Since the framebuffer memory region is shared between the guest and hypervisor
hence we must clear the memory encryption bit from this memory region when SEV
is enabled.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/QemuVideoDxe/Gop.c            |   15 +++++++++++++++
 OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf |    1 +
 2 files changed, 16 insertions(+)

diff --git a/OvmfPkg/QemuVideoDxe/Gop.c b/OvmfPkg/QemuVideoDxe/Gop.c
index 359e921..96661d1 100644
--- a/OvmfPkg/QemuVideoDxe/Gop.c
+++ b/OvmfPkg/QemuVideoDxe/Gop.c
@@ -13,6 +13,8 @@
 
 **/
 
+#include <Library/MemEncryptSevLib.h>
+
 #include "Qemu.h"
 
 STATIC
@@ -65,6 +67,19 @@ QemuVideoCompleteModeData (
                         (VOID**) &FrameBufDesc
                         );
 
+  //
+  // Framebuffer memory region is shared between hypervisor and guest,
+  // Clear the memory encryption mask when SEV is active.
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    EFI_STATUS Status;
+
+    Status = MemEncryptSevClearPageEncMask (FrameBufDesc->AddrRangeMin, EFI_SIZE_TO_PAGES (FrameBufDesc->AddrLen));
+    if (EFI_ERROR(Status)) {
+      DEBUG ((EFI_D_WARN, "Failed to clear memory encryption mask 0x%#Lx+0x%x\n", FrameBufDesc->AddrRangeMin, FrameBufDesc->AddrLen));
+    }
+  }
+
   Mode->FrameBufferBase = FrameBufDesc->AddrRangeMin;
   Mode->FrameBufferSize = Info->HorizontalResolution * Info->VerticalResolution;
   Mode->FrameBufferSize = Mode->FrameBufferSize * ((ModeData->ColorDepth + 7) / 8);
diff --git a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf b/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
index affb6ff..83ea86c 100644
--- a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+++ b/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
@@ -60,6 +60,7 @@
   UefiBootServicesTableLib
   UefiDriverEntryPoint
   UefiLib
+  MemEncryptSevLib
 
 [Protocols]
   gEfiDriverSupportedEfiVersionProtocolGuid     # PROTOCOL ALWAYS_PRODUCED

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel