[AMD Official Use Only - General]
Hello Nikunj,
Yes we can move MemEncryptSevLiveMigrationIsEnabled() check here before calling
SetMemoryEncDecHypercall3()
but then we also need to remove the same check from inside
SetMemoryEncDecHypercall3() function.
Thanks,
Ashish
From: nikunj via
...@intel.com; ard.biesheu...@arm.com
Subject: Re: [edk2-devel] [PATCH v7 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB
page as unencrypted via hypercall
Hi Ashish,
On 8/19/2021 7:36 PM, Ashish Kalra via groups.io wrote:
> From: Ashish Kalra
>
> Mark the SEC GHCB page (that is mapped as un
; min.m...@intel.com;
jordan.l.jus...@intel.com; ard.biesheu...@arm.com
Subject: Re: [edk2-devel] [PATCH v7 5/6] OvmfPkg/PlatformPei: Mark SEC GHCB
page as unencrypted via hypercall
Hi Ashish,
On 8/19/2021 7:36 PM, Ashish Kalra via groups.io wrote:
> From: Ashish Kalra
>
> Mark the SEC
From: Ashish Kalra
Check for SEV live migration feature support, if detected
setup a new UEFI enviroment variable to indicate OVMF
support for SEV live migration.
This environment variable is created by UEFI but consumed
by the (guest) linux kernel. This is actually part of a
3-way negotiation
From: Ashish Kalra
Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor's guest page encryption
state tracking.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/PlatformPei/AmdSev.c | 11 +++
1 file changed, 11
From: Ashish Kalra
Make the #VC handler aware of the page encryption state
change hypercall by adding support to check KVM_HC_MAP_GPA_RANGE
hypercall and add the additional register values used by
hypercall in the GHCB.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
From: Ashish Kalra
Invoke the hypercall API to notify hypervisor when the page's
encryption state changes.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../X64/PeiDxeVirtualMemory.c| 16
1 file
From: Ashish Kalra
Add API to issue hypercall on page encryption state change.
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track
From: Ashish Kalra
Add support to check if we are running inside KVM HVM and
KVM HVM supports SEV Live Migration feature.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/Include/Library/MemEncryptSevLib.h| 12
.../DxeMemEncryptSevLibInternal.c
From: Ashish Kalra
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3467
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track
Hi Mike,
I am following up on Brijesh's email, i am running the CI tests related to my
SEV live migration patches,
which i am in process of posting.
I am running the CI tests locally and getting errors while building OvmfPkg, my
patches include two new
header files, error log is copied below.
Hi Mike,
I am following up on Brijesh's email thread
amd@ashkalraubuntuserver:~/edk2-upstream$ ../.local/bin/stuart_ci_build -c
.pytool/CISettings.py TOOL_CHAIN_TAG=GCC5 -p OvmfPkg
SECTION - Init SDE
WARNING - Using Pip Tools based BaseTools
SECTION - Loading Plugins
SECTION -
From: Ashish Kalra
Check for SEV live migration feature support, if detected
setup a new UEFI enviroment variable to indicate OVMF
support for SEV live migration.
This environment variable is created by UEFI but consumed
by the (guest) linux kernel. This is actually part of a
3-way negotiation
From: Ashish Kalra
Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor's guest page encryption
state tracking.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/PlatformPei/AmdSev.c | 11 +++
1 file changed, 11
From: Ashish Kalra
Make the #VC handler aware of the page encryption state
change hypercall by adding support to check KVM_HC_MAP_GPA_RANGE
hypercall and add the additional register values used by
hypercall in the GHCB.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
From: Ashish Kalra
Invoke the hypercall API to notify hypervisor when the page's
encryption state changes.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 20
From: Ashish Kalra
Add API to issue hypercall on page encryption state change.
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track
From: Ashish Kalra
Add support to check if we are running inside KVM HVM and
KVM HVM supports SEV Live Migration feature.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/Include/Library/MemEncryptSevLib.h| 12
+
OvmfPkg/Library
From: Ashish Kalra
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3467
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track
Hello Tom,
On Mon, Aug 09, 2021 at 09:29:29AM -0500, Tom Lendacky wrote:
> On 8/2/21 7:33 AM, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
> > Check for SEV live migration feature support, if detected
> > setup a new UEFI enviroment variable to indicate OVMF
> &g
Hello Tom,
On Mon, Aug 09, 2021 at 08:41:27AM -0500, Tom Lendacky wrote:
> On 8/2/21 7:31 AM, Ashish Kalra wrote:
> > +
> > + Signature[12] = '\0';
> > + for (mKvmLeaf = 0x4000; mKvmLeaf < 0x4001; mKvmLeaf += 0x100) {
>
> I still really don't understand th
inal Message-----
> > From: devel@edk2.groups.io On Behalf Of Ashish Kalra
> > via groups.io
> > Sent: Monday, August 2, 2021 8:31 PM
> > To: devel@edk2.groups.io
> > Cc: dovmu...@linux.vnet.ibm.com; brijesh.si...@amd.com; to...@ibm.com;
> > thomas.lenda...@amd
From: Ashish Kalra
Check for SEV live migration feature support, if detected
setup a new UEFI enviroment variable to indicate OVMF
support for SEV live migration.
