[tianocore/edk2] 5f7838: Maintainers.txt: Update my email address

[Michael Roth via edk2-commits]

  Branch: refs/heads/master
  Home:   https://github.com/tianocore/edk2
  Commit: 5f783827bbaa1552edf4386bb71d8d8f471340f5
      
https://github.com/tianocore/edk2/commit/5f783827bbaa1552edf4386bb71d8d8f471340f5
  Author: Anthony PERARD <anthony.per...@citrix.com>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M Maintainers.txt

  Log Message:
  -----------
  Maintainers.txt: Update my email address

Cc: Michael D Kinney <michael.d.kin...@intel.com>
Signed-off-by: Anthony PERARD <anthony.per...@citrix.com>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>


  Commit: fd290ab8628478c62c32c972fc16b86b6c3372ce
      
https://github.com/tianocore/edk2/commit/fd290ab8628478c62c32c972fc16b86b6c3372ce
  Author: Michael Roth <michael.r...@amd.com>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M OvmfPkg/ResetVector/Ia32/AmdSev.asm
    M OvmfPkg/ResetVector/Ia32/PageTables64.asm

  Log Message:
  -----------
  OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs

Future changes will make use of CpuPageTableLib to handle splitting
page table mappings during SEC phase. While it's not strictly required
by hardware, CpuPageTableLib relies on non-leaf PTEs never having the
encryption bit set, so go ahead change the page table setup code to
satisfy this expectation.

Suggested-by: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Ard Biesheuvel <a...@kernel.org>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Min Xu <min.m...@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Michael Roth <michael.r...@amd.com>
Reviewed-by: Gerd Hoffmann <kra...@redhat.com>


  Commit: f0ed194236b1fe55199ee82c014b70119ee3f227
      
https://github.com/tianocore/edk2/commit/f0ed194236b1fe55199ee82c014b70119ee3f227
  Author: Michael Roth <michael.r...@amd.com>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M OvmfPkg/AmdSev/AmdSevX64.fdf
    M OvmfPkg/Bhyve/BhyveX64.dsc
    M OvmfPkg/CloudHv/CloudHvX64.fdf
    M OvmfPkg/Microvm/MicrovmX64.fdf
    M OvmfPkg/OvmfPkg.dec
    M OvmfPkg/OvmfPkgX64.fdf
    M OvmfPkg/Sec/AmdSev.c
    M OvmfPkg/Sec/AmdSev.h
    M OvmfPkg/Sec/SecMain.c
    M OvmfPkg/Sec/SecMain.inf

  Log Message:
  -----------
  OvmfPkg: Don't make APIC MMIO accesses with encryption bit set

For the most part, OVMF will clear the encryption bit for MMIO regions,
but there is currently one known exception during SEC when the APIC
base address is accessed via MMIO with the encryption bit set for
SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special
handling on the hypervisor side which may not be available in the
future[1], so make the necessary changes in the SEC-configured page
table to clear the encryption bit for 4K region containing the APIC
base address.

[1] https://lore.kernel.org/lkml/20240208002420.34mvemnzrwwsa...@amd.com/#t

Suggested-by: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Ard Biesheuvel <a...@kernel.org>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Min Xu <min.m...@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Jianyong Wu <jianyong...@arm.com>
Cc: Anatol Belski <anbel...@linux.microsoft.com>
Signed-off-by: Michael Roth <michael.r...@amd.com>
Reviewed-by: Gerd Hoffmann <kra...@redhat.com>


  Commit: fecf55a66a1cf908c2f906bedb79fe2e8362d50f
      
https://github.com/tianocore/edk2/commit/fecf55a66a1cf908c2f906bedb79fe2e8362d50f
  Author: Michael Roth <michael.r...@amd.com>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M OvmfPkg/Library/CcExitLib/CcExitVcHandler.c

  Log Message:
  -----------
  OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC

The current #VC handler guards against MMIO to addresses that are mapped
with the encryption bit set, but has an special exception for MMIO
accesses to the APIC base address so allow for early access during SEC.

Now that the SEC page table has the encryption bit cleared for the APIC
base address range, there is no longer any need for this special
handling. Go ahead and remove it.

Cc: Ard Biesheuvel <a...@kernel.org>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Min Xu <min.m...@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Michael Roth <michael.r...@amd.com>
Reviewed-by: Gerd Hoffmann <kra...@redhat.com>


Compare: https://github.com/tianocore/edk2/compare/5d4c5253e8bb...fecf55a66a1c

To unsubscribe from these emails, change your notification settings at 
https://github.com/tianocore/edk2/settings/notifications


_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits