[edk2-devel] [PATCH v14 15/32] OvmfPkg/MemEncryptSevLib: add function to check the VMPL0
Brijesh Singh via groups.io
brijesh.singh=amd.com at groups.io
Thu Dec 9 03:27:43 UTC 2021
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP
architecture allows a guest VM to divide its address space into four
levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the highest privilege, and
VMPL3 is the least privilege. Certain operations must be done by the
VMPL0 software, such as:
* Validate or invalidate memory range (PVALIDATE instruction)
* Allocate VMSA page (RMPADJUST instruction when VMSA=1)
The initial SEV-SNP support assumes that the guest is running on VMPL0.
Let's add function in the MemEncryptSevLib that can be used for checking
whether guest is booted under the VMPL0.
Cc: Michael Roth <michael.roth at amd.com>
Cc: James Bottomley <jejb at linux.ibm.com>
Cc: Min Xu <min.m.xu at intel.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Tom Lendacky <thomas.lendacky at amd.com>
Cc: Jordan Justen <jordan.l.justen at intel.com>
Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
Cc: Erdem Aktas <erdemaktas at google.com>
Cc: Gerd Hoffmann <kraxel at redhat.com>
Acked-by: Gerd Hoffmann <kraxel at redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
---
.../X64/SnpPageStateChange.h | 5 ++
.../X64/SecSnpSystemRamValidate.c | 46 +++++++++++++++++++
.../X64/SnpPageStateChangeInternal.c | 1 -
3 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
index b396f0ffbd75..43319cc9ed17 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h
@@ -27,4 +27,9 @@ InternalSetPageState (
IN BOOLEAN UseLargeEntry
);
+VOID
+SnpPageStateFailureTerminate (
+ VOID
+ );
+
#endif
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index bc891c2636d6..7797febb8ac6 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -14,6 +14,43 @@
#include "SnpPageStateChange.h"
+//
+// The variable used for the VMPL check.
+//
+STATIC UINT8 gVmpl0Data[4096];
+
+/**
+ The function checks whether SEV-SNP guest is booted under VMPL0.
+
+ @retval TRUE The guest is booted under VMPL0
+ @retval FALSE The guest is not booted under VMPL0
+ **/
+STATIC
+BOOLEAN
+SevSnpIsVmpl0 (
+ VOID
+ )
+{
+ UINT64 Rdx;
+ EFI_STATUS Status;
+
+ //
+ // There is no straightforward way to query the current VMPL level.
+ // The simplest method is to use the RMPADJUST instruction to change
+ // a page permission to a VMPL level-1, and if the guest kernel is
+ // launched at a level <= 1, then RMPADJUST instruction will return
+ // an error.
+ //
+ Rdx = 1;
+
+ Status = AsmRmpAdjust ((UINT64)gVmpl0Data, 0, Rdx);
+ if (EFI_ERROR (Status)) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
/**
Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@@ -32,5 +69,14 @@ MemEncryptSevSnpPreValidateSystemRam (
return;
}
+ //
+ // The page state change uses the PVALIDATE instruction. The instruction
+ // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate
+ // the boot.
+ //
+ if (!SevSnpIsVmpl0 ()) {
+ SnpPageStateFailureTerminate ();
+ }
+
InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 9c552ef5c7b1..d11aafae8472 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -42,7 +42,6 @@ MemoryStateToGhcbOp (
return Cmd;
}
-STATIC
VOID
SnpPageStateFailureTerminate (
VOID
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#84554): https://edk2.groups.io/g/devel/message/84554
Mute This Topic: https://groups.io/mt/87605541/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list