From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130772524779.127573593215; Tue, 21 Mar 2017 14:12:52 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 60514803FE; Tue, 21 Mar 2017 14:12:51 -0700 (PDT) Received: from mail-ot0-x243.google.com (mail-ot0-x243.google.com [IPv6:2607:f8b0:4003:c0f::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9D47E8036C for ; Tue, 21 Mar 2017 14:12:50 -0700 (PDT) Received: by mail-ot0-x243.google.com with SMTP id i1so23771064ota.3 for ; Tue, 21 Mar 2017 14:12:50 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id t64sm9222331otb.2.2017.03.21.14.12.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:12:49 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=z00WS5PDtCeLzzF533HQhxajYoAQQq+6GklawBjRjaI=; b=Lrhrb3NZu7/jgNhafM9mYEYIrur7LT4Ttid4qrypCWj3m4cgdnor5Mou9YihXPH0tZ YhMggAwmzjY+vyGKz75I1FkAGCWZhiLNV7KUG4pcY1sH3nQvj2BzlDGqyDCiJT1EOdcE g9SUN3IHJhKNQDSHco8Ofo1OV8JTA+n66zQ6hGBv8ot7SWWCrN/RHwLqdrcVKraYVDZY UMHGDauIhF5lJuV2B92q9So0UCGBYa6zD/JHvhyPsLO5PRrVuL9W2rraaMUD+2vBLQFW pm3mLQqCOGk+gdpNGy92kWuXVBUDV2OhSWWfsVanTmaU2x3LCwoVlwvwTqYrxt/zntFS Xv3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=z00WS5PDtCeLzzF533HQhxajYoAQQq+6GklawBjRjaI=; b=mCaF55G/74DatNJpZdZ8MFciq9F3u8LE1maaehs+9TkeH51wnBnGFf6al84Ao/Gwj0 7wToV6xDfbtUdxtYvpu1R88Ya/HClSpIL77MnkZelSzofQR5VDtJNyYmy9/t58cNWxkQ gXqT6/5gC+t9KrAlFSW6VJM+pfFymRtpGt8lga1AhkXa8LRgb0vhF9MkJ4hOVRlvG3Er 30y5Gr03IQ/uj2DAdD3DFvIkWp91mNUopW3ocrU1dcqlVPDQmme0RB6tgeEV+MMMp6sI P02IIqicdu12DDZR6GSFQhyNwh89PfTjnWLydsoH39WL204tCQJ/8D3wr12D9N+dpogM ILFw== X-Gm-Message-State: AFeK/H0GKZgLd1LuGWtf55+4stUBS4ICaGSvsnG58biJ7CG9qgtNYVVmSQvzvtAI+BpBzA== X-Received: by 10.157.17.52 with SMTP id g49mr23630487ote.222.1490130769954; Tue, 21 Mar 2017 14:12:49 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:12:49 -0400 Message-ID: <149013076888.27235.3173588515291478806.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 01/10] OvmfPkg/Include: Define SEV specific CPUID and MSR X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The patch defines AMD's Memory Encryption Information CPUID leaf (0x8000_00= 1F). The complete description for this CPUID leaf is available in APM volume 2 [= 1] Section 15.34 (Secure Encrypted Virtualization). [1] http://support.amd.com/TechDocs/24593.pdf Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Register/AmdSevMap.h | 133 ++++++++++++++++++++++++++++++= ++++ 1 file changed, 133 insertions(+) create mode 100644 OvmfPkg/Include/Register/AmdSevMap.h diff --git a/OvmfPkg/Include/Register/AmdSevMap.h b/OvmfPkg/Include/Registe= r/AmdSevMap.h new file mode 100644 index 0000000..de80f39 --- /dev/null +++ b/OvmfPkg/Include/Register/AmdSevMap.h @@ -0,0 +1,133 @@ +/** @file + +AMD Secure Encrypted Virtualization (SEV) specific CPUID and MSR definitio= ns + +The complete description for this CPUID leaf is available in APM volume 2 = (Section 15.34) +http://support.amd.com/TechDocs/24593.pdf + +Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __AMD_SEV_MAP_H__ +#define __AMD_SEV_MAP_H__ + +#pragma pack (1) + +#define CPUID_MEMORY_ENCRYPTION_INFO 0x8000001F + +/** + CPUID Memory Encryption support information EAX for CPUID leaf + #CPUID_MEMORY_ENCRYPTION_INFO. +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0] Secure Memory Encryption (Sme) Support + /// + UINT32 SmeBit:1; + + /// + /// [Bit 1] Secure Encrypted Virtualization (Sev) Support + /// + UINT32 SevBit:1; + + /// + /// [Bit 2] Page flush MSR support + /// + UINT32 PageFlushMsrBit:1; + + /// + /// [Bit 3] Encrypted state support + /// + UINT32 SevEsBit:1; + + /// + /// [Bit 4:31] Reserved + /// + UINT32 ReservedBits:28; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; +} CPUID_MEMORY_ENCRYPTION_INFO_EAX; + +/** + CPUID Memory Encryption support information EBX for CPUID leaf + #CPUID_MEMORY_ENCRYPTION_INFO. +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0:5] Page table bit number used to enable memory encryption + /// + UINT32 PtePosBits:6; + + /// + /// [Bit 6:11] Reduction of system physical address space bits when me= mory encryption is enabled + /// + UINT32 ReducedPhysBits:5; + + /// + /// [Bit 12:31] Reserved + /// + UINT32 ReservedBits:21; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; +} CPUID_MEMORY_ENCRYPTION_INFO_EBX; + +/** + Secure Encrypted Virtualization (SEV) status register + +**/ +#define MSR_SEV_STATUS 0xc0010131 + +/** + MSR information returned for #MSR_SEV_STATUS +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0] Secure Encrypted Virtualization (Sev) is enabled + /// + UINT32 SevBit:1; + + /// + /// [Bit 1] Secure Encrypted Virtualization Encrypted State (SevEs) is= enabled + /// + UINT32 SevEsBit:1; + + UINT32 Reserved:30; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; + /// + /// All bit fields as a 64-bit value + /// + UINT64 Uint64; +} MSR_SEV_STATUS_REGISTER; + +#endif _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130778791192.33235145852245; Tue, 21 Mar 2017 14:12:58 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 91AA5803FC; Tue, 21 Mar 2017 14:12:57 -0700 (PDT) Received: from mail-oi0-x241.google.com (mail-oi0-x241.google.com [IPv6:2607:f8b0:4003:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9131F8036C for ; Tue, 21 Mar 2017 14:12:56 -0700 (PDT) Received: by mail-oi0-x241.google.com with SMTP id a94so7280706oic.0 for ; Tue, 21 Mar 2017 14:12:56 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id d17sm9328502otd.11.2017.03.21.14.12.