3 Virtual Memory Management Services to set or clear the memory encryption bit
5 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
6 Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
10 Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
14 #include <Library/CpuLib.h>
15 #include <Register/Amd/Cpuid.h>
16 #include <Register/Cpuid.h>
18 #include "VirtualMemory.h"
20 STATIC BOOLEAN mAddressEncMaskChecked
= FALSE
;
21 STATIC UINT64 mAddressEncMask
;
22 STATIC PAGE_TABLE_POOL
*mPageTablePool
= NULL
;
30 Get the memory encryption mask
32 @param[out] EncryptionMask contains the pte mask.
37 GetMemEncryptionAddressMask (
41 UINT64 EncryptionMask
;
42 CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx
;
44 if (mAddressEncMaskChecked
) {
45 return mAddressEncMask
;
49 // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
51 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, NULL
, &Ebx
.Uint32
, NULL
, NULL
);
52 EncryptionMask
= LShiftU64 (1, Ebx
.Bits
.PtePosBits
);
54 mAddressEncMask
= EncryptionMask
& PAGING_1G_ADDRESS_MASK_64
;
55 mAddressEncMaskChecked
= TRUE
;
57 return mAddressEncMask
;
61 Initialize a buffer pool for page table use only.
63 To reduce the potential split operation on page table, the pages reserved for
64 page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and
65 at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always
66 initialized with number of pages greater than or equal to the given
69 Once the pages in the pool are used up, this method should be called again to
70 reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't
71 happen often in practice.
73 @param[in] PoolPages The least page number of the pool to be created.
75 @retval TRUE The pool is initialized successfully.
76 @retval FALSE The memory is out of resource.
80 InitializePageTablePool (
87 // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one page for
90 PoolPages
+= 1; // Add one page for header.
91 PoolPages
= ((PoolPages
- 1) / PAGE_TABLE_POOL_UNIT_PAGES
+ 1) *
92 PAGE_TABLE_POOL_UNIT_PAGES
;
93 Buffer
= AllocateAlignedPages (PoolPages
, PAGE_TABLE_POOL_ALIGNMENT
);
95 DEBUG ((DEBUG_ERROR
, "ERROR: Out of aligned pages\r\n"));
100 // Link all pools into a list for easier track later.
102 if (mPageTablePool
== NULL
) {
103 mPageTablePool
= Buffer
;
104 mPageTablePool
->NextPool
= mPageTablePool
;
106 ((PAGE_TABLE_POOL
*)Buffer
)->NextPool
= mPageTablePool
->NextPool
;
107 mPageTablePool
->NextPool
= Buffer
;
108 mPageTablePool
= Buffer
;
112 // Reserve one page for pool header.
114 mPageTablePool
->FreePages
= PoolPages
- 1;
115 mPageTablePool
->Offset
= EFI_PAGES_TO_SIZE (1);
121 This API provides a way to allocate memory for page table.
123 This API can be called more than once to allocate memory for page tables.
125 Allocates the number of 4KB pages and returns a pointer to the allocated
126 buffer. The buffer returned is aligned on a 4KB boundary.
128 If Pages is 0, then NULL is returned.
129 If there is not enough memory remaining to satisfy the request, then NULL is
132 @param Pages The number of 4 KB pages to allocate.
134 @return A pointer to the allocated buffer or NULL if allocation fails.
140 AllocatePageTableMemory (
151 // Renew the pool if necessary.
153 if (mPageTablePool
== NULL
||
154 Pages
> mPageTablePool
->FreePages
) {
155 if (!InitializePageTablePool (Pages
)) {
160 Buffer
= (UINT8
*)mPageTablePool
+ mPageTablePool
->Offset
;
162 mPageTablePool
->Offset
+= EFI_PAGES_TO_SIZE (Pages
);
163 mPageTablePool
->FreePages
-= Pages
;
167 "%a:%a: Buffer=0x%Lx Pages=%ld\n",
181 @param[in] PhysicalAddress Start physical address the 2M page
183 @param[in, out] PageEntry2M Pointer to 2M page entry.
184 @param[in] StackBase Stack base address.
185 @param[in] StackSize Stack size.
191 IN PHYSICAL_ADDRESS PhysicalAddress
,
192 IN OUT UINT64
*PageEntry2M
,
193 IN PHYSICAL_ADDRESS StackBase
,
197 PHYSICAL_ADDRESS PhysicalAddress4K
;
198 UINTN IndexOfPageTableEntries
;
199 PAGE_TABLE_4K_ENTRY
*PageTableEntry
, *PageTableEntry1
;
200 UINT64 AddressEncMask
;
202 PageTableEntry
= AllocatePageTableMemory(1);
204 PageTableEntry1
= PageTableEntry
;
206 AddressEncMask
= GetMemEncryptionAddressMask ();
208 ASSERT (PageTableEntry
!= NULL
);
209 ASSERT (*PageEntry2M
& AddressEncMask
);
211 PhysicalAddress4K
= PhysicalAddress
;
212 for (IndexOfPageTableEntries
= 0;
213 IndexOfPageTableEntries
< 512;
214 (IndexOfPageTableEntries
++,
216 PhysicalAddress4K
+= SIZE_4KB
)) {
218 // Fill in the Page Table entries
220 PageTableEntry
->Uint64
= (UINT64
) PhysicalAddress4K
| AddressEncMask
;
221 PageTableEntry
->Bits
.ReadWrite
= 1;
222 PageTableEntry
->Bits
.Present
= 1;
223 if ((PhysicalAddress4K
>= StackBase
) &&
224 (PhysicalAddress4K
< StackBase
+ StackSize
)) {
226 // Set Nx bit for stack.
228 PageTableEntry
->Bits
.Nx
= 1;
233 // Fill in 2M page entry.
235 *PageEntry2M
= ((UINT64
)(UINTN
)PageTableEntry1
|
236 IA32_PG_P
| IA32_PG_RW
| AddressEncMask
);
240 Set one page of page table pool memory to be read-only.
242 @param[in] PageTableBase Base address of page table (CR3).
243 @param[in] Address Start address of a page to be set as read-only.
244 @param[in] Level4Paging Level 4 paging flag.
249 SetPageTablePoolReadOnly (
250 IN UINTN PageTableBase
,
251 IN EFI_PHYSICAL_ADDRESS Address
,
252 IN BOOLEAN Level4Paging
257 UINT64 AddressEncMask
;
258 EFI_PHYSICAL_ADDRESS PhysicalAddress
;
260 UINT64
*NewPageTable
;
268 ASSERT (PageTableBase
!= 0);
271 // Since the page table is always from page table pool, which is always
272 // located at the boundary of PcdPageTablePoolAlignment, we just need to
273 // set the whole pool unit to be read-only.
275 Address
= Address
& PAGE_TABLE_POOL_ALIGN_MASK
;
277 LevelShift
[1] = PAGING_L1_ADDRESS_SHIFT
;
278 LevelShift
[2] = PAGING_L2_ADDRESS_SHIFT
;
279 LevelShift
[3] = PAGING_L3_ADDRESS_SHIFT
;
280 LevelShift
[4] = PAGING_L4_ADDRESS_SHIFT
;
282 LevelMask
[1] = PAGING_4K_ADDRESS_MASK_64
;
283 LevelMask
[2] = PAGING_2M_ADDRESS_MASK_64
;
284 LevelMask
[3] = PAGING_1G_ADDRESS_MASK_64
;
285 LevelMask
[4] = PAGING_1G_ADDRESS_MASK_64
;
287 LevelSize
[1] = SIZE_4KB
;
288 LevelSize
[2] = SIZE_2MB
;
289 LevelSize
[3] = SIZE_1GB
;
290 LevelSize
[4] = SIZE_512GB
;
292 AddressEncMask
= GetMemEncryptionAddressMask() &
293 PAGING_1G_ADDRESS_MASK_64
;
294 PageTable
= (UINT64
*)(UINTN
)PageTableBase
;
295 PoolUnitSize
= PAGE_TABLE_POOL_UNIT_SIZE
;
297 for (Level
= (Level4Paging
) ? 4 : 3; Level
> 0; --Level
) {
298 Index
= ((UINTN
)RShiftU64 (Address
, LevelShift
[Level
]));
299 Index
&= PAGING_PAE_INDEX_MASK
;
301 PageAttr
= PageTable
[Index
];
302 if ((PageAttr
& IA32_PG_PS
) == 0) {
304 // Go to next level of table.
306 PageTable
= (UINT64
*)(UINTN
)(PageAttr
& ~AddressEncMask
&
307 PAGING_4K_ADDRESS_MASK_64
);
311 if (PoolUnitSize
>= LevelSize
[Level
]) {
313 // Clear R/W bit if current page granularity is not larger than pool unit
316 if ((PageAttr
& IA32_PG_RW
) != 0) {
317 while (PoolUnitSize
> 0) {
319 // PAGE_TABLE_POOL_UNIT_SIZE and PAGE_TABLE_POOL_ALIGNMENT are fit in
320 // one page (2MB). Then we don't need to update attributes for pages
321 // crossing page directory. ASSERT below is for that purpose.
323 ASSERT (Index
< EFI_PAGE_SIZE
/sizeof (UINT64
));
325 PageTable
[Index
] &= ~(UINT64
)IA32_PG_RW
;
326 PoolUnitSize
-= LevelSize
[Level
];
336 // The smaller granularity of page must be needed.
340 NewPageTable
= AllocatePageTableMemory (1);
341 ASSERT (NewPageTable
!= NULL
);
343 PhysicalAddress
= PageAttr
& LevelMask
[Level
];
345 EntryIndex
< EFI_PAGE_SIZE
/sizeof (UINT64
);
347 NewPageTable
[EntryIndex
] = PhysicalAddress
| AddressEncMask
|
348 IA32_PG_P
| IA32_PG_RW
;
350 NewPageTable
[EntryIndex
] |= IA32_PG_PS
;
352 PhysicalAddress
+= LevelSize
[Level
- 1];
355 PageTable
[Index
] = (UINT64
)(UINTN
)NewPageTable
| AddressEncMask
|
356 IA32_PG_P
| IA32_PG_RW
;
357 PageTable
= NewPageTable
;
363 Prevent the memory pages used for page table from been overwritten.
365 @param[in] PageTableBase Base address of page table (CR3).
366 @param[in] Level4Paging Level 4 paging flag.
371 EnablePageTableProtection (
372 IN UINTN PageTableBase
,
373 IN BOOLEAN Level4Paging
376 PAGE_TABLE_POOL
*HeadPool
;
377 PAGE_TABLE_POOL
*Pool
;
379 EFI_PHYSICAL_ADDRESS Address
;
381 if (mPageTablePool
== NULL
) {
386 // SetPageTablePoolReadOnly might update mPageTablePool. It's safer to
387 // remember original one in advance.
389 HeadPool
= mPageTablePool
;
392 Address
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)Pool
;
393 PoolSize
= Pool
->Offset
+ EFI_PAGES_TO_SIZE (Pool
->FreePages
);
396 // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE,
397 // which is one of page size of the processor (2MB by default). Let's apply
398 // the protection to them one by one.
400 while (PoolSize
> 0) {
401 SetPageTablePoolReadOnly(PageTableBase
, Address
, Level4Paging
);
402 Address
+= PAGE_TABLE_POOL_UNIT_SIZE
;
403 PoolSize
-= PAGE_TABLE_POOL_UNIT_SIZE
;
406 Pool
= Pool
->NextPool
;
407 } while (Pool
!= HeadPool
);
415 @param[in] PhysicalAddress Start physical address the 1G page
417 @param[in, out] PageEntry1G Pointer to 1G page entry.
418 @param[in] StackBase Stack base address.
419 @param[in] StackSize Stack size.
425 IN PHYSICAL_ADDRESS PhysicalAddress
,
426 IN OUT UINT64
*PageEntry1G
,
427 IN PHYSICAL_ADDRESS StackBase
,
431 PHYSICAL_ADDRESS PhysicalAddress2M
;
432 UINTN IndexOfPageDirectoryEntries
;
433 PAGE_TABLE_ENTRY
*PageDirectoryEntry
;
434 UINT64 AddressEncMask
;
436 PageDirectoryEntry
= AllocatePageTableMemory(1);
438 AddressEncMask
= GetMemEncryptionAddressMask ();
439 ASSERT (PageDirectoryEntry
!= NULL
);
440 ASSERT (*PageEntry1G
& GetMemEncryptionAddressMask ());
442 // Fill in 1G page entry.
444 *PageEntry1G
= ((UINT64
)(UINTN
)PageDirectoryEntry
|
445 IA32_PG_P
| IA32_PG_RW
| AddressEncMask
);
447 PhysicalAddress2M
= PhysicalAddress
;
448 for (IndexOfPageDirectoryEntries
= 0;
449 IndexOfPageDirectoryEntries
< 512;
450 (IndexOfPageDirectoryEntries
++,
451 PageDirectoryEntry
++,
452 PhysicalAddress2M
+= SIZE_2MB
)) {
453 if ((PhysicalAddress2M
< StackBase
+ StackSize
) &&
454 ((PhysicalAddress2M
+ SIZE_2MB
) > StackBase
)) {
456 // Need to split this 2M page that covers stack range.
460 (UINT64
*)PageDirectoryEntry
,
466 // Fill in the Page Directory entries
468 PageDirectoryEntry
->Uint64
= (UINT64
) PhysicalAddress2M
| AddressEncMask
;
469 PageDirectoryEntry
->Bits
.ReadWrite
= 1;
470 PageDirectoryEntry
->Bits
.Present
= 1;
471 PageDirectoryEntry
->Bits
.MustBe1
= 1;
478 Set or Clear the memory encryption bit
480 @param[in] PagetablePoint Page table entry pointer (PTE).
481 @param[in] Mode Set or Clear encryption bit
486 IN OUT UINT64
* PageTablePointer
,
487 IN MAP_RANGE_MODE Mode
490 UINT64 AddressEncMask
;
492 AddressEncMask
= GetMemEncryptionAddressMask ();
494 if (Mode
== SetCBit
) {
495 *PageTablePointer
|= AddressEncMask
;
497 *PageTablePointer
&= ~AddressEncMask
;
503 Check the WP status in CR0 register. This bit is used to lock or unlock write
504 access to pages marked as read-only.
506 @retval TRUE Write protection is enabled.
507 @retval FALSE Write protection is disabled.
511 IsReadOnlyPageWriteProtected (
515 return ((AsmReadCr0 () & BIT16
) != 0);
520 Disable Write Protect on pages marked as read-only.
524 DisableReadOnlyPageWriteProtect (
528 AsmWriteCr0 (AsmReadCr0() & ~BIT16
);
532 Enable Write Protect on pages marked as read-only.
535 EnableReadOnlyPageWriteProtect (
539 AsmWriteCr0 (AsmReadCr0() | BIT16
);
544 This function either sets or clears memory encryption bit for the memory
545 region specified by PhysicalAddress and Length from the current page table
548 The function iterates through the PhysicalAddress one page at a time, and set
549 or clears the memory encryption mask in the page table. If it encounters
550 that a given physical address range is part of large page then it attempts to
551 change the attribute at one go (based on size), otherwise it splits the
552 large pages into smaller (e.g 2M page into 4K pages) and then try to set or
553 clear the encryption bit on the smallest page size.
555 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
557 @param[in] PhysicalAddress The physical address that is the start
558 address of a memory region.
559 @param[in] Length The length of memory region
560 @param[in] Mode Set or Clear mode
561 @param[in] CacheFlush Flush the caches before applying the
564 @retval RETURN_SUCCESS The attributes were cleared for the
566 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
567 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
575 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
576 IN PHYSICAL_ADDRESS PhysicalAddress
,
578 IN MAP_RANGE_MODE Mode
,
579 IN BOOLEAN CacheFlush
582 PAGE_MAP_AND_DIRECTORY_POINTER
*PageMapLevel4Entry
;
583 PAGE_MAP_AND_DIRECTORY_POINTER
*PageUpperDirectoryPointerEntry
;
584 PAGE_MAP_AND_DIRECTORY_POINTER
*PageDirectoryPointerEntry
;
585 PAGE_TABLE_1G_ENTRY
*PageDirectory1GEntry
;
586 PAGE_TABLE_ENTRY
*PageDirectory2MEntry
;
587 PAGE_TABLE_4K_ENTRY
*PageTableEntry
;
589 UINT64 AddressEncMask
;
591 RETURN_STATUS Status
;
594 // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
596 PageMapLevel4Entry
= NULL
;
600 "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u\n",
606 (Mode
== SetCBit
) ? "Encrypt" : "Decrypt",
611 // Check if we have a valid memory encryption mask
613 AddressEncMask
= GetMemEncryptionAddressMask ();
614 if (!AddressEncMask
) {
615 return RETURN_ACCESS_DENIED
;
618 PgTableMask
= AddressEncMask
| EFI_PAGE_MASK
;
621 return RETURN_INVALID_PARAMETER
;
625 // We are going to change the memory encryption attribute from C=0 -> C=1 or
626 // vice versa Flush the caches to ensure that data is written into memory
627 // with correct C-bit
630 WriteBackInvalidateDataCacheRange((VOID
*) (UINTN
)PhysicalAddress
, Length
);
634 // Make sure that the page table is changeable.
636 IsWpEnabled
= IsReadOnlyPageWriteProtected ();
638 DisableReadOnlyPageWriteProtect ();
641 Status
= EFI_SUCCESS
;
646 // If Cr3BaseAddress is not specified then read the current CR3
648 if (Cr3BaseAddress
== 0) {
649 Cr3BaseAddress
= AsmReadCr3();
652 PageMapLevel4Entry
= (VOID
*) (Cr3BaseAddress
& ~PgTableMask
);
653 PageMapLevel4Entry
+= PML4_OFFSET(PhysicalAddress
);
654 if (!PageMapLevel4Entry
->Bits
.Present
) {
657 "%a:%a: bad PML4 for Physical=0x%Lx\n",
662 Status
= RETURN_NO_MAPPING
;
666 PageDirectory1GEntry
= (VOID
*)(
667 (PageMapLevel4Entry
->Bits
.PageTableBaseAddress
<<
670 PageDirectory1GEntry
+= PDP_OFFSET(PhysicalAddress
);
671 if (!PageDirectory1GEntry
->Bits
.Present
) {
674 "%a:%a: bad PDPE for Physical=0x%Lx\n",
679 Status
= RETURN_NO_MAPPING
;
684 // If the MustBe1 bit is not 1, it's not actually a 1GB entry
686 if (PageDirectory1GEntry
->Bits
.MustBe1
) {
689 // If we have at least 1GB to go, we can just update this entry
691 if (!(PhysicalAddress
& (BIT30
- 1)) && Length
>= BIT30
) {
692 SetOrClearCBit(&PageDirectory1GEntry
->Uint64
, Mode
);
695 "%a:%a: updated 1GB entry for Physical=0x%Lx\n",
700 PhysicalAddress
+= BIT30
;
704 // We must split the page
708 "%a:%a: splitting 1GB page for Physical=0x%Lx\n",
714 (UINT64
)PageDirectory1GEntry
->Bits
.PageTableBaseAddress
<< 30,
715 (UINT64
*)PageDirectory1GEntry
,
725 PageUpperDirectoryPointerEntry
=
726 (PAGE_MAP_AND_DIRECTORY_POINTER
*)PageDirectory1GEntry
;
727 PageDirectory2MEntry
=
729 (PageUpperDirectoryPointerEntry
->Bits
.PageTableBaseAddress
<<
732 PageDirectory2MEntry
+= PDE_OFFSET(PhysicalAddress
);
733 if (!PageDirectory2MEntry
->Bits
.Present
) {
736 "%a:%a: bad PDE for Physical=0x%Lx\n",
741 Status
= RETURN_NO_MAPPING
;
745 // If the MustBe1 bit is not a 1, it's not a 2MB entry
747 if (PageDirectory2MEntry
->Bits
.MustBe1
) {
750 // If we have at least 2MB left to go, we can just update this entry
752 if (!(PhysicalAddress
& (BIT21
-1)) && Length
>= BIT21
) {
753 SetOrClearCBit (&PageDirectory2MEntry
->Uint64
, Mode
);
754 PhysicalAddress
+= BIT21
;
758 // We must split up this page into 4K pages
762 "%a:%a: splitting 2MB page for Physical=0x%Lx\n",
768 (UINT64
)PageDirectory2MEntry
->Bits
.PageTableBaseAddress
<< 21,
769 (UINT64
*)PageDirectory2MEntry
,
776 PageDirectoryPointerEntry
=
777 (PAGE_MAP_AND_DIRECTORY_POINTER
*)PageDirectory2MEntry
;
780 (PageDirectoryPointerEntry
->Bits
.PageTableBaseAddress
<<
783 PageTableEntry
+= PTE_OFFSET(PhysicalAddress
);
784 if (!PageTableEntry
->Bits
.Present
) {
787 "%a:%a: bad PTE for Physical=0x%Lx\n",
792 Status
= RETURN_NO_MAPPING
;
795 SetOrClearCBit (&PageTableEntry
->Uint64
, Mode
);
796 PhysicalAddress
+= EFI_PAGE_SIZE
;
797 Length
-= EFI_PAGE_SIZE
;
803 // Protect the page table by marking the memory used for page table to be
807 EnablePageTableProtection ((UINTN
)PageMapLevel4Entry
, TRUE
);
817 // Restore page table write protection, if any.
820 EnableReadOnlyPageWriteProtect ();
827 This function clears memory encryption bit for the memory region specified by
828 PhysicalAddress and Length from the current page table context.
830 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
832 @param[in] PhysicalAddress The physical address that is the start
833 address of a memory region.
834 @param[in] Length The length of memory region
835 @param[in] Flush Flush the caches before applying the
838 @retval RETURN_SUCCESS The attributes were cleared for the
840 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
841 @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute
846 InternalMemEncryptSevSetMemoryDecrypted (
847 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
848 IN PHYSICAL_ADDRESS PhysicalAddress
,
854 return SetMemoryEncDec (
864 This function sets memory encryption bit for the memory region specified by
865 PhysicalAddress and Length from the current page table context.
867 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
869 @param[in] PhysicalAddress The physical address that is the start
870 address of a memory region.
871 @param[in] Length The length of memory region
872 @param[in] Flush Flush the caches before applying the
875 @retval RETURN_SUCCESS The attributes were set for the memory
877 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
878 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
883 InternalMemEncryptSevSetMemoryEncrypted (
884 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
885 IN PHYSICAL_ADDRESS PhysicalAddress
,
890 return SetMemoryEncDec (