Reporting Issues
Bug 2198 - Add support to OVMF for AMD SEV-ES
Summary: Add support to OVMF for AMD SEV-ES
Status: RESOLVED FIXED
Alias: None
Product: Tianocore Feature Requests
Classification: Unclassified
Component: Code (show other bugs)
Version: Current
Hardware: PC All
: Lowest normal
Assignee: thomas.lendacky
URL:
Keywords:
Depends on: 2340
Blocks:
  Show dependency tree
 
Reported: 2019-09-17 15:33 UTC by thomas.lendacky
Modified: 2021-05-14 07:10 UTC (History)
4 users (show)

See Also:
EDK II Code First industry standard specifications: ---
Branch URL:
Release(s) the issue is observed: EDK II Master
The OS the target platform is running: ---
Package: OvmfPkg
Release(s) the issues must be fixed: EDK II Master
Tianocore documents:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description thomas.lendacky 2019-09-17 15:33:21 UTC
Currently, OVMF supports the AMD Secure Encrypted Virtualization (SEV) feature. There is an extension to SEV called Secure Encrypted Virtualization - Encrypted State (SEV-ES). This is a request to add the SEV-ES functionality to OVMF.

SEV-ES provides protection of the guest register state from the hypervisor. An SEV-ES guest's register state is encrypted during world switches and cannot be directly accessed for modified by the hypervisor.

SEV-ES includes architectural support for notifying a guest OS when certain types of world switches are about to occur, called Non-Automatic Exits (NAE). These events allow the guest OS to selective share information with the hypervisor through an unencrypted page of memory called the Guest-Hypervisor Communication Block.
Comment 1 thomas.lendacky 2019-09-19 16:58:21 UTC
RFC V1: https://edk2.groups.io/g/devel/message/46102
Comment 2 thomas.lendacky 2019-09-19 17:00:21 UTC
RFC V2: https://edk2.groups.io/g/devel/message/47634
Comment 3 Laszlo Ersek 2019-09-24 07:40:56 UTC
setting status to IN_PROGRESS per comment 1 / comment 2
Comment 4 thomas.lendacky 2019-11-20 15:12:52 UTC
RFC V3: https://edk2.groups.io/g/devel/message/50940
Comment 5 thomas.lendacky 2020-02-05 09:00:39 UTC
V4: https://edk2.groups.io/g/devel/message/53747
Comment 10 Laszlo Ersek 2020-05-21 12:21:03 UTC
Catching up on this now, incrementally.

I've verified that the v6 series indeed addressed all my v5 comments (even improved on the commit message of "OvmfPkg/Sec: Add #VC exception handling for Sec phase" without my asking). So indeed v6 was fully & justifiedly marked as Reviewed-by myself, as far as the OvmfPkg content was concerned. I'm going to proceed with the v6->v7 and v7->v8 updates now.
Comment 11 Laszlo Ersek 2020-05-21 12:41:12 UTC
I'll try to cover the v6->v8 changes in one go, on the list, under v8.
Comment 15 Laszlo Ersek 2020-07-27 12:58:03 UTC
v12:
[edk2-devel] [PATCH v12 00/46] SEV-ES guest support
https://edk2.groups.io/g/devel/message/63304
http://mid.mail-archive.com/cover.1595863587.git.thomas.lendacky@amd.com
Comment 19 nobody 2020-08-17 01:44:15 UTC
Merge them on edk2 7f7f511c5a74676523ed48435350f6e35282b62b..7f0b28415cb464832155d5b3ff6eb63612f58645. 

Merge the change in edk2 platforms c475b1bbda25df302bbaeecde837299e3b4ba818
Comment 20 Laszlo Ersek 2021-03-10 14:00:30 UTC
Related:

* [edk2-devel] [PATCH 0/2]
  Maintainers: create the "OvmfPkg: Confidential Computing" subsystem

message-id: 20210310185649.19801-1-lersek@redhat.com
https://listman.redhat.com/archives/edk2-devel-archive/2021-March/msg00384.html
https://edk2.groups.io/g/devel/message/72637
Comment 21 Laszlo Ersek 2021-03-18 14:14:27 UTC
(In reply to Laszlo Ersek from comment #20)
> Related:
> 
> * [edk2-devel] [PATCH 0/2]
>   Maintainers: create the "OvmfPkg: Confidential Computing" subsystem
> 
> message-id: 20210310185649.19801-1-lersek@redhat.com
> https://listman.redhat.com/archives/edk2-devel-archive/2021-March/msg00384.
> html
> https://edk2.groups.io/g/devel/message/72637

Merged as commit range 9fd7e88c23f6..eb07bfb09ef5, via <https://github.com/tianocore/edk2/pull/1506>.