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:12:55 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=yAKU24hQV2lfymybX1+gVm+DNO7VBM6r9sKVoHpBNl4=; b=iv5/PwyNm18rpwr4Uhm3GDM0OcI2oDDsNXWb5DOHd7Z0QfUUHqAx1rEGxfJdDjTc+y z3CyZCfbABbvv+b4vBkgiRApL7GblMRGOVfZJqNkdIK6HHRickOsiaajedKurRevbItZ g0JyQ9n6Ro7N77D4P6DxhcK6gOTYICgTBt2aHXh++Av3eVtVLcD59JZ/NyD5JU7gCL03 8k7J+H86aIlERbawphqdWcE+EfqW1NMGW7yHa6A1rhLVHjeFoXllGosmwGc8ba7uiavZ yj8oSSI6HDe+egrtxKG553cDQ1l45L/TILdEYkJx65/KVe+zvG33ON9R74gGwaqxAhw6 TAPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=yAKU24hQV2lfymybX1+gVm+DNO7VBM6r9sKVoHpBNl4=; b=IgehMrqJXfdf4wPuUt5aKhJBTG3Lc77yu2+XhPG+pgEnsyTgVUH0zC9OvjKnHNj9k4 qdnlwMvS2SsrezlwLnqP3sgDJiNpZpcnV1FzeDXZUUHv12h6IB6dlWPOuaW5/BSh4btc xPRKLRmGv/hf+tGyw+bV9tKj1rvbe15zo+Dp+LwQn5fBpBZTacSpcaW90zBj+qLeHOv2 qAHCwEJzSDWYLnzMrGDTCyBbp8Kxm95sbgM4Ah1u6mS3VXmUQ+91E3ZkdHe/GPLMgw8I PXiGhW+qaE2Al/Z747stWcIFmK38j6DNph9zvNIz6PeGpgkUleEjcLcCXwLHwPFx1QLM TmPg== X-Gm-Message-State: AFeK/H1q6cN+rMky9nozLkrids97QRrbTc2eSOZ1/F9dYZT6/+O/SZAacCV6A2xk0Lv3jw== X-Received: by 10.202.45.205 with SMTP id t196mr19984993oit.171.1490130775869; Tue, 21 Mar 2017 14:12:55 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:12:55 -0400 Message-ID: <149013077498.27235.15379321048646409782.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 02/10] OvmfPkg/ResetVector: add memory encryption mask when SEV is enabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" SEV guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. The C-bit in PTE indicate whether the page is private or shared. The C-bit position for the PTE can be obtained from CPUID Fn8000_001F[EBX]. When SEV is active, the BIOS is pre-encrypted by the Qemu launch sequence, we must set the C-bit when building the page table for 64-bit or 32-bit PAE mode. Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 62 +++++++++++++++++++++++++= ++++ 1 file changed, 62 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6201cad..7083f6b 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -37,6 +37,47 @@ BITS 32 PAGE_READ_WRITE + \ PAGE_PRESENT) =20 +; Check if Secure Encrypted Virtualization (SEV) feature +; =20 +; If SEV is enabled, then EAX will contain Memory encryption bit position +; +CheckSevFeature: + xor eax, eax + + ; Check if we have a valid (0x8000_001F) CPUID leaf + mov eax, 0x80000000 + cpuid + cmp eax, 0x8000001f + jl NoSev + + ; Check for memory encryption feature: + ; CPUID Fn8000_001F[EAX] - Bit 1 + ; + mov eax, 0x8000001f + cpuid + bt eax, 1 + jnc NoSev + + ; Check if memory encryption is enabled + ; MSR_0xC0010131 - Bit 0 (SEV enabled) + ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) + mov ecx, 0xc0010131 + rdmsr + bt eax, 0 + jnc NoSev + + ; Get pte bit position to enable memory encryption + ; CPUID Fn8000_001F[EBX] - Bits 5:0 + ; + mov eax, ebx + and eax, 0x3f + jmp SevExit + +NoSev: + xor eax, eax + +SevExit: + OneTimeCallRet CheckSevFeature =20 ; ; Modified: EAX, ECX @@ -60,18 +101,38 @@ clearPageTablesMemoryLoop: mov dword[ecx * 4 + PT_ADDR (0) - 4], eax loop clearPageTablesMemoryLoop =20 + ; Check if its SEV-enabled Guest + ; + OneTimeCall CheckSevFeature + xor edx, edx + test eax, eax + jz SevNotActive + + ; If SEV is enabled, Memory encryption bit is always above 31 + mov ebx, 32 + sub ebx, eax + bts edx, eax + +SevNotActive: + + ; ; ; Top level Page Directory Pointers (1 * 512GB entry) ; mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (4)], edx =20 ; ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB) ; mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1004)], edx mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x100C)], edx mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1014)], edx mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x101C)], edx =20 ; ; Page Table Entries (2048 * 2MB entries =3D> 4GB) @@ -83,6 +144,7 @@ pageTableEntriesLoop: shl eax, 21 add eax, PAGE_2M_PDE_ATTR mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 ; _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130784947758.834784469766; Tue, 21 Mar 2017 14:13:04 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C3B3A8041F; Tue, 21 Mar 2017 14:13:03 -0700 (PDT) Received: from mail-ot0-x241.google.com (mail-ot0-x241.google.com [IPv6:2607:f8b0:4003:c0f::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C17D58036C for ; Tue, 21 Mar 2017 14:13:02 -0700 (PDT) Received: by mail-ot0-x241.google.com with SMTP id i50so14210125otd.0 for ; Tue, 21 Mar 2017 14:13:02 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id v16sm9376679otf.8.2017.03.21.14.13.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:01 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=f3/iLQIf7JokuvhIF44ldKgn/Y+KES7ocdXXeBIu70k=; b=NwnAZvWum2aHuw4llMLmed7KGb1t0voUkQKrX9G9YPbvyblxsYYrMCj2CDeVthKw1D ofB1V/DueXy4EZSJxfLthpyl7dw1RV7Kj84DPdKfco0pfSg4p8TCsBiElVZbzIW/vixf oScqwr3zUGm5q/xeCoIoQmGYZUDmQaEUfpzAcCoS7LDH8/tVQwcdutIa31oxgJ3/sQN/ /2iClFlOs2/cjxDzYtsPT470kVfd/vkQNRWGUvXYPDrAACKqLEHdEVw90lTI+ntNq46O lhHUlkrgWbBihkfcXCp0t6C4ljpFfIJ1Rh/BH9UtzP3VP5J7jiwd+D8/r1hmA4vxxTcz Mh4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=f3/iLQIf7JokuvhIF44ldKgn/Y+KES7ocdXXeBIu70k=; b=sxgzhO/V3YgTOQ48/MHQ6VIR24N3trEnIPSHAQWubQn2QgoUpNBkSdSb1sMAQNlUNf PdycWJjjPL185NaO9gWpX7ZzS7NzL9rcrzMu+JBujhDfNlHfDbDWKV1OTFHeKvCMBHt3 4akCHJf8mYw4ck/S6SJGSvE6WmSHCYpE9MhKF2DBLSeRC+D4LNkap+GkMqrWXajfIQUd Yoq4fWU+gXS+JMG45i6ojwmjX9gFmMLFgHiROtWqJd21yCyTmJ3lxlbkljzr7RGurwMP 8tGTrdgo0HZ68ZESn7AJ36hU0fASckFSDnCs5c/NKzkV77SLovi3I1utkNBRLSkOBtcS B4IQ== X-Gm-Message-State: AFeK/H0Yc6jhNLVuwFn3+tSyhfzuzehhkuzCjQN2QeZiH+L2G6kP43RQyfjE5By9k7yElg== X-Received: by 10.157.47.172 with SMTP id r41mr18090820otb.39.1490130782061; Tue, 21 Mar 2017 14:13:02 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:01 -0400 Message-ID: <149013078089.27235.18195163049694122262.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 03/10] OvmfPkg/PlatformPei: Add Secure Encrypted Virutualization (SEV) support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Initialize Secure Encrypted Virtualization support and set the memory encry= ption mask PCD. Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 3 + OvmfPkg/PlatformPei/AmdSev.c | 97 +++++++++++++++++++++++++++++++= ++++ OvmfPkg/PlatformPei/Platform.c | 1=20 OvmfPkg/PlatformPei/Platform.h | 5 ++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 + 7 files changed, 114 insertions(+) create mode 100644 OvmfPkg/PlatformPei/AmdSev.c diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 546cdf7..769251d 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -506,6 +506,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 383c8d3..3874c35 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -514,6 +514,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0b7533c..fe7f086 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -513,6 +513,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c new file mode 100644 index 0000000..7f05a9a --- /dev/null +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -0,0 +1,97 @@ +/**@file + Initialize Secure Encrypted Virtualization (SEV) support + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ +// +// The package level header files this module uses +// +#include + +#include +#include +#include +#include + +/** + + Function returns 'TRUE' when SEV is enabled otherwise FALSE + + **/ +STATIC +BOOLEAN +SevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Function checks if SEV support is available, if present then it updates + the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption m= ask. + + **/ +VOID +EFIAPI +AmdSevInitialize ( + VOID + ) +{ + UINT64 MeMask; + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + + // + // Check if SEV is enabled + // + if (!SevIsEnabled ()) { + return; + } + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + MeMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); + + // + // Set Memory Encryption Mask PCD + // + PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, MeMask); + + DEBUG ((EFI_D_INFO, "SEV support is enabled (mask 0x%lx)\n", MeMask)); +} diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index 77a8a16..49e6c66 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -667,6 +667,7 @@ InitializePlatform ( NoexecDxeInitialization (); } =20 + AmdSevInitialize (); MiscInitialization (); InstallFeatureControlCallback (); =20 diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h index 18f42c3..a7729b9 100644 --- a/OvmfPkg/PlatformPei/Platform.h +++ b/OvmfPkg/PlatformPei/Platform.h @@ -88,6 +88,11 @@ XenDetect ( VOID ); =20 +VOID +AmdSevInitialize ( + VOID + ); + extern BOOLEAN mXen; =20 VOID diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 53c6dd4..2cf4ac876 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -35,6 +35,7 @@ MemDetect.c Platform.c Xen.c + AmdSev.c =20 [Packages] IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec @@ -98,6 +99,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130793127648.2756429110741; Tue, 21 Mar 2017 14:13:13 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id EF51B80421; Tue, 21 Mar 2017 14:13:11 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E3EFF8036C for ; Tue, 21 Mar 2017 14:13:09 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id a94so7281302oic.0 for ; Tue, 21 Mar 2017 14:13:09 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id 38sm7961783oth.49.2017.03.21.14.13.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:08 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=jUTG50UsEgcmS80uw7AfxjNAxa8GO3e5IwdsF0JzROM=; b=t2EDp31dRUJOxHHZ0P3mgKhdwZ2wrK4Q9ujCeEi7VEWczlTeZjNXHyJnnfqoDHeq34 Ll++lA4HLw2plnszZucwUr8ujLjOoPM8z7OgOv2/fJFTJap83QhzDi/CPyn9Jh7TAXAp 8iEvdf3pEbQVK6y8lWPxE/PMNkH5rBGu14v1wrbp69iSDDsUjZX5m7JPiS9mKn81rvG2 NQFRUz0+xYCJBUqOxFMPvJkAlXfQ2IxoyW1Gm3EgC3aM49kzETPi1H1F0kHUe00wyf4x DR5LNJTPLnb6JVrp7M0jKf3inuXKbVY+z69jXsl45I3OtOkzCvweg1A+VyvYrhzSHbh0 zUgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=jUTG50UsEgcmS80uw7AfxjNAxa8GO3e5IwdsF0JzROM=; b=HR3h+QtcwZC62AOsTmn/+ASuiKdzp6VH4nmTcESDt5W9JTFmtfxbdovXgWavsksHIp aJbp62/rBFmD0uOlK8R1Ij0cSc1rArAa1RS2aSlkoFlzCujTN7HCEYe+O0GNQU0+1gh2 rAJ7jwMcuYLGae5gzYax4UT3tWfKv+/M23T9xSDDaH+1d0rPMNmXLVMRBw1L6ugSZJ4o mbgQYu1GPhOEfq/qt+9rs1QobiAu9vIiaElmXV5o5sUYfUd/ytPPyKg539hhU2qe9VSo BuZVy1yWlUk7s9hfsCzFPTYnXEo21i4a5zJXrOezRnC4cqFVNjyfoG5KDjaiCbkLVyZd l8Cg== X-Gm-Message-State: AFeK/H35Vt2W/ndI9YNe1z8jd62YjLWp5YUlf3TCPuLpMlZqtaZIkECAUWHL17khx0mq7g== X-Received: by 10.202.214.8 with SMTP id n8mr19960068oig.91.1490130788710; Tue, 21 Mar 2017 14:13:08 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:07 -0400 Message-ID: <149013078709.27235.16179070664669554073.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 04/10] OvmfPkg/BaseMemcryptSevLib: Add SEV helper library X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add Secure Encrypted Virtualization (SEV) helper library. The library provi= des the routines to set or clear memory encryption bit for a given memory region and functions to check whether SEV is enabled. Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 69 +++++ .../BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 46 +++ .../BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 124 ++++++++ .../BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 120 ++++++++ .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 304 ++++++++++++++++= ++++ .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 158 ++++++++++ OvmfPkg/OvmfPkgIa32.dsc | 1=20 OvmfPkg/OvmfPkgIa32X64.dsc | 1=20 OvmfPkg/OvmfPkgX64.dsc | 1=20 9 files changed, 824 insertions(+) create mode 100644 OvmfPkg/Include/Library/MemEncryptSevLib.h create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSev= Lib.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevL= ib.