP do the check in advance,
      since it can make use of the #VC handler to avoid the need to scan the
      SNP CPUID table directly, and add a flag in ExchangeInfo to communicate
      the result of this check to APs.
      
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarRay Ni <ray.ni@intel.com>
      Suggested-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Signed-off-by: default avatarMichael Roth <michael.roth@amd.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      d4d7c9ad
    • Brijesh Singh's avatar
      UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled · 9c703bc0
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      An SEV-SNP guest requires that the physical address of the GHCB must
      be registered with the hypervisor before using it. See the GHCB
      specification section 2.3.2 for more details.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarRay Ni <ray.ni@Intel.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      9c703bc0
    • Brijesh Singh's avatar
      MdePkg/GHCB: increase the GHCB protocol max version · 2c354252
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Now that OvmfPkg supports version 2 of the GHCB specification, bump the
      protocol version.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarRay Ni <ray.ni@intel.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      2c354252
    • Brijesh Singh's avatar
      OvmfPkg/PlatformPei: set the Hypervisor Features PCD · f5a6e1ba
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Version 2 of the GHCB specification added the support to query the
      hypervisor feature bitmap. The feature bitmap provide information
      such as whether to use the AP create VmgExit or use the AP jump table
      approach to create the APs. The MpInitLib will use the
      PcdGhcbHypervisorFeatures to determine which method to use for creating
      the AP.
      
      Query the hypervisor feature and set the PCD accordingly.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      f5a6e1ba
    • Brijesh Singh via groups.io's avatar
      UefiCpuPkg: add PcdGhcbHypervisorFeatures · f4e3ce5f
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Version 2 of the GHCB specification added a new VMGEXIT that the guest
      could use for querying the hypervisor features. One of the immediate
      users for it will be an AP creation code. When SEV-SNP is enabled, the
      guest can use the newly added AP_CREATE VMGEXIT to create the APs.
      
      The MpInitLib will check the hypervisor feature, and if AP_CREATE is
      available, it will use it.
      
      See GHCB spec version 2 for more details on the VMGEXIT.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarRay Ni <ray.ni@Intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      f4e3ce5f
    • Brijesh Singh's avatar
      UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV status · b95908e0
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Previous commit introduced a generic confidential computing PCD that can
      determine whether AMD SEV-ES is enabled. Update the MpInitLib to drop the
      PcdSevEsIsEnabled in favor of PcdConfidentialComputingAttr.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarRay Ni <ray.ni@intel.com>
      Suggested-by: default avatarJiewen Yao <jiewen.yao@intel.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      b95908e0
    • Brijesh Singh's avatar
      OvmfPkg/PlatformPei: set PcdConfidentialComputingAttr when SEV is active · 504ae26b
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The MpInitLib uses the ConfidentialComputingAttr PCD to determine whether
      AMD SEV is active so that it can use the VMGEXITs defined in the GHCB
      specification to create APs.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Suggested-by: default avatarJiewen Yao <jiewen.yao@intel.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      504ae26b
    • Brijesh Singh via groups.io's avatar
      MdePkg: Define ConfidentialComputingGuestAttr · 26210f94
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      While initializing APs, the MpInitLib may need to know whether the
      guest is running with active AMD SEV or Intel TDX memory encryption.
      
      Add a new ConfidentialComputingGuestAttr PCD that can be used to query
      the memory encryption attribute.
      
      Cc: Michael D Kinney <michael.d.kinney@intel.com>
      Cc: Liming Gao <gaoliming@byosoft.com.cn>
      Cc: Zhiguang Liu <zhiguang.liu@intel.com>
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarRay Ni <ray.ni@intel.com>
      Suggested-by: default avatarJiewen Yao <jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      26210f94
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/PlatformPei: validate the system RAM when SNP is active · 8eb79b5f
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      When SEV-SNP is active, a memory region mapped encrypted in the page
      table must be validated before access. There are two approaches that
      can be taken to validate the system RAM detected during the PEI phase:
      
      1) Validate on-demand
      OR
      2) Validate before access
      
      On-demand
      =========
      If memory is not validated before access, it will cause a #VC
      exception with the page-not-validated error code. The VC exception
      handler can perform the validation steps.
      
      The pages that have been validated will need to be tracked to avoid
      the double validation scenarios. The range of memory that has not
      been validated will need to be communicated to the OS through the
      recently introduced unaccepted memory type
      https://github.com/microsoft/mu_basecore/pull/66
      
      , so that OS can
      validate those ranges before using them.
      
      Validate before access
      ======================
      Since the PEI phase detects all the available system RAM, use the
      MemEncryptSevSnpValidateSystemRam() function to pre-validate the
      system RAM in the PEI phase.
      
      For now, choose option 2 due to the dependency and the complexity
      of the on-demand validation.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      8eb79b5f
    • Brijesh Singh's avatar
      OvmfPkg/SecMain: validate the memory used for decompressing Fv · 202fb22b
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The VMM launch sequence should have pre-validated all the data pages used
      in the Reset vector. The range does not cover the data pages used during
      the SEC phase (mainly PEI and DXE firmware volume decompression memory).
      
      When SEV-SNP is active, the memory must be pre-validated before the access.
      Add support to pre-validate the memory range from SnpSecPreValidatedStart
      to SnpSecPreValidatedEnd. This should be sufficent to enter into the PEI
      phase.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      202fb22b
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase · d39f8d88
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The initial page built during the SEC phase is used by the
      MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The
      page validation process requires using the PVALIDATE instruction;  the
      instruction accepts a virtual address of the memory region that needs
      to be validated. If hardware encounters a page table walk failure (due
      to page-not-present) then it raises #GP.
      
      The initial page table built in SEC phase address up to 4GB. Add an
      internal function to extend the page table to cover > 4GB. The function
      builds 1GB entries in the page table for access > 4GB. This will provide
      the support to call PVALIDATE instruction for the virtual address >
      4GB in PEI phase.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      d39f8d88
    • Brijesh Singh's avatar
      OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM · 11b15336
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the
      system RAM. As the boot progress, each phase validates a fixed region of
      the RAM. In the PEI phase, the PlatformPei detects all the available RAM
      and calls to pre-validate the detected system RAM.
      
      While validating the system RAM in PEI phase, we must skip previously
      validated system RAM to avoid the double validation.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      11b15336
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/MemEncryptSevLib: add function to check the VMPL0 · d706f8fe
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP
      architecture allows a guest VM to divide its address space into four
      levels. The level can be used to provide the hardware isolated
      abstraction layers with a VM. The VMPL0 is the highest privilege, and
      VMPL3 is the least privilege. Certain operations must be done by the
      VMPL0 software, such as:
      
      * Validate or invalidate memory range (PVALIDATE instruction)
      * Allocate VMSA page (RMPADJUST instruction when VMSA=1)
      
      The initial SEV-SNP support assumes that the guest is running on VMPL0.
      Let's add function in the MemEncryptSevLib that can be used for checking
      whether guest is booted under the VMPL0.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      d706f8fe
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/MemEncryptSevLib: add support to validate system RAM · ade62c18
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Many of the integrity guarantees of SEV-SNP are enforced through the
      Reverse Map Table (RMP). Each RMP entry contains the GPA at which a
      particular page of DRAM should be mapped. The guest can request the
      hypervisor to add pages in the RMP table via the Page State Change VMGEXIT
      defined in the GHCB specification section 2.5.1 and 4.1.6. Inside each RMP
      entry is a Validated flag; this flag is automatically cleared to 0 by the
      CPU hardware when a new RMP entry is created for a guest. Each VM page
      can be either validated or invalidated, as indicated by the Validated
      flag in the RMP entry. Memory access to a private page that is not
      validated generates a #VC. A VM can use the PVALIDATE instruction to
      validate the private page before using it.
      
      During the guest creation, the boot ROM memory is pre-validated by the
      AMD-SEV firmware. The MemEncryptSevSnpValidateSystemRam() can be called
      during the SEC and PEI phase to validate the detected system RAM.
      
      One of the fields in the Page State Change NAE is the RMP page size. The
      page size input parameter indicates that either a 4KB or 2MB page should
      be used while adding the RMP entry. During the validation, when possible,
      the MemEncryptSevSnpValidateSystemRam() will use the 2MB entry. A
      hypervisor backing the memory may choose to use the different page size
      in the RMP entry. In those cases, the PVALIDATE instruction should return
      SIZEMISMATCH. If a SIZEMISMATCH is detected, then validate all 512-pages
      constituting a 2MB region.
      
      Upon completion, the PVALIDATE instruction sets the rFLAGS.CF to 0 if
      instruction changed the RMP entry and to 1 if the instruction did not
      change the RMP entry. The rFlags.CF will be 1 only when a memory region
      is already validated. We should not double validate a memory
      as it could lead to a security compromise. If double validation is
      detected, terminate the boot.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      ade62c18
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/AmdSevDxe: do not use extended PCI config space · 19914edc
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      Commit 85b8eac5 added support to ensure
      that MMIO is only performed against the un-encrypted memory. If MMIO
      is performed against encrypted memory, a #GP is raised.
      
