Re: [edk2-devel] [PATCH ovmf v3 3/5] OvmfPkg: Add AMD SEV-ES DebugSwap feature support

On 5/2/24 09:34, Alexey Kardashevskiy wrote: The SEV-ES DebugSwap feature enables type B swaping of debug registers on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted. When DebugSwap is enabled, this stops booting if #VC for #DB or DB7 read/write occurs as this signals

Re: [edk2-devel] [PATCH ovmf v3 1/5] MdePkg/Register/Amd: Define all bits from MSR_SEV_STATUS_REGISTER

On 5/2/24 09:34, Alexey Kardashevskiy wrote: For now we need DebugSwap but others are likely to be needed too. Cc: Tom Lendacky Cc: Liming Gao Cc: Michael D Kinney Cc: Zhiguang Liu Signed-off-by: Alexey Kardashevskiy A recent APM has defined a few more and has slightly different naming

Re: [edk2-devel] [PATCH ovmf v3 4/5] UefiCpuPkg: Add AMD SEV-ES features support

On 5/2/24 09:34, Alexey Kardashevskiy wrote: CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore and includes a feature mask since a previous commit. This fixes AmdMemEncryptionAttrCheck to check the level and feature correctly and adds DebugSwap support. Since the actual

Re: [edk2-devel] [PATCH ovmf v3 2/5] MdePkg: Add AMD SEV features to PcdConfidentialComputingGuestAttr

On 5/2/24 09:34, Alexey Kardashevskiy wrote: PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit but there are more other features which do not translate to levels such as DebugSwap or SecureTsc. This adds the features mask and the DebugSwap feature bit to a PCD. Cc: Liming

Re: [edk2-devel] [PATCH 2/2] AmdSev: Halt on failed blob allocation

On 5/6/24 15:27, Tobin Feldman-Fitzthum wrote: A malicious host may be able to undermine the fw_cfg interface such that loading a blob fails. In this case rather than continuing to the next boot option, the blob verifier should halt. For non-confidential guests, the error should be non-fatal.

Re: [edk2-devel] [PATCH 1/2] AmdSev: Rework Blob Verifier

On 5/6/24 15:27, Tobin Feldman-Fitzthum wrote: The Blob Verifier checks boot artifacts against a hash table injected by the hypervisor and measured by hardware. Update the Blob Verifier to enter a dead loop if the artifacts do not match. There are some changes to messages from ERROR to WARN

Re: [edk2-devel] [PATCH ovmf v4 3/5] OvmfPkg: Add AMD SEV-ES DebugVirtualization feature support

On 6/4/24 21:09, Alexey Kardashevskiy wrote: The SEV-ES DebugVirtualization feature enables type B swapping of debug registers on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted. When DebugVirtualization is enabled, this stops booting if #VC for #DB or DB7 read/write occurs as

Re: [edk2-devel] [PATCH ovmf v4 4/5] UefiCpuPkg: Add AMD SEV-ES features support

On 6/4/24 21:09, Alexey Kardashevskiy wrote: CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore and includes a feature mask since the previous commit. Fix AmdMemEncryptionAttrCheck to check the level and feature correctly and add DebugVirtualization support. Since the actual

Re: [edk2-devel] [PATCH ovmf v4 1/5] MdePkg/Register/Amd: Define all bits from MSR_SEV_STATUS_REGISTER

On 6/4/24 21:09, Alexey Kardashevskiy wrote: For now we need DebugSwap but others are likely to be needed too. Cc: Tom Lendacky Cc: Liming Gao Cc: Michael D Kinney Cc: Zhiguang Liu Signed-off-by: Alexey Kardashevskiy Reviewed-by: Tom Lendacky --- Changes: v4: * added more from

Re: [edk2-devel] [PATCH ovmf v4 5/5] OvmfPkf: Enable AMD SEV-ES DebugVirtualization

On 6/4/24 21:09, Alexey Kardashevskiy wrote: Write the feature bit into PcdConfidentialComputingGuestAttr and enable DebugVirtualization in PEI, SEC, DXE. Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: Jiewen Yao Cc: Michael Roth Cc: Min Xu Cc: Tom Lendacky Signed-off-by:

<    1   2   3   4