PHYSICAL_ADDRESS GhcbBasePa;\r
UINTN GhcbPageCount, PageCount;\r
RETURN_STATUS PcdStatus, DecryptStatus;\r
+ IA32_DESCRIPTOR Gdtr;\r
+ VOID *Gdt;\r
\r
if (!MemEncryptSevEsIsEnabled ()) {\r
return;\r
(UINT64)GhcbPageCount, GhcbBase));\r
\r
AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);\r
+\r
+ //\r
+ // The SEV support will clear the C-bit from non-RAM areas. The early GDT\r
+ // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT\r
+ // will be read as un-encrypted even though it was created before the C-bit\r
+ // was cleared (encrypted). This will result in a failure to be able to\r
+ // handle the exception.\r
+ //\r
+ AsmReadGdtr (&Gdtr);\r
+\r
+ Gdt = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN) Gdtr.Limit + 1));\r
+ ASSERT (Gdt != NULL);\r
+\r
+ CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1);\r
+ Gdtr.Base = (UINTN) Gdt;\r
+ AsmWriteGdtr (&Gdtr);\r
}\r
\r
/**\r