From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 24661AC161D for ; Mon, 20 May 2024 17:46:25 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=PJ2Oia8ZmMFkgCE2+bNpAGpI5yEREqCvbalE+3+nc8Q=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:User-Agent:Subject:To:Cc:References:From:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1716227184; v=1; b=CzqBMPEyiZNscLsJbl0jYUuHK5AJ3nhBKPn5VVpUaLPaq1WQES8++UiypZ9sm+/ypP2N6YPU dHy3GPuAG2uHUQQX56NZN0sRmwts1/Bj0qJBfp7zftZBkXML/+KdFXIke3E7DkQLcFC4LFxLw5q 5nsF+qhkP6/9ggHKxU7701F83GkOW0fGxO8GZBlwTkc3ggupxEBrL7veQOXs82fIi5yegOfK+en 8sw8di5uxQbs+m0ztQvYvPatmIsxU5qXggzuiYv8A0WEUOOwDnQ6I8pkgvd7Yun4emVxEB3UkYQ aNZirPK6Wyi2LdU+7EBLdK8N6Mok8PabvdMHLWRZGltJQ== X-Received: by 127.0.0.2 with SMTP id QqqrYY7687511xA7cY2eVrJ2; Mon, 20 May 2024 10:46:24 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.69]) by mx.groups.io with SMTP id smtpd.web10.2987.1716227183612827684 for ; Mon, 20 May 2024 10:46:23 -0700 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) by DM4PR12MB7719.namprd12.prod.outlook.com (2603:10b6:8:101::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7587.35; Mon, 20 May 2024 17:46:20 +0000 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52]) by BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52%7]) with mapi id 15.20.7587.030; Mon, 20 May 2024 17:46:20 +0000 Message-ID: <4f8f07c6-4c7c-f305-b36b-38b7562196be@amd.com> Date: Mon, 20 May 2024 12:46:17 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [edk2-devel] [PATCH ovmf v3 3/5] OvmfPkg: Add AMD SEV-ES DebugSwap feature support To: Alexey Kardashevskiy , devel@edk2.groups.io Cc: Liming Gao , Michael D Kinney , Zhiguang Liu , Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Michael Roth , Min Xu References: <20240502143445.526098-1-aik@amd.com> <20240502143445.526098-4-aik@amd.com> From: "Lendacky, Thomas via groups.io" In-Reply-To: <20240502143445.526098-4-aik@amd.com> X-ClientProxiedBy: SA1P222CA0129.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c2::9) To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|DM4PR12MB7719:EE_ X-MS-Office365-Filtering-Correlation-Id: 540664f7-20c4-4b64-429d-08dc78f4c206 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: =?utf-8?B?c29teUF4L244Rnp1OVVORDVCTmIzNU9DOHpsUytxdkZXUHJiT21GUk9FeVZr?= =?utf-8?B?OWZwVWsxRmVPbDF5a0g3OUNEeEFKUkh5bTNtU01IQTMrVFYyT1puMDVoNFdO?= =?utf-8?B?U3dpQnJGN3NleDUxajdiNHJSNnpPUW1PdVdxQlJKYUkwVUgxS0Fxc0IxWW5J?= =?utf-8?B?dTB2a1o0UU11YXE3M1llelVmeU9KUm5Zd2h1MzgrbFEybjVIL3NiVHJSTEZ3?= =?utf-8?B?S0dmY2loQzVxUEhTY2JlY2lPNElROUdpL1Ntb1ZsUE5VdlA1ODQvTWhoNFRZ?= =?utf-8?B?ZlVRbzcrUVR5RWdlaGxqckZRNFZmQi9NaUNOTHlLclVoRy8rN0VQZmZ0RHVL?= =?utf-8?B?ODVrZUVQbm13cGFtanZFNE5aMUR5NXFHaFJ4S2hWZ1Nha0JNcWpjbm0xS2Y3?= =?utf-8?B?OFowMFFxeHZsclg4MmJuTFgxMVhLeWRZV1pOL0Nkemd6ZjNpcnFabUxPK3hs?= =?utf-8?B?S0dCbWw5dkVsbWZyNVMxSzY5d2FzbWtqcjlYWkFKVmJyTndjNjRUc1hmZVFD?= =?utf-8?B?eU5oY3M3bXJrNHk1MkNMTVpuZWE5TDBxS0VKUGxSUHhNUGwxZmtBUXZBb0d0?= =?utf-8?B?TnFxVWU4TXRVWWszeitCbDBudWlvLzQ4Z281eVJ5WWJBVnJQU3p6aU40L2NK?= =?utf-8?B?bEhHSmI0Zy9TblFqNGtRejBqVlRLM3dmdnRMeExKaXI3a2Flc2NHa3Y0R0Yz?= =?utf-8?B?YmZiVmh2emFrdlYvSDVlTk9Ra2ZzalcyK2ptMG5LRjNTa3pjTVVORnN3WlFr?= =?utf-8?B?cVVhTHJMVkJvcWlnQ245ci9jY2VJdzV5cktaV21qM0tmdGhtVFR5WnFPRkxZ?= =?utf-8?B?MjZidldrRzVIWTI5QnJqSCsrNzg4RUI4V2puclBDSDJNWU1sZE9OcjNuNVdS?= =?utf-8?B?QUJjVTdwNFBaMDE5NHNWb1BJb2J3Y3hnakE1ZnBtcVhSNW1VV24vbEx0ZVRz?= =?utf-8?B?UE80WFA5U0dZWnFnMFBqM2I3ZS9iZC95YjdMVnJZTmhQdTkwMVdGWk4yY3Zo?= =?utf-8?B?SzZWbjdtbGU3bU5jT0QyRXJkVjJkOUpMNE1JaDJWTGVUQkRkbGlxWFpUalc2?= =?utf-8?B?eWJZa2V3N0ZHRjF2OUFXVFdsTG95dVNXdk9YVmlOc3IyL3ZycGZwd0VNYUxV?= =?utf-8?B?VSthZGNEWlNSQzd0ck5YUkd2NHpTWTgrbytyM0Q4UWxBUmZONnVKRE5iaXJK?= =?utf-8?B?cTk5MDg4MWEzZ0d2UXQrWVJSR0R1dDlmYjNZNGtSZnhDVmowY0wxdTZhVkV6?= =?utf-8?B?SlRzZVpVT0tEYmRLVWhMK1prZTVrWGFmbmFmUWxzR3djdkFZMEFWMEFsalQy?= =?utf-8?B?Um1UdkZDdEFiNVZLd1BmZGhERU9YMVhNL3krQlZPdHU5aS9TY0d1MVpscHZI?= =?utf-8?B?RXgwMUF6cGxDL1lMNkx5czF2UzFSREVNWGluUHEwWWdiNlJCbXlXVG5LNmdQ?= =?utf-8?B?cDdxRDRMdGVDQW5OZ1NxbHlEL3FjTmdVMTBoQzM4Sks2dTVkMkFZVnYvV28y?= =?utf-8?B?dlRUR1hKeXM3bjhLSEc3bVdkYkJQdEVRS3BUNkZLWGlqZFlYL0tzLzBacytM?= =?utf-8?B?bysrOFRzYWRNNlBIanAzYzVhczQzRXplZkVwYjdWRU1sSk40ZHpid09xM3RP?= =?utf-8?B?cy85Wkh0V1ZFaS9WaG5weHgxREJ0bzFZTzNiWUcrMy80dGV2NDdvRmQ2Rjhm?= =?utf-8?B?SWdLWndwMEVqOW1Sd0NYeWRxL0JCL2RmVGc5M2dTUDFja3VnS0JOdFdRPT0=?= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dkVoUDA3U3F3czk2RWZEbzBvOWtuRzF4cHNaM2VlWjFtSzZ2WjJ0WXJ5Z3JF?= =?utf-8?B?Y1JIMkcvVk1iTmNqdldoQ3ducVJMNSs0YVM5SW1CaUxPSDBrSHdJOXV0UDNp?= =?utf-8?B?dFBqWWY3bHJXbkZoUDJJUEU5aHlrMTNnNUZHZ21iWm01ZXJCREZPWFpZa2Jz?= =?utf-8?B?ZzdzQ2hyalN1YzYrb09lVlI2ckRXZ1Fvak1uL05IYm1mWXJNY1NZZEVzTnpl?= =?utf-8?B?NG1CNytZbGhhY2wxOU5DZnVsMnM0NTFzM0tBZU5vSElXRkFpNmREMWd0YnYr?= =?utf-8?B?UzJaT2dVTldyK1JEVmp1RjVqWHlYTzFoWHlpcjJUWU0wdVZUR2FUamUyN3Yr?= =?utf-8?B?UlZlYm96MC9DSHl2cTlRUzZ5Y2tKSFNOWk1GdW1icWt2WFlxeHhTVlNNeHJM?= =?utf-8?B?M29ZU0N5ZWxqV01PQ0tmcTNkbE12WHNxQk1qa2ZUYkgzd21DalRCWk1GK1ZH?= =?utf-8?B?R1VaZ2FEUStUY3Npd3lRK1RzK2tOMCtsaExKV0JqTmYvSThROGVtQWduQXhJ?= =?utf-8?B?bTJzcEp2d05hK2lQWTBjTHYrQlJWOGpTQW5NWTYxRU1nZ3Y3aDFwRUF3RGFh?= =?utf-8?B?a2dseUhscDNiRWhvYW5icC80MEpNZjFHcTJFdU5sZmU3MkZ1WVJWNkVXVVJm?= =?utf-8?B?dzhBV0Zzd0QvUGRWZS9obUxZcW52VUlod1g2Sk5IWDA4VGNUYXpFeTNMZG1a?= =?utf-8?B?SXc3MGdBZEtVRHUzc1RQWmZvRnNzUDNxNkRFUDN3UlpRZVp5RmkxSDJnSHhR?= =?utf-8?B?R3ZNbUsvUG5pVHFCbGlQOEtrUURXZ0d0SEMxSHJjOW5HUTM1bnNFeU0xNEky?= =?utf-8?B?c3R2VGNoTEVjZytrekx5ekFZck1qQ1k4R2VWeWhDR1BIQmJ6NlhQcUNDaEZo?