AMD SEV Debugswap #5594
Merged
AMD SEV Debugswap #5594
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mdkinney
requested review from
tlendacky,
ardbiesheuvel,
mxu9,
jyao1,
kraxel and
ruleof2
I'm fixing the typo but I cannot figure out better subject lines. Which two do you want to differ more? thanks, |
ardbiesheuvel
approved these changes
Jun 13, 2024
|
Looks good to me. Note #1: this conflicts with another pending PR updating the AMD header files. Note #2: I think @jyao1 should have a look at the PCD changes, whenever there are any concerns from TDX point of view (probably not), and whenever TDX has a simliar feature so it might make sense to define a common attr bit for that (maybe). |
kraxel
approved these changes
Jun 13, 2024
tlendacky
approved these changes
Jun 20, 2024
|
ping? |
lgao4
approved these changes
Jun 25, 2024
For now we need DebugSwap but others are likely to be needed too. Cc: Liming Gao <[email protected]> Cc: Michael D Kinney <[email protected]> Cc: Zhiguang Liu <[email protected]> Reviewed-by: Tom Lendacky <[email protected]> Signed-off-by: Alexey Kardashevskiy <[email protected]> Changes: v5: * "rb" from Tom v4: * added more from April/2024 APM
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit but there are more other features which do not translate to levels such as DebugVirtualization or SecureTsc. Add the feature mask and the DebugVirtualization feature bit to the PCD. Cc: Liming Gao <[email protected]> Cc: Michael D Kinney <[email protected]> Cc: Zhiguang Liu <[email protected]> Reviewed-by: Tom Lendacky <[email protected]> Signed-off-by: Alexey Kardashevskiy <[email protected]> --- Changes: v4: * s/CCAttrFeatureAmdSevDebugSwap/CCAttrFeatureAmdSevEsDebugVirtualization/ v2: * expanded features mask * added type mask
The SEV-ES DebugVirtualization feature enables type B swapping of debug registers on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted. When DebugVirtualization is enabled, this stops booting if interaction from the HV. Add new API to PEI, SEC, DXE. This does not change the existing behaviour yet. Cc: Ard Biesheuvel <[email protected]> Cc: Erdem Aktas <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Michael Roth <[email protected]> Cc: Min Xu <[email protected]> Reviewed-by: Tom Lendacky <[email protected]> Signed-off-by: Alexey Kardashevskiy <[email protected]> --- Changes: v5: * "rb" from Tom v4: * s/DebugSwap/DebugVirtualization/
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore and includes a feature mask since the previous commit. Fix AmdMemEncryptionAttrCheck to check the level and feature correctly and add DebugVirtualization support. Since the actual feature flag is not set yet, this should cause no behavioural change. Cc: Gerd Hoffmann <[email protected]> Cc: Jiaxin Wu <[email protected]> Cc: Rahul Kumar <[email protected]> Cc: Ray Ni <[email protected]> Reviewed-by: Tom Lendacky <[email protected]> Signed-off-by: Alexey Kardashevskiy <[email protected]> --- Changes: v5: * "rb" from Tom
Write the feature bit into PcdConfidentialComputingGuestAttr and enable DebugVirtualization in PEI, SEC, DXE. Cc: Ard Biesheuvel <[email protected]> Cc: Erdem Aktas <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Michael Roth <[email protected]> Cc: Min Xu <[email protected]> Reviewed-by: Tom Lendacky <[email protected]> Signed-off-by: Alexey Kardashevskiy <[email protected]> --- Changes: v5: * "rb" from Tom v4: * s/DebugSwap/DebugVirtualization/g
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is to prevent #DB interception on AMD SEV-ES VM with enabled DebugSwap feature.
The goal of this pull request is CI check, attempt 4.