From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.54]) by mx.groups.io with SMTP id smtpd.web09.39334.1629208030070082466 for ; Tue, 17 Aug 2021 06:47:11 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=z2+9Dmsm; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.54, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g32oP80NltRzjCa+S6NXTWcyIc2zcVgWSedCsxj0/bZ2xclEKuALBOWt6bYcq7CXTJNSKbLVp13p1ARI0FOKREM0krMrqp5FU4pEQ5wk4plEN1Mp9mvyeCRDPLXpAeWTjyUMdGekpfuuyWOPHjeq0dnD333jlGvgehbw2udVZMKoHbYTal1LTYnfadAwuJt5XsHuTh/MnAQQ+1ByXFYetBU0TZWiTe7cnZ9SFuVq7Pom/fw276N+VyNezkzherGZ+aVxwdwHx91Q7ZCb0hvmcqplpbvkiNg4OIOPLhtNxAXDLNrE8LeRfWQMlxLG8jhijyZd0m1wnoJLwVNvQauH+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gle9WufOikdy5bqhTV/JnLkf4ma4MxlMVPGf8kV7eBA=; b=gsagdgCmU8Yr6/QOLjOUS3mcWe0Otl16fG3wmtrcRjYekGZxzbL8gwMKQmpyaIhcBeJRuOcmRzb/+sHwC2fJ+jC72USGmCtjfyYRqXhHnS34S27nGHxe0EfFgtNtfXqM2SF79uSQVheaR+tsk3NQvEHJJq+PPj/QB2PNIrCa9kuQorOjqDrXjsqnb4Awwp/kN4Auo1Q2LOkFSQsnuknt6/KfW5jcCiLoMV9jOE+PV5tDIjhTGNwt/Qrqj4lSAoJUQ6XuPbUuU6ucmv0niQ9C52lsmv5ETToS5/aiKeKsbzrbJ48h5OaY7w1NQiuVtxfGCMll69QoR7U9xP/juf1tHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gle9WufOikdy5bqhTV/JnLkf4ma4MxlMVPGf8kV7eBA=; b=z2+9DmsmMSYjfD2vwOK1hhWscXDj2nr92vm5UALvGbAz6xnPtWdHd7xpnyf53lufG5uoIs1EAWuVKBaIChEuYiJJYERJuY7A/WI6UCn7kQRGgMT9LWTPIB8Lwmm1jkeqFDid6kKHa6M9fSjd7bXVIGn97T2pIguEUSQ4VE2Pu6s= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2541.namprd12.prod.outlook.com (2603:10b6:802:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.18; Tue, 17 Aug 2021 13:47:08 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021 13:47:08 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Brijesh Singh Subject: [PATCH v3 1/3] OvmfPkg: introduce a common work area Date: Tue, 17 Aug 2021 08:46:49 -0500 Message-ID: <20210817134651.20444-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210817134651.20444-1-brijesh.singh@amd.com> References: <20210817134651.20444-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16 via Frontend Transport; Tue, 17 Aug 2021 13:47:07 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 060656dc-27f1-4abc-70c6-08d96185816f X-MS-TrafficTypeDiagnostic: SN1PR12MB2541: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UY/OTu/B7Qg7vD+i6ybuQOERFO06NmdwR6iSY3iWKJYdGvXiQEo3IW2KJe6z85JYLgJ+s/Af1IyClHFYnZViE7g1TbjDGqIF/SXbt3RrU5efbadlRBn19Cd2OTGB/haYAaaxBWLVzTNQKhOmRZ+O+5L6WuLOo1wqj+rx9KkvlRE+eUM7XwaM758RmdKnIIO0WGJRC6G4ObtMuAIko9JCSm+AtynVbXGCtEljtdC8fiAllj6/ciChoxx+rpsohiRxiyLqsnklgYbQL6A9llk1oHyoRc9v8aaG5dBVfd3cGw996Xl9vsVmoFuxhbtksOoD0fgxTZeGwq3q8/9P/ROKWpQ4B89kWWIRc0nRH+3UhEodYNBX885fE5TNANhHfe1aJSvMl25AW0jEGBz7AhrDCS73Nsh02Vq/NZaS3cErNve03U25aTKPDQaqIvyRzXujghZgQbzP477LN01h4bM3QCmnAXfpAHpM6ZHdxqMR48GkWhzpsP14duFm7FXs2vipm6ArghVFM/eLQ3BsGGgIdDC64QHC5vLzJh0sIq5BAGkTLrxjXBUk/KTVIFSVLSg+FnNXbxSzDBhgtDHu2HwODimyNErrFzb0K+kyQzq1F3aGZuhFzEa7sW8hwXkkz4n9GcGaG97+wuSD/51Rnngasb4bnAUsEFn+pNwSZiMeoAUbjJfPXmdoEXDqeykklC66ZJfInSgHtLdY+gFUKBNAH/k14wm21SmmFpU0p3Tys0qPYbSsOamExNSoHwD0JduFZQkLQSTUIJCoyr5ZDGk4DzYZHv3WpNilJi+dXlaKbAM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(316002)(52116002)(7696005)(8936002)(66556008)(4326008)(186003)(83380400001)(86362001)(19627235002)(66476007)(966005)(6486002)(2616005)(8676002)(478600001)(54906003)(956004)(66946007)(6666004)(5660300002)(44832011)(26005)(1076003)(38100700002)(38350700002)(6916009)(36756003)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?WvqlCztqXzLWfyKaN2RoQsQw4HpwlYZKhwKy9mwyPF0fkqlBBkQl2bB4Jr6s?= =?us-ascii?Q?ngj3LRv6RsMtBBUv+IEDUdge6fXgLLP5c17kW/M5pyCLq4ysskycUYr+EriD?= =?us-ascii?Q?JRLIb+WKuk6NZXsQbptkIH4n9/wBNCUNBZZ9n2t37s6Ht+nLncoCV6MiK6Gp?= =?us-ascii?Q?sjI/iluTM0lRMNiQsDP220tToIsLJpNA+4UMVf/Vop9UfcwHbsKg9FRvJP0t?= =?us-ascii?Q?2dBlIvMt8h5chIbMmNMdeAF8+UtJTG3t07ApRLpoaBu1vkgSZG7tAlA7MZCy?= =?us-ascii?Q?yFa4ePAMVxpDoqSkuB1qu0otAHXvmUjF6xyKxNjfhn5DnXCMz8m8PfgRtitm?= =?us-ascii?Q?CuXrECs7VOHJ8OzI3KdDUHlA+9wBPGIJpLr1dK35zVrXvin6urm19BQuVZof?= =?us-ascii?Q?C9A/m26Xx5MJaikZYG4ODEVy4a0mIIajqHFdfaaQ4umfoCWTtLIfJu8mh/1E?= =?us-ascii?Q?5tm3uoizTKdr0Ix/tY1EMAPJepnT3Elzbe6GQQCQ++TLSxeodO9xsbXpvRkA?= =?us-ascii?Q?aTChEmuGCf8GSazukDVuoTCm0UWQnu5DwZIgnWrlmx+hRNS/LGBhSMI2K45C?= =?us-ascii?Q?JI6tzkb5D8uJQE3xLSSDkFt92Iy91KzDrhbUyLWsrFFBHhyH6nucnzSZ0oeV?= =?us-ascii?Q?EtcCfduCP4DlhdGoIzqbkup/8wymyUrXzmbrv+bOf091CZR72SMRIt/so4MQ?= =?us-ascii?Q?F1254GZ/WSHg8TuDAIygv/5YNAn2fYXw9yz7PhKo+94/aNyGsWDN46LWoxeE?= =?us-ascii?Q?jWeGxHDUmQBLOx4K7DbjMIORmBsFl/rncI/rSs7hsVm+76U5VJEENMe9sFbF?= =?us-ascii?Q?mx+Ffw63Oxa2grYLXNhfhsav2gHIGOXcYXYt/Vbq7MabNctEICK6vghEwxbL?= =?us-ascii?Q?9AJRIAS3Rnq7ILX/NmOQnw/ZbqQB/DsZvTXymDdM50f8X2F9KhrgLeewHpfw?= =?us-ascii?Q?aI5L/3pjOtmXi5sjqB0SdPnp6YDPCEQhCZrifa262rK5zG+AAKWspI1XLKA+?= =?us-ascii?Q?Nf7j6XlAqQR40ezrQCx5Df6dVIcRDS+Mf5iurKqNK4nKOtoIzUCkqAn3rO7P?= =?us-ascii?Q?n7tAh587HDi/WoYBsEv0jAfHIwfahTOAEZiunGMTpVXltk5sLAtu7XJ+VnZt?= =?us-ascii?Q?FrIw35Ae2Pyz54bCkdmvE6eBmy9P46q1ABOLVDRrG9ECwszlnzlwpV58cxro?= =?us-ascii?Q?ISOUYqu1b3aTwOHfY0bCBFHFPr9O6rT0q390w56E1iIjJBzbBlsGh1m4wONt?= =?us-ascii?Q?EetOG0qJv+mpZZXMKj0BPoG9cW3RjDP2sNMCTbm2yxvBLSOpN0aGPSSoL0Bc?= =?us-ascii?Q?lkcxBO3JYyAoabQsYYPW/pcb?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 060656dc-27f1-4abc-70c6-08d96185816f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 13:47:08.3152 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fykCeXDoao5pfBYjt0yjqXV/4B+NxdK1LUwHoC/X0s7mN1ZGew7C0EEIiUtalKCe3bHKBZUXosRndhOmQiWJuw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2541 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Both the TDX and SEV support needs to reserve a page in MEMFD as a work area. The page will contain meta data specific to the guest type. Currently, the SEV-ES support reserves a page in MEMFD (PcdSevEsWorkArea) for the work area. This page can be reused as a TDX work area when Intel TDX is enabled. Based on the discussion [1], it was agreed to rename the SevEsWorkArea to the OvmfWorkArea, and add a header that can be used to indicate the work area type. [1] https://edk2.groups.io/g/devel/message/78262?p=3D,,,20,0,0,0::\ created,0,SNP,20,2,0,84476064 Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 12 ++++ OvmfPkg/OvmfPkgX64.fdf | 9 ++- OvmfPkg/PlatformPei/PlatformPei.inf | 4 +- OvmfPkg/Include/Library/MemEncryptSevLib.h | 21 +------ OvmfPkg/Include/WorkArea.h | 67 ++++++++++++++++++++++ OvmfPkg/PlatformPei/MemDetect.c | 8 +-- OvmfPkg/OvmfPkgDefines.fdf.inc | 6 ++ 7 files changed, 100 insertions(+), 27 deletions(-) create mode 100644 OvmfPkg/Include/WorkArea.h diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 8fb6f257e8e8..c37dafad49bb 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -329,6 +329,18 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 =20 + ## The base address and size of the work area used during the SEC + # phase by the SEV and TDX supports. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|0|UINT32|0x49 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize|0|UINT32|0x50 + + ## The work area contains a fixed size header in the Include/WorkArea.h. + # The size of this header is used early boot, and is provided through + # a fixed PCD. It need to be kept in sync with any changes to the + # header definition. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader|0|= UINT32|0x51 + + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1= 0 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 5fa8c0895808..23936242e74a 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -83,7 +83,7 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize =20 0x00B000|0x001000 -gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P= cdSevEsWorkAreaSize +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfWorkAreaSize =20 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize @@ -99,6 +99,13 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 +##########################################################################= ################ +# Set the SEV-ES specific work area PCDs +# +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader +##########################################################################= ################ + ##########################################################################= ###### =20 [FV.SECFV] diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 89d1f7636870..67eb7aa7166b 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -116,8 +116,8 @@ [FixedPcd] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase - gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 76d06c206c8b..adc490e466ec 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -12,6 +12,7 @@ #define _MEM_ENCRYPT_SEV_LIB_H_ =20 #include +#include =20 // // Define the maximum number of #VCs allowed (e.g. the level of nesting @@ -36,26 +37,6 @@ typedef struct { VOID *GhcbBackupPages; } SEV_ES_PER_CPU_DATA; =20 -// -// Internal structure for holding SEV-ES information needed during SEC pha= se -// and valid only during SEC phase and early PEI during platform -// initialization. -// -// This structure is also used by assembler files: -// OvmfPkg/ResetVector/ResetVector.nasmb -// OvmfPkg/ResetVector/Ia32/PageTables64.asm -// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm -// any changes must stay in sync with its usage. -// -typedef struct _SEC_SEV_ES_WORK_AREA { - UINT8 SevEsEnabled; - UINT8 Reserved1[7]; - - UINT64 RandomData; - - UINT64 EncryptionMask; -} SEC_SEV_ES_WORK_AREA; - // // Memory encryption address range states. // diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h new file mode 100644 index 000000000000..c16030e3ac0a --- /dev/null +++ b/OvmfPkg/Include/WorkArea.h @@ -0,0 +1,67 @@ +/** @file + + Work Area structure definition + + Copyright (c) 2021, AMD Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef __OVMF_WORK_AREA_H__ +#define __OVMF_WORK_AREA_H__ + +// +// Guest type for the work area +// +typedef enum { + GUEST_TYPE_NON_ENCRYPTED, + GUEST_TYPE_AMD_SEV, + GUEST_TYPE_INTEL_TDX, + +} GUEST_TYPE; + +// +// Confidential computing work area header definition. Any change +// to the structure need to be kept in sync with the +// PcdOvmfConfidentialComputingWorkAreaHeader. +// +typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER { + UINT8 GuestType; + UINT8 Reserved1[3]; +} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER; + +// +// Internal structure for holding SEV-ES information needed during SEC pha= se +// and valid only during SEC phase and early PEI during platform +// initialization. +// +// This structure is also used by assembler files: +// OvmfPkg/ResetVector/ResetVector.nasmb +// OvmfPkg/ResetVector/Ia32/PageTables64.asm +// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm +// any changes must stay in sync with its usage. +// +typedef struct _SEC_SEV_ES_WORK_AREA { + UINT8 SevEsEnabled; + UINT8 Reserved1[7]; + + UINT64 RandomData; + + UINT64 EncryptionMask; +} SEC_SEV_ES_WORK_AREA; + +// +// The SEV work area definition. +// +typedef struct _SEV_WORK_AREA { + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; + + SEC_SEV_ES_WORK_AREA SevEsWorkArea; +} SEV_WORK_AREA; + +typedef union { + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; + SEV_WORK_AREA SevWorkArea; +} OVMF_WORK_AREA; + +#endif diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec= t.c index 2deec128f464..2c2c4641ec8a 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -939,9 +939,9 @@ InitializeRamRegions ( } =20 #ifdef MDE_CPU_X64 - if (MemEncryptSevEsIsEnabled ()) { + if (FixedPcdGet32 (PcdOvmfWorkAreaSize) !=3D 0) { // - // If SEV-ES is enabled, reserve the SEV-ES work area. + // Reserve the work area. // // Since this memory range will be used by the Reset Vector on S3 // resume, it must be reserved as ACPI NVS. @@ -951,8 +951,8 @@ InitializeRamRegions ( // such that they would overlap the work area. // BuildMemoryAllocationHob ( - (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaBase)= , - (UINT64)(UINTN) FixedPcdGet32 (PcdSevEsWorkAreaSize), + (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaBase), + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfWorkAreaSize), mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData ); } diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.in= c index 35fd454b97ab..3b5e45253916 100644 --- a/OvmfPkg/OvmfPkgDefines.fdf.inc +++ b/OvmfPkg/OvmfPkgDefines.fdf.inc @@ -82,6 +82,12 @@ SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + gEfiMdeModulePk= gTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D $(VAR= S_SPARE_SIZE) =20 +# The OVMF WorkArea contains a fixed size header followed by the actual da= ta. +# The size of header is accessed through a fixed PCD in the reset vector c= ode. +# The value need to be kept in sync with the any changes to the Confidenti= al +# Computing Work Area header defined in the Include/WorkArea.h +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader = =3D 4 + !if $(SMM_REQUIRE) =3D=3D TRUE SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase --=20 2.17.1