From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.77]) by mx.groups.io with SMTP id smtpd.web10.6826.1639020510392814503 for ; Wed, 08 Dec 2021 19:28:30 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=x+e9QdkK; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.77, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XGUGNEvxWTBxOJbQK3k3CSlZtRN2RQqx7Qzi5IrUCVZBFiPjM299JeW4KcJgA0Lq8ubbk4qNEpCQyGcaSjpGH4p+yDlj1oewDgZiHTO0oRJQfjAJVTvgw21r/V9J28q40aRE0xtzjyeaM1ICBYoZI3NVXPcqlr2pvHHczUgysmWhx/BmXt2mFPUkN8S1p/WPiVOXOAROStF+lALqZ6ekx2vB92wkN0lHSfGlsRMyUWRSta/k0Rf1H2zgdDBmIP9kgv0+bxrREdjuIO+ocFLvuEskp4TcURSu7QZPHCkR//SFZeFpVqkAwv/WJo9ymtGqdyGGoB0FQWB1Ou1WR9fyug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iPgTTi5Ri9rWFFO7P4CBIzTHfIHae3OVb4Rd4TttkGk=; b=dcPFcYWnB4k9B6WVA1mzAuCeVyCDqunUTWue+meLr4SsdJJFYagtvndByZUQby4dB0ulGNEL8JoVxccFXC4WK80HjCazk7jbRpHiKP7VtWh4cAyFKhS3kaDW5dYEZUdFi9Kdv/doJVbUhvaJ7+/1cwp6Zlzcci6K1aWxOxYVgBkxSXz49G6xJ6ckvPGlHVFyhwsoW4c99+qm/dSgxMzE//TyPbsKvrFApAqQ1SlHwOEXnzUT7f7lUoc77BuoXi3+VTRWQV2dACjAZewveb6fqhhHM2RhKEuiDhIvFNfkA3qQPPlCyeg2/3ukuCyNJpR15vZVeWWljTEof9y1qUcCoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iPgTTi5Ri9rWFFO7P4CBIzTHfIHae3OVb4Rd4TttkGk=; b=x+e9QdkKBj8F/ggjJGeS53Z2bA6MzwPPm+M2uCHEloLoHKVdiXt1SrXc+Xh1N3bgMFLMomz27p4iSrea6UsU4AF2V9IYPxchUfYJtfVJucS9rp3zwOF0I2DnYt9iaJftZ27DYgy8muW/BvEwqJ82ipq8scMWhI1mxLTHIsOqiZ0= Received: from MWHPR1401CA0024.namprd14.prod.outlook.com (2603:10b6:301:4b::34) by DM6PR12MB3993.namprd12.prod.outlook.com (2603:10b6:5:1c5::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Thu, 9 Dec 2021 03:28:28 +0000 Received: from CO1NAM11FT016.eop-nam11.prod.protection.outlook.com (2603:10b6:301:4b:cafe::ee) by MWHPR1401CA0024.outlook.office365.com (2603:10b6:301:4b::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21 via Frontend Transport; Thu, 9 Dec 2021 03:28:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1NAM11FT016.mail.protection.outlook.com (10.13.175.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4755.13 via Frontend Transport; Thu, 9 Dec 2021 03:28:28 +0000 Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.17; Wed, 8 Dec 2021 21:28:25 -0600 From: "Brijesh Singh" To: CC: James Bottomley , Min Xu , "Jiewen Yao" , Tom Lendacky , "Jordan Justen" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , "Michael D Kinney" , Liming Gao , Zhiguang Liu , Ray Ni , Rahul Kumar , Eric Dong , Brijesh Singh , Michael Roth , Jiewen Yao Subject: [PATCH v14 09/32] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Date: Wed, 8 Dec 2021 21:27:37 -0600 Message-ID: <20211209032800.3802995-10-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211209032800.3802995-1-brijesh.singh@amd.com> References: <20211209032800.3802995-1-brijesh.singh@amd.com> MIME-Version: 1.0 Return-Path: brijesh.singh@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 893f8111-e77c-49af-cd2e-08d9bac3f77d X-MS-TrafficTypeDiagnostic: DM6PR12MB3993:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:196; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6hUMJ94jiJkEiaHCWJf6nB+8ceoT6jXS2bzUKE9FBv/8rLRgl4ZAkMH3i9AiHOMsWKocuX6DOpIPS2cZhGd6tnF8FQSIPy865nE3BSqIm1jRs9VCyyvLi0xIoOOUQ+N1Qfgc3G+67WyiIPSLWABoqS0Z6JppjpJEdkTXRMWWEWQj28aqqQKla3srZxE6ajnD8dGaTr361Keyq6JfrXVihu1TnkDmEurxV70RkBgobxXQjGqoLAJbWjglKIz/TlakNJ0zFENtN9BtdEcZNcTIyPRAC4t4MT78xkD+z/BOm50awQTzbEspJCMErZ86PqkT96v93wQUccq5aC2AEkgZvIJWo4oVCRJ7C08pANBex6CiOFNWABrlRDhaWEKJkKj/e5DJzEMCGyJUaZmFswg35BrFFLRdI4V30ZVuXX2C4GrwT3OYypme0bpJvgrJU/f/Sa/AoLm+CN0SXJPuHWP5yxq3HzoEvGFBG60Qf/kbk+EgHycz5y1d4E7GLj8waDgAm4c2ZdmUp9pvkFk7Ie8FnJ5b+n2f4ajT2zu3yQ+3wSPz5b/t5atSkR2XWw9lGdKyo6Man9+kgv3DxdK9lE/6hXvnJXaJO20BMAdYyUkBlDZI8d51S22L8ZsQRplgCLU352AWglW3RmwlhbI5o04NV5OsxwjqIesVwcSxomOK575h6g2Y6qej7qrhvaKd4Nb+oi8+mttgvbgIpqyB+doXNYUK+/VKHmw5+Kk35ICRF2geunMTsIUDSrU1lP6yP+sxD3/gD1HCxvQZFvZyzjdAhXFUsraKcENEisYMh8kQ4bf3H5GTS40l+SVRswJhI3dOlFSTVft6r99GMMTFyo4z9yyDooDwTavv6f9mbNOpld+kgJSI2OywLWvgvPWIZ0628Z9Ez2ntcHn2sNGU2CcrBg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(4636009)(36840700001)(46966006)(40470700001)(36756003)(2906002)(40460700001)(8936002)(316002)(16526019)(508600001)(2616005)(186003)(26005)(5660300002)(336012)(426003)(86362001)(7416002)(6916009)(966005)(54906003)(70206006)(8676002)(81166007)(36860700001)(44832011)(7696005)(6666004)(82310400004)(356005)(4326008)(47076005)(70586007)(1076003)(213903007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2021 03:28:28.1523 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 893f8111-e77c-49af-cd2e-08d9bac3f77d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT016.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3993 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Create a function that can be used to determine if VM is running as an SEV-SNP guest. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Acked-by: Jiewen Yao Acked-by: Gerd Hoffmann Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++++++++ .../DxeMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../PeiMemEncryptSevLibInternal.c | 27 +++++++++++++++++++ .../SecMemEncryptSevLibInternal.c | 19 +++++++++++++ 4 files changed, 85 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index e1ec161d2159..3c77d71df754 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -47,6 +47,18 @@ typedef enum { MemEncryptSevAddressRangeError, } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE; =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ); + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 4fee7b2ab345..15fcd5529587 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index c4aa74a0a2dd..d68ff08c3ea6 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index b5b365641499..5d912b2a4a5e 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -62,6 +62,25 @@ InternalMemEncryptSevStatus ( return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 =3D InternalMemEncryptSevStatus (); + + return Msr.Bits.SevSnpBit ? TRUE : FALSE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 --=20 2.25.1