Re: [PATCH v8 27/40] x86/boot: Add Confidential Computing type to setup_data

From: Brijesh Singh
Date: Mon Dec 13 2021 - 09:49:53 EST

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net-next] net: lan966x: Fix the configuration of the pcs"
Previous message: Gautham R. Shenoy: "Re: [PATCH 2/2] sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs"
In reply to: Dave Hansen: "Re: [PATCH v8 27/40] x86/boot: Add Confidential Computing type to setup_data"
Next in thread: Dave Hansen: "Re: [PATCH v8 27/40] x86/boot: Add Confidential Computing type to setup_data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/10/21 2:30 PM, Dave Hansen wrote:

On 12/10/21 12:18 PM, Brijesh Singh wrote:

On 12/10/21 1:12 PM, Dave Hansen wrote:

On 12/10/21 7:43 AM, Brijesh Singh wrote:

+/* AMD SEV Confidential computing blob structure */
+#define CC_BLOB_SEV_HDR_MAGIC 0x45444d41
+struct cc_blob_sev_info {
+ u32 magic;
+ u16 version;
+ u16 reserved;
+ u64 secrets_phys;
+ u32 secrets_len;
+ u64 cpuid_phys;
+ u32 cpuid_len;
+};

This is an ABI structure rather than some purely kernel construct, right?

This is ABI between the guest BIOS and Guest OS. It is defined in the OVMF.

https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FOvmfPkg%2FInclude%2FGuid%2FConfidentialComputingSevSnpBlob.h&data=04%7C01%7Cbrijesh.singh%40amd.com%7C460f6abff7f04e065c9108d9bc1bfcf7%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637747650681544593%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=GI1fAngRJ%2Bj4hcM91UutVXlS1F7kfk2xxtG6I%2BL%2FRYc%3D&reserved=0

SEV-SNP FW spec does not have it documented; it's up to the guest BIOS
on how it wants to communicate the Secrets and CPUID page location to
guest OS.

Well, no matter where it is defined, could we please make it a bit
easier for folks to find it in the future?

Noted, I will add a comment so that readers can find it easily. Additionally, I will create a doc and get it published on developer.amd.com/sev so that information is documented outside the source code files.

I searched through all of the specs to which you linked in the cover
letter. I looked for "blob", "guid", the magic and part of the GUID
itself trying to find where this is defined to see if the struct is correct.

I couldn't find anything.

Where is the spec for this blob? How large is it? Did you mean to
leave a 4-byte hole after secrets_len and before cpuid_phys?

Yes, the length is never going to be > 4GB.

I was more concerned that this structure could change sizes if it were
compiled on 32-bit versus 64-bit code. For kernel ABIs, we try not to
do that.

Is this somehow OK when talking to firmware? Or can a 32-bit OS and
64-bit firmware never interact?

For SNP, both the firmware and OS need to be 64-bit. IIRC, both the Linux and OVMF do not enable the memory encryption for the 32-bit.

thanks

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net-next] net: lan966x: Fix the configuration of the pcs"
Previous message: Gautham R. Shenoy: "Re: [PATCH 2/2] sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs"
In reply to: Dave Hansen: "Re: [PATCH v8 27/40] x86/boot: Add Confidential Computing type to setup_data"
Next in thread: Dave Hansen: "Re: [PATCH v8 27/40] x86/boot: Add Confidential Computing type to setup_data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]