= =?utf-8?B?YWUrWTZUbC80NlpQYm0yQis4c1p2OGhNMCs3blNYNmhJZjk5U0RVY0xIWlF3?= =?utf-8?B?b0tTanI0TENsOC81RVdnOVEyZU1uZUlXTTFFOEhwRGZRUW5BREw0Ti9GOGc1?= =?utf-8?B?b2R0RDd1MHkyc0lTbng0c2wvTkFVeTFUVm53NFhDNHp0c3ZUeTZocy91WVdw?= =?utf-8?B?a1lHUHkxNVBoSkdoZDE4bTBOVkxKR1lWdm5pdXI5T0E3NjAyRTdpdjhBYzJV?= =?utf-8?B?TVU4THVjSnlNenptVW5JUlVVcTQvNmplMnFndXNOSzRLak1udDhYMjg4Yjdp?= =?utf-8?B?U1pCeVNvVFozSXdwdFZLR0NZMWRHRWRzQ2FHbUZUOHJ1bnllRkdvVk5qTi9h?= =?utf-8?B?ckpIQnJmditMdjJuK2xXdjNnYjJsQVRuMVFtckg1VnhSYjkyTEF6bjE0bkxn?= =?utf-8?B?V1lyRm1rcklHN1lCZm12VWplbG41YlVwT1hqSmo0UEpXOTdKY2c2UzRiQUVF?= =?utf-8?B?OE5BWVZxaVE1Z3RJNmhadEJ5ZGRFL2gwNXBHeWh3ZnBydGk5T0NqZFArbEww?= =?utf-8?B?ZXc3Tk50d1UwYkltYkNFVmFvenFGekErbjFxdmhNRyt1SXpIRkFCRjdXNkxS?= =?utf-8?B?c1RsbHBxWDBTM0o4SjZua2dxNUxyVXJQWFp1ZU1JR3JPZEdldUtQbVRmbVJt?= =?utf-8?B?ZDdtMzFDV1FTVzh0MHlzUnlhVGMrMGFRZFI4Njd0Ukh1WHY3QThkazBaSGRG?= =?utf-8?B?U1ZRQmpDSVUwNTR1R3NtZTlianBzZk9KWS9nQ2NSelJZcVpNZGZ6eW5IR2g0?= =?utf-8?B?MFNEQ2pnbEZkSWFJOUFNSktHMTY5NmRqQXgvUDNKanRZU25TQjcyajdiK242?= =?utf-8?B?Qm5pSFhPdE9Ob3R3S0lGTWdDU1BiT3ptY2sxbGoybVNOUUxnVmR0anF1enkz?= =?utf-8?B?RGVvRDcxZEtqcXFSd2s0ZHRpOXZTdi9xR1ZCZHFlZnVmKzRHUmc0d2NTSE9B?= =?utf-8?B?M1BTclNwMXJNYVUzYWxXS0VYTXhtLytmNXlxVnZiMVF2L3dBd2pXTFEvY3VW?= =?utf-8?B?cllyMnR4VFhzZzlTZ281VHZvamVEZ3Y5dGFld2JpbmpxTDM3czI3d3diSmtU?= =?utf-8?B?SERHbzk4T3hOLzlHNXVyYkVjYm1wTSs3R1UzN2xCbU1jSVp5emhCYjR0eTdr?= =?utf-8?B?ME9GQ1hDcEJxZmF1ZVR1aU41MTBYYkJSNGtPMzMzdjlvWk5tOUx3YXNIWlVN?= =?utf-8?Q?CYctSpcDgAaqGgQIWhDnspqjH?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 540664f7-20c4-4b64-429d-08dc78f4c206 X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2024 17:46:20.4857 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2Du1xi8zJl8HXKPpb1luWesGNXL5CvNNNYMw/i8BvS3O1kMI70ssLvw+LcdFnVHqq43mu+sHUOVsGtWlMrwqZg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7719 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 20 May 2024 10:46:23 -0700 Resent-From: thomas.lendacky@amd.com Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: LtkgxpEvJoAihwcXceGZCkyzx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=CzqBMPEy; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On 5/2/24 09:34, Alexey Kardashevskiy wrote: > The SEV-ES DebugSwap feature enables type B swaping of debug registers > on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted. >=20 > When DebugSwap is enabled, this stops booting if #VC for #DB or > DB7 read/write occurs as this signals unwanted interaction from the HV. >=20 > This adds new API which uses SEV-ES working area in PEI and SEC. >=20 > This does not change the existing behavour for DXE just yet but soon. This changes the SEC/PEI behavior while not changing DXE, which means=20 two different behaviors. I wonder if the SEC and PEI