2 Initialize Secure Encrypted Virtualization (SEV) support
4 Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
10 // The package level header files this module uses
12 #include <IndustryStandard/Q35MchIch9.h>
13 #include <Library/DebugLib.h>
14 #include <Library/HobLib.h>
15 #include <Library/MemEncryptSevLib.h>
16 #include <Library/PcdLib.h>
18 #include <Register/Amd/Cpuid.h>
19 #include <Register/Cpuid.h>
20 #include <Register/Intel/SmramSaveStateMap.h>
26 Function checks if SEV support is available, if present then it sets
27 the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.
35 CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx
;
36 UINT64 EncryptionMask
;
37 RETURN_STATUS PcdStatus
;
40 // Check if SEV is enabled
42 if (!MemEncryptSevIsEnabled ()) {
47 // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
49 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, NULL
, &Ebx
.Uint32
, NULL
, NULL
);
50 EncryptionMask
= LShiftU64 (1, Ebx
.Bits
.PtePosBits
);
53 // Set Memory Encryption Mask PCD
55 PcdStatus
= PcdSet64S (PcdPteMemoryEncryptionAddressOrMask
, EncryptionMask
);
56 ASSERT_RETURN_ERROR (PcdStatus
);
58 DEBUG ((DEBUG_INFO
, "SEV is enabled (mask 0x%lx)\n", EncryptionMask
));
61 // Set Pcd to Deny the execution of option ROM when security
64 PcdStatus
= PcdSet32S (PcdOptionRomImageVerificationPolicy
, 0x4);
65 ASSERT_RETURN_ERROR (PcdStatus
);
68 // When SMM is required, cover the pages containing the initial SMRAM Save
69 // State Map with a memory allocation HOB:
71 // There's going to be a time interval between our decrypting those pages for
72 // SMBASE relocation and re-encrypting the same pages after SMBASE
73 // relocation. We shall ensure that the DXE phase stay away from those pages
74 // until after re-encryption, in order to prevent an information leak to the
77 if (FeaturePcdGet (PcdSmmSmramRequire
) && (mBootMode
!= BOOT_ON_S3_RESUME
)) {
78 RETURN_STATUS LocateMapStatus
;
82 LocateMapStatus
= MemEncryptSevLocateInitialSmramSaveStateMapPages (
86 ASSERT_RETURN_ERROR (LocateMapStatus
);
88 if (mQ35SmramAtDefaultSmbase
) {
90 // The initial SMRAM Save State Map has been covered as part of a larger
91 // reserved memory allocation in InitializeRamRegions().
93 ASSERT (SMM_DEFAULT_SMBASE
<= MapPagesBase
);
95 (MapPagesBase
+ EFI_PAGES_TO_SIZE (MapPagesCount
) <=
96 SMM_DEFAULT_SMBASE
+ MCH_DEFAULT_SMBASE_SIZE
)
99 BuildMemoryAllocationHob (
100 MapPagesBase
, // BaseAddress
101 EFI_PAGES_TO_SIZE (MapPagesCount
), // Length
102 EfiBootServicesData
// MemoryType