<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><a href="https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_sequence">https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_sequence</a> <div dir="ltr"></div><div dir="ltr"> <blockquote type="cite">On Apr 20, 2021, at 11:34 PM, Eric van Tassell <evantass@amd.com> wrote: </blockquote></div><blockquote type="cite"><div dir="ltr"> On 4/20/21 5:54 PM, Tom Lendacky wrote: <blockquote type="cite">From: Tom Lendacky <thomas.lendacky@amd.com> </blockquote><blockquote type="cite">BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 </blockquote><blockquote type="cite">The TPM support in OVMF performs MMIO accesses during the PEI phase. At </blockquote> where are the phases defined and how many other are there? <blockquote type="cite">this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES </blockquote><blockquote type="cite">guest will fail attempting to perform MMIO to an encrypted address. </blockquote><blockquote type="cite">Read the PcdTpmBaseAddress and mark the specification defined range </blockquote><blockquote type="cite">(0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process </blockquote><blockquote type="cite">the MMIO requests. </blockquote><blockquote type="cite">Cc: Laszlo Ersek <lersek@redhat.com> </blockquote><blockquote type="cite">Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> </blockquote><blockquote type="cite">Cc: Jordan Justen <jordan.l.justen@intel.com> </blockquote><blockquote type="cite">Cc: Brijesh Singh <brijesh.singh@amd.com> </blockquote><blockquote type="cite">Cc: James Bottomley <jejb@linux.ibm.com> </blockquote><blockquote type="cite">Cc: Jiewen Yao <jiewen.yao@intel.com> </blockquote><blockquote type="cite">Cc: Min Xu <min.m.xu@intel.com> </blockquote><blockquote type="cite">Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> </blockquote><blockquote type="cite">--- </blockquote><blockquote type="cite"> OvmfPkg/PlatformPei/PlatformPei.inf | 1 + </blockquote><blockquote type="cite"> OvmfPkg/PlatformPei/AmdSev.c | 19 +++++++++++++++++++ </blockquote><blockquote type="cite"> 2 files changed, 20 insertions(+) </blockquote><blockquote type="cite">diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf </blockquote><blockquote type="cite">index 6ef77ba7bb21..de60332e9390 100644 </blockquote><blockquote type="cite">--- a/OvmfPkg/PlatformPei/PlatformPei.inf </blockquote><blockquote type="cite">+++ b/OvmfPkg/PlatformPei/PlatformPei.inf </blockquote><blockquote type="cite">@@ -113,6 +113,7 @@ [Pcd] </blockquote><blockquote type="cite"> [FixedPcd] </blockquote><blockquote type="cite"> gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress </blockquote><blockquote type="cite">+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress </blockquote><blockquote type="cite"> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS </blockquote><blockquote type="cite"> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory </blockquote><blockquote type="cite"> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType </blockquote><blockquote type="cite">diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c </blockquote><blockquote type="cite">index dddffdebda4b..d524929f9e10 100644 </blockquote><blockquote type="cite">--- a/OvmfPkg/PlatformPei/AmdSev.c </blockquote><blockquote type="cite">+++ b/OvmfPkg/PlatformPei/AmdSev.c </blockquote><blockquote type="cite">@@ -141,6 +141,7 @@ AmdSevInitialize ( </blockquote><blockquote type="cite"> ) </blockquote><blockquote type="cite"> { </blockquote><blockquote type="cite"> UINT64 EncryptionMask; </blockquote><blockquote type="cite">+ UINT64 TpmBaseAddress; </blockquote><blockquote type="cite"> RETURN_STATUS PcdStatus; </blockquote><blockquote type="cite"> // </blockquote><blockquote type="cite">@@ -206,6 +207,24 @@ AmdSevInitialize ( </blockquote><blockquote type="cite"> } </blockquote><blockquote type="cite"> } </blockquote><blockquote type="cite"> + // </blockquote><blockquote type="cite">+ // PEI TPM support will perform MMIO accesses, be sure this range is not </blockquote><blockquote type="cite">+ // marked encrypted. </blockquote><blockquote type="cite">+ // </blockquote><blockquote type="cite">+ TpmBaseAddress = PcdGet64 (PcdTpmBaseAddress); </blockquote><blockquote type="cite">+ if (TpmBaseAddress != 0) { </blockquote><blockquote type="cite">+ RETURN_STATUS DecryptStatus; </blockquote><blockquote type="cite">+ </blockquote><blockquote type="cite">+ DecryptStatus = MemEncryptSevClearPageEncMask ( </blockquote><blockquote type="cite">+ 0, </blockquote><blockquote type="cite">+ TpmBaseAddress, </blockquote><blockquote type="cite">+ EFI_SIZE_TO_PAGES (0x5000), </blockquote><blockquote type="cite">+ FALSE </blockquote><blockquote type="cite">+ ); </blockquote><blockquote type="cite">+ </blockquote><blockquote type="cite">+ ASSERT_RETURN_ERROR (DecryptStatus); </blockquote><blockquote type="cite">+ } </blockquote><blockquote type="cite">+ </blockquote><blockquote type="cite"> // </blockquote><blockquote type="cite"> // Check and perform SEV-ES initialization if required. </blockquote><blockquote type="cite"> // </blockquote> </div></blockquote></body></html> <div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links: You receive all messages sent to this group. <a target="_blank" href="https://edk2.groups.io/g/devel/message/74334">View/Reply Online (#74334)</a> | | <a target="_blank" href="https://groups.io/mt/82247968/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com] <div width="1" style="color:white;clear:both">_._,_._,_</div>