SEV guest VMs have the concept of private and shared memory. Private
memory is encrypted with the guest-specific key, while shared memory
may be encrypted with hypervisor key. Certain types of memory (namely
instruction pages and guest page tables) are always treated as private
memory by the hardware. The C-bit in PTE indicate whether the page is
private or shared. The C-bit position for the PTE can be obtained from
CPUID Fn8000_001F[EBX].
When SEV is active, the BIOS is encrypted by the Qemu launch sequence,
we must set the C-bit when building the page table.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Currently, the value of the page tables' address is hard-coded in the
ResetVector. This patch replaces these values with a PCD dependency.
A check for the size has been added to alert the developer to rewrite
the ASM according to the new size, if it has been changed.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Remove the ResetVector.asm file as it is no longer referenced since
the switch to ResetVector.nasmb.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Using NASM we build OVMF's ResetVector as part of the EDK II build
process.
v2:
* Use EDK II extension of .nasmb rather than .nasmbin
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15823 6f19259b-4bc3-4df7-8a09-765794883524
To help consolidate OVMF fixed memory uses, we declare this
range in MEMFD and thereby move it to 8MB.
We also now declare the table range in the FDF to set
PCDs. This allows us to ASSERT that CR3 is set as expected
in OVMF SEC.
OvmfPkgIa32.fdf and OvmfPkgIa32X64.fdf are updated simply
for consistency.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15146 6f19259b-4bc3-4df7-8a09-765794883524
In UEFI X64 we use other mechanisms to disable caching.
(CD/NW in CR0 and MTRRs.)
This fixes a slow boot issue with SVM.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14716 6f19259b-4bc3-4df7-8a09-765794883524
KVM has a bug that prevents using page tables in the ROM if the ROM
region utilizes the KVM READONLY memory feature. Therefore, we
avoid using page tables stored in the ROM.
Since OVMF doesn't require memory initialization, we just build
page table entries in RAM at 0x80000 very early in the OVMF boot
process. This address is just after the 'temp RAM' which is set
up by the SEC module.
Currently we only set up 4GB of page tables for OVMF's PEI,
but DxeIpl will build identity mapped page tables that cover all
of the available processor physical address space.
Reported-by: Gary Ching-Pang Lin <glin@suse.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14715 6f19259b-4bc3-4df7-8a09-765794883524
In some environments, the accessed bit should be set to allow the
global descriptor table (GDT) to reside in unmodifiable flash
memory.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9675 6f19259b-4bc3-4df7-8a09-765794883524
Previously it was:
ESI/RSI - SEC Core entry point
EDI/RDI - PEI Core entry point
EBP/RBP - Start of BFV
Now it is:
RAX/EAX Initial value of the EAX register
(BIST: Built-in Self Test)
DI 'BP': boot-strap processor, or
'AP': application processor
RBP/EBP Address of Boot Firmware Volume (BFV)
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9571 6f19259b-4bc3-4df7-8a09-765794883524
Previously the code would expect that the PE32 image was in the
first section of the FFS file. This might not be the case if the
PE32 section is forced to be aligned.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9331 6f19259b-4bc3-4df7-8a09-765794883524
Brijesh Singh
Marvin Häuser
Jordan Justen
Laszlo Ersek
geekboy15a
jljusten