From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.86])
 by mx.groups.io with SMTP id smtpd.web11.296.1628196153424961839
 for <devel@edk2.groups.io>;
 Thu, 05 Aug 2021 13:42:34 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=XgF1cqKe;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.86, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=JqNd3pSZuY8u+GyAzElxsj1LA48aGYEwJRGMc52HNc5jxz7d+zqnBqG97AcDOuJUbjadj7+HIO81AxTvFu5TUsKqFSGS3vz+O1uFssDrVd0+b+jIojiN4cgX3Mt2aRtkjVGaliGd1BgawmCeDa5Cy+KAVLNo2Yh0x1EXYcOe3A650DCWKQAZ8g9qAeT0Y51mtzeZGeAT/vTsNxd95FQHfSaXfqwMiGj0JtxE1uIvrWo4BvSFw/kDi0RbWop78Szdfjy4lV+hTMir/vssyFw9i7epdMZ5OKCykB/xcBfYE6yeguzt1IMM54x6IWgblhCsB+Aj5yjGCYima2tNmm5zCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=zZlkBaiV1jh0HJwM6l3qx3eBNzldwBvXH81oox6KavE=;
 b=L7T1DrNe6XExdo5XqGHk6eSRIEPRkbXSTeqVbQH7j1DLvgvmYQLeLTXzvfMT0qhRsC5UxlmP6wHE3bgJpymOFrDE/JazEadOSrxF9F+jg5d421U9FqEnUr8AG3sbqbMfAtmNDRDP8h9bHyXDqZSyzlclydeu2XCd4Xn4VRPIhBWD0VMb9ourI07HpL6+HUO4LAJ2gjuf6JkUPkp6tM4J/FWpRVMuhqClk0SOvHh2glps2PIVb9rITCflnnKBHo6jYhpbiaV4reF8Nhv5/OyVuOw8GwlWEmbEK/elosse/ZJVxkO45+eIBseonB37dCK4CysJ50zYDIcMIwc+KmOoEg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=zZlkBaiV1jh0HJwM6l3qx3eBNzldwBvXH81oox6KavE=;
 b=XgF1cqKe2jlqHLnityTTElz68r0QHr997A8+xxlcUl+cwha3B6kwo9nuRQuq3ytyiWz7ijzFa9ZjUhNo18ArZ3yVY8TmUo+NKqn7p9L2kdTCNjuSMmill0grggGA1yj1aZps9CuDHkQ29nG72GqqMPK9oj3oBf9WTLGni820xtY=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Thu, 5 Aug
 2021 20:42:30 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4394.017; Thu, 5 Aug 2021
 20:42:30 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v2 1/3] OvmfPkg: introduce a common work area
Date: Thu,  5 Aug 2021 15:42:12 -0500
Message-ID: <20210805204214.27792-2-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210805204214.27792-1-brijesh.singh@amd.com>
References: <20210805204214.27792-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com
 (2603:10b6:803:40::14) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.5 via Frontend Transport; Thu, 5 Aug 2021 20:42:28 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b4849019-7037-4c5f-28e8-08d958518a8e
X-MS-TrafficTypeDiagnostic: SN6PR12MB4751:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SN6PR12MB4751A9A844DA657B9AC70602E5F29@SN6PR12MB4751.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	IObBYhqYrveVJo3F8KaEbguwAtkYSJvkAxhDplnaACR5ubC+/rcWbXnW+TvB7M89763CFHCc/jvodxw/cp2nZr2VjCHbeefVUXo7760763mWS9vNROCS8WDWg7v17z4GF07fHnEZVLzI7XlXq0dFBknkFIZHM1yPzg8kWD36hGbBUIQzJurFXIiTEfEDDedWFH/eam6vL10GGl3AY3qy+sGAIo+m+YAi6owrJC9kixbPoh5lbfXstn23Rj/XAhCMO2PgPyNxUx6SSzPToYQvnxDMhS67pHS9aqvT5pZMi7NcFJtpZ2AqyKwrWsZveKU8M13sVjQM3jveamn+nscNY4RT4Y1BOXjNKo2QOMyfhGhrjMzbowkDosOpr9hicSjMW5nFsFST9vTp+RTSENeeVD+gcer12o4DQFnyHR/Oa6pavQytrXZiphA8DYsBEdX0tgf7MylvQKwnBSToKTnmmDZ8q++0CfKLqD+UeRyB3tvpei5QEBBjY9vxKkkeFx8IGNYVkwWZIo0W+w8pu8G8nDoPSN224IfkOwWZAv+mHSRwo0dddhWNd3qUhgPFGwdFf5rtshGmSaa05t+uhpzrtlc8IP7bvxk1BnC1/aN8f7fun7gLmESsst9haJI/TS+iFVyqaGlXM/y7zt+lD+hflBfN7H62WaOBt4FRfe9v9ORLHa7Z2xDpn7zNItk2eR5mv37r2SlZGx0QZkNPbxn3aDZY9gRqKCPMZsYzF4TSj2EfXL/BIu+nYGyYMpqiEA668r9grLZ0bD20SNmwioFhDYMm5I2TbGB9Kll/cplFt7I=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(396003)(376002)(366004)(136003)(39860400002)(36756003)(186003)(8676002)(956004)(2616005)(5660300002)(6486002)(6666004)(2906002)(316002)(54906003)(83380400001)(26005)(86362001)(66556008)(52116002)(38350700002)(7696005)(6916009)(4326008)(38100700002)(44832011)(66946007)(478600001)(8936002)(1076003)(19627235002)(966005)(66476007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?9TJ5iO9pUJ0xSFLaGFyX0hCX5A2xuZmI/JTk1DS9qVOQOdeDjQ1JWK75edMG?=
 =?us-ascii?Q?E4oxE61MAgdNJIww5IARAHYCVMjScAAHm6dKDTMnICSaqBzd8yUV4mhhX+9a?=
 =?us-ascii?Q?mffb4yCs44aOwLoGh7+q58D1x5K9ierXtxtxKOFov8xEP9OhDWtk07jcerzy?=
 =?us-ascii?Q?G1t9Q62ZOPNaAbllFu6Xqov8LXBeiIby3XzWdak7ry24gkCwKV92Q9aTYjZL?=
 =?us-ascii?Q?6yzg8fXp0mAQZNl+QiRXdMxglbryNQXK7DHONBByEFl/10UnJhFJzW06RYyr?=
 =?us-ascii?Q?bGkMopi7g9B5KR/5bKElzhhWhX2OnKqfk+8HmDNdTQ8MfpwfBPbdqg+OpUs7?=
 =?us-ascii?Q?lj460yiILz75RnmfJySBgnXfA7Bxrs7sozQGWUJdHvbb3O2zZRPK0wUaZjtq?=
 =?us-ascii?Q?SjRGPMRo6TmuiaSaDHi4zYyw2tEzZ/CPmRDl5Gdcp2X90p4BGWvUPpyYMMT4?=
 =?us-ascii?Q?0g3g7kKJEJcJDob1WW7jrigufYCbAhASBs2qHv3420z7cVme7cu5Jo5m2/t+?=
 =?us-ascii?Q?xI32rvqKCuVzMTzhwjW/wpVAPcGPclDSFZfWGxtgWsaq9GwIxPucA3MxtulC?=
 =?us-ascii?Q?Ko4u81jABSAsM53YsgD7jSxdXT3nmpzcKwuKS6hL+QtDQNrDzLLHSEpd8PzN?=
 =?us-ascii?Q?6/Syw69wek24i6giqZ9F+53vd39gksF+KAIocuWFPwqpNzofiCTO4f3GfGR3?=
 =?us-ascii?Q?NqRy6FNRfTfhyVkGS7bV34mOWUzV40b4Su1fBVT18MJ3hBLUkFYm8n0ts3BN?=
 =?us-ascii?Q?r/TUx3lIaJH/8OllLlhEyrTy5Q5nzZKizyM+AKSUeURMrkTjVDTshnVlrMCG?=
 =?us-ascii?Q?Ui0n1u9fb3HG3b00ONY7mjrboQ4OdNhIBxPu6+B87NT5n0zyQvoGbYG83yzO?=
 =?us-ascii?Q?KaIHSPinMnGxYQhzGepgSQ/jLUXNtqHddoepuq6v3gbp9VFIQXAnWvxL+v+m?=
 =?us-ascii?Q?xwOjUQ1iEm3X89PL0/3gF7qJU7L6fCzS0Vay4UihXK/WCWKaoHT9lzmjKKRY?=
 =?us-ascii?Q?OUQXn9VHCknGShAzo+YzI1GFRbg9BMO5jHT0884Sqpb/sctB+lUxckGSUeBK?=
 =?us-ascii?Q?bRtjbkO0MKOKGIggSv9MO1jv0avsZUKyI89Jfs8CxbvXCfyp2/uQjVtIZ0v0?=
 =?us-ascii?Q?q7dUYWeH0lmFpo7Jt5RQBJ1xx//GOMWW/UKH4Gh9Yqzgn55FAgJp5GQfOua+?=
 =?us-ascii?Q?7Inc11OVOwM6vwrduRkOt/9XJ0QM9BV4f84uzQvbZ6Bq4NoEylfPlGnR3G0D?=
 =?us-ascii?Q?fZLEQxuyb2UYf/S6tsr6bHxPInrYLfPmLAxuo3SXPHGxkKazVB9xZOV4Al+1?=
 =?us-ascii?Q?aBNv5AgbTLWBH3Z/Q8pVO2ee?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b4849019-7037-4c5f-28e8-08d958518a8e
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2021 20:42:29.1072
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: lY0RDhMHUJsliXlvf9Hn0FtJz6gRE9EIAOuKCHvkkdMKYGThehSxprr8JQ00QWh8rUbre/4pjE4XAMdWkuNYvQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

Both the TDX and SEV support needs to reserve a page in MEMFD as a work
area. The page will contain meta data specific to the guest type.
Currently, the SEV-ES support reserves a page in MEMFD
(PcdSevEsWorkArea) for the work area. This page can be reused as a TDX
work area when Intel TDX is enabled.

Based on the discussion [1], it was agreed to rename the SevEsWorkArea
to the OvmfWorkArea, and add a header that can be used to indicate the
work area type.

[1] https://edk2.groups.io/g/devel/message/78262?p=3D,,,20,0,0,0::\
    created,0,SNP,20,2,0,84476064

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/OvmfPkg.dec                        | 12 ++++
 OvmfPkg/OvmfPkgX64.fdf                     |  9 ++-
 OvmfPkg/PlatformPei/PlatformPei.inf        |  4 +-
 OvmfPkg/Include/Library/MemEncryptSevLib.h | 21 +------
 OvmfPkg/Include/WorkArea.h                 | 67 ++++++++++++++++++++++
 OvmfPkg/PlatformPei/MemDetect.c            | 32 +++++------
 OvmfPkg/OvmfPkgDefines.fdf.inc             |  6 ++
 7 files changed, 111 insertions(+), 40 deletions(-)
 create mode 100644 OvmfPkg/Include/WorkArea.h

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 2ab27f0c73c2..550a58ebcd81 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -330,6 +330,18 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48
=20
+  ## The base address and size of the work area used during the SEC
+  # phase by the SEV and TDX supports.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|0|UINT32|0x49
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize|0|UINT32|0x50
+
+  ## The work area contains a fixed size header in the Include/WorkArea.h.
+  # The size of this header is used early boot, and is provided through
+  # a fixed PCD. It need to be kept in sync with any changes to the
+  # header definition.
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|0|=
UINT32|0x51
+
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1=
0
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 5fa8c0895808..23936242e74a 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -83,7 +83,7 @@ [FD.MEMFD]
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P=
cdOvmfSecGhcbSize
=20
 0x00B000|0x001000
-gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P=
cdSevEsWorkAreaSize
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.=
PcdOvmfWorkAreaSize
=20
 0x00C000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecGhcbBackupSize
@@ -99,6 +99,13 @@ [FD.MEMFD]
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.=
PcdOvmfDxeMemFvSize
 FV =3D DXEFV
=20
+##########################################################################=
################
+# Set the SEV-ES specific work area PCDs
+#
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES=
S) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa=
ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp=
aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia=
lComputingWorkAreaHeader
+##########################################################################=
################
+
 ##########################################################################=
######
=20
 [FV.SECFV]
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat=
formPei.inf
index 89d1f7636870..67eb7aa7166b 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -116,8 +116,8 @@ [FixedPcd]
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
-  gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
-  gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
=20
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L=
ibrary/MemEncryptSevLib.h
index 76d06c206c8b..adc490e466ec 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -12,6 +12,7 @@
 #define _MEM_ENCRYPT_SEV_LIB_H_
=20
 #include <Base.h>
+#include <WorkArea.h>
=20
 //
 // Define the maximum number of #VCs allowed (e.g. the level of nesting
@@ -36,26 +37,6 @@ typedef struct {
   VOID    *GhcbBackupPages;
 } SEV_ES_PER_CPU_DATA;
=20
-//
-// Internal structure for holding SEV-ES information needed during SEC pha=
se
-// and valid only during SEC phase and early PEI during platform
-// initialization.
-//
-// This structure is also used by assembler files:
-//   OvmfPkg/ResetVector/ResetVector.nasmb
-//   OvmfPkg/ResetVector/Ia32/PageTables64.asm
-//   OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
-// any changes must stay in sync with its usage.
-//
-typedef struct _SEC_SEV_ES_WORK_AREA {
-  UINT8    SevEsEnabled;
-  UINT8    Reserved1[7];
-
-  UINT64   RandomData;
-
-  UINT64   EncryptionMask;
-} SEC_SEV_ES_WORK_AREA;
-
 //
 // Memory encryption address range states.
 //
diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
new file mode 100644
index 000000000000..c16030e3ac0a
--- /dev/null
+++ b/OvmfPkg/Include/WorkArea.h
@@ -0,0 +1,67 @@
+/** @file
+
+  Work Area structure definition
+
+  Copyright (c) 2021, AMD Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef __OVMF_WORK_AREA_H__
+#define __OVMF_WORK_AREA_H__
+
+//
+// Guest type for the work area
+//
+typedef enum {
+  GUEST_TYPE_NON_ENCRYPTED,
+  GUEST_TYPE_AMD_SEV,
+  GUEST_TYPE_INTEL_TDX,
+
+} GUEST_TYPE;
+
+//
+// Confidential computing work area header definition. Any change
+// to the structure need to be kept in sync with the
+// PcdOvmfConfidentialComputingWorkAreaHeader.
+//
+typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER {
+  UINT8                   GuestType;
+  UINT8                   Reserved1[3];
+} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER;
+
+//
+// Internal structure for holding SEV-ES information needed during SEC pha=
se
+// and valid only during SEC phase and early PEI during platform
+// initialization.
+//
+// This structure is also used by assembler files:
+//   OvmfPkg/ResetVector/ResetVector.nasmb
+//   OvmfPkg/ResetVector/Ia32/PageTables64.asm
+//   OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
+// any changes must stay in sync with its usage.
+//
+typedef struct _SEC_SEV_ES_WORK_AREA {
+  UINT8    SevEsEnabled;
+  UINT8    Reserved1[7];
+
+  UINT64   RandomData;
+
+  UINT64   EncryptionMask;
+} SEC_SEV_ES_WORK_AREA;
+
+//
+// The SEV work area definition.
+//
+typedef struct _SEV_WORK_AREA {
+  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER   Header;
+
+  SEC_SEV_ES_WORK_AREA                      SevEsWorkArea;
+} SEV_WORK_AREA;
+
+typedef union {
+  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER   Header;
+  SEV_WORK_AREA                             SevWorkArea;
+} OVMF_WORK_AREA;
+
+#endif
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec=
t.c
index 2deec128f464..4c53b0fdf2fe 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -939,23 +939,21 @@ InitializeRamRegions (
     }
=20
 #ifdef MDE_CPU_X64
-    if (MemEncryptSevEsIsEnabled ()) {
-      //
-      // If SEV-ES is enabled, reserve the SEV-ES work area.
-      //
-      // Since this memory range will be used by the Reset Vector on S3
-      // resume, it must be reserved as ACPI NVS.
-      //
-      // If S3 is unsupported, then various drivers might still write to t=
he
-      // work area. We ought to prevent DXE from serving allocation reques=
ts
-      // such that they would overlap the work area.
-      //
-      BuildMemoryAllocationHob (
-        (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase)=
,
-        (UINT64)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaSize),
-        mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData
-        );
-    }
+    //
+    // Reserve the work area.
+    //
+    // Since this memory range will be used by the Reset Vector on S3
+    // resume, it must be reserved as ACPI NVS.
+    //
+    // If S3 is unsupported, then various drivers might still write to the
+    // work area. We ought to prevent DXE from serving allocation requests
+    // such that they would overlap the work area.
+    //
+    BuildMemoryAllocationHob (
+      (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaBase),
+      (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaSize),
+      mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData
+      );
 #endif
   }
 }
diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.in=
c
index 35fd454b97ab..3b5e45253916 100644
--- a/OvmfPkg/OvmfPkgDefines.fdf.inc
+++ b/OvmfPkg/OvmfPkgDefines.fdf.inc
@@ -82,6 +82,12 @@
 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D gUefi=
OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + gEfiMdeModulePk=
gTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
 SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D $(VAR=
S_SPARE_SIZE)
=20
+# The OVMF WorkArea contains a fixed size header followed by the actual da=
ta.
+# The size of header is accessed through a fixed PCD in the reset vector c=
ode.
+# The value need to be kept in sync with the any changes to the Confidenti=
al
+# Computing Work Area header defined in the Include/WorkArea.h
+SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader =
 =3D 4
+
 !if $(SMM_REQUIRE) =3D=3D TRUE
 SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D gUe=
fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
 SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D gUe=
fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase
--=20
2.17.1