2 Initialize Secure Encrypted Virtualization (SEV) support
4 Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>
5 Copyright (c) 2019, Citrix Systems, Inc.
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 // The package level header files this module uses
13 #include <Library/DebugLib.h>
14 #include <Library/MemEncryptSevLib.h>
15 #include <Library/PcdLib.h>
17 #include <Register/Amd/Cpuid.h>
18 #include <Register/Cpuid.h>
24 Function checks if SEV support is available, if present then it sets
25 the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.
33 CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx
;
34 UINT64 EncryptionMask
;
35 RETURN_STATUS PcdStatus
;
38 // Check if SEV is enabled
40 if (!MemEncryptSevIsEnabled ()) {
45 // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
47 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, NULL
, &Ebx
.Uint32
, NULL
, NULL
);
48 EncryptionMask
= LShiftU64 (1, Ebx
.Bits
.PtePosBits
);
51 // Set Memory Encryption Mask PCD
53 PcdStatus
= PcdSet64S (PcdPteMemoryEncryptionAddressOrMask
, EncryptionMask
);
54 ASSERT_RETURN_ERROR (PcdStatus
);
56 DEBUG ((DEBUG_INFO
, "SEV is enabled (mask 0x%lx)\n", EncryptionMask
));
59 // Set Pcd to Deny the execution of option ROM when security
62 PcdStatus
= PcdSet32S (PcdOptionRomImageVerificationPolicy
, 0x4);
63 ASSERT_RETURN_ERROR (PcdStatus
);