From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.47]) by mx.groups.io with SMTP id smtpd.web09.6933.1639020498700646554 for ; Wed, 08 Dec 2021 19:28:19 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=tL+V2wRl; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.47, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jLWunJ7Wy6S6YlAOn4IfXIqGpIgydu9yieiyXcL3fVz0ren83KFtFqlWY+mGjv/IZRMNj4Z452G6Hp+UZOf2IN0gETZOo51V9t13JRRqDLo/HDHBZEI1sprYSyIFH4QewMrD6VNHLX9Ep9I7si3e+60eP2jyT/6yxbBJ3dwd0Riebunwt4kYLv2sEudivCRXRRio5wZ0mdBAULpViIIvUtkrKzZZvTnUqXppD2d2rHC0tnmUUrV6rwSFCm/iKRwbVVBtk/zIoZr20D1XdliXWBu9nkFamuhxxmf3s7UB9jMZQ2hUlwVGv8A3PlfoVekfZeFv6ufvtBSXkFb+dQGXlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+Bzj241cDLYrgygXwsiNjE2wZEy81zlu3b0LzC+9OmY=; b=ZvqPSwKMg5zXQch+j0xsdWbWCEvcTGxWvKKA3I75yEPBV2UVfxYL8WJO7QZyXsEnhCzEDCwjwjMM8E52LZeKcTAZ6wA6AWQtTdcA7pKaijqnXu6L9/kXJPksB2Ms9yGCnVj/BNG2qhKGfYmOoAM/MJwobZ50gUvVJwMxvdUfoIVtKJc0vX6JmG266vnDs2zC/E888ivioKrywcqzl3K4TVOBBnKdWlrrQ0u21XD7t+ZMm/3uhJqhcv1o8s0B8Sg23ALTklmaiy8c65lx4nj3MzVUQehJuO9SkG9BeF7ycLNEvS0ujtLyVW633z1fh+FlUG2drP3AB7S1XuPL4jRjKw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Bzj241cDLYrgygXwsiNjE2wZEy81zlu3b0LzC+9OmY=; b=tL+V2wRlnJW3EXjx7vcl9uB1u5Y3qGDxcDdnm7FHhxN6KdbOwwRf33HithfQPu3cN5ulJEB6EX4PbuFiirVjhk8veA9J1hYYDPAeTODpQu325GUkktmKbIvb8A3+8i2/1Y9qSeC7c4hwIF4fqZ6uLpnVTGNExEoS75y7tT9tj5E= Received: from MWHPR10CA0005.namprd10.prod.outlook.com (2603:10b6:301::15) by BL0PR12MB5539.namprd12.prod.outlook.com (2603:10b6:208:1c3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.11; Thu, 9 Dec 2021 03:28:16 +0000 Received: from CO1NAM11FT014.eop-nam11.prod.protection.outlook.com (2603:10b6:301:0:cafe::a8) by MWHPR10CA0005.outlook.office365.com (2603:10b6:301::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.13 via Frontend Transport; Thu, 9 Dec 2021 03:28:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1NAM11FT014.mail.protection.outlook.com (10.13.175.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4755.13 via Frontend Transport; Thu, 9 Dec 2021 03:28:16 +0000 Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.17; Wed, 8 Dec 2021 21:28:14 -0600 From: "Brijesh Singh" To: CC: James Bottomley , Min Xu , "Jiewen Yao" , Tom Lendacky , "Jordan Justen" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , "Michael D Kinney" , Liming Gao , Zhiguang Liu , Ray Ni , Rahul Kumar , Eric Dong , Brijesh Singh , Michael Roth , Jiewen Yao Subject: [PATCH v14 01/32] OvmfPkg/SecMain: move SEV specific routines in AmdSev.c Date: Wed, 8 Dec 2021 21:27:29 -0600 Message-ID: <20211209032800.3802995-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211209032800.3802995-1-brijesh.singh@amd.com> References: <20211209032800.3802995-1-brijesh.singh@amd.com> MIME-Version: 1.0 Return-Path: brijesh.singh@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 10674c3a-2fd6-4b1d-e51a-08d9bac3f06a X-MS-TrafficTypeDiagnostic: BL0PR12MB5539:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rx7TWvjrUCGVqdAHBlLBzKj4cPyVEX0A/K85QLh22g9KiHu2Wt3Qe6gag7PYdPl652vYF+JmBaLxBqbLHYpB/ftlbG1TTvJ6uAHlg5fMO/AjcIe2ulJ9UvP695mH3yeq/MdAePu4UnlQkrwiurNSm1wWBw6XL2xTRliNM4CRYGl+yUkL27vY8EVvJTvrJQV9NGugssBCuanlqilBQLza5WreNYn6pvMLN2Z0ar3c99NQg0oxEXIS5G/q0ZFbhPcmHggPGK6c0KZgDMlMhHen6sPguPu4wAJL7I1nirSj4HoswwANvJBoNmWZEJMmnaPZpq3wnuIWB/Q4wRLMMXrP3v2UuHD7e/EjaLs30R6NIxQP+j1pD4UO+kA4hCeiD/Nomeh8k+RDCGHT9nt7McYcNRMs1XCL4N+wL2oAIz+HxzG6JVTX6LZciKB9Y6CZx/W/205fDJeEmX/CC5yfH9cYJ8n9d39nxPUDAJT2p1iKU++8IeGM84YZFDm5ksla80p3pv3YwvHFgAtXXi1XZCGF+SUf1Anv/N9Mf0I8lP/+3115BW+9Vn+qCAJbmcXT+lLUA1VXqTVCctHwsQol3Zh1yptQfOG+A2FopO0R+2tZiq72TNPPde+z1hl2YY8hkGr+XCvxZZsqUOYz2ujXhbkBm3WLMasGfajeNGLfX7KfpeD5NrsoyX5tCSXJMscPS9KpWH5bsF5s/+J2KBoQMILcLE4Z1eyrQ7TdUiDe2h75JaQwnpnEyf30fVrAminDF2FNyh2mMXenL1tm/hsyeefYdRRMntoAzmQM0zC5673shtTUUqqlQ4xDbDd/0xToBmYNpUT5b/wG+82GUvP2DrpbGka/biKasKsvw4OGgDo7UDzpudNGufTRaK3TjqoqNBz6 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(4636009)(46966006)(36840700001)(40470700001)(6916009)(336012)(5660300002)(426003)(44832011)(26005)(186003)(2906002)(36860700001)(2616005)(86362001)(16526019)(8936002)(8676002)(316002)(966005)(7696005)(47076005)(6666004)(83380400001)(1076003)(70586007)(81166007)(356005)(40460700001)(508600001)(70206006)(54906003)(19627235002)(4326008)(7416002)(82310400004)(36756003)(30864003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2021 03:28:16.2999 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 10674c3a-2fd6-4b1d-e51a-08d9bac3f06a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT014.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB5539 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Move all the SEV specific function in AmdSev.c. No functional change intended. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Acked-by: Jiewen Yao Signed-off-by: Brijesh Singh --- OvmfPkg/Sec/SecMain.inf | 2 + OvmfPkg/Sec/AmdSev.h | 71 +++++++++++++++++ OvmfPkg/Sec/AmdSev.c | 164 ++++++++++++++++++++++++++++++++++++++++ OvmfPkg/Sec/SecMain.c | 156 +------------------------------------- 4 files changed, 239 insertions(+), 154 deletions(-) create mode 100644 OvmfPkg/Sec/AmdSev.h create mode 100644 OvmfPkg/Sec/AmdSev.c diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index ea4b9611f52d..41dcdba1209a 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -23,6 +23,8 @@ [Defines] =20 [Sources] SecMain.c + AmdSev.c + AmdSev.h =20 [Sources.IA32] Ia32/SecEntry.nasm diff --git a/OvmfPkg/Sec/AmdSev.h b/OvmfPkg/Sec/AmdSev.h new file mode 100644 index 000000000000..c0b1ca96183d --- /dev/null +++ b/OvmfPkg/Sec/AmdSev.h @@ -0,0 +1,71 @@ +/** @file + File defines the Sec routines for the AMD SEV + + Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _AMD_SEV_SEC_INTERNAL_H__ +#define _AMD_SEV_SEC_INTERNAL_H__ + +/** + Handle an SEV-ES/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-ES gues= t + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ); + +/** + Validate the SEV-ES/GHCB protocol level. + + Verify that the level of SEV-ES/GHCB protocol supported by the hyperviso= r + and the guest intersect. If they don't intersect, request termination. + +**/ +VOID +SevEsProtocolCheck ( + VOID + ); + +/** + Determine if the SEV is active. + + During the early booting, GuestType is set in the work area. Verify that = it + is an SEV guest. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + +**/ +BOOLEAN +IsSevGuest ( + VOID + ); + +/** + Determine if SEV-ES is active. + + During early booting, SEV-ES support code will set a flag to indicate th= at + SEV-ES is enabled. Return the value of this flag as an indicator that SE= V-ES + is enabled. + + @retval TRUE SEV-ES is enabled + @retval FALSE SEV-ES is not enabled + +**/ +BOOLEAN +SevEsIsEnabled ( + VOID + ); + +#endif diff --git a/OvmfPkg/Sec/AmdSev.c b/OvmfPkg/Sec/AmdSev.c new file mode 100644 index 000000000000..27fd24fc137e --- /dev/null +++ b/OvmfPkg/Sec/AmdSev.c @@ -0,0 +1,164 @@ +/** @file + File defines the Sec routines for the AMD SEV + + Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include "AmdSev.h" + +/** + Handle an SEV-ES/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-ES gues= t + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + Validate the SEV-ES/GHCB protocol level. + + Verify that the level of SEV-ES/GHCB protocol supported by the hyperviso= r + and the guest intersect. If they don't intersect, request termination. + +**/ +VOID +SevEsProtocolCheck ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + + // + // Use the GHCB MSR Protocol to obtain the GHCB SEV-ES Information for + // protocol checking + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbInfo.Function =3D GHCB_INFO_SEV_INFO_GET; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + if (Msr.GhcbInfo.Function !=3D GHCB_INFO_SEV_INFO) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + if (Msr.GhcbProtocol.SevEsProtocolMin > Msr.GhcbProtocol.SevEsProtocolMa= x) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); + } + + if ((Msr.GhcbProtocol.SevEsProtocolMin > GHCB_VERSION_MAX) || + (Msr.GhcbProtocol.SevEsProtocolMax < GHCB_VERSION_MIN)) + { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); + } + + // + // SEV-ES protocol checking succeeded, set the initial GHCB address + // + Msr.GhcbPhysicalAddress =3D FixedPcdGet32 (PcdOvmfSecGhcbBase); + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + Ghcb =3D Msr.Ghcb; + SetMem (Ghcb, sizeof (*Ghcb), 0); + + // + // Set the version to the maximum that can be supported + // + Ghcb->ProtocolVersion =3D MIN (Msr.GhcbProtocol.SevEsProtocolMax, GHCB_V= ERSION_MAX); + Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE; +} + +/** + Determine if the SEV is active. + + During the early booting, GuestType is set in the work area. Verify that = it + is an SEV guest. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + +**/ +BOOLEAN +IsSevGuest ( + VOID + ) +{ + OVMF_WORK_AREA *WorkArea; + + // + // Ensure that the size of the Confidential Computing work area header + // is same as what is provided through a fixed PCD. + // + ASSERT ( + (UINTN)FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) =3D= =3D + sizeof (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER) + ); + + WorkArea =3D (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); + + return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D GUEST= _TYPE_AMD_SEV)); +} + +/** + Determine if SEV-ES is active. + + During early booting, SEV-ES support code will set a flag to indicate th= at + SEV-ES is enabled. Return the value of this flag as an indicator that SE= V-ES + is enabled. + + @retval TRUE SEV-ES is enabled + @retval FALSE SEV-ES is not enabled + +**/ +BOOLEAN +SevEsIsEnabled ( + VOID + ) +{ + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + + if (!IsSevGuest ()) { + return FALSE; + } + + SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAre= aBase); + + return (SevEsWorkArea->SevEsEnabled !=3D 0); +} diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 6d81d5b62988..58e3b923b40e 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -26,12 +26,11 @@ #include #include #include -#include -#include -#include =20 #include =20 +#include "AmdSev.h" + #define SEC_IDT_ENTRY_COUNT 34 =20 typedef struct _SEC_IDT_TABLE { @@ -726,157 +725,6 @@ FindAndReportEntryPoints ( return; } =20 -/** - Handle an SEV-ES/GHCB protocol check failure. - - Notify the hypervisor using the VMGEXIT instruction that the SEV-ES gues= t - wishes to be terminated. - - @param[in] ReasonCode Reason code to provide to the hypervisor for the - termination request. - -**/ -STATIC -VOID -SevEsProtocolFailure ( - IN UINT8 ReasonCode - ) -{ - MSR_SEV_ES_GHCB_REGISTER Msr; - - // - // Use the GHCB MSR Protocol to request termination by the hypervisor - // - Msr.GhcbPhysicalAddress =3D 0; - Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; - Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; - Msr.GhcbTerminate.ReasonCode =3D ReasonCode; - AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); - - AsmVmgExit (); - - ASSERT (FALSE); - CpuDeadLoop (); -} - -/** - Validate the SEV-ES/GHCB protocol level. - - Verify that the level of SEV-ES/GHCB protocol supported by the hyperviso= r - and the guest intersect. If they don't intersect, request termination. - -**/ -STATIC -VOID -SevEsProtocolCheck ( - VOID - ) -{ - MSR_SEV_ES_GHCB_REGISTER Msr; - GHCB *Ghcb; - - // - // Use the GHCB MSR Protocol to obtain the GHCB SEV-ES Information for - // protocol checking - // - Msr.GhcbPhysicalAddress =3D 0; - Msr.GhcbInfo.Function =3D GHCB_INFO_SEV_INFO_GET; - AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); - - AsmVmgExit (); - - Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); - - if (Msr.GhcbInfo.Function !=3D GHCB_INFO_SEV_INFO) { - SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); - } - - if (Msr.GhcbProtocol.SevEsProtocolMin > Msr.GhcbProtocol.SevEsProtocolMa= x) { - SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); - } - - if ((Msr.GhcbProtocol.SevEsProtocolMin > GHCB_VERSION_MAX) || - (Msr.GhcbProtocol.SevEsProtocolMax < GHCB_VERSION_MIN)) - { - SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); - } - - // - // SEV-ES protocol checking succeeded, set the initial GHCB address - // - Msr.GhcbPhysicalAddress =3D FixedPcdGet32 (PcdOvmfSecGhcbBase); - AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); - - Ghcb =3D Msr.Ghcb; - SetMem (Ghcb, sizeof (*Ghcb), 0); - - // - // Set the version to the maximum that can be supported - // - Ghcb->ProtocolVersion =3D MIN (Msr.GhcbProtocol.SevEsProtocolMax, GHCB_V= ERSION_MAX); - Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE; -} - -/** - Determine if the SEV is active. - - During the early booting, GuestType is set in the work area. Verify that = it - is an SEV guest. - - @retval TRUE SEV is enabled - @retval FALSE SEV is not enabled - -**/ -STATIC -BOOLEAN -IsSevGuest ( - VOID - ) -{ - OVMF_WORK_AREA *WorkArea; - - // - // Ensure that the size of the Confidential Computing work area header - // is same as what is provided through a fixed PCD. - // - ASSERT ( - (UINTN)FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) =3D= =3D - sizeof (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER) - ); - - WorkArea =3D (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); - - return ((WorkArea !=3D NULL) && (WorkArea->Header.GuestType =3D=3D GUEST= _TYPE_AMD_SEV)); -} - -/** - Determine if SEV-ES is active. - - During early booting, SEV-ES support code will set a flag to indicate th= at - SEV-ES is enabled. Return the value of this flag as an indicator that SE= V-ES - is enabled. - - @retval TRUE SEV-ES is enabled - @retval FALSE SEV-ES is not enabled - -**/ -STATIC -BOOLEAN -SevEsIsEnabled ( - VOID - ) -{ - SEC_SEV_ES_WORK_AREA *SevEsWorkArea; - - if (!IsSevGuest ()) { - return FALSE; - } - - SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAre= aBase); - - return (SevEsWorkArea->SevEsEnabled !=3D 0); -} - VOID EFIAPI SecCoreStartupWithStack ( --=20 2.25.1