BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
The early assembler code performs validation for some of the SEV-related
information, specifically the encryption bit position. The new
MemEncryptSevGetEncryptionMask() interface provides access to this
validated value.
To ensure that we always use a validated encryption mask for an SEV-ES
guest, update all locations that use CPUID to calculate the encryption
mask to use the new interface.
Also, clean up some call areas where extra masking was being performed
and where a function call was being used instead of the local variable
that was just set using the function.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Julien Grall <julien@xen.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <
9de678c0d66443c6cc33e004a4cac0a0223c2ebc.
1610045305.git.thomas.lendacky@amd.com>
/**@file\r
Initialize Secure Encrypted Virtualization (SEV) support\r
\r
- Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>\r
+ Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
#include <Library/MemEncryptSevLib.h>\r
#include <Library/PcdLib.h>\r
#include <PiPei.h>\r
-#include <Register/Amd/Cpuid.h>\r
-#include <Register/Cpuid.h>\r
#include <Register/Intel/SmramSaveStateMap.h>\r
\r
#include "Platform.h"\r
VOID\r
)\r
{\r
- CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r
UINT64 EncryptionMask;\r
RETURN_STATUS PcdStatus;\r
\r
return;\r
}\r
\r
- //\r
- // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
- //\r
- AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
- EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
-\r
//\r
// Set Memory Encryption Mask PCD\r
//\r
+ EncryptionMask = MemEncryptSevGetEncryptionMask ();\r
PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r
ASSERT_RETURN_ERROR (PcdStatus);\r
\r
Virtual Memory Management Services to set or clear the memory encryption bit\r
\r
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
- Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
+ Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/CpuLib.h>\r
+#include <Library/MemEncryptSevLib.h>\r
#include <Register/Amd/Cpuid.h>\r
#include <Register/Cpuid.h>\r
\r
)\r
{\r
UINT64 EncryptionMask;\r
- CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r
\r
if (mAddressEncMaskChecked) {\r
return mAddressEncMask;\r
}\r
\r
- //\r
- // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
- //\r
- AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
- EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
+ EncryptionMask = MemEncryptSevGetEncryptionMask ();\r
\r
mAddressEncMask = EncryptionMask & PAGING_1G_ADDRESS_MASK_64;\r
mAddressEncMaskChecked = TRUE;\r
LevelSize[3] = SIZE_1GB;\r
LevelSize[4] = SIZE_512GB;\r
\r
- AddressEncMask = GetMemEncryptionAddressMask() &\r
- PAGING_1G_ADDRESS_MASK_64;\r
+ AddressEncMask = GetMemEncryptionAddressMask();\r
PageTable = (UINT64 *)(UINTN)PageTableBase;\r
PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE;\r
\r
\r
AddressEncMask = GetMemEncryptionAddressMask ();\r
ASSERT (PageDirectoryEntry != NULL);\r
- ASSERT (*PageEntry1G & GetMemEncryptionAddressMask ());\r
+ ASSERT (*PageEntry1G & AddressEncMask);\r
//\r
// Fill in 1G page entry.\r
//\r
/**@file\r
Initialize Secure Encrypted Virtualization (SEV) support\r
\r
- Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>\r
+ Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/PcdLib.h>\r
#include <PiPei.h>\r
-#include <Register/Amd/Cpuid.h>\r
#include <Register/Amd/Msr.h>\r
-#include <Register/Cpuid.h>\r
#include <Register/Intel/SmramSaveStateMap.h>\r
\r
#include "Platform.h"\r
VOID\r
)\r
{\r
- CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r
UINT64 EncryptionMask;\r
RETURN_STATUS PcdStatus;\r
\r
return;\r
}\r
\r
- //\r
- // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
- //\r
- AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
- EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
-\r
//\r
// Set Memory Encryption Mask PCD\r
//\r
+ EncryptionMask = MemEncryptSevGetEncryptionMask ();\r
PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r
ASSERT_RETURN_ERROR (PcdStatus);\r
\r
/**@file\r
Initialize Secure Encrypted Virtualization (SEV) support\r
\r
- Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>\r
+ Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>\r
Copyright (c) 2019, Citrix Systems, Inc.\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
#include <Library/MemEncryptSevLib.h>\r
#include <Library/PcdLib.h>\r
#include <PiPei.h>\r
-#include <Register/Amd/Cpuid.h>\r
-#include <Register/Cpuid.h>\r
\r
#include "Platform.h"\r
\r
VOID\r
)\r
{\r
- CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;\r
UINT64 EncryptionMask;\r
RETURN_STATUS PcdStatus;\r
\r
return;\r
}\r
\r
- //\r
- // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)\r
- //\r
- AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);\r
- EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);\r
-\r
//\r
// Set Memory Encryption Mask PCD\r
//\r
+ EncryptionMask = MemEncryptSevGetEncryptionMask ();\r
PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);\r
ASSERT_RETURN_ERROR (PcdStatus);\r
\r