date:20210630



This patchset adds support for initialization of default

   
Secure Boot variables based on keys content embedded in 

   
flash binary. This feature is active only if Secure Boot

   
is enabled and DEFAULT_KEY is defined. The patchset 

   
consist also application to enroll keys from default

   
variables and secure boot menu change to allow user 

   
to reset key content to default values. 

   
Discussion on design can be found at:   

   
https://edk2.groups.io/g/rfc/topic/82139806#600 

   

I also added patch for RPi4 which enables this feature for  

   
that platform.  


Built with:
GCC
- RISC-V (U500, U540) [requires fixes in dsc to build]
- Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg,
  EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32))
- ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4)

RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be built,
will be post on edk2 maillist later

VS2019
- Intel (OvmfPkgX64)

Test with:
GCC5/RPi4
VS2019/OvmfX64 (requires changes to enable feature)

Tests:
1. Try to enroll key in incorrect format.
2. Enroll with only PKDefault keys specified.
3. Enroll with all keys specified.
4. Enroll when keys are enrolled.
5. Reset keys values.
6. Running signed & unsigned app after enrollment.

Changes since v1:   

- change names: 

  SecBootVariableLib => SecureBootVariableLib   

   
  SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe 

   
  SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp   

   
- change name of function CheckSetupMode to GetSetupMode

   
- remove ShellPkg dependecy from EnrollFromDefaultKeysApp   

   
- rebase to master  


Changes since v2:   

- fix coding style for functions headers in SecureBootVariableLib.h 

   
- add header to SecureBootDefaultKeys.fdf.inc   

   
- remove empty line spaces in SecureBootDefaultKeysDxe files

   
- revert FAIL macro in EnrollFromDefaultKeysApp 

   
- remove functions duplicates and  add SecureBootVariableLib

   
  to platforms which used it

[edk2-devel] [PATCH v4 5/8] SecurityPkg: Add SecureBootDefaultKeysDxe driver

This driver initializes default Secure Boot keys and databases
based on keys embedded in flash.

Signed-off-by: Grzegorz Bernacki 
Reviewed-by: Sunny Wang 
Reviewed-by: Pete Batard 
Tested-by: Pete Batard  on Raspberry Pi
---
 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 | 45 +
 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
   | 68 
 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni
 | 16 +
 3 files changed, 129 insertions(+)
 create mode 100644 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 create mode 100644 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
 create mode 100644 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni

diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 
b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
new file mode 100644
index 00..0af7563a3b
--- /dev/null
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
@@ -0,0 +1,45 @@
+## @file
+#  Initializes Secure Boot default keys
+#
+#  Copyright (c) 2021, ARM Ltd. All rights reserved.
+#  Copyright (c) 2021, Semihalf All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+[Defines]
+  INF_VERSION = 0x00010005
+  BASE_NAME   = SecureBootDefaultKeysDxe
+  FILE_GUID   = C937FCB7-25AC-4376-89A2-4EA8B317DE83
+  MODULE_TYPE = DXE_DRIVER
+  ENTRY_POINT = SecureBootDefaultKeysEntryPoint
+
+#
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
+#
+[Sources]
+  SecureBootDefaultKeysDxe.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  UefiDriverEntryPoint
+  DebugLib
+  SecureBootVariableLib
+
+[Guids]
+  ## SOMETIMES_PRODUCES  ## Variable:L"PKDefault"
+  ## SOMETIMES_PRODUCES  ## Variable:L"KEKDefault"
+  ## SOMETIMES_PRODUCES  ## Variable:L"dbDefault"
+  ## SOMETIMES_PRODUCES  ## Variable:L"dbtDefault"
+  ## SOMETIMES_PRODUCES  ## Variable:L"dbxDefault"
+  gEfiGlobalVariableGuid
+
+[Depex]
+  gEfiVariableArchProtocolGuid  AND
+  gEfiVariableWriteArchProtocolGuid
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
 
b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
new file mode 100644
index 00..12a18dc352
--- /dev/null
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
@@ -0,0 +1,68 @@
+/** @file
+  This driver init default Secure Boot variables
+
+Copyright (c) 2021, ARM Ltd. All rights reserved.
+Copyright (c) 2021, Semihalf All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+  The entry point for SecureBootDefaultKeys driver.
+
+  @param[in]  ImageHandleThe image handle of the driver.
+  @param[in]  SystemTableThe system table.
+
+  @retval EFI_ALREADY_STARTEDThe driver already exists in system.
+  @retval EFI_OUT_OF_RESOURCES   Fail to execute entry point due to lack of 
resources.
+  @retval EFI_SUCCESSAll the related protocols are installed on 
the driver.
+  @retval Others Fail to get the SecureBootEnable variable.
+
+**/
+EFI_STATUS
+EFIAPI
+SecureBootDefaultKeysEntryPoint (
+  IN EFI_HANDLE  ImageHandle,
+  IN EFI_SYSTEM_TABLE*SystemTable
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = SecureBootInitPKDefault ();
+  if (EFI_ERROR (Status)) {
+DEBUG((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__, 
Status));
+return Status;
+  }
+
+  Status = SecureBootInitKEKDefault ();
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", 
__FUNCTION__, Status));
+return Status;
+  }
+  Status = SecureBootInitdbDefault ();
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", 
__FUNCTION__, Status));
+return Status;
+  }
+
+  Status = SecureBootInitdbtDefault ();
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __FUNCTION__));
+  }
+
+  Status = SecureBootInitdbxDefault ();
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __FUNCTION__));
+  }
+
+  return Status;
+}
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni
 
b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni
new file mode 100644
index 00..2b6cb7f950
--- /dev/null
+++ 
b/SecurityPkg/VariableAuthe

[edk2-devel] [PATCH v4 2/8] ArmVirtPkg: add SecureBootVariableLib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for ArmVirtPkg platform.

Signed-off-by: Grzegorz Bernacki 
---
 ArmVirtPkg/ArmVirt.dsc.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index d9abadbe70..11c1f53537 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -168,6 +168,7 @@
   #
 !if $(SECURE_BOOT_ENABLE) == TRUE
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77324): https://edk2.groups.io/g/devel/message/77324
Mute This Topic: https://groups.io/mt/83891029/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 1/8] SecurityPkg: Create library for setting Secure Boot variables.

This commits add library, which consist functions related
creation/removal Secure Boot variables. Some of the functions
was moved from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki 
---
 SecurityPkg/SecurityPkg.dsc   
|   1 +
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf   
|  79 ++
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 
|   1 +
 SecurityPkg/Include/Library/SecureBootVariableLib.h   
| 251 +
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c 
| 980 
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c  
| 189 +---
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni   
|  16 +
 7 files changed, 1329 insertions(+), 188 deletions(-)
 create mode 100644 
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h
 create mode 100644 
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
 create mode 100644 
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index bd4b810bce..854f250625 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -70,6 +70,7 @@
   RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
   
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
   
MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
 [LibraryClasses.ARM]
   #
diff --git 
a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf 
b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
new file mode 100644
index 00..84367841d5
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -0,0 +1,79 @@
+## @file
+#  Provides initialization of Secure Boot keys and databases.
+#
+#  Copyright (c) 2021, ARM Ltd. All rights reserved.
+#  Copyright (c) 2021, Semihalf All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = SecureBootVariableLib
+  MODULE_UNI_FILE= SecureBootVariableLib.uni
+  FILE_GUID  = D4FFF5CA-6D8E-4DBD-8A4B-7C7CEBD97F6F
+  MODULE_TYPE= DXE_DRIVER
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = SecureBootVariableLib|DXE_DRIVER 
DXE_RUNTIME_DRIVER UEFI_APPLICATION
+
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
+#
+
+[Sources]
+  SecureBootVariableLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
+  DxeServicesLib
+
+[Guids]
+  ## CONSUMES## Variable:L"SetupMode"
+  ## PRODUCES## Variable:L"SetupMode"
+  ## CONSUMES## Variable:L"SecureBoot"
+  ## PRODUCES## Variable:L"SecureBoot"
+  ## PRODUCES## Variable:L"PK"
+  ## PRODUCES## Variable:L"KEK"
+  ## CONSUMES## Variable:L"PKDefault"
+  ## CONSUMES## Variable:L"KEKDefault"
+  ## CONSUMES## Variable:L"dbDefault"
+  ## CONSUMES## Variable:L"dbxDefault"
+  ## CONSUMES## Variable:L"dbtDefault"
+  gEfiGlobalVariableGuid
+
+  ## SOMETIMES_CONSUMES  ## Variable:L"DB"
+  ## SOMETIMES_CONSUMES  ## Variable:L"DBX"
+  ## SOMETIMES_CONSUMES  ## Variable:L"DBT"
+  gEfiImageSecurityDatabaseGuid
+
+  ## CONSUMES## Variable:L"SecureBootEnable"
+  ## PRODUCES## Variable:L"SecureBootEnable"
+  gEfiSecureBootEnableDisableGuid
+
+  ## CONSUMES## Variable:L"CustomMode"
+  ## PRODUCES## Variable:L"CustomMode"
+  gEfiCustomModeEnableGuid
+
+  gEfiCertTypeRsa2048Sha256Guid  ## CONSUMES
+  gEfiCertX509Guid   ## CONSUMES
+  gEfiCertPkcs7Guid  ## CONSUMES
+
+  gDefaultPKFileGuid
+  gDefaultKEKFileGuid
+  gDefaultdbFileGuid
+  gDefaultdbxFileGuid
+  gDefaultdbtFileGuid
+
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
index 573efa6379..30d9cd8025 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -54,6 +54,7 @@
   DevicePathLib
   FileExplorerLib
   PeCoffLib
+  SecureBootVariableLib

[edk2-devel] [PATCH v4 3/8] Intel Platforms: add SecureBootVariableLib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki 
---
 EmulatorPkg/EmulatorPkg.dsc | 1 +
 OvmfPkg/Bhyve/BhyveX64.dsc  | 1 +
 OvmfPkg/OvmfPkgIa32.dsc | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc  | 1 +
 OvmfPkg/OvmfPkgX64.dsc  | 1 +
 5 files changed, 5 insertions(+)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 20e5468398..966cc7af01 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -132,6 +132,7 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index cbf896e89b..bcc0b2f2f4 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -196,6 +196,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   
PlatformSecureLib|OvmfPkg/Bhyve/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f53efeae79..9225966541 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -204,6 +204,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3662e17f2..5d53327edb 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -208,6 +208,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a9058..509acf7926 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -208,6 +208,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77325): https://edk2.groups.io/g/devel/message/77325
Mute This Topic: https://groups.io/mt/83891031/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 4/8] ArmPlatformPkg: Create include file for default key content.

This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.

Signed-off-by: Grzegorz Bernacki 
---
 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70 
 1 file changed, 70 insertions(+)
 create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc

diff --git a/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc 
b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
new file mode 100644
index 00..bf4f2d42de
--- /dev/null
+++ b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
@@ -0,0 +1,70 @@
+## @file
+# FDF include file which allows to embed Secure Boot keys
+#
+#  Copyright (c) 2021, ARM Limited. All rights reserved.
+#  Copyright (c) 2021, Semihalf. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+!if $(DEFAULT_KEYS) == TRUE
+  FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+  !ifdef $(PK_DEFAULT_FILE)
+SECTION RAW = $(PK_DEFAULT_FILE)
+  !endif
+SECTION UI = "PK Default"
+  }
+
+  FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+  !ifdef $(KEK_DEFAULT_FILE1)
+SECTION RAW = $(KEK_DEFAULT_FILE1)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE2)
+SECTION RAW = $(KEK_DEFAULT_FILE2)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE3)
+SECTION RAW = $(KEK_DEFAULT_FILE3)
+  !endif
+SECTION UI = "KEK Default"
+  }
+
+  FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
+  !ifdef $(DB_DEFAULT_FILE1)
+SECTION RAW = $(DB_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE2)
+SECTION RAW = $(DB_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE3)
+SECTION RAW = $(DB_DEFAULT_FILE3)
+  !endif
+SECTION UI = "DB Default"
+  }
+
+  FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
+  !ifdef $(DBT_DEFAULT_FILE1)
+SECTION RAW = $(DBT_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE2)
+SECTION RAW = $(DBT_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE3)
+SECTION RAW = $(DBT_DEFAULT_FILE3)
+  !endif
+SECTION UI = "DBT Default"
+  }
+
+  FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
+  !ifdef $(DBX_DEFAULT_FILE1)
+SECTION RAW = $(DBX_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE2)
+SECTION RAW = $(DBX_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE3)
+SECTION RAW = $(DBX_DEFAULT_FILE3)
+  !endif
+SECTION UI = "DBX Default"
+  }
+
+!endif
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77326): https://edk2.groups.io/g/devel/message/77326
Mute This Topic: https://groups.io/mt/83891032/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 8/8] SecurityPkg: Add option to reset secure boot keys.

This commit add option which allows reset content of Secure Boot
keys and databases to default variables.

Signed-off-by: Grzegorz Bernacki 
Reviewed-by: Sunny Wang 
Reviewed-by: Pete Batard 
Tested-by: Pete Batard  on Raspberry Pi 4
---
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf  
   |   1 +
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h 
   |   2 +
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr 
   |   6 +
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c   
   | 154 
 
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni
 |   4 +
 5 files changed, 167 insertions(+)

diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
index 30d9cd8025..bd8d256dde 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -109,6 +109,7 @@
 [Protocols]
   gEfiHiiConfigAccessProtocolGuid   ## PRODUCES
   gEfiDevicePathProtocolGuid## PRODUCES
+  gEfiHiiPopupProtocolGuid
 
 [Depex]
   gEfiHiiConfigRoutingProtocolGuid  AND
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
index 6e54a4b0f2..4ecc25efc3 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
@@ -54,6 +54,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #define KEY_VALUE_FROM_DBX_TO_LIST_FORM   0x100f
 
+#define KEY_SECURE_BOOT_RESET_TO_DEFAULT  0x1010
+
 #define KEY_SECURE_BOOT_OPTION0x1100
 #define KEY_SECURE_BOOT_PK_OPTION 0x1101
 #define KEY_SECURE_BOOT_KEK_OPTION0x1102
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
index fa7e11848c..e4560c592c 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
@@ -69,6 +69,12 @@ formset
 endif;
 endif;
 
+text
+  help   = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS_HELP),
+  text   = STRING_TOKEN(STR_SECURE_RESET_TO_DEFAULTS),
+  flags  = INTERACTIVE,
+  key= KEY_SECURE_BOOT_RESET_TO_DEFAULT;
+
   endform;
 
   //
diff --git 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index 67e5e594ed..47f281873b 100644
--- 
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ 
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
 #include "SecureBootConfigImpl.h"
+#include 
 #include 
 #include 
 
@@ -4154,6 +4155,132 @@ ON_EXIT:
   return Status;
 }
 
+/**
+  This function reinitializes Secure Boot variables with default values.
+
+  @retval   EFI_SUCCESS   Success to update the signature list page
+  @retval   othersFail to delete or enroll signature data.
+**/
+
+STATIC EFI_STATUS
+EFIAPI
+KeyEnrollReset (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+  UINT8   SetupMode;
+
+  Status = EFI_SUCCESS;
+
+  Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
+  if (EFI_ERROR(Status)) {
+return Status;
+  }
+
+  // Clear all the keys and databases
+  Status = DeleteDb ();
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+DEBUG ((DEBUG_ERROR, "Fail to clear DB: %r\n", Status));
+return Status;
+  }
+
+  Status = DeleteDbx ();
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+DEBUG ((DEBUG_ERROR, "Fail to clear DBX: %r\n", Status));
+return Status;
+  }
+
+  Status = DeleteDbt ();
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+DEBUG ((DEBUG_ERROR, "Fail to clear DBT: %r\n", Status));
+return Status;
+  }
+
+  Status = DeleteKEK ();
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+DEBUG ((DEBUG_ERROR, "Fail to clear KEK: %r\n", Status));
+return Status;
+  }
+
+  Status = DeletePlatformKey ();
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+DEBUG ((DEBUG_ERROR, "Fail to clear PK: %r\n", Status));
+return Status;
+  }
+
+  // After PK clear, Setup Mode shall be enabled
+  Status = GetSetupMode (&SetupMode);
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Cannot get SetupMode variable: %r\n",
+  Status));
+return Status;
+  }
+
+  if (SetupMode == USER_MODE) {
+DEBUG((DEBUG_

[edk2-devel] [PATCH v4 6/8] SecurityPkg: Add EnrollFromDefaultKeys application.

This application allows user to force key enrollment from
Secure Boot default variables.

Signed-off-by: Grzegorz Bernacki 
---
 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf |  47 
+
 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c   | 109 

 2 files changed, 156 insertions(+)
 create mode 100644 
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
 create mode 100644 
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c

diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf 
b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
new file mode 100644
index 00..4d79ca3844
--- /dev/null
+++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
@@ -0,0 +1,47 @@
+## @file
+#  Enroll PK, KEK, db, dbx from Default variables
+#
+#  Copyright (c) 2021, ARM Ltd. All rights reserved.
+#  Copyright (c) 2021, Semihalf All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION= 1.28
+  BASE_NAME  = EnrollFromDefaultKeysApp
+  FILE_GUID  = 6F18CB2F-1293-4BC1-ABB8-35F84C71812E
+  MODULE_TYPE= UEFI_APPLICATION
+  VERSION_STRING = 0.1
+  ENTRY_POINT= UefiMain
+
+[Sources]
+  EnrollFromDefaultKeysApp.c
+
+[Packages]
+  MdeModulePkg/MdeModulePkg.dec
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[Guids]
+  gEfiCertPkcs7Guid
+  gEfiCertSha256Guid
+  gEfiCertX509Guid
+  gEfiCustomModeEnableGuid
+  gEfiGlobalVariableGuid
+  gEfiImageSecurityDatabaseGuid
+  gEfiSecureBootEnableDisableGuid
+
+[Protocols]
+  gEfiSmbiosProtocolGuid ## CONSUMES
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  PrintLib
+  UefiApplicationEntryPoint
+  UefiBootServicesTableLib
+  UefiLib
+  UefiRuntimeServicesTableLib
+  SecureBootVariableLib
diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c 
b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
new file mode 100644
index 00..3407c1c4b9
--- /dev/null
+++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
@@ -0,0 +1,109 @@
+/** @file
+  Enroll default PK, KEK, db, dbx.
+
+Copyright (c) 2021, ARM Ltd. All rights reserved.
+Copyright (c) 2021, Semihalf All rights reserved.
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include // gEfiCustomModeEnableGuid
+#include  // EFI_SETUP_MODE_NAME
+#include // EFI_IMAGE_SECURITY_DATABASE
+#include  // GUID_STRING_LENGTH
+#include// CopyGuid()
+#include // ASSERT()
+#include  // FreePool()
+#include // AsciiSPrint()
+#include // gBS
+#include  // AsciiPrint()
+#include  // gRT
+#include 
+#include 
+
+/**
+  Entry point function of this shell application.
+**/
+EFI_STATUS
+EFIAPI
+UefiMain (
+  IN EFI_HANDLEImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS Status;
+  UINT8  SetupMode;
+
+  Status = GetSetupMode (&SetupMode);
+  if (EFI_ERROR (Status)) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Cannot get SetupMode variable: 
%r\n", Status);
+return 1;
+  }
+
+  if (SetupMode == USER_MODE) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Skipped - USER_MODE\n");
+return 1;
+  }
+
+  Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
+  if (EFI_ERROR (Status)) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Cannot set CUSTOM_SECURE_BOOT_MODE: 
%r\n", Status);
+return 1;
+  }
+
+  Status = EnrollDbFromDefault ();
+  if (EFI_ERROR (Status)) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll db: %r\n", Status);
+goto error;
+  }
+
+  Status = EnrollDbxFromDefault ();
+  if (EFI_ERROR (Status)) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbt: %r\n", Status);
+  }
+
+  Status = EnrollDbtFromDefault ();
+  if (EFI_ERROR (Status)) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbx: %r\n", Status);
+  }
+
+  Status = EnrollKEKFromDefault ();
+  if (EFI_ERROR (Status)) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll KEK: %r\n", Status);
+goto cleardbs;
+  }
+
+  Status = EnrollPKFromDefault ();
+  if (EFI_ERROR (Status)) {
+AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll PK: %r\n", Status);
+goto clearKEK;
+  }
+
+  Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
+  if (EFI_ERROR (Status)) {
+AsciiPrint (
+  "EnrollFromDefaultKeysApp: Cannot set CustomMode to 
STANDARD_SECURE_BOOT_MODE\n"
+  "Please do it manually, otherwise system can be easily compromised\n"
+  );
+  }
+  return 0;
+
+clearKEK:
+  DeleteKEK ();
+
+cleardbs:
+  DeleteDbt ();
+  DeleteDbx ();
+  DeleteDb ();
+
+error:
+  Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
+  if (EFI_ERROR (Status)) {
+AsciiP

[edk2-devel] [edk2-platforms PATCH v4 10/12] ARM Silicon and Platforms: add SecureBootVariableLib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each ARM platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki 
---
 Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 1 +
 Platform/Qemu/SbsaQemu/SbsaQemu.dsc  | 1 +
 Platform/RaspberryPi/RPi3/RPi3.dsc   | 1 +
 Platform/RaspberryPi/RPi4/RPi4.dsc   | 1 +
 Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 4 
 5 files changed, 8 insertions(+)

diff --git a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc 
b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
index fee7cfcc2d..60fdb244ba 100644
--- a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
+++ b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
@@ -129,6 +129,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc 
b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
index 11ce361cdb..b1c4030ec9 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
@@ -156,6 +156,7 @@ DEFINE NETWORK_HTTP_BOOT_ENABLE   = FALSE
   #
   
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc 
b/Platform/RaspberryPi/RPi3/RPi3.dsc
index 53825bcf62..73f7f2f8c3 100644
--- a/Platform/RaspberryPi/RPi3/RPi3.dsc
+++ b/Platform/RaspberryPi/RPi3/RPi3.dsc
@@ -167,6 +167,7 @@
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc 
b/Platform/RaspberryPi/RPi4/RPi4.dsc
index fd73c4d14b..d38fee8fb8 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -164,6 +164,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc 
b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
index 88454c1f90..41b7c3bced 100644
--- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
+++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
@@ -52,6 +52,10 @@
 
   
MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
 
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+!endif
+
 [LibraryClasses.common.SEC]
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
   BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77332): https://edk2.groups.io/g/devel/message/77332
Mute This Topic: https://groups.io/mt/83891040/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 7/8] SecurityPkg: Add new modules to Security package.

