tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg/MemEncryptSevLib: rewrap to 79 characters width 

There are many overlong lines; it's hard to work with the library like
this. Rewrap all files to 79 columns.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
This commit is contained in:
Laszlo Ersek 2018-03-01 14:32:23 +01:00
parent 66f2329446
commit 4bd6bf317e
7 changed files with 253 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
OvmfPkg/Include/Library/MemEncryptSevLib.h
View File

@ -35,13 +35,15 @@ MemEncryptSevIsEnabled (
This function clears memory encryption bit for the memory region specified This function clears memory encryption bit for the memory region specified
by BaseAddress and Number of pages from the current page table context. by BaseAddress and Number of pages from the current page table context.
@param[in] BaseAddress The physical address that is the start address @param[in] BaseAddress The physical address that is the start
of a memory region. address of a memory region.
@param[in] NumberOfPages The number of pages from start memory region. @param[in] NumberOfPages The number of pages from start memory
region.
@param[in] Flush Flush the caches before clearing the bit @param[in] Flush Flush the caches before clearing the bit
(mostly TRUE except MMIO addresses) (mostly TRUE except MMIO addresses)
@retval RETURN_SUCCESS The attributes were cleared for the memory region. @retval RETURN_SUCCESS The attributes were cleared for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not @retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not
supported supported
@ -59,13 +61,15 @@ MemEncryptSevClearPageEncMask (
This function sets memory encryption bit for the memory region specified by This function sets memory encryption bit for the memory region specified by
BaseAddress and Number of pages from the current page table context. BaseAddress and Number of pages from the current page table context.
@param[in] BaseAddress The physical address that is the start address @param[in] BaseAddress The physical address that is the start
of a memory region. address of a memory region.
@param[in] NumberOfPages The number of pages from start memory region. @param[in] NumberOfPages The number of pages from start memory
region.
@param[in] Flush Flush the caches before clearing the bit @param[in] Flush Flush the caches before clearing the bit
(mostly TRUE except MMIO addresses) (mostly TRUE except MMIO addresses)
@retval RETURN_SUCCESS The attributes were set for the memory region. @retval RETURN_SUCCESS The attributes were set for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not @retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not
supported supported

7
OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
View File

@ -7,8 +7,10 @@
# are licensed and made available under the terms and conditions of the BSD # are licensed and made available under the terms and conditions of the BSD
# License which accompanies this distribution. The full text of the license # License which accompanies this distribution. The full text of the license
# may be found at http://opensource.org/licenses/bsd-license.php # may be found at http://opensource.org/licenses/bsd-license.php
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
# IMPLIED.
# #
# #
## ##
@ -22,7 +24,8 @@
LIBRARY_CLASS = MemEncryptSevLib|PEIM DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER LIBRARY_CLASS = MemEncryptSevLib|PEIM DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build
# tools.
# #
# VALID_ARCHITECTURES = IA32 X64 # VALID_ARCHITECTURES = IA32 X64
# #

34
OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
View File

@ -4,10 +4,10 @@
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials are licensed and made available
are licensed and made available under the terms and conditions of the BSD under the terms and conditions of the BSD License which accompanies this
License which accompanies this distribution. The full text of the license may distribution. The full text of the license may be found at
be found at http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@ -25,14 +25,17 @@
This function clears memory encryption bit for the memory region specified This function clears memory encryption bit for the memory region specified
by BaseAddress and Number of pages from the current page table context. by BaseAddress and Number of pages from the current page table context.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use current CR3) @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use current
@param[in] BaseAddress The physical address that is the start address CR3)
of a memory region. @param[in] BaseAddress The physical address that is the start
@param[in] NumberOfPages The number of pages from start memory region. address of a memory region.
@param[in] NumberOfPages The number of pages from start memory
region.
@param[in] Flush Flush the caches before clearing the bit @param[in] Flush Flush the caches before clearing the bit
(mostly TRUE except MMIO addresses) (mostly TRUE except MMIO addresses)
@retval RETURN_SUCCESS The attributes were cleared for the memory region. @retval RETURN_SUCCESS The attributes were cleared for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not @retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not
supported supported
@ -56,14 +59,17 @@ MemEncryptSevClearPageEncMask (
This function sets memory encryption bit for the memory region specified by This function sets memory encryption bit for the memory region specified by
BaseAddress and Number of pages from the current page table context. BaseAddress and Number of pages from the current page table context.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use current CR3) @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use current
@param[in] BaseAddress The physical address that is the start address CR3)
of a memory region. @param[in] BaseAddress The physical address that is the start
@param[in] NumberOfPages The number of pages from start memory region. address of a memory region.
@param[in] NumberOfPages The number of pages from start memory
region.
@param[in] Flush Flush the caches before clearing the bit @param[in] Flush Flush the caches before clearing the bit
(mostly TRUE except MMIO addresses) (mostly TRUE except MMIO addresses)
@retval RETURN_SUCCESS The attributes were set for the memory region. @retval RETURN_SUCCESS The attributes were set for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not @retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not
supported supported

8
OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
View File

@ -4,10 +4,10 @@
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials are licensed and made available
are licensed and made available under the terms and conditions of the BSD under the terms and conditions of the BSD License which accompanies this
License which accompanies this distribution. The full text of the license may distribution. The full text of the license may be found at
be found at http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

58
OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c
View File

@ -4,10 +4,10 @@
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials are licensed and made available
are licensed and made available under the terms and conditions of the BSD under the terms and conditions of the BSD License which accompanies this
License which accompanies this distribution. The full text of the license may distribution. The full text of the license may be found at
be found at http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@ -28,18 +28,20 @@
This function clears memory encryption bit for the memory region specified by This function clears memory encryption bit for the memory region specified by
BaseAddress and Number of pages from the current page table context. BaseAddress and Number of pages from the current page table context.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use current CR3) @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
@param[in] BaseAddress The physical address that is the start address current CR3)
of a memory region. @param[in] BaseAddress The physical address that is the start
@param[in] NumberOfPages The number of pages from start memory region. address of a memory region.
@param[in] NumberOfPages The number of pages from start memory
region.
@param[in] Flush Flush the caches before clearing the bit @param[in] Flush Flush the caches before clearing the bit
(mostly TRUE except MMIO addresses) (mostly TRUE except MMIO addresses)
@retval RETURN_SUCCESS The attributes were cleared for the memory @retval RETURN_SUCCESS The attributes were cleared for the
region. memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing the memory encryption attribute is @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
not supported is not supported
**/ **/
RETURN_STATUS RETURN_STATUS
EFIAPI EFIAPI
@ -50,7 +52,12 @@ MemEncryptSevClearPageEncMask (
IN BOOLEAN Flush IN BOOLEAN Flush
) )
{ {
return InternalMemEncryptSevSetMemoryDecrypted (Cr3BaseAddress, BaseAddress, EFI_PAGES_TO_SIZE(NumPages), Flush); return InternalMemEncryptSevSetMemoryDecrypted (
Cr3BaseAddress,
BaseAddress,
EFI_PAGES_TO_SIZE (NumPages),
Flush
);
} }
/** /**
@ -58,18 +65,20 @@ MemEncryptSevClearPageEncMask (
This function clears memory encryption bit for the memory region specified by This function clears memory encryption bit for the memory region specified by
BaseAddress and Number of pages from the current page table context. BaseAddress and Number of pages from the current page table context.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use current CR3) @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
@param[in] BaseAddress The physical address that is the start address current CR3)
of a memory region. @param[in] BaseAddress The physical address that is the start
@param[in] NumberOfPages The number of pages from start memory region. address of a memory region.
@param[in] NumberOfPages The number of pages from start memory
region.
@param[in] Flush Flush the caches before clearing the bit @param[in] Flush Flush the caches before clearing the bit
(mostly TRUE except MMIO addresses) (mostly TRUE except MMIO addresses)
@retval RETURN_SUCCESS The attributes were cleared for the memory @retval RETURN_SUCCESS The attributes were cleared for the
region. memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing the memory encryption attribute is @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
not supported is not supported
**/ **/
RETURN_STATUS RETURN_STATUS
EFIAPI EFIAPI
@ -80,5 +89,10 @@ MemEncryptSevSetPageEncMask (
IN BOOLEAN Flush IN BOOLEAN Flush
) )
{ {
return InternalMemEncryptSevSetMemoryEncrypted (Cr3BaseAddress, BaseAddress, EFI_PAGES_TO_SIZE(NumPages), Flush); return InternalMemEncryptSevSetMemoryEncrypted (
Cr3BaseAddress,
BaseAddress,
EFI_PAGES_TO_SIZE (NumPages),
Flush
);
} }

158
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
View File

@ -2,18 +2,18 @@
Virtual Memory Management Services to set or clear the memory encryption bit Virtual Memory Management Services to set or clear the memory encryption bit
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials are licensed and made available
are licensed and made available under the terms and conditions of the BSD License under the terms and conditions of the BSD License which accompanies this
which accompanies this distribution. The full text of the license may be found at distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
**/ **/
@ -69,11 +69,12 @@ GetMemEncryptionAddressMask (
To reduce the potential split operation on page table, the pages reserved for To reduce the potential split operation on page table, the pages reserved for
page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and
at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always
initialized with number of pages greater than or equal to the given PoolPages. initialized with number of pages greater than or equal to the given
PoolPages.
Once the pages in the pool are used up, this method should be called again to Once the pages in the pool are used up, this method should be called again to
reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't happen reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't
often in practice. happen often in practice.
@param[in] PoolPages The least page number of the pool to be created. @param[in] PoolPages The least page number of the pool to be created.
@ -183,7 +184,8 @@ AllocatePageTableMemory (
/** /**
Split 2M page to 4K. Split 2M page to 4K.
@param[in] PhysicalAddress Start physical address the 2M page covered. @param[in] PhysicalAddress Start physical address the 2M page
covered.
@param[in, out] PageEntry2M Pointer to 2M page entry. @param[in, out] PageEntry2M Pointer to 2M page entry.
@param[in] StackBase Stack base address. @param[in] StackBase Stack base address.
@param[in] StackSize Stack size. @param[in] StackSize Stack size.
@ -213,14 +215,19 @@ Split2MPageTo4K (
ASSERT (*PageEntry2M & AddressEncMask); ASSERT (*PageEntry2M & AddressEncMask);
PhysicalAddress4K = PhysicalAddress; PhysicalAddress4K = PhysicalAddress;
for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) { for (IndexOfPageTableEntries = 0;
IndexOfPageTableEntries < 512;
(IndexOfPageTableEntries++,
PageTableEntry++,
PhysicalAddress4K += SIZE_4KB)) {
// //
// Fill in the Page Table entries // Fill in the Page Table entries
// //
PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask; PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask;
PageTableEntry->Bits.ReadWrite = 1; PageTableEntry->Bits.ReadWrite = 1;
PageTableEntry->Bits.Present = 1; PageTableEntry->Bits.Present = 1;
if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase + StackSize)) { if ((PhysicalAddress4K >= StackBase) &&
(PhysicalAddress4K < StackBase + StackSize)) {
// //
// Set Nx bit for stack. // Set Nx bit for stack.
// //
@ -231,7 +238,8 @@ Split2MPageTo4K (
// //
// Fill in 2M page entry. // Fill in 2M page entry.
// //
*PageEntry2M = (UINT64) (UINTN) PageTableEntry1 | IA32_PG_P | IA32_PG_RW | AddressEncMask; *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
IA32_PG_P | IA32_PG_RW | AddressEncMask);
} }
/** /**
@ -391,9 +399,9 @@ EnablePageTableProtection (
PoolSize = Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages); PoolSize = Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages);
// //
// The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE, which // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE,
// is one of page size of the processor (2MB by default). Let's apply the // which is one of page size of the processor (2MB by default). Let's apply
// protection to them one by one. // the protection to them one by one.
// //
while (PoolSize > 0) { while (PoolSize > 0) {
SetPageTablePoolReadOnly(PageTableBase, Address, Level4Paging); SetPageTablePoolReadOnly(PageTableBase, Address, Level4Paging);
@ -410,7 +418,8 @@ EnablePageTableProtection (
/** /**
Split 1G page to 2M. Split 1G page to 2M.
@param[in] PhysicalAddress Start physical address the 1G page covered. @param[in] PhysicalAddress Start physical address the 1G page
covered.
@param[in, out] PageEntry1G Pointer to 1G page entry. @param[in, out] PageEntry1G Pointer to 1G page entry.
@param[in] StackBase Stack base address. @param[in] StackBase Stack base address.
@param[in] StackSize Stack size. @param[in] StackSize Stack size.
@ -438,15 +447,26 @@ Split1GPageTo2M (
// //
// Fill in 1G page entry. // Fill in 1G page entry.
// //
*PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_PG_RW | AddressEncMask; *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
IA32_PG_P | IA32_PG_RW | AddressEncMask);
PhysicalAddress2M = PhysicalAddress; PhysicalAddress2M = PhysicalAddress;
for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) { for (IndexOfPageDirectoryEntries = 0;
if ((PhysicalAddress2M < StackBase + StackSize) && ((PhysicalAddress2M + SIZE_2MB) > StackBase)) { IndexOfPageDirectoryEntries < 512;
(IndexOfPageDirectoryEntries++,
PageDirectoryEntry++,
PhysicalAddress2M += SIZE_2MB)) {
if ((PhysicalAddress2M < StackBase + StackSize) &&
((PhysicalAddress2M + SIZE_2MB) > StackBase)) {
// //
// Need to split this 2M page that covers stack range. // Need to split this 2M page that covers stack range.
// //
Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize); Split2MPageTo4K (
PhysicalAddress2M,
(UINT64 *)PageDirectoryEntry,
StackBase,
StackSize
);
} else { } else {
// //
// Fill in the Page Directory entries // Fill in the Page Directory entries
@ -527,8 +547,9 @@ EnableReadOnlyPageWriteProtect (
/** /**
This function either sets or clears memory encryption bit for the memory region This function either sets or clears memory encryption bit for the memory
specified by PhysicalAddress and length from the current page table context. region specified by PhysicalAddress and length from the current page table
context.
The function iterates through the physicalAddress one page at a time, and set The function iterates through the physicalAddress one page at a time, and set
or clears the memory encryption mask in the page table. If it encounters or clears the memory encryption mask in the page table. If it encounters
@ -544,11 +565,11 @@ EnableReadOnlyPageWriteProtect (
@param[in] Flush Flush the caches before applying the @param[in] Flush Flush the caches before applying the
encryption mask encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory @retval RETURN_SUCCESS The attributes were cleared for the
region. memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
not supported is not supported
**/ **/
STATIC STATIC
@ -601,8 +622,8 @@ SetMemoryEncDec (
// //
// We are going to change the memory encryption attribute from C=0 -> C=1 or // We are going to change the memory encryption attribute from C=0 -> C=1 or
// vice versa Flush the caches to ensure that data is written into memory with // vice versa Flush the caches to ensure that data is written into memory
// correct C-bit // with correct C-bit
// //
if (CacheFlush) { if (CacheFlush) {
WriteBackInvalidateDataCacheRange((VOID*) (UINTN)PhysicalAddress, Length); WriteBackInvalidateDataCacheRange((VOID*) (UINTN)PhysicalAddress, Length);
@ -641,7 +662,10 @@ SetMemoryEncDec (
goto Done; goto Done;
} }
PageDirectory1GEntry = (VOID*) ((PageMapLevel4Entry->Bits.PageTableBaseAddress<<12) & ~PgTableMask); PageDirectory1GEntry = (VOID *)(
(PageMapLevel4Entry->Bits.PageTableBaseAddress <<
12) & ~PgTableMask
);
PageDirectory1GEntry += PDP_OFFSET(PhysicalAddress); PageDirectory1GEntry += PDP_OFFSET(PhysicalAddress);
if (!PageDirectory1GEntry->Bits.Present) { if (!PageDirectory1GEntry->Bits.Present) {
DEBUG (( DEBUG ((
@ -685,15 +709,25 @@ SetMemoryEncDec (
__FUNCTION__, __FUNCTION__,
PhysicalAddress PhysicalAddress
)); ));
Split1GPageTo2M(((UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress)<<30, (UINT64*) PageDirectory1GEntry, 0, 0); Split1GPageTo2M (
(UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30,
(UINT64 *)PageDirectory1GEntry,
0,
0
);
continue; continue;
} }
} else { } else {
// //
// Actually a PDP // Actually a PDP
// //
PageUpperDirectoryPointerEntry = (PAGE_MAP_AND_DIRECTORY_POINTER*) PageDirectory1GEntry; PageUpperDirectoryPointerEntry =
PageDirectory2MEntry = (VOID*) ((PageUpperDirectoryPointerEntry->Bits.PageTableBaseAddress<<12) & ~PgTableMask); (PAGE_MAP_AND_DIRECTORY_POINTER *)PageDirectory1GEntry;
PageDirectory2MEntry =
(VOID *)(
(PageUpperDirectoryPointerEntry->Bits.PageTableBaseAddress <<
12) & ~PgTableMask
);
PageDirectory2MEntry += PDE_OFFSET(PhysicalAddress); PageDirectory2MEntry += PDE_OFFSET(PhysicalAddress);
if (!PageDirectory2MEntry->Bits.Present) { if (!PageDirectory2MEntry->Bits.Present) {
DEBUG (( DEBUG ((
@ -729,12 +763,22 @@ SetMemoryEncDec (
__FUNCTION__, __FUNCTION__,
PhysicalAddress PhysicalAddress
)); ));
Split2MPageTo4K (((UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress) << 21, (UINT64*) PageDirectory2MEntry, 0, 0); Split2MPageTo4K (
(UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21,
(UINT64 *)PageDirectory2MEntry,
0,
0
);
continue; continue;
} }
} else { } else {
PageDirectoryPointerEntry = (PAGE_MAP_AND_DIRECTORY_POINTER*) PageDirectory2MEntry; PageDirectoryPointerEntry =
PageTableEntry = (VOID*) (PageDirectoryPointerEntry->Bits.PageTableBaseAddress<<12 & ~PgTableMask); (PAGE_MAP_AND_DIRECTORY_POINTER *)PageDirectory2MEntry;
PageTableEntry =
(VOID *)(
(PageDirectoryPointerEntry->Bits.PageTableBaseAddress <<
12) & ~PgTableMask
);
PageTableEntry += PTE_OFFSET(PhysicalAddress); PageTableEntry += PTE_OFFSET(PhysicalAddress);
if (!PageTableEntry->Bits.Present) { if (!PageTableEntry->Bits.Present) {
DEBUG (( DEBUG ((
@ -788,11 +832,11 @@ Done:
@param[in] Flush Flush the caches before applying the @param[in] Flush Flush the caches before applying the
encryption mask encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory @retval RETURN_SUCCESS The attributes were cleared for the
region. memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
not supported is not supported
**/ **/
RETURN_STATUS RETURN_STATUS
EFIAPI EFIAPI
@ -804,24 +848,30 @@ InternalMemEncryptSevSetMemoryDecrypted (
) )
{ {
return SetMemoryEncDec (Cr3BaseAddress, PhysicalAddress, Length, ClearCBit, Flush); return SetMemoryEncDec (
Cr3BaseAddress,
PhysicalAddress,
Length,
ClearCBit,
Flush
);
} }
/** /**
This function sets memory encryption bit for the memory region specified by This function sets memory encryption bit for the memory region specified by
PhysicalAddress and length from the current page table context. PhysicalAddress and length from the current page table context.
@param[in] PhysicalAddress The physical address that is the start address @param[in] PhysicalAddress The physical address that is the start
of a memory region. address of a memory region.
@param[in] Length The length of memory region @param[in] Length The length of memory region
@param[in] Flush Flush the caches before applying the @param[in] Flush Flush the caches before applying the
encryption mask encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory @retval RETURN_SUCCESS The attributes were cleared for the
region. memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
not supported is not supported
**/ **/
RETURN_STATUS RETURN_STATUS
EFIAPI EFIAPI
@ -832,5 +882,11 @@ InternalMemEncryptSevSetMemoryEncrypted (
IN BOOLEAN Flush IN BOOLEAN Flush
) )
{ {
return SetMemoryEncDec (Cr3BaseAddress, PhysicalAddress, Length, SetCBit, Flush); return SetMemoryEncDec (
Cr3BaseAddress,
PhysicalAddress,
Length,
SetCBit,
Flush
);
} }

111
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h
View File

@ -2,18 +2,18 @@
Virtual Memory Management Services to set or clear the memory encryption bit Virtual Memory Management Services to set or clear the memory encryption bit
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials are licensed and made available
are licensed and made available under the terms and conditions of the BSD License under the terms and conditions of the BSD License which accompanies this
which accompanies this distribution. The full text of the license may be found at distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
**/ **/
@ -38,12 +38,15 @@ Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
typedef union { typedef union {
struct { struct {
UINT64 Present:1; // 0 = Not present in memory, 1 = Present in memory UINT64 Present:1; // 0 = Not present in memory,
// 1 = Present in memory
UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write
UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User
UINT64 WriteThrough:1; // 0 = Write-Back caching, 1=Write-Through caching UINT64 WriteThrough:1; // 0 = Write-Back caching,
// 1 = Write-Through caching
UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached
UINT64 Accessed:1; // 0 = Not accessed, 1 = Accessed (set by CPU) UINT64 Accessed:1; // 0 = Not accessed,
// 1 = Accessed (set by CPU)
UINT64 Reserved:1; // Reserved UINT64 Reserved:1; // Reserved
UINT64 MustBeZero:2; // Must Be Zero UINT64 MustBeZero:2; // Must Be Zero
UINT64 Available:3; // Available for use by system software UINT64 Available:3; // Available for use by system software
@ -59,19 +62,25 @@ typedef union {
// //
typedef union { typedef union {
struct { struct {
UINT64 Present:1; // 0 = Not present in memory, 1 = Present in memory UINT64 Present:1; // 0 = Not present in memory,
// 1 = Present in memory
UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write
UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User
UINT64 WriteThrough:1; // 0 = Write-Back caching, 1=Write-Through caching UINT64 WriteThrough:1; // 0 = Write-Back caching,
// 1 = Write-Through caching
UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached
UINT64 Accessed:1; // 0 = Not accessed, 1 = Accessed (set by CPU) UINT64 Accessed:1; // 0 = Not accessed,
UINT64 Dirty:1; // 0 = Not Dirty, 1 = written by processor on access to page // 1 = Accessed (set by CPU)
UINT64 Dirty:1; // 0 = Not Dirty, 1 = written by
// processor on access to page
UINT64 PAT:1; // UINT64 PAT:1; //
UINT64 Global:1; // 0 = Not global page, 1 = global page TLB not cleared on CR3 write UINT64 Global:1; // 0 = Not global page, 1 = global page
// TLB not cleared on CR3 write
UINT64 Available:3; // Available for use by system software UINT64 Available:3; // Available for use by system software
UINT64 PageTableBaseAddress:40; // Page Table Base Address UINT64 PageTableBaseAddress:40; // Page Table Base Address
UINT64 AvabilableHigh:11; // Available for use by system software UINT64 AvabilableHigh:11; // Available for use by system software
UINT64 Nx:1; // 0 = Execute Code, 1 = No Code Execution UINT64 Nx:1; // 0 = Execute Code,
// 1 = No Code Execution
} Bits; } Bits;
UINT64 Uint64; UINT64 Uint64;
} PAGE_TABLE_4K_ENTRY; } PAGE_TABLE_4K_ENTRY;
@ -81,21 +90,27 @@ typedef union {
// //
typedef union { typedef union {
struct { struct {
UINT64 Present:1; // 0 = Not present in memory, 1 = Present in memory UINT64 Present:1; // 0 = Not present in memory,
// 1 = Present in memory
UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write
UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User
UINT64 WriteThrough:1; // 0 = Write-Back caching, 1=Write-Through caching UINT64 WriteThrough:1; // 0 = Write-Back caching,
// 1=Write-Through caching
UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached
UINT64 Accessed:1; // 0 = Not accessed, 1 = Accessed (set by CPU) UINT64 Accessed:1; // 0 = Not accessed,
UINT64 Dirty:1; // 0 = Not Dirty, 1 = written by processor on access to page // 1 = Accessed (set by CPU)
UINT64 Dirty:1; // 0 = Not Dirty, 1 = written by
// processor on access to page
UINT64 MustBe1:1; // Must be 1 UINT64 MustBe1:1; // Must be 1
UINT64 Global:1; // 0 = Not global page, 1 = global page TLB not cleared on CR3 write UINT64 Global:1; // 0 = Not global page, 1 = global page
// TLB not cleared on CR3 write
UINT64 Available:3; // Available for use by system software UINT64 Available:3; // Available for use by system software
UINT64 PAT:1; // UINT64 PAT:1; //
UINT64 MustBeZero:8; // Must be zero; UINT64 MustBeZero:8; // Must be zero;
UINT64 PageTableBaseAddress:31; // Page Table Base Address UINT64 PageTableBaseAddress:31; // Page Table Base Address
UINT64 AvabilableHigh:11; // Available for use by system software UINT64 AvabilableHigh:11; // Available for use by system software
UINT64 Nx:1; // 0 = Execute Code, 1 = No Code Execution UINT64 Nx:1; // 0 = Execute Code,
// 1 = No Code Execution
} Bits; } Bits;
UINT64 Uint64; UINT64 Uint64;
} PAGE_TABLE_ENTRY; } PAGE_TABLE_ENTRY;
@ -105,21 +120,27 @@ typedef union {
// //
typedef union { typedef union {
struct { struct {
UINT64 Present:1; // 0 = Not present in memory, 1 = Present in memory UINT64 Present:1; // 0 = Not present in memory,
// 1 = Present in memory
UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write UINT64 ReadWrite:1; // 0 = Read-Only, 1= Read/Write
UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User UINT64 UserSupervisor:1; // 0 = Supervisor, 1=User
UINT64 WriteThrough:1; // 0 = Write-Back caching, 1=Write-Through caching UINT64 WriteThrough:1; // 0 = Write-Back caching,
// 1 = Write-Through caching
UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached UINT64 CacheDisabled:1; // 0 = Cached, 1=Non-Cached
UINT64 Accessed:1; // 0 = Not accessed, 1 = Accessed (set by CPU) UINT64 Accessed:1; // 0 = Not accessed,
UINT64 Dirty:1; // 0 = Not Dirty, 1 = written by processor on access to page // 1 = Accessed (set by CPU)
UINT64 Dirty:1; // 0 = Not Dirty, 1 = written by
// processor on access to page
UINT64 MustBe1:1; // Must be 1 UINT64 MustBe1:1; // Must be 1
UINT64 Global:1; // 0 = Not global page, 1 = global page TLB not cleared on CR3 write UINT64 Global:1; // 0 = Not global page, 1 = global page
// TLB not cleared on CR3 write
UINT64 Available:3; // Available for use by system software UINT64 Available:3; // Available for use by system software
UINT64 PAT:1; // UINT64 PAT:1; //
UINT64 MustBeZero:17; // Must be zero; UINT64 MustBeZero:17; // Must be zero;
UINT64 PageTableBaseAddress:22; // Page Table Base Address UINT64 PageTableBaseAddress:22; // Page Table Base Address
UINT64 AvabilableHigh:11; // Available for use by system software UINT64 AvabilableHigh:11; // Available for use by system software
UINT64 Nx:1; // 0 = Execute Code, 1 = No Code Execution UINT64 Nx:1; // 0 = Execute Code,
// 1 = No Code Execution
} Bits; } Bits;
UINT64 Uint64; UINT64 Uint64;
} PAGE_TABLE_1G_ENTRY; } PAGE_TABLE_1G_ENTRY;
@ -152,7 +173,8 @@ typedef union {
#define PAGE_TABLE_POOL_ALIGNMENT BASE_2MB #define PAGE_TABLE_POOL_ALIGNMENT BASE_2MB
#define PAGE_TABLE_POOL_UNIT_SIZE SIZE_2MB #define PAGE_TABLE_POOL_UNIT_SIZE SIZE_2MB
#define PAGE_TABLE_POOL_UNIT_PAGES EFI_SIZE_TO_PAGES (PAGE_TABLE_POOL_UNIT_SIZE) #define PAGE_TABLE_POOL_UNIT_PAGES \
EFI_SIZE_TO_PAGES (PAGE_TABLE_POOL_UNIT_SIZE)
#define PAGE_TABLE_POOL_ALIGN_MASK \ #define PAGE_TABLE_POOL_ALIGN_MASK \
(~(EFI_PHYSICAL_ADDRESS)(PAGE_TABLE_POOL_ALIGNMENT - 1)) (~(EFI_PHYSICAL_ADDRESS)(PAGE_TABLE_POOL_ALIGNMENT - 1))
@ -165,16 +187,20 @@ typedef struct {
/** /**
This function clears memory encryption bit for the memory region specified by PhysicalAddress This function clears memory encryption bit for the memory region specified by
and length from the current page table context. PhysicalAddress and length from the current page table context.
@param[in] PhysicalAddress The physical address that is the start address of a memory region. @param[in] PhysicalAddress The physical address that is the start
address of a memory region.
@param[in] Length The length of memory region @param[in] Length The length of memory region
@param[in] Flush Flush the caches before applying the encryption mask @param[in] Flush Flush the caches before applying the
encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory region. @retval RETURN_SUCCESS The attributes were cleared for the
memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is not supported @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
is not supported
**/ **/
RETURN_STATUS RETURN_STATUS
EFIAPI EFIAPI
@ -189,16 +215,17 @@ InternalMemEncryptSevSetMemoryDecrypted (
This function sets memory encryption bit for the memory region specified by This function sets memory encryption bit for the memory region specified by
PhysicalAddress and length from the current page table context. PhysicalAddress and length from the current page table context.
@param[in] PhysicalAddress The physical address that is the start address @param[in] PhysicalAddress The physical address that is the start
of a memory region. address of a memory region.
@param[in] Length The length of memory region @param[in] Length The length of memory region
@param[in] Flush Flush the caches before applying the @param[in] Flush Flush the caches before applying the
encryption mask encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory region. @retval RETURN_SUCCESS The attributes were cleared for the
memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
not supported is not supported
**/ **/
RETURN_STATUS RETURN_STATUS
EFIAPI EFIAPI