Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: c212fec9cf086243a7fb01cea185e67c2bd8f72e
https://github.com/tianocore/edk2/commit/c212fec9cf086243a7fb01cea185e67c2bd8f72e
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
Log Message:
-----------
OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
the return value is checked with EFI_ERROR() when it should just be
compared to 0. Fix the error check.
Cc: Ard Biesheuvel <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Reviewed-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 8a6471819b55336c88d029149a397791adb2d829
https://github.com/tianocore/edk2/commit/8a6471819b55336c88d029149a397791adb2d829
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M MdePkg/Include/Register/Amd/Ghcb.h
Log Message:
-----------
MdePkg: GHCB APIC ID retrieval support definitions
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When an SVSM is present, starting the APs requires knowledge of the APIC
IDs. Create the definitions required to retrieve and hold the APIC ID
information of all the vCPUs present in the guest.
Cc: Liming Gao <[email protected]>
Cc: Michael D Kinney <[email protected]>
Cc: Zhiguang Liu <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 5bdb091133b98652f366e666c5c8bc4de1513f2b
https://github.com/tianocore/edk2/commit/5bdb091133b98652f366e666c5c8bc4de1513f2b
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
A UefiCpuPkg/Include/Guid/GhcbApicIds.h
M UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
M UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
M UefiCpuPkg/Library/MpInitLib/MpLib.c
M UefiCpuPkg/Library/MpInitLib/MpLib.h
M UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
M UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
M UefiCpuPkg/UefiCpuPkg.dec
Log Message:
-----------
UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Currently, the first time an AP is started for an SEV-SNP guest, it relies
on the VMSA as set by the hypervisor. If the list of APIC IDs has been
retrieved, this is not necessary. The list of APIC IDs will be identified
by a GUIDed HOB. If the GUIDed HOB is present, use the SEV-SNP AP Create
protocol to start the AP for the first time and each time thereafter.
Cc: Gerd Hoffmann <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Rahul Kumar <[email protected]>
Cc: Ray Ni <[email protected]>
Reviewed-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Acked-by: Ray Ni <[email protected]>
Commit: 4bd3b5ab13799765125b5ff2d126bc1565eaedac
https://github.com/tianocore/edk2/commit/4bd3b5ab13799765125b5ff2d126bc1565eaedac
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/PlatformPei/AmdSev.c
M OvmfPkg/PlatformPei/PlatformPei.inf
Log Message:
-----------
OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an SVSM.
After retrieving the APIC IDs, save the address of the APIC ID data
structure in a GUIDed HOB.
Cc: Ard Biesheuvel <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Reviewed-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 6b14ef6b282821c82ba40bad78f8afb7bca5d077
https://github.com/tianocore/edk2/commit/6b14ef6b282821c82ba40bad78f8afb7bca5d077
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
Log Message:
-----------
OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In prep for follow-on patches, fix an area of the code that does not meet
the uncrustify coding standards.
Cc: Ard Biesheuvel <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Reviewed-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 5fe9db0f8220aa10ecb8c15f3188e024982111a7
https://github.com/tianocore/edk2/commit/5fe9db0f8220aa10ecb8c15f3188e024982111a7
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
Log Message:
-----------
OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Calculate the amount of memory that can be use to build the Page State
Change data (SNP_PAGE_STATE_CHANGE_INFO) instead of using a hard-coded
size. This allows for changes to the GHCB shared buffer size without
having to make changes to the page state change code.
Cc: Ard Biesheuvel <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Reviewed-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: f40c1f2a30fc58835cb28efc73c40d52c29363fd
https://github.com/tianocore/edk2/commit/f40c1f2a30fc58835cb28efc73c40d52c29363fd
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M MdePkg/Include/Register/Amd/Ghcb.h
Log Message:
-----------
MdePkg: Avoid hardcoded value for number of Page State Change entries
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SNP_PAGE_STATE_MAX_ENTRY is based on the number of entries that can
fit in the GHCB shared buffer. As a result, the SNP_PAGE_STATE_CHANGE_INFO
structure maps the full GHCB shared buffer based on the shared buffer size
being 2032 bytes.
Instead of using a hardcoded value for SNP_PAGE_STATE_MAX_ENTRY, use a
build calculated value. Since the SNP_PAGE_STATE_CHANGE_INFO is used as a
mapping, eliminate the hardcoded array size so that the structure can be
used based on any size buffer.
Cc: Liming Gao <[email protected]>
Cc: Michael D Kinney <[email protected]>
Cc: Zhiguang Liu <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Commit: 2b330b57dbe8014c5fa9f10d4cf4ae5923e3b143
https://github.com/tianocore/edk2/commit/2b330b57dbe8014c5fa9f10d4cf4ae5923e3b143
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/Include/WorkArea.h
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
Log Message:
-----------
OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.
Currently, the page state change logic directly uses the GHCB shared
buffer to build the page state change structures. However, this will be
in conflict with the use of the GHCB should an SVSM call be required.
Instead, use a separate buffer (an area in the workarea during SEC and
an allocated page during PEI/DXE) to hold the page state change request
and only update the GHCB shared buffer as needed.
Since the information is copied to, and operated on, in the GHCB shared
buffer this has the added benefit of not requiring to save the start and
end entries for use when validating the memory during the page state
change sequence.
Cc: Ard Biesheuvel <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Commit: 069f9911a35c6191ea0cace0b5b5c8061e9b7720
https://github.com/tianocore/edk2/commit/069f9911a35c6191ea0cace0b5b5c8061e9b7720
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
Log Message:
-----------
OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
When building the Page State Change entries for a range of memory, it can
happen that multiple calls to BuildPageStateBuffer() need to be made. If
the size of the input work area passed to BuildPageStateBuffer() exceeds
the number of entries that can be passed to the hypervisor using the GHCB
shared buffer, the Page State Change VMGEXIT support will issue multiple
VMGEXITs to process all entries in the buffer.
However, it could be that the final VMGEXIT for each round of Page State
Changes is only for a small number of entries and subsequent VMGEXITs may
still be issued to handle the full range of memory requested. To maximize
the number of entries processed during the Page State Change VMGEXIT,
limit BuildPageStateBuffer() to not build entries that exceed the maximum
number of entries that can be handled in a single Page State Change
VMGEXIT.
Cc: Ard Biesheuvel <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Reviewed-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 8ccbf075f0f4451c760ab56288623c00e4d96e65
https://github.com/tianocore/edk2/commit/8ccbf075f0f4451c760ab56288623c00e4d96e65
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M MdePkg/Include/Register/Amd/Fam17Msr.h
M MdePkg/Include/Register/Amd/Msr.h
A MdePkg/Include/Register/Amd/Svsm.h
A MdePkg/Include/Register/Amd/SvsmMsr.h
Log Message:
-----------
MdePkg/Register/Amd: Define the SVSM related information
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The Secure VM Service Module specification defines the interfaces needed
to allow multi-VMPL level execution of an SEV-SNP guest.
Define the SVSM related structures for the SVSM Calling Area as well as
the SVSM CAA MSR. The SVSM CAA MSR is an MSR register that is reserved for
software use and will not be implemented in hardware.
Cc: Liming Gao <[email protected]>
Cc: Michael D Kinney <[email protected]>
Cc: Zhiguang Liu <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: c0bf953fe889f5a47fb830cec53a57bfa2380b4d
https://github.com/tianocore/edk2/commit/c0bf953fe889f5a47fb830cec53a57bfa2380b4d
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M MdePkg/Include/Library/BaseLib.h
M MdePkg/Library/BaseLib/BaseLib.inf
A MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
A MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
Log Message:
-----------
MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR Protocol or a GHCB NAE event.
Create a new version of the VMGEXIT instruction that will adhere to this
calling convention and load the SVSM function arguments into the proper
register before invoking the VMGEXIT instruction. On return, perform the
atomic exchange on the SVSM call pending value as specified in the SVSM
specification.
Cc: Liming Gao <[email protected]>
Cc: Michael D Kinney <[email protected]>
Cc: Zhiguang Liu <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 30d274e354d47c3ad78121f31407aeacbccf9bec
https://github.com/tianocore/edk2/commit/30d274e354d47c3ad78121f31407aeacbccf9bec
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
A UefiCpuPkg/Include/Library/AmdSvsmLib.h
A UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
A UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
A UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.uni
M UefiCpuPkg/UefiCpuPkg.dec
M UefiCpuPkg/UefiCpuPkg.dsc
Log Message:
-----------
UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
lower, a new library must be created.
This library includes an interface to detect if running under an SVSM, an
interface to return the current VMPL, an interface to perform memory
validation and an interface to set or clear the attribute that allows a
page to be used as a VMSA.
Cc: Gerd Hoffmann <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Rahul Kumar <[email protected]>
Cc: Ray Ni <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Acked-by: Ray Ni <[email protected]>
Commit: d2b18e6bc22365bcb51fe4246a681569491f3a40
https://github.com/tianocore/edk2/commit/d2b18e6bc22365bcb51fe4246a681569491f3a40
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M UefiPayloadPkg/UefiPayloadPkg.dsc
Log Message:
-----------
UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new AmdSvsmLib library.
To prevent any build breakage, update the UefiPayloadPkg DSC file to
include the AmdSvsmLib NULL library.
Cc: Gua Guo <[email protected]>
Cc: Guo Dong <[email protected]>
Cc: James Lu <[email protected]>
Cc: Sean Rhodes <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Reviewed-by: Guo Dong <[email protected]>
Commit: 789727ccf324833fd50daa1d9fb0e7666a8b043a
https://github.com/tianocore/edk2/commit/789727ccf324833fd50daa1d9fb0e7666a8b043a
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/AmdSev/AmdSevX64.dsc
M OvmfPkg/Bhyve/BhyveX64.dsc
M OvmfPkg/CloudHv/CloudHvX64.dsc
M OvmfPkg/IntelTdx/IntelTdxX64.dsc
M OvmfPkg/Microvm/MicrovmX64.dsc
M OvmfPkg/OvmfPkgIa32.dsc
M OvmfPkg/OvmfPkgIa32X64.dsc
M OvmfPkg/OvmfPkgX64.dsc
M OvmfPkg/OvmfXen.dsc
Log Message:
-----------
Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The MpInitLib library will be updated to use the new AmdSvsmLib library.
To prevent any build breakage, update the OvmfPkg DSCs file to include
the AmdSvsmLib NULL library.
Cc: Anatol Belski <[email protected]>
Cc: Anthony Perard <[email protected]>
Cc: Ard Biesheuvel <[email protected]>
Cc: Corvin Köhne <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jianyong Wu <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Cc: Rebecca Cran <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Commit: 6ced1e91eff13dae1bfba95734e2b34a73601db2
https://github.com/tianocore/edk2/commit/6ced1e91eff13dae1bfba95734e2b34a73601db2
Author: Tom Lendacky <[email protected]>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M OvmfPkg/AmdSev/AmdSevX64.dsc
M OvmfPkg/CloudHv/CloudHvX64.dsc
A OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
A OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf
M OvmfPkg/Microvm/MicrovmX64.dsc
M OvmfPkg/OvmfPkgX64.dsc
Log Message:
-----------
Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
Add initial support for the new AmdSvsmLib library to OvmfPkg. The initial
implementation fully implements the library interfaces.
The SVSM presence check, AmdSvsmIsSvsmPresent(), determines the presence
of an SVSM by checking if an SVSM has been advertised in the SEV-SNP
Secrets Page.
The VMPL API, AmdSvsmSnpGetVmpl(), returns the VMPL level at which OVMF is
currently running.
The CAA API, AmdSvsmSnpGetCaa(), returns the Calling Area Address when an
SVSM is present, 0 otherwise.
The PVALIDATE API, AmdSvsmSnpPvalidate(), copies the PVALIDATE logic from
the BaseMemEncryptSevLib library for the initial implementation. The
BaseMemEncryptSevLib library will be changed to use this new API so that
the decision as to whether the SVSM is needed to perform the operation
can be isolated to this library.
The VMSA API, AmdSvsmSnpVmsaRmpAdjust(), copies the RMPUPDATE logic from
the MpInitLib library for the initial implementation. The MpInitLib
library will be changed to use this new API so that the decision as to
whether the SVSM is needed to perform the operation can be isolated to
this library.
Cc: Anatol Belski <[email protected]>
Cc: Ard Biesheuvel <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Jianyong Wu <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Michael Roth <[email protected]>
Cc: Min Xu <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Acked-by: Gerd Hoffmann <[email protected]>
Compare: https://github.com/tianocore/edk2/compare/61185f1d5015...6ced1e91eff1
To unsubscribe from these emails, change your notification settings at
https://github.com/tianocore/edk2/settings/notifications
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
