From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-x243.google.com (mail-oi0-x243.google.com [IPv6:2607:f8b0:4003:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 45CAD80380 for ; Tue, 21 Mar 2017 13:59:26 -0700 (PDT) Received: by mail-oi0-x243.google.com with SMTP id w81so7243485oig.1 for ; Tue, 21 Mar 2017 13:59:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=f3/iLQIf7JokuvhIF44ldKgn/Y+KES7ocdXXeBIu70k=; b=SI2F3n4IAYmAzvQhYP9+ctoomKIaOY16eGE9B/SSLC6wauWk2UDJybV7CWxtNc7az9 IflZmvQCuzI63WZhOhakisOaqfCh/uIj1e04+KrD59MEVjOkZV/bLjSwW1sAffdOOej8 MxeIJoiCpezvuaQpn2FZva1s7YJDvZ/tb4VwRPzU8b0NjbnReEaXZI7DXe6VR9SNi23G TWVYvBB7mH5GFegt5Mbvruo0tah1RjNPwdklvSjCgJDsc9UKWC/5QmDmTdm/9edGAAcC pvb0ccHHZ7d5+8SnD5B0O0ZN5wzclkgx7l/ew3HH09szCV320Vtu3QCkYCAsYz1/CQCn 2IPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=f3/iLQIf7JokuvhIF44ldKgn/Y+KES7ocdXXeBIu70k=; b=OZ/BvcuDKb4zfmf0iHP4ynaythYut65icr2Mai3L4lhVXMUcRaYzT3ruZLtwpQmBV7 vbqrN+ah9Y8jDiTTVAMq16p0ukI8gtLwtNTzH0R1Dslr4CrkXGKRJFNs5LhWkkF27c07 zL7JVkrsnWlpGM4LQFScz0snCdAIeHrxlSJiGQrwdCBapKLoHMHWtbhywWEk0G1W1Xbs PmyxmWo0t3o74jv983WKFhQDpfp8HuN2NCbKHSGdTGbv5S0s6XPJMcxnncgQHcLLxKCS Kzic13zRvdImRg2CCaNTp2BoMnJhEpDv0PxibgE1r4pyCoATYZ75Fd9JIoqntSWJ0PnD 0D4A== X-Gm-Message-State: AFeK/H3wEHrt7vT+xZrqQ0wvATZoHOGxlrJ2eSTL/ibBsRxgBT/yxPS7xfeS9KUw9fGldQ== X-Received: by 10.202.51.10 with SMTP id z10mr6801565oiz.195.1490129965519; Tue, 21 Mar 2017 13:59:25 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id 90sm9252195otb.15.2017.03.21.13.59.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 13:59:25 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, ersek@redhat.com, edk2-devel@ml01.01.org, liming.gao@intel.com, jordan.l.justen@intel.com Cc: leo.duran@amd.com, brijesh.singh@amd.com, Thomas.Lendacky@amd.com Date: Tue, 21 Mar 2017 16:59:24 -0400 Message-ID: <149012996435.26803.4862396764367251740.stgit@brijesh-build-machine> In-Reply-To: <149012994545.26803.15256468111517327020.stgit@brijesh-build-machine> References: <149012994545.26803.15256468111517327020.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [RFC PATCH v2 03/10] OvmfPkg/PlatformPei: Add Secure Encrypted Virutualization (SEV) support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 20:59:26 -0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Initialize Secure Encrypted Virtualization support and set the memory encryption mask PCD. Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 3 + OvmfPkg/PlatformPei/AmdSev.c | 97 +++++++++++++++++++++++++++++++++++ OvmfPkg/PlatformPei/Platform.c | 1 OvmfPkg/PlatformPei/Platform.h | 5 ++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 + 7 files changed, 114 insertions(+) create mode 100644 OvmfPkg/PlatformPei/AmdSev.c diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 546cdf7..769251d 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -506,6 +506,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 383c8d3..3874c35 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -514,6 +514,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0b7533c..fe7f086 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -513,6 +513,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c new file mode 100644 index 0000000..7f05a9a --- /dev/null +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -0,0 +1,97 @@ +/**@file + Initialize Secure Encrypted Virtualization (SEV) support + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +// +// The package level header files this module uses +// +#include + +#include +#include +#include +#include + +/** + + Function returns 'TRUE' when SEV is enabled otherwise FALSE + + **/ +STATIC +BOOLEAN +SevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Function checks if SEV support is available, if present then it updates + the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask. + + **/ +VOID +EFIAPI +AmdSevInitialize ( + VOID + ) +{ + UINT64 MeMask; + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + + // + // Check if SEV is enabled + // + if (!SevIsEnabled ()) { + return; + } + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + MeMask = LShiftU64 (1, Ebx.Bits.PtePosBits); + + // + // Set Memory Encryption Mask PCD + // + PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, MeMask); + + DEBUG ((EFI_D_INFO, "SEV support is enabled (mask 0x%lx)\n", MeMask)); +} diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index 77a8a16..49e6c66 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -667,6 +667,7 @@ InitializePlatform ( NoexecDxeInitialization (); } + AmdSevInitialize (); MiscInitialization (); InstallFeatureControlCallback (); diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h index 18f42c3..a7729b9 100644 --- a/OvmfPkg/PlatformPei/Platform.h +++ b/OvmfPkg/PlatformPei/Platform.h @@ -88,6 +88,11 @@ XenDetect ( VOID ); +VOID +AmdSevInitialize ( + VOID + ); + extern BOOLEAN mXen; VOID diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index 53c6dd4..2cf4ac876 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -35,6 +35,7 @@ MemDetect.c Platform.c Xen.c + AmdSev.c [Packages] IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec @@ -98,6 +99,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress