VirtualBox

source: vbox/trunk/src/VBox/Devices/EFI/FirmwareNew/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c@ 108794

Last change on this file since 108794 was 108794, checked in by vboxsync, 2 weeks ago

Devices/EFI/FirmwareNew: Merge edk2-stable202502 from the vendor branch and make it build for the important platforms, bugref:4643
  • Property svn:eol-style set to native
File size: 4.1 KB
Line 
1/** @file
2
3 Secure Encrypted Virtualization (SEV) library helper function
4
5 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
6
7 SPDX-License-Identifier: BSD-2-Clause-Patent
8
9**/
10
11#include <Library/BaseLib.h>
12#include <Library/DebugLib.h>
13#include <Library/MemEncryptSevLib.h>
14#include <Library/PcdLib.h>
15#include <Register/Amd/Cpuid.h>
16#include <Register/Amd/Msr.h>
17#include <Register/Cpuid.h>
18#include <Uefi/UefiBaseType.h>
19#include <ConfidentialComputingGuestAttr.h>
20
21STATIC UINT64 mCurrentAttr = 0;
22STATIC BOOLEAN mCurrentAttrRead = FALSE;
23STATIC UINT64 mSevEncryptionMask = 0;
24STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
25
26/**
27 The function check if the specified Attr is set.
28
29 @param[in] CurrentAttr The current attribute.
30 @param[in] Attr The attribute to check.
31
32 @retval TRUE The specified Attr is set.
33 @retval FALSE The specified Attr is not set.
34
35**/
36STATIC
37BOOLEAN
38AmdMemEncryptionAttrCheck (
39 IN UINT64 CurrentAttr,
40 IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
41 )
42{
43 UINT64 CurrentLevel;
44
45 CurrentLevel = CurrentAttr & CCAttrTypeMask;
46
47 switch (Attr) {
48 case CCAttrAmdSev:
49 //
50 // SEV is automatically enabled if SEV-ES or SEV-SNP is active.
51 //
52 return CurrentLevel >= CCAttrAmdSev;
53 case CCAttrAmdSevEs:
54 //
55 // SEV-ES is automatically enabled if SEV-SNP is active.
56 //
57 return CurrentLevel >= CCAttrAmdSevEs;
58 case CCAttrAmdSevSnp:
59 return CurrentLevel == CCAttrAmdSevSnp;
60 case CCAttrFeatureAmdSevEsDebugVirtualization:
61 return !!(CurrentAttr & CCAttrFeatureAmdSevEsDebugVirtualization);
62 default:
63 return FALSE;
64 }
65}
66
67/**
68 Check if the specified confidential computing attribute is active.
69
70 @param[in] Attr The attribute to check.
71
72 @retval TRUE The specified Attr is active.
73 @retval FALSE The specified Attr is not active.
74
75**/
76STATIC
77BOOLEAN
78EFIAPI
79ConfidentialComputingGuestHas (
80 IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
81 )
82{
83 //
84 // Get the current CC attribute.
85 //
86 // We avoid reading the PCD on every check because this routine could be indirectly
87 // called during the virtual pointer conversion. And its not safe to access the
88 // PCDs during the virtual pointer conversion.
89 //
90 if (!mCurrentAttrRead) {
91 mCurrentAttr = PcdGet64 (PcdConfidentialComputingGuestAttr);
92 mCurrentAttrRead = TRUE;
93 }
94
95 //
96 // If attr is for the AMD group then call AMD specific checks.
97 //
98 if (((RShiftU64 (mCurrentAttr, 8)) & 0xff) == 1) {
99 return AmdMemEncryptionAttrCheck (mCurrentAttr, Attr);
100 }
101
102 return (mCurrentAttr == Attr);
103}
104
105/**
106 Returns a boolean to indicate whether SEV-SNP is enabled.
107
108 @retval TRUE SEV-SNP is enabled
109 @retval FALSE SEV-SNP is not enabled
110**/
111BOOLEAN
112EFIAPI
113MemEncryptSevSnpIsEnabled (
114 VOID
115 )
116{
117 return ConfidentialComputingGuestHas (CCAttrAmdSevSnp);
118}
119
120/**
121 Returns a boolean to indicate whether SEV-ES is enabled.
122
123 @retval TRUE SEV-ES is enabled
124 @retval FALSE SEV-ES is not enabled
125**/
126BOOLEAN
127EFIAPI
128MemEncryptSevEsIsEnabled (
129 VOID
130 )
131{
132 return ConfidentialComputingGuestHas (CCAttrAmdSevEs);
133}
134
135/**
136 Returns a boolean to indicate whether SEV is enabled.
137
138 @retval TRUE SEV is enabled
139 @retval FALSE SEV is not enabled
140**/
141BOOLEAN
142EFIAPI
143MemEncryptSevIsEnabled (
144 VOID
145 )
146{
147 return ConfidentialComputingGuestHas (CCAttrAmdSev);
148}
149
150/**
151 Returns the SEV encryption mask.
152
153 @return The SEV pagtable encryption mask
154**/
155UINT64
156EFIAPI
157MemEncryptSevGetEncryptionMask (
158 VOID
159 )
160{
161 if (!mSevEncryptionMaskSaved) {
162 mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
163 mSevEncryptionMaskSaved = TRUE;
164 }
165
166 return mSevEncryptionMask;
167}
168
169/**
170 Returns a boolean to indicate whether DebugVirtualization is enabled.
171
172 @retval TRUE DebugVirtualization is enabled
173 @retval FALSE DebugVirtualization is not enabled
174**/
175BOOLEAN
176EFIAPI
177MemEncryptSevEsDebugVirtualizationIsEnabled (
178 VOID
179 )
180{
181 return ConfidentialComputingGuestHas (CCAttrFeatureAmdSevEsDebugVirtualization);
182}
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette