mirror of https://github.com/acidanthera/audk.git
300aae1180
When OVMF runs in a SEV guest, the initial SMM Save State Map is
(1) allocated as EfiBootServicesData type memory in OvmfPkg/PlatformPei,
function AmdSevInitialize(), for preventing unintended information
sharing with the hypervisor;
(2) decrypted in AmdSevDxe;
(3) re-encrypted in OvmfPkg/Library/SmmCpuFeaturesLib, function
SmmCpuFeaturesSmmRelocationComplete(), which is called by
PiSmmCpuDxeSmm right after initial SMBASE relocation;
(4) released to DXE at the same location.
The SMRAM at the default SMBASE is a superset of the initial Save State
Map. The reserved memory allocation in InitializeRamRegions(), from the
previous patch, must override the allocating and freeing in (1) and (4),
respectively. (Note: the decrypting and re-encrypting in (2) and (3) are
unaffected.)
In AmdSevInitialize(), only assert the containment of the initial Save
State Map, in the larger area already allocated by InitializeRamRegions().
In SmmCpuFeaturesSmmRelocationComplete(), preserve the allocation of the
initial Save State Map into OS runtime, as part of the allocation done by
InitializeRamRegions(). Only assert containment.
These changes only affect the normal boot path (the UEFI memory map is
untouched during S3 resume).
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1512
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Message-Id: <20200129214412.2361-9-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||
|---|---|---|
| .. | ||
| AcpiTimerLib | ||
| BaseMemEncryptSevLib | ||
| BasePciCapLib | ||
| BasePciCapPciSegmentLib | ||
| DxePciLibI440FxQ35 | ||
| EmuVariableFvbLib | ||
| LoadLinuxLib | ||
| LockBoxLib | ||
| NvVarsFileLib | ||
| PciHostBridgeLib | ||
| PlatformBmPrintScLib | ||
| PlatformBootManagerLib | ||
| PlatformDebugLibIoPort | ||
| PlatformFvbLibNull | ||
| PlatformHasIoMmuLib | ||
| PlatformSecureLib | ||
| QemuBootOrderLib | ||
| QemuFwCfgLib | ||
| QemuFwCfgS3Lib | ||
| ResetSystemLib | ||
| SerializeVariablesLib | ||
| SmbiosVersionLib | ||
| SmmCpuFeaturesLib | ||
| Tcg2PhysicalPresenceLibNull | ||
| Tcg2PhysicalPresenceLibQemu | ||
| TlsAuthConfigLib | ||
| UefiPciCapPciIoLib | ||
| VirtioLib | ||
| VirtioMmioDeviceLib | ||
| XenConsoleSerialPortLib | ||
| XenHypercallLib | ||
| XenIoMmioLib | ||
| XenPlatformLib | ||
| XenRealTimeClockLib | ||