Currently, OVMF supports the AMD Secure Encrypted Virtualization (SEV) feature. There is an extension to SEV called Secure Encrypted Virtualization - Encrypted State (SEV-ES). This is a request to add the SEV-ES functionality to OVMF. SEV-ES provides protection of the guest register state from the hypervisor. An SEV-ES guest's register state is encrypted during world switches and cannot be directly accessed for modified by the hypervisor. SEV-ES includes architectural support for notifying a guest OS when certain types of world switches are about to occur, called Non-Automatic Exits (NAE). These events allow the guest OS to selective share information with the hypervisor through an unencrypted page of memory called the Guest-Hypervisor Communication Block.
RFC V1: https://edk2.groups.io/g/devel/message/46102
RFC V2: https://edk2.groups.io/g/devel/message/47634
setting status to IN_PROGRESS per comment 1 / comment 2
RFC V3: https://edk2.groups.io/g/devel/message/50940
V4: https://edk2.groups.io/g/devel/message/53747
[edk2-devel] [PATCH v5 00/42] SEV-ES guest support http://mid.mail-archive.com/cover.1583190432.git.thomas.lendacky@amd.com https://edk2.groups.io/g/devel/message/55240 [edk2-devel] [PATCH v5.1 27/43] OvmfPkg: Create a GHCB page for use during Sec phase http://mid.mail-archive.com/8117635dcd78f11a98716630d51832f6fca36d50.1583192181.git.thomas.lendacky@amd.com https://edk2.groups.io/g/devel/message/55288
V6: https://www.mail-archive.com/devel@edk2.groups.io/msg16961.html https://edk2.groups.io/g/devel/message/56174
V7: https://www.mail-archive.com/devel@edk2.groups.io/msg18617.html https://edk2.groups.io/g/devel/message/57831
V8: https://www.mail-archive.com/devel@edk2.groups.io/msg20597.html https://edk2.groups.io/g/devel/message/59857
Catching up on this now, incrementally. I've verified that the v6 series indeed addressed all my v5 comments (even improved on the commit message of "OvmfPkg/Sec: Add #VC exception handling for Sec phase" without my asking). So indeed v6 was fully & justifiedly marked as Reviewed-by myself, as far as the OvmfPkg content was concerned. I'm going to proceed with the v6->v7 and v7->v8 updates now.
I'll try to cover the v6->v8 changes in one go, on the list, under v8.
V9: https://www.mail-archive.com/devel@edk2.groups.io/msg21505.html https://edk2.groups.io/g/devel/message/60771
V10: https://www.mail-archive.com/devel@edk2.groups.io/msg23214.html https://edk2.groups.io/g/devel/message/62503
V11: https://www.mail-archive.com/devel@edk2.groups.io/msg23696.html https://edk2.groups.io/g/devel/message/62991
v12: [edk2-devel] [PATCH v12 00/46] SEV-ES guest support https://edk2.groups.io/g/devel/message/63304 http://mid.mail-archive.com/cover.1595863587.git.thomas.lendacky@amd.com
V13: https://www.mail-archive.com/devel@edk2.groups.io/msg24174.html https://edk2.groups.io/g/devel/message/63477
v14: https://edk2.groups.io/g/devel/message/63842 http://mid.mail-archive.com/cover.1596829170.git.thomas.lendacky@amd.com
edk2-platforms changes: https://www.mail-archive.com/devel@edk2.groups.io/msg24600.html https://edk2.groups.io/g/devel/message/63913
Merge them on edk2 7f7f511c5a74676523ed48435350f6e35282b62b..7f0b28415cb464832155d5b3ff6eb63612f58645. Merge the change in edk2 platforms c475b1bbda25df302bbaeecde837299e3b4ba818
Related: * [edk2-devel] [PATCH 0/2] Maintainers: create the "OvmfPkg: Confidential Computing" subsystem message-id: 20210310185649.19801-1-lersek@redhat.com https://listman.redhat.com/archives/edk2-devel-archive/2021-March/msg00384.html https://edk2.groups.io/g/devel/message/72637
(In reply to Laszlo Ersek from comment #20) > Related: > > * [edk2-devel] [PATCH 0/2] > Maintainers: create the "OvmfPkg: Confidential Computing" subsystem > > message-id: 20210310185649.19801-1-lersek@redhat.com > https://listman.redhat.com/archives/edk2-devel-archive/2021-March/msg00384. > html > https://edk2.groups.io/g/devel/message/72637 Merged as commit range 9fd7e88c23f6..eb07bfb09ef5, via <https://github.com/tianocore/edk2/pull/1506>.