From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.40]) by mx.groups.io with SMTP id smtpd.web09.25813.1628528609948666794 for ; Mon, 09 Aug 2021 10:03:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=kbTA7vd0; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.40, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MWYQUNOuv4OKOykLrcV94g0BYm7AHqgu2GMNqI6XQW1tuhdgmotbf8S1hdSZ4fdmsNbDCgKTRPUonNfnRHnFIJyIIMwGUDRx2LglSvRHW98ht56X0676eTLDawY2kjkfuGh/sHj2cfJamcgt2DOwkw+HLJdIsdFyJfZjqMNeLWlTYQKP3UtwjAJfr37X9RgSdHenwqcVyVSPjxxP+xOqHBInz8MVV4eFOOrLIuRD+Ubw+JJkcOvg8Nd4usMdAf/+U89nxQltVjvcoIk7JYk1fXpT7lKJEz5CdXqfXoPtX9ErjcpW08hYHFGMeU3m1M3xoq7QcTVONYnlcMgCNsMi+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=88/VtcHWyU62+TMYX67XMnXTbjd8q8mSUV2vwoXbuQ0=; b=dbgaSoai+25gycby2gbU5m//0MALwi68J8NSdOdPog5dBfVsDnNiL6DWfbgegymOdTyOP3wBipz9c7mzL5BNgnbdYp6xHIBmTNSns2vakTjdVvqZQqGzvUf/OhvdCKsJLcqmN5ezxmR+d0287bDEuXGRALjOEDW/8VQVpXkAViU8vZgrwBxDuXIFPc6+lYt8QWtUK5uF+G2yBac9et3r+v/Jcur6tHo/heutiDHXtQxopRj1JZVNZpx0+48II2Aa5alLZDdrhhlHpEkUO/1tO61N3ATo7NEoqSIr6/pFORIelPWK6txqF1jJMYrYMMOOtst6z+36qIEDPFPLT97u5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=88/VtcHWyU62+TMYX67XMnXTbjd8q8mSUV2vwoXbuQ0=; b=kbTA7vd0vrST30H76Q/T1EhantxL+qJ+J3J93UlWO0sHkWrba3GETRGM9H8uNyWejwbeRBEJtloagzXYNB1Tf1MwtPqqw5HDTwBQBYTcIZV0c5WvBN1ktzrqklDJvGFOK+HJCYLRfRyM0WLN767CaiBwIfXekC9SjLJUPOdEcd0= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM4PR12MB5389.namprd12.prod.outlook.com (2603:10b6:5:39a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.22; Mon, 9 Aug 2021 17:03:27 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4394.023; Mon, 9 Aug 2021 17:03:27 +0000 Subject: Re: [PATCH 3/3] OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm To: Brijesh Singh , devel@edk2.groups.io Cc: James Bottomley , Min Xu , Jiewen Yao , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth References: <20210804202003.17543-1-brijesh.singh@amd.com> <20210804202003.17543-4-brijesh.singh@amd.com> From: "Lendacky, Thomas" Message-ID: <298e16b9-f44c-a10d-a42e-92988e4725c1@amd.com> Date: Mon, 9 Aug 2021 12:03:25 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <20210804202003.17543-4-brijesh.singh@amd.com> X-ClientProxiedBy: SA9P221CA0009.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::14) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.241] (165.204.77.1) by SA9P221CA0009.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.16 via Frontend Transport; Mon, 9 Aug 2021 17:03:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bfd8439b-d296-43a2-fdfc-08d95b579b5a X-MS-TrafficTypeDiagnostic: DM4PR12MB5389: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: I9pOmf96iVahi+uqlWqlDawwfGtFO9cud9gPiescEhmTojemVH1XaQuNwpIPltDLTXQiL19teKmaBSAxu1kYALUEg8BpfkGxS8syvsene9vviKZ4c5tiz2iFktDs1NAfk/dfclKGhJhWzcvtiVKtxJ3lYi7dpxJqBEvrso8ykf3Flf6xkzDQr1GmZKHT1HDUDDoTLxkUpE2KkNvT9d1wU+oYTmGHsbkMwwM1bathc6ByBUm9YUVDoCi4LP2yvd8wWLnil4nxFLyl0FhfgvNg2RFqVBfNvnFt3ySNp9ImL9dZMmIa9Of6SzmwXHVDSxBolOJj1rgkcWEaUil0Mre6bQfAjJ/j2IbT6jzVARtu9HncJT5L+DXh2q79dnKwL5+27s6c+Bqt+itho2rmk7s04sIdIvun60fXOeY70flDL/Gcb7lEHB+rSk+/J4FnUyw4LbPnrzRtozYt3TOc2C6AHVRLjD9wjvTSAwbafdoMxeP2oZ8COfPQmU1PuQd0Uz3YAqRBzStv6HLSk3RLUcNz8jMg4rITxIB1MPflP9wg4D3tSQBw0E5bU0QUA0gcd9wbTEdGIQp3ITkntIGd8K91jqWyEG9MIP2xe0K7WkD34l2BL85m3ncQ867vp6kXrir+OYIko2bzoWvKYV7zia88Tkp+vFr3lpuuzApwZ6UZJTND3cGP43WWr8uKuwNl0BHsW471GkMOK96DHFzAEa4JUJz1s1agzmWnEXtrNi8XeLKTahqPgxG141cL5JOe4mt4bwEW1YlAhnrbhlO1RrQsosIRGwtr3odb6AKT43cmxFlgcfCoVDNL87Vpj1KlSU7ez5TdkLrFDYx8GvxuNWRc/g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(39860400002)(366004)(396003)(346002)(31686004)(966005)(5660300002)(16576012)(54906003)(53546011)(2906002)(316002)(31696002)(66946007)(19627235002)(83380400001)(38100700002)(26005)(478600001)(6486002)(66476007)(66556008)(956004)(86362001)(36756003)(2616005)(8676002)(4326008)(8936002)(186003)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TnpFR0E2Ylc2c2NRNXJOYVFoRTZxUzV4TGVSdmhQZ1JxL2xMZ1JKZWdNMEU4?= =?utf-8?B?N3ptbDY3OCtnRkRleWhJYXBRSEFoT2ZjOFFhL21WZTM2anVSRFhKYWQwY1BP?= =?utf-8?B?anhpblhzdWJWQ3VOSzg5R01pZUVVT3hWVlpPWlZCUlROTzBNbFRNazJVNGFR?= =?utf-8?B?alErWkJKUjdGL1hjZ2szZ3MweG4rWlJnL280dWNMWVpyZWlDY1UySFBJWUJ6?= =?utf-8?B?aE5sRDY4SDdMRGsyRWtuM3d5RzBDUllKZG4yMFhJTGdJOHNSV09pOG84bm5a?= =?utf-8?B?Nm5QZDhoUVdGcTBDdnZ6OXZ5cU54VTNaYVgzSzFrMTBESXNNSnp0dmVwMkUy?= =?utf-8?B?bXk4azBqaU0veGlRWTZmYWEwZGpZTGJBSTFzenBhNHVwbGkxRXNEVEI5TCtD?= =?utf-8?B?MitXS2pRbEtyT3hPNU1yQkRKN3BScXlhaTM4Ynd5T2p2b2hhUGFKTmgzOEJG?= =?utf-8?B?OHpES1I2eXE3QURHejZQL0t3RTFOZ255VFdwUnRTM1BHS29GOE1Yb0FudTNU?= =?utf-8?B?T3k1dTBsUG1SUExNc2xqcWEzWUZ0K3lNRGJ1dVMvWlVwOWJhUDJXV1gyd01o?= =?utf-8?B?aGt4SEZ3MzdoNkRET2k1TGNSYlpmMzlRYXBpeXpBQjMwYjFHOHF4dHdqcThV?= =?utf-8?B?SlE3ZCthRG9UNWoyL21sYkM0a3pnZ2taN0NhL3FRQ0NKcmJqS2dKWW43Zktw?= =?utf-8?B?Y2h1ZGVvZk5WOXpLZCtwK1VjRWp0YlVQeWhsci9ia2tZLzVZdjBvM2pjb2FJ?= =?utf-8?B?OTV1bXE2TnpoSjZIVVRMRHRCZ2lFUTIxcVJOaEFxOWUxS3JHM2NYbkp6b2N0?= =?utf-8?B?Z1FjdVhsbXAya3N2SzBOdU9hZXFkQzBra1E5NGlSWlM3c0lBTTMxcTB6OTd5?= =?utf-8?B?TTVmbFJYVklWbG4rN2hPU1BqZk5jdGxzcWk4cUhCajUrMVNBc2xVWlBUWVhV?= =?utf-8?B?MjF6UUpmN3o3Q3B6UHlmKzNGSFgyUFNNWTdVZ0ZEbk5oTGdaWGZMbjdJZ0Er?= =?utf-8?B?WEh1QS9UcE5lTXlsZzc3Z0NNRnI3S3JZV0VXaEVhakhTQ1NqT2gySVhyUUty?= =?utf-8?B?SkVBNXc2azcrcU5xZmQ5MVBTRnc3dHJLQmlSbXR6Q1d2aVVkbzhhbVJoRHMz?= =?utf-8?B?SXlyNHY1TEg1bzhKZlhOeWNLaithRktIVmZicFJDSlRESUx3MUd4T2dhTk83?= =?utf-8?B?aGc2bFVIVTRXWlpxUXBqR0dJQXNUYkVyRm50Ukx0K0VPUGdJQjQrZzZSWXFq?= =?utf-8?B?WUNCS3RDZGJNQXM4V0ZKMnZhUGdlL2NWS2tUR2FWaUpoRDlpYmV4aWJ2NGd0?= =?utf-8?B?Z2FVeitBQkpENFY5Q2NzSTBMbXpOTHVvWXQwNm1oU3grbkFmMmNnYWRoamxk?= =?utf-8?B?MFhvMGVRYVZ3cDRRWnhZM05KZVplUHdTMXhSZGs3emxjV0lHMWNZbHJFd3BT?= =?utf-8?B?Y1llbDZ3U1Fkb0FsaXdmNndTZ2o0L1VPblBHVzdzbXZoQzY2SEtORnJLTURj?= =?utf-8?B?NVY4dUZJSDlWR0c2UXR3T2RkRHZXSGRRaXVTcUpBdXBPZzRKZTNUU3QrbTlJ?= =?utf-8?B?b295NFdSUVN4SHcvR0pFM29ldkxnQk9Tc0gzOEZTSEg1WUVFdTV4WkhuejNQ?= =?utf-8?B?Vk10R0dqSzdCV2hIVTJadC9yWjJYRW9qZ0h1UXpGQ090dXA4TktJNEJiV3lQ?= =?utf-8?B?dVYvcnZHckRZZlBrWGY1dGlHZWNIeXdzTDNVWkp2OE1Sclk2aThMWExWSUt5?= =?utf-8?Q?ipSeFHCx1rLVHVVRWQax0FFEObsD2mlqSpIqDst?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bfd8439b-d296-43a2-fdfc-08d95b579b5a X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Aug 2021 17:03:27.7524 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Dc22v+ED54xjsnWmhYK6kgz70VPcWnuweOwgOaZBtrZGaUEBaFmes/4cHY1I6lJHUWGGgMIGfK3MeCPTVh5ANA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5389 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 8/4/21 3:20 PM, Brijesh Singh wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 > > While build the initial page table, the SetCr3ForPageTables64 checks > whether SEV-ES is enabled. If so, clear the page encryption mask from the > GHCB page. Move the logic to clear the page encryption mask in the > AmdSev.asm. > > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Signed-off-by: Brijesh Singh > --- > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 113 +++++++++++++++++----- > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 53 ++-------- > 2 files changed, 94 insertions(+), 72 deletions(-) > > diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > index 87d81b01e263..fd2e6abcd4a0 100644 > --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > @@ -44,6 +44,27 @@ BITS 32 > ; The unexpected response code > %define TERM_UNEXPECTED_RESP_CODE 2 > > +%define PAGE_PRESENT 0x01 > +%define PAGE_READ_WRITE 0x02 > +%define PAGE_USER_SUPERVISOR 0x04 > +%define PAGE_WRITE_THROUGH 0x08 > +%define PAGE_CACHE_DISABLE 0x010 > +%define PAGE_ACCESSED 0x020 > +%define PAGE_DIRTY 0x040 > +%define PAGE_PAT 0x080 > +%define PAGE_GLOBAL 0x0100 > +%define PAGE_2M_MBO 0x080 > +%define PAGE_2M_PAT 0x01000 > + > +%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \ > + PAGE_DIRTY + \ > + PAGE_READ_WRITE + \ > + PAGE_PRESENT) > + > +%define PAGE_PDP_ATTR (PAGE_ACCESSED + \ > + PAGE_READ_WRITE + \ > + PAGE_PRESENT) > + > > ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is > ; responsible to populate values in the EDX:EAX registers. After the vmmcall > @@ -117,6 +138,72 @@ BITS 32 > SevEsUnexpectedRespTerminate: > TerminateVmgExit TERM_UNEXPECTED_RESP_CODE > > +; If SEV-ES is enabled then initialize the make the GHCB page shared s/the make/and make/ ? > +SevClearPageEncMaskFromGHCBPage: Just a nit, maybe SevClearPageEncMaskForGhcbPage? > + ; Check if SEV is enabled > + cmp byte[WORK_AREA_GUEST_TYPE], 1 > + jnz SevClearPageEncMaskFromGHCBPageExit > + > + ; Check if SEV-ES is enabled > + cmp byte[SEV_ES_WORK_AREA], 1 > + jnz SevClearPageEncMaskFromGHCBPageExit > + > + ; > + ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. > + ; This requires the 2MB page for this range be broken down into 512 4KB > + ; pages. All will be marked encrypted, except for the GHCB. > + ; > + mov ecx, (GHCB_BASE >> 21) > + mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR > + mov [ecx * 8 + PT_ADDR (0x2000)], eax > + > + ; > + ; Page Table Entries (512 * 4KB entries => 2MB) > + ; > + mov ecx, 512 > +pageTableEntries4kLoop: > + mov eax, ecx > + dec eax > + shl eax, 12 > + add eax, GHCB_BASE & 0xFFE0_0000 > + add eax, PAGE_4K_PDE_ATTR > + mov [ecx * 8 + GHCB_PT_ADDR - 8], eax > + mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx > + loop pageTableEntries4kLoop > + > + ; > + ; Clear the encryption bit from the GHCB entry > + ; > + mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 > + mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 > + > + mov ecx, GHCB_SIZE / 4 > + xor eax, eax > +clearGhcbMemoryLoop: > + mov dword[ecx * 4 + GHCB_BASE - 4], eax > + loop clearGhcbMemoryLoop > + > +SevClearPageEncMaskFromGHCBPageExit: > + OneTimeCallRet SevClearPageEncMaskFromGHCBPage > + > +; Check if SEV is enabled, and get the C-bit mask above 31. > +; Modified: EDX > +; > +; The value is returned in the EDX > +GetSevCBitMaskAbove31: > + ; Check if SEV is enabled > + cmp byte[WORK_AREA_GUEST_TYPE], 1 > + jnz NoCbitValue > + > + mov edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4] > + jmp GetSevCBitMaskAbove31Exit > + > +NoCbitValue: > + xor edx, edx How about moving the xor as the first line of this routine and jumping to GetSevCBitMaskAbove31Exit if the first cmp is non-zero. Then you can just do the move from SEV_ES_WORK_AREA_ENC_MASK + 4 and eliminate the extra jmp statement and NoCbitValue label. Thanks, Tom > + > +GetSevCBitMaskAbove31Exit: > + OneTimeCallRet GetSevCBitMaskAbove31 > + > ; Check if Secure Encrypted Virtualization (SEV) features are enabled. > ; > ; Register usage is tight in this routine, so multiple calls for the > @@ -249,32 +336,6 @@ SevExit: > > OneTimeCallRet CheckSevFeatures > > -; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feature > -; is enabled. > -; > -; Modified: EAX > -; > -; If SEV-ES is enabled then EAX will be non-zero. > -; If SEV-ES is disabled then EAX will be zero. > -; > -IsSevEsEnabled: > - xor eax, eax > - > - ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set > - ; to 1 if SEV is enabled. > - cmp byte[WORK_AREA_GUEST_TYPE], 1 > - jne SevEsDisabled > - > - ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if > - ; SEV-ES is enabled. > - cmp byte[SEV_ES_WORK_AREA], 1 > - jne SevEsDisabled > - > - mov eax, 1 > - > -SevEsDisabled: > - OneTimeCallRet IsSevEsEnabled > - > ; Start of #VC exception handling routines > ; > > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > index f688909f1c7d..0e8ba4dde534 100644 > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > @@ -46,16 +46,13 @@ SetCr3ForPageTables64: > ; work area when detected. > mov byte[WORK_AREA_GUEST_TYPE], 0 > > + ; Check whether the SEV is active and populate the SevEsWorkArea > OneTimeCall CheckSevFeatures > - xor edx, edx > - test eax, eax > - jz SevNotActive > > - ; If SEV is enabled, C-bit is always above 31 > - sub eax, 32 > - bts edx, eax > - > -SevNotActive: > + ; If SEV is enabled, the C-bit position is always above 31. > + ; The mask will be saved in the EDX and applied during the > + ; the page table build below. > + OneTimeCall GetSevCBitMaskAbove31 > > ; > ; For OVMF, build some initial page tables at > @@ -105,44 +102,8 @@ pageTableEntriesLoop: > mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx > loop pageTableEntriesLoop > > - OneTimeCall IsSevEsEnabled > - test eax, eax > - jz SetCr3 > - > - ; > - ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. > - ; This requires the 2MB page for this range be broken down into 512 4KB > - ; pages. All will be marked encrypted, except for the GHCB. > - ; > - mov ecx, (GHCB_BASE >> 21) > - mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR > - mov [ecx * 8 + PT_ADDR (0x2000)], eax > - > - ; > - ; Page Table Entries (512 * 4KB entries => 2MB) > - ; > - mov ecx, 512 > -pageTableEntries4kLoop: > - mov eax, ecx > - dec eax > - shl eax, 12 > - add eax, GHCB_BASE & 0xFFE0_0000 > - add eax, PAGE_4K_PDE_ATTR > - mov [ecx * 8 + GHCB_PT_ADDR - 8], eax > - mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx > - loop pageTableEntries4kLoop > - > - ; > - ; Clear the encryption bit from the GHCB entry > - ; > - mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 > - mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 > - > - mov ecx, GHCB_SIZE / 4 > - xor eax, eax > -clearGhcbMemoryLoop: > - mov dword[ecx * 4 + GHCB_BASE - 4], eax > - loop clearGhcbMemoryLoop > + ; Clear the C-bit from the GHCB page if the SEV-ES is enabled. > + OneTimeCall SevClearPageEncMaskFromGHCBPage > > SetCr3: > ; >