From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Tue, 24 Sep 2019 04:53:30 -0700 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9BC303091740; Tue, 24 Sep 2019 11:53:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-118.rdu2.redhat.com [10.10.120.118]) by smtp.corp.redhat.com (Postfix) with ESMTP id 607405D71C; Tue, 24 Sep 2019 11:53:27 +0000 (UTC) Subject: Re: [edk2-devel] [RFC PATCH v2 02/44] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" References: From: "Laszlo Ersek" Message-ID: <2805b280-297a-12ad-29c7-e17c0aa181cd@redhat.com> Date: Tue, 24 Sep 2019 13:53:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 24 Sep 2019 11:53:29 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 09/19/19 21:52, Lendacky, Thomas wrote: > From: Tom Lendacky > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Create a function that can be used to determine if the VM is running > as an SEV-ES guest. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++ > .../MemEncryptSevLibInternal.c | 77 ++++++++++++------- > 2 files changed, 62 insertions(+), 27 deletions(-) > > diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h > index 64dd6977b0f8..a50a0de9c870 100644 > --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h > +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h > @@ -13,6 +13,18 @@ > > #include > > +/** > + Returns a boolean to indicate whether SEV-ES is enabled > + > + @retval TRUE SEV-ES is enabled > + @retval FALSE SEV-ES is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsIsEnabled ( > + VOID > + ); > + > /** > Returns a boolean to indicate whether SEV is enabled > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > index 96a66e373f11..9c1d68e017fe 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > @@ -20,19 +20,17 @@ > #include > > STATIC BOOLEAN mSevStatus = FALSE; > +STATIC BOOLEAN mSevEsStatus = FALSE; > STATIC BOOLEAN mSevStatusChecked = FALSE; > > /** > > - Returns a boolean to indicate whether SEV is enabled > - > - @retval TRUE SEV is enabled > - @retval FALSE SEV is not enabled > + Reads and sets the status of SEV features > **/ > STATIC > -BOOLEAN > +VOID > EFIAPI > -InternalMemEncryptSevIsEnabled ( > +InternalMemEncryptSevStatus ( > VOID > ) > { > @@ -56,32 +54,57 @@ InternalMemEncryptSevIsEnabled ( > // > Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); > if (Msr.Bits.SevBit) { > - return TRUE; > + mSevStatus = TRUE; > + } > + > + if (Eax.Bits.SevEsBit) { > + // > + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) > + // > + if (Msr.Bits.SevEsBit) { > + mSevEsStatus = TRUE; > + } > } > } > } > > - return FALSE; > -} > - > -/** > - Returns a boolean to indicate whether SEV is enabled > - > - @retval TRUE SEV is enabled > - @retval FALSE SEV is not enabled > -**/ > -BOOLEAN > -EFIAPI > -MemEncryptSevIsEnabled ( > - VOID > - ) > -{ > - if (mSevStatusChecked) { > - return mSevStatus; > - } > - > - mSevStatus = InternalMemEncryptSevIsEnabled(); > mSevStatusChecked = TRUE; > +} > + > +/** > + Returns a boolean to indicate whether SEV-ES is enabled > + > + @retval TRUE SEV-ES is enabled > + @retval FALSE SEV-ES is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsIsEnabled ( > + VOID > + ) > +{ > + if (!mSevStatusChecked) { > + InternalMemEncryptSevStatus(); > + } > + > + return mSevEsStatus; > +} > + > +/** > + Returns a boolean to indicate whether SEV is enabled > + > + @retval TRUE SEV is enabled > + @retval FALSE SEV is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevIsEnabled ( > + VOID > + ) > +{ > + if (!mSevStatusChecked) { > + InternalMemEncryptSevStatus(); > + } > > return mSevStatus; > } > Reviewed-by: Laszlo Ersek