2017-07-06 15:26:45 +02:00
|
|
|
/** @file
|
|
|
|
|
|
|
|
|
|
AMD Sev Dxe driver. This driver is dispatched early in DXE, due to being list
|
2018-03-01 14:32:23 +01:00
|
|
|
in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when SEV
|
|
|
|
|
is enabled.
|
2017-07-06 15:26:45 +02:00
|
|
|
|
2021-01-07 19:48:18 +01:00
|
|
|
Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.<BR>
|
2017-07-06 15:26:45 +02:00
|
|
|
|
2019-04-04 01:06:33 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
2017-07-06 15:26:45 +02:00
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
2021-01-07 19:48:18 +01:00
|
|
|
#include <IndustryStandard/Q35MchIch9.h>
|
2018-03-01 22:05:55 +01:00
|
|
|
#include <Library/BaseLib.h>
|
|
|
|
|
#include <Library/BaseMemoryLib.h>
|
2018-03-01 15:02:11 +01:00
|
|
|
#include <Library/DebugLib.h>
|
2017-07-06 15:26:45 +02:00
|
|
|
#include <Library/DxeServicesTableLib.h>
|
|
|
|
|
#include <Library/MemEncryptSevLib.h>
|
2018-03-01 15:02:11 +01:00
|
|
|
#include <Library/MemoryAllocationLib.h>
|
2018-03-01 22:05:55 +01:00
|
|
|
#include <Library/PcdLib.h>
|
2017-07-06 15:26:45 +02:00
|
|
|
|
|
|
|
|
EFI_STATUS
|
|
|
|
|
EFIAPI
|
|
|
|
|
AmdSevDxeEntryPoint (
|
|
|
|
|
IN EFI_HANDLE ImageHandle,
|
|
|
|
|
IN EFI_SYSTEM_TABLE *SystemTable
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
EFI_STATUS Status;
|
|
|
|
|
EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap;
|
|
|
|
|
UINTN NumEntries;
|
|
|
|
|
UINTN Index;
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Do nothing when SEV is not enabled
|
|
|
|
|
//
|
|
|
|
|
if (!MemEncryptSevIsEnabled ()) {
|
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
|
2018-03-01 14:32:23 +01:00
|
|
|
// memory space. The NonExistent memory space will be used for mapping the
|
|
|
|
|
// MMIO space added later (eg PciRootBridge). By clearing both known MMIO and
|
2017-07-06 15:26:45 +02:00
|
|
|
// NonExistent memory space can gurantee that current and furture MMIO adds
|
|
|
|
|
// will have C-bit cleared.
|
|
|
|
|
//
|
|
|
|
|
Status = gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap);
|
|
|
|
|
if (!EFI_ERROR (Status)) {
|
|
|
|
|
for (Index = 0; Index < NumEntries; Index++) {
|
|
|
|
|
CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
|
|
|
|
|
|
|
|
|
|
Desc = &AllDescMap[Index];
|
|
|
|
|
if (Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo ||
|
|
|
|
|
Desc->GcdMemoryType == EfiGcdMemoryTypeNonExistent) {
|
2021-05-19 20:19:46 +02:00
|
|
|
Status = MemEncryptSevClearMmioPageEncMask (
|
2018-03-01 14:32:23 +01:00
|
|
|
0,
|
|
|
|
|
Desc->BaseAddress,
|
2021-05-19 20:19:46 +02:00
|
|
|
EFI_SIZE_TO_PAGES (Desc->Length)
|
2018-03-01 14:32:23 +01:00
|
|
|
);
|
2017-07-06 15:26:45 +02:00
|
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FreePool (AllDescMap);
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-07 19:48:18 +01:00
|
|
|
//
|
|
|
|
|
// If PCI Express is enabled, the MMCONFIG area has been reserved, rather
|
|
|
|
|
// than marked as MMIO, and so the C-bit won't be cleared by the above walk
|
|
|
|
|
// through the GCD map. Check for the MMCONFIG area and clear the C-bit for
|
|
|
|
|
// the range.
|
|
|
|
|
//
|
|
|
|
|
if (PcdGet16 (PcdOvmfHostBridgePciDevId) == INTEL_Q35_MCH_DEVICE_ID) {
|
2021-05-19 20:19:46 +02:00
|
|
|
Status = MemEncryptSevClearMmioPageEncMask (
|
2021-01-07 19:48:18 +01:00
|
|
|
0,
|
|
|
|
|
FixedPcdGet64 (PcdPciExpressBaseAddress),
|
2021-05-19 20:19:46 +02:00
|
|
|
EFI_SIZE_TO_PAGES (SIZE_256MB)
|
2021-01-07 19:48:18 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-01 22:05:55 +01:00
|
|
|
//
|
|
|
|
|
// When SMM is enabled, clear the C-bit from SMM Saved State Area
|
|
|
|
|
//
|
|
|
|
|
// NOTES: The SavedStateArea address cleared here is before SMBASE
|
|
|
|
|
// relocation. Currently, we do not clear the SavedStateArea address after
|
|
|
|
|
// SMBASE is relocated due to the following reasons:
|
|
|
|
|
//
|
|
|
|
|
// 1) Guest BIOS never access the relocated SavedStateArea.
|
|
|
|
|
//
|
|
|
|
|
// 2) The C-bit works on page-aligned address, but the SavedStateArea
|
|
|
|
|
// address is not a page-aligned. Theoretically, we could roundup the address
|
|
|
|
|
// and clear the C-bit of aligned address but looking carefully we found
|
|
|
|
|
// that some portion of the page contains code -- which will causes a bigger
|
|
|
|
|
// issues for SEV guest. When SEV is enabled, all the code must be encrypted
|
|
|
|
|
// otherwise hardware will cause trap.
|
|
|
|
|
//
|
|
|
|
|
// We restore the C-bit for this SMM Saved State Area after SMBASE relocation
|
|
|
|
|
// is completed (See OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c).
|
|
|
|
|
//
|
|
|
|
|
if (FeaturePcdGet (PcdSmmSmramRequire)) {
|
|
|
|
|
UINTN MapPagesBase;
|
|
|
|
|
UINTN MapPagesCount;
|
|
|
|
|
|
|
|
|
|
Status = MemEncryptSevLocateInitialSmramSaveStateMapPages (
|
|
|
|
|
&MapPagesBase,
|
|
|
|
|
&MapPagesCount
|
|
|
|
|
);
|
|
|
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Although these pages were set aside (i.e., allocated) by PlatformPei, we
|
|
|
|
|
// could be after a warm reboot from the OS. Don't leak any stale OS data
|
|
|
|
|
// to the hypervisor.
|
|
|
|
|
//
|
|
|
|
|
ZeroMem ((VOID *)MapPagesBase, EFI_PAGES_TO_SIZE (MapPagesCount));
|
|
|
|
|
|
|
|
|
|
Status = MemEncryptSevClearPageEncMask (
|
|
|
|
|
0, // Cr3BaseAddress -- use current CR3
|
|
|
|
|
MapPagesBase, // BaseAddress
|
2021-05-19 20:19:49 +02:00
|
|
|
MapPagesCount // NumPages
|
2018-03-01 22:05:55 +01:00
|
|
|
);
|
|
|
|
|
if (EFI_ERROR (Status)) {
|
|
|
|
|
DEBUG ((DEBUG_ERROR, "%a: MemEncryptSevClearPageEncMask(): %r\n",
|
|
|
|
|
__FUNCTION__, Status));
|
|
|
|
|
ASSERT (FALSE);
|
|
|
|
|
CpuDeadLoop ();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-06 15:26:45 +02:00
|
|
|
return EFI_SUCCESS;
|
|
|
|
|
}
|
