[edk2-devel] [PATCH v4 1/6] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe

Ard Biesheuvel ardb at kernel.org
Wed Sep 28 16:29:02 UTC 2022 

On Wed, 28 Sept 2022 at 17:33, Dionna Glaze via groups.io
<dionnaglaze=google.com at groups.io> wrote:
>
> From: Sophia Wolf <phiawolf at google.com>
>
> When a guest OS does not support unaccepted memory, the unaccepted
> memory must be accepted before returning a memory map to the caller.
>
> EfiMemoryAcceptProtocol is defined in MdePkg and is implemented /
> Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
>
> Cc: Gerd Hoffmann <kraxel at redhat.com>
> Cc: James Bottomley <jejb at linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Tom Lendacky <thomas.lendacky at amd.com>
>
> Signed-off-by: Sophia Wolf <phiawolf at google.com>

A signoff is an assertion by the contributor that the contribution is
compatible with the license. It is *not* a statement of authorship.

This means that you can keep the from: line, and credit the author in
another way in the commit log, but the signed-off-by needs to mention
the contributor of the patch not the author.


> ---
>  OvmfPkg/AmdSevDxe/AmdSevDxe.c                                      | 34 ++++++++++++++++++++
>  OvmfPkg/AmdSevDxe/AmdSevDxe.inf                                    |  3 ++
>  OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 +++++++++++---
>  3 files changed, 57 insertions(+), 4 deletions(-)
>
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> index 662d3c4ccb..09aa15165d 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> @@ -20,6 +20,7 @@
>  #include <Library/UefiBootServicesTableLib.h>
>  #include <Guid/ConfidentialComputingSevSnpBlob.h>
>  #include <Library/PcdLib.h>
> +#include <Protocol/MemoryAccept.h>
>
>  STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
>    SIGNATURE_32 ('A',                                    'M', 'D', 'E'),
> @@ -31,6 +32,29 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
>    FixedPcdGet32 (PcdOvmfCpuidSize),
>  };
>
> +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL;
> +
> +STATIC
> +EFI_STATUS
> +EFIAPI
> +AmdSevMemoryAccept (
> +  IN EFI_MEMORY_ACCEPT_PROTOCOL *This,
> +  IN EFI_PHYSICAL_ADDRESS StartAddress,
> +  IN UINTN Size
> +)
> +{
> +  MemEncryptSevSnpPreValidateSystemRam (
> +    StartAddress,
> +    EFI_SIZE_TO_PAGES (Size)
> +    );
> +
> +  return EFI_SUCCESS;
> +}
> +
> +STATIC EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
> +  AmdSevMemoryAccept
> +};
> +
>  EFI_STATUS
>  EFIAPI
>  AmdSevDxeEntryPoint (
> @@ -147,6 +171,16 @@ AmdSevDxeEntryPoint (
>      }
>    }
>
> +  Status = gBS->InstallProtocolInterface (
> +                  &mAmdSevDxeHandle,
> +                  &gEfiMemoryAcceptProtocolGuid,
> +                  EFI_NATIVE_INTERFACE,
> +                  &mMemoryAcceptProtocol
> +                  );
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n"));
> +  }
> +
>    //
>    // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
>    // It contains the location for both the Secrets and CPUID page.
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> index 9acf860cf2..5ddddabc32 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> @@ -47,6 +47,9 @@
>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
>
> +[Protocols]
> +  gEfiMemoryAcceptProtocolGuid
> +
>  [Guids]
>    gConfidentialComputingSevSnpBlobGuid
>
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> index d3a95e4913..ee3710f7b3 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> @@ -14,6 +14,7 @@
>  #include <Library/MemEncryptSevLib.h>
>
>  #include "SnpPageStateChange.h"
> +#include "VirtualMemory.h"
>
>  /**
>    Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
> @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam (
>    IN UINTN             NumPages
>    )
>  {
> +  EFI_STATUS Status;
> +
>    if (!MemEncryptSevSnpIsEnabled ()) {
>      return;
>    }
>
> -  //
> -  // All the pre-validation must be completed in the PEI phase.
> -  //
> -  ASSERT (FALSE);
> +  // DXE pre-validation may happen with the memory accept protocol.
> +  // The protocol should only be called outside the prevalidated ranges
> +  // that the PEI stage code explicitly skips. Specifically, only memory
> +  // ranges that are classified as unaccepted.
> +  if (BaseAddress >= SIZE_4GB) {
> +    Status = InternalMemEncryptSevCreateIdentityMap1G (
> +               0,
> +               BaseAddress,
> +               EFI_PAGES_TO_SIZE (NumPages)
> +               );
> +    if (EFI_ERROR (Status)) {
> +      ASSERT (FALSE);
> +      CpuDeadLoop ();
> +    }
> +  }
> +
> +  InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
>  }
> --
> 2.37.3.998.g577e59143f-goog
>
>
>
> 
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94476): https://edk2.groups.io/g/devel/message/94476
Mute This Topic: https://groups.io/mt/93975245/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list