OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

Create a function that can be used to determine if the VM is running
as an SEV-ES guest.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Tom Lendacky 2020-08-12 15:21:39 -05:00 committed by mergify[bot]
parent fefcf90c33
commit 0afa1d08f1
2 changed files with 47 additions and 14 deletions

View File

@ -13,6 +13,18 @@
#include <Base.h>
/**
Returns a boolean to indicate whether SEV-ES is enabled.
@retval TRUE SEV-ES is enabled
@retval FALSE SEV-ES is not enabled
**/
BOOLEAN
EFIAPI
MemEncryptSevEsIsEnabled (
VOID
);
/**
Returns a boolean to indicate whether SEV is enabled

View File

@ -20,19 +20,17 @@
#include <Uefi/UefiBaseType.h>
STATIC BOOLEAN mSevStatus = FALSE;
STATIC BOOLEAN mSevEsStatus = FALSE;
STATIC BOOLEAN mSevStatusChecked = FALSE;
/**
Reads and sets the status of SEV features.
Returns a boolean to indicate whether SEV is enabled
@retval TRUE SEV is enabled
@retval FALSE SEV is not enabled
**/
STATIC
BOOLEAN
VOID
EFIAPI
InternalMemEncryptSevIsEnabled (
InternalMemEncryptSevStatus (
VOID
)
{
@ -56,16 +54,42 @@ InternalMemEncryptSevIsEnabled (
//
Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
if (Msr.Bits.SevBit) {
return TRUE;
mSevStatus = TRUE;
}
//
// Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
//
if (Msr.Bits.SevEsBit) {
mSevEsStatus = TRUE;
}
}
}
return FALSE;
mSevStatusChecked = TRUE;
}
/**
Returns a boolean to indicate whether SEV is enabled
Returns a boolean to indicate whether SEV-ES is enabled.
@retval TRUE SEV-ES is enabled
@retval FALSE SEV-ES is not enabled
**/
BOOLEAN
EFIAPI
MemEncryptSevEsIsEnabled (
VOID
)
{
if (!mSevStatusChecked) {
InternalMemEncryptSevStatus ();
}
return mSevEsStatus;
}
/**
Returns a boolean to indicate whether SEV is enabled.
@retval TRUE SEV is enabled
@retval FALSE SEV is not enabled
@ -76,13 +100,10 @@ MemEncryptSevIsEnabled (
VOID
)
{
if (mSevStatusChecked) {
return mSevStatus;
if (!mSevStatusChecked) {
InternalMemEncryptSevStatus ();
}
mSevStatus = InternalMemEncryptSevIsEnabled();
mSevStatusChecked = TRUE;
return mSevStatus;
}