OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest

Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031

This patch is similar to the c477b2783f patch for Td guest.

Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI
OptionRom needs to be ignored if it is Sev guest. According to
"Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage"
PI spec 1.7, type-specific flags can be set to 0 when Address
Translation Offset == 6 to skip device option ROM.

Without this patch, Sev guest may shows invalid MMIO opcode error
as following:

Invalid MMIO opcode (F6)
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1))

The OptionRom must be disabled both on Td and Sev guests, so we direct
use CcProbe().

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c

@@ -18,6 +18,7 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/CcProbeLib.h>
 
 #include <Protocol/IncompatiblePciDeviceSupport.h>
 #include <Protocol/LegacyBios.h>
@@ -264,7 +265,7 @@ CheckDevice (
   //
   // In Td guest OptionRom is not allowed.
   //
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     Length += sizeof mOptionRomConfiguration;
   }
 
@@ -286,7 +287,7 @@ CheckDevice (
   CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration);
   Length = sizeof mMmio64Configuration;
 
-  if (TdIsEnabled ()) {
+  if (CcProbe ()) {
     CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration);
     Length += sizeof mOptionRomConfiguration;
   }

OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf

@@ -24,6 +24,7 @@
   OvmfPkg/OvmfPkg.dec
 
 [LibraryClasses]
+  CcProbeLib
   DebugLib
   MemoryAllocationLib
   PcdLib