[edk2-devel] [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP
Brijesh Singh via groups.io
brijesh.singh=amd.com at groups.io
Thu Sep 2 21:17:52 UTC 2021
On 9/2/21 7:28 AM, Brijesh Singh wrote:
> Hi Gerd,
>
> On 9/2/21 3:04 AM, Gerd Hoffmann wrote:
>> On Wed, Sep 01, 2021 at 11:16:19AM -0500, Brijesh Singh wrote:
>>> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cbrijesh.singh%40amd.com%7C13c81a39aa2e4f22430e08d96de85a69%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637661666978547521%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4b22Sv6xoUGQ3xutPYdsqb4cNh1SS9Z8MOQG7dHiqYU%3D&reserved=0
>>>
>>> Platform features and capabilities are traditionally discovered via the
>>> CPUID instruction. Hypervisors typically trap and emulate the CPUID
>>> instruction for a variety of reasons. There are some cases where incorrect
>>> CPUID information can potentially lead to a security issue. The SEV-SNP
>>> firmware provides a feature to filter the CPUID results through the PSP.
>>> The filtered CPUID values are saved on a special page for the guest to
>>> consume. Reserve a page in MEMFD that will contain the results of
>>> filtered CPUID values.
>> Is the format of the page documented somewhere?
> Yes, it is documented in the SEV-SNP spec [1] section 7.1 and the checks
> performed by the SEV-SNP firmware are documented in the PPR [2] section
> 2.1.5.3. I will document these link in the commit message.
>
> [1] https://www.amd.com/system/files/TechDocs/56860.pdf
>
> [2]
> https://www.amd.com/en/support/tech-docs/processor-programming-reference-ppr-for-amd-family-19h-model-01h-revision-b1
>
>
>> Is this snp-specific? Or could this also be used without snp?
> This is SNP specific format and cannot be used without SNP.
I should clarify the statement, the format itself does not contain
anything SNP specific. However, the CPUID page format is documented in
the SNP specific spec. Are you thinking about using it for non SEV guest
to avoid the VM exit ? If so, it should be very much possible. For that
we should define the format outside of SNP specific spec and make it a
generic so that guest and HV's can implement it consume it in the
non-SNP guest.
thanks
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80182): https://edk2.groups.io/g/devel/message/80182
Mute This Topic: https://groups.io/mt/85306655/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list