OvmfPkg/PlatformPei: validate the system RAM when SNP is active

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

When SEV-SNP is active, a memory region mapped encrypted in the page
table must be validated before access. There are two approaches that
can be taken to validate the system RAM detected during the PEI phase:

1) Validate on-demand
OR
2) Validate before access

On-demand
=========
If memory is not validated before access, it will cause a #VC
exception with the page-not-validated error code. The VC exception
handler can perform the validation steps.

The pages that have been validated will need to be tracked to avoid
the double validation scenarios. The range of memory that has not
been validated will need to be communicated to the OS through the
recently introduced unaccepted memory type
https://github.com/microsoft/mu_basecore/pull/66, so that OS can
validate those ranges before using them.

Validate before access
======================
Since the PEI phase detects all the available system RAM, use the
MemEncryptSevSnpValidateSystemRam() function to pre-validate the
system RAM in the PEI phase.

For now, choose option 2 due to the dependency and the complexity
of the on-demand validation.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index f66e0a7f4a10f2fb619d58a39c85e377b3543129..a0f9178ed6e9366caac5e05cdf74a1d6f0f81eb9 100644 (file)
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -23,6 +23,40 @@
 \r
 #include "Platform.h"\r
 \r
+/**\r
+  Initialize SEV-SNP support if running as an SEV-SNP guest.\r
+\r
+**/\r
+STATIC\r
+VOID\r
+AmdSevSnpInitialize (\r
+  VOID\r
+  )\r
+{\r
+  EFI_PEI_HOB_POINTERS         Hob;\r
+  EFI_HOB_RESOURCE_DESCRIPTOR  *ResourceHob;\r
+\r
+  if (!MemEncryptSevSnpIsEnabled ()) {\r
+    return;\r
+  }\r
+\r
+  //\r
+  // Iterate through the system RAM and validate it.\r
+  //\r
+  for (Hob.Raw = GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw = GET_NEXT_HOB (Hob)) {\r
+    if ((Hob.Raw != NULL) && (GET_HOB_TYPE (Hob) == EFI_HOB_TYPE_RESOURCE_DESCRIPTOR)) {\r
+      ResourceHob = Hob.ResourceDescriptor;\r
+\r
+      if (ResourceHob->ResourceType == EFI_RESOURCE_SYSTEM_MEMORY) {\r
+        MemEncryptSevSnpPreValidateSystemRam (\r
+          ResourceHob->PhysicalStart,\r
+          EFI_SIZE_TO_PAGES ((UINTN)ResourceHob->ResourceLength)\r
+          );\r
+      }\r
+    }\r
+  }\r
+}\r
+\r
 /**\r
   Handle an SEV-SNP/GHCB protocol check failure.\r
 \r
@@ -243,6 +277,14 @@ AmdSevInitialize (
     return;\r
   }\r
 \r
+  //\r
+  // Check and perform SEV-SNP initialization if required. This need to be\r
+  // done before the GHCB page is made shared in the AmdSevEsInitialize(). This\r
+  // is because the system RAM must be validated before it is made shared.\r
+  // The AmdSevSnpInitialize() validates the system RAM.\r
+  //\r
+  AmdSevSnpInitialize ();\r
+\r
   //\r
   // Set Memory Encryption Mask PCD\r
   //\r