From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.44]) by mx.groups.io with SMTP id smtpd.web10.8988.1607437446454167064 for ; Tue, 08 Dec 2020 06:24:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=X1Agqf2o; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.44, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aRsTjTbP1FdfcpU7Nvb5F7Cmeu6Zy1972Idb1hXe8gpP0VctVDmb0acsBZIpQOEwlHdQj/PMAILLe81qja0s9PPe3KA5uJ/HFUQWbKzsKWM+WdiMRdBVjS+5BnXQefaRcE6uW3U3ng8DpicETTsEicU+7JqIUvyMC5FdrKgMQAFd4k3cTWEaw1k974jhlx27W1klHqp5d8eZ8Q2WRtru2fpFXgLaazsu2fQeeRgTEnVVJ/lMW7PesbUCcmWGJsT6K4HkumkV2jpp4lJwLR59A8aGxPk7j2+Xz2QEqAvEk+1v9bKLKokdqbsMAADP+7ARieycsTAnUJzCrxt48MX0Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g/W8GwUM0fwFcDTqsc3Xy6r9CEoHaYe385WIW8eJySo=; b=JsUYN5gYWJJMvn4ZnUNPuiMSH7HFSSWGxWCC69i/0dzYbdVcUV+2qGmPsySkdC8Bpwa6hA8YmBb1KVSYCUaVjGE1edK4JDUzjylbx6L6glzK7X+Ftf1Bijtp57NUe1rv3+Zu2iRVCcDiklO0NcTyiKPQJ8pvBlhzViHOTy32+J5kjn2osRmoVUhPdq/5L8mXfj8jXscxB7QRSZybgfjmLDGqtq9zOuTrHiV5X4GzmorfEuZQNwCFJs+K5toipVKgjlL9KVBFOGBUIjw1ZxwJffGk4YdaZw+6uQKnwFqbw63OZWNK2ZzrER7DnhSehDNjXrdGnyZxmGUKlQzmBiiWIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g/W8GwUM0fwFcDTqsc3Xy6r9CEoHaYe385WIW8eJySo=; b=X1Agqf2o5t/PVV58bjiB18885FH/HumR2XDT5yGxZBwcE/3hip81WvmpRo80c2LCRnD4HM+mUbuzGaveeIArXrpfde+OMQYOGGZtriOr8nQUhgwsUhqk+q9FET65fjL4iA5YWsarW4qVugcJiD5rgkmg33Dyr9s90NHrxCWZ/ZI= Authentication-Results: linux.vnet.ibm.com; dkim=none (message not signed) header.d=none;linux.vnet.ibm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4557.namprd12.prod.outlook.com (2603:10b6:806:9d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.18; Tue, 8 Dec 2020 14:24:03 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 14:24:03 +0000 Date: Tue, 8 Dec 2020 14:23:56 +0000 From: "Ashish Kalra" To: Dov Murik Cc: devel@edk2.groups.io, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: Re: [PATCH v3 1/3] OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls. Message-ID: <20201208142356.GA26987@ashkalra_ubuntu_server> References: <5d84e29cb02eada513738fb4f0c54a6dfe35f416.1607038824.git.ashish.kalra@amd.com> <31f7bcce-627c-56b6-444f-83cc41c3e8a2@linux.vnet.ibm.com> In-Reply-To: <31f7bcce-627c-56b6-444f-83cc41c3e8a2@linux.vnet.ibm.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR2101CA0004.namprd21.prod.outlook.com (2603:10b6:805:106::14) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by SN6PR2101CA0004.namprd21.prod.outlook.com (2603:10b6:805:106::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.11 via Frontend Transport; Tue, 8 Dec 2020 14:24:02 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c8176da4-867d-45ee-dfe9-08d89b84e9a0 X-MS-TrafficTypeDiagnostic: SA0PR12MB4557: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZKKD5pOX+blrOcwDXpB+3jLepRL1SDk5f3Y19ngcByy0S3D/7eEUFdV7UQBkmu6OMCB4EEX5wMA8AhWfuBSratxychQfQT8Good5ErwQYB4byZgMEmlaHbi3BR1bZZIb2W1nSCS/PZimSzGEaeOfcb20SaIP1eMHR+9gouOBzPHf8jFtmmH0b98Jsjru3A+ayEQq4ANIYTQ01YRdj1H5ReKlJAF1OH/Phi4xB/1H4VtqgeHjZoX0wIf5y8qtKCuJKeWM6hmxqyVYNAM1+U9mbckWYbfabf9k15dWhIHSU2wNRWxcLYgerL+VIhWaecoYQ5KNH+Uxq6zR5YS+cI087nltKOqZdEnvKXYmDBb0K051y9Jg+J80BFqway7jWMjzuj64Cbaln2lH2+FzaxZNBQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(346002)(366004)(376002)(39860400002)(136003)(66946007)(1076003)(19627235002)(5660300002)(33716001)(26005)(2906002)(86362001)(66556008)(6666004)(33656002)(6496006)(4326008)(16526019)(55016002)(316002)(66476007)(44832011)(8676002)(45080400002)(30864003)(8936002)(53546011)(478600001)(83380400001)(9686003)(52116002)(956004)(6916009)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?KcXdvHgMGMCWx8VddyLD2fJ6I/o01YJNLbAXvii58Lo4kJuoxRYTpaV2XOoL?= =?us-ascii?Q?0s6htC6bm5hUWXZdecdxz/mFxo++ABG/9SYrzmxwfOpRKnXtcmIrolGP10yp?= =?us-ascii?Q?tHGB79bRIOsTgTLAiyYbZfEdSNIqaDMqCrs72iwCAOlNhkthXEevXTMnvV6A?= =?us-ascii?Q?msuDCNeOXxhE+eEvMhiM92Pydp52NnnK6gLt8CKOjhskkmdzP7YX27BY+hoF?= =?us-ascii?Q?VLVV8b3O2sDzM9KqelWZO9oeab/sx44JnpdYUIljhIHPKAST0p6pFVxIs0VL?= =?us-ascii?Q?wJ1LhLN1slMl9TEcxo5j3WTmWeLZrUdYy+T9zZvpvcoGYM9I7v6UiNiMq+bD?= =?us-ascii?Q?4W9w42rpUvjd9bp39GIGPV5yXwx7grdihfgEnIGT7FuPixdc+fIGDbF8y+a5?= =?us-ascii?Q?rHYVd4DApTAbZ/1tqfUlDAR8/wPtHuzEPZYkR7SxyCeyHAe/jYbrrAD27ARt?= =?us-ascii?Q?7rrrwlfibraOPbVCj4Bx4pf4qD+LRAvIuiwj1XEhjip18FsqQ4gK27ILKeKM?= =?us-ascii?Q?uSYNnsRZmd0pba+uHe7mgCweqx+dzdU75KVhKBqt14+t39upFMSm6f2O2yL5?= =?us-ascii?Q?2HKfx+FNhDM59beu2i4L4x4vYv16ZcztHai0im8VtSsecQjdwrs9Ahge9FRF?= =?us-ascii?Q?AmRMSxvPP43Ez5dJHZGKWrpxd9uoEvI/X1GWVssQvelMxhS307OLdRXghP93?= =?us-ascii?Q?P7nJsEIbRfJNFUH4Z+RlznXsQ58Ll3Imyp8u1E4fC3l9S3PB6ByAPFNrNYMt?= =?us-ascii?Q?YMYcK+90JMo6FfeaHfLtsQIKU0nDcwVKovYjuGCpdFVQqDdUNjXba3yoG9KN?= =?us-ascii?Q?Tg594vP2c2SPuZVtWh0vRg+3kGzCkcuMY78XEeux1h8w/EoMbyh3ZDjHv9fL?= =?us-ascii?Q?lsHDmumCMGbTQO43cvmafW11OMQ8UV4gKiT89zzjWij3oJQ85+wWtdPI8xTp?= =?us-ascii?Q?Y22rV86GNXj+UpV19vTnhWz4EgFwPNg0welqrbAgWGeedzPuV9nMQ+/ucXC0?= =?us-ascii?Q?sG8T?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 14:24:02.9138 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: c8176da4-867d-45ee-dfe9-08d89b84e9a0 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: A/wH4TPzMDaZ2+xNA8Lu/S42fbU26W3DnurZLKOXjvOwzedYYn6DI4kDUQm6SLYbfWPTp66uqbncOZExkEqDjQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4557 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello Dov, On Sun, Dec 06, 2020 at 02:43:45PM +0200, Dov Murik wrote: > > > On 04/12/2020 2:03, Ashish Kalra wrote: > > From: Ashish Kalra > > > > Add SEV and SEV-ES hypercall abstraction library to support SEV Page > > encryption/deceryption status hypercalls for SEV and SEV-ES guests. > > > > Cc: Jordan Justen > > Cc: Laszlo Ersek > > Cc: Ard Biesheuvel > > > > Signed-off-by: Ashish Kalra > > --- > > OvmfPkg/Include/Library/MemEncryptHypercallLib.h | 37 +++++++ > > OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c | 105 ++++++++++++++++++++ > > OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf | 39 ++++++++ > > OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm | 39 ++++++++ > > OvmfPkg/OvmfPkgX64.dsc | 1 + > > 5 files changed, 221 insertions(+) > > > > diff --git a/OvmfPkg/Include/Library/MemEncryptHypercallLib.h b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h > > new file mode 100644 > > index 0000000000..cd46a7f2b3 > > --- /dev/null > > +++ b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h > > @@ -0,0 +1,37 @@ > > +/** @file > > + > > + Define Secure Encrypted Virtualization (SEV) hypercall library. > > + > > + Copyright (c) 2020, AMD Incorporated. All rights reserved.
> > + > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#ifndef _MEM_ENCRYPT_HYPERCALL_LIB_H_ > > +#define _MEM_ENCRYPT_HYPERCALL_LIB_H_ > > + > > +#include > > + > > +#define SEV_PAGE_ENC_HYPERCALL 12 > > + > > +/** > > + This hyercall is used to notify hypervisor when a page is marked as > > + 'decrypted' (i.e C-bit removed). > > + > > + @param[in] PhysicalAddress The physical address that is the start address > > + of a memory region. > > + @param[in] Length The length of memory region > > + @param[in] Mode SetCBit or ClearCBit > > + > > +**/ > > + > > +VOID > > +EFIAPI > > +SetMemoryEncDecHypercall3 ( > > + IN UINTN PhysicalAddress, > > + IN UINTN Length, > > + IN UINTN Mode > > + ); > > (1) I'm not sure why the "3" is needed at the end of the function name. > As you mentioned below, this is analogous to our kernel interface, i.e., kvm_sev_hypercall3() and the XenHypercallLib also uses functional interfaces such as XenHypercall2(). Though i think this functional interface can be at the lowest level, at a higher level something like SetMemoryEncDecHypercall() should be better. > (2) The second argument is called 'Length' here and 'Pages' in the .c file. > Which name is correct? If the semantics of the hypercall deals only with > whole pages, maybe it'll be better to modify the address to GFN and length > to NumberOfPages. This way you don't have to do deal with non-page-aligned > addresses or lengths. Of course this may reflect on changes needed in the > hypercall implementation itself in KVM. > > (3) Mode: is this actually a boolean, or the enum which can be SetCBit(=0) > or ClearCBit(=1)? Maybe a clearer argument would be "BOOL Encrypted" or > "BOOL NewCBitValue"? Of course this has to match semantics of this argument > in KVM. I will fix this. > > > > + > > +#endif > > diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c > > new file mode 100644 > > index 0000000000..f1136b7d36 > > --- /dev/null > > +++ b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.c > > @@ -0,0 +1,105 @@ > > +/** @file > > + > > + Secure Encrypted Virtualization (SEV) hypercall helper library > > + > > + Copyright (c) 2020, AMD Incorporated. All rights reserved.
> > + > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +// > > +// Interface exposed by the ASM implementation of the core hypercall > > +// > > +// > > + > > +VOID > > +EFIAPI > > +SetMemoryEncDecHypercall3AsmStub ( > > + IN UINTN HypercallNum, > > + IN UINTN PhysicalAddress, > > + IN UINTN Length, > > + IN UINTN Mode > > + ); > > + > > +/** > > + This function returns the current CPU privilege level, implemented > > + in ASM helper stub. > > + > > +**/ > > + > > +UINT8 > > +EFIAPI > > +GetCurrentCpuPrivilegeLevel ( > > + VOID > > + ); > > + > > +STATIC > > +VOID > > +GhcbSetRegValid ( > > + IN OUT GHCB *Ghcb, > > + IN GHCB_REGISTER Reg > > + ) > > +{ > > + UINT32 RegIndex; > > + UINT32 RegBit; > > + > > + RegIndex = Reg / 8; > > + RegBit = Reg & 0x07; > > + > > + Ghcb->SaveArea.ValidBitmap[RegIndex] |= (1 << RegBit); > > +} > > + > > +VOID > > +EFIAPI > > +SetMemoryEncDecHypercall3 ( > > + IN PHYSICAL_ADDRESS PhysicalAddress, > > + IN UINTN Pages, > > + IN UINTN Mode > > + ) > > +{ > > + if (MemEncryptSevEsIsEnabled ()) { > > + MSR_SEV_ES_GHCB_REGISTER Msr; > > + GHCB *Ghcb; > > + BOOLEAN InterruptState; > > + UINT64 Status; > > + > > + Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB); > > + Ghcb = Msr.Ghcb; > > + > > + VmgInit (Ghcb, &InterruptState); > > + > > + Ghcb->SaveArea.Rax = SEV_PAGE_ENC_HYPERCALL; > > + GhcbSetRegValid (Ghcb, GhcbRax); > > + Ghcb->SaveArea.Rbx = PhysicalAddress; > > + GhcbSetRegValid (Ghcb, GhcbRbx); > > + Ghcb->SaveArea.Rcx = Pages; > > + GhcbSetRegValid (Ghcb, GhcbRcx); > > + Ghcb->SaveArea.Rdx = Mode; > > + GhcbSetRegValid (Ghcb, GhcbRdx); > > + Ghcb->SaveArea.Cpl = GetCurrentCpuPrivilegeLevel(); > > + GhcbSetRegValid (Ghcb, GhcbCpl); > > + > > + Status = VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0); > > + if (Status) { > > + DEBUG ((DEBUG_ERROR, "SVM_EXIT_VMMCALL failed %lx\n", Status)); > > + } > > + VmgDone (Ghcb, InterruptState); > > + } else { > > + SetMemoryEncDecHypercall3AsmStub ( > > + SEV_PAGE_ENC_HYPERCALL, > > + PhysicalAddress, > > + Pages, > > + Mode); > > + } > > +} > > diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf > > new file mode 100644 > > index 0000000000..1936fe5b37 > > --- /dev/null > > +++ b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf > > @@ -0,0 +1,39 @@ > > +## @file > > +# Library provides the hypervisor helper functions for SEV guest > > +# > > +# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
> > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +# > > +## > > + > > +[Defines] > > + INF_VERSION = 1.25 > > + BASE_NAME = MemEncryptHypercallLib > > + FILE_GUID = 86f2501e-f128-45f3-91c4-3cff31656ca8 > > + MODULE_TYPE = BASE > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = MemEncryptHypercallLib|SEC PEI_CORE PEIM DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER > > + > > +# > > +# The following information is for reference only and not required by the build > > +# tools. > > +# > > +# VALID_ARCHITECTURES = IA32 X64 > > +# > > + > > +[Packages] > > + MdeModulePkg/MdeModulePkg.dec > > + MdePkg/MdePkg.dec > > + UefiCpuPkg/UefiCpuPkg.dec > > + OvmfPkg/OvmfPkg.dec > > + > > +[Sources.X64] > > + MemEncryptHypercallLib.c > > + X64/AsmHelperStub.nasm > > + > > +[LibraryClasses] > > + BaseLib > > + DebugLib > > + VmgExitLib > > diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm > > new file mode 100644 > > index 0000000000..5d8a7aa85a > > --- /dev/null > > +++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm > > @@ -0,0 +1,39 @@ > > +DEFAULT REL > > +SECTION .text > > + > > +; VOID > > +; EFIAPI > > +; SetMemoryEncDecHypercall3AsmStub ( > > +; IN UINT HypercallNum, > > +; IN INTN Arg1, > > +; IN INTN Arg2, > > +; IN INTN Arg3 > > +; ); > > The name of the function hints that this has something to do with memory > enc/dec, but actually this is a generic vmmcall-based hypercall. In your > corresponding linux patch > you called it kvm_sev_hypercall3, so I assume something like that would be > good here too. Also, to support future hypercalls, allow it to return an > INTN (value of rax), even though that is not used for the current hypercall > in question. > > Yes, i will add a return value to the hypercall. > > +global ASM_PFX(SetMemoryEncDecHypercall3AsmStub) > > +ASM_PFX(SetMemoryEncDecHypercall3AsmStub): > > + ; UEFI calling conventions require RBX to > > + ; be nonvolatile/callee-saved. > > + push rbx > > + ; Copy HypercallNumber to rax > > + mov rax, rcx > > + ; Copy Arg1 to the register expected by KVM > > + mov rbx, rdx > > + ; Copy Arg2 to register expected by KVM > > + mov rcx, r8 > > + ; Copy Arg2 to register expected by KVM > > + mov rdx, r9 > > + ; Call VMMCALL > > + vmmcall > > + pop rbx > > + ret > > + > > +; UINT8 > > +; EFIAPI > > +; GetCurrentCpuPrivilegeLevel ( > > +; VOID > > +; ); > > +global ASM_PFX(GetCurrentCpuPrivilegeLevel) > > +ASM_PFX(GetCurrentCpuPrivilegeLevel): > > + mov ax, cs > > + and al, 0x3 > > + ret > > I think GetCurrentCpuPrivilegeLevel can be implemented in C as: > > return AsmReadCS() & 0x3; > Ok. > > > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > > index e59ae05b73..97c31c7586 100644 > > --- a/OvmfPkg/OvmfPkgX64.dsc > > +++ b/OvmfPkg/OvmfPkgX64.dsc > > @@ -174,6 +174,7 @@ > > VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf > > LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf > > + MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf > > !if $(SMM_REQUIRE) == FALSE > > LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf > > !endif > > > > Thanks, Ashish