2021-01-07 19:48:16 +01:00
|
|
|
/** @file
|
|
|
|
|
|
|
|
Secure Encrypted Virtualization (SEV) library helper function
|
|
|
|
|
|
|
|
Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
|
|
|
|
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include <Library/BaseLib.h>
|
|
|
|
#include <Library/DebugLib.h>
|
|
|
|
#include <Library/MemEncryptSevLib.h>
|
|
|
|
#include <Library/PcdLib.h>
|
|
|
|
#include <Register/Amd/Cpuid.h>
|
|
|
|
#include <Register/Amd/Msr.h>
|
|
|
|
#include <Register/Cpuid.h>
|
|
|
|
#include <Uefi/UefiBaseType.h>
|
2022-02-21 15:59:14 +01:00
|
|
|
#include <ConfidentialComputingGuestAttr.h>
|
2021-01-07 19:48:16 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
STATIC UINT64 mCurrentAttr = 0;
|
|
|
|
STATIC BOOLEAN mCurrentAttrRead = FALSE;
|
2021-12-05 23:54:09 +01:00
|
|
|
STATIC UINT64 mSevEncryptionMask = 0;
|
|
|
|
STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
|
2021-01-07 19:48:16 +01:00
|
|
|
|
|
|
|
/**
|
2022-02-21 15:59:14 +01:00
|
|
|
The function check if the specified Attr is set.
|
|
|
|
|
|
|
|
@param[in] CurrentAttr The current attribute.
|
|
|
|
@param[in] Attr The attribute to check.
|
2021-01-07 19:48:16 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
@retval TRUE The specified Attr is set.
|
|
|
|
@retval FALSE The specified Attr is not set.
|
|
|
|
|
|
|
|
**/
|
2021-01-07 19:48:16 +01:00
|
|
|
STATIC
|
2022-02-21 15:59:14 +01:00
|
|
|
BOOLEAN
|
|
|
|
AmdMemEncryptionAttrCheck (
|
|
|
|
IN UINT64 CurrentAttr,
|
|
|
|
IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
|
2021-01-07 19:48:16 +01:00
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
switch (Attr) {
|
|
|
|
case CCAttrAmdSev:
|
2021-01-07 19:48:16 +01:00
|
|
|
//
|
2022-02-21 15:59:14 +01:00
|
|
|
// SEV is automatically enabled if SEV-ES or SEV-SNP is active.
|
2021-01-07 19:48:16 +01:00
|
|
|
//
|
2022-02-21 15:59:14 +01:00
|
|
|
return CurrentAttr >= CCAttrAmdSev;
|
|
|
|
case CCAttrAmdSevEs:
|
|
|
|
//
|
|
|
|
// SEV-ES is automatically enabled if SEV-SNP is active.
|
|
|
|
//
|
|
|
|
return CurrentAttr >= CCAttrAmdSevEs;
|
|
|
|
case CCAttrAmdSevSnp:
|
|
|
|
return CurrentAttr == CCAttrAmdSevSnp;
|
|
|
|
default:
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Check if the specified confidential computing attribute is active.
|
|
|
|
|
|
|
|
@param[in] Attr The attribute to check.
|
2021-01-07 19:48:16 +01:00
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
@retval TRUE The specified Attr is active.
|
|
|
|
@retval FALSE The specified Attr is not active.
|
|
|
|
|
|
|
|
**/
|
|
|
|
STATIC
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
ConfidentialComputingGuestHas (
|
|
|
|
IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
|
|
|
|
)
|
|
|
|
{
|
|
|
|
//
|
|
|
|
// Get the current CC attribute.
|
|
|
|
//
|
|
|
|
// We avoid reading the PCD on every check because this routine could be indirectly
|
|
|
|
// called during the virtual pointer conversion. And its not safe to access the
|
|
|
|
// PCDs during the virtual pointer conversion.
|
|
|
|
//
|
|
|
|
if (!mCurrentAttrRead) {
|
|
|
|
mCurrentAttr = PcdGet64 (PcdConfidentialComputingGuestAttr);
|
|
|
|
mCurrentAttrRead = TRUE;
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
//
|
|
|
|
// If attr is for the AMD group then call AMD specific checks.
|
|
|
|
//
|
|
|
|
if (((RShiftU64 (mCurrentAttr, 8)) & 0xff) == 1) {
|
|
|
|
return AmdMemEncryptionAttrCheck (mCurrentAttr, Attr);
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
2022-02-21 15:59:14 +01:00
|
|
|
return (mCurrentAttr == Attr);
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
2021-12-09 04:27:37 +01:00
|
|
|
/**
|
|
|
|
Returns a boolean to indicate whether SEV-SNP is enabled.
|
|
|
|
|
|
|
|
@retval TRUE SEV-SNP is enabled
|
|
|
|
@retval FALSE SEV-SNP is not enabled
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevSnpIsEnabled (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
return ConfidentialComputingGuestHas (CCAttrAmdSevSnp);
|
2021-12-09 04:27:37 +01:00
|
|
|
}
|
|
|
|
|
2021-01-07 19:48:16 +01:00
|
|
|
/**
|
|
|
|
Returns a boolean to indicate whether SEV-ES is enabled.
|
|
|
|
|
|
|
|
@retval TRUE SEV-ES is enabled
|
|
|
|
@retval FALSE SEV-ES is not enabled
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevEsIsEnabled (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
return ConfidentialComputingGuestHas (CCAttrAmdSevEs);
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Returns a boolean to indicate whether SEV is enabled.
|
|
|
|
|
|
|
|
@retval TRUE SEV is enabled
|
|
|
|
@retval FALSE SEV is not enabled
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevIsEnabled (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
2022-02-21 15:59:14 +01:00
|
|
|
return ConfidentialComputingGuestHas (CCAttrAmdSev);
|
2021-01-07 19:48:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Returns the SEV encryption mask.
|
|
|
|
|
|
|
|
@return The SEV pagtable encryption mask
|
|
|
|
**/
|
|
|
|
UINT64
|
|
|
|
EFIAPI
|
|
|
|
MemEncryptSevGetEncryptionMask (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (!mSevEncryptionMaskSaved) {
|
2021-12-05 23:54:09 +01:00
|
|
|
mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
|
2021-01-07 19:48:16 +01:00
|
|
|
mSevEncryptionMaskSaved = TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return mSevEncryptionMask;
|
|
|
|
}
|