sev-guest-firmware.rst (5369B)
1 ==================================================== 2 QEMU/Guest Firmware Interface for AMD SEV and SEV-ES 3 ==================================================== 4 5 Overview 6 ======== 7 8 The guest firmware image (OVMF) may contain some configuration entries 9 which are used by QEMU before the guest launches. These are listed in a 10 GUIDed table at a known location in the firmware image. QEMU parses 11 this table when it loads the firmware image into memory, and then QEMU 12 reads individual entries when their values are needed. 13 14 Though nothing in the table structure is SEV-specific, currently all the 15 entries in the table are related to SEV and SEV-ES features. 16 17 18 Table parsing in QEMU 19 --------------------- 20 21 The table is parsed from the footer: first the presence of the table 22 footer GUID (96b582de-1fb2-45f7-baea-a366c55a082d) at 0xffffffd0 is 23 verified. If that is found, two bytes at 0xffffffce are the entire 24 table length. 25 26 Then the table is scanned backwards looking for the specific entry GUID. 27 28 QEMU files related to parsing and scanning the OVMF table: 29 - ``hw/i386/pc_sysfw_ovmf.c`` 30 31 The edk2 firmware code that constructs this structure is in the 32 `OVMF Reset Vector file`_. 33 34 35 Table memory layout 36 ------------------- 37 38 +------------+--------+-----------------------------------------+ 39 | GPA | Length | Description | 40 +============+========+=========================================+ 41 | 0xffffff80 | 4 | Zero padding | 42 +------------+--------+-----------------------------------------+ 43 | 0xffffff84 | 4 | SEV hashes table base address | 44 +------------+--------+-----------------------------------------+ 45 | 0xffffff88 | 4 | SEV hashes table size (=0x400) | 46 +------------+--------+-----------------------------------------+ 47 | 0xffffff8c | 2 | SEV hashes table entry length (=0x1a) | 48 +------------+--------+-----------------------------------------+ 49 | 0xffffff8e | 16 | SEV hashes table GUID: | 50 | | | 7255371f-3a3b-4b04-927b-1da6efa8d454 | 51 +------------+--------+-----------------------------------------+ 52 | 0xffffff9e | 4 | SEV secret block base address | 53 +------------+--------+-----------------------------------------+ 54 | 0xffffffa2 | 4 | SEV secret block size (=0xc00) | 55 +------------+--------+-----------------------------------------+ 56 | 0xffffffa6 | 2 | SEV secret block entry length (=0x1a) | 57 +------------+--------+-----------------------------------------+ 58 | 0xffffffa8 | 16 | SEV secret block GUID: | 59 | | | 4c2eb361-7d9b-4cc3-8081-127c90d3d294 | 60 +------------+--------+-----------------------------------------+ 61 | 0xffffffb8 | 4 | SEV-ES AP reset RIP | 62 +------------+--------+-----------------------------------------+ 63 | 0xffffffbc | 2 | SEV-ES reset block entry length (=0x16) | 64 +------------+--------+-----------------------------------------+ 65 | 0xffffffbe | 16 | SEV-ES reset block entry GUID: | 66 | | | 00f771de-1a7e-4fcb-890e-68c77e2fb44e | 67 +------------+--------+-----------------------------------------+ 68 | 0xffffffce | 2 | Length of entire table including table | 69 | | | footer GUID and length (=0x72) | 70 +------------+--------+-----------------------------------------+ 71 | 0xffffffd0 | 16 | OVMF GUIDed table footer GUID: | 72 | | | 96b582de-1fb2-45f7-baea-a366c55a082d | 73 +------------+--------+-----------------------------------------+ 74 | 0xffffffe0 | 8 | Application processor entry point code | 75 +------------+--------+-----------------------------------------+ 76 | 0xffffffe8 | 8 | "\0\0\0\0VTF\0" | 77 +------------+--------+-----------------------------------------+ 78 | 0xfffffff0 | 16 | Reset vector code | 79 +------------+--------+-----------------------------------------+ 80 81 82 Table entries description 83 ========================= 84 85 SEV-ES reset block 86 ------------------ 87 88 Entry GUID: 00f771de-1a7e-4fcb-890e-68c77e2fb44e 89 90 For the initial boot of an AP under SEV-ES, the "reset" RIP must be 91 programmed to the RAM area defined by this entry. The entry's format 92 is: 93 94 * IP value [0:15] 95 * CS segment base [31:16] 96 97 A hypervisor reads the CS segment base and IP value. The CS segment 98 base value represents the high order 16-bits of the CS segment base, so 99 the hypervisor must left shift the value of the CS segment base by 16 100 bits to form the full CS segment base for the CS segment register. It 101 would then program the EIP register with the IP value as read. 102 103 104 SEV secret block 105 ---------------- 106 107 Entry GUID: 4c2eb361-7d9b-4cc3-8081-127c90d3d294 108 109 This describes the guest RAM area where the hypervisor should inject the 110 Guest Owner secret (using SEV_LAUNCH_SECRET). 111 112 113 SEV hashes table 114 ---------------- 115 116 Entry GUID: 7255371f-3a3b-4b04-927b-1da6efa8d454 117 118 This describes the guest RAM area where the hypervisor should install a 119 table describing the hashes of certain firmware configuration device 120 files that would otherwise be passed in unchecked. The current use is 121 for the kernel, initrd and command line values, but others may be added. 122 123 124 .. _OVMF Reset Vector file: 125 https://github.com/tianocore/edk2/blob/master/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm