From: Brijesh Singh <brijesh.singh@amd.com>
To: edk2-devel@lists.01.org
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State
Date: Wed, 21 Feb 2018 10:52:11 -0600 [thread overview]
Message-ID: <20180221165212.6643-2-brijesh.singh@amd.com> (raw)
In-Reply-To: <20180221165212.6643-1-brijesh.singh@amd.com>
When OVMF is built with SMM, SMMSaved State area (SMM_DEFAULT_SMBASE +
SMRAM_SAVE_STATE_MAP_OFFSET) contains data which need to be accessed by
both guest and hypervisor. Since the data need to be accessed by both
hence we must map the SMMSaved State area as unencrypted (i.e C-bit
cleared).
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++++
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 19 +++++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index 41635a57a454..162ed98a2fbe 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -29,6 +29,7 @@ [Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
OvmfPkg/OvmfPkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
BaseLib
@@ -41,3 +42,6 @@ [LibraryClasses]
[Depex]
TRUE
+
+[FeaturePcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index e472096320ea..5ec727456526 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -25,6 +25,8 @@
#include <Library/UefiBootServicesTableLib.h>
#include <Library/DxeServicesTableLib.h>
#include <Library/MemEncryptSevLib.h>
+#include <Register/SmramSaveStateMap.h>
+#include <Register/QemuSmramSaveStateMap.h>
EFI_STATUS
EFIAPI
@@ -71,5 +73,22 @@ AmdSevDxeEntryPoint (
FreePool (AllDescMap);
}
+ //
+ // When SMM is enabled, clear the C-bit from SMM Saved State Area
+ //
+ if (FeaturePcdGet (PcdSmmSmramRequire)) {
+ EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress;
+
+ SmmSavedStateAreaAddress = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET;
+
+ Status = MemEncryptSevClearPageEncMask (
+ 0,
+ SmmSavedStateAreaAddress,
+ EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)),
+ FALSE
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
+
return EFI_SUCCESS;
}
--
2.14.3
next prev parent reply other threads:[~2018-02-21 16:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-21 16:52 [PATCH 0/2] Add SMM support when SEV is active Brijesh Singh
2018-02-21 16:52 ` Brijesh Singh [this message]
2018-02-22 11:20 ` [PATCH 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State Laszlo Ersek
2018-02-22 11:21 ` Laszlo Ersek
2018-02-27 12:17 ` Brijesh Singh
2018-02-21 16:52 ` [PATCH 2/2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Clear C-bit when SEV is active Brijesh Singh
2018-02-22 12:08 ` Laszlo Ersek
2018-02-27 12:23 ` Brijesh Singh
2018-02-27 17:17 ` Laszlo Ersek
2018-02-27 20:37 ` Brijesh Singh
2018-02-28 15:21 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180221165212.6643-2-brijesh.singh@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox