OvmfPkg/Include/Library/MemEncryptSevLib.h

   1 /** @file
   2
   3   Define Secure Encrypted Virtualization (SEV) base library helper function
   4
   5   Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
   6
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10
  11 #ifndef _MEM_ENCRYPT_SEV_LIB_H_
  12 #define _MEM_ENCRYPT_SEV_LIB_H_
  13
  14 #include <Base.h>
  15
  16 //
  17 // Define the maximum number of #VCs allowed (e.g. the level of nesting
  18 // that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
  19 // be sure to increase the size of
  20 //   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
  21 // in any FDF file using this PCD.
  22 //
  23 #define VMGEXIT_MAXIMUM_VC_COUNT   2
  24
  25 //
  26 // Per-CPU data mapping structure
  27 //   Use UINT32 for cached indicators and compare to a specific value
  28 //   so that the hypervisor can't indicate a value is cached by just
  29 //   writing random data to that area.
  30 //
  31 typedef struct {
  32   UINT32  Dr7Cached;
  33   UINT64  Dr7;
  34
  35   UINTN   VcCount;
  36   VOID    *GhcbBackupPages;
  37 } SEV_ES_PER_CPU_DATA;
  38
  39 //
  40 // Internal structure for holding SEV-ES information needed during SEC phase
  41 // and valid only during SEC phase and early PEI during platform
  42 // initialization.
  43 //
  44 // This structure is also used by assembler files:
  45 //   OvmfPkg/ResetVector/ResetVector.nasmb
  46 //   OvmfPkg/ResetVector/Ia32/PageTables64.asm
  47 //   OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
  48 // any changes must stay in sync with its usage.
  49 //
  50 typedef struct _SEC_SEV_ES_WORK_AREA {
  51   UINT8    SevEsEnabled;
  52   UINT8    Reserved1[7];
  53
  54   UINT64   RandomData;
  55
  56   UINT64   EncryptionMask;
  57 } SEC_SEV_ES_WORK_AREA;
  58
  59 //
  60 // Memory encryption address range states.
  61 //
  62 typedef enum {
  63   MemEncryptSevAddressRangeUnencrypted,
  64   MemEncryptSevAddressRangeEncrypted,
  65   MemEncryptSevAddressRangeMixed,
  66   MemEncryptSevAddressRangeError,
  67 } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;
  68
  69 /**
  70   Returns a boolean to indicate whether SEV-ES is enabled.
  71
  72   @retval TRUE           SEV-ES is enabled
  73   @retval FALSE          SEV-ES is not enabled
  74 **/
  75 BOOLEAN
  76 EFIAPI
  77 MemEncryptSevEsIsEnabled (
  78   VOID
  79   );
  80
  81 /**
  82   Returns a boolean to indicate whether SEV is enabled
  83
  84   @retval TRUE           SEV is enabled
  85   @retval FALSE          SEV is not enabled
  86 **/
  87 BOOLEAN
  88 EFIAPI
  89 MemEncryptSevIsEnabled (
  90   VOID
  91   );
  92
  93 /**
  94   This function clears memory encryption bit for the memory region specified by
  95   BaseAddress and NumPages from the current page table context.
  96
  97   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
  98                                       current CR3)
  99   @param[in]  BaseAddress             The physical address that is the start
 100                                       address of a memory region.
 101   @param[in]  NumPages                The number of pages from start memory
 102                                       region.
 103   @param[in]  Flush                   Flush the caches before clearing the bit
 104                                       (mostly TRUE except MMIO addresses)
 105
 106   @retval RETURN_SUCCESS              The attributes were cleared for the
 107                                       memory region.
 108   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
 109   @retval RETURN_UNSUPPORTED          Clearing the memory encryption attribute
 110                                       is not supported
 111 **/
 112 RETURN_STATUS
 113 EFIAPI
 114 MemEncryptSevClearPageEncMask (
 115   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
 116   IN PHYSICAL_ADDRESS         BaseAddress,
 117   IN UINTN                    NumPages,
 118   IN BOOLEAN                  Flush
 119   );
 120
 121 /**
 122   This function sets memory encryption bit for the memory region specified by
 123   BaseAddress and NumPages from the current page table context.
 124
 125   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
 126                                       current CR3)
 127   @param[in]  BaseAddress             The physical address that is the start
 128                                       address of a memory region.
 129   @param[in]  NumPages                The number of pages from start memory
 130                                       region.
 131   @param[in]  Flush                   Flush the caches before setting the bit
 132                                       (mostly TRUE except MMIO addresses)
 133
 134   @retval RETURN_SUCCESS              The attributes were set for the memory
 135                                       region.
 136   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
 137   @retval RETURN_UNSUPPORTED          Setting the memory encryption attribute
 138                                       is not supported
 139 **/
 140 RETURN_STATUS
 141 EFIAPI
 142 MemEncryptSevSetPageEncMask (
 143   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
 144   IN PHYSICAL_ADDRESS         BaseAddress,
 145   IN UINTN                    NumPages,
 146   IN BOOLEAN                  Flush
 147   );
 148
 149
 150 /**
 151   Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
 152   Save State Map.
 153
 154   @param[out] BaseAddress     The base address of the lowest-address page that
 155                               covers the initial SMRAM Save State Map.
 156
 157   @param[out] NumberOfPages   The number of pages in the page range that covers
 158                               the initial SMRAM Save State Map.
 159
 160   @retval RETURN_SUCCESS      BaseAddress and NumberOfPages have been set on
 161                               output.
 162
 163   @retval RETURN_UNSUPPORTED  SMM is unavailable.
 164 **/
 165 RETURN_STATUS
 166 EFIAPI
 167 MemEncryptSevLocateInitialSmramSaveStateMapPages (
 168   OUT UINTN *BaseAddress,
 169   OUT UINTN *NumberOfPages
 170   );
 171
 172 /**
 173   Returns the SEV encryption mask.
 174
 175   @return  The SEV pagetable encryption mask
 176 **/
 177 UINT64
 178 EFIAPI
 179 MemEncryptSevGetEncryptionMask (
 180   VOID
 181   );
 182
 183 /**
 184   Returns the encryption state of the specified virtual address range.
 185
 186   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
 187                                       current CR3)
 188   @param[in]  BaseAddress             Base address to check
 189   @param[in]  Length                  Length of virtual address range
 190
 191   @retval MemEncryptSevAddressRangeUnencrypted  Address range is mapped
 192                                                 unencrypted
 193   @retval MemEncryptSevAddressRangeEncrypted    Address range is mapped
 194                                                 encrypted
 195   @retval MemEncryptSevAddressRangeMixed        Address range is mapped mixed
 196   @retval MemEncryptSevAddressRangeError        Address range is not mapped
 197 **/
 198 MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
 199 EFIAPI
 200 MemEncryptSevGetAddressRangeState (
 201   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
 202   IN PHYSICAL_ADDRESS         BaseAddress,
 203   IN UINTN                    Length
 204   );
 205
 206 #endif // _MEM_ENCRYPT_SEV_LIB_H_