OvmfPkg: Add support to perform SEV-ES initialization

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

When SEV-ES is enabled, then SEV is also enabled. Add support to the SEV
initialization function to also check for SEV-ES being enabled, and if
enabled, set the SEV-ES enabled PCD (PcdSevEsIsEnabled).

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index c57bba1ba197bddfd03201c95c6b1687a0caa35e..f84f23f250ef0716a6486e2d7c9f4c7e7127beb7 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -607,6 +607,9 @@
   # Set memory encryption mask\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0\r
 \r
+  # Set SEV-ES defaults\r
+  gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0\r
+\r
 !if $(SMM_REQUIRE) == TRUE\r
   gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8\r
   gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE\r

diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 22e930b12b9bdf8ab9f5a1e0b62c4625c54f80ee..a66abccf82660dc0db1fa9c26bc998a999316d77 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -619,6 +619,9 @@
   # Set memory encryption mask\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0\r
 \r
+  # Set SEV-ES defaults\r
+  gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0\r
+\r
 !if $(SMM_REQUIRE) == TRUE\r
   gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8\r
   gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE\r

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 60be5eae3d2b9375e67c5f182701fc146063e323..2a8975fd3d296f72a0e055a0571ea26af8e4a997 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -617,6 +617,9 @@
   # Set memory encryption mask\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0\r
 \r
+  # Set SEV-ES defaults\r
+  gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0\r
+\r
 !if $(SMM_REQUIRE) == TRUE\r
   gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8\r
   gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE\r

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index e484f4b311feaf7cc473f2aea44d0e9b30f67b46..4dc5340caa7a2814e8914ecfa7a3a6deb12acbd8 100644 (file)
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -21,6 +21,27 @@
 \r
 #include "Platform.h"\r
 \r
+/**\r
+\r
+  Initialize SEV-ES support if running as an SEV-ES guest.\r
+\r
+  **/\r
+STATIC\r
+VOID\r
+AmdSevEsInitialize (\r
+  VOID\r
+  )\r
+{\r
+  RETURN_STATUS     PcdStatus;\r
+\r
+  if (!MemEncryptSevEsIsEnabled ()) {\r
+    return;\r
+  }\r
+\r
+  PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);\r
+  ASSERT_RETURN_ERROR (PcdStatus);\r
+}\r
+\r
 /**\r
 \r
   Function checks if SEV support is available, if present then it sets\r
@@ -103,4 +124,9 @@ AmdSevInitialize (
         );\r
     }\r
   }\r
+\r
+  //\r
+  // Check and perform SEV-ES initialization if required.\r
+  //\r
+  AmdSevEsInitialize ();\r
 }\r

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index ff397b3ee9d75fd0676f708ce50184bd6d97b2d5..00feb96c93085781b15d57555597a2395e1d2b2e 100644 (file)
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -103,6 +103,7 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber\r
   gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber\r
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize\r
+  gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled\r
 \r
 [FixedPcd]\r
   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress\r