From: Tom Lendacky Date: Wed, 12 Aug 2020 20:21:39 +0000 (-0500) Subject: OvmfPkg: Add support to perform SEV-ES initialization X-Git-Tag: edk2-stable202008~71 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=cf845a749a1cc25c6b63586de08ea69cd8832bc9;hp=0afa1d08f185e5d609caf49b5fa92401ce29cd13;p=mirror_edk2.git OvmfPkg: Add support to perform SEV-ES initialization BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 When SEV-ES is enabled, then SEV is also enabled. Add support to the SEV initialization function to also check for SEV-ES being enabled, and if enabled, set the SEV-ES enabled PCD (PcdSevEsIsEnabled). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky Regression-tested-by: Laszlo Ersek --- diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index c57bba1ba1..f84f23f250 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -607,6 +607,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set SEV-ES defaults + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + !if $(SMM_REQUIRE) == TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 22e930b12b..a66abccf82 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -619,6 +619,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set SEV-ES defaults + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + !if $(SMM_REQUIRE) == TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 60be5eae3d..2a8975fd3d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -617,6 +617,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set SEV-ES defaults + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + !if $(SMM_REQUIRE) == TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e484f4b311..4dc5340caa 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -21,6 +21,27 @@ #include "Platform.h" +/** + + Initialize SEV-ES support if running as an SEV-ES guest. + + **/ +STATIC +VOID +AmdSevEsInitialize ( + VOID + ) +{ + RETURN_STATUS PcdStatus; + + if (!MemEncryptSevEsIsEnabled ()) { + return; + } + + PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); +} + /** Function checks if SEV support is available, if present then it sets @@ -103,4 +124,9 @@ AmdSevInitialize ( ); } } + + // + // Check and perform SEV-ES initialization if required. + // + AmdSevEsInitialize (); } diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index ff397b3ee9..00feb96c93 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -103,6 +103,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress