3 Define Secure Encrypted Virtualization (SEV) base library helper function
5 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #ifndef _MEM_ENCRYPT_SEV_LIB_H_
12 #define _MEM_ENCRYPT_SEV_LIB_H_
18 // Define the maximum number of #VCs allowed (e.g. the level of nesting
19 // that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
20 // be sure to increase the size of
21 // gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
22 // in any FDF file using this PCD.
24 #define VMGEXIT_MAXIMUM_VC_COUNT 2
27 // Per-CPU data mapping structure
28 // Use UINT32 for cached indicators and compare to a specific value
29 // so that the hypervisor can't indicate a value is cached by just
30 // writing random data to that area.
37 VOID
*GhcbBackupPages
;
38 } SEV_ES_PER_CPU_DATA
;
41 // Memory encryption address range states.
44 MemEncryptSevAddressRangeUnencrypted
,
45 MemEncryptSevAddressRangeEncrypted
,
46 MemEncryptSevAddressRangeMixed
,
47 MemEncryptSevAddressRangeError
,
48 } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
;
51 Returns a boolean to indicate whether SEV-SNP is enabled
53 @retval TRUE SEV-SNP is enabled
54 @retval FALSE SEV-SNP is not enabled
58 MemEncryptSevSnpIsEnabled (
63 Returns a boolean to indicate whether SEV-ES is enabled.
65 @retval TRUE SEV-ES is enabled
66 @retval FALSE SEV-ES is not enabled
70 MemEncryptSevEsIsEnabled (
75 Returns a boolean to indicate whether SEV is enabled
77 @retval TRUE SEV is enabled
78 @retval FALSE SEV is not enabled
82 MemEncryptSevIsEnabled (
87 This function clears memory encryption bit for the memory region specified by
88 BaseAddress and NumPages from the current page table context.
90 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
92 @param[in] BaseAddress The physical address that is the start
93 address of a memory region.
94 @param[in] NumPages The number of pages from start memory
97 @retval RETURN_SUCCESS The attributes were cleared for the
99 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
100 @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
105 MemEncryptSevClearPageEncMask (
106 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
107 IN PHYSICAL_ADDRESS BaseAddress
,
112 This function sets memory encryption bit for the memory region specified by
113 BaseAddress and NumPages from the current page table context.
115 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
117 @param[in] BaseAddress The physical address that is the start
118 address of a memory region.
119 @param[in] NumPages The number of pages from start memory
122 @retval RETURN_SUCCESS The attributes were set for the memory
124 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
125 @retval RETURN_UNSUPPORTED Setting the memory encryption attribute
130 MemEncryptSevSetPageEncMask (
131 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
132 IN PHYSICAL_ADDRESS BaseAddress
,
137 Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
140 @param[out] BaseAddress The base address of the lowest-address page that
141 covers the initial SMRAM Save State Map.
143 @param[out] NumberOfPages The number of pages in the page range that covers
144 the initial SMRAM Save State Map.
146 @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on
149 @retval RETURN_UNSUPPORTED SMM is unavailable.
153 MemEncryptSevLocateInitialSmramSaveStateMapPages (
154 OUT UINTN
*BaseAddress
,
155 OUT UINTN
*NumberOfPages
159 Returns the SEV encryption mask.
161 @return The SEV pagetable encryption mask
165 MemEncryptSevGetEncryptionMask (
170 Returns the encryption state of the specified virtual address range.
172 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
174 @param[in] BaseAddress Base address to check
175 @param[in] Length Length of virtual address range
177 @retval MemEncryptSevAddressRangeUnencrypted Address range is mapped
179 @retval MemEncryptSevAddressRangeEncrypted Address range is mapped
181 @retval MemEncryptSevAddressRangeMixed Address range is mapped mixed
182 @retval MemEncryptSevAddressRangeError Address range is not mapped
184 MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
186 MemEncryptSevGetAddressRangeState (
187 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
188 IN PHYSICAL_ADDRESS BaseAddress
,
193 This function clears memory encryption bit for the MMIO region specified by
194 BaseAddress and NumPages.
196 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
198 @param[in] BaseAddress The physical address that is the start
199 address of a MMIO region.
200 @param[in] NumPages The number of pages from start memory
203 @retval RETURN_SUCCESS The attributes were cleared for the
205 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
206 @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
211 MemEncryptSevClearMmioPageEncMask (
212 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
213 IN PHYSICAL_ADDRESS BaseAddress
,
218 Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
220 @param[in] BaseAddress Base address
221 @param[in] NumPages Number of pages starting from the base address
226 MemEncryptSevSnpPreValidateSystemRam (
227 IN PHYSICAL_ADDRESS BaseAddress
,
231 #endif // _MEM_ENCRYPT_SEV_LIB_H_