[mirror_edk2.git] / OvmfPkg / PlatformPei / AmdSev.c

/**@file\r
  Initialize Secure Encrypted Virtualization (SEV) support\r
\r
  Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
//\r
// The package level header files this module uses\r
//\r
#include <IndustryStandard/Q35MchIch9.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/MemEncryptSevLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/PcdLib.h>\r
#include <PiPei.h>\r
#include <Register/Amd/Msr.h>\r
#include <Register/Intel/SmramSaveStateMap.h>\r
#include <Library/VmgExitLib.h>\r
\r
#include "Platform.h"\r
\r
/**\r
  Handle an SEV-SNP/GHCB protocol check failure.\r
\r
  Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP guest\r
  wishes to be terminated.\r
\r
  @param[in] ReasonCode  Reason code to provide to the hypervisor for the\r
                         termination request.\r
\r
**/\r
STATIC\r
VOID\r
SevEsProtocolFailure (\r
  IN UINT8  ReasonCode\r
  )\r
{\r
  MSR_SEV_ES_GHCB_REGISTER  Msr;\r
\r
  //\r
  // Use the GHCB MSR Protocol to request termination by the hypervisor\r
  //\r
  Msr.GhcbPhysicalAddress         = 0;\r
  Msr.GhcbTerminate.Function      = GHCB_INFO_TERMINATE_REQUEST;\r
  Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB;\r
  Msr.GhcbTerminate.ReasonCode    = ReasonCode;\r
  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);\r
\r
  AsmVmgExit ();\r
\r
  ASSERT (FALSE);\r
  CpuDeadLoop ();\r
}\r
\r
/**\r
\r
  This function can be used to register the GHCB GPA.\r
\r
  @param[in]  Address           The physical address to be registered.\r
\r
**/\r
STATIC\r
VOID\r
GhcbRegister (\r
  IN  EFI_PHYSICAL_ADDRESS  Address\r
  )\r
{\r
  MSR_SEV_ES_GHCB_REGISTER  Msr;\r
  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;\r
\r
  //\r
  // Save the current MSR Value\r
  //\r
  CurrentMsr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);\r
\r
  //\r
  // Use the GHCB MSR Protocol to request to register the GPA.\r
  //\r
  Msr.GhcbPhysicalAddress      = Address & ~EFI_PAGE_MASK;\r
  Msr.GhcbGpaRegister.Function = GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;\r
  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);\r
\r
  AsmVmgExit ();\r
\r
  Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);\r
\r
  //\r
  // If hypervisor responded with a different GPA than requested then fail.\r
  //\r
  if ((Msr.GhcbGpaRegister.Function != GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE) ||\r
      ((Msr.GhcbPhysicalAddress & ~EFI_PAGE_MASK) != Address))\r
  {\r
    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);\r
  }\r
\r
  //\r
  // Restore the MSR\r
  //\r
  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);\r
}\r
\r
/**\r
\r
  Initialize SEV-ES support if running as an SEV-ES guest.\r
\r
  **/\r
STATIC\r
VOID\r
AmdSevEsInitialize (\r
  VOID\r
  )\r
{\r
  UINT8                *GhcbBase;\r
  PHYSICAL_ADDRESS     GhcbBasePa;\r
  UINTN                GhcbPageCount;\r
  UINT8                *GhcbBackupBase;\r
  UINT8                *GhcbBackupPages;\r
  UINTN                GhcbBackupPageCount;\r
  SEV_ES_PER_CPU_DATA  *SevEsData;\r
  UINTN                PageCount;\r
  RETURN_STATUS        PcdStatus, DecryptStatus;\r
  IA32_DESCRIPTOR      Gdtr;\r
  VOID                 *Gdt;\r
\r
  if (!MemEncryptSevEsIsEnabled ()) {\r
    return;\r
  }\r
\r
  PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);\r
  ASSERT_RETURN_ERROR (PcdStatus);\r
\r
  //\r
  // Allocate GHCB and per-CPU variable pages.\r
  //   Since the pages must survive across the UEFI to OS transition\r
  //   make them reserved.\r
  //\r
  GhcbPageCount = mMaxCpuCount * 2;\r
  GhcbBase      = AllocateReservedPages (GhcbPageCount);\r
  ASSERT (GhcbBase != NULL);\r
\r
  GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN)GhcbBase;\r
\r
  //\r
  // Each vCPU gets two consecutive pages, the first is the GHCB and the\r
  // second is the per-CPU variable page. Loop through the allocation and\r
  // only clear the encryption mask for the GHCB pages.\r
  //\r
  for (PageCount = 0; PageCount < GhcbPageCount; PageCount += 2) {\r
    DecryptStatus = MemEncryptSevClearPageEncMask (\r
                      0,\r
                      GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount),\r
                      1\r
                      );\r
    ASSERT_RETURN_ERROR (DecryptStatus);\r
  }\r
\r
  ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount));\r
\r
  PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa);\r
  ASSERT_RETURN_ERROR (PcdStatus);\r
  PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount));\r
  ASSERT_RETURN_ERROR (PcdStatus);\r
\r
  DEBUG ((\r
    DEBUG_INFO,\r
    "SEV-ES is enabled, %lu GHCB pages allocated starting at 0x%p\n",\r
    (UINT64)GhcbPageCount,\r
    GhcbBase\r
    ));\r
\r
  //\r
  // Allocate #VC recursion backup pages. The number of backup pages needed is\r
  // one less than the maximum VC count.\r
  //\r
  GhcbBackupPageCount = mMaxCpuCount * (VMGEXIT_MAXIMUM_VC_COUNT - 1);\r
  GhcbBackupBase      = AllocatePages (GhcbBackupPageCount);\r
  ASSERT (GhcbBackupBase != NULL);\r
\r
  GhcbBackupPages = GhcbBackupBase;\r
  for (PageCount = 1; PageCount < GhcbPageCount; PageCount += 2) {\r
    SevEsData =\r
      (SEV_ES_PER_CPU_DATA *)(GhcbBase + EFI_PAGES_TO_SIZE (PageCount));\r
    SevEsData->GhcbBackupPages = GhcbBackupPages;\r
\r
    GhcbBackupPages += EFI_PAGE_SIZE * (VMGEXIT_MAXIMUM_VC_COUNT - 1);\r
  }\r
\r
  DEBUG ((\r
    DEBUG_INFO,\r
    "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n",\r
    (UINT64)GhcbBackupPageCount,\r
    GhcbBackupBase\r
    ));\r
\r
  //\r
  // SEV-SNP guest requires that GHCB GPA must be registered before using it.\r
  //\r
  if (MemEncryptSevSnpIsEnabled ()) {\r
    GhcbRegister (GhcbBasePa);\r
  }\r
\r
  AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);\r
\r
  //\r
  // The SEV support will clear the C-bit from non-RAM areas.  The early GDT\r
  // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT\r
  // will be read as un-encrypted even though it was created before the C-bit\r
  // was cleared (encrypted). This will result in a failure to be able to\r
  // handle the exception.\r
  //\r
  AsmReadGdtr (&Gdtr);\r
\r
  Gdt = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)Gdtr.Limit + 1));\r
  ASSERT (Gdt != NULL);\r
\r
  CopyMem (Gdt, (VOID *)Gdtr.Base, Gdtr.Limit + 1);\r
  Gdtr.Base = (UINTN)Gdt;\r
