Reporting Issues
Bug 3275 - Add AMD Secure Nested Paging Support
Summary: Add AMD Secure Nested Paging Support
Status: RESOLVED FIXED
Alias: None
Product: Tianocore Feature Requests
Classification: Unclassified
Component: Code (show other bugs)
Version: Current
Hardware: PC Linux
: Lowest normal
Assignee: BRIJESH SINGH
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-23 14:40 UTC by BRIJESH SINGH
Modified: 2021-12-09 05:55 UTC (History)
4 users (show)

See Also:
EDK II Code First industry standard specifications: ---
Branch URL:
Release(s) the issue is observed: EDK II Master
The OS the target platform is running: ---
Package: OvmfPkg
Release(s) the issues must be fixed: EDK II Master
Tianocore documents:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description BRIJESH SINGH 2021-03-23 14:40:10 UTC
AMD added a Secure Encrypted Virtualization (SEV) feature in EDKII, the first x86 technology designed to cryptographically isolate virtual machines (VMs) from the hypervisor. Recently, AMD added SEV-ES (Encrypted State) feature which added additional protection for the CPU register state.

The new Zen CPU introduces the next generation of SEV called SEV-SNP (Secure Nested Paging). SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware-based memory protections. SEV-SNP adds a strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory re-mapping, and more in order to create an isolated memory encryption environment. Also, SEV-SNP introduces several optional security enhancements designed to support additional VM use models offering string protections around the interrupt behavior, and offer increased protection against the side-channel attacks.

This Bugzilla tracks the support for the SEV-SNP feature in the OVMF.
Comment 1 Laszlo Ersek 2021-03-24 15:11:50 UTC
Patches on the list from Brijesh:

* [edk2-devel] [RFC PATCH 00/19]
  Add AMD Secure Nested Paging (SEV-SNP) support

msgid: <20210324153215.17971-1-brijesh.singh@amd.com>
https://edk2.groups.io/g/devel/message/73216
https://listman.redhat.com/archives/edk2-devel-archive/2021-March/msg00963.html
Comment 2 Laszlo Ersek 2021-05-03 04:15:01 UTC
* [edk2-devel] [PATCH RFC v2 00/28]
  Add AMD Secure Nested Paging (SEV-SNP) support

https://edk2.groups.io/g/devel/message/74629
https://listman.redhat.com/archives/edk2-devel-archive/2021-April/msg01043.html
msgid: <20210430115148.22267-1-brijesh.singh@amd.com>
Comment 3 Laszlo Ersek 2021-05-10 12:10:25 UTC
The patch set mentioned in comment 1 and comment 2 has been split to multiple "waves". The first wave is:

* [edk2-devel] [PATCH 00/13] Add GHCBv2 macro and helpers

https://edk2.groups.io/g/devel/message/74823
https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg00142.html
msgid: <20210507203838.23706-1-brijesh.singh@amd.com>
Comment 6 Laszlo Ersek 2021-05-29 08:17:01 UTC
(In reply to Laszlo Ersek from comment #5)
> [edk2-devel] [PATCH v3 00/13] Add GHCBv2 macro and helpers
> 
> https://edk2.groups.io/g/devel/message/75389
> https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg00718.html
> msgid: <20210519181949.6574-1-brijesh.singh@amd.com>

This wave of patches has been merged as commit range dbc22a178546..adfa3327d4fc, via <https://github.com/tianocore/edk2/pull/1675>. The BZ should remain open for the next wave(s).
Comment 7 Laszlo Ersek 2021-05-29 08:21:06 UTC
* [edk2-devel] [RESEND PATCH RFC v3 00/22]
  Add AMD Secure Nested Paging (SEV-SNP) support

msgid: <20210526231118.12946-1-brijesh.singh@amd.com>
https://edk2.groups.io/g/devel/message/75716
https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg01009.html
Comment 8 Laszlo Ersek 2021-06-30 12:21:02 UTC
* [edk2-devel] [RFC PATCH v4 00/27]
  Add AMD Secure Nested Paging (SEV-SNP) support

msgid: <20210628174223.1302-1-brijesh.singh@amd.com>
https://edk2.groups.io/g/devel/message/77187
https://listman.redhat.com/archives/edk2-devel-archive/2021-June/msg01307.html


* [edk2-devel] [RFC PATCH v5 00/28]
  Add AMD Secure Nested Paging (SEV-SNP) support

msgid: <20210630125321.30278-1-brijesh.singh@amd.com>
https://edk2.groups.io/g/devel/message/77335
https://listman.redhat.com/archives/edk2-devel-archive/2021-June/msg01455.html
Comment 9 jiewen.yao 2021-07-28 21:07:26 UTC
Add initial patch https://github.com/tianocore/edk2/pull/1842

githash: dc485c556d5f5db21debe8de3a45a7564aacbe24..b461d67639f2deced77e9bb967d014b7cfcd75f8
Comment 10 gaoliming 2021-12-09 05:55:41 UTC
Merge at https://github.com/tianocore/edk2/pull/2269