// The package level header files this module uses\r
//\r
#include <Library/DebugLib.h>\r
+#include <Library/HobLib.h>\r
#include <Library/MemEncryptSevLib.h>\r
#include <Library/PcdLib.h>\r
#include <PiPei.h>\r
//\r
PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r
ASSERT_RETURN_ERROR (PcdStatus);\r
+\r
+ //\r
+ // When SMM is required, cover the pages containing the initial SMRAM Save\r
+ // State Map with a memory allocation HOB:\r
+ //\r
+ // There's going to be a time interval between our decrypting those pages for\r
+ // SMBASE relocation and re-encrypting the same pages after SMBASE\r
+ // relocation. We shall ensure that the DXE phase stay away from those pages\r
+ // until after re-encryption, in order to prevent an information leak to the\r
+ // hypervisor.\r
+ //\r
+ if (FeaturePcdGet (PcdSmmSmramRequire) && (mBootMode != BOOT_ON_S3_RESUME)) {\r
+ RETURN_STATUS LocateMapStatus;\r
+ UINTN MapPagesBase;\r
+ UINTN MapPagesCount;\r
+\r
+ LocateMapStatus = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
+ &MapPagesBase,\r
+ &MapPagesCount\r
+ );\r
+ ASSERT_RETURN_ERROR (LocateMapStatus);\r
+\r
+ BuildMemoryAllocationHob (\r
+ MapPagesBase, // BaseAddress\r
+ EFI_PAGES_TO_SIZE (MapPagesCount), // Length\r
+ EfiBootServicesData // MemoryType\r
+ );\r
+ }\r
}\r