Re: [edk2-devel] [EXTERNAL] [PATCH v1 1/1] UnitTestFrameworkPkg: Sample unit test hangs when running in OVMF/QEMU

Mike, Can you stage the PR for this? Thanks! - Bret From: Bret Barkelew via groups.io Sent: Friday, April 30, 2021 2:16 PM To: Getnat Ejigu; devel@edk2.groups.io Cc: Kinney, Michael D

Re: [edk2-devel] [EXTERNAL] [PATCH v1 1/1] UnitTestFrameworkPkg: Sample unit test hangs when running in OVMF/QEMU

Reviewed-by: Bret Barkelew - Bret From: Getnat Ejigu Sent: Friday, April 30, 2021 2:07 PM To: devel@edk2.groups.io Cc: Kinney, Michael D; Sean Brogan; Bret Barkelew

[edk2-devel] [PATCH v1 1/1] UnitTestFrameworkPkg: Sample unit test hangs when running in OVMF/QEMU

Sample unit tests in UnitTestFrameworkPkg hangs when running in OVMF/QEMU environment. Build target is X64/GCC5. Fixing this issue by adding EFIAPI to ReportPrint() function that use VA_ARGS. Signed-off-by: Getnat Ejigu Cc: Michael D Kinney Cc: Sean Brogan Cc: Bret Barkelew --- UnitTestFramew

[edk2-devel] [PATCH v1 0/1] Fix sample unit test hang issue in OVMF/QEMU

*** BLURB HERE *** Getnat Ejigu (1): UnitTestFrameworkPkg: Sample unit test hangs when running in OVMF/QEMU UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLib.c | 1 + UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibConOut.c |

Re: [edk2-devel] [PATCH 0/3] SD+USB perf/DMA fixes

LGTM Reviewed-by: Andrei Warkentin From: Jeremy Linton Sent: Thursday, April 8, 2021 12:58 AM To: devel@edk2.groups.io Cc: ard.biesheu...@arm.com ; l...@nuviainc.com ; p...@akeo.ie ; samer.el-haj-mahm...@arm.com ; Andrei Warkentin ; Jeremy Linton Subject: [P

[edk2-devel] [PATCH edk2-test 1/1] uefi-sct/SctPkg: correct print code for EFI_MEMORY_TYPE

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2284 EFI_MEMORY_TYPE is an enum. SctPrint expects an UINTN when printing with %d. Add missing conversions in MemoryAllocationServicesBBTestFunction. Signed-off-by: Heinrich Schuchardt --- .../MemoryAllocationServicesBBTestFunction.c | 98

Re: [edk2-devel] [PATCH v3 0/5] SEV-ES TPM enablement fixes

On 4/30/21 1:44 PM, Laszlo Ersek wrote: > On 04/29/21 19:12, Lendacky, Thomas wrote: >> This patch series provides fixes for using TPM support with an SEV-ES >> guest. >> >> The fixes include: >> >> - Decode ModRM byte for MOVZX and MOVSX opcodes. >> - Add MMIO support for MOV opcodes 0xA0-0xA3.

Re: [edk2-devel] [PATCH v3 3/5] OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability

On 4/30/21 1:43 PM, Laszlo Ersek wrote: > On 04/30/21 18:54, Laszlo Ersek wrote: >> On 04/29/21 19:20, Lendacky, Thomas wrote: >>> On 4/29/21 12:12 PM, Tom Lendacky wrote: Define a new PPI GUID that is to be used as a signal of when it is safe to access the TPM MMIO range. This is needed

Re: [edk2-devel] [PATCH v3 0/5] SEV-ES TPM enablement fixes

On 04/29/21 19:12, Lendacky, Thomas wrote: > This patch series provides fixes for using TPM support with an SEV-ES > guest. > > The fixes include: > > - Decode ModRM byte for MOVZX and MOVSX opcodes. > - Add MMIO support for MOV opcodes 0xA0-0xA3. > - Create a new TPM MMIO ready PPI guid, gOvmfTp

Re: [edk2-devel] [PATCH v3 3/5] OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability

On 04/30/21 18:54, Laszlo Ersek wrote: > On 04/29/21 19:20, Lendacky, Thomas wrote: >> On 4/29/21 12:12 PM, Tom Lendacky wrote: >>> Define a new PPI GUID that is to be used as a signal of when it is safe >>> to access the TPM MMIO range. This is needed so that, when SEV is active, >>> the MMIO rang

Re: [EXTERNAL] Re: [edk2-devel] [edk2][PATCH 1/1] MdeModulePkg/UefiBootManagerLib: Signal ReadyToBoot on platform recovery

Resurrecting.. This continues to be a pain point. At this point, it seems to me that we have multiple people and platforms in this community that are complaining about code not following the spec, but the maintainers are not agreeing because of "legacy implementation of some unidentified platfo

Re: [edk2-devel] [PATCH 0/3] SD+USB perf/DMA fixes

This is now clarified in an ACPI spec ECR (https://bugzilla.tianocore.org/show_bug.cgi?id=3335). The example will be updated in a future spec errata to use ResourceProducer. I think this patch can resume as it is not gated by the spec anymore. From: Andrei Warkentin Sent: Thursday, April 8,

Re: [edk2-devel] [PATCH 2/2] Platform/RaspberryPi: Increase genet dma window

+Jared Reviewed-By: Samer El-Haj-Mahmoud > -Original Message- > From: Jeremy Linton > Sent: Thursday, April 15, 2021 3:22 PM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel ; l...@nuviainc.com; > p...@akeo.ie; Samer El-Haj-Mahmoud mahm...@arm.com>; Andrei Warkentin (awarken...@vmware.c

Re: [edk2-devel] [PATCH v3 4/5] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES

Hi Tom, On 04/30/21 19:01, Laszlo Ersek wrote: > On 04/29/21 19:12, Lendacky, Thomas wrote: >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 >> >> During PEI, the MMIO range for the TPM is marked as encrypted when running >> as an SEV guest. While this isn't an issue for an SEV guest bec

Re: [edk2-devel] [PATCH 3/3] Platform/RaspberryPi/AcpiTables: Correct _DMA consumer

Update: UEFI Forum ASWG (ACPI spec working group) approved the submitted ECR as an errata for future ACPI 6.4 spec publication. We can go ahead and proceed with this patch as submitted, based on that ECR clarification. With that, Reviewed-By: Samer El-Haj-Mahmoud samer.el-haj-mahm...@arm.com<

Re: [edk2-devel] [edk2-platforms PATCH 0/6] Marvell SD/MMC updates

Hi, pon., 19 kwi 2021 o 10:52 Marcin Wojtas napisał(a): > > pon., 19 kwi 2021 o 10:49 Marcin Wojtas napisał(a): > > > > Hi, > > > > This series applies modifications to the MMC settings > > on the platforms based on the Marvell SoCs. > > Where possible, higher speeds are enabled. > > Moreover a

Re: [edk2-devel] [PATCH v2 4/4] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES

On 4/30/21 10:48 AM, Laszlo Ersek wrote: > I need to excuse myself for two items here, where your expectation was > justified: No worries, I'm flexible! Thanks, Tom > > On 04/28/21 21:43, Tom Lendacky wrote: >> On 4/28/21 12:51 PM, Laszlo Ersek via groups.io wrote: >>> I'm going to ask for v3 a

Re: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV

On 4/30/21 10:39 AM, Laszlo Ersek wrote: > On 04/28/21 21:09, Tom Lendacky wrote: >> On 4/28/21 11:12 AM, Laszlo Ersek wrote: >>> On 04/27/21 16:58, Tom Lendacky wrote: On 4/26/21 9:21 AM, Tom Lendacky wrote: > On 4/26/21 7:07 AM, Laszlo Ersek wrote: >> On 04/23/21 22:02, Tom Lendacky

Re: [edk2-devel] [PATCH v3 5/5] OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64

On 04/29/21 19:12, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 > > The OVMF Tcg2Config PEIM adds the gOvmfTpmMmioAccessiblePpiGuid as a > Depex for IA32 and X64 builds so that the MMIO range is properly mapped > as unencrypted for an SEV-ES guest before the Tc

Re: [edk2-devel] [PATCH v3 4/5] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES

On 04/29/21 19:12, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 > > During PEI, the MMIO range for the TPM is marked as encrypted when running > as an SEV guest. While this isn't an issue for an SEV guest because of > the way the nested page fault is handled, i

Re: [edk2-devel] [PATCH v3 3/5] OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability

On 04/29/21 19:20, Lendacky, Thomas wrote: > On 4/29/21 12:12 PM, Tom Lendacky wrote: >> Define a new PPI GUID that is to be used as a signal of when it is safe >> to access the TPM MMIO range. This is needed so that, when SEV is active, >> the MMIO range can be mapped unencrypted before it is acce

Re: [edk2-devel] [PATCH v3 2/5] OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes

On 04/29/21 19:19, Lendacky, Thomas wrote: > On 4/29/21 12:12 PM, Tom Lendacky wrote: >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 >> >> Enabling TPM support results in guest termination of an SEV-ES guest >> because it uses MMIO opcodes that are not currently supported. >> >> Add sup

Re: [edk2-devel] [PATCH RFC v2 00/28] Add AMD Secure Nested Paging (SEV-SNP) support

Hi, On 04/30/21 13:51, Brijesh Singh wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 > > SEV-SNP builds upon existing SEV and SEV-ES functionality while adding > new hardware-based memory protections. SEV-SNP adds strong memory integrity > protection to help prevent malicious hyp

Re: [edk2-devel] [EXTERNAL] [PATCH v1 1/1] UnitTestFrameworkPkg: Sample unit test hangs when running in OVMF/QEMU

Okay, will do. Thanks, -Getnat On Thu, Apr 29, 2021 at 11:33 PM Bret Barkelew wrote: > This change should also be made in: > > > UnitTestFrameworkPkg\Library\UnitTestResultReportLib\UnitTestResultReportLibDebugLib.c > > UnitTestFrameworkPkg\Library\UnitTestResultReportLib\UnitTestResultReportLi

Re: [edk2-devel] [edk2-sct PATCH] buildzip: Add CapsuleApp.efi to the SCT zip file

Reviewed-by: G Edhaya Chandran > -Original Message- > From: Grant Likely > Sent: 27 April 2021 21:46 > To: devel@edk2.groups.io > Cc: nd ; Grant Likely ; G Edhaya > Chandran ; Barton Gao > Subject: [edk2-sct PATCH] buildzip: Add CapsuleApp.efi to the SCT zip file > > CapsuleApp.efi is n

Re: [edk2-devel] Problem: TPM 2.0 event log by OVMF is shown empty in Linux kernel versions after 5.8

On 04/29/21 11:43, Thore Sommer wrote: > I think I found my problem. > The latest kernel from master probes if the table actually includes some > values. This was introduced in 3dcd15665aca80197333500a4be3900948afccc1 > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3

Re: [edk2-devel] [PATCH v2 4/4] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES

I need to excuse myself for two items here, where your expectation was justified: On 04/28/21 21:43, Tom Lendacky wrote: > On 4/28/21 12:51 PM, Laszlo Ersek via groups.io wrote: >> I'm going to ask for v3 after all: >> >> On 04/27/21 18:21, Lendacky, Thomas wrote: >>> @@ -627,6 +627,7 @@ [Compone

Re: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV

On 04/28/21 21:09, Tom Lendacky wrote: > On 4/28/21 11:12 AM, Laszlo Ersek wrote: >> On 04/27/21 16:58, Tom Lendacky wrote: >>> On 4/26/21 9:21 AM, Tom Lendacky wrote: On 4/26/21 7:07 AM, Laszlo Ersek wrote: > On 04/23/21 22:02, Tom Lendacky wrote: >> >> 1. SEV works with the current e

[edk2-devel] [PATCH RFC v2 23/28] OvmfPkg/MemEncryptSevLib: Add support to validate > 4GB memory in PEI phase

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The initial page built during the SEC phase is used by the MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The page validation process requires using the PVALIDATE instruction; the instruction accepts a virtual address of

[edk2-devel] [PATCH RFC v2 25/28] OvmfPkg/PlatformPei: Validate the system RAM when SNP is active

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 When SEV-SNP is active, a memory region mapped encrypted in the page table must be validated before access. There are two approaches that can be taken to validate the system RAM detected during the PEI phase: 1) Validate on-demand OR 2) Vali

[edk2-devel] [PATCH RFC v2 28/28] MdePkg/GHCB: Increase the GHCB protocol max version

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Now that OvmfPkg supports version 2 of the GHCB specification, bump the protocol version. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off

[edk2-devel] [PATCH RFC v2 19/28] OvmfPkg: register GHCB gpa for the SEV-SNP guest

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. The GHCB GPA can be registred using the GhcbGPARegister(). Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc

[edk2-devel] [PATCH RFC v2 27/28] OvmfPkg/AmdSev: Expose the SNP reserved pages through configuration table

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Now that both the secrets and cpuid pages are reserved in the HOB, extract the location details through fixed PCD and make it available to the guest OS through the configuration table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom

[edk2-devel] [PATCH RFC v2 18/28] OvmfPkg: Add a library to support registering GHCB GPA

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest us required to perform GHCB GPA registration before using a GHCB. See the GHCB spec section 2.5.2 for more details. Add a library that can be called to perform the GHCB GPA registration. Cc: James Bottomley Cc: Min Xu Cc:

[edk2-devel] [PATCH RFC v2 26/28] OvmfPkg/MemEncryptSevLib: Change the page state in the RMP table

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or clear the memory encryption attribute in the page table. When SEV-SNP is active, we also need to change the page state in the RMP table so that it is in sync with the memo

[edk2-devel] [PATCH RFC v2 12/28] OvmfPkg: Reserve CPUID page for the SEV-SNP guest

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 During the SEV-SNP guest launch sequence, two special pages need to be inserted, the secrets and CPUID. The secrets page, contain the VM platform communication keys. The guest BIOS and/or OS can use this key to communicate with the SEV firmwa

[edk2-devel] [PATCH RFC v2 24/28] OvmfPkg/SecMain: Pre-validate the memory used for decompressing Fv

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The VMM launch sequence should have pre-validated all the data pages used in the Reset vector. The range does not cover the data pages used during the SEC phase (mainly PEI and DXE firmware volume decompression memory). When SEV-SNP is activ

[edk2-devel] [PATCH RFC v2 22/28] OvmfPkg/BaseMemEncryptSevLib: Skip the pre-validated system RAM

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-valid

[edk2-devel] [PATCH RFC v2 20/28] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification for the futher detail. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc:

[edk2-devel] [PATCH RFC v2 03/28] MdePkg: Define the GHCB GPA structure

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest is required to perform the GHCB GPA registration. See the GHCB specification for further details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc

[edk2-devel] [PATCH RFC v2 21/28] OvmfPkg/MemEncryptSevLib: Add support to validate system RAM

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Many of the integrity guarantees of SEV-SNP are enforced through the Reverse Map Table (RMP). Each RMP entry contains the GPA at which a particular page of DRAM should be mapped. The guest can request the hypervisor to add pages in the RMP ta

[edk2-devel] [PATCH RFC v2 17/28] OvmfPkg/ResetVector: Invalidate the GHCB page

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 When SEV-SNP is active, the GHCB page is mapped un-encrypted in the initial page table built by the reset vector code. Just clearing the encryption attribute from the page table is not enough. The page also needs to be added as shared in the

[edk2-devel] [PATCH RFC v2 02/28] MdePkg: Define the GHCB Hypervisor features

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Version 2 of GHCB introduces advertisement of features that are supported by the hypervisor. See the GHCB spec section 2.2 for an additional details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: A

[edk2-devel] [PATCH RFC v2 11/28] OvmfPkg: Reserve Secrets page in MEMFD

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 When AMD SEV is enabled in the guest VM, a hypervisor need to insert a secrets page. When SEV-SNP is enabled, the secrets page contains the VM platform communication keys. The guest BIOS and OS can use this key to communicate with the SEV fi

[edk2-devel] [PATCH RFC v2 14/28] UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Define the PCDs used by the MpLib while creating the AP when SEV-SNP is active in the guest VMs. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Sig

[edk2-devel] [PATCH RFC v2 05/28] MdePkg: Add AsmPvalidate() support

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The PVALIDATE instruction validates or rescinds validation of a guest page RMP entry. Upon completion, a return code is stored in EAX, rFLAGS bits OF, ZF, AF, PF and SF are set based on this return code. If the instruction completed succesful

[edk2-devel] [PATCH RFC v2 16/28] OvmfPkg/MemEncryptSevLib: Extend Es Workarea to include hv features

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The GHCB Version 2 introduces advertisement of features that are supported by the hypervisor. The features value is saved in the SevEs workarea. Save the value in the PCD for the later use. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc

[edk2-devel] [PATCH RFC v2 06/28] OvmfPkg/BaseMemEncryptSevLib: Introduce MemEncryptSevClearMmioPageEncMask()

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The MemEncryptSevClearMmioPageEncMask() helper can be used for clearing the memory encryption mask for the Mmio region from the current page table context. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen

[edk2-devel] [PATCH RFC v2 10/28] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled()

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Create a function that can be used to determine if VM is running as an SEV-SNP guest. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by:

[edk2-devel] [PATCH RFC v2 09/28] OvmfPkg/VmgExitLib: Allow PMBASE register access in Dxe phase

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure that MMIO is only performed against the un-encrypted memory. If MMIO is performed against encrypted memory, a #GP is raised. The VmgExitLib library depends on ApicTimerL

[edk2-devel] [PATCH RFC v2 15/28] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Extend the workarea to include the SEV-SNP enabled fields. This will be set when SEV-SNP is active in the guest VM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek C

[edk2-devel] [PATCH RFC v2 13/28] OvmfPkg: Validate the data pages used in the Reset vector and SEC phase

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest requires that private memory (aka pages mapped encrypted) must be validated before being accessed. The validation process consist of the following sequence: 1) Set the memory encryption attribute in the page table (aka C-bi

[edk2-devel] [PATCH RFC v2 04/28] MdePkg: Define the Page State Change VMGEXIT structures

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The Page State Change NAE exit will be used by the SEV-SNP guest to request a page state change using the GHCB protocol. See the GHCB spec section 4.1.6 and 2.3.1 for more detail on the structure definitions. Cc: James Bottomley Cc: Min Xu

[edk2-devel] [PATCH RFC v2 00/28] Add AMD Secure Nested Paging (SEV-SNP) support

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware-based memory protections. SEV-SNP adds strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory re-mappi

[edk2-devel] [PATCH RFC v2 08/28] OvmfPkg/BaseMemEncryptSevLib: Remove CacheFlush parameter

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The CacheFlush parameter is used to provide hint whether the specified range is Mmio address. Now that we have a dedicated helper to clear the memory encryption mask for the Mmio address range, its safe to remove the CacheFlush parameter from

[edk2-devel] [PATCH RFC v2 07/28] OvmfPkg: Use MemEncryptSevClearMmioPageEncMask() to clear EncMask from Mmio

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Use the MemEncryptSevClearMmioPageEncMask() to clear memory encryption mask for the Mmio address range from the current page table context. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheu

[edk2-devel] [PATCH RFC v2 01/28] MdePkg: Expand the SEV MSR to include the SNP definition

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Define the SEV-SNP MSR bits. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- MdePkg/Include/Register/Amd/Fam17Msr