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h new file mode 100644 index 0000000..a9e9356 --- /dev/null +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -0,0 +1,69 @@ +/** @file + + Define Secure Encrypted Virtualization (SEV) base library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#ifndef __MEM_ENCRYPT_SEV_LIB_H_ +#define __MEM_ENCRYPT_SEV_LIB_H_ + +#include + +/** + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE When SEV is active + @retval FALSE When SEV is not enabled + **/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ); + +/** + This function clears memory encryption bit for the memory region specifi= ed by BaseAddress and + Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the start= address of a memory region. + @param[in] NumberOfPages The number of pages from start memory = region. + + @retval RETURN_SUCCESS The attributes were cleared for the me= mory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing memory encryption attribute i= s not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINT32 NumberOfPages + ); + +/** + This function sets memory encryption bit for the memory region specified= by BaseAddress and + Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the start= address of a memory region. + @param[in] NumberOfPages The number of pages from start memory = region. + + @retval RETURN_SUCCESS The attributes were set for the memory= region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing memory encryption attribute i= s not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevSetPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINT32 NumberOfPages + ); +#endif // __MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf = b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf new file mode 100644 index 0000000..c23261f --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf @@ -0,0 +1,46 @@ +## @file +# +# Copyright (c) 2017 Advanced Micro Devices. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the B= SD License +# which accompanies this distribution. The full text of the license may b= e found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +# +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D MemEncryptSevLib + FILE_GUID =3D c1594631-3888-4be4-949f-9c630dbc842b + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MemEncryptSevLib|PEIM DXE_DRIVER DXE_= RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[Sources.X64] + X64/MemEncryptSevLib.c + X64/VirtualMemory.c + +[Sources.IA32] + Ia32/MemEncryptSevLib.c + +[LibraryClasses] + BaseLib + DebugLib + MemoryAllocationLib + CacheMaintenanceLib diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c new file mode 100644 index 0000000..70fdd2e --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -0,0 +1,124 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "Uefi.h" +#include +#include +#include +#include +#include + +STATIC BOOLEAN SevStatus =3D FALSE; +STATIC BOOLEAN SevStatusChecked =3D FALSE; + +/** +=20 + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE When SEV is active + @retval FALSE When SEV is not enabled + **/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // If Status is already checked then return it + // + if (SevStatusChecked) { + return SevStatus; + } + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev is Enabled) + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + SevStatusChecked =3D TRUE; + + return FALSE; +} + +/** + This function clears memory encryption bit for the memory region specifi= ed by BaseAddress and + Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the sta= rt address of a memory region. + @param[in] NumberOfPages The number of pages from start memor= y region. + + @retval RETURN_SUCCESS The attributes were cleared for the = memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Setting the memory encyrption attrib= ute is not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINT32 NumberOfPages + ) +{ + // + // Memory encryption bit is not accessible in 32-bit mode + // + return RETURN_UNSUPPORTED; +} + +/** + This function sets memory encryption bit for the memory region specified= by BaseAddress and + Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the sta= rt address of a memory region. + @param[in] NumberOfPages The number of pages from start memor= y region. + + @retval RETURN_SUCCESS The attributes were cleared for the = memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Setting the memory encyrption attrib= ute is not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevSetPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINT32 NumberOfPages + ) +{ + // + // Memory encryption bit is not accessible in 32-bit mode + // + return RETURN_UNSUPPORTED; +} + diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c b/= OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c new file mode 100644 index 0000000..098acf2 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c @@ -0,0 +1,120 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "Uefi.h" +#include +#include +#include +#include +#include + +#include "VirtualMemory.h" + +STATIC BOOLEAN SevStatus =3D FALSE; +STATIC BOOLEAN SevStatusChecked =3D FALSE; + +/** + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE When SEV is active + @retval FALSE When SEV is not enabled + **/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // If Status is already checked then return it + // + if (SevStatusChecked) { + return SevStatus; + } + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + SevStatusChecked =3D TRUE; + + return FALSE; +} + +/** +=20 + This function clears memory encryption bit for the memory region specifi= ed by BaseAddress and + Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the sta= rt address of a memory region. + @param[in] NumberOfPages The number of pages from start memor= y region. + + @retval RETURN_SUCCESS The attributes were cleared for the = memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encryption attri= bute is not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINT32 NumPages + ) +{ + return Set_Memory_Decrypted (BaseAddress, NumPages * EFI_PAGE_SIZE); +} + +/** +=20 + This function clears memory encryption bit for the memory region specifi= ed by BaseAddress and + Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the sta= rt address of a memory region. + @param[in] NumberOfPages The number of pages from start memor= y region. + + @retval RETURN_SUCCESS The attributes were cleared for the = memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encryption attri= bute is not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevSetPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINT32 NumPages + ) +{ + return Set_Memory_Encrypted (BaseAddress, NumPages * EFI_PAGE_SIZE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c new file mode 100644 index 0000000..7acebf3 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c @@ -0,0 +1,304 @@ +/** @file +=20 + Virtual Memory Management Services to set or clear the memory encryption= bit + + References: + 1) IA-32 Intel(R) Architecture Software Developer's Manual Volume 1:Ba= sic Architecture, Intel + 2) IA-32 Intel(R) Architecture Software Developer's Manual Volume 2:In= struction Set Reference, Intel + 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:Sy= stem Programmer's Guide, Intel + +Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include "VirtualMemory.h" + +#include + +STATIC UINT64 AddressEncMask; + +typedef enum { + SetCBit, + ClearCBit +} MAP_RANGE_MODE; + +/** + Split 2M page to 4K. + + @param[in] PhysicalAddress Start physical address the 2M page= covered. + @param[in, out] PageEntry2M Pointer to 2M page entry. + @param[in] StackBase Stack base address. + @param[in] StackSize Stack size. + +**/ +STATIC +VOID +Split2MPageTo4K ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN OUT UINT64 *PageEntry2M, + IN EFI_PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + EFI_PHYSICAL_ADDRESS PhysicalAddress4K; + UINTN IndexOfPageTableEntries; + PAGE_TABLE_4K_ENTRY *PageTableEntry, *PageTableEntry1; + + PageTableEntry =3D AllocatePages(1); + + PageTableEntry1 =3D PageTableEntry; + + ASSERT (PageTableEntry !=3D NULL); + ASSERT (*PageEntry2M & AddressEncMask); + + PhysicalAddress4K =3D PhysicalAddress; + for (IndexOfPageTableEntries =3D 0; IndexOfPageTableEntries < 512; Index= OfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=3D SIZE_4KB) { + // + // Fill in the Page Table entries + // + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncMask; + PageTableEntry->Bits.ReadWrite =3D 1; + PageTableEntry->Bits.Present =3D 1; + if ((PhysicalAddress4K >=3D StackBase) && (PhysicalAddress4K < StackBa= se + StackSize)) { + // + // Set Nx bit for stack. + // + PageTableEntry->Bits.Nx =3D 1; + } + } + + // + // Fill in 2M page entry. + // + *PageEntry2M =3D (UINT64) (UINTN) PageTableEntry1 | IA32_PG_P | IA32_PG_= RW | AddressEncMask; +} + +/** + Split 1G page to 2M. + + @param[in] PhysicalAddress Start physical address the 1G page= covered. + @param[in, out] PageEntry1G Pointer to 1G page entry. + @param[in] StackBase Stack base address. + @param[in] StackSize Stack size. + +**/ +STATIC +VOID +Split1GPageTo2M ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN OUT UINT64 *PageEntry1G, + IN EFI_PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + EFI_PHYSICAL_ADDRESS PhysicalAddress2M; + UINTN IndexOfPageDirectoryEntries; + PAGE_TABLE_ENTRY *PageDirectoryEntry; + + PageDirectoryEntry =3D AllocatePages(1); + + ASSERT (PageDirectoryEntry !=3D NULL); + ASSERT (*PageEntry1G & AddressEncMask); + // + // Fill in 1G page entry. + // + *PageEntry1G =3D (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_= PG_RW | AddressEncMask; + + PhysicalAddress2M =3D PhysicalAddress; + for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries < 51= 2; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += =3D SIZE_2MB) { + if ((PhysicalAddress2M < StackBase + StackSize) && ((PhysicalAddress2M= + SIZE_2MB) > StackBase)) { + // + // Need to split this 2M page that covers stack range. + // + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + } else { + // + // Fill in the Page Directory entries + // + PageDirectoryEntry->Uint64 =3D (UINT64) PhysicalAddress2M | AddressE= ncMask; + PageDirectoryEntry->Bits.ReadWrite =3D 1; + PageDirectoryEntry->Bits.Present =3D 1; + PageDirectoryEntry->Bits.MustBe1 =3D 1; + } + } +} + + +STATIC VOID +SetOrClearCBit( + IN UINT64* PageTablePointer, + IN MAP_RANGE_MODE Mode + ) +{ + if (Mode =3D=3D SetCBit) { + *PageTablePointer |=3D AddressEncMask; + } else { + *PageTablePointer &=3D ~AddressEncMask; + } + +} + +STATIC +UINT64 +GetMemEncryptionAddressMask ( + VOID + ) +{ + UINT64 MeMask; + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + MeMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); + + return MeMask & PAGING_1G_ADDRESS_MASK_64; +} + +STATIC +EFI_STATUS +EFIAPI +Set_Memory_Enc_Dec ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN UINT64 Length, + IN MAP_RANGE_MODE Mode + ) +{ + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; + PAGE_MAP_AND_DIRECTORY_POINTER *PageUpperDirectoryPointerEntry; + PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry; + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; + PAGE_TABLE_ENTRY *PageDirectory2MEntry; + PAGE_TABLE_4K_ENTRY *PageTableEntry; + UINT64 PgTableMask; + + AddressEncMask =3D GetMemEncryptionAddressMask (); + + if (!AddressEncMask) { + return RETURN_ACCESS_DENIED; + } + + PgTableMask =3D AddressEncMask | EFI_PAGE_MASK; + + DEBUG ((EFI_D_VERBOSE, "Set memory range 0x%#Lx+0x%x (%s)\n", PhysicalAd= dress, Length, + Mode =3D=3D ClearCBit ? "unencrypted" : "encrypted")); + + if (Length =3D=3D 0) { + return EFI_INVALID_PARAMETER; + } + + // + // We are going to change the memory encryption attribute from C=3D0 -> = C=3D1 or vice versa + // Flush the caches to ensure that data is written into memory with corr= ect C-bit + // + WriteBackInvalidateDataCacheRange((VOID*) PhysicalAddress, Length); + + while (Length) + { + + PageMapLevel4Entry =3D (VOID*) (AsmReadCr3() & ~PgTableMask); + PageMapLevel4Entry +=3D PML4_OFFSET(PhysicalAddress); + if (!PageMapLevel4Entry->Bits.Present) { + DEBUG((DEBUG_WARN, "ERROR bad PML4 for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + + PageDirectory1GEntry =3D (VOID*) (PageMapLevel4Entry->Bits.PageTableBa= seAddress<<12 & ~PgTableMask); + PageDirectory1GEntry +=3D PDP_OFFSET(PhysicalAddress); + if (!PageDirectory1GEntry->Bits.Present) { + DEBUG((DEBUG_WARN, "ERROR bad PDPE for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + + // If the MustBe1 bit is not 1, it's not actually a 1GB entry + if (PageDirectory1GEntry->Bits.MustBe1) { + // Valid 1GB page + // If we have at least 1GB to go, we can just update this entry + if (!(PhysicalAddress & ((1<<30) - 1)) && Length >=3D (1<<30)) { + SetOrClearCBit(&PageDirectory1GEntry->Uint64, Mode); + DEBUG((DEBUG_VERBOSE, "Updated 1GB entry for %lx\n", PhysicalAddre= ss)); + PhysicalAddress +=3D 1<<30; + Length -=3D 1<<30; + } else { + // We must split the page + DEBUG((DEBUG_VERBOSE, "Spliting 1GB page\n")); + Split1GPageTo2M(((UINT64)PageDirectory1GEntry->Bits.PageTableBaseA= ddress)<<30, (UINT64*) PageDirectory1GEntry, 0, 0); + continue; + } + } else { + // Actually a PDP + PageUpperDirectoryPointerEntry =3D (PAGE_MAP_AND_DIRECTORY_POINTER*)= PageDirectory1GEntry; + PageDirectory2MEntry =3D (VOID*) (PageUpperDirectoryPointerEntry->Bi= ts.PageTableBaseAddress<<12 & ~PgTableMask); + PageDirectory2MEntry +=3D PDE_OFFSET(PhysicalAddress); + if (!PageDirectory2MEntry->Bits.Present) { + DEBUG((DEBUG_WARN, "ERROR bad PDE for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + // If the MustBe1 bit is not a 1, it's not a 2MB entry + if (PageDirectory2MEntry->Bits.MustBe1) { + // Valid 2MB page + // If we have at least 2MB left to go, we can just update this ent= ry + if (!(PhysicalAddress & ((1<<21)-1)) && Length >=3D (1<<21)) { + SetOrClearCBit(&PageDirectory2MEntry->Uint64, Mode); + DEBUG((DEBUG_VERBOSE, "Updated 2MB entry for %lx\n", PhysicalAdd= ress)); + PhysicalAddress +=3D 1<<21; + Length -=3D 1<<21; + } else { + // We must split up this page into 4K pages + DEBUG((DEBUG_VERBOSE, "Spliting 2MB page at %lx\n", PhysicalAddr= ess)); + Split2MPageTo4K(((UINT64)PageDirectory2MEntry->Bits.PageTableBas= eAddress) << 21, (UINT64*) PageDirectory2MEntry, 0, 0); + continue; + } + } else { + PageDirectoryPointerEntry =3D (PAGE_MAP_AND_DIRECTORY_POINTER*) Pa= geDirectory2MEntry; + PageTableEntry =3D (VOID*) (PageDirectoryPointerEntry->Bits.PageTa= bleBaseAddress<<12 & ~PgTableMask); + PageTableEntry +=3D PTE_OFFSET(PhysicalAddress); + if (!PageTableEntry->Bits.Present) { + DEBUG((DEBUG_WARN, "ERROR bad PTE for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + SetOrClearCBit(&PageTableEntry->Uint64, Mode); + DEBUG((DEBUG_VERBOSE, "Updated 4KB entry for %lx\n", PhysicalAddre= ss)); + PhysicalAddress +=3D EFI_PAGE_SIZE; + Length -=3D EFI_PAGE_SIZE; + } + } + } + + // + // Flush TLB + // + AsmWriteCr3(AsmReadCr3()); + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +Set_Memory_Decrypted ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN UINT64 Length + ) +{ + return Set_Memory_Enc_Dec (PhysicalAddress, Length, ClearCBit); +} + +EFI_STATUS +EFIAPI +Set_Memory_Encrypted ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN UINT64 Length + ) +{ + return Set_Memory_Enc_Dec (PhysicalAddress, Length, SetCBit); +} + diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h new file mode 100644 index 0000000..a556211 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h @@ -0,0 +1,158 @@ +/** @file +=20 + Virtual Memory Management Services to set or clear the memory encryption= bit + + References: + 1) IA-32 Intel(R) Architecture Software Developer's Manual Volume 1:Ba= sic Architecture, Intel + 2) IA-32 Intel(R) Architecture Software Developer's Manual Volume 2:In= struction Set Reference, Intel + 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:Sy= stem Programmer's Guide, Intel + +Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __VIRTUAL_MEMORY__ +#define __VIRTUAL_MEMORY__ + +#include +#include +#include +#include +#include +//#include +//#include + +#include +#define SYS_CODE64_SEL 0x38 + +#pragma pack(1) + +// +// Page-Map Level-4 Offset (PML4) and +// Page-Directory-Pointer Offset (PDPE) entries 4K & 2MB +// + +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Reserved:1; // Reserved + UINT64 MustBeZero:2; // Must Be Zero + UINT64 Available:3; // Available for use by system softw= are + UINT64 PageTableBaseAddress:40; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // No Execute bit + } Bits; + UINT64 Uint64; +} PAGE_MAP_AND_DIRECTORY_POINTER; + +// +// Page Table Entry 4KB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by= processor on access to page + UINT64 PAT:1; // + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PageTableBaseAddress:40; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, 1 =3D No Code= Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_4K_ENTRY; + +// +// Page Table Entry 2MB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by= processor on access to page + UINT64 MustBe1:1; // Must be 1=20 + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PAT:1; // + UINT64 MustBeZero:8; // Must be zero; + UINT64 PageTableBaseAddress:31; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, 1 =3D No Code= Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_ENTRY; + +// +// Page Table Entry 1GB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by= processor on access to page + UINT64 MustBe1:1; // Must be 1=20 + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PAT:1; // + UINT64 MustBeZero:17; // Must be zero; + UINT64 PageTableBaseAddress:22; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, 1 =3D No Code= Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_1G_ENTRY; + +#pragma pack() + +#define IA32_PG_P BIT0 +#define IA32_PG_RW BIT1 + +#define PAGETABLE_ENTRY_MASK ((1UL << 9) - 1)=20 +#define PML4_OFFSET(x) ( (x >> 39) & PAGETABLE_ENTRY_MASK)=20 +#define PDP_OFFSET(x) ( (x >> 30) & PAGETABLE_ENTRY_MASK)=20 +#define PDE_OFFSET(x) ( (x >> 21) & PAGETABLE_ENTRY_MASK)=20 +#define PTE_OFFSET(x) ( (x >> 12) & PAGETABLE_ENTRY_MASK)=20 +#define PAGING_1G_ADDRESS_MASK_64 0x000FFFFFC0000000ull + +EFI_STATUS +EFIAPI +Set_Memory_Decrypted ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN UINT64 Length + ); + +EFI_STATUS +EFIAPI +Set_Memory_Encrypted ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN UINT64 Length + ); + +#endif diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 769251d..c2821b7 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -126,6 +126,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 3874c35..1dd8064 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -131,6 +131,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index fe7f086..06bee32 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -131,6 +131,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130798324328.7323431193695; Tue, 21 Mar 2017 14:13:18 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 2A75280466; Tue, 21 Mar 2017 14:13:17 -0700 (PDT) Received: from mail-ot0-x244.google.com (mail-ot0-x244.google.com [IPv6:2607:f8b0:4003:c0f::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4D44C8046C for ; Tue, 21 Mar 2017 14:13:15 -0700 (PDT) Received: by mail-ot0-x244.google.com with SMTP id i50so14210491otd.0 for ; Tue, 21 Mar 2017 14:13:15 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j28sm3963685ota.28.2017.03.21.14.13.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:14 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=y1qUqxckX/nPgujWH0XaanLWUjK0fr81D3VHuOTUHk8=; b=nZdjkZLoGAMiU2RqbenaxLPHWzazn0Hw3TxuD8DEb25Eb36+tw6YETsLYJbRp095+x 5L9UbPuWb1WmbxwBgiax+Y2ckjcnIGo93D4B3f+LhB8e48a0dVJ/GhQ+ZBh5QVG+RfRP Xl3tmWh4FY+myJrjiUpiPQXxBNYWlj/1tEsrhuJyigwIOLHOrhBeq3xNoMapfG/szj6H 4FgLaz6ybgvY09PGvGFDIKezHYSoLnf8BfvhtDn87/V0soXmAVsguNFtASdKVIp+OV4p 3QOHS5LlrZ9ibYa33DENPa98jgHMIHFBb94LWIKZpNSsixE7RJsYrOzLmVjZmGCneS3+ Z2Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=y1qUqxckX/nPgujWH0XaanLWUjK0fr81D3VHuOTUHk8=; b=se11VvqufAbfF9ni18EKpQmY/HUFrJU7F7d1na+hUf4pWA5gAcYkVrUJ3JMLDoZWAd Qc8BceBGxE0DgFs3LhQrX+qIz1zG43JWYJBDeKSYP1sMgTnI1osxQL66BdCMcgPYnX7P ZIKQ78kcLIz19vbCmSPNzk3c6sqsg8vKtqunLC52L8zFdNH/5MdR0uu/d9T6dam40D/b lIxVeDghkRwwAM3dSBId/WiiUfLseCD2AtEoaJt6CrJipHuzsKvGP/IHLUV9WrerjnJ/ neJ8ldVJkA/JszEVvCDe36rCBVvelG7iuLD/k1hvY48r3NzhVwGBLSuUgx9db4ios+d/ za6g== X-Gm-Message-State: AFeK/H1PnmrliTEZG+BoOO748MDMw1mzkxdLlQIX950zVTHrVkC30tDEuoRO9z8SnKLpew== X-Received: by 10.157.11.20 with SMTP id a20mr21953770ota.8.1490130794651; Tue, 21 Mar 2017 14:13:14 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:13 -0400 Message-ID: <149013079373.27235.12262520396531103034.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 05/10] OvmfPkg/DxeBmDmaLib: Import DxeBmDmaLib package X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Import DxeBmDmaLib package in OvmfPkg, we need to modify the package to include SEV support. The BmDmaLib is proposed by Leo Duran https://lists.01.org/pipermail/edk2-devel/2017-March/008109.html Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/BmDmaLib.h | 0=20 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 0=20 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 0=20 OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- 6 files changed, 3 insertions(+), 3 deletions(-) copy MdeModulePkg/Include/Library/BmDmaLib.h =3D> OvmfPkg/Include/Library/= BmDmaLib.h (100%) copy MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.c =3D> OvmfPkg/Library/D= xeBmDmaLib/DxeBmDmaLib.c (100%) copy MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf =3D> OvmfPkg/Library= /DxeBmDmaLib/DxeBmDmaLib.inf (100%) diff --git a/MdeModulePkg/Include/Library/BmDmaLib.h b/OvmfPkg/Include/Libr= ary/BmDmaLib.h similarity index 100% copy from MdeModulePkg/Include/Library/BmDmaLib.h copy to OvmfPkg/Include/Library/BmDmaLib.h diff --git a/MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Libra= ry/DxeBmDmaLib/DxeBmDmaLib.c similarity index 100% copy from MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.c copy to OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c diff --git a/MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Lib= rary/DxeBmDmaLib/DxeBmDmaLib.inf similarity index 100% copy from MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf copy to OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index c2821b7..58d6c3d 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -91,7 +91,7 @@ UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - BmDmaLib|MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf + BmDmaLib|OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 1dd8064..ac2ef24 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -96,7 +96,7 @@ UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - BmDmaLib|MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf + BmDmaLib|OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 06bee32..799f9e1 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -96,7 +96,7 @@ UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - BmDmaLib|MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf + BmDmaLib|OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130803496225.34186847892158; Tue, 21 Mar 2017 14:13:23 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 5F82180471; Tue, 21 Mar 2017 14:13:22 -0700 (PDT) Received: from mail-oi0-x243.google.com (mail-oi0-x243.google.com [IPv6:2607:f8b0:4003:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5750E8036C for ; Tue, 21 Mar 2017 14:13:21 -0700 (PDT) Received: by mail-oi0-x243.google.com with SMTP id w81so7267320oig.1 for ; Tue, 21 Mar 2017 14:13:21 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id c55sm9338536otd.31.2017.03.21.14.13.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:20 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=cnd+pYf9UwW4ymtjGp91LzLEiJZpH5ucyNkioMsxsUQ=; b=h1zqV2Jm8d658ghguSaabLskA8zBrWQNihAV4lkufmPTZToRvXu0FjAotyw5MWVVMH 3chfgn5eP09vd8oxWzOMV7/OjEamzpo15PbCluG7Aivc9Lq182MoDA3LdhJIsqdSu/g7 s0shu+YHiF1BGXO6jGCDwl0PaVMcFRQEA+xbDOAaYMNhKyPhYVgReOFHWhxCvlBVPn4u AxBt3L8l18o36Wn1qBC1fBemmwWJglaXLWE+ZfEKMiKymCuGnD8CYGPpV3PMkrkjiRJf vwBrdA4GUePXo9Jo2Toe2PiBkN/4fy+DuCQAuVIeCPJJFYmU5Hb7w8iJONz998AhmP6a /tPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=cnd+pYf9UwW4ymtjGp91LzLEiJZpH5ucyNkioMsxsUQ=; b=j/d4W6JdEcfcsqD4qsIx5eBZEhDZtAQU5HHC3LCC/oOBGncAws2mHeBFoRiGmMsNc2 e2DEEQ8hM0+oAiqr9UpImk8TsLWuA73gzH/moDjjteR27vy8+6NeMoYb2enlLCRlTIg/ cXRM0OqKsIPtPq32vxw54iUJw4jqPWJz6vPNp8DRS4a6SYo6lQbhi7VHeum7hX1313c0 8IYBJNfWHc7HQGboZOzG5Lun2FvJqWp/+x7mK6rDMxuHj7SNpxhSw1EVYVZ6ow6p0C/U xwoWGo6GnNOoJRpZWM1zaqHEjaFPxMyFZZ6zhwwUE8hj4AHDGxWU1KPrOhg74KRFCUNr okTA== X-Gm-Message-State: AFeK/H25+PjltNrq/sYmEbeoHT5seqhAIMTjw8KpGwO+y5ClAOCbrE1wIC40geGTZnSv+w== X-Received: by 10.202.79.84 with SMTP id d81mr20379331oib.129.1490130800751; Tue, 21 Mar 2017 14:13:20 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:19 -0400 Message-ID: <149013079967.27235.18127368697377544049.