OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Restore C-bit when SEV is active
authorBrijesh Singh <brijesh.singh@amd.com>
Fri, 6 Jul 2018 15:00:42 +0000 (10:00 -0500)
committerLaszlo Ersek <lersek@redhat.com>
Fri, 6 Jul 2018 18:08:24 +0000 (20:08 +0200)
AmdSevDxe maps the flash memory range with C=0, but
SetMemorySpaceAttributes() unconditionally resets the C-bit to '1'. Lets
restore the mapping back to C=0.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Julien Grall <julien.grall@linaro.org>
Cc: Justen Jordan L <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c

index d7b4ec0..86b244a 100644 (file)
@@ -53,6 +53,7 @@
   DebugLib\r
   DevicePathLib\r
   DxeServicesTableLib\r
+  MemEncryptSevLib\r
   MemoryAllocationLib\r
   PcdLib\r
   UefiBootServicesTableLib\r
index 37deece..1fbe134 100644 (file)
@@ -18,6 +18,7 @@
 #include <Library/DebugLib.h>\r
 #include <Library/DevicePathLib.h>\r
 #include <Library/DxeServicesTableLib.h>\r
+#include <Library/MemEncryptSevLib.h>\r
 #include <Library/PcdLib.h>\r
 #include <Library/UefiBootServicesTableLib.h>\r
 #include <Library/UefiRuntimeLib.h>\r
@@ -203,5 +204,21 @@ MarkIoMemoryRangeForRuntimeAccess (
                   );\r
   ASSERT_EFI_ERROR (Status);\r
 \r
+  //\r
+  // When SEV is active, AmdSevDxe mapped the BaseAddress with C=0 but\r
+  // SetMemorySpaceAttributes() remaps the range with C=1. Let's restore\r
+  // the mapping so that both guest and hyervisor can access the flash\r
+  // memory range.\r
+  //\r
+  if (MemEncryptSevIsEnabled ()) {\r
+    Status = MemEncryptSevClearPageEncMask (\r
+               0,\r
+               BaseAddress,\r
+               EFI_SIZE_TO_PAGES (Length),\r
+               FALSE\r
+               );\r
+    ASSERT_EFI_ERROR (Status);\r
+  }\r
+\r
   return Status;\r
 }\r