OvmfPkg/XenPlatformPei/AmdSev.c

   1 /**@file
   2   Initialize Secure Encrypted Virtualization (SEV) support
   3
   4   Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>
   5   Copyright (c) 2019, Citrix Systems, Inc.
   6
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10 //
  11 // The package level header files this module uses
  12 //
  13 #include <Library/DebugLib.h>
  14 #include <Library/MemEncryptSevLib.h>
  15 #include <Library/PcdLib.h>
  16 #include <PiPei.h>
  17
  18 #include "Platform.h"
  19
  20 /**
  21
  22   Function checks if SEV support is available, if present then it sets
  23   the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption mask.
  24
  25   **/
  26 VOID
  27 AmdSevInitialize (
  28   VOID
  29   )
  30 {
  31   UINT64         EncryptionMask;
  32   RETURN_STATUS  PcdStatus;
  33
  34   //
  35   // Check if SEV is enabled
  36   //
  37   if (!MemEncryptSevIsEnabled ()) {
  38     return;
  39   }
  40
  41   //
  42   // Set Memory Encryption Mask PCD
  43   //
  44   EncryptionMask = MemEncryptSevGetEncryptionMask ();
  45   PcdStatus      = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);
  46   ASSERT_RETURN_ERROR (PcdStatus);
  47
  48   DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
  49
  50   //
  51   // Set Pcd to Deny the execution of option ROM when security
  52   // violation.
  53   //
  54   PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
  55   ASSERT_RETURN_ERROR (PcdStatus);
  56 }