OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

A hypervisor is not allowed to update an SEV-ES guest's register state,
so when booting an SEV-ES guest AP, the hypervisor is not allowed to
set the RIP to the guest requested value. Instead an SEV-ES AP must be
re-directed from within the guest to the actual requested staring location
as specified in the INIT-SIPI-SIPI sequence.

Use the SEV-ES work area for the reset vector code that contains support
to jump to the desired RIP location after having been started. This is
required for only the very first AP reset.

This new OVMF source file, ResetVectorVtf0.asm, is used in place of the
original file through the use of the include path order set in
OvmfPkg/ResetVector/ResetVector.inf under "[BuildOptions]".

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
new file mode 100644 (file)
index 0000000..980e013
--- /dev/null
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -0,0 +1,100 @@
+;------------------------------------------------------------------------------\r
+; @file\r
+; First code executed by processor after resetting.\r
+; Derived from UefiCpuPkg/ResetVector/Vtf0/Ia16/ResetVectorVtf0.asm\r
+;\r
+; Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.<BR>\r
+; SPDX-License-Identifier: BSD-2-Clause-Patent\r
+;\r
+;------------------------------------------------------------------------------\r
+\r
+BITS    16\r
+\r
+ALIGN   16\r
+\r
+;\r
+; Pad the image size to 4k when page tables are in VTF0\r
+;\r
+; If the VTF0 image has page tables built in, then we need to make\r
+; sure the end of VTF0 is 4k above where the page tables end.\r
+;\r
+; This is required so the page tables will be 4k aligned when VTF0 is\r
+; located just below 0x100000000 (4GB) in the firmware device.\r
+;\r
+%ifdef ALIGN_TOP_TO_4K_FOR_PAGING\r
+    TIMES (0x1000 - ($ - EndOfPageTables) - 0x20) DB 0\r
+%endif\r
+\r
+;\r
+; SEV-ES Processor Reset support\r
+;\r
+; sevEsResetBlock:\r
+;   For the initial boot of an AP under SEV-ES, the "reset" RIP must be\r
+;   programmed to the RAM area defined by SEV_ES_AP_RESET_IP. A known offset\r
+;   and GUID will be used to locate this block in the firmware and extract\r
+;   the build time RIP value. The GUID must always be 48 bytes from the\r
+;   end of the firmware.\r
+;\r
+;   0xffffffca (-0x36) - IP value\r
+;   0xffffffcc (-0x34) - CS segment base [31:16]\r
+;   0xffffffce (-0x32) - Size of the SEV-ES reset block\r
+;   0xffffffd0 (-0x30) - SEV-ES reset block GUID\r
+;                        (00f771de-1a7e-4fcb-890e-68c77e2fb44e)\r
+;\r
+;   A hypervisor reads the CS segement base and IP value. The CS segment base\r
+;   value represents the high order 16-bits of the CS segment base, so the\r
+;   hypervisor must left shift the value of the CS segement base by 16 bits to\r
+;   form the full CS segment base for the CS segment register. It would then\r
+;   program the EIP register with the IP value as read.\r
+;\r
+\r
+TIMES (32 - (sevEsResetBlockEnd - sevEsResetBlockStart)) DB 0\r
+\r
+sevEsResetBlockStart:\r
+    DD      SEV_ES_AP_RESET_IP\r
+    DW      sevEsResetBlockEnd - sevEsResetBlockStart\r
+    DB      0xDE, 0x71, 0xF7, 0x00, 0x7E, 0x1A, 0xCB, 0x4F\r
+    DB      0x89, 0x0E, 0x68, 0xC7, 0x7E, 0x2F, 0xB4, 0x4E\r
+sevEsResetBlockEnd:\r
+\r
+ALIGN   16\r
+\r
+applicationProcessorEntryPoint:\r
+;\r
+; Application Processors entry point\r
+;\r
+; GenFv generates code aligned on a 4k boundary which will jump to this\r
+; location.  (0xffffffe0)  This allows the Local APIC Startup IPI to be\r
+; used to wake up the application processors.\r
+;\r
+    jmp     EarlyApInitReal16\r
+\r
+ALIGN   8\r
+\r
+    DD      0\r
+\r
+;\r
+; The VTF signature\r
+;\r
+; VTF-0 means that the VTF (Volume Top File) code does not require\r
+; any fixups.\r
+;\r
+vtfSignature:\r
+    DB      'V', 'T', 'F', 0\r
+\r
+ALIGN   16\r
+\r
+resetVector:\r
+;\r
+; Reset Vector\r
+;\r
+; This is where the processor will begin execution\r
+;\r
+    nop\r
+    nop\r
+    jmp     EarlyBspInitReal16\r
+\r
+ALIGN   16\r
+\r
+fourGigabytes:\r
+\r

diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 762661115d5091c26a3c7f5c2ac16795ba6a94b1..4913b379a993f0f8f5d96669ba305e200f567bd5 100644 (file)
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -82,5 +82,6 @@
 \r
 %include "Main.asm"\r
 \r
+  %define SEV_ES_AP_RESET_IP  FixedPcdGet32 (PcdSevEsWorkAreaBase)\r
 %include "Ia16/ResetVectorVtf0.asm"\r
 \r