3 Secure Encrypted Virtualization (SEV) library helper function
5 Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #include <Library/BaseLib.h>
12 #include <Library/DebugLib.h>
13 #include <Library/MemEncryptSevLib.h>
14 #include <Library/PcdLib.h>
15 #include <Register/Amd/Cpuid.h>
16 #include <Register/Amd/Msr.h>
17 #include <Register/Cpuid.h>
18 #include <Uefi/UefiBaseType.h>
21 Reads and sets the status of SEV features.
27 InternalMemEncryptSevStatus (
32 CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax
;
34 SEC_SEV_ES_WORK_AREA
*SevEsWorkArea
;
38 SevEsWorkArea
= (SEC_SEV_ES_WORK_AREA
*) FixedPcdGet32 (PcdSevEsWorkAreaBase
);
39 if (SevEsWorkArea
!= NULL
&& SevEsWorkArea
->EncryptionMask
!= 0) {
41 // The MSR has been read before, so it is safe to read it again and avoid
42 // having to validate the CPUID information.
47 // Check if memory encryption leaf exist
49 AsmCpuid (CPUID_EXTENDED_FUNCTION
, &RegEax
, NULL
, NULL
, NULL
);
50 if (RegEax
>= CPUID_MEMORY_ENCRYPTION_INFO
) {
52 // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
54 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, &Eax
.Uint32
, NULL
, NULL
, NULL
);
56 if (Eax
.Bits
.SevBit
) {
62 return ReadSevMsr
? AsmReadMsr32 (MSR_SEV_STATUS
) : 0;
66 Returns a boolean to indicate whether SEV-ES is enabled.
68 @retval TRUE SEV-ES is enabled
69 @retval FALSE SEV-ES is not enabled
73 MemEncryptSevEsIsEnabled (
77 MSR_SEV_STATUS_REGISTER Msr
;
79 Msr
.Uint32
= InternalMemEncryptSevStatus ();
81 return Msr
.Bits
.SevEsBit
? TRUE
: FALSE
;
85 Returns a boolean to indicate whether SEV is enabled.
87 @retval TRUE SEV is enabled
88 @retval FALSE SEV is not enabled
92 MemEncryptSevIsEnabled (
96 MSR_SEV_STATUS_REGISTER Msr
;
98 Msr
.Uint32
= InternalMemEncryptSevStatus ();
100 return Msr
.Bits
.SevBit
? TRUE
: FALSE
;
104 Returns the SEV encryption mask.
106 @return The SEV pagtable encryption mask
110 MemEncryptSevGetEncryptionMask (
114 CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx
;
115 SEC_SEV_ES_WORK_AREA
*SevEsWorkArea
;
116 UINT64 EncryptionMask
;
118 SevEsWorkArea
= (SEC_SEV_ES_WORK_AREA
*) FixedPcdGet32 (PcdSevEsWorkAreaBase
);
119 if (SevEsWorkArea
!= NULL
) {
120 EncryptionMask
= SevEsWorkArea
->EncryptionMask
;
123 // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
125 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, NULL
, &Ebx
.Uint32
, NULL
, NULL
);
126 EncryptionMask
= LShiftU64 (1, Ebx
.Bits
.PtePosBits
);
129 return EncryptionMask
;
133 Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
136 @param[out] BaseAddress The base address of the lowest-address page that
137 covers the initial SMRAM Save State Map.
139 @param[out] NumberOfPages The number of pages in the page range that covers
140 the initial SMRAM Save State Map.
142 @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on
145 @retval RETURN_UNSUPPORTED SMM is unavailable.
149 MemEncryptSevLocateInitialSmramSaveStateMapPages (
150 OUT UINTN
*BaseAddress
,
151 OUT UINTN
*NumberOfPages
154 return RETURN_UNSUPPORTED
;