]>
Commit | Line | Data |
---|---|---|
656419f9 RC |
1 | /**@file\r |
2 | Initialize Secure Encrypted Virtualization (SEV) support\r | |
3 | \r | |
45388d04 | 4 | Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>\r |
656419f9 RC |
5 | \r |
6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
7 | \r | |
8 | **/\r | |
9 | //\r | |
10 | // The package level header files this module uses\r | |
11 | //\r | |
12 | #include <IndustryStandard/Q35MchIch9.h>\r | |
13 | #include <Library/DebugLib.h>\r | |
14 | #include <Library/HobLib.h>\r | |
15 | #include <Library/MemEncryptSevLib.h>\r | |
16 | #include <Library/PcdLib.h>\r | |
17 | #include <PiPei.h>\r | |
656419f9 RC |
18 | #include <Register/Intel/SmramSaveStateMap.h>\r |
19 | \r | |
20 | #include "Platform.h"\r | |
21 | \r | |
22 | /**\r | |
23 | \r | |
24 | Function checks if SEV support is available, if present then it sets\r | |
25 | the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.\r | |
26 | \r | |
27 | **/\r | |
28 | VOID\r | |
29 | AmdSevInitialize (\r | |
30 | VOID\r | |
31 | )\r | |
32 | {\r | |
ac0a286f MK |
33 | UINT64 EncryptionMask;\r |
34 | RETURN_STATUS PcdStatus;\r | |
656419f9 RC |
35 | \r |
36 | //\r | |
37 | // Check if SEV is enabled\r | |
38 | //\r | |
39 | if (!MemEncryptSevIsEnabled ()) {\r | |
40 | return;\r | |
41 | }\r | |
42 | \r | |
656419f9 RC |
43 | //\r |
44 | // Set Memory Encryption Mask PCD\r | |
45 | //\r | |
45388d04 | 46 | EncryptionMask = MemEncryptSevGetEncryptionMask ();\r |
ac0a286f | 47 | PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r |
656419f9 RC |
48 | ASSERT_RETURN_ERROR (PcdStatus);\r |
49 | \r | |
50 | DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r | |
51 | \r | |
52 | //\r | |
53 | // Set Pcd to Deny the execution of option ROM when security\r | |
54 | // violation.\r | |
55 | //\r | |
56 | PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r | |
57 | ASSERT_RETURN_ERROR (PcdStatus);\r | |
58 | \r | |
59 | //\r | |
60 | // When SMM is required, cover the pages containing the initial SMRAM Save\r | |
61 | // State Map with a memory allocation HOB:\r | |
62 | //\r | |
63 | // There's going to be a time interval between our decrypting those pages for\r | |
64 | // SMBASE relocation and re-encrypting the same pages after SMBASE\r | |
65 | // relocation. We shall ensure that the DXE phase stay away from those pages\r | |
66 | // until after re-encryption, in order to prevent an information leak to the\r | |
67 | // hypervisor.\r | |
68 | //\r | |
69 | if (FeaturePcdGet (PcdSmmSmramRequire) && (mBootMode != BOOT_ON_S3_RESUME)) {\r | |
ac0a286f MK |
70 | RETURN_STATUS LocateMapStatus;\r |
71 | UINTN MapPagesBase;\r | |
72 | UINTN MapPagesCount;\r | |
656419f9 RC |
73 | \r |
74 | LocateMapStatus = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r | |
75 | &MapPagesBase,\r | |
76 | &MapPagesCount\r | |
77 | );\r | |
78 | ASSERT_RETURN_ERROR (LocateMapStatus);\r | |
79 | \r | |
80 | if (mQ35SmramAtDefaultSmbase) {\r | |
81 | //\r | |
82 | // The initial SMRAM Save State Map has been covered as part of a larger\r | |
83 | // reserved memory allocation in InitializeRamRegions().\r | |
84 | //\r | |
85 | ASSERT (SMM_DEFAULT_SMBASE <= MapPagesBase);\r | |
86 | ASSERT (\r | |
87 | (MapPagesBase + EFI_PAGES_TO_SIZE (MapPagesCount) <=\r | |
88 | SMM_DEFAULT_SMBASE + MCH_DEFAULT_SMBASE_SIZE)\r | |
89 | );\r | |
90 | } else {\r | |
91 | BuildMemoryAllocationHob (\r | |
92 | MapPagesBase, // BaseAddress\r | |
93 | EFI_PAGES_TO_SIZE (MapPagesCount), // Length\r | |
94 | EfiBootServicesData // MemoryType\r | |
95 | );\r | |
96 | }\r | |
97 | }\r | |
98 | }\r |