rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS edk2-20241117-8.el9

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-30 10:23:30 -04:00
parent 1c978f3470
commit 5b8a31c5e4
13 changed files with 4656 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.edk2.metadata
View File

@ -1,4 +1,4 @@
9bbd7d85dbb5e444b296bc8b9bd9c07019703706 SOURCES/DBXUpdate-20250610.x64.bin
7d2c91bb7803fdac301cf87c55a10491eade2345 SOURCES/DBXUpdate-20251016.x64.bin
19a95204dd787b4809886db15655082cb28718e9 SOURCES/dtc-1.7.0.tar.xz
a0cdc45f583976eda09dd85740264e57333b3df2 SOURCES/edk2-0f3867fa6ef0.tar.xz
0a9cfae889c6436333fab963250b069058eec6cf SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
a76706261c8db8253a8ca7a3f187dc78df4c97e6 SOURCES/openssl-rhel-4000c8f49c400db3c5b4e8ccdd9af6cc3d04da19.tar.xz

4
.gitignore vendored
View File

@ -1,4 +1,4 @@
SOURCES/DBXUpdate-20250610.x64.bin
SOURCES/DBXUpdate-20251016.x64.bin
SOURCES/dtc-1.7.0.tar.xz
SOURCES/edk2-0f3867fa6ef0.tar.xz
SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
SOURCES/openssl-rhel-4000c8f49c400db3c5b4e8ccdd9af6cc3d04da19.tar.xz

3412
SOURCES/edk2-MdePkg-Acpi66.h-Add-ACPI-6.6-header.patch Normal file
View File

File diff suppressed because it is too large Load Diff

44
SOURCES/edk2-MdePkg-Add-the-COHERENCY_SFW_NO-CPUID-bit-field.patch Normal file
View File

@ -0,0 +1,44 @@
From 0e83abc612409e4c12e3fb59611b7b6517746e3d Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 22 Jul 2025 16:59:44 -0500
Subject: [PATCH 2/4] MdePkg: Add the COHERENCY_SFW_NO CPUID bit field
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 98: OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP memory validation
RH-Jira: RHEL-121983
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/4] c4fe91e0c104cafef0dc5363c746075b44b744ba (luigileonardi/edk2)
Update the CPUID 0x8000001F EBX definition to add the COHERENCY_SFW_NO
bit field. The COHERENCY_SFW_NO bit is used to indicate that the SEV-SNP
cache coherency mitigation is not needed.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
MdePkg/Include/Register/Amd/Cpuid.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/MdePkg/Include/Register/Amd/Cpuid.h b/MdePkg/Include/Register/Amd/Cpuid.h
index fdcbc475d5..0313ee2789 100644
--- a/MdePkg/Include/Register/Amd/Cpuid.h
+++ b/MdePkg/Include/Register/Amd/Cpuid.h
@@ -701,9 +701,14 @@ typedef union {
UINT32 ReducedPhysBits : 5;
///
- /// [Bit 31:12] Reserved
+ /// [Bit 30:12] Reserved
///
- UINT32 ReservedBits : 21;
+ UINT32 ReservedBits : 20;
+
+ ///
+ /// [Bit 31] SEV-SNP Cache Coherency Mitigation is not needed
+ ///
+ UINT32 CoherencySfwNo : 1;
} Bits;
///
/// All bit fields as a 32-bit value
--
2.50.1

362
SOURCES/edk2-OvmfPkg-Add-the-ResetVector-in-TDX-MailBox.patch Normal file
View File

@ -0,0 +1,362 @@
From 05a792b1f976fb2befa6e5f3c90d94b361e4b8c2 Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Thu, 30 Nov 2023 21:00:32 -0500
Subject: [PATCH 4/6] OvmfPkg: Add the ResetVector in TDX MailBox
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [4/5] 72a7c05c87f8f4e8ae78b2026918e7ddeea05c15 (luigileonardi/edk2)
Base on ACPI 6.6 Multiprocessor Wakeup Structure, TDVF needs to provide
a physical address of the ResetVector to OS. And it should allow the
Multiprocessor Wakeup Mailbox to be reset in order to be used once again
with a given AP.
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
OvmfPkg/Include/IndustryStandard/IntelTdx.h | 1 +
OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 5 +-
OvmfPkg/TdxDxe/TdxAcpiTable.c | 63 ++++++++++--
OvmfPkg/TdxDxe/TdxAcpiTable.h | 4 +-
OvmfPkg/TdxDxe/TdxDxe.inf | 4 +
OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 100 +++++++++++++++++++-
6 files changed, 167 insertions(+), 10 deletions(-)
diff --git a/OvmfPkg/Include/IndustryStandard/IntelTdx.h b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
index 1151f9edd5..e80688c459 100644
--- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
+++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
@@ -63,6 +63,7 @@ typedef struct {
typedef struct {
UINT8 *RelocateApLoopFuncAddress;
UINTN RelocateApLoopFuncSize;
+ UINT8 *RelocateApResetVector;
} MP_RELOCATION_MAP;
#pragma pack()
diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
index 12e4501c5b..c3e08d8812 100644
--- a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
@@ -186,10 +186,13 @@ PlatformTdxPublishRamRegions (
// work area. We ought to prevent DXE from serving allocation requests
// such that they would overlap the work area.
//
+ // Since this memory range will be used by the Reset Vector on Maibox
+ // wakeup again, it must be reserved as ACPI NVS.
+ //
BuildMemoryAllocationHob (
(EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase),
(UINT64)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaSize),
- EfiBootServicesData
+ EfiACPIMemoryNVS
);
}
}
diff --git a/OvmfPkg/TdxDxe/TdxAcpiTable.c b/OvmfPkg/TdxDxe/TdxAcpiTable.c
index d6d6975e56..4f62d7d729 100644
--- a/OvmfPkg/TdxDxe/TdxAcpiTable.c
+++ b/OvmfPkg/TdxDxe/TdxAcpiTable.c
@@ -28,6 +28,43 @@
#include <Uefi.h>
#include <TdxAcpiTable.h>
+IA32_SEGMENT_DESCRIPTOR mGdtEntries[] = {
+ {
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+ }, /* 0x0: reserve */
+ {
+ { 0xFFFF, 0, 0, 0xB, 1, 0, 1, 0xF, 0, 0, 1, 1, 0 }
+ }, /* 0x8: compatibility mode */
+ {
+ { 0xFFFF, 0, 0, 0xB, 1, 0, 1, 0xF, 0, 1, 0, 1, 0 }
+ }, /* 0x10: for long mode */
+ {
+ { 0xFFFF, 0, 0, 0x3, 1, 0, 1, 0xF, 0, 0, 1, 1, 0 }
+ }, /* 0x18: data */
+ {
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+ }, /* 0x20: reserve */
+};
+
+/**
+ At the beginning of ResetVector in OS, the GDT needs to be reloaded.
+**/
+VOID
+SetMailboxResetVectorGDT (
+ VOID
+ )
+{
+ TDX_WORK_AREA *TdxWorkArea;
+
+ TdxWorkArea = (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+ ASSERT (TdxWorkArea != NULL);
+ ZeroMem ((VOID *)TdxWorkArea->MailboxGdt.Data, sizeof (TdxWorkArea->MailboxGdt.Data));
+
+ CopyMem ((VOID *)TdxWorkArea->MailboxGdt.Data, (VOID *)mGdtEntries, sizeof (mGdtEntries));
+ TdxWorkArea->MailboxGdt.Gdtr.Base = (UINTN)TdxWorkArea->MailboxGdt.Data;
+ TdxWorkArea->MailboxGdt.Gdtr.Limit = sizeof (mGdtEntries) - 1;
+}
+
/**
At the beginning of system boot, a 4K-aligned, 4K-size memory (Td mailbox) is
pre-allocated by host VMM. BSP & APs do the page accept together in that memory
@@ -37,12 +74,14 @@
memory block which is allocated in the ACPI Nvs memory. APs are waken up and
spin around the relocated mailbox for further command.
+ @param[in, out] ResetVector Pointer to the ResetVector
+
@return EFI_PHYSICAL_ADDRESS Address of the relocated mailbox
**/
EFI_PHYSICAL_ADDRESS
EFIAPI
RelocateMailbox (
- VOID
+ EFI_PHYSICAL_ADDRESS *ResetVector
)
{
EFI_PHYSICAL_ADDRESS Address;
@@ -92,6 +131,7 @@ RelocateMailbox (
ApLoopFunc
));
+ SetMailboxResetVectorGDT ();
//
// Initialize mailbox
//
@@ -115,6 +155,13 @@ RelocateMailbox (
0
);
+ *ResetVector = (UINT64)ApLoopFunc + (RelocationMap.RelocateApResetVector -
+ RelocationMap.RelocateApLoopFuncAddress);
+ DEBUG ((
+ DEBUG_INFO,
+ "Ap Relocation: reset_vector %llx\n",
+ *ResetVector
+ ));
return Address;
}
@@ -142,7 +189,8 @@ AlterAcpiTable (
UINT8 *NewMadtTable;
UINTN NewMadtTableLength;
EFI_PHYSICAL_ADDRESS RelocateMailboxAddress;
- EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE *MadtMpWk;
+ EFI_PHYSICAL_ADDRESS RelocateResetVector;
+ EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE *MadtMpWk;
EFI_ACPI_1_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER *MadtHeader;
Index = 0;
@@ -155,7 +203,7 @@ AlterAcpiTable (
return;
}
- RelocateMailboxAddress = RelocateMailbox ();
+ RelocateMailboxAddress = RelocateMailbox (&RelocateResetVector);
if (RelocateMailboxAddress == 0) {
ASSERT (FALSE);
DEBUG ((DEBUG_ERROR, "Failed to relocate Td mailbox\n"));
@@ -172,7 +220,7 @@ AlterAcpiTable (
break;
}
- NewMadtTableLength = Table->Length + sizeof (EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE);
+ NewMadtTableLength = Table->Length + sizeof (EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE);
NewMadtTable = AllocatePool (NewMadtTableLength);
if (NewMadtTable == NULL) {
DEBUG ((DEBUG_ERROR, "%a: OUT_OF_SOURCES error.\n", __func__));
@@ -183,12 +231,13 @@ AlterAcpiTable (
MadtHeader = (EFI_ACPI_1_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER *)NewMadtTable;
MadtHeader->Header.Length = (UINT32)NewMadtTableLength;
- MadtMpWk = (EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE *)(NewMadtTable + Table->Length);
+ MadtMpWk = (EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE *)(NewMadtTable + Table->Length);
MadtMpWk->Type = EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP;
- MadtMpWk->Length = sizeof (EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE);
- MadtMpWk->MailBoxVersion = 0;
+ MadtMpWk->Length = sizeof (EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE);
+ MadtMpWk->MailBoxVersion = 1;
MadtMpWk->Reserved = 0;
MadtMpWk->MailBoxAddress = RelocateMailboxAddress;
+ MadtMpWk->ResetVector = RelocateResetVector;
Status = AcpiTableProtocol->InstallAcpiTable (AcpiTableProtocol, NewMadtTable, NewMadtTableLength, &NewTableKey);
if (EFI_ERROR (Status)) {
diff --git a/OvmfPkg/TdxDxe/TdxAcpiTable.h b/OvmfPkg/TdxDxe/TdxAcpiTable.h
index 6b7615dc36..6081665ffa 100644
--- a/OvmfPkg/TdxDxe/TdxAcpiTable.h
+++ b/OvmfPkg/TdxDxe/TdxAcpiTable.h
@@ -18,6 +18,8 @@
#include <Library/UefiBootServicesTableLib.h>
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
+#include <WorkArea.h>
+
#include <IndustryStandard/IntelTdx.h>
#include <IndustryStandard/Acpi.h>
@@ -41,7 +43,7 @@ AsmGetRelocationMap (
EFI_PHYSICAL_ADDRESS
EFIAPI
RelocateMailbox (
- VOID
+ EFI_PHYSICAL_ADDRESS *ResetVector
);
/**
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 9793562884..69e4c0bfa5 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -71,3 +71,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index 2f42510605..d1a4dce2ff 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -16,8 +16,18 @@
DEFAULT REL
+SECTION .bss
+global STACK_BASE
+STACK_BASE:
+ resb 1024
+STACK_TOP:
+
SECTION .text
+%define TDX_WORK_AREA_MAILBOX_GDTR (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 128)
+
+%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
+
BITS 64
%define TDVMCALL_EXPOSE_REGS_MASK 0xffcc
@@ -76,6 +86,7 @@ AsmRelocateApMailBoxLoopStart:
test r10, r10
jnz Panic
mov r8, r15
+ mov qword[rel mailbox_address], rbx
MailBoxLoop:
; Spin until command set
@@ -104,6 +115,91 @@ MailBoxTest:
jmp MailBoxLoop
Panic:
ud2
+
+AsmRelocateApResetVector:
+
+.prepareStack:
+ ; The stack can then be used to switch from long mode to compatibility mode
+ mov rsp, STACK_TOP
+
+.loadGDT:
+ cli
+ mov rax, TDX_WORK_AREA_MAILBOX_GDTR
+ lgdt [rax]
+
+.loadSwicthModeCode:
+ mov rcx, dword 0x10 ; load long mode selector
+ shl rcx, 32
+ lea rdx, [LongMode] ; assume address < 4G
+ or rcx, rdx
+ push rcx
+
+ mov rcx, dword 0x08 ; load compatible mode selector
+ shl rcx, 32
+ lea rdx, [Compatible] ; assume address < 4G
+ or rcx, rdx
+ push rcx
+ retf
+
+BITS 32
+Compatible:
+ mov eax, dword 0x18
+; ; reload DS/ES/SS to make sure they are correct referred to current GDT
+ mov ds, ax
+ mov es, ax
+ mov ss, ax
+ ; reload the fs and gs
+ mov fs, ax
+ mov gs, ax
+
+ ; Must clear the CR4.PCIDE before clearing paging
+ mov ecx, cr4
+ btc ecx, 17
+ mov cr4, ecx
+ ;
+ ; Disable paging
+ ;
+ mov ecx, cr0
+ btc ecx, 31
+ mov cr0, ecx
+ ;
+RestoreCr0:
+ ; Only enable PE(bit 0), NE(bit 5), ET(bit 4) 0x31
+ mov eax, dword 0x31
+ mov cr0, eax
+
+
+ ; Only Enable MCE(bit 6), VMXE(bit 13) 0x2040
+ ; TDX enforeced the VMXE = 1 and mask it in VMM, so not set it.
+RestoreCr4:
+ mov eax, 0x40
+ mov cr4, eax
+SetCr3:
+ ;
+ ; Can use the boot page tables since it's reserved
+
+ mov eax, PT_ADDR (0)
+ mov cr3, eax
+
+EnablePAE:
+ mov eax, cr4
+ bts eax, 5
+ mov cr4, eax
+
+EnablePaging:
+ mov eax, cr0
+ bts eax, 31 ; set PG
+ mov cr0, eax ; enable paging
+ ; return to LongMode
+ retf
+
+BITS 64
+LongMode:
+ mov rbx, qword[rel mailbox_address]
+ jmp AsmRelocateApMailBoxLoopStart
+align 16
+mailbox_address:
+ dq 0
BITS 64
AsmRelocateApMailBoxLoopEnd:
@@ -112,8 +208,10 @@ AsmRelocateApMailBoxLoopEnd:
;-------------------------------------------------------------------------------------
global ASM_PFX(AsmGetRelocationMap)
ASM_PFX(AsmGetRelocationMap):
+ ; mov byte[TDX_WORK_AREA_MB_PGTBL_READY], 0
lea rax, [AsmRelocateApMailBoxLoopStart]
mov qword [rcx], rax
mov qword [rcx + 8h], AsmRelocateApMailBoxLoopEnd - AsmRelocateApMailBoxLoopStart
+ lea rax, [AsmRelocateApResetVector]
+ mov qword [rcx + 10h], rax
ret
-
--
2.50.1

123
SOURCES/edk2-OvmfPkg-Add-the-Test-command-in-TDX-MailBox.patch Normal file
View File

@ -0,0 +1,123 @@
From e2c3ffb6540e74a928ec80ebbd8912953459fc4f Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Thu, 12 Jun 2025 23:48:16 -0400
Subject: [PATCH 3/6] OvmfPkg: Add the Test command in TDX MailBox
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [3/5] 15ebd77c681d1e720a299ed42d370e81b20c7374 (luigileonardi/edk2)
Base on ACPI 6.6 MultiProcessor Wakeup Mailbox Structure,
the new "Test" command is added.
Also the "Sleep" command is not used in TDX Mailbox, it should be removed.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
OvmfPkg/Include/IndustryStandard/IntelTdx.h | 7 +++++--
OvmfPkg/Include/TdxCommondefs.inc | 3 +--
OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 20 +++++++++++++-------
3 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/OvmfPkg/Include/IndustryStandard/IntelTdx.h b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
index cc849be2fb..1151f9edd5 100644
--- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
+++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
@@ -17,11 +17,14 @@
#define MP_CPU_PROTECTED_MODE_MAILBOX_APICID_INVALID 0xFFFFFFFF
#define MP_CPU_PROTECTED_MODE_MAILBOX_APICID_BROADCAST 0xFFFFFFFE
+//
+// This enum is defined for the use of Intel TDX Guest.
+// TDX Guest CPUs wait for below commands and do corresponding tasks.
+//
typedef enum {
MpProtectedModeWakeupCommandNoop = 0,
MpProtectedModeWakeupCommandWakeup = 1,
- MpProtectedModeWakeupCommandSleep = 2,
- MpProtectedModeWakeupCommandAcceptPages = 3,
+ MpProtectedModeWakeupCommandAcceptPages = 2,
} MP_CPU_PROTECTED_MODE_WAKEUP_CMD;
#pragma pack(1)
diff --git a/OvmfPkg/Include/TdxCommondefs.inc b/OvmfPkg/Include/TdxCommondefs.inc
index a29d2fad42..b49a830178 100644
--- a/OvmfPkg/Include/TdxCommondefs.inc
+++ b/OvmfPkg/Include/TdxCommondefs.inc
@@ -41,8 +41,7 @@ ERROR_INVALID_FALLBACK_PAGE_LEVEL equ 3
MpProtectedModeWakeupCommandNoop equ 0
MpProtectedModeWakeupCommandWakeup equ 1
-MpProtectedModeWakeupCommandSleep equ 2
-MpProtectedModeWakeupCommandAcceptPages equ 3
+MpProtectedModeWakeupCommandAcceptPages equ 2
MailboxApicIdInvalid equ 0xffffffff
MailboxApicidBroadcast equ 0xfffffffe
diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index 57560015f4..2f42510605 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -1,5 +1,5 @@
;------------------------------------------------------------------------------ ;
-; Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2025, Intel Corporation. All rights reserved.<BR>
; SPDX-License-Identifier: BSD-2-Clause-Patent
;
; Module Name:
@@ -24,6 +24,11 @@ BITS 64
%define TDVMCALL 0x0
%define EXIT_REASON_CPUID 0xa
+; Defined in ACPI 6.6 section 5.2.12.19 MultiProcessor Wakeup Mailbox Command.
+%define MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_NOOP 0
+%define MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_WAKEUP 1
+%define MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_TEST 2
+
%macro tdcall 0
db 0x66, 0x0f, 0x01, 0xcc
%endmacro
@@ -74,7 +79,7 @@ AsmRelocateApMailBoxLoopStart:
MailBoxLoop:
; Spin until command set
- cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandNoop
+ cmp dword [rbx + CommandOffset], MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_NOOP
je MailBoxLoop
; Determine if this is a broadcast or directly for my apic-id, if not, ignore
cmp dword [rbx + ApicidOffset], MailboxApicidBroadcast
@@ -82,10 +87,10 @@ MailBoxLoop:
cmp dword [rbx + ApicidOffset], r8d
jne MailBoxLoop
MailBoxProcessCommand:
- cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandWakeup
+ cmp dword [rbx + CommandOffset], MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_WAKEUP
je MailBoxWakeUp
- cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandSleep
- je MailBoxSleep
+ cmp dword [rbx + CommandOffset], MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_TEST
+ je MailBoxTest
; Don't support this command, so ignore
jmp MailBoxLoop
MailBoxWakeUp:
@@ -94,8 +99,9 @@ MailBoxWakeUp:
; the command field back to zero as acknowledgement.
mov qword [rbx + CommandOffset], 0
jmp rax
-MailBoxSleep:
- jmp $
+MailBoxTest:
+ mov qword [rbx + CommandOffset], 0
+ jmp MailBoxLoop
Panic:
ud2
BITS 64
--
2.50.1

49
SOURCES/edk2-OvmfPkg-IoMmuDxe-Fix-1M-and-2M-buffer-handling.patch Normal file
View File

@ -0,0 +1,49 @@
From 7316c1f5aaaffa1829bf6b391886b13569b093d0 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 15 Oct 2025 13:17:36 -0400
Subject: [PATCH 6/6] OvmfPkg/IoMmuDxe: Fix 1M and 2M buffer handling
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 97: OvmfPkg/IoMmuDxe: Fix 1M and 2M buffer handling
RH-Jira: RHEL-69780
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Luigi Leonardi <None>
RH-Commit: [1/1] 93d58032b28497df124caa7b525cf01e26e54751 (osteffen/edk2)
The IoMmu keeps a pool of pre-allocated shared buffers in various sizes
to serve requests. Usage is tracked in a bitmap.
The bitmap masks for the 1M and 2M buffer pools are incorrect, causing
the same buffers getting handed out repeatedly, causing corrupted device
accesses.
The masks needs to be kept in sync with mReservedMemRanges below.
This sets the correct values for:
- RESERVED_MEM_BITMAP_1M_MASK = (1 << 14) = 0x4000
- RESERVED_MEM_BITMAP_2M_MASK = (1 << 15) | (1 << 16) = 0x18000
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
(cherry picked from commit e27cfda33b429762975215cccba5837ee850d18e)
---
OvmfPkg/IoMmuDxe/IoMmuBuffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
index f8dcd5b7ec..6b9c38cf0d 100644
--- a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
+++ b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
@@ -23,8 +23,8 @@ extern BOOLEAN mReservedSharedMemSupported;
#define RESERVED_MEM_BITMAP_4K_MASK 0xf
#define RESERVED_MEM_BITMAP_32K_MASK 0xff0
#define RESERVED_MEM_BITMAP_128K_MASK 0x3000
-#define RESERVED_MEM_BITMAP_1M_MASK 0x40000
-#define RESERVED_MEM_BITMAP_2M_MASK 0x180000
+#define RESERVED_MEM_BITMAP_1M_MASK 0x4000
+#define RESERVED_MEM_BITMAP_2M_MASK 0x18000
#define RESERVED_MEM_BITMAP_MASK 0x1fffff
/**
--
2.50.1

276
SOURCES/edk2-OvmfPkg-MemEncryptSevLib-Check-if-SEV-SNP-coherency-.patch Normal file
View File

@ -0,0 +1,276 @@
From f6ce42e2cdc81b84a2ad5f9cf7a64ce7fd1adcd5 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 22 Jul 2025 15:06:18 -0500
Subject: [PATCH 4/4] OvmfPkg/MemEncryptSevLib: Check if SEV-SNP coherency
mitigitation is needed
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 98: OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP memory validation
RH-Jira: RHEL-121983
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [4/4] c35864a80d723cd0ed9c696707d2b760d1a54ac7 (luigileonardi/edk2)
CPUID bit Fn8000001F_EBX[31] defines the COHERNECY_SFW_NO CPUID bit that,
when set, indicates that the software mitigation for this vulnerability is
not needed.
Add support to check for this CPUID bit and avoid the mitigation if set.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 +++++
OvmfPkg/Include/WorkArea.h | 5 +-
.../DxeMemEncryptSevLibInternal.c | 54 +++++++++++++++++--
.../PeiMemEncryptSevLibInternal.c | 25 +++++++++
.../SecMemEncryptSevLibInternal.c | 25 +++++++++
.../X64/SnpPageStateChangeInternal.c | 10 ++--
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 10 ++++
OvmfPkg/ResetVector/ResetVector.nasmb | 1 +
8 files changed, 135 insertions(+), 9 deletions(-)
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index c5653539d8..d3d4f6fa9a 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -178,6 +178,20 @@ MemEncryptSevEsDebugVirtualizationIsEnabled (
VOID
);
+/**
+ Returns a boolean to indicate whether the SEV-SNP cache line eviction
+ mitigation is needed.
+
+ @retval TRUE Cache line eviction mitigation required
+ @retval FALSE Cache line eviction migigation not required
+
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpDoCoherencyMitigation (
+ VOID
+ );
+
/**
Returns the encryption state of the specified virtual address range.
diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index 9f3a4517bd..297e54f36e 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -53,6 +53,8 @@ typedef struct _SEC_SEV_ES_WORK_AREA {
// Flags:
// - BIT0 - VC: Indicator that the VC handler was called. It is used
// during the SevFeature detection in OvmfPkg/ResetVector/Ia32/AmdSev.asm
+ // - BIT1 - CSFW_NO: Indicator that the SEV-SNP cache line evication
+ // mitigation is not needed.
//
UINT8 Flags;
UINT8 Reserved[7];
@@ -64,7 +66,8 @@ typedef struct _SEC_SEV_ES_WORK_AREA {
UINT8 WorkBuffer[1024];
} SEC_SEV_ES_WORK_AREA;
-#define SEV_ES_WORK_AREA_VC BIT0
+#define SEV_ES_WORK_AREA_FLAG_VC BIT0
+#define SEV_ES_WORK_AREA_FLAG_CSFW_NO BIT1
//
// The SEV work area definition.
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
index 9947d663de..aace322e5a 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
@@ -18,10 +18,12 @@
#include <Uefi/UefiBaseType.h>
#include <ConfidentialComputingGuestAttr.h>
-STATIC UINT64 mCurrentAttr = 0;
-STATIC BOOLEAN mCurrentAttrRead = FALSE;
-STATIC UINT64 mSevEncryptionMask = 0;
-STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
+STATIC UINT64 mCurrentAttr = 0;
+STATIC BOOLEAN mCurrentAttrRead = FALSE;
+STATIC UINT64 mSevEncryptionMask = 0;
+STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
+STATIC BOOLEAN mSevSnpCoherencySfwNo = FALSE;
+STATIC BOOLEAN mSevSnpCoherencySfwNoRead = FALSE;
/**
The function check if the specified Attr is set.
@@ -180,3 +182,47 @@ MemEncryptSevEsDebugVirtualizationIsEnabled (
{
return ConfidentialComputingGuestHas (CCAttrFeatureAmdSevEsDebugVirtualization);
}
+
+/**
+ Returns a boolean to indicate if the CPUID COHERENCY_SFW_NO bit is set.
+
+ @retval TRUE The COHERENCY_SFW_NO bit is set.
+ @retval FALSE The COHERENCY_SFW_NO bit is not set.
+
+**/
+STATIC
+BOOLEAN
+MemEncryptCoherencSfwNo (
+ VOID
+ )
+{
+ CPUID_MEMORY_ENCRYPTION_INFO_EBX RegEbx;
+
+ if (!mSevSnpCoherencySfwNoRead) {
+ AsmCpuid (0x8000001F, NULL, &RegEbx.Uint32, NULL, NULL);
+ if (RegEbx.Bits.CoherencySfwNo == 1) {
+ mSevSnpCoherencySfwNo = TRUE;
+ }
+
+ mSevSnpCoherencySfwNoRead = TRUE;
+ }
+
+ return mSevSnpCoherencySfwNo;
+}
+
+/**
+ Returns a boolean to indicate whether the SEV-SNP cache line eviction
+ mitigation is needed.
+
+ @retval TRUE Cache line eviction mitigation required
+ @retval FALSE Cache line eviction migigation not required
+
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpDoCoherencyMitigation (
+ VOID
+ )
+{
+ return MemEncryptSevSnpIsEnabled () && !MemEncryptCoherencSfwNo ();
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index f381b9255b..3eeb4831ab 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -160,3 +160,28 @@ MemEncryptSevEsDebugVirtualizationIsEnabled (
return Msr.Bits.DebugVirtualization ? TRUE : FALSE;
}
+
+/**
+ Returns a boolean to indicate whether the SEV-SNP cache line eviction
+ mitigation is needed.
+
+ @retval TRUE Cache line eviction mitigation required
+ @retval FALSE Cache line eviction migigation not required
+
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpDoCoherencyMitigation (
+ VOID
+ )
+{
+ SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
+
+ SevEsWorkArea = GetSevEsWorkArea ();
+ if (SevEsWorkArea == NULL) {
+ return FALSE;
+ }
+
+ return MemEncryptSevSnpIsEnabled () &&
+ ((SevEsWorkArea->Flags & SEV_ES_WORK_AREA_FLAG_CSFW_NO) == 0);
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
index 946bed2ada..05c93de3e5 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
@@ -161,6 +161,31 @@ MemEncryptSevEsDebugVirtualizationIsEnabled (
return Msr.Bits.DebugVirtualization ? TRUE : FALSE;
}
+/**
+ Returns a boolean to indicate whether the SEV-SNP cache line eviction
+ mitigation is needed.
+
+ @retval TRUE Cache line eviction mitigation required
+ @retval FALSE Cache line eviction migigation not required
+
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevSnpDoCoherencyMitigation (
+ VOID
+ )
+{
+ SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
+
+ SevEsWorkArea = GetSevEsWorkArea ();
+ if (SevEsWorkArea == NULL) {
+ return FALSE;
+ }
+
+ return MemEncryptSevSnpIsEnabled () &&
+ ((SevEsWorkArea->Flags & SEV_ES_WORK_AREA_FLAG_CSFW_NO) == 0);
+}
+
/**
Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
Save State Map.
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 7b6ba063df..ef3aec4b30 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -315,10 +315,12 @@ InternalSetPageState (
if (State == SevSnpPagePrivate) {
AmdSvsmSnpPvalidate (Info);
- for (Index = 0; Index <= Info->Header.EndEntry; Index++) {
- Address = LShiftU64 ((UINT64)Info->Entry[Index].GuestFrameNumber, EFI_PAGE_SHIFT);
- RmpPageSize = Info->Entry[Index].PageSize;
- SevEvictCache (Address, RmpPageSize == PvalidatePageSize2MB ? PAGES_PER_2MB_ENTRY : 1);
+ if (MemEncryptSevSnpDoCoherencyMitigation ()) {
+ for (Index = 0; Index <= Info->Header.EndEntry; Index++) {
+ Address = LShiftU64 ((UINT64)Info->Entry[Index].GuestFrameNumber, EFI_PAGE_SHIFT);
+ RmpPageSize = Info->Entry[Index].PageSize;
+ SevEvictCache (Address, RmpPageSize == PvalidatePageSize2MB ? PAGES_PER_2MB_ENTRY : 1);
+ }
}
}
}
diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index de09a59ef7..22b696419a 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -249,9 +249,19 @@ ClearSevEsWorkArea:
; Check for SEV memory encryption feature:
; CPUID Fn8000_001F[EAX] - Bit 1
+ ; Check for the COHERENCY_SFW_NO feature:
+ ; CPUID Fn8000_001F[EBX] - Bit 31
; CPUID raises a #VC exception if running as an SEV-ES guest
mov eax, 0x8000001f
cpuid
+
+ ; If COHERENCY_SFW_NO is set, set the CSFW_NO bit in the FLAGS field
+ ; of the workarea (this can be set regardless of whether SEV is enabled).
+ bt ebx, 31
+ jnc CheckSev
+ or byte[SEV_ES_WORK_AREA_FLAGS], SEV_ES_WORK_AREA_FLAG_CSFW_NO
+
+CheckSev:
bt eax, 1
jnc NoSev
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index a63b859f39..956116fbda 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -65,6 +65,7 @@
%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16)
%define SEV_ES_WORK_AREA_FLAGS (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 24)
%define SEV_ES_WORK_AREA_FLAG_VC 0x01
+%define SEV_ES_WORK_AREA_FLAG_CSFW_NO 0x02
%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
%define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase))
%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
--
2.50.1

