OvmfPkg/SmmCpuFeaturesLib: SEV: encrypt+free pages of init. save state map

[mirror_edk2.git] / OvmfPkg / Library / SmmCpuFeaturesLib / SmmCpuFeaturesLib.c

diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
index a876a6e347515b45a904722fce4963e08e5f291f..59c319e01bfbc6440470fbfff093aec6b27c300c 100644 (file)
--- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
+++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
@@ -12,14 +12,14 @@
   WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
 **/\r
 \r
-#include <PiSmm.h>\r
-#include <Library/SmmCpuFeaturesLib.h>\r
 #include <Library/BaseLib.h>\r
 #include <Library/BaseMemoryLib.h>\r
-#include <Library/PcdLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/SmmServicesTableLib.h>\r
 #include <Library/DebugLib.h>\r
+#include <Library/MemEncryptSevLib.h>\r
+#include <Library/SmmCpuFeaturesLib.h>\r
+#include <Library/SmmServicesTableLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <PiSmm.h>\r
 #include <Register/QemuSmramSaveStateMap.h>\r
 \r
 //\r
@@ -187,6 +187,42 @@ SmmCpuFeaturesSmmRelocationComplete (
   VOID\r
   )\r
 {\r
+  EFI_STATUS Status;\r
+  UINTN      MapPagesBase;\r
+  UINTN      MapPagesCount;\r
+\r
+  if (!MemEncryptSevIsEnabled ()) {\r
+    return;\r
+  }\r
+\r
+  //\r
+  // Now that SMBASE relocation is complete, re-encrypt the original SMRAM save\r
+  // state map's container pages, and release the pages to DXE. (The pages were\r
+  // allocated in PlatformPei.)\r
+  //\r
+  Status = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
+             &MapPagesBase,\r
+             &MapPagesCount\r
+             );\r
+  ASSERT_EFI_ERROR (Status);\r
+\r
+  Status = MemEncryptSevSetPageEncMask (\r
+             0,             // Cr3BaseAddress -- use current CR3\r
+             MapPagesBase,  // BaseAddress\r
+             MapPagesCount, // NumPages\r
+             TRUE           // Flush\r
+             );\r
+  if (EFI_ERROR (Status)) {\r
+    DEBUG ((DEBUG_ERROR, "%a: MemEncryptSevSetPageEncMask(): %r\n",\r
+      __FUNCTION__, Status));\r
+    ASSERT (FALSE);\r
+    CpuDeadLoop ();\r
+  }\r
+\r
+  ZeroMem ((VOID *)MapPagesBase, EFI_PAGES_TO_SIZE (MapPagesCount));\r
+\r
+  Status = gBS->FreePages (MapPagesBase, MapPagesCount);\r
+  ASSERT_EFI_ERROR (Status);\r
 }\r
 \r
 /**\r
@@ -444,7 +480,7 @@ typedef struct {
 /// Table used by GetRegisterIndex() to convert an EFI_SMM_SAVE_STATE_REGISTER\r
 /// value to an index into a table of type CPU_SMM_SAVE_STATE_LOOKUP_ENTRY\r
 ///\r
-static CONST CPU_SMM_SAVE_STATE_REGISTER_RANGE mSmmCpuRegisterRanges[] = {\r
+STATIC CONST CPU_SMM_SAVE_STATE_REGISTER_RANGE mSmmCpuRegisterRanges[] = {\r
   SMM_REGISTER_RANGE (\r
     EFI_SMM_SAVE_STATE_REGISTER_GDTBASE,\r
     EFI_SMM_SAVE_STATE_REGISTER_LDTINFO\r
@@ -464,7 +500,7 @@ static CONST CPU_SMM_SAVE_STATE_REGISTER_RANGE mSmmCpuRegisterRanges[] = {
 /// Lookup table used to retrieve the widths and offsets associated with each\r
 /// supported EFI_SMM_SAVE_STATE_REGISTER value\r
 ///\r
-static CONST CPU_SMM_SAVE_STATE_LOOKUP_ENTRY mSmmCpuWidthOffset[] = {\r
+STATIC CONST CPU_SMM_SAVE_STATE_LOOKUP_ENTRY mSmmCpuWidthOffset[] = {\r
   {\r
     0,                                    // Width32\r
     0,                                    // Width64\r
@@ -833,7 +869,8 @@ static CONST CPU_SMM_SAVE_STATE_LOOKUP_ENTRY mSmmCpuWidthOffset[] = {
   @retval >0  Index into mSmmCpuWidthOffset[] associated with Register\r
 \r
 **/\r
-static UINTN\r
+STATIC\r
+UINTN\r
 GetRegisterIndex (\r
   IN EFI_SMM_SAVE_STATE_REGISTER  Register\r
   )\r
@@ -876,7 +913,8 @@ GetRegisterIndex (
   @retval EFI_INVALID_PARAMTER  This or Buffer is NULL.\r
 \r
 **/\r
-static EFI_STATUS\r
+STATIC\r
+EFI_STATUS\r
 ReadSaveStateRegisterByIndex (\r
   IN UINTN   CpuIndex,\r
   IN UINTN   RegisterIndex,\r