[edk2-devel] [PATCH v14 15/32] OvmfPkg/MemEncryptSevLib: add function to check the VMPL0

Brijesh Singh via groups.io brijesh.singh=amd.com at groups.io
Thu Dec 9 03:27:43 UTC 2021 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP
architecture allows a guest VM to divide its address space into four
levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the highest privilege, and
VMPL3 is the least privilege. Certain operations must be done by the
VMPL0 software, such as:

* Validate or invalidate memory range (PVALIDATE instruction)
* Allocate VMSA page (RMPADJUST instruction when VMSA=1)

The initial SEV-SNP support assumes that the guest is running on VMPL0.
Let's add function in the MemEncryptSevLib that can be used for checking
whether guest is booted under the VMPL0.

Cc: Michael Roth <michael.roth at amd.com>
Cc: James Bottomley <jejb at linux.ibm.com>
Cc: Min Xu <min.m.xu at intel.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Tom Lendacky <thomas.lendacky at amd.com>
Cc: Jordan Justen <jordan.l.justen at intel.com>
Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
Cc: Erdem Aktas <erdemaktas at google.com>
Cc: Gerd Hoffmann <kraxel at redhat.com>
Acked-by: Gerd Hoffmann <kraxel at redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
---
 .../X64/SnpPageStateChange.h                  |  5 ++
 .../X64/SecSnpSystemRamValidate.c             | 46 +++++++++++++++++++
 .../X64/SnpPageStateChangeInternal.c          |  1 -
 3 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
index b396f0ffbd75..43319cc9ed17 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
@@ -27,4 +27,9 @@ InternalSetPageState (
   IN BOOLEAN               UseLargeEntry
   );
 
+VOID
+SnpPageStateFailureTerminate (
+  VOID
+  );
+
 #endif
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index bc891c2636d6..7797febb8ac6 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -14,6 +14,43 @@
 
 #include "SnpPageStateChange.h"
 
+//
+// The variable used for the VMPL check.
+//
+STATIC UINT8  gVmpl0Data[4096];
+
+/**
+ The function checks whether SEV-SNP guest is booted under VMPL0.
+
+ @retval  TRUE      The guest is booted under VMPL0
+ @retval  FALSE     The guest is not booted under VMPL0
+ **/
+STATIC
+BOOLEAN
+SevSnpIsVmpl0 (
+  VOID
+  )
+{
+  UINT64      Rdx;
+  EFI_STATUS  Status;
+
+  //
+  // There is no straightforward way to query the current VMPL level.
+  // The simplest method is to use the RMPADJUST instruction to change
+  // a page permission to a VMPL level-1, and if the guest kernel is
+  // launched at a level <= 1, then RMPADJUST instruction will return
+  // an error.
+  //
+  Rdx = 1;
+
+  Status = AsmRmpAdjust ((UINT64)gVmpl0Data, 0, Rdx);
+  if (EFI_ERROR (Status)) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
 /**
   Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
 
@@ -32,5 +69,14 @@ MemEncryptSevSnpPreValidateSystemRam (
     return;
   }
 
+  //
+  // The page state change uses the PVALIDATE instruction. The instruction
+  // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate
+  // the boot.
+  //
+  if (!SevSnpIsVmpl0 ()) {
+    SnpPageStateFailureTerminate ();
+  }
+
   InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
 }
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 9c552ef5c7b1..d11aafae8472 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -42,7 +42,6 @@ MemoryStateToGhcbOp (
   return Cmd;
 }
 
-STATIC
 VOID
 SnpPageStateFailureTerminate (
   VOID
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#84554): https://edk2.groups.io/g/devel/message/84554
Mute This Topic: https://groups.io/mt/87605541/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list