BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
The early assembler code performs validation for some of the SEV-related
information, specifically the encryption bit position. To avoid having to
re-validate the encryption bit position as the system proceeds through its
boot phases, save the validated encryption bit position in the SEV-ES work
area for use by later phases.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <
2609724859cf21f0c6d45bc323e94465dca4e621.
1610045305.git.thomas.lendacky@amd.com>
UINT8 Reserved1[7];\r
\r
UINT64 RandomData;\r
+\r
+ UINT64 EncryptionMask;\r
} SEC_SEV_ES_WORK_AREA;\r
\r
/**\r
\r
; The encryption bit position is always above 31\r
sub ebx, 32\r
- jns SevExit\r
+ jns SevSaveMask\r
\r
; Encryption bit was reported as 31 or below, enter a HLT loop\r
SevEncBitLowHlt:\r
hlt\r
jmp SevEncBitLowHlt\r
\r
+SevSaveMask:\r
+ xor edx, edx\r
+ bts edx, ebx\r
+\r
+ mov dword[SEV_ES_WORK_AREA_ENC_MASK], 0\r
+ mov dword[SEV_ES_WORK_AREA_ENC_MASK + 4], edx\r
+ jmp SevExit\r
+\r
NoSev:\r
;\r
; Perform an SEV-ES sanity check by seeing if a #VC exception occurred.\r
%define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize))\r
%define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase))\r
%define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8)\r
+ %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16)\r
%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))\r
%include "Ia32/Flat32ToFlat64.asm"\r
%include "Ia32/PageTables64.asm"\r