This commits adds modules related to initialization and
usage of default Secure Boot key variables to SecurityPkg.

Signed-off-by: Grzegorz Bernacki 
Reviewed-by: Sunny Wang 
Reviewed-by: Pete Batard 
Tested-by: Pete Batard  on Raspberry Pi 4
---
 SecurityPkg/SecurityPkg.dec | 14 ++
 SecurityPkg/SecurityPkg.dsc |  3 +++
 2 files changed, 17 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 4001650fa2..e6aab4dce7 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -190,6 +190,20 @@
   ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm
   gTcg2MmSwSmiRegisteredGuid = { 0x9d4548b9, 0xa48d, 0x4db4, { 0x9a, 
0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } }
 
+  ## GUID used to specify section with default PK content
+  gDefaultPKFileGuid = { 0x85254ea7, 0x4759, 0x4fc4, { 0x82, 
0xd4, 0x5e, 0xed, 0x5f, 0xb0, 0xa4, 0xa0 } }
+
+  ## GUID used to specify section with default KEK content
+  gDefaultKEKFileGuid= { 0x6f64916e, 0x9f7a, 0x4c35, { 0xb9, 
0x52, 0xcd, 0x04, 0x1e, 0xfb, 0x05, 0xa3 } }
+
+  ## GUID used to specify section with default db content
+  gDefaultdbFileGuid = { 0xc491d352, 0x7623, 0x4843, { 0xac, 
0xcc, 0x27, 0x91, 0xa7, 0x57, 0x44, 0x21 } }
+
+  ## GUID used to specify section with default dbx content
+  gDefaultdbxFileGuid= { 0x5740766a, 0x718e, 0x4dc0, { 0x99, 
0x35, 0xc3, 0x6f, 0x7d, 0x3f, 0x88, 0x4f } }
+
+  ## GUID used to specify section with default dbt content
+  gDefaultdbtFileGuid= { 0x36c513ee, 0xa338, 0x4976, { 0xa0, 
0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
 
 [Ppis]
   ## The PPI GUID for that TPM physical presence should be locked.
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 854f250625..f2f90f49de 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -259,6 +259,9 @@
 
 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
   SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  SecurityPkg/EnrollFromDefaultKeys/EnrollFromDefaultKeys.inf
+  
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys/SecureBootDefaultKeys.inf
 
 [Components.IA32, Components.X64, Components.AARCH64]
   #
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77329): https://edk2.groups.io/g/devel/message/77329
Mute This Topic: https://groups.io/mt/83891036/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-platforms PATCH v4 09/12] Intel Platforms: add SecureBootVariableLib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki 
---
 Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 +
 Platform/Intel/QuarkPlatformPkg/Quark.dsc   | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc| 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 3 ++-
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc 
b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
index b154f9615d..5157c87a9a 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
@@ -139,6 +139,7 @@
 
 !if gMinPlatformPkgTokenSpaceGuid.PcdUefiSecureBootEnable == TRUE
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !endif
 
   SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
diff --git a/Platform/Intel/QuarkPlatformPkg/Quark.dsc 
b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
index cc1eba4df4..35f99429f7 100644
--- a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
+++ b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
@@ -175,6 +175,7 @@
 !if $(SECURE_BOOT_ENABLE)
   
PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc 
b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index d15da40819..5a0d3e31e1 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -227,6 +227,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc 
b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 4a5548b80e..36a5ae333c 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -1,4 +1,4 @@
-#/** @file
+e
 # Platform description.
 #
 # Copyright (c) 2012  - 2021, Intel Corporation. All rights reserved.
@@ -229,6 +229,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77331): https://edk2.groups.io/g/devel/message/77331
Mute This Topic: https://groups.io/mt/83891039/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-platforms PATCH v4 11/12] RISC-V Platforms: add SecureBootVariableLib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each RICS-V platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki 
---
 Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc   | 1 +
 Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc 
b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
index b91823ceeb..fc5ba2a07f 100644
--- a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
+++ b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
@@ -122,6 +122,7 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
   
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git 
a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc 
b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
index 0eafe29880..71add8ff9a 100644
--- a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
+++ b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
@@ -122,6 +122,7 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
   
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77333): https://edk2.groups.io/g/devel/message/77333
Mute This Topic: https://groups.io/mt/83891041/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-platforms PATCH v4 12/12] Platform/RaspberryPi: Enable default Secure Boot variables initialization

This commit allows to initialize Secure Boot default key
and databases from data embedded in firmware binary.

Signed-off-by: Grzegorz Bernacki 
Reviewed-by: Sunny Wang 
Reviewed-by: Pete Batard 
Tested-by: Pete Batard  on Raspberry Pi 4
---
 Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +++
 Platform/RaspberryPi/RPi4/RPi4.fdf | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc 
b/Platform/RaspberryPi/RPi4/RPi4.dsc
index d38fee8fb8..54bb282ff2 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -218,6 +218,7 @@
   
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
   HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+  ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
 
 [LibraryClasses.common.UEFI_DRIVER]
@@ -621,6 +622,8 @@
   
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
   }
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
+  
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !else
   MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
 !endif
diff --git a/Platform/RaspberryPi/RPi4/RPi4.fdf 
b/Platform/RaspberryPi/RPi4/RPi4.fdf
index 1e13909a57..8508065a77 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.fdf
+++ b/Platform/RaspberryPi/RPi4/RPi4.fdf
@@ -189,7 +189,9 @@ READ_LOCK_STATUS   = TRUE
   INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
   INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(SECURE_BOOT_ENABLE) == TRUE
+!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
   INF 
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  INF 
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !endif
   INF 
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
   INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77334): https://edk2.groups.io/g/devel/message/77334
Mute This Topic: https://groups.io/mt/83891042/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 03/28] OvmfPkg/ResetVector: add the macro to request guest termination

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The upcoming SEV-SNP support will need to make a few additional guest
termination requests depending on the failure type. Let's move the logic
to request the guest termination into a macro to keep the code readable.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Suggested-by: Laszlo Ersek 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm | 87 +++--
 1 file changed, 45 insertions(+), 42 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm 
b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 2c478cda314b..c4c00056f9f3 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -39,6 +39,13 @@ BITS32
 %define SEV_GHCB_MSR0xc0010130
 %define SEV_STATUS_MSR  0xc0010131
 
+; The #VC was not for CPUID
+%define TERM_VC_NOT_CPUID   1
+
+; The unexpected response code
+%define TERM_UNEXPECTED_RESP_CODE   2
+
+
 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
 ; responsible to populate values in the EDX:EAX registers. After the vmmcall
 ; returns, it verifies that the response code matches with the expected
@@ -74,6 +81,43 @@ BITS32
 jne SevEsUnexpectedRespTerminate
 %endmacro
 
+; Macro to terminate the guest using the VMGEXIT.
+; arg 1: reason code
+%macro TerminateVmgExit 1
+mov eax, %1
+;
+; Use VMGEXIT to request termination. At this point the reason code is
+; located in EAX, so shift it left 16 bits to the proper location.
+;
+; EAX[11:0]  => 0x100 - request termination
+; EAX[15:12] => 0x1   - OVMF
+; EAX[23:16] => 0xXX  - REASON CODE
+;
+shl eax, 16
+or  eax, 0x1100
+xor edx, edx
+mov ecx, SEV_GHCB_MSR
+wrmsr
+;
+; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
+; mode, so work around this by temporarily switching to 64-bit mode.
+;
+BITS64
+rep vmmcall
+BITS32
+
+;
+; We shouldn't come back from the VMGEXIT, but if we do, just loop.
+;
+%%TerminateHlt:
+hlt
+jmp %%TerminateHlt
+%endmacro
+
+; Terminate the guest due to unexpected response code.
+SevEsUnexpectedRespTerminate:
+TerminateVmgExitTERM_UNEXPECTED_RESP_CODE
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -228,48 +272,7 @@ SevEsDisabled:
 ;
 
 SevEsIdtNotCpuid:
-;
-; Use VMGEXIT to request termination.
-;   1 - #VC was not for CPUID
-;
-mov eax, 1
-jmp SevEsIdtTerminate
-
-SevEsUnexpectedRespTerminate:
-;
-; Use VMGEXIT to request termination.
-;   2 - Unexpected Response is received
-;
-mov eax, 2
-
-SevEsIdtTerminate:
-;
-; Use VMGEXIT to request termination. At this point the reason code is
-; located in EAX, so shift it left 16 bits to the proper location.
-;
-; EAX[11:0]  => 0x100 - request termination
-; EAX[15:12] => 0x1   - OVMF
-; EAX[23:16] => 0xXX  - REASON CODE
-;
-shl eax, 16
-or  eax, 0x1100
-xor edx, edx
-mov ecx, SEV_GHCB_MSR
-wrmsr
-;
-; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
-; mode, so work around this by temporarily switching to 64-bit mode.
-;
-BITS64
-rep vmmcall
-BITS32
-
-;
-; We shouldn't come back from the VMGEXIT, but if we do, just loop.
-;
-SevEsIdtHlt:
-hlt
-jmp SevEsIdtHlt
+TerminateVmgExit TERM_VC_NOT_CPUID
 iret
 
 ;
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77338): https://edk2.groups.io/g/devel/message/77338
Mute This Topic: https://groups.io/mt/83891514/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 00/28] Add AMD Secure Nested Paging (SEV-SNP) support

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based memory protections. SEV-SNP adds strong memory integrity
protection to help prevent malicious hypervisor-based attacks like data
replay, memory re-mapping and more in order to create an isolated memory
encryption environment.

This series provides the basic building blocks to support booting the SEV-SNP
VMs, it does not cover all the security enhancement introduced by the SEV-SNP
such as interrupt protection.

Many of the integrity guarantees of SEV-SNP are enforced through a new
structure called the Reverse Map Table (RMP). Adding a new page to SEV-SNP
VM requires a 2-step process. First, the hypervisor assigns a page to the
guest using the new RMPUPDATE instruction. This transitions the page to
guest-invalid. Second, the guest validates the page using the new PVALIDATE
instruction. The SEV-SNP VMs can use the new "Page State Change Request NAE"
defined in the GHCB specification to ask hypervisor to add or remove page
from the RMP table.

Each page assigned to the SEV-SNP VM can either be validated or unvalidated,
as indicated by the Validated flag in the page's RMP entry. There are two
approaches that can be taken for the page validation: Pre-validation and
Lazy Validation.

Under pre-validation, the pages are validated prior to first use. And under
lazy validation, pages are validated when first accessed. An access to a
unvalidated page results in a #VC exception, at which time the exception
handler may validate the page. Lazy validation requires careful tracking of
the validated pages to avoid validating the same GPA more than once. The
recently introduced "Unaccepted" memory type can be used to communicate the
unvalidated memory ranges to the Guest OS.

At this time we only support the pre-validation. OVMF detects all the available
system RAM in the PEI phase. When SEV-SNP is enabled, the memory is validated
before it is made available to the EDK2 core.

This series does not implements the following SEV-SNP features yet:

* CPUID filtering
* Lazy validation
* Interrupt security

Additional resources
-
SEV-SNP whitepaper
https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf

APM 2: https://www.amd.com/system/files/TechDocs/24593.pdf (section 15.36)

The complete source is available at
https://github.com/AMDESE/ovmf/tree/sev-snp-rfc-5

GHCB spec:
https://developer.amd.com/wp-content/resources/56421.pdf

SEV-SNP firmware specification:
https://www.amd.com/system/files/TechDocs/56860.pdf

Change since v4:
* Use the correct MSR for the SEV_STATUS
* Add VMPL-0 check

Change since v3:
* ResetVector: move all SEV specific code in AmdSev.asm and add macros to keep
the code readable.
* Drop extending the EsWorkArea to contain SNP specific state.
* Drop the GhcbGpa library and call the VmgExit directly to register GHCB GPA.
* Install the CC blob config table from AmdSevDxe instead of extending the
AmdSev/SecretsDxe for it.
* Add the separate PCDs for the SNP Secrets.

Changes since v2:
* Add support for the AP creation.
* Use the module-scoping override to make AmdSevDxe use the IO port for PCI
reads.
* Use the reserved memory type for CPUID and Secrets page.
*
Changes since v1:
* Drop the interval tree support to detect the pre-validated overlap region.
* Use an array to keep track of pre-validated regions.
* Add support to query the Hypervisor feature and verify that SNP feature is
supported.
* Introduce MemEncryptSevClearMmioPageEncMask() to clear the C-bit from MMIO
ranges.
* Pull the SevSecretDxe and SevSecretPei into OVMF package build.
* Extend the SevSecretDxe to expose confidential computing blob location
through
EFI configuration table.

Brijesh Singh (27):
OvmfPkg/ResetVector: move SEV specific code in a separate file
OvmfPkg/ResetVector: add the macro to invoke MSR protocol based
VMGEXIT
OvmfPkg/ResetVector: add the macro to request guest termination
OvmfPkg: reserve SNP secrets page
OvmfPkg: reserve CPUID page for SEV-SNP
OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID
OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase
OvmfPkg/ResetVector: invalidate the GHCB page
OvmfPkg/ResetVector: check the vmpl level
UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs
OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled()
OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest
OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest
OvmfPkg/AmdSevDxe: do not use extended PCI config space
OvmfPkg/MemEncryptSevLib: add support to validate system RAM
OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM
OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI
phase
OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv
OvmfPkg/PlatformPei: validate

[edk2-devel] [RFC PATCH v5 01/28] OvmfPkg/ResetVector: move SEV specific code in a separate file

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The PageTables64.asm was created to provide routines to set the CR3
register for 64-bit paging. During the SEV support, it grew to include a
lot of the SEV stuff. Before adding more SEV features, let's move all
the SEV-specific routines into a separate file.

No functionality change intended.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Suggested-by: Laszlo Ersek 
Signed-off-by: Brijesh Singh 
---
 .../Ia32/{PageTables64.asm => AmdSev.asm} | 140 ---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 391 --
 OvmfPkg/ResetVector/ResetVector.nasmb |   1 +
 3 files changed, 1 insertion(+), 531 deletions(-)
 copy OvmfPkg/ResetVector/Ia32/{PageTables64.asm => AmdSev.asm} (71%)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm 
b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
similarity index 71%
copy from OvmfPkg/ResetVector/Ia32/PageTables64.asm
copy to OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 5fae8986d9da..b32dd3b5d656 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -10,33 +10,6 @@
 
 BITS32
 
-%define PAGE_PRESENT0x01
-%define PAGE_READ_WRITE 0x02
-%define PAGE_USER_SUPERVISOR0x04
-%define PAGE_WRITE_THROUGH  0x08
-%define PAGE_CACHE_DISABLE 0x010
-%define PAGE_ACCESSED  0x020
-%define PAGE_DIRTY 0x040
-%define PAGE_PAT   0x080
-%define PAGE_GLOBAL   0x0100
-%define PAGE_2M_MBO0x080
-%define PAGE_2M_PAT  0x01000
-
-%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \
-  PAGE_DIRTY + \
-  PAGE_READ_WRITE + \
-  PAGE_PRESENT)
-
-%define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \
-  PAGE_ACCESSED + \
-  PAGE_DIRTY + \
-  PAGE_READ_WRITE + \
-  PAGE_PRESENT)
-
-%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
-   PAGE_READ_WRITE + \
-   PAGE_PRESENT)
-
 ;
 ; SEV-ES #VC exception handler support
 ;
@@ -213,119 +186,6 @@ IsSevEsEnabled:
 SevEsDisabled:
 OneTimeCallRet IsSevEsEnabled
 
-;
-; Modified:  EAX, EBX, ECX, EDX
-;
-SetCr3ForPageTables64:
-
-OneTimeCall   CheckSevFeatures
-xor edx, edx
-testeax, eax
-jz  SevNotActive
-
-; If SEV is enabled, C-bit is always above 31
-sub eax, 32
-bts edx, eax
-
-SevNotActive:
-
-;
-; For OVMF, build some initial page tables at
-; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000).
-;
-; This range should match with PcdOvmfSecPageTablesSize which is
-; declared in the FDF files.
-;
-; At the end of PEI, the pages tables will be rebuilt into a
-; more permanent location by DxeIpl.
-;
-
-mov ecx, 6 * 0x1000 / 4
-xor eax, eax
-clearPageTablesMemoryLoop:
-mov dword[ecx * 4 + PT_ADDR (0) - 4], eax
-loopclearPageTablesMemoryLoop
-
-;
-; Top level Page Directory Pointers (1 * 512GB entry)
-;
-mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR
-mov dword[PT_ADDR (4)], edx
-
-;
-; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
-;
-mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR
-mov dword[PT_ADDR (0x1004)], edx
-mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR
-mov dword[PT_ADDR (0x100C)], edx
-mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR
-mov dword[PT_ADDR (0x1014)], edx
-mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR
-mov dword[PT_ADDR (0x101C)], edx
-
-;
-; Page Table Entries (2048 * 2MB entries => 4GB)
-;
-mov ecx, 0x800
-pageTableEntriesLoop:
-mov eax, ecx
-dec eax
-shl eax, 21
-add eax, PAGE_2M_PDE_ATTR
-mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
-mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
-looppageTableEntriesLoop
-
-OneTimeCall   IsSevEsEnabled
-testeax, eax
-jz  SetCr3
-
-;
-; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted.
-; This requires the 2MB page for this range be broken down into 512 4KB
-; pages.  All will be marked encrypted, except for the GHCB.
-;
-mov ecx, (GHCB_BASE >> 21)
-mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
-mov [ecx * 8 + PT_ADDR (0x2000)], eax
-
-;
-; Page Table Entries (512 * 4KB entries => 2MB)
-;
-mov ecx, 512
-pageTableEntries4kLoop:
-mov eax, ecx
-dec eax
-shl eax, 12
-add eax, GHCB_BASE & 0xFFE0_
-add eax, PAGE_4K_PDE_ATTR
-mov [ecx * 8 + GHCB_PT_ADDR - 8], eax
-mov [(ecx * 8 + GHCB_PT_ADDR - 8) +

[edk2-devel] [RFC PATCH v5 02/28] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The upcoming SEV-SNP support will need to make a few additional MSR
protocol based VMGEXIT's. Add a macro that wraps the common setup and
response validation logic in one place to keep the code readable.

