[mirror_edk2.git] / OvmfPkg / Library / BaseMemEncryptSevLib / PeiMemEncryptSevLibInternal.c

/** @file\r
\r
  Secure Encrypted Virtualization (SEV) library helper function\r
\r
  Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemEncryptSevLib.h>\r
#include <Library/PcdLib.h>\r
#include <Register/Amd/Cpuid.h>\r
#include <Register/Amd/Msr.h>\r
#include <Register/Cpuid.h>\r
#include <Uefi/UefiBaseType.h>\r
\r
STATIC BOOLEAN  mSevStatus        = FALSE;\r
STATIC BOOLEAN  mSevEsStatus      = FALSE;\r
STATIC BOOLEAN  mSevStatusChecked = FALSE;\r
\r
STATIC UINT64   mSevEncryptionMask      = 0;\r
STATIC BOOLEAN  mSevEncryptionMaskSaved = FALSE;\r
\r
/**\r
  Reads and sets the status of SEV features.\r
\r
  **/\r
STATIC\r
VOID\r
EFIAPI\r
InternalMemEncryptSevStatus (\r
  VOID\r
  )\r
{\r
  UINT32                            RegEax;\r
  MSR_SEV_STATUS_REGISTER           Msr;\r
  CPUID_MEMORY_ENCRYPTION_INFO_EAX  Eax;\r
  BOOLEAN                           ReadSevMsr;\r
  SEC_SEV_ES_WORK_AREA              *SevEsWorkArea;\r
\r
  ReadSevMsr = FALSE;\r
\r
  SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
  if ((SevEsWorkArea != NULL) && (SevEsWorkArea->EncryptionMask != 0)) {\r
    //\r
    // The MSR has been read before, so it is safe to read it again and avoid\r
    // having to validate the CPUID information.\r
    //\r
    ReadSevMsr = TRUE;\r
  } else {\r
    //\r
    // Check if memory encryption leaf exist\r
    //\r
    AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);\r
    if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {\r
      //\r
      // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)\r
      //\r
      AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);\r
\r
      if (Eax.Bits.SevBit) {\r
        ReadSevMsr = TRUE;\r
      }\r
    }\r
  }\r
\r
  if (ReadSevMsr) {\r
    //\r
    // Check MSR_0xC0010131 Bit 0 (Sev Enabled)\r
    //\r
    Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);\r
    if (Msr.Bits.SevBit) {\r
      mSevStatus = TRUE;\r
    }\r
\r
    //\r
    // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)\r
    //\r
    if (Msr.Bits.SevEsBit) {\r
      mSevEsStatus = TRUE;\r
    }\r
  }\r
\r
  mSevStatusChecked = TRUE;\r
}\r
\r
/**\r
  Returns a boolean to indicate whether SEV-ES is enabled.\r
\r
  @retval TRUE           SEV-ES is enabled\r
  @retval FALSE          SEV-ES is not enabled\r
**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevEsIsEnabled (\r
  VOID\r
  )\r
{\r
  if (!mSevStatusChecked) {\r
    InternalMemEncryptSevStatus ();\r
  }\r
\r
  return mSevEsStatus;\r
}\r
\r
/**\r
  Returns a boolean to indicate whether SEV is enabled.\r
\r
  @retval TRUE           SEV is enabled\r
  @retval FALSE          SEV is not enabled\r
**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevIsEnabled (\r
  VOID\r
  )\r
{\r
  if (!mSevStatusChecked) {\r
    InternalMemEncryptSevStatus ();\r
  }\r
\r
  return mSevStatus;\r
}\r
\r
/**\r
  Returns the SEV encryption mask.\r
\r
  @return  The SEV pagtable encryption mask\r
**/\r
UINT64\r
EFIAPI\r
MemEncryptSevGetEncryptionMask (\r
  VOID\r
  )\r
{\r
  if (!mSevEncryptionMaskSaved) {\r
    SEC_SEV_ES_WORK_AREA  *SevEsWorkArea;\r
\r
    SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
    if (SevEsWorkArea != NULL) {\r
      mSevEncryptionMask = SevEsWorkArea->EncryptionMask;\r
    } else {\r
      CPUID_MEMORY_ENCRYPTION_INFO_EBX  Ebx;\r
\r
      //\r
      // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
      //\r
      AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
      mSevEncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
    }\r
\r
    mSevEncryptionMaskSaved = TRUE;\r
  }\r
\r
  return mSevEncryptionMask;\r
}\r
Commit	Line	Data
b97dc4b9 TL	1	/** @file\r
	2	\r
	3	Secure Encrypted Virtualization (SEV) library helper function\r
	4	\r
	5	Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>\r
	6	\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	\r
	9	**/\r
	10	\r
	11	#include <Library/BaseLib.h>\r
	12	#include <Library/DebugLib.h>\r
	13	#include <Library/MemEncryptSevLib.h>\r
	14	#include <Library/PcdLib.h>\r
	15	#include <Register/Amd/Cpuid.h>\r
	16	#include <Register/Amd/Msr.h>\r
	17	#include <Register/Cpuid.h>\r
	18	#include <Uefi/UefiBaseType.h>\r
	19	\r
ac0a286f MK	20	STATIC BOOLEAN mSevStatus = FALSE;\r
	21	STATIC BOOLEAN mSevEsStatus = FALSE;\r
	22	STATIC BOOLEAN mSevStatusChecked = FALSE;\r
b97dc4b9	23	\r
ac0a286f MK	24	STATIC UINT64 mSevEncryptionMask = 0;\r
ac0a286f MK	25	STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;\r
b97dc4b9 TL	26	\r
	27	/**\r
	28	Reads and sets the status of SEV features.\r
	29	\r
	30	**/\r
	31	STATIC\r
	32	VOID\r
	33	EFIAPI\r
	34	InternalMemEncryptSevStatus (\r
	35	VOID\r
	36	)\r
	37	{\r
	38	UINT32 RegEax;\r
	39	MSR_SEV_STATUS_REGISTER Msr;\r
	40	CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;\r
	41	BOOLEAN ReadSevMsr;\r
	42	SEC_SEV_ES_WORK_AREA *SevEsWorkArea;\r
	43	\r
	44	ReadSevMsr = FALSE;\r
	45	\r
ac0a286f MK	46	SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
ac0a286f MK	47	if ((SevEsWorkArea != NULL) && (SevEsWorkArea->EncryptionMask != 0)) {\r
b97dc4b9 TL	48	//\r
	49	// The MSR has been read before, so it is safe to read it again and avoid\r
	50	// having to validate the CPUID information.\r
	51	//\r
	52	ReadSevMsr = TRUE;\r
	53	} else {\r
	54	//\r
	55	// Check if memory encryption leaf exist\r
	56	//\r
	57	AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);\r
	58	if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {\r
	59	//\r
	60	// CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)\r
	61	//\r
	62	AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);\r
	63	\r
	64	if (Eax.Bits.SevBit) {\r
	65	ReadSevMsr = TRUE;\r
	66	}\r
	67	}\r
	68	}\r
	69	\r
	70	if (ReadSevMsr) {\r
	71	//\r
	72	// Check MSR_0xC0010131 Bit 0 (Sev Enabled)\r
	73	//\r
	74	Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);\r
	75	if (Msr.Bits.SevBit) {\r
	76	mSevStatus = TRUE;\r
	77	}\r
	78	\r
	79	//\r
	80	// Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)\r
	81	//\r
	82	if (Msr.Bits.SevEsBit) {\r
	83	mSevEsStatus = TRUE;\r
	84	}\r
	85	}\r
	86	\r
	87	mSevStatusChecked = TRUE;\r
	88	}\r
	89	\r
	90	/**\r
	91	Returns a boolean to indicate whether SEV-ES is enabled.\r
	92	\r
	93	@retval TRUE SEV-ES is enabled\r
	94	@retval FALSE SEV-ES is not enabled\r
	95	**/\r
	96	BOOLEAN\r
	97	EFIAPI\r
	98	MemEncryptSevEsIsEnabled (\r
	99	VOID\r
	100	)\r
	101	{\r
	102	if (!mSevStatusChecked) {\r
	103	InternalMemEncryptSevStatus ();\r
	104	}\r
	105	\r
	106	return mSevEsStatus;\r
	107	}\r
	108	\r
	109	/**\r
	110	Returns a boolean to indicate whether SEV is enabled.\r
	111	\r
112	@retval TRUE SEV is enabled\r
113	@retval FALSE SEV is not enabled\r
114	**/\r
115	BOOLEAN\r
116	EFIAPI\r
117	MemEncryptSevIsEnabled (\r
118	VOID\r
119	)\r
120	{\r
121	if (!mSevStatusChecked) {\r
122	InternalMemEncryptSevStatus ();\r
123	}\r
124	\r
125	return mSevStatus;\r
126	}\r
127	\r
128	/**\r
129	Returns the SEV encryption mask.\r
130	\r
131	@return The SEV pagtable encryption mask\r
132	**/\r
133	UINT64\r
134	EFIAPI\r
135	MemEncryptSevGetEncryptionMask (\r
136	VOID\r
137	)\r
138	{\r
139	if (!mSevEncryptionMaskSaved) {\r
140	SEC_SEV_ES_WORK_AREA *SevEsWorkArea;\r
141	\r
ac0a286f	142	SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
b97dc4b9 TL	143	if (SevEsWorkArea != NULL) {\r
	144	mSevEncryptionMask = SevEsWorkArea->EncryptionMask;\r
	145	} else {\r
	146	CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r
	147	\r
	148	//\r
	149	// CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
	150	//\r
	151	AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
	152	mSevEncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
	153	}\r
	154	\r
	155	mSevEncryptionMaskSaved = TRUE;\r
	156	}\r
	157	\r
	158	return mSevEncryptionMask;\r
	159	}\r