From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.54]) by mx.groups.io with SMTP id smtpd.web10.22928.1628516492457412423 for ; Mon, 09 Aug 2021 06:41:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=SUY/T/E8; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.54, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g49nvvOBV9xzmK0l7504Ls2GrKZ0klUxWTW4ZkwiaJH3qlCpcvKiC70C2w8Dl5gDKVtKocWo36FghLCcMjREzgNx+9TriZH0W8QBMvDTMeIus+/SqUadQC3cIyp+ftLVDDnySSNnJDVy9Tlx1P7pZq8NFNf/tleLsrNZJTvfFl3v64wyTRvTlCArDCiZc2KxfH7rLdYW9JTYJ++ZHwS223oq1stS/+coDqruROVJ+Qxj0JmfacauRwAZ6dDgQgVqeJ3nPdDnc65zN/X9kgKhRmv0fzA1aIhd4VkKEbNRRLbhy3X+8xKQidRO8OHwBLfOtVuC373vhB0AldCA2LZgkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MuBjlsUV9u+MiBTta9/n1uZOW88rCThi3XlddyCgarY=; b=WvsO/RaCP2Ua8RmBTI0cmUw00aepSbRvtlc38Iq7OZx814hq5yFUv1Gnxal4Q4Z1BA9X38qWbuTk5MClyong1ed2/4vITSk6i2/eBZow3+VqjSaGcwClPhnpHiieExBqPruY0yXBwKG1R23gDU+jfT7pNKgsRDIe09OMK/BbkqIP0VVJG+OqORB5dWJIGMFEW3nEefAxUw3ZI26jXCVjhYvafjHMLKf7KD9XOrruANZqKb6WKJjJAxB8vTCAq9Zcc+g0QX+z1yZSq75QBtnjSI7kCvzIXSVQUOtds2JsVMzq+hlgCUbzKgVjmxKbRRXhw4m5q/xeizp8F52OMGrbZw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MuBjlsUV9u+MiBTta9/n1uZOW88rCThi3XlddyCgarY=; b=SUY/T/E8XydBKmJGaPik2taVEor97xEUkU2XW0pdrHB3O4Ybqw47UwXK9zrzQitxZ4/CAAR5pC4e14Jfl8YaXvdFkx9/1zg58KLsuMxkBBGXB2vpxJXo/AV7Q3xJAexuiQyc5i1I/QJa0Zfh+FRuvNGWzQG10iDVWapz0+uGTKo= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM6PR12MB5549.namprd12.prod.outlook.com (2603:10b6:5:209::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.16; Mon, 9 Aug 2021 13:41:30 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4394.023; Mon, 9 Aug 2021 13:41:30 +0000 Subject: Re: [PATCH v6 1/6] OvmfPkg/BaseMemEncryptLib: Detect SEV live migration feature. To: Ashish Kalra , devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, jejb@linux.ibm.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com References: <812023de6c20a9d8fc62a561cedefb93640effab.1627906232.git.ashish.kalra@amd.com> From: "Lendacky, Thomas" Message-ID: <172fa9d6-6edb-41b1-c827-03b04d964469@amd.com> Date: Mon, 9 Aug 2021 08:41:27 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <812023de6c20a9d8fc62a561cedefb93640effab.1627906232.git.ashish.kalra@amd.com> X-ClientProxiedBy: SA9PR13CA0066.namprd13.prod.outlook.com (2603:10b6:806:23::11) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.241] (165.204.77.1) by SA9PR13CA0066.namprd13.prod.outlook.com (2603:10b6:806:23::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.6 via Frontend Transport; Mon, 9 Aug 2021 13:41:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ed116fdc-78c9-4ccb-6cc3-08d95b3b64a6 X-MS-TrafficTypeDiagnostic: DM6PR12MB5549: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: T3YLvmAgJUN6qEu/OwWYiQYnTaj5NBUfJ53nr2s39X1iXAf+xeZqeH4GDc23v0Fd525cpdG6MHVav2EBcZwYMoq+lKvK7FltU3H+rWLahZ+7LMxkA2yGjINd/nXwU+ExWsWGvyXKT1kP6gbtXlnSqsJRoaQfVHTuksUyPeq1zszB5p9Y9E+dZUNi145MbrUH42xDxpIPD0Y6Cnwn14MdNqELtAJTLlddWiwhOK2w+TbS235Pm+ysw6HxFhl8gjodDGF7lvgOB3gK+6NqiqG/oTeLqsSekIsunRMQu1VodoILAC1WkJKyAXZGw0nhCZdtDpkPtdgxsYtNQG01qEJ+GU9siFFbQj1lmm5UHJlPlgpMdn2Gk3Gyk2C/5br2+gclMT/TlwRFcKTiyKW28nUAWO/CP98Lor2HDzqttQ6/OSvrylvS9UTt0j8mW0DE5a3T0Ds2z8QJq6mFwtt3T8/8vYmFqOdpwcxc8hgIuvH0GUJIA14mEcFsoZTIfWl5UpY7YjQ1cDCGeTKNZm5HS2jts3vtEmBBJ2TR74tXhdnPfUpqEfTNR27x4uy+3gZ0bBdJ/k0wffv/LVpsHqM8s3jeLJsonXutCw9ETDA84O07AsmX7IHsMcCAdUmWRQy/tf4nXT6v6PaVksk54BTf0nowt88leagMB0B41zn0mlraNSeJf3lFaCzrfWRtbQcmUis5pTmtM1Xkss92v5luUC/EJDtj5pjqV9YKE/zgSEozFGVPRCNSQrEi6v+0kH0OVDXB X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(396003)(39860400002)(346002)(136003)(8676002)(83380400001)(16576012)(86362001)(36756003)(8936002)(31696002)(26005)(478600001)(2906002)(316002)(186003)(66946007)(31686004)(66476007)(66556008)(5660300002)(53546011)(4326008)(956004)(6486002)(38100700002)(2616005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TVdBMXllaDlkL3dWZDZWY1lOejRlUTVNUzJrUzl6eU9YR2dvd3h0d3NnQno2?= =?utf-8?B?Z2FUeGcyYWR0OXRsWnRmZ3JJaW9tSzNkMVFUem92S3d1OStpeEJ6eUdwd1VO?= =?utf-8?B?WDFDRWplRHg1ZkVQbmxxeTdiRHFEWkNXU0JONmgxdllRN1VoY0hPVkE0Qi8x?= =?utf-8?B?d2ZyZWRqRDUzdEtrdmV2cUVrRERPblJHVTFIaDB1VTM0ZkxYVEZoYWtkaUhV?= =?utf-8?B?OTlSM2tkVWQ2MUdDY0IzUkxwVXlJSWpyK08xTEdjSjh0bGRKT0RzVi8xRjNM?= =?utf-8?B?QmhtRm9vTlZscm92ZFRIam51eDdBU2xyUUk3ZXJGNlcycVZlZTZNanZRSkFP?= =?utf-8?B?SmRnSHdQemtLWUJjL0F4eFVXWVB4aE5MZDRnWGo5MGpycjZVR1FLQlQ3eVpP?= =?utf-8?B?VzZXMlQ4MkY3clNJZjM4NSszUmFDVThkNUVsZTdxdGRZMHh1WDVDWkFyV1oy?= =?utf-8?B?dkZ1V1EyTzZGWVV3UkRDQ2gwSlk4M3RCZ0p1dnhKaERWS3h0VEY0RlJIRE5T?= =?utf-8?B?SGhHYTRzZ2NlR1UrNUpMZGkzT2ZBdGEwY1gra0VtQVdxV0p5TDk3QitSc3pZ?= =?utf-8?B?c2VuMHp4b1Fya1lYS09MNUNvbEN4c040RVhENXorbUx6OVFhbFBIOUpoTVMw?= =?utf-8?B?ZmNGMjJxUVdwdCtJSnJjMkJ0Q3Y1S0c2VTFhek9ISm9OWVdvc2lMTStvU2d3?= =?utf-8?B?bjgzM0FkWjh3aGVwckdwQ01FVmMrOUVDYUY1ZkhiSFFjQTZqVkNWdjkrcUtu?= =?utf-8?B?SVFRc3lsdFhwQkRNM2ZJRlhBdGJBbGduZ0tiV2xRNjdwNThhYW9ZdGJNL2pL?= =?utf-8?B?NGdwWUYxNTFxek5aUDU4bHlsblhwc24wRFFwSnRpczhFMFVJT1lhTFdQcGR6?= =?utf-8?B?VlB5b01IZFVqQlVWWlh5aFdTMm9oOHJwRWpEMExCV0FmV0w1L2tmZC9PMjNZ?= =?utf-8?B?YVhINWtGNmgzbW5lSExxUlcrRlJ5T2c0VTRHQWI3cFhZK0FJbVpPdmFqZ0Zs?= =?utf-8?B?RUhyUnNyMXNDRUZwVG5Ed2VTMk1mRjZTSGxqTXdPYzFQWkI3VDlXQjQxZVZH?= =?utf-8?B?Q3RKUVhjUUxWZHJ1SE03bExnT0hHcVNrTHdGZ0R6cm1mTm9BWVZueVR3bUxC?= =?utf-8?B?VURiS0FLcE8vMFc2Y0xJRUlYWWQ4a1Urd21sdnMzRjZFSzJ6enVYS0dtVGV3?= =?utf-8?B?MTNTTDBKcWJSNCtxU2pFWVR5SHo1Ym9SdEM2UGZwWjh1SmJyNElkaVhQTERC?= =?utf-8?B?YUQrMVBFUk4yNmVTZGs5YWhVN1I5cXo0T2FMM2tZTXpib1NMZTVUTHc4YmtK?= =?utf-8?B?TzlwYjhyUVlGL3Q1bmtnalE1ekZOTGl3TjR1c2RRSFZDcDJRbGFON0M0eXF0?