From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.43])
 by mx.groups.io with SMTP id smtpd.web12.301.1619027153126110119
 for <devel@edk2.groups.io>;
 Wed, 21 Apr 2021 10:45:53 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=SN9ddzLz;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.102.43, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=V5fDUSCQUTzTPACbcuZ8nNUoZXm0m9KH9xabqzQV1zMQIJjIBj+e+kXu3W3IyIW2iIICEQ99kQJzAqVTvA+OPfkeu8cEQgXdUcVCOzOr/FL3B43yCa0mmVPMs8w9v4UJi+Vb/mn/c/CqdqbAEEikBsNyxduzG3TmfNxxgoJgYq3gT0hmIHCV7ll2f/pqjRu8u/lranpmjHJIIJCH1K4FpvKb24jWC8zEHOrHsVo0GuVJxt2luAc/uRT53iTumFbiea0vmRmFQMvKI+juX+4JwqUlQVJvQRkvWR3ovfHDpVcASvNzX8HEa0Yxe+q/tjMyTz4ztl9/lrgT8n8j/FAykg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=GAJh+uZoBHZuvZ5XfZX1zoYsJJANg6xfQsdcPzIJ3Oc=;
 b=GxqjyCl5Bur00iUAbApAqpfRGgmKC0Avg4YsGV4XdSlIYtNqPPIRQuonpOTOUcDNhuf4eFBKm25qTGVjlV0LulMf2qR/DPtsMs5/3BSXVDgdaMU7xVCHFNYk2gYnXAfJPHRbpTMd7+l5+e2+YDRMV4dLUWkkP+xtab2Q7BGbgTzguLIRoaK6bY03RaDY3/ghRaXny42ABywb1LKXrNyQLd2Og7lPIMHofzLxfjgJDrQiKaLuFzbsPHVaBJTlK9VKUdSjx092hKKv9tqHJqaKzXid6Z5Oypq1GaYr2Y0b9vV9XGU0mrpN6EB1UGiZNA0NX6Xa1mVBVU5JpHnNQkqLXQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=GAJh+uZoBHZuvZ5XfZX1zoYsJJANg6xfQsdcPzIJ3Oc=;
 b=SN9ddzLzvEQeLH3fltyRCbx2jOIjkl+xHTz/5iWmcS08+Bc3cji5lj7H3v/NbRQGvZOvWFQ3Lw/ekAFoNI2WFmOV0835WUl0XvW3GO1OngVxF2hv//i58NDwYdkrn70AK6pzIRgLrwuFBVenLxD5exrz5jOXAaVKdL7yQ7xIHSY=
Authentication-Results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=amd.com;
Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by
 DM6PR12MB4941.namprd12.prod.outlook.com (2603:10b6:5:1b8::17) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4042.19; Wed, 21 Apr 2021 17:45:51 +0000
Received: from DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4042.024; Wed, 21 Apr
 2021 17:45:51 +0000
Subject: Re: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV
To: Andrew Fish <afish@apple.com>, edk2-devel-groups-io <devel@edk2.groups.io>
CC: evantass@amd.com, Joerg Roedel <joro@8bytes.org>,
 Borislav Petkov <bp@alien8.de>, Laszlo Ersek <lersek@redhat.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Brijesh Singh <brijesh.singh@amd.com>, James Bottomley <jejb@linux.ibm.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>
References: <831dc0af-e5b8-ead1-6ef7-f94aff8df0b5@amd.com>
 <1677E4DA25FD7265.31957@groups.io>
 <E1CC4041-3EC6-4495-9FB5-32C68DA06902@apple.com>
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
Message-ID: <dc9f614e-1af8-9d55-4c26-0093f0a9a73c@amd.com>
Date: Wed, 21 Apr 2021 12:45:48 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.1
In-Reply-To: <E1CC4041-3EC6-4495-9FB5-32C68DA06902@apple.com>
X-Originating-IP: [67.79.209.213]
X-ClientProxiedBy: SN6PR2101CA0009.namprd21.prod.outlook.com
 (2603:10b6:805:106::19) To DM5PR12MB1355.namprd12.prod.outlook.com
 (2603:10b6:3:6e::7)
Return-Path: thomas.lendacky@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from office-linux.texastahm.com (67.79.209.213) by SN6PR2101CA0009.namprd21.prod.outlook.com (2603:10b6:805:106::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.5 via Frontend Transport; Wed, 21 Apr 2021 17:45:50 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 3c661653-4793-4c40-52bc-08d904ed4e23
X-MS-TrafficTypeDiagnostic: DM6PR12MB4941:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM6PR12MB494129866CAB2E0B538E7C9FEC479@DM6PR12MB4941.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	y6MjJYfxuWmT891cfSlTdBSgog4vpA2/2gj/raIo5djCcm6ZRyzP7lrtG4ZuT+lDhrAoXEEpRusvflkpZ90PUVV/VwNDrjHBrVRGUCjC0O2hpInrhjueYxpxCOplzsXZEDFnm0Mf4L+cB7gHU6/mkBxKacrlWRiO4OaW7RTTngRNJaW45q4S8hVAbj3F1OfP3l9LejS+YjOC3DR2U6Me/5qAF0AbOzJge00W0c9EyDXIEXikBtq9LsfdhHPIGi4V9+Utxq30VWdK8piKDTnHCeimLd7PGLSdB6RBTepn0qvvTSdZuai/YKeNHTGnfMhgsQK5yZ5SR5P063jIwmCM+ql4mdpaA2RaXhOUz0OmdaxA6G3WSxdiIG4o/E1mL0Pzpq0Tj4K7ob6h8+/8XQ9kvIDTOAmM4D34qsfLBBiVJPrpyPELqz7ldaxynS/Mxtx8iBxsC4hgTaXbvIex6XJZSZuGDlLgraum9Q5EyI3FSQSvv/KjGAFJzECdYNlJRZeVWuE5Za8fAwf12+wWbGWP59EjKGWLdwqkUHXqmfxHZzZO4+VrcZJxAm02onesCdfX6vkK8fAjxJTUijSXPPivvhpMO/CWF22mWb1z5UkxyFnfpWTiDVB95ibOijGDRgeI0BMGxlosDpp1wO13xJUQOz7y7aP8naR9j3xyIWBreSVTAjjUGoWVHKYvd/mLlc1xm9nW4p/80h5ffkdBjBTL72OLIqdZUjCN2xm1ehRLlwDnJxhCSaVXZZ+JHolmG+Hz4FPxV3oQSX66yPSbFcb4gw==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(396003)(366004)(39860400002)(346002)(136003)(66556008)(66946007)(83380400001)(6506007)(86362001)(66476007)(38100700002)(478600001)(31686004)(2906002)(31696002)(5660300002)(8936002)(7416002)(26005)(8676002)(45080400002)(2616005)(110136005)(966005)(6512007)(186003)(16526019)(316002)(36756003)(54906003)(6486002)(4326008)(53546011)(956004)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
	=?us-ascii?Q?efP+L1SgFlt8fN5rPYgETALZr399kMjXoDuKIEFhiuetI3cBmokzwm1JOLhS?=
 =?us-ascii?Q?/HVNA9ZexCxUkNQoK+qbEwbKIPbMIVrTmXPHVMsGzRs+z5IA868yVet6oRkc?=
 =?us-ascii?Q?CXA/a4fjoxo1R9IjBcadCp3CUCt0Zm7PzFKbYyuS5OloGsXJpvqY1KLFOHPK?=
 =?us-ascii?Q?sr+AmrNfZkBC8Q6WkPUoLZYZQiAcPrvmAX/RLfeAP6v7WF24hoonXs+WUeHl?=
 =?us-ascii?Q?ARnPXYsphgB2CbxlU7if8MncL4n6+t+1QiExwmemGfAm77xi8UhlpuEqJBKJ?=
 =?us-ascii?Q?ySrNQLd9xB6qNzlAdAyx+J8OnK675bMr+gdjR93lqtKrNLdjpSdBIlwqMbsf?=
 =?us-ascii?Q?V70n9jk7Vp736MgUgWIuBlsKDGZDUeQ2lseqfa6hWs4Dmzv45CWVPrdSa2Fc?=
 =?us-ascii?Q?jW3mkpDdcmKENpFwcjUzepm0tG6KAy22MqVQerIIiUSxxOXPAanZE34C3TJT?=
 =?us-ascii?Q?9yHVQipnwyK5VVL38l7PtWfXpk7O3V3w48+5xYhfc0DWGn/Y+l40vKrtGkZ9?=
 =?us-ascii?Q?3sNA9Oc0ANJuwsVkbv5+aMtlTClgyqVkQVW6L7anviwUoizrTVqBAZsAFtzH?=
 =?us-ascii?Q?PbvEDJv5LhxrR/qRLLXVMcXJGYUMwuH5Kq9dAVsAcDRGOuoo6wwdHhFLIyLl?=
 =?us-ascii?Q?zIbzQbLEplX4MZrKHVrwktq7xvlIPihyXXoYN7tVsBoOzEk7JQMEAh+Zfsdy?=
 =?us-ascii?Q?JxJM0NWkLWSKzJAxPrHFjGDALqMG5jLBiwWr30qPXm7VJsoz1rhPqs6TNHWk?=
 =?us-ascii?Q?QxjMz8rU5hA0Cm4AmpELxlQ+tFWJg1oIR19ZVzrLgLABVgtG15Lyb7zw5WMt?=
 =?us-ascii?Q?C2tDFaTnlAxRzVCmEgCRPp7i0u6wEDBIi0nS/BR+PQntHSUxpx5Fvy2Tzmyu?=
 =?us-ascii?Q?OMW8KDEtiezI1zjLhOkASPupqhvhopdBO7aH7NoCPlbetnYmBMIXsd0H1nZD?=
 =?us-ascii?Q?niX74VExH4S2ReFWk8THJYxDfZS8s3nAHgkIkA9SSzdVKHWWa19PYt4kmotM?=
 =?us-ascii?Q?BoGjfo1Wpmh0czRQT4gnCb+2pMVKbdoaQKpdBHgvk2eOWmW2u8HeEVKUdtL7?=
 =?us-ascii?Q?iKZG66S4ijAqPNl9qANi2qas9koSdzkleyxFNF++nVTrnH1j/My0TRF4wrqG?=
 =?us-ascii?Q?L50kFlcKLeKimAIhEHLEA24WL19/c4qDXyd96CBNk5HEGwAeMKuNB2yC764G?=
 =?us-ascii?Q?KLa2vB5qGgWMdbck8V1fcvdB3ZqeQb71JpXHlFgfqxkMynt3JRTvh1KbZmro?=
 =?us-ascii?Q?cAuQ3JUCnYONQ+ie/pSl+ORWsH1sAyKCMfybVWD091D7E1VVsW1iPwgUSUrd?=
 =?us-ascii?Q?pr7gPyAT0CwTiEBzO3zKHvVX?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c661653-4793-4c40-52bc-08d904ed4e23
X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2021 17:45:51.6532
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 6G4xFxB0EPZ3khYD9W/qTtkg7akNBC3WyZ6q0uZh8pfhTt19CtX/0uLY4KGGXzheV54L2TCg3YDqBw6htk0x6g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4941
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 4/21/21 12:20 PM, Andrew Fish wrote:
> Tom,

I think you meant this for Eric, who orignally asked the question.

Thanks,
Tom

>=20
> The phases are defined by the UEFI Platform Initialization Specification
> [1] (PI Spec). Basically the UEFI Specification defines how to write EFI
> OS Loaders and Option ROMs and EFI is just defined in the context of how
> EFI services are passed into applications or drivers. The UEFI Platform
> Initialization Specification is how to write modular bits of the firmwar=
e
> that interoperate. So all PI systems produce UEFI, but not all UEFI
> systems are built out of PI. There are also some schemes that use the
> early parts of PI, but not all of it but this is confusing enough withou=
t
> talking about that.=C2=A0
>=20
> [1]=C2=A0https://uefi.org/specifications
> <https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fuef=
i.org%2Fspecifications&data=3D04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b=
94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C6375=
46224695823638%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi=
LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3DzItDTPHlE2ff245VNo1pf6EmpmWk9=
Huz5HLLCTFQqA0%3D&reserved=3D0>
>=20
> Thanks,
>=20
> Andrew Fish
>=20
>=20
>> On Apr 21, 2021, at 7:09 AM, Andrew Fish via groups.io
>> <https://nam11.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fgro=
ups.io%2F&data=3D04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66ab4d=
08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C63754622469583363=
2%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha=
WwiLCJXVCI6Mn0%3D%7C1000&sdata=3DfdsetjCVemD2frKffZYzJcWrhGHsIu%2BtnYQDvHnf=
5RE%3D&reserved=3D0>
>> <afish=3Dapple.com@groups.io <mailto:afish=3Dapple.com@groups.io>> wrot=
e:
>>
>> https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discus=
sion/23_boot_sequence
>> <https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fed=
k2-docs.gitbook.io%2Fedk-ii-build-specification%2F2_design_discussion%2F23_=
boot_sequence&data=3D04%7C01%7Cthomas.lendacky%40amd.com%7C76eda3b94d3e4f66=
ab4d08d904e9da40%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C6375462246958=
33632%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I=
k1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3DBhCNrQ503bWtQDO%2FwqvHLd5lJeMm2erXW3To=
Jy8VTJQ%3D&reserved=3D0>
>>
>>
>>> On Apr 20, 2021, at 11:34 PM, Eric van Tassell <evantass@amd.com
>>> <mailto:evantass@amd.com>> wrote:
>>>
>>> =EF=BB=BF
>>>
>>> On 4/20/21 5:54 PM, Tom Lendacky wrote:
>>>> From: Tom Lendacky <thomas.lendacky@amd.com
>>>> <mailto:thomas.lendacky@amd.com>>
>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345
>>>> <https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F=
bugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3345&data=3D04%7C01%7Cthomas.l=
endacky%40amd.com%7C76eda3b94d3e4f66ab4d08d904e9da40%7C3dd8961fe4884e608e11=
a82d994e183d%7C0%7C0%7C637546224695843628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM=
C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3D9q=
C2wXomC0SXSzCnl0NxPWbZBydPoe8447j4Sq8%2BaRo%3D&reserved=3D0>
>>>> The TPM support in OVMF performs MMIO accesses during the PEI phase. =
At
>>>
>>> where are the phases defined and how many other are there?
>>>
>>>> this point, MMIO ranges have not been marked un-encyrpted, so an SEV-=
ES
>>>> guest will fail attempting to perform MMIO to an encrypted address.
>>>> Read the PcdTpmBaseAddress and mark the specification defined range
>>>> (0x5000 in length) as un-encrypted, to allow an SEV-ES guest to proce=
ss
>>>> the MMIO requests.
>>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org
>>>> <mailto:ardb+tianocore@kernel.org>>
>>>> Cc: Jordan Justen <jordan.l.justen@intel.com
>>>> <mailto:jordan.l.justen@intel.com>>
>>>> Cc: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.co=
m>>
>>>> Cc: James Bottomley <jejb@linux.ibm.com <mailto:jejb@linux.ibm.com>>
>>>> Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>
>>>> Cc: Min Xu <min.m.xu@intel.com <mailto:min.m.xu@intel.com>>
>>>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com
>>>> <mailto:thomas.lendacky@amd.com>>
>>>> ---
>>>> =C2=A0OvmfPkg/PlatformPei/PlatformPei.inf | =C2=A01 +
>>>> =C2=A0OvmfPkg/PlatformPei/AmdSev.c =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0| 19 +++++++++++++++++++
>>>> =C2=A02 files changed, 20 insertions(+)
>>>> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
>>>> b/OvmfPkg/PlatformPei/PlatformPei.inf
>>>> index 6ef77ba7bb21..de60332e9390 100644
>>>> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
>>>> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
>>>> @@ -113,6 +113,7 @@ [Pcd]
>>>> =C2=A0=C2=A0=C2=A0[FixedPcd]
>>>> =C2=A0=C2=A0=C2=A0gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
>>>> + =C2=A0gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress
>>>> =C2=A0=C2=A0=C2=A0gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryN=
VS
>>>> =C2=A0=C2=A0=C2=A0gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaim=
Memory
>>>> =C2=A0=C2=A0=C2=A0gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMem=
oryType
>>>> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSe=
v.c
>>>> index dddffdebda4b..d524929f9e10 100644
>>>> --- a/OvmfPkg/PlatformPei/AmdSev.c
>>>> +++ b/OvmfPkg/PlatformPei/AmdSev.c
>>>> @@ -141,6 +141,7 @@ AmdSevInitialize (
>>>> =C2=A0=C2=A0=C2=A0)
>>>> =C2=A0{
>>>> =C2=A0=C2=A0=C2=A0UINT64 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0EncryptionMask;
>>>> + =C2=A0UINT64 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0TpmBaseAddress;
>>>> =C2=A0=C2=A0=C2=A0RETURN_STATUS =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0PcdStatus;
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0//
>>>> @@ -206,6 +207,24 @@ AmdSevInitialize (
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0}
>>>> =C2=A0=C2=A0=C2=A0}
>>>> =C2=A0+ =C2=A0//
>>>> + =C2=A0// PEI TPM support will perform MMIO accesses, be sure this r=
ange
>>>> is not
>>>> + =C2=A0// marked encrypted.
>>>> + =C2=A0//
>>>> + =C2=A0TpmBaseAddress =3D PcdGet64 (PcdTpmBaseAddress);
>>>> + =C2=A0if (TpmBaseAddress !=3D 0) {
>>>> + =C2=A0=C2=A0=C2=A0RETURN_STATUS =C2=A0DecryptStatus;
>>>> +
>>>> + =C2=A0=C2=A0=C2=A0DecryptStatus =3D MemEncryptSevClearPageEncMask (
>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A00,
>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0TpmBaseAddress=
,
>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0EFI_SIZE_TO_PA=
GES (0x5000),
>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0FALSE
>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0);
>>>> +
>>>> + =C2=A0=C2=A0=C2=A0ASSERT_RETURN_ERROR (DecryptStatus);
>>>> + =C2=A0}
>>>> +
>>>> =C2=A0=C2=A0=C2=A0//
>>>> =C2=A0=C2=A0=C2=A0// Check and perform SEV-ES initialization if requi=
red.
>>>> =C2=A0=C2=A0=C2=A0//
>>>
>>>
>>>
>>>
>>>
>>=20
>=20