3 Secure Encrypted Virtualization (SEV) library helper function
5 Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #include <Library/BaseLib.h>
12 #include <Library/DebugLib.h>
13 #include <Library/MemEncryptSevLib.h>
14 #include <Library/PcdLib.h>
15 #include <Register/Amd/Cpuid.h>
16 #include <Register/Amd/Msr.h>
17 #include <Register/Cpuid.h>
18 #include <Uefi/UefiBaseType.h>
20 STATIC BOOLEAN mSevStatus
= FALSE
;
21 STATIC BOOLEAN mSevEsStatus
= FALSE
;
22 STATIC BOOLEAN mSevStatusChecked
= FALSE
;
24 STATIC UINT64 mSevEncryptionMask
= 0;
25 STATIC BOOLEAN mSevEncryptionMaskSaved
= FALSE
;
28 Reads and sets the status of SEV features.
34 InternalMemEncryptSevStatus (
39 MSR_SEV_STATUS_REGISTER Msr
;
40 CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax
;
42 SEC_SEV_ES_WORK_AREA
*SevEsWorkArea
;
46 SevEsWorkArea
= (SEC_SEV_ES_WORK_AREA
*)FixedPcdGet32 (PcdSevEsWorkAreaBase
);
47 if ((SevEsWorkArea
!= NULL
) && (SevEsWorkArea
->EncryptionMask
!= 0)) {
49 // The MSR has been read before, so it is safe to read it again and avoid
50 // having to validate the CPUID information.
55 // Check if memory encryption leaf exist
57 AsmCpuid (CPUID_EXTENDED_FUNCTION
, &RegEax
, NULL
, NULL
, NULL
);
58 if (RegEax
>= CPUID_MEMORY_ENCRYPTION_INFO
) {
60 // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
62 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, &Eax
.Uint32
, NULL
, NULL
, NULL
);
64 if (Eax
.Bits
.SevBit
) {
72 // Check MSR_0xC0010131 Bit 0 (Sev Enabled)
74 Msr
.Uint32
= AsmReadMsr32 (MSR_SEV_STATUS
);
75 if (Msr
.Bits
.SevBit
) {
80 // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
82 if (Msr
.Bits
.SevEsBit
) {
87 mSevStatusChecked
= TRUE
;
91 Returns a boolean to indicate whether SEV-ES is enabled.
93 @retval TRUE SEV-ES is enabled
94 @retval FALSE SEV-ES is not enabled
98 MemEncryptSevEsIsEnabled (
102 if (!mSevStatusChecked
) {
103 InternalMemEncryptSevStatus ();
110 Returns a boolean to indicate whether SEV is enabled.
112 @retval TRUE SEV is enabled
113 @retval FALSE SEV is not enabled
117 MemEncryptSevIsEnabled (
121 if (!mSevStatusChecked
) {
122 InternalMemEncryptSevStatus ();
129 Returns the SEV encryption mask.
131 @return The SEV pagtable encryption mask
135 MemEncryptSevGetEncryptionMask (
139 if (!mSevEncryptionMaskSaved
) {
140 SEC_SEV_ES_WORK_AREA
*SevEsWorkArea
;
142 SevEsWorkArea
= (SEC_SEV_ES_WORK_AREA
*)FixedPcdGet32 (PcdSevEsWorkAreaBase
);
143 if (SevEsWorkArea
!= NULL
) {
144 mSevEncryptionMask
= SevEsWorkArea
->EncryptionMask
;
146 CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx
;
149 // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
151 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO
, NULL
, &Ebx
.Uint32
, NULL
, NULL
);
152 mSevEncryptionMask
= LShiftU64 (1, Ebx
.Bits
.PtePosBits
);
155 mSevEncryptionMaskSaved
= TRUE
;
158 return mSevEncryptionMask
;