MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe: Add support for PCD PcdPteMemoryEn...

This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

This module updates the under-4GB page tables configured by the S3-Resume
code in UefiCpuPkg/Universal/Acpi/S3Resume2Pei. The mask is saved at module
start (ScriptExecute.c), and applied when tables are expanded on-demand by
page-faults above 4GB's (SetIdtEntry.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
index 7cd38cf02939b525e5788d899ef090a7fe276444..29af7f55ec59aa6958f1cfaf6f3cd6cfdc6f662c 100644 (file)
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -5,6 +5,7 @@
 # depends on any PEI or DXE service.\r
 #\r
 # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
 #\r
 # This program and the accompanying materials are\r
 # licensed and made available under the terms and conditions of the BSD License\r
@@ -85,6 +86,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask   ## CONSUMES\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable                ## CONSUMES\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES\r
 \r
 [Depex]\r
   gEfiLockBoxProtocolGuid\r

diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
index f67fbca8229b5b6d6e5e781899e766d432d51962..22d434914befa9c96700791af381fda4276ee1d2 100644 (file)
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
@@ -5,6 +5,7 @@
   in the entry point. The functionality is to interpret and restore the S3 boot script\r
 \r
 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
 \r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
@@ -23,6 +24,7 @@ EFI_GUID              mBootScriptExecutorImageGuid = {
 };\r
 \r
 BOOLEAN               mPage1GSupport = FALSE;\r
+UINT64                mAddressEncMask = 0;\r
 \r
 /**\r
   Entry function of Boot script exector. This function will be executed in\r
@@ -407,6 +409,11 @@ BootScriptExecutorEntryPoint (
     return EFI_UNSUPPORTED;\r
   }\r
 \r
+  //\r
+  // Make sure AddressEncMask is contained to smallest supported address field.\r
+  //\r
+  mAddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;\r
+\r
   //\r
   // Test if the gEfiCallerIdGuid of this image is already installed. if not, the entry\r
   // point is loaded by DXE code which is the first time loaded. or else, it is already\r

diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
index 772347a57e4a236a9a5fe4f023371b41f102d73a..75327569d75266e3d759ffaae6304c770d229499 100644 (file)
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
@@ -5,6 +5,7 @@
   in the entry point. The functionality is to interpret and restore the S3 boot script \r
   \r
 Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
 \r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
@@ -44,6 +45,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 \r
 #include <Protocol/DxeSmmReadyToLock.h>\r
 #include <IndustryStandard/Acpi.h>\r
+\r
+#define PAGING_1G_ADDRESS_MASK_64  0x000FFFFFC0000000ull\r
+\r
 /**\r
   a ASM function to transfer control to OS.\r
   \r
@@ -87,5 +91,6 @@ SetIdtEntry (
 extern UINT32 AsmFixAddress16;\r
 extern UINT32 AsmJmpAddr32;\r
 extern BOOLEAN mPage1GSupport;\r
+extern UINT64 mAddressEncMask;\r
 \r
 #endif //_BOOT_SCRIPT_EXECUTOR_H_\r

diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
index 66745605971223110f9f2189425ff821e51b537c..d433cf128ccff9f89cdb9474ee285a875c2fb035 100644 (file)
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
@@ -4,6 +4,8 @@
   Set a IDT entry for interrupt vector 3 for debug purpose for x64 platform\r
 \r
 Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
+\r
 \r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
@@ -200,14 +202,15 @@ AcquirePage (
   //\r
   // Cut the previous uplink if it exists and wasn't overwritten.\r
   //\r
-  if ((mPageFaultUplink[mPageFaultIndex] != NULL) && ((*mPageFaultUplink[mPageFaultIndex] & mPhyMask) == Address)) {\r
+  if ((mPageFaultUplink[mPageFaultIndex] != NULL) &&\r
+     ((*mPageFaultUplink[mPageFaultIndex] & ~mAddressEncMask & mPhyMask) == Address)) {\r
     *mPageFaultUplink[mPageFaultIndex] = 0;\r
   }\r
 \r
   //\r
   // Link & Record the current uplink.\r
   //\r
-  *Uplink = Address | IA32_PG_P | IA32_PG_RW;\r
+  *Uplink = Address | mAddressEncMask | IA32_PG_P | IA32_PG_RW;\r
   mPageFaultUplink[mPageFaultIndex] = Uplink;\r
 \r
   mPageFaultIndex = (mPageFaultIndex + 1) % EXTRA_PAGE_TABLE_PAGES;\r
@@ -245,19 +248,19 @@ PageFaultHandler (
   if ((PageTable[PTIndex] & IA32_PG_P) == 0) {\r
     AcquirePage (&PageTable[PTIndex]);\r
   }\r
-  PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & mPhyMask);\r
+  PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & ~mAddressEncMask & mPhyMask);\r
   PTIndex = BitFieldRead64 (PFAddress, 30, 38);\r
   // PDPTE\r
   if (mPage1GSupport) {\r
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;\r
+    PageTable[PTIndex] = ((PFAddress | mAddressEncMask) & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;\r
   } else {\r
     if ((PageTable[PTIndex] & IA32_PG_P) == 0) {\r
       AcquirePage (&PageTable[PTIndex]);\r
     }\r
-    PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & mPhyMask);\r
+    PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & ~mAddressEncMask & mPhyMask);\r
     PTIndex = BitFieldRead64 (PFAddress, 21, 29);\r
     // PD\r
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;\r
+    PageTable[PTIndex] = ((PFAddress | mAddressEncMask) & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;\r
   }\r
 \r
   return TRUE;\r