From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.88])
 by mx.groups.io with SMTP id smtpd.web08.14578.1628108417304796494
 for <devel@edk2.groups.io>;
 Wed, 04 Aug 2021 13:20:19 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=LGz7i0wl;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.88, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=S00marPNbYbvAisPeWNaOM6TUVSv0VZCus+0PJ0r2lhb3pvJe1zhZ97x0VYtIafI/3gTrehTbkZPRQ3lD7jUb6A+jOIFdDz3SQO4jXkqVvCKJJVpZnKrp4xGkaWGSnrahCtGVwWsVgdXERLG2nINY5IlpVYdRfqtkqSiN4FJr1F+9XbVlTFTCzVDZ/DkHFhuOCHC4hMupLdCmhXsQRWPalbDaRGcHver9IET8KehEWct/U5aED977siWtv5JxMXCs3WaI6mOHyTNJVfS3nYJOoXk+FT/GfFGwxug4TwAn58yvS7TTCbHZViC3N19x2Jdjm23WKvTH622xiZsjlNypQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=L04/tEw5YovWGwXGVQGEC5ZTCQ/7on91k3q8061Kx54=;
 b=hAja6KbOx4ssifLcgz78EFba/SuB1wNxc2+bPMLZFeU+zzQODUquPtNo95g6xd02xl60eQx+IsGFNvGtcCFsrKBRZovtSth37vLNTS8UnlipZxPbAYhiEb8OsTLkz9366gHLSwNJdLkbRD9EFzU20d9OY0v71RQNYLTbDU3+So/IWBVKy96LIRNw4fo90zPPNe8bd4XnhaPxmHowv9YiVVHhbkJp+S1nLp84MkSdtNI/Lq3ykZKEZmBAuF9e8Ni9UW6w23ZodsYI0WXwsR3yuYB2Gq7+fVnPXk0uFW8V230sZOqHQjCCgjqffbyrhq/MOd/1XrkAqvK/Ong72Rm+Og==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=L04/tEw5YovWGwXGVQGEC5ZTCQ/7on91k3q8061Kx54=;
 b=LGz7i0wl3SHOjtwUYFtD9MEkbck4GTJ1zVt/ewmzAb3Ed2wGe56iUT2jwyx3K2Nt5SxPU4k0cNzuNQL+U5npyzFr2BjWG81BIkT5180VsGtyYJcOAXEbB4UCxYCfEsGNH49EkjQL/0pjwAY+ziNmUUDx5TtdGKpUJHApuHw8SYo=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SA0PR12MB4432.namprd12.prod.outlook.com (2603:10b6:806:98::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Wed, 4 Aug
 2021 20:20:18 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4394.017; Wed, 4 Aug 2021
 20:20:17 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH 3/3] OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm
Date: Wed,  4 Aug 2021 15:20:03 -0500
Message-ID: <20210804202003.17543-4-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210804202003.17543-1-brijesh.singh@amd.com>
References: <20210804202003.17543-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA9PR13CA0153.namprd13.prod.outlook.com
 (2603:10b6:806:28::8) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0153.namprd13.prod.outlook.com (2603:10b6:806:28::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.12 via Frontend Transport; Wed, 4 Aug 2021 20:20:17 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 381c2ad9-1104-4eef-cdae-08d9578546b2
X-MS-TrafficTypeDiagnostic: SA0PR12MB4432:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB443258CB0533A64E799AF2D8E5F19@SA0PR12MB4432.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4714;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	