From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot0-x241.google.com (mail-ot0-x241.google.com [IPv6:2607:f8b0:4003:c0f::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C17D58036C for ; Tue, 21 Mar 2017 14:13:02 -0700 (PDT) Received: by mail-ot0-x241.google.com with SMTP id i50so14210125otd.0 for ; Tue, 21 Mar 2017 14:13:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=f3/iLQIf7JokuvhIF44ldKgn/Y+KES7ocdXXeBIu70k=; b=NwnAZvWum2aHuw4llMLmed7KGb1t0voUkQKrX9G9YPbvyblxsYYrMCj2CDeVthKw1D ofB1V/DueXy4EZSJxfLthpyl7dw1RV7Kj84DPdKfco0pfSg4p8TCsBiElVZbzIW/vixf oScqwr3zUGm5q/xeCoIoQmGYZUDmQaEUfpzAcCoS7LDH8/tVQwcdutIa31oxgJ3/sQN/ /2iClFlOs2/cjxDzYtsPT470kVfd/vkQNRWGUvXYPDrAACKqLEHdEVw90lTI+ntNq46O lhHUlkrgWbBihkfcXCp0t6C4ljpFfIJ1Rh/BH9UtzP3VP5J7jiwd+D8/r1hmA4vxxTcz Mh4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=f3/iLQIf7JokuvhIF44ldKgn/Y+KES7ocdXXeBIu70k=; b=sxgzhO/V3YgTOQ48/MHQ6VIR24N3trEnIPSHAQWubQn2QgoUpNBkSdSb1sMAQNlUNf PdycWJjjPL185NaO9gWpX7ZzS7NzL9rcrzMu+JBujhDfNlHfDbDWKV1OTFHeKvCMBHt3 4akCHJf8mYw4ck/S6SJGSvE6WmSHCYpE9MhKF2DBLSeRC+D4LNkap+GkMqrWXajfIQUd Yoq4fWU+gXS+JMG45i6ojwmjX9gFmMLFgHiROtWqJd21yCyTmJ3lxlbkljzr7RGurwMP 8tGTrdgo0HZ68ZESn7AJ36hU0fASckFSDnCs5c/NKzkV77SLovi3I1utkNBRLSkOBtcS B4IQ== X-Gm-Message-State: AFeK/H0Yc6jhNLVuwFn3+tSyhfzuzehhkuzCjQN2QeZiH+L2G6kP43RQyfjE5By9k7yElg== X-Received: by 10.157.47.172 with SMTP id r41mr18090820otb.39.1490130782061; Tue, 21 Mar 2017 14:13:02 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id v16sm9376679otf.8.2017.03.21.14.13.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:01 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Cc: leo.duran@amd.com, brijesh.singh@amd.com, Thomas.Lendacky@amd.com Date: Tue, 21 Mar 2017 17:13:01 -0400 Message-ID: <149013078089.27235.18195163049694122262.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [RFC PATCH v2 03/10] OvmfPkg/PlatformPei: Add Secure Encrypted Virutualization (SEV) support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 21:13:03 -0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Initialize Secure Encrypted Virtualization support and set the memory encryption mask PCD. Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 3 + OvmfPkg/PlatformPei/AmdSev.c | 97 +++++++++++++++++++++++++++++++++++ OvmfPkg/PlatformPei/Platform.c | 1 OvmfPkg/PlatformPei/Platform.h | 5 ++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 + 7 files changed, 114 insertions(+) create mode 100644 OvmfPkg/PlatformPei/AmdSev.c diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 546cdf7..769251d 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -506,6 +506,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 383c8d3..3874c35 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -514,6 +514,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0b7533c..fe7f086 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -513,6 +513,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c new file mode 100644 index 0000000..7f05a9a --- /dev/null +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -0,0 +1,97 @@ +/**@file + Initialize Secure Encrypted Virtualization (SEV) support + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +// +// The package level header files this module uses +// +#include + +#include +#include +#include +#include + +/** + + Function returns 'TRUE' when SEV is enabled otherwise FALSE + + **/ +STATIC +BOOLEAN +SevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Function checks if SEV support is available, if present then it updates + the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask. + + **/ +VOID +EFIAPI +AmdSevInitialize ( + VOID + ) +{ + UINT64 MeMask; + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + + // + // Check if SEV is enabled + // + if (!SevIsEnabled ()) { + return; + } + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + MeMask = LShiftU64 (1, Ebx.Bits.PtePosBits); + + // + // Set Memory Encryption Mask PCD + // + PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, MeMask); + + DEBUG ((EFI_D_INFO, "SEV support is enabled (mask 0x%lx)\n", MeMask)); +} diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index 77a8a16..49e6c66 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -667,6 +667,7 @@ InitializePlatform ( NoexecDxeInitialization (); } + AmdSevInitialize (); MiscInitialization (); InstallFeatureControlCallback (); diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h index 18f42c3..a7729b9 100644 --- a/OvmfPkg/PlatformPei/Platform.h +++ b/OvmfPkg/PlatformPei/Platform.h @@ -88,6 +88,11 @@ XenDetect ( VOID ); +VOID +AmdSevInitialize ( + VOID + ); + extern BOOLEAN mXen; VOID diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index 53c6dd4..2cf4ac876 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -35,6 +35,7 @@ MemDetect.c Platform.c Xen.c + AmdSev.c [Packages] IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec @@ -98,6 +99,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress