From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.75]) by mx.groups.io with SMTP id smtpd.web12.5992.1609857249828375950 for ; Tue, 05 Jan 2021 06:34:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=vwMwdI3/; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.75, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oPhRJJN1KDMuSqqxnV0Gjvr6gsGCKPWBUBOASiqxKVvwwC1k7HTZco2QGuYsqhUFwdJkg0bdTEQgKQWvNMr49F2IzRq3hvW9SpbvWLZSSzGQiDGRDIH85WJpCrmVgjDiT3cJBsgqRaXQu9CWoxa8IgU7v8FM7+yGWsWZvqQLtlwBXZzDXj6fAsUR84fA7K6zC548h/gg3riNtEGfL16fVSuKIDNla1G4bTu8sNTx0Vc+RDH9AEZTASJgN57C1I19kfr3HuMr0UvxcqgdcseqO7wBshw6EYIqHO9i3nYqKiAUM6qBGSxDRljfZhKswQSyaPdHb295f8fOJ4Y4d0di6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eFfBiZ38yH9KWA0gLi4TN6f1iUDdsVTroeZq0QLAf20=; b=ef2F7EukIhdkx3IvkNrt5sH48BO92qq/m5WKrm0rcQc40YdYaNsMdxd9Jlp8S87Ypf//gnidoOgL5eN691RjaZVnnvOjC+qUdtu9vYeukfEGAi/XeK6H9x2AAiavsCLQ7p3YHYKt2kBhSODVaLmvKCZZXenEMurxenKuZCAWuZsEI8nM9pu7MGfe+WHcupgMEjwjKgx81SRPGUlIilz74BfcskqX9po6l0UBMHLMISULlhQJ2XaDO7yVPZt6lVb8u8z2g3NaCv2l4ldx460fzyoRvVrUToQ8dLPDnlzxxNyLiyyQaAWjC7SkON/dbktBMLpJLIrIAJuD5uvRhk/7jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eFfBiZ38yH9KWA0gLi4TN6f1iUDdsVTroeZq0QLAf20=; b=vwMwdI3/JUbS2xxlhACpcJSOLe5Jd9Y6SxIE9YUy+w7UiNxibbOpQUxZiJSQd1tViODOwgf5sm/DUhgcyLBpkJc8n4CEF0TMpGZoqHeqnFry1Nlo1+oTVC6SVOPZdSW4MWdkcfUG0761g2/7zkuX1OlU4Dm7iNpscYBejpSFSnI= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB2988.namprd12.prod.outlook.com (2603:10b6:5:3d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.23; Tue, 5 Jan 2021 14:34:07 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Tue, 5 Jan 2021 14:34:07 +0000 Subject: Re: [edk2-devel] [PATCH 08/12] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC To: Laszlo Ersek , devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <6b14be9c75dd31656e986c8e7611b739c2b22a9e.1608065471.git.thomas.lendacky@amd.com> <3bd1ca24-c743-5688-9ec5-2af467a8c595@redhat.com> From: "Lendacky, Thomas" Message-ID: Date: Tue, 5 Jan 2021 08:34:05 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <3bd1ca24-c743-5688-9ec5-2af467a8c595@redhat.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0082.namprd05.prod.outlook.com (2603:10b6:803:22::20) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.118] (165.204.77.1) by SN4PR0501CA0082.namprd05.prod.outlook.com (2603:10b6:803:22::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.2 via Frontend Transport; Tue, 5 Jan 2021 14:34:06 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7e149071-076a-43df-23ef-08d8b186f55e X-MS-TrafficTypeDiagnostic: DM6PR12MB2988: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: G92h/jzAWB+KCXEATUSgas8SFgVNT0HpYWG7gmJL5JsVHbKXzWiQvM46Hz0pXH3dZ94j+uu1JMtOX2I9M+H0/0Dh4umBPZyByFYO2Ce7F6KGI6FNN0uGP8CkwD2wio559vNOdvZFhkw+UHVsnUB1k5HevxZRGIIBeiOsyyAWImVVOC94/2UQP8SNkghGqeugjEZn8+x1ebuicJazNLutauI7xr4CzqzdpSuvd/Ndg/d4ugVO39is9yOFn0UhXSFPi2LCz61oUtnO9Cnr7iOVtyT6/o6RUZcWQ0VhDMtM4yJGFQws17wkS6rdDH2TqCzRvjoVcA1y28bmGYYCRVoCVVw8J7CAA2WciI+EYGhyeoY6g4rCYzPEH1CZDvrrMpc9oJJZkulEXKtGxLcZFhsS+DsNAbUKhzA5Iy7Z2sNCz1NMKn6J2uYsRL1m0m1YTH1an0dWP8YBzrxrXAGs4alk2WHYEHXJ+MKwo8EpNRCySyYrr/kmxSq9vB3JYaePqriO3+2UFcw9Wcg9vZIXnvQulp+FrorqaPcffAD8VfX6HZRCDJMH/ZvdD8D1CQF+LENR X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(136003)(39860400002)(396003)(366004)(8676002)(83380400001)(36756003)(31686004)(2906002)(6486002)(16526019)(186003)(52116002)(31696002)(2616005)(86362001)(26005)(956004)(66556008)(45080400002)(30864003)(66476007)(5660300002)(8936002)(16576012)(19627235002)(316002)(966005)(54906003)(53546011)(66946007)(478600001)(4326008)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?UllBalp4WXNZQzlOYVIwdXc3NnM2RjJoblBZeTJBQmp3QlI0OWFYVGdCb2lN?= =?utf-8?B?QVFjYzJLdElreFBUbkZuaHZBRmNlbGt0U0o0dThPWlBqRGk3aE9tZ1ZNcUZq?= =?utf-8?B?YWkwa2VBdzMyZmxHRWhvcDVLdWhyYWNOWUpTUXFsZkRoSzRDbVF1MnUyenN2?= =?utf-8?B?YTVSd2tYeTEzdUFGOWEwcFNUWHJiUDJsR2R3dTNuYmdkWEtydDhKY09zQnpO?= =?utf-8?B?WFliNExhRno4RFQ5bnUxTzQwSU9sTjZVZFhETDJsdG4xeHA4VGpyWXRKZjlz?= =?utf-8?B?K2pXaDF6cXBQaGo2bkExUDl5TjdoSDd6SzlDVUNwZWxFSE1hWXl5aG1HaFNC?= =?utf-8?B?azYrT1d1QVhVV0w4OTl5YllWRlc5ditZeENjQmNiTDVKZUNwRHgyREhUbHFS?= =?utf-8?B?blVnVXptRjl1WS91bmFDbWl2S0Y4UG9jT3l4VW9saVRUYUJHdzliZmNXbVR3?= =?utf-8?B?eUY4M1ovRHVlUGo5dCtkWjNZYzRtZlc5UnRZWG55MWcrazBLMUM2YjNVUFFY?= =?utf-8?B?WE96TGhKQS9BUHNCbW5VUmRaaisrUXFsNk1OaElPSmtuQXNKN25xTkdGYlY5?= =?utf-8?B?ejZ2dlhXZ1UyTHQ5Vzlzb0dwVkYreEFFVDEyc1N4bVloWHN3OVprOUgvR25m?= =?utf-8?B?TTZGcXRzZCttV0dmUk9HcjlnNFBhTGN1dTZEdTZBL2RUcHNWL3RLRncySjEz?= =?utf-8?B?N0lCRXhjRkVGUnZTUTRHWWg1bEdiejY5UU1Ja2d4MHpxTFRzVmk5UGR2czdm?= =?utf-8?B?bnFMY2FyNGxxV2dEbVlxT3d1cjhmZU5ITytkVjZFYTJZS0FrU1VIdUdOd1hp?= =?utf-8?B?R0huSjJZNCt3SUtCUFBTUDB5QVZEQ3ZpSGFnSkVneE1PQldobDhuRXZ1aXlU?= =?utf-8?B?VWgvZUJiZnlwWno5RktQdmdyZkV1OEcvTmxEZWhwRVRTL0sxOE9sQkFuSUJ0?= =?utf-8?B?ZWh6VVpFVnAzL0RrOUhhdWwxL1pUd0d4RW42UTh5NmpuK1RrZWlXdDRNMkpN?= =?utf-8?B?SkNmMUpjVXFyd2ZyU2J2NEtsMzUrNFFNNmsweVhrYm10YXNkaVgyTjlTMnZP?= =?utf-8?B?a09hYVV5MWluYVVJVC9Fa2dycWp0TEx0Ti9PUkFCWmtScWtoTzZkemJ0eTVh?= =?utf-8?B?bXQzL2VMOStTUkFvVTNxamRxWEl3bU9JNDV6WWl2RS9mMGxDcDBSTEdDTDkr?= =?utf-8?B?TVE5S25xakRxSWszOUN3OTBOOFBJRUV1b09BSFJFNnVUMXhCMWp2UjhxQjlD?= =?utf-8?B?QUdJY3F3NXU1aUtaYXFiTVozTzRXVkFNQUJEc2ZhVkxLMXZGYUdiZmloTVN3?= =?utf-8?Q?MF5DHjM4kwBj1gi5t4FTRqfCEdtyz/6UHl?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2021 14:34:07.1807 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 7e149071-076a-43df-23ef-08d8b186f55e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +LTn0+XMZvHKLKW2LNwbcPFro0dKDbmRLqdWSYsNWucbuJlPOLUqVzlF+F2y48X+j+k9X9Ob8p9PLkfRCH+dzQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2988 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 1/5/21 3:40 AM, Laszlo Ersek wrote: > On 12/15/20 21:51, Lendacky, Thomas wrote: >> From: Tom Lendacky >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7C1440a9afd7f1450ba93d08d8b15e02a5%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637454364641627971%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=P52g0gS3SEhdgkF2qRY6l1J8%2FLjJm1DNR3LLlEmKSBk%3D&reserved=0 >> >> In preparation for a new interface to be added to the MemEncryptSevLib >> library that will be used in SEC, create an SEC version of the library. >> >> This requires the creation of SEC specific files. >> >> Some of the current MemEncryptSevLib functions perform memory allocations >> which cannot be performed in SEC, so these interfaces will return an error >> during SEC. Also, the current MemEncryptSevLib library uses some static >> variables to optimize access to variables, which cannot be used in SEC. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Brijesh Singh >> Signed-off-by: Tom Lendacky >> --- >> .../DxeBaseMemEncryptSevLib.inf | 2 +- >> .../PeiBaseMemEncryptSevLib.inf | 2 +- >> .../SecBaseMemEncryptSevLib.inf | 54 ++++++++ >> .../SecMemEncryptSevLibInternal.c | 130 ++++++++++++++++++ >> ...{VirtualMemory.c => PeiDxeVirtualMemory.c} | 12 +- >> .../X64/SecVirtualMemory.c | 80 +++++++++++ >> 6 files changed, 272 insertions(+), 8 deletions(-) >> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c >> rename OvmfPkg/Library/BaseMemEncryptSevLib/X64/{VirtualMemory.c => PeiDxeVirtualMemory.c} (95%) >> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c > > (1) /s/SecBase/Sec/ (in filenames and in filename references; the > BASE_NAME is OK) Yup, I'll fix that. > >> >> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >> index 2be6ca1fa737..390f2d60677f 100644 >> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >> @@ -33,7 +33,7 @@ [Sources.X64] >> DxeMemEncryptSevLibInternal.c >> MemEncryptSevLibInternal.c >> X64/MemEncryptSevLib.c >> - X64/VirtualMemory.c >> + X64/PeiDxeVirtualMemory.c >> X64/VirtualMemory.h >> >> [Sources.IA32] >> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf >> index 7bdf8cb5210d..cb973fdeb868 100644 >> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf >> @@ -33,7 +33,7 @@ [Sources.X64] >> PeiMemEncryptSevLibInternal.c >> MemEncryptSevLibInternal.c >> X64/MemEncryptSevLib.c >> - X64/VirtualMemory.c >> + X64/PeiDxeVirtualMemory.c >> X64/VirtualMemory.h >> >> [Sources.IA32] >> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >> new file mode 100644 >> index 000000000000..b26f739d69fd >> --- /dev/null >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >> @@ -0,0 +1,54 @@ >> +## @file >> +# Library provides the helper functions for SEV guest >> +# >> +# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
>> +# >> +# SPDX-License-Identifier: BSD-2-Clause-Patent >> +# >> +# >> +## >> + >> +[Defines] >> + INF_VERSION = 1.25 >> + BASE_NAME = SecMemEncryptSevLib >> + FILE_GUID = 046388b4-430e-4e61-88f6-51ea21db2632 >> + MODULE_TYPE = BASE >> + VERSION_STRING = 1.0 >> + LIBRARY_CLASS = MemEncryptSevLib|SEC >> + >> +# >> +# The following information is for reference only and not required by the build >> +# tools. >> +# >> +# VALID_ARCHITECTURES = IA32 X64 >> +# >> + >> +[Packages] >> + MdeModulePkg/MdeModulePkg.dec >> + MdePkg/MdePkg.dec >> + OvmfPkg/OvmfPkg.dec >> + UefiCpuPkg/UefiCpuPkg.dec >> + >> +[Sources.X64] >> + SecMemEncryptSevLibInternal.c >> + MemEncryptSevLibInternal.c >> + X64/MemEncryptSevLib.c >> + X64/SecVirtualMemory.c >> + X64/VirtualMemory.h >> + >> +[Sources.IA32] >> + SecMemEncryptSevLibInternal.c >> + MemEncryptSevLibInternal.c >> + Ia32/MemEncryptSevLib.c >> + >> +[LibraryClasses] >> + BaseLib >> + CpuLib >> + DebugLib >> + PcdLib >> + >> +[FeaturePcd] >> + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire >> + > > (2) This PCD does not look useful for the new library instance (at least > at this stage). The PCD is used in MemEncryptSevLocateInitialSmramSaveStateMapPages() in the MemEncryptSevLibInternal.c file, which is part of the library. Because of that, I assumed that it needed to be added even though the function that uses it isn't called during SEC. I'll remove it. > >> +[FixedPcd] >> + gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase >> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c >> new file mode 100644 >> index 000000000000..30d2ebe1d6e9 >> --- /dev/null >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c >> @@ -0,0 +1,130 @@ >> +/** @file >> + >> + Secure Encrypted Virtualization (SEV) library helper function >> + >> + Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.
>> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> + >> +**/ >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +/** >> + Reads and sets the status of SEV features. >> + >> + **/ >> +STATIC >> +UINT32 >> +EFIAPI >> +InternalMemEncryptSevStatus ( >> + VOID >> + ) >> +{ >> + UINT32 RegEax; >> + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; >> + BOOLEAN ReadSevMsr; >> + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; >> + >> + ReadSevMsr = FALSE; >> + >> + SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); >> + if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { >> + // >> + // The MSR has been read before, so it is safe to read it again and avoid >> + // having to validate the CPUID information. >> + // >> + ReadSevMsr = TRUE; >> + } else { >> + // >> + // Check if memory encryption leaf exist >> + // >> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); >> + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { >> + // >> + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) >> + // >> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); >> + >> + if (Eax.Bits.SevBit) { >> + ReadSevMsr = TRUE; >> + } >> + } >> + } >> + >> + return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; >> +} >> + >> +/** >> + Returns a boolean to indicate whether SEV-ES is enabled. >> + >> + @retval TRUE SEV-ES is enabled >> + @retval FALSE SEV-ES is not enabled >> +**/ >> +BOOLEAN >> +EFIAPI >> +MemEncryptSevEsIsEnabled ( >> + VOID >> + ) >> +{ >> + MSR_SEV_STATUS_REGISTER Msr; >> + >> + Msr.Uint32 = InternalMemEncryptSevStatus (); >> + >> + return Msr.Bits.SevEsBit ? TRUE : FALSE; >> +} >> + >> +/** >> + Returns a boolean to indicate whether SEV is enabled. >> + >> + @retval TRUE SEV is enabled >> + @retval FALSE SEV is not enabled >> +**/ >> +BOOLEAN >> +EFIAPI >> +MemEncryptSevIsEnabled ( >> + VOID >> + ) >> +{ >> + MSR_SEV_STATUS_REGISTER Msr; >> + >> + Msr.Uint32 = InternalMemEncryptSevStatus (); >> + >> + return Msr.Bits.SevBit ? TRUE : FALSE; >> +} >> + >> +/** >> + Returns the SEV encryption mask. >> + >> + @return The SEV pagtable encryption mask >> +**/ >> +UINT64 >> +EFIAPI >> +MemEncryptSevGetEncryptionMask ( >> + VOID >> + ) >> +{ >> + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; >> + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; >> + UINT64 EncryptionMask; >> + >> + SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); >> + if (SevEsWorkArea != NULL) { >> + EncryptionMask = SevEsWorkArea->EncryptionMask; >> + } else { >> + // >> + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) >> + // >> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); >> + EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits); >> + } >> + >> + return EncryptionMask; >> +} >> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >> similarity index 95% >> rename from OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c >> rename to OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >> index 6422bc53bd5d..3a5bab657bd7 100644 >> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >> @@ -192,7 +192,8 @@ Split2MPageTo4K ( >> { >> PHYSICAL_ADDRESS PhysicalAddress4K; >> UINTN IndexOfPageTableEntries; >> - PAGE_TABLE_4K_ENTRY *PageTableEntry, *PageTableEntry1; >> + PAGE_TABLE_4K_ENTRY *PageTableEntry; >> + PAGE_TABLE_4K_ENTRY *PageTableEntry1; >> UINT64 AddressEncMask; >> >> PageTableEntry = AllocatePageTableMemory(1); >> @@ -472,7 +473,7 @@ Split1GPageTo2M ( >> /** >> Set or Clear the memory encryption bit >> >> - @param[in] PagetablePoint Page table entry pointer (PTE). >> + @param[in, out] PageTablePointer Page table entry pointer (PTE). >> @param[in] Mode Set or Clear encryption bit >> >> **/ >> @@ -562,7 +563,6 @@ EnableReadOnlyPageWriteProtect ( >> @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute >> is not supported >> **/ >> - >> STATIC >> RETURN_STATUS >> EFIAPI >> @@ -635,7 +635,7 @@ SetMemoryEncDec ( >> >> Status = EFI_SUCCESS; >> >> - while (Length) >> + while (Length != 0) >> { >> // >> // If Cr3BaseAddress is not specified then read the current CR3 >> @@ -683,7 +683,7 @@ SetMemoryEncDec ( >> // Valid 1GB page >> // If we have at least 1GB to go, we can just update this entry >> // >> - if (!(PhysicalAddress & (BIT30 - 1)) && Length >= BIT30) { >> + if ((PhysicalAddress & (BIT30 - 1)) == 0 && Length >= BIT30) { >> SetOrClearCBit(&PageDirectory1GEntry->Uint64, Mode); >> DEBUG (( >> DEBUG_VERBOSE, >> @@ -744,7 +744,7 @@ SetMemoryEncDec ( >> // Valid 2MB page >> // If we have at least 2MB left to go, we can just update this entry >> // >> - if (!(PhysicalAddress & (BIT21-1)) && Length >= BIT21) { >> + if ((PhysicalAddress & (BIT21-1)) == 0 && Length >= BIT21) { >> SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); >> PhysicalAddress += BIT21; >> Length -= BIT21; > > (3) The style fixes in this file seem unrelated to the subject. Please > split them to a different patch. > > (Were they motivated by ECC?) Yes, IIRC (I need to swap everything back in after the holidays :)), the test pull request was failing until I made these changes. I'll split these changes out as a pre-patch to this patch. Thanks, Tom > > Looks OK otherwise. > > Thanks! > Laszlo > >> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c >> new file mode 100644 >> index 000000000000..5c337ea0b820 >> --- /dev/null >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c >> @@ -0,0 +1,80 @@ >> +/** @file >> + >> + Virtual Memory Management Services to set or clear the memory encryption bit >> + >> + Copyright (c) 2020, AMD Incorporated. All rights reserved.
>> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> + >> +**/ >> + >> +#include >> +#include >> + >> +#include "VirtualMemory.h" >> + >> +/** >> + This function clears memory encryption bit for the memory region specified by >> + PhysicalAddress and Length from the current page table context. >> + >> + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use >> + current CR3) >> + @param[in] PhysicalAddress The physical address that is the start >> + address of a memory region. >> + @param[in] Length The length of memory region >> + @param[in] Flush Flush the caches before applying the >> + encryption mask >> + >> + @retval RETURN_SUCCESS The attributes were cleared for the >> + memory region. >> + @retval RETURN_INVALID_PARAMETER Number of pages is zero. >> + @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute >> + is not supported >> +**/ >> +RETURN_STATUS >> +EFIAPI >> +InternalMemEncryptSevSetMemoryDecrypted ( >> + IN PHYSICAL_ADDRESS Cr3BaseAddress, >> + IN PHYSICAL_ADDRESS PhysicalAddress, >> + IN UINTN Length, >> + IN BOOLEAN Flush >> + ) >> +{ >> + // >> + // This function is not available during SEC. >> + // >> + return RETURN_UNSUPPORTED; >> +} >> + >> +/** >> + This function sets memory encryption bit for the memory region specified by >> + PhysicalAddress and Length from the current page table context. >> + >> + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use >> + current CR3) >> + @param[in] PhysicalAddress The physical address that is the start >> + address of a memory region. >> + @param[in] Length The length of memory region >> + @param[in] Flush Flush the caches before applying the >> + encryption mask >> + >> + @retval RETURN_SUCCESS The attributes were set for the memory >> + region. >> + @retval RETURN_INVALID_PARAMETER Number of pages is zero. >> + @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute >> + is not supported >> +**/ >> +RETURN_STATUS >> +EFIAPI >> +InternalMemEncryptSevSetMemoryEncrypted ( >> + IN PHYSICAL_ADDRESS Cr3BaseAddress, >> + IN PHYSICAL_ADDRESS PhysicalAddress, >> + IN UINTN Length, >> + IN BOOLEAN Flush >> + ) >> +{ >> + // >> + // This function is not available during SEC. >> + // >> + return RETURN_UNSUPPORTED; >> +} >> >