lrq5ePpSjSpVHpc/WSYVmx/JLJv4uO+KBlwdjFkBsrlMQhGjkm03MO4D3rk4q8F58CNRccWuZYMRdWrE8vXyFBdCuXS3CgsPNTpPxadcS/QlLDSZxPZbYnW5l59FkqeDA0Zwn9V5E9wJMKF8JGQwU6JFQ8sySQt094/S809/ShkezNK56S9MedrOL38ZuRtpAAZ48Ki42Qi9SrKOrDXseuelF22FdpDdGHQkzAmMxtTTIpmZ614BrMBgpor3MdqRPU5W5BqmiEfv0d+rsi4h7zgHLvo6awMzdOYn1Dixui/6OBrUqHfQkqtoGt1FjIczopkCnGLwzkJ74zMWSLg9BuYOxEqOBBPTHnctDrfy1/TgoQmGnHXy1yPGh0iIrXxlJf2Pd9ZU8/HizMw5uP8F3C9iCFNnrJyva52/5LF7N6vtDgOnuhamCz3RuJnf36gCBI2IhGyCcdmq1YrI/EeEDHWGUizy57TblKOg9eaB/XjQs03Ue13ZCknXrLf1H0yokn2cj6N9f4nK1yDOpAxwRwgNFsMgaGMdFZ2lKs9zV2piNC0nIU5oFrRLRbnSdOvX+U3nNuVbB5xphlp2wHDvRdSs79zu4cl9tQv6vEd8qnp0VKkLcE+5ek23zsn1VcLY0BwTQUaC5n2hIPyodEZic/tsQz8TXSHEdwIyR3W4o3eN9l6srZjlKwr4Gk6nSexIS18iUH55sB54XmjBpwZYTIz6qRQwZa5l9cpP5Cjze4+JhFULuTqVAztDhWolavlfDK+jDptpQvn/uPMiNnwaDW9D/DKQs+ojPuMdxhxn8fA=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(366004)(396003)(136003)(39860400002)(956004)(2616005)(6666004)(5660300002)(26005)(316002)(2906002)(38350700002)(66946007)(54906003)(186003)(6916009)(83380400001)(7696005)(966005)(1076003)(478600001)(6486002)(52116002)(8676002)(19627235002)(8936002)(38100700002)(66476007)(66556008)(86362001)(44832011)(4326008)(36756003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?TuXFSqG/vcdHigRjnVmGR8e2zlQMso99tv6I/HmSgPAugcDdkFLH3cD2IabN?=
 =?us-ascii?Q?EKeEZMcW1K2P+Lhxa4rnNLZoauPSJpSYLgEsYH+yfosGpaovOnAoBKZBYcdd?=
 =?us-ascii?Q?Jl4+cNH4a7MYYFDJG1yWwsmS3d7XwGnhOl08snJAJ1DobdEmwYkD6VRe+UHj?=
 =?us-ascii?Q?hesE9OpVT8eA46w4Qv+FSnZCmfB2Ow5PPAHJxGv9XuVzZvjylvU8U+HxPPuP?=
 =?us-ascii?Q?EL3lRGHttMbuT6bYanuW9vGK9rZBmiAro0xYWsXk+d6/dZUdorSLOT078R4L?=
 =?us-ascii?Q?0rjITtyKmw883a7OF60X7SaziNJcq2R54g3TnDl2NQD+TkqgHViIU4Cl+Z++?=
 =?us-ascii?Q?IcHAHFIuMoUxjHhsdPtrklc39Yy34A5YwGkDk5hqd1HnJErVCJR7nb3PHZPN?=
 =?us-ascii?Q?NPNaNajgtbZFdrZs460+E/OFKrxeLEvaoWfQuhKWIdtjo2faRqv6lgwk66Fp?=
 =?us-ascii?Q?4t3Bo/P2s++Emj0M9tV8vTcsBqVRYbxcTEdb+tt04D+yVqOf+BX8YZhPKD+M?=
 =?us-ascii?Q?4vXcCMNGtBx2NwKPNemtEuQs6D47cgGjgGdYTHDE+8tcp+/wOdx1RXDXyga+?=
 =?us-ascii?Q?v95US4Hbz3XZTfbd1/P7hKE74vIyaBwBKTmdiCqKcLz0QYoImRaljVfce9XA?=
 =?us-ascii?Q?cn6m1sdHPUvhCz8AubCpHJ8QNYclFZDgA8EEzZrR/WpOiMdcqM7CPAy5UVcD?=
 =?us-ascii?Q?L8EHJwS5jnBNrJra7VCiBe7fTY/UJJvdVjWb/Fo/vE93juQ9dOLLzmGkqZdg?=
 =?us-ascii?Q?Yg7r8p4UYPCLclI2cWKDEwaucgsnar6o8N/zdpGV/KnCO5g6MnXLhM5CV4jj?=
 =?us-ascii?Q?VjrPrH2h4YbOiFe4cDuXUwTbI00idEXVohINfWWdkSb0pQqORopoTiiBWwZi?=
 =?us-ascii?Q?sfi6KZucVKVBcbUNNA1/Vqsis0eo2oN2ToeDPmZzW+LMQuN/F29L4OXz06xq?=
 =?us-ascii?Q?buKZ8ORlbxeHajno1MaPyphQ+4APgmpeVJ7Tg8DcAttJ6aIYik1BfilQUF75?=
 =?us-ascii?Q?AnAK1NlM7qAuIEBKreu5FCjSMHDhkid/JRgaixXTdS19BdhrRNMMiIgcJzrl?=
 =?us-ascii?Q?C0OZbM5FVULEapsHTdttovTlFXhz7A1CgFapAsZ/ExbymCCBU6dS5fN5MAZu?=
 =?us-ascii?Q?TE4ebzb0nRZ6WMJLVChvx7Cq3aTy9Cu6NaB6TNmy/Ygy3wbVIahUxMfWhNzt?=
 =?us-ascii?Q?IxdlA2sA13kSMWNSH7rHzAWMkJiPicCbsLtFvTCWEDMoTPZrm6uPY2zr50vQ?=
 =?us-ascii?Q?uYnvNhzlehIK4+RKtVgA6fEFdRAxf5cJw1KRJFXtuyliWIE2VOKDtB4KDAVR?=
 =?us-ascii?Q?IN38uFZBVotyj+JqE7aNCqsJ?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 381c2ad9-1104-4eef-cdae-08d9578546b2
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 20:20:17.9185
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: FoPSdoybxyIe3Up6fB1GqN7etMs9K4EozXD70pIWTSFLOJNLt7qjlKgzRNl5Yaza1VS6aeltA3FKLUIp2CVWzQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4432
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

While build the initial page table, the SetCr3ForPageTables64 checks
whether SEV-ES is enabled. If so, clear the page encryption mask from the
GHCB page. Move the logic to clear the page encryption mask in the
AmdSev.asm.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 113 +++++++++++++++++-----
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |  53 ++--------
 2 files changed, 94 insertions(+), 72 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index 87d81b01e263..fd2e6abcd4a0 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -44,6 +44,27 @@ BITS    32
 ; The unexpected response code
 %define TERM_UNEXPECTED_RESP_CODE   2
=20
+%define PAGE_PRESENT            0x01
+%define PAGE_READ_WRITE         0x02
+%define PAGE_USER_SUPERVISOR    0x04
+%define PAGE_WRITE_THROUGH      0x08
+%define PAGE_CACHE_DISABLE     0x010
+%define PAGE_ACCESSED          0x020
+%define PAGE_DIRTY             0x040
+%define PAGE_PAT               0x080
+%define PAGE_GLOBAL           0x0100
+%define PAGE_2M_MBO            0x080
+%define PAGE_2M_PAT          0x01000
+
+%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \
+                          PAGE_DIRTY + \
+                          PAGE_READ_WRITE + \
+                          PAGE_PRESENT)
+
+%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
+                       PAGE_READ_WRITE + \
+                       PAGE_PRESENT)
+
=20
 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
 ; responsible to populate values in the EDX:EAX registers. After the vmmca=
ll
@@ -117,6 +138,72 @@ BITS    32
 SevEsUnexpectedRespTerminate:
     TerminateVmgExit    TERM_UNEXPECTED_RESP_CODE
=20
+; If SEV-ES is enabled then initialize the make the GHCB page shared
+SevClearPageEncMaskFromGHCBPage:
+    ; Check if SEV is enabled
+    cmp       byte[WORK_AREA_GUEST_TYPE], 1
+    jnz       SevClearPageEncMaskFromGHCBPageExit
+
+    ; Check if SEV-ES is enabled
+    cmp       byte[SEV_ES_WORK_AREA], 1
+    jnz       SevClearPageEncMaskFromGHCBPageExit
+
+    ;
+    ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted=
.
+    ; This requires the 2MB page for this range be broken down into 512 4K=
B
+    ; pages.  All will be marked encrypted, except for the GHCB.
+    ;
+    mov     ecx, (GHCB_BASE >> 21)
+    mov     eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
+    mov     [ecx * 8 + PT_ADDR (0x2000)], eax
+
+    ;
+    ; Page Table Entries (512 * 4KB entries =3D> 2MB)
+    ;
+    mov     ecx, 512
+pageTableEntries4kLoop:
+    mov     eax, ecx
+    dec     eax
+    shl     eax, 12
+    add     eax, GHCB_BASE & 0xFFE0_0000
+    add     eax, PAGE_4K_PDE_ATTR
+    mov     [ecx * 8 + GHCB_PT_ADDR - 8], eax
+    mov     [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx
+    loop    pageTableEntries4kLoop
+
+    ;
+    ; Clear the encryption bit from the GHCB entry
+    ;
+    mov     ecx, (GHCB_BASE & 0x1F_FFFF) >> 12
+    mov     [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0
+
+    mov     ecx, GHCB_SIZE / 4
+    xor     eax, eax
+clearGhcbMemoryLoop:
+    mov     dword[ecx * 4 + GHCB_BASE - 4], eax
+    loop    clearGhcbMemoryLoop
+
+SevClearPageEncMaskFromGHCBPageExit:
+    OneTimeCallRet SevClearPageEncMaskFromGHCBPage
+
+; Check if SEV is enabled, and get the C-bit mask above 31.
+; Modified: EDX
+;
+; The value is returned in the EDX
+GetSevCBitMaskAbove31:
+    ; Check if SEV is enabled
+    cmp       byte[WORK_AREA_GUEST_TYPE], 1
+    jnz       NoCbitValue
+
+    mov       edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4]
+    jmp       GetSevCBitMaskAbove31Exit
+
+NoCbitValue:
+    xor       edx, edx
+
+GetSevCBitMaskAbove31Exit:
+    OneTimeCallRet GetSevCBitMaskAbove31
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -249,32 +336,6 @@ SevExit:
=20
     OneTimeCallRet CheckSevFeatures
=20
-; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat=
ure
-; is enabled.
-;
-; Modified:  EAX
-;
-; If SEV-ES is enabled then EAX will be non-zero.
-; If SEV-ES is disabled then EAX will be zero.
-;
-IsSevEsEnabled:
-    xor       eax, eax
-
-    ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set
-    ; to 1 if SEV is enabled.
-    cmp       byte[WORK_AREA_GUEST_TYPE], 1
-    jne       SevEsDisabled
-
-    ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if
-    ; SEV-ES is enabled.
-    cmp       byte[SEV_ES_WORK_AREA], 1
-    jne       SevEsDisabled
-
-    mov       eax, 1
-
-SevEsDisabled:
-    OneTimeCallRet IsSevEsEnabled
-
 ; Start of #VC exception handling routines
 ;
=20
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index f688909f1c7d..0e8ba4dde534 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -46,16 +46,13 @@ SetCr3ForPageTables64:
     ; work area when detected.
     mov     byte[WORK_AREA_GUEST_TYPE], 0
=20
+    ; Check whether the SEV is active and populate the SevEsWorkArea
     OneTimeCall   CheckSevFeatures
-    xor     edx, edx
-    test    eax, eax
-    jz      SevNotActive
=20
-    ; If SEV is enabled, C-bit is always above 31
-    sub     eax, 32
-    bts     edx, eax
-
-SevNotActive:
+    ; If SEV is enabled, the C-bit position is always above 31.
+    ; The mask will be saved in the EDX and applied during the
+    ; the page table build below.
+    OneTimeCall   GetSevCBitMaskAbove31
=20
     ;
     ; For OVMF, build some initial page tables at
@@ -105,44 +102,8 @@ pageTableEntriesLoop:
     mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
     loop    pageTableEntriesLoop
=20
-    OneTimeCall   IsSevEsEnabled
-    test    eax, eax
-    jz      SetCr3
-
-    ;
-    ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted=
.
-    ; This requires the 2MB page for this range be broken down into 512 4K=
B
-    ; pages.  All will be marked encrypted, except for the GHCB.
-    ;
-    mov     ecx, (GHCB_BASE >> 21)
-    mov     eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
-    mov     [ecx * 8 + PT_ADDR (0x2000)], eax
-
-    ;
-    ; Page Table Entries (512 * 4KB entries =3D> 2MB)
-    ;
-    mov     ecx, 512
-pageTableEntries4kLoop:
-    mov     eax, ecx
-    dec     eax
-    shl     eax, 12
-    add     eax, GHCB_BASE & 0xFFE0_0000
-    add     eax, PAGE_4K_PDE_ATTR
-    mov     [ecx * 8 + GHCB_PT_ADDR - 8], eax
-    mov     [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx
-    loop    pageTableEntries4kLoop
-
-    ;
-    ; Clear the encryption bit from the GHCB entry
-    ;
-    mov     ecx, (GHCB_BASE & 0x1F_FFFF) >> 12
-    mov     [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0
-
-    mov     ecx, GHCB_SIZE / 4
-    xor     eax, eax
-clearGhcbMemoryLoop:
-    mov     dword[ecx * 4 + GHCB_BASE - 4], eax
-    loop    clearGhcbMemoryLoop
+    ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
+    OneTimeCall   SevClearPageEncMaskFromGHCBPage
=20
 SetCr3:
     ;
--=20
2.17.1