mirror of https://github.com/acidanthera/audk.git
85b8eac59b
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108 When SEV-ES is active, and MMIO operation will trigger a #VC and the VmgExitLib exception handler will process this MMIO operation. A malicious hypervisor could try to extract information from encrypted memory by setting a reserved bit in the guests nested page tables for a non-MMIO area. This can result in the encrypted data being copied into the GHCB shared buffer area and accessed by the hypervisor. Prevent this by ensuring that the MMIO source/destination is un-encrypted memory. For the APIC register space, access is allowed in general. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Message-Id: <0cf28470ad5e694af45f7f0b35296628f819567d.1610045305.git.thomas.lendacky@amd.com> |
||
|---|---|---|
| .. | ||
| Ia32 | ||
| X64 | ||
| DxeMemEncryptSevLib.inf | ||
| DxeMemEncryptSevLibInternal.c | ||
| PeiDxeMemEncryptSevLibInternal.c | ||
| PeiMemEncryptSevLib.inf | ||
| PeiMemEncryptSevLibInternal.c | ||
| SecMemEncryptSevLib.inf | ||
| SecMemEncryptSevLibInternal.c | ||