OvmfPkg/Include/Library/MemEncryptSevLib.h

   1 /** @file
   2
   3   Define Secure Encrypted Virtualization (SEV) base library helper function
   4
   5   Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
   6
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10
  11 #ifndef _MEM_ENCRYPT_SEV_LIB_H_
  12 #define _MEM_ENCRYPT_SEV_LIB_H_
  13
  14 #include <Base.h>
  15 #include <WorkArea.h>
  16
  17 //
  18 // Define the maximum number of #VCs allowed (e.g. the level of nesting
  19 // that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
  20 // be sure to increase the size of
  21 //   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
  22 // in any FDF file using this PCD.
  23 //
  24 #define VMGEXIT_MAXIMUM_VC_COUNT   2
  25
  26 //
  27 // Per-CPU data mapping structure
  28 //   Use UINT32 for cached indicators and compare to a specific value
  29 //   so that the hypervisor can't indicate a value is cached by just
  30 //   writing random data to that area.
  31 //
  32 typedef struct {
  33   UINT32  Dr7Cached;
  34   UINT64  Dr7;
  35
  36   UINTN   VcCount;
  37   VOID    *GhcbBackupPages;
  38 } SEV_ES_PER_CPU_DATA;
  39
  40 //
  41 // Memory encryption address range states.
  42 //
  43 typedef enum {
  44   MemEncryptSevAddressRangeUnencrypted,
  45   MemEncryptSevAddressRangeEncrypted,
  46   MemEncryptSevAddressRangeMixed,
  47   MemEncryptSevAddressRangeError,
  48 } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;
  49
  50 /**
  51   Returns a boolean to indicate whether SEV-ES is enabled.
  52
  53   @retval TRUE           SEV-ES is enabled
  54   @retval FALSE          SEV-ES is not enabled
  55 **/
  56 BOOLEAN
  57 EFIAPI
  58 MemEncryptSevEsIsEnabled (
  59   VOID
  60   );
  61
  62 /**
  63   Returns a boolean to indicate whether SEV is enabled
  64
  65   @retval TRUE           SEV is enabled
  66   @retval FALSE          SEV is not enabled
  67 **/
  68 BOOLEAN
  69 EFIAPI
  70 MemEncryptSevIsEnabled (
  71   VOID
  72   );
  73
  74 /**
  75   This function clears memory encryption bit for the memory region specified by
  76   BaseAddress and NumPages from the current page table context.
  77
  78   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
  79                                       current CR3)
  80   @param[in]  BaseAddress             The physical address that is the start
  81                                       address of a memory region.
  82   @param[in]  NumPages                The number of pages from start memory
  83                                       region.
  84
  85   @retval RETURN_SUCCESS              The attributes were cleared for the
  86                                       memory region.
  87   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
  88   @retval RETURN_UNSUPPORTED          Clearing the memory encryption attribute
  89                                       is not supported
  90 **/
  91 RETURN_STATUS
  92 EFIAPI
  93 MemEncryptSevClearPageEncMask (
  94   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
  95   IN PHYSICAL_ADDRESS         BaseAddress,
  96   IN UINTN                    NumPages
  97   );
  98
  99 /**
 100   This function sets memory encryption bit for the memory region specified by
 101   BaseAddress and NumPages from the current page table context.
 102
 103   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
 104                                       current CR3)
 105   @param[in]  BaseAddress             The physical address that is the start
 106                                       address of a memory region.
 107   @param[in]  NumPages                The number of pages from start memory
 108                                       region.
 109
 110   @retval RETURN_SUCCESS              The attributes were set for the memory
 111                                       region.
 112   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
 113   @retval RETURN_UNSUPPORTED          Setting the memory encryption attribute
 114                                       is not supported
 115 **/
 116 RETURN_STATUS
 117 EFIAPI
 118 MemEncryptSevSetPageEncMask (
 119   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
 120   IN PHYSICAL_ADDRESS         BaseAddress,
 121   IN UINTN                    NumPages
 122   );
 123
 124
 125 /**
 126   Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
 127   Save State Map.
 128
 129   @param[out] BaseAddress     The base address of the lowest-address page that
 130                               covers the initial SMRAM Save State Map.
 131
 132   @param[out] NumberOfPages   The number of pages in the page range that covers
 133                               the initial SMRAM Save State Map.
 134
 135   @retval RETURN_SUCCESS      BaseAddress and NumberOfPages have been set on
 136                               output.
 137
 138   @retval RETURN_UNSUPPORTED  SMM is unavailable.
 139 **/
 140 RETURN_STATUS
 141 EFIAPI
 142 MemEncryptSevLocateInitialSmramSaveStateMapPages (
 143   OUT UINTN *BaseAddress,
 144   OUT UINTN *NumberOfPages
 145   );
 146
 147 /**
 148   Returns the SEV encryption mask.
 149
 150   @return  The SEV pagetable encryption mask
 151 **/
 152 UINT64
 153 EFIAPI
 154 MemEncryptSevGetEncryptionMask (
 155   VOID
 156   );
 157
 158 /**
 159   Returns the encryption state of the specified virtual address range.
 160
 161   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
 162                                       current CR3)
 163   @param[in]  BaseAddress             Base address to check
 164   @param[in]  Length                  Length of virtual address range
 165
 166   @retval MemEncryptSevAddressRangeUnencrypted  Address range is mapped
 167                                                 unencrypted
 168   @retval MemEncryptSevAddressRangeEncrypted    Address range is mapped
 169                                                 encrypted
 170   @retval MemEncryptSevAddressRangeMixed        Address range is mapped mixed
 171   @retval MemEncryptSevAddressRangeError        Address range is not mapped
 172 **/
 173 MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
 174 EFIAPI
 175 MemEncryptSevGetAddressRangeState (
 176   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
 177   IN PHYSICAL_ADDRESS         BaseAddress,
 178   IN UINTN                    Length
 179   );
 180
 181 /**
 182   This function clears memory encryption bit for the MMIO region specified by
 183   BaseAddress and NumPages.
 184
 185   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
 186                                       current CR3)
 187   @param[in]  BaseAddress             The physical address that is the start
 188                                       address of a MMIO region.
 189   @param[in]  NumPages                The number of pages from start memory
 190                                       region.
 191
 192   @retval RETURN_SUCCESS              The attributes were cleared for the
 193                                       memory region.
 194   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
 195   @retval RETURN_UNSUPPORTED          Clearing the memory encryption attribute
 196                                       is not supported
 197 **/
 198 RETURN_STATUS
 199 EFIAPI
 200 MemEncryptSevClearMmioPageEncMask (
 201   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
 202   IN PHYSICAL_ADDRESS         BaseAddress,
 203   IN UINTN                    NumPages
 204   );
 205
 206 #endif // _MEM_ENCRYPT_SEV_LIB_H_