From b97dc4b92ba1cc9f351854aed1c35c636d2d3992 Mon Sep 17 00:00:00 2001 From: Tom Lendacky Date: Thu, 7 Jan 2021 12:48:16 -0600 Subject: [PATCH] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108 To ensure that we always use a validated encryption mask for an SEV-ES guest, create a new interface in the MemEncryptSevLib library to return the encryption mask. This can be used in place of the multiple locations where CPUID is used to retrieve the value (which would require validation again) and allows the validated mask to be returned. The PEI phase will use the value from the SEV-ES work area. Since the SEV-ES work area isn't valid in the DXE phase, the DXE phase will use the PcdPteMemoryEncryptionAddressOrMask PCD which is set during PEI. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Rebecca Cran Cc: Peter Grehan Cc: Anthony Perard Cc: Julien Grall Cc: Brijesh Singh Acked-by: Laszlo Ersek Signed-off-by: Tom Lendacky Message-Id: --- OvmfPkg/AmdSev/AmdSevX64.dsc | 4 +- OvmfPkg/Bhyve/BhyveX64.dsc | 4 +- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 ++ ...ryptSevLib.inf => DxeMemEncryptSevLib.inf} | 15 +- .../DxeMemEncryptSevLibInternal.c | 145 ++++++++++++++++ .../MemEncryptSevLibInternal.c | 94 +---------- .../PeiMemEncryptSevLib.inf | 56 ++++++ .../PeiMemEncryptSevLibInternal.c | 159 ++++++++++++++++++ OvmfPkg/OvmfPkgIa32.dsc | 4 +- OvmfPkg/OvmfPkgIa32X64.dsc | 4 +- OvmfPkg/OvmfPkgX64.dsc | 4 +- OvmfPkg/OvmfXen.dsc | 3 +- 12 files changed, 400 insertions(+), 104 deletions(-) rename OvmfPkg/Library/BaseMemEncryptSevLib/{BaseMemEncryptSevLib.inf => DxeMemEncryptSevLib.inf} (68%) create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index bb7697eb32..d39436e7af 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -164,7 +164,7 @@ QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParserLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf - MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf @@ -285,6 +285,8 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf + [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index b93fe30ae4..33edf3d2d6 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -163,7 +163,7 @@ QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/BaseQemuFwCfgS3LibNull.inf BhyveFwCtlLib|OvmfPkg/Library/BhyveFwCtlLib/BhyveFwCtlLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf - MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf @@ -292,6 +292,8 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf + [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index a2c70aa550..872abe6725 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -135,4 +135,16 @@ MemEncryptSevLocateInitialSmramSaveStateMapPages ( OUT UINTN *BaseAddress, OUT UINTN *NumberOfPages ); + +/** + Returns the SEV encryption mask. + + @return The SEV pagetable encryption mask +**/ +UINT64 +EFIAPI +MemEncryptSevGetEncryptionMask ( + VOID + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf similarity index 68% rename from OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf rename to OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index 7c44d09528..837db08761 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -1,7 +1,7 @@ ## @file # Library provides the helper functions for SEV guest # -# Copyright (c) 2017 Advanced Micro Devices. All rights reserved.
+# Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -10,11 +10,11 @@ [Defines] INF_VERSION = 1.25 - BASE_NAME = MemEncryptSevLib + BASE_NAME = DxeMemEncryptSevLib FILE_GUID = c1594631-3888-4be4-949f-9c630dbc842b MODULE_TYPE = BASE VERSION_STRING = 1.0 - LIBRARY_CLASS = MemEncryptSevLib|PEIM DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER + LIBRARY_CLASS = MemEncryptSevLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER # # The following information is for reference only and not required by the build @@ -29,15 +29,17 @@ OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec -[Sources.X64] +[Sources] + DxeMemEncryptSevLibInternal.c MemEncryptSevLibInternal.c + +[Sources.X64] X64/MemEncryptSevLib.c X64/VirtualMemory.c X64/VirtualMemory.h [Sources.IA32] Ia32/MemEncryptSevLib.c - MemEncryptSevLibInternal.c [LibraryClasses] BaseLib @@ -49,3 +51,6 @@ [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c new file mode 100644 index 0000000000..2816f859a0 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -0,0 +1,145 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +STATIC BOOLEAN mSevStatus = FALSE; +STATIC BOOLEAN mSevEsStatus = FALSE; +STATIC BOOLEAN mSevStatusChecked = FALSE; + +STATIC UINT64 mSevEncryptionMask = 0; +STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE; + +/** + Reads and sets the status of SEV features. + + **/ +STATIC +VOID +EFIAPI +InternalMemEncryptSevStatus ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + BOOLEAN ReadSevMsr; + UINT64 EncryptionMask; + + ReadSevMsr = FALSE; + + EncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask); + if (EncryptionMask != 0) { + // + // The MSR has been read before, so it is safe to read it again and avoid + // having to validate the CPUID information. + // + ReadSevMsr = TRUE; + } else { + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + ReadSevMsr = TRUE; + } + } + } + + if (ReadSevMsr) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + mSevStatus = TRUE; + } + + // + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) + // + if (Msr.Bits.SevEsBit) { + mSevEsStatus = TRUE; + } + } + + mSevStatusChecked = TRUE; +} + +/** + Returns a boolean to indicate whether SEV-ES is enabled. + + @retval TRUE SEV-ES is enabled + @retval FALSE SEV-ES is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevEsIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevEsStatus; +} + +/** + Returns a boolean to indicate whether SEV is enabled. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevStatus; +} + +/** + Returns the SEV encryption mask. + + @return The SEV pagtable encryption mask +**/ +UINT64 +EFIAPI +MemEncryptSevGetEncryptionMask ( + VOID + ) +{ + if (!mSevEncryptionMaskSaved) { + mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask); + mSevEncryptionMaskSaved = TRUE; + } + + return mSevEncryptionMask; +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c index 02b8eb225d..b4a9f464e2 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c @@ -2,7 +2,7 @@ Secure Encrypted Virtualization (SEV) library helper function - Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -12,102 +12,10 @@ #include #include #include -#include -#include -#include #include #include #include -STATIC BOOLEAN mSevStatus = FALSE; -STATIC BOOLEAN mSevEsStatus = FALSE; -STATIC BOOLEAN mSevStatusChecked = FALSE; - -/** - Reads and sets the status of SEV features. - - **/ -STATIC -VOID -EFIAPI -InternalMemEncryptSevStatus ( - VOID - ) -{ - UINT32 RegEax; - MSR_SEV_STATUS_REGISTER Msr; - CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; - - // - // Check if memory encryption leaf exist - // - AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); - if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { - // - // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) - // - AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); - - if (Eax.Bits.SevBit) { - // - // Check MSR_0xC0010131 Bit 0 (Sev Enabled) - // - Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); - if (Msr.Bits.SevBit) { - mSevStatus = TRUE; - } - - // - // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) - // - if (Msr.Bits.SevEsBit) { - mSevEsStatus = TRUE; - } - } - } - - mSevStatusChecked = TRUE; -} - -/** - Returns a boolean to indicate whether SEV-ES is enabled. - - @retval TRUE SEV-ES is enabled - @retval FALSE SEV-ES is not enabled -**/ -BOOLEAN -EFIAPI -MemEncryptSevEsIsEnabled ( - VOID - ) -{ - if (!mSevStatusChecked) { - InternalMemEncryptSevStatus (); - } - - return mSevEsStatus; -} - -/** - Returns a boolean to indicate whether SEV is enabled. - - @retval TRUE SEV is enabled - @retval FALSE SEV is not enabled -**/ -BOOLEAN -EFIAPI -MemEncryptSevIsEnabled ( - VOID - ) -{ - if (!mSevStatusChecked) { - InternalMemEncryptSevStatus (); - } - - return mSevStatus; -} - - /** Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM Save State Map. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf new file mode 100644 index 0000000000..c3cd046cb6 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -0,0 +1,56 @@ +## @file +# Library provides the helper functions for SEV guest +# +# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 1.25 + BASE_NAME = PeiMemEncryptSevLib + FILE_GUID = 15d9a694-3d2a-4184-9672-ba55c3070e07 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MemEncryptSevLib|PEIM + +# +# The following information is for reference only and not required by the build +# tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[Sources] + MemEncryptSevLibInternal.c + PeiMemEncryptSevLibInternal.c + +[Sources.X64] + X64/MemEncryptSevLib.c + X64/VirtualMemory.c + X64/VirtualMemory.h + +[Sources.IA32] + Ia32/MemEncryptSevLib.c + +[LibraryClasses] + BaseLib + CacheMaintenanceLib + CpuLib + DebugLib + MemoryAllocationLib + PcdLib + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire + +[FixedPcd] + gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c new file mode 100644 index 0000000000..e2fd109d12 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -0,0 +1,159 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2020, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +STATIC BOOLEAN mSevStatus = FALSE; +STATIC BOOLEAN mSevEsStatus = FALSE; +STATIC BOOLEAN mSevStatusChecked = FALSE; + +STATIC UINT64 mSevEncryptionMask = 0; +STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE; + +/** + Reads and sets the status of SEV features. + + **/ +STATIC +VOID +EFIAPI +InternalMemEncryptSevStatus ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + BOOLEAN ReadSevMsr; + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + + ReadSevMsr = FALSE; + + SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); + if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) { + // + // The MSR has been read before, so it is safe to read it again and avoid + // having to validate the CPUID information. + // + ReadSevMsr = TRUE; + } else { + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + ReadSevMsr = TRUE; + } + } + } + + if (ReadSevMsr) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + mSevStatus = TRUE; + } + + // + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) + // + if (Msr.Bits.SevEsBit) { + mSevEsStatus = TRUE; + } + } + + mSevStatusChecked = TRUE; +} + +/** + Returns a boolean to indicate whether SEV-ES is enabled. + + @retval TRUE SEV-ES is enabled + @retval FALSE SEV-ES is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevEsIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevEsStatus; +} + +/** + Returns a boolean to indicate whether SEV is enabled. + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevStatus; +} + +/** + Returns the SEV encryption mask. + + @return The SEV pagtable encryption mask +**/ +UINT64 +EFIAPI +MemEncryptSevGetEncryptionMask ( + VOID + ) +{ + if (!mSevEncryptionMaskSaved) { + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + + SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); + if (SevEsWorkArea != NULL) { + mSevEncryptionMask = SevEsWorkArea->EncryptionMask; + } else { + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + mSevEncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits); + } + + mSevEncryptionMaskSaved = TRUE; + } + + return mSevEncryptionMask; +} diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 26a013ec35..75c5f46a77 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -170,7 +170,7 @@ QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParserLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf - MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -310,6 +310,8 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf + [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 10579fe46c..8693248b4e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -174,7 +174,7 @@ QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParserLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf - MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -314,6 +314,8 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf + [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index c9235e48ad..799468e08e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -174,7 +174,7 @@ QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParserLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf - MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -314,6 +314,8 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf + [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 12b7a87ee8..c13388ba5a 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -161,7 +161,7 @@ SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf - MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf @@ -273,6 +273,7 @@ QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf -- 2.39.2