OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory

The SEV-SNP Confidential Computing blob contains metadata that should
remain accessible for the life of the guest. Allocate it as
EfiACPIReclaimMemory to ensure the memory isn't overwritten by the guest
operating system later.

Reported-by: Dov Murik <dovmurik@linux.ibm.com>
Suggested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 05b728d32a654f9896edc31c7113d35052f9f6b1..df807066fa835e25187f4e796cdabea5b12c0463 100644 (file)
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -28,15 +28,36 @@
 // Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h\r
 #define EFI_MEMORY_INTERNAL_MASK  0x0700000000000000ULL\r
 \r
-STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {\r
-  SIGNATURE_32 ('A',                                    'M', 'D', 'E'),\r
-  1,\r
-  0,\r
-  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfSnpSecretsBase),\r
-  FixedPcdGet32 (PcdOvmfSnpSecretsSize),\r
-  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfCpuidBase),\r
-  FixedPcdGet32 (PcdOvmfCpuidSize),\r
-};\r
+STATIC\r
+EFI_STATUS\r
+AllocateConfidentialComputingBlob (\r
+  OUT CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  **CcBlobPtr\r
+  )\r
+{\r
+  EFI_STATUS                                Status;\r
+  CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *CcBlob;\r
+\r
+  Status = gBS->AllocatePool (\r
+                  EfiACPIReclaimMemory,\r
+                  sizeof (CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION),\r
+                  (VOID **)&CcBlob\r
+                  );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
+  CcBlob->Header                 = SIGNATURE_32 ('A', 'M', 'D', 'E');\r
+  CcBlob->Version                = 1;\r
+  CcBlob->Reserved1              = 0;\r
+  CcBlob->SecretsPhysicalAddress = (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfSnpSecretsBase);\r
+  CcBlob->SecretsSize            = FixedPcdGet32 (PcdOvmfSnpSecretsSize);\r
+  CcBlob->CpuidPhysicalAddress   = (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfCpuidBase);\r
+  CcBlob->CpuidLSize             = FixedPcdGet32 (PcdOvmfCpuidSize);\r
+\r
+  *CcBlobPtr = CcBlob;\r
+\r
+  return EFI_SUCCESS;\r
+}\r
 \r
 STATIC EFI_HANDLE  mAmdSevDxeHandle = NULL;\r
 \r
@@ -175,10 +196,11 @@ AmdSevDxeEntryPoint (
   IN EFI_SYSTEM_TABLE  *SystemTable\r
   )\r
 {\r
-  EFI_STATUS                       Status;\r
-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *AllDescMap;\r
-  UINTN                            NumEntries;\r
-  UINTN                            Index;\r
+  EFI_STATUS                                Status;\r
+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR           *AllDescMap;\r
+  UINTN                                     NumEntries;\r
+  UINTN                                     Index;\r
+  CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *SnpBootDxeTable;\r
 \r
   //\r
   // Do nothing when SEV is not enabled\r
@@ -284,6 +306,18 @@ AmdSevDxeEntryPoint (
     }\r
   }\r
 \r
+  Status = AllocateConfidentialComputingBlob (&SnpBootDxeTable);\r
+  if (EFI_ERROR (Status)) {\r
+    DEBUG ((\r
+      DEBUG_ERROR,\r
+      "%a: AllocateConfidentialComputingBlob(): %r\n",\r
+      __func__,\r
+      Status\r
+      ));\r
+    ASSERT (FALSE);\r
+    CpuDeadLoop ();\r
+  }\r
+\r
   if (MemEncryptSevSnpIsEnabled ()) {\r
     //\r
     // Memory acceptance began being required in SEV-SNP, so install the\r
@@ -321,7 +355,7 @@ AmdSevDxeEntryPoint (
     //\r
     return gBS->InstallConfigurationTable (\r
                   &gConfidentialComputingSevSnpBlobGuid,\r
-                  &mSnpBootDxeTable\r
+                  SnpBootDxeTable\r
                   );\r
   }\r
 \r