]>
Commit | Line | Data |
---|---|---|
13b5d743 BS |
1 | /**@file\r |
2 | Initialize Secure Encrypted Virtualization (SEV) support\r | |
3 | \r | |
4 | Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>\r | |
5 | \r | |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD\r | |
8 | License which accompanies this distribution. The full text of the license\r | |
9 | may be found at http://opensource.org/licenses/bsd-license.php\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | //\r | |
16 | // The package level header files this module uses\r | |
17 | //\r | |
18 | #include <PiPei.h>\r | |
19 | \r | |
20 | #include <Library/DebugLib.h>\r | |
21 | #include <Library/PcdLib.h>\r | |
22 | #include <Register/Cpuid.h>\r | |
23 | #include <Register/Amd/Cpuid.h>\r | |
24 | #include <Library/MemEncryptSevLib.h>\r | |
25 | \r | |
26 | /**\r | |
27 | \r | |
28 | Function checks if SEV support is available, if present then it sets\r | |
29 | the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.\r | |
30 | \r | |
31 | **/\r | |
32 | VOID\r | |
33 | EFIAPI\r | |
34 | AmdSevInitialize (\r | |
35 | VOID\r | |
36 | )\r | |
37 | {\r | |
38 | CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r | |
39 | UINT64 EncryptionMask;\r | |
40 | RETURN_STATUS PcdStatus;\r | |
41 | \r | |
42 | //\r | |
43 | // Check if SEV is enabled\r | |
44 | //\r | |
45 | if (!MemEncryptSevIsEnabled ()) {\r | |
46 | return;\r | |
47 | }\r | |
48 | \r | |
49 | //\r | |
50 | // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r | |
51 | //\r | |
52 | AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r | |
53 | EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r | |
54 | \r | |
55 | //\r | |
56 | // Set Memory Encryption Mask PCD\r | |
57 | //\r | |
58 | PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r | |
59 | ASSERT_RETURN_ERROR (PcdStatus);\r | |
60 | \r | |
61 | DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r | |
6041ac65 BS |
62 | \r |
63 | //\r | |
64 | // Set Pcd to Deny the execution of option ROM when security\r | |
65 | // violation.\r | |
66 | //\r | |
67 | PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r | |
68 | ASSERT_RETURN_ERROR (PcdStatus);\r | |
13b5d743 | 69 | }\r |