2021-01-07 19:48:16 +01:00
|
|
|
/** @file
|
|
|
|
|
|
|
|
Secure Encrypted Virtualization (SEV) library helper function
|
|
|
|
|
|
|
|
Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
|
|
|
|
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include <Library/BaseLib.h>
|
|
|
|
#include <Library/DebugLib.h>
|
|
|
|
#include <Library/MemEncryptSevLib.h>
|
|
|
|
#include <Library/PcdLib.h>
|
|
|
|
#include <Register/Amd/Cpuid.h>
|
|
|
|
#include <Register/Amd/Msr.h>
|
|
|
|
#include <Register/Cpuid.h>
|
|
|
|
#include <Uefi/UefiBaseType.h>
|
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
/**
|
|
|
|
Read the workarea to determine whether SEV is enabled. If enabled,
|
|
|
|
then return the SevEsWorkArea pointer.
|
|
|
|
|
|
|
|
**/
|
|
|
|
STATIC
|
|
|
|
SEC_SEV_ES_WORK_AREA *
|
|
|
|
EFIAPI
|
|
|
|
GetSevEsWorkArea (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
OVMF_WORK_AREA *WorkArea;
|
|
|
|
|
|
|
|
WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
|
|
|
|
|
|
|
|
//
|
|
|
|
// If its not SEV guest then SevEsWorkArea is not valid.
|
|
|
|
//
|
2022-04-19 02:26:23 +02:00
|
|
|
if ((WorkArea == NULL) || (WorkArea->Header.GuestType != CcGuestTypeAmdSev)) {
|
2022-02-21 15:59:14 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2021-01-07 19:48:16 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
return (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);
|
|
|
|
}
|
2021-01-07 19:48:16 +01:00
|
|
|
|
|
|
|
/**
|
2022-02-21 15:59:14 +01:00
|
|
|
Read the SEV Status MSR value from the workarea
|
2021-01-07 19:48:16 +01:00
|
|
|
|
|
|
|
**/
|
|
|
|
STATIC
|
2022-02-21 15:59:14 +01:00
|
|
|
UINT32
|
2021-01-07 19:48:16 +01:00
|
|
|
EFIAPI
|
|
|
|
InternalMemEncryptSevStatus (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
|
2021-01-07 19:48:16 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
SevEsWorkArea = GetSevEsWorkArea ();
|
|
|
|
if (SevEsWorkArea == NULL) {
|
|
|
|
return 0;
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
return (UINT32)(UINTN)SevEsWorkArea->SevStatusMsrValue;
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
2021-12-09 04:27:37 +01:00
|
|
|
/**
|
|
|
|
Returns a boolean to indicate whether SEV-SNP is enabled.
|
|
|
|
|
|
|
|
@retval TRUE SEV-SNP is enabled
|
|
|
|
@retval FALSE SEV-SNP is not enabled
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevSnpIsEnabled (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
MSR_SEV_STATUS_REGISTER Msr;
|
|
|
|
|
|
|
|
Msr.Uint32 = InternalMemEncryptSevStatus ();
|
2021-12-09 04:27:37 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
return Msr.Bits.SevSnpBit ? TRUE : FALSE;
|
2021-12-09 04:27:37 +01:00
|
|
|
}
|
|
|
|
|
2021-01-07 19:48:16 +01:00
|
|
|
/**
|
|
|
|
Returns a boolean to indicate whether SEV-ES is enabled.
|
|
|
|
|
|
|
|
@retval TRUE SEV-ES is enabled
|
|
|
|
@retval FALSE SEV-ES is not enabled
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevEsIsEnabled (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
MSR_SEV_STATUS_REGISTER Msr;
|
|
|
|
|
|
|
|
Msr.Uint32 = InternalMemEncryptSevStatus ();
|
2021-01-07 19:48:16 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
return Msr.Bits.SevEsBit ? TRUE : FALSE;
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Returns a boolean to indicate whether SEV is enabled.
|
|
|
|
|
|
|
|
@retval TRUE SEV is enabled
|
|
|
|
@retval FALSE SEV is not enabled
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevIsEnabled (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
MSR_SEV_STATUS_REGISTER Msr;
|
2021-01-07 19:48:16 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
Msr.Uint32 = InternalMemEncryptSevStatus ();
|
|
|
|
|
|
|
|
return Msr.Bits.SevBit ? TRUE : FALSE;
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Returns the SEV encryption mask.
|
|
|
|
|
|
|
|
@return The SEV pagtable encryption mask
|
|
|
|
**/
|
|
|
|
UINT64
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevGetEncryptionMask (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
|
|
|
|
|
|
|
|
SevEsWorkArea = GetSevEsWorkArea ();
|
|
|
|
if (SevEsWorkArea == NULL) {
|
|
|
|
return 0;
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
return SevEsWorkArea->EncryptionMask;
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|