102
SOURCES/edk2-OvmfPkg-MemEncryptSevLib-Evict-cache-lines-during-SN.patch Normal file
View File

@ -0,0 +1,102 @@
From b6fd77f13cf1d2e7148609a5263eb0ce39379ba4 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 12 Aug 2025 14:43:32 -0500
Subject: [PATCH 1/4] OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP
memory validation
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 98: OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP memory validation
RH-Jira: RHEL-121983
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/4] 40511ff2dde07f38d398083d3b29c301bff45807 (luigileonardi/edk2)
An SNP cache coherency vulnerability may require a mitigation to evict
cache lines after memory has been validated. Perform this mitigation
after having validated memory.
CVE-2024-36331
Signed-off-by: Michael Roth <michael.roth@amd.com>
Co-developed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
.../X64/SnpPageStateChangeInternal.c | 41 ++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index e073f3937c..7b6ba063df 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -22,6 +22,8 @@
#include "SnpPageStateChange.h"
+#define PAGES_PER_2MB_ENTRY 512
+
STATIC
UINTN
MemoryStateToGhcbOp (
@@ -213,6 +215,33 @@ PageStateChange (
}
}
+STATIC
+VOID
+SevEvictCache (
+ IN EFI_PHYSICAL_ADDRESS Address,
+ IN UINTN NumPages
+ )
+{
+ #if defined (__GNUC__) || defined (__clang__)
+ volatile UINT8 Val __attribute__ ((__unused__));
+ #else
+ volatile UINT8 Val;
+ #endif
+ UINT8 *Bytes = (UINT8 *)Address;
+ UINTN PageIdx;
+
+ /*
+ * For SEV guests, a read from the first/last cache-lines of a 4K page
+ * using the guest key is sufficient to cause a flush of all cache-lines
+ * associated with that 4K page without incurring all the overhead of a
+ * full CLFLUSH sequence.
+ */
+ for (PageIdx = 0; PageIdx < NumPages; PageIdx++) {
+ Val = Bytes[PageIdx * SIZE_4KB];
+ Val = Bytes[PageIdx * SIZE_4KB + SIZE_4KB - 1];
+ }
+}
+
/**
The function is used to set the page state when SEV-SNP is active. The page state
transition consist of changing the page ownership in the RMP table, and using the
@@ -231,8 +260,12 @@ InternalSetPageState (
IN UINTN PscBufferSize
)
{
- EFI_PHYSICAL_ADDRESS NextAddress, EndAddress;
+ EFI_PHYSICAL_ADDRESS NextAddress;
+ EFI_PHYSICAL_ADDRESS EndAddress;
+ EFI_PHYSICAL_ADDRESS Address;
SNP_PAGE_STATE_CHANGE_INFO *Info;
+ UINTN RmpPageSize;
+ UINTN Index;
EndAddress = BaseAddress + EFI_PAGES_TO_SIZE (NumPages);
@@ -281,6 +314,12 @@ InternalSetPageState (
//
if (State == SevSnpPagePrivate) {
AmdSvsmSnpPvalidate (Info);
+
+ for (Index = 0; Index <= Info->Header.EndEntry; Index++) {
+ Address = LShiftU64 ((UINT64)Info->Entry[Index].GuestFrameNumber, EFI_PAGE_SHIFT);
+ RmpPageSize = Info->Entry[Index].PageSize;
+ SevEvictCache (Address, RmpPageSize == PvalidatePageSize2MB ? PAGES_PER_2MB_ENTRY : 1);
+ }
}
}
}
--
2.50.1

98
SOURCES/edk2-OvmfPkg-ResetVector-Make-ReceivedVc-a-flag-in-SEV-ES.patch Normal file
View File

@ -0,0 +1,98 @@
From 234e41cf24326370466cc3c4505e9a262b1b75dd Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 22 Jul 2025 13:38:22 -0500
Subject: [PATCH 3/4] OvmfPkg/ResetVector: Make ReceivedVc a flag in SEV-ES
workarea
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 98: OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP memory validation
RH-Jira: RHEL-121983
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [3/4] c0ff50547a4ae16b13557d750577be3ca4114c44 (luigileonardi/edk2)
In preparation for adding another indicator flag, change the ReceivedVc
field into a flags field. Since the code is used by both assembler and
C files, use bitmasks for field definitions. The VC flag is bit 0.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Include/WorkArea.h | 10 ++++++----
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 10 +++++-----
OvmfPkg/ResetVector/ResetVector.nasmb | 3 ++-
3 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index 3b9ea04630..9f3a4517bd 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -50,11 +50,11 @@ typedef struct _SEC_SEV_ES_WORK_AREA {
UINT64 EncryptionMask;
+ // Flags:
+ // - BIT0 - VC: Indicator that the VC handler was called. It is used
+ // during the SevFeature detection in OvmfPkg/ResetVector/Ia32/AmdSev.asm
//
- // Indicator that the VC handler is called. It is used during the SevFeature
- // detection in OvmfPkg/ResetVector/Ia32/AmdSev.c
- //
- UINT8 ReceivedVc;
+ UINT8 Flags;
UINT8 Reserved[7];
// Used by SEC to generate Page State Change requests. This should be
@@ -64,6 +64,8 @@ typedef struct _SEC_SEV_ES_WORK_AREA {
UINT8 WorkBuffer[1024];
} SEC_SEV_ES_WORK_AREA;
+#define SEV_ES_WORK_AREA_VC BIT0
+
//
// The SEV work area definition.
//
diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 827c874312..de09a59ef7 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -306,9 +306,9 @@ NoSev:
; Perform an SEV-ES sanity check by seeing if a #VC exception occurred.
;
; If SEV-ES is enabled, the CPUID instruction will trigger a #VC exception
- ; where the RECEIVED_VC offset in the workarea will be set to one.
+ ; where the VC bit in the FLAGS field in the workarea will be set to one.
;
- cmp byte[SEV_ES_WORK_AREA_RECEIVED_VC], 0
+ test byte[SEV_ES_WORK_AREA_FLAGS], SEV_ES_WORK_AREA_FLAG_VC
jz NoSevPass
;
@@ -402,9 +402,9 @@ SevEsIdtVmmComm:
; If we're here, then we are an SEV-ES guest and this
; was triggered by a CPUID instruction
;
- ; Set the recievedVc field in the workarea to communicate that
- ; a #VC was taken.
- mov byte[SEV_ES_WORK_AREA_RECEIVED_VC], 1
+ ; Set the VC bit in the FLAGS field in the workarea to communicate
+ ; that a #VC was taken.
+ or byte[SEV_ES_WORK_AREA_FLAGS], SEV_ES_WORK_AREA_FLAG_VC
pop ecx ; Error code
cmp ecx, 0x72 ; Be sure it was CPUID
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 7279ac64b1..a63b859f39 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -63,7 +63,8 @@
%define SEV_ES_WORK_AREA_STATUS_MSR (FixedPcdGet32 (PcdSevEsWorkAreaBase))
%define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8)
%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16)
-%define SEV_ES_WORK_AREA_RECEIVED_VC (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 24)
+%define SEV_ES_WORK_AREA_FLAGS (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 24)
+%define SEV_ES_WORK_AREA_FLAG_VC 0x01
%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
%define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase))
%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
--
2.50.1

75
SOURCES/edk2-OvmfPkg-TdxDxe-Support-5-level-paging-for-ResetVecto.patch Normal file
View File

@ -0,0 +1,75 @@
From c9102313a0de257397bf508b929db26fb42c0f77 Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Tue, 2 Apr 2024 07:13:40 +0800
Subject: [PATCH 5/6] OvmfPkg/TdxDxe: Support 5-level paging for ResetVector
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [5/5] 84d72db1644e3b62dc7f11595800f84ed14c5802 (luigileonardi/edk2)
Since OVMF already supports 5-level paging, the ResetVector
needs to handle the case.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
OvmfPkg/TdxDxe/TdxDxe.inf | 1 +
OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 20 +++++++++++++++++++-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 69e4c0bfa5..9af67952c0 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -75,3 +75,4 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
+ gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable
diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index d1a4dce2ff..7c860b1195 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -25,8 +25,13 @@ STACK_TOP:
SECTION .text
%define TDX_WORK_AREA_MAILBOX_GDTR (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 128)
+%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
+%define TDX_WORK_AREA_PGTBL_READY (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 4)
+%define PG_5_LEVEL (FixedPcdGetBool (PcdUse5LevelPageTable))
-%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
+%define TDX_BSP 1
+%define TDX_AP 2
+%define TDX_AP_5_LEVEL 3
BITS 64
@@ -174,6 +179,19 @@ RestoreCr0:
RestoreCr4:
mov eax, 0x40
mov cr4, eax
+
+%if PG_5_LEVEL
+ mov al, byte[TDX_WORK_AREA_PGTBL_READY]
+ inc eax
+ cmp eax, TDX_AP_5_LEVEL
+ jne SetCr3
+SetCr4La57:
+ ; set la57 bit in cr4
+ mov eax, cr4
+ bts eax, 12
+ mov cr4, eax
+%endif
+
SetCr3:
;
; Can use the boot page tables since it's reserved
--
2.50.1

