From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7B04B80333 for ; Mon, 6 Mar 2017 15:27:44 -0800 (PST) Received: by mail-io0-x243.google.com with SMTP id 68so16643991ioh.3 for ; Mon, 06 Mar 2017 15:27:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=a4Wm86WAtg1QnSz9egSilCHicN4QAOAGtsWmEb9fCPo=; b=rQJWDtO91SElEVFfSXKtHbA598a4O2kfk8Tv/jOFTG8XLTPPmjQVnAVgjERnwB3GxN brvtf92LFqEGhYuId4TghZupmOX2IUL9xGCgfAa31VB65uRwvWH1166jncFDkt030vKv wHaLXmie/L1kTTkezjmuJpRFLHHVltROpjsWsufcC1p0w+91XM3S1B8kf51pvTczkzPx 4sNqqL3VzFDVAWaU8tGGAXSJLZoMMAN53QwvjhYob3FE/m1wT86vus3x475spv0UvsbQ 9yLmFqIfc7yrF9sKkW1TmtcO1AJ/hBmvI9GXvCMew3IwYDVEj1LQOT7zGG2s1fwYC3IL pwBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=a4Wm86WAtg1QnSz9egSilCHicN4QAOAGtsWmEb9fCPo=; b=mHoE3RJXEXD3o8+k+hVd+vab//jJdk94NiLX2qf9nH8u91FwkqRjW1qO2OuBZKkQ2N og7PiDEP0cRkF2T1Z0HF/VmlCUKSBe1aZUj0uvaOG7B/MYpNHAle5zfWsWz3VrUl7482 IJbaxG10zt77mtFmP5sF0zYp5ebs+lZL3OyWMj8UpxWk1LoPgxgYQ3KL5WO93qK/+mrr 2cKnpeoLIhqtVZOg1w6NS4swm8ZBZFfzEhEDG3WuQlvJLWBJa80I6s/xJ4C5tA3ngSCB ur13LErYzKGjHUtJ+ei39/Qfkf4GnvzUU85bJLkWwdYPJkr1Br3O/rzfNo8gFgN/Kc+o iHaQ== X-Gm-Message-State: AMke39lGJPlnJndCsonbjZiG9TCaGjcYib3GYI3UcoMt7+sGFa83wA/Mb6U5X8XW0Ew2YQ== X-Received: by 10.107.166.207 with SMTP id p198mr17263224ioe.15.1488842863778; Mon, 06 Mar 2017 15:27:43 -0800 (PST) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id 202sm5574641ity.8.2017.03.06.15.27.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Mar 2017 15:27:43 -0800 (PST) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com, brijesh.sing@amd.com Date: Mon, 06 Mar 2017 18:27:42 -0500 Message-ID: <148884286215.29188.1084675072356724555.stgit@brijesh-build-machine> In-Reply-To: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine> References: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [RFC PATCH v1 2/5] OvmfPkg/MemcryptSevLib: Add SEV helper library X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 23:27:44 -0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit The library contain common helper routines for SEV feature. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemcryptSevLib.h | 42 +++++++++++++ OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c | 66 +++++++++++++++++++++ OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf | 44 ++++++++++++++ OvmfPkg/OvmfPkgIa32X64.dsc | 4 + OvmfPkg/OvmfPkgX64.dsc | 4 + 5 files changed, 160 insertions(+) create mode 100644 OvmfPkg/Include/Library/MemcryptSevLib.h create mode 100644 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c create mode 100644 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf diff --git a/OvmfPkg/Include/Library/MemcryptSevLib.h b/OvmfPkg/Include/Library/MemcryptSevLib.h new file mode 100644 index 0000000..89f9c86 --- /dev/null +++ b/OvmfPkg/Include/Library/MemcryptSevLib.h @@ -0,0 +1,42 @@ +/** @file + Copyright (C) 2017 Advanced Micro Devices. + + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +**/ + +#ifndef __MEMCRYPT_SEV_LIB_H__ +#define __MEMCRYPT_SEV_LIB_H__ + +#include +#include + +/** + + Initialize SEV memory encryption + +**/ + +RETURN_STATUS +EFIAPI +MemcryptSevInitialize ( + VOID + ); + +/** + + Return TRUE when SEV is active otherwise FALSE + + **/ +BOOLEAN +EFIAPI +SevActive ( + VOID + ); + +#endif diff --git a/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c new file mode 100644 index 0000000..2d60b75 --- /dev/null +++ b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c @@ -0,0 +1,66 @@ +/** @file + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Uefi.h" +#include +#include +#include +#include + +#define KVM_FEATURE_MEMORY_ENCRYPTION 0x100 + +RETURN_STATUS +EFIAPI +MemcryptSevInitialize ( + VOID + ) +{ + UINT32 EBX; + UINT64 MeMask = 0; + + if (SevActive ()) { + // CPUID Fn8000_001f[EBX] - Bit 5:0 (memory encryption bit position) + AsmCpuid(0x8000001f, NULL, &EBX, NULL, NULL); + MeMask = (1ULL << (EBX & 0x3f)); + DEBUG ((DEBUG_INFO, "KVM Secure Encrypted Virtualization (SEV) is enabled\n")); + DEBUG ((DEBUG_INFO, "MemEncryptionMask 0x%lx\n", MeMask)); + } + + PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, MeMask); + + return RETURN_SUCCESS; +} + +BOOLEAN +EFIAPI +SevActive ( + VOID + ) +{ + UINT32 KVMFeatures, EAX; + + // Check if KVM memory encyption feature is set + AsmCpuid(0x40000001, &KVMFeatures, NULL, NULL, NULL); + if (KVMFeatures & KVM_FEATURE_MEMORY_ENCRYPTION) { + + // Check whether SEV is enabled + // CPUID Fn8000_001f[EAX] - Bit 0 (SEV is enabled) + AsmCpuid(0x8000001f, &EAX, NULL, NULL, NULL); + + return TRUE; + } + + return FALSE; +} + diff --git a/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf new file mode 100644 index 0000000..8e8d7e0 --- /dev/null +++ b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf @@ -0,0 +1,44 @@ +## @file +# +# Copyright (c) 2017 Advanced Micro Devices. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MemcryptSevLib + FILE_GUID = c1594631-3888-4be4-949f-9c630dbc842b + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MemcryptSevLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[Sources] + MemcryptSevLib.c + +[LibraryClasses] + BaseLib + DebugLib + PcdLib + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 56f7ff9..a35e1d2 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -129,6 +129,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemcryptSevLib|OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -509,6 +510,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index d0b0b0e..5d853d6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -129,6 +129,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemcryptSevLib|OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -508,6 +509,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000