diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 5955866178..689bfb376d 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -4,12 +4,13 @@
in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when SEV
is enabled.
- Copyright (c) 2017, AMD Inc. All rights reserved.
+ Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
+#include
#include
#include
#include
@@ -65,6 +66,23 @@ AmdSevDxeEntryPoint (
FreePool (AllDescMap);
}
+ //
+ // If PCI Express is enabled, the MMCONFIG area has been reserved, rather
+ // than marked as MMIO, and so the C-bit won't be cleared by the above walk
+ // through the GCD map. Check for the MMCONFIG area and clear the C-bit for
+ // the range.
+ //
+ if (PcdGet16 (PcdOvmfHostBridgePciDevId) == INTEL_Q35_MCH_DEVICE_ID) {
+ Status = MemEncryptSevClearPageEncMask (
+ 0,
+ FixedPcdGet64 (PcdPciExpressBaseAddress),
+ EFI_SIZE_TO_PAGES (SIZE_256MB),
+ FALSE
+ );
+
+ ASSERT_EFI_ERROR (Status);
+ }
+
//
// When SMM is enabled, clear the C-bit from SMM Saved State Area
//
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index dd9ecc789a..0676fcc5b6 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -2,7 +2,7 @@
#
# Driver clears the encryption attribute from MMIO regions when SEV is enabled
#
-# Copyright (c) 2017, AMD Inc. All rights reserved.
+# Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -39,3 +39,9 @@
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
+
+[FixedPcd]
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId