From nobody Sun Dec 29 02:54:42 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1494454189518244.24571783658973; Wed, 10 May 2017 15:09:49 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 1E2AC21959D41; Wed, 10 May 2017 15:09:46 -0700 (PDT) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0612.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe4a::612]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E8D3A21A0BA9D for ; Wed, 10 May 2017 15:09:43 -0700 (PDT) Received: from brijesh-build-machine.amd.com (165.204.77.1) by CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1075.11; Wed, 10 May 2017 22:09:41 +0000 X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=j+SU2h+JefoSSc+bS8EIzjMkqSZLAigiw9vNSdTpdKA=; b=lkmZpX+tU1FEhoDCGpQQuusLboyZKxfJUcqFspIq8d2AeHiN9d8Ga12yLAxrSHiVJuzgWv+TDN2LjbfHJd65pNcwiLvN7hdBTcJZcTAtTuxdw0l7M1oV2h3Ix5K/Du04c3WJvOhO2V/zfGqLJm3lbD6xydRZAumnudeCzhheXKw= Authentication-Results: lists.01.org; dkim=none (message not signed) header.d=none;lists.01.org; dmarc=none action=none header.from=amd.com; From: Brijesh Singh To: Date: Wed, 10 May 2017 18:09:11 -0400 Message-ID: <1494454162-9940-3-git-send-email-brijesh.singh@amd.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1494454162-9940-1-git-send-email-brijesh.singh@amd.com> References: <1494454162-9940-1-git-send-email-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: MWHPR21CA0051.namprd21.prod.outlook.com (10.172.93.141) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 37c33934-95a6-4abb-904b-08d497f1429b X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(201703131423075)(201703031133081); SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 3:P1xecaGq+xWadE3v9a/3t5ZAZp6Zv3tKitlbTZTzQ8IC5gMupMV3rBEYRAW4yhR3J+vcJd0N6qafb2dPDXE0l64H7sCk+Z8xVB6C/gUReVoWHAs0hArcG9pzfLdo6ERx+nYzuUXgt7qNc2h/a1l6cx7qhY7/9pEwt+Sxm9CkahAj1funNSEbnNZHDpRxdFJ6dvUk3nki4rAS4Ee3XNtq94NtyBppRv4GRxmWJm8sEInmU+Ni25AJVcVoM/s/V96ORMadM/wjqPsGH2u+c4mgUT+8E5hSg18FPhdy5tIeC+bF3uK4MHiiqCnspM+YT8OP//AVQ26XOQnZZcPxU+d9nSYykMKMEcCFGryk+mYuVkM=; 25:xSTHQaGVws6y64fxX/9WeAIMKUYUXLRlQ+xh0hBt0VjVQ14oNN85GucdvhACXlUSejjsm5xCmlfPqysFUgvjU96Ge1fMZBFjwrqdO1NQH8rQZgzz5yKhGtnd8H/Fl7B5+oGUQjE4QYObfj0O3VV8nTZhd4nC4mNwQeHKzmHETVFfZb0/tvnljBTcPFVMvcfua/MkjioAGCMziHJZ5mOdVvFR2JJhRxNMUKRt6DjGo5uK9B1+MEltW5f7JdUmARfwaFb/3/IZ5wGrfZxnL/Ib3Ut1BG5Ed5wC4ytvkSbxqNVMOMmpLSSJPo53hzf3kEwI1PdYPyXYBUIAHeB0fj6AHIWctVmxFumJeFHp4+xMVC+WdPx/UM+/EzY/bvxL2cxiYV3mroj5QUifUWGQWz2w4X//g2tQWiIB3KdotRL5SXGtxuGI4s2MX4VTuO99gn8tfKeWuQqfBvP1FbNJEZUmdPZZxjnIny9HR2WLZYbjaY8= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 31:JqDSgjVS1aMdrUs1UWMVsk+/4EXoJXSOCtZcxPo7S/55VYvuOwKV5llhyGej2V5e+G5s5p2KeMfFgJepYfTHMCQ3ZS4UNm1b2csAwFCuNJp5EnDz9LXEbmQj5+TJh3Oo4QtgbRsGvSh9g5Tr+5K5GmTZNLtqUdaPOfXwtsHOYIqjRzFO8ROcUYMuYDWIJM1O8szJp2i9JQ3Qj1AtcVYR3SLj3V6OrkdTEdovEIhDHIo=; 20:G7EYFxHehRGPuEp+Qu74JQJUSoQhzPFA9wuiloqGTwm/te8RMZbargfAlL0UKqsbNfSYqwjjyzgWwxgL6wE/CSXZDQOkLkgM6AaaUWhg3+fqQFT88Cm0Fa5QMTdkIQk2sn36p3d8qQMnCAdbyHNQ3A69NuWtAYMM+3UGlq/y93yaZjEwwKhPD7jTM/iufXBoiZV6vd5YNX7iW8rSu8WIESmFocju9H1RkZxbFH60prAtoBdBAdAeO7ZZTWVXScopawcfAlNFVNzFgCmJ6090KFhVPSKvT9Wk8BjPVhoF4OdJNt3fOlM4UqGukxbM6Ioc93/qCoj8JReyQHW1DT9IKbVw0uDt48uZ7Ue9R0i+CUQVVx8/90WO74WK8NY8PmbQ697aUjZB3fkTCT2EwIcUD7g40BajMia92DpCDhQwSv/x3EPVadMNIhq/xgNKaU7NjdnvPzD6NkcEVpAGx+ojySSBsYfUtYNUwy+gE/WT/t9Z1AVz+DNY0d7Ki3PFDC6X X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123560025)(20161123555025)(20161123564025)(6072148); SRVR:CY1PR12MB0149; BCL:0; PCL:0; RULEID:; SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 4:vrdqieBKOTA5mRc7KzZyYeTDmiF36WhZ6cfhRHHlwHFF3S/mWbWyO7fOvyBBoqQPD1ikuQ/oVmtIfxVLcfC0VjwJNRIJRVDRt7cybd5aDfbPE8Wap/OH8hNbX3jBM1Woa7z1UHxDWjzfyZ/PctSkd9R2VuQQT1721lPjPVIjw8as6vRnNMH3vGnqoX2XQkAnLj4RgfvjYjLjonKZsh0xiN5BjiiAMSySxZn6txEcg45mYmHC1y4BCXabyEeQgBYgR46NbXCYSZWAijvfniT7/XzmVk0/5diVL1sZkcBnPnynnUSu/qn30gAFZtBdVVAp+aLyrEOXYYmjRjpKsI5UdmDvoYxc+GnNptem/mTnTA/w3mxZwaBcpGKQ0FTMV+vsMv8ak8yJ5qGgVSq6u8qwppCHsOJow/65gnUGUJs7ktx6KkG9exytdIiMcH6e2kY/l7Vk+c7SNTk6wkwbtf1/DiT45/qNj5Wr5mSqPhkbfgLcnn7N5QLmaB+DU6hoPqc8X7G8sy8Q9s/8lbHqQpvCZWZ3slKF2Jhr4mC4xrGc4cRETZJ1uRKUaQ9n8wqdLGF8jeemwbxWTSF1GEWYhi4OJJD0AAcGHe4B5hoF8D2l9wBoyCugeIzEYD0YvKgctMvvs19/NvoNitbECw8+AvqIcybcbKf3d2+pmPRMlGBpJgpySfVkwNLnNE53+gNGHBU1fTr3RmPSF3ohmVv0AItk1ImSIOu94LKmTZLEYlyuz92wTs6h0Q+z7EFWdOgdl5NDHvLbuvJbvIoJMdxe9KPKpPXUYP/LoDDXqgUTc7vvu+jOo0+S0AZ/s63sP0tT6udrk+ouX1kDnp4FHZVIj2DE78nAeNbSjLEaOt149nPbZT/YnpHKYgoqTV0SywrSlHJL X-Forefront-PRVS: 03030B9493 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39840400002)(39400400002)(39410400002)(39850400002)(50986999)(2950100002)(6666003)(6916009)(6486002)(76176999)(50466002)(33646002)(478600001)(86362001)(189998001)(48376002)(110136004)(8676002)(4326008)(2906002)(54906002)(38730400002)(53936002)(3846002)(6116002)(50226002)(25786009)(81166006)(5003940100001)(5660300001)(53416004)(36756003)(42186005)(66066001)(7736002)(305945005)(2351001)(19627235001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0149; H:brijesh-build-machine.amd.com; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR12MB0149; 23:CznuO5zZm6UAIec0rRnLF11/7/+Ch39xLXg7u87Hj?= =?us-ascii?Q?8mxkRrcFMBv6yJC0cNWeeoVhs/Li+cLt8TcWQhW5a5fS227ETRQWgaAUA8n5?= =?us-ascii?Q?0h9/f4t6RWNFig6YUGprmdUdaN/Tlup3CAGZNZA58t+KIQyMXJZT0TC1hthN?= =?us-ascii?Q?dfW1PXpgoeM6vCTrwRct7dtcUnNaxYN09Xr7HEw8quw8t8G/S5VKtRuk7K12?= =?us-ascii?Q?diCtUX5XQW3UxzibA0Km+cUOxcue+HvB35hlfa3aOlA8+zSlEYEnijRtGRrp?= =?us-ascii?Q?MuZYbV1j9c4mL/SGSXM4I7ND/T2+olM2jA010NSrufvoFBcuxWL3Jk9GT34l?= =?us-ascii?Q?kPOkMCZu6tz3OsVpNqTJ/LVDkbdfphKJBMVWsRGG2+ZsTd/xwiTyy7IOAqxJ?= =?us-ascii?Q?OGPmhN7faavPweRdsLZ2u9U9F7UHCcNOty/6aDKvVgENataFI7lxkUWh/y5G?= =?us-ascii?Q?O+XQrvq3Wkz5GcAM4ttYUL0/SMZCoxXyqcnPS0H5oMhIUuXjJfI63N2bD6IH?= =?us-ascii?Q?T3oyABbCozFJckL4lBMqOFJ1A4qINAmkm+l7HZ4ZGLMQfg0SKxvc6Dxj/bxx?= =?us-ascii?Q?VfaHMZoTpjAfHpj+ap9kd1syApFBhmS+68GoS5ctctY0gaqpiUEdFccqbsjT?= =?us-ascii?Q?A3CDVo4SXSLoCYMv6d3eibfT/ZuZa3k3C2Shsgar5vE+GC6tqj4xBBMzxALj?= =?us-ascii?Q?KppVgZzPHSVD1+LRlCzxMcTKGjXNq6CHbxEHv7AwilvMbaY0jIC/N0ga1uu+?= =?us-ascii?Q?JU0zaJLDzRL1487Q+1azWBS4bzw4ERaoixONRyH+nPRyYcSObLdeiTr/BnWz?= =?us-ascii?Q?hRYbfjWN2+U4nm6DhbtnZpstbKTVW80wgcNhYYKxX8AYCZiqR+ltkfd9YtX4?= =?us-ascii?Q?ZDRIZW/gS2NowwYwN76gCg8nGjEyse02esuOA5tU31qBPdCdTDL7WeEO8CUf?= =?us-ascii?Q?S66ril1flLmvfgpg1e4PGGCPNWSnGzDxYL5kPuvR1I7urgRiN8/J8PsGvGvu?= =?us-ascii?Q?V1/P2eKtQEQCgU7XfGBFIkeUKaCj7749G8Z3PTO9EKCFQ=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 6:F/U+nHF0ZJjauNOenMS0Eq1QatePiFTuD0l+U+NHH2JUXlhIzMZM9qGDG+Yz098gs7EtYZIVCJ0nbvUHi/Oul/9obRTc+NQu98Hsfq1msa1RbVxGgx56/SOMJzWe5aNM20Z3DuxAergQxgbppelqUdMxE3TXJYPI4Z42A4hqCGkN/6yL7Dyee20adDj2quyF0s4pac5NXNNIk93gYgATxXlIhYcsYC7RomlvcmwJcXowuhH4vHwdwKy2q5ewwJ/U7FfGnI0VtpTiogAMCKjgQ1IlYmKMPCsmpZ2nnu4q9zvP3OewtuDIp6SqF37GbTseRw+FlY07fdhbypg9ZG+WUI+ABFsEQEfTo+HChyklSrZMvAwcNqTVkPe/+hcyFUBCAlNERRao7Ogl+QwDu5HO/miyyeF5PRxXPcvZ7n+csTZ0/Lfr8SUWnjPU0+XsWtltW08NZn5oWVfIeiqWjCEeyUqZnRd3K+qmPKn0sl8NhTjJyj8wnIwfmpNWGZ6QeX3A1upSa1TpD8Plv0oAjzzlkmrdL39U0Nm/H4wJ8TvY74U=; 5:RCN4tBzz2RP1jNwvflYY3XjjqYWBCo9MA+JMPL40jq9w1YYPu2aF+FX2xURfiwlStRpZlPwa0IKNFzqZTRMTlF/IxDJKDkGTCgQtY55Ylmr7x9ZtKmusVergk0cEUgLWmmgUMAuW5mYM4pwHIlFt4w==; 24:P17/zK1XteHVjVGBQALCmGMjSoq8Vul3MntggW2106z226K9OL9geqgVTlSwhUIJq/vfLf0X8Hfz6wuidQSEMDWhl7OpfNEW5sL1rT+iP6c= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 7:E119gUzcTMujLop85OFC3/PK4jXWoWtAxmFxVcfDt0I5PbpyX6hElTzBp5F3kHow1I0A9RkRhoGnhiYzRzwCwwEIEKGsdDL5vCg5yjWGSqSAWJyiVjRmBctNuFX+dmZXWH6kOxGtagearH29LfVQnQB/EkXY42SHVrIrnCF5L796M50Ti+xHjepw/XLmD9/nnf/3QoCLDuY5nppH2CEmHugCwDo6oJTEN1dBxzBXfz6TT/JTYlpEme0q6vYVcOBMZa102fKOStsrXg8fwM8E8nL8oSrpnOOanzFjiOtVLZa7BM7+QUNW7LGonG91tbPpXNwIHV7s4XVJaiSIS9XguQ==; 20:Wq6/pvpF7T1JvG7bF0I67yrWOv/YhWXRphGginx9nVVBqq17bKq0Vnv44Kys7hiZaFyIj4iTc05xbwmqqm6UpnS/L72R/RZKcWdZRoGrHsAt1uYYbYKH5KTkCxUtoqCxLKUpb7joCwW/huZOgVwzYgQZNFntmZCR7IwC+g06VQVKylvA2GsC+Q3PDBVjC+vzyt4T9FkbaJDjyq8DChlIZGfQMti4tEhuAkvUgfUFqYOr6yJsmUvL2L3xmMEH0/fh X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 May 2017 22:09:41.9771 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Subject: [edk2] [RFC v4 02/13] OvmfPkg/ResetVector: Set C-bit when building initial page table X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com, Laszlo Ersek , Jordan Justen Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" SEV guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. The C-bit in PTE indicate whether the page is private or shared. The C-bit position for the PTE can be obtained from CPUID Fn8000_001F[EBX]. When SEV is active, the BIOS is encrypted by the Qemu launch sequence, we must set the C-bit when building the page table. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh Reviewed-by: Laszlo Ersek --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 70 +++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6201cad1f5dc..3d4b04844cdf 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -37,9 +37,60 @@ BITS 32 PAGE_READ_WRITE + \ PAGE_PRESENT) =20 +; Check if Secure Encrypted Virtualization (SEV) feature is enabled +; +; If SEV is enabled then EAX will be at least 32 +; If SEV is disabled then EAX will be zero. +; +CheckSevFeature: + ; CPUID will clobber EBX, ECX, EDX, save these registers + push ebx + push ecx + push edx + + ; Check if we have a valid (0x8000_001F) CPUID leaf + mov eax, 0x80000000 + cpuid + + ; This check should fail on Intel or Non SEV AMD CPUs and in future if + ; Intel CPUs supports this CPUID leaf then we are guranteed to have ex= act + ; same bit definition. + cmp eax, 0x8000001f + jl NoSev + + ; Check for memory encryption feature: + ; CPUID Fn8000_001F[EAX] - Bit 1 + ; + mov eax, 0x8000001f + cpuid + bt eax, 1 + jnc NoSev + + ; Check if memory encryption is enabled + ; MSR_0xC0010131 - Bit 0 (SEV enabled) + mov ecx, 0xc0010131 + rdmsr + bt eax, 0 + jnc NoSev + + ; Get pte bit position to enable memory encryption + ; CPUID Fn8000_001F[EBX] - Bits 5:0 + ; + mov eax, ebx + and eax, 0x3f + jmp SevExit + +NoSev: + xor eax, eax + +SevExit: + pop edx + pop ecx + pop ebx + OneTimeCallRet CheckSevFeature =20 ; -; Modified: EAX, ECX +; Modified: EAX, ECX, EDX ; SetCr3ForPageTables64: =20 @@ -60,18 +111,34 @@ clearPageTablesMemoryLoop: mov dword[ecx * 4 + PT_ADDR (0) - 4], eax loop clearPageTablesMemoryLoop =20 + OneTimeCall CheckSevFeature + xor edx, edx + test eax, eax + jz SevNotActive + + ; If SEV is enabled, Memory encryption bit is always above 31 + sub eax, 32 + bts edx, eax + +SevNotActive: + ; ; Top level Page Directory Pointers (1 * 512GB entry) ; mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (4)], edx =20 ; ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB) ; mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1004)], edx mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x100C)], edx mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1014)], edx mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x101C)], edx =20 ; ; Page Table Entries (2048 * 2MB entries =3D> 4GB) @@ -83,6 +150,7 @@ pageTableEntriesLoop: shl eax, 21 add eax, PAGE_2M_PDE_ATTR mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 ; --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel