From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.69518.1629382527540427258 for ; Thu, 19 Aug 2021 07:15:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=sRNH9efx; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10080"; a="213439265" X-IronPort-AV: E=Sophos;i="5.84,334,1620716400"; d="scan'208";a="213439265" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Aug 2021 07:15:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,334,1620716400"; d="scan'208";a="681788761" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga005.fm.intel.com with ESMTP; 19 Aug 2021 07:15:26 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Thu, 19 Aug 2021 07:15:25 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Thu, 19 Aug 2021 07:15:25 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.176) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Thu, 19 Aug 2021 07:15:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mO4DWvUP9BtbvzQUqzODnxyU/uwnXw6CQBjlFrTPIVRVQCOt/oFSSKuiEEXhYraRn/rY5z0I8R3oDWtXJGei943kuj+vH78Vp5vkZNEde+CBvTO0gwQbhnxo6xV9za4MhVrObzu59vYNta8h9mYPleo+Nu6xQN1T+DUqZTrShhP7gTog0icSBVDG91Pzp0uoDr0025UD+/2oiAz7nwbixX229TXR3oYnBydd0g3roErqM/ZYUKZzvKs7NBTItA9mSp4MLccMQEfHxrjeiJy+jLb1G9sOQeiRm85D9tHpl1S40moyRmrXqYujeOlQYGpUMRgTDfb0qPRqyzM3I8R3gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j7OQVlj6ebbOrBcvLnWKUa+kZr+BB1WZ0/3WWqX1Oos=; b=PjNr/j0c7jzhHBgB8Q8ya/wp/En3Tg615z4UQXfkzUIF2A2TuoZ2EDo6/QA7WfTRS1kpQja+4eayW1PB4OHRuSEggINlK6w2RUWIeWtEdKTaRjmNGHvU1AUURoLfu1yRWVnXKe2YmRhkBvQT7ZoAg5HhvqMYbS+uFGhZIGl/60XymQZPqLcrh5WR8OzdX2qcvdilZFY8f+c6fpAPBdTpDBOtyREx5u/AwZ1fy2mEmtudpDGdcGGH0kI5XSma/cPuvu1jfXDfUR3qe7W3kdr/SHRAI9pto/PJLm9Mdnx+lOrst6bVqCbMKsVRkz4Tgd/+0wVyoKirpJeNq1MtL1xvFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j7OQVlj6ebbOrBcvLnWKUa+kZr+BB1WZ0/3WWqX1Oos=; b=sRNH9efxv39MGWZdgOAmpXIkeEiKJzfaNA+c8CFwxr0G4wGCgzuwqhqrAMmVA4BjV+qRT2EU7HIrKH53iCpTSd0UcKI8lZ/Pq+Z28sPURcYFQuCikthFfJfMGEgdz5QS+T2FVR9bJx7S7sDpRjns6LTNjWesotXwD7marN+3kWo= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4887.namprd11.prod.outlook.com (2603:10b6:510:30::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.19; Thu, 19 Aug 2021 14:15:23 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b%3]) with mapi id 15.20.4415.024; Thu, 19 Aug 2021 14:15:23 +0000 From: "Min Xu" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Yao, Jiewen" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" Subject: Re: [PATCH v3 3/3] OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm Thread-Topic: [PATCH v3 3/3] OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm Thread-Index: AQHXk25nnmkJKWH5Dke5H4rPEvHHGqt64lrg Date: Thu, 19 Aug 2021 14:15:23 +0000 Message-ID: References: <20210817134651.20444-1-brijesh.singh@amd.com> <20210817134651.20444-4-brijesh.singh@amd.com> In-Reply-To: <20210817134651.20444-4-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2a6d4621-bc9b-4920-2c3d-08d9631bc8f9 x-ms-traffictypediagnostic: PH0PR11MB4887: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4714; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: CmgzBsy/aYTx8BiZZlMOaAm26w1uw99uEj7w1MQImlmOzaKorNsHpjO34akbmV/vMVVsiuKIA0p7+UvtbqRnG2dvtSlP7wsjW30M+RDqEBqoPbu/4Qe/m6DS0JOdLypUWDYkt9DoY4go8FHsQY1s68pmcQKXgvGmllENF+o3m+Rtrz28dFkeAPT//mhiR+R1Or9neCVfZHSnnjTnNvZqzHpEwZcJCjObY22QjTPaSJa7d0/UzC7TC7pvN4GVZxcFgVMl0c/Cf4CivwTLNGm5sIZtTT7NZIUNmO57ou6khqcQ9GvHi5YGi68Io2Jmz8mQVn3daWlBYYrGX+NfxNp1konxIsBtGUKLDvLzfBxV18bqdm1tU6tJcm2Xvzx1qlSYBc/eDIOq2BEEwq3eS7JqrM+amh4HifgXJarOk2LMTPnc+N4euyqyxnmhHzHIak+i9E+7yKEkJ+99Gdqk+iYwT/Q0xw3Wf4Ksfd1yhFltHkZduuBIfyBrXnTFXLvGFOZxJn0IdV1KfaLtrrMLl0tH2QnUOdR9+JoV/o5ATdqNvMuuEtwljdbcftBwCZbmh1p8e8xQ9w7+mJajBF0SjJDHonZLBy6aFJDDD4Lp1jPz3i/SC4MmkpDcrhfiYN+DgazSVHQSoeI82Zvo+3zdMEGNgS0+J7LpR72/jhp1TSYCvQSbA+AkXWBQZLP/QeLKdJ7UJIOO09fU5vxZMoDBnNWMqT5BmJ6Ha0LtVYIxBqGDx8YJVv4mIGS1YrXydBWwC/EVVW99UN8o0KJJtgoIyspTUkpJEMdfss8dSu2lEdTKYHw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(33656002)(53546011)(86362001)(2906002)(76116006)(66476007)(186003)(66446008)(64756008)(66946007)(71200400001)(66556008)(55016002)(508600001)(83380400001)(38070700005)(26005)(316002)(54906003)(110136005)(8676002)(5660300002)(8936002)(122000001)(966005)(38100700002)(52536014)(7696005)(4326008)(6506007)(19627235002)(9686003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?d7Gk9O2CUjWU1GPQdV1pGJa7CYqBN2oZo9LbO0g/hn/eA39zcY/mOZR6WLde?= =?us-ascii?Q?GXTvIDzeM/0is/ajmtpnowUPnBFsBHDnwNph8moULh37Fe5NGBYQS7fj7rBP?= =?us-ascii?Q?0gcjLfhOP+XZcq5T163DDO8I7NIB98YeNrx7R7oxhGTl9ezTYD3pkb1umTEZ?= =?us-ascii?Q?kiFMfhfRW1U+hg0MyXpWrSghJEb5S3IChVyXglO6j7SoqRy47fSFsZJoeILm?= =?us-ascii?Q?yNgnP/L864L/Za6rK0PRuyJOxNNaZ5kf5bVMaVlHPc2nGYehE5D6nVP0GsoL?= =?us-ascii?Q?hbalOqds1q6HE0RMqHwnHU7y/vfbI4Bqb9PoGHyBa9eDXUbIrW4t2XGX6nRY?= =?us-ascii?Q?+gjZqAlYjLTXweNopk+PDbNKZmvj/HPdMprYL1+Bx2MmmYR7joy2nRhwiDIv?= =?us-ascii?Q?Jy2ZSEuPH/q3jlIiWWM2PtyEh9ZOlnt5PcFU6D/wbsyYXfoXV7sjKod1EUYk?= =?us-ascii?Q?FI032VYSnup8WkEaF9Ax0K1Qzy/xKWhFFXeUdGLLwthZKgEu0cQO8tC3cNNs?= =?us-ascii?Q?Y+DX+MVxS7OSf8SNPyCP4Wgrfvi4IC9WSLXkKGlrkykoELLIByD2bsM4y7Cu?= =?us-ascii?Q?T/ALY12MjMiDqmm4j/0DqdHnI5Z8BxBtYxbLGXP3m8Pv1c4n8kQlW2Nm0J3F?= =?us-ascii?Q?PTV0j5OI9Pzn2cM/kZMw8eV1KXOe2BnMWvu3w30wjbl1Rkt3yMDf2BUMTMXv?= =?us-ascii?Q?Px9wXW8WVtA9g3+Ykkeyj7MIaVJULiUAh49MhQQox86d1sS5Yzy/SbEUkW7p?= =?us-ascii?Q?OcE57kbdJmyqnRkjbOCNDlcHp7On219v09K6F0wrovAsgbl6PRaB5gCk0gy/?= =?us-ascii?Q?Z9qHe5/09LcwWvJ3Mx9hSlyU18Pr6MbT+YegbmQ51sEw4JMHA8FlavcKczI1?= =?us-ascii?Q?ltWkAzsmpUfMiAuB0oGrmSXDRgyrqDOvEKrAvBT9xRvQohMjF6aoSzuRz4/4?= =?us-ascii?Q?2UYIytcS6gp5dAzD+h4jNULUKQXCmepQTdJSmbKY5Rn3/xrbJUoDbRDwUMsY?= =?us-ascii?Q?OHX9mPRzEA9e+UTMnWYf3InyadAvMzCcoV6enPEZ6B3p4UXjFjYh9FvvdPAN?= =?us-ascii?Q?UOa4S5jR0YXJiXufNtLqkZcIA+tC5lkmDOi26bjwDxwFG7mbOFNJTIif/DQD?= =?us-ascii?Q?1385frfyOlF6uCvvPBrEoV78cid3Tclfpd34Zt4NRQVM71r2Pzg48+BZ0Xxq?= =?us-ascii?Q?Tt4sgy2PiUljh+ziU2WXlMWR7FjRzTWbCdZR9fwb5bQmSghb503XynGDnDhi?= =?us-ascii?Q?oPNdl181Q1DmLFFr8a0gYwsv0emvucAsU+0u3Kqloi1dz2UZTeCbogjT1Cl+?= =?us-ascii?Q?zLTYuVr8Ji+7zXYJUzbyxe+e?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2a6d4621-bc9b-4920-2c3d-08d9631bc8f9 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2021 14:15:23.5331 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bI839qAbBvEy9aT+ImWrk3r15t+v4iZ7UwH+UofYuZsthoHKOyZTWA04kRlahwpnzMVnhZz/HxwR6uvNx/D4wA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4887 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Min Xu > -----Original Message----- > From: Brijesh Singh > Sent: Tuesday, August 17, 2021 9:47 PM > To: devel@edk2.groups.io > Cc: James Bottomley ; Xu, Min M > ; Yao, Jiewen ; Tom Lendacky > ; Justen, Jordan L ; > Ard Biesheuvel ; Erdem Aktas > ; Michael Roth ; Brijesh > Singh > Subject: [PATCH v3 3/3] OvmfPkg/ResetVector: move the GHCB page setup in > AmdSev.asm >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 >=20 > While build the initial page table, the SetCr3ForPageTables64 checks whet= her > SEV-ES is enabled. If so, clear the page encryption mask from the GHCB pa= ge. > Move the logic to clear the page encryption mask in the AmdSev.asm. >=20 > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Signed-off-by: Brijesh Singh > --- > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 111 +++++++++++++++++----- > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 53 ++--------- > 2 files changed, 92 insertions(+), 72 deletions(-) >=20 > diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > index 87d81b01e263..250ac8d8b180 100644 > --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > @@ -44,6 +44,27 @@ BITS 32 > ; The unexpected response code > %define TERM_UNEXPECTED_RESP_CODE 2 >=20 > +%define PAGE_PRESENT 0x01 > +%define PAGE_READ_WRITE 0x02 > +%define PAGE_USER_SUPERVISOR 0x04 > +%define PAGE_WRITE_THROUGH 0x08 > +%define PAGE_CACHE_DISABLE 0x010 > +%define PAGE_ACCESSED 0x020 > +%define PAGE_DIRTY 0x040 > +%define PAGE_PAT 0x080 > +%define PAGE_GLOBAL 0x0100 > +%define PAGE_2M_MBO 0x080 > +%define PAGE_2M_PAT 0x01000 > + > +%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \ > + PAGE_DIRTY + \ > + PAGE_READ_WRITE + \ > + PAGE_PRESENT) > + > +%define PAGE_PDP_ATTR (PAGE_ACCESSED + \ > + PAGE_READ_WRITE + \ > + PAGE_PRESENT) > + >=20 > ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is = ; > responsible to populate values in the EDX:EAX registers. After the vmmcal= l > @@ -117,6 +138,70 @@ BITS 32 > SevEsUnexpectedRespTerminate: > TerminateVmgExit TERM_UNEXPECTED_RESP_CODE >=20 > +; If SEV-ES is enabled then initialize and make the GHCB page shared > +SevClearPageEncMaskForGhcbPage: > + ; Check if SEV is enabled > + cmp byte[WORK_AREA_GUEST_TYPE], 1 > + jnz SevClearPageEncMaskForGhcbPageExit > + > + ; Check if SEV-ES is enabled > + cmp byte[SEV_ES_WORK_AREA], 1 > + jnz SevClearPageEncMaskForGhcbPageExit > + > + ; > + ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypt= ed. > + ; This requires the 2MB page for this range be broken down into 512 = 4KB > + ; pages. All will be marked encrypted, except for the GHCB. > + ; > + mov ecx, (GHCB_BASE >> 21) > + mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR > + mov [ecx * 8 + PT_ADDR (0x2000)], eax > + > + ; > + ; Page Table Entries (512 * 4KB entries =3D> 2MB) > + ; > + mov ecx, 512 > +pageTableEntries4kLoop: > + mov eax, ecx > + dec eax > + shl eax, 12 > + add eax, GHCB_BASE & 0xFFE0_0000 > + add eax, PAGE_4K_PDE_ATTR > + mov [ecx * 8 + GHCB_PT_ADDR - 8], eax > + mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx > + loop pageTableEntries4kLoop > + > + ; > + ; Clear the encryption bit from the GHCB entry > + ; > + mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 > + mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 > + > + mov ecx, GHCB_SIZE / 4 > + xor eax, eax > +clearGhcbMemoryLoop: > + mov dword[ecx * 4 + GHCB_BASE - 4], eax > + loop clearGhcbMemoryLoop > + > +SevClearPageEncMaskForGhcbPageExit: > + OneTimeCallRet SevClearPageEncMaskForGhcbPage > + > +; Check if SEV is enabled, and get the C-bit mask above 31. > +; Modified: EDX > +; > +; The value is returned in the EDX > +GetSevCBitMaskAbove31: > + xor edx, edx > + > + ; Check if SEV is enabled > + cmp byte[WORK_AREA_GUEST_TYPE], 1 > + jnz GetSevCBitMaskAbove31Exit > + > + mov edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4] > + > +GetSevCBitMaskAbove31Exit: > + OneTimeCallRet GetSevCBitMaskAbove31 > + > ; Check if Secure Encrypted Virtualization (SEV) features are enabled. > ; > ; Register usage is tight in this routine, so multiple calls for the @@ = -249,32 > +334,6 @@ SevExit: >=20 > OneTimeCallRet CheckSevFeatures >=20 > -; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) fe= ature -; > is enabled. > -; > -; Modified: EAX > -; > -; If SEV-ES is enabled then EAX will be non-zero. > -; If SEV-ES is disabled then EAX will be zero. > -; > -IsSevEsEnabled: > - xor eax, eax > - > - ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set > - ; to 1 if SEV is enabled. > - cmp byte[WORK_AREA_GUEST_TYPE], 1 > - jne SevEsDisabled > - > - ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if > - ; SEV-ES is enabled. > - cmp byte[SEV_ES_WORK_AREA], 1 > - jne SevEsDisabled > - > - mov eax, 1 > - > -SevEsDisabled: > - OneTimeCallRet IsSevEsEnabled > - > ; Start of #VC exception handling routines ; >=20 > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > index f688909f1c7d..07b6ca070909 100644 > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > @@ -46,16 +46,13 @@ SetCr3ForPageTables64: > ; work area when detected. > mov byte[WORK_AREA_GUEST_TYPE], 0 >=20 > + ; Check whether the SEV is active and populate the SevEsWorkArea > OneTimeCall CheckSevFeatures > - xor edx, edx > - test eax, eax > - jz SevNotActive >=20 > - ; If SEV is enabled, C-bit is always above 31 > - sub eax, 32 > - bts edx, eax > - > -SevNotActive: > + ; If SEV is enabled, the C-bit position is always above 31. > + ; The mask will be saved in the EDX and applied during the > + ; the page table build below. > + OneTimeCall GetSevCBitMaskAbove31 >=20 > ; > ; For OVMF, build some initial page tables at @@ -105,44 +102,8 @@ > pageTableEntriesLoop: > mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx > loop pageTableEntriesLoop >=20 > - OneTimeCall IsSevEsEnabled > - test eax, eax > - jz SetCr3 > - > - ; > - ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypt= ed. > - ; This requires the 2MB page for this range be broken down into 512 = 4KB > - ; pages. All will be marked encrypted, except for the GHCB. > - ; > - mov ecx, (GHCB_BASE >> 21) > - mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR > - mov [ecx * 8 + PT_ADDR (0x2000)], eax > - > - ; > - ; Page Table Entries (512 * 4KB entries =3D> 2MB) > - ; > - mov ecx, 512 > -pageTableEntries4kLoop: > - mov eax, ecx > - dec eax > - shl eax, 12 > - add eax, GHCB_BASE & 0xFFE0_0000 > - add eax, PAGE_4K_PDE_ATTR > - mov [ecx * 8 + GHCB_PT_ADDR - 8], eax > - mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx > - loop pageTableEntries4kLoop > - > - ; > - ; Clear the encryption bit from the GHCB entry > - ; > - mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12 > - mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0 > - > - mov ecx, GHCB_SIZE / 4 > - xor eax, eax > -clearGhcbMemoryLoop: > - mov dword[ecx * 4 + GHCB_BASE - 4], eax > - loop clearGhcbMemoryLoop > + ; Clear the C-bit from the GHCB page if the SEV-ES is enabled. > + OneTimeCall SevClearPageEncMaskForGhcbPage >=20 > SetCr3: > ; > -- > 2.17.1