]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 13b5d74)
OvmfPkg: Add AmdSevDxe driver
authorBrijesh Singh <brijesh.singh@amd.com>
Thu, 6 Jul 2017 13:26:45 +0000 (09:26 -0400)
committerJordan Justen <jordan.l.justen@intel.com>
Tue, 11 Jul 2017 04:17:27 +0000 (21:17 -0700)
When SEV is enabled, the MMIO memory range must be mapped as unencrypted
(i.e C-bit cleared).

We need to clear the C-bit for MMIO GCD entries in order to cover the
ranges that were added during the PEI phase (through memory resource
descriptor HOBs). Additionally, the NonExistent ranges are processed
in order to cover, in advance, MMIO ranges added later in the DXE phase
by various device drivers, via the appropriate DXE memory space services.

The approach is not transparent for later addition of system memory ranges
to the GCD memory space map. (Such ranges should be encrypted.) OVMF does
not do such a thing at the moment, so this approach should be OK.

The driver is being added to the APRIORI DXE file so that, we clear the
C-bit from MMIO regions before any driver accesses it.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leo Duran <leo.duran@amd.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jordan Justen <jordan.l.justen@intel.com>
OvmfPkg/AmdSevDxe/AmdSevDxe.c [new file with mode: 0644] patch | blob
OvmfPkg/AmdSevDxe/AmdSevDxe.inf [new file with mode: 0644] patch | blob
OvmfPkg/OvmfPkgIa32X64.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgIa32X64.fdf patch | blob | blame | history
OvmfPkg/OvmfPkgX64.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgX64.fdf patch | blob | blame | history

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
new file mode 100644 (file)
index 0000000..e472096
--- /dev/null
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -0,0 +1,75 @@
+/** @file\r
+\r
+  AMD Sev Dxe driver. This driver is dispatched early in DXE, due to being list\r
+  in APRIORI. It clears C-bit from MMIO and NonExistent Memory space when SEV is\r
+  enabled.\r
+\r
+  Copyright (c) 2017, AMD Inc. All rights reserved.<BR>\r
+\r
+  This program and the accompanying materials\r
+  are licensed and made available under the terms and conditions of the BSD\r
+  License which accompanies this distribution.  The full text of the license may\r
+  be found at http://opensource.org/licenses/bsd-license.php\r
+\r
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/DxeServicesTableLib.h>\r
+#include <Library/MemEncryptSevLib.h>\r
+\r
+EFI_STATUS\r
+EFIAPI\r
+AmdSevDxeEntryPoint (\r
+  IN EFI_HANDLE         ImageHandle,\r
+  IN EFI_SYSTEM_TABLE   *SystemTable\r
+  )\r
+{\r
+  EFI_STATUS                       Status;\r
+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *AllDescMap;\r
+  UINTN                            NumEntries;\r
+  UINTN                            Index;\r
+\r
+  //\r
+  // Do nothing when SEV is not enabled\r
+  //\r
+  if (!MemEncryptSevIsEnabled ()) {\r
+    return EFI_UNSUPPORTED;\r
+  }\r
+\r
+  //\r
+  // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent\r
+  // memory space. The NonExistent memory space will be used for mapping the MMIO\r
+  // space added later (eg PciRootBridge). By clearing both known MMIO and\r
+  // NonExistent memory space can gurantee that current and furture MMIO adds\r
+  // will have C-bit cleared.\r
+  //\r
+  Status = gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap);\r
+  if (!EFI_ERROR (Status)) {\r
+    for (Index = 0; Index < NumEntries; Index++) {\r
+      CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;\r
+\r
+      Desc = &AllDescMap[Index];\r
+      if (Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo ||\r
+          Desc->GcdMemoryType == EfiGcdMemoryTypeNonExistent) {\r
+        Status = MemEncryptSevClearPageEncMask (0,\r
+                                                Desc->BaseAddress,\r
+                                                EFI_SIZE_TO_PAGES(Desc->Length),\r
+                                                FALSE);\r
+        ASSERT_EFI_ERROR (Status);\r
+      }\r
+    }\r
+\r
+    FreePool (AllDescMap);\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+}\r
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
new file mode 100644 (file)
index 0000000..41635a5
--- /dev/null
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -0,0 +1,43 @@
+#/** @file\r
+#\r
+#  Driver clears the encryption attribute from MMIO regions when SEV is enabled\r
+#\r
+#  Copyright (c) 2017, AMD Inc. All rights reserved.<BR>\r
+#\r
+#  This program and the accompanying materials\r
+#  are licensed and made available under the terms and conditions of the BSD\r
+#  License which accompanies this distribution.  The full text of the license may\r
+#  be found at http://opensource.org/licenses/bsd-license.php\r
+#\r
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+#**/\r
+\r
+[Defines]\r
+  INF_VERSION                    = 1.25\r
+  BASE_NAME                      = AmdSevDxe\r
+  FILE_GUID                      = 2ec9da37-ee35-4de9-86c5-6d9a81dc38a7\r
+  MODULE_TYPE                    = DXE_DRIVER\r
+  VERSION_STRING                 = 1.0\r
+  ENTRY_POINT                    = AmdSevDxeEntryPoint\r
+\r
+[Sources]\r
+  AmdSevDxe.c\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  MdeModulePkg/MdeModulePkg.dec\r
+  OvmfPkg/OvmfPkg.dec\r
+\r
+[LibraryClasses]\r
+  BaseLib\r
+  UefiLib\r
+  UefiDriverEntryPoint\r
+  UefiBootServicesTableLib\r
+  DxeServicesTableLib\r
+  DebugLib\r
+  MemEncryptSevLib\r
+\r
+[Depex]\r
+  TRUE\r
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index edacd655d147a9850c0c4b57189b1ba829e5c147..b3a22c726b9294a426cca73f6fac87321547e07e 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -825,6 +825,7 @@
 !endif\r
 \r
   OvmfPkg/PlatformDxe/Platform.inf\r
 !endif\r
 \r
   OvmfPkg/PlatformDxe/Platform.inf\r
+  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
   OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
   OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index fae82709aee1ff100af93324f7f11615c193f99a..5cec9982dbe18ec1a58898add4c892488c6b054b 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -191,6 +191,7 @@ READ_LOCK_STATUS   = TRUE
 APRIORI DXE {\r
   INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
   INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf\r
 APRIORI DXE {\r
   INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
   INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf\r
+  INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
 !if $(SMM_REQUIRE) == FALSE\r
   INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
 !endif\r
 !if $(SMM_REQUIRE) == FALSE\r
   INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
 !endif\r
@@ -352,6 +353,7 @@ INF  RuleOverride=CSM OvmfPkg/Csm/Csm16/Csm16.inf
 INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf\r
 INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf\r
 INF  OvmfPkg/PlatformDxe/Platform.inf\r
 INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf\r
 INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf\r
 INF  OvmfPkg/PlatformDxe/Platform.inf\r
+INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
 INF  OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
 INF  OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 93933612a3c75afbfaf19b32afbffa1dc06365ac..aba4d907b5677bdcb74d270c4d8e8fbba33b78c3 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -823,6 +823,7 @@
 !endif\r
 \r
   OvmfPkg/PlatformDxe/Platform.inf\r
 !endif\r
 \r
   OvmfPkg/PlatformDxe/Platform.inf\r
+  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
   OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
   OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 4da0b19b94cfb40cfa4830187c748f72feff5a14..213db6bedbe271a5a256884c553014492a80ada6 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -191,6 +191,7 @@ READ_LOCK_STATUS   = TRUE
 APRIORI DXE {\r
   INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
   INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf\r
 APRIORI DXE {\r
   INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
   INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf\r
+  INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
 !if $(SMM_REQUIRE) == FALSE\r
   INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
 !endif\r
 !if $(SMM_REQUIRE) == FALSE\r
   INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
 !endif\r
@@ -352,6 +353,7 @@ INF  RuleOverride=CSM OvmfPkg/Csm/Csm16/Csm16.inf
 INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf\r
 INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf\r
 INF  OvmfPkg/PlatformDxe/Platform.inf\r
 INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf\r
 INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf\r
 INF  OvmfPkg/PlatformDxe/Platform.inf\r
+INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
 INF  OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
 \r
 !if $(SMM_REQUIRE) == TRUE\r
 INF  OvmfPkg/SmmAccess/SmmAccess2Dxe.inf\r
EFI Development Kit II mirror for PVE