#include <Register/Cpuid.h>\r
\r
#include "VirtualMemory.h"\r
+#include "SnpPageStateChange.h"\r
\r
STATIC BOOLEAN mAddressEncMaskChecked = FALSE;\r
STATIC UINT64 mAddressEncMask;\r
PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;\r
PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry;\r
PAGE_TABLE_ENTRY *PageDirectory2MEntry;\r
+ PHYSICAL_ADDRESS OrigPhysicalAddress;\r
PAGE_TABLE_4K_ENTRY *PageTableEntry;\r
UINT64 PgTableMask;\r
UINT64 AddressEncMask;\r
BOOLEAN IsWpEnabled;\r
+ UINTN OrigLength;\r
RETURN_STATUS Status;\r
\r
//\r
\r
Status = EFI_SUCCESS;\r
\r
+ //\r
+ // To maintain the security gurantees we must set the page to shared in the RMP\r
+ // table before clearing the memory encryption mask from the current page table.\r
+ //\r
+ // The InternalSetPageState() is used for setting the page state in the RMP table.\r
+ //\r
+ if ((Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) {\r
+ InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), SevSnpPageShared, FALSE);\r
+ }\r
+\r
+ //\r
+ // Save the specified length and physical address (we need it later).\r
+ //\r
+ OrigLength = Length;\r
+ OrigPhysicalAddress = PhysicalAddress;\r
+\r
while (Length != 0) {\r
//\r
// If Cr3BaseAddress is not specified then read the current CR3\r
//\r
CpuFlushTlb ();\r
\r
+ //\r
+ // SEV-SNP requires that all the private pages (i.e pages mapped encrypted) must be\r
+ // added in the RMP table before the access.\r
+ //\r
+ // The InternalSetPageState() is used for setting the page state in the RMP table.\r
+ //\r
+ if ((Mode == SetCBit) && MemEncryptSevSnpIsEnabled ()) {\r
+ InternalSetPageState (\r
+ OrigPhysicalAddress,\r
+ EFI_SIZE_TO_PAGES (OrigLength),\r
+ SevSnpPagePrivate,\r
+ FALSE\r
+ );\r
+ }\r
+\r
Done:\r
//\r
// Restore page table write protection, if any.\r