3 AMD Sev Dxe driver. This driver is dispatched early in DXE, due to being list
4 in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when SEV
7 Copyright (c) 2017 - 2020, AMD Inc. All rights reserved.<BR>
9 SPDX-License-Identifier: BSD-2-Clause-Patent
13 #include <IndustryStandard/Q35MchIch9.h>
14 #include <Library/BaseLib.h>
15 #include <Library/BaseMemoryLib.h>
16 #include <Library/DebugLib.h>
17 #include <Library/DxeServicesTableLib.h>
18 #include <Library/MemEncryptSevLib.h>
19 #include <Library/MemoryAllocationLib.h>
20 #include <Library/UefiBootServicesTableLib.h>
21 #include <Guid/ConfidentialComputingSevSnpBlob.h>
22 #include <Library/PcdLib.h>
23 #include <Pi/PrePiDxeCis.h>
24 #include <Protocol/SevMemoryAcceptance.h>
25 #include <Protocol/MemoryAccept.h>
26 #include <Uefi/UefiSpec.h>
28 // Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
29 #define EFI_MEMORY_INTERNAL_MASK 0x0700000000000000ULL
31 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable
= {
32 SIGNATURE_32 ('A', 'M', 'D', 'E'),
35 (UINT64
)(UINTN
)FixedPcdGet32 (PcdOvmfSnpSecretsBase
),
36 FixedPcdGet32 (PcdOvmfSnpSecretsSize
),
37 (UINT64
)(UINTN
)FixedPcdGet32 (PcdOvmfCpuidBase
),
38 FixedPcdGet32 (PcdOvmfCpuidSize
),
41 STATIC EFI_HANDLE mAmdSevDxeHandle
= NULL
;
43 STATIC BOOLEAN mAcceptAllMemoryAtEBS
= TRUE
;
45 STATIC EFI_EVENT mAcceptAllMemoryEvent
= NULL
;
47 #define IS_ALIGNED(x, y) ((((x) & ((y) - 1)) == 0))
53 IN EDKII_MEMORY_ACCEPT_PROTOCOL
*This
,
54 IN EFI_PHYSICAL_ADDRESS StartAddress
,
59 // The StartAddress must be page-aligned, and the Size must be a positive
60 // multiple of SIZE_4KB. Use an assert instead of returning an erros since
61 // this is an EDK2-internal protocol.
63 ASSERT (IS_ALIGNED (StartAddress
, SIZE_4KB
));
64 ASSERT (IS_ALIGNED (Size
, SIZE_4KB
));
67 MemEncryptSevSnpPreValidateSystemRam (
69 EFI_SIZE_TO_PAGES (Size
)
81 EFI_GCD_MEMORY_SPACE_DESCRIPTOR
*AllDescMap
;
86 DEBUG ((DEBUG_INFO
, "Accepting all memory\n"));
89 * Get a copy of the memory space map to iterate over while
92 Status
= gDS
->GetMemorySpaceMap (&NumEntries
, &AllDescMap
);
93 if (EFI_ERROR (Status
)) {
97 for (Index
= 0; Index
< NumEntries
; Index
++) {
98 CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR
*Desc
;
100 Desc
= &AllDescMap
[Index
];
101 if (Desc
->GcdMemoryType
!= EFI_GCD_MEMORY_TYPE_UNACCEPTED
) {
105 Status
= AmdSevMemoryAccept (
110 if (EFI_ERROR (Status
)) {
114 Status
= gDS
->RemoveMemorySpace (Desc
->BaseAddress
, Desc
->Length
);
115 if (EFI_ERROR (Status
)) {
119 Status
= gDS
->AddMemorySpace (
120 EfiGcdMemoryTypeSystemMemory
,
123 // Allocable system memory resource capabilities as masked
124 // in MdeModulePkg/Core/Dxe/Mem/Page.c:PromoteMemoryResource
125 Desc
->Capabilities
& ~(EFI_MEMORY_INTERNAL_MASK
| EFI_MEMORY_RUNTIME
)
127 if (EFI_ERROR (Status
)) {
132 gBS
->FreePool (AllDescMap
);
133 gBS
->CloseEvent (mAcceptAllMemoryEvent
);
139 ResolveUnacceptedMemory (
146 if (!mAcceptAllMemoryAtEBS
) {
150 Status
= AcceptAllMemory ();
151 ASSERT_EFI_ERROR (Status
);
157 AllowUnacceptedMemory (
158 IN OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL
*This
161 mAcceptAllMemoryAtEBS
= FALSE
;
166 OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL
167 mMemoryAcceptanceProtocol
= { AllowUnacceptedMemory
};
169 STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol
= {
175 AmdSevDxeEntryPoint (
176 IN EFI_HANDLE ImageHandle
,
177 IN EFI_SYSTEM_TABLE
*SystemTable
181 EFI_GCD_MEMORY_SPACE_DESCRIPTOR
*AllDescMap
;
186 // Do nothing when SEV is not enabled
188 if (!MemEncryptSevIsEnabled ()) {
189 return EFI_UNSUPPORTED
;
193 // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
194 // memory space. The NonExistent memory space will be used for mapping the
195 // MMIO space added later (eg PciRootBridge). By clearing both known MMIO and
196 // NonExistent memory space can gurantee that current and furture MMIO adds
197 // will have C-bit cleared.
199 Status
= gDS
->GetMemorySpaceMap (&NumEntries
, &AllDescMap
);
200 if (!EFI_ERROR (Status
)) {
201 for (Index
= 0; Index
< NumEntries
; Index
++) {
202 CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR
*Desc
;
204 Desc
= &AllDescMap
[Index
];
205 if ((Desc
->GcdMemoryType
== EfiGcdMemoryTypeMemoryMappedIo
) ||
206 (Desc
->GcdMemoryType
== EfiGcdMemoryTypeNonExistent
))
208 Status
= MemEncryptSevClearMmioPageEncMask (
211 EFI_SIZE_TO_PAGES (Desc
->Length
)
213 ASSERT_EFI_ERROR (Status
);
217 FreePool (AllDescMap
);
221 // If PCI Express is enabled, the MMCONFIG area has been reserved, rather
222 // than marked as MMIO, and so the C-bit won't be cleared by the above walk
223 // through the GCD map. Check for the MMCONFIG area and clear the C-bit for
226 if (PcdGet16 (PcdOvmfHostBridgePciDevId
) == INTEL_Q35_MCH_DEVICE_ID
) {
227 Status
= MemEncryptSevClearMmioPageEncMask (
229 FixedPcdGet64 (PcdPciExpressBaseAddress
),
230 EFI_SIZE_TO_PAGES (SIZE_256MB
)
233 ASSERT_EFI_ERROR (Status
);
237 // When SMM is enabled, clear the C-bit from SMM Saved State Area
239 // NOTES: The SavedStateArea address cleared here is before SMBASE
240 // relocation. Currently, we do not clear the SavedStateArea address after
241 // SMBASE is relocated due to the following reasons:
243 // 1) Guest BIOS never access the relocated SavedStateArea.
245 // 2) The C-bit works on page-aligned address, but the SavedStateArea
246 // address is not a page-aligned. Theoretically, we could roundup the address
247 // and clear the C-bit of aligned address but looking carefully we found
248 // that some portion of the page contains code -- which will causes a bigger
249 // issues for SEV guest. When SEV is enabled, all the code must be encrypted
250 // otherwise hardware will cause trap.
252 // We restore the C-bit for this SMM Saved State Area after SMBASE relocation
253 // is completed (See OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c).
255 if (FeaturePcdGet (PcdSmmSmramRequire
)) {
259 Status
= MemEncryptSevLocateInitialSmramSaveStateMapPages (
263 ASSERT_EFI_ERROR (Status
);
266 // Although these pages were set aside (i.e., allocated) by PlatformPei, we
267 // could be after a warm reboot from the OS. Don't leak any stale OS data
268 // to the hypervisor.
270 ZeroMem ((VOID
*)MapPagesBase
, EFI_PAGES_TO_SIZE (MapPagesCount
));
272 Status
= MemEncryptSevClearPageEncMask (
273 0, // Cr3BaseAddress -- use current CR3
274 MapPagesBase
, // BaseAddress
275 MapPagesCount
// NumPages
277 if (EFI_ERROR (Status
)) {
280 "%a: MemEncryptSevClearPageEncMask(): %r\n",
289 if (MemEncryptSevSnpIsEnabled ()) {
291 // Memory acceptance began being required in SEV-SNP, so install the
292 // memory accept protocol implementation for a SEV-SNP active guest.
294 Status
= gBS
->InstallMultipleProtocolInterfaces (
296 &gEdkiiMemoryAcceptProtocolGuid
,
297 &mMemoryAcceptProtocol
,
298 &gOvmfSevMemoryAcceptanceProtocolGuid
,
299 &mMemoryAcceptanceProtocol
,
302 ASSERT_EFI_ERROR (Status
);
304 // SEV-SNP support does not automatically imply unaccepted memory support,
305 // so make ExitBootServices accept all unaccepted memory if support is
307 Status
= gBS
->CreateEventEx (
310 ResolveUnacceptedMemory
,
312 &gEfiEventBeforeExitBootServicesGuid
,
313 &mAcceptAllMemoryEvent
316 if (EFI_ERROR (Status
)) {
317 DEBUG ((DEBUG_ERROR
, "AllowUnacceptedMemory event creation for EventBeforeExitBootServices failed.\n"));
321 // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
322 // It contains the location for both the Secrets and CPUID page.
324 return gBS
->InstallConfigurationTable (
325 &gConfidentialComputingSevSnpBlobGuid
,