While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS
MSR instead of open coding it.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Suggested-by: Laszlo Ersek 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm | 71 +++--
 1 file changed, 47 insertions(+), 24 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm 
b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index b32dd3b5d656..2c478cda314b 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -36,6 +36,44 @@ BITS32
 %define CPUID_INSN_LEN  2
 
 
+%define SEV_GHCB_MSR0xc0010130
+%define SEV_STATUS_MSR  0xc0010131
+
+; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
+; responsible to populate values in the EDX:EAX registers. After the vmmcall
+; returns, it verifies that the response code matches with the expected
+; code. If it does not match then terminate the guest. The result of request
+; is returned in the EDX:EAX.
+;
+; args 1:Request code, 2: Response code
+%macro VmgExit 2
+;
+; Add request code:
+;   GHCB_MSR[11:0]  = Request code
+or  eax, %1
+
+mov ecx, SEV_GHCB_MSR
+wrmsr
+
+; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
+; mode, so work around this by temporarily switching to 64-bit mode.
+;
+BITS64
+rep vmmcall
+BITS32
+
+mov ecx, SEV_GHCB_MSR
+rdmsr
+
+;
+; Verify the reponse code, if it does not match then request to terminate
+;   GHCB_MSR[11:0]  = Response code
+mov ecx, eax
+and ecx, 0xfff
+cmp ecx, %2
+jne SevEsUnexpectedRespTerminate
+%endmacro
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -85,7 +123,7 @@ CheckSevFeatures:
 
 ; Check if SEV memory encryption is enabled
 ;  MSR_0xC0010131 - Bit 0 (SEV enabled)
-mov   ecx, 0xc0010131
+mov   ecx, SEV_STATUS_MSR
 rdmsr
 bteax, 0
 jnc   NoSev
@@ -100,7 +138,7 @@ CheckSevFeatures:
 
 ; Check if SEV-ES is enabled
 ;  MSR_0xC0010131 - Bit 1 (SEV-ES enabled)
-mov   ecx, 0xc0010131
+mov   ecx, SEV_STATUS_MSR
 rdmsr
 bteax, 1
 jnc   GetSevEncBit
@@ -197,10 +235,10 @@ SevEsIdtNotCpuid:
 mov eax, 1
 jmp SevEsIdtTerminate
 
-SevEsIdtNoCpuidResponse:
+SevEsUnexpectedRespTerminate:
 ;
 ; Use VMGEXIT to request termination.
-;   2 - GHCB_CPUID_RESPONSE not received
+;   2 - Unexpected Response is received
 ;
 mov eax, 2
 
@@ -216,7 +254,7 @@ SevEsIdtTerminate:
 shl eax, 16
 or  eax, 0x1100
 xor edx, edx
-mov ecx, 0xc0010130
+mov ecx, SEV_GHCB_MSR
 wrmsr
 ;
 ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
@@ -276,7 +314,7 @@ SevEsIdtVmmComm:
 mov [esp + VC_CPUID_REQUEST_REGISTER], eax
 
 ; Save current GHCB MSR value
-mov ecx, 0xc0010130
+mov ecx, SEV_GHCB_MSR
 rdmsr
 mov [esp + VC_GHCB_MSR_EAX], eax
 mov [esp + VC_GHCB_MSR_EDX], edx
@@ -293,31 +331,16 @@ NextReg:
 jge VmmDone
 
 shl eax, GHCB_CPUID_REGISTER_SHIFT
-or  eax, GHCB_CPUID_REQUEST
 mov edx, [esp + VC_CPUID_FUNCTION]
-mov ecx, 0xc0010130
-wrmsr
 
-;
-; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
-; mode, so work around this by temporarily switching to 64-bit mode.
-;
-BITS64
-rep vmmcall
-BITS32
+VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE
 
 ;
-; Read GHCB MSR
+; Response GHCB MSR
 ;   GHCB_MSR[63:32] = CPUID register value
 ;   GHCB_MSR[31:30] = CPUID register
 ;   GHCB_MSR[11:0]  = CPUID response protocol
 ;
-mov ecx, 0xc0010130
-rdmsr
-mov ecx, eax
-and ecx, 0xfff
-cmp ecx, GHCB_CPUID_RESPONSE
-jne SevEsIdtNoCpuidResponse
 
 ; Save returned value
 shr eax, GHCB_CPUID_REGISTER_SHIFT
@@ -335,7 +358,7 @@ VmmDone:
 ;
 mov eax, [esp + VC_GHCB_MSR_EAX]
 mov edx, [esp + VC_GHCB_MSR_EDX]
-mov ecx, 0xc0010130
+mov ecx, SEV_GHCB_MSR
 wrmsr
 
 mov eax, [esp + VC_CPUID_RESULT_EAX]
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77337): https://edk2.groups.io/g/devel/message/77337
Mute This Topic: https://groups.io/mt/83891

[edk2-devel] [RFC PATCH v5 05/28] OvmfPkg: reserve CPUID page for SEV-SNP

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/OvmfPkg.dec| 6 ++
 OvmfPkg/OvmfPkgX64.fdf | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 106a368ec975..93f759534ade 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -328,6 +328,12 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48
 
+  ## The base address and size of the SEV-SNP CPUID Area that contains
+  #  the PSP filtered CPUID results. If this is set in the .fdf, the
+  #  platform is responsible to reserve this area from DXE phase overwrites.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x49
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x50
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 902c6a4e9ea1..3e257aaf72bd 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -91,6 +91,9 @@ [FD.MEMFD]
 0x00D000|0x001000
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
 
+0x00E000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize
+
 0x01|0x01
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
 
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77340): https://edk2.groups.io/g/devel/message/77340
Mute This Topic: https://groups.io/mt/83891516/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 04/28] OvmfPkg: reserve SNP secrets page

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to the PSP.

The purpose of the secrets page in the SEV-SNP is different from the one
used in SEV guests. In SEV, the secrets page contains the guest owner's
private data after the remote attestation.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/OvmfPkg.dec| 7 +++
 OvmfPkg/OvmfPkgX64.fdf | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f..106a368ec975 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -321,6 +321,13 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43
 
+  ## The base address and size of the SEV-SNP Secrets Area that contains
+  #  the VM platform communication key used to send and recieve the
+  #  messages to the PSP. If this is set in the .fdf, the platform
+  #  is responsible to reserve this area from DXE phase overwrites.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x47
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x48
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 5fa8c0895808..902c6a4e9ea1 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -88,6 +88,9 @@ [FD.MEMFD]
 0x00C000|0x001000
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
 
+0x00D000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+
 0x01|0x01
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
 
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77339): https://edk2.groups.io/g/devel/message/77339
Mute This Topic: https://groups.io/mt/83891515/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 06/28] OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Introduce a new SEV-SNP boot-specific GUID block. The block is used to
communicate the secrets and cpuid memory area reserved by the guest BIOS.
When SEV-SNP is enabled, the hypervisor will locate the SEV-SNP boot
block to get the location of the Secrets and CPUID page and call the
PSP firmware command to populate those memory areas.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/ResetVector/ResetVector.inf  |  4 
 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 22 
 OvmfPkg/ResetVector/ResetVector.nasmb|  4 
 3 files changed, 30 insertions(+)

diff --git a/OvmfPkg/ResetVector/ResetVector.inf 
b/OvmfPkg/ResetVector/ResetVector.inf
index dc38f68919cd..9a95d8687345 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -47,3 +47,7 @@ [Pcd]
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize
diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm 
b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
index 9c0b5853a46f..ecf1dbcc2caf 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -47,6 +47,28 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + 
15) % 16)) DB 0
 ;
 guidedStructureStart:
 
+;
+; SEV-SNP boot support
+;
+; sevSnpBlock:
+;   For the initial boot of SEV-SNP guest, a CPUID and Secrets page must
+;   be reserved by the BIOS at a RAM area defined by SNP_CPUID_BASE and
+;   SNP_SECRETS_BASE. A hypervisor will locate this information using the
+;   SEV-SNP boot block GUID and provide the GPA to the PSP to populate
+;   the memory area with the required information..
+;
+; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9
+;
+sevSnpBootBlockStart:
+DD  SNP_SECRETS_BASE
+DD  SNP_SECRETS_SIZE
+DD  SNP_CPUID_BASE
+DD  SNP_CPUID_SIZE
+DW  sevSnpBootBlockEnd - sevSnpBootBlockStart
+DB  0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42
+DB  0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9
+sevSnpBootBlockEnd:
+
 ;
 ; SEV Secret block
 ;
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb 
b/OvmfPkg/ResetVector/ResetVector.nasmb
index 8a3269cfc212..247f4eb0dc5e 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -89,5 +89,9 @@
   %define SEV_ES_AP_RESET_IP  FixedPcdGet32 (PcdSevEsWorkAreaBase)
   %define SEV_LAUNCH_SECRET_BASE  FixedPcdGet32 (PcdSevLaunchSecretBase)
   %define SEV_LAUNCH_SECRET_SIZE  FixedPcdGet32 (PcdSevLaunchSecretSize)
+  %define SNP_CPUID_BASE  FixedPcdGet32 (PcdOvmfSnpCpuidBase)
+  %define SNP_CPUID_SIZE  FixedPcdGet32 (PcdOvmfSnpCpuidSize)
+  %define SNP_SECRETS_BASE  FixedPcdGet32 (PcdOvmfSnpSecretsBase)
+  %define SNP_SECRETS_SIZE  FixedPcdGet32 (PcdOvmfSnpSecretsSize)
 %include "Ia16/ResetVectorVtf0.asm"
 
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77341): https://edk2.groups.io/g/devel/message/77341
Mute This Topic: https://groups.io/mt/83891519/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 07/28] OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
must be validated before being accessed.

The validation process consist of the following sequence:

1) Set the memory encryption attribute in the page table (aka C-bit).
   Note: If the processor is in non-PAE mode, then all the memory accesses
   are considered private.
2) Add the memory range as private in the RMP table. This can be performed
   using the Page State Change VMGEXIT defined in the GHCB specification.
3) Use the PVALIDATE instruction to set the Validated Bit in the RMP table.

During the guest creation time, the VMM encrypts the OVMF_CODE.fd using
the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In addition to
encrypting the content, the command also validates the memory region.
This allows us to execute the code without going through the validation
sequence.

During execution, the reset vector need to access some data pages
(such as page tables, SevESWorkarea, Sec stack). The data pages are
accessed as private memory. The data pages are not part of the
OVMF_CODE.fd, so they were not validated during the guest creation.

There are two approaches we can take to validate the data pages before
the access:

a) Enhance the OVMF reset vector code to validate the pages as described
   above (go through step 2 - 3).
OR
b) Validate the pages during the guest creation time. The SEV firmware
   provides a command which can be used by the VMM to validate the pages
   without affecting the measurement of the launch.

Approach #b seems much simpler; it does not require any changes to the
OVMF reset vector code.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/OvmfPkg.dec  | 5 +
 OvmfPkg/OvmfPkgX64.fdf   | 8 +++-
 OvmfPkg/ResetVector/ResetVector.inf  | 2 ++
 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 5 +
 OvmfPkg/ResetVector/ResetVector.nasmb| 2 ++
 5 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 93f759534ade..d0ec14ca2318 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -334,6 +334,11 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x49
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x50
 
+  ## The start and end of pre-validated memory region by the hypervisor
+  #  through the SEV-SNP firmware.
+  
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UINT32|0x51
+  
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT32|0x52
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 3e257aaf72bd..6bce3369e10d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -105,7 +105,13 @@ [FD.MEMFD]
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
 FV = DXEFV
 
-
+##
+#
+# The range of the pages pre-validated through the SEV-SNP firmware.
+#
+SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart = 
$(MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
+SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd = 
$(MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase
+##
 
 [FV.SECFV]
 FvNameGuid = 763BED0D-DE9F-48F5-81F1-3E90E1B1A015
diff --git a/OvmfPkg/ResetVector/ResetVector.inf 
b/OvmfPkg/ResetVector/ResetVector.inf
index 9a95d8687345..32206855193f 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -51,3 +51,5 @@ [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd
diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm 
b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
index ecf1dbcc2caf..c5a062e69b26 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -57,9 +57,14 @@ guidedStructureStart:
 ;   SEV-SNP boot block GUID and provide the GPA to the PSP to populate
 ;   the memory area with the required information..
 ;
+;   In order to boot the SEV-SNP guest the hypervisor must pre-validated the
+;   memory range fro

[edk2-devel] [RFC PATCH v5 08/28] OvmfPkg/ResetVector: invalidate the GHCB page

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The GHCB page is part of a pre-validated memory range specified through
the SnpBootBlock GUID. When SEV-SNP is active, the GHCB page is
pre-validated by the hyperivosr during the SNP guest creation. On boot,
the reset vector maps the GHCB page as un-encrypted in the initial page
table. Just clearing the encryption attribute from the page table is not
enough. To maintain the security guarantees, the page must be invalidated.

The page invalidation consists of two steps:

1. Use the PVALIDATE instruction to clear Validated Bit from the RMP table.
2. Use the Page State Change VMGEXIT to ask hypervisor to change the page
   state to shared in the RMP table.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm   | 125 ++
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |  13 +++
 2 files changed, 138 insertions(+)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm 
b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index c4c00056f9f3..b6f33d049a43 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -8,6 +8,8 @@
 ;
 ;--
 
+%include "Nasm.inc"
+
 BITS32
 
 ;
@@ -45,6 +47,25 @@ BITS32
 ; The unexpected response code
 %define TERM_UNEXPECTED_RESP_CODE   2
 
+; SNP page state change failure
+%define TERM_PAGE_STATE_CHANAGE 3
+
+; Hypervisor does not support SEV-SNP feature
+%define TERM_HV_UNSUPPORTED_FEATURE 4
+
+; GHCB SEV Information MSR protocol
+%define GHCB_SEV_INFORMATION_REQUEST2
+%define GHCB_SEV_INFORMATION_RESPONSE   1
+
+; GHCB Page Invalidate request and response protocol values
+;
+%define GHCB_PAGE_STATE_CHANGE_REQUEST  20
+%define GHCB_PAGE_STATE_CHANGE_RESPONSE 21
+%define GHCB_PAGE_STATE_SHARED  2
+
+; GHCB Hypervisor features MSR protocol
+%define GHCB_HYPERVISOR_FEATURES_REQUEST128
+%define GHCB_HYPERVISOR_FEATURES_RESPONSE   129
 
 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
 ; responsible to populate values in the EDX:EAX registers. After the vmmcall
@@ -247,6 +268,110 @@ SevExit:
 
 OneTimeCallRet CheckSevFeatures
 
+; The version 2 of GHCB specification added the support to query the hypervisor
+; features. If the GHCB version is >=2 then read the hypervisor features and
+; verify that SEV-SNP feature is supported.
+;
+CheckSnpHypervisorFeatures:
+; Get the SEV Information
+xor eax, eax
+xor edx, edx
+
+VmgExit GHCB_SEV_INFORMATION_REQUEST, GHCB_SEV_INFORMATION_RESPONSE
+
+;
+; SEV Information Response GHCB MSR
+;   GHCB_MSR[63:48] = Maximum protocol version
+;   GHCB_MSR[47:32] = Minimum protocol version
+;
+shr edx, 16
+cmp edx, 2
+jl  SevSnpUnsupportedFeature
+
+; Get the hypervisor features
+xor eax, eax
+xor edx, edx
+
+VmgExit GHCB_HYPERVISOR_FEATURES_REQUEST, GHCB_HYPERVISOR_FEATURES_RESPONSE
+
+;
+; Hypervisor features reponse
+;   GHCB_MSR[63:12] = Features bitmap
+;   BIT0= SEV-SNP Supported
+;
+shr eax, 12
+bt  eax, 0
+jnc SevSnpUnsupportedFeature
+
+CheckSnpHypervisorFeaturesDone:
+OneTimeCallRet CheckSnpHypervisorFeatures
+
+; If its an SEV-SNP guest then use the page state change VMGEXIT to invalidate
+; the GHCB page.
+;
+; Modified:  EAX, EBX, ECX, EDX
+;
+InvalidateGHCBPage:
+; Check if SEV-SNP is enabled
+;  MSR_0xC0010131 - Bit 2 (SEV-SNP enabled)
+mov   ecx, SEV_STATUS_MSR
+rdmsr
+bteax, 2
+jnc   InvalidateGHCBPageDone
+
+; Verify that SEV-SNP feature is supported by the hypervisor.
+OneTimeCall   CheckSnpHypervisorFeatures
+
+; Use PVALIDATE instruction to invalidate the page
+mov eax, GHCB_BASE
+mov ecx, 0
+mov edx, 0
+PVALIDATE
+
+; Save the carry flag to be use later.
+setcdl
+
+; If PVALIDATE fail then abort the launch.
+cmp eax, 0
+jne SevSnpPageStateFailureTerminate
+
+; Check the carry flag to determine if RMP entry was updated.
+cmp dl, 0
+jne SevSnpPageStateFailureTerminate
+
+; Ask hypervisor to change the page state to shared using the
+; Page State Change VMGEXIT.
+;
+; Setup GHCB MSR
+;   GHCB_MSR[55:52] = Page Operation
+;   GHCB_MSR[51:12] = Guest Physical Frame Number
+;
+mov eax, (GHCB_BASE >> 12)
+shl eax, 12
+mov edx, (GHCB_PAGE_STATE_SHARED << 20)
+
+VmgExit  GHCB_PAGE_STATE_CHANGE_REQUEST, GHCB_PAGE_STATE_CHANGE_RESPONSE
+
+;
+; Response GHCB MSR
+;   GHCB_MSR[63:12] = Error code
+;
+cmp edx, 0
+jnz SevSnpPageStateFailureTerminate
+
+InvalidateGHCBPageDone:
+OneTimeCallRet

[edk2-devel] [RFC PATCH v5 12/28] OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/Sec/SecMain.c | 84 +++
 1 file changed, 84 insertions(+)

diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 9db67e17b2aa..c10441ddf472 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -750,6 +750,79 @@ SevEsProtocolFailure (
   CpuDeadLoop ();
 }
 
+/**
+  Determine if SEV-SNP is active.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+
+**/
+STATIC
+BOOLEAN
+SevSnpIsEnabled (
+  VOID
+  )
+{
+  MSR_SEV_STATUS_REGISTER   Msr;
+
+  //
+  // Read the SEV_STATUS MSR to determine whether SEV-SNP is active.
+  //
+  Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
+
+  //
+  // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+  //
+  if (Msr.Bits.SevSnpBit) {
+return TRUE;
+  }
+
+  return FALSE;
+}
+
+STATIC
+VOID
+SevSnpGhcbRegister (
+  UINTN   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS  GuestFrameNumber;
+
+  GuestFrameNumber = Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress = 0;
+  Msr.GhcbGpaRegister.Function = GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber = GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail.
+  //
+  if ((Msr.GhcbGpaRegister.Function != GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE) ||
+  (Msr.GhcbGpaRegister.GuestFrameNumber != GuestFrameNumber)) {
+SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
   Validate the SEV-ES/GHCB protocol level.
 
@@ -791,6 +864,17 @@ SevEsProtocolCheck (
 SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
   }
 
+  //
+  // We cannot use the MemEncryptSevSnpIsEnabled () because the
+  // ProcessLibraryConstructorList () is not called yet.
+  //
+  if (SevSnpIsEnabled ()) {
+//
+// SEV-SNP guest requires that GHCB GPA must be registered before using it.
+//
+SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase));
+  }
+
   //
   // SEV-ES protocol checking succeeded, set the initial GHCB address
   //
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77347): https://edk2.groups.io/g/devel/message/77347
Mute This Topic: https://groups.io/mt/83891527/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 09/28] OvmfPkg/ResetVector: check the vmpl level

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Virtual Machine Privilege Level (VMPL) is an optional feature in the
SEV-SNP architecture, which allows a guest VM to divide its address space
into four levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the highest privilege, and
VMPL3 is the least privilege. Certain operations must be done by the VMPL0
software, such as:

* Validate or invalidate memory range (PVALIDATE instruction)
* Allocate VMSA page (RMPADJUST instruction when VMSA=1)

The initial SEV-SNP support assumes that it's running on VMPL0. Let's add
a check to make sure that we are running at VMPL0 before continuing the
boot. There is no easy method to query the current VMPL level. One simple
approach is to call PVALIDATE instruction and if the instruction causes
a #GP then its SEV-SNP guest is not booted under VMPL0. See the AMD APL
volume 3 (PVALIDATE) for additional information on the PVALIDATE.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm | 89 -
 1 file changed, 87 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm 
b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index b6f33d049a43..a9101ca8b8b2 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -53,6 +53,12 @@ BITS32
 ; Hypervisor does not support SEV-SNP feature
 %define TERM_HV_UNSUPPORTED_FEATURE 4
 
+; SEV-SNP guest is not launched at VMPL-0
+%define TERM_SNP_NOT_VMPL0  5
+
+; The #VC is not for PVALIDATE
+%define TERM_VC_NOT_PVALIDATE   6
+
 ; GHCB SEV Information MSR protocol
 %define GHCB_SEV_INFORMATION_REQUEST2
 %define GHCB_SEV_INFORMATION_RESPONSE   1
@@ -139,6 +145,25 @@ BITS32
 SevEsUnexpectedRespTerminate:
 TerminateVmgExitTERM_UNEXPECTED_RESP_CODE
 
+; Check whether we're booted under the VMPL-0.
+;
+; There is no straightforward way to query the current VMPL level. The simplest
+; method is to use the PVALIDATE instruction to change the page state. If its
+; not a VMPL-0 guest then PVALIDATE will cause #GP.
+;
+CheckSnpVmpl0:
+; This routine is part of the ROM, and should have been validated by the 
SNP
+; guest launch sequence. So its safe to re-validate the page containing
+; this routine.
+mov eax, ADDR_OF(CheckSnpVmpl0)
+mov ecx, 0
+mov edx, 1
+PVALIDATE
+
+; We will reach here only if we are running at VMPL-0.
+
+OneTimeCallRetCheckSnpVmpl0
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -193,6 +218,17 @@ CheckSevFeatures:
 bteax, 0
 jnc   NoSev
 
+; Check if we're SEV-SNP guest and booted under VMPL-0.
+;
+; This check should happen here because the PVALIDATE instruction
+; used in the check will cause an exception. The IDT is active
+; during the CheckSevFeatures only.
+;
+bteax, 2
+jnc   SkipCheckSnpVmpl0
+OneTimeCall CheckSnpVmpl0
+
+SkipCheckSnpVmpl0:
 ; Check for SEV-ES memory encryption feature:
 ; CPUID  Fn8000_001F[EAX] - Bit 3
 ;   CPUID raises a #VC exception if running as an SEV-ES guest
@@ -393,6 +429,36 @@ IsSevEsEnabled:
 SevEsDisabled:
 OneTimeCallRet IsSevEsEnabled
 
+; Start handling of #GP exception handling routines
+;
+SevEsIdtNotPvalidate:
+TerminateVmgExit TERM_VC_NOT_PVALIDATE
+iret
+
+SevSnpGpException:
+;
+; If we're here, then we are an SEV-SNP guest and this
+; was triggered by a PVALIDATE instruction.
+;
+; Verify that its an PVALIDATE instruction
+; The exception stack looks like this:
+; +-+
+; | |
+; | eip |
+; | err code|
+; +-+
+pop ebx
+pop ebx
+mov ecx, [ebx]
+cmp ecx, 0xff010ff2   ; Compare EIP with PVALIDATE menomics
+jne SevEsIdtNotPvalidate
+
+; The #GP was triggered by the PVALIDATE instruction, this will happen
+; only when we're not running at VMPL-0
+;
+TerminateVmgExit TERM_SNP_NOT_VMPL0
+iret
+
 ; Start of #VC exception handling routines
 ;
 
@@ -522,15 +588,34 @@ ALIGN   16
 ;
 IDT_BASE:
 ;
-; Vectors 0 - 28 (No handlers)
+; Vectors 0 - 12 (No handlers)
 ;
-%rep 29
+%rep 13
 dw  0; Offset low bits 15..0
 dw  0x10 ; Selector
 db  0; Reserved
 db  0x8E ; Gate Type 
(IA32_IDT_GATE_TYPE_INTERRUPT_32)
 dw  0; Offset high bits 31..16
 %endrep
+;
+; Vector 13 (GP Exception)
+;
+dw  (ADDR_OF(SevSnpGpException) &

[edk2-devel] [RFC PATCH v5 10/28] UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Define the PCDs used by the MpInitLib while creating the AP when SEV-SNP
is active in the guest VM.

Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Eric Dong 
Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 UefiCpuPkg/UefiCpuPkg.dec | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 62acb291f309..0ec25871a50f 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -396,5 +396,16 @@ [PcdsDynamic, PcdsDynamicEx]
   # @Prompt SEV-ES Status
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|FALSE|BOOLEAN|0x6016
 
+  ## This dynamic PCD indicates whether SEV-SNP is enabled
+  #   TRUE  - SEV-SNP is enabled
+  #   FALSE - SEV-SNP is not enabled
+  # @Prompt SEV-SNP Status
+  gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled|FALSE|BOOLEAN|0x6017
+
+  ## This dynamic PCD contains the hypervisor features value obtained through 
the GHCB HYPERVISOR
+  #  features VMGEXIT defined in the version 2 of GHCB spec.
+  # @Prompt GHCB Hypervisor Features
+  gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures|0x0|UINT64|0x6018
+
 [UserExtensions.TianoCore."ExtraFiles"]
   UefiCpuPkgExtra.uni
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77345): https://edk2.groups.io/g/devel/message/77345
Mute This Topic: https://groups.io/mt/83891524/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 11/28] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled()

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Create a function that can be used to determine if VM is running as an
SEV-SNP guest.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/Include/Library/MemEncryptSevLib.h| 12 +
 .../DxeMemEncryptSevLibInternal.c | 27 +++
 .../PeiMemEncryptSevLibInternal.c | 27 +++
 .../SecMemEncryptSevLibInternal.c | 19 +
 4 files changed, 85 insertions(+)

diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h 
b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index 76d06c206c8b..2425d8ba0a36 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -66,6 +66,18 @@ typedef enum {
   MemEncryptSevAddressRangeError,
 } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;
 
+/**
+  Returns a boolean to indicate whether SEV-SNP is enabled
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+  VOID
+  );
+
 /**
   Returns a boolean to indicate whether SEV-ES is enabled.
 
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
index 2816f859a0c4..057129723824 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
@@ -19,6 +19,7 @@
 
 STATIC BOOLEAN mSevStatus = FALSE;
 STATIC BOOLEAN mSevEsStatus = FALSE;
+STATIC BOOLEAN mSevSnpStatus = FALSE;
 STATIC BOOLEAN mSevStatusChecked = FALSE;
 
 STATIC UINT64  mSevEncryptionMask = 0;
@@ -82,11 +83,37 @@ InternalMemEncryptSevStatus (
 if (Msr.Bits.SevEsBit) {
   mSevEsStatus = TRUE;
 }
+
+//
+// Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+//
+if (Msr.Bits.SevSnpBit) {
+  mSevSnpStatus = TRUE;
+}
   }
 
   mSevStatusChecked = TRUE;
 }
 
+/**
+  Returns a boolean to indicate whether SEV-SNP is enabled.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+  VOID
+  )
+{
+  if (!mSevStatusChecked) {
+InternalMemEncryptSevStatus ();
+  }
+
+  return mSevSnpStatus;
+}
+
 /**
   Returns a boolean to indicate whether SEV-ES is enabled.
 
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index e2fd109d120f..b561f211f577 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -19,6 +19,7 @@
 
 STATIC BOOLEAN mSevStatus = FALSE;
 STATIC BOOLEAN mSevEsStatus = FALSE;
+STATIC BOOLEAN mSevSnpStatus = FALSE;
 STATIC BOOLEAN mSevStatusChecked = FALSE;
 
 STATIC UINT64  mSevEncryptionMask = 0;
@@ -82,11 +83,37 @@ InternalMemEncryptSevStatus (
 if (Msr.Bits.SevEsBit) {
   mSevEsStatus = TRUE;
 }
+
+//
+// Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
+//
+if (Msr.Bits.SevSnpBit) {
+  mSevSnpStatus = TRUE;
+}
   }
 
   mSevStatusChecked = TRUE;
 }
 
+/**
+  Returns a boolean to indicate whether SEV-SNP is enabled.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+  VOID
+  )
+{
+  if (!mSevStatusChecked) {
+InternalMemEncryptSevStatus ();
+  }
+
+  return mSevSnpStatus;
+}
+
 /**
   Returns a boolean to indicate whether SEV-ES is enabled.
 
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
index 56d8f3f3183f..69852779e2ff 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
@@ -62,6 +62,25 @@ InternalMemEncryptSevStatus (
   return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0;
 }
 
+/**
+  Returns a boolean to indicate whether SEV-SNP is enabled.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpIsEnabled (
+  VOID
+  )
+{
+  MSR_SEV_STATUS_REGISTER   Msr;
+
+  Msr.Uint32 = InternalMemEncryptSevStatus ();
+
+  return Msr.Bits.SevSnpBit ? TRUE : FALSE;
+}
+
 /**
   Returns a boolean to indicate whether SEV-ES is enabled.
 
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77346): https://edk2.groups.io/g/devel/message/77346
Mute This Topic: https://groups.io/mt/83891526/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-

[edk2-devel] [RFC PATCH v5 14/28] OvmfPkg/AmdSevDxe: do not use extended PCI config space

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure
that MMIO is only performed against the un-encrypted memory. If MMIO
is performed against encrypted memory, a #GP is raised.

The AmdSevDxe uses the functions provided by the MemEncryptSevLib to
clear the memory encryption mask from the page table. If the
MemEncryptSevLib is extended to include VmgExitLib then depedency
chain will look like this:

OvmfPkg/AmdSevDxe/AmdSevDxe.inf
-> MemEncryptSevLibclass
-> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf"   instance
-> VmgExitLib  class
-> "OvmfPkg/VmgExitLib"instance
-> LocalApicLibclass
-> "UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf" instance
-> TimerLibclass
-> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf"   instance
-> PciLib   class
-> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf"instance
-> PciExpressLib  class
-> "MdePkg/BasePciExpressLib/BasePciExpressLib.inf"  instance

The LocalApicLib provides a constructor that gets called before the
AmdSevDxe can clear the memory encryption mask from the MMIO regions.

When running under the Q35 machine type, the call chain looks like this:

AcpiTimerLibConstructor ()  [AcpiTimerLib]
  PciRead32 ()  [DxePciLibI440FxQ35]
   PciExpressRead32 ()  [PciExpressLib]

The PciExpressRead32 () reads the MMIO region. The MMIO regions are not
yet mapped un-encrypted, so the check introduced in the commit
85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 raises a #GP.

The AmdSevDxe driver does not require the access to the extended PCI
config space. Accessing a normal PCI config space, via IO port should be
sufficent. Use the module-scope override to make the AmdSevDxe use the
BasePciLib instead of BasePciExpressLib so that PciRead32 () uses the
IO ports instead of the extended config space.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Suggested-by: Laszlo Ersek 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 5 -
 OvmfPkg/Bhyve/BhyveX64.dsc   | 5 -
 OvmfPkg/OvmfPkgIa32X64.dsc   | 5 -
 OvmfPkg/OvmfPkgX64.dsc   | 5 -
 OvmfPkg/OvmfXen.dsc  | 5 -
 5 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 1d487befae08..f1cf2e916a10 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -807,7 +807,10 @@ [Components]
 !endif
 
   OvmfPkg/PlatformDxe/Platform.inf
-  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+  OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
+
+PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
+  }
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
   #
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index cbf896e89bd2..75d4b196057f 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -779,7 +779,10 @@ [Components]
 !endif
 
   OvmfPkg/PlatformDxe/Platform.inf
-  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+  OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
+
+PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
+  }
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
 
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3662e17f256..783622c61ac5 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -960,7 +960,10 @@ [Components.X64]
 !endif
 
   OvmfPkg/PlatformDxe/Platform.inf
-  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+  OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
+
+PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
+  }
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
 !if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a905866..f2b13f7228a1 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -958,7 +958,10 @@ [Components]
 !endif
 
   OvmfPkg/PlatformDxe/Platform.inf
-  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+  OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
+
+PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
+  }
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
 !if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 3c1ca6bfd493..d9619ac5a050 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -725,7 +725,10 @@ [Components]
   }
 
   OvmfPkg/PlatformDxe/Platform.inf
-  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+  OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
+
+PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
+  }
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
   #
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77349): https://edk2.groups.io/g/devel/message/77349
Mute This Topic: https://groups.io/mt/83891531/21656
Group Owner: devel+ow...@edk2.gro

[edk2-devel] [RFC PATCH v5 13/28] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/PlatformPei/AmdSev.c | 91 
 1 file changed, 91 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022ba..de876fdb478e 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -19,9 +19,93 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "Platform.h"
 
+/**
+  Handle an SEV-SNP/GHCB protocol check failure.
+
+  Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP guest
+  wishes to be terminated.
+
+  @param[in] ReasonCode  Reason code to provide to the hypervisor for the
+ termination request.
+
+**/
+STATIC
+VOID
+SevEsProtocolFailure (
+  IN UINT8  ReasonCode
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+
+  //
+  // Use the GHCB MSR Protocol to request termination by the hypervisor
+  //
+  Msr.GhcbPhysicalAddress = 0;
+  Msr.GhcbTerminate.Function = GHCB_INFO_TERMINATE_REQUEST;
+  Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB;
+  Msr.GhcbTerminate.ReasonCode = ReasonCode;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
+
+/**
+
+  This function can be used to register the GHCB GPA.
+
+  @param[in]  Address   The physical address to be registered.
+
+**/
+STATIC
+VOID
+GhcbRegister (
+  IN  EFI_PHYSICAL_ADDRESS   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS  GuestFrameNumber;
+
+  GuestFrameNumber = Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress = 0;
+  Msr.GhcbGpaRegister.Function = GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber = GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail.
+  //
+  if ((Msr.GhcbGpaRegister.Function != GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE) ||
+  (Msr.GhcbGpaRegister.GuestFrameNumber != GuestFrameNumber)) {
+SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
 
   Initialize SEV-ES support if running as an SEV-ES guest.
@@ -109,6 +193,13 @@ AmdSevEsInitialize (
 "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n",
 (UINT64)GhcbBackupPageCount, GhcbBackupBase));
 
+  //
+  // SEV-SNP guest requires that GHCB GPA must be registered before using it.
+  //
+  if (MemEncryptSevSnpIsEnabled ()) {
+GhcbRegister (GhcbBasePa);
+  }
+
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
 
   //
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77348): https://edk2.groups.io/g/devel/message/77348
Mute This Topic: https://groups.io/mt/83891528/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 18/28] OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The VMM launch sequence should have pre-validated all the data pages used
in the Reset vector. The range does not cover the data pages used during
the SEC phase (mainly PEI and DXE firmware volume decompression memory).

When SEV-SNP is active, the memory must be pre-validated before the access.
Add support to pre-validate the memory range from SnpSecPreValidatedStart
to SnpSecPreValidatedEnd. This should be sufficent to enter into the PEI
phase.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/OvmfPkg.dec   |  5 
 .../PeiMemEncryptSevLib.inf   |  2 ++
 OvmfPkg/Sec/SecMain.inf   |  3 +++
 .../X64/PeiSnpSystemRamValidate.c |  5 
 OvmfPkg/Sec/SecMain.c | 27 +++
 OvmfPkg/FvmainCompactScratchEnd.fdf.inc   |  5 
 6 files changed, 47 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index d0ec14ca2318..afc559d74335 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -339,6 +339,11 @@ [PcdsFixedAtBuild]
   
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UINT32|0x51
   
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT32|0x52
 
+  ## The range of memory that need to be pre-validated in the SEC phase
+  #  when SEV-SNP is active in the guest VM.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart|0|UINT32|0x53
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd|0|UINT32|0x54
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf 
b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index f4058911e7b6..2b60920f4b25 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -58,5 +58,7 @@ [FeaturePcd]
 
 [FixedPcd]
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 7f78dcee2772..8144b1d115cf 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -50,6 +50,7 @@ [LibraryClasses]
   PeCoffExtraActionLib
   ExtractGuidedSectionLib
   LocalApicLib
+  MemEncryptSevLib
   CpuExceptionHandlerLib
 
 [Ppis]
@@ -70,6 +71,8 @@ [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd
   gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
index 69ffb79633c4..253d42073907 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
@@ -27,6 +27,11 @@ STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] = {
   {
 FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart),
 FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd)
+  },
+  // This range is pre-validated by the Sec/SecMain.c
+  {
+FixedPcdGet32 (PcdOvmfSnpSecPreValidatedStart),
+FixedPcdGet32 (PcdOvmfSnpSecPreValidatedEnd)
   }
 };
 
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index c10441ddf472..f949a9b0349e 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -915,6 +915,26 @@ SevEsIsEnabled (
   return ((SevEsWorkArea != NULL) && (SevEsWorkArea->SevEsEnabled != 0));
 }
 
+/**
+ Pre-validate System RAM used for decompressing the PEI and DXE firmware 
volumes
+ when SEV-SNP is active. The PCDs SecPreValidatedStart and SecPreValidatedEnd 
are
+ set in OvmfPkg/FvmainCompactScratchEnd.fdf.inc.
+
+**/
+STATIC
+VOID
+SevSnpSecPreValidateSystemRam (
+  VOID
+  )
+{
+  PHYSICAL_ADDRESSStart, End;
+
+  Start = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfSnpSecPreValidatedStart);
+  End = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfSnpSecPreValidatedEnd);
+
+  MemEncryptSevSnpPreValidateSystemRam (Start, EFI_SIZE_TO_PAGES (End - 
Start));
+}
+
 VOID
 EFIAPI
 SecCoreStartupWithStack (
@@ -1046,6 +1066,13 @@ SecCoreStartupWithStack (
   SecCoreData.BootFirmwareVolumeBase = BootFv;
   SecCoreData.BootFirmwareVolumeSize = (UINTN) BootFv->FvLen

[edk2-devel] [RFC PATCH v5 15/28] OvmfPkg/MemEncryptSevLib: add support to validate system RAM

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Many of the integrity guarantees of SEV-SNP are enforced through the
Reverse Map Table (RMP). Each RMP entry contains the GPA at which a
particular page of DRAM should be mapped. The guest can request the
hypervisor to add pages in the RMP table via the Page State Change VMGEXIT
defined in the GHCB specification section 2.5.1 and 4.1.6. Inside each RMP
entry is a Validated flag; this flag is automatically cleared to 0 by the
CPU hardware when a new RMP entry is created for a guest. Each VM page
can be either validated or invalidated, as indicated by the Validated
flag in the RMP entry. Memory access to a private page that is not
validated generates a #VC. A VM can use the PVALIDATE instruction to
validate the private page before using it.

During the guest creation, the boot ROM memory is pre-validated by the
AMD-SEV firmware. The MemEncryptSevSnpValidateSystemRam() can be called
during the SEC and PEI phase to validate the detected system RAM.

One of the fields in the Page State Change NAE is the RMP page size. The
page size input parameter indicates that either a 4KB or 2MB page should
be used while adding the RMP entry. During the validation, when possible,
the MemEncryptSevSnpValidateSystemRam() will use the 2MB entry. A
hypervisor backing the memory may choose to use the different page size
in the RMP entry. In those cases, the PVALIDATE instruction should return
SIZEMISMATCH. If a SIZEMISMATCH is detected, then validate all 512-pages
constituting a 2MB region.

Upon completion, the PVALIDATE instruction sets the rFLAGS.CF to 0 if
instruction changed the RMP entry and to 1 if the instruction did not
change the RMP entry. The rFlags.CF will be 1 only when a memory region
is already validated. We should not double validate a memory
as it could lead to a security compromise. If double validation is
detected, terminate the boot.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/OvmfPkgIa32.dsc   |   1 +
 OvmfPkg/OvmfPkgIa32X64.dsc|   1 +
 .../DxeMemEncryptSevLib.inf   |   3 +
 .../PeiMemEncryptSevLib.inf   |   3 +
 .../SecMemEncryptSevLib.inf   |   3 +
 OvmfPkg/Include/Library/MemEncryptSevLib.h|  14 +
 .../X64/SnpPageStateChange.h  |  31 ++
 .../Ia32/MemEncryptSevLib.c   |  17 +
 .../X64/DxeSnpSystemRamValidate.c |  40 +++
 .../X64/PeiSnpSystemRamValidate.c |  36 +++
 .../X64/SecSnpSystemRamValidate.c |  36 +++
 .../X64/SnpPageStateChangeInternal.c  | 295 ++
 12 files changed, 480 insertions(+)
 create mode 100644 
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
 create mode 100644 
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
 create mode 100644 
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
 create mode 100644 
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
 create mode 100644 
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f53efeae7986..bdb35c20e17e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -264,6 +264,7 @@ [LibraryClasses.common.SEC]
 !else
   
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
 !endif
+  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
 
 [LibraryClasses.common.PEI_CORE]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 783622c61ac5..882a96d8710a 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -268,6 +268,7 @@ [LibraryClasses.common.SEC]
 !else
   
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
 !endif
+  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
 
 [LibraryClasses.common.PEI_CORE]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf 
b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index f2e162d68076..f613bb314f5f 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -34,8 +34,10 @@ [Sources]
   PeiDxeMemEncryptSevLibInternal.c
 
 [Sources.X64]
+  X64/DxeSnpSystemRamValidate.c
   X64/MemEncryptSevLib.c
   X64/PeiDxeVirtualMemory.c
+  X64/SnpPageStateChangeInternal.c
   X64/VirtualMemory.c
   X64/VirtualMemory.h
 
@@ -49,6 +51,7 @@ [LibraryClasses]
   DebugLib
   MemoryAllocationLib
   PcdLib
+  VmgExitLib
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfP

[edk2-devel] [RFC PATCH v5 16/28] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the
system RAM. As the boot progress, each phase validates a fixed region of
the RAM. In the PEI phase, the PlatformPei detects all the available RAM
and calls to pre-validate the detected system RAM.

While validating the system RAM in PEI phase, we must skip previously
validated system RAM to avoid the double validation.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 .../PeiMemEncryptSevLib.inf   |  2 +
 .../X64/PeiSnpSystemRamValidate.c | 65 ++-
 2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf 
b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 0402e49a1028..f4058911e7b6 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -58,3 +58,5 @@ [FeaturePcd]
 
 [FixedPcd]
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
index 64aab7f45b6d..3e692a3b869d 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
@@ -14,6 +14,44 @@
 
 #include "SnpPageStateChange.h"
 
+typedef struct {
+  UINT64StartAddress;
+  UINT64EndAddress;
+} SNP_PRE_VALIDATED_RANGE;
+
+STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] = {
+  // This range is pre-validated by the Hypervisor.
+  {
+FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart),
+FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd)
+  }
+};
+
+STATIC
+BOOLEAN
+DetectPreValidatedOverLap (
+  INPHYSICAL_ADDRESSStartAddress,
+  INPHYSICAL_ADDRESSEndAddress,
+  OUT   SNP_PRE_VALIDATED_RANGE *OverlapRange
+  )
+{
+  UINTN   i;
+
+  //
+  // Check if the specified address range exist in pre-validated array.
+  //
+  for (i = 0; i < ARRAY_SIZE (mPreValidatedRange); i++) {
+if ((mPreValidatedRange[i].StartAddress < EndAddress) &&
+(StartAddress < mPreValidatedRange[i].EndAddress)) {
+  OverlapRange->StartAddress = mPreValidatedRange[i].StartAddress;
+  OverlapRange->EndAddress = mPreValidatedRange[i].EndAddress;
+  return TRUE;
+}
+  }
+
+  return FALSE;
+}
+
 /**
   Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
 
@@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam (
   IN UINTN  NumPages
   )
 {
+  PHYSICAL_ADDRESS  EndAddress;
+  SNP_PRE_VALIDATED_RANGE   OverlapRange;
+
   if (!MemEncryptSevSnpIsEnabled ()) {
 return;
   }
 
-  InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+  EndAddress = BaseAddress + EFI_PAGES_TO_SIZE (NumPages);
+
+  while (BaseAddress < EndAddress) {
+//
+// Check if the range overlaps with the pre-validated ranges.
+//
+if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)) {
+  // Validate the non-overlap regions.
+  if (BaseAddress < OverlapRange.StartAddress) {
+NumPages = EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAddress);
+
+InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+  }
+
+  BaseAddress = OverlapRange.EndAddress;
+  continue;
+}
+
+// Validate the remaining pages.
+NumPages = EFI_SIZE_TO_PAGES (EndAddress - BaseAddress);
+InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+BaseAddress = EndAddress;
+  }
 }
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77351): https://edk2.groups.io/g/devel/message/77351
Mute This Topic: https://groups.io/mt/83891533/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 17/28] OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The initial page built during the SEC phase is used by the
MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The
page validation process requires using the PVALIDATE instruction;  the
instruction accepts a virtual address of the memory region that needs
to be validated. If hardware encounters a page table walk failure (due
to page-not-present) then it raises #GP.

The initial page table built in SEC phase address up to 4GB. Add an
internal function to extend the page table to cover > 4GB. The function
builds 1GB entries in the page table for access > 4GB. This will provide
the support to call PVALIDATE instruction for the virtual address >
4GB in PEI phase.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 .../BaseMemEncryptSevLib/X64/VirtualMemory.h  |  19 +++
 .../X64/PeiDxeVirtualMemory.c | 115 ++
 .../X64/PeiSnpSystemRamValidate.c |  22 
 3 files changed, 156 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h 
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h
index 21bbbd1c4f9c..aefef68c30c0 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h
@@ -143,4 +143,23 @@ InternalMemEncryptSevClearMmioPageEncMask (
   IN  PHYSICAL_ADDRESSPhysicalAddress,
   IN  UINTN   Length
   );
+
+/**
+  Create 1GB identity mapping for the specified virtual address range.
+
+  @param[in]  Cr3BaseAddress  Cr3 Base Address (if zero then use
+  current CR3)
+  @param[in]  VirtualAddress  Virtual address
+  @param[in]  Length  Length of virtual address range
+
+  @retval RETURN_INVALID_PARAMETERNumber of pages is zero.
+
+**/
+RETURN_STATUS
+EFIAPI
+InternalMemEncryptSevCreateIdentityMap1G (
+  INPHYSICAL_ADDRESS  Cr3BaseAddress,
+  INPHYSICAL_ADDRESS  PhysicalAddress,
+  INUINTN Length
+  );
 #endif
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index c696745f9d26..f146f6d61cc5 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -536,6 +536,121 @@ EnableReadOnlyPageWriteProtect (
   AsmWriteCr0 (AsmReadCr0() | BIT16);
 }
 
+RETURN_STATUS
+EFIAPI
+InternalMemEncryptSevCreateIdentityMap1G (
+  INPHYSICAL_ADDRESS  Cr3BaseAddress,
+  INPHYSICAL_ADDRESS  PhysicalAddress,
+  INUINTN Length
+  )
+{
+  PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry;
+  PAGE_TABLE_1G_ENTRY*PageDirectory1GEntry;
+  UINT64 PgTableMask;
+  UINT64 AddressEncMask;
+  BOOLEANIsWpEnabled;
+  RETURN_STATUS  Status;
+
+  //
+  // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
+  //
+  PageMapLevel4Entry = NULL;
+
+  DEBUG ((
+DEBUG_VERBOSE,
+"%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx\n",
+gEfiCallerBaseName,
+__FUNCTION__,
+Cr3BaseAddress,
+PhysicalAddress,
+(UINT64)Length
+));
+
+  if (Length == 0) {
+return RETURN_INVALID_PARAMETER;
+  }
+
+  //
+  // Check if we have a valid memory encryption mask
+  //
+  AddressEncMask = InternalGetMemEncryptionAddressMask ();
+  if (!AddressEncMask) {
+return RETURN_ACCESS_DENIED;
+  }
+
+  PgTableMask = AddressEncMask | EFI_PAGE_MASK;
+
+
+  //
+  // Make sure that the page table is changeable.
+  //
+  IsWpEnabled = IsReadOnlyPageWriteProtected ();
+  if (IsWpEnabled) {
+DisableReadOnlyPageWriteProtect ();
+  }
+
+  Status = EFI_SUCCESS;
+
+  while (Length)
+  {
+//
+// If Cr3BaseAddress is not specified then read the current CR3
+//
+if (Cr3BaseAddress == 0) {
+  Cr3BaseAddress = AsmReadCr3();
+}
+
+PageMapLevel4Entry = (VOID*) (Cr3BaseAddress & ~PgTableMask);
+PageMapLevel4Entry += PML4_OFFSET(PhysicalAddress);
+if (!PageMapLevel4Entry->Bits.Present) {
+  DEBUG ((
+DEBUG_ERROR,
+"%a:%a: bad PML4 for Physical=0x%Lx\n",
+gEfiCallerBaseName,
+__FUNCTION__,
+PhysicalAddress
+));
+  Status = RETURN_NO_MAPPING;
+  goto Done;
+}
+
+PageDirectory1GEntry = (VOID *)(
+ (PageMapLevel4Entry->Bits.PageTableBaseAddress <<
+  12) & ~PgTableMask
+ );
+PageDirectory1GEntry += PDP_OFFSET(PhysicalAddress);
+if (!PageDirectory1GEntry->Bits.Present) {
+  PageDirectory1GEntry->Bits.Present = 1;
+  PageDirectory1GEntry->Bits.MustBe1 = 1;
+

[edk2-devel] [RFC PATCH v5 19/28] OvmfPkg/PlatformPei: validate the system RAM when SNP is active

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

When SEV-SNP is active, a memory region mapped encrypted in the page
table must be validated before access. There are two approaches that
can be taken to validate the system RAM detected during the PEI phase:

1) Validate on-demand
OR
2) Validate before access

On-demand
=
If memory is not validated before access, it will cause a #VC
exception with the page-not-validated error code. The VC exception
handler can perform the validation steps.

The pages that have been validated will need to be tracked to avoid
the double validation scenarios. The range of memory that has not
been validated will need to be communicated to the OS through the
recently introduced unaccepted memory type
https://github.com/microsoft/mu_basecore/pull/66, so that OS can
validate those ranges before using them.

Validate before access
==
Since the PEI phase detects all the available system RAM, use the
MemEncryptSevSnpValidateSystemRam() function to pre-validate the
system RAM in the PEI phase.

For now, choose option 2 due to the dependency and the complexity
of the on-demand validation.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/PlatformPei/AmdSev.c | 42 
 1 file changed, 42 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index de876fdb478e..391e7bbb7dbd 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -23,6 +23,40 @@
 
 #include "Platform.h"
 
+/**
+  Initialize SEV-SNP support if running as an SEV-SNP guest.
+
+**/
+STATIC
+VOID
+AmdSevSnpInitialize (
+  VOID
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+  EFI_HOB_RESOURCE_DESCRIPTOR   *ResourceHob;
+
+  if (!MemEncryptSevSnpIsEnabled ()) {
+return;
+  }
+
+  //
+  // Iterate through the system RAM and validate it.
+  //
+  for (Hob.Raw = GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw = GET_NEXT_HOB 
(Hob)) {
+if (Hob.Raw != NULL && GET_HOB_TYPE (Hob) == 
EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) {
+  ResourceHob = Hob.ResourceDescriptor;
+
+  if (ResourceHob->ResourceType == EFI_RESOURCE_SYSTEM_MEMORY) {
+MemEncryptSevSnpPreValidateSystemRam (
+  ResourceHob->PhysicalStart,
+  EFI_SIZE_TO_PAGES ((UINTN) ResourceHob->ResourceLength)
+  );
+  }
+}
+  }
+}
+
 /**
   Handle an SEV-SNP/GHCB protocol check failure.
 
@@ -240,6 +274,14 @@ AmdSevInitialize (
 return;
   }
 
+  //
+  // Check and perform SEV-SNP initialization if required. This need to be
+  // done before the GHCB page is made shared in the AmdSevEsInitialize(). This
+  // is because the system RAM must be validated before it is made shared.
+  // The AmdSevSnpInitialize() validates the system RAM.
+  //
+  AmdSevSnpInitialize ();
+
   //
   // Set Memory Encryption Mask PCD
   //
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77354): https://edk2.groups.io/g/devel/message/77354
Mute This Topic: https://groups.io/mt/83891536/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 22/28] MdePkg/GHCB: increase the GHCB protocol max version

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Now that OvmfPkg supports version 2 of the GHCB specification, bump the
protocol version.

Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Eric Dong 
Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 MdePkg/Include/Register/Amd/Ghcb.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdePkg/Include/Register/Amd/Ghcb.h 
b/MdePkg/Include/Register/Amd/Ghcb.h
index 8c5f46e4bb53..071aae0c9e09 100644
--- a/MdePkg/Include/Register/Amd/Ghcb.h
+++ b/MdePkg/Include/Register/Amd/Ghcb.h
@@ -24,7 +24,7 @@
 #define VC_EXCEPTION 29
 
 #define GHCB_VERSION_MIN 1
-#define GHCB_VERSION_MAX 1
+#define GHCB_VERSION_MAX 2
 
 #define GHCB_STANDARD_USAGE  0
 
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77357): https://edk2.groups.io/g/devel/message/77357
Mute This Topic: https://groups.io/mt/83891540/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 20/28] OvmfPkg/PlatformPei: set the SEV-SNP enabled PCD

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The MpInitLib uses the PcdSevSnpIsEnabled to determine whether the SEV-SNP
is active. If the SEV-SNP is active, then set the PCD to TRUE.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
 OvmfPkg/PlatformPei/AmdSev.c| 4 
 2 files changed, 5 insertions(+)

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf 
b/OvmfPkg/PlatformPei/PlatformPei.inf
index 89d1f7636870..041b3262ff3b 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -106,6 +106,7 @@ [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled
+  gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled
 
 [FixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 391e7bbb7dbd..ec577ef3efcc 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -33,6 +33,7 @@ AmdSevSnpInitialize (
   VOID
   )
 {
+  RETURN_STATUS PcdStatus;
   EFI_PEI_HOB_POINTERS  Hob;
   EFI_HOB_RESOURCE_DESCRIPTOR   *ResourceHob;
 
@@ -40,6 +41,9 @@ AmdSevSnpInitialize (
 return;
   }
 
+  PcdStatus = PcdSetBoolS (PcdSevSnpIsEnabled, TRUE);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
   //
   // Iterate through the system RAM and validate it.
   //
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77355): https://edk2.groups.io/g/devel/message/77355
Mute This Topic: https://groups.io/mt/83891538/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 21/28] OvmfPkg/PlatformPei: set the Hypervisor Features PCD

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Version 2 of the GHCB specification added the support to query the
hypervisor feature bitmap. The feature bitmap provide information
such as whether to use the AP create VmgExit or use the AP jump table
approach to create the APs. The MpInitLib will use the
PcdGhcbHypervisorFeatures to determine which method to use for creating
the AP.

Query the hypervisor feature and set the PCD accordingly.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/PlatformPei/PlatformPei.inf |  3 ++
 OvmfPkg/PlatformPei/AmdSev.c| 55 +
 2 files changed, 58 insertions(+)

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf 
b/OvmfPkg/PlatformPei/PlatformPei.inf
index 041b3262ff3b..bd0ade9f33d7 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -62,6 +62,7 @@ [LibraryClasses]
   MtrrLib
   MemEncryptSevLib
   PcdLib
+  VmgExitLib
 
 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase
@@ -107,6 +108,8 @@ [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled
   gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled
+  gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures
+
 
 [FixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index ec577ef3efcc..b488cd5aed9b 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -23,6 +23,12 @@
 
 #include "Platform.h"
 
+STATIC
+UINT64
+GetHypervisorFeature (
+  VOID
+  );
+
 /**
   Initialize SEV-SNP support if running as an SEV-SNP guest.
 
@@ -36,6 +42,7 @@ AmdSevSnpInitialize (
   RETURN_STATUS PcdStatus;
   EFI_PEI_HOB_POINTERS  Hob;
   EFI_HOB_RESOURCE_DESCRIPTOR   *ResourceHob;
+  UINT64HvFeatures;
 
   if (!MemEncryptSevSnpIsEnabled ()) {
 return;
@@ -44,6 +51,15 @@ AmdSevSnpInitialize (
   PcdStatus = PcdSetBoolS (PcdSevSnpIsEnabled, TRUE);
   ASSERT_RETURN_ERROR (PcdStatus);
 
+  //
+  // Query the hypervisor feature using the VmgExit and set the value in the
+  // hypervisor features PCD.
+  //
+  HvFeatures = GetHypervisorFeature ();
+  PcdStatus = PcdSet64S (PcdGhcbHypervisorFeatures, HvFeatures);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+
   //
   // Iterate through the system RAM and validate it.
   //
@@ -94,6 +110,45 @@ SevEsProtocolFailure (
   CpuDeadLoop ();
 }
 
+/**
+ Get the hypervisor features bitmap
+
+**/
+STATIC
+UINT64
+GetHypervisorFeature (
+  VOID
+  )
+{
+  RETURN_STATUS   Status;
+  GHCB*Ghcb;
+  MSR_SEV_ES_GHCB_REGISTERMsr;
+  BOOLEAN InterruptState;
+  UINT64  Features;
+
+  Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+  Ghcb = Msr.Ghcb;
+
+  //
+  // Initialize the GHCB
+  //
+  VmgInit (Ghcb, &InterruptState);
+
+  //
+  // Query the Hypervisor Features.
+  //
+  Status = VmgExit (Ghcb, SVM_EXIT_HYPERVISOR_FEATURES, 0, 0);
+  if ((Status != 0)) {
+SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  Features = Ghcb->SaveArea.SwExitInfo2;
+
+  VmgDone (Ghcb, InterruptState);
+
+  return Features;
+}
+
 /**
 
   This function can be used to register the GHCB GPA.
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77356): https://edk2.groups.io/g/devel/message/77356
Mute This Topic: https://groups.io/mt/83891539/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 26/28] UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs

From: Tom Lendacky 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Use the SEV-SNP AP Creation NAE event to create and launch APs under
SEV-SNP. This capability will be advertised in the SEV Hypervisor
Feature Support PCD (PcdSevEsHypervisorFeatures).

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Tom Lendacky 
Signed-off-by: Brijesh Singh 
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   5 +-
 UefiCpuPkg/Library/MpInitLib/MpLib.h  |  17 ++
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c   |  11 +-
 .../MpInitLib/Ia32/SevSnpRmpAdjustInternal.c  |  31 ++
 UefiCpuPkg/Library/MpInitLib/MpLib.c  | 275 --
 .../MpInitLib/X64/SevSnpRmpAdjustInternal.c   |  44 +++
 7 files changed, 361 insertions(+), 25 deletions(-)
 create mode 100644 UefiCpuPkg/Library/MpInitLib/Ia32/SevSnpRmpAdjustInternal.c
 create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/SevSnpRmpAdjustInternal.c

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf 
b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index 48d7dfa4450f..b9ce05e81b54 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -23,9 +23,11 @@ [Defines]
 
 [Sources.IA32]
   Ia32/MpFuncs.nasm
+  Ia32/SevSnpRmpAdjustInternal.c
 
 [Sources.X64]
   X64/MpFuncs.nasm
+  X64/SevSnpRmpAdjustInternal.c
 
 [Sources.common]
   MpEqu.inc
@@ -72,6 +74,7 @@ [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode   ## 
CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate   ## 
SOMETIMES_CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds  ## 
CONSUMES
+  gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures  ## 
CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled  ## 
CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase   ## 
SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard  ## 
CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf 
b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index ab8279df596f..35057ac07cbb 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -23,9 +23,11 @@ [Defines]
 
 [Sources.IA32]
   Ia32/MpFuncs.nasm
+  Ia32/SevSnpRmpAdjustInternal.c
 
 [Sources.X64]
   X64/MpFuncs.nasm
+  X64/SevSnpRmpAdjustInternal.c
 
 [Sources.common]
   MpEqu.inc
@@ -62,10 +64,11 @@ [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode   ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate   ## 
SOMETIMES_CONSUMES
+  gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures  ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled  ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase   ## 
SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase   ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase   ## CONSUMES
 
 [Ppis]
   gEdkiiPeiShadowMicrocodePpiGuid## SOMETIMES_CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h 
b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index 4abaa2243d0a..bb463d59256e 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -15,6 +15,7 @@
 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -146,6 +147,7 @@ typedef struct {
   UINT8  PlatformId;
   UINT64 MicrocodeEntryAddr;
   UINT32 MicrocodeRevision;
+  SEV_ES_SAVE_AREA   *SevEsSaveArea;
 } CPU_AP_DATA;
 
 //
@@ -289,6 +291,7 @@ struct _CPU_MP_DATA {
 
   BOOLEANSevEsIsEnabled;
   BOOLEANSevSnpIsEnabled;
+  BOOLEANUseSevEsAPMethod;
   UINTN  SevEsAPBuffer;
   UINTN  SevEsAPResetStackStart;
   CPU_MP_DATA*NewCpuMpData;
@@ -743,5 +746,19 @@ PlatformShadowMicrocode (
   IN OUT CPU_MP_DATA *CpuMpData
   );
 
+/**
+  Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
+
+  @param[in]  PageAddress
+  @param[in]  VmsaPage
+
+  @return  RMPADJUST return value
+**/
+UINT32
+SevSnpRmpAdjust (
+  IN  EFI_PHYSICAL_ADDRESS  PageAddress,
+  IN  BOOLEAN   VmsaPage
+  );
+
 #endif
 
diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c 
b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
index 93fc63bf93e3..15e797cd0990 100644
--- a/UefiCpuPkg/Library/

[edk2-devel] [RFC PATCH v5 23/28] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

An SEV-SNP guest requires that the physical address of the GHCB must
be registered with the hypervisor before using it. See the GHCB
specification section 2.3.2 for more details.

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/MpLib.h  |  2 +
 UefiCpuPkg/Library/MpInitLib/MpLib.c  |  2 +
 UefiCpuPkg/Library/MpInitLib/MpEqu.inc|  1 +
 UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++
 6 files changed, 58 insertions(+)

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf 
b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index d34419c2a524..48d7dfa4450f 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -76,3 +76,4 @@ [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase   ## 
SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard  ## 
CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase   ## 
CONSUMES
+  gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## 
CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf 
b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
index 36fcb96b5852..ab8279df596f 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -65,6 +65,7 @@ [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled  ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase   ## 
SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase   ## CONSUMES
+  gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONSUMES
 
 [Ppis]
   gEdkiiPeiShadowMicrocodePpiGuid## SOMETIMES_CONSUMES
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h 
b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index e88a5355c983..4abaa2243d0a 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -218,6 +218,7 @@ typedef struct {
   //
   BOOLEAN   Enable5LevelPaging;
   BOOLEAN   SevEsIsEnabled;
+  BOOLEAN   SevSnpIsEnabled;
   UINTN GhcbBase;
 } MP_CPU_EXCHANGE_INFO;
 
@@ -287,6 +288,7 @@ struct _CPU_MP_DATA {
   BOOLEANWakeUpByInitSipiSipi;
 
   BOOLEANSevEsIsEnabled;
+  BOOLEANSevSnpIsEnabled;
   UINTN  SevEsAPBuffer;
   UINTN  SevEsAPResetStackStart;
   CPU_MP_DATA*NewCpuMpData;
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c 
b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index b9a06747edbf..586cff2f6813 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1040,6 +1040,7 @@ FillExchangeInfoData (
   DEBUG ((DEBUG_INFO, "%a: 5-Level Paging = %d\n", gEfiCallerBaseName, 
ExchangeInfo->Enable5LevelPaging));
 
   ExchangeInfo->SevEsIsEnabled  = CpuMpData->SevEsIsEnabled;
+  ExchangeInfo->SevSnpIsEnabled = CpuMpData->SevSnpIsEnabled;
   ExchangeInfo->GhcbBase= (UINTN) CpuMpData->GhcbBase;
 
   //
@@ -2033,6 +2034,7 @@ MpInitLibInitialize (
   CpuMpData->CpuInfoInHob = (UINT64) (UINTN) (CpuMpData->CpuData + 
MaxLogicalProcessorNumber);
   InitializeSpinLock(&CpuMpData->MpLock);
   CpuMpData->SevEsIsEnabled = PcdGetBool (PcdSevEsIsEnabled);
+  CpuMpData->SevSnpIsEnabled = PcdGetBool (PcdSevSnpIsEnabled);
   CpuMpData->SevEsAPBuffer  = (UINTN) -1;
   CpuMpData->GhcbBase   = PcdGet64 (PcdGhcbBase);
 
diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc 
b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc
index 2e9368a374a4..01668638f245 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc
+++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc
@@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO
   .ModeHighSegment:  CTYPE_UINT16 1
   .Enable5LevelPaging:   CTYPE_BOOLEAN 1
   .SevEsIsEnabled:   CTYPE_BOOLEAN 1
+  .SevSnpIsEnabled   CTYPE_BOOLEAN 1
   .GhcbBase: CTYPE_UINTN 1
 endstruc
 
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm 
b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
index 50df802d1fca..19939c093d2e 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
@@ -194,9 +194,60 @@ LongModeStart:
 movrdx, rax
 shrrdx, 32
 movrcx, 0xc0010130
+
+;
+; Register GHCB GPA when SEV-SNP is enabled
+;
+leaedi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)]
+cmpbyte [edi], 1

[edk2-devel] [RFC PATCH v5 24/28] OvmfPkg/MemEncryptSevLib: change the page state in the RMP table

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
clear the memory encryption attribute in the page table. When SEV-SNP
is active, we also need to change the page state in the RMP table so that
it is in sync with the memory encryption attribute change.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 .../X64/PeiDxeVirtualMemory.c | 34 +++
 1 file changed, 34 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index f146f6d61cc5..56db1e4b6ecf 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -17,6 +17,7 @@
 #include 
 
 #include "VirtualMemory.h"
+#include "SnpPageStateChange.h"
 
 STATIC BOOLEAN mAddressEncMaskChecked = FALSE;
 STATIC UINT64  mAddressEncMask;
@@ -695,10 +696,12 @@ SetMemoryEncDec (
   PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;
   PAGE_TABLE_1G_ENTRY*PageDirectory1GEntry;
   PAGE_TABLE_ENTRY   *PageDirectory2MEntry;
+  PHYSICAL_ADDRESS   OrigPhysicalAddress;
   PAGE_TABLE_4K_ENTRY*PageTableEntry;
   UINT64 PgTableMask;
   UINT64 AddressEncMask;
   BOOLEANIsWpEnabled;
+  UINTN  OrigLength;
   RETURN_STATUS  Status;
 
   //
@@ -751,6 +754,22 @@ SetMemoryEncDec (
 
   Status = EFI_SUCCESS;
 
+  //
+  // To maintain the security gurantees we must set the page to shared in the 
RMP
+  // table before clearing the memory encryption mask from the current page 
table.
+  //
+  // The InternalSetPageState() is used for setting the page state in the RMP 
table.
+  //
+  if ((Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) {
+InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), 
SevSnpPageShared, FALSE);
+  }
+
+  //
+  // Save the specified length and physical address (we need it later).
+  //
+  OrigLength = Length;
+  OrigPhysicalAddress = PhysicalAddress;
+
   while (Length != 0)
   {
 //
@@ -923,6 +942,21 @@ SetMemoryEncDec (
   //
   CpuFlushTlb();
 
+  //
+  // SEV-SNP requires that all the private pages (i.e pages mapped encrypted) 
must be
+  // added in the RMP table before the access.
+  //
+  // The InternalSetPageState() is used for setting the page state in the RMP 
table.
+  //
+  if ((Mode == SetCBit) && MemEncryptSevSnpIsEnabled ()) {
+InternalSetPageState (
+  OrigPhysicalAddress,
+  EFI_SIZE_TO_PAGES (OrigLength),
+  SevSnpPagePrivate,
+  FALSE
+  );
+  }
+
 Done:
   //
   // Restore page table write protection, if any.
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77359): https://edk2.groups.io/g/devel/message/77359
Mute This Topic: https://groups.io/mt/83891543/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 27/28] OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map

When SEV-SNP is active, the CPUID and Secrets memory range contains the
information that is used during the VM boot. The content need to be persist
across the kexec boot. Mark the memory range as Reserved in the EFI map
so that guest OS or firmware does not use the range as a system RAM.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/PlatformPei/PlatformPei.inf |  4 
 OvmfPkg/PlatformPei/MemDetect.c | 21 +
 2 files changed, 25 insertions(+)

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf 
b/OvmfPkg/PlatformPei/PlatformPei.inf
index bd0ade9f33d7..f22a60e7db0e 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -122,6 +122,10 @@ [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 2deec128f464..04e0c4e19f97 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -817,6 +817,27 @@ InitializeRamRegions (
 {
   QemuInitializeRam ();
 
+  if (MemEncryptSevSnpIsEnabled ()) {
+//
+// If SEV-SNP is enabled, reserve the Secrets and CPUID memory area.
+//
+// This memory range is given to the PSP by the hypervisor to populate
+// the information used during the SNP VM boots, and it need to persist
+// across the kexec boots. Mark it as EfiReservedMemoryType so that
+// the guest firmware and OS does not use it as a system memory.
+//
+BuildMemoryAllocationHob (
+  (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpSecretsBase),
+  (UINT64)(UINTN) PcdGet32 (PcdOvmfSnpSecretsSize),
+  EfiReservedMemoryType
+  );
+BuildMemoryAllocationHob (
+  (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpCpuidBase),
+  (UINT64)(UINTN) PcdGet32 (PcdOvmfSnpCpuidSize),
+  EfiReservedMemoryType
+  );
+  }
+
   if (mS3Supported && mBootMode != BOOT_ON_S3_RESUME) {
 //
 // This is the memory range that will be used for PEI on S3 resume
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77362): https://edk2.groups.io/g/devel/message/77362
Mute This Topic: https://groups.io/mt/83891547/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 25/28] OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address

The SetMemoryEncDec() is used by the higher level routines to set or clear
the page encryption mask for system RAM and Mmio address. When SEV-SNP is
active, in addition to set/clear page mask it also updates the RMP table.
The RMP table updates are required for the system RAM address and not
the Mmio address.

Add a new parameter in SetMemoryEncDec() to tell whether the specified
address is Mmio. If its Mmio then skip the page state change in the RMP
table.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 .../X64/PeiDxeVirtualMemory.c | 20 ---
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index 56db1e4b6ecf..0bb86d768017 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -673,6 +673,7 @@ InternalMemEncryptSevCreateIdentityMap1G (
   @param[in]  ModeSet or Clear mode
   @param[in]  CacheFlush  Flush the caches before applying the
   encryption mask
+  @param[in]  MmioThe physical address specified is Mmio
 
   @retval RETURN_SUCCESS  The attributes were cleared for the
   memory region.
@@ -688,7 +689,8 @@ SetMemoryEncDec (
   INPHYSICAL_ADDRESS PhysicalAddress,
   INUINTNLength,
   INMAP_RANGE_MODE   Mode,
-  INBOOLEAN  CacheFlush
+  INBOOLEAN  CacheFlush,
+  INBOOLEAN  Mmio
   )
 {
   PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry;
@@ -711,14 +713,15 @@ SetMemoryEncDec (
 
   DEBUG ((
 DEBUG_VERBOSE,
-"%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u\n",
+"%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u 
Mmio=%u\n",
 gEfiCallerBaseName,
 __FUNCTION__,
 Cr3BaseAddress,
 PhysicalAddress,
 (UINT64)Length,
 (Mode == SetCBit) ? "Encrypt" : "Decrypt",
-(UINT32)CacheFlush
+(UINT32)CacheFlush,
+(UINT32)Mmio
 ));
 
   //
@@ -760,7 +763,7 @@ SetMemoryEncDec (
   //
   // The InternalSetPageState() is used for setting the page state in the RMP 
table.
   //
-  if ((Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) {
+  if (!Mmio && (Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) {
 InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), 
SevSnpPageShared, FALSE);
   }
 
@@ -998,7 +1001,8 @@ InternalMemEncryptSevSetMemoryDecrypted (
PhysicalAddress,
Length,
ClearCBit,
-   TRUE
+   TRUE,
+   FALSE
);
 }
 
@@ -1031,7 +1035,8 @@ InternalMemEncryptSevSetMemoryEncrypted (
PhysicalAddress,
Length,
SetCBit,
-   TRUE
+   TRUE,
+   FALSE
);
 }
 
@@ -1064,6 +1069,7 @@ InternalMemEncryptSevClearMmioPageEncMask (
PhysicalAddress,
Length,
ClearCBit,
-   FALSE
+   FALSE,
+   TRUE
);
 }
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77360): https://edk2.groups.io/g/devel/message/77360
Mute This Topic: https://groups.io/mt/83891545/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v5 28/28] OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Now that both the secrets and cpuid pages are reserved in the HOB,
extract the location details through fixed PCD and make it available
to the guest OS through the configuration table.

Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Laszlo Ersek 
Cc: Erdem Aktas 
Signed-off-by: Brijesh Singh 
---
 OvmfPkg/OvmfPkg.dec   |  1 +
 OvmfPkg/AmdSevDxe/AmdSevDxe.inf   |  7 ++
 .../Guid/ConfidentialComputingSecret.h| 18 +++
 OvmfPkg/AmdSevDxe/AmdSevDxe.c | 23 +++
 4 files changed, 49 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index afc559d74335..42ad88fc5622 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -122,6 +122,7 @@ [Guids]
   gQemuKernelLoaderFsMediaGuid  = {0x1428f772, 0xb64a, 0x441e, {0xb8, 
0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
   gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 
0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
   gConfidentialComputingSecretGuid  = {0xadf956ad, 0xe98c, 0x484c, {0xae, 
0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
+  gConfidentialComputingBlobGuid= {0x067b1f5f, 0xcf26, 0x44c5, {0x85, 
0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}
 
 [Ppis]
   # PPI whose presence in the PPI database signals that the TPM base address
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index 0676fcc5b6a4..ee1f8e4ff09a 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -42,6 +42,13 @@ [FeaturePcd]
 
 [FixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+
+[Guids]
+  gConfidentialComputingBlobGuid
 
 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
diff --git a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h 
b/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h
index 7026fc5b089f..aa1a3b015437 100644
--- a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h
+++ b/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h
@@ -18,11 +18,29 @@
 { 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \
   }
 
+#define CONFIDENTIAL_COMPUTING_BLOB_GUID\
+  { 0x067b1f5f, \
+0xcf26, \
+0x44c5, \
+{ 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42 }, \
+  }
+
 typedef struct {
   UINT64 Base;
   UINT64 Size;
 } CONFIDENTIAL_COMPUTING_SECRET_LOCATION;
 
+typedef struct {
+  UINT32  Header;
+  UINT16  Version;
+  UINT16  Reserved1;
+  UINT64  SecretsPhysicalAddress;
+  UINT32  SecretsSize;
+  UINT64  CpuidPhysicalAddress;
+  UINT32  CpuidLSize;
+} CONFIDENTIAL_COMPUTING_BLOB_LOCATION;
+
 extern EFI_GUID gConfidentialComputingSecretGuid;
+extern EFI_GUID gConfidentialComputingBlobGuid;
 
 #endif // SEV_LAUNCH_SECRET_H_
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index c66c4e9b9272..c59cc28cf6f5 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -17,8 +17,20 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 #include 
 
+STATIC CONFIDENTIAL_COMPUTING_BLOB_LOCATION mSnpBootDxeTable = {
+  SIGNATURE_32('A','M','D','E'),
+  1,
+  0,
+  (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfSnpSecretsBase),
+  FixedPcdGet32 (PcdOvmfSnpSecretsSize),
+  (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfSnpCpuidBase),
+  FixedPcdGet32 (PcdOvmfSnpCpuidSize),
+};
+
 EFI_STATUS
 EFIAPI
 AmdSevDxeEntryPoint (
@@ -130,5 +142,16 @@ AmdSevDxeEntryPoint (
 }
   }
 
+  //
+  // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_BLOB.
+  // It contains the location for both the Secrets and CPUID page.
+  //
+  if (MemEncryptSevSnpIsEnabled ()) {
+return gBS->InstallConfigurationTable (
+  &gConfidentialComputingBlobGuid,
+  &mSnpBootDxeTable
+  );
+  }
+
   return EFI_SUCCESS;
 }
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77363): https://edk2.groups.io/g/devel/message/77363
Mute This Topic: https://groups.io/mt/83891548/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 0/12] Secure Boot default keys

Hi,

Please ignore this patchset, I was trying to create one patchset with
patches from edk2 and edk2-platfrom, but it didn't work too well.
Please let me send a new version of patches tomorrow

thanks,
greg

śr., 30 cze 2021 o 14:34 Grzegorz Bernacki via groups.io
 napisał(a):
>
>
> This patchset adds support for initialization of default
> Secure Boot variables based on keys content embedded in
> flash binary. This feature is active only if Secure Boot
> is enabled and DEFAULT_KEY is defined. The patchset
> consist also application to enroll keys from default
> variables and secure boot menu change to allow user
> to reset key content to default values.
> Discussion on design can be found at:
> https://edk2.groups.io/g/rfc/topic/82139806#600
>
> I also added patch for RPi4 which enables this feature for
> that platform.
>
> Built with:
> GCC
> - RISC-V (U500, U540) [requires fixes in dsc to build]
> - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg,
>   EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32))
> - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4)
>
> RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be built,
> will be post on edk2 maillist later
>
> VS2019
> - Intel (OvmfPkgX64)
>
> Test with:
> GCC5/RPi4
> VS2019/OvmfX64 (requires changes to enable feature)
>
> Tests:
> 1. Try to enroll key in incorrect format.
> 2. Enroll with only PKDefault keys specified.
> 3. Enroll with all keys specified.
> 4. Enroll when keys are enrolled.
> 5. Reset keys values.
> 6. Running signed & unsigned app after enrollment.
>
> Changes since v1:
> - change names:
>   SecBootVariableLib => SecureBootVariableLib
>   SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe
>   SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp
> - change name of function CheckSetupMode to GetSetupMode
> - remove ShellPkg dependecy from EnrollFromDefaultKeysApp
> - rebase to master
>
> Changes since v2:
> - fix coding style for functions headers in SecureBootVariableLib.h
> - add header to SecureBootDefaultKeys.fdf.inc
> - remove empty line spaces in SecureBootDefaultKeysDxe files
> - revert FAIL macro in EnrollFromDefaultKeysApp
> - remove functions duplicates and  add SecureBootVariableLib
>   to platforms which used it
>
> Changes since v3:
> - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
> - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
> - fix typo in guid description
>
> Grzegorz Bernacki (12):
> [edk2]
>   SecurityPkg: Create library for setting Secure Boot variables.
>   ArmVirtPkg: add SecureBootVariableLib class resolution
>   Intel Platforms: add SecureBootVariableLib class resolution
>   ArmPlatformPkg: Create include file for default key content.
>   SecurityPkg: Add SecureBootDefaultKeysDxe driver
>   SecurityPkg: Add EnrollFromDefaultKeys application.
>   SecurityPkg: Add new modules to Security package.
>   SecurityPkg: Add option to reset secure boot keys.
> [edk2-platform]
>   Intel Platforms: add SecureBootVariableLib class resolution
>   ARM Silicon and Platforms: add SecureBootVariableLib class resolution
>   RISC-V Platforms: add SecureBootVariableLib class resolution
>   Platform/RaspberryPi: Enable default Secure Boot variables
> initialization
>
>  SecurityPkg/SecurityPkg.dec  
>|  14 +
>  ArmVirtPkg/ArmVirt.dsc.inc   
>|   1 +
>  EmulatorPkg/EmulatorPkg.dsc  
>|   1 +
>  OvmfPkg/Bhyve/BhyveX64.dsc   
>|   1 +
>  OvmfPkg/OvmfPkgIa32.dsc  
>|   1 +
>  OvmfPkg/OvmfPkgIa32X64.dsc   
>|   1 +
>  OvmfPkg/OvmfPkgX64.dsc   
>|   1 +
>  SecurityPkg/SecurityPkg.dsc  
>|   4 +
>  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
>|  47 +
>  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf  
>|  79 ++
>  
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 
>   |   2 +
>  
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
>  |  45 +
>  SecurityPkg/Include/Library/SecureBootVariableLib.h  
>| 251 +
>  
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
>   |   2 +
>  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr   
>|   6 +
>  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c  
>| 109 +++
>  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
>| 980 +

Re: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressionDxe: Fix memory assert in FreePool()

2021-06-30 Thread Nickle Wang

Hi Liming,

I got my patch ready. Should I test it by creating PR on Github like 
https://github.com/tianocore/edk2/pull/1735? Or I just send out new patch for 
review?

Thanks,
Nickle

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Nickle Wang
Sent: Wednesday, June 30, 2021 9:49 AM
To: gaoliming ; devel@edk2.groups.io; 
ler...@redhat.com
Cc: jian.j.w...@intel.com; hao.a...@intel.com; Wang, Nickle (HPS SW) 

Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressionDxe: Fix memory 
assert in FreePool()

I see. Thanks for your quick response. I will work on it.

Nickle

-Original Message-
From: gaoliming 
Sent: Wednesday, June 30, 2021 9:43 AM
To: Wang, Nickle (HPS SW) ; devel@edk2.groups.io; 
ler...@redhat.com
Cc: jian.j.w...@intel.com; hao.a...@intel.com
Subject: 回复: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressionDxe: Fix memory 
assert in FreePool()

This is a separate commit. You can send it together with previous patch. 

Thanks
Liming
> -邮件原件-
> 发件人: Wang, Nickle (HPS SW) 
> 发送时间: 2021年6月30日 9:29
> 收件人: gaoliming ; devel@edk2.groups.io; 
> ler...@redhat.com
> 抄送: jian.j.w...@intel.com; hao.a...@intel.com; Wang, Nickle (HPS SW) 
> 
> 主题: RE: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressionDxe: Fix 
> memory assert in FreePool()
> 
> Hi Liming,
> 
> No problem. It looks like I have to add OnigurumaUefiPort.c into "IgnoreFiles"
> object in MdeModulePkg.ci.yaml. And should I send this patch alone? Or 
> I have to send it as a part of patch in early fix?
> 
> Thanks,
> Nickle
> 
> -Original Message-
> From: gaoliming 
> Sent: Wednesday, June 30, 2021 9:06 AM
> To: devel@edk2.groups.io; ler...@redhat.com; Wang, Nickle (HPS SW) 
> 
> Cc: jian.j.w...@intel.com; hao.a...@intel.com
> Subject: 回复: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressionDxe:
> Fix memory assert in FreePool()
> 
> Laszlo:
>  Yes. I agree to add OnigurumaUefiPort.c into ECC exception in 
> MdeModulePkg.ci.yaml.
> 
> Nickle:
>  Can you provide the patch to update MdeModulePkg.ci.yaml?
> 
> Thanks
> Liming
> > -邮件原件-
> > 发件人: devel@edk2.groups.io  代表 Laszlo
> Ersek
> > 发送时间: 2021年6月29日 22:52
> > 收件人: devel@edk2.groups.io; nickle.w...@hpe.com
> > 抄送: gaolim...@byosoft.com.cn; jian.j.w...@intel.com; 
> > hao.a...@intel.com
> > 主题: Re: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressionDxe: Fix 
> > memory assert in FreePool()
> >
> > On 06/10/21 06:56, Nickle Wang wrote:
> > > Memory buffer that is allocated by malloc() and realloc() will be 
> > > shifted by 8 bytes because Oniguruma keeps its memory signature.
> > > This 8 bytes shift is not handled while calling free() to release 
> > > memory. Add
> > > free() function to check Oniguruma signature before release memory 
> > > because memory buffer is not touched when using calloc().
> > >
> > > Signed-off-by: Nickle Wang 
> > > ---
> > >  .../RegularExpressionDxe/OnigurumaUefiPort.c  | 19
> > ++-
> > >  .../RegularExpressionDxe/OnigurumaUefiPort.h  | 14 ++
> > >  2 files changed, 20 insertions(+), 13 deletions(-)
> > >
> > > diff --git
> > a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c
> > b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c
> > > index 9aa7b0a68e..5c34324db8 100644
> > > ---
> > a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c
> > > +++
> > b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c
> > > @@ -2,7 +2,7 @@
> > >
> > >Module to rewrite stdlib references within Oniguruma
> > >
> > > -  (C) Copyright 2014-2015 Hewlett Packard Enterprise Development
> > LP
> > > +  (C) Copyright 2014-2021 Hewlett Packard Enterprise Development
> > LP
> > >Copyright (c) 2020, Intel Corporation. All rights reserved.
> > >
> > >SPDX-License-Identifier: BSD-2-Clause-Patent @@ -96,3 +96,20 @@
> > > void* memset (void *dest, char ch, unsigned int
> > count)
> > >return SetMem (dest, count, ch);  }
> > >
> > > +void free(void *ptr)
> > > +{
> > > +  VOID *EvalOnce;
> > > +  ONIGMEM_HEAD *PoolHdr;
> > > +
> > > +  EvalOnce = ptr;
> > > +  if (EvalOnce == NULL) {
> > > +return;
> > > +  }
> > > +
> > > +  PoolHdr = (ONIGMEM_HEAD *)EvalOnce - 1;
> > > +  if (PoolHdr->Signature == ONIGMEM_HEAD_SIGNATURE) {
> > > +FreePool (PoolHdr);
> > > +  } else {
> > > +FreePool (EvalOnce);
> > > +  }
> > > +}
> > > diff --git
> > a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h
> > b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h
> > > index 20b75c3361..0bdb7be529 100644
> > > ---
> > a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h
> > > +++
> > b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h
> > > @@ -2,7 +2,7 @@
> > >
> > >Module to rewrite stdlib references within Oniguruma
> > >
> > > -  (C) Copyright 2014-2015 Hewlett Packard Enterprise Development
> > LP
> > > +  (C) Copyright 2014-2021 Hewlett Packard Enterprise Development
> > LP
> > >

[edk2-devel] [PATCH] UefiPayloadPkg: Dump hob information from boot loader

2021-06-30 Thread Zhiguang Liu

Universal Payload will consume Hobs from boot loader.
Dump all hobs in the Universal Payload entry.

Cc: Maurice Ma 
Cc: Guo Dong 
Cc: Benjamin You 
Signed-off-by: Thiyagu Kesavan Balakrishnan 

Signed-off-by: Zhiguang Liu 
---
 UefiPayloadPkg/UefiPayloadEntry/PrintHob.c| 613 
+
 UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c   |  15 +++
 UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf |   8 
 3 files changed, 636 insertions(+)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/PrintHob.c 
b/UefiPayloadPkg/UefiPayloadEntry/PrintHob.c
new file mode 100644
index 00..09f37720b4
--- /dev/null
+++ b/UefiPayloadPkg/UefiPayloadEntry/PrintHob.c
@@ -0,0 +1,613 @@
+/** @file
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "UefiPayloadEntry.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+typedef
+EFI_STATUS
+(*HOB_PRINT_HANDLER) (
+  IN  VOID   *Hob,
+  IN  UINTN  Hobsize
+);
+
+typedef struct{
+  UINT16   Type;
+  CHAR8*Name;
+  HOB_PRINT_HANDLERFunction;
+} HOB_PRINT_HANDLER_TABLE;
+
+CHAR8 * mMemoryTypeStr[] = {
+  "EfiReservedMemoryType",
+  "EfiLoaderCode",
+  "EfiLoaderData",
+  "EfiBootServicesCode",
+  "EfiBootServicesData",
+  "EfiRuntimeServicesCode",
+  "EfiRuntimeServicesData",
+  "EfiConventionalMemory",
+  "EfiUnusableMemory",
+  "EfiACPIReclaimMemory",
+  "EfiACPIMemoryNVS",
+  "EfiMemoryMappedIO",
+  "EfiMemoryMappedIOPortSpace",
+  "EfiPalCode",
+  "EfiPersistentMemory",
+  "EfiMaxMemoryType"
+};
+
+CHAR8 * mResource_Type_List[] = {
+  "EFI_RESOURCE_SYSTEM_MEMORY  ", //0x
+  "EFI_RESOURCE_MEMORY_MAPPED_IO   ", //0x0001
+  "EFI_RESOURCE_IO ", //0x0002
+  "EFI_RESOURCE_FIRMWARE_DEVICE", //0x0003
+  "EFI_RESOURCE_MEMORY_MAPPED_IO_PORT  ", //0x0004
+  "EFI_RESOURCE_MEMORY_RESERVED", //0x0005
+  "EFI_RESOURCE_IO_RESERVED", //0x0006
+  "EFI_RESOURCE_MAX_MEMORY_TYPE"  //0x0007
+};
+
+typedef
+EFI_STATUS
+(*GUID_HOB_PRINT) (
+  IN  UINT8  *HobRaw
+);
+
+typedef struct {
+  EFI_GUID  *Guid;
+  GUID_HOB_PRINTFunction;
+  CHAR8 *Guidname;
+} GUID_HOB_PRINT_HANDLE;
+
+typedef struct{
+ EFI_GUID   *Guid;
+ CHAR8  *Type;
+} PRINT_MEMORY_ALLOCCATION_HOB;
+
+
+/**
+  Print the Hex value of a given range.
+
+  @retval EFI_SUCCESSIf it completed successfully.
+**/
+EFI_STATUS
+PrintHex (
+  IN  UINT8 *DataStart,
+  IN  UINTN DataSize
+  )
+{
+  UINTN  Index1;
+  UINTN  Index2;
+  UINT8  *StartAddr;
+
+  StartAddr = DataStart;
+  for (Index1 = 0; Index1 * 16 < DataSize; Index1++) {
+DEBUG ((DEBUG_INFO, "   0x%04p:",(DataStart - StartAddr)));
+for (Index2 = 0; (Index2 < 16) && (Index1 * 16 + Index2 < DataSize); 
Index2++){
+  DEBUG ((DEBUG_INFO, " %02x", *DataStart));
+  DataStart++;
+}
+DEBUG ((DEBUG_INFO, "\n"));
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Print the information in HandOffHob.
+
+  @retval EFI_SUCCESSIf it completed successfully.
+**/
+EFI_STATUS
+PrintHandOffHob(
+  IN  VOID  *HobStart,
+  IN  UINTN Hobsize
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+  Hob.Raw = (UINT8 *) HobStart;
+  ASSERT (Hobsize >= sizeof (*Hob.HandoffInformationTable));
+  DEBUG ((DEBUG_INFO, "   BootMode= 0x%x\n",  
Hob.HandoffInformationTable->BootMode));
+  DEBUG ((DEBUG_INFO, "   EfiMemoryTop= 0x%lx\n", 
Hob.HandoffInformationTable->EfiMemoryTop));
+  DEBUG ((DEBUG_INFO, "   EfiMemoryBottom = 0x%lx\n", 
Hob.HandoffInformationTable->EfiMemoryBottom));
+  DEBUG ((DEBUG_INFO, "   EfiFreeMemoryTop= 0x%lx\n", 
Hob.HandoffInformationTable->EfiFreeMemoryTop));
+  DEBUG ((DEBUG_INFO, "   EfiFreeMemoryBottom = 0x%lx\n", 
Hob.HandoffInformationTable->EfiFreeMemoryBottom));
+  DEBUG ((DEBUG_INFO, "   EfiEndOfHobList = 0x%lx\n", 
Hob.HandoffInformationTable->EfiEndOfHobList));
+  return EFI_SUCCESS;
+}
+
+/**
+  Print the information in Memory Allocation Hob.
+
+  @retval EFI_SUCCESSIf it completed successfully.
+**/
+EFI_STATUS
+PrintMemoryAllocationHob (
+  IN  VOID  *HobStart,
+  IN  UINTN Hobsize
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+
+  Hob

[edk2-devel] [PATCH edk2-test 1/1] uefi-sct/SctPkg: uefi-sct: QueryVariableInfo(EFI_VARIABLE_NON_VOLATILE)

2021-06-30 Thread Heinrich Schuchardt

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3469

The Self Certification Test (SCT) II Case Specification, 2017 requires
in 5.2.1.4.5. that QueryVariableInfo() shall fail for

attributes = EFI_VARIABLE_NON_VOLATILE.

Add EFI_VARIABLE_NON_VOLATILE to tested values in function
QueryVariableInfoConfTestSub5().

Signed-off-by: Heinrich Schuchardt 
---
 .../BlackBoxTest/VariableServicesBBTestConformance.c | 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/VariableServices/BlackBoxTest/VariableServicesBBTestConformance.c
 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/VariableServices/BlackBoxTest/VariableServicesBBTestConformance.c
index e2182c5cca7b..731a3cadeac2 100644
--- 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/VariableServices/BlackBoxTest/VariableServicesBBTestConformance.c
+++ 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/VariableServices/BlackBoxTest/VariableServicesBBTestConformance.c
@@ -3399,6 +3399,7 @@ QueryVariableInfoConfTestSub5 (
 {
   EFI_STATUSStatus;
   UINT32InvalidAttributes[] = {
+  EFI_VARIABLE_NON_VOLATILE,
   EFI_VARIABLE_RUNTIME_ACCESS,
   
EFI_VARIABLE_NON_VOLATILE|EFI_VARIABLE_RUNTIME_ACCESS,
   0
--
2.30.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77367): https://edk2.groups.io/g/devel/message/77367
Mute This Topic: https://groups.io/mt/83894157/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-platforms][PATCH v4 05/41] IntelSiliconPkg: Add microcode FV PCDs

2021-06-30 Thread Michael Kubacki


I found two locations:

Silicon\Intel\CoffeelakeSiliconPkg\Cpu\Library\PeiCpuPolicyLib\PeiCpuPolicyLib.c

Silicon\Intel\IntelSiliconPkg\Feature\Flash\SpiFvbService\SpiFvbServiceMm.c

On 6/30/2021 2:45 AM, Ni, Ray wrote:

Ok. I understand your patch just merges the existing PCDs from individual 
XXSIliconPkgs to IntelSiliconPkg.
Are there any modules that use these PCDs in XXSiliconPkgs?


-Original Message-
From: Michael Kubacki 
Sent: Wednesday, June 30, 2021 10:27 AM
To: Ni, Ray 
Cc: devel@edk2.groups.io; Chaganty, Rangasai V ; Lou, Yun 
; Oram, Isaac W 
Subject: Re: [edk2-platforms][PATCH v4 05/41] IntelSiliconPkg: Add microcode FV 
PCDs

Unfortunately, those cannot be used in the silicon packages.

This is not new to this series, see existing code:

https://github.com/tianocore/edk2-platforms/blob/086a3a3ce6c42c859ee5943eb2c4b6edcefdc241/Silicon/Intel/KabylakeSiliconPkg/SiPkg.dec#L460

https://github.com/tianocore/edk2-platforms/blob/086a3a3ce6c42c859ee5943eb2c4b6edcefdc241/Silicon/Intel/CoffeelakeSiliconPkg/SiPkg.dec#L481

https://github.com/tianocore/edk2-platforms/blob/086a3a3ce6c42c859ee5943eb2c4b6edcefdc241/Silicon/Intel/TigerlakeSiliconPkg/SiPkg.dec#L845

This series consolidates them to one silicon package declaration.

We can clean up further but this series has been out for 2+ months, rebasing 40 
patches is costly, and incremental changes can continue to be made in the 
future. I originally made this series to prepare the code for some Standalone 
MM changes and those are still waiting to be rebased.

On 6/29/2021 1:09 AM, Ni, Ray wrote:

Michael,
Below PCDs are in MinPlatformPkg. Can you use them instead of adding new ones 
in IntelSiliconPkg?

## Indicates the MMIO base address of the microcode FV in flash.

gMinPlatformPkgTokenSpaceGuid.PcdFlashFvMicrocodeBase|0xFFE6|UINT3

2|0x3004

## Indicates the size of the microcode FV in flash.

gMinPlatformPkgTokenSpaceGuid.PcdFlashFvMicrocodeSize|0x000A|UINT3

2|0x3005

## Indicates the offset of the microcode FV relative to the beginning of 
flash.

gMinPlatformPkgTokenSpaceGuid.PcdFlashFvMicrocodeOffset|0x0066|UIN

T32|0x3006

## Indicates the offset of the actual microcode content relative to the 
beginning of the microcode FV.

gMinPlatformPkgTokenSpaceGuid.PcdMicrocodeOffsetInFv|0x90|UINT32|0x300

7


-Original Message-
From: mikub...@linux.microsoft.com 
Sent: Friday, June 25, 2021 2:21 PM
To: devel@edk2.groups.io
Cc: Ni, Ray ; Chaganty, Rangasai V
; Desimone, Nathaniel L

Subject: [edk2-platforms][PATCH v4 05/41] IntelSiliconPkg: Add
microcode FV PCDs

From: Michael Kubacki 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3307

Adds the following PCDs to IntelSiliconPkg.dec to consolidate the PCD to a 
single silicon declaration file. This allows libraries modules in 
IntelSiliconPkg to be able to use this PCD.

gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvBase
gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvSize
gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvOffset

Cc: Ray Ni 
Cc: Rangasai V Chaganty 
Signed-off-by: Michael Kubacki 
Reviewed-by: Nate DeSimone 
---
   Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 3 +++
   1 file changed, 3 insertions(+)

diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
index 097c4ca4d795..fb8391000347 100644
--- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
+++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
@@ -91,6 +91,9 @@ [PcdsFeatureFlag]
   [PcdsFixedAtBuild]
 
gIntelSiliconPkgTokenSpaceGuid.PcdBiosAreaBaseAddress|0xFF80|UINT32|0x0007
 
gIntelSiliconPkgTokenSpaceGuid.PcdBiosSize|0x0080|UINT32|0x000

8
+
+ gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvBase|0xFFE6|UI
+ NT
+ 32|0x0009
+ gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvSize|0x000A|UI
+ NT
+ 32|0x000A
+ gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvOffset|0x0066|
+ UI
+ NT32|0x000B
   
   [PcdsFixedAtBuild, PcdsPatchableInModule]

 ## Error code for VTd error.
--
2.28.0.windows.1










-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77368): https://edk2.groups.io/g/devel/message/77368
Mute This Topic: https://groups.io/mt/83794784/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-platforms PATCH v4 10/12] ARM Silicon and Platforms: add SecureBootVariableLib class resolution

2021-06-30 Thread Graeme Gregory

On Wed, Jun 30, 2021 at 02:34:10PM +0200, Grzegorz Bernacki wrote:
> The edk2 patch
>   SecurityPkg: Create library for setting Secure Boot variables.
> 
> removes generic functions from SecureBootConfigDxe and places
> them into SecureBootVariableLib. This patch adds SecureBootVariableLib
> mapping for each ARM platform which uses SecureBootConfigDxe.
> 

For the SBSA Qemu bit

Reviewed-by: Graeme Gregory 

> Signed-off-by: Grzegorz Bernacki 
> ---
>  Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 1 +
>  Platform/Qemu/SbsaQemu/SbsaQemu.dsc  | 1 +
>  Platform/RaspberryPi/RPi3/RPi3.dsc   | 1 +
>  Platform/RaspberryPi/RPi4/RPi4.dsc   | 1 +
>  Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 4 
>  5 files changed, 8 insertions(+)
> 
> diff --git a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc 
> b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
> index fee7cfcc2d..60fdb244ba 100644
> --- a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
> +++ b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
> @@ -129,6 +129,7 @@
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
>AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +  
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>  
># re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
>PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc 
> b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> index 11ce361cdb..b1c4030ec9 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> @@ -156,6 +156,7 @@ DEFINE NETWORK_HTTP_BOOT_ENABLE   = FALSE
>#
>
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
>AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +  
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>  
># re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
>PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
> diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc 
> b/Platform/RaspberryPi/RPi3/RPi3.dsc
> index 53825bcf62..73f7f2f8c3 100644
> --- a/Platform/RaspberryPi/RPi3/RPi3.dsc
> +++ b/Platform/RaspberryPi/RPi3/RPi3.dsc
> @@ -167,6 +167,7 @@
>  
># re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
>PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
> +  
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>  !else
>
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
>
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
> diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc 
> b/Platform/RaspberryPi/RPi4/RPi4.dsc
> index fd73c4d14b..d38fee8fb8 100644
> --- a/Platform/RaspberryPi/RPi4/RPi4.dsc
> +++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
> @@ -164,6 +164,7 @@
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
>AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +  
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>  
># re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
>PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
> diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc 
> b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
> index 88454c1f90..41b7c3bced 100644
> --- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
> +++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
> @@ -52,6 +52,10 @@
>  
>
> MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
>  
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> +  
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
> +!endif
> +
>  [LibraryClasses.common.SEC]
>PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
>BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> -- 
> 2.25.1
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77369): https://edk2.groups.io/g/devel/message/77369
Mute This Topic: https://groups.io/mt/83891040/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 0/4] SEV Live Migration support for OVMF.

On 06/30/21 11:11, Ashish Kalra via groups.io wrote:
> Hello Laszlo,
> 
> On Wed, Jun 23, 2021 at 06:49:06PM +0200, Laszlo Ersek wrote:
>> On 06/23/21 18:42, Laszlo Ersek wrote:
>>> On 06/22/21 19:46, Ashish Kalra wrote:
>>
 Please find below your reply on v3 of this patch-set :

 Please include such a patch in v4 -- if Tom and Brijesh agree, I'd like to 
 put the new lib explicitly under their reviewership.

 Also, I plan to review this series (v4, at this point) only for 
 formalities. I'd like to receive an R-b from Tom or Brijesh [*], and 
 another from Dov or a colleague at IBM, for this series; those together 
 should suffice for merging the library.

 So, if you are fine with this approach, then probably Tom or Brijesh can
 take these patches under their reviewership and provide their R-b for
 this patch-set to be accepted and merged.
>>>
>>> Indeed. This helps. Thanks.
>>>
>>> I'll keep this patch set in my review queue then, for said "formalities
>>> review".
>>
>> Please do file a TianoCore Feature Request BZ for this, and reference
>> the bug URL in the commit messages. One important purpose of such a BZ
>> is to succinctly link together all versions of a patch set -- that way
>> poor maintainers know where to find previous versions, even if the blurb
>> subject line changes over time. I also like to capture "permanent
>> workflow notes" like the above in BZs (basically a high-level summary of
>> who does what).
>>
> 
> I have filed a new TianoCore Feature request BZ for this.
> https://bugzilla.tianocore.org/show_bug.cgi?id=3467
> 
> I will refer this bug in future commit messages for this patch-set. 
> 
> Please let me know if you want me to add additional contents and
> comments to this bug.

Thanks for filing the BZ, I've captured my previous statements / wishes
in some new BZ comments now.

Laszlo

> 
> Thanks,
> Ashish
> 
>> For now it seems that a v5 will be necessary. Please keep me on CC, and
>> when you have the BZ filed, we should link all past and future versions
>> into it.
>>
>> Thanks
>> Laszlo
>>
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77370): https://edk2.groups.io/g/devel/message/77370
Mute This Topic: https://groups.io/mt/83688869/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] MdeModulePkg PiSmmCore: Change MemoryAttributes message to DEBUG_VERBOSE level

On 06/30/21 08:36, Ni, Ray wrote:
> Can you explain why VERBOSE is chosen instead of INFO?

I agree it should be documented in the commit message. One good reason
is if there are many messages, as logging lots of messages is costly (it
slows down booting).

Thanks
Laszlo

> 
> Thanks,
> Ray
> 
> -Original Message-
> From: Yang Gang  
> Sent: Wednesday, June 30, 2021 1:54 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric ; Ni, Ray ; Liming Gao 
> 
> Subject: [PATCH] MdeModulePkg PiSmmCore: Change MemoryAttributes message to 
> DEBUG_VERBOSE level
> 
> Signed-off-by: Yang Gang 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Liming Gao 
> ---
>  .../Core/PiSmmCore/MemoryAttributesTable.c| 26 +--
>  1 file changed, 13 insertions(+), 13 deletions(-)
> 
> diff --git a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c 
> b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
> index de8262ecb9..3e8a80dd7d 100644
> --- a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
> +++ b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
> @@ -1208,10 +1208,10 @@ PublishMemoryAttributesTable (
>ASSERT (Status == EFI_BUFFER_TOO_SMALL);
>  
>do {
> -DEBUG ((DEBUG_INFO, "MemoryMapSize - 0x%x\n", MemoryMapSize));
> +DEBUG ((DEBUG_VERBOSE, "MemoryMapSize - 0x%x\n", MemoryMapSize));
>  MemoryMap = AllocatePool (MemoryMapSize);
>  ASSERT (MemoryMap != NULL);
> -DEBUG ((DEBUG_INFO, "MemoryMap - 0x%x\n", MemoryMap));
> +DEBUG ((DEBUG_VERBOSE, "MemoryMap - 0x%x\n", MemoryMap));
>  
>  Status = SmmCoreGetMemoryMapMemoryAttributesTable (
> &MemoryMapSize,
> @@ -1236,19 +1236,19 @@ PublishMemoryAttributesTable (
>MemoryAttributesTable->NumberOfEntries = (UINT32)RuntimeEntryCount;
>MemoryAttributesTable->DescriptorSize  = (UINT32)DescriptorSize;
>MemoryAttributesTable->Reserved= 0;
> -  DEBUG ((DEBUG_INFO, "MemoryAttributesTable:\n"));
> -  DEBUG ((DEBUG_INFO, "  Version  - 0x%08x\n", 
> MemoryAttributesTable->Version));
> -  DEBUG ((DEBUG_INFO, "  NumberOfEntries  - 0x%08x\n", 
> MemoryAttributesTable->NumberOfEntries));
> -  DEBUG ((DEBUG_INFO, "  DescriptorSize   - 0x%08x\n", 
> MemoryAttributesTable->DescriptorSize));
> +  DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));
> +  DEBUG ((DEBUG_VERBOSE, "  Version  - 0x%08x\n", 
> MemoryAttributesTable->Version));
> +  DEBUG ((DEBUG_VERBOSE, "  NumberOfEntries  - 0x%08x\n", 
> MemoryAttributesTable->NumberOfEntries));
> +  DEBUG ((DEBUG_VERBOSE, "  DescriptorSize   - 0x%08x\n", 
> MemoryAttributesTable->DescriptorSize));
>MemoryAttributesEntry = (EFI_MEMORY_DESCRIPTOR *)(MemoryAttributesTable + 
> 1);
>for (Index = 0; Index < MemoryMapSize/DescriptorSize; Index++) {
>  CopyMem (MemoryAttributesEntry, MemoryMap, DescriptorSize);
> -DEBUG ((DEBUG_INFO, "Entry (0x%x)\n", MemoryAttributesEntry));
> -DEBUG ((DEBUG_INFO, "  Type  - 0x%x\n", 
> MemoryAttributesEntry->Type));
> -DEBUG ((DEBUG_INFO, "  PhysicalStart - 0x%016lx\n", 
> MemoryAttributesEntry->PhysicalStart));
> -DEBUG ((DEBUG_INFO, "  VirtualStart  - 0x%016lx\n", 
> MemoryAttributesEntry->VirtualStart));
> -DEBUG ((DEBUG_INFO, "  NumberOfPages - 0x%016lx\n", 
> MemoryAttributesEntry->NumberOfPages));
> -DEBUG ((DEBUG_INFO, "  Attribute - 0x%016lx\n", 
> MemoryAttributesEntry->Attribute));
> +DEBUG ((DEBUG_VERBOSE, "Entry (0x%x)\n", MemoryAttributesEntry));
> +DEBUG ((DEBUG_VERBOSE, "  Type  - 0x%x\n", 
> MemoryAttributesEntry->Type));
> +DEBUG ((DEBUG_VERBOSE, "  PhysicalStart - 0x%016lx\n", 
> MemoryAttributesEntry->PhysicalStart));
> +DEBUG ((DEBUG_VERBOSE, "  VirtualStart  - 0x%016lx\n", 
> MemoryAttributesEntry->VirtualStart));
> +DEBUG ((DEBUG_VERBOSE, "  NumberOfPages - 0x%016lx\n", 
> MemoryAttributesEntry->NumberOfPages));
> +DEBUG ((DEBUG_VERBOSE, "  Attribute - 0x%016lx\n", 
> MemoryAttributesEntry->Attribute));
>  MemoryAttributesEntry = NEXT_MEMORY_DESCRIPTOR(MemoryAttributesEntry, 
> DescriptorSize);
>  
>  MemoryMap = NEXT_MEMORY_DESCRIPTOR(MemoryMap, DescriptorSize); @@ 
> -1331,7 +1331,7 @@ SmmInstallMemoryAttributesTable (  {
>SmmInstallImageRecord ();
>  
> -  DEBUG ((DEBUG_INFO, "SMM MemoryProtectionAttribute - 0x%016lx\n", 
> mMemoryProtectionAttribute));
> +  DEBUG ((DEBUG_VERBOSE, "SMM MemoryProtectionAttribute - 0x%016lx\n", 
> + mMemoryProtectionAttribute));
>if ((mMemoryProtectionAttribute & 
> EFI_MEMORY_ATTRIBUTES_RUNTIME_MEMORY_PROTECTION_NON_EXECUTABLE_PE_DATA) == 0) 
> {
>  return EFI_SUCCESS;
>}
> --
> 2.23.0.windows.1
> 
> 
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77371): https://edk2.groups.io/g/devel/message/77371
Mute This Topic: https://groups.io/mt/83886683/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/

Re: [edk2-devel] [PATCH v4 2/8] ArmVirtPkg: add SecureBootVariableLib class resolution

On 06/30/21 14:34, Grzegorz Bernacki wrote:
> The edk2 patch
>   SecurityPkg: Create library for setting Secure Boot variables.
> 
> removes generic functions from SecureBootConfigDxe and places
> them into SecureBootVariableLib. This patch adds SecureBootVariableLib
> mapping for ArmVirtPkg platform.
> 
> Signed-off-by: Grzegorz Bernacki 
> ---
>  ArmVirtPkg/ArmVirt.dsc.inc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index d9abadbe70..11c1f53537 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -168,6 +168,7 @@
>#
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +  
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>  
># re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
>PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
> 

I know a new version is coming up, but one comment still:

you should please make this series bisectable. That is, the series
should build at every stage.

That implies the following approach (each step below corresponds to a
patch, or to a sequence of patches):

- introduce the new library (class and instance(s)) first, in isolation;
this will duplicate the internal functions of SecureBootConfigDxe

- add lib class resolution(s) to all platforms in edk2 (and
edk2-platforms, possibly) that include SecureBootConfigDxe

- replace the internal functions of SecureBootConfigDxe with the new
library dependency.

Right now, ArmVirtPkg platforms will definitely not build against your
patch set applied up to and including only patch#1, because at patch#1,
SecureBootConfigDxe depends on SecureBootVariableLib, but ArmVirtPkg
doesn't yet resolve that lib class to any instance.

Also, I don't see any OvmfPkg patch in the series... hm, well, there are
OvmfPkg modifications, but they have been squashed into patch#3, "Intel
Platforms: add SecureBootVariableLib class resolution".

Regardless of whether we call OvmfPkg an "Intel Platform" -- I wouldn't,
BTW --, OvmfPkg DSC updates need to go in their own, isolated patch.
Same for EmulatorPkg -- separate patch please.

Thanks,
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77372): https://edk2.groups.io/g/devel/message/77372
Mute This Topic: https://groups.io/mt/83891029/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] MdeModulePkg PiSmmCore: Change MemoryAttributes message to DEBUG_VERBOSE level

2021-06-30 Thread Yang Gang

Hi Ray,

This changes align to DxeCore
edk2\MdeModulePkg\Core\Dxe\Misc\MemoryAttributesTable.c

DxeCore uses VERBOSE error level to print MemoryAttributesTable. So, update
SmmCore to align to DxeCore.

Thanks,
Yang Gang

-Original Message-
From: Ni, Ray  
Sent: 2021年6月30日 14:37
To: Yang Gang ; devel@edk2.groups.io
Cc: Dong, Eric ; Liming Gao 
Subject: RE: [PATCH] MdeModulePkg PiSmmCore: Change MemoryAttributes message
to DEBUG_VERBOSE level

Can you explain why VERBOSE is chosen instead of INFO?

Thanks,
Ray

-Original Message-
From: Yang Gang 
Sent: Wednesday, June 30, 2021 1:54 PM
To: devel@edk2.groups.io
Cc: Dong, Eric ; Ni, Ray ; Liming Gao

Subject: [PATCH] MdeModulePkg PiSmmCore: Change MemoryAttributes message to
DEBUG_VERBOSE level

Signed-off-by: Yang Gang 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Liming Gao 
---
 .../Core/PiSmmCore/MemoryAttributesTable.c| 26 +--
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
index de8262ecb9..3e8a80dd7d 100644
--- a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
+++ b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
@@ -1208,10 +1208,10 @@ PublishMemoryAttributesTable (
   ASSERT (Status == EFI_BUFFER_TOO_SMALL);
 
   do {
-DEBUG ((DEBUG_INFO, "MemoryMapSize - 0x%x\n", MemoryMapSize));
+DEBUG ((DEBUG_VERBOSE, "MemoryMapSize - 0x%x\n", MemoryMapSize));
 MemoryMap = AllocatePool (MemoryMapSize);
 ASSERT (MemoryMap != NULL);
-DEBUG ((DEBUG_INFO, "MemoryMap - 0x%x\n", MemoryMap));
+DEBUG ((DEBUG_VERBOSE, "MemoryMap - 0x%x\n", MemoryMap));
 
 Status = SmmCoreGetMemoryMapMemoryAttributesTable (
&MemoryMapSize,
@@ -1236,19 +1236,19 @@ PublishMemoryAttributesTable (
   MemoryAttributesTable->NumberOfEntries = (UINT32)RuntimeEntryCount;
   MemoryAttributesTable->DescriptorSize  = (UINT32)DescriptorSize;
   MemoryAttributesTable->Reserved= 0;
-  DEBUG ((DEBUG_INFO, "MemoryAttributesTable:\n"));
-  DEBUG ((DEBUG_INFO, "  Version  - 0x%08x\n",
MemoryAttributesTable->Version));
-  DEBUG ((DEBUG_INFO, "  NumberOfEntries  - 0x%08x\n",
MemoryAttributesTable->NumberOfEntries));
-  DEBUG ((DEBUG_INFO, "  DescriptorSize   - 0x%08x\n",
MemoryAttributesTable->DescriptorSize));
+  DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));
+  DEBUG ((DEBUG_VERBOSE, "  Version  - 0x%08x\n",
MemoryAttributesTable->Version));
+  DEBUG ((DEBUG_VERBOSE, "  NumberOfEntries  - 0x%08x\n",
MemoryAttributesTable->NumberOfEntries));
+  DEBUG ((DEBUG_VERBOSE, "  DescriptorSize   - 0x%08x\n",
MemoryAttributesTable->DescriptorSize));
   MemoryAttributesEntry = (EFI_MEMORY_DESCRIPTOR *)(MemoryAttributesTable +
1);
   for (Index = 0; Index < MemoryMapSize/DescriptorSize; Index++) {
 CopyMem (MemoryAttributesEntry, MemoryMap, DescriptorSize);
-DEBUG ((DEBUG_INFO, "Entry (0x%x)\n", MemoryAttributesEntry));
-DEBUG ((DEBUG_INFO, "  Type  - 0x%x\n",
MemoryAttributesEntry->Type));
-DEBUG ((DEBUG_INFO, "  PhysicalStart - 0x%016lx\n",
MemoryAttributesEntry->PhysicalStart));
-DEBUG ((DEBUG_INFO, "  VirtualStart  - 0x%016lx\n",
MemoryAttributesEntry->VirtualStart));
-DEBUG ((DEBUG_INFO, "  NumberOfPages - 0x%016lx\n",
MemoryAttributesEntry->NumberOfPages));
-DEBUG ((DEBUG_INFO, "  Attribute - 0x%016lx\n",
MemoryAttributesEntry->Attribute));
+DEBUG ((DEBUG_VERBOSE, "Entry (0x%x)\n", MemoryAttributesEntry));
+DEBUG ((DEBUG_VERBOSE, "  Type  - 0x%x\n",
MemoryAttributesEntry->Type));
+DEBUG ((DEBUG_VERBOSE, "  PhysicalStart - 0x%016lx\n",
MemoryAttributesEntry->PhysicalStart));
+DEBUG ((DEBUG_VERBOSE, "  VirtualStart  - 0x%016lx\n",
MemoryAttributesEntry->VirtualStart));
+DEBUG ((DEBUG_VERBOSE, "  NumberOfPages - 0x%016lx\n",
MemoryAttributesEntry->NumberOfPages));
+DEBUG ((DEBUG_VERBOSE, "  Attribute - 0x%016lx\n",
MemoryAttributesEntry->Attribute));
 MemoryAttributesEntry = NEXT_MEMORY_DESCRIPTOR(MemoryAttributesEntry,
DescriptorSize);
 
 MemoryMap = NEXT_MEMORY_DESCRIPTOR(MemoryMap, DescriptorSize); @@
-1331,7 +1331,7 @@ SmmInstallMemoryAttributesTable (  {
   SmmInstallImageRecord ();
 
-  DEBUG ((DEBUG_INFO, "SMM MemoryProtectionAttribute - 0x%016lx\n",
mMemoryProtectionAttribute));
+  DEBUG ((DEBUG_VERBOSE, "SMM MemoryProtectionAttribute - 0x%016lx\n", 
+ mMemoryProtectionAttribute));
   if ((mMemoryProtectionAttribute &
EFI_MEMORY_ATTRIBUTES_RUNTIME_MEMORY_PROTECTION_NON_EXECUTABLE_PE_DATA) ==
0) {
 return EFI_SUCCESS;
   }
--
2.23.0.windows.1






-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77374): https://edk2.groups.io/g/devel/message/77374
Mute This Topic: https://groups.io/mt/83886683/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/un

[edk2-devel] [PATCH] MdeModulePkg PiSmmCore: Change MemoryAttributes message to DEBUG_VERBOSE level

2021-06-30 Thread Yang Gang

Signed-off-by: Yang Gang 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Liming Gao 
---
 .../Core/PiSmmCore/MemoryAttributesTable.c| 26 +--
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c 
b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
index de8262ecb9..3e8a80dd7d 100644
--- a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
+++ b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
@@ -1208,10 +1208,10 @@ PublishMemoryAttributesTable (
   ASSERT (Status == EFI_BUFFER_TOO_SMALL);
 
   do {
-DEBUG ((DEBUG_INFO, "MemoryMapSize - 0x%x\n", MemoryMapSize));
+DEBUG ((DEBUG_VERBOSE, "MemoryMapSize - 0x%x\n", MemoryMapSize));
 MemoryMap = AllocatePool (MemoryMapSize);
 ASSERT (MemoryMap != NULL);
-DEBUG ((DEBUG_INFO, "MemoryMap - 0x%x\n", MemoryMap));
+DEBUG ((DEBUG_VERBOSE, "MemoryMap - 0x%x\n", MemoryMap));
 
 Status = SmmCoreGetMemoryMapMemoryAttributesTable (
&MemoryMapSize,
@@ -1236,19 +1236,19 @@ PublishMemoryAttributesTable (
   MemoryAttributesTable->NumberOfEntries = (UINT32)RuntimeEntryCount;
   MemoryAttributesTable->DescriptorSize  = (UINT32)DescriptorSize;
   MemoryAttributesTable->Reserved= 0;
-  DEBUG ((DEBUG_INFO, "MemoryAttributesTable:\n"));
-  DEBUG ((DEBUG_INFO, "  Version  - 0x%08x\n", 
MemoryAttributesTable->Version));
-  DEBUG ((DEBUG_INFO, "  NumberOfEntries  - 0x%08x\n", 
MemoryAttributesTable->NumberOfEntries));
-  DEBUG ((DEBUG_INFO, "  DescriptorSize   - 0x%08x\n", 
MemoryAttributesTable->DescriptorSize));
+  DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));
+  DEBUG ((DEBUG_VERBOSE, "  Version  - 0x%08x\n", 
MemoryAttributesTable->Version));
+  DEBUG ((DEBUG_VERBOSE, "  NumberOfEntries  - 0x%08x\n", 
MemoryAttributesTable->NumberOfEntries));
+  DEBUG ((DEBUG_VERBOSE, "  DescriptorSize   - 0x%08x\n", 
MemoryAttributesTable->DescriptorSize));
   MemoryAttributesEntry = (EFI_MEMORY_DESCRIPTOR *)(MemoryAttributesTable + 1);
   for (Index = 0; Index < MemoryMapSize/DescriptorSize; Index++) {
 CopyMem (MemoryAttributesEntry, MemoryMap, DescriptorSize);
-DEBUG ((DEBUG_INFO, "Entry (0x%x)\n", MemoryAttributesEntry));
-DEBUG ((DEBUG_INFO, "  Type  - 0x%x\n", 
MemoryAttributesEntry->Type));
-DEBUG ((DEBUG_INFO, "  PhysicalStart - 0x%016lx\n", 
MemoryAttributesEntry->PhysicalStart));
-DEBUG ((DEBUG_INFO, "  VirtualStart  - 0x%016lx\n", 
MemoryAttributesEntry->VirtualStart));
-DEBUG ((DEBUG_INFO, "  NumberOfPages - 0x%016lx\n", 
MemoryAttributesEntry->NumberOfPages));
-DEBUG ((DEBUG_INFO, "  Attribute - 0x%016lx\n", 
MemoryAttributesEntry->Attribute));
+DEBUG ((DEBUG_VERBOSE, "Entry (0x%x)\n", MemoryAttributesEntry));
+DEBUG ((DEBUG_VERBOSE, "  Type  - 0x%x\n", 
MemoryAttributesEntry->Type));
+DEBUG ((DEBUG_VERBOSE, "  PhysicalStart - 0x%016lx\n", 
MemoryAttributesEntry->PhysicalStart));
+DEBUG ((DEBUG_VERBOSE, "  VirtualStart  - 0x%016lx\n", 
MemoryAttributesEntry->VirtualStart));
+DEBUG ((DEBUG_VERBOSE, "  NumberOfPages - 0x%016lx\n", 
MemoryAttributesEntry->NumberOfPages));
+DEBUG ((DEBUG_VERBOSE, "  Attribute - 0x%016lx\n", 
MemoryAttributesEntry->Attribute));
 MemoryAttributesEntry = NEXT_MEMORY_DESCRIPTOR(MemoryAttributesEntry, 
DescriptorSize);
 
 MemoryMap = NEXT_MEMORY_DESCRIPTOR(MemoryMap, DescriptorSize);
@@ -1331,7 +1331,7 @@ SmmInstallMemoryAttributesTable (
 {
   SmmInstallImageRecord ();
 
-  DEBUG ((DEBUG_INFO, "SMM MemoryProtectionAttribute - 0x%016lx\n", 
mMemoryProtectionAttribute));
+  DEBUG ((DEBUG_VERBOSE, "SMM MemoryProtectionAttribute - 0x%016lx\n", 
mMemoryProtectionAttribute));
   if ((mMemoryProtectionAttribute & 
EFI_MEMORY_ATTRIBUTES_RUNTIME_MEMORY_PROTECTION_NON_EXECUTABLE_PE_DATA) == 0) {
 return EFI_SUCCESS;
   }
-- 
2.23.0.windows.1




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77373): https://edk2.groups.io/g/devel/message/77373
Mute This Topic: https://groups.io/mt/83886683/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Correct value for PCD_DATABASE_OFFSET_MASK

2021-06-30 Thread Konstantin Aladyshev

Hello!
I was investigating implementation of the PCD database
(https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Include/Guid/PcdDataBaseSignatureGuid.h).

According to my understanding LocalTokenNumber is implemented this way:
```
|31 30 29 28|27 26 25 24|23 22 21 20|19 18 17 16 15 14 13 12 11  9  8
7  6  5  4  3  2  1  0
| X  X  X  X| X  X  X  X| X  X  X  X| X  X  X  X  X  X  X  X  X  X  X
X  X  X  X  X  X  X  X
\___/\__/\__/\__/
  PCD_TYPE   PCD_DATUM   PCD_DATUM_2   PCD_DATABASE_OFFSET_MASK
```

PCD_DATABASE_OFFSET_MASK is defined as follows:
```
#define PCD_DATABASE_OFFSET_MASK (~(PCD_TYPE_ALL_SET |
PCD_DATUM_TYPE_ALL_SET | PCD_DATUM_TYPE_UINT8_BOOLEAN))
```
But PCD_DATUM_TYPE_UINT8_BOOLEAN is only 1 bit:
```
#define PCD_DATUM_TYPE_UINT8_BOOLEAN (0x1U << PCD_DATUM_TYPE_SHIFT2)
```
Therefore PCD_DATABASE_OFFSET_MASK is getting assigned to bits [(0-19),(21-23)].

Shouldn't it be something like this:
```
#define PCD_DATUM_TYPE_2_ALL_SET (PCD_DATUM_TYPE_UINT8_BOOLEAN| \
  (0x2U << PCD_DATUM_TYPE_SHIFT2) | \
  (0x4U << PCD_DATUM_TYPE_SHIFT2) | \
  (0x8U << PCD_DATUM_TYPE_SHIFT2))
#define PCD_DATABASE_OFFSET_MASK (~(PCD_TYPE_ALL_SET |
PCD_DATUM_TYPE_ALL_SET | PCD_DATUM_TYPE_2_ALL_SET))
```

If it is really an error, I can make a patch.

Best regards.
Konstantin Aladyshev


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77375): https://edk2.groups.io/g/devel/message/77375
Mute This Topic: https://groups.io/mt/83899306/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] CPU count limitation in CpuMpPei BIST processing

Hi Eric, Mike, Ray,

with "master" being at commit 3cde0d553d93, please consider the
CollectBistDataFromPpi() function in "UefiCpuPkg/CpuMpPei/CpuBist.c":

> /**
>   Collects BIST data from PPI.
>
>   This function collects BIST data from Sec Platform Information2 PPI
>   or SEC Platform Information PPI.
>
>   @param PeiServices Pointer to PEI Services Table
>
> **/
> VOID
> CollectBistDataFromPpi (
>   IN CONST EFI_PEI_SERVICES **PeiServices
>   )
> {
>   EFI_STATUSStatus;
>   EFI_PEI_PPI_DESCRIPTOR*SecInformationDescriptor;
>   EFI_SEC_PLATFORM_INFORMATION_RECORD2  *SecPlatformInformation2;
>   EFI_SEC_PLATFORM_INFORMATION_RECORD   *SecPlatformInformation;
>   UINTN NumberOfData;
>   EFI_SEC_PLATFORM_INFORMATION_CPU  *CpuInstance;
>   EFI_SEC_PLATFORM_INFORMATION_CPU  BspCpuInstance;
>   UINTN ProcessorNumber;
>   UINTN CpuIndex;
>   EFI_PROCESSOR_INFORMATION ProcessorInfo;
>   EFI_HEALTH_FLAGS  BistData;
>   UINTN NumberOfProcessors;
>   UINTN NumberOfEnabledProcessors;
>   UINTN BistInformationSize;
>   EFI_SEC_PLATFORM_INFORMATION_RECORD2  *PlatformInformationRecord2;
>   EFI_SEC_PLATFORM_INFORMATION_CPU  *CpuInstanceInHob;
>
>
>   MpInitLibGetNumberOfProcessors(&NumberOfProcessors, 
> &NumberOfEnabledProcessors);
>
>   BistInformationSize = sizeof (EFI_SEC_PLATFORM_INFORMATION_RECORD2) +
> sizeof (EFI_SEC_PLATFORM_INFORMATION_CPU) * 
> NumberOfProcessors;
>   Status = PeiServicesAllocatePool (
>  (UINTN) BistInformationSize,
>  (VOID **) &PlatformInformationRecord2
>  );
>   ASSERT_EFI_ERROR (Status);

If "NumberOfProcessors" is large enough, such as ~1024, then
"BistInformationSize" will exceed ~64KB, and PeiServicesAllocatePool()
will fail with EFI_OUT_OF_RESOURCES. The reason is that pool allocations
in PEI are implemented with memory alloaction HOBs, and HOBs can't be
larger than ~64KB. (See PeiAllocatePool() in
"MdeModulePkg/Core/Pei/Memory/MemoryServices.c".)

It wouldn't be too hard to fall back to PeiServicesAllocatePages() here.
Page allocation has a good chance to succeed at this point, because
CpuMpPei only calls CollectBistDataFromPpi() *after* permanent PEI RAM
has been installed:

- Entry point:

  CpuMpPeimInit()[UefiCpuPkg/CpuMpPei/CpuMpPei.c]
PeiServicesNotifyPpi(mPostMemNotifyList)
  gEfiPeiMemoryDiscoveredPpiGuid
  MemoryDiscoveredPpiNotifyCallback

- PPI notify:

  MemoryDiscoveredPpiNotifyCallback() [UefiCpuPkg/CpuMpPei/CpuPaging.c]
InitializeCpuMpWorker()   [UefiCpuPkg/CpuMpPei/CpuMpPei.c]
  CollectBistDataFromPpi()[UefiCpuPkg/CpuMpPei/CpuBist.c]

However, even if such an allocation of *pages* succeeded, there would be
another problem:

>   PlatformInformationRecord2->NumberOfCpus = (UINT32)NumberOfProcessors;
>
>   SecPlatformInformation2 = NULL;
>   SecPlatformInformation  = NULL;
>   NumberOfData= 0;
>   CpuInstance = NULL;
>   //
>   // Get BIST information from Sec Platform Information2 Ppi firstly
>   //
>   Status = GetBistInfoFromPpi (
>  PeiServices,
>  &gEfiSecPlatformInformation2PpiGuid,
>  &SecInformationDescriptor,
>  (VOID *) &SecPlatformInformation2,
>  NULL
>  );
>   if (Status == EFI_SUCCESS) {
> //
> // Sec Platform Information2 PPI includes BSP/APs' BIST information
> //
> NumberOfData = SecPlatformInformation2->NumberOfCpus;
> CpuInstance  = SecPlatformInformation2->CpuInstance;
>   } else {
> //
> // Otherwise, get BIST information from Sec Platform Information Ppi
> //
> Status = GetBistInfoFromPpi (
>PeiServices,
>&gEfiSecPlatformInformationPpiGuid,
>&SecInformationDescriptor,
>(VOID *) &SecPlatformInformation,
>NULL
>);
> if (Status == EFI_SUCCESS) {
>   NumberOfData = 1;
>   //
>   // SEC Platform Information only includes BSP's BIST information
>   // and does not have BSP's APIC ID
>   //
>   BspCpuInstance.CpuLocation = GetInitialApicId ();
>   BspCpuInstance.InfoRecord.IA32HealthFlags.Uint32  = 
> SecPlatformInformation->IA32HealthFlags.Uint32;
>   CpuInstance = &BspCpuInstance;
> } else {
>   DEBUG ((EFI_D_INFO, "Does not find any stored CPU BIST information from 
> PPI!\n"));
> }
>   }
>   for (ProcessorNumber = 0; ProcessorNumber < NumberOfProcessors; 
> ProcessorNumber ++) {
> MpInitLibGetProcessorInfo (ProcessorNumber, &ProcessorInfo, &BistData);
> for (CpuIndex = 0; CpuIndex < NumberOfData; CpuIndex ++) {
>   ASSERT (CpuInstance != NULL);
>

Re: [edk2-devel] [PATCH v2 0/6] NetworkPkg/IScsiDxe: support SHA256 in CHAP