[edk2-devel] [RFC PATCH 03/14] OvmfPkg/PlatformDxe: Add support for SEV live migration.
Tobin Feldman-Fitzthum
tobin at linux.ibm.com
Wed Mar 3 16:47:51 UTC 2021
On 3/3/21 11:41 AM, Ashish Kalra wrote:
> Hello Tobin,
>
> You don't need this patch for MH support, this patch is only required
> for (SEV) slow migration support.
If the SevLiveMigrationEnabled variable is not set, the bitmap sync does
not work correctly (bitmap all zeros), at least for the version of the
kernel we have been using. Since the bitmap will be replaced, this might
not be necessary in the future but it is for our setup at the moment.
-Tobin
>
> Thanks,
> Ashish
>
> On Tue, Mar 02, 2021 at 03:48:28PM -0500, Tobin Feldman-Fitzthum wrote:
>> From: Ashish Kalra <ashish.kalra at amd.com>
>>
>> Detect for KVM hypervisor and check for SEV live migration
>> feature support via KVM_FEATURE_CPUID, if detected setup a new
>> UEFI enviroment variable to indicate OVMF support for SEV
>> live migration.
>>
>> Signed-off-by: Ashish Kalra <ashish.kalra at amd.com>
>> ---
>> OvmfPkg/OvmfPkg.dec | 1 +
>> OvmfPkg/PlatformDxe/Platform.inf | 2 +
>> OvmfPkg/Include/Guid/MemEncryptLib.h | 16 +++++
>> OvmfPkg/PlatformDxe/PlatformConfig.h | 5 ++
>> OvmfPkg/PlatformDxe/AmdSev.c | 99 ++++++++++++++++++++++++++++
>> OvmfPkg/PlatformDxe/Platform.c | 6 ++
>> 6 files changed, 129 insertions(+)
>> create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h
>> create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c
>>
>> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
>> index 4348bb45c6..4450d78b91 100644
>> --- a/OvmfPkg/OvmfPkg.dec
>> +++ b/OvmfPkg/OvmfPkg.dec
>> @@ -122,6 +122,7 @@
>> gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
>> gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
>> gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
>> + gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
>>
>> [Ppis]
>> # PPI whose presence in the PPI database signals that the TPM base address
>> diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf
>> index 14727c1220..2896f0a1d1 100644
>> --- a/OvmfPkg/PlatformDxe/Platform.inf
>> +++ b/OvmfPkg/PlatformDxe/Platform.inf
>> @@ -24,6 +24,7 @@
>> PlatformConfig.c
>> PlatformConfig.h
>> PlatformForms.vfr
>> + AmdSev.c
>>
>> [Packages]
>> MdePkg/MdePkg.dec
>> @@ -56,6 +57,7 @@
>> [Guids]
>> gEfiIfrTianoGuid
>> gOvmfPlatformConfigGuid
>> + gMemEncryptGuid
>>
>> [Depex]
>> gEfiHiiConfigRoutingProtocolGuid AND
>> diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h
>> new file mode 100644
>> index 0000000000..8264a647af
>> --- /dev/null
>> +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h
>> @@ -0,0 +1,16 @@
>> +/** @file
>> + AMD Memory Encryption GUID, define a new GUID for defining
>> + new UEFI enviroment variables assocaiated with SEV Memory Encryption.
>> + Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +**/
>> +
>> +#ifndef __MEMENCRYPT_LIB_H__
>> +#define __MEMENCRYPT_LIB_H__
>> +
>> +#define MEMENCRYPT_GUID \
>> +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
>> +
>> +extern EFI_GUID gMemEncryptGuid;
>> +
>> +#endif
>> diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h
>> index 716514da21..4f662aafa4 100644
>> --- a/OvmfPkg/PlatformDxe/PlatformConfig.h
>> +++ b/OvmfPkg/PlatformDxe/PlatformConfig.h
>> @@ -44,6 +44,11 @@ PlatformConfigLoad (
>> OUT UINT64 *OptionalElements
>> );
>>
>> +VOID
>> +AmdSevSetConfig(
>> + VOID
>> + );
>> +
>> //
>> // Feature flags for OptionalElements.
>> //
>> diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c
>> new file mode 100644
>> index 0000000000..1f804984b7
>> --- /dev/null
>> +++ b/OvmfPkg/PlatformDxe/AmdSev.c
>> @@ -0,0 +1,99 @@
>> +/**@file
>> + Detect KVM hypervisor support for SEV live migration and if
>> + detected, setup a new UEFI enviroment variable indicating
>> + OVMF support for SEV live migration.
>> + Copyright (c) 2020, Advanced Micro Devices. All rights reserved.<BR>
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +**/
>> +//
>> +// The package level header files this module uses
>> +//
>> +
>> +#include <Library/BaseLib.h>
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/DebugLib.h>
>> +#include <Library/UefiBootServicesTableLib.h>
>> +#include <Library/UefiRuntimeServicesTableLib.h>
>> +#include <Guid/MemEncryptLib.h>
>> +
>> +/**
>> + Figures out if we are running inside KVM HVM and
>> + KVM HVM supports SEV Live Migration feature.
>> + @retval TRUE KVM was detected and Live Migration supported
>> + @retval FALSE KVM was not detected or Live Migration not supported
>> +**/
>> +BOOLEAN
>> +KvmDetectSevLiveMigrationFeature(
>> + VOID
>> + )
>> +{
>> + UINT8 Signature[13];
>> + UINT32 mKvmLeaf = 0;
>> + UINT32 RegEax, RegEbx, RegEcx, RegEdx;
>> +
>> + Signature[12] = '\0';
>> + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) {
>> + AsmCpuid (mKvmLeaf,
>> + NULL,
>> + (UINT32 *) &Signature[0],
>> + (UINT32 *) &Signature[4],
>> + (UINT32 *) &Signature[8]);
>> +
>> + if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) {
>> + DEBUG ((
>> + DEBUG_ERROR,
>> + "%a: KVM Detected, signature = %s\n",
>> + __FUNCTION__,
>> + Signature
>> + ));
>> +
>> + RegEax = 0x40000001;
>> + RegEcx = 0;
>> + AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx);
>> + if (RegEax & (1 << 14)) {
>> + DEBUG ((
>> + DEBUG_ERROR,
>> + "%a: Live Migration feature supported\n",
>> + __FUNCTION__
>> + ));
>> + return TRUE;
>> + }
>> + }
>> + }
>> +
>> + return FALSE;
>> +}
>> +
>> +/**
>> + Function checks if SEV Live Migration support is available, if present then it sets
>> + a UEFI enviroment variable to be queried later using Runtime services.
>> + **/
>> +VOID
>> +AmdSevSetConfig(
>> + VOID
>> + )
>> +{
>> + EFI_STATUS Status;
>> + BOOLEAN SevLiveMigrationEnabled;
>> +
>> + SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature();
>> +
>> + if (SevLiveMigrationEnabled) {
>> + Status = gRT->SetVariable (
>> + L"SevLiveMigrationEnabled",
>> + &gMemEncryptGuid,
>> + EFI_VARIABLE_NON_VOLATILE |
>> + EFI_VARIABLE_BOOTSERVICE_ACCESS |
>> + EFI_VARIABLE_RUNTIME_ACCESS,
>> + sizeof (BOOLEAN),
>> + &SevLiveMigrationEnabled
>> + );
>> +
>> + DEBUG ((
>> + DEBUG_ERROR,
>> + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n",
>> + __FUNCTION__,
>> + Status
>> + ));
>> + }
>> +}
>> diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c
>> index f2e51960ce..9a19b9f6b1 100644
>> --- a/OvmfPkg/PlatformDxe/Platform.c
>> +++ b/OvmfPkg/PlatformDxe/Platform.c
>> @@ -763,6 +763,12 @@ PlatformInit (
>> {
>> EFI_STATUS Status;
>>
>> + //
>> + // Set Amd Sev configuation
>> + //
>> + AmdSevSetConfig();
>> +
>> +
>> ExecutePlatformConfig ();
>>
>> mConfigAccess.ExtractConfig = &ExtractConfig;
>> --
>> 2.20.1
>>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#72396): https://edk2.groups.io/g/devel/message/72396
Mute This Topic: https://groups.io/mt/81036366/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list