]> git.proxmox.com Git - mirror_edk2.git/blob - OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled()
[mirror_edk2.git] / OvmfPkg / Library / BaseMemEncryptSevLib / DxeMemEncryptSevLibInternal.c
1 /** @file
2
3 Secure Encrypted Virtualization (SEV) library helper function
4
5 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
6
7 SPDX-License-Identifier: BSD-2-Clause-Patent
8
9 **/
10
11 #include <Library/BaseLib.h>
12 #include <Library/DebugLib.h>
13 #include <Library/MemEncryptSevLib.h>
14 #include <Library/PcdLib.h>
15 #include <Register/Amd/Cpuid.h>
16 #include <Register/Amd/Msr.h>
17 #include <Register/Cpuid.h>
18 #include <Uefi/UefiBaseType.h>
19
20 STATIC BOOLEAN mSevStatus = FALSE;
21 STATIC BOOLEAN mSevEsStatus = FALSE;
22 STATIC BOOLEAN mSevSnpStatus = FALSE;
23 STATIC BOOLEAN mSevStatusChecked = FALSE;
24
25 STATIC UINT64 mSevEncryptionMask = 0;
26 STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
27
28 /**
29 Reads and sets the status of SEV features.
30
31 **/
32 STATIC
33 VOID
34 EFIAPI
35 InternalMemEncryptSevStatus (
36 VOID
37 )
38 {
39 UINT32 RegEax;
40 MSR_SEV_STATUS_REGISTER Msr;
41 CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
42 BOOLEAN ReadSevMsr;
43 UINT64 EncryptionMask;
44
45 ReadSevMsr = FALSE;
46
47 EncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
48 if (EncryptionMask != 0) {
49 //
50 // The MSR has been read before, so it is safe to read it again and avoid
51 // having to validate the CPUID information.
52 //
53 ReadSevMsr = TRUE;
54 } else {
55 //
56 // Check if memory encryption leaf exist
57 //
58 AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
59 if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
60 //
61 // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
62 //
63 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
64
65 if (Eax.Bits.SevBit) {
66 ReadSevMsr = TRUE;
67 }
68 }
69 }
70
71 if (ReadSevMsr) {
72 //
73 // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
74 //
75 Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
76 if (Msr.Bits.SevBit) {
77 mSevStatus = TRUE;
78 }
79
80 //
81 // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
82 //
83 if (Msr.Bits.SevEsBit) {
84 mSevEsStatus = TRUE;
85 }
86
87 //
88 // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled)
89 //
90 if (Msr.Bits.SevSnpBit) {
91 mSevSnpStatus = TRUE;
92 }
93 }
94
95 mSevStatusChecked = TRUE;
96 }
97
98 /**
99 Returns a boolean to indicate whether SEV-SNP is enabled.
100
101 @retval TRUE SEV-SNP is enabled
102 @retval FALSE SEV-SNP is not enabled
103 **/
104 BOOLEAN
105 EFIAPI
106 MemEncryptSevSnpIsEnabled (
107 VOID
108 )
109 {
110 if (!mSevStatusChecked) {
111 InternalMemEncryptSevStatus ();
112 }
113
114 return mSevSnpStatus;
115 }
116
117 /**
118 Returns a boolean to indicate whether SEV-ES is enabled.
119
120 @retval TRUE SEV-ES is enabled
121 @retval FALSE SEV-ES is not enabled
122 **/
123 BOOLEAN
124 EFIAPI
125 MemEncryptSevEsIsEnabled (
126 VOID
127 )
128 {
129 if (!mSevStatusChecked) {
130 InternalMemEncryptSevStatus ();
131 }
132
133 return mSevEsStatus;
134 }
135
136 /**
137 Returns a boolean to indicate whether SEV is enabled.
138
139 @retval TRUE SEV is enabled
140 @retval FALSE SEV is not enabled
141 **/
142 BOOLEAN
143 EFIAPI
144 MemEncryptSevIsEnabled (
145 VOID
146 )
147 {
148 if (!mSevStatusChecked) {
149 InternalMemEncryptSevStatus ();
150 }
151
152 return mSevStatus;
153 }
154
155 /**
156 Returns the SEV encryption mask.
157
158 @return The SEV pagtable encryption mask
159 **/
160 UINT64
161 EFIAPI
162 MemEncryptSevGetEncryptionMask (
163 VOID
164 )
165 {
166 if (!mSevEncryptionMaskSaved) {
167 mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
168 mSevEncryptionMaskSaved = TRUE;
169 }
170
171 return mSevEncryptionMask;
172 }
EFI Development Kit II mirror for PVE