On 5/2/24 09:34, Alexey Kardashevskiy wrote:
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual
On 5/2/24 09:34, Alexey Kardashevskiy wrote:
The SEV-ES DebugSwap feature enables type B swaping of debug registers
on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted.
When DebugSwap is enabled, this stops booting if #VC for #DB or
DB7 read/write occurs as this signals
On 5/2/24 09:34, Alexey Kardashevskiy wrote:
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugSwap or SecureTsc.
This adds the features mask and the DebugSwap feature bit to a PCD.
Cc: Liming
On 5/2/24 09:34, Alexey Kardashevskiy wrote:
For now we need DebugSwap but others are likely to be needed too.
Cc: Tom Lendacky
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Alexey Kardashevskiy
A recent APM has defined a few more and has slightly different naming
On 4/25/24 01:58, Gerd Hoffmann wrote:
Hi,
That means the SMMRevId is 0_xx64h for AMD64 processor. But I am not
sure what the value is for AMD32 processor. Maybe 0 according to the
OVMF logic.
The smm emulation in the linux kernel uses 0 and 0x64.
But, I am very suspicious about the
On 4/24/24 09:45, Gerd Hoffmann wrote:
Hi,
Ideally CpuPageTableLib should be used for this.
CpuPageTableLib will need to be modified in order for it to be used at this
(Sec) stage. In order to work in Sec - either the caller will have to supply
a list of pages that can be used if
On 4/24/24 06:54, Gerd Hoffmann wrote:
On Tue, Apr 23, 2024 at 03:59:58PM -0500, Michael Roth wrote:
For the most part, OVMF will clear the encryption bit for MMIO regions,
but there is currently one known exception during SEC when the APIC
base address is accessed via MMIO with the encryption
On 4/19/24 16:46, Sachin Ganesh wrote:
EFI_RESOURCE_MEMORY_UNACCEPTED has been officially defined in the PI
1.8 specification. So all temporary solutions have been replaced with
the actual definition.
Cc: Felix Polyudov
Cc: Dhanaraj V
Cc: Jiewen Yao
Cc: Liming Gao
Signed-off-by: Sachin
On 4/19/24 13:21, Adam Dunlap via groups.io wrote:
Ensure that when a #VC exception happens, the instruction at the
instruction pointer matches the instruction that is expected given the
error code. This is to mitigate the ahoi WeSee attack [1] that could
allow hypervisors to breach integrity
On 4/17/24 11:54, Adam Dunlap wrote:
Ensure that when a #VC exception happens, the instruction at the
instruction pointer matches the instruction that is expected given the
error code. This is to mitigate the ahoi WeSee attack [1] that could
allow hypervisors to breach integrity and
On 4/18/24 07:15, Gerd Hoffmann via groups.io wrote:
On Wed, Apr 17, 2024 at 09:54:00AM -0700, Adam Dunlap via groups.io wrote:
Ensure that when a #VC exception happens, the instruction at the
instruction pointer matches the instruction that is expected given the
error code. This is to mitigate
Any DSC file that uses the UefiCpuPkg MpInitLib library now requires the
AmdSvsmLib library. Update the DSC files to include the AmdSvsmLib NULL
library implementation. Also, fix the specification of VmgExitLib as it
was renamed to CcExitLib.
Cc: Abner Chang
Cc: Abdul Lateef Attar
Cc: Eric Xing
Any DSC file that uses the UefiCpuPkg MpInitLib library now requires the
AmdSvsmLib library. Update the DSC files to include the AmdSvsmLib NULL
library implementation.
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Sai Chaganty
Cc: Nate DeSimone
Cc: Chasel Chiu
Cc: Kelly Steele
Cc: Zailiang
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library was recently updated to use a new library,
AmdSvsmLib. This series adds the AmdSvsmLib library to all DSC files
that use the (non UP) MpInitLib library.
It is meant to be applied in conjunction with the SVSM support
On 4/12/24 10:05, Ard Biesheuvel wrote:
On Fri, 12 Apr 2024 at 16:02, Tom Lendacky wrote:
Re-pinging the list/maintainers, again. I need reviews from the
maintainers on patches #2, #7, #10, #11 and #13.