56
SOURCES/edk2-OvmfPkg-WorkArea.h-Add-MAILBOX_GDT.patch Normal file
View File

@ -0,0 +1,56 @@
From 34e1330887d2ef777c25a954a1293a104f1f7865 Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Thu, 30 Nov 2023 00:54:17 -0500
Subject: [PATCH 2/6] OvmfPkg/WorkArea.h: Add MAILBOX_GDT
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/5] 71a1340ba873d04eaf72e0d27d7fc0c8933f9f92 (luigileonardi/edk2)
Add the GDT table to swicth paging mode when the OS jumps
to the ResetVector in Mailbox.
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
OvmfPkg/Include/WorkArea.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index e3b415db2c..3b9ea04630 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -12,6 +12,7 @@
#include <ConfidentialComputingGuestAttr.h>
#include <IndustryStandard/Tpm20.h>
+#include <Library/BaseLib.h>
//
// Confidential computing work area header definition. Any change
@@ -85,6 +86,11 @@ typedef struct _TDX_MEASUREMENTS_DATA {
UINT8 CfvImgHashValue[SHA384_DIGEST_SIZE];
} TDX_MEASUREMENTS_DATA;
+#define MAILBOX_GDT_SIZE (sizeof(IA32_SEGMENT_DESCRIPTOR) * 5)
+typedef struct _MAILBOX_GDT {
+ IA32_DESCRIPTOR Gdtr;
+ UINT8 Data[MAILBOX_GDT_SIZE];
+} MAILBOX_GDT;
//
// The TDX work area definition
//
@@ -98,6 +104,7 @@ typedef struct _SEC_TDX_WORK_AREA {
typedef struct _TDX_WORK_AREA {
CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header;
SEC_TDX_WORK_AREA SecTdxWorkArea;
+ MAILBOX_GDT MailboxGdt;
} TDX_WORK_AREA;
//
--
2.50.1

58
SPECS/edk2.spec
View File

@ -6,9 +6,9 @@ ExclusiveArch: x86_64 aarch64
%define TOOLCHAIN GCC
%define OPENSSL_VER 3.0.7
%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1
%define OPENSSL_HASH 4000c8f49c400db3c5b4e8ccdd9af6cc3d04da19
%define DBXDATE 20250610
%define DBXDATE 20251016
%define build_ovmf 0
%define build_aarch64 0
@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2
Version: %{GITDATE}
Release: 4%{?dist}
Release: 8%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
@ -89,6 +89,26 @@ Patch34: 0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch
Patch35: 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
# For RHEL-70865 - SNP guest failed to boot with SVSM using OVMF.amdsev.fd [rhel-9.7]
Patch36: edk2-OvmfPkg-Use-the-OvmfPkg-version-of-CcProbeLib.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch37: edk2-MdePkg-Acpi66.h-Add-ACPI-6.6-header.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch38: edk2-OvmfPkg-WorkArea.h-Add-MAILBOX_GDT.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch39: edk2-OvmfPkg-Add-the-Test-command-in-TDX-MailBox.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch40: edk2-OvmfPkg-Add-the-ResetVector-in-TDX-MailBox.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch41: edk2-OvmfPkg-TdxDxe-Support-5-level-paging-for-ResetVecto.patch
# For RHEL-69780 - Fail to create AMD SEV SLES 15 SP4 guest via virt-install --cdrom [rhel-9.8]
Patch42: edk2-OvmfPkg-IoMmuDxe-Fix-1M-and-2M-buffer-handling.patch
# For RHEL-121983 - [edk2] VM panic on booting SNP guest with large memory on Genoa
Patch43: edk2-OvmfPkg-MemEncryptSevLib-Evict-cache-lines-during-SN.patch
# For RHEL-121983 - [edk2] VM panic on booting SNP guest with large memory on Genoa
Patch44: edk2-MdePkg-Add-the-COHERENCY_SFW_NO-CPUID-bit-field.patch
# For RHEL-121983 - [edk2] VM panic on booting SNP guest with large memory on Genoa
Patch45: edk2-OvmfPkg-ResetVector-Make-ReceivedVc-a-flag-in-SEV-ES.patch
# For RHEL-121983 - [edk2] VM panic on booting SNP guest with large memory on Genoa
Patch46: edk2-OvmfPkg-MemEncryptSevLib-Check-if-SEV-SNP-coherency-.patch
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
@ -424,6 +444,38 @@ install -m 0644 \
%changelog
* Mon Nov 17 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-8
- edk2-openssl-flatten-contents-of-openssl-tarball.patch [RHEL-115922]
- edk2-Bumped-openssl-submodule-to-version-3.0.7-29.1.patch [RHEL-115922]
- Resolves: RHEL-115922
(CVE-2025-9230 edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-9.8])
* Mon Nov 17 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-7
- edk2-make-dbxupdate.sh-get-version-tag-add-to-commit-mess.patch [RHEL-126100]
- edk2-update-dbx-to-20251016-v1.6.1.patch [RHEL-126100]
- Resolves: RHEL-126100
([edk2,rhel-9] dbx update to 20251016 / v1.6.1)
* Mon Oct 27 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-6
- edk2-OvmfPkg-MemEncryptSevLib-Evict-cache-lines-during-SN.patch [RHEL-121983]
- edk2-MdePkg-Add-the-COHERENCY_SFW_NO-CPUID-bit-field.patch [RHEL-121983]
- edk2-OvmfPkg-ResetVector-Make-ReceivedVc-a-flag-in-SEV-ES.patch [RHEL-121983]
- edk2-OvmfPkg-MemEncryptSevLib-Check-if-SEV-SNP-coherency-.patch [RHEL-121983]
- Resolves: RHEL-121983
([edk2] VM panic on booting SNP guest with large memory on Genoa)
* Mon Oct 20 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-5
- edk2-MdePkg-Acpi66.h-Add-ACPI-6.6-header.patch [RHEL-109010]
- edk2-OvmfPkg-WorkArea.h-Add-MAILBOX_GDT.patch [RHEL-109010]
- edk2-OvmfPkg-Add-the-Test-command-in-TDX-MailBox.patch [RHEL-109010]
- edk2-OvmfPkg-Add-the-ResetVector-in-TDX-MailBox.patch [RHEL-109010]
- edk2-OvmfPkg-TdxDxe-Support-5-level-paging-for-ResetVecto.patch [RHEL-109010]
- edk2-OvmfPkg-IoMmuDxe-Fix-1M-and-2M-buffer-handling.patch [RHEL-69780]
- Resolves: RHEL-109010
(TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29)
- Resolves: RHEL-69780
(Fail to create AMD SEV SLES 15 SP4 guest via virt-install --cdrom [rhel-9.8])
* Fri Jul 04 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20241117-4
- edk2-update-dbx-to-20250610.patch [RHEL-96869]
- Resolves: RHEL-96869