[mirror_edk2.git] / OvmfPkg / Include / Library / MemEncryptSevLib.h

/** @file\r
\r
  Define Secure Encrypted Virtualization (SEV) base library helper function\r
\r
  Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef _MEM_ENCRYPT_SEV_LIB_H_\r
#define _MEM_ENCRYPT_SEV_LIB_H_\r
\r
#include <Base.h>\r
#include <WorkArea.h>\r
\r
//\r
// Define the maximum number of #VCs allowed (e.g. the level of nesting\r
// that is allowed => 2 allows for 1 nested #VCs). I this value is changed,\r
// be sure to increase the size of\r
//   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize\r
// in any FDF file using this PCD.\r
//\r
#define VMGEXIT_MAXIMUM_VC_COUNT  2\r
\r
//\r
// Per-CPU data mapping structure\r
//   Use UINT32 for cached indicators and compare to a specific value\r
//   so that the hypervisor can't indicate a value is cached by just\r
//   writing random data to that area.\r
//\r
typedef struct {\r
  UINT32    Dr7Cached;\r
  UINT64    Dr7;\r
\r
  UINTN     VcCount;\r
  VOID      *GhcbBackupPages;\r
} SEV_ES_PER_CPU_DATA;\r
\r
//\r
// Memory encryption address range states.\r
//\r
typedef enum {\r
  MemEncryptSevAddressRangeUnencrypted,\r
  MemEncryptSevAddressRangeEncrypted,\r
  MemEncryptSevAddressRangeMixed,\r
  MemEncryptSevAddressRangeError,\r
} MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;\r
\r
/**\r
  Returns a boolean to indicate whether SEV-SNP is enabled\r
\r
  @retval TRUE           SEV-SNP is enabled\r
  @retval FALSE          SEV-SNP is not enabled\r
**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevSnpIsEnabled (\r
  VOID\r
  );\r
\r
/**\r
  Returns a boolean to indicate whether SEV-ES is enabled.\r
\r
  @retval TRUE           SEV-ES is enabled\r
  @retval FALSE          SEV-ES is not enabled\r
**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevEsIsEnabled (\r
  VOID\r
  );\r
\r
/**\r
  Returns a boolean to indicate whether SEV is enabled\r
\r
  @retval TRUE           SEV is enabled\r
  @retval FALSE          SEV is not enabled\r
**/\r
BOOLEAN\r
EFIAPI\r
MemEncryptSevIsEnabled (\r
  VOID\r
  );\r
\r
/**\r
  This function clears memory encryption bit for the memory region specified by\r
  BaseAddress and NumPages from the current page table context.\r
\r
  @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use\r
                                      current CR3)\r
  @param[in]  BaseAddress             The physical address that is the start\r
                                      address of a memory region.\r
  @param[in]  NumPages                The number of pages from start memory\r
                                      region.\r
\r
  @retval RETURN_SUCCESS              The attributes were cleared for the\r
                                      memory region.\r
  @retval RETURN_INVALID_PARAMETER    Number of pages is zero.\r
  @retval RETURN_UNSUPPORTED          Clearing the memory encryption attribute\r
                                      is not supported\r
**/\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevClearPageEncMask (\r
  IN PHYSICAL_ADDRESS  Cr3BaseAddress,\r
  IN PHYSICAL_ADDRESS  BaseAddress,\r
  IN UINTN             NumPages\r
  );\r
\r
/**\r
  This function sets memory encryption bit for the memory region specified by\r
  BaseAddress and NumPages from the current page table context.\r
\r
  @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use\r
                                      current CR3)\r
  @param[in]  BaseAddress             The physical address that is the start\r
                                      address of a memory region.\r
  @param[in]  NumPages                The number of pages from start memory\r
                                      region.\r
\r
  @retval RETURN_SUCCESS              The attributes were set for the memory\r
                                      region.\r
  @retval RETURN_INVALID_PARAMETER    Number of pages is zero.\r
  @retval RETURN_UNSUPPORTED          Setting the memory encryption attribute\r
                                      is not supported\r
**/\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevSetPageEncMask (\r
  IN PHYSICAL_ADDRESS  Cr3BaseAddress,\r
  IN PHYSICAL_ADDRESS  BaseAddress,\r
  IN UINTN             NumPages\r
  );\r
\r
/**\r
  Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM\r
  Save State Map.\r
\r
  @param[out] BaseAddress     The base address of the lowest-address page that\r
                              covers the initial SMRAM Save State Map.\r
\r
  @param[out] NumberOfPages   The number of pages in the page range that covers\r
                              the initial SMRAM Save State Map.\r
\r
  @retval RETURN_SUCCESS      BaseAddress and NumberOfPages have been set on\r
                              output.\r
\r
  @retval RETURN_UNSUPPORTED  SMM is unavailable.\r
**/\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
  OUT UINTN  *BaseAddress,\r
  OUT UINTN  *NumberOfPages\r
  );\r
\r
/**\r
  Returns the SEV encryption mask.\r
\r
  @return  The SEV pagetable encryption mask\r
**/\r
UINT64\r
EFIAPI\r
MemEncryptSevGetEncryptionMask (\r
  VOID\r
  );\r
\r
/**\r
  Returns the encryption state of the specified virtual address range.\r
\r
  @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use\r
                                      current CR3)\r
  @param[in]  BaseAddress             Base address to check\r
  @param[in]  Length                  Length of virtual address range\r
\r
  @retval MemEncryptSevAddressRangeUnencrypted  Address range is mapped\r
                                                unencrypted\r
  @retval MemEncryptSevAddressRangeEncrypted    Address range is mapped\r
                                                encrypted\r
  @retval MemEncryptSevAddressRangeMixed        Address range is mapped mixed\r
  @retval MemEncryptSevAddressRangeError        Address range is not mapped\r
**/\r
MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE\r
EFIAPI\r
MemEncryptSevGetAddressRangeState (\r
  IN PHYSICAL_ADDRESS  Cr3BaseAddress,\r
  IN PHYSICAL_ADDRESS  BaseAddress,\r
  IN UINTN             Length\r
  );\r
\r
/**\r
  This function clears memory encryption bit for the MMIO region specified by\r
  BaseAddress and NumPages.\r
\r
  @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use\r
                                      current CR3)\r
  @param[in]  BaseAddress             The physical address that is the start\r
                                      address of a MMIO region.\r
  @param[in]  NumPages                The number of pages from start memory\r
                                      region.\r
\r
  @retval RETURN_SUCCESS              The attributes were cleared for the\r
                                      memory region.\r
  @retval RETURN_INVALID_PARAMETER    Number of pages is zero.\r
  @retval RETURN_UNSUPPORTED          Clearing the memory encryption attribute\r
                                      is not supported\r
**/\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevClearMmioPageEncMask (\r
  IN PHYSICAL_ADDRESS  Cr3BaseAddress,\r
  IN PHYSICAL_ADDRESS  BaseAddress,\r
  IN UINTN             NumPages\r
  );\r
\r
/**\r
  Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.\r
\r
  @param[in]  BaseAddress             Base address\r
  @param[in]  NumPages                Number of pages starting from the base address\r
\r
**/\r
VOID\r
EFIAPI\r
MemEncryptSevSnpPreValidateSystemRam (\r
  IN PHYSICAL_ADDRESS  BaseAddress,\r
  IN UINTN             NumPages\r
  );\r
\r
#endif // _MEM_ENCRYPT_SEV_LIB_H_\r
Commit	Line	Data
	1	/** @file\r
	2	\r
	3	Define Secure Encrypted Virtualization (SEV) base library helper function\r
	4	\r
	5	Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>\r
	6	\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	\r
	9	**/\r
	10	\r
	11	#ifndef _MEM_ENCRYPT_SEV_LIB_H_\r
	12	#define _MEM_ENCRYPT_SEV_LIB_H_\r
	13	\r
	14	#include <Base.h>\r
	15	#include <WorkArea.h>\r
	16	\r
	17	//\r
	18	// Define the maximum number of #VCs allowed (e.g. the level of nesting\r
	19	// that is allowed => 2 allows for 1 nested #VCs). I this value is changed,\r
	20	// be sure to increase the size of\r
	21	// gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize\r
	22	// in any FDF file using this PCD.\r
	23	//\r
	24	#define VMGEXIT_MAXIMUM_VC_COUNT 2\r
	25	\r
	26	//\r
	27	// Per-CPU data mapping structure\r
	28	// Use UINT32 for cached indicators and compare to a specific value\r
	29	// so that the hypervisor can't indicate a value is cached by just\r
	30	// writing random data to that area.\r
	31	//\r
	32	typedef struct {\r
	33	UINT32 Dr7Cached;\r
	34	UINT64 Dr7;\r
	35	\r
	36	UINTN VcCount;\r
	37	VOID *GhcbBackupPages;\r
	38	} SEV_ES_PER_CPU_DATA;\r
	39	\r
	40	//\r
	41	// Memory encryption address range states.\r
	42	//\r
	43	typedef enum {\r
	44	MemEncryptSevAddressRangeUnencrypted,\r
	45	MemEncryptSevAddressRangeEncrypted,\r
	46	MemEncryptSevAddressRangeMixed,\r
	47	MemEncryptSevAddressRangeError,\r
	48	} MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;\r
	49	\r
	50	/**\r
	51	Returns a boolean to indicate whether SEV-SNP is enabled\r
	52	\r
	53	@retval TRUE SEV-SNP is enabled\r
	54	@retval FALSE SEV-SNP is not enabled\r
	55	**/\r
	56	BOOLEAN\r
	57	EFIAPI\r
	58	MemEncryptSevSnpIsEnabled (\r
	59	VOID\r
	60	);\r
	61	\r
	62	/**\r
	63	Returns a boolean to indicate whether SEV-ES is enabled.\r
	64	\r
	65	@retval TRUE SEV-ES is enabled\r
	66	@retval FALSE SEV-ES is not enabled\r
	67	**/\r
	68	BOOLEAN\r
	69	EFIAPI\r
	70	MemEncryptSevEsIsEnabled (\r
	71	VOID\r
	72	);\r
	73	\r
	74	/**\r
	75	Returns a boolean to indicate whether SEV is enabled\r
	76	\r
	77	@retval TRUE SEV is enabled\r
	78	@retval FALSE SEV is not enabled\r
	79	**/\r
	80	BOOLEAN\r
	81	EFIAPI\r
	82	MemEncryptSevIsEnabled (\r
	83	VOID\r
	84	);\r
	85	\r
	86	/**\r
	87	This function clears memory encryption bit for the memory region specified by\r
	88	BaseAddress and NumPages from the current page table context.\r
	89	\r
	90	@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
	91	current CR3)\r
	92	@param[in] BaseAddress The physical address that is the start\r
	93	address of a memory region.\r
	94	@param[in] NumPages The number of pages from start memory\r
	95	region.\r
	96	\r
	97	@retval RETURN_SUCCESS The attributes were cleared for the\r
	98	memory region.\r
	99	@retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
	100	@retval RETURN_UNSUPPORTED Clearing the memory encryption attribute\r
	101	is not supported\r
	102	**/\r
	103	RETURN_STATUS\r
	104	EFIAPI\r
	105	MemEncryptSevClearPageEncMask (\r
	106	IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
	107	IN PHYSICAL_ADDRESS BaseAddress,\r
	108	IN UINTN NumPages\r
	109	);\r
	110	\r
	111	/**\r
	112	This function sets memory encryption bit for the memory region specified by\r
	113	BaseAddress and NumPages from the current page table context.\r
	114	\r
	115	@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
	116	current CR3)\r
	117	@param[in] BaseAddress The physical address that is the start\r
	118	address of a memory region.\r
	119	@param[in] NumPages The number of pages from start memory\r
	120	region.\r
	121	\r
	122	@retval RETURN_SUCCESS The attributes were set for the memory\r
	123	region.\r
	124	@retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
	125	@retval RETURN_UNSUPPORTED Setting the memory encryption attribute\r
	126	is not supported\r
	127	**/\r
	128	RETURN_STATUS\r
	129	EFIAPI\r
	130	MemEncryptSevSetPageEncMask (\r
	131	IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
	132	IN PHYSICAL_ADDRESS BaseAddress,\r
	133	IN UINTN NumPages\r
	134	);\r
	135	\r
	136	/**\r
	137	Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM\r
	138	Save State Map.\r
	139	\r
	140	@param[out] BaseAddress The base address of the lowest-address page that\r
	141	covers the initial SMRAM Save State Map.\r
	142	\r
	143	@param[out] NumberOfPages The number of pages in the page range that covers\r
	144	the initial SMRAM Save State Map.\r
	145	\r
	146	@retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on\r
	147	output.\r
	148	\r
	149	@retval RETURN_UNSUPPORTED SMM is unavailable.\r
	150	**/\r
	151	RETURN_STATUS\r
	152	EFIAPI\r
	153	MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
	154	OUT UINTN *BaseAddress,\r
	155	OUT UINTN *NumberOfPages\r
	156	);\r
	157	\r
	158	/**\r
	159	Returns the SEV encryption mask.\r
	160	\r
	161	@return The SEV pagetable encryption mask\r
	162	**/\r
	163	UINT64\r
	164	EFIAPI\r
	165	MemEncryptSevGetEncryptionMask (\r
	166	VOID\r
	167	);\r
	168	\r
	169	/**\r
	170	Returns the encryption state of the specified virtual address range.\r
	171	\r
	172	@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
	173	current CR3)\r
	174	@param[in] BaseAddress Base address to check\r
	175	@param[in] Length Length of virtual address range\r
	176	\r
	177	@retval MemEncryptSevAddressRangeUnencrypted Address range is mapped\r
	178	unencrypted\r
	179	@retval MemEncryptSevAddressRangeEncrypted Address range is mapped\r
	180	encrypted\r
	181	@retval MemEncryptSevAddressRangeMixed Address range is mapped mixed\r
	182	@retval MemEncryptSevAddressRangeError Address range is not mapped\r
	183	**/\r
	184	MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE\r
	185	EFIAPI\r
	186	MemEncryptSevGetAddressRangeState (\r
	187	IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
	188	IN PHYSICAL_ADDRESS BaseAddress,\r
	189	IN UINTN Length\r
	190	);\r
	191	\r
	192	/**\r
	193	This function clears memory encryption bit for the MMIO region specified by\r
	194	BaseAddress and NumPages.\r
	195	\r
	196	@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
	197	current CR3)\r
	198	@param[in] BaseAddress The physical address that is the start\r
	199	address of a MMIO region.\r
	200	@param[in] NumPages The number of pages from start memory\r
	201	region.\r
	202	\r
	203	@retval RETURN_SUCCESS The attributes were cleared for the\r
	204	memory region.\r
	205	@retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
	206	@retval RETURN_UNSUPPORTED Clearing the memory encryption attribute\r
	207	is not supported\r
	208	**/\r
	209	RETURN_STATUS\r
	210	EFIAPI\r
	211	MemEncryptSevClearMmioPageEncMask (\r
	212	IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
	213	IN PHYSICAL_ADDRESS BaseAddress,\r
	214	IN UINTN NumPages\r
	215	);\r
	216	\r
	217	/**\r
	218	Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.\r
	219	\r
	220	@param[in] BaseAddress Base address\r
	221	@param[in] NumPages Number of pages starting from the base address\r
	222	\r
	223	**/\r
	224	VOID\r
	225	EFIAPI\r
	226	MemEncryptSevSnpPreValidateSystemRam (\r
	227	IN PHYSICAL_ADDRESS BaseAddress,\r
	228	IN UINTN NumPages\r
	229	);\r
	230	\r
	231	#endif // _MEM_ENCRYPT_SEV_LIB_H_\r