diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 340d83f794..deb285fd62 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -350,6 +350,13 @@ gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset|0|UINT32|0x56 gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize|0|UINT32|0x57 + ## The base address and size of the SEV-SNP Secrets Area that contains + # the VM platform communication key used to send and recieve the + # messages to the PSP. If this is set in the .fdf, the platform + # is responsible to reserve this area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x58 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x59 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index b6cc3cabdd..1313c7f016 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvm 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf index 320e5f2c65..fcbc25d0ce 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -59,3 +59,5 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb index d847794fea..4e685ef236 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -103,6 +103,8 @@ %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) + %define SEV_SNP_SECRETS_BASE (FixedPcdGet32 (PcdOvmfSnpSecretsBase)) + %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize)) %include "X64/IntelTdxMetadata.asm" %include "Ia32/Flat32ToFlat64.asm" diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm index 9d8c3e8194..2bc7790bd8 100644 --- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm +++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm @@ -14,6 +14,9 @@ BITS 64 ; The section must be accepted or validated by the VMM before the boot %define OVMF_SECTION_TYPE_SNP_SEC_MEM 0x1 +; AMD SEV-SNP specific sections +%define OVMF_SECTION_TYPE_SNP_SECRETS 0x2 + ALIGN 16 TIMES (15 - ((OvmfSevGuidedStructureEnd - OvmfSevGuidedStructureStart + 15) % 16)) DB 0 @@ -30,5 +33,11 @@ _DescriptorSev: DD OVMF_SEV_METADATA_VERSION ; Version DD (OvmfSevGuidedStructureEnd - _DescriptorSev - 16) / 12 ; Number of sections +; SEV-SNP Secrets page +SevSnpSecrets: + DD SEV_SNP_SECRETS_BASE + DD SEV_SNP_SECRETS_SIZE + DD OVMF_SECTION_TYPE_SNP_SECRETS + OvmfSevGuidedStructureEnd: ALIGN 16