projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| 2ddacfb6 BS |
1 | /** @file\r |
| 2 | File defines the Sec routines for the AMD SEV\r | |
| 3 | \r | |
| 4 | Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved.<BR>\r | |
| 5 | \r | |
| 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
| 7 | \r | |
| 8 | **/\r | |
| 9 | \r | |
| 10 | #ifndef _AMD_SEV_SEC_INTERNAL_H__\r | |
| 11 | #define _AMD_SEV_SEC_INTERNAL_H__\r | |
| 12 | \r | |
| 13 | /**\r | |
| 14 | Handle an SEV-ES/GHCB protocol check failure.\r | |
| 15 | \r | |
| 16 | Notify the hypervisor using the VMGEXIT instruction that the SEV-ES guest\r | |
| 17 | wishes to be terminated.\r | |
| 18 | \r | |
| 19 | @param[in] ReasonCode Reason code to provide to the hypervisor for the\r | |
| 20 | termination request.\r | |
| 21 | \r | |
| 22 | **/\r | |
| 23 | VOID\r | |
| 24 | SevEsProtocolFailure (\r | |
| 25 | IN UINT8 ReasonCode\r | |
| 26 | );\r | |
| 27 | \r | |
| 28 | /**\r | |
| 29 | Validate the SEV-ES/GHCB protocol level.\r | |
| 30 | \r | |
| 31 | Verify that the level of SEV-ES/GHCB protocol supported by the hypervisor\r | |
| 32 | and the guest intersect. If they don't intersect, request termination.\r | |
| 33 | \r | |
| 34 | **/\r | |
| 35 | VOID\r | |
| 36 | SevEsProtocolCheck (\r | |
| 37 | VOID\r | |
| 38 | );\r | |
| 39 | \r | |
| 40 | /**\r | |
| 41 | Determine if the SEV is active.\r | |
| 42 | \r | |
| 43 | During the early booting, GuestType is set in the work area. Verify that it\r | |
| 44 | is an SEV guest.\r | |
| 45 | \r | |
| 46 | @retval TRUE SEV is enabled\r | |
| 47 | @retval FALSE SEV is not enabled\r | |
| 48 | \r | |
| 49 | **/\r | |
| 50 | BOOLEAN\r | |
| 51 | IsSevGuest (\r | |
| 52 | VOID\r | |
| 53 | );\r | |
| 54 | \r | |
| 55 | /**\r | |
| 56 | Determine if SEV-ES is active.\r | |
| 57 | \r | |
| 58 | During early booting, SEV-ES support code will set a flag to indicate that\r | |
| 59 | SEV-ES is enabled. Return the value of this flag as an indicator that SEV-ES\r | |
| 60 | is enabled.\r | |
| 61 | \r | |
| 62 | @retval TRUE SEV-ES is enabled\r | |
| 63 | @retval FALSE SEV-ES is not enabled\r | |
| 64 | \r | |
| 65 | **/\r | |
| 66 | BOOLEAN\r | |
| 67 | SevEsIsEnabled (\r | |
| 68 | VOID\r | |
| 69 | );\r | |
| 70 | \r | |
| 202fb22b BS |
71 | /**\r |
| 72 | Validate System RAM used for decompressing the PEI and DXE firmware volumes\r | |
| 73 | when SEV-SNP is active. The PCDs SecValidatedStart and SecValidatedEnd are\r | |
| 74 | set in OvmfPkg/FvmainCompactScratchEnd.fdf.inc.\r | |
| 75 | \r | |
| 76 | **/\r | |
| 77 | VOID\r | |
| 78 | SecValidateSystemRam (\r | |
| 79 | VOID\r | |
| 80 | );\r | |
| 81 | \r | |
| 82 | /**\r | |
| 83 | Determine if SEV-SNP is active.\r | |
| 84 | \r | |
| 85 | @retval TRUE SEV-SNP is enabled\r | |
| 86 | @retval FALSE SEV-SNP is not enabled\r | |
| 87 | \r | |
| 88 | **/\r | |
| 89 | BOOLEAN\r | |
| 90 | SevSnpIsEnabled (\r | |
| 91 | VOID\r | |
| 92 | );\r | |
| 93 | \r | |
| 2ddacfb6 | 94 | #endif\r |