From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.39.1622070701830167716 for ; Wed, 26 May 2021 16:11:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=q95GP90m; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TKnsBgDxMitksPZ9vNh+SY/2zFtiWcw6I3CLUpNwpLpq50dcS5+Q4YlotMqgD/qdqzyLYnJrJXYuRjxwXvU802LJMU+e8pVTr7m9xOVvHPhge3TnNLAtkUPiPWuhGtax5iOlgIe1DOFW0YXU8kAksUNF3bJjXPLVPjS7A/YZJcXSnlHydSr8MpEQj6AWeILh2lNlCPW2H5kUoR5pTkUK4xXCGZe2sCfVzPbm0ZZahtmiA2JAwZIHMGkjBiVyhNOS2W+vIjkLFqQyngcI+3x+2DGtPwrWyj99bCaYoHJlYuXRRO2jwT4BlQ3xqsESzAtGBe6TNL+IILW3EcexldCr1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPv8YfpGhCBRXdslNfACTg5q1VaJCohOC88+QdWyUx8=; b=Hv8WI5XUcUuWAAgXxopVAnsLniIVurrxZ4upVqo/cZa0/JkN+Lq9S9D8umziqZMM8DLQROTerjzgJsspb5AHSMIybDkYs1aimFLkkliAp8rKd4rCKte2cuFLc2jue+JSYpupWexA2IrsBewGujskiii44RM30Cp2fzbxiY9MK6G8Ts62/zB24yq/o5gyiRQ7pU0Ep4NHMmFfx6ufw4iU5oKYWAA6l94esEri/aLFCYWatHt3b6Tb/XyojbWIZWJr2v48gR8OE/DKojgg6Ya0YwGWCYI7SfASVTYA639rNtx3Ujci3Trz0wGvN2rSnHyGOzwHENAhy+7XC2Ot1CNJhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPv8YfpGhCBRXdslNfACTg5q1VaJCohOC88+QdWyUx8=; b=q95GP90mQjGKJ2zJYpYzfF0httU0o5uf8/m6g/6V8yI0EK1A4BXM6qtNspytMz22ZNCQIXragne2EUpPP3evdg7yF6RJZrKCV/jEQilOEFCerrfaemKyuVyHVmtTrOrmfC/I/U1EHzGsnNJhwdxaEvzCTt1FnDe3jhy14FzOz7g= Authentication-Results: linux.ibm.com; dkim=none (message not signed) header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 23:11:37 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:37 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [PATCH RFC v3 02/22] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Date: Wed, 26 May 2021 18:10:58 -0500 Message-ID: <20210526231118.12946-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b2c1ccc5-3c2c-4c7a-85b4-08d9209b9ceb X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:196; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dYqHO0WdlxF91h8DqK4s83xMq8YEMuXNsrvL/sMu22lZJA61cXWaxHSjdx+As8DcJjxBZE+0CGfmZ0C0c24D3WnBY0xuIuYcnq1167Hf0ixBwC3QeUpwQv5yw/nADyUtpYG/s8supziOAr3ZRoclrTy1rTHV4jG+pDY4czyrv8schK7dBmV1etPlP5/un/AbZC804JLxPKeywzFiubtUVKoe+tLMx7GuHUNLONy3Y3bkkgxlMGXZ35Zw+glqd1mXH/xH4C2jV3D2o+SBIz8CMkUnkxG+n2+87j6KfsmIsftEMhdnSwqJ2hFojScsDrTgZIBtA5Kqo6OmBDvxeJ/b1swQ95DxGiexUl+awFmZ7To69q9IlJvw1BRfFH4YaFh98psx18QkRfRyXto/EwlMOvZlvQVyCWn2tnnUYP4WLS4JCiytx1IvFVaFyqA5ef46ytXxy8Nmpmt+i5jTa1473GnT5V6EZyXjwyKurwf6TmBMvxyCPkaL/CCF1YjyyVTu9rLmv5q1liYGpsyRLvkd5Tl739lmgGyI3m1cESWujqFgi0rHDeeAGk4IhKjxXWMFQhY//jfntt7BrZGoi1mEe958RX/fklqeFbRphZ6xCiZjk9/BvTaICZpZ18yt7suNhD/cSN9ImMkyd1jYdV7HMfzNkEpzBOuvLlNz4oC4rPr/Soq5/A50JBwsW1Gi3/IcrBF+OS53c4/zFS29hSJc4VhehEN8w/1/8crsw0cfq9Vuw+FqmdrUguSMZJW6zqPSOMUjY+wHjNKnmzyc0vDgqgElY/OrXyMTNGbcVfXh7XTXYxy3CE6iM0BBDt0xPYvp X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(366004)(346002)(396003)(376002)(6486002)(26005)(2616005)(6666004)(478600001)(956004)(66476007)(36756003)(1076003)(8676002)(7696005)(52116002)(8936002)(44832011)(86362001)(38100700002)(38350700002)(54906003)(2906002)(921005)(4326008)(186003)(66946007)(7416002)(5660300002)(316002)(66556008)(966005)(110136005)(16526019)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?D85dxJOh3ArWTC3s4b6TBnLl/NAjNa6K8oC2YH46h5NtnvSBmSIHKdAdPF8b?