      The AmdSevDxe uses the functions provided by the MemEncryptSevLib to
      clear the memory encryption mask from the page table. If the
      MemEncryptSevLib is extended to include VmgExitLib then depedency
      chain will look like this:
      
      OvmfPkg/AmdSevDxe/AmdSevDxe.inf
      -----> MemEncryptSevLib                    class
      -----> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf"   instance
      -----> VmgExitLib                          class
      -----> "OvmfPkg/VmgExitLib"    instance
      -----> LocalApicLib                        class
      -----> "UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf" instance
      -----> TimerLib                            class
      -----> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf"   instance
      -----> PciLib                                           class
      -----> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf"    instance
      -----> PciExpressLib                                          class
      -----> "MdePkg/BasePciExpressLib/BasePciExpressLib.inf"  instance
      
      The LocalApicLib provides a constructor that gets called before the
      AmdSevDxe can clear the memory encryption mask from the MMIO regions.
      
      When running under the Q35 machine type, the call chain looks like this:
      
      AcpiTimerLibConstructor ()  [AcpiTimerLib]
        PciRead32 ()              [DxePciLibI440FxQ35]
         PciExpressRead32 ()      [PciExpressLib]
      
      The PciExpressRead32 () reads the MMIO region. The MMIO regions are not
      yet mapped un-encrypted, so the check introduced in the commit
      85b8eac5
      
       raises a #GP.
      
      The AmdSevDxe driver does not require the access to the extended PCI
      config space. Accessing a normal PCI config space, via IO port should be
      sufficent. Use the module-scope override to make the AmdSevDxe use the
      BasePciLib instead of BasePciExpressLib so that PciRead32 () uses the
      IO ports instead of the extended config space.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Suggested-by: default avatarLaszlo Ersek <lersek@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      19914edc
    • Brijesh Singh's avatar
      OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest · a19b6489
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The SEV-SNP guest requires that GHCB GPA must be registered before using.
      See the GHCB specification section 2.3.2 for more details.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      a19b6489
    • Michael Roth's avatar
      OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values · d2b998fb
      Michael Roth authored
      
      
      SEV-SNP firmware allows a special guest page to be populated with
      guest CPUID values so that they can be validated against supported
      host features before being loaded into encrypted guest memory to be
      used instead of hypervisor-provided values [1].
      
      Add handling for this in the CPUID #VC handler and use it whenever
      SEV-SNP is enabled. To do so, existing CPUID handling via VmgExit is
      moved to a helper, GetCpuidHyp(), and a new helper that uses the CPUID
      page to do the lookup, GetCpuidFw(), is used instead when SNP is
      enabled. For cases where SNP CPUID lookups still rely on fetching
      specific CPUID fields from hypervisor, GetCpuidHyp() is used there as
      well.
      
      [1]: SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6
      
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarMichael Roth <michael.roth@amd.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      d2b998fb
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest · 7c3b2892
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The SEV-SNP guest requires that GHCB GPA must be registered before using.
      See the GHCB specification section 2.3.2 for more details.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      7c3b2892
    • Brijesh Singh's avatar
      OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() · d9822304
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Create a function that can be used to determine if VM is running as an
      SEV-SNP guest.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      d9822304
    • Michael Roth's avatar
      OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values · 34819f2c
      Michael Roth authored
      
      
      CPUID instructions are issued during early boot to do things like probe
      for SEV support. Currently these are handled by a minimal #VC handler
      that uses the MSR-based GHCB protocol to fetch the CPUID values from
      the hypervisor. When SEV-SNP is enabled, use the firmware-validated
      CPUID values from the CPUID page instead [1].
      
      [1]: SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarMichael Roth <michael.roth@amd.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      34819f2c
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase · f2dc28f0
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
      must be validated before being accessed.
      
      The validation process consist of the following sequence:
      
      1) Set the memory encryption attribute in the page table (aka C-bit).
         Note: If the processor is in non-PAE mode, then all the memory accesses
         are considered private.
      2) Add the memory range as private in the RMP table. This can be performed
         using the Page State Change VMGEXIT defined in the GHCB specification.
      3) Use the PVALIDATE instruction to set the Validated Bit in the RMP table.
      
      During the guest creation time, the VMM encrypts the OVMF_CODE.fd using
      the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In addition to
      encrypting the content, the command also validates the memory region.
      This allows us to execute the code without going through the validation
      sequence.
      
      During execution, the reset vector need to access some data pages
      (such as page tables, SevESWorkarea, Sec stack). The data pages are
      accessed as private memory. The data pages are not part of the
      OVMF_CODE.fd, so they were not validated during the guest creation.
      
      There are two approaches we can take to validate the data pages before
      the access:
      
      a) Enhance the OVMF reset vector code to validate the pages as described
         above (go through step 2 - 3).
      OR
      b) Validate the pages during the guest creation time. The SEV firmware
         provides a command which can be used by the VMM to validate the pages
         without affecting the measurement of the launch.
      