changes that access=20 the MSR value, should be part of the final patch that enables it for all=20 stages. And in this patch, just have the SEC and PEI versions of=20 MemEncryptSevEsDebugSwapIsEnabled() return FALSE for now. Thanks, Tom >=20 > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Cc: Gerd Hoffmann > Cc: Jiewen Yao > Cc: Michael Roth > Cc: Min Xu > Cc: Tom Lendacky > Signed-off-by: Alexey Kardashevskiy > --- > OvmfPkg/Include/Library/MemEncryptSevLib.h | 12= +++++++++ > OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 27= +++++++++++++++++--- > OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 19= ++++++++++++++ > OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 19= ++++++++++++++ > OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 8= ++++++ > 5 files changed, 82 insertions(+), 3 deletions(-) >=20 > diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include= /Library/MemEncryptSevLib.h > index 4fa9c0d70083..0fa86aecc38c 100644 > --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h > +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h > @@ -166,6 +166,18 @@ MemEncryptSevGetEncryptionMask ( > VOID > ); > =20 > +/** > + Returns a boolean to indicate whether DebugSwap is enabled. > + > + @retval TRUE DebugSwap is enabled > + @retval FALSE DebugSwap is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsDebugSwapIsEnabled ( > + VOID > + ); > + > /** > Returns the encryption state of the specified virtual address range. > =20 > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInte= rnal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c > index 4aba0075b9e2..ebc4c9bb5d06 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c > @@ -40,19 +40,25 @@ AmdMemEncryptionAttrCheck ( > IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr > ) > { > + UINT64 CurrentLevel; > + > + CurrentLevel =3D CurrentAttr & CCAttrTypeMask; > + > switch (Attr) { > case CCAttrAmdSev: > // > // SEV is automatically enabled if SEV-ES or SEV-SNP is active. > // > - return CurrentAttr >=3D CCAttrAmdSev; > + return CurrentLevel >=3D CCAttrAmdSev; > case CCAttrAmdSevEs: > // > // SEV-ES is automatically enabled if SEV-SNP is active. > // > - return CurrentAttr >=3D CCAttrAmdSevEs; > + return CurrentLevel >=3D CCAttrAmdSevEs; > case CCAttrAmdSevSnp: > - return CurrentAttr =3D=3D CCAttrAmdSevSnp; > + return CurrentLevel =3D=3D CCAttrAmdSevSnp; > + case CCAttrFeatureAmdSevDebugSwap: > + return !!