\r
Define Secure Encrypted Virtualization (SEV) base library helper function\r
\r
- Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
+ Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>\r
\r
- This program and the accompanying materials are licensed and made available\r
- under the terms and conditions of the BSD License which accompanies this\r
- distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#define _MEM_ENCRYPT_SEV_LIB_H_\r
\r
#include <Base.h>\r
+#include <WorkArea.h>\r
+\r
+//\r
+// Define the maximum number of #VCs allowed (e.g. the level of nesting\r
+// that is allowed => 2 allows for 1 nested #VCs). I this value is changed,\r
+// be sure to increase the size of\r
+// gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize\r
+// in any FDF file using this PCD.\r
+//\r
+#define VMGEXIT_MAXIMUM_VC_COUNT 2\r
+\r
+//\r
+// Per-CPU data mapping structure\r
+// Use UINT32 for cached indicators and compare to a specific value\r
+// so that the hypervisor can't indicate a value is cached by just\r
+// writing random data to that area.\r
+//\r
+typedef struct {\r
+ UINT32 Dr7Cached;\r
+ UINT64 Dr7;\r
+\r
+ UINTN VcCount;\r
+ VOID *GhcbBackupPages;\r
+} SEV_ES_PER_CPU_DATA;\r
+\r
+//\r
+// Memory encryption address range states.\r
+//\r
+typedef enum {\r
+ MemEncryptSevAddressRangeUnencrypted,\r
+ MemEncryptSevAddressRangeEncrypted,\r
+ MemEncryptSevAddressRangeMixed,\r
+ MemEncryptSevAddressRangeError,\r
+} MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;\r
+\r
+/**\r
+ Returns a boolean to indicate whether SEV-ES is enabled.\r
+\r
+ @retval TRUE SEV-ES is enabled\r
+ @retval FALSE SEV-ES is not enabled\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+MemEncryptSevEsIsEnabled (\r
+ VOID\r
+ );\r
\r
/**\r
Returns a boolean to indicate whether SEV is enabled\r
\r
- @retval TRUE SEV is active\r
+ @retval TRUE SEV is enabled\r
@retval FALSE SEV is not enabled\r
- **/\r
+**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevIsEnabled (\r
);\r
\r
/**\r
- This function clears memory encryption bit for the memory region specified\r
- by BaseAddress and Number of pages from the current page table context.\r
-\r
- @param[in] BaseAddress The physical address that is the start address\r
- of a memory region.\r
- @param[in] NumberOfPages The number of pages from start memory region.\r
- @param[in] Flush Flush the caches before clearing the bit\r
- (mostly TRUE except MMIO addresses)\r
-\r
- @retval RETURN_SUCCESS The attributes were cleared for the memory region.\r
- @retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
- @retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not\r
- supported\r
- **/\r
+ This function clears memory encryption bit for the memory region specified by\r
+ BaseAddress and NumPages from the current page table context.\r
+\r
+ @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
+ current CR3)\r
+ @param[in] BaseAddress The physical address that is the start\r
+ address of a memory region.\r
+ @param[in] NumPages The number of pages from start memory\r
+ region.\r
+\r
+ @retval RETURN_SUCCESS The attributes were cleared for the\r
+ memory region.\r
+ @retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
+ @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute\r
+ is not supported\r
+**/\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevClearPageEncMask (\r
- IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
- IN PHYSICAL_ADDRESS BaseAddress,\r
- IN UINTN NumberOfPages,\r
- IN BOOLEAN CacheFlush\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN NumPages\r
);\r
\r
/**\r
This function sets memory encryption bit for the memory region specified by\r
- BaseAddress and Number of pages from the current page table context.\r
-\r
- @param[in] BaseAddress The physical address that is the start address\r
- of a memory region.\r
- @param[in] NumberOfPages The number of pages from start memory region.\r
- @param[in] Flush Flush the caches before clearing the bit\r
- (mostly TRUE except MMIO addresses)\r
-\r
- @retval RETURN_SUCCESS The attributes were set for the memory region.\r
- @retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
- @retval RETURN_UNSUPPORTED Clearing memory encryption attribute is not\r
- supported\r
- **/\r
+ BaseAddress and NumPages from the current page table context.\r
+\r
+ @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
+ current CR3)\r
+ @param[in] BaseAddress The physical address that is the start\r
+ address of a memory region.\r
+ @param[in] NumPages The number of pages from start memory\r
+ region.\r
+\r
+ @retval RETURN_SUCCESS The attributes were set for the memory\r
+ region.\r
+ @retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
+ @retval RETURN_UNSUPPORTED Setting the memory encryption attribute\r
+ is not supported\r
+**/\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevSetPageEncMask (\r
- IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
- IN PHYSICAL_ADDRESS BaseAddress,\r
- IN UINTN NumberOfPages,\r
- IN BOOLEAN CacheFlush\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN NumPages\r
);\r
+\r
+/**\r
+ Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM\r
+ Save State Map.\r
+\r
+ @param[out] BaseAddress The base address of the lowest-address page that\r
+ covers the initial SMRAM Save State Map.\r
+\r
+ @param[out] NumberOfPages The number of pages in the page range that covers\r
+ the initial SMRAM Save State Map.\r
+\r
+ @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on\r
+ output.\r
+\r
+ @retval RETURN_UNSUPPORTED SMM is unavailable.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
+ OUT UINTN *BaseAddress,\r
+ OUT UINTN *NumberOfPages\r
+ );\r
+\r
+/**\r
+ Returns the SEV encryption mask.\r
+\r
+ @return The SEV pagetable encryption mask\r
+**/\r
+UINT64\r
+EFIAPI\r
+MemEncryptSevGetEncryptionMask (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Returns the encryption state of the specified virtual address range.\r
+\r
+ @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
+ current CR3)\r
+ @param[in] BaseAddress Base address to check\r
+ @param[in] Length Length of virtual address range\r
+\r
+ @retval MemEncryptSevAddressRangeUnencrypted Address range is mapped\r
+ unencrypted\r
+ @retval MemEncryptSevAddressRangeEncrypted Address range is mapped\r
+ encrypted\r
+ @retval MemEncryptSevAddressRangeMixed Address range is mapped mixed\r
+ @retval MemEncryptSevAddressRangeError Address range is not mapped\r
+**/\r
+MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE\r
+EFIAPI\r
+MemEncryptSevGetAddressRangeState (\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN Length\r
+ );\r
+\r
+/**\r
+ This function clears memory encryption bit for the MMIO region specified by\r
+ BaseAddress and NumPages.\r
+\r
+ @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
+ current CR3)\r
+ @param[in] BaseAddress The physical address that is the start\r
+ address of a MMIO region.\r
+ @param[in] NumPages The number of pages from start memory\r
+ region.\r
+\r
+ @retval RETURN_SUCCESS The attributes were cleared for the\r
+ memory region.\r
+ @retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
+ @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute\r
+ is not supported\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+MemEncryptSevClearMmioPageEncMask (\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN NumPages\r
+ );\r
+\r
#endif // _MEM_ENCRYPT_SEV_LIB_H_\r