From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.49]) by mx.groups.io with SMTP id smtpd.web08.1403.1652732657262619670 for ; Mon, 16 May 2022 13:24:17 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=CBafeBGd; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.49, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dg1jyqlBIuFV3OtRnXVSEfLufdJ4fGBnFnC3diTJKS1PEnLkeZrVXFt4TFIjk4qTSdKKLPL1oxE1yyCER0tZJmZkGq8ihFf+mXSZOdPsXlGeyqaqXED8Dcry7LXiVX3oJggl/1ULZ+DaqcYgJQGk45AhTXnLIhUsI1arHzD817dFg9PvMTiVKNmpoBDWuBnc2iX2Q+S4k61Hdb6Iwp6eCk/f84jnyNQUt2bH2yEGsTdR2DI/VOt4RPquGslCY4kS51XgQkPMI1Wc519MQ0w51YL5M6rw1uQzcO/XJ2Wq9APDrq0wUdk4qV6klNqhaPiL7VqvQVjIgDpMZJXBcYd0IA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rHAPx6001m44CcJgKeXbeVGw4MmI450XHF0Pw/IEbA8=; b=jb9Pvc42V3weExws1UbfK3wy9ciZdhvQYl/dniH4ghBsmc2EGMuA/BGR4phDg8vvrSJO11tFMNjHKeUjkdbkXhec8a/qzNMvDNoFmwk4TPEatRKMzg4hFaH/CxumqqF1R8WIU++iX8HUEEuOAtXwiin2PZxEzNAV3HF4E2r5J97UaBrZtxHs0HAleAuCd8qeiJbC/YUQ8qamHSSqRqNVook+EUv/iYTxwZ/WIVIc4sssrUcrBibqOTJw6hXFL0qVKoO9JbydntB7eLQifSbD4OcOlK8tZBinMnXNIRdxTGaTTyyRateIQg63hctxGHR8JKPsnQ/C5SIKRJGPaLy5SQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rHAPx6001m44CcJgKeXbeVGw4MmI450XHF0Pw/IEbA8=; b=CBafeBGdHcEk0WVARn6NzUElw4oPySjoGu+rpCI/GepUFb7k8LxzitdPzP6lxy/XGxewwf4qkdKdy8rDBpefGWASnHqcI4DMckUjRbHpFWlsOH4wk2s1K4Pr9ZFZJj4v+e/MJuccs+rKPvgZ2BEm+Q9TZLouRJ/JRbPBbm2Fj9g= Received: from BN0PR04CA0135.namprd04.prod.outlook.com (2603:10b6:408:ed::20) by MN2PR12MB3838.namprd12.prod.outlook.com (2603:10b6:208:16c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Mon, 16 May 2022 20:24:14 +0000 Received: from BN8NAM11FT025.eop-nam11.prod.protection.outlook.com (2603:10b6:408:ed:cafe::b1) by BN0PR04CA0135.outlook.office365.com (2603:10b6:408:ed::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.17 via Frontend Transport; Mon, 16 May 2022 20:24:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT025.mail.protection.outlook.com (10.13.177.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5250.13 via Frontend Transport; Mon, 16 May 2022 20:24:14 +0000 Received: from tlendack-t1.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 16 May 2022 15:24:13 -0500 From: "Lendacky, Thomas" To: CC: Ard Biesheuvel , Jiewen Yao , Jordan Justen , "Gerd Hoffmann" , Erdem Aktas , "James Bottomley" , Michael Roth , Min Xu Subject: [PATCH] OvmfPkg: Make an Ia32/X64 hybrid build work with SEV Date: Mon, 16 May 2022 15:24:02 -0500 Message-ID: <7df5d5feedb9f95777d305a6ce3c5fbc32c6e8d1.1652732642.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Return-Path: Thomas.Lendacky@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3c7c5f20-a1c4-4b36-a203-08da377a0ba6 X-MS-TrafficTypeDiagnostic: MN2PR12MB3838:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LZb8aFT0f9Glfma97Z0Ho5LrNAje1KslhFbhukKkyFb/V0WvGi1SDC8Ub9AXg4mvwhboR5baUy+g4dBpI3uqz142oZIZZf02OGFmNzbciAnmU5Xipfam7qJT1NQC1oWUKYy/5q/sJfLa3OH91ydOUDnfqsqFWx+iEtSgAf3d7fbPObaqm9B5e1u4nIEWdLhC96pvnKySo/qyWwKbYlYNVOJWpNVoNZHYTocO3hVeUr7vGLsU5clAcZxnlfgkbxbQZwTs6KRlljm2VP5dKq+ST0waYuN2nvSDLmaOCvLoc0wPlufAPP1pI2sD4WL3be99ZDJZhgfkOFz5VmKjuK6+y2LtOUiQFk3dcgBAG/6uFetGw/NkjOkx2YjhWi8Sct6a/zdAlfOh4IBVfSjDdgyY1UdoJlyt74m8zI6Hroi/ewpu7cqIIgz0PbB8udmayD5kcyTQNq79e2LStQzH8C25Br0HsdgkBwV4UkHI4SKws+dsTR1+ZWAlLzusY5+2iUk3ktfG3bL8RfpV4QwuRFheK0lzLcc1i+HHwy264JJsLYQ0mQA3rOhUR9xq+i20wH7UhXGuSgqv36E3u+NqSvRQTMaKioaSBL3oRpWyECqaA6oemZck+equYSBK1KE3uItSDw7UvQuQNum9uot7lquNlVSJTUKXTk12RkZv1COPwfmqOa82iZY7co1WpXJWgHz5laOhJBgdWKvq9wp2QONtSw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(81166007)(2616005)(8676002)(4326008)(82310400005)(5660300002)(186003)(426003)(336012)(19627235002)(70206006)(70586007)(2906002)(36756003)(6916009)(40460700003)(508600001)(356005)(316002)(86362001)(30864003)(47076005)(16526019)(83380400001)(7696005)(6666004)(54906003)(36860700001)(8936002)(26005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2022 20:24:14.6729 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3c7c5f20-a1c4-4b36-a203-08da377a0ba6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT025.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3838 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain The BaseMemEncryptSevLib functionality was updated to rely on the use of the OVMF/SEV workarea to check for SEV guests. However, this area is only updated when running the X64 OVMF build, not the hybrid Ia32/X64 build. Base SEV support is allowed under the Ia32/X64 build, but it now fails to boot as a result of the change. Update the ResetVector code to check for SEV features when built for 32-bit mode, not just 64-bit mode (requiring updates to both the Ia32 and Ia32X64 fdf files). Fixes: f1d1c337e7c0575da7fd248b2dd9cffc755940df Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: James Bottomley Cc: Michael Roth Cc: Min Xu Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkgIa32.fdf | 11 +++ OvmfPkg/OvmfPkgIa32X64.fdf | 8 +++ OvmfPkg/OvmfPkgX64.fdf | 3 +- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 4 ++ OvmfPkg/ResetVector/Main.asm | 6 ++ OvmfPkg/ResetVector/ResetVector.nasmb | 72 ++++++++++---------- 6 files changed, 67 insertions(+), 37 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 3ab1755749d4..57d13b7130bc 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -76,6 +76,9 @@ [FD.MEMFD] 0x007000|0x001000 gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgT= okenSpaceGuid.PcdGuidedExtractHandlerTableSize =20 +0x008000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfWorkAreaSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 @@ -87,6 +90,14 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 +##########################################################################= ################ +# Set the SEV-ES specific work area PCDs (used for all forms of SEV since = the +# the SEV STATUS MSR is now saved in the work area) +# +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader +##########################################################################= ################ + ##########################################################################= ###### =20 [FV.SECFV] diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index e1638fa6ea38..ccde366887a9 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -90,6 +90,14 @@ [FD.MEMFD] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 +##########################################################################= ################ +# Set the SEV-ES specific work area PCDs (used for all forms of SEV since = the +# the SEV STATUS MSR is now saved in the work area) +# +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader +##########################################################################= ################ + ##########################################################################= ###### =20 [FV.SECFV] diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index aa9a83032d9b..438806fba8f1 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -106,7 +106,8 @@ [FD.MEMFD] FV =3D DXEFV =20 ##########################################################################= ################ -# Set the SEV-ES specific work area PCDs +# Set the SEV-ES specific work area PCDs (used for all forms of SEV since = the +# the SEV STATUS MSR is now saved in the work area) # SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 864d68385342..9350b0406833 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -150,6 +150,8 @@ BITS 32 SevEsUnexpectedRespTerminate: TerminateVmgExit TERM_UNEXPECTED_RESP_CODE =20 +%ifdef ARCH_X64 + ; If SEV-ES is enabled then initialize and make the GHCB page shared SevClearPageEncMaskForGhcbPage: ; Check if SEV is enabled @@ -209,6 +211,8 @@ GetSevCBitMaskAbove31: GetSevCBitMaskAbove31Exit: OneTimeCallRet GetSevCBitMaskAbove31 =20 +%endif + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the diff --git a/OvmfPkg/ResetVector/Main.asm b/OvmfPkg/ResetVector/Main.asm index 5cfc0b5c72b1..46cfa87c4c0a 100644 --- a/OvmfPkg/ResetVector/Main.asm +++ b/OvmfPkg/ResetVector/Main.asm @@ -75,6 +75,12 @@ SearchBfv: =20 %ifdef ARCH_IA32 =20 + ; + ; SEV support can be built and run using the Ia32/X64 split environmen= t. + ; Set the OVMF/SEV work area as appropriate. + ; + OneTimeCall CheckSevFeatures + ; ; Restore initial EAX value into the EAX register ; diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 9421f4818907..94fbb0a87b37 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -47,7 +47,36 @@ %include "Ia32/SearchForBfvBase.asm" %include "Ia32/SearchForSecEntry.asm" =20 -%define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase)) +%define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase)= ) +%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTables= Base) + (Offset)) + +%define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTa= bleBase)) +%define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) +%define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) +%define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase= )) +%define SEV_ES_WORK_AREA_SIZE 25 +%define SEV_ES_WORK_AREA_STATUS_MSR (FixedPcdGet32 (PcdSevEsWorkAreaBase= )) +%define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase= ) + 8) +%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase= ) + 16) +%define SEV_ES_WORK_AREA_RECEIVED_VC (FixedPcdGet32 (PcdSevEsWorkAreaBase= ) + 24) +%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRam= Base) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) +%define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBas= e)) +%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSiz= e)) +%define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase)) +%define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize)) +%define SNP_SEC_MEM_BASE_DESC_1 (FixedPcdGet32 (PcdOvmfSecPageTables= Base)) +%define SNP_SEC_MEM_SIZE_DESC_1 (FixedPcdGet32 (PcdOvmfSecGhcbBase) = - SNP_SEC_MEM_BASE_DESC_1) +; +; The PcdOvmfSecGhcbBase reserves two GHCB pages. The first page is used +; as GHCB shared page and second is used for bookkeeping to support the +; nested GHCB in SEC phase. The bookkeeping page is mapped private. The VM= M +; does not need to validate the shared page but it need to validate the +; bookkeeping page. +; +%define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000) +%define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_= BASE_DESC_2) +%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE) +%define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase)= - SNP_SEC_MEM_BASE_DESC_3) =20 %ifdef ARCH_X64 #include @@ -94,43 +123,14 @@ %define TDX_WORK_AREA_PGTBL_READY (FixedPcdGet32 (PcdOvmfWorkAreaBase) += 4) %define TDX_WORK_AREA_GPAW (FixedPcdGet32 (PcdOvmfWorkAreaBase) += 8) =20 - %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Off= set)) + %include "X64/IntelTdxMetadata.asm" + %include "Ia32/Flat32ToFlat64.asm" + %include "Ia32/PageTables64.asm" + %include "Ia32/IntelTdx.asm" + %include "X64/OvmfSevMetadata.asm" +%endif =20 - %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) - %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) - %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) - %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) - %define SEV_ES_WORK_AREA_SIZE 25 - %define SEV_ES_WORK_AREA_STATUS_MSR (FixedPcdGet32 (PcdSevEsWorkAreaBase= )) - %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) - %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) - %define SEV_ES_WORK_AREA_RECEIVED_VC (FixedPcdGet32 (PcdSevEsWorkAreaBas= e) + 24) - %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) - %define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase)) - %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize)) - %define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase)) - %define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize)) - %define SNP_SEC_MEM_BASE_DESC_1 (FixedPcdGet32 (PcdOvmfSecPageTablesBase= )) - %define SNP_SEC_MEM_SIZE_DESC_1 (FixedPcdGet32 (PcdOvmfSecGhcbBase) - SN= P_SEC_MEM_BASE_DESC_1) - ; - ; The PcdOvmfSecGhcbBase reserves two GHCB pages. The first page is used - ; as GHCB shared page and second is used for bookkeeping to support the - ; nested GHCB in SEC phase. The bookkeeping page is mapped private. The = VMM - ; does not need to validate the shared page but it need to validate the - ; bookkeeping page. - ; - %define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000) - %define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE= _DESC_2) - %define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE) - %define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - S= NP_SEC_MEM_BASE_DESC_3) - -%include "X64/IntelTdxMetadata.asm" -%include "Ia32/Flat32ToFlat64.asm" %include "Ia32/AmdSev.asm" -%include "Ia32/PageTables64.asm" -%include "Ia32/IntelTdx.asm" -%include "X64/OvmfSevMetadata.asm" -%endif =20 %include "Ia16/Real16ToFlat32.asm" %include "Ia16/Init16.asm" --=20 2.34.1