OvmfPkg/PlatformPei: SEV: allocate pages of initial SMRAM save state map

[mirror_edk2.git] / OvmfPkg / PlatformPei / AmdSev.c

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 1509f260fb0bf74368aeaef462b17a3bbf33ea02..2e14eaf8c3cc3102551307e0215b3545bf1b55e3 100644 (file)
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -16,6 +16,7 @@
 // The package level header files this module uses\r
 //\r
 #include <Library/DebugLib.h>\r
+#include <Library/HobLib.h>\r
 #include <Library/MemEncryptSevLib.h>\r
 #include <Library/PcdLib.h>\r
 #include <PiPei.h>\r
@@ -66,4 +67,32 @@ AmdSevInitialize (
   //\r
   PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r
   ASSERT_RETURN_ERROR (PcdStatus);\r
+\r
+  //\r
+  // When SMM is required, cover the pages containing the initial SMRAM Save\r
+  // State Map with a memory allocation HOB:\r
+  //\r
+  // There's going to be a time interval between our decrypting those pages for\r
+  // SMBASE relocation and re-encrypting the same pages after SMBASE\r
+  // relocation. We shall ensure that the DXE phase stay away from those pages\r
+  // until after re-encryption, in order to prevent an information leak to the\r
+  // hypervisor.\r
+  //\r
+  if (FeaturePcdGet (PcdSmmSmramRequire) && (mBootMode != BOOT_ON_S3_RESUME)) {\r
+    RETURN_STATUS LocateMapStatus;\r
+    UINTN         MapPagesBase;\r
+    UINTN         MapPagesCount;\r
+\r
+    LocateMapStatus = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
+                        &MapPagesBase,\r
+                        &MapPagesCount\r
+                        );\r
+    ASSERT_RETURN_ERROR (LocateMapStatus);\r
+\r
+    BuildMemoryAllocationHob (\r
+      MapPagesBase,                      // BaseAddress\r
+      EFI_PAGES_TO_SIZE (MapPagesCount), // Length\r
+      EfiBootServicesData                // MemoryType\r
+      );\r
+  }\r
 }\r