From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 21 Aug 2019 07:32:02 -0700 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 28B5A308427D; Wed, 21 Aug 2019 14:32:02 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-79.ams2.redhat.com [10.36.117.79]) by smtp.corp.redhat.com (Postfix) with ESMTP id CB61760603; Wed, 21 Aug 2019 14:31:59 +0000 (UTC) Subject: Re: [edk2-devel] [RFC PATCH 05/28] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" References: <096c6641b2f228177ab3bb815211379c1f650028.1566250534.git.thomas.lendacky@amd.com> From: "Laszlo Ersek" Message-ID: <59b40c01-a6bf-2c65-0edd-87a35f937264@redhat.com> Date: Wed, 21 Aug 2019 16:31:58 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <096c6641b2f228177ab3bb815211379c1f650028.1566250534.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Wed, 21 Aug 2019 14:32:02 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/19/19 23:35, Lendacky, Thomas wrote: > From: Tom Lendacky > > Allocate memory for the GHCB pages during SEV initialization for use > during Pei and Dxe phases. Since the GHCB pages must be mapped as shared > pages, modify CreateIdentityMappingPageTables() so that pagetable entries > are created without the encryption bit set. > > Signed-off-by: Tom Lendacky > --- > UefiCpuPkg/UefiCpuPkg.dec | 4 ++ > OvmfPkg/OvmfPkgX64.dsc | 4 ++ > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > OvmfPkg/PlatformPei/PlatformPei.inf | 2 + > .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +++- > .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +- > .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +++- > .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 ++++++++++---- > .../MemEncryptSevLibInternal.c | 1 - > .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 33 ++++++++-- > OvmfPkg/PlatformPei/AmdSev.c | 64 +++++++++++++++++++ > 11 files changed, 164 insertions(+), 23 deletions(-) Should be split to at least four patches (UefiCpuPkg, MdeModulePkg, OvmfPkg/BaseMemEncryptSevLib, OvmfPkg/PlatformPei). In addition, MdeModulePkg content must not depend on UefiCpuPkg content -- if modules under both packages need to consume a new PCD, then the PCD should be declared under MdeModulePkg. The rough dependency order is: - MdePkg (must be self-contained) - MdeModulePkg (may consume MdePkg) - UefiCpuPkg (may consume everything above, to my knowledge) - OvmfPkg (may consume everything above) Thanks Laszlo > > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec > index 6ddf0cd22466..4d5a2593cf13 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -323,5 +323,9 @@ [PcdsDynamic, PcdsDynamicEx] > # @ValidRange 0x80000001 | 0 - 1 > gUefiCpuPkgTokenSpaceGuid.PcdCpuProcTraceOutputScheme|0x0|UINT8|0x60000015 > > + ## Contains the GHCB page allocation information.

> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0|UINT64|0x60000016 > + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0|UINT64|0x60000017 > + > [UserExtensions.TianoCore."ExtraFiles"] > UefiCpuPkgExtra.uni > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index dda8dac18441..d6fc7cdf7da8 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -569,6 +569,10 @@ [PcdsDynamicDefault] > # Set memory encryption mask > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 > > + # Set GHCB base address for SEV-ES > + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0 > + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0 > + > !if $(SMM_REQUIRE) == TRUE > gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 > gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 > diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > index abc3217b0179..b994398633e3 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > @@ -52,6 +52,7 @@ [Sources.ARM, Sources.AARCH64] > [Packages] > MdePkg/MdePkg.dec > MdeModulePkg/MdeModulePkg.dec > + UefiCpuPkg/UefiCpuPkg.dec > > [Packages.ARM, Packages.AARCH64] > ArmPkg/ArmPkg.dec > @@ -110,6 +111,8 @@ [Pcd.IA32,Pcd.X64] > gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES > + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES > + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize ## CONSUMES > > [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] > gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES > diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf > index aed1f64b7c93..f53195e6dda5 100644 > --- a/OvmfPkg/PlatformPei/PlatformPei.inf > +++ b/OvmfPkg/PlatformPei/PlatformPei.inf > @@ -102,6 +102,8 @@ [Pcd] > gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber > gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds > gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize > + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase > + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize > > [FixedPcd] > gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress > diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h > index 2d0493f109e8..6b7c38a441d6 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h > +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h > @@ -201,6 +201,8 @@ EnableExecuteDisableBit ( > @param[in, out] PageEntry2M Pointer to 2M page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. > > **/ > VOID > @@ -208,7 +210,9 @@ Split2MPageTo4K ( > IN EFI_PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry2M, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ); > > /** > @@ -217,6 +221,8 @@ Split2MPageTo4K ( > > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. > > @return The address of 4 level page map. > > @@ -224,7 +230,9 @@ Split2MPageTo4K ( > UINTN > CreateIdentityMappingPageTables ( > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbkSize > ); > > > diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c > index 172d7cd1c60c..630a3503f6ba 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c > +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c > @@ -123,7 +123,7 @@ Create4GPageTablesIa32Pae ( > // > // Need to split this 2M page that covers stack range. > // > - Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize); > + Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, 0, 0); > } else { > // > // Fill in the Page Directory entries > @@ -278,7 +278,7 @@ HandOffToDxeCore ( > // > // Create page table and save PageMapLevel4 to CR3 > // > - PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE); > + PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE, 0, 0); > > // > // End of PEI phase signal > diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c > index 2867610bff4d..77da20e5c5c5 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c > +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c > @@ -35,6 +35,8 @@ HandOffToDxeCore ( > UINT32 Index; > EFI_VECTOR_HANDOFF_INFO *VectorInfo; > EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; > + VOID *GhcbBase; > + UINTN GhcbSize; > > if (IsNullDetectionEnabled ()) { > ClearFirst4KPage (HobList.Raw); > @@ -77,12 +79,19 @@ HandOffToDxeCore ( > TopOfStack = (VOID *) ((UINTN) BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SIZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); > TopOfStack = ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); > > + // > + // Get the address and size of the GHCB pages > + // > + GhcbBase = (VOID *) PcdGet64 (PcdGhcbBase); > + GhcbSize = PcdGet64 (PcdGhcbSize); > + > PageTables = 0; > if (FeaturePcdGet (PcdDxeIplBuildPageTables)) { > // > // Create page table and save PageMapLevel4 to CR3 > // > - PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (UINTN) BaseOfStack, STACK_SIZE); > + PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (UINTN) BaseOfStack, STACK_SIZE, > + (EFI_PHYSICAL_ADDRESS) (UINTN) GhcbBase, GhcbSize); > } else { > // > // Set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE > diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > index edc38e4525c4..b3c3c3276e6a 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > @@ -180,6 +180,8 @@ EnableExecuteDisableBit ( > @param Size Size of the given physical memory. > @param StackBase Base address of stack. > @param StackSize Size of stack. > + @param GhcbBase Base address of GHCB pages. > + @param GhcbSize Size of GHCB area. > > @retval TRUE Page table should be split. > @retval FALSE Page table should not be split. > @@ -189,7 +191,9 @@ ToSplitPageTable ( > IN EFI_PHYSICAL_ADDRESS Address, > IN UINTN Size, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > if (IsNullDetectionEnabled () && Address == 0) { > @@ -208,6 +212,12 @@ ToSplitPageTable ( > } > } > > + if (GhcbBase) { > + if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase)) { > + return TRUE; > + } > + } > + > return FALSE; > } > /** > @@ -321,6 +331,8 @@ AllocatePageTableMemory ( > @param[in, out] PageEntry2M Pointer to 2M page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. > > **/ > VOID > @@ -328,7 +340,9 @@ Split2MPageTo4K ( > IN EFI_PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry2M, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > EFI_PHYSICAL_ADDRESS PhysicalAddress4K; > @@ -354,7 +368,12 @@ Split2MPageTo4K ( > // > // Fill in the Page Table entries > // > - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask; > + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K; > + if (!GhcbBase > + || (PhysicalAddress4K < GhcbBase) > + || (PhysicalAddress4K >= GhcbBase + GhcbSize)) { > + PageTableEntry->Uint64 |= AddressEncMask; > + } > PageTableEntry->Bits.ReadWrite = 1; > > if ((IsNullDetectionEnabled () && PhysicalAddress4K == 0) || > @@ -382,6 +401,8 @@ Split2MPageTo4K ( > @param[in, out] PageEntry1G Pointer to 1G page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. > > **/ > VOID > @@ -389,7 +410,9 @@ Split1GPageTo2M ( > IN EFI_PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry1G, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > EFI_PHYSICAL_ADDRESS PhysicalAddress2M; > @@ -412,11 +435,11 @@ Split1GPageTo2M ( > > PhysicalAddress2M = PhysicalAddress; > for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) { > - if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize)) { > + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) { > // > // Need to split this 2M page that covers NULL or stack range. > // > - Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize); > + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize); > } else { > // > // Fill in the Page Directory entries > @@ -615,6 +638,8 @@ EnablePageTableProtection ( > > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB base address. > + @param[in] GhcbSize GHCB size. > > @return The address of 4 level page map. > > @@ -622,7 +647,9 @@ EnablePageTableProtection ( > UINTN > CreateIdentityMappingPageTables ( > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > UINT32 RegEax; > @@ -734,8 +761,8 @@ CreateIdentityMappingPageTables ( > PageDirectory1GEntry = (VOID *) PageDirectoryPointerEntry; > > for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += SIZE_1GB) { > - if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize)) { > - Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, StackBase, StackSize); > + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize, GhcbBase, GhcbSize)) { > + Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, StackBase, StackSize, GhcbBase, GhcbSize); > } else { > // > // Fill in the Page Directory entries > @@ -763,11 +790,11 @@ CreateIdentityMappingPageTables ( > PageDirectoryPointerEntry->Bits.Present = 1; > > for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += SIZE_2MB) { > - if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize)) { > + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) { > // > // Need to split this 2M page that covers NULL or stack range. > // > - Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize); > + Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize); > } else { > // > // Fill in the Page Directory entries > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > index 9c1d68e017fe..1dce01dd7546 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > @@ -109,7 +109,6 @@ MemEncryptSevIsEnabled ( > return mSevStatus; > } > > - > /** > Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM > Save State Map. > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > index 5e110c84ff81..3a4f223f8a86 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > @@ -183,6 +183,8 @@ AllocatePageTableMemory ( > @param[in, out] PageEntry2M Pointer to 2M page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. > > **/ > STATIC > @@ -191,7 +193,9 @@ Split2MPageTo4K ( > IN PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry2M, > IN PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > PHYSICAL_ADDRESS PhysicalAddress4K; > @@ -217,7 +221,12 @@ Split2MPageTo4K ( > // > // Fill in the Page Table entries > // > - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask; > + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K; > + if (!GhcbBase > + || (PhysicalAddress4K < GhcbBase) > + || (PhysicalAddress4K >= GhcbBase + GhcbSize)) { > + PageTableEntry->Uint64 |= AddressEncMask; > + } > PageTableEntry->Bits.ReadWrite = 1; > PageTableEntry->Bits.Present = 1; > if ((PhysicalAddress4K >= StackBase) && > @@ -417,6 +426,8 @@ EnablePageTableProtection ( > @param[in, out] PageEntry1G Pointer to 1G page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. > > **/ > STATIC > @@ -425,7 +436,9 @@ Split1GPageTo2M ( > IN PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry1G, > IN PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > PHYSICAL_ADDRESS PhysicalAddress2M; > @@ -450,8 +463,10 @@ Split1GPageTo2M ( > (IndexOfPageDirectoryEntries++, > PageDirectoryEntry++, > PhysicalAddress2M += SIZE_2MB)) { > - if ((PhysicalAddress2M < StackBase + StackSize) && > - ((PhysicalAddress2M + SIZE_2MB) > StackBase)) { > + if (((PhysicalAddress2M < StackBase + StackSize) && > + ((PhysicalAddress2M + SIZE_2MB) > StackBase)) || > + ((PhysicalAddress2M < GhcbBase + GhcbSize) && > + ((PhysicalAddress2M + SIZE_2MB) > GhcbBase))) { > // > // Need to split this 2M page that covers stack range. > // > @@ -459,7 +474,9 @@ Split1GPageTo2M ( > PhysicalAddress2M, > (UINT64 *)PageDirectoryEntry, > StackBase, > - StackSize > + StackSize, > + GhcbBase, > + GhcbSize > ); > } else { > // > @@ -714,6 +731,8 @@ SetMemoryEncDec ( > (UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30, > (UINT64 *)PageDirectory1GEntry, > 0, > + 0, > + 0, > 0 > ); > continue; > @@ -768,6 +787,8 @@ SetMemoryEncDec ( > (UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21, > (UINT64 *)PageDirectory2MEntry, > 0, > + 0, > + 0, > 0 > ); > continue; > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index 2ae8126ccf8a..84896d4681f9 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -16,9 +16,68 @@ > #include > #include > #include > +#include > +#include > +#include > > #include "Platform.h" > > +/** > + > + Initialize SEV-ES support if running an SEV-ES guest. > + > + **/ > +STATIC > +VOID > +AmdSevEsInitialize ( > + VOID > + ) > +{ > + VOID *GhcbBase; > + PHYSICAL_ADDRESS GhcbBasePa; > + UINTN GhcbPageCount; > + RETURN_STATUS DecryptStatus, PcdStatus; > + > + if (!MemEncryptSevEsIsEnabled ()) { > + return; > + } > + > + GhcbPageCount = mMaxCpuCount; > + > + // > + // Allocate GHCB pages. > + // > + GhcbBase = AllocatePages (GhcbPageCount); > + ASSERT (GhcbBase); > + > + GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN) GhcbBase; > + > + DecryptStatus = MemEncryptSevClearPageEncMask ( > + 0, > + GhcbBasePa, > + GhcbPageCount, > + TRUE > + ); > + ASSERT_RETURN_ERROR (DecryptStatus); > + > + BuildMemoryAllocationHob ( > + GhcbBasePa, > + EFI_PAGES_TO_SIZE (GhcbPageCount), > + EfiBootServicesData > + ); > + > + SetMem (GhcbBase, GhcbPageCount * SIZE_4KB, 0); > + > + PcdStatus = PcdSet64S (PcdGhcbBase, (UINT64)GhcbBasePa); > + ASSERT_RETURN_ERROR (PcdStatus); > + PcdStatus = PcdSet64S (PcdGhcbSize, (UINT64)EFI_PAGES_TO_SIZE (GhcbPageCount)); > + ASSERT_RETURN_ERROR (PcdStatus); > + > + DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting at 0x%lx\n", GhcbPageCount, GhcbBase)); > + > + AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa); > +} > + > /** > > Function checks if SEV support is available, if present then it sets > @@ -89,4 +148,9 @@ AmdSevInitialize ( > EfiBootServicesData // MemoryType > ); > } > + > + // > + // Check and perform SEV-ES initialization if required. > + // > + AmdSevEsInitialize (); > } >