3 Secure Encrypted Virtualization (SEV) library helper function
5 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #include <Library/BaseLib.h>
12 #include <Library/DebugLib.h>
13 #include <Library/MemEncryptSevLib.h>
14 #include <Library/PcdLib.h>
15 #include <Register/Amd/Cpuid.h>
16 #include <Register/Amd/Msr.h>
17 #include <Register/Cpuid.h>
18 #include <Uefi/UefiBaseType.h>
20 STATIC BOOLEAN mSevStatus
= FALSE
;
21 STATIC BOOLEAN mSevEsStatus
= FALSE
;
22 STATIC BOOLEAN mSevSnpStatus
= FALSE
;
23 STATIC BOOLEAN mSevStatusChecked
= FALSE
;
25 STATIC UINT64 mSevEncryptionMask
= 0;
26 STATIC BOOLEAN mSevEncryptionMaskSaved
= FALSE
;
29 Reads and sets the status of SEV features.
35 InternalMemEncryptSevStatus (
40 MSR_SEV_STATUS_REGISTER Msr
;
41 CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax
;
43 UINT64 EncryptionMask
;
47 EncryptionMask
= PcdGet64 (PcdPteMemoryEncryptionAddressOrMask
);
48 if (EncryptionMask
!= 0) {
50 // The MSR has been read before, so it is safe to read it again and avoid
51 // having to validate the CPUID information.
56 // Check if memory encryption leaf exist
58 AsmCpuid (CPUID_EXTENDED_FUNCTION
, &RegEax
, NULL
, NULL
, NULL
);
59 if (RegEax
>= CPUID_MEMORY_ENCRYPTION_INFO
) {
61 // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
63 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, &Eax
.Uint32
, NULL
, NULL
, NULL
);
65 if (Eax
.Bits
.SevBit
) {
73 // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
75 Msr
.Uint32
= AsmReadMsr32 (MSR_SEV_STATUS
);
76 if (Msr
.Bits
.SevBit
) {
81 // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
83 if (Msr
.Bits
.SevEsBit
) {
88 // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
90 if (Msr
.Bits
.SevSnpBit
) {
95 mSevStatusChecked
= TRUE
;
99 Returns a boolean to indicate whether SEV-SNP is enabled.
101 @retval TRUE SEV-SNP is enabled
102 @retval FALSE SEV-SNP is not enabled
106 MemEncryptSevSnpIsEnabled (
110 if (!mSevStatusChecked
) {
111 InternalMemEncryptSevStatus ();
114 return mSevSnpStatus
;
118 Returns a boolean to indicate whether SEV-ES is enabled.
120 @retval TRUE SEV-ES is enabled
121 @retval FALSE SEV-ES is not enabled
125 MemEncryptSevEsIsEnabled (
129 if (!mSevStatusChecked
) {
130 InternalMemEncryptSevStatus ();
137 Returns a boolean to indicate whether SEV is enabled.
139 @retval TRUE SEV is enabled
140 @retval FALSE SEV is not enabled
144 MemEncryptSevIsEnabled (
148 if (!mSevStatusChecked
) {
149 InternalMemEncryptSevStatus ();
156 Returns the SEV encryption mask.
158 @return The SEV pagtable encryption mask
162 MemEncryptSevGetEncryptionMask (
166 if (!mSevEncryptionMaskSaved
) {
167 mSevEncryptionMask
= PcdGet64 (PcdPteMemoryEncryptionAddressOrMask
);
168 mSevEncryptionMaskSaved
= TRUE
;
171 return mSevEncryptionMask
;