3 Define Secure Encrypted Virtualization (SEV) base library helper function
5 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #ifndef _MEM_ENCRYPT_SEV_LIB_H_
12 #define _MEM_ENCRYPT_SEV_LIB_H_
17 // Define the maximum number of #VCs allowed (e.g. the level of nesting
18 // that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
19 // be sure to increase the size of
20 // gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
21 // in any FDF file using this PCD.
23 #define VMGEXIT_MAXIMUM_VC_COUNT 2
26 // Per-CPU data mapping structure
27 // Use UINT32 for cached indicators and compare to a specific value
28 // so that the hypervisor can't indicate a value is cached by just
29 // writing random data to that area.
36 VOID
*GhcbBackupPages
;
37 } SEV_ES_PER_CPU_DATA
;
40 // Internal structure for holding SEV-ES information needed during SEC phase
41 // and valid only during SEC phase and early PEI during platform
44 // This structure is also used by assembler files:
45 // OvmfPkg/ResetVector/ResetVector.nasmb
46 // OvmfPkg/ResetVector/Ia32/PageTables64.asm
47 // OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
48 // any changes must stay in sync with its usage.
50 typedef struct _SEC_SEV_ES_WORK_AREA
{
56 UINT64 EncryptionMask
;
57 } SEC_SEV_ES_WORK_AREA
;
60 // Memory encryption address range states.
63 MemEncryptSevAddressRangeUnencrypted
,
64 MemEncryptSevAddressRangeEncrypted
,
65 MemEncryptSevAddressRangeMixed
,
66 MemEncryptSevAddressRangeError
,
67 } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
;
70 Returns a boolean to indicate whether SEV-ES is enabled.
72 @retval TRUE SEV-ES is enabled
73 @retval FALSE SEV-ES is not enabled
77 MemEncryptSevEsIsEnabled (
82 Returns a boolean to indicate whether SEV is enabled
84 @retval TRUE SEV is enabled
85 @retval FALSE SEV is not enabled
89 MemEncryptSevIsEnabled (
94 This function clears memory encryption bit for the memory region specified by
95 BaseAddress and NumPages from the current page table context.
97 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
99 @param[in] BaseAddress The physical address that is the start
100 address of a memory region.
101 @param[in] NumPages The number of pages from start memory
103 @param[in] Flush Flush the caches before clearing the bit
104 (mostly TRUE except MMIO addresses)
106 @retval RETURN_SUCCESS The attributes were cleared for the
108 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
109 @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
114 MemEncryptSevClearPageEncMask (
115 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
116 IN PHYSICAL_ADDRESS BaseAddress
,
122 This function sets memory encryption bit for the memory region specified by
123 BaseAddress and NumPages from the current page table context.
125 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
127 @param[in] BaseAddress The physical address that is the start
128 address of a memory region.
129 @param[in] NumPages The number of pages from start memory
131 @param[in] Flush Flush the caches before setting the bit
132 (mostly TRUE except MMIO addresses)
134 @retval RETURN_SUCCESS The attributes were set for the memory
136 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
137 @retval RETURN_UNSUPPORTED Setting the memory encryption attribute
142 MemEncryptSevSetPageEncMask (
143 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
144 IN PHYSICAL_ADDRESS BaseAddress
,
151 Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
154 @param[out] BaseAddress The base address of the lowest-address page that
155 covers the initial SMRAM Save State Map.
157 @param[out] NumberOfPages The number of pages in the page range that covers
158 the initial SMRAM Save State Map.
160 @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on
163 @retval RETURN_UNSUPPORTED SMM is unavailable.
167 MemEncryptSevLocateInitialSmramSaveStateMapPages (
168 OUT UINTN
*BaseAddress
,
169 OUT UINTN
*NumberOfPages
173 Returns the SEV encryption mask.
175 @return The SEV pagetable encryption mask
179 MemEncryptSevGetEncryptionMask (
184 Returns the encryption state of the specified virtual address range.
186 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
188 @param[in] BaseAddress Base address to check
189 @param[in] Length Length of virtual address range
191 @retval MemEncryptSevAddressRangeUnencrypted Address range is mapped
193 @retval MemEncryptSevAddressRangeEncrypted Address range is mapped
195 @retval MemEncryptSevAddressRangeMixed Address range is mapped mixed
196 @retval MemEncryptSevAddressRangeError Address range is not mapped
198 MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
200 MemEncryptSevGetAddressRangeState (
201 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
202 IN PHYSICAL_ADDRESS BaseAddress
,
206 #endif // _MEM_ENCRYPT_SEV_LIB_H_