From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on062f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 89E7221B0386A for ; Fri, 26 May 2017 07:44:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=aWm2DkTr+GQ9dBNsPE4iH8j3CLyE8J8u2A8SL/Poaeg=; b=2KW1wcbpvJGtoTJJWtIo0I0TXvl5nVgLGQrVJWZuiV8IQ3+OpKhuXrS2Sz2W1UgEvU/wYFtcYptKKyO3NmtyZ+Ei5IkuVcwOTDVQn6kGzdKfwmLT0MQMeP/XrIZeYASHFc6wl8XHtgl2QpjdiF16igE/iU0eyZZr9+04rtn6i6Q= Authentication-Results: lists.01.org; dkim=none (message not signed) header.d=none;lists.01.org; dmarc=none action=none header.from=amd.com; Received: from brijesh-build-machine.amd.com (165.204.77.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1124.9; Fri, 26 May 2017 14:44:29 +0000 From: Brijesh Singh To: CC: , , Brijesh Singh , Jordan Justen , Laszlo Ersek Date: Fri, 26 May 2017 10:43:53 -0400 Message-ID: <1495809845-32472-6-git-send-email-brijesh.singh@amd.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1495809845-32472-1-git-send-email-brijesh.singh@amd.com> References: <1495809845-32472-1-git-send-email-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY4PR16CA0024.namprd16.prod.outlook.com (10.172.173.34) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-MS-Office365-Filtering-Correlation-Id: e58e2702-4007-4e59-b34e-08d4a445b77f X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(201703131423075)(201703031133081); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:jMavZLdfrN5O6RAmS0nVUln9I4JeilpCwILfIMyWPGuYQH8DbtKbkROrN74ALf5bMrkkr9fymSRS7VzOrcn1pxai9tM//oGDT2eQQjWtTMV/Qi2l2R6Oc+2GqTihqZF9VCryvx+xSCFCk3q373w+D38Y6kJb8/ab25QxaNQGesX43Y5SQFrRlpKtk5GHd1ifZ6I6eOiFev3mgu0gC/edNbxetRkoRiBWrog2uAyckkZzzbIemufp+wieAQWpPtaGMvtB79hGfcLSv+LIHb0K8qry7k3NC9bnvWLIp0Hlgsb10abyXFL1tcW7fzcZgLGeMp+x4x+p5J9xk8ZTmZXXz4jdaKDZblQj+mBXiFbdA00=; 25:hBHXa9oAWcblW5RDfdm7VzLO7NBwq8Nce8uTYYWDo2CGrGjcppdsghJlNDoLIfWQly1klesxjRtPFyUXG+H97Rcg4rfsFnaFxM9YaIRPED6RMQFEpEwIPm6QdMV3x34nvldODhYkrduhztwV1MdkvAERYTTWaMAhOsqAaRto6UJZowcFYjo4lI/TlQdv8hIv4xGbXF+Rax8tiLjQjzEw941QMfqS1PgEYQMf05OwzOn/7JYK1Mv0t9BJev/XqAYRlxarQkG74fWJrNrJsNGx5uDIf28kKOOQT4wunfsoV7sJR2OOJX2jKo8/nI62w7QphXCD49zq3dFUIAxKbrZDz0gdsc24b8KsA+colwL2SrallsRDzac4O1oH/qu7Gue80hRMdbvmqQqxhCpIgE4bjutKmGlZ9eC8PIGnYHZw/PFrUFhNiuOhAoDZxSSRj6mgM3JMMzFbgk+YZJ5xeSM31MAQsMpy0f+pr0QW6JyTAq4= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 31:6Hx2vkips2edGnVnjXscsxuNt1rXav/EcVORizn3oUgVlIfFWIytkhTBRKTe8o8UCtO5Vcw/1rZdAB6xKNO4GcEg0I1/8K2qc+BqjgNAvF29wvmQ1VlLUavPeq+lt1I8VJV47Dt8v2MTZ317MxjCtJNaGmMRmcI0PKl9YmYvU349EJUbCiXoATFHZyfMpwRVdyOfGFo/9ktX43sXEm4d/L5lNPU4UEYBZc9jzCi7t64=; 20:auYqIaXPpe9xl4ZQ9bvsSutA8M5v4bTfwmu9veHgOoMGwl/yXL/NZ+xSVw2zycvMLQ6F/zEL6ec67V/aYyJqb0GiB2Jf01hsoInE7AUsIHNPc6dlTksPxgiN32y+AQNJbF/QicnP5N/FUxUpPuVaYLQv1ps9oi+AiuoBah8MFOS3cCsLgdH2bEko3h6STr/PkXFYeuVQ3MIce3EmggqyRIhuqbna866r9yu/CcE4W4VN493t8uyYtF7ukwSBkP4uC0jRD2hza5Tw2I3aDFk7yby6f9DaKRoFJUHT1twOcrB/sOMeGQ1gOKJ5+skXSKaKGyFdPHzCcVQRSOjmSN8xeRiSg9TPMsPsRd+xKIDiTLNn8hOI4KD5GNwsSJsazxf2bdhlCxe6xItcCGR3s5bvB676Wie3uHFRH64vgsnRF3A7AYfWfr8s3tr5Y4yerJsAVI1HvbN+NWcSo0rMsLZ96hl8aaKp83FNqK3r+9y8+VvfMUj1G+IbFj9WBEP/x8D3 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 4:jd1yiK/3rTVze4hZc4fGk9ut0+AjkLAVd1IV3Dj5QycGc3jl6vxmZ0PYwCcdb47+1zSVDKIoYQa4LL43RZFBgxP5tIPDrfgnXiNXRVOyZYNWkpQXN65uqIbIbh+k4WVMKIMFzZ+AxO6/RHTpgsecPJA96vF6oN7nuns5TB9dgCcoL8ma+R+SCNEwNzgIudOSnM6Tbprtp6aadXg4WP4/q79ZrVCmZE3MjkV2TO3EGVJ5SM59tfYbEFR/CZgKoFOaWT7j4GOni0uEuA7l3+4qaCGNqaLdmZdbHVo8AyJRWBde9WYiZuMzvlWiheKXPzczDBiG/A5igC0qD5N4HsNtcOL9av383/mNjSRc/D05F7nnP0bmBg8gtDmB9HMsSgqTaDx8ieE9ipp9qT6S8AL6izFC5xQYfaM29zyVV2US+GJBdMa0oSZ40fFdX3JMwUWcZWS4wquFei7pSBcJ9DVnzc3+Tm5mdaBEBK44TVuTgBQBe+bH7o7vUixav699uZLefq8hMH0xoXAji2vS64u3+nWuBtj4e4r73Ph/dw/x84lighieUfM/QYI+5WUwjuzWJF2hyMvE6RWbm4JMrRElgoV9bn/majqSmUTilg/To5c45j5VmMoLI59NyJNr3d3aRdq29lgvDiNy+m9wBfnpJxHzchAmZK6TlxBCleE/U44pZcPufEl8R6Wj2XP8TfZ0FELH1aPn/eF3JEVJEkRSMeVcjB6DTHW6mG8jf2GLO27avbFci366UWuMws/mdJGvMmDHND8lg9/6H3Uh8L5uexUSp74Z4y5LKBdtKqVcLQ1HqEAN55ZjAYzzC7gn3rN5rV/XWaSTZjSibu57zdXonfl04dsfV9dVZehbrvU2iPT6ygITIqoD8ZWfVB5UGoZa X-Forefront-PRVS: 031996B7EF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39450400003)(39410400002)(39840400002)(39860400002)(39400400002)(39850400002)(2950100002)(53376002)(6916009)(6666003)(38730400002)(110136004)(50226002)(6306002)(76176999)(36756003)(81166006)(8676002)(53936002)(16799955002)(86362001)(478600001)(48376002)(15188155005)(54906002)(25786009)(5660300001)(50986999)(189998001)(5003940100001)(33646002)(305945005)(6486002)(2906002)(53416004)(47776003)(2351001)(575784001)(42186005)(966005)(3846002)(6116002)(66066001)(4326008)(50466002)(7736002)(19627235001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:brijesh-build-machine.amd.com; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:YCNvUp5bPHuSzY2FgyelHixbcRpLzthLPXn5iAbrv?= =?us-ascii?Q?m5tH5McdVwMrlgYeTC29cPtVRDWV+ViDHCJxLCD+79lFXcFVoLz5UuIS/fUr?= =?us-ascii?Q?Bitqj9XPOWMZznTjz3VLYKiPQZK2rJZ8YDLevdi7FBaY3xwUirSGDO1+54ha?