The new runtime UEFI environment variable is set via the
notification function registered for the
EFI_END_OF_DXE_EVENT_GROUP_GUID
From: Ashish Kalra
Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor's guest page encryption
state tracking.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/PlatformPei/AmdSev.c | 11 +++
1 file changed, 11
From: Ashish Kalra
Make the #VC handler aware of the page encryption state
change hypercall by adding support to check KVM_HC_MAP_GPA_RANGE
hypercall and add the additional register values used by
hypercall in the GHCB.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
From: Ashish Kalra
Invoke the hypercall API to notify hypervisor when the page's
encryption state changes.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 20
From: Ashish Kalra
Add API to issue hypercall on page encryption state change.
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track
From: Ashish Kalra
Add support to check if we are running inside KVM HVM and
KVM HVM supports SEV Live Migration feature.
Cc: Jordan Justen
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/Include/Library/MemEncryptSevLib.h| 27
++
OvmfPkg
From: Ashish Kalra
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3467
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track
Hello Tom,
On Fri, Jul 16, 2021 at 09:22:20AM -0500, Tom Lendacky wrote:
> On 7/8/21 9:08 AM, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
> > Mark the SEC GHCB page (that is mapped as unencrypted in
> > ResetVector code) in the hypervisor page status tracking.
Hello Tom,
On Fri, Jul 16, 2021 at 09:16:00AM -0500, Tom Lendacky wrote:
> On 7/8/21 9:08 AM, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
>
> The subject isn't correct since the #VC handler already supports
> hypercalls. It should say something like &qu
Hello Tom,
On Fri, Jul 16, 2021 at 09:11:23AM -0500, Tom Lendacky wrote:
> On 7/8/21 9:07 AM, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
>
> The patch subject is a bit confusing. Something more like "Add API to
> issue hypercall on page encryption st
Hello Dov,
On Mon, Jul 19, 2021 at 11:04:17AM +0300, Dov Murik wrote:
>
>
> On 16/07/2021 15:29, Ashish Kalra wrote:
> > Hello Dov,
> >
> > On Thu, Jul 15, 2021 at 11:58:17PM +0300, Dov Murik wrote:
> >> Hi Ashish,
> >>
> >> On 08/07/20
Hello Dov,
On Mon, Jul 19, 2021 at 10:31:10AM +0300, Dov Murik wrote:
> Ashish,
>
>
> On 08/07/2021 17:09, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
> > Check for SEV live migration feature support, if detected
> > setup a new UEFI enviroment variable
Hello Dov,
On Thu, Jul 15, 2021 at 11:58:17PM +0300, Dov Murik wrote:
> Hi Ashish,
>
> On 08/07/2021 17:07, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
> > By default all the SEV guest memory regions are considered encrypted,
> > if a guest changes the encr
From: Ashish Kalra
Check for SEV live migration feature support, if detected
setup a new UEFI enviroment variable to indicate OVMF
support for SEV live migration.
The new runtime UEFI environment variable is set via the
notification function registered for the
EFI_END_OF_DXE_EVENT_GROUP_GUID
From: Ashish Kalra
Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor page status tracking.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/PlatformPei/AmdSev.c | 9 +
1 file changed, 9
From: Ashish Kalra
Make the VC handler hypercall aware by adding support
to compare the hypercall number and add the additional
register values used by hypercall in the GHCB.
Also mark the SEC GHCB page (that is mapped as
unencrypted in ResetVector code) in the hypervisor
guest page status
From: Ashish Kalra
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest
From: Ashish Kalra
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3467
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track
Hello Laszlo,
On Wed, Jun 23, 2021 at 06:49:06PM +0200, Laszlo Ersek wrote:
> On 06/23/21 18:42, Laszlo Ersek wrote:
> > On 06/22/21 19:46, Ashish Kalra wrote:
>
> >> Please find below your reply on v3 of this patch-set :
> >>
> >> Please include such a
Hello Tom,
On Tue, Jun 22, 2021 at 06:06:24PM -0500, Tom Lendacky wrote:
> > +
> > +/**
> > + Figures out if we are running inside KVM HVM and
> > + KVM HVM supports SEV Live Migration feature.
> > +
> > + @retval TRUE KVM was detected and Live Migration supported
> > + @retval FALSE KVM
Hello Laszlo,
Yes i will file a TianoCore Feature Request BZ for this and i am working
on a v5 for this patch-set.
Thanks,
Ashish
On Wed, Jun 23, 2021 at 06:49:06PM +0200, Laszlo Ersek wrote:
> On 06/23/21 18:42, Laszlo Ersek wrote:
> > On 06/22/21 19:46, Ashish Kalra wrote:
>
>
in VmgExitLib library.
Thanks,
Ashish
On Wed, Jun 23, 2021 at 01:47:47AM +, Ashish Kalra wrote:
> Hello Tom,
>
> On Tue, Jun 22, 2021 at 05:47:48PM -0500, Tom Lendacky wrote:
> > On 6/21/21 8:56 AM, Ashish Kalra wrote:
> > > From: Ashish Kalra
> > >
&
Hello Tom,
On Tue, Jun 22, 2021 at 05:47:48PM -0500, Tom Lendacky wrote:
> On 6/21/21 8:56 AM, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
> > Add SEV and SEV-ES hypercall abstraction library to support SEV Page
> > encryption/deceryption status hypercall
Hello Tom,
On Tue, Jun 22, 2021 at 05:47:48PM -0500, Tom Lendacky wrote:
...
> > +VOID
> > +EFIAPI
> > +SetMemoryEncDecHypercall3 (
> > + IN PHYSICAL_ADDRESS PhysicalAddress,
> > + IN UINTNPages,
> > + IN UINTNMode
> > + )
> > +{
> > + if (MemEncryptSevEsIsEnabled ())
Hello Laszlo,
Please see my replies below :
On Tue, Jun 22, 2021 at 07:20:53PM +0200, Laszlo Ersek wrote:
> Hi Ashish,
>
> (+Dave, +Paolo)
>
> On 06/21/21 15:56, Ashish Kalra wrote:
> > From: Ashish Kalra
> >
> > By default all the SEV guest memory
From: Ashish Kalra
Detect for KVM hypervisor and check for SEV live migration
feature support via KVM_FEATURE_CPUID, if detected setup a new
UEFI enviroment variable to indicate OVMF support for SEV
live migration.
Signed-off-by: Ashish Kalra
---
OvmfPkg/Include/Guid/MemEncryptLib.h | 20
From: Ashish Kalra
Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor page status tracking.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/PlatformPei/AmdSev.c | 10 ++
1 file changed, 10
Signed-off-by: Ashish Kalra
---
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 22
3 files changed, 24 insertions
From: Ashish Kalra
Add SEV and SEV-ES hypercall abstraction library to support SEV Page
encryption/deceryption status hypercalls for SEV and SEV-ES guests.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
Maintainers.txt
From: Ashish Kalra
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest
On Fri, Mar 05, 2021 at 10:44:23AM +, Ashish Kalra wrote:
> On Wed, Mar 03, 2021 at 01:25:40PM -0500, Tobin Feldman-Fitzthum wrote:
> >
> > > Hi Tobin,
> > >
> > > On 03/02/21 21:48, Tobin Feldman-Fitzthum wrote:
> > > > This is a demon
> on qemu-devel. Our approach needs little kernel support, requiring only
> > > one hypercall that the guest can use to mark a page as encrypted or
> > > shared. This series includes updated patches from Ashish Kalra and
> > > Brijesh Singh that allow OVMF to use th
On Wed, Mar 03, 2021 at 11:47:51AM -0500, Tobin Feldman-Fitzthum wrote:
>
> On 3/3/21 11:41 AM, Ashish Kalra wrote:
> > Hello Tobin,
> >
> > You don't need this patch for MH support, this patch is only required
> > for (SEV) slow migration support.
>
> If
Hello Tobin,
You don't need this patch for MH support, this patch is only required
for (SEV) slow migration support.
Thanks,
Ashish
On Tue, Mar 02, 2021 at 03:48:28PM -0500, Tobin Feldman-Fitzthum wrote:
> From: Ashish Kalra
>
> Detect for KVM hypervisor and check for SEV live
On Tue, Mar 02, 2021 at 03:48:36PM -0500, Tobin Feldman-Fitzthum wrote:
> From: Dov Murik
>
> The migration handler builds its own page tables and switches
> to them. The MH pagetables are reserved as runtime memory.
>
> When the hypervisor asks the MH to import/export a page, the HV
> writes
On Wed, Mar 03, 2021 at 09:56:00AM -0500, Tobin Feldman-Fitzthum wrote:
>
> > Hello Tobin,
> >
> > Just a high level question, why is this patch included in this
> > patch series, i don't think you are supporting SEV-ES platform
> > migration in this patch-set ?
>
> You are correct that we
Hello Tobin,
Just a high level question, why is this patch included in this
patch series, i don't think you are supporting SEV-ES platform
migration in this patch-set ?
Thanks,
Ashish
On Tue, Mar 02, 2021 at 03:48:27PM -0500, Tobin Feldman-Fitzthum wrote:
> From: Ashish Kalra
>
17, 2020 at 08:26:19PM +, Ashish Kalra wrote:
>
> This is with reference to adding SEV Live migration support in OVMF,
> which basically is adding a hypercall as part of the
> MemEncryptSevClearPageEncMask() function.
>
> We unconditionally make a hypercall and if the
This is with reference to adding SEV Live migration support in OVMF,
which basically is adding a hypercall as part of the
MemEncryptSevClearPageEncMask() function.
We unconditionally make a hypercall and if the hypercall succeeds
then it can sets a new UEFI environment variable
61 matches
Mail list logo