UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification section 2.3.2 for more details. Cc: Michael Roth <michael.roth@amd.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Ray Ni <ray.ni@Intel.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
2021-12-09 11:27:54 +08:00 · 2021-12-09 11:27:54 +08:00 · 9c703bc0f1
parent 2c354252be
commit 9c703bc0f1
4 changed files with 64 additions and 5 deletions
--- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc
+++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc
@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO
  .ModeHighSegment:              CTYPE_UINT16 1
  .Enable5LevelPaging:           CTYPE_BOOLEAN 1
  .SevEsIsEnabled:               CTYPE_BOOLEAN 1
+  .SevSnpIsEnabled               CTYPE_BOOLEAN 1
  .GhcbBase:                     CTYPE_UINTN 1
 endstruc

--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@ -896,8 +896,9 @@ FillExchangeInfoData (
  ExchangeInfo->Enable5LevelPaging = (BOOLEAN)(Cr4.Bits.LA57 == 1);
  DEBUG ((DEBUG_INFO, "%a: 5-Level Paging = %d\n", gEfiCallerBaseName, ExchangeInfo->Enable5LevelPaging));

-  ExchangeInfo->SevEsIsEnabled = CpuMpData->SevEsIsEnabled;
-  ExchangeInfo->GhcbBase       = (UINTN)CpuMpData->GhcbBase;
+  ExchangeInfo->SevEsIsEnabled  = CpuMpData->SevEsIsEnabled;
+  ExchangeInfo->SevSnpIsEnabled = CpuMpData->SevSnpIsEnabled;
+  ExchangeInfo->GhcbBase        = (UINTN)CpuMpData->GhcbBase;

  //
  // Get the BSP's data of GDT and IDT
@ -1847,9 +1848,10 @@ MpInitLibInitialize (
  CpuMpData->CpuData          = (CPU_AP_DATA *)(CpuMpData + 1);
  CpuMpData->CpuInfoInHob     = (UINT64)(UINTN)(CpuMpData->CpuData + MaxLogicalProcessorNumber);
  InitializeSpinLock (&CpuMpData->MpLock);
-  CpuMpData->SevEsIsEnabled = ConfidentialComputingGuestHas (CCAttrAmdSevEs);
-  CpuMpData->SevEsAPBuffer  = (UINTN)-1;
-  CpuMpData->GhcbBase       = PcdGet64 (PcdGhcbBase);
+  CpuMpData->SevEsIsEnabled  = ConfidentialComputingGuestHas (CCAttrAmdSevEs);
+  CpuMpData->SevSnpIsEnabled = ConfidentialComputingGuestHas (CCAttrAmdSevSnp);
+  CpuMpData->SevEsAPBuffer   = (UINTN)-1;
+  CpuMpData->GhcbBase        = PcdGet64 (PcdGhcbBase);

  //
  // Make sure no memory usage outside of the allocated buffer.
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@ -222,6 +222,7 @@ typedef struct {
  //
  BOOLEAN            Enable5LevelPaging;
  BOOLEAN            SevEsIsEnabled;
+  BOOLEAN            SevSnpIsEnabled;
  UINTN              GhcbBase;
 } MP_CPU_EXCHANGE_INFO;

@ -291,6 +292,7 @@ struct _CPU_MP_DATA {
  BOOLEAN        WakeUpByInitSipiSipi;

  BOOLEAN        SevEsIsEnabled;
+  BOOLEAN        SevSnpIsEnabled;
  UINTN          SevEsAPBuffer;
  UINTN          SevEsAPResetStackStart;
  CPU_MP_DATA    *NewCpuMpData;
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm
@ -15,6 +15,57 @@

 %define SIZE_4KB    0x1000

+RegisterGhcbGpa:
+    ;
+    ; Register GHCB GPA when SEV-SNP is enabled
+    ;
+    lea        edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)]
+    cmp        byte [edi], 1        ; SevSnpIsEnabled
+    jne        RegisterGhcbGpaDone
+
+    ; Save the rdi and rsi to used for later comparison
+    push       rdi
+    push       rsi
+    mov        edi, eax
+    mov        esi, edx
+    or         eax, 18              ; Ghcb registration request
+    wrmsr
+    rep vmmcall
+    rdmsr
+    mov        r12, rax
+    and        r12, 0fffh
+    cmp        r12, 19              ; Ghcb registration response
+    jne        GhcbGpaRegisterFailure
+
+    ; Verify that GPA is not changed
+    and        eax, 0fffff000h
+    cmp        edi, eax
+    jne        GhcbGpaRegisterFailure
+    cmp        esi, edx
+    jne        GhcbGpaRegisterFailure
+    pop        rsi
+    pop        rdi
+    jmp        RegisterGhcbGpaDone
+
+    ;
+    ; Request the guest termination
+    ;
+GhcbGpaRegisterFailure:
+    xor        edx, edx
+    mov        eax, 256             ; GHCB terminate
+    wrmsr
+    rep vmmcall
+
+    ; We should not return from the above terminate request, but if we do
+    ; then enter into the hlt loop.
+DoHltLoop:
+    cli
+    hlt
+    jmp        DoHltLoop
+
+RegisterGhcbGpaDone:
+    OneTimeCallRet    RegisterGhcbGpa
+
 ;
 ; The function checks whether SEV-ES is enabled, if enabled
 ; then setup the GHCB page.
@ -39,6 +90,9 @@ SevEsSetupGhcb:
    mov        rdx, rax
    shr        rdx, 32
    mov        rcx, 0xc0010130
+
+    OneTimeCall RegisterGhcbGpa
+
    wrmsr

 SevEsSetupGhcbExit: