From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.57])
 by mx.groups.io with SMTP id smtpd.web11.39027.1629208030648607891
 for <devel@edk2.groups.io>;
 Tue, 17 Aug 2021 06:47:11 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=cNohJnMu;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.57, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=E/WpSnkitfrbocqk4I3g/f6tX3epoWopGHjdlMQ8k0zqFJWf78EMSAOwqtmLPfc747ijQJjXH2Y+YTCycoSztearMelPCUs7+rQTojAJLEwltjKtlVAxBgAJ9k/CGsh3IDUyR9Ef/XYvfguXH0qB0zijxE61naUvy+j4hz1Ftw2R57nWkzrBLW59y3CjJJPqnj918rXWnbFT77PoTBi2sms0N+h3F4Qb+Qqgmgduy9mKLLCQ+o4gj+viu0qM7wxgzwFLIIoRFE9BkjP0jCJpknoKx/k8mw7oovkwGV1I9BWae/gc8oPwRIJLAi3biIICHK6r0vb2Ul7WTGg7dgNxjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6+sMArgEo+8BWaeD72MNf4fLb65773SBCeAFn0KBGpw=;
 b=LkDQr5xOitlyoBt+tOtg0YuqnJy+6gKlkA+OhyyBX1ZUKWpp81mpDIPYm1mHNiOKlMmCIoxeR5EsEO9y+l2/bYQo5ib+/0uYQ/joSYFojeccEZmPCZu4NbFnA/OO/guZXPYJas7Gg3Bm6dQurwmS3ub2DwFaBRqbfBLfUKpqI3Z7fUWKkB6UWR+c7IFem/8reQRNIkOgrqGFuS7ayX71SUKxBYeLfCzK5SS0D7MZE3kPwJUYBjFsCfrgWjt1qI8Rdz93TdC/Bf6/hftNvBSg6jSLIyfTs5s7FPXQzr8nqGE2EbZIqSKhcmffYFiYpuVQ7bY65Br8BJCzwcmS6KZh9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6+sMArgEo+8BWaeD72MNf4fLb65773SBCeAFn0KBGpw=;
 b=cNohJnMuiJGVAN1LzAqL36BeQAtq4wI0UyNPtb7AHWjt6DT7/VaplINnwYmrXL/E+XptNFFgX1o8Ve/ri+0fjwV9CxjHgqAry8g3hCuXk9mDhUPgID/JfZYGeomyWRBfd06T/djzTGDlo6g34k+nWQjhrttx5uyjMa+t3JC1WBY=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.15; Tue, 17 Aug
 2021 13:47:09 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021
 13:47:09 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v3 3/3] OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm
Date: Tue, 17 Aug 2021 08:46:51 -0500
Message-ID: <20210817134651.20444-4-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210817134651.20444-1-brijesh.singh@amd.com>
References: <20210817134651.20444-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA0PR11CA0165.namprd11.prod.outlook.com
 (2603:10b6:806:1bb::20) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0165.namprd11.prod.outlook.com (2603:10b6:806:1bb::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16 via Frontend Transport; Tue, 17 Aug 2021 13:47:09 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: cb24b475-a2b0-408b-3daf-08d961858257
X-MS-TrafficTypeDiagnostic: SA0PR12MB4384:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB43843F4B95BD11C86FC30A43E5FE9@SA0PR12MB4384.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4714;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	mqA6M3krbh4EnV7iCgvymbAXyJc1f5x1moEwDao6TDm/xwxpj3qA5C/7ObpSngn4ENC+zo6idUIBHlo7/kLxspOsbQCZI3GQ+BOy6FM4Ha/y5ilMlJjexejyt+F2tRX6klJSpq9jUEBsp4cnhpZuLA2V3081k1HCRk5+CO/x/zs9Ne5nEBvsrTWxaQ+SvRbaj4nLqsRNyRy5dF4xKuqYtJMz+8r4JAW/xU+zZvHlR2ig9Yf2AOOy7FCjtu7NGfeyEhuFN6PL/mGMOhbL62iW5wbBGoCsfg9R8Waox3N/7t9eG+hudFLsu4gbni8jMuanGLy7gO55m4/q3Xa9VMEW51HUjJ2tFS6PG81bqVE7KkhZKqxYoTd3WCDRMq+GSslouzRAsmE1535/j1ur9qh2nIOljuV6eGBoiz7VC/RJAl11SwTWOdlPSK+R6XY5aYIw+TvsfCbFRgs7I6J8XZNvYTZb+ShXynw4Y4/PG0sb75kBwhwOMBDgiVqfsxQ0TIGFsJls7DJ3+x0Zq/+2TusoFIpct9FiPSf4O+C98/fMzKDdjrBGfnxnV2umhfrGLo/09M9sqcc8fHm5D2Dagth2ucDWEUoUX18fBlU3pm1vLPZnrv0XdDtuMWbUWt4cbQAmEY3Z74FoUUzs5M+j8JEfBUvjqdFzfDwOdsf9Gifi2P7Y1McLB0PQGl1NNojlm5WS0yD1HuFnBSVgmRXey1FNwsKVdfGVx3XyyNEhFE8lAPxktCxyzt8SmOhae9BLrr0Gmgmp/s0edALzUW0QjvLayPEIABfKtny+JgLUZCoaBFU=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(39860400002)(376002)(396003)(366004)(52116002)(1076003)(26005)(36756003)(83380400001)(8676002)(86362001)(186003)(8936002)(54906003)(956004)(7696005)(2616005)(966005)(4326008)(6916009)(2906002)(66556008)(66476007)(6666004)(44832011)(19627235002)(38100700002)(38350700002)(66946007)(6486002)(5660300002)(316002)(478600001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?drm5bSmqLjbSTZr/fAlD7oy670z2zG0TkksEKeYYZXz5i911OF5MOFwqqr5D?=
 =?us-ascii?Q?DUK+Qj/NBugImY8fHGIqGW+1A0tqniw0aSjh8i8K6DiHshyUQYIqDJXEW8Km?=
 =?us-ascii?Q?gy7/cIK7Pz4DbHHNhJEbGugBit89XVVsFnSl3rkxORMkvtD1NmMz7N8U3ELe?=
 =?us-ascii?Q?fvtbeju6R9WvSd+jj5VVnC+5jScTUN1nwZyBw9npmnunkVtYQ6m6wtq+wfEk?=
 =?us-ascii?Q?9oKGYW/FDCtyL2AiuaQ5abyvIXOaCFP2SqqYqfLB2e6r/YI4GI40d1GTKzGs?=
 =?us-ascii?Q?fDntBle8/rjHrGAyw4idoyFjoWmePKAKadAbz8o/kPVPK2uv0+Ixd0Qd+sIc?=
 =?us-ascii?Q?GL21o5LBxZIGUip/V1ZA6LrYJkF7oEog4VAV9L2kWr4oorFlXbvm3nqTjltW?=
 =?us-ascii?Q?fJLElZEfAVVLjOjJTw9VoRtv3ric30z66JujHhVYzUPgtM9rMESVs/EwCknQ?=
 =?us-ascii?Q?HgCnxHgvmmLvswTnF5lezqfZiSEsTI1rAWGHncVs5+lYXMIDQRCVaqY6mPdf?=
 =?us-ascii?Q?mJcPlTRoNtmRxNfatBwnQokeXWcZrV+J9BqCi+k7I8kmuSAVw3awRmbqwu0L?=
 =?us-ascii?Q?dkptVeDgTZyGVpC27+qnkVVu5xlppA+VyriP+GVlw6QF22b3ZMrj5RxsQhXy?=
 =?us-ascii?Q?+rXUX+kTGuPDNREeCbl9IgFFUPSgLvnwQZY+Rz7y2yW8gr5x5OW9pRBSR+T/?=
 =?us-ascii?Q?9vkYMRmsl5S47uCJ5YoHysMBopLA76lNW8pQbX0dHvxE0tVqHpwQtM2lY+LG?=
 =?us-ascii?Q?EBaYR/shAzJvuo9WTsYA1vHSf6Scgs4xPBun0+BgG1D4I+2Rgcw2gfj7dzEJ?=
 =?us-ascii?Q?LOArv/pDA3j+YuRL8w5lqVtMM/ev2g1Ke8dE707ymBOTbCCbieDVbF8Ya+df?=
 =?us-ascii?Q?T47BLsmx18Bj82czdsuUM+3puKA1aRAyPWjo9rdPV6I5xhhtImI7P5U8pC6T?=
 =?us-ascii?Q?8BoWp7KLMF2vYN1KyTqL/RzK6j05nQJSvQmpwSJgxntcOtlGtVFWVSbBYbLH?=
 =?us-ascii?Q?rCrWTkSrtWy1Lzx3DeWiA+6H6ayXktaGb8q3l9u73PH2SL9wOzw4ztvoI0NE?=
 =?us-ascii?Q?BCKaiZPoGsOZvAzGboe1Qfi+x/FVjT7TjNFtjVarYtJTX05ruBjUCp3EEBm0?=
 =?us-ascii?Q?dmbVOexzIBa64d9lfYszLPmCQWq4nG7g/KD7eEpuJEY1RKaG6o2fYRXU95BP?=
 =?us-ascii?Q?j7kSeWuQOjDq9XXcpsZ1jO91voYtUN8GD2FRCVN62xwS8KcXmAVtwS1xVCmT?=
 =?us-ascii?Q?SHOTvasZcZP5uQMSwKqFnngjHXkp5PwZpwA7buEkkh+F8Q5WGsFgHa9VOZZx?=
 =?us-ascii?Q?5uhw2fGhJC0PAvmmvgJnG2X8?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cb24b475-a2b0-408b-3daf-08d961858257
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 13:47:09.6575
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: FkExokFVnslxMXJRsaS8BLyNA25oGrtMv4I4MX1kuu5vNX5EJJXvbzbNYn357UYMD8fNlXhuuvr6er/DeqBGSQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

While build the initial page table, the SetCr3ForPageTables64 checks
whether SEV-ES is enabled. If so, clear the page encryption mask from the
GHCB page. Move the logic to clear the page encryption mask in the
AmdSev.asm.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 111 +++++++++++++++++-----
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |  53 ++---------
 2 files changed, 92 insertions(+), 72 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index 87d81b01e263..250ac8d8b180 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -44,6 +44,27 @@ BITS    32
 ; The unexpected response code
 %define TERM_UNEXPECTED_RESP_CODE   2
=20
+%define PAGE_PRESENT            0x01
+%define PAGE_READ_WRITE         0x02
+%define PAGE_USER_SUPERVISOR    0x04
+%define PAGE_WRITE_THROUGH      0x08
+%define PAGE_CACHE_DISABLE     0x010
+%define PAGE_ACCESSED          0x020
+%define PAGE_DIRTY             0x040
+%define PAGE_PAT               0x080
+%define PAGE_GLOBAL           0x0100
+%define PAGE_2M_MBO            0x080
+%define PAGE_2M_PAT          0x01000
+
+%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \
+                          PAGE_DIRTY + \
+                          PAGE_READ_WRITE + \
+                          PAGE_PRESENT)
+
+%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
+                       PAGE_READ_WRITE + \
+                       PAGE_PRESENT)
+
=20
 ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
 ; responsible to populate values in the EDX:EAX registers. After the vmmca=
ll
@@ -117,6 +138,70 @@ BITS    32
 SevEsUnexpectedRespTerminate:
     TerminateVmgExit    TERM_UNEXPECTED_RESP_CODE
=20
+; If SEV-ES is enabled then initialize and make the GHCB page shared
+SevClearPageEncMaskForGhcbPage:
+    ; Check if SEV is enabled
+    cmp       byte[WORK_AREA_GUEST_TYPE], 1
+    jnz       SevClearPageEncMaskForGhcbPageExit
+
+    ; Check if SEV-ES is enabled
+    cmp       byte[SEV_ES_WORK_AREA], 1
+    jnz       SevClearPageEncMaskForGhcbPageExit
+
+    ;
+    ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted=
.
+    ; This requires the 2MB page for this range be broken down into 512 4K=
B
+    ; pages.  All will be marked encrypted, except for the GHCB.
+    ;
+    mov     ecx, (GHCB_BASE >> 21)
+    mov     eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
+    mov     [ecx * 8 + PT_ADDR (0x2000)], eax
+
+    ;
+    ; Page Table Entries (512 * 4KB entries =3D> 2MB)
+    ;
+    mov     ecx, 512
+pageTableEntries4kLoop:
+    mov     eax, ecx
+    dec     eax
+    shl     eax, 12
+    add     eax, GHCB_BASE & 0xFFE0_0000
+    add     eax, PAGE_4K_PDE_ATTR
+    mov     [ecx * 8 + GHCB_PT_ADDR - 8], eax
+    mov     [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx
+    loop    pageTableEntries4kLoop
+
+    ;
+    ; Clear the encryption bit from the GHCB entry
+    ;
+    mov     ecx, (GHCB_BASE & 0x1F_FFFF) >> 12
+    mov     [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0
+
+    mov     ecx, GHCB_SIZE / 4
+    xor     eax, eax
+clearGhcbMemoryLoop:
+    mov     dword[ecx * 4 + GHCB_BASE - 4], eax
+    loop    clearGhcbMemoryLoop
+
+SevClearPageEncMaskForGhcbPageExit:
+    OneTimeCallRet SevClearPageEncMaskForGhcbPage
+
+; Check if SEV is enabled, and get the C-bit mask above 31.