Once I get final approval, I'll submit the change to edk2-platforms for
the new library
, Thomas via groups.io wrote:
Re-pinging the list/maintainers. Still awaiting feedback/reviews/acks on
the changes.
Thanks,
Tom
On 3/26/24 13:34, Tom Lendacky wrote:
Any issues with this version of the series? Still looking for
Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related
On 4/11/24 05:33, Ard Biesheuvel wrote:
On Thu, 11 Apr 2024 at 12:29, Gerd Hoffmann wrote:
On Thu, Apr 11, 2024 at 09:56:48AM +, Yao, Jiewen wrote:
Please allow me to clarify what you are proposing:
Do you mean in vTPM case, we extend both, but we only need TCG event log, NOT
CC event
, Thomas via groups.io
*Sent:* Wednesday, April 3, 2024 2:16
*To:* devel@edk2.groups.io ; Yao, Jiewen
; Liming Gao ; Ni, Ray
; Liu, Zhiguang ; Kinney,
Michael D ; Guo, Gua ;
Dong, Guo ; Lu, James ; Rhodes,
Sean ; Kumar, Rahul R
*Cc:* Ard Biesheuvel ; Aktas, Erdem
; Gerd Hoffmann ; Xu, Min M
Re-pinging the list/maintainers. Still awaiting feedback/reviews/acks on
the changes.
Thanks,
Tom
On 3/26/24 13:34, Tom Lendacky wrote:
Any issues with this version of the series? Still looking for
Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related
patches.
Once I get
Any issues with this version of the series? Still looking for
Reviewed-by's for the MdePkg, UefiCpuPkg and UefiPayloadPkg related patches.
Once I get those, I'll submit the edk2-platform patches to support the new
library as a response to these patches for a quick review.
Thanks,
Tom
On
On 3/8/24 09:30, Lendacky, Thomas via groups.io wrote:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, an SEV-SNP guest will terminate if it is not running at VMPL0.
The requirement for running at VMPL0 is removed if an SVSM is present.
Update the current VMPL0 check to additionally check for the presence of
an SVSM is the guest
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification documents an alternative method of discovery for
the SVSM using a reserved CPUID bit and a reserved MSR.
For the CPUID support, the #VC handler of an SEV-SNP guest should modify
the returned value in the EAX register
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When running under an SVSM, the VMPL level of the APs that are started
must match the VMPL level provided by the SVSM. Additionally, each AP
must have a Calling Area for use with the SVSM protocol. Update the AP
creation to properly support
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to alter the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. When
an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU
calls to add or remove
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Similar to the Page State Change optimization added previously, also take
into account the possiblity of using the SVSM for PVALIDATE instructions.
Conditionally adjust the maximum number of entries based on how many
entries the SVSM calling
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
An SVSM requires a calling area page whose address (CAA) is used by the
SVSM to communicate and process the SVSM request.
Add a pre-defined page area to the OvmfPkg and AmdSev packages and define
corresponding PCDs used to communicate the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction can only be performed at VMPL0. An SVSM will
be present when running at VMPL1 or higher.
When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform
memory validation instead of issuing the PVALIDATE
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction is used to change the SNP validation of a page,
but that can only be done when running at VMPL0. To prepare for running at
a less priviledged VMPL, use the AmdSvsmLib library API to perform the
PVALIDATE. The
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to change the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. To
prepare for running at a less priviledged VMPL, use the AmdSvsmLib library
API to perform the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new AmdSvsmLib library.
To prevent any build breakage, update the OvmfPkg DSCs file to include
the AmdSvsmLib NULL library.
Cc: Anatol Belski
Cc: Anthony Perard
Cc: Ard Biesheuvel
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Add initial support for the new AmdSvsmLib library to OvmfPkg. The initial
implementation fully implements the library interfaces.
The SVSM presence check, AmdSvsmIsSvsmPresent(), determines the presence
of an SVSM by checking if an SVSM
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new AmdSvsmLib library.
To prevent any build breakage, update the UefiPayloadPkg DSC file to
include the AmdSvsmLib NULL library.
Cc: Gua Guo
Cc: Guo Dong
Cc: James Lu
Cc: Sean Rhodes
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
lower, a new library must be created.
This library includes an interface to detect if running under an SVSM, an
interface to return the current VMPL, an interface to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The Secure VM Service Module specification defines the interfaces needed
to allow multi-VMPL level execution of an SEV-SNP guest.
Define the SVSM related structures for the SVSM Calling Area as well as
the SVSM CAA MSR. The SVSM CAA MSR is
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.
Currently, the page state
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When building the Page State Change entries for a range of memory, it can
happen that multiple calls to BuildPageStateBuffer() need to be made. If
the size of the input work area passed to BuildPageStateBuffer() exceeds
the number of entries
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
structure maps the full GHCB shared buffer based on the shared buffer size
being 2032 bytes.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Calculate the amount of memory that can be use to build the Page State
Change data (SNP_PAGE_STATE_CHANGE_INFO) instead of using a hard-coded
size. This allows for changes to the GHCB shared buffer size without
having to make changes to the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In prep for follow-on patches, fix an area of the code that does not meet
the uncrustify coding standards.
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: Jiewen Yao
Cc: Laszlo Ersek
Cc: Michael Roth
Cc: Min Xu
Reviewed-by:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, the first time an AP is started for an SEV-SNP guest, it relies
on the VMSA as set by the hypervisor. If the list of APIC IDs has been
retrieved, this is not necessary. The list of APIC IDs will be identified
by a GUIDed HOB. If
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When an SVSM is present, starting the APs requires knowledge of the APIC
IDs. Create the definitions required to retrieve and hold the APIC ID
information of all the vCPUs present in the guest.
Cc: Liming Gao
Cc: Michael D Kinney
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
the return value is checked with EFI_ERROR() when it should just be
compared to 0. Fix the error check.
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM,
On 3/4/24 07:09, Gerd Hoffmann wrote:
Hi,
23:16 GuestPhysAddrSize Maximum guest physical address size in bits.
This number applies only to guests using nested
paging. When this field is zero, refer to the
On 2/22/24 05:54, Gerd Hoffmann wrote:
When running in SEV mode keep the VC handler installed.
Add a function to uninstall it later.
This allows using the cpuid instruction in SetCr3ForPageTables64,
which is needed to check for la57 & 1G page support.
Signed-off-by: Gerd Hoffmann
Looks
On 2/29/24 08:06, Yao, Jiewen wrote:
Below:
-Original Message-
From: Tom Lendacky
Sent: Thursday, February 29, 2024 12:20 AM
To: Yao, Jiewen ; devel@edk2.groups.io
Cc: Ard Biesheuvel ; Aktas, Erdem
; Gerd Hoffmann ; Laszlo Ersek
; Liming Gao ; Kinney, Michael
D ; Xu, Min M ; Liu,
On 2/28/24 00:14, Yao, Jiewen wrote:
Some feedback:
1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions
MdePkg only contains the definition in the standard.
Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specification?
The structure is documented in the GHCB specification,
On 2/28/24 02:50, Gerd Hoffmann wrote:
Hi,
+// Clear the buffer in prep for creating all new entries
+SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0);
Minor nit: There is a ZeroMem() for this purpose.
I use SetMem() in a few places, I'll change them over to
On 2/28/24 02:40, Gerd Hoffmann wrote:
+/**
+ Perform a native PVALIDATE operation for the page ranges specified.
+
+ Validate or rescind the validation of the specified pages.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+STATIC
+VOID
+BasePvalidate (
+
On 2/27/24 04:18, Gerd Hoffmann wrote:
On Thu, Feb 22, 2024 at 11:29:46AM -0600, Tom Lendacky wrote:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
fit in the GHCB shared buffer. As a result, the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, an SEV-SNP guest will terminate if it is not running at VMPL0.
The requirement for running at VMPL0 is removed if an SVSM is present.
Update the current VMPL0 check to additionally check for the presence of
an SVSM is the guest
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification documents an alternative method of discovery for
the SVSM using a reserved CPUID bit and a reserved MSR.
For the CPUID support, the #VC handler of an SEV-SNP guest should modify
the returned value in the EAX register
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When running under an SVSM, the VMPL level of the APs that are started
must match the VMPL level provided by the SVSM. Additionally, each AP
must have a Calling Area for use with the SVSM protocol. Update the AP
creation to properly support
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to alter the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. When
an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU
calls to add or remove
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Similar to the Page State Change optimization added previously, also take
into account the possiblity of using the SVSM for PVALIDATE instructions.
Conditionally adjust the maximum number of entries based on how many
entries the SVSM calling
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction can only be performed at VMPL0. An SVSM will
be present when running at VMPL1 or higher.
When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform
memory validation instead of issuing the PVALIDATE
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
An SVSM requires a calling area page whose address (CAA) is used by the
SVSM to communicate and process the SVSM request.
Add a pre-defined page area to the OvmfPkg and AmdSev packages and define
corresponding PCDs used to communicate the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction is used to change the SNP validation of a page,
but that can only be done when running at VMPL0. To prepare for running at
a less priviledged VMPL, use the CcSvsmLib library API to perform the
PVALIDATE. The
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to change the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. To
prepare for running at a less priviledged VMPL, use the CcSvsmLib library
API to perform the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Add initial support for the new CcSvsmLib library to OvmfPkg. The initial
implementation will fully implement the SVSM presence check API and the
SVSM VMPL API, with later patches fully implementing the other interfaces.
The SVSM presence
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new CcSvsmLib library.
To prevent any build breakage, update the UefiPayloadPkg DSC file to
include the CcSvsmLib NULL library.
Signed-off-by: Tom Lendacky
---
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
lower, a new CcSvsmLib library must be created.
This library includes an interface to detect if running under an SVSM, an
interface to return the current VMPL, an
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The Secure VM Service Module specification defines the interfaces needed
to allow multi-VMPL level execution of an SEV-SNP guest.
Define the SVSM related structures for the SVSM Calling Area as well as
the SVSM CAA MSR. The SVSM CAA MSR is
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When building the Page State Change entries for a range of memory, it can
happen that multiple calls to BuildPageStateBuffer() need to be made. If
the size of the input work area passed to BuildPageStateBuffer() exceeds
the number of entries
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.
Currently, the page state
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
structure maps the full GHCB shared buffer based on the shared buffer size
being 2032 bytes.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Calculate the amount of memory that can be use to build the Page State
Change data (SNP_PAGE_STATE_CHANGE_INFO) instead of using a hard-coded
size. This allows for changes to the GHCB shared buffer size without
having to make changes to the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In prep for follow-on patches, fix an area of the code that does not meet
the uncrustify coding standards.
Signed-off-by: Tom Lendacky
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 27
+++-
1
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, the first time an AP is started for an SEV-SNP guest, it relies
on the VMSA as set by the hypervisor. If the list of APIC IDs has been
retrieved, this is not necessary. Instead, use the SEV-SNP AP Create
protocol to start the AP
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When an SVSM is present, starting the APs requires knowledge of the APIC
IDs. Create the definitions required to retrieve and hold the APIC ID
information of all the vCPUs present in the guest.
Acked-by: Gerd Hoffmann
Signed-off-by: Tom
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
the return value is checked with EFI_ERROR() when it should just be
compared to 0. Fix the error check.
Signed-off-by: Tom Lendacky
---
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM,
On 2/22/24 05:24, Gerd Hoffmann wrote:
Hi,
+if (Cr4.Bits.LA57) {
+ if (PhysBits > 48) {
+/*
+ * Some Intel CPUs support 5-level paging, have more than 48
+ * phys-bits but support only 4-level EPT, which effectively
+ * limits guest phys-bits to 48.
On 2/20/24 03:06, Gerd Hoffmann wrote:
Compile the OVMF ResetVector with 5-level paging support in case
PcdUse5LevelPageTable is TRUE.
When enabled the ResetVector will check at runtime whenever support for
5-level paging and gigabyte pages is available. In case both features
are supported it
On 2/20/24 03:06, Gerd Hoffmann wrote:
When running in SEV mode do not uninstall the #vc handler in
CheckSevFeatures. Keep it active and uninstall it later in
SevClearPageEncMaskForGhcbPage.
This allows using the cpuid instruction in SetCr3ForPageTables64,
which is needed to check for la57 &
On 1/26/24 22:04, Yao, Jiewen wrote:
Thanks Tom.
Please give me some time to digest this patch set before I can give some
feedback.
One quick question to you:
With this patch, we need to support multiple SEV modes:
1. SEV guest firmware
2. SEV-ES guest firmware
3. SEV-SNP guest firmware
4.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, an SEV-SNP guest will terminate if it is not running at VMPL0.
The requirement for running at VMPL0 is removed if an SVSM is present.
Update the current VMPL0 check to additionally check for the presence of
an SVSM is the guest
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification documents an alternative method of discovery for
the SVSM using a reserved CPUID bit and a reserved MSR.
For the CPUID support, the #VC handler of an SEV-SNP guest should modify
the returned value in the EAX register
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When running under an SVSM, the VMPL level of the APs that are started
must match the VMPL level provided by the SVSM. Additionally, each AP
must have a Calling Area for use with the SVSM protocol. Update the AP
creation to properly support
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, the first time an AP is started for an SEV-SNP guest, it relies
on the VMSA as set by the hypervisor. If the list of APIC IDs has been
retrieved, this is not necessary. Instead, use the SEV-SNP AP Create
protocol to start the AP
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Create a PCD that can be used to set and get the APIC ID information that
is required for starting APs when an SVSM is present.
Signed-off-by: Tom Lendacky
---
UefiCpuPkg/UefiCpuPkg.dec | 7 ++-
UefiCpuPkg/UefiCpuPkg.uni | 3 +++
2
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When an SVSM is present, starting the APs requires knowledge of the APIC
IDs. Create the definitions required to retrieve and hold the APIC ID
information of all the vCPUs present in the guest.
Signed-off-by: Tom Lendacky
---
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to change the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. When an
SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU
calls to change the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The RMPADJUST instruction is used to alter the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. When
an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU
calls to add or remove
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction can only be performed at VMPL0. An SVSM will
be present when running at VMPL1 or higher.
When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform
memory validation instead of issuing the PVALIDATE
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
An SVSM requires a calling area page whose address (CAA) is used by the
SVSM to communicate and process the SVSM request.
Add a pre-defined page area to the OvmfPkg and AmdSev packages and define
corresponding PCDs used to communicate the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Add initial support for the new CcExitLib interfaces to the OvmfPkg
version of the library. The initial implementation will fully implement
the SVSM presence check API and the SVSM VMPL API, with later patches
fully implementing the other
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
lower, the CcExitLib library must be extended with new intefaces.
This includes an interface to detect if running under an SVSM, an
interface to return the current VMPL,
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The Secure VM Service Module specification defines the interfaces needed
to allow multi-VMPL level execution of an SEV-SNP guest.
Define the SVSM related structures for the SVSM Calling Area as well as
the SVSM CAA MSR. The SVSM CAA MSR is
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.
Currently, the page state
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
This series adds SEV-SNP support for running OVMF under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM,
On 1/26/24 11:38, Tom Lendacky wrote:
+Min
Adding Min to see if TDX is also experiencing issues around this recent
change.
Thanks,
Tom
On 1/26/24 11:21, Tom Lendacky wrote:
On 1/22/24 00:47, Sheng Wei via groups.io wrote:
PciIoMap () need to feedback the status of
+Min
Adding Min to see if TDX is also experiencing issues around this recent
change.
Thanks,
Tom
On 1/26/24 11:21, Tom Lendacky wrote:
On 1/22/24 00:47, Sheng Wei via groups.io wrote:
PciIoMap () need to feedback the status of
mIoMmuProtocol->SetAttribute () return value.
REF:
1 - 100 of 304 matches
Mail list logo
