tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 07:34:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function

Browse Source 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

Create a function that can be used to determine if the VM is running
as an SEV-ES guest.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Tom Lendacky 2020-08-12 15:21:39 -05:00 committed by mergify[bot]
parent fefcf90c33
commit 0afa1d08f1
2 changed files with 47 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
OvmfPkg/Include/Library/MemEncryptSevLib.h
View File

@ -13,6 +13,18 @@
#include <Base.h> #include <Base.h>
/**
Returns a boolean to indicate whether SEV-ES is enabled.
@retval TRUE SEV-ES is enabled
@retval FALSE SEV-ES is not enabled
**/
BOOLEAN
EFIAPI
MemEncryptSevEsIsEnabled (
VOID
);
/** /**
Returns a boolean to indicate whether SEV is enabled Returns a boolean to indicate whether SEV is enabled

49
OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
View File

@ -20,19 +20,17 @@
#include <Uefi/UefiBaseType.h> #include <Uefi/UefiBaseType.h>
STATIC BOOLEAN mSevStatus = FALSE; STATIC BOOLEAN mSevStatus = FALSE;
STATIC BOOLEAN mSevEsStatus = FALSE;
STATIC BOOLEAN mSevStatusChecked = FALSE; STATIC BOOLEAN mSevStatusChecked = FALSE;
/** /**
Reads and sets the status of SEV features.
Returns a boolean to indicate whether SEV is enabled
@retval TRUE SEV is enabled
@retval FALSE SEV is not enabled
**/ **/
STATIC STATIC
BOOLEAN VOID
EFIAPI EFIAPI
InternalMemEncryptSevIsEnabled ( InternalMemEncryptSevStatus (
VOID VOID
) )
{ {
@ -56,16 +54,42 @@ InternalMemEncryptSevIsEnabled (
// //
Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
if (Msr.Bits.SevBit) { if (Msr.Bits.SevBit) {
return TRUE; mSevStatus = TRUE;
}
//
// Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
//
if (Msr.Bits.SevEsBit) {
mSevEsStatus = TRUE;
} }
} }
} }
return FALSE; mSevStatusChecked = TRUE;
} }
/** /**
Returns a boolean to indicate whether SEV is enabled Returns a boolean to indicate whether SEV-ES is enabled.
@retval TRUE SEV-ES is enabled
@retval FALSE SEV-ES is not enabled
**/
BOOLEAN
EFIAPI
MemEncryptSevEsIsEnabled (
VOID
)
{
if (!mSevStatusChecked) {
InternalMemEncryptSevStatus ();
}
return mSevEsStatus;
}
/**
Returns a boolean to indicate whether SEV is enabled.
@retval TRUE SEV is enabled @retval TRUE SEV is enabled
@retval FALSE SEV is not enabled @retval FALSE SEV is not enabled
@ -76,13 +100,10 @@ MemEncryptSevIsEnabled (
VOID VOID
) )
{ {
if (mSevStatusChecked) { if (!mSevStatusChecked) {
return mSevStatus; InternalMemEncryptSevStatus ();
} }
mSevStatus = InternalMemEncryptSevIsEnabled();
mSevStatusChecked = TRUE;
return mSevStatus; return mSevStatus;
} }