From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Tue, 24 Sep 2019 04:53:30 -0700
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 9BC303091740;
	Tue, 24 Sep 2019 11:53:29 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-118.rdu2.redhat.com [10.10.120.118])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 607405D71C;
	Tue, 24 Sep 2019 11:53:27 +0000 (UTC)
Subject: Re: [edk2-devel] [RFC PATCH v2 02/44] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function
To: devel@edk2.groups.io, thomas.lendacky@amd.com
Cc: Jordan Justen <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Liming Gao <liming.gao@intel.com>, Eric Dong <eric.dong@intel.com>,
 Ray Ni <ray.ni@intel.com>, "Singh, Brijesh" <brijesh.singh@amd.com>
References: <cover.1568922728.git.thomas.lendacky@amd.com>
 <ca1bb88e858b0637880269ea901244a082b8b2cf.1568922728.git.thomas.lendacky@amd.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <2805b280-297a-12ad-29c7-e17c0aa181cd@redhat.com>
Date: Tue, 24 Sep 2019 13:53:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <ca1bb88e858b0637880269ea901244a082b8b2cf.1568922728.git.thomas.lendacky@amd.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 24 Sep 2019 11:53:29 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 09/19/19 21:52, Lendacky, Thomas wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
> 
> Create a function that can be used to determine if the VM is running
> as an SEV-ES guest.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  OvmfPkg/Include/Library/MemEncryptSevLib.h    | 12 +++
>  .../MemEncryptSevLibInternal.c                | 77 ++++++++++++-------
>  2 files changed, 62 insertions(+), 27 deletions(-)
> 
> diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
> index 64dd6977b0f8..a50a0de9c870 100644
> --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
> +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
> @@ -13,6 +13,18 @@
>  
>  #include <Base.h>
>  
> +/**
> +  Returns a boolean to indicate whether SEV-ES is enabled
> +
> +  @retval TRUE           SEV-ES is enabled
> +  @retval FALSE          SEV-ES is not enabled
> +**/
> +BOOLEAN
> +EFIAPI
> +MemEncryptSevEsIsEnabled (
> +  VOID
> +  );
> +
>  /**
>    Returns a boolean to indicate whether SEV is enabled
>  
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
> index 96a66e373f11..9c1d68e017fe 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
> @@ -20,19 +20,17 @@
>  #include <Uefi/UefiBaseType.h>
>  
>  STATIC BOOLEAN mSevStatus = FALSE;
> +STATIC BOOLEAN mSevEsStatus = FALSE;
>  STATIC BOOLEAN mSevStatusChecked = FALSE;
>  
>  /**
>  
> -  Returns a boolean to indicate whether SEV is enabled
> -
> -  @retval TRUE           SEV is enabled
> -  @retval FALSE          SEV is not enabled
> +  Reads and sets the status of SEV features
>    **/
>  STATIC
> -BOOLEAN
> +VOID
>  EFIAPI
> -InternalMemEncryptSevIsEnabled (
> +InternalMemEncryptSevStatus (
>    VOID
>    )
>  {
> @@ -56,32 +54,57 @@ InternalMemEncryptSevIsEnabled (
>        //
>        Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
>        if (Msr.Bits.SevBit) {
> -        return TRUE;
> +        mSevStatus = TRUE;
> +      }
> +
> +      if (Eax.Bits.SevEsBit) {
> +        //
> +        // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
> +        //
> +        if (Msr.Bits.SevEsBit) {
> +          mSevEsStatus = TRUE;
> +        }
>        }
>      }
>    }
>  
> -  return FALSE;
> -}
> -
> -/**
> -  Returns a boolean to indicate whether SEV is enabled
> -
> -  @retval TRUE           SEV is enabled
> -  @retval FALSE          SEV is not enabled
> -**/
> -BOOLEAN
> -EFIAPI
> -MemEncryptSevIsEnabled (
> -  VOID
> -  )
> -{
> -  if (mSevStatusChecked) {
> -    return mSevStatus;
> -  }
> -
> -  mSevStatus = InternalMemEncryptSevIsEnabled();
>    mSevStatusChecked = TRUE;
> +}
> +
> +/**
> +  Returns a boolean to indicate whether SEV-ES is enabled
> +
> +  @retval TRUE           SEV-ES is enabled
> +  @retval FALSE          SEV-ES is not enabled
> +**/
> +BOOLEAN
> +EFIAPI
> +MemEncryptSevEsIsEnabled (
> +  VOID
> +  )
> +{
> +  if (!mSevStatusChecked) {
> +    InternalMemEncryptSevStatus();
> +  }
> +
> +  return mSevEsStatus;
> +}
> +
> +/**
> +  Returns a boolean to indicate whether SEV is enabled
> +
> +  @retval TRUE           SEV is enabled
> +  @retval FALSE          SEV is not enabled
> +**/
> +BOOLEAN
> +EFIAPI
> +MemEncryptSevIsEnabled (
> +  VOID
> +  )
> +{
> +  if (!mSevStatusChecked) {
> +    InternalMemEncryptSevStatus();
> +  }
>  
>    return mSevStatus;
>  }
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>