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 06/10] OvmfPkg/DxeBmDmaLib: Fix AllocateBounceBuffer parameter X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The patch fixes AllocateBounceBuffer parameters. Signed-off-by: Brijesh Singh --- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/Dx= eBmDmaLib/DxeBmDmaLib.c index a342c9e..0d960a8 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c @@ -192,8 +192,8 @@ BmDmaMap ( } =20 return AllocateBounceBuffer (=20 - Operation, FORCE_BELOW_4GB_TRUE, =20 + Operation, PhysicalAddress, NumberOfBytes, DeviceAddress, _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130809865149.994109565675; Tue, 21 Mar 2017 14:13:29 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 8F519803F9; Tue, 21 Mar 2017 14:13:28 -0700 (PDT) Received: from mail-ot0-x244.google.com (mail-ot0-x244.google.com [IPv6:2607:f8b0:4003:c0f::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8D0BD8036C for ; Tue, 21 Mar 2017 14:13:27 -0700 (PDT) Received: by mail-ot0-x244.google.com with SMTP id y88so670546ota.1 for ; Tue, 21 Mar 2017 14:13:27 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id 63sm9281622oty.57.2017.03.21.14.13.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:26 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=; b=pvQGqlgRvAwfZHXkJ+kxCOyzPlMGKWAOLuw/ttXWOBcoYEl+XwSRFC/Igq8HzTKlfB NtdvMJefahi2kmq75oY0nI8XhkYC+xrTu9uSMZNmw1CwmuXzONRh4QEjwrqIl5F9aPcH 7FOBRYti7Lacl0U4NABLTBghzx3ltiMKEIf0Ln/90ixXaYIvLOcdnFq1cxTbd7jSU3Q2 npPWKCdo8+7aaXllzSp2y8UzaFpVN7GZoL65nmLlmqQMQj4Ovqoiqpo8aB+CWhnQQZ3M WHRt3E0kgkAPLhwoUTmjad0RJ3zHiVquKxK1xWsCk8/+LcciMVuhYiffuB4LaButH8Tp qSMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=; b=Jl8Nd97mKi2tsXJ+rCPNOKjFeG4ua9jk+ua947TWmbZlynHPRM27zVtRuA7ISeLdLq FRny0Fn5QyUSa6S9JUX2izkbJhB52zrHqLEgHocUKqk8SteSe+XmmWwR6mMfv4G+32Mg uVhQ5ctYfGIBPZ8QV0Ng8PxAGF38oRaFtTz3lbnxjFH35CAgESYhsWYRdy24ffVgEN1y zAmUPv32fxPf+R3GKvaY5mO0qx7KkqqyR6SGm3rMjRiIxTut2tI8kIslg8wp/KJkjTom NDvRXu2K9zm7CxCY+A+qNvDGPAxCg+b3GdFPHzo9WrDjHY5Odr99iWLne7atAThDw0DQ FTag== X-Gm-Message-State: AFeK/H2AXS7O4lM0lrGUCtFeKgxHHzQWkUtkP1Sgy4ITwr7ldO6PJjxUnkI0SrQQjdKlFg== X-Received: by 10.157.80.30 with SMTP id a30mr22353256oth.219.1490130806897; Tue, 21 Mar 2017 14:13:26 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:25 -0400 Message-ID: <149013080578.27235.9783953356246180002.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 07/10] OvmfPkg/BmDmaLib: Add SEV support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When SEV is enabled, the DMA operations must be performed on a shared (i.e unencrypted) pages. The patch adds SEV specific hooks to use the bounce buffer when caller map/unmap host address to a DMA address and similarly clears/set memory encryption attribute when caller allocates or free the DMA pages. Signed-off-by: Brijesh Singh --- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 60 +++++++++++++++++++++++= ++++ OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 3 + 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/Dx= eBmDmaLib/DxeBmDmaLib.c index 0d960a8..39814cc 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c @@ -25,6 +25,7 @@ #include #include #include +#include =20 =20 #define FORCE_BELOW_4GB_TRUE TRUE @@ -100,6 +101,15 @@ AllocateBounceBuffer ( } =20 // + // Clear C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, = MapInfo->NumberOfPages); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. @@ -170,6 +180,23 @@ BmDmaMap ( =20 PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <=3D SIZE_4GB) { + + // + // When SEV is enabled the DMA operation must be performed on shared p= ages. We force to use the + // bounce buffer path which will take care of allocating shared Dma bu= ffers mapping + // + if (MemEncryptSevIsEnabled () && + (Operation =3D=3D DmaOperationBusMasterRead || Operation =3D=3D Dm= aOperationBusMasterWrite)) { + return AllocateBounceBuffer ( + FORCE_BELOW_4GB_FALSE, + Operation, + PhysicalAddress, + NumberOfBytes, + DeviceAddress, + Mapping + ); + } + // // If we CAN handle DMA above 4GB or the transfer is below 4GB, // the DeviceAddress is simply the HostAddress @@ -218,7 +245,8 @@ BmDmaUnmap ( IN VOID *Mapping ) { - MAP_INFO *MapInfo; + MAP_INFO *MapInfo; + EFI_STATUS Status; =20 // // Check for invalid inputs @@ -251,6 +279,17 @@ BmDmaUnmap ( } =20 // + // When SEV is enabled then Dma buffer allocate by bounce buffer have C-= bit cleared, + // restore the C-bit before we release the resources + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, Ma= pInfo->NumberOfPages); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + + // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); @@ -322,8 +361,15 @@ BmDmaAllocateBuffer ( ); if (!EFI_ERROR (Status)) { *HostAddress =3D (VOID *) (UINTN) PhysicalAddress; + // + // Clear C-bit on Dma pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevClearPageEncMask (PhysicalAddress, Pages); + } } =20 + return Status; } =20 @@ -346,6 +392,18 @@ BmDmaFreeBuffer ( IN UINTN Pages ) { + EFI_STATUS Status; + + // + // Restore the C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); } =20 diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/= DxeBmDmaLib/DxeBmDmaLib.inf index 4ddb27d..fb97caa 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf @@ -29,6 +29,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec =20 [LibraryClasses] BaseLib @@ -37,5 +38,5 @@ DxeServicesTableLib MemoryAllocationLib UefiBootