OvmfPkg/SmmCpuFeaturesLib: SEV: encrypt+free pages of init. save state map
authorLaszlo Ersek <lersek@redhat.com>
Thu, 1 Mar 2018 19:59:12 +0000 (20:59 +0100)
committerLaszlo Ersek <lersek@redhat.com>
Tue, 6 Mar 2018 12:30:35 +0000 (13:30 +0100)
Based on the following patch from Brijesh Singh <brijesh.singh@amd.com>:

  [PATCH v2 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State

Once PiSmmCpuDxeSmm relocates SMBASE for all VCPUs, the pages of the
initial SMRAM save state map can be re-encrypted (including zeroing them
out after setting the C-bit on them), and they can be released to DXE for
general use (undoing the allocation that we did in PlatformPei's
AmdSevInitialize() function).

The decryption of the same pages (which will occur chronologically
earlier) is implemented in the next patch; hence the "re-encryption" part
of this patch is currently a no-op. The series is structured like this in
order to be bisection-friendly. If the decryption patch preceded this
patch, then an info leak would be created while standing between the

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>

index 13d929a983be920b5dca888dcd87bf5594853800..59c319e01bfbc6440470fbfff093aec6b27c300c 100644 (file)
 #include <Library/BaseLib.h>\r
 #include <Library/BaseMemoryLib.h>\r
 #include <Library/DebugLib.h>\r
+#include <Library/MemEncryptSevLib.h>\r
 #include <Library/SmmCpuFeaturesLib.h>\r
 #include <Library/SmmServicesTableLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
 #include <PiSmm.h>\r
 #include <Register/QemuSmramSaveStateMap.h>\r
@@ -185,6 +187,42 @@ SmmCpuFeaturesSmmRelocationComplete (
+  EFI_STATUS Status;\r
+  UINTN      MapPagesBase;\r
+  UINTN      MapPagesCount;\r
+  if (!MemEncryptSevIsEnabled ()) {\r
+    return;\r
+  }\r
+  //\r
+  // Now that SMBASE relocation is complete, re-encrypt the original SMRAM save\r
+  // state map's container pages, and release the pages to DXE. (The pages were\r
+  // allocated in PlatformPei.)\r
+  //\r
+  Status = MemEncryptSevLocateInitialSmramSaveStateMapPages (\r
+             &MapPagesBase,\r
+             &MapPagesCount\r
+             );\r
+  ASSERT_EFI_ERROR (Status);\r
+  Status = MemEncryptSevSetPageEncMask (\r
+             0,             // Cr3BaseAddress -- use current CR3\r
+             MapPagesBase,  // BaseAddress\r
+             MapPagesCount, // NumPages\r
+             TRUE           // Flush\r
+             );\r
+  if (EFI_ERROR (Status)) {\r
+    DEBUG ((DEBUG_ERROR, "%a: MemEncryptSevSetPageEncMask(): %r\n",\r
+      __FUNCTION__, Status));\r
+    ASSERT (FALSE);\r
+    CpuDeadLoop ();\r
+  }\r
+  ZeroMem ((VOID *)MapPagesBase, EFI_PAGES_TO_SIZE (MapPagesCount));\r
+  Status = gBS->FreePages (MapPagesBase, MapPagesCount);\r
+  ASSERT_EFI_ERROR (Status);\r
index 5184abbf21bd1e88d0c7481e927c0c30e59bcb3e..7c2aaa890b5eecc1ef11ee9a9e985bd8221f6e02 100644 (file)
@@ -36,4 +36,6 @@
+  MemEncryptSevLib\r
+  UefiBootServicesTableLib\r