mirror of https://github.com/acidanthera/audk.git
13b5d743c8
Secure Encrypted Virtualization (SEV) guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. For data memory, SEV guest VMs can choose which pages they would like to be private. The choice is done using the standard CPU page tables using the C-bit. When building the initial page table we mark all the memory as private. The patch sets the memory encryption PCD. The PCD is consumed by the following edk2 modules, which manipulate page tables: - PEI phase modules: CapsulePei, DxeIplPeim, S3Resume2Pei. CapsulePei is not used by OVMF. DxeIplPeim consumes the PCD at the end of the PEI phase, when it builds the initial page tables for the DXE core / DXE phase. S3Resume2Pei does not consume the PCD in its entry point function, only when DxeIplPeim branches to the S3 resume path at the end of the PEI phase, and calls S3Resume2Pei's EFI_PEI_S3_RESUME2_PPI.S3RestoreConfig2() member function. Therefore it is safe to set the PCD for these modules in PlatformPei. - DXE phase modules: BootScriptExecutorDxe, CpuDxe, PiSmmCpuDxeSmm. They are all dispatched after the PEI phase, so setting the PCD for them in PlatformPei is safe. (BootScriptExecutorDxe is launched "for real" in the PEI phase during S3 resume, but it caches the PCD into a static variable when its entry point is originally invoked in DXE.) Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> |
||
|---|---|---|
| AppPkg | ||
| ArmPkg | ||
| ArmPlatformPkg | ||
| ArmVirtPkg | ||
| BaseTools | ||
| BeagleBoardPkg | ||
| Conf | ||
| CorebootModulePkg | ||
| CorebootPayloadPkg | ||
| CryptoPkg | ||
| DuetPkg | ||
| EdkCompatibilityPkg | ||
| EdkShellBinPkg | ||
| EdkShellPkg | ||
| EmbeddedPkg | ||
| EmulatorPkg | ||
| FatBinPkg | ||
| FatPkg | ||
| IntelFrameworkModulePkg | ||
| IntelFrameworkPkg | ||
| IntelFsp2Pkg | ||
| IntelFsp2WrapperPkg | ||
| IntelFspPkg | ||
| IntelFspWrapperPkg | ||
| IntelSiliconPkg | ||
| MdeModulePkg | ||
| MdePkg | ||
| NetworkPkg | ||
| Nt32Pkg | ||
| Omap35xxPkg | ||
| OptionRomPkg | ||
| OvmfPkg | ||
| PcAtChipsetPkg | ||
| PerformancePkg | ||
| QuarkPlatformPkg | ||
| QuarkSocPkg | ||
| SecurityPkg | ||
| ShellBinPkg | ||
| ShellPkg | ||
| SignedCapsulePkg | ||
| SourceLevelDebugPkg | ||
| StdLib | ||
| StdLibPrivateInternalFiles | ||
| UefiCpuPkg | ||
| UnixPkg | ||
| Vlv2DeviceRefCodePkg | ||
| Vlv2TbltDevicePkg | ||
| .gitignore | ||
| BuildNotes2.txt | ||
| Edk2Setup.bat | ||
| Maintainers.txt | ||
| edksetup.bat | ||
| edksetup.sh | ||