mirror of https://github.com/acidanthera/audk.git
0731236fc1
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Protect the SEV-ES work area memory used by an SEV-ES guest. Regarding the lifecycle of the SEV-ES memory area: PcdSevEsWorkArea (a) when and how it is initialized after first boot of the VM If SEV-ES is enabled, the SEV-ES area is initialized during the SEC phase [OvmfPkg/ResetVector/Ia32/PageTables64.asm]. (b) how it is protected from memory allocations during DXE If SEV-ES is enabled, then InitializeRamRegions() [OvmfPkg/PlatformPei/MemDetect.c] protects the ranges with either an AcpiNVS (S3 enabled) or BootServicesData (S3 disabled) memory allocation HOB, in PEI. (c) how it is protected from the OS If S3 is enabled, then (b) reserves it from the OS too. If S3 is disabled, then the range needs no protection. (d) how it is accessed on the S3 resume path It is rewritten same as in (a), which is fine because (b) reserved it. (e) how it is accessed on the warm reset path It is rewritten same as in (a). Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Julien Grall <julien@xen.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com> |
||
|---|---|---|
| .. | ||
| AmdSev.c | ||
| ClearCache.c | ||
| Cmos.c | ||
| Cmos.h | ||
| FeatureControl.c | ||
| Fv.c | ||
| MemDetect.c | ||
| MemTypeInfo.c | ||
| Platform.c | ||
| Platform.h | ||
| PlatformPei.inf | ||
| Xen.c | ||
| Xen.h | ||