3 Define Secure Encrypted Virtualization (SEV) base library helper function
5 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #ifndef _MEM_ENCRYPT_SEV_LIB_H_
12 #define _MEM_ENCRYPT_SEV_LIB_H_
17 // Define the maximum number of #VCs allowed (e.g. the level of nesting
18 // that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
19 // be sure to increase the size of
20 // gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
21 // in any FDF file using this PCD.
23 #define VMGEXIT_MAXIMUM_VC_COUNT 2
26 // Per-CPU data mapping structure
27 // Use UINT32 for cached indicators and compare to a specific value
28 // so that the hypervisor can't indicate a value is cached by just
29 // writing random data to that area.
36 VOID
*GhcbBackupPages
;
37 } SEV_ES_PER_CPU_DATA
;
40 // Internal structure for holding SEV-ES information needed during SEC phase
41 // and valid only during SEC phase and early PEI during platform
44 // This structure is also used by assembler files:
45 // OvmfPkg/ResetVector/ResetVector.nasmb
46 // OvmfPkg/ResetVector/Ia32/PageTables64.asm
47 // OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
48 // any changes must stay in sync with its usage.
50 typedef struct _SEC_SEV_ES_WORK_AREA
{
56 UINT64 EncryptionMask
;
57 } SEC_SEV_ES_WORK_AREA
;
60 // Memory encryption address range states.
63 MemEncryptSevAddressRangeUnencrypted
,
64 MemEncryptSevAddressRangeEncrypted
,
65 MemEncryptSevAddressRangeMixed
,
66 MemEncryptSevAddressRangeError
,
67 } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
;
70 Returns a boolean to indicate whether SEV-ES is enabled.
72 @retval TRUE SEV-ES is enabled
73 @retval FALSE SEV-ES is not enabled
77 MemEncryptSevEsIsEnabled (
82 Returns a boolean to indicate whether SEV is enabled
84 @retval TRUE SEV is enabled
85 @retval FALSE SEV is not enabled
89 MemEncryptSevIsEnabled (
94 This function clears memory encryption bit for the memory region specified by
95 BaseAddress and NumPages from the current page table context.
97 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
99 @param[in] BaseAddress The physical address that is the start
100 address of a memory region.
101 @param[in] NumPages The number of pages from start memory
104 @retval RETURN_SUCCESS The attributes were cleared for the
106 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
107 @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
112 MemEncryptSevClearPageEncMask (
113 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
114 IN PHYSICAL_ADDRESS BaseAddress
,
119 This function sets memory encryption bit for the memory region specified by
120 BaseAddress and NumPages from the current page table context.
122 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
124 @param[in] BaseAddress The physical address that is the start
125 address of a memory region.
126 @param[in] NumPages The number of pages from start memory
129 @retval RETURN_SUCCESS The attributes were set for the memory
131 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
132 @retval RETURN_UNSUPPORTED Setting the memory encryption attribute
137 MemEncryptSevSetPageEncMask (
138 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
139 IN PHYSICAL_ADDRESS BaseAddress
,
145 Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
148 @param[out] BaseAddress The base address of the lowest-address page that
149 covers the initial SMRAM Save State Map.
151 @param[out] NumberOfPages The number of pages in the page range that covers
152 the initial SMRAM Save State Map.
154 @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on
157 @retval RETURN_UNSUPPORTED SMM is unavailable.
161 MemEncryptSevLocateInitialSmramSaveStateMapPages (
162 OUT UINTN
*BaseAddress
,
163 OUT UINTN
*NumberOfPages
167 Returns the SEV encryption mask.
169 @return The SEV pagetable encryption mask
173 MemEncryptSevGetEncryptionMask (
178 Returns the encryption state of the specified virtual address range.
180 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
182 @param[in] BaseAddress Base address to check
183 @param[in] Length Length of virtual address range
185 @retval MemEncryptSevAddressRangeUnencrypted Address range is mapped
187 @retval MemEncryptSevAddressRangeEncrypted Address range is mapped
189 @retval MemEncryptSevAddressRangeMixed Address range is mapped mixed
190 @retval MemEncryptSevAddressRangeError Address range is not mapped
192 MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
194 MemEncryptSevGetAddressRangeState (
195 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
196 IN PHYSICAL_ADDRESS BaseAddress
,
201 This function clears memory encryption bit for the MMIO region specified by
202 BaseAddress and NumPages.
204 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
206 @param[in] BaseAddress The physical address that is the start
207 address of a MMIO region.
208 @param[in] NumPages The number of pages from start memory
211 @retval RETURN_SUCCESS The attributes were cleared for the
213 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
214 @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
219 MemEncryptSevClearMmioPageEncMask (
220 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
221 IN PHYSICAL_ADDRESS BaseAddress
,
225 #endif // _MEM_ENCRYPT_SEV_LIB_H_