]>
Commit | Line | Data |
---|---|---|
a746ca5b TL |
1 | /** @file\r |
2 | \r | |
3 | Secure Encrypted Virtualization (SEV) library helper function\r | |
4 | \r | |
5 | Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>\r | |
6 | \r | |
7 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
8 | \r | |
9 | **/\r | |
10 | \r | |
11 | #include <Library/BaseLib.h>\r | |
12 | #include <Library/DebugLib.h>\r | |
13 | #include <Library/MemEncryptSevLib.h>\r | |
14 | #include <Library/PcdLib.h>\r | |
15 | #include <Register/Amd/Cpuid.h>\r | |
16 | #include <Register/Amd/Msr.h>\r | |
17 | #include <Register/Cpuid.h>\r | |
18 | #include <Uefi/UefiBaseType.h>\r | |
19 | \r | |
20 | /**\r | |
21 | Reads and sets the status of SEV features.\r | |
22 | \r | |
23 | **/\r | |
24 | STATIC\r | |
25 | UINT32\r | |
26 | EFIAPI\r | |
27 | InternalMemEncryptSevStatus (\r | |
28 | VOID\r | |
29 | )\r | |
30 | {\r | |
31 | UINT32 RegEax;\r | |
32 | CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;\r | |
33 | BOOLEAN ReadSevMsr;\r | |
34 | SEC_SEV_ES_WORK_AREA *SevEsWorkArea;\r | |
35 | \r | |
36 | ReadSevMsr = FALSE;\r | |
37 | \r | |
ac0a286f MK |
38 | SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r |
39 | if ((SevEsWorkArea != NULL) && (SevEsWorkArea->EncryptionMask != 0)) {\r | |
a746ca5b TL |
40 | //\r |
41 | // The MSR has been read before, so it is safe to read it again and avoid\r | |
42 | // having to validate the CPUID information.\r | |
43 | //\r | |
44 | ReadSevMsr = TRUE;\r | |
45 | } else {\r | |
46 | //\r | |
47 | // Check if memory encryption leaf exist\r | |
48 | //\r | |
49 | AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);\r | |
50 | if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {\r | |
51 | //\r | |
52 | // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)\r | |
53 | //\r | |
54 | AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);\r | |
55 | \r | |
56 | if (Eax.Bits.SevBit) {\r | |
57 | ReadSevMsr = TRUE;\r | |
58 | }\r | |
59 | }\r | |
60 | }\r | |
61 | \r | |
62 | return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0;\r | |
63 | }\r | |
64 | \r | |
65 | /**\r | |
66 | Returns a boolean to indicate whether SEV-ES is enabled.\r | |
67 | \r | |
68 | @retval TRUE SEV-ES is enabled\r | |
69 | @retval FALSE SEV-ES is not enabled\r | |
70 | **/\r | |
71 | BOOLEAN\r | |
72 | EFIAPI\r | |
73 | MemEncryptSevEsIsEnabled (\r | |
74 | VOID\r | |
75 | )\r | |
76 | {\r | |
ac0a286f | 77 | MSR_SEV_STATUS_REGISTER Msr;\r |
a746ca5b TL |
78 | \r |
79 | Msr.Uint32 = InternalMemEncryptSevStatus ();\r | |
80 | \r | |
81 | return Msr.Bits.SevEsBit ? TRUE : FALSE;\r | |
82 | }\r | |
83 | \r | |
84 | /**\r | |
85 | Returns a boolean to indicate whether SEV is enabled.\r | |
86 | \r | |
87 | @retval TRUE SEV is enabled\r | |
88 | @retval FALSE SEV is not enabled\r | |
89 | **/\r | |
90 | BOOLEAN\r | |
91 | EFIAPI\r | |
92 | MemEncryptSevIsEnabled (\r | |
93 | VOID\r | |
94 | )\r | |
95 | {\r | |
ac0a286f | 96 | MSR_SEV_STATUS_REGISTER Msr;\r |
a746ca5b TL |
97 | \r |
98 | Msr.Uint32 = InternalMemEncryptSevStatus ();\r | |
99 | \r | |
100 | return Msr.Bits.SevBit ? TRUE : FALSE;\r | |
101 | }\r | |
102 | \r | |
103 | /**\r | |
104 | Returns the SEV encryption mask.\r | |
105 | \r | |
106 | @return The SEV pagtable encryption mask\r | |
107 | **/\r | |
108 | UINT64\r | |
109 | EFIAPI\r | |
110 | MemEncryptSevGetEncryptionMask (\r | |
111 | VOID\r | |
112 | )\r | |
113 | {\r | |
114 | CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r | |
115 | SEC_SEV_ES_WORK_AREA *SevEsWorkArea;\r | |
116 | UINT64 EncryptionMask;\r | |
117 | \r | |
ac0a286f | 118 | SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r |
a746ca5b TL |
119 | if (SevEsWorkArea != NULL) {\r |
120 | EncryptionMask = SevEsWorkArea->EncryptionMask;\r | |
121 | } else {\r | |
122 | //\r | |
123 | // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r | |
124 | //\r | |
125 | AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r | |
126 | EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r | |
127 | }\r | |
128 | \r | |
129 | return EncryptionMask;\r | |
130 | }\r | |
131 | \r | |
132 | /**\r | |
133 | Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM\r | |
134 | Save State Map.\r | |
135 | \r | |
136 | @param[out] BaseAddress The base address of the lowest-address page that\r | |
137 | covers the initial SMRAM Save State Map.\r | |
138 | \r | |
139 | @param[out] NumberOfPages The number of pages in the page range that covers\r | |
140 | the initial SMRAM Save State Map.\r | |
141 | \r | |
142 | @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on\r | |
143 | output.\r | |
144 | \r | |
145 | @retval RETURN_UNSUPPORTED SMM is unavailable.\r | |
146 | **/\r | |
147 | RETURN_STATUS\r | |
148 | EFIAPI\r | |
149 | MemEncryptSevLocateInitialSmramSaveStateMapPages (\r | |
ac0a286f MK |
150 | OUT UINTN *BaseAddress,\r |
151 | OUT UINTN *NumberOfPages\r | |
a746ca5b TL |
152 | )\r |
153 | {\r | |
154 | return RETURN_UNSUPPORTED;\r | |
155 | }\r |