= =?utf-8?B?NW5lQnNDd0NjMzZFd3BqSUhXYThISm5uZDhlSko2RHFjemJJeE9jT2E3ckpz?= =?utf-8?B?Mmd4akpocDJxaVhWdWpzU1RrQWllNWZXTmdSK0hiWW5WOGpidkhmSHdOcTdQ?= =?utf-8?B?L0F2QnhtKzgxdUJlQWRiOUhsd1owTzk0aVAvOXV5ZlNGbk9hY2xOd1pEbEIy?= =?utf-8?B?UnVYY1M1UEhaUGwrVlA5aWE5NFlZbUJpQ25CbjZaTERCcmd1cHVsbHZGYUFZ?= =?utf-8?B?OGJLQlhYdm9CeS96aXYzVTM2U01tN1ZqQmpJcGhnMkRlVkFwM0dOZGhnbmg1?= =?utf-8?B?bXJpRTdmOWd2UnJzaXFDbk9CaTNCRlNoTVJudFVDNVVwK09rd1IzaStFUitq?= =?utf-8?Q?HwVtjIOKFh2ukapKvjTPJ3anpvX82PU8YyzIqWN?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ed116fdc-78c9-4ccb-6cc3-08d95b3b64a6 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Aug 2021 13:41:30.1951 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Tzi9XtZfWi71DuToVCPApGvHuTu5LkDV9cX6JLrPFjqJm2vfzQRMBFTo9gRJtwKH3BWflygnWCYHRTaOoLAxAw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB5549 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 8/2/21 7:31 AM, Ashish Kalra wrote: > From: Ashish Kalra > > Add support to check if we are running inside KVM HVM and > KVM HVM supports SEV Live Migration feature. > > Cc: Jordan Justen > Cc: Ard Biesheuvel > Signed-off-by: Ashish Kalra > --- > OvmfPkg/Include/Library/MemEncryptSevLib.h | 27 ++++++++++ > OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 39 +++++++++++++++ > OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c | 52 ++++++++++++++++++++ > OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 39 +++++++++++++++ > OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 18 +++++++ > 5 files changed, 175 insertions(+) > > diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h > index 76d06c206c..59f694fb8a 100644 > --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h > +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h > @@ -90,6 +90,18 @@ MemEncryptSevIsEnabled ( > VOID > ); > > +/** > + Returns a boolean to indicate whether SEV live migration is enabled. > + > + @retval TRUE SEV live migration is enabled > + @retval FALSE SEV live migration is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevLiveMigrationIsEnabled ( > + VOID > + ); > + > /** > This function clears memory encryption bit for the memory region specified by > BaseAddress and NumPages from the current page table context. > @@ -222,4 +234,19 @@ MemEncryptSevClearMmioPageEncMask ( > IN UINTN NumPages > ); > > +#define KVM_FEATURE_MIGRATION_CONTROL BIT17 > + > +/** > + Figures out if we are running inside KVM HVM and > + KVM HVM supports SEV Live Migration feature. > + > + @retval TRUE SEV live migration is supported. > + @retval FALSE SEV live migration is not supported. > +**/ > +BOOLEAN > +EFIAPI > +KvmDetectSevLiveMigrationFeature( > + VOID > + ); > + I don't think KvmDetectSevLiveMigrationFeature() should be in OvmfPkg/Include/Library/MemEncryptSevLib.h since it isn't called