[PATCH 0/3] Add PCD PcdPteMemoryEncryptionAddressOrMask

[PATCH 0/3] Add PCD PcdPteMemoryEncryptionAddressOrMask

[Leo Duran]

This new PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

This mask is be applied when creating 1:1 virtual to physical mapping tables.
For example, the OvmfPkg sets the PCD when launching SEV-enabled guests.

Changes since v1:
- Move PCD to [PcdsFixedAtBuild, ... et al] section in .DEC file
- Add PCD for page tables built by MdeModulePkg/../CapsulePei
- Add PCd for page tables built by UefiCpuPkg/../S3Resume2Pei

Brijesh Singh (1):
  MdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMask

Leo Duran (2):
  MdeModulePkg/Universal/CapsulePei:     Add support for PCD
    PcdPteMemoryEncryptionAddressOrMask
  UefiCpuPkg/Universal/Acpi/S3Resume2Pei:     Add support for PCD
    PcdPteMemoryEncryptionAddressOrMask

 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf                |  5 ++++-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c       | 18 ++++++++++--------
 MdeModulePkg/MdeModulePkg.dec                          |  8 ++++++++
 MdeModulePkg/Universal/CapsulePei/CapsulePei.inf       |  2 ++
 MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf       |  4 ++++
 MdeModulePkg/Universal/CapsulePei/UefiCapsule.c        |  9 +++++----
 MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c       | 10 ++++++----
 UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c      |  9 +++++----
 .../Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf       |  2 ++
 9 files changed, 46 insertions(+), 21 deletions(-)

-- 
1.9.1

[PATCH 1/3] MdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMask

[Leo Duran]

From: Brijesh Singh <brijesh.singh@amd.com>

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  5 ++++-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--------
 MdeModulePkg/MdeModulePkg.dec                    |  8 ++++++++
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 2bc41be..d62bd9b 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -6,6 +6,8 @@
 #  needed to run the DXE Foundation.
 #
 #  Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+#
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@@ -111,7 +113,8 @@ [FeaturePcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES
 
 [Pcd.IA32,Pcd.X64]
-  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIMES_CONSUMES
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 790f6ab..2c52389 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -16,6 +16,8 @@
     3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
 
 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -71,14 +73,14 @@ Split2MPageTo4K (
   //
   // Fill in 2M page entry.
   //
-  *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P | IA32_PG_RW;
+  *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
 
   PhysicalAddress4K = PhysicalAddress;
   for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
     //
     // Fill in the Page Table entries
     //
-    PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
+    PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
     PageTableEntry->Bits.ReadWrite = 1;
     PageTableEntry->Bits.Present = 1;
     if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase + StackSize)) {
@@ -116,7 +118,7 @@ Split1GPageTo2M (
   //
   // Fill in 1G page entry.
   //
-  *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_PG_RW;
+  *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
 
   PhysicalAddress2M = PhysicalAddress;
   for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) {
@@ -129,7 +131,7 @@ Split1GPageTo2M (
       //
       // Fill in the Page Directory entries
       //
-      PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
+      PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
       PageDirectoryEntry->Bits.ReadWrite = 1;
       PageDirectoryEntry->Bits.Present = 1;
       PageDirectoryEntry->Bits.MustBe1 = 1;
@@ -248,7 +250,7 @@ CreateIdentityMappingPageTables (
     //
     // Make a PML4 Entry
     //
-    PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+    PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
     PageMapLevel4Entry->Bits.ReadWrite = 1;
     PageMapLevel4Entry->Bits.Present = 1;
 
@@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
           //
           // Fill in the Page Directory entries
           //
-          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectory1GEntry->Bits.ReadWrite = 1;
           PageDirectory1GEntry->Bits.Present = 1;
           PageDirectory1GEntry->Bits.MustBe1 = 1;
@@ -280,7 +282,7 @@ CreateIdentityMappingPageTables (
         //
         // Fill in a Page Directory Pointer Entries
         //
-        PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+        PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
         PageDirectoryPointerEntry->Bits.ReadWrite = 1;
         PageDirectoryPointerEntry->Bits.Present = 1;
 
@@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
             //
             // Fill in the Page Directory entries
             //
-            PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+            PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
             PageDirectoryEntry->Bits.ReadWrite = 1;
             PageDirectoryEntry->Bits.Present = 1;
             PageDirectoryEntry->Bits.MustBe1 = 1;
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 273cd7e..15119d0 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -6,6 +6,8 @@
 # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 # Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>
 # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+#
 # This program and the accompanying materials are licensed and made available under
 # the terms and conditions of the BSD License that accompanies this distribution.
 # The full text of the license may be found at
@@ -1682,6 +1684,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   # @Prompt A list of system FMP ImageTypeId GUIDs
   gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x0}|VOID*|0x30001046
 
+  ## This PCD holds the address mask for page table entries when memory encryption is
+  #  enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.
+  #  This mask should be applied when creating 1:1 virtual to physical mapping tables.
+  #
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047
+
 [PcdsPatchableInModule]
   ## Specify memory size with page number for PEI code when
   #  Loading Module at Fixed Address feature is enabled.
-- 
1.9.1

[PATCH 2/3] MdeModulePkg/Universal/CapsulePei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

[Leo Duran]

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

The mask is applied when 4GB tables are created (UefiCapsule.c), and when
the tables are expanded on-demand by page-faults above 4GB's (X64Entry.c).

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 MdeModulePkg/Universal/CapsulePei/CapsulePei.inf |  2 ++
 MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf |  4 ++++
 MdeModulePkg/Universal/CapsulePei/UefiCapsule.c  |  9 +++++----
 MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c | 10 ++++++----
 4 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
index d2ca0d0..c54bc21 100644
--- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
@@ -7,6 +7,7 @@
 #  buffer overflow, integer overflow.
 #
 # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions
@@ -76,6 +77,7 @@ [Ppis.IA32]
 [Pcd.IA32]
   gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleCoalesceFile     ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable          ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [FeaturePcd.IA32]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode  ## CONSUMES
diff --git a/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf b/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
index 8318eaa..cf8543b 100644
--- a/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
@@ -10,6 +10,7 @@
 #  buffer overflow, integer overflow.
 #
 # Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions
@@ -53,6 +54,9 @@ [LibraryClasses]
   CpuExceptionHandlerLib
   DebugAgentLib
 
+[Pcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
+
 [Depex]
   FALSE
 
diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
index 9ac9d22..77bc68c 100644
--- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
+++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
@@ -2,6 +2,7 @@
   Capsule update PEIM for UEFI2.0
 
 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions
@@ -187,7 +188,7 @@ Create4GPageTables (
     //
     // Make a PML4 Entry
     //
-    PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+    PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
     PageMapLevel4Entry->Bits.ReadWrite = 1;
     PageMapLevel4Entry->Bits.Present = 1;
 
@@ -198,7 +199,7 @@ Create4GPageTables (
         //
         // Fill in the Page Directory entries
         //
-        PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+        PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
         PageDirectory1GEntry->Bits.ReadWrite = 1;
         PageDirectory1GEntry->Bits.Present = 1;
         PageDirectory1GEntry->Bits.MustBe1 = 1;
@@ -215,7 +216,7 @@ Create4GPageTables (
         //
         // Fill in a Page Directory Pointer Entries
         //
-        PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+        PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
         PageDirectoryPointerEntry->Bits.ReadWrite = 1;
         PageDirectoryPointerEntry->Bits.Present = 1;
 
@@ -223,7 +224,7 @@ Create4GPageTables (
           //
           // Fill in the Page Directory entries
           //
-          PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+          PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectoryEntry->Bits.ReadWrite = 1;
           PageDirectoryEntry->Bits.Present = 1;
           PageDirectoryEntry->Bits.MustBe1 = 1;
diff --git a/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c b/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c
index 5ad95d2..f3f68ee 100644
--- a/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c
+++ b/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c
@@ -2,6 +2,8 @@
   The X64 entrypoint is used to process capsule in long mode.
 
 Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -128,7 +130,7 @@ AcquirePage (
   //
   // Link & Record the current uplink.
   //
-  *Uplink = Address | IA32_PG_P | IA32_PG_RW;
+  *Uplink = Address | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
   PageFaultContext->PageFaultUplink[PageFaultContext->PageFaultIndex] = Uplink;
 
   PageFaultContext->PageFaultIndex = (PageFaultContext->PageFaultIndex + 1) % EXTRA_PAGE_TABLE_PAGES;
@@ -183,7 +185,7 @@ PageFaultHandler (
   PTIndex = BitFieldRead64 (PFAddress, 30, 38);
   // PDPTE
   if (PageFaultContext->Page1GSupport) {
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = (PFAddress & ~((1ull << 30) - 1)) | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
   } else {
     if ((PageTable[PTIndex] & IA32_PG_P) == 0) {
       AcquirePage (PageFaultContext, &PageTable[PTIndex]);
@@ -191,7 +193,7 @@ PageFaultHandler (
     PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PhyMask);
     PTIndex = BitFieldRead64 (PFAddress, 21, 29);
     // PD
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = (PFAddress & ~((1ull << 21) - 1)) | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
   }
 
   return NULL;
@@ -298,4 +300,4 @@ _ModuleEntryPoint (
   //
   ASSERT (FALSE);
   return EFI_SUCCESS;
-}
\ No newline at end of file
+}
-- 
1.9.1

[PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

[Leo Duran]

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

The mask is applied when page tables are created (S3Resume.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c       | 9 +++++----
 UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf | 2 ++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
index d306fba..ee1e2cd 100644
--- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
+++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
@@ -5,6 +5,7 @@
   control is passed to OS waking up handler.
 
   Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions
@@ -696,7 +697,7 @@ RestoreS3PageTables (
       //
       // Make a PML4 Entry
       //
-      PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+      PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
       PageMapLevel4Entry->Bits.ReadWrite = 1;
       PageMapLevel4Entry->Bits.Present = 1;
 
@@ -707,7 +708,7 @@ RestoreS3PageTables (
           //
           // Fill in the Page Directory entries
           //
-          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectory1GEntry->Bits.ReadWrite = 1;
           PageDirectory1GEntry->Bits.Present = 1;
           PageDirectory1GEntry->Bits.MustBe1 = 1;
@@ -724,7 +725,7 @@ RestoreS3PageTables (
           //
           // Fill in a Page Directory Pointer Entries
           //
-          PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+          PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectoryPointerEntry->Bits.ReadWrite = 1;
           PageDirectoryPointerEntry->Bits.Present = 1;
     
@@ -732,7 +733,7 @@ RestoreS3PageTables (
             //
             // Fill in the Page Directory entries
             //
-            PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+            PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
             PageDirectoryEntry->Bits.ReadWrite = 1;
             PageDirectoryEntry->Bits.Present = 1;
             PageDirectoryEntry->Bits.MustBe1 = 1;
diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
index 73aeca3..d514523 100644
--- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
+++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
@@ -6,6 +6,7 @@
 # control is passed to OS waking up handler.
 #
 # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials are
 # licensed and made available under the terms and conditions of the BSD License
@@ -91,6 +92,7 @@ [FeaturePcd]
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable  ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [Depex]
   TRUE
-- 
1.9.1

Re: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

[Fan, Jeff]

Hi Leo,

I want to understand your usage model. What fields are you going to update in below Page Table Entry by the new PCD?

typedef union {
  struct {
    UINT64  Present:1;                // 0 = Not present in memory, 1 = Present in memory
    UINT64  ReadWrite:1;              // 0 = Read-Only, 1= Read/Write
    UINT64  UserSupervisor:1;         // 0 = Supervisor, 1=User
    UINT64  WriteThrough:1;           // 0 = Write-Back caching, 1=Write-Through caching
    UINT64  CacheDisabled:1;          // 0 = Cached, 1=Non-Cached
    UINT64  Accessed:1;               // 0 = Not accessed, 1 = Accessed (set by CPU)
    UINT64  Dirty:1;                  // 0 = Not Dirty, 1 = written by processor on access to page
    UINT64  MustBe1:1;                // Must be 1 
    UINT64  Global:1;                 // 0 = Not global page, 1 = global page TLB not cleared on CR3 write
    UINT64  Available:3;              // Available for use by system software
    UINT64  PAT:1;                    //
    UINT64  MustBeZero:8;             // Must be zero;
    UINT64  PageTableBaseAddress:31;  // Page Table Base Address
    UINT64  AvabilableHigh:11;        // Available for use by system software
    UINT64  Nx:1;                     // 0 = Execute Code, 1 = No Code Execution
  } Bits;
  UINT64    Uint64;
} PAGE_TABLE_ENTRY;

I did not see any updating in SMM. Is it un-necessary? Is this feature working on POST phase or OS runtime phase?

Thanks!
Jeff

-----Original Message-----
From: Leo Duran [mailto:leo.duran@amd.com] 
Sent: Thursday, February 09, 2017 5:13 AM
To: edk2-devel@ml01.01.org
Cc: Leo Duran; Fan, Jeff; Tian, Feng; Zeng, Star; Laszlo Ersek; Brijesh Singh
Subject: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.

The mask is applied when page tables are created (S3Resume.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c       | 9 +++++----
 UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf | 2 ++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
index d306fba..ee1e2cd 100644
--- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
+++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
@@ -5,6 +5,7 @@
   control is passed to OS waking up handler.
 
   Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions @@ -696,7 +697,7 @@ RestoreS3PageTables (
       //
       // Make a PML4 Entry
       //
-      PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+      PageMapLevel4Entry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
       PageMapLevel4Entry->Bits.ReadWrite = 1;
       PageMapLevel4Entry->Bits.Present = 1;
 
@@ -707,7 +708,7 @@ RestoreS3PageTables (
           //
           // Fill in the Page Directory entries
           //
-          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectory1GEntry->Bits.ReadWrite = 1;
           PageDirectory1GEntry->Bits.Present = 1;
           PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -724,7 +725,7 @@ RestoreS3PageTables (
           //
           // Fill in a Page Directory Pointer Entries
           //
-          PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+          PageDirectoryPointerEntry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectoryPointerEntry->Bits.ReadWrite = 1;
           PageDirectoryPointerEntry->Bits.Present = 1;
     
@@ -732,7 +733,7 @@ RestoreS3PageTables (
             //
             // Fill in the Page Directory entries
             //
-            PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+            PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
             PageDirectoryEntry->Bits.ReadWrite = 1;
             PageDirectoryEntry->Bits.Present = 1;
             PageDirectoryEntry->Bits.MustBe1 = 1; diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
index 73aeca3..d514523 100644
--- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
+++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
@@ -6,6 +6,7 @@
 # control is passed to OS waking up handler.
 #
 # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials are  # licensed and made available under the terms and conditions of the BSD License @@ -91,6 +92,7 @@ [FeaturePcd]
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable  ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [Depex]
   TRUE
--
1.9.1

Re: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

[Duran, Leo]

Hi Jeff,
The new PCD is intended to be OR'ed with the address (upper bits).
Leo.

> -----Original Message-----
> From: Fan, Jeff [mailto:jeff.fan@intel.com]
> Sent: Thursday, February 09, 2017 8:23 PM
> To: Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Zeng, Star <star.zeng@intel.com>;
> Laszlo Ersek <lersek@redhat.com>; Singh, Brijesh <brijesh.singh@amd.com>
> Subject: RE: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add
> support for PCD PcdPteMemoryEncryptionAddressOrMask
> 
> Hi Leo,
> 
> I want to understand your usage model. What fields are you going to update
> in below Page Table Entry by the new PCD?
> 
> typedef union {
>   struct {
>     UINT64  Present:1;                // 0 = Not present in memory, 1 = Present in
> memory
>     UINT64  ReadWrite:1;              // 0 = Read-Only, 1= Read/Write
>     UINT64  UserSupervisor:1;         // 0 = Supervisor, 1=User
>     UINT64  WriteThrough:1;           // 0 = Write-Back caching, 1=Write-Through
> caching
>     UINT64  CacheDisabled:1;          // 0 = Cached, 1=Non-Cached
>     UINT64  Accessed:1;               // 0 = Not accessed, 1 = Accessed (set by CPU)
>     UINT64  Dirty:1;                  // 0 = Not Dirty, 1 = written by processor on access
> to page
>     UINT64  MustBe1:1;                // Must be 1
>     UINT64  Global:1;                 // 0 = Not global page, 1 = global page TLB not
> cleared on CR3 write
>     UINT64  Available:3;              // Available for use by system software
>     UINT64  PAT:1;                    //
>     UINT64  MustBeZero:8;             // Must be zero;
>     UINT64  PageTableBaseAddress:31;  // Page Table Base Address
>     UINT64  AvabilableHigh:11;        // Available for use by system software
>     UINT64  Nx:1;                     // 0 = Execute Code, 1 = No Code Execution
>   } Bits;
>   UINT64    Uint64;
> } PAGE_TABLE_ENTRY;
> 
> I did not see any updating in SMM. Is it un-necessary? Is this feature working
> on POST phase or OS runtime phase?
> 
> Thanks!
> Jeff
> 
> -----Original Message-----
> From: Leo Duran [mailto:leo.duran@amd.com]
> Sent: Thursday, February 09, 2017 5:13 AM
> To: edk2-devel@ml01.01.org
> Cc: Leo Duran; Fan, Jeff; Tian, Feng; Zeng, Star; Laszlo Ersek; Brijesh Singh
> Subject: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add
> support for PCD PcdPteMemoryEncryptionAddressOrMask
> 
> This PCD holds the address mask for page table entries when memory
> encryption is enabled on AMD processors supporting the Secure Encrypted
> Virtualization (SEV) feature.
> 
> The mask is applied when page tables are created (S3Resume.c).
> 
> CC: Jeff Fan <jeff.fan@intel.com>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Leo Duran <leo.duran@amd.com>
> ---
>  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c       | 9 +++++----
>  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf | 2 ++
>  2 files changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> index d306fba..ee1e2cd 100644
> --- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> +++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> @@ -5,6 +5,7 @@
>    control is passed to OS waking up handler.
> 
>    Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> 
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions @@ -696,7
> +697,7 @@ RestoreS3PageTables (
>        //
>        // Make a PML4 Entry
>        //
> -      PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> +      PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
>        PageMapLevel4Entry->Bits.ReadWrite = 1;
>        PageMapLevel4Entry->Bits.Present = 1;
> 
> @@ -707,7 +708,7 @@ RestoreS3PageTables (
>            //
>            // Fill in the Page Directory entries
>            //
> -          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> +          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
>            PageDirectory1GEntry->Bits.ReadWrite = 1;
>            PageDirectory1GEntry->Bits.Present = 1;
>            PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -724,7 +725,7 @@
> RestoreS3PageTables (
>            //
>            // Fill in a Page Directory Pointer Entries
>            //
> -          PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> +          PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
>            PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>            PageDirectoryPointerEntry->Bits.Present = 1;
> 
> @@ -732,7 +733,7 @@ RestoreS3PageTables (
>              //
>              // Fill in the Page Directory entries
>              //
> -            PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> +            PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
>              PageDirectoryEntry->Bits.ReadWrite = 1;
>              PageDirectoryEntry->Bits.Present = 1;
>              PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> index 73aeca3..d514523 100644
> --- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> +++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> @@ -6,6 +6,7 @@
>  # control is passed to OS waking up handler.
>  #
>  # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>  #
>  # This program and the accompanying materials are  # licensed and made
> available under the terms and conditions of the BSD License @@ -91,6 +92,7
> @@ [FeaturePcd]
> 
>  [Pcd]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable  ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask    ## CONSUMES
> 
>  [Depex]
>    TRUE
> --
> 1.9.1

Re: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

[Fan, Jeff]

Leo,

If this PCD is only to patch address, could you make sure the other fields not to be updated in case the platform set the other fields in PCD.

PageTable setup in DxeIpl is in boot service data range. If this feature is only supported in POST phase, that's enough.

Thanks!
Jeff

-----Original Message-----
From: Duran, Leo [mailto:leo.duran@amd.com] 
Sent: Friday, February 10, 2017 12:28 PM
To: Fan, Jeff; edk2-devel@ml01.01.org
Cc: Tian, Feng; Zeng, Star; Laszlo Ersek; Singh, Brijesh
Subject: RE: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

Hi Jeff,
The new PCD is intended to be OR'ed with the address (upper bits).
Leo.

> -----Original Message-----
> From: Fan, Jeff [mailto:jeff.fan@intel.com]
> Sent: Thursday, February 09, 2017 8:23 PM
> To: Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Zeng, Star 
> <star.zeng@intel.com>; Laszlo Ersek <lersek@redhat.com>; Singh, 
> Brijesh <brijesh.singh@amd.com>
> Subject: RE: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add 
> support for PCD PcdPteMemoryEncryptionAddressOrMask
> 
> Hi Leo,
> 
> I want to understand your usage model. What fields are you going to 
> update in below Page Table Entry by the new PCD?
> 
> typedef union {
>   struct {
>     UINT64  Present:1;                // 0 = Not present in memory, 1 = Present in
> memory
>     UINT64  ReadWrite:1;              // 0 = Read-Only, 1= Read/Write
>     UINT64  UserSupervisor:1;         // 0 = Supervisor, 1=User
>     UINT64  WriteThrough:1;           // 0 = Write-Back caching, 1=Write-Through
> caching
>     UINT64  CacheDisabled:1;          // 0 = Cached, 1=Non-Cached
>     UINT64  Accessed:1;               // 0 = Not accessed, 1 = Accessed (set by CPU)
>     UINT64  Dirty:1;                  // 0 = Not Dirty, 1 = written by processor on access
> to page
>     UINT64  MustBe1:1;                // Must be 1
>     UINT64  Global:1;                 // 0 = Not global page, 1 = global page TLB not
> cleared on CR3 write
>     UINT64  Available:3;              // Available for use by system software
>     UINT64  PAT:1;                    //
>     UINT64  MustBeZero:8;             // Must be zero;
>     UINT64  PageTableBaseAddress:31;  // Page Table Base Address
>     UINT64  AvabilableHigh:11;        // Available for use by system software
>     UINT64  Nx:1;                     // 0 = Execute Code, 1 = No Code Execution
>   } Bits;
>   UINT64    Uint64;
> } PAGE_TABLE_ENTRY;
> 
> I did not see any updating in SMM. Is it un-necessary? Is this feature 
> working on POST phase or OS runtime phase?
> 
> Thanks!
> Jeff
> 
> -----Original Message-----
> From: Leo Duran [mailto:leo.duran@amd.com]
> Sent: Thursday, February 09, 2017 5:13 AM
> To: edk2-devel@ml01.01.org
> Cc: Leo Duran; Fan, Jeff; Tian, Feng; Zeng, Star; Laszlo Ersek; 
> Brijesh Singh
> Subject: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add 
> support for PCD PcdPteMemoryEncryptionAddressOrMask
> 
> This PCD holds the address mask for page table entries when memory 
> encryption is enabled on AMD processors supporting the Secure 
> Encrypted Virtualization (SEV) feature.
> 
> The mask is applied when page tables are created (S3Resume.c).
> 
> CC: Jeff Fan <jeff.fan@intel.com>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Leo Duran <leo.duran@amd.com>
> ---
>  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c       | 9 +++++----
>  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf | 2 ++
>  2 files changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> index d306fba..ee1e2cd 100644
> --- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> +++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
> @@ -5,6 +5,7 @@
>    control is passed to OS waking up handler.
> 
>    Copyright (c) 2006 - 2016, Intel Corporation. All rights 
> reserved.<BR>
> +  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> 
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions @@ 
> -696,7
> +697,7 @@ RestoreS3PageTables (
>        //
>        // Make a PML4 Entry
>        //
> -      PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> +      PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 
> + (PcdPteMemoryEncryptionAddressOrMask);
>        PageMapLevel4Entry->Bits.ReadWrite = 1;
>        PageMapLevel4Entry->Bits.Present = 1;
> 
> @@ -707,7 +708,7 @@ RestoreS3PageTables (
>            //
>            // Fill in the Page Directory entries
>            //
> -          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> +          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | 
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>            PageDirectory1GEntry->Bits.ReadWrite = 1;
>            PageDirectory1GEntry->Bits.Present = 1;
>            PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -724,7 +725,7 @@ 
> RestoreS3PageTables (
>            //
>            // Fill in a Page Directory Pointer Entries
>            //
> -          PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> +          PageDirectoryPointerEntry->Uint64 = 
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 
> + (PcdPteMemoryEncryptionAddressOrMask);
>            PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>            PageDirectoryPointerEntry->Bits.Present = 1;
> 
> @@ -732,7 +733,7 @@ RestoreS3PageTables (
>              //
>              // Fill in the Page Directory entries
>              //
> -            PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> +            PageDirectoryEntry->Uint64 = (UINT64)PageAddress | 
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>              PageDirectoryEntry->Bits.ReadWrite = 1;
>              PageDirectoryEntry->Bits.Present = 1;
>              PageDirectoryEntry->Bits.MustBe1 = 1; diff --git 
> a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> index 73aeca3..d514523 100644
> --- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> +++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
> @@ -6,6 +6,7 @@
>  # control is passed to OS waking up handler.
>  #
>  # Copyright (c) 2010 - 2014, Intel Corporation. All rights 
> reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>  #
>  # This program and the accompanying materials are  # licensed and 
> made available under the terms and conditions of the BSD License @@ 
> -91,6 +92,7 @@ [FeaturePcd]
> 
>  [Pcd]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable  ## 
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask    ## CONSUMES
> 
>  [Depex]
>    TRUE
> --
> 1.9.1

Re: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

[Zeng, Star]

Leo,

The RestoreS3PageTables() in S3Resume.c may only build 4G page table when Build4GPageTableOnly is TRUE.
The page fault handler PageFaultHandler() in MdeModulePkg\Universal\Acpi\BootScriptExecutorDxe\X64\SetIdtEntry.c is to co-work with it.
Since BootScriptExecutorDxe is a standalone module, PcdGet64  (PcdPteMemoryEncryptionAddressOrMask) could not be used in PageFaultHandler() as PcdPteMemoryEncryptionAddressOrMask may be configured to DYNAMIC type.
You can use similar logic with "mPage1GSupport for PcdUse1GPageTable" to use a global variable and cache the PcdPteMemoryEncryptionAddressOrMask PCD value at normal boot phase, and then the global variable can be used in PageFaultHandler() at S3 boot phase.

Thanks,
Star
-----Original Message-----
From: Leo Duran [mailto:leo.duran@amd.com] 
Sent: Thursday, February 9, 2017 5:13 AM
To: edk2-devel@ml01.01.org
Cc: Leo Duran <leo.duran@amd.com>; Fan, Jeff <jeff.fan@intel.com>; Tian, Feng <feng.tian@intel.com>; Zeng, Star <star.zeng@intel.com>; Laszlo Ersek <lersek@redhat.com>; Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.

The mask is applied when page tables are created (S3Resume.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c       | 9 +++++----
 UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf | 2 ++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
index d306fba..ee1e2cd 100644
--- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
+++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c
@@ -5,6 +5,7 @@
   control is passed to OS waking up handler.
 
   Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions @@ -696,7 +697,7 @@ RestoreS3PageTables (
       //
       // Make a PML4 Entry
       //
-      PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+      PageMapLevel4Entry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
       PageMapLevel4Entry->Bits.ReadWrite = 1;
       PageMapLevel4Entry->Bits.Present = 1;
 
@@ -707,7 +708,7 @@ RestoreS3PageTables (
           //
           // Fill in the Page Directory entries
           //
-          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectory1GEntry->Bits.ReadWrite = 1;
           PageDirectory1GEntry->Bits.Present = 1;
           PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -724,7 +725,7 @@ RestoreS3PageTables (
           //
           // Fill in a Page Directory Pointer Entries
           //
-          PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+          PageDirectoryPointerEntry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectoryPointerEntry->Bits.ReadWrite = 1;
           PageDirectoryPointerEntry->Bits.Present = 1;
     
@@ -732,7 +733,7 @@ RestoreS3PageTables (
             //
             // Fill in the Page Directory entries
             //
-            PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+            PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
             PageDirectoryEntry->Bits.ReadWrite = 1;
             PageDirectoryEntry->Bits.Present = 1;
             PageDirectoryEntry->Bits.MustBe1 = 1; diff --git a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
index 73aeca3..d514523 100644
--- a/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
+++ b/UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
@@ -6,6 +6,7 @@
 # control is passed to OS waking up handler.
 #
 # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials are  # licensed and made available under the terms and conditions of the BSD License @@ -91,6 +92,7 @@ [FeaturePcd]
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable  ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [Depex]
   TRUE
--
1.9.1

Re: [PATCH 1/3] MdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMask

[Zeng, Star]

Reviewed-by: Star Zeng <star.zeng@intel.com>

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Leo Duran
Sent: Thursday, February 9, 2017 5:13 AM
To: edk2-devel@ml01.01.org
Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>; Brijesh Singh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>; Leo Duran <leo.duran@amd.com>
Subject: [edk2] [PATCH 1/3] MdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMask

From: Brijesh Singh <brijesh.singh@amd.com>

This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  5 ++++-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--------
 MdeModulePkg/MdeModulePkg.dec                    |  8 ++++++++
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 2bc41be..d62bd9b 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -6,6 +6,8 @@
 #  needed to run the DXE Foundation.
 #
 #  Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
 #  This program and the accompanying materials  #  are licensed and made available under the terms and conditions of the BSD License  #  which accompanies this distribution.  The full text of the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES
 
 [Pcd.IA32,Pcd.X64]
-  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIMES_CONSUMES
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 790f6ab..2c52389 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -16,6 +16,8 @@
     3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
 
 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
 This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
   //
   // Fill in 2M page entry.
   //
-  *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P | IA32_PG_RW;
+  *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
 
   PhysicalAddress4K = PhysicalAddress;
   for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
     //
     // Fill in the Page Table entries
     //
-    PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
+    PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
     PageTableEntry->Bits.ReadWrite = 1;
     PageTableEntry->Bits.Present = 1;
     if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase + StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
   //
   // Fill in 1G page entry.
   //
-  *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_PG_RW;
+  *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
 
   PhysicalAddress2M = PhysicalAddress;
   for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
       //
       // Fill in the Page Directory entries
       //
-      PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
+      PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M | 
+ PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
       PageDirectoryEntry->Bits.ReadWrite = 1;
       PageDirectoryEntry->Bits.Present = 1;
       PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@ CreateIdentityMappingPageTables (
     //
     // Make a PML4 Entry
     //
-    PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+    PageMapLevel4Entry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
     PageMapLevel4Entry->Bits.ReadWrite = 1;
     PageMapLevel4Entry->Bits.Present = 1;
 
@@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
           //
           // Fill in the Page Directory entries
           //
-          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+          PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectory1GEntry->Bits.ReadWrite = 1;
           PageDirectory1GEntry->Bits.Present = 1;
           PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@ CreateIdentityMappingPageTables (
         //
         // Fill in a Page Directory Pointer Entries
         //
-        PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+        PageDirectoryPointerEntry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
         PageDirectoryPointerEntry->Bits.ReadWrite = 1;
         PageDirectoryPointerEntry->Bits.Present = 1;
 
@@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
             //
             // Fill in the Page Directory entries
             //
-            PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+            PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
             PageDirectoryEntry->Bits.ReadWrite = 1;
             PageDirectoryEntry->Bits.Present = 1;
             PageDirectoryEntry->Bits.MustBe1 = 1; diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..15119d0 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -6,6 +6,8 @@
 # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>  # Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>  # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
 # This program and the accompanying materials are licensed and made available under  # the terms and conditions of the BSD License that accompanies this distribution.
 # The full text of the license may be found at @@ -1682,6 +1684,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   # @Prompt A list of system FMP ImageTypeId GUIDs
   gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x0}|VOID*|0x30001046
 
+  ## This PCD holds the address mask for page table entries when memory 
+ encryption is  #  enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.
+  #  This mask should be applied when creating 1:1 virtual to physical mapping tables.
+  #
+  
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
+ |UINT64|0x30001047
+
 [PcdsPatchableInModule]
   ## Specify memory size with page number for PEI code when
   #  Loading Module at Fixed Address feature is enabled.
--
1.9.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [PATCH 2/3] MdeModulePkg/Universal/CapsulePei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

[Zeng, Star]

Leo,

CapsuleX64 is a standalone module, PcdGet64  (PcdPteMemoryEncryptionAddressOrMask) could not be used in X64Entry PageFaultHandler() as PcdPteMemoryEncryptionAddressOrMask may be configured to DYNAMIC type.
You can use similar logic with PAGE_FAULT_CONTEXT.Page1GSupport to transfer the PcdPteMemoryEncryptionAddressOrMask PCD value from CapsulePei to CapsuleX64.

Thanks,
Star
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Leo Duran
Sent: Thursday, February 9, 2017 5:13 AM
To: edk2-devel@ml01.01.org
Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>; Leo Duran <leo.duran@amd.com>; Brijesh Singh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>
Subject: [edk2] [PATCH 2/3] MdeModulePkg/Universal/CapsulePei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.

The mask is applied when 4GB tables are created (UefiCapsule.c), and when the tables are expanded on-demand by page-faults above 4GB's (X64Entry.c).

Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 MdeModulePkg/Universal/CapsulePei/CapsulePei.inf |  2 ++  MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf |  4 ++++  MdeModulePkg/Universal/CapsulePei/UefiCapsule.c  |  9 +++++----  MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c | 10 ++++++----
 4 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
index d2ca0d0..c54bc21 100644
--- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
@@ -7,6 +7,7 @@
 #  buffer overflow, integer overflow.
 #
 # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials  # are licensed and made available under the terms and conditions @@ -76,6 +77,7 @@ [Ppis.IA32]  [Pcd.IA32]
   gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleCoalesceFile     ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable          ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [FeaturePcd.IA32]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode  ## CONSUMES diff --git a/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf b/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
index 8318eaa..cf8543b 100644
--- a/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
@@ -10,6 +10,7 @@
 #  buffer overflow, integer overflow.
 #
 # Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials  # are licensed and made available under the terms and conditions @@ -53,6 +54,9 @@ [LibraryClasses]
   CpuExceptionHandlerLib
   DebugAgentLib
 
+[Pcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
+
 [Depex]
   FALSE
 
diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
index 9ac9d22..77bc68c 100644
--- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
+++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
@@ -2,6 +2,7 @@
   Capsule update PEIM for UEFI2.0
 
 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
 This program and the accompanying materials  are licensed and made available under the terms and conditions @@ -187,7 +188,7 @@ Create4GPageTables (
     //
     // Make a PML4 Entry
     //
-    PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+    PageMapLevel4Entry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
     PageMapLevel4Entry->Bits.ReadWrite = 1;
     PageMapLevel4Entry->Bits.Present = 1;
 
@@ -198,7 +199,7 @@ Create4GPageTables (
         //
         // Fill in the Page Directory entries
         //
-        PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+        PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
         PageDirectory1GEntry->Bits.ReadWrite = 1;
         PageDirectory1GEntry->Bits.Present = 1;
         PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -215,7 +216,7 @@ Create4GPageTables (
         //
         // Fill in a Page Directory Pointer Entries
         //
-        PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+        PageDirectoryPointerEntry->Uint64 = 
+ (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
         PageDirectoryPointerEntry->Bits.ReadWrite = 1;
         PageDirectoryPointerEntry->Bits.Present = 1;
 
@@ -223,7 +224,7 @@ Create4GPageTables (
           //
           // Fill in the Page Directory entries
           //
-          PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+          PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask);
           PageDirectoryEntry->Bits.ReadWrite = 1;
           PageDirectoryEntry->Bits.Present = 1;
           PageDirectoryEntry->Bits.MustBe1 = 1; diff --git a/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c b/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c
index 5ad95d2..f3f68ee 100644
--- a/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c
+++ b/MdeModulePkg/Universal/CapsulePei/X64/X64Entry.c
@@ -2,6 +2,8 @@
   The X64 entrypoint is used to process capsule in long mode.
 
 Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
 This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at @@ -128,7 +130,7 @@ AcquirePage (
   //
   // Link & Record the current uplink.
   //
-  *Uplink = Address | IA32_PG_P | IA32_PG_RW;
+  *Uplink = Address | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | 
+ IA32_PG_P | IA32_PG_RW;
   PageFaultContext->PageFaultUplink[PageFaultContext->PageFaultIndex] = Uplink;
 
   PageFaultContext->PageFaultIndex = (PageFaultContext->PageFaultIndex + 1) % EXTRA_PAGE_TABLE_PAGES; @@ -183,7 +185,7 @@ PageFaultHandler (
   PTIndex = BitFieldRead64 (PFAddress, 30, 38);
   // PDPTE
   if (PageFaultContext->Page1GSupport) {
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = (PFAddress & ~((1ull << 30) - 1)) | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW | 
+ IA32_PG_PS;
   } else {
     if ((PageTable[PTIndex] & IA32_PG_P) == 0) {
       AcquirePage (PageFaultContext, &PageTable[PTIndex]); @@ -191,7 +193,7 @@ PageFaultHandler (
     PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PhyMask);
     PTIndex = BitFieldRead64 (PFAddress, 21, 29);
     // PD
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = (PFAddress & ~((1ull << 21) - 1)) | PcdGet64 
+ (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW | 
+ IA32_PG_PS;
   }
 
   return NULL;
@@ -298,4 +300,4 @@ _ModuleEntryPoint (
   //
   ASSERT (FALSE);
   return EFI_SUCCESS;
-}
\ No newline at end of file
+}
--
1.9.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel