#define _MEM_ENCRYPT_SEV_LIB_H_\r
\r
#include <Base.h>\r
+#include <WorkArea.h>\r
\r
//\r
-// Internal structure for holding SEV-ES information needed during SEC phase\r
-// and valid only during SEC phase and early PEI during platform\r
-// initialization.\r
+// Define the maximum number of #VCs allowed (e.g. the level of nesting\r
+// that is allowed => 2 allows for 1 nested #VCs). I this value is changed,\r
+// be sure to increase the size of\r
+// gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize\r
+// in any FDF file using this PCD.\r
//\r
-// This structure is also used by assembler files:\r
-// OvmfPkg/ResetVector/ResetVector.nasmb\r
-// OvmfPkg/ResetVector/Ia32/PageTables64.asm\r
-// any changes must stay in sync with its usage.\r
+#define VMGEXIT_MAXIMUM_VC_COUNT 2\r
+\r
+//\r
+// Per-CPU data mapping structure\r
+// Use UINT32 for cached indicators and compare to a specific value\r
+// so that the hypervisor can't indicate a value is cached by just\r
+// writing random data to that area.\r
//\r
-typedef struct _SEC_SEV_ES_WORK_AREA {\r
- UINT8 SevEsEnabled;\r
-} SEC_SEV_ES_WORK_AREA;\r
+typedef struct {\r
+ UINT32 Dr7Cached;\r
+ UINT64 Dr7;\r
+\r
+ UINTN VcCount;\r
+ VOID *GhcbBackupPages;\r
+} SEV_ES_PER_CPU_DATA;\r
+\r
+//\r
+// Memory encryption address range states.\r
+//\r
+typedef enum {\r
+ MemEncryptSevAddressRangeUnencrypted,\r
+ MemEncryptSevAddressRangeEncrypted,\r
+ MemEncryptSevAddressRangeMixed,\r
+ MemEncryptSevAddressRangeError,\r
+} MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;\r
+\r
+/**\r
+ Returns a boolean to indicate whether SEV-SNP is enabled\r
+\r
+ @retval TRUE SEV-SNP is enabled\r
+ @retval FALSE SEV-SNP is not enabled\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+MemEncryptSevSnpIsEnabled (\r
+ VOID\r
+ );\r
\r
/**\r
Returns a boolean to indicate whether SEV-ES is enabled.\r
address of a memory region.\r
@param[in] NumPages The number of pages from start memory\r
region.\r
- @param[in] Flush Flush the caches before clearing the bit\r
- (mostly TRUE except MMIO addresses)\r
\r
@retval RETURN_SUCCESS The attributes were cleared for the\r
memory region.\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevClearPageEncMask (\r
- IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
- IN PHYSICAL_ADDRESS BaseAddress,\r
- IN UINTN NumPages,\r
- IN BOOLEAN Flush\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN NumPages\r
);\r
\r
/**\r
address of a memory region.\r
@param[in] NumPages The number of pages from start memory\r
region.\r
- @param[in] Flush Flush the caches before setting the bit\r
- (mostly TRUE except MMIO addresses)\r
\r
@retval RETURN_SUCCESS The attributes were set for the memory\r
region.\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevSetPageEncMask (\r
- IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
- IN PHYSICAL_ADDRESS BaseAddress,\r
- IN UINTN NumPages,\r
- IN BOOLEAN Flush\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN NumPages\r
);\r
\r
-\r
/**\r
Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM\r
Save State Map.\r
RETURN_STATUS\r
EFIAPI\r
MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
- OUT UINTN *BaseAddress,\r
- OUT UINTN *NumberOfPages\r
+ OUT UINTN *BaseAddress,\r
+ OUT UINTN *NumberOfPages\r
+ );\r
+\r
+/**\r
+ Returns the SEV encryption mask.\r
+\r
+ @return The SEV pagetable encryption mask\r
+**/\r
+UINT64\r
+EFIAPI\r
+MemEncryptSevGetEncryptionMask (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Returns the encryption state of the specified virtual address range.\r
+\r
+ @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
+ current CR3)\r
+ @param[in] BaseAddress Base address to check\r
+ @param[in] Length Length of virtual address range\r
+\r
+ @retval MemEncryptSevAddressRangeUnencrypted Address range is mapped\r
+ unencrypted\r
+ @retval MemEncryptSevAddressRangeEncrypted Address range is mapped\r
+ encrypted\r
+ @retval MemEncryptSevAddressRangeMixed Address range is mapped mixed\r
+ @retval MemEncryptSevAddressRangeError Address range is not mapped\r
+**/\r
+MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE\r
+EFIAPI\r
+MemEncryptSevGetAddressRangeState (\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN Length\r
+ );\r
+\r
+/**\r
+ This function clears memory encryption bit for the MMIO region specified by\r
+ BaseAddress and NumPages.\r
+\r
+ @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use\r
+ current CR3)\r
+ @param[in] BaseAddress The physical address that is the start\r
+ address of a MMIO region.\r
+ @param[in] NumPages The number of pages from start memory\r
+ region.\r
+\r
+ @retval RETURN_SUCCESS The attributes were cleared for the\r
+ memory region.\r
+ @retval RETURN_INVALID_PARAMETER Number of pages is zero.\r
+ @retval RETURN_UNSUPPORTED Clearing the memory encryption attribute\r
+ is not supported\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+MemEncryptSevClearMmioPageEncMask (\r
+ IN PHYSICAL_ADDRESS Cr3BaseAddress,\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN NumPages\r
+ );\r
+\r
+/**\r
+ Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.\r
+\r
+ @param[in] BaseAddress Base address\r
+ @param[in] NumPages Number of pages starting from the base address\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+MemEncryptSevSnpPreValidateSystemRam (\r
+ IN PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINTN NumPages\r
);\r
+\r
#endif // _MEM_ENCRYPT_SEV_LIB_H_\r
projects / mirror_edk2.git / blobdiff