Re: [edk2-devel] [PATCH v4 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall

Tue, 22 Jun 2021 13:35:28 -0700 


On 6/21/2021 8:57 AM, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.ka...@amd.com>
> 
> Mark the SEC GHCB page (that is mapped as unencrypted in
> ResetVector code) in the hypervisor page status tracking.
> 
> Cc: Jordan Justen <jordan.l.jus...@intel.com>
> Cc: Laszlo Ersek <ler...@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheu...@arm.com>
> 
Remove this new line.

> Signed-off-by: Ashish Kalra <ashish.ka...@amd.com>
> ---
>  OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
> index a8bf610022..3f642ecb06 100644
> --- a/OvmfPkg/PlatformPei/AmdSev.c
> +++ b/OvmfPkg/PlatformPei/AmdSev.c
> @@ -15,6 +15,7 @@
>  #include <Library/HobLib.h>
>  #include <Library/MemEncryptSevLib.h>
>  #include <Library/MemoryAllocationLib.h>
> +#include <Library/MemEncryptHypercallLib.h>
>  #include <Library/PcdLib.h>
>  #include <PiPei.h>
>  #include <Register/Amd/Msr.h>
> @@ -52,6 +53,15 @@ AmdSevEsInitialize (
>    PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
>    ASSERT_RETURN_ERROR (PcdStatus);
>  
> +  //
> +  // GHCB_BASE setup during reset-vector needs to be marked as
> +  // decrypted in the hypervisor page encryption bitmap.
> +  //
> +  SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
> +    EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
> +    KVM_MAP_GPA_RANGE_DECRYPTED
> +    );
> +

Typically we should invoke the HC as soon as the page state is changed in the 
PTE.
Why we are notifying it too late? Is this because you are trying to avoid asm 
code
or there is no MSR protocol for VMMCALL NAE ?

I am okay with not notifying in ASM code, but at least we should notify the 
change
during the ES protocol negotiation and before the GHCB is setup. In other words,
do it inside the  SevEsProtocolCheck() [Sec/SecMain.c].

-Brijesh


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76861): https://edk2.groups.io/g/devel/message/76861
Mute This Topic: https://groups.io/mt/83688893/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

























					Reply via email to