On 8/2/21 7:33 AM, Ashish Kalra wrote: > From: Ashish Kalra <ashish.ka...@amd.com> > > Check for SEV live migration feature support, if detected > setup a new UEFI enviroment variable to indicate OVMF > support for SEV live migration. > > The new runtime UEFI environment variable is set via the > notification function registered for the > EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. > > AmdSevDxe module is an apriori driver so it gets loaded between PEI > and DXE phases and the SetVariable call will fail at the driver's > entry point as the Variable DXE module is still not loaded yet. > So we need to wait for an event notification which is signaled > after the Variable DXE module is loaded, hence, using the > EndOfDxe event notification to make this call. > > Signed-off-by: Ashish Kalra <ashish.ka...@amd.com> > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 64 ++++++++++++++++++++ > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ > OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h | 20 ++++++ > OvmfPkg/OvmfPkg.dec | 1 + > 4 files changed, 89 insertions(+) > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > index c66c4e9b92..bfad71b9c6 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > @@ -15,10 +15,47 @@ > #include <Library/BaseMemoryLib.h> > #include <Library/DebugLib.h> > #include <Library/DxeServicesTableLib.h> > +#include <Library/UefiRuntimeServicesTableLib.h> > +#include <Library/UefiBootServicesTableLib.h> > #include <Library/MemEncryptSevLib.h> > #include <Library/MemoryAllocationLib.h> > +#include <Guid/AmdSevMemEncryptLib.h> > +#include <Guid/EventGroup.h> > #include <Library/PcdLib.h> > > +STATIC > +VOID > +EFIAPI > +AmdSevDxeOnEndOfDxe ( > + IN EFI_EVENT Event, > + IN VOID *EventToSignal > + ) > +{ > + EFI_STATUS Status; > + BOOLEAN SevLiveMigrationEnabled; > + > + SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled(); > + > + if (SevLiveMigrationEnabled) { > + Status = gRT->SetVariable ( > + L"SevLiveMigrationEnabled", > + &gAmdSevMemEncryptGuid, > + EFI_VARIABLE_NON_VOLATILE | > + EFI_VARIABLE_BOOTSERVICE_ACCESS | > + EFI_VARIABLE_RUNTIME_ACCESS, > + sizeof SevLiveMigrationEnabled, > + &SevLiveMigrationEnabled > + ); > + > + DEBUG (( > + DEBUG_INFO, > + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", > + __FUNCTION__, > + Status > + )); > + } > +} > + > EFI_STATUS > EFIAPI > AmdSevDxeEntryPoint ( > @@ -30,6 +67,7 @@ AmdSevDxeEntryPoint ( > EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; > UINTN NumEntries; > UINTN Index; > + EFI_EVENT Event; > > // > // Do nothing when SEV is not enabled > @@ -130,5 +168,31 @@ AmdSevDxeEntryPoint ( > } > } > > + // > + // AmdSevDxe module is an apriori driver so it gets loaded between PEI > + // and DXE phases and the SetVariable call will fail at the driver's > + // entry point as the Variable DXE module is still not loaded yet. > + // So we need to wait for an event notification which is signaled > + // after the Variable DXE module is loaded, hence, using the > + // EndOfDxe event notification to make this call. > + // > + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. > + // The notification function sets the runtime variable indicating OVMF > + // support for SEV live migration. > + // > + Status = gBS->CreateEventEx ( > + EVT_NOTIFY_SIGNAL, > + TPL_CALLBACK, > + AmdSevDxeOnEndOfDxe, > + NULL, > + &gEfiEndOfDxeEventGroupGuid, > + &Event > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n",
DEBUG_ERROR? > + __FUNCTION__, Status)); Should there be an "ASSERT_EFI_ERROR (Status)" after the DEBUG call? Thanks, Tom > + } > + > return EFI_SUCCESS; > } > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > index 0676fcc5b6..2ad1fb8632 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > @@ -45,3 +45,7 @@ > > [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId > + > +[Guids] > + gAmdSevMemEncryptGuid > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event > diff --git a/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h > b/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h > new file mode 100644 > index 0000000000..8ab283860b > --- /dev/null > +++ b/OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h > @@ -0,0 +1,20 @@ > +/** @file > + > + AMD Memory Encryption GUID, define a new GUID for defining > + new UEFI environment variables assocaiated with SEV Memory Encryption. > + > + Copyright (c) 2021, AMD Inc. All rights reserved.<BR> > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __AMD_SEV_MEMENCRYPT_LIB_H__ > +#define __AMD_SEV_MEMENCRYPT_LIB_H__ > + > +#define AMD_SEV_MEMENCRYPT_GUID \ > +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, > 0x75}} > + > +extern EFI_GUID gAmdSevMemEncryptGuid; > + > +#endif > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 2ab27f0c73..3978852557 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -125,6 +125,7 @@ > gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, > {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} > gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, > {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} > gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, > {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} > + gAmdSevMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, > {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} > > [Ppis] > # PPI whose presence in the PPI database signals that the TPM base address > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78963): https://edk2.groups.io/g/devel/message/78963 Mute This Topic: https://groups.io/mt/84609858/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-