Home Explore Help
Register Sign In
FangSoftSoft
/
qemu
mirror of https://github.com/utmapp/qemu.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: utm-edition
Branches Tags
qemu
/
docs
/
specs
/
sev-guest-firmware.rst

sev-guest-firmware.rst 5.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 
  1. ====================================================
    2. 

  2. QEMU/Guest Firmware Interface for AMD SEV and SEV-ES
    3. 

  3. ====================================================
    4. 

  4. 

  5. Overview
    6. 

  6. ========
    7. 

  7. 

  8. The guest firmware image (OVMF) may contain some configuration entries
    9. 

  9. which are used by QEMU before the guest launches.  These are listed in a
    10. 

  10. GUIDed table at a known location in the firmware image.  QEMU parses
    11. 

  11. this table when it loads the firmware image into memory, and then QEMU
    12. 

  12. reads individual entries when their values are needed.
    13. 

  13. 

  14. Though nothing in the table structure is SEV-specific, currently all the
    15. 

  15. entries in the table are related to SEV and SEV-ES features.
    16. 

  16. 

  17. 

  18. Table parsing in QEMU
    19. 

  19. ---------------------
    20. 

  20. 

  21. The table is parsed from the footer: first the presence of the table
    22. 

  22. footer GUID (96b582de-1fb2-45f7-baea-a366c55a082d) at 0xffffffd0 is
    23. 

  23. verified.  If that is found, two bytes at 0xffffffce are the entire
    24. 

  24. table length.
    25. 

  25. 

  26. Then the table is scanned backwards looking for the specific entry GUID.
    27. 

  27. 

  28. QEMU files related to parsing and scanning the OVMF table:
    29. 

  29.  - ``hw/i386/pc_sysfw_ovmf.c``
    30. 

  30. 

  31. The edk2 firmware code that constructs this structure is in the
    32. 

  32. `OVMF Reset Vector file`_.
    33. 

  33. 

  34. 

  35. Table memory layout
    36. 

  36. -------------------
    37. 

  37. 

  38. +------------+--------+-----------------------------------------+
    39. 

  39. |    GPA     | Length |               Description               |
    40. 

  40. +============+========+=========================================+
    41. 

  41. | 0xffffff80 | 4      | Zero padding                            |
    42. 

  42. +------------+--------+-----------------------------------------+
    43. 

  43. | 0xffffff84 | 4      | SEV hashes table base address           |
    44. 

  44. +------------+--------+-----------------------------------------+
    45. 

  45. | 0xffffff88 | 4      | SEV hashes table size (=0x400)          |
    46. 

  46. +------------+--------+-----------------------------------------+
    47. 

  47. | 0xffffff8c | 2      | SEV hashes table entry length (=0x1a)   |
    48. 

  48. +------------+--------+-----------------------------------------+
    49. 

  49. | 0xffffff8e | 16     | SEV hashes table GUID:                  |
    50. 

  50. |            |        | 7255371f-3a3b-4b04-927b-1da6efa8d454    |
    51. 

  51. +------------+--------+-----------------------------------------+
    52. 

  52. | 0xffffff9e | 4      | SEV secret block base address           |
    53. 

  53. +------------+--------+-----------------------------------------+
    54. 

  54. | 0xffffffa2 | 4      | SEV secret block size (=0xc00)          |
    55. 

  55. +------------+--------+-----------------------------------------+
    56. 

  56. | 0xffffffa6 | 2      | SEV secret block entry length (=0x1a)   |
    57. 

  57. +------------+--------+-----------------------------------------+
    58. 

  58. | 0xffffffa8 | 16     | SEV secret block GUID:                  |
    59. 

  59. |            |        | 4c2eb361-7d9b-4cc3-8081-127c90d3d294    |
    60. 

  60. +------------+--------+-----------------------------------------+
    61. 

  61. | 0xffffffb8 | 4      | SEV-ES AP reset RIP                     |
    62. 

  62. +------------+--------+-----------------------------------------+
    63. 

  63. | 0xffffffbc | 2      | SEV-ES reset block entry length (=0x16) |
    64. 

  64. +------------+--------+-----------------------------------------+
    65. 

  65. | 0xffffffbe | 16     | SEV-ES reset block entry GUID:          |
    66. 

  66. |            |        | 00f771de-1a7e-4fcb-890e-68c77e2fb44e    |
    67. 

  67. +------------+--------+-----------------------------------------+
    68. 

  68. | 0xffffffce | 2      | Length of entire table including table  |
    69. 

  69. |            |        | footer GUID and length (=0x72)          |
    70. 

  70. +------------+--------+-----------------------------------------+
    71. 

  71. | 0xffffffd0 | 16     | OVMF GUIDed table footer GUID:          |
    72. 

  72. |            |        | 96b582de-1fb2-45f7-baea-a366c55a082d    |
    73. 

  73. +------------+--------+-----------------------------------------+
    74. 

  74. | 0xffffffe0 | 8      | Application processor entry point code  |
    75. 

  75. +------------+--------+-----------------------------------------+
    76. 

  76. | 0xffffffe8 | 8      | "\0\0\0\0VTF\0"                         |
    77. 

  77. +------------+--------+-----------------------------------------+
    78. 

  78. | 0xfffffff0 | 16     | Reset vector code                       |
    79. 

  79. +------------+--------+-----------------------------------------+
    80. 

  80. 

  81. 

  82. Table entries description
    83. 

  83. =========================
    84. 

  84. 

  85. SEV-ES reset block
    86. 

  86. ------------------
    87. 

  87. 

  88. Entry GUID: 00f771de-1a7e-4fcb-890e-68c77e2fb44e
    89. 

  89. 

  90. For the initial boot of an AP under SEV-ES, the "reset" RIP must be
    91. 

  91. programmed to the RAM area defined by this entry.  The entry's format
    92. 

  92. is:
    93. 

  93. 

  94. * IP value [0:15]
    95. 

  95. * CS segment base [31:16]
    96. 

  96. 

  97. A hypervisor reads the CS segment base and IP value.  The CS segment
    98. 

  98. base value represents the high order 16-bits of the CS segment base, so
    99. 

  99. the hypervisor must left shift the value of the CS segment base by 16
    100. 

  100. bits to form the full CS segment base for the CS segment register. It
    101. 

  101. would then program the EIP register with the IP value as read.
    102. 

  102. 

  103. 

  104. SEV secret block
    105. 

  105. ----------------
    106. 

  106. 

  107. Entry GUID: 4c2eb361-7d9b-4cc3-8081-127c90d3d294
    108. 

  108. 

  109. This describes the guest RAM area where the hypervisor should inject the
    110. 

  110. Guest Owner secret (using SEV_LAUNCH_SECRET).
    111. 

  111. 

  112. 

  113. SEV hashes table
    114. 

  114. ----------------
    115. 

  115. 

  116. Entry GUID: 7255371f-3a3b-4b04-927b-1da6efa8d454
    117. 

  117. 

  118. This describes the guest RAM area where the hypervisor should install a
    119. 

  119. table describing the hashes of certain firmware configuration device
    120. 

  120. files that would otherwise be passed in unchecked.  The current use is
    121. 

  121. for the kernel, initrd and command line values, but others may be added.
    122. 

  122. 

  123. 

  124. .. _OVMF Reset Vector file:
    125. 

  125.    https://github.com/tianocore/edk2/blob/master/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
    126.