3 Virtual Memory Management Services to set or clear the memory encryption bit
5 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
6 Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
8 This program and the accompanying materials
9 are licensed and made available under the terms and conditions of the BSD License
10 which accompanies this distribution. The full text of the license may be found at
11 http://opensource.org/licenses/bsd-license.php
13 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
14 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
20 #include <Library/CpuLib.h>
21 #include <Register/Cpuid.h>
22 #include <Register/Amd/Cpuid.h>
24 #include "VirtualMemory.h"
26 STATIC BOOLEAN mAddressEncMaskChecked
= FALSE
;
27 STATIC UINT64 mAddressEncMask
;
35 Get the memory encryption mask
37 @param[out] EncryptionMask contains the pte mask.
42 GetMemEncryptionAddressMask (
46 UINT64 EncryptionMask
;
47 CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx
;
49 if (mAddressEncMaskChecked
) {
50 return mAddressEncMask
;
54 // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
56 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, NULL
, &Ebx
.Uint32
, NULL
, NULL
);
57 EncryptionMask
= LShiftU64 (1, Ebx
.Bits
.PtePosBits
);
59 mAddressEncMask
= EncryptionMask
& PAGING_1G_ADDRESS_MASK_64
;
60 mAddressEncMaskChecked
= TRUE
;
62 return mAddressEncMask
;
68 @param[in] PhysicalAddress Start physical address the 2M page covered.
69 @param[in, out] PageEntry2M Pointer to 2M page entry.
70 @param[in] StackBase Stack base address.
71 @param[in] StackSize Stack size.
77 IN PHYSICAL_ADDRESS PhysicalAddress
,
78 IN OUT UINT64
*PageEntry2M
,
79 IN PHYSICAL_ADDRESS StackBase
,
83 PHYSICAL_ADDRESS PhysicalAddress4K
;
84 UINTN IndexOfPageTableEntries
;
85 PAGE_TABLE_4K_ENTRY
*PageTableEntry
, *PageTableEntry1
;
86 UINT64 AddressEncMask
;
88 PageTableEntry
= AllocatePages(1);
90 PageTableEntry1
= PageTableEntry
;
92 AddressEncMask
= GetMemEncryptionAddressMask ();
94 ASSERT (PageTableEntry
!= NULL
);
95 ASSERT (*PageEntry2M
& AddressEncMask
);
97 PhysicalAddress4K
= PhysicalAddress
;
98 for (IndexOfPageTableEntries
= 0; IndexOfPageTableEntries
< 512; IndexOfPageTableEntries
++, PageTableEntry
++, PhysicalAddress4K
+= SIZE_4KB
) {
100 // Fill in the Page Table entries
102 PageTableEntry
->Uint64
= (UINT64
) PhysicalAddress4K
| AddressEncMask
;
103 PageTableEntry
->Bits
.ReadWrite
= 1;
104 PageTableEntry
->Bits
.Present
= 1;
105 if ((PhysicalAddress4K
>= StackBase
) && (PhysicalAddress4K
< StackBase
+ StackSize
)) {
107 // Set Nx bit for stack.
109 PageTableEntry
->Bits
.Nx
= 1;
114 // Fill in 2M page entry.
116 *PageEntry2M
= (UINT64
) (UINTN
) PageTableEntry1
| IA32_PG_P
| IA32_PG_RW
| AddressEncMask
;
122 @param[in] PhysicalAddress Start physical address the 1G page covered.
123 @param[in, out] PageEntry1G Pointer to 1G page entry.
124 @param[in] StackBase Stack base address.
125 @param[in] StackSize Stack size.
131 IN PHYSICAL_ADDRESS PhysicalAddress
,
132 IN OUT UINT64
*PageEntry1G
,
133 IN PHYSICAL_ADDRESS StackBase
,
137 PHYSICAL_ADDRESS PhysicalAddress2M
;
138 UINTN IndexOfPageDirectoryEntries
;
139 PAGE_TABLE_ENTRY
*PageDirectoryEntry
;
140 UINT64 AddressEncMask
;
142 PageDirectoryEntry
= AllocatePages(1);
144 AddressEncMask
= GetMemEncryptionAddressMask ();
145 ASSERT (PageDirectoryEntry
!= NULL
);
146 ASSERT (*PageEntry1G
& GetMemEncryptionAddressMask ());
148 // Fill in 1G page entry.
150 *PageEntry1G
= (UINT64
) (UINTN
) PageDirectoryEntry
| IA32_PG_P
| IA32_PG_RW
| AddressEncMask
;
152 PhysicalAddress2M
= PhysicalAddress
;
153 for (IndexOfPageDirectoryEntries
= 0; IndexOfPageDirectoryEntries
< 512; IndexOfPageDirectoryEntries
++, PageDirectoryEntry
++, PhysicalAddress2M
+= SIZE_2MB
) {
154 if ((PhysicalAddress2M
< StackBase
+ StackSize
) && ((PhysicalAddress2M
+ SIZE_2MB
) > StackBase
)) {
156 // Need to split this 2M page that covers stack range.
158 Split2MPageTo4K (PhysicalAddress2M
, (UINT64
*) PageDirectoryEntry
, StackBase
, StackSize
);
161 // Fill in the Page Directory entries
163 PageDirectoryEntry
->Uint64
= (UINT64
) PhysicalAddress2M
| AddressEncMask
;
164 PageDirectoryEntry
->Bits
.ReadWrite
= 1;
165 PageDirectoryEntry
->Bits
.Present
= 1;
166 PageDirectoryEntry
->Bits
.MustBe1
= 1;
173 Set or Clear the memory encryption bit
175 @param[in] PagetablePoint Page table entry pointer (PTE).
176 @param[in] Mode Set or Clear encryption bit
181 IN OUT UINT64
* PageTablePointer
,
182 IN MAP_RANGE_MODE Mode
185 UINT64 AddressEncMask
;
187 AddressEncMask
= GetMemEncryptionAddressMask ();
189 if (Mode
== SetCBit
) {
190 *PageTablePointer
|= AddressEncMask
;
192 *PageTablePointer
&= ~AddressEncMask
;
198 This function either sets or clears memory encryption bit for the memory region
199 specified by PhysicalAddress and length from the current page table context.
201 The function iterates through the physicalAddress one page at a time, and set
202 or clears the memory encryption mask in the page table. If it encounters
203 that a given physical address range is part of large page then it attempts to
204 change the attribute at one go (based on size), otherwise it splits the
205 large pages into smaller (e.g 2M page into 4K pages) and then try to set or
206 clear the encryption bit on the smallest page size.
208 @param[in] PhysicalAddress The physical address that is the start
209 address of a memory region.
210 @param[in] Length The length of memory region
211 @param[in] Mode Set or Clear mode
212 @param[in] Flush Flush the caches before applying the
215 @retval RETURN_SUCCESS The attributes were cleared for the memory
217 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
218 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is
226 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
227 IN PHYSICAL_ADDRESS PhysicalAddress
,
229 IN MAP_RANGE_MODE Mode
,
230 IN BOOLEAN CacheFlush
233 PAGE_MAP_AND_DIRECTORY_POINTER
*PageMapLevel4Entry
;
234 PAGE_MAP_AND_DIRECTORY_POINTER
*PageUpperDirectoryPointerEntry
;
235 PAGE_MAP_AND_DIRECTORY_POINTER
*PageDirectoryPointerEntry
;
236 PAGE_TABLE_1G_ENTRY
*PageDirectory1GEntry
;
237 PAGE_TABLE_ENTRY
*PageDirectory2MEntry
;
238 PAGE_TABLE_4K_ENTRY
*PageTableEntry
;
240 UINT64 AddressEncMask
;
244 "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u\n",
250 (Mode
== SetCBit
) ? "Encrypt" : "Decrypt",
255 // Check if we have a valid memory encryption mask
257 AddressEncMask
= GetMemEncryptionAddressMask ();
258 if (!AddressEncMask
) {
259 return RETURN_ACCESS_DENIED
;
262 PgTableMask
= AddressEncMask
| EFI_PAGE_MASK
;
265 return RETURN_INVALID_PARAMETER
;
269 // We are going to change the memory encryption attribute from C=0 -> C=1 or
270 // vice versa Flush the caches to ensure that data is written into memory with
274 WriteBackInvalidateDataCacheRange((VOID
*) (UINTN
)PhysicalAddress
, Length
);
280 // If Cr3BaseAddress is not specified then read the current CR3
282 if (Cr3BaseAddress
== 0) {
283 Cr3BaseAddress
= AsmReadCr3();
286 PageMapLevel4Entry
= (VOID
*) (Cr3BaseAddress
& ~PgTableMask
);
287 PageMapLevel4Entry
+= PML4_OFFSET(PhysicalAddress
);
288 if (!PageMapLevel4Entry
->Bits
.Present
) {
291 "%a:%a: bad PML4 for Physical=0x%Lx\n",
296 return RETURN_NO_MAPPING
;
299 PageDirectory1GEntry
= (VOID
*) ((PageMapLevel4Entry
->Bits
.PageTableBaseAddress
<<12) & ~PgTableMask
);
300 PageDirectory1GEntry
+= PDP_OFFSET(PhysicalAddress
);
301 if (!PageDirectory1GEntry
->Bits
.Present
) {
304 "%a:%a: bad PDPE for Physical=0x%Lx\n",
309 return RETURN_NO_MAPPING
;
313 // If the MustBe1 bit is not 1, it's not actually a 1GB entry
315 if (PageDirectory1GEntry
->Bits
.MustBe1
) {
318 // If we have at least 1GB to go, we can just update this entry
320 if (!(PhysicalAddress
& (BIT30
- 1)) && Length
>= BIT30
) {
321 SetOrClearCBit(&PageDirectory1GEntry
->Uint64
, Mode
);
324 "%a:%a: updated 1GB entry for Physical=0x%Lx\n",
329 PhysicalAddress
+= BIT30
;
333 // We must split the page
337 "%a:%a: splitting 1GB page for Physical=0x%Lx\n",
342 Split1GPageTo2M(((UINT64
)PageDirectory1GEntry
->Bits
.PageTableBaseAddress
)<<30, (UINT64
*) PageDirectory1GEntry
, 0, 0);
349 PageUpperDirectoryPointerEntry
= (PAGE_MAP_AND_DIRECTORY_POINTER
*) PageDirectory1GEntry
;
350 PageDirectory2MEntry
= (VOID
*) ((PageUpperDirectoryPointerEntry
->Bits
.PageTableBaseAddress
<<12) & ~PgTableMask
);
351 PageDirectory2MEntry
+= PDE_OFFSET(PhysicalAddress
);
352 if (!PageDirectory2MEntry
->Bits
.Present
) {
355 "%a:%a: bad PDE for Physical=0x%Lx\n",
360 return RETURN_NO_MAPPING
;
363 // If the MustBe1 bit is not a 1, it's not a 2MB entry
365 if (PageDirectory2MEntry
->Bits
.MustBe1
) {
368 // If we have at least 2MB left to go, we can just update this entry
370 if (!(PhysicalAddress
& (BIT21
-1)) && Length
>= BIT21
) {
371 SetOrClearCBit (&PageDirectory2MEntry
->Uint64
, Mode
);
372 PhysicalAddress
+= BIT21
;
376 // We must split up this page into 4K pages
380 "%a:%a: splitting 2MB page for Physical=0x%Lx\n",
385 Split2MPageTo4K (((UINT64
)PageDirectory2MEntry
->Bits
.PageTableBaseAddress
) << 21, (UINT64
*) PageDirectory2MEntry
, 0, 0);
389 PageDirectoryPointerEntry
= (PAGE_MAP_AND_DIRECTORY_POINTER
*) PageDirectory2MEntry
;
390 PageTableEntry
= (VOID
*) (PageDirectoryPointerEntry
->Bits
.PageTableBaseAddress
<<12 & ~PgTableMask
);
391 PageTableEntry
+= PTE_OFFSET(PhysicalAddress
);
392 if (!PageTableEntry
->Bits
.Present
) {
395 "%a:%a: bad PTE for Physical=0x%Lx\n",
400 return RETURN_NO_MAPPING
;
402 SetOrClearCBit (&PageTableEntry
->Uint64
, Mode
);
403 PhysicalAddress
+= EFI_PAGE_SIZE
;
404 Length
-= EFI_PAGE_SIZE
;
414 return RETURN_SUCCESS
;
418 This function clears memory encryption bit for the memory region specified by
419 PhysicalAddress and length from the current page table context.
421 @param[in] PhysicalAddress The physical address that is the start
422 address of a memory region.
423 @param[in] Length The length of memory region
424 @param[in] Flush Flush the caches before applying the
427 @retval RETURN_SUCCESS The attributes were cleared for the memory
429 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
430 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is
435 InternalMemEncryptSevSetMemoryDecrypted (
436 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
437 IN PHYSICAL_ADDRESS PhysicalAddress
,
443 return SetMemoryEncDec (Cr3BaseAddress
, PhysicalAddress
, Length
, ClearCBit
, Flush
);
447 This function sets memory encryption bit for the memory region specified by
448 PhysicalAddress and length from the current page table context.
450 @param[in] PhysicalAddress The physical address that is the start address
452 @param[in] Length The length of memory region
453 @param[in] Flush Flush the caches before applying the
456 @retval RETURN_SUCCESS The attributes were cleared for the memory
458 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
459 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is
464 InternalMemEncryptSevSetMemoryEncrypted (
465 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
466 IN PHYSICAL_ADDRESS PhysicalAddress
,
471 return SetMemoryEncDec (Cr3BaseAddress
, PhysicalAddress
, Length
, SetCBit
, Flush
);