]>
Commit | Line | Data |
---|---|---|
13b5d743 BS |
1 | /**@file\r |
2 | Initialize Secure Encrypted Virtualization (SEV) support\r | |
3 | \r | |
4 | Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>\r | |
5 | \r | |
b26f0cf9 | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
13b5d743 BS |
7 | \r |
8 | **/\r | |
9 | //\r | |
10 | // The package level header files this module uses\r | |
11 | //\r | |
300aae11 | 12 | #include <IndustryStandard/Q35MchIch9.h>\r |
13b5d743 | 13 | #include <Library/DebugLib.h>\r |
86defc2c | 14 | #include <Library/HobLib.h>\r |
6d576e7a | 15 | #include <Library/MemEncryptSevLib.h>\r |
13b5d743 | 16 | #include <Library/PcdLib.h>\r |
6d576e7a | 17 | #include <PiPei.h>\r |
13b5d743 | 18 | #include <Register/Amd/Cpuid.h>\r |
6d576e7a | 19 | #include <Register/Cpuid.h>\r |
300aae11 | 20 | #include <Register/Intel/SmramSaveStateMap.h>\r |
13b5d743 | 21 | \r |
c0d221a3 LE |
22 | #include "Platform.h"\r |
23 | \r | |
cf845a74 TL |
24 | /**\r |
25 | \r | |
26 | Initialize SEV-ES support if running as an SEV-ES guest.\r | |
27 | \r | |
28 | **/\r | |
29 | STATIC\r | |
30 | VOID\r | |
31 | AmdSevEsInitialize (\r | |
32 | VOID\r | |
33 | )\r | |
34 | {\r | |
35 | RETURN_STATUS PcdStatus;\r | |
36 | \r | |
37 | if (!MemEncryptSevEsIsEnabled ()) {\r | |
38 | return;\r | |
39 | }\r | |
40 | \r | |
41 | PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);\r | |
42 | ASSERT_RETURN_ERROR (PcdStatus);\r | |
43 | }\r | |
44 | \r | |
13b5d743 BS |
45 | /**\r |
46 | \r | |
47 | Function checks if SEV support is available, if present then it sets\r | |
48 | the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.\r | |
49 | \r | |
50 | **/\r | |
51 | VOID\r | |
13b5d743 BS |
52 | AmdSevInitialize (\r |
53 | VOID\r | |
54 | )\r | |
55 | {\r | |
56 | CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r | |
57 | UINT64 EncryptionMask;\r | |
58 | RETURN_STATUS PcdStatus;\r | |
59 | \r | |
60 | //\r | |
61 | // Check if SEV is enabled\r | |
62 | //\r | |
63 | if (!MemEncryptSevIsEnabled ()) {\r | |
64 | return;\r | |
65 | }\r | |
66 | \r | |
67 | //\r | |
68 | // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r | |
69 | //\r | |
70 | AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r | |
71 | EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r | |
72 | \r | |
73 | //\r | |
74 | // Set Memory Encryption Mask PCD\r | |
75 | //\r | |
76 | PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r | |
77 | ASSERT_RETURN_ERROR (PcdStatus);\r | |
78 | \r | |
79 | DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r | |
6041ac65 BS |
80 | \r |
81 | //\r | |
82 | // Set Pcd to Deny the execution of option ROM when security\r | |
83 | // violation.\r | |
84 | //\r | |
85 | PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r | |
86 | ASSERT_RETURN_ERROR (PcdStatus);\r | |
86defc2c LE |
87 | \r |
88 | //\r | |
89 | // When SMM is required, cover the pages containing the initial SMRAM Save\r | |
90 | // State Map with a memory allocation HOB:\r | |
91 | //\r | |
92 | // There's going to be a time interval between our decrypting those pages for\r | |
93 | // SMBASE relocation and re-encrypting the same pages after SMBASE\r | |
94 | // relocation. We shall ensure that the DXE phase stay away from those pages\r | |
95 | // until after re-encryption, in order to prevent an information leak to the\r | |
96 | // hypervisor.\r | |
97 | //\r | |
98 | if (FeaturePcdGet (PcdSmmSmramRequire) && (mBootMode != BOOT_ON_S3_RESUME)) {\r | |
99 | RETURN_STATUS LocateMapStatus;\r | |
100 | UINTN MapPagesBase;\r | |
101 | UINTN MapPagesCount;\r | |
102 | \r | |
103 | LocateMapStatus = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r | |
104 | &MapPagesBase,\r | |
105 | &MapPagesCount\r | |
106 | );\r | |
107 | ASSERT_RETURN_ERROR (LocateMapStatus);\r | |
108 | \r | |
300aae11 LE |
109 | if (mQ35SmramAtDefaultSmbase) {\r |
110 | //\r | |
111 | // The initial SMRAM Save State Map has been covered as part of a larger\r | |
112 | // reserved memory allocation in InitializeRamRegions().\r | |
113 | //\r | |
114 | ASSERT (SMM_DEFAULT_SMBASE <= MapPagesBase);\r | |
115 | ASSERT (\r | |
116 | (MapPagesBase + EFI_PAGES_TO_SIZE (MapPagesCount) <=\r | |
117 | SMM_DEFAULT_SMBASE + MCH_DEFAULT_SMBASE_SIZE)\r | |
118 | );\r | |
119 | } else {\r | |
120 | BuildMemoryAllocationHob (\r | |
121 | MapPagesBase, // BaseAddress\r | |
122 | EFI_PAGES_TO_SIZE (MapPagesCount), // Length\r | |
123 | EfiBootServicesData // MemoryType\r | |
124 | );\r | |
125 | }\r | |
86defc2c | 126 | }\r |
cf845a74 TL |
127 | \r |
128 | //\r | |
129 | // Check and perform SEV-ES initialization if required.\r | |
130 | //\r | |
131 | AmdSevEsInitialize ();\r | |
13b5d743 | 132 | }\r |