[tianocore/edk2] 3b0d83: OvmfPkg/MemEncryptSevLib: Evict cache lines during...

Tue, 09 Sep 2025 16:11:01 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/tianocore/edk2
  Commit: 3b0d834db286a236fd22c41923fc271fc44ead5f
      
https://github.com/tianocore/edk2/commit/3b0d834db286a236fd22c41923fc271fc44ead5f
  Author: Tom Lendacky <thomas.lenda...@amd.com>
  Date:   2025-09-09 (Tue, 09 Sep 2025)

  Changed paths:
    M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c

  Log Message:
  -----------
  OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP memory validation

An SNP cache coherency vulnerability may require a mitigation to evict
cache lines after memory has been validated. Perform this mitigation
after having validated memory.

CVE-2024-36331

Signed-off-by: Michael Roth <michael.r...@amd.com>
Co-developed-by: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>


  Commit: 07ba06fdf7c3e6314aa8b3d7341e7910a469dbb2
      
https://github.com/tianocore/edk2/commit/07ba06fdf7c3e6314aa8b3d7341e7910a469dbb2
  Author: Tom Lendacky <thomas.lenda...@amd.com>
  Date:   2025-09-09 (Tue, 09 Sep 2025)

  Changed paths:
    M MdePkg/Include/Register/Amd/Cpuid.h

  Log Message:
  -----------
  MdePkg: Add the COHERENCY_SFW_NO CPUID bit field

Update the CPUID 0x8000001F EBX definition to add the COHERENCY_SFW_NO
bit field. The COHERENCY_SFW_NO bit is used to indicate that the SEV-SNP
cache coherency mitigation is not needed.

Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>


  Commit: f41f938b35dec30a88c8509dbfce5ddd87472e24
      
https://github.com/tianocore/edk2/commit/f41f938b35dec30a88c8509dbfce5ddd87472e24
  Author: Tom Lendacky <thomas.lenda...@amd.com>
  Date:   2025-09-09 (Tue, 09 Sep 2025)

  Changed paths:
    M OvmfPkg/Include/WorkArea.h
    M OvmfPkg/ResetVector/Ia32/AmdSev.asm
    M OvmfPkg/ResetVector/ResetVector.nasmb

  Log Message:
  -----------
  OvmfPkg/ResetVector: Make ReceivedVc a flag in SEV-ES workarea

In preparation for adding another indicator flag, change the ReceivedVc
field into a flags field. Since the code is used by both assembler and
C files, use bitmasks for field definitions. The VC flag is bit 0.

Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>


  Commit: 20f24c0f67b3364cd590e1eea470f74be40e7710
      
https://github.com/tianocore/edk2/commit/20f24c0f67b3364cd590e1eea470f74be40e7710
  Author: Tom Lendacky <thomas.lenda...@amd.com>
  Date:   2025-09-09 (Tue, 09 Sep 2025)

  Changed paths:
    M OvmfPkg/Include/Library/MemEncryptSevLib.h
    M OvmfPkg/Include/WorkArea.h
    M OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
    M OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
    M OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
    M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
    M OvmfPkg/ResetVector/Ia32/AmdSev.asm
    M OvmfPkg/ResetVector/ResetVector.nasmb

  Log Message:
  -----------
  OvmfPkg/MemEncryptSevLib: Check if SEV-SNP coherency mitigitation is needed

CPUID bit Fn8000001F_EBX[31] defines the COHERNECY_SFW_NO CPUID bit that,
when set, indicates that the software mitigation for this vulnerability is
not needed.

Add support to check for this CPUID bit and avoid the mitigation if set.

Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>


Compare: https://github.com/tianocore/edk2/compare/406aeb5a9746...20f24c0f67b3

To unsubscribe from these emails, change your notification settings at 
https://github.com/tianocore/edk2/settings/notifications


_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to