[mirror_edk2.git] / OvmfPkg / PlatformPei / AmdSev.c

/**@file\r
  Initialize Secure Encrypted Virtualization (SEV) support\r
\r
  Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>\r
\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD\r
  License which accompanies this distribution.  The full text of the license\r
  may be found at http://opensource.org/licenses/bsd-license.php\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
//\r
// The package level header files this module uses\r
//\r
#include <Library/DebugLib.h>\r
#include <Library/MemEncryptSevLib.h>\r
#include <Library/PcdLib.h>\r
#include <PiPei.h>\r
#include <Register/Amd/Cpuid.h>\r
#include <Register/Cpuid.h>\r
\r
#include "Platform.h"\r
\r
/**\r
\r
  Function checks if SEV support is available, if present then it sets\r
  the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.\r
\r
  **/\r
VOID\r
AmdSevInitialize (\r
  VOID\r
  )\r
{\r
  CPUID_MEMORY_ENCRYPTION_INFO_EBX  Ebx;\r
  UINT64                            EncryptionMask;\r
  RETURN_STATUS                     PcdStatus;\r
\r
  //\r
  // Check if SEV is enabled\r
  //\r
  if (!MemEncryptSevIsEnabled ()) {\r
    return;\r
  }\r
\r
  //\r
  // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
  //\r
  AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
  EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
\r
  //\r
  // Set Memory Encryption Mask PCD\r
  //\r
  PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r
  ASSERT_RETURN_ERROR (PcdStatus);\r
\r
  DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r
\r
  //\r
  // Set Pcd to Deny the execution of option ROM when security\r
  // violation.\r
  //\r
  PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r
  ASSERT_RETURN_ERROR (PcdStatus);\r
}\r
Commit	Line	Data
13b5d743 BS	1	/**@file\r
	2	Initialize Secure Encrypted Virtualization (SEV) support\r
	3	\r
	4	Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>\r
	5	\r
	6	This program and the accompanying materials\r
	7	are licensed and made available under the terms and conditions of the BSD\r
	8	License which accompanies this distribution. The full text of the license\r
	9	may be found at http://opensource.org/licenses/bsd-license.php\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	//\r
	16	// The package level header files this module uses\r
	17	//\r
13b5d743	18	#include <Library/DebugLib.h>\r
6d576e7a	19	#include <Library/MemEncryptSevLib.h>\r
13b5d743	20	#include <Library/PcdLib.h>\r
6d576e7a	21	#include <PiPei.h>\r
13b5d743	22	#include <Register/Amd/Cpuid.h>\r
6d576e7a	23	#include <Register/Cpuid.h>\r
13b5d743	24	\r
c0d221a3 LE	25	#include "Platform.h"\r
c0d221a3 LE	26	\r
13b5d743 BS	27	/**\r
	28	\r
	29	Function checks if SEV support is available, if present then it sets\r
	30	the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.\r
	31	\r
	32	**/\r
	33	VOID\r
13b5d743 BS	34	AmdSevInitialize (\r
	35	VOID\r
	36	)\r
	37	{\r
	38	CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r
	39	UINT64 EncryptionMask;\r
	40	RETURN_STATUS PcdStatus;\r
	41	\r
	42	//\r
	43	// Check if SEV is enabled\r
	44	//\r
	45	if (!MemEncryptSevIsEnabled ()) {\r
	46	return;\r
	47	}\r
	48	\r
	49	//\r
	50	// CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
	51	//\r
	52	AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
	53	EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
	54	\r
	55	//\r
	56	// Set Memory Encryption Mask PCD\r
	57	//\r
	58	PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r
	59	ASSERT_RETURN_ERROR (PcdStatus);\r
	60	\r
	61	DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r
6041ac65 BS	62	\r
	63	//\r
	64	// Set Pcd to Deny the execution of option ROM when security\r
	65	// violation.\r
	66	//\r
	67	PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r
	68	ASSERT_RETURN_ERROR (PcdStatus);\r
13b5d743	69	}\r