From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.43]) by mx.groups.io with SMTP id smtpd.web09.834.1631557217859046702 for ; Mon, 13 Sep 2021 11:20:18 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=a7nE/uj1; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.43, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V/Snpi4sPlTSwMlDftmuL8dWZEHeUtgO8NC7UbfjRebXpAHOpIMhn+Qed8OC4R5r7uEuEHSDHBeI4t6r9cRn59iFWfKBASbZIDke0pEEtxTR9ZCed3y8PCqNfYh32bjtMlnwDxjK/fGSt4llvpbE8HFbUPVPK1UIxM518+uVzWc+tstJYxw/7c1cTb9TiDteOjsqAmV3zH56Xa/4rDr7p2/SJO8GvcKz2gOByua+nWxSyrpNcJabKMsenpalfrf0NrbemZtmVeJakOPSRa9wdJXN4M29mw0ff8RLLo/LNcjsHnN6vRwSOye0vF0ZdB3lorcL32pgN2x+1/3NGpp0Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3dRb4V0fK8k9wsh5BD7cKK1hfn8YiBLvd8UblL2rvnw=; b=Cf+lq0mQJpdiTZcTL3H3d9k2owEzbcX9mD+rS4/H9YIRIrtzgPOc3zNHWHSCRFTJKg3+U10JH0rydDZi08tWWztqxMx1aaOnYxPDl9vQ0ZhN6CaZH8bvwHsJPDkoyTyXJ7jB/pa7C1Q20442Nn5ekeBkhRmdqKjBks/2e5VKt+qHLy4ZYBJtysJxPnCtPX0qbRL07UBZm8MIxpmfRFDvXyms+jyy5Gavuv7XhLxs7kcsH3UIqlv6iQxmt/5WPEoLRyTwlAs6ipBKm4LYrwDb23BCcKH/GaAhotC86cabUHD8P0rR0gOIWydG0RKp9q3mcBWWnug0LX5lBDoB8HZU+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3dRb4V0fK8k9wsh5BD7cKK1hfn8YiBLvd8UblL2rvnw=; b=a7nE/uj1UpvIR/kbW8awyrK/kfz7ZOlhvYi75NiDhau6e7UKQ5G5Y16pwYF3+9T/VY57kPh+5rmitgI/+dJrTc/xNBFCRo25QP0D9xwJD05/tce19WSekvOQEUtYWK91aO3Q0JDgceHl5kTE1DxiH2G0t/lqDD0AbM+oSyE2uFs= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2830.namprd12.prod.outlook.com (2603:10b6:805:e0::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14; Mon, 13 Sep 2021 18:20:15 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4500.019; Mon, 13 Sep 2021 18:20:15 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth , Ray Ni , Rahul Kumar , Eric Dong Subject: [PATCH v7 21/31] UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV status Date: Mon, 13 Sep 2021 13:19:31 -0500 Message-ID: <20210913181941.23405-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210913181941.23405-1-brijesh.singh@amd.com> References: <20210913181941.23405-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::17) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14 via Frontend Transport; Mon, 13 Sep 2021 18:20:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: feac6c8d-cc8c-4233-01b5-08d976e32243 X-MS-TrafficTypeDiagnostic: SN6PR12MB2830: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1468; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TNJOKAXXix4lLE5Z6sG+eBv91b2ZdqoBCEaFQAqn4xVD7075W5V86E3Q97+jTlxCEXWGSfIRJGPNtDdFwzdqakNwy80493CMKQH6uZSB8TRmNY9hmHG/mqVa07xKULF4VX3n2kEx12T6mDIIh5XsnItnjwrNIHKhE5RTUElv7LyIK9q/Xa+h/Lqyzr7ufacwekX4KgCGlyw7poZGHPs2jqJlfVombgFR56Vv8Ce5TcYKtWAjRhm2/J0dAXSn9ZHCs1Lf9cM6ktsVCKRptI8V/Tu2Ox/rdz4wJAmMng7gK7iuUILJ7Zj04LhN8Y6kQ2tw/3cTnK4QScNrBEZGJUqHEa4B8nLiJkYMJ7mZDlqdxoAyP8gEdzLh/sFQQHCn5ZBl3ifCmGILhFbhOYDjf/acGWIziu44h4dNypAZeTz661jF1XeGOJZBBRDsI0ymRxhdiiP6qcLaLLZO1zqKB0fe0iC2j+nub9VeQ6aU+6yXAs2W4XvhaFrbs+i2FAgRcCkFgktdfddXqQGPWoqWk5+5JBb2pPp3A8p6ZMhMOUpzqpHwCNt2R6i1lwaOpsyDA008MovvFqG7stsE0OHxrTjXuBwxkBMlZ+zd7/Rb8g5dJAKVGMGZpH4/PwrzXKswN25YnROONKgjNJHyDb/j1ALwC8bHqi9dRYSgHdAZtxbrcQ1zs6mtJl77E4qF+Kt4mZcT2z29bZfHF0G8B0PHBSh+6nIYkUyBJfdLQ2ynzxZBa6Yz6FYev//yGC/00EybhZyDlMoqcxCBqR5m50yiEC2L+w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(346002)(39860400002)(366004)(136003)(396003)(376002)(38100700002)(38350700002)(54906003)(4326008)(1076003)(7416002)(186003)(6916009)(66476007)(956004)(2906002)(6666004)(66946007)(66556008)(2616005)(8936002)(83380400001)(478600001)(966005)(44832011)(8676002)(5660300002)(26005)(86362001)(316002)(6486002)(36756003)(52116002)(7696005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?fPgZj4Iwf1Z7YY4rKZe6Q6W2X2w3uYD1kC4tuBcdc1KQf1mCniIOI+6i/YI6?= =?us-ascii?Q?m6gkcOE8v4jaSaDQ2tOw52a5mkDTto/QB/XCy4vt1cPPO3GV2rZmJr0KS9xe?= =?us-ascii?Q?NR5urN8yKEclh7fd7pl2MnShfvB9cx/4YIsucKwjm6rDF4X7V2R2wyL3DyDF?= =?us-ascii?Q?TvgsKDgPHJcHvdNX1lbfzjbV2o4J2gkqaFg9UmAfUNpTXceDl8F3ir9pn2uB?= =?us-ascii?Q?vG+AkLS06lbRVERikocWftftE2/875w4Ypu8mOBuCNnHw1EpKSLTPh3S/Jc9?= =?us-ascii?Q?6fpUIkTUSXGVk2yKDh1Iwjt3yhgPQ5RZR/grB7oZFZewJNX57vBn6TCKc5qw?= =?us-ascii?Q?eKm3eUsk+34XPZ+gN/8eH/e/dPDGa/gYQXgwsgGFCd662+Jjyt/+XnmpaQu4?= =?us-ascii?Q?3O+df13dria+g6XtpLQXNgVb5dLrRLgOJGOeJn2WlmbSTtM8Sz2RXkUYPad8?= =?us-ascii?Q?Bsu/Nf7TQRBpxtsFo0pK8tSy09hK5Jy3591DRimUUyrytC2p/7+fEJ7IF23x?= =?us-ascii?Q?1myudIaxvE3MJdLgoAXSIuNdS3nQLzoJLOu1taFZf0dr1fZz9vQAPQvOqbku?= =?us-ascii?Q?WTwUOPkwx5tWaJwb4Ts5TgQ806YEp5xN99v1PR4/60lB0477rayXgLDcSxGn?= =?us-ascii?Q?nPOpS8sZUyBLZoib/jFZUFcrbmKT2PMh9DsYw+R1cOtUKAcjMNPeo1vPk29/?= =?us-ascii?Q?7c6MiNUIG5/oTfhyG3sz33wnzbi2xnyCdRwzD9fSr4vFljR/NCMbn18SrcQq?= =?us-ascii?Q?wOnNHq7348EjQtn8l7XMJl+j/9Q6518Z2nv4zRfFEe34/4i4s7Gsm3t8ua8W?= =?us-ascii?Q?Zco4VtFUARbtUL8s9cOwTyGvUqDClzfkGnKOPiOeXJD7I2yVHJ3KFDM4s9Ie?= =?us-ascii?Q?vXGS3BJEXXJeEnjNRmvxHOjP0R5ploGG3UhKmgFpRJ0GzTDLtamtaMHZkMy2?= =?us-ascii?Q?DpkesATHelzydYO6tZd9JjutSdMKs9NCr6u2IKHBYKnqoJXmrnXFt9FJ50QH?= =?us-ascii?Q?4And0uopSmBnnVGIhpLX3I4XC9Y2oMptAHV0q9Fa9lbkBgNzoDSJwXsC2GFy?= =?us-ascii?Q?EST5/m/ZlPOADKJxJMDsLfB75rYeW2IamCrdMtmb3PLYELaZxl3NXZu2HTSt?= =?us-ascii?Q?RZ0KGrPootLEWknMxYUlyLtNfjJenE+1DfeouwjDOduXoHsWhevVuUJuT+d3?= =?us-ascii?Q?3Bx6i28iJvf0qlFF1goqqjur+CaSGsBoxw5IF9P19GxgzAAE9K2mkGSlY9f9?= =?us-ascii?Q?/LHScPPv8tLZOmRegEYf6uUTXhnjQkmk1DA3kvWQLhnx8qz7Q4u78UXBEZ6U?= =?us-ascii?Q?XRnRrdBFD8jOyrIpuV33R69m?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: feac6c8d-cc8c-4233-01b5-08d976e32243 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2021 18:20:15.5935 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4h6i0JaIOFmMYFvTThEVDGNzo4WlKMSysNFjiAB8kgCv/omFcLoUhk/gn+VW9+/CDIufnj4SUAhStdQpk/e7OA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2830 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Previous commit introduced a generic confidential computing PCD that can determine whether AMD SEV-ES is enabled. Update the MpInitLib to drop the PcdSevEsIsEnabled in favor of PcdConfidentialComputingAttr. Cc: Michael Roth Cc: Ray Ni Cc: Rahul Kumar Cc: Eric Dong Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Suggested-by: Jiewen Yao Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 2 +- UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 2 +- UefiCpuPkg/Library/MpInitLib/MpLib.h | 13 ++++ UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 6 +- UefiCpuPkg/Library/MpInitLib/MpLib.c | 60 ++++++++++++++++++- UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 4 +- 6 files changed, 77 insertions(+), 10 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a524..76e6aa83b3cb 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -72,7 +72,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## = SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## = CONSUMES - gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b5852..a146bab94317 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -62,9 +62,9 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES - gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c983..388ebef7b0dc 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -33,6 +33,7 @@ #include #include #include +#include =20 #include =20 @@ -741,5 +742,17 @@ PlatformShadowMicrocode ( IN OUT CPU_MP_DATA *CpuMpData ); =20 +/** + Check if the specified confidential computing attribute is active. + + @retval TRUE The specified Attr is active. + @retval FALSE The specified Attr is not active. +**/ +BOOLEAN +EFIAPI +ConfidentialComputingGuestHas ( + CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr + ); + #endif =20 diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M= pInitLib/DxeMpLib.c index 93fc63bf93e3..657a73dca05e 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -93,7 +93,7 @@ GetWakeupBuffer ( EFI_PHYSICAL_ADDRESS StartAddress; EFI_MEMORY_TYPE MemoryType; =20 - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) { MemoryType =3D EfiReservedMemoryType; } else { MemoryType =3D EfiBootServicesData; @@ -107,7 +107,7 @@ GetWakeupBuffer ( // LagacyBios driver depends on CPU Arch protocol which guarantees below // allocation runs earlier than LegacyBios driver. // - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) { // // SEV-ES Wakeup buffer should be under 0x88000 and under any previous= one // @@ -124,7 +124,7 @@ GetWakeupBuffer ( ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { StartAddress =3D (EFI_PHYSICAL_ADDRESS) -1; - } else if (PcdGetBool (PcdSevEsIsEnabled)) { + } else if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) { // // Next SEV-ES wakeup buffer allocation must be below this allocation // diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index b9a06747edbf..bfef1237f452 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -295,7 +295,7 @@ GetApLoopMode ( ApLoopMode =3D ApInHltLoop; } =20 - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) { // // For SEV-ES, force AP in Hlt-loop mode in order to use the GHCB // protocol for starting APs @@ -1197,7 +1197,7 @@ AllocateResetVector ( // The AP reset stack is only used by SEV-ES guests. Do not allocate i= t // if SEV-ES is not enabled. // - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) { // // Stack location is based on ProcessorNumber, so use the total numb= er // of processors for calculating the total stack area. @@ -2032,7 +2032,7 @@ MpInitLibInitialize ( CpuMpData->CpuData =3D (CPU_AP_DATA *) (CpuMpData + 1); CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); - CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevEsIsEnabled =3D ConfidentialComputingGuestHas (CCAttrAmdSe= vEs); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 @@ -2922,3 +2922,57 @@ MpInitLibStartupAllCPUs ( NULL ); } + +/** + The function check if the specified Attr is set in the CurrentAttr. + + @retval TRUE The specified Attr is set. + @retval FALSE The specified Attr is not set. + **/ +STATIC +BOOLEAN +AmdMemEncryptionAttrCheck ( + UINT64 CurrentAttr, + CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr + ) +{ + switch (Attr) { + case CCAttrAmdSev: + return CurrentAttr >=3D CCAttrAmdSev; + case CCAttrAmdSevEs: + return CurrentAttr >=3D CCAttrAmdSevEs; + case CCAttrAmdSevSnp: + return CurrentAttr =3D=3D CCAttrAmdSevSnp; + default: + return FALSE; + } +} + +/** + Check if the specified confidential computing attribute is active. + + @retval TRUE The specified Attr is active. + @retval FALSE The specified Attr is not active. +**/ +BOOLEAN +EFIAPI +ConfidentialComputingGuestHas ( + CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr + ) +{ + UINT64 CurrentAttr; + + // + // Get the current CC attribute. + // + CurrentAttr =3D PcdGet64 (PcdConfidentialComputingGuestAttr); + + // + // If attr is for the AMD group then call AMD specific checks. + // + if (((CurrentAttr >> 8) & 0xff) =3D=3D 1) { + return AmdMemEncryptionAttrCheck (CurrentAttr, Attr); + } + + return (CurrentAttr =3D=3D Attr); +} diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c b/UefiCpuPkg/Library/M= pInitLib/PeiMpLib.c index 90015c650c68..2f333a00460a 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c @@ -222,7 +222,7 @@ GetWakeupBuffer ( // Need memory under 1MB to be collected here // WakeupBufferEnd =3D Hob.ResourceDescriptor->PhysicalStart + Hob.Re= sourceDescriptor->ResourceLength; - if (PcdGetBool (PcdSevEsIsEnabled) && + if (ConfidentialComputingGuestHas (CCAttrAmdSevEs) && WakeupBufferEnd > mSevEsPeiWakeupBuffer) { // // SEV-ES Wakeup buffer should be under 1MB and under any previo= us one @@ -253,7 +253,7 @@ GetWakeupBuffer ( DEBUG ((DEBUG_INFO, "WakeupBufferStart =3D %x, WakeupBufferSize = =3D %x\n", WakeupBufferStart, WakeupBufferSize)); =20 - if (PcdGetBool (PcdSevEsIsEnabled)) { + if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) { // // Next SEV-ES wakeup buffer allocation must be below this // allocation --=20 2.17.1