| 1 | /** @file
|
|---|
| 2 |
|
|---|
| 3 | Secure Encrypted Virtualization (SEV) library helper function
|
|---|
| 4 |
|
|---|
| 5 | Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
|
|---|
| 6 |
|
|---|
| 7 | SPDX-License-Identifier: BSD-2-Clause-Patent
|
|---|
| 8 |
|
|---|
| 9 | **/
|
|---|
| 10 |
|
|---|
| 11 | #include <Library/BaseLib.h>
|
|---|
| 12 | #include <Library/DebugLib.h>
|
|---|
| 13 | #include <Library/MemEncryptSevLib.h>
|
|---|
| 14 | #include <Library/PcdLib.h>
|
|---|
| 15 | #include <Register/Amd/Cpuid.h>
|
|---|
| 16 | #include <Register/Amd/Msr.h>
|
|---|
| 17 | #include <Register/Cpuid.h>
|
|---|
| 18 | #include <Uefi/UefiBaseType.h>
|
|---|
| 19 |
|
|---|
| 20 | /**
|
|---|
| 21 | Read the workarea to determine whether SEV is enabled. If enabled,
|
|---|
| 22 | then return the SevEsWorkArea pointer.
|
|---|
| 23 |
|
|---|
| 24 | **/
|
|---|
| 25 | STATIC
|
|---|
| 26 | SEC_SEV_ES_WORK_AREA *
|
|---|
| 27 | EFIAPI
|
|---|
| 28 | GetSevEsWorkArea (
|
|---|
| 29 | VOID
|
|---|
| 30 | )
|
|---|
| 31 | {
|
|---|
| 32 | OVMF_WORK_AREA *WorkArea;
|
|---|
| 33 |
|
|---|
| 34 | WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
|
|---|
| 35 |
|
|---|
| 36 | //
|
|---|
| 37 | // If its not SEV guest then SevEsWorkArea is not valid.
|
|---|
| 38 | //
|
|---|
| 39 | if ((WorkArea == NULL) || (WorkArea->Header.GuestType != CcGuestTypeAmdSev)) {
|
|---|
| 40 | return NULL;
|
|---|
| 41 | }
|
|---|
| 42 |
|
|---|
| 43 | return (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);
|
|---|
| 44 | }
|
|---|
| 45 |
|
|---|
| 46 | /**
|
|---|
| 47 | Read the SEV Status MSR value from the workarea
|
|---|
| 48 |
|
|---|
| 49 | **/
|
|---|
| 50 | STATIC
|
|---|
| 51 | UINT32
|
|---|
| 52 | EFIAPI
|
|---|
| 53 | InternalMemEncryptSevStatus (
|
|---|
| 54 | VOID
|
|---|
| 55 | )
|
|---|
| 56 | {
|
|---|
| 57 | SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
|
|---|
| 58 |
|
|---|
| 59 | SevEsWorkArea = GetSevEsWorkArea ();
|
|---|
| 60 | if (SevEsWorkArea == NULL) {
|
|---|
| 61 | return 0;
|
|---|
| 62 | }
|
|---|
| 63 |
|
|---|
| 64 | return (UINT32)(UINTN)SevEsWorkArea->SevStatusMsrValue;
|
|---|
| 65 | }
|
|---|
| 66 |
|
|---|
| 67 | /**
|
|---|
| 68 | Returns a boolean to indicate whether SEV-SNP is enabled.
|
|---|
| 69 |
|
|---|
| 70 | @retval TRUE SEV-SNP is enabled
|
|---|
| 71 | @retval FALSE SEV-SNP is not enabled
|
|---|
| 72 | **/
|
|---|
| 73 | BOOLEAN
|
|---|
| 74 | EFIAPI
|
|---|
| 75 | MemEncryptSevSnpIsEnabled (
|
|---|
| 76 | VOID
|
|---|
| 77 | )
|
|---|
| 78 | {
|
|---|
| 79 | MSR_SEV_STATUS_REGISTER Msr;
|
|---|
| 80 |
|
|---|
| 81 | Msr.Uint32 = InternalMemEncryptSevStatus ();
|
|---|
| 82 |
|
|---|
| 83 | return Msr.Bits.SevSnpBit ? TRUE : FALSE;
|
|---|
| 84 | }
|
|---|
| 85 |
|
|---|
| 86 | /**
|
|---|
| 87 | Returns a boolean to indicate whether SEV-ES is enabled.
|
|---|
| 88 |
|
|---|
| 89 | @retval TRUE SEV-ES is enabled
|
|---|
| 90 | @retval FALSE SEV-ES is not enabled
|
|---|
| 91 | **/
|
|---|
| 92 | BOOLEAN
|
|---|
| 93 | EFIAPI
|
|---|
| 94 | MemEncryptSevEsIsEnabled (
|
|---|
| 95 | VOID
|
|---|
| 96 | )
|
|---|
| 97 | {
|
|---|
| 98 | MSR_SEV_STATUS_REGISTER Msr;
|
|---|
| 99 |
|
|---|
| 100 | Msr.Uint32 = InternalMemEncryptSevStatus ();
|
|---|
| 101 |
|
|---|
| 102 | return Msr.Bits.SevEsBit ? TRUE : FALSE;
|
|---|
| 103 | }
|
|---|
| 104 |
|
|---|
| 105 | /**
|
|---|
| 106 | Returns a boolean to indicate whether SEV is enabled.
|
|---|
| 107 |
|
|---|
| 108 | @retval TRUE SEV is enabled
|
|---|
| 109 | @retval FALSE SEV is not enabled
|
|---|
| 110 | **/
|
|---|
| 111 | BOOLEAN
|
|---|
| 112 | EFIAPI
|
|---|
| 113 | MemEncryptSevIsEnabled (
|
|---|
| 114 | VOID
|
|---|
| 115 | )
|
|---|
| 116 | {
|
|---|
| 117 | MSR_SEV_STATUS_REGISTER Msr;
|
|---|
| 118 |
|
|---|
| 119 | Msr.Uint32 = InternalMemEncryptSevStatus ();
|
|---|
| 120 |
|
|---|
| 121 | return Msr.Bits.SevBit ? TRUE : FALSE;
|
|---|
| 122 | }
|
|---|
| 123 |
|
|---|
| 124 | /**
|
|---|
| 125 | Returns the SEV encryption mask.
|
|---|
| 126 |
|
|---|
| 127 | @return The SEV pagtable encryption mask
|
|---|
| 128 | **/
|
|---|
| 129 | UINT64
|
|---|
| 130 | EFIAPI
|
|---|
| 131 | MemEncryptSevGetEncryptionMask (
|
|---|
| 132 | VOID
|
|---|
| 133 | )
|
|---|
| 134 | {
|
|---|
| 135 | SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
|
|---|
| 136 |
|
|---|
| 137 | SevEsWorkArea = GetSevEsWorkArea ();
|
|---|
| 138 | if (SevEsWorkArea == NULL) {
|
|---|
| 139 | return 0;
|
|---|
| 140 | }
|
|---|
| 141 |
|
|---|
| 142 | return SevEsWorkArea->EncryptionMask;
|
|---|
| 143 | }
|
|---|
| 144 |
|
|---|
| 145 | /**
|
|---|
| 146 | Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
|
|---|
| 147 | Save State Map.
|
|---|
| 148 |
|
|---|
| 149 | @param[out] BaseAddress The base address of the lowest-address page that
|
|---|
| 150 | covers the initial SMRAM Save State Map.
|
|---|
| 151 |
|
|---|
| 152 | @param[out] NumberOfPages The number of pages in the page range that covers
|
|---|
| 153 | the initial SMRAM Save State Map.
|
|---|
| 154 |
|
|---|
| 155 | @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on
|
|---|
| 156 | output.
|
|---|
| 157 |
|
|---|
| 158 | @retval RETURN_UNSUPPORTED SMM is unavailable.
|
|---|
| 159 | **/
|
|---|
| 160 | RETURN_STATUS
|
|---|
| 161 | EFIAPI
|
|---|
| 162 | MemEncryptSevLocateInitialSmramSaveStateMapPages (
|
|---|
| 163 | OUT UINTN *BaseAddress,
|
|---|
| 164 | OUT UINTN *NumberOfPages
|
|---|
| 165 | )
|
|---|
| 166 | {
|
|---|
| 167 | return RETURN_UNSUPPORTED;
|
|---|
| 168 | }
|
|---|