+; Modified: EDX
+;
+; The value is returned in the EDX
+GetSevCBitMaskAbove31:
+    xor       edx, edx
+
+    ; Check if SEV is enabled
+    cmp       byte[WORK_AREA_GUEST_TYPE], 1
+    jnz       GetSevCBitMaskAbove31Exit
+
+    mov       edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4]
+
+GetSevCBitMaskAbove31Exit:
+    OneTimeCallRet GetSevCBitMaskAbove31
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -249,32 +334,6 @@ SevExit:
=20
     OneTimeCallRet CheckSevFeatures
=20
-; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feat=
ure
-; is enabled.
-;
-; Modified:  EAX
-;
-; If SEV-ES is enabled then EAX will be non-zero.
-; If SEV-ES is disabled then EAX will be zero.
-;
-IsSevEsEnabled:
-    xor       eax, eax
-
-    ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set
-    ; to 1 if SEV is enabled.
-    cmp       byte[WORK_AREA_GUEST_TYPE], 1
-    jne       SevEsDisabled
-
-    ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if
-    ; SEV-ES is enabled.
-    cmp       byte[SEV_ES_WORK_AREA], 1
-    jne       SevEsDisabled
-
-    mov       eax, 1
-
-SevEsDisabled:
-    OneTimeCallRet IsSevEsEnabled
-
 ; Start of #VC exception handling routines
 ;
=20
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto=
r/Ia32/PageTables64.asm
index f688909f1c7d..07b6ca070909 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -46,16 +46,13 @@ SetCr3ForPageTables64:
     ; work area when detected.
     mov     byte[WORK_AREA_GUEST_TYPE], 0
=20
+    ; Check whether the SEV is active and populate the SevEsWorkArea
     OneTimeCall   CheckSevFeatures
-    xor     edx, edx
-    test    eax, eax
-    jz      SevNotActive
=20
-    ; If SEV is enabled, C-bit is always above 31
-    sub     eax, 32
-    bts     edx, eax
-
-SevNotActive:
+    ; If SEV is enabled, the C-bit position is always above 31.
+    ; The mask will be saved in the EDX and applied during the
+    ; the page table build below.
+    OneTimeCall   GetSevCBitMaskAbove31
=20
     ;
     ; For OVMF, build some initial page tables at
@@ -105,44 +102,8 @@ pageTableEntriesLoop:
     mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
     loop    pageTableEntriesLoop
=20
-    OneTimeCall   IsSevEsEnabled
-    test    eax, eax
-    jz      SetCr3
-
-    ;
-    ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted=
.
-    ; This requires the 2MB page for this range be broken down into 512 4K=
B
-    ; pages.  All will be marked encrypted, except for the GHCB.
-    ;
-    mov     ecx, (GHCB_BASE >> 21)
-    mov     eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
-    mov     [ecx * 8 + PT_ADDR (0x2000)], eax
-
-    ;
-    ; Page Table Entries (512 * 4KB entries =3D> 2MB)
-    ;
-    mov     ecx, 512
-pageTableEntries4kLoop:
-    mov     eax, ecx
-    dec     eax
-    shl     eax, 12
-    add     eax, GHCB_BASE & 0xFFE0_0000
-    add     eax, PAGE_4K_PDE_ATTR
-    mov     [ecx * 8 + GHCB_PT_ADDR - 8], eax
-    mov     [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx
-    loop    pageTableEntries4kLoop
-
-    ;
-    ; Clear the encryption bit from the GHCB entry
-    ;
-    mov     ecx, (GHCB_BASE & 0x1F_FFFF) >> 12
-    mov     [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0
-
-    mov     ecx, GHCB_SIZE / 4
-    xor     eax, eax
-clearGhcbMemoryLoop:
-    mov     dword[ecx * 4 + GHCB_BASE - 4], eax
-    loop    clearGhcbMemoryLoop
+    ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
+    OneTimeCall   SevClearPageEncMaskForGhcbPage
=20
 SetCr3:
     ;
--=20
2.17.1