[mirror_edk2.git] / OvmfPkg / Library / BaseMemEncryptSevLib / SecMemEncryptSevLibInternal.c

/** @file\r
\r
  Secure Encrypted Virtualization (SEV) library helper function\r
\r
  Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemEncryptSevLib.h>\r
#include <Library/PcdLib.h>\r
#include <Register/Amd/Cpuid.h>\r
#include <Register/Amd/Msr.h>\r
#include <Register/Cpuid.h>\r
#include <Uefi/UefiBaseType.h>\r
\r
/**\r
  Reads and sets the status of SEV features.\r
\r
  **/\r
STATIC\r
UINT32\r
EFIAPI\r
InternalMemEncryptSevStatus (\r
  VOID\r
  )\r
{\r
  UINT32                            RegEax;\r
  CPUID_MEMORY_ENCRYPTION_INFO_EAX  Eax;\r
  BOOLEAN                           ReadSevMsr;\r
  SEC_SEV_ES_WORK_AREA              *SevEsWorkArea;\r
\r
  ReadSevMsr = FALSE;\r
\r
  SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
  if ((SevEsWorkArea != NULL) && (SevEsWorkArea->EncryptionMask != 0)) {\r
    //\r
    // The MSR has been read before, so it is safe to read it again and avoid\r
    // having to validate the CPUID information.\r
    //\r
    ReadSevMsr = TRUE;\r
  } else {\r
    //\r
    // Check if memory encryption leaf exist\r
    //\r
    AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);\r
    if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {\r
      //\r
      // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)\r
      //\r
      AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);\r
\r
      if (Eax.Bits.SevBit) {\r
        ReadSevMsr = TRUE;\r
      }\r
    }\r
  }\r
\r
  return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0;\r
}\r
\r
/**\r
  Returns a boolean to indicate whether SEV-ES is enabled.\r
\r
  @retval TRUE           SEV-ES is enabled\r
  @retval FALSE          SEV-ES is not enabled\r
**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevEsIsEnabled (\r
  VOID\r
  )\r
{\r
  MSR_SEV_STATUS_REGISTER  Msr;\r
\r
  Msr.Uint32 = InternalMemEncryptSevStatus ();\r
\r
  return Msr.Bits.SevEsBit ? TRUE : FALSE;\r
}\r
\r
/**\r
  Returns a boolean to indicate whether SEV is enabled.\r
\r
  @retval TRUE           SEV is enabled\r
  @retval FALSE          SEV is not enabled\r
**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevIsEnabled (\r
  VOID\r
  )\r
{\r
  MSR_SEV_STATUS_REGISTER  Msr;\r
\r
  Msr.Uint32 = InternalMemEncryptSevStatus ();\r
\r
  return Msr.Bits.SevBit ? TRUE : FALSE;\r
}\r
\r
/**\r
  Returns the SEV encryption mask.\r
\r
  @return  The SEV pagtable encryption mask\r
**/\r
UINT64\r
EFIAPI\r
MemEncryptSevGetEncryptionMask (\r
  VOID\r
  )\r
{\r
  CPUID_MEMORY_ENCRYPTION_INFO_EBX  Ebx;\r
  SEC_SEV_ES_WORK_AREA              *SevEsWorkArea;\r
  UINT64                            EncryptionMask;\r
\r
  SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
  if (SevEsWorkArea != NULL) {\r
    EncryptionMask = SevEsWorkArea->EncryptionMask;\r
  } else {\r
    //\r
    // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
    //\r
    AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
    EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
  }\r
\r
  return EncryptionMask;\r
}\r
\r
/**\r
  Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM\r
  Save State Map.\r
\r
  @param[out] BaseAddress     The base address of the lowest-address page that\r
                              covers the initial SMRAM Save State Map.\r
\r
  @param[out] NumberOfPages   The number of pages in the page range that covers\r
                              the initial SMRAM Save State Map.\r
\r
  @retval RETURN_SUCCESS      BaseAddress and NumberOfPages have been set on\r
                              output.\r
\r
  @retval RETURN_UNSUPPORTED  SMM is unavailable.\r
**/\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
  OUT UINTN  *BaseAddress,\r
  OUT UINTN  *NumberOfPages\r
  )\r
{\r
  return RETURN_UNSUPPORTED;\r
}\r
Commit	Line	Data
a746ca5b TL	1	/** @file\r
	2	\r
	3	Secure Encrypted Virtualization (SEV) library helper function\r
	4	\r
	5	Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>\r
	6	\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	\r
	9	**/\r
	10	\r
	11	#include <Library/BaseLib.h>\r
	12	#include <Library/DebugLib.h>\r
	13	#include <Library/MemEncryptSevLib.h>\r
	14	#include <Library/PcdLib.h>\r
	15	#include <Register/Amd/Cpuid.h>\r
	16	#include <Register/Amd/Msr.h>\r
	17	#include <Register/Cpuid.h>\r
	18	#include <Uefi/UefiBaseType.h>\r
	19	\r
	20	/**\r
	21	Reads and sets the status of SEV features.\r
	22	\r
	23	**/\r
	24	STATIC\r
	25	UINT32\r
	26	EFIAPI\r
	27	InternalMemEncryptSevStatus (\r
	28	VOID\r
	29	)\r
	30	{\r
	31	UINT32 RegEax;\r
	32	CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;\r
	33	BOOLEAN ReadSevMsr;\r
	34	SEC_SEV_ES_WORK_AREA *SevEsWorkArea;\r
	35	\r
	36	ReadSevMsr = FALSE;\r
	37	\r
ac0a286f MK	38	SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
ac0a286f MK	39	if ((SevEsWorkArea != NULL) && (SevEsWorkArea->EncryptionMask != 0)) {\r
a746ca5b TL	40	//\r
	41	// The MSR has been read before, so it is safe to read it again and avoid\r
	42	// having to validate the CPUID information.\r
	43	//\r
	44	ReadSevMsr = TRUE;\r
	45	} else {\r
	46	//\r
	47	// Check if memory encryption leaf exist\r
	48	//\r
	49	AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);\r
	50	if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {\r
	51	//\r
	52	// CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)\r
	53	//\r
	54	AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);\r
	55	\r
	56	if (Eax.Bits.SevBit) {\r
	57	ReadSevMsr = TRUE;\r
	58	}\r
	59	}\r
	60	}\r
	61	\r
	62	return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0;\r
	63	}\r
	64	\r
	65	/**\r
	66	Returns a boolean to indicate whether SEV-ES is enabled.\r
	67	\r
	68	@retval TRUE SEV-ES is enabled\r
	69	@retval FALSE SEV-ES is not enabled\r
	70	**/\r
	71	BOOLEAN\r
	72	EFIAPI\r
	73	MemEncryptSevEsIsEnabled (\r
	74	VOID\r
	75	)\r
	76	{\r
ac0a286f	77	MSR_SEV_STATUS_REGISTER Msr;\r
a746ca5b TL	78	\r
	79	Msr.Uint32 = InternalMemEncryptSevStatus ();\r
	80	\r
	81	return Msr.Bits.SevEsBit ? TRUE : FALSE;\r
	82	}\r
	83	\r
	84	/**\r
	85	Returns a boolean to indicate whether SEV is enabled.\r
	86	\r
	87	@retval TRUE SEV is enabled\r
	88	@retval FALSE SEV is not enabled\r
	89	**/\r
	90	BOOLEAN\r
	91	EFIAPI\r
	92	MemEncryptSevIsEnabled (\r
	93	VOID\r
	94	)\r
	95	{\r
ac0a286f	96	MSR_SEV_STATUS_REGISTER Msr;\r
a746ca5b TL	97	\r
	98	Msr.Uint32 = InternalMemEncryptSevStatus ();\r
	99	\r
	100	return Msr.Bits.SevBit ? TRUE : FALSE;\r
	101	}\r
	102	\r
	103	/**\r
	104	Returns the SEV encryption mask.\r
	105	\r
	106	@return The SEV pagtable encryption mask\r
	107	**/\r
	108	UINT64\r
	109	EFIAPI\r
	110	MemEncryptSevGetEncryptionMask (\r
	111	VOID\r
	112	)\r
	113	{\r
	114	CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r
	115	SEC_SEV_ES_WORK_AREA *SevEsWorkArea;\r
	116	UINT64 EncryptionMask;\r
	117	\r
ac0a286f	118	SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
a746ca5b TL	119	if (SevEsWorkArea != NULL) {\r
	120	EncryptionMask = SevEsWorkArea->EncryptionMask;\r
	121	} else {\r
	122	//\r
	123	// CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
	124	//\r
	125	AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
	126	EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
	127	}\r
	128	\r
	129	return EncryptionMask;\r
	130	}\r
	131	\r
	132	/**\r
	133	Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM\r
	134	Save State Map.\r
	135	\r
	136	@param[out] BaseAddress The base address of the lowest-address page that\r
	137	covers the initial SMRAM Save State Map.\r
	138	\r
	139	@param[out] NumberOfPages The number of pages in the page range that covers\r
	140	the initial SMRAM Save State Map.\r
	141	\r
	142	@retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on\r
	143	output.\r
	144	\r
	145	@retval RETURN_UNSUPPORTED SMM is unavailable.\r
	146	**/\r
	147	RETURN_STATUS\r
	148	EFIAPI\r
	149	MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
ac0a286f MK	150	OUT UINTN *BaseAddress,\r
ac0a286f MK	151	OUT UINTN *NumberOfPages\r
a746ca5b TL	152	)\r
	153	{\r
	154	return RETURN_UNSUPPORTED;\r
	155	}\r