= =?us-ascii?Q?T+/22LuQrR8ND2G+d/7nAu5REdpn+jMG6MQHPcMV+XazmvE3mgCYT0D13BEV?= =?us-ascii?Q?eJvz+Di/P29SwBQfwGmlwSIOjrHx4dR/ZFvIJouplyudWDNovu0BIdaE2ZOj?= =?us-ascii?Q?v6XbasfKZP7yDJhQ6gsmb9pPMWOlV2dEgU2rUrXgAmCSD6vqT8y7yEM4DFzu?= =?us-ascii?Q?ubzTQaoH63oS5DdXLi8lK0vjsvCLwcPTeeDOnjt0vry+9J8ul7ADX4/a+2aZ?= =?us-ascii?Q?Uu4wnid9uFNzEW8UV0nqKKRu3DVcJfBYMZXL5u9FnWUofM53Hu/xw+r/e6ma?= =?us-ascii?Q?FyHX4d5honnwsSgmdHltuq5AnuLbd18/pn1IVoS/18t50w9EWDVl1EnIHHl2?= =?us-ascii?Q?KbVaBKFA3mHbjKB6VXo0yTkfS20RY26odMY6uuPwOx6sVz9qh6/Pz6PfMG/Z?= =?us-ascii?Q?ZTmUQlfsGjQaY68rxe8Q1VLNXnslRA4JDLsjQ4WQWO66VHMnylrvtWWyrIzn?= =?us-ascii?Q?DeTaehmTAk+JksNnmR05QrJ1UvTJjpl+qlBBfanlo9+KY9ndsGoqhq3l+exn?= =?us-ascii?Q?7AWoe/gV2nZ90sZ6Da336qvirBtsAtLdF/I2/G+q5/UzhvXnwGHpoKvk2fhr?= =?us-ascii?Q?0rGrTAyNTReqJHBjnpYtxDntz8mPoHDrclCwhopOe3TUL/iIuiU5WBNgLjRI?= =?us-ascii?Q?5ZaGukSt8Ilh/OtHIcAq3rIv/tb1Klhn531lvN3D0U9Fof5xzy8dE8nd7gyk?= =?us-ascii?Q?sGQq0yQYvjMiV2T7jGzo7mmCla5QrQJMdX5h+ycUoy6yrj7fFg0CF/ZU97B7?= =?us-ascii?Q?HVWZ2VlcUG7oh9S8KcdtgTjKZllgtfTADx+oqU63T8snaVR3KkSnkCF5F4Gu?= =?us-ascii?Q?kwuNVgWnPqe8L54nWkrU+DMRyv4wI8yr3+n5vHfn1Xo1U88viibWoam+wxeF?= =?us-ascii?Q?w4MfGH3LD9GksmKgcqiSpcbkyTviXtuP3urOThE6aIsPyqfS23HsRKwUd6Ho?= =?us-ascii?Q?8A6VSfwmMZis9CmNtf2eQ18mNqxjShEjnsPldxoRn9mRytmPV9a5+7H6GlM3?= =?us-ascii?Q?1Xtl/jtOIbY1TV5eBMPNwpUH8IYeSJrlX0Qf+12GxZr8JKysVjIzrY6+//l5?= =?us-ascii?Q?Lr8dKHZC6jiqBfGchBk/Z8KrarLvWrWRxmAcSV5/qGXbShS2F5fOxcIZpqRz?= =?us-ascii?Q?nBWtegEkVditAhs/aC30c+Vf5cj0QXiDlZIXBytp3V/E6d90qWx0ZqeIIi6n?= =?us-ascii?Q?Uu0KVk+hsqx/ZGUpd3FHKmxmDH+osEBoZjPFH8NQiVUjsdW+ue+L6Q85cPxZ?= =?us-ascii?Q?rF7GAYP09aRDn9Zyccgsaoy+?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b2c1ccc5-3c2c-4c7a-85b4-08d9209b9ceb X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:37.6615 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wsXxMOoAbg2Szxx95tTXWwtmtvJ1peO5/FKxfQKm13we9u/s+U03oSlr2JcNhiJBokzmoKB3coSHaoQGxXlnQg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Create a function that can be used to determine if VM is running as an SEV-SNP guest. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++++++++ .../DxeMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../PeiMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../SecMemEncryptSevLibInternal.c | 19 +++++++++++++ 4 files changed, 85 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 76d06c206c8b..2425d8ba0a36 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -66,6 +66,18 @@ typedef enum { MemEncryptSevAddressRangeError, } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE; =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ); + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 2816f859a0c4..057129723824 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d120f..b561f211f577 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f3183f..69852779e2ff 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -62,6 +62,25 @@ InternalMemEncryptSevStatus ( return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 =3D InternalMemEncryptSevStatus (); + + return Msr.Bits.SevSnpBit ? TRUE : FALSE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 --=20 2.17.1