except as a helper by InternalDetectSevLiveMigrationFeature(). You should probably create a new PeiDxeMemEncryptSevLibInternal.h header file for that function that lives in OvmfPkg/Library/BaseMemEncryptSevLib. > #endif // _MEM_ENCRYPT_SEV_LIB_H_ > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c > index 2816f859a0..ead754cd7b 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c > @@ -20,6 +20,8 @@ > STATIC BOOLEAN mSevStatus = FALSE; > STATIC BOOLEAN mSevEsStatus = FALSE; > STATIC BOOLEAN mSevStatusChecked = FALSE; > +STATIC BOOLEAN mSevLiveMigrationStatus = FALSE; > +STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE; > > STATIC UINT64 mSevEncryptionMask = 0; > STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE; > @@ -87,6 +89,24 @@ InternalMemEncryptSevStatus ( > mSevStatusChecked = TRUE; > } > > +/** > + Figures out if we are running inside KVM HVM and > + KVM HVM supports SEV Live Migration feature. > +**/ > +STATIC > +VOID > +EFIAPI > +InternalDetectSevLiveMigrationFeature( > + VOID > + ) > +{ > + if (KvmDetectSevLiveMigrationFeature()) { Add a space before the "()" > + mSevLiveMigrationStatus = TRUE; > + } > + > + mSevLiveMigrationStatusChecked = TRUE; > +} > + > /** > Returns a boolean to indicate whether SEV-ES is enabled. > > @@ -125,6 +145,25 @@ MemEncryptSevIsEnabled ( > return mSevStatus; > } > > +/** > + Returns a boolean to indicate whether SEV live migration is enabled. > + > + @retval TRUE SEV live migration is enabled > + @retval FALSE SEV live migration is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevLiveMigrationIsEnabled ( > + VOID > + ) > +{ > + if (!mSevLiveMigrationStatusChecked) { > + InternalDetectSevLiveMigrationFeature (); > + } > + > + return mSevLiveMigrationStatus; > +} > + > /** > Returns the SEV encryption mask. > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c > index b4a9f464e2..d7fc973134 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c > @@ -61,3 +61,55 @@ MemEncryptSevLocateInitialSmramSaveStateMapPages ( > > return RETURN_SUCCESS; > } > + > +/** > + Figures out if we are running inside KVM HVM and > + KVM HVM supports SEV Live Migration feature. > + > + @retval TRUE SEV live migration is supported. > + @retval FALSE SEV live migration is not supported. > +**/ > +BOOLEAN > +EFIAPI > +KvmDetectSevLiveMigrationFeature( Add a space before the "(" > + VOID > + ) > +{ > + CHAR8 Signature[13]; > + UINT32 mKvmLeaf; > + UINT32 RegEax, RegEbx, RegEcx, RegEdx; Coding style requires these to be four separate declarations. > + > + Signature[12] = '\0'; > + for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) { I still really don't understand the need for the CPUID loop. KVM only ever programs CPUID function 0x40000000, right? > + AsmCpuid ( > + mKvmLeaf, > + NULL, > + (UINT32 *) &Signature[0], > + (UINT32 *) &Signature[4], > + (UINT32 *) &Signature[8]); > + > + if (AsciiStrCmp (Signature, "KVMKVMKVM") == 0) { > + DEBUG (( > + DEBUG_INFO, > + "%a: KVM Detected, signature = %a\n", > + __FUNCTION__, > + Signature > + )); > + > + RegEax = mKvmLeaf + 1; > + RegEcx = 0; > + AsmCpuid (mKvmLeaf + 1, &RegEax, &RegEbx, &RegEcx, &RegEdx); > + if ((RegEax & KVM_FEATURE_MIGRATION_CONTROL) != 0) { > + DEBUG (( > + DEBUG_INFO, > + "%a: SEV Live Migration feature supported\n", > + __FUNCTION__ > + )); > + > + return TRUE; > + } > + } > + } > + > + return FALSE; > +} > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > index e2fd109d12..9db6c2ef71 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > @@ -20,6 +20,8 @@ > STATIC BOOLEAN mSevStatus = FALSE; > STATIC BOOLEAN mSevEsStatus = FALSE; > STATIC BOOLEAN mSevStatusChecked = FALSE; > +STATIC BOOLEAN mSevLiveMigrationStatus = FALSE; > +STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE; > > STATIC UINT64 mSevEncryptionMask = 0; > STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE; > @@ -87,6 +89,24 @@ InternalMemEncryptSevStatus ( > mSevStatusChecked = TRUE; > } > > +/** > + Figures out if we are running inside KVM HVM and > + KVM HVM supports SEV Live Migration feature. > +**/ > +STATIC > +VOID > +EFIAPI > +InternalDetectSevLiveMigrationFeature( Add a space before "(" > + VOID > + ) > +{ > + if (KvmDetectSevLiveMigrationFeature()) { Add a space before "()" Thanks, Tom > + mSevLiveMigrationStatus = TRUE; > + } > + > + mSevLiveMigrationStatusChecked = TRUE; > +} > + > /** > Returns a boolean to indicate whether SEV-ES is enabled. > > @@ -125,6 +145,25 @@ MemEncryptSevIsEnabled ( > return mSevStatus; > } > > +/** > + Returns a boolean to indicate whether SEV live migration is enabled. > + > + @retval TRUE SEV live migration is enabled > + @retval FALSE SEV live migration is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevLiveMigrationIsEnabled ( > + VOID > + ) > +{ > + if (!mSevLiveMigrationStatusChecked) { > + InternalDetectSevLiveMigrationFeature (); > + } > + > + return mSevLiveMigrationStatus; > +} > + > /** > Returns the SEV encryption mask. > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c > index 56d8f3f318..d9f7befcd2 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c > @@ -100,6 +100,24 @@ MemEncryptSevIsEnabled ( > return Msr.Bits.SevBit ? TRUE : FALSE; > } > > +/** > + Returns a boolean to indicate whether SEV live migration is enabled. > + > + @retval TRUE SEV live migration is enabled > + @retval FALSE SEV live migration is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevLiveMigrationIsEnabled ( > + VOID > + ) > +{ > + // > + // Not used in SEC phase. > + // > + return FALSE; > +} > + > /** > Returns the SEV encryption mask. > >