(CurrentAttr & CCAttrFeatureAmdSevDebugSwap); > default: > return FALSE; > } > @@ -159,3 +165,18 @@ MemEncryptSevGetEncryptionMask ( > =20 > return mSevEncryptionMask; > } > + > +/** > + Returns a boolean to indicate whether DebugSwap is enabled. > + > + @retval TRUE DebugSwap is enabled > + @retval FALSE DebugSwap is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsDebugSwapIsEnabled ( > + VOID > + ) > +{ > + return ConfidentialComputingGuestHas (CCAttrFeatureAmdSevDebugSwap); > +} > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInte= rnal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > index 41d1246a5b31..e2ebc8afcaee 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c > @@ -141,3 +141,22 @@ MemEncryptSevGetEncryptionMask ( > =20 > return SevEsWorkArea->EncryptionMask; > } > + > +/** > + Returns a boolean to indicate whether DebugSwap is enabled. > + > + @retval TRUE DebugSwap is enabled > + @retval FALSE DebugSwap is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsDebugSwapIsEnabled ( > + VOID > + ) > +{ > + MSR_SEV_STATUS_REGISTER Msr; > + > + Msr.Uint32 =3D InternalMemEncryptSevStatus (); > + > + return Msr.Bits.DebugSwap ? TRUE : FALSE; > +} > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInte= rnal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c > index 27148c7e337a..0e82dc85b299 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c > @@ -142,6 +142,25 @@ MemEncryptSevGetEncryptionMask ( > return SevEsWorkArea->EncryptionMask; > } > =20 > +/** > + Returns a boolean to indicate whether DebugSwap is enabled. > + > + @retval TRUE DebugSwap is enabled > + @retval FALSE DebugSwap is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsDebugSwapIsEnabled ( > + VOID > + ) > +{ > + MSR_SEV_STATUS_REGISTER Msr; > + > + Msr.Uint32 =3D InternalMemEncryptSevStatus (); > + > + return Msr.Bits.DebugSwap ? TRUE : FALSE; > +} > + > /** > Locate the page range that covers the initial (pre-SMBASE-relocation)= SMRAM > Save State Map. > diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Librar= y/CcExitLib/CcExitVcHandler.c > index da8f1e5db9fa..29e244df3007 100644 > --- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c > +++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c > @@ -1609,6 +1609,10 @@ Dr7WriteExit ( > UINT64 *Register; > UINT64 Status; > =20 > + if (MemEncryptSevEsDebugSwapIsEnabled ()) { > + return UnsupportedExit (Ghcb, Regs, InstructionData); > + } > + > Ext =3D &InstructionData->Ext; > SevEsData =3D (SEV_ES_PER_CPU_DATA *)(Ghcb + 1); > =20 > @@ -1659,6 +1663,10 @@ Dr7ReadExit ( > SEV_ES_PER_CPU_DATA *SevEsData; > UINT64 *Register; > =20 > + if (MemEncryptSevEsDebugSwapIsEnabled ()) { > + return UnsupportedExit (Ghcb, Regs, InstructionData); > + } > + > Ext =3D &InstructionData->Ext; > SevEsData =3D (SEV_ES_PER_CPU_DATA *)(Ghcb + 1); > =20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119087): https://edk2.groups.io/g/devel/message/119087 Mute This Topic: https://groups.io/mt/105863824/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-