OvmfPkg/XenPlatformPei/AmdSev.c

   1 /**@file
   2   Initialize Secure Encrypted Virtualization (SEV) support
   3
   4   Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>
   5   Copyright (c) 2019, Citrix Systems, Inc.
   6
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10 //
  11 // The package level header files this module uses
  12 //
  13 #include <Library/DebugLib.h>
  14 #include <Library/MemEncryptSevLib.h>
  15 #include <Library/PcdLib.h>
  16 #include <PiPei.h>
  17 #include <Register/Amd/Cpuid.h>
  18 #include <Register/Cpuid.h>
  19
  20 #include "Platform.h"
  21
  22 /**
  23
  24   Function checks if SEV support is available, if present then it sets
  25   the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.
  26
  27   **/
  28 VOID
  29 AmdSevInitialize (
  30   VOID
  31   )
  32 {
  33   CPUID_MEMORY_ENCRYPTION_INFO_EBX  Ebx;
  34   UINT64                            EncryptionMask;
  35   RETURN_STATUS                     PcdStatus;
  36
  37   //
  38   // Check if SEV is enabled
  39   //
  40   if (!MemEncryptSevIsEnabled ()) {
  41     return;
  42   }
  43
  44   //
  45   // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
  46   //
  47   AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);
  48   EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);
  49
  50   //
  51   // Set Memory Encryption Mask PCD
  52   //
  53   PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);
  54   ASSERT_RETURN_ERROR (PcdStatus);
  55
  56   DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
  57
  58   //
  59   // Set Pcd to Deny the execution of option ROM when security
  60   // violation.
  61   //
  62   PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
  63   ASSERT_RETURN_ERROR (PcdStatus);
  64 }