1. Patchew
  2. EDK2
  3. [edk2] [PATCH v4 0/6] Add PCD PcdPteMemoryEncryptionAddressOrMask
  4. View patch

[edk2] [PATCH v4 5/6] MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

Leo Duran posted 6 patches 7 years, 8 months ago
[edk2] [PATCH v4 5/6] MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe: Add support for PCD PcdPteMemoryEncryptionAddressOrMask
Posted by Leo Duran 7 years, 8 months ago 
This PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.

This module updates the under-4GB page tables configured by the S3-Resume
code in UefiCpuPkg/Universal/Acpi/S3Resume2Pei. The mask is saved at module
start (ScriptExecute.c), and applied when tables are expanded on-demand by
page-faults above 4GB's (SetIdtEntry.c).

CC: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
 .../Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf  |  2 ++
 .../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c  |  7 +++++++
 .../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h  |  5 +++++
 .../Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c          | 15 +++++++++------
 4 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
index 7cd38cf..29af7f5 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -5,6 +5,7 @@
 # depends on any PEI or DXE service.
 #
 # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 #
 # This program and the accompanying materials are
 # licensed and made available under the terms and conditions of the BSD License
@@ -85,6 +86,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask   ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable                ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
 
 [Depex]
   gEfiLockBoxProtocolGuid
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
index f67fbca..22d4349 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
@@ -5,6 +5,7 @@
   in the entry point. The functionality is to interpret and restore the S3 boot script
 
 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -23,6 +24,7 @@ EFI_GUID              mBootScriptExecutorImageGuid = {
 };
 
 BOOLEAN               mPage1GSupport = FALSE;
+UINT64                mAddressEncMask = 0;
 
 /**
   Entry function of Boot script exector. This function will be executed in
@@ -408,6 +410,11 @@ BootScriptExecutorEntryPoint (
   }
 
   //
+  // Make sure AddressEncMask is contained to smallest supported address field.
+  //
+  mAddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
+
+  //
   // Test if the gEfiCallerIdGuid of this image is already installed. if not, the entry
   // point is loaded by DXE code which is the first time loaded. or else, it is already
   // be reloaded be itself.This is a work-around
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
index 772347a..7532756 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
@@ -5,6 +5,7 @@
   in the entry point. The functionality is to interpret and restore the S3 boot script 
   
 Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -44,6 +45,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #include <Protocol/DxeSmmReadyToLock.h>
 #include <IndustryStandard/Acpi.h>
+
+#define PAGING_1G_ADDRESS_MASK_64  0x000FFFFFC0000000ull
+
 /**
   a ASM function to transfer control to OS.
   
@@ -87,5 +91,6 @@ SetIdtEntry (
 extern UINT32 AsmFixAddress16;
 extern UINT32 AsmJmpAddr32;
 extern BOOLEAN mPage1GSupport;
+extern UINT64 mAddressEncMask;
 
 #endif //_BOOT_SCRIPT_EXECUTOR_H_
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
index 6674560..d433cf1 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/X64/SetIdtEntry.c
@@ -4,6 +4,8 @@
   Set a IDT entry for interrupt vector 3 for debug purpose for x64 platform
 
 Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -200,14 +202,15 @@ AcquirePage (
   //
   // Cut the previous uplink if it exists and wasn't overwritten.
   //
-  if ((mPageFaultUplink[mPageFaultIndex] != NULL) && ((*mPageFaultUplink[mPageFaultIndex] & mPhyMask) == Address)) {
+  if ((mPageFaultUplink[mPageFaultIndex] != NULL) &&
+     ((*mPageFaultUplink[mPageFaultIndex] & ~mAddressEncMask & mPhyMask) == Address)) {
     *mPageFaultUplink[mPageFaultIndex] = 0;
   }
 
   //
   // Link & Record the current uplink.
   //
-  *Uplink = Address | IA32_PG_P | IA32_PG_RW;
+  *Uplink = Address | mAddressEncMask | IA32_PG_P | IA32_PG_RW;
   mPageFaultUplink[mPageFaultIndex] = Uplink;
 
   mPageFaultIndex = (mPageFaultIndex + 1) % EXTRA_PAGE_TABLE_PAGES;
@@ -245,19 +248,19 @@ PageFaultHandler (
   if ((PageTable[PTIndex] & IA32_PG_P) == 0) {
     AcquirePage (&PageTable[PTIndex]);
   }
-  PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & mPhyMask);
+  PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & ~mAddressEncMask & mPhyMask);
   PTIndex = BitFieldRead64 (PFAddress, 30, 38);
   // PDPTE
   if (mPage1GSupport) {
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = ((PFAddress | mAddressEncMask) & ~((1ull << 30) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
   } else {
     if ((PageTable[PTIndex] & IA32_PG_P) == 0) {
       AcquirePage (&PageTable[PTIndex]);
     }
-    PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & mPhyMask);
+    PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & ~mAddressEncMask & mPhyMask);
     PTIndex = BitFieldRead64 (PFAddress, 21, 29);
     // PD
-    PageTable[PTIndex] = (PFAddress & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
+    PageTable[PTIndex] = ((PFAddress | mAddressEncMask) & ~((1ull << 21) - 1)) | IA32_PG_P | IA32_PG_RW | IA32_PG_PS;
   }
 
   return TRUE;
-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.