mirror of https://github.com/acidanthera/audk.git
OvmfPkg/ResetVector: update SEV support to use new work area format
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 Update the SEV support to switch to using the newer work area format. Cc: James Bottomley <jejb@linux.ibm.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Erdem Aktas <erdemaktas@google.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
parent
80e67af9af
commit
ab77b6031b
|
@ -171,6 +171,9 @@ CheckSevFeatures:
|
|||
bt eax, 0
|
||||
jnc NoSev
|
||||
|
||||
; Set the work area header to indicate that the SEV is enabled
|
||||
mov byte[WORK_AREA_GUEST_TYPE], 1
|
||||
|
||||
; Check for SEV-ES memory encryption feature:
|
||||
; CPUID Fn8000_001F[EAX] - Bit 3
|
||||
; CPUID raises a #VC exception if running as an SEV-ES guest
|
||||
|
@ -257,6 +260,11 @@ SevExit:
|
|||
IsSevEsEnabled:
|
||||
xor eax, eax
|
||||
|
||||
; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set
|
||||
; to 1 if SEV is enabled.
|
||||
cmp byte[WORK_AREA_GUEST_TYPE], 1
|
||||
jne SevEsDisabled
|
||||
|
||||
; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if
|
||||
; SEV-ES is enabled.
|
||||
cmp byte[SEV_ES_WORK_AREA], 1
|
||||
|
|
|
@ -42,6 +42,10 @@ BITS 32
|
|||
;
|
||||
SetCr3ForPageTables64:
|
||||
|
||||
; Clear the WorkArea header. The SEV probe routines will populate the
|
||||
; work area when detected.
|
||||
mov byte[WORK_AREA_GUEST_TYPE], 0
|
||||
|
||||
OneTimeCall CheckSevFeatures
|
||||
xor edx, edx
|
||||
test eax, eax
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
|
||||
|
||||
[FixedPcd]
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
|
||||
|
|
|
@ -72,6 +72,7 @@
|
|||
%define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase))
|
||||
%define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase))
|
||||
%define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize))
|
||||
%define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase))
|
||||
%define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase))
|
||||
%define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8)
|
||||
%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16)
|
||||
|
|
|
@ -807,6 +807,36 @@ SevEsProtocolCheck (
|
|||
Ghcb->GhcbUsage = GHCB_STANDARD_USAGE;
|
||||
}
|
||||
|
||||
/**
|
||||
Determine if the SEV is active.
|
||||
|
||||
During the early booting, GuestType is set in the work area. Verify that it
|
||||
is an SEV guest.
|
||||
|
||||
@retval TRUE SEV is enabled
|
||||
@retval FALSE SEV is not enabled
|
||||
|
||||
**/
|
||||
STATIC
|
||||
BOOLEAN
|
||||
IsSevGuest (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
OVMF_WORK_AREA *WorkArea;
|
||||
|
||||
//
|
||||
// Ensure that the size of the Confidential Computing work area header
|
||||
// is same as what is provided through a fixed PCD.
|
||||
//
|
||||
ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) ==
|
||||
sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER));
|
||||
|
||||
WorkArea = (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
|
||||
|
||||
return ((WorkArea != NULL) && (WorkArea->Header.GuestType == GUEST_TYPE_AMD_SEV));
|
||||
}
|
||||
|
||||
/**
|
||||
Determine if SEV-ES is active.
|
||||
|
||||
|
@ -826,9 +856,13 @@ SevEsIsEnabled (
|
|||
{
|
||||
SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
|
||||
|
||||
if (!IsSevGuest()) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
|
||||
|
||||
return ((SevEsWorkArea != NULL) && (SevEsWorkArea->SevEsEnabled != 0));
|
||||
return (SevEsWorkArea->SevEsEnabled != 0);
|
||||
}
|
||||
|
||||
VOID
|
||||
|
|
|
@ -70,6 +70,8 @@
|
|||
gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
|
||||
|
||||
[FeaturePcd]
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
|
||||
|
|
Loading…
Reference in New Issue