      Approach #b seems much simpler; it does not require any changes to the
      OVMF reset vector code.
      
      Update the OVMF metadata with the list of regions that must be
      pre-validated by the VMM before the boot.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      f2dc28f0
    • Brijesh Singh via groups.io's avatar
      OvmfPkg: reserve CPUID page · cca9cd3d
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Platform features and capabilities are traditionally discovered via the
      CPUID instruction. Hypervisors typically trap and emulate the CPUID
      instruction for a variety of reasons. There are some cases where incorrect
      CPUID information can potentially lead to a security issue. The SEV-SNP
      firmware provides a feature to filter the CPUID results through the PSP.
      The filtered CPUID values are saved on a special page for the guest to
      consume. Reserve a page in MEMFD that will contain the results of
      filtered CPUID values.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      cca9cd3d
    • Brijesh Singh via groups.io's avatar
      OvmfPkg: reserve SNP secrets page · 707c71a0
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      During the SNP guest launch sequence, a special secrets page needs to be
      inserted by the VMM. The PSP will populate the page; it will contain the
      VM Platform Communication Key (VMPCKs) used by the guest to send and
      receive secure messages to the PSP.
      
      The purpose of the secrets page in the SEV-SNP is different from the one
      used in SEV guests. In SEV, the secrets page contains the guest owner's
      private data after the remote attestation.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      707c71a0
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/ResetVector: introduce SEV metadata descriptor for VMM use · 3053183d
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      The OvmfPkgX86 build reserves memory regions in MEMFD. The memory regions
      get accessed in the SEC phase. AMD SEV-SNP require that the guest's
      private memory be accepted or validated before access.
      
      Introduce a Guided metadata structure that describes the reserved memory
      regions. The VMM can locate the metadata structure by iterating through
      the reset vector guid and process the areas based on the platform
      specific requirements.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      3053183d
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/ResetVector: move clearing GHCB in SecMain · 2fe8edfe
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      In preparation for SEV-SNP support move clearing of the GHCB memory from
      the ResetVector/AmdSev.asm to SecMain/AmdSev.c. The GHCB page is not
      accessed until SevEsProtocolCheck() switch to full GHCB. So, the move
      does not make any changes in the code flow or logic. The move will
      simplify the SEV-SNP support.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      2fe8edfe
    • Brijesh Singh's avatar
      UefiCpuPkg/MpInitLib: move SEV specific routines in AmdSev.c · e2289d19
      Brijesh Singh authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Move all the SEV specific function in AmdSev.c.
      
      No functional change intended.
      
      Cc: Eric Dong <eric.dong@intel.com>
      Cc: Ray Ni <ray.ni@intel.com>
      Cc: Rahul Kumar <rahul1.kumar@intel.com>
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Reviewed-by: default avatarRay Ni <ray.ni@intel.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Suggested-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      e2289d19
    • Brijesh Singh via groups.io's avatar
      OvmfPkg/SecMain: move SEV specific routines in AmdSev.c · 2ddacfb6
      Brijesh Singh via groups.io authored
      BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
      
      
      
      Move all the SEV specific function in AmdSev.c.
      
      No functional change intended.
      
      Cc: Michael Roth <michael.roth@amd.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: Min Xu <min.m.xu@intel.com>
      Cc: Jiewen Yao <jiewen.yao@intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Jordan Justen <jordan.l.justen@intel.com>
      Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
      Cc: Erdem Aktas <erdemaktas@google.com>
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Acked-by: default avatarJiewen Yao <Jiewen.yao@intel.com>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      2ddacfb6
    • Huang, Long1's avatar
      BaseTools/VfrCompile: Correct Bit Field Flags for numeric/one of · c82ab4d8
      Huang, Long1 authored
      REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3752
      
      
      
      Add Bit mask to numeric/one of opcode to set correctly Flags for Bit Field.
      VfrSyntax.g: Set "LFlags &= EDKII_IFR_DISPLAY_BIT" before "LFlags |= (EDKII_IFR_NUMERIC_SIZE_BIT & (_GET_CURRQEST_VARSIZE()));"
      VfrFormPkg.h: update "if (LFlags & EFI_IFR_DISPLAY)" with "if (LFlags & EDKII_IFR_DISPLAY_BIT)" in SetFlagsForBitField()
      
      Cc: Bob Feng <bob.c.feng@intel.com>
      Cc: Liming Gao <gaoliming@byosoft.com.cn>
      Cc: Yuwei Chen <yuwei.chen@intel.com>
      Cc: Dandan Bi <dandan.bi@intel.com>
      Signed-off-by: default avatarLong1 Huang <long1.huang@intel.com>
      Reviewed-by: default avatarDandan Bi <dandan.bi@intel.com>
      c82ab4d8