BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Introduce a new SEV-SNP boot-specific GUID block. The block is used to communicate the secrets and cpuid memory area reserved by the guest BIOS. When SEV-SNP is enabled, the hypervisor will locate the SEV-SNP boot block to get the location of the Secrets and CPUID page and call the PSP firmware command to populate those memory areas. Cc: Michael Roth <michael.r...@amd.com> Cc: James Bottomley <j...@linux.ibm.com> Cc: Min Xu <min.m...@intel.com> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Jordan Justen <jordan.l.jus...@intel.com> Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> Cc: Erdem Aktas <erdemak...@google.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- OvmfPkg/ResetVector/ResetVector.inf | 4 ++++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 23 ++++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 4 ++++ 3 files changed, 31 insertions(+) diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf index a2520dde5508..34d843de62c4 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -50,3 +50,7 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm index 7ec3c6e980c3..71e1484cf4e4 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -47,6 +47,29 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + 15) % 16)) DB 0 ; guidedStructureStart: +%ifdef ARCH_X64 +; SEV-SNP boot support +; +; sevSnpBlock: +; For the initial boot of SEV-SNP guest, a CPUID and Secrets page must +; be reserved by the BIOS at a RAM area defined by SNP_CPUID_BASE and +; SNP_SECRETS_BASE. A hypervisor will locate this information using the +; SEV-SNP boot block GUID and provide the GPA to the PSP to populate +; the memory area with the required information.. +; +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 +; +sevSnpBootBlockStart: + DD SNP_SECRETS_BASE + DD SNP_SECRETS_SIZE + DD SNP_CPUID_BASE + DD SNP_CPUID_SIZE + DW sevSnpBootBlockEnd - sevSnpBootBlockStart + DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 + DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 +sevSnpBootBlockEnd: +%endif + ; SEV Hash Table Block ; ; This describes the guest ram area where the hypervisor should diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb index d1d800c56745..9be963206989 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -77,6 +77,10 @@ %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) + %define SNP_CPUID_BASE FixedPcdGet32 (PcdOvmfSnpCpuidBase) + %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) + %define SNP_SECRETS_BASE FixedPcdGet32 (PcdOvmfSnpSecretsBase) + %define SNP_SECRETS_SIZE FixedPcdGet32 (PcdOvmfSnpSecretsSize) %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/AmdSev.asm" %include "Ia32/PageTables64.asm" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80079): https://edk2.groups.io/g/devel/message/80079 Mute This Topic: https://groups.io/mt/85306656/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
