On Wed, 28 Sept 2022 at 17:33, Dionna Glaze via groups.io <dionnaglaze=google....@groups.io> wrote: > > From: Sophia Wolf <phiaw...@google.com> > > When a guest OS does not support unaccepted memory, the unaccepted > memory must be accepted before returning a memory map to the caller. > > EfiMemoryAcceptProtocol is defined in MdePkg and is implemented / > Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. > > Cc: Gerd Hoffmann <kra...@redhat.com> > Cc: James Bottomley <j...@linux.ibm.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Tom Lendacky <thomas.lenda...@amd.com> > > Signed-off-by: Sophia Wolf <phiaw...@google.com>
A signoff is an assertion by the contributor that the contribution is compatible with the license. It is *not* a statement of authorship. This means that you can keep the from: line, and credit the author in another way in the commit log, but the signed-off-by needs to mention the contributor of the patch not the author. > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 34 > ++++++++++++++++++++ > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++ > OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 > +++++++++++--- > 3 files changed, 57 insertions(+), 4 deletions(-) > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > index 662d3c4ccb..09aa15165d 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > @@ -20,6 +20,7 @@ > #include <Library/UefiBootServicesTableLib.h> > #include <Guid/ConfidentialComputingSevSnpBlob.h> > #include <Library/PcdLib.h> > +#include <Protocol/MemoryAccept.h> > > STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { > SIGNATURE_32 ('A', 'M', 'D', 'E'), > @@ -31,6 +32,29 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION > mSnpBootDxeTable = { > FixedPcdGet32 (PcdOvmfCpuidSize), > }; > > +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL; > + > +STATIC > +EFI_STATUS > +EFIAPI > +AmdSevMemoryAccept ( > + IN EFI_MEMORY_ACCEPT_PROTOCOL *This, > + IN EFI_PHYSICAL_ADDRESS StartAddress, > + IN UINTN Size > +) > +{ > + MemEncryptSevSnpPreValidateSystemRam ( > + StartAddress, > + EFI_SIZE_TO_PAGES (Size) > + ); > + > + return EFI_SUCCESS; > +} > + > +STATIC EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { > + AmdSevMemoryAccept > +}; > + > EFI_STATUS > EFIAPI > AmdSevDxeEntryPoint ( > @@ -147,6 +171,16 @@ AmdSevDxeEntryPoint ( > } > } > > + Status = gBS->InstallProtocolInterface ( > + &mAmdSevDxeHandle, > + &gEfiMemoryAcceptProtocolGuid, > + EFI_NATIVE_INTERFACE, > + &mMemoryAcceptProtocol > + ); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n")); > + } > + > // > // If its SEV-SNP active guest then install the > CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. > // It contains the location for both the Secrets and CPUID page. > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > index 9acf860cf2..5ddddabc32 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > @@ -47,6 +47,9 @@ > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize > > +[Protocols] > + gEfiMemoryAcceptProtocolGuid > + > [Guids] > gConfidentialComputingSevSnpBlobGuid > > diff --git > a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > index d3a95e4913..ee3710f7b3 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > @@ -14,6 +14,7 @@ > #include <Library/MemEncryptSevLib.h> > > #include "SnpPageStateChange.h" > +#include "VirtualMemory.h" > > /** > Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. > @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam ( > IN UINTN NumPages > ) > { > + EFI_STATUS Status; > + > if (!MemEncryptSevSnpIsEnabled ()) { > return; > } > > - // > - // All the pre-validation must be completed in the PEI phase. > - // > - ASSERT (FALSE); > + // DXE pre-validation may happen with the memory accept protocol. > + // The protocol should only be called outside the prevalidated ranges > + // that the PEI stage code explicitly skips. Specifically, only memory > + // ranges that are classified as unaccepted. > + if (BaseAddress >= SIZE_4GB) { > + Status = InternalMemEncryptSevCreateIdentityMap1G ( > + 0, > + BaseAddress, > + EFI_PAGES_TO_SIZE (NumPages) > + ); > + if (EFI_ERROR (Status)) { > + ASSERT (FALSE); > + CpuDeadLoop (); > + } > + } > + > + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); > } > -- > 2.37.3.998.g577e59143f-goog > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94476): https://edk2.groups.io/g/devel/message/94476 Mute This Topic: https://groups.io/mt/93975245/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-