OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

Create a function that can be used to determine if the VM is running
as an SEV-ES guest.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index 64dd6977b0f840c4545e69e0c7328b6d905ea11c..fc70b0114354cf7b1d33313f01663485da643c1f 100644 (file)
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -13,6 +13,18 @@
 \r
 #include <Base.h>\r
 \r
+/**\r
+  Returns a boolean to indicate whether SEV-ES is enabled.\r
+\r
+  @retval TRUE           SEV-ES is enabled\r
+  @retval FALSE          SEV-ES is not enabled\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+MemEncryptSevEsIsEnabled (\r
+  VOID\r
+  );\r
+\r
 /**\r
   Returns a boolean to indicate whether SEV is enabled\r
 \r

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
index 96a66e373f110a362989f29e5547800b7063f2ed..02b8eb225d8125fe922fb4a321a81f1ff4996da5 100644 (file)
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
@@ -20,19 +20,17 @@
 #include <Uefi/UefiBaseType.h>\r
 \r
 STATIC BOOLEAN mSevStatus = FALSE;\r
+STATIC BOOLEAN mSevEsStatus = FALSE;\r
 STATIC BOOLEAN mSevStatusChecked = FALSE;\r
 \r
 /**\r
+  Reads and sets the status of SEV features.\r
 \r
-  Returns a boolean to indicate whether SEV is enabled\r
-\r
-  @retval TRUE           SEV is enabled\r
-  @retval FALSE          SEV is not enabled\r
   **/\r
 STATIC\r
-BOOLEAN\r
+VOID\r
 EFIAPI\r
-InternalMemEncryptSevIsEnabled (\r
+InternalMemEncryptSevStatus (\r
   VOID\r
   )\r
 {\r
@@ -56,16 +54,42 @@ InternalMemEncryptSevIsEnabled (
       //\r
       Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);\r
       if (Msr.Bits.SevBit) {\r
-        return TRUE;\r
+        mSevStatus = TRUE;\r
+      }\r
+\r
+      //\r
+      // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)\r
+      //\r
+      if (Msr.Bits.SevEsBit) {\r
+        mSevEsStatus = TRUE;\r
       }\r
     }\r
   }\r
 \r
-  return FALSE;\r
+  mSevStatusChecked = TRUE;\r
 }\r
 \r
 /**\r
-  Returns a boolean to indicate whether SEV is enabled\r
+  Returns a boolean to indicate whether SEV-ES is enabled.\r
+\r
+  @retval TRUE           SEV-ES is enabled\r
+  @retval FALSE          SEV-ES is not enabled\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+MemEncryptSevEsIsEnabled (\r
+  VOID\r
+  )\r
+{\r
+  if (!mSevStatusChecked) {\r
+    InternalMemEncryptSevStatus ();\r
+  }\r
+\r
+  return mSevEsStatus;\r
+}\r
+\r
+/**\r
+  Returns a boolean to indicate whether SEV is enabled.\r
 \r
   @retval TRUE           SEV is enabled\r
   @retval FALSE          SEV is not enabled\r
@@ -76,13 +100,10 @@ MemEncryptSevIsEnabled (
   VOID\r
   )\r
 {\r
-  if (mSevStatusChecked) {\r
-    return mSevStatus;\r
+  if (!mSevStatusChecked) {\r
+    InternalMemEncryptSevStatus ();\r
   }\r
 \r
-  mSevStatus = InternalMemEncryptSevIsEnabled();\r
-  mSevStatusChecked = TRUE;\r
-\r
   return mSevStatus;\r
 }\r
 \r