While looking carefully, I found an error in this and next patch, I will send a follow up patch to address it. SEV status and GHCB MSR value are very close and I missed it and used SEV_STATUS_MSR for both case. It should look like this and used accordingly.
%define SEV_STATUS_MSR 0xc0010130 %define SEV_GHCB_MSR 0xc0010131 On 6/28/2021 12:41 PM, Brijesh Singh wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 > > The upcoming SEV-SNP support will need to make a few additional MSR > protocol based VMGEXIT's. Add a macro that wraps the common setup and > response validation logic in one place to keep the code readable. > > While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS > MSR instead of open coding it. > > Cc: James Bottomley <j...@linux.ibm.com> > Cc: Min Xu <min.m...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Tom Lendacky <thomas.lenda...@amd.com> > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Erdem Aktas <erdemak...@google.com> > Suggested-by: Laszlo Ersek <ler...@redhat.com> > Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> > --- > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 69 +++++++++++++++++++---------- > 1 file changed, 45 insertions(+), 24 deletions(-) > > diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > index b32dd3b5d656..c3b4e16bf681 100644 > --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > @@ -35,6 +35,42 @@ BITS 32 > %define GHCB_CPUID_REGISTER_SHIFT 30 > %define CPUID_INSN_LEN 2 > > +%define SEV_STATUS_MSR 0xc0010130 > + > +; Macro is used to issue the MSR protocol based VMGEXIT. The caller is > +; responsible to populate values in the EDX:EAX registers. After the vmmcall > +; returns, it verifies that the response code matches with the expected > +; code. If it does not match then terminate the guest. The result of request > +; is returned in the EDX:EAX. > +; > +; args 1:Request code, 2: Response code > +%macro VmgExit 2 > + ; > + ; Add request code: > + ; GHCB_MSR[11:0] = Request code > + or eax, %1 > + > + mov ecx, SEV_STATUS_MSR > + wrmsr > + > + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit > + ; mode, so work around this by temporarily switching to 64-bit mode. > + ; > +BITS 64 > + rep vmmcall > +BITS 32 > + > + mov ecx, SEV_STATUS_MSR > + rdmsr > + > + ; > + ; Verify the reponse code, if it does not match then request to terminate > + ; GHCB_MSR[11:0] = Response code > + mov ecx, eax > + and ecx, 0xfff > + cmp ecx, %2 > + jne SevEsUnexpectedRespTerminate > +%endmacro > > ; Check if Secure Encrypted Virtualization (SEV) features are enabled. > ; > @@ -85,7 +121,7 @@ CheckSevFeatures: > > ; Check if SEV memory encryption is enabled > ; MSR_0xC0010131 - Bit 0 (SEV enabled) > - mov ecx, 0xc0010131 > + mov ecx, SEV_STATUS_MSR > rdmsr > bt eax, 0 > jnc NoSev > @@ -100,7 +136,7 @@ CheckSevFeatures: > > ; Check if SEV-ES is enabled > ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) > - mov ecx, 0xc0010131 > + mov ecx, SEV_STATUS_MSR > rdmsr > bt eax, 1 > jnc GetSevEncBit > @@ -197,10 +233,10 @@ SevEsIdtNotCpuid: > mov eax, 1 > jmp SevEsIdtTerminate > > -SevEsIdtNoCpuidResponse: > +SevEsUnexpectedRespTerminate: > ; > ; Use VMGEXIT to request termination. > - ; 2 - GHCB_CPUID_RESPONSE not received > + ; 2 - Unexpected Response is received > ; > mov eax, 2 > > @@ -216,7 +252,7 @@ SevEsIdtTerminate: > shl eax, 16 > or eax, 0x1100 > xor edx, edx > - mov ecx, 0xc0010130 > + mov ecx, SEV_STATUS_MSR > wrmsr > ; > ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit > @@ -276,7 +312,7 @@ SevEsIdtVmmComm: > mov [esp + VC_CPUID_REQUEST_REGISTER], eax > > ; Save current GHCB MSR value > - mov ecx, 0xc0010130 > + mov ecx, SEV_STATUS_MSR > rdmsr > mov [esp + VC_GHCB_MSR_EAX], eax > mov [esp + VC_GHCB_MSR_EDX], edx > @@ -293,31 +329,16 @@ NextReg: > jge VmmDone > > shl eax, GHCB_CPUID_REGISTER_SHIFT > - or eax, GHCB_CPUID_REQUEST > mov edx, [esp + VC_CPUID_FUNCTION] > - mov ecx, 0xc0010130 > - wrmsr > > - ; > - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit > - ; mode, so work around this by temporarily switching to 64-bit mode. > - ; > -BITS 64 > - rep vmmcall > -BITS 32 > + VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE > > ; > - ; Read GHCB MSR > + ; Response GHCB MSR > ; GHCB_MSR[63:32] = CPUID register value > ; GHCB_MSR[31:30] = CPUID register > ; GHCB_MSR[11:0] = CPUID response protocol > ; > - mov ecx, 0xc0010130 > - rdmsr > - mov ecx, eax > - and ecx, 0xfff > - cmp ecx, GHCB_CPUID_RESPONSE > - jne SevEsIdtNoCpuidResponse > > ; Save returned value > shr eax, GHCB_CPUID_REGISTER_SHIFT > @@ -335,7 +356,7 @@ VmmDone: > ; > mov eax, [esp + VC_GHCB_MSR_EAX] > mov edx, [esp + VC_GHCB_MSR_EDX] > - mov ecx, 0xc0010130 > + mov ecx, SEV_STATUS_MSR > wrmsr > > mov eax, [esp + VC_CPUID_RESULT_EAX] > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77299): https://edk2.groups.io/g/devel/message/77299 Mute This Topic: https://groups.io/mt/83850699/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
