From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.45]) by mx.groups.io with SMTP id smtpd.web11.7028.1609861143880557896 for ; Tue, 05 Jan 2021 07:39:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=kLANoDQS; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.45, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KU1559QuyNVAsdExljXQRo5yYN0w5MO2z5CHDula4vLeB7/pVYA20RBY4+x69Fy2QZi5mF9dssCnLqQXREXCv4IJGgsw75Es9R8q/AqT6w75RasjfcbU67oUS/gTEAua13R40x3yECU80j8iJOpEm+Rwj8e6GuXZKLblOJlfvpddTNYp6s5WPNTRb+99CRWE4vJnXA8ANsArGwNRUnvuq9S6wH24qPBo0UKkeNTCZ05Nd+sCnk0Jvu0cE6WhUNNc8ySUd/qiBfThgWs1c+xvzyC8FfpSmbJRV5KFtDe5/S6pfwuZbxKLX2iMmgGF97gnyroi7c5qRweUcJkTgOnIMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TFoXYdI8mc4vlwlnaamyMwuQCw1YBTB0zE7p6Qc/HoQ=; b=DwnynwB7JQyK2q8GEbwXpdJd/d8JRtLk5BstQ3mNDvtkmqA4EN8yUaPuxgcn1uZSYIzDOfFAmXX/fc3zlwMMhBgtXrwQBQ+B7I+Unt/cShwTMQew4xJr66D5hwSQJCImABBzcJM/OmIi2OuodllmKKc8rteWRZ5uWI5nfrGijnGNRgEBwXgCm+DKOpxgGZSOn9hnjzJyo8Nz4tLRdRSm6K0q1uN5//KmUtLtpqpTiH9JlkuPR/qIIPnmNkV5AwUtrHq3n7FkbN8h44zmpIG46CI9YiWHJTQfmOez2UiZA4426UYsVN7EoGTQcXwmMPRfFWYgRPqlPnf5jhM5vT+JsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TFoXYdI8mc4vlwlnaamyMwuQCw1YBTB0zE7p6Qc/HoQ=; b=kLANoDQSnya785WUAyQAjcVuH6VyWPLnnta/e7by9+IhgGyhPd5Ct67gCoiocWewlteFk5NzDZu3EgZkdd2EjXLmmCfruw/ufzg5LHcHMqWGoBHj3bzypD+jnTayxr2cTHkiMD7XXacUOiG4MV/g2Iv3HtMXA1MZS6oFyv/9khI= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB2825.namprd12.prod.outlook.com (2603:10b6:5:75::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.20; Tue, 5 Jan 2021 15:39:02 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Tue, 5 Jan 2021 15:39:02 +0000 Subject: Re: [edk2-devel] [PATCH 08/12] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC From: "Lendacky, Thomas" To: Laszlo Ersek , devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <6b14be9c75dd31656e986c8e7611b739c2b22a9e.1608065471.git.thomas.lendacky@amd.com> <3bd1ca24-c743-5688-9ec5-2af467a8c595@redhat.com> Message-ID: Date: Tue, 5 Jan 2021 09:38:59 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0017.namprd06.prod.outlook.com (2603:10b6:803:2f::27) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.118] (165.204.77.1) by SN4PR0601CA0017.namprd06.prod.outlook.com (2603:10b6:803:2f::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Tue, 5 Jan 2021 15:39:01 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 70829229-97ae-4158-ad56-08d8b19006c6 X-MS-TrafficTypeDiagnostic: DM6PR12MB2825: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zZBdO437c4HBjFByv2iDEgXLHFmkM5uQdKcHxuNqe3hM4e164pnFIMLS6Vz1hhAkjFbnWH8iN6Skoeo9t1JVSf1l5Kgg8sjLnda+BgZuo+xce/D0drdFGHG4BEQoyKFlDA/QBMe43OfI2qAC5UrSdnFNqUYrb+CaGT7mX9PlZxMpNf49WRgYBNxW2RAZ48kdLv85R2blLjtAjqn+Dq7X3zN8KI6Izy3Mxvxs/s5XKKLSjnyS1CI9ajPKmeoC0Pzs3wgpUQw99LevhDVWWcQwMhzS4P+ynZV3gSQJXHB169Ua5XyGKDIANEcbvPbP+mlKC+EDY54zgTf0fK7zfNGfSZb7UZt1U4/DuT7zTfjT0yFUphT2u87crL9pHIvStLIrU2ij/QgvVBnUnRIYL1dJRsjmhiJS8SOvHq1MIYbonrn7bs3Ay8uH8xaUjaB5NQukohlD59SzOusqG+x5aUggtv/zLYWoFeiTowu8xPFpGJTQiPPzNL5fPo7rcgAROW4KjqgmOlJfZ4gBjMCcRDfvbAQyq61dCHoGlZ++FISFahVID7wcl6Ssjt/g7OksU7S8 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(136003)(39860400002)(396003)(376002)(366004)(54906003)(316002)(16576012)(186003)(956004)(52116002)(2616005)(19627235002)(31686004)(31696002)(6486002)(53546011)(86362001)(8936002)(83380400001)(4326008)(26005)(36756003)(2906002)(66556008)(66476007)(66946007)(966005)(8676002)(5660300002)(45080400002)(478600001)(30864003)(16526019)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?NHdqOG1SR0pybWVObmtvcFE5WW5IaHhRUGNxZ2duY1h6SWJheHlxd0tsVFcv?= =?utf-8?B?MlJaZVFCMkVNSC9hWTdQUWhqd2E1MGIyNjBNTjc3MXphd2xNci9QVjBaUHhh?= =?utf-8?B?empBZ2o5bHo3dkc0clJZQkIxRXFLN3hKQnlCcUFNWm9oL2ZWK3V6d1RmQmdt?= =?utf-8?B?SHRsYnZ0QUtYMWY5ZlhwUmxxeTR3TTVRMHBQdG1WU2JqNkJVeWk2VXRNeWJ1?= =?utf-8?B?M2N0NElOSFdxckhkdVVSdkVRUzQrOHBKZ3hFbUhDQ0NpaXZtY1pxanlraFJZ?= =?utf-8?B?SURJZU9abmlHUGE5L0dmMmpCeWgreFByaFNUL2lpN2RZSXdyUEs5RTRtRnF2?= =?utf-8?B?QnQ2aWtlcy9Ea1VHUDFKNXUrWkxiYnR3L0Fja29oTG9WMkhQYXhGODRCTEVu?= =?utf-8?B?aGF2MFlpdkJUQ2tDcFAyT2dVVTVBK2tnbW14SjV2a3hKWVlQWURCQkJmWFNM?= =?utf-8?B?dDllVVhxeFhJWmNXWXNIekFRSEdSZVdxOWo4ckw0ZWlnZzY5Q3E1d0dCeW5E?= =?utf-8?B?dE9xNVIzOE5xM2I0RTBGU1VsZ0hoZ3ZMSTdBQmtYVnREb0NZK0hqbEZvM0Nm?= =?utf-8?B?em44RVhIaWVUdjdmb0JHMFVuSHZTOUgrL0ZiVTI4VGpGYVhSaVZLQTlCM0ZR?= =?utf-8?B?aDU2S1AxcFlLVnFreDBZWHJMYnp1K3VSUnFkRGJ1TWE4eXJTZXBpZXZtb2xI?= =?utf-8?B?blFMZVVlQWZCNXFxNXFhRVVUaVV4cjJSRGUvSE5mYmVrMGFjaVZMeVJCbU9E?= =?utf-8?B?S0ZIR3cwUXM2aHZBZTYxY01qMlJPZkNmd3hUbk00R1Via0g4dHc1WXpSYkpO?= =?utf-8?B?ZitIY2VPaEJUYXl2WjNMaG9ybjA4RnNJOUptMk9EajhQZGRBeTd2ZHcrWEF4?= =?utf-8?B?NUl3RGJGUXprRTFNTDZ3YjlKY1YvbDNPd2plcU9sQjhPR0o0T1FReDdNQVFX?= =?utf-8?B?aVNhazNGTG9vSUM4YmN1SGpnWEowdWp4K25peVJhdGxrMGZqZ3FyYk11Rjcw?= =?utf-8?B?akxOZFlKdGJCSUVHRVVLS0tKbytmS1QvTW53S3dVL1RIY2Q3d3RINDBmbXdm?= =?utf-8?B?U0ZSUEErY0lsTUVkTkpmd2ZFb2RVVmJtdG9GNXFPS1pIdjd4NHZOaEFCL2Vw?= =?utf-8?B?ckNlbnZ6cjdxVkcwVGJyRC83LzEwZ2RzN2c3S0pUT2dWWElkdkEwK0FZQWdp?= =?utf-8?B?dytNcytlbmsxRlBlMDJCYmxQdlFJRTRFNDZXNmQvbjFpdHdRek14YUd6WUdq?= =?utf-8?B?VUVKVE1XK3VtUjhoNEhXUTdwQ1ZWQk9pVmlFTkhFL08ydEV2TDhHWWticlJj?= =?utf-8?Q?1kVZof9Ck0Jk3slK8WbVWu3XAbB40G0lQ/?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2021 15:39:01.7756 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 70829229-97ae-4158-ad56-08d8b19006c6 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dZIcq/jjj0KG1coqG6avQrCyLwNyTvMC60T5KcK/DrYVGsaM9jaBQiF6n7rEXAnizwLo7wBeUsu4ysMw7SoheQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2825 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 1/5/21 8:34 AM, Tom Lendacky wrote: > On 1/5/21 3:40 AM, Laszlo Ersek wrote: >> On 12/15/20 21:51, Lendacky, Thomas wrote: >>> From: Tom Lendacky >>> >>> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7C1440a9afd7f1450ba93d08d8b15e02a5%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637454364641627971%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=P52g0gS3SEhdgkF2qRY6l1J8%2FLjJm1DNR3LLlEmKSBk%3D&reserved=0 >>> >>> In preparation for a new interface to be added to the MemEncryptSevLib >>> library that will be used in SEC, create an SEC version of the library. >>> >>> This requires the creation of SEC specific files. >>> >>> Some of the current MemEncryptSevLib functions perform memory allocations >>> which cannot be performed in SEC, so these interfaces will return an error >>> during SEC. Also, the current MemEncryptSevLib library uses some static >>> variables to optimize access to variables, which cannot be used in SEC. >>> >>> Cc: Jordan Justen >>> Cc: Laszlo Ersek >>> Cc: Ard Biesheuvel >>> Cc: Brijesh Singh >>> Signed-off-by: Tom Lendacky >>> --- >>> .../DxeBaseMemEncryptSevLib.inf | 2 +- >>> .../PeiBaseMemEncryptSevLib.inf | 2 +- >>> .../SecBaseMemEncryptSevLib.inf | 54 ++++++++ >>> .../SecMemEncryptSevLibInternal.c | 130 ++++++++++++++++++ >>> ...{VirtualMemory.c => PeiDxeVirtualMemory.c} | 12 +- >>> .../X64/SecVirtualMemory.c | 80 +++++++++++ >>> 6 files changed, 272 insertions(+), 8 deletions(-) >>> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >>> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c >>> rename OvmfPkg/Library/BaseMemEncryptSevLib/X64/{VirtualMemory.c => PeiDxeVirtualMemory.c} (95%) >>> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c >> >> (1) /s/SecBase/Sec/ (in filenames and in filename references; the >> BASE_NAME is OK) > > Yup, I'll fix that. > >> >>> >>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >>> index 2be6ca1fa737..390f2d60677f 100644 >>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >>> @@ -33,7 +33,7 @@ [Sources.X64] >>> DxeMemEncryptSevLibInternal.c >>> MemEncryptSevLibInternal.c >>> X64/MemEncryptSevLib.c >>> - X64/VirtualMemory.c >>> + X64/PeiDxeVirtualMemory.c >>> X64/VirtualMemory.h >>> >>> [Sources.IA32] >>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf >>> index 7bdf8cb5210d..cb973fdeb868 100644 >>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf >>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf >>> @@ -33,7 +33,7 @@ [Sources.X64] >>> PeiMemEncryptSevLibInternal.c >>> MemEncryptSevLibInternal.c >>> X64/MemEncryptSevLib.c >>> - X64/VirtualMemory.c >>> + X64/PeiDxeVirtualMemory.c >>> X64/VirtualMemory.h >>> >>> [Sources.IA32] >>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >>> new file mode 100644 >>> index 000000000000..b26f739d69fd >>> --- /dev/null >>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >>> @@ -0,0 +1,54 @@ >>> +## @file >>> +# Library provides the helper functions for SEV guest >>> +# >>> +# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
>>> +# >>> +# SPDX-License-Identifier: BSD-2-Clause-Patent >>> +# >>> +# >>> +## >>> + >>> +[Defines] >>> + INF_VERSION = 1.25 >>> + BASE_NAME = SecMemEncryptSevLib >>> + FILE_GUID = 046388b4-430e-4e61-88f6-51ea21db2632 >>> + MODULE_TYPE = BASE >>> + VERSION_STRING = 1.0 >>> + LIBRARY_CLASS = MemEncryptSevLib|SEC >>> + >>> +# >>> +# The following information is for reference only and not required by the build >>> +# tools. >>> +# >>> +# VALID_ARCHITECTURES = IA32 X64 >>> +# >>> + >>> +[Packages] >>> + MdeModulePkg/MdeModulePkg.dec >>> + MdePkg/MdePkg.dec >>> + OvmfPkg/OvmfPkg.dec >>> + UefiCpuPkg/UefiCpuPkg.dec >>> + >>> +[Sources.X64] >>> + SecMemEncryptSevLibInternal.c >>> + MemEncryptSevLibInternal.c >>> + X64/MemEncryptSevLib.c >>> + X64/SecVirtualMemory.c >>> + X64/VirtualMemory.h >>> + >>> +[Sources.IA32] >>> + SecMemEncryptSevLibInternal.c >>> + MemEncryptSevLibInternal.c >>> + Ia32/MemEncryptSevLib.c >>> + >>> +[LibraryClasses] >>> + BaseLib >>> + CpuLib >>> + DebugLib >>> + PcdLib >>> + >>> +[FeaturePcd] >>> + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire >>> + >> >> (2) This PCD does not look useful for the new library instance (at least >> at this stage). > > The PCD is used in MemEncryptSevLocateInitialSmramSaveStateMapPages() in > the MemEncryptSevLibInternal.c file, which is part of the library. Because > of that, I assumed that it needed to be added even though the function > that uses it isn't called during SEC. > > I'll remove it. Removing it does cause an error. If we really don't want to include this PCD, I can create SEC and PEI/DXE specific versions of the MemEncryptSevLibInternal.c file and just return RETURN_UNSUPPORTED for the SEC version of MemEncryptSevLocateInitialSmramSaveStateMapPages(). Alternatively, I can just remove the MemEncryptSevLibInternal.c file from the build of the SEC library. This should be ok during SEC because there are no calls to MemEncryptSevLocateInitialSmramSaveStateMapPages(). If, for some reason a call is added later, then the build will fail, but it should be obvious why it failed. Or I can just leave the FeaturePcd section in the SEC inf file. Thoughts? Thanks, Tom > >> >>> +[FixedPcd] >>> + gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase >>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c >>> new file mode 100644 >>> index 000000000000..30d2ebe1d6e9 >>> --- /dev/null >>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c >>> @@ -0,0 +1,130 @@ >>> +/** @file >>> + >>> + Secure Encrypted Virtualization (SEV) library helper function >>> + >>> + Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.
>>> + >>> + SPDX-License-Identifier: BSD-2-Clause-Patent >>> + >>> +**/ >>> + >>> +#include >>> +#include >>> +#include >>> +#include >>> +#include >>> +#include >>> +#include >>> +#include >>> + >>> +/** >>> + Reads and sets the status of SEV features. >>> + >>> + **/ >>> +STATIC >>> +UINT32 >>> +EFIAPI >>> +InternalMemEncryptSevStatus ( >>> + VOID >>> + ) >>> +{ >>> + UINT32 RegEax; >>> + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; >>> + BOOLEAN ReadSevMsr; >>> + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; >>> + >>> + ReadSevMsr = FALSE; >>> + >>> + SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); >>> + if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { >>> + // >>> + // The MSR has been read before, so it is safe to read it again and avoid >>> + // having to validate the CPUID information. >>> + // >>> + ReadSevMsr = TRUE; >>> + } else { >>> + // >>> + // Check if memory encryption leaf exist >>> + // >>> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); >>> + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { >>> + // >>> + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) >>> + // >>> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); >>> + >>> + if (Eax.Bits.SevBit) { >>> + ReadSevMsr = TRUE; >>> + } >>> + } >>> + } >>> + >>> + return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; >>> +} >>> + >>> +/** >>> + Returns a boolean to indicate whether SEV-ES is enabled. >>> + >>> + @retval TRUE SEV-ES is enabled >>> + @retval FALSE SEV-ES is not enabled >>> +**/ >>> +BOOLEAN >>> +EFIAPI >>> +MemEncryptSevEsIsEnabled ( >>> + VOID >>> + ) >>> +{ >>> + MSR_SEV_STATUS_REGISTER Msr; >>> + >>> + Msr.Uint32 = InternalMemEncryptSevStatus (); >>> + >>> + return Msr.Bits.SevEsBit ? TRUE : FALSE; >>> +} >>> + >>> +/** >>> + Returns a boolean to indicate whether SEV is enabled. >>> + >>> + @retval TRUE SEV is enabled >>> + @retval FALSE SEV is not enabled >>> +**/ >>> +BOOLEAN >>> +EFIAPI >>> +MemEncryptSevIsEnabled ( >>> + VOID >>> + ) >>> +{ >>> + MSR_SEV_STATUS_REGISTER Msr; >>> + >>> + Msr.Uint32 = InternalMemEncryptSevStatus (); >>> + >>> + return Msr.Bits.SevBit ? TRUE : FALSE; >>> +} >>> + >>> +/** >>> + Returns the SEV encryption mask. >>> + >>> + @return The SEV pagtable encryption mask >>> +**/ >>> +UINT64 >>> +EFIAPI >>> +MemEncryptSevGetEncryptionMask ( >>> + VOID >>> + ) >>> +{ >>> + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; >>> + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; >>> + UINT64 EncryptionMask; >>> + >>> + SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); >>> + if (SevEsWorkArea != NULL) { >>> + EncryptionMask = SevEsWorkArea->EncryptionMask; >>> + } else { >>> + // >>> + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) >>> + // >>> + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); >>> + EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits); >>> + } >>> + >>> + return EncryptionMask; >>> +} >>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >>> similarity index 95% >>> rename from OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c >>> rename to OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >>> index 6422bc53bd5d..3a5bab657bd7 100644 >>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c >>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >>> @@ -192,7 +192,8 @@ Split2MPageTo4K ( >>> { >>> PHYSICAL_ADDRESS PhysicalAddress4K; >>> UINTN IndexOfPageTableEntries; >>> - PAGE_TABLE_4K_ENTRY *PageTableEntry, *PageTableEntry1; >>> + PAGE_TABLE_4K_ENTRY *PageTableEntry; >>> + PAGE_TABLE_4K_ENTRY *PageTableEntry1; >>> UINT64 AddressEncMask; >>> >>> PageTableEntry = AllocatePageTableMemory(1); >>> @@ -472,7 +473,7 @@ Split1GPageTo2M ( >>> /** >>> Set or Clear the memory encryption bit >>> >>> - @param[in] PagetablePoint Page table entry pointer (PTE). >>> + @param[in, out] PageTablePointer Page table entry pointer (PTE). >>> @param[in] Mode Set or Clear encryption bit >>> >>> **/ >>> @@ -562,7 +563,6 @@ EnableReadOnlyPageWriteProtect ( >>> @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute >>> is not supported >>> **/ >>> - >>> STATIC >>> RETURN_STATUS >>> EFIAPI >>> @@ -635,7 +635,7 @@ SetMemoryEncDec ( >>> >>> Status = EFI_SUCCESS; >>> >>> - while (Length) >>> + while (Length != 0) >>> { >>> // >>> // If Cr3BaseAddress is not specified then read the current CR3 >>> @@ -683,7 +683,7 @@ SetMemoryEncDec ( >>> // Valid 1GB page >>> // If we have at least 1GB to go, we can just update this entry >>> // >>> - if (!(PhysicalAddress & (BIT30 - 1)) && Length >= BIT30) { >>> + if ((PhysicalAddress & (BIT30 - 1)) == 0 && Length >= BIT30) { >>> SetOrClearCBit(&PageDirectory1GEntry->Uint64, Mode); >>> DEBUG (( >>> DEBUG_VERBOSE, >>> @@ -744,7 +744,7 @@ SetMemoryEncDec ( >>> // Valid 2MB page >>> // If we have at least 2MB left to go, we can just update this entry >>> // >>> - if (!(PhysicalAddress & (BIT21-1)) && Length >= BIT21) { >>> + if ((PhysicalAddress & (BIT21-1)) == 0 && Length >= BIT21) { >>> SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); >>> PhysicalAddress += BIT21; >>> Length -= BIT21; >> >> (3) The style fixes in this file seem unrelated to the subject. Please >> split them to a different patch. >> >> (Were they motivated by ECC?) > > Yes, IIRC (I need to swap everything back in after the holidays :)), the > test pull request was failing until I made these changes. I'll split these > changes out as a pre-patch to this patch. > > Thanks, > Tom > >> >> Looks OK otherwise. >> >> Thanks! >> Laszlo >> >>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c >>> new file mode 100644 >>> index 000000000000..5c337ea0b820 >>> --- /dev/null >>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c >>> @@ -0,0 +1,80 @@ >>> +/** @file >>> + >>> + Virtual Memory Management Services to set or clear the memory encryption bit >>> + >>> + Copyright (c) 2020, AMD Incorporated. All rights reserved.
>>> + >>> + SPDX-License-Identifier: BSD-2-Clause-Patent >>> + >>> +**/ >>> + >>> +#include >>> +#include >>> + >>> +#include "VirtualMemory.h" >>> + >>> +/** >>> + This function clears memory encryption bit for the memory region specified by >>> + PhysicalAddress and Length from the current page table context. >>> + >>> + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use >>> + current CR3) >>> + @param[in] PhysicalAddress The physical address that is the start >>> + address of a memory region. >>> + @param[in] Length The length of memory region >>> + @param[in] Flush Flush the caches before applying the >>> + encryption mask >>> + >>> + @retval RETURN_SUCCESS The attributes were cleared for the >>> + memory region. >>> + @retval RETURN_INVALID_PARAMETER Number of pages is zero. >>> + @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute >>> + is not supported >>> +**/ >>> +RETURN_STATUS >>> +EFIAPI >>> +InternalMemEncryptSevSetMemoryDecrypted ( >>> + IN PHYSICAL_ADDRESS Cr3BaseAddress, >>> + IN PHYSICAL_ADDRESS PhysicalAddress, >>> + IN UINTN Length, >>> + IN BOOLEAN Flush >>> + ) >>> +{ >>> + // >>> + // This function is not available during SEC. >>> + // >>> + return RETURN_UNSUPPORTED; >>> +} >>> + >>> +/** >>> + This function sets memory encryption bit for the memory region specified by >>> + PhysicalAddress and Length from the current page table context. >>> + >>> + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use >>> + current CR3) >>> + @param[in] PhysicalAddress The physical address that is the start >>> + address of a memory region. >>> + @param[in] Length The length of memory region >>> + @param[in] Flush Flush the caches before applying the >>> + encryption mask >>> + >>> + @retval RETURN_SUCCESS The attributes were set for the memory >>> + region. >>> + @retval RETURN_INVALID_PARAMETER Number of pages is zero. >>> + @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute >>> + is not supported >>> +**/ >>> +RETURN_STATUS >>> +EFIAPI >>> +InternalMemEncryptSevSetMemoryEncrypted ( >>> + IN PHYSICAL_ADDRESS Cr3BaseAddress, >>> + IN PHYSICAL_ADDRESS PhysicalAddress, >>> + IN UINTN Length, >>> + IN BOOLEAN Flush >>> + ) >>> +{ >>> + // >>> + // This function is not available during SEC. >>> + // >>> + return RETURN_UNSUPPORTED; >>> +} >>> >>