Thanks Tom!
Now, I've pushed it again to my github,
https://github.com/tianocore/edk2/pull/5594 re-ran the tasks but "Review
required" is still there so I assume re-posting patches won't help
getting them in as I need more reviews, right?
On 6/6/24 04:54, Tom Lendacky wrote:
On 6/4/24 21:
Write the feature bit into PcdConfidentialComputingGuestAttr
and enable DebugVirtualization in PEI, SEC, DXE.
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: Jiewen Yao
Cc: Michael Roth
Cc: Min Xu
Cc: Tom Lendacky
Signed-off-by: Alexey Kardashevskiy
---
Changes:
v4:
* s/DebugSwap/
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since the previous commit.
Fix AmdMemEncryptionAttrCheck to check the level and feature
correctly and add DebugVirtualization support.
Since the actual feature flag is not set yet, this should cause
no
The SEV-ES DebugVirtualization feature enables type B swapping of
debug registers on #VMEXIT and makes #DB and DR7 intercepts
unnecessary and unwanted.
When DebugVirtualization is enabled, this stops booting if
#VC for #DB or DB7 read/write occurs as this signals unwanted
interaction from the HV.
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugVirtualization or SecureTsc.
Add the feature mask and the DebugVirtualization feature bit to the PCD.
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Z
For now we need DebugSwap but others are likely to be needed too.
Cc: Tom Lendacky
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Alexey Kardashevskiy
---
Changes:
v4:
* added more from April/2024 APM
---
MdePkg/Include/Register/Amd/Fam17Msr.h | 95 +++-
This is to prevent #DB interception on SEV-ES VM with
enabled DebugVirtualization feature.
The previous conversation is here:
https://edk2.groups.io/g/devel/topic/patch_ovmf_v3_0_5_enable/105863808
This is based on sha1
7772e339bdbb Chao Li "ArmVirtPkg: Enable the non-hardcode version
FdtNorFlas
Ping? Thanks,
On 3/5/24 00:34, Alexey Kardashevskiy wrote:
This is to prevent #DB interception on SEV-ES VM with
enabled DebugSwap feature, more details in 3/5.
The corresponding Linux change (HV and VM) went upstream
long time ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linu
This writes the feature bit into PcdConfidentialComputingGuestAttr
and enables DebugSwap for the DXE stage too.
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: Jiewen Yao
Cc: Michael Roth
Cc: Min Xu
Cc: Tom Lendacky
Signed-off-by: Alexey Kardashevskiy
---
OvmfPkg/PlatformPei/AmdS
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual feature flag is not set yet, this should cause
no beh
The SEV-ES DebugSwap feature enables type B swaping of debug registers
on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted.
When DebugSwap is enabled, this stops booting if #VC for #DB or
DB7 read/write occurs as this signals unwanted interaction from the HV.
This adds new API wh
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugSwap or SecureTsc.
This adds the features mask and the DebugSwap feature bit to a PCD.
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Cc
For now we need DebugSwap but others are likely to be needed too.
Cc: Tom Lendacky
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Alexey Kardashevskiy
---
MdePkg/Include/Register/Amd/Fam17Msr.h | 63 ++--
1 file changed, 59 insertions(+), 4 deletions(-)
This is to prevent #DB interception on SEV-ES VM with
enabled DebugSwap feature, more details in 3/5.
The corresponding Linux change (HV and VM) went upstream
long time ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e221804dad4e
https://git.kernel.org/pub/scm/li
On 22/4/24 22:16, Alexey Kardashevskiy wrote:
This is to prevent #DB interception on SEV-ES VM with
enabled DebugSwap feature, more details in 3/5.
The corresponding Linux change (HV and VM) went upstream
long time ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit
This writes the feature bit into PcdConfidentialComputingGuestAttr
and enables DebugSwap for the DXE stage too.
Signed-off-by: Alexey Kardashevskiy
---
OvmfPkg/PlatformPei/AmdSev.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/O
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual feature flag is not set yet, this should cause
no beh
The SEV-ES DebugSwap feature enables type B swaping of debug registers
on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted.
When DebugSwap is enabled, this stops booting if #VC for #DB or
DB7 read/write occurs as this signals unwanted interaction from the HV.
This adds new API wh
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugSwap or SecureTsc.
This adds the features mask and the DebugSwap feature bit to a PCD.
Signed-off-by: Alexey Kardashevskiy
---
Changes:
v2:
* ex
We need DebugSwap for now but others likely to be needed too.
Signed-off-by: Alexey Kardashevskiy
---
MdePkg/Include/Register/Amd/Fam17Msr.h | 57 +++-
1 file changed, 56 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h
b/MdePkg/Include/Register/
This is to prevent #DB interception on SEV-ES VM with
enabled DebugSwap feature, more details in 3/5.
The corresponding Linux change (HV and VM) went upstream
long time ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e221804dad4e
https://git.kernel.org/pub/scm/li
ah never mind, sorry for the noise. Needed to build BaseTools/Source/C
and install some packages.
On 12/12/23 14:52, Alexey Kardashevskiy via groups.io wrote:
Hi,
This broke build:
nice build -q --cmd-len=64436 -n 20 -t GCC5 -a X64 -p
OvmfPkg/OvmfPkgX64.dsc
build.py...
/home/aik/p/o-snp
Hi,
This broke build:
nice build -q --cmd-len=64436 -n 20 -t GCC5 -a X64 -p OvmfPkg/OvmfPkgX64.dsc
build.py...
/home/aik/p/o-snp/CryptoPkg/CryptoPkg.dec(32): error 000E:
File/directory not found in workspace
/home/aik/p/o-snp/CryptoPkg/Library/MbedTlsLib/mbedtls/include
What am I mis
On 7/12/22 13:13, gaoliming wrote:
Alexey:
-邮件原件-
发件人: devel@edk2.groups.io 代表 Alexey
Kardashevskiy via groups.io
发送时间: 2022年12月1日 10:35
收件人: devel@edk2.groups.io
抄送: Ard Biesheuvel ; Jiewen Yao
; Jordan Justen ; Gerd
Hoffmann ; Brijesh Singh ;
Erdem Aktas ; James Bottomley
; Min
On 2/12/22 01:47, Tom Lendacky wrote:
Added the subject as somehow it didn't get set.
On 11/30/22 20:35, Alexey Kardashevskiy wrote:
Date: Tue, 22 Nov 2022 16:12:55 +1100
Subject: [PATCH ovmf 2/5] MdePkg: Add AMD SEV features to
PcdConfidentialComputingGuestAttr
PcdConfidentialComputingGu
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugSwap or SecureTsc.
This adds the features mask and the DebugSwap feature bit to a PCD.
Signed-off-by: Alexey Kardashevskiy
---
MdePkg/Include/C
This writes the feature bit into PcdConfidentialComputingGuestAttr
and enables DebugSwap for the DXE stage too.
Signed-off-by: Alexey Kardashevskiy
---
OvmfPkg/PlatformPei/AmdSev.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/O
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual feature flag is not set yet, this should cause
no beh
We will need soon DebugSwap but others likely too.
Signed-off-by: Alexey Kardashevskiy
---
MdePkg/Include/Register/Amd/Fam17Msr.h | 57 +++-
1 file changed, 56 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h
b/MdePkg/Include/Register/Amd/Fam17Ms
This is to prevent #DB interception on SEV-ES VM with
enabled DebugSwap feature, more details in 3/5.
This is based on sha1 dd3ba82d31a6 and pushed out at
https://github.com/aik/edk2/commits/debugswap
The corresponding Linux change (HV and VM) is here:
https://github.com/aik/linux/commits/debugsw
The SEV-ES DebugSwap feature enables type B swaping of debug registers
on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted.
When DebugSwap is enabled, this stops booting if #VC for #DB or
DB7 read/write occurs as this signals unwanted interaction from the HV.
This adds new API wh
31 matches
Mail list logo