= =?us-ascii?Q?KhtLxP1bL6EoP4JMZcm5EbT4rROcXKpYT9MiietcPEB0JsPUChwR8XFRtibm?= =?us-ascii?Q?eDDfaDcM2BgMn+E+czzOuAs7LDALvE3ZcO+Igyhg9d9UiUyoUdlijYJDgfhg?= =?us-ascii?Q?B8uVerzJ+Op/wUwnkuR5h9c04W1eLTr7OTxHnP1VaBW2Zg04+wwy5YzrMdwW?= =?us-ascii?Q?Ln6oVJVfM/juNMsced1Qzqe1iM5vJAJpDqGAep9VevQ0KVo4l+f+0YuIcIVz?= =?us-ascii?Q?eLlAmgB9axzVo25Ib+ePeEEuZPjbBsOQhQ2lvsCcZcb9rWS1W6JOE8sVHqUB?= =?us-ascii?Q?2hifrJovPyAt/Zsn7m4nR0r8jk9EDTzjZFwz2bSDAymzu+ysPCkqjdlqgVpq?= =?us-ascii?Q?dwm4M7pzT7VrQxnB7wH1jcoyRIlLzj5I+uuW3gEo3NyCGujRxKIKMbVnI7Qp?= =?us-ascii?Q?izXEyZVfxzbje3dp7Epyc3KiObuqC2OMD6NeP4aKVg4A6rYIAyC3CbwrihFk?= =?us-ascii?Q?pOWfXolF4M20bRblIOjEk+ZNBDq8stXsYJ8IoLmFoyEkQfNLh3kaHRTW79Rm?= =?us-ascii?Q?YoO+yZ3e0aiQv2AXTW7EPtJkzIZ2Z7qEOUE2Qcl5LbmY0zrIgSf3IhmMis7j?= =?us-ascii?Q?3o5SHECz+gPzWC9tOeT5X76JMX/RBHdfKG2ciiJHnhT3YcpGqiohjHrfYOSz?= =?us-ascii?Q?SVFOgNGVhADrAK7/hVvUwaxNAGZcR+dDueHat0/0npz1HvTusKsz5yFAEac+?= =?us-ascii?Q?Mu3sF0hwUpH2ZG4ymXxY8AoIAny17kQ9sBFrKy1plbK/blA/gRLe6LNU6B5Q?= =?us-ascii?Q?pVQ9IDyScz5bFSzwL2ByX1WHsGtATx39q4OZDBKAeYulUejOrNJyO+JVxl8M?= =?us-ascii?Q?NLjk9XYK5TazQQE7dTdnrs24VkCWm+3nrQYQj1YX+eTF/Y8PtjgHpOwDcpLa?= =?us-ascii?Q?CLJxCTZOWK/hqPeCaUGyqY2eZf4uDRfcRRU7OgGdg5WZIxXjkGmiaMrUtwAi?= =?us-ascii?Q?vnjwfkDfouA/5aWJeCJlu0cOO/Z6Amo9wSnBWQK32L+kqcYRi+3Q2IDb4HMp?= =?us-ascii?Q?As4YcpurDQp7qhXSIyumjwKLFz+2D/gFdbU2TtZ5dNk7eKe2gx6MvK89IZY2?= =?us-ascii?Q?2xv68qgj0eN2ZdQUfw=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:dkCe7L9r1wA/ifEAbtvvm9Q5djYvedYsCHVPtgLplYRk0VzM59fZ+iVhkrlC1QhCLQ2VvMPWtujUzXXYe4QhsgGp86ikGavOBJE6KCIhWvrDGcR/0L3rLkWpy5sIg8vT/gn+Uo2S6oHH5uBM1YFvzgLxguphviHcJiadU9SqFMN3LtOce0asHuCBhV5NhDt1bEB416CfzYiUoJDqR+51xs8usLbnII2iOcVP+4cEk+FUHBpAmuD8ff2bSA5XK9Zab1tuvhgkWDafMDBTkobxodmc1+J1QgTUCNfHPiOYdSGQ+osd7Uu9wRTpffk1jAIRCakIksw4gIpaDgcskj7p+o5jzLT4hnYYI6kd4+ymqAest6PBeP/tIQzx8P3++6/HB3WcvvoFguy6whWU3ENU/GMLpQX1OoZjFXUBUGcPo1CUxsen+72fidgN28PitChL17CR2nCpRFuoVOlBvUD/qNmfQD3guaje23SksCB7DB0haRCPGnx9gR/mBLrA/JpZNgZ7M8DHQ8qTHyiwpIVFAYJ50ltfvLOgBiN5pu67gck=; 5:LX0kE6GNNepNOlriTvKnvV5Ylmyh9eylvrLOJT37RpIu0JV99pYFw191cdvDqnSw6ND+SPpzumkfHEQ5jhiWy/1Owx6RMt7TujpHx8jCc/RzIGSPDkZFz3+rndFtx/Ko9SC1R54QNXwRhO3zza6mAw==; 24:hqy2RlSpU/eibh4H0CFk07KnoXyA2U4AkWEz2M8B5EPIVESCWetWlfTiKBNcJXqSDWm0hi/lSw72cY/uI7TN9AWEEc4Jt6WakJX8uDsKo1U= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 7:p2GRByjlW+2rjN4EsHHmmQtyt8zj3Na2oWMFtfZZ0N596/95XAfSe5BEpr6ZOG9D8FFdyK44XSbCeL8zv3tG7j/6nQOQEDxqnN62L9E2hCIn6/xGUABbRSeM0K2RwsOnVcJEeIGsJTMyYUyOq7CURpn1IQDIC/K0esFUmzJMpYET1eIG5weVYE1HDo6cL7hk3grO7s48g83ffZiWUKJ3NVwrIxai0Fd6UcDaqNIJxcTD+cV0N89StcjURSNouxcuoWp+uLn4CxN/0y0SdTPJthiAvpmsneaWcW1ua82+gXqFJfpTqnsNk8eTk5ja2jjV/4+7bIQo1xhoRr2H1DZy8w==; 20:MFG4H/hqHKp0380q4b773TPctg9MqE4oYiIcmRZYkeYDGXAR+CpN+Ubegkd6dvAWYPghGzHrVGb21N2ODXt9fhPh8dQbWFbtMmVX7lZ/fWCTp00taBKm+qq9ajU6I55DjaeMT3LBHrAWdtansvqINkVfjKDQ1WXTvSUW5/dCuFN2Z1Rd5/VK+skVTqPcCZUCLSadjwO6kMoblXketSN8T3+uuNpwQzKx+UoH3FdBwe8NNN0kQmunPMnSBu8POZwi X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2017 14:44:29.9606 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Subject: [PATCH v6 05/17] OvmfPkg/PlatformPei: Set memory encryption PCD when SEV is enabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2017 14:44:31 -0000 Content-Type: text/plain Secure Encrypted Virtualization (SEV) guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. For data memory, SEV guest VMs can choose which pages they would like to be private. The choice is done using the standard CPU page tables using the C-bit. When building the initial page table we mark all the memory as private. The patch sets the memory encryption PCD. The PCD is consumed by the following edk2 modules, which manipulate page tables: - PEI phase modules: CapsulePei, DxeIplPeim, S3Resume2Pei. CapsulePei is not used by OVMF. DxeIplPeim consumes the PCD at the end of the PEI phase, when it builds the initial page tables for the DXE core / DXE phase. S3Resume2Pei does not consume the PCD in its entry point function, only when DxeIplPeim branches to the S3 resume path at the end of the PEI phase, and calls S3Resume2Pei's EFI_PEI_S3_RESUME2_PPI.S3RestoreConfig2() member function. Therefore it is safe to set the PCD for these modules in PlatformPei. - DXE phase modules: BootScriptExecutorDxe, CpuDxe, PiSmmCpuDxeSmm. They are all dispatched after the PEI phase, so setting the PCD for them in PlatformPei is safe. (BootScriptExecutorDxe is launched "for real" in the PEI phase during S3 resume, but it caches the PCD into a static variable when its entry point is originally invoked in DXE.) Cc: Jordan Justen Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh Reviewed-by: Laszlo Ersek --- OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 3 + OvmfPkg/PlatformPei/PlatformPei.inf | 3 + OvmfPkg/PlatformPei/Platform.h | 5 ++ OvmfPkg/PlatformPei/AmdSev.c | 62 ++++++++++++++++++++ OvmfPkg/PlatformPei/Platform.c | 1 + 7 files changed, 80 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 98691c0a6d99..55f7e4269938 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -534,6 +534,9 @@ [PcdsDynamicDefault] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 3b51513a4d95..dfc2534fc998 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -542,6 +542,9 @@ [PcdsDynamicDefault] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index ebf07cd585dd..60e42794483b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -541,6 +541,9 @@ [PcdsDynamicDefault] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) == TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index a1e12c1fc7e2..16a8db7b0bd2 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -29,6 +29,7 @@ [Defines] # [Sources] + AmdSev.c Cmos.c FeatureControl.c Fv.c @@ -60,6 +61,7 @@ [LibraryClasses] QemuFwCfgLib QemuFwCfgS3Lib MtrrLib + MemEncryptSevLib PcdLib [Pcd] @@ -93,6 +95,7 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h index 18f42c3f0ea8..a7729b9df44b 100644 --- a/OvmfPkg/PlatformPei/Platform.h +++ b/OvmfPkg/PlatformPei/Platform.h @@ -88,6 +88,11 @@ XenDetect ( VOID ); +VOID +AmdSevInitialize ( + VOID + ); + extern BOOLEAN mXen; VOID diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c new file mode 100644 index 000000000000..26f7c3fdbb13 --- /dev/null +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -0,0 +1,62 @@ +/**@file + Initialize Secure Encrypted Virtualization (SEV) support + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the license + may be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +// +// The package level header files this module uses +// +#include + +#include +#include +#include +#include +#include + +/** + + Function checks if SEV support is available, if present then it sets + the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask. + + **/ +VOID +EFIAPI +AmdSevInitialize ( + VOID + ) +{ + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + UINT64 EncryptionMask; + RETURN_STATUS PcdStatus; + + // + // Check if SEV is enabled + // + if (!MemEncryptSevIsEnabled ()) { + return; + } + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits); + + // + // Set Memory Encryption Mask PCD + // + PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask)); +} diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index 3e9fda7c7ab0..ede4a1298558 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -668,6 +668,7 @@ InitializePlatform ( NoexecDxeInitialization (); } + AmdSevInitialize (); MiscInitialization (); InstallFeatureControlCallback (); -- 2.7.4