public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Leo Duran <leo.duran@amd.com>
To: <edk2-devel@ml01.01.org>
Cc: Leo Duran <leo.duran@amd.com>, Jeff Fan <jeff.fan@intel.com>,
	Feng Tian <feng.tian@intel.com>, Star Zeng <star.zeng@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v4 5/6] MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe: Add support for PCD PcdPteMemoryEncryptionAddressOrMask
Date: Sun, 26 Feb 2017 11:43:06 -0600	[thread overview]
Message-ID: <1488130987-2544-6-git-send-email-leo.duran@amd.com> (raw)
In-Reply-To: <1488130987-2544-1-git-send-email-leo.duran@amd.com>

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

This module updates the under-4GB page tables configured by the S3-Resume
code in UefiCpuPkg/Universal/Acpi/S3Resume2Pei. The mask is saved at module
start (ScriptExecute.c), and applied when tables are expanded on-demand by
page-faults above 4GB's (SetIdtEntry.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 .../Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf  |  2 ++
 .../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c  |  7 +++++++
 .../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h  |  5 +++++
 .../Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c          | 15 +++++++++------
 4 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
index 7cd38cf..29af7f5 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -5,6 +5,7 @@
 # depends on any PEI or DXE service.
 #
 # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials are
 # licensed and made available under the terms and conditions of the BSD License
@@ -85,6 +86,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask   ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable                ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [Depex]
   gEfiLockBoxProtocolGuid
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
index f67fbca..22d4349 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
@@ -5,6 +5,7 @@
   in the entry point. The functionality is to interpret and restore the S3 boot script
 
 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -23,6 +24,7 @@ EFI_GUID              mBootScriptExecutorImageGuid = {
 };
 
 BOOLEAN               mPage1GSupport = FALSE;
+UINT64                mAddressEncMask = 0;
 
 /**
   Entry function of Boot script exector. This function will be executed in
@@ -408,6 +410,11 @@ BootScriptExecutorEntryPoint (
   }
 
   //
+  // Make sure AddressEncMask is contained to smallest supported address field.
+  //
+  mAddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
+
+  //
   // Test if the gEfiCallerIdGuid of this image is already installed. if not, the entry
   // point is loaded by DXE code which is the first time loaded. or else, it is already
   // be reloaded be itself.This is a work-around
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
index 772347a..7532756 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
@@ -5,6 +5,7 @@
   in the entry point. The functionality is to interpret and restore the S3 boot script 
   
 Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -44,6 +45,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #include <Protocol/DxeSmmReadyToLock.h>
 #include <IndustryStandard/Acpi.h>
+
+#define PAGING_1G_ADDRESS_MASK_64  0x000FFFFFC0000000ull
+
 /**
   a ASM function to transfer control to OS.
   
@@ -87,5 +91,6 @@ SetIdtEntry (
 extern UINT32 AsmFixAddress16;
 extern UINT32 AsmJmpAddr32;
 extern BOOLEAN mPage1GSupport;
+extern UINT64 mAddressEncMask;
 
 #endif //_BOOT_SCRIPT_EXECUTOR_H_
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
index 6674560..d433cf1 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
@@ -4,6 +4,8 @@
   Set a IDT entry for interrupt vector 3 for debug purpose for x64 platform
 
 Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -200,14 +202,15 @@ AcquirePage (
   //
   // Cut the previous uplink if it exists and wasn't overwritten.
   //
-  if ((mPageFaultUplink[mPageFaultIndex] != NULL) && ((*mPageFaultUplink[mPageFaultIndex] & mPhyMask) == Address)) {
+  if ((mPageFaultUplink[mPageFaultIndex] != NULL) &&
+     ((*mPageFaultUplink[mPageFaultIndex] & ~mAddressEncMask & mPhyMask) == Address)) {
     *mPageFaultUplink[mPageFaultIndex] = 0;
   }
 
   //
   // Link & Record the current uplink.
   //
-  *Uplink = Address | IA32_PG_P | IA32_PG_RW;
+  *Uplink = Address | mAddressEncMask | IA32_PG_P | IA32_PG_RW;
   mPageFaultUplink[mPageFaultIndex] = Uplink;
 
   mPageFaultIndex = (mPageFaultIndex + 1) % EXTRA_PAGE_TABLE_PAGES;
@@ -245,19 +248,19 @@ PageFaultHandler (
   if ((PageTable[PTIndex] & IA32_PG_P) == 0) {
     AcquirePage (&PageTable[PTIndex]);
   }
-  PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & mPhyMask);
+  PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & ~mAddressEncMask & mPhyMask);
   PTIndex = BitFieldRead64 (PFAddress, 30, 38);
   // PDPTE
   if (mPage1GSupport) {
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = ((PFAddress | mAddressEncMask) & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
   } else {
     if ((PageTable[PTIndex] & IA32_PG_P) == 0) {
       AcquirePage (&PageTable[PTIndex]);
     }
-    PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & mPhyMask);
+    PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & ~mAddressEncMask & mPhyMask);
     PTIndex = BitFieldRead64 (PFAddress, 21, 29);
     // PD
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = ((PFAddress | mAddressEncMask) & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
   }
 
   return TRUE;
-- 
2.7.4



  parent reply	other threads:[~2017-02-26 17:43 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-26 17:43 [PATCH v4 0/6] Add PCD PcdPteMemoryEncryptionAddressOrMask Leo Duran
2017-02-26 17:43 ` [PATCH v4 1/6] MdeModulePkg: " Leo Duran
2017-02-27  2:20   ` Zeng, Star
2017-02-27 14:12     ` Duran, Leo
2017-02-28  0:59       ` Zeng, Star
2017-02-26 17:43 ` [PATCH v4 2/6] MdeModulePkg/Core/DxeIplPeim: Add support for " Leo Duran
2017-02-26 17:43 ` [PATCH v4 3/6] MdeModulePkg/Universal/CapsulePei: " Leo Duran
2017-02-26 17:43 ` [PATCH v4 4/6] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: " Leo Duran
2017-02-28  8:12   ` Fan, Jeff
2017-02-26 17:43 ` Leo Duran [this message]
2017-02-26 17:43 ` [PATCH v4 6/6] UefiCpuPkg/PiSmmCpuDxeSmm: " Leo Duran
2017-02-27  7:51   ` Fan, Jeff
2017-02-27 14:15     ` Duran, Leo
2017-02-28  8:12   ` Fan, Jeff
2017-03-01  4:56 ` [PATCH v4 0/6] Add " Zeng, Star

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1488130987-2544-6-git-send-email-leo.duran@amd.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox