gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONSUMES\r
gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOMETIMES_CONSUMES\r
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## CONSUMES\r
- gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONSUMES\r
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES\r
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES\r
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES\r
+ gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES\r
EFI_PHYSICAL_ADDRESS StartAddress;\r
EFI_MEMORY_TYPE MemoryType;\r
\r
- if (PcdGetBool (PcdSevEsIsEnabled)) {\r
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {\r
MemoryType = EfiReservedMemoryType;\r
} else {\r
MemoryType = EfiBootServicesData;\r
// LagacyBios driver depends on CPU Arch protocol which guarantees below\r
// allocation runs earlier than LegacyBios driver.\r
//\r
- if (PcdGetBool (PcdSevEsIsEnabled)) {\r
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {\r
//\r
// SEV-ES Wakeup buffer should be under 0x88000 and under any previous one\r
//\r
ASSERT_EFI_ERROR (Status);\r
if (EFI_ERROR (Status)) {\r
StartAddress = (EFI_PHYSICAL_ADDRESS)-1;\r
- } else if (PcdGetBool (PcdSevEsIsEnabled)) {\r
+ } else if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {\r
//\r
// Next SEV-ES wakeup buffer allocation must be below this allocation\r
//\r
ApLoopMode = ApInHltLoop;\r
}\r
\r
- if (PcdGetBool (PcdSevEsIsEnabled)) {\r
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {\r
//\r
// For SEV-ES, force AP in Hlt-loop mode in order to use the GHCB\r
// protocol for starting APs\r
// The AP reset stack is only used by SEV-ES guests. Do not allocate it\r
// if SEV-ES is not enabled.\r
//\r
- if (PcdGetBool (PcdSevEsIsEnabled)) {\r
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {\r
//\r
// Stack location is based on ProcessorNumber, so use the total number\r
// of processors for calculating the total stack area.\r
CpuMpData->CpuData = (CPU_AP_DATA *)(CpuMpData + 1);\r
CpuMpData->CpuInfoInHob = (UINT64)(UINTN)(CpuMpData->CpuData + MaxLogicalProcessorNumber);\r
InitializeSpinLock (&CpuMpData->MpLock);\r
- CpuMpData->SevEsIsEnabled = PcdGetBool (PcdSevEsIsEnabled);\r
+ CpuMpData->SevEsIsEnabled = ConfidentialComputingGuestHas (CCAttrAmdSevEs);\r
CpuMpData->SevEsAPBuffer = (UINTN)-1;\r
CpuMpData->GhcbBase = PcdGet64 (PcdGhcbBase);\r
\r
NULL\r
);\r
}\r
+\r
+/**\r
+ The function check if the specified Attr is set.\r
+\r
+ @param[in] CurrentAttr The current attribute.\r
+ @param[in] Attr The attribute to check.\r
+\r
+ @retval TRUE The specified Attr is set.\r
+ @retval FALSE The specified Attr is not set.\r
+\r
+**/\r
+STATIC\r
+BOOLEAN\r
+AmdMemEncryptionAttrCheck (\r
+ IN UINT64 CurrentAttr,\r
+ IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr\r
+ )\r
+{\r
+ switch (Attr) {\r
+ case CCAttrAmdSev:\r
+ //\r
+ // SEV is automatically enabled if SEV-ES or SEV-SNP is active.\r
+ //\r
+ return CurrentAttr >= CCAttrAmdSev;\r
+ case CCAttrAmdSevEs:\r
+ //\r
+ // SEV-ES is automatically enabled if SEV-SNP is active.\r
+ //\r
+ return CurrentAttr >= CCAttrAmdSevEs;\r
+ case CCAttrAmdSevSnp:\r
+ return CurrentAttr == CCAttrAmdSevSnp;\r
+ default:\r
+ return FALSE;\r
+ }\r
+}\r
+\r
+/**\r
+ Check if the specified confidential computing attribute is active.\r
+\r
+ @param[in] Attr The attribute to check.\r
+\r
+ @retval TRUE The specified Attr is active.\r
+ @retval FALSE The specified Attr is not active.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ConfidentialComputingGuestHas (\r
+ IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr\r
+ )\r
+{\r
+ UINT64 CurrentAttr;\r
+\r
+ //\r
+ // Get the current CC attribute.\r
+ //\r
+ CurrentAttr = PcdGet64 (PcdConfidentialComputingGuestAttr);\r
+\r
+ //\r
+ // If attr is for the AMD group then call AMD specific checks.\r
+ //\r
+ if (((RShiftU64 (CurrentAttr, 8)) & 0xff) == 1) {\r
+ return AmdMemEncryptionAttrCheck (CurrentAttr, Attr);\r
+ }\r
+\r
+ return (CurrentAttr == Attr);\r
+}\r
#include <Library/HobLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/MicrocodeLib.h>\r
+#include <ConfidentialComputingGuestAttr.h>\r
\r
#include <Register/Amd/Fam17Msr.h>\r
#include <Register/Amd/Ghcb.h>\r
CPU_MP_DATA *CpuMpData\r
);\r
\r
+/**\r
+ Check if the specified confidential computing attribute is active.\r
+\r
+ @retval TRUE The specified Attr is active.\r
+ @retval FALSE The specified Attr is not active.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ConfidentialComputingGuestHas (\r
+ CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr\r
+ );\r
+\r
#endif\r
gUefiCpuPkgTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize ## CONSUMES\r
gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONSUMES\r
gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOMETIMES_CONSUMES\r
- gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONSUMES\r
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES\r
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES\r
+ gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES\r
\r
[Ppis]\r
gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES\r
// Need memory under 1MB to be collected here\r
//\r
WakeupBufferEnd = Hob.ResourceDescriptor->PhysicalStart + Hob.ResourceDescriptor->ResourceLength;\r
- if (PcdGetBool (PcdSevEsIsEnabled) &&\r
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs) &&\r
(WakeupBufferEnd > mSevEsPeiWakeupBuffer))\r
{\r
//\r
WakeupBufferSize\r
));\r
\r
- if (PcdGetBool (PcdSevEsIsEnabled)) {\r
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {\r
//\r
// Next SEV-ES wakeup buffer allocation must be below this\r
// allocation\r
projects / mirror_edk2.git / commitdiff