CcSvsmLib: Create the CcSvsmLib library to support an SVSM

Gerd Hoffmann Tue, 27 Feb 2024 03:54:06 -0800

On Thu, Feb 22, 2024 at 11:29:51AM -0600, Tom Lendacky wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
> 
> In order to support an SEV-SNP guest running under an SVSM at VMPL1 or
> lower, a new CcSvsmLib library must be created.
> 
> This library includes an interface to detect if running under an SVSM, an
> interface to return the current VMPL, an interface to perform memory
> validation and an interface to set or clear the attribute that allows a
> page to be used as a VMSA.
> 
> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>


Acked-by: Gerd Hoffmann <kra...@redhat.com>

> ---
>  UefiCpuPkg/UefiCpuPkg.dec                          |   5 +-
>  UefiCpuPkg/UefiCpuPkg.dsc                          |   4 +-
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf |  27 +++++
>  UefiCpuPkg/Include/Library/CcSvsmLib.h             | 101 ++++++++++++++++++
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c   | 108 ++++++++++++++++++++
>  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni |  13 +++
>  6 files changed, 256 insertions(+), 2 deletions(-)
> 
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
> index 571b59b36f0a..4a383c6d1d4d 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -2,7 +2,7 @@
>  # This Package provides UEFI compatible CPU modules and libraries.
>  #
>  # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights 
> reserved.<BR>
>  #
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -52,6 +52,9 @@ [LibraryClasses.IA32, LibraryClasses.X64]
>    ##  @libraryclass  Provides function to support CcExit processing.
>    CcExitLib|Include/Library/CcExitLib.h
>  
> +  ##  @libraryclass  Provides function to support CcSvsm processing.
> +  CcSvsmLib|Include/Library/CcSvsmLib.h
> +
>    ##  @libraryclass  Provides function to get CPU cache information.
>    CpuCacheInfoLib|Include/Library/CpuCacheInfoLib.h
>  
> diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
> index 10b33594e586..1ee726e6c6b5 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dsc
> +++ b/UefiCpuPkg/UefiCpuPkg.dsc
> @@ -2,7 +2,7 @@
>  #  UefiCpuPkg Package
>  #
>  #  Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
> -#  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
> +#  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights 
> reserved.<BR>
>  #
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -61,6 +61,7 @@ [LibraryClasses]
>    
> PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
>    
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
>    CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> +  CcSvsmLib|UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>    MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
>    
> SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
>    CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
> @@ -159,6 +160,7 @@ [Components.IA32, Components.X64]
>    UefiCpuPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf
>    UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf
>    UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> +  UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
>    UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
>    UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
>    UefiCpuPkg/SecCore/SecCore.inf
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf 
> b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> new file mode 100644
> index 000000000000..b45a75941a8a
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf
> @@ -0,0 +1,27 @@
> +## @file
> +#  CcSvsm Base Support Library.
> +#
> +#  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 1.29
> +  BASE_NAME                      = CcSvsmLibNull
> +  MODULE_UNI_FILE                = CcSvsmLibNull.uni
> +  FILE_GUID                      = 62b45e0f-c9b4-45ce-a5b3-41762709b3d9
> +  MODULE_TYPE                    = BASE
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = CcSvsmLib
> +
> +[Sources.common]
> +  CcSvsmLibNull.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  UefiCpuPkg/UefiCpuPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +
> diff --git a/UefiCpuPkg/Include/Library/CcSvsmLib.h 
> b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> new file mode 100644
> index 000000000000..4715f4db3bd1
> --- /dev/null
> +++ b/UefiCpuPkg/Include/Library/CcSvsmLib.h
> @@ -0,0 +1,101 @@
> +/** @file
> +  Public header file for the CcSvsmLib.
> +
> +  This library class defines some routines used for invoking an SVSM when the
> +  guest is not running at VMPL0.
> +
> +  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef CC_SVSM_LIB_H_
> +#define CC_SVSM_LIB_H_
> +
> +#include <Protocol/DebugSupport.h>
> +#include <Register/Amd/Ghcb.h>
> +
> +/**
> +  Report the presence of an Secure Virtual Services Module (SVSM).
> +
> +  Determines the presence of an SVSM.
> +
> +  @retval  TRUE                   An SVSM is present
> +  @retval  FALSE                  An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> +  VOID
> +  );
> +
> +/**
> +  Report the VMPL level at which the SEV-SNP guest is running.
> +
> +  Determines the VMPL level at which the guest is running. If an SVSM is
> +  not present, then it must be VMPL0, otherwise return what is reported
> +  by the SVSM.
> +
> +  @return                         The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> +  VOID
> +  );
> +
> +/**
> +  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> +  If an SVSM is present, the CAA for the BSP is returned.
> +
> +  @return                         The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> +  VOID
> +  );
> +
> +/**
> +  Perform a PVALIDATE operation for the page ranges specified.
> +
> +  Validate or rescind the validation of the specified pages.
> +
> +  @param[in]       Info           Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> +  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
> +  );
> +
> +/**
> +  Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> +  Add or remove the VMSA attribute for a page.
> +
> +  @param[in]       Vmsa           Pointer to an SEV-ES save area page
> +  @param[in]       ApicId         APIC ID associated with the VMSA
> +  @param[in]       SetVmsa        Boolean indicator as to whether to set or
> +                                  or clear the VMSA setting for the page
> +
> +  @retval  EFI_SUCCESS            RMPADJUST operation successful
> +  @retval  EFI_UNSUPPORTED        Operation is not supported
> +  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
> +                                  parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> +  IN SEV_ES_SAVE_AREA  *Vmsa,
> +  IN UINT32            ApicId,
> +  IN BOOLEAN           SetVmsa
> +  );
> +
> +#endif
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c 
> b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> new file mode 100644
> index 000000000000..268bd9a7ca54
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
> @@ -0,0 +1,108 @@
> +/** @file
> +  CcSvsm Base Support Library.
> +
> +  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Uefi.h>
> +#include <Library/CcSvsmLib.h>
> +
> +/**
> +  Report the presence of an Secure Virtual Services Module (SVSM).
> +
> +  Determines the presence of an SVSM.
> +
> +  @retval  TRUE                   An SVSM is present
> +  @retval  FALSE                  An SVSM is not present
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +CcSvsmIsSvsmPresent (
> +  VOID
> +  )
> +{
> +  return FALSE;
> +}
> +
> +/**
> +  Report the VMPL level at which the SEV-SNP guest is running.
> +
> +  Determines the VMPL level at which the guest is running. If an SVSM is
> +  not present, then it must be VMPL0, otherwise return what is reported
> +  by the SVSM.
> +
> +  @return                         The VMPL level
> +
> +**/
> +UINT8
> +EFIAPI
> +CcSvsmSnpGetVmpl (
> +  VOID
> +  )
> +{
> +  return 0;
> +}
> +
> +/**
> +  Report the Calling Area address (CAA) for the BSP of the SEV-SNP guest.
> +
> +  If an SVSM is present, the CAA for the BSP is returned.
> +
> +  @return                         The CAA
> +
> +**/
> +UINT64
> +EFIAPI
> +CcSvsmSnpGetCaa (
> +  VOID
> +  )
> +{
> +  return 0;
> +}
> +
> +/**
> +  Perform a PVALIDATE operation for the page ranges specified.
> +
> +  Validate or rescind the validation of the specified pages.
> +
> +  @param[in]       Info           Pointer to a page state change structure
> +
> +**/
> +VOID
> +EFIAPI
> +CcSvsmSnpPvalidate (
> +  IN SNP_PAGE_STATE_CHANGE_INFO  *Info
> +  )
> +{
> +}
> +
> +/**
> +  Perform an RMPADJUST operation to alter the VMSA setting of a page.
> +
> +  Add or remove the VMSA attribute for a page.
> +
> +  @param[in]       Vmsa           Pointer to an SEV-ES save area page
> +  @param[in]       ApicId         APIC ID associated with the VMSA
> +  @param[in]       SetVmsa        Boolean indicator as to whether to set or
> +                                  or clear the VMSA setting for the page
> +
> +  @retval  EFI_SUCCESS            RMPADJUST operation successful
> +  @retval  EFI_UNSUPPORTED        Operation is not supported
> +  @retval  EFI_INVALID_PARAMETER  RMPADJUST operation failed, an invalid
> +                                  parameter was supplied
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcSvsmSnpVmsaRmpAdjust (
> +  IN SEV_ES_SAVE_AREA  *Vmsa,
> +  IN UINT32            ApicId,
> +  IN BOOLEAN           SetVmsa
> +  )
> +{
> +  return EFI_UNSUPPORTED;
> +}
> diff --git a/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni 
> b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> new file mode 100644
> index 000000000000..c80c0a5656dd
> --- /dev/null
> +++ b/UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni
> @@ -0,0 +1,13 @@
> +// /** @file
> +// CcSvsmLib instance.
> +//
> +// Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "CcSvsmLib NULL 
> instance"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "CcSvsmLib NULL 
> instance."
> +
> -- 
> 2.42.0
> 

-- 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116031): https://edk2.groups.io/g/devel/message/116031
Mute This Topic: https://groups.io/mt/104512960/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM

Reply via email to