From nobody Fri Nov 29 06:27:08 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Authentication-Results: mx.zoho.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1488842866884433.04790793999507;
 Mon, 6 Mar 2017 15:27:46 -0800 (PST)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id B849B8033B;
	Mon,  6 Mar 2017 15:27:45 -0800 (PST)
Received: from mail-io0-x243.google.com (mail-io0-x243.google.com
 [IPv6:2607:f8b0:4001:c06::243])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 7B04B80333
 for <edk2-devel@ml01.01.org>; Mon,  6 Mar 2017 15:27:44 -0800 (PST)
Received: by mail-io0-x243.google.com with SMTP id 68so16643991ioh.3
 for <edk2-devel@ml01.01.org>; Mon, 06 Mar 2017 15:27:44 -0800 (PST)
Received: from [127.0.1.1] ([165.204.77.1])
 by smtp.gmail.com with ESMTPSA id 202sm5574641ity.8.2017.03.06.15.27.42
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 06 Mar 2017 15:27:43 -0800 (PST)
X-Original-To: edk2-devel@ml01.01.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:subject:to:cc:date:message-id:in-reply-to:references
 :user-agent:mime-version:content-transfer-encoding;
 bh=a4Wm86WAtg1QnSz9egSilCHicN4QAOAGtsWmEb9fCPo=;
 b=rQJWDtO91SElEVFfSXKtHbA598a4O2kfk8Tv/jOFTG8XLTPPmjQVnAVgjERnwB3GxN
 brvtf92LFqEGhYuId4TghZupmOX2IUL9xGCgfAa31VB65uRwvWH1166jncFDkt030vKv
 wHaLXmie/L1kTTkezjmuJpRFLHHVltROpjsWsufcC1p0w+91XM3S1B8kf51pvTczkzPx
 4sNqqL3VzFDVAWaU8tGGAXSJLZoMMAN53QwvjhYob3FE/m1wT86vus3x475spv0UvsbQ
 9yLmFqIfc7yrF9sKkW1TmtcO1AJ/hBmvI9GXvCMew3IwYDVEj1LQOT7zGG2s1fwYC3IL
 pwBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to
 :references:user-agent:mime-version:content-transfer-encoding;
 bh=a4Wm86WAtg1QnSz9egSilCHicN4QAOAGtsWmEb9fCPo=;
 b=mHoE3RJXEXD3o8+k+hVd+vab//jJdk94NiLX2qf9nH8u91FwkqRjW1qO2OuBZKkQ2N
 og7PiDEP0cRkF2T1Z0HF/VmlCUKSBe1aZUj0uvaOG7B/MYpNHAle5zfWsWz3VrUl7482
 IJbaxG10zt77mtFmP5sF0zYp5ebs+lZL3OyWMj8UpxWk1LoPgxgYQ3KL5WO93qK/+mrr
 2cKnpeoLIhqtVZOg1w6NS4swm8ZBZFfzEhEDG3WuQlvJLWBJa80I6s/xJ4C5tA3ngSCB
 ur13LErYzKGjHUtJ+ei39/Qfkf4GnvzUU85bJLkWwdYPJkr1Br3O/rzfNo8gFgN/Kc+o
 iHaQ==
X-Gm-Message-State: 
 AMke39lGJPlnJndCsonbjZiG9TCaGjcYib3GYI3UcoMt7+sGFa83wA/Mb6U5X8XW0Ew2YQ==
X-Received: by 10.107.166.207 with SMTP id p198mr17263224ioe.15.1488842863778;
 Mon, 06 Mar 2017 15:27:43 -0800 (PST)
From: Brijesh Singh <brijesh.ksingh@gmail.com>
X-Google-Original-From: Brijesh Singh <brijesh.singh@amd.com>
To: jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com
Date: Mon, 06 Mar 2017 18:27:42 -0500
Message-ID: 
 <148884286215.29188.1084675072356724555.stgit@brijesh-build-machine>
In-Reply-To: 
 <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine>
References: 
 <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Subject: [edk2] [RFC PATCH v1 2/5] OvmfPkg/MemcryptSevLib: Add SEV helper
 library
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com, brijesh.sing@amd.com
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The library contain common helper routines for SEV feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/Include/Library/MemcryptSevLib.h          |   42 +++++++++++++
 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c   |   66 +++++++++++++++++=
++++
 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf |   44 ++++++++++++++
 OvmfPkg/OvmfPkgIa32X64.dsc                        |    4 +
 OvmfPkg/OvmfPkgX64.dsc                            |    4 +
 5 files changed, 160 insertions(+)
 create mode 100644 OvmfPkg/Include/Library/MemcryptSevLib.h
 create mode 100644 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c
 create mode 100644 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf

diff --git a/OvmfPkg/Include/Library/MemcryptSevLib.h b/OvmfPkg/Include/Lib=
rary/MemcryptSevLib.h
new file mode 100644
index 0000000..89f9c86
--- /dev/null
+++ b/OvmfPkg/Include/Library/MemcryptSevLib.h
@@ -0,0 +1,42 @@
+/** @file
+  Copyright (C) 2017 Advanced Micro Devices.
+
+  This program and the accompanying materials are licensed and made availa=
ble
+  under the terms and conditions of the BSD License which accompanies this
+  distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WI=
THOUT
+  WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+**/
+
+#ifndef __MEMCRYPT_SEV_LIB_H__
+#define __MEMCRYPT_SEV_LIB_H__
+
+#include <Uefi/UefiBaseType.h>
+#include <Base.h>
+
+/**
+=20
+ Initialize SEV memory encryption
+
+**/
+
+RETURN_STATUS
+EFIAPI
+MemcryptSevInitialize (
+  VOID
+  );
+
+/**
+=20
+ Return TRUE when SEV is active otherwise FALSE
+
+ **/
+BOOLEAN
+EFIAPI
+SevActive (
+  VOID
+  );
+
+#endif
diff --git a/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c b/OvmfPkg/Libr=
ary/MemcryptSevLib/MemcryptSevLib.c
new file mode 100644
index 0000000..2d60b75
--- /dev/null
+++ b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c
@@ -0,0 +1,66 @@
+/** @file
+
+  Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BS=
D License
+  which accompanies this distribution.  The full text of the license may b=
e found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+
+**/
+
+#include "Uefi.h"
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/MemcryptSevLib.h>
+
+#define KVM_FEATURE_MEMORY_ENCRYPTION 0x100
+
+RETURN_STATUS
+EFIAPI
+MemcryptSevInitialize (
+  VOID
+  )
+{
+  UINT32 EBX;
+  UINT64 MeMask =3D 0;
+
+  if (SevActive ()) {
+     // CPUID Fn8000_001f[EBX] - Bit 5:0 (memory encryption bit position)
+     AsmCpuid(0x8000001f, NULL, &EBX, NULL, NULL);
+     MeMask =3D (1ULL << (EBX & 0x3f));
+     DEBUG ((DEBUG_INFO, "KVM Secure Encrypted Virtualization (SEV) is ena=
bled\n"));
+     DEBUG ((DEBUG_INFO, "MemEncryptionMask 0x%lx\n", MeMask));
+  }
+
+  PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, MeMask);
+
+  return RETURN_SUCCESS;
+}
+
+BOOLEAN
+EFIAPI
+SevActive (
+  VOID
+  )
+{
+  UINT32 KVMFeatures, EAX;
+
+  // Check if KVM memory encyption feature is set
+  AsmCpuid(0x40000001, &KVMFeatures, NULL, NULL, NULL);
+  if (KVMFeatures & KVM_FEATURE_MEMORY_ENCRYPTION) {
+
+     // Check whether SEV is enabled
+     // CPUID Fn8000_001f[EAX] - Bit 0  (SEV is enabled)
+     AsmCpuid(0x8000001f, &EAX, NULL, NULL, NULL);
+
+     return TRUE;
+  }
+
+  return FALSE;
+}
+
diff --git a/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf b/OvmfPkg/Li=
brary/MemcryptSevLib/MemcryptSevLib.inf
new file mode 100644
index 0000000..8e8d7e0
--- /dev/null
+++ b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf
@@ -0,0 +1,44 @@
+## @file
+#
+# Copyright (c) 2017 Advanced Micro Devices. All rights reserved.<BR>
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the B=
SD License
+#  which accompanies this distribution. The full text of the license may b=
e found at
+#  http://opensource.org/licenses/bsd-license.php
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM=
PLIED.
+#
+#
+##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D MemcryptSevLib
+  FILE_GUID                      =3D c1594631-3888-4be4-949f-9c630dbc842b
+  MODULE_TYPE                    =3D BASE
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D MemcryptSevLib
+ =20
+#
+# The following information is for reference only and not required by the =
build tools.
+#
+# VALID_ARCHITECTURES           =3D IA32 X64
+#
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  OvmfPkg/OvmfPkg.dec
+  UefiCpuPkg/UefiCpuPkg.dec
+
+[Sources]
+  MemcryptSevLib.c
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  PcdLib
+
+[Pcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 56f7ff9..a35e1d2 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -129,6 +129,7 @@
   QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
   VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
   LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
+  MemcryptSevLib|OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf
 !if $(SMM_REQUIRE) =3D=3D FALSE
   LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
 !endif
@@ -509,6 +510,9 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000
=20
+  # Set memory encryption mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
+
 !if $(SMM_REQUIRE) =3D=3D TRUE
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index d0b0b0e..5d853d6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -129,6 +129,7 @@
   QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
   VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
   LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
+  MemcryptSevLib|OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf
 !if $(SMM_REQUIRE) =3D=3D FALSE
   LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
 !endif
@@ -508,6 +509,9 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000
=20
+  # Set memory encryption mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
+
 !if $(SMM_REQUIRE) =3D=3D TRUE
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel