From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.25.1616599950939575559 for ; Wed, 24 Mar 2021 08:32:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=fBbXGXFl; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SslMmiQsiHKr+n1Ab0rmpd4hCgn4khcV6ICCwbvhL8yBMYK/XB6/xGwA9Hc8gmiJmQzAK9sqyNNpM4RbwQ6hOK1ut4wskZk0f66G4+5nEPdQQAR+UTWo0GtUTDnv6qFXdgO0/HmytcPRmSoBrnW6PMAMiHrYseYVrIc1NuPyJN4cgh0rQfU9Fb62ljjJaNJu8ZE5/wdMXx03avxT+SvTXzhD2BgiqZ9pe7W6uHenYTNftH3Yvq0fN4oSjeURMh/gtOcyarPVJBw2kK4SN4gejVlAuXWU0HOIhfXAlW9/Ggax49eewgoWtFGO9mD91IUdworptWueGePbV27u0wL/Qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pgeagfPKaXMWYKM50qwEi1JiOBr8sPiJZcMTMZmkhGU=; b=RHCgJqGGpwB6xrFkIVAHUEwgnqrWhxdetgZCtoVDiAzPc4olysD+nu1cG63kfy6m06ZkSqNdwPeYYDOf6BEm/y26emeRKDYj+es5k/SWh9K8DAMWolMZJ3qnc+CS6ZPLWGE+zX8qCEJCaT0qcqp9i+9GKf1ByJ9nt4C120STKvCv8zSwKPIlOy3bdOh+cDYGs65tH4zRbMuQ2B+MEdAdq40xk95APxCjJpkw8Tne8QdZgIt+dVzsztb+1YfdbJtrFmMBgQprBfBYZNooiqskC4ujCBEJSQy1eIVqwb0uQBprP2dgbRpEY0Lp4ZMWHsr1Jsv1FJmwlvgP11Cor5sr1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pgeagfPKaXMWYKM50qwEi1JiOBr8sPiJZcMTMZmkhGU=; b=fBbXGXFl82jZ1J4cd7RRrRa7oyOMwvN5jc5/l5cKOYvGVGLV+s5OaeuJYBeY2W2EKA53TVik7lpJeqxOlcBc8nKYBjwA0l/kfrZLA+haC4GL4BuLNTlEU9fyQfBzK2WUToZW+tY9p0KO0iopjGP3I/CUb+0pfv9jH2zONp4TR7M= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2541.namprd12.prod.outlook.com (2603:10b6:802:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Wed, 24 Mar 2021 15:32:31 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d%3]) with mapi id 15.20.3955.027; Wed, 24 Mar 2021 15:32:31 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek Subject: [RFC PATCH 04/19] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Date: Wed, 24 Mar 2021 10:32:00 -0500 Message-Id: <20210324153215.17971-5-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210324153215.17971-1-brijesh.singh@amd.com> References: <20210324153215.17971-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Wed, 24 Mar 2021 15:32:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4e2bcc3d-3755-4aaf-88f6-08d8eeda09c6 X-MS-TrafficTypeDiagnostic: SN1PR12MB2541: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:183; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LWA2z5h/Kb+WdhWYj14qMgX9IHabPHJlUIryY/cl53LfgcKLM4VbNYlOTFnGwy6mAh6/l0vq1zVeiWTdQ7JeXkOy73WsR5Wx9rJTqnxUNcECYvLNUjFL2zKOzKQCGbBXl93BzGfNmauouOg0WInDr75Bjw0gdE4FWhN/YsbmbyvrZBgTqIwANJexwIxvackWPKGLplTc9ELcKSphoJVmt6s3DjPV8R+8evnYteefxMBsvBcnvIdLxzno+aM1cVZyj1VySTe3OfZSle1qkLzF2IoGKFiRhVCvjV6xewFgN5XUYRabmXMD5Y3aQpRj/+aFkyCZK3M8zPuI2aHpke4rWSx5/I5E4VJr/lw8VplQPpjjxNp5Gez0/10mnfNdQLlmFWmdY0iVUAbMFfylPMVyavPQo3Q6AZ/vV4SqysTbYhr2IuJap52Ygcn9MHE9xTI8XMr5V8IZYe0Krjif3idxa8e7vK07zibRMwepbuf+v/iysU8qJVROyITJ/5t2e8AFZE+GF86Jc+sJ0suSh0Q/OJ4N5x91QA9IHTgDID42ggRjd2Oj9Zr4L8LfE062qPZZ8sKCyD6AvJ3eoJOKIZAX0+XIQ+MJIYapHjQcUbT8dnGxNJ2fSGcJjELPJm1fT+TcTBx9mHfMU9V/KDJ/98y6ToUqgdpGBHkkbXDbbS/wIZqYezMoKdPdyR9TFKKXHYUMAWZ/WkxYUdY/Ys77nHXkZpCgWrniasokFSLq/uQCWs8e3FaryiXexWM7tWyLC4CqM2hSSTgOfqryRimI1wBmzg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(396003)(39860400002)(346002)(36756003)(8676002)(316002)(52116002)(54906003)(7696005)(5660300002)(1076003)(66946007)(6916009)(8936002)(2906002)(86362001)(6666004)(6486002)(38100700001)(26005)(66556008)(478600001)(956004)(66476007)(2616005)(966005)(4326008)(44832011)(186003)(16526019)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?gXMkKJwia5eQ33y/GY9Al4cwmKcV2ySHMvOIQTw0To/s7/xsuMPnNK+DbffC?= =?us-ascii?Q?c2cs1vYBfTzttO81ucvVxOFVwxLwMJ2ehmN66wg5c8Bp8dZN7srUNGpJwPi/?= =?us-ascii?Q?YNJL0fd8d6sv31MIQLUf7QYaFo/A60CHPbIJ6+mIBL6LjesVMzyTmrmaGtW6?= =?us-ascii?Q?E+HW5tJ5EXp2rqfII8ZAVXggGkan0OicLLN2m+/k71I6RgQGkwOU/f/0ZC73?= =?us-ascii?Q?WM4Z8ZwN/oCruvIQ3gN3yBJtTTrm6i0vJZuy7JsZenhNDZZFRtBHHMm7wSXd?= =?us-ascii?Q?rz3lUXoL2z11PA5xWDOvLlh0ID2CU5kYaMrcLM3J1lQ0JPFyhZEh2d4LA3FM?= =?us-ascii?Q?5gft5Ar8fzg7YFu3+scrA9MJtrRwexck9hQIYtnu6PPJMlyy4tfZZCj3xj7s?= =?us-ascii?Q?cJPKvfsdERyS0Q5mdvXzeZitElbvfFq7975rgKUNZA5kyX2KmS+qp0AtSfZ8?= =?us-ascii?Q?I+QeMdPlQEB6LsM6JGS/NHFd1cpE8STM+Uen4ZT7k0/VeuSpa75O3rPV/v01?= =?us-ascii?Q?vZm3BQXxQ+zwyy/7RQcbp57SBlgEsbMj6rl+I2RwVVw6GIv5eAQx1VHjDUCC?= =?us-ascii?Q?BDZPVl3CKABEmsgDcge6cpefnF2mY9uwHxbR6gw1sxSaZWLfmM8/X+6I5tqV?= =?us-ascii?Q?knaksmkdFQWlZ8L/mbjKFxNLB1Urc8XWzrtDJAekX7T6wHksaH5Qu7o3tX/k?= =?us-ascii?Q?aCTphaNiKj6jszvC9VzTcHs2tti32TBzWQMv2RcVnaWTl993EZtfYqMS57Xn?= =?us-ascii?Q?+sYaC/QUgCPqFDfZ4ahlqBGF9NHAr1iBq2u/AHZ03+AJVf56oMgODZm35TZD?= =?us-ascii?Q?5kX0/2iIYOaI9LZ/TiywpXJx2ANRvSh0V4DZDUyLRjhdMHMh9Ss98LesLD8e?= =?us-ascii?Q?FhYiR37YGCuSVpzGWHsBBrfkmvT14QMYSM/6Qe2tFP9ULuKv2no0KvrhMv4g?= =?us-ascii?Q?XKsdPEKOU040nsfDkGpAM5IfNm1NqhiiniRqihR8w5ILGdkG4vhl1Uqa0OA0?= =?us-ascii?Q?iGSsvQy2iX5foltPxuicVRHzDHks2t+s6TXYFwPGbpIpt/QOPYaTnaXB0mxb?= =?us-ascii?Q?un3eBgMC3dCM05lUe1P1L057+99U2ySyn5HO3ZJ8FJUP94yBZCi0ES6mXKix?= =?us-ascii?Q?5/VWoL4DzEURZKfKa0P/TNQiSMQlQTnE78vfmE7gyfxLmfvIGLF0PZyi1iNw?= =?us-ascii?Q?o/PomekEQCB0dpF2RgtQnCdUF+ZZ72sagNiOOT6A1MhWOQEeEWs1LMAWnjzw?= =?us-ascii?Q?/GN/7scBbbQKOGHkmJQ4lI1/Xc7eD0ILMrprh/w3dEX5nnS6359O2qUL/gCK?= =?us-ascii?Q?bI5xWwYnFTZ0xF0kBrB+IBYE?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4e2bcc3d-3755-4aaf-88f6-08d8eeda09c6 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2021 15:32:30.8791 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: VcVgSip3ZW1rFOwGIV2F504zX8BaTl3QMJBPbM+LlcMHbBUGvyfZJq3lxc2PZy9f7jZ0DVKluh3WfpzZQrCpsw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2541 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Create a function can be used to determine if VM is running as an SEV-SNP guest. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 27 ++++++++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 27 ++++++++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 19 ++++++++++++++ 4 files changed, 85 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index 99f15a7d12..03d9eda392 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -66,6 +66,18 @@ typedef enum { MemEncryptSevAddressRangeError, } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE; +/** + Returns a boolean to indicate whether SEV-SNP is enabled + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ); + /** Returns a boolean to indicate whether SEV-ES is enabled. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 2816f859a0..0571297238 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ STATIC BOOLEAN mSevStatus = FALSE; STATIC BOOLEAN mSevEsStatus = FALSE; +STATIC BOOLEAN mSevSnpStatus = FALSE; STATIC BOOLEAN mSevStatusChecked = FALSE; STATIC UINT64 mSevEncryptionMask = 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus = TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus = TRUE; + } } mSevStatusChecked = TRUE; } +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..b561f211f5 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ STATIC BOOLEAN mSevStatus = FALSE; STATIC BOOLEAN mSevEsStatus = FALSE; +STATIC BOOLEAN mSevSnpStatus = FALSE; STATIC BOOLEAN mSevStatusChecked = FALSE; STATIC UINT64 mSevEncryptionMask = 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus = TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus = TRUE; + } } mSevStatusChecked = TRUE; } +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f318..69852779e2 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -62,6 +62,25 @@ InternalMemEncryptSevStatus ( return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; } +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 = InternalMemEncryptSevStatus (); + + return Msr.Bits.SevSnpBit ? TRUE : FALSE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. -- 2.17.1