From nobody Sat Nov 2 14:36:48 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1488842866884433.04790793999507; Mon, 6 Mar 2017 15:27:46 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id B849B8033B; Mon, 6 Mar 2017 15:27:45 -0800 (PST) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7B04B80333 for ; Mon, 6 Mar 2017 15:27:44 -0800 (PST) Received: by mail-io0-x243.google.com with SMTP id 68so16643991ioh.3 for ; Mon, 06 Mar 2017 15:27:44 -0800 (PST) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id 202sm5574641ity.8.2017.03.06.15.27.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Mar 2017 15:27:43 -0800 (PST) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=a4Wm86WAtg1QnSz9egSilCHicN4QAOAGtsWmEb9fCPo=; b=rQJWDtO91SElEVFfSXKtHbA598a4O2kfk8Tv/jOFTG8XLTPPmjQVnAVgjERnwB3GxN brvtf92LFqEGhYuId4TghZupmOX2IUL9xGCgfAa31VB65uRwvWH1166jncFDkt030vKv wHaLXmie/L1kTTkezjmuJpRFLHHVltROpjsWsufcC1p0w+91XM3S1B8kf51pvTczkzPx 4sNqqL3VzFDVAWaU8tGGAXSJLZoMMAN53QwvjhYob3FE/m1wT86vus3x475spv0UvsbQ 9yLmFqIfc7yrF9sKkW1TmtcO1AJ/hBmvI9GXvCMew3IwYDVEj1LQOT7zGG2s1fwYC3IL pwBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=a4Wm86WAtg1QnSz9egSilCHicN4QAOAGtsWmEb9fCPo=; b=mHoE3RJXEXD3o8+k+hVd+vab//jJdk94NiLX2qf9nH8u91FwkqRjW1qO2OuBZKkQ2N og7PiDEP0cRkF2T1Z0HF/VmlCUKSBe1aZUj0uvaOG7B/MYpNHAle5zfWsWz3VrUl7482 IJbaxG10zt77mtFmP5sF0zYp5ebs+lZL3OyWMj8UpxWk1LoPgxgYQ3KL5WO93qK/+mrr 2cKnpeoLIhqtVZOg1w6NS4swm8ZBZFfzEhEDG3WuQlvJLWBJa80I6s/xJ4C5tA3ngSCB ur13LErYzKGjHUtJ+ei39/Qfkf4GnvzUU85bJLkWwdYPJkr1Br3O/rzfNo8gFgN/Kc+o iHaQ== X-Gm-Message-State: AMke39lGJPlnJndCsonbjZiG9TCaGjcYib3GYI3UcoMt7+sGFa83wA/Mb6U5X8XW0Ew2YQ== X-Received: by 10.107.166.207 with SMTP id p198mr17263224ioe.15.1488842863778; Mon, 06 Mar 2017 15:27:43 -0800 (PST) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com Date: Mon, 06 Mar 2017 18:27:42 -0500 Message-ID: <148884286215.29188.1084675072356724555.stgit@brijesh-build-machine> In-Reply-To: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine> References: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v1 2/5] OvmfPkg/MemcryptSevLib: Add SEV helper library X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com, brijesh.sing@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The library contain common helper routines for SEV feature. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemcryptSevLib.h | 42 +++++++++++++ OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c | 66 +++++++++++++++++= ++++ OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf | 44 ++++++++++++++ OvmfPkg/OvmfPkgIa32X64.dsc | 4 + OvmfPkg/OvmfPkgX64.dsc | 4 + 5 files changed, 160 insertions(+) create mode 100644 OvmfPkg/Include/Library/MemcryptSevLib.h create mode 100644 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c create mode 100644 OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf diff --git a/OvmfPkg/Include/Library/MemcryptSevLib.h b/OvmfPkg/Include/Lib= rary/MemcryptSevLib.h new file mode 100644 index 0000000..89f9c86 --- /dev/null +++ b/OvmfPkg/Include/Library/MemcryptSevLib.h @@ -0,0 +1,42 @@ +/** @file + Copyright (C) 2017 Advanced Micro Devices. + + This program and the accompanying materials are licensed and made availa= ble + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WI= THOUT + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +**/ + +#ifndef __MEMCRYPT_SEV_LIB_H__ +#define __MEMCRYPT_SEV_LIB_H__ + +#include +#include + +/** +=20 + Initialize SEV memory encryption + +**/ + +RETURN_STATUS +EFIAPI +MemcryptSevInitialize ( + VOID + ); + +/** +=20 + Return TRUE when SEV is active otherwise FALSE + + **/ +BOOLEAN +EFIAPI +SevActive ( + VOID + ); + +#endif diff --git a/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c b/OvmfPkg/Libr= ary/MemcryptSevLib/MemcryptSevLib.c new file mode 100644 index 0000000..2d60b75 --- /dev/null +++ b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.c @@ -0,0 +1,66 @@ +/** @file + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "Uefi.h" +#include +#include +#include +#include + +#define KVM_FEATURE_MEMORY_ENCRYPTION 0x100 + +RETURN_STATUS +EFIAPI +MemcryptSevInitialize ( + VOID + ) +{ + UINT32 EBX; + UINT64 MeMask =3D 0; + + if (SevActive ()) { + // CPUID Fn8000_001f[EBX] - Bit 5:0 (memory encryption bit position) + AsmCpuid(0x8000001f, NULL, &EBX, NULL, NULL); + MeMask =3D (1ULL << (EBX & 0x3f)); + DEBUG ((DEBUG_INFO, "KVM Secure Encrypted Virtualization (SEV) is ena= bled\n")); + DEBUG ((DEBUG_INFO, "MemEncryptionMask 0x%lx\n", MeMask)); + } + + PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, MeMask); + + return RETURN_SUCCESS; +} + +BOOLEAN +EFIAPI +SevActive ( + VOID + ) +{ + UINT32 KVMFeatures, EAX; + + // Check if KVM memory encyption feature is set + AsmCpuid(0x40000001, &KVMFeatures, NULL, NULL, NULL); + if (KVMFeatures & KVM_FEATURE_MEMORY_ENCRYPTION) { + + // Check whether SEV is enabled + // CPUID Fn8000_001f[EAX] - Bit 0 (SEV is enabled) + AsmCpuid(0x8000001f, &EAX, NULL, NULL, NULL); + + return TRUE; + } + + return FALSE; +} + diff --git a/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf b/OvmfPkg/Li= brary/MemcryptSevLib/MemcryptSevLib.inf new file mode 100644 index 0000000..8e8d7e0 --- /dev/null +++ b/OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf @@ -0,0 +1,44 @@ +## @file +# +# Copyright (c) 2017 Advanced Micro Devices. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the B= SD License +# which accompanies this distribution. The full text of the license may b= e found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +# +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D MemcryptSevLib + FILE_GUID =3D c1594631-3888-4be4-949f-9c630dbc842b + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MemcryptSevLib + =20 +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[Sources] + MemcryptSevLib.c + +[LibraryClasses] + BaseLib + DebugLib + PcdLib + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 56f7ff9..a35e1d2 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -129,6 +129,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemcryptSevLib|OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -509,6 +510,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index d0b0b0e..5d853d6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -129,6 +129,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemcryptSevLib|OvmfPkg/Library/MemcryptSevLib/MemcryptSevLib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -508,6 +509,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel