bt eax, 0\r
jnc NoSev\r
\r
+ ; Set the work area header to indicate that the SEV is enabled\r
+ mov byte[WORK_AREA_GUEST_TYPE], 1\r
+\r
; Check for SEV-ES memory encryption feature:\r
; CPUID Fn8000_001F[EAX] - Bit 3\r
; CPUID raises a #VC exception if running as an SEV-ES guest\r
IsSevEsEnabled:\r
xor eax, eax\r
\r
+ ; During CheckSevFeatures, the WORK_AREA_GUEST_TYPE is set\r
+ ; to 1 if SEV is enabled.\r
+ cmp byte[WORK_AREA_GUEST_TYPE], 1\r
+ jne SevEsDisabled\r
+\r
; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if\r
; SEV-ES is enabled.\r
cmp byte[SEV_ES_WORK_AREA], 1\r
;\r
SetCr3ForPageTables64:\r
\r
+ ; Clear the WorkArea header. The SEV probe routines will populate the\r
+ ; work area when detected.\r
+ mov byte[WORK_AREA_GUEST_TYPE], 0\r
+\r
OneTimeCall CheckSevFeatures\r
xor edx, edx\r
test eax, eax\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase\r
\r
[FixedPcd]\r
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase\r
%define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase))\r
%define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase))\r
%define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize))\r
+ %define WORK_AREA_GUEST_TYPE (FixedPcdGet32 (PcdOvmfWorkAreaBase))\r
%define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase))\r
%define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 8)\r
%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16)\r
Ghcb->GhcbUsage = GHCB_STANDARD_USAGE;\r
}\r
\r
+/**\r
+ Determine if the SEV is active.\r
+\r
+ During the early booting, GuestType is set in the work area. Verify that it\r
+ is an SEV guest.\r
+\r
+ @retval TRUE SEV is enabled\r
+ @retval FALSE SEV is not enabled\r
+\r
+**/\r
+STATIC\r
+BOOLEAN\r
+IsSevGuest (\r
+ VOID\r
+ )\r
+{\r
+ OVMF_WORK_AREA *WorkArea;\r
+\r
+ //\r
+ // Ensure that the size of the Confidential Computing work area header\r
+ // is same as what is provided through a fixed PCD.\r
+ //\r
+ ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) ==\r
+ sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER));\r
+\r
+ WorkArea = (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);\r
+\r
+ return ((WorkArea != NULL) && (WorkArea->Header.GuestType == GUEST_TYPE_AMD_SEV));\r
+}\r
+\r
/**\r
Determine if SEV-ES is active.\r
\r
{\r
SEC_SEV_ES_WORK_AREA *SevEsWorkArea;\r
\r
+ if (!IsSevGuest()) {\r
+ return FALSE;\r
+ }\r
+\r
SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);\r
\r
- return ((SevEsWorkArea != NULL) && (SevEsWorkArea->SevEsEnabled != 0));\r
+ return (SevEsWorkArea->SevEsEnabled != 0);\r
}\r
\r
VOID\r
gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd\r
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase\r
\r
[FeaturePcd]\r
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire\r