  AsmWriteGdtr (&Gdtr);\r
}\r
\r
/**\r
\r
  Function checks if SEV support is available, if present then it sets\r
  the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.\r
\r
  **/\r
VOID\r
AmdSevInitialize (\r
  VOID\r
  )\r
{\r
  UINT64         EncryptionMask;\r
  RETURN_STATUS  PcdStatus;\r
\r
  //\r
  // Check if SEV is enabled\r
  //\r
  if (!MemEncryptSevIsEnabled ()) {\r
    return;\r
  }\r
\r
  //\r
  // Set Memory Encryption Mask PCD\r
  //\r
  EncryptionMask = MemEncryptSevGetEncryptionMask ();\r
  PcdStatus      = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r
  ASSERT_RETURN_ERROR (PcdStatus);\r
\r
  DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r
\r
  //\r
  // Set Pcd to Deny the execution of option ROM when security\r
  // violation.\r
  //\r
  PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r
  ASSERT_RETURN_ERROR (PcdStatus);\r
\r
  //\r
  // When SMM is required, cover the pages containing the initial SMRAM Save\r
  // State Map with a memory allocation HOB:\r
  //\r
  // There's going to be a time interval between our decrypting those pages for\r
  // SMBASE relocation and re-encrypting the same pages after SMBASE\r
  // relocation. We shall ensure that the DXE phase stay away from those pages\r
  // until after re-encryption, in order to prevent an information leak to the\r
  // hypervisor.\r
  //\r
  if (FeaturePcdGet (PcdSmmSmramRequire) && (mBootMode != BOOT_ON_S3_RESUME)) {\r
    RETURN_STATUS  LocateMapStatus;\r
    UINTN          MapPagesBase;\r
    UINTN          MapPagesCount;\r
\r
    LocateMapStatus = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
                        &MapPagesBase,\r
                        &MapPagesCount\r
                        );\r
    ASSERT_RETURN_ERROR (LocateMapStatus);\r
\r
    if (mQ35SmramAtDefaultSmbase) {\r
      //\r
      // The initial SMRAM Save State Map has been covered as part of a larger\r
      // reserved memory allocation in InitializeRamRegions().\r
      //\r
      ASSERT (SMM_DEFAULT_SMBASE <= MapPagesBase);\r
      ASSERT (\r
        (MapPagesBase + EFI_PAGES_TO_SIZE (MapPagesCount) <=\r
         SMM_DEFAULT_SMBASE + MCH_DEFAULT_SMBASE_SIZE)\r
        );\r
    } else {\r
      BuildMemoryAllocationHob (\r
        MapPagesBase,                      // BaseAddress\r
        EFI_PAGES_TO_SIZE (MapPagesCount), // Length\r
        EfiBootServicesData                // MemoryType\r
        );\r
    }\r
  }\r
\r
  //\r
  // Check and perform SEV-ES initialization if required.\r
  //\r
  AmdSevEsInitialize ();\r
}\r
Commit	Line	Data
13b5d743 BS	1	/**@file\r
	2	Initialize Secure Encrypted Virtualization (SEV) support\r
	3	\r
45388d04	4	Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>\r
13b5d743	5	\r
b26f0cf9	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
13b5d743 BS	7	\r
	8	**/\r
	9	//\r
	10	// The package level header files this module uses\r
	11	//\r
300aae11	12	#include <IndustryStandard/Q35MchIch9.h>\r
449a6e49	13	#include <Library/BaseMemoryLib.h>\r
13b5d743	14	#include <Library/DebugLib.h>\r
86defc2c	15	#include <Library/HobLib.h>\r
6d576e7a	16	#include <Library/MemEncryptSevLib.h>\r
449a6e49	17	#include <Library/MemoryAllocationLib.h>\r
13b5d743	18	#include <Library/PcdLib.h>\r
6d576e7a	19	#include <PiPei.h>\r
449a6e49	20	#include <Register/Amd/Msr.h>\r
300aae11	21	#include <Register/Intel/SmramSaveStateMap.h>\r
a19b6489	22	#include <Library/VmgExitLib.h>\r
13b5d743	23	\r
c0d221a3 LE	24	#include "Platform.h"\r
c0d221a3 LE	25	\r
a19b6489 BS	26	/**\r
	27	Handle an SEV-SNP/GHCB protocol check failure.\r
	28	\r
	29	Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP guest\r
	30	wishes to be terminated.\r
	31	\r
	32	@param[in] ReasonCode Reason code to provide to the hypervisor for the\r
	33	termination request.\r
	34	\r
	35	**/\r
	36	STATIC\r
	37	VOID\r
	38	SevEsProtocolFailure (\r
	39	IN UINT8 ReasonCode\r
	40	)\r
	41	{\r
	42	MSR_SEV_ES_GHCB_REGISTER Msr;\r
	43	\r
	44	//\r
	45	// Use the GHCB MSR Protocol to request termination by the hypervisor\r
	46	//\r
	47	Msr.GhcbPhysicalAddress = 0;\r
	48	Msr.GhcbTerminate.Function = GHCB_INFO_TERMINATE_REQUEST;\r
	49	Msr.GhcbTerminate.ReasonCodeSet = GHCB_TERMINATE_GHCB;\r
	50	Msr.GhcbTerminate.ReasonCode = ReasonCode;\r
	51	AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);\r
	52	\r
	53	AsmVmgExit ();\r
	54	\r
	55	ASSERT (FALSE);\r
	56	CpuDeadLoop ();\r
	57	}\r
	58	\r
	59	/**\r
	60	\r
	61	This function can be used to register the GHCB GPA.\r
	62	\r
	63	@param[in] Address The physical address to be registered.\r
	64	\r
	65	**/\r
	66	STATIC\r
	67	VOID\r
	68	GhcbRegister (\r
	69	IN EFI_PHYSICAL_ADDRESS Address\r
	70	)\r
	71	{\r
	72	MSR_SEV_ES_GHCB_REGISTER Msr;\r
	73	MSR_SEV_ES_GHCB_REGISTER CurrentMsr;\r
	74	\r
	75	//\r
	76	// Save the current MSR Value\r
	77	//\r
	78	CurrentMsr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);\r
	79	\r
	80	//\r
	81	// Use the GHCB MSR Protocol to request to register the GPA.\r
	82	//\r
	83	Msr.GhcbPhysicalAddress = Address & ~EFI_PAGE_MASK;\r
	84	Msr.GhcbGpaRegister.Function = GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;\r
	85	AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);\r
	86	\r
	87	AsmVmgExit ();\r
	88	\r
	89	Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);\r
90	\r
91	//\r
92	// If hypervisor responded with a different GPA than requested then fail.\r
93	//\r
94	if ((Msr.GhcbGpaRegister.Function != GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE) \|\|\r
95	((Msr.GhcbPhysicalAddress & ~EFI_PAGE_MASK) != Address))\r
96	{\r
97	SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);\r
98	}\r
99	\r
100	//\r
101	// Restore the MSR\r
102	//\r
103	AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);\r
104	}\r
105	\r
cf845a74 TL	106	/**\r
	107	\r
	108	Initialize SEV-ES support if running as an SEV-ES guest.\r
	109	\r
	110	**/\r
	111	STATIC\r
	112	VOID\r
	113	AmdSevEsInitialize (\r
	114	VOID\r
	115	)\r
	116	{\r
5667dc43 TL	117	UINT8 *GhcbBase;\r
	118	PHYSICAL_ADDRESS GhcbBasePa;\r
	119	UINTN GhcbPageCount;\r
	120	UINT8 *GhcbBackupBase;\r
	121	UINT8 *GhcbBackupPages;\r
	122	UINTN GhcbBackupPageCount;\r
	123	SEV_ES_PER_CPU_DATA *SevEsData;\r
	124	UINTN PageCount;\r
	125	RETURN_STATUS PcdStatus, DecryptStatus;\r
	126	IA32_DESCRIPTOR Gdtr;\r
	127	VOID *Gdt;\r
cf845a74 TL	128	\r
	129	if (!MemEncryptSevEsIsEnabled ()) {\r
	130	return;\r
	131	}\r
	132	\r
	133	PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);\r
	134	ASSERT_RETURN_ERROR (PcdStatus);\r
449a6e49 TL	135	\r
	136	//\r
	137	// Allocate GHCB and per-CPU variable pages.\r
3b49d0a5 TL	138	// Since the pages must survive across the UEFI to OS transition\r
3b49d0a5 TL	139	// make them reserved.\r
449a6e49 TL	140	//\r
449a6e49 TL	141	GhcbPageCount = mMaxCpuCount * 2;\r
ac0a286f	142	GhcbBase = AllocateReservedPages (GhcbPageCount);\r
449a6e49 TL	143	ASSERT (GhcbBase != NULL);\r
449a6e49 TL	144	\r
ac0a286f	145	GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN)GhcbBase;\r
449a6e49 TL	146	\r
	147	//\r
	148	// Each vCPU gets two consecutive pages, the first is the GHCB and the\r
	149	// second is the per-CPU variable page. Loop through the allocation and\r
	150	// only clear the encryption mask for the GHCB pages.\r
	151	//\r
	152	for (PageCount = 0; PageCount < GhcbPageCount; PageCount += 2) {\r
	153	DecryptStatus = MemEncryptSevClearPageEncMask (\r
ac0a286f MK	154	0,\r
	155	GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount),\r
	156	1\r
	157	);\r
449a6e49 TL	158	ASSERT_RETURN_ERROR (DecryptStatus);\r
	159	}\r
	160	\r
	161	ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount));\r
	162	\r
	163	PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa);\r
	164	ASSERT_RETURN_ERROR (PcdStatus);\r
	165	PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount));\r
	166	ASSERT_RETURN_ERROR (PcdStatus);\r
	167	\r
ac0a286f MK	168	DEBUG ((\r
ac0a286f MK	169	DEBUG_INFO,\r
449a6e49	170	"SEV-ES is enabled, %lu GHCB pages allocated starting at 0x%p\n",\r
ac0a286f MK	171	(UINT64)GhcbPageCount,\r
	172	GhcbBase\r
	173	));\r
449a6e49	174	\r
5667dc43 TL	175	//\r
	176	// Allocate #VC recursion backup pages. The number of backup pages needed is\r
	177	// one less than the maximum VC count.\r
	178	//\r
	179	GhcbBackupPageCount = mMaxCpuCount * (VMGEXIT_MAXIMUM_VC_COUNT - 1);\r
ac0a286f	180	GhcbBackupBase = AllocatePages (GhcbBackupPageCount);\r
5667dc43 TL	181	ASSERT (GhcbBackupBase != NULL);\r
	182	\r
	183	GhcbBackupPages = GhcbBackupBase;\r
	184	for (PageCount = 1; PageCount < GhcbPageCount; PageCount += 2) {\r
	185	SevEsData =\r
	186	(SEV_ES_PER_CPU_DATA *)(GhcbBase + EFI_PAGES_TO_SIZE (PageCount));\r
	187	SevEsData->GhcbBackupPages = GhcbBackupPages;\r
	188	\r
	189	GhcbBackupPages += EFI_PAGE_SIZE * (VMGEXIT_MAXIMUM_VC_COUNT - 1);\r
	190	}\r
	191	\r
ac0a286f MK	192	DEBUG ((\r
ac0a286f MK	193	DEBUG_INFO,\r
5667dc43	194	"SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n",\r
ac0a286f MK	195	(UINT64)GhcbBackupPageCount,\r
	196	GhcbBackupBase\r
	197	));\r
5667dc43	198	\r
a19b6489 BS	199	//\r
	200	// SEV-SNP guest requires that GHCB GPA must be registered before using it.\r
	201	//\r
	202	if (MemEncryptSevSnpIsEnabled ()) {\r
	203	GhcbRegister (GhcbBasePa);\r
	204	}\r
	205	\r
449a6e49	206	AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);\r
13ed9e5f TL	207	\r
	208	//\r
	209	// The SEV support will clear the C-bit from non-RAM areas. The early GDT\r
	210	// lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT\r
	211	// will be read as un-encrypted even though it was created before the C-bit\r
	212	// was cleared (encrypted). This will result in a failure to be able to\r
	213	// handle the exception.\r
	214	//\r
	215	AsmReadGdtr (&Gdtr);\r
	216	\r
ac0a286f	217	Gdt = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)Gdtr.Limit + 1));\r
13ed9e5f TL	218	ASSERT (Gdt != NULL);\r
13ed9e5f TL	219	\r
ac0a286f MK	220	CopyMem (Gdt, (VOID *)Gdtr.Base, Gdtr.Limit + 1);\r
ac0a286f MK	221	Gdtr.Base = (UINTN)Gdt;\r
13ed9e5f	222	AsmWriteGdtr (&Gdtr);\r
cf845a74 TL	223	}\r
cf845a74 TL	224	\r
13b5d743 BS	225	/**\r
	226	\r
	227	Function checks if SEV support is available, if present then it sets\r
	228	the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.\r
	229	\r
	230	**/\r
	231	VOID\r
13b5d743 BS	232	AmdSevInitialize (\r
	233	VOID\r
	234	)\r
	235	{\r
ac0a286f MK	236	UINT64 EncryptionMask;\r
ac0a286f MK	237	RETURN_STATUS PcdStatus;\r
13b5d743 BS	238	\r
	239	//\r
	240	// Check if SEV is enabled\r
	241	//\r
	242	if (!MemEncryptSevIsEnabled ()) {\r
	243	return;\r
	244	}\r
	245	\r
13b5d743 BS	246	//\r
	247	// Set Memory Encryption Mask PCD\r
	248	//\r
45388d04	249	EncryptionMask = MemEncryptSevGetEncryptionMask ();\r
ac0a286f	250	PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r
13b5d743 BS	251	ASSERT_RETURN_ERROR (PcdStatus);\r
	252	\r
	253	DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r
6041ac65 BS	254	\r
	255	//\r
	256	// Set Pcd to Deny the execution of option ROM when security\r
	257	// violation.\r
	258	//\r
	259	PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r
	260	ASSERT_RETURN_ERROR (PcdStatus);\r
86defc2c LE	261	\r
	262	//\r
	263	// When SMM is required, cover the pages containing the initial SMRAM Save\r
	264	// State Map with a memory allocation HOB:\r
	265	//\r
	266	// There's going to be a time interval between our decrypting those pages for\r
	267	// SMBASE relocation and re-encrypting the same pages after SMBASE\r
	268	// relocation. We shall ensure that the DXE phase stay away from those pages\r
	269	// until after re-encryption, in order to prevent an information leak to the\r
	270	// hypervisor.\r
	271	//\r
	272	if (FeaturePcdGet (PcdSmmSmramRequire) && (mBootMode != BOOT_ON_S3_RESUME)) {\r
ac0a286f MK	273	RETURN_STATUS LocateMapStatus;\r
	274	UINTN MapPagesBase;\r
	275	UINTN MapPagesCount;\r
86defc2c LE	276	\r
	277	LocateMapStatus = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
	278	&MapPagesBase,\r
	279	&MapPagesCount\r
	280	);\r
	281	ASSERT_RETURN_ERROR (LocateMapStatus);\r
	282	\r
300aae11 LE	283	if (mQ35SmramAtDefaultSmbase) {\r
	284	//\r
	285	// The initial SMRAM Save State Map has been covered as part of a larger\r
	286	// reserved memory allocation in InitializeRamRegions().\r
	287	//\r
	288	ASSERT (SMM_DEFAULT_SMBASE <= MapPagesBase);\r
	289	ASSERT (\r
	290	(MapPagesBase + EFI_PAGES_TO_SIZE (MapPagesCount) <=\r
	291	SMM_DEFAULT_SMBASE + MCH_DEFAULT_SMBASE_SIZE)\r
	292	);\r
	293	} else {\r
	294	BuildMemoryAllocationHob (\r
	295	MapPagesBase, // BaseAddress\r
	296	EFI_PAGES_TO_SIZE (MapPagesCount), // Length\r
	297	EfiBootServicesData // MemoryType\r
	298	);\r
	299	}\r
86defc2c	300	}\r
cf845a74 TL	301	\r
	302	//\r
	303	// Check and perform SEV-ES initialization if required.\r
	304	//\r
	305	AmdSevEsInitialize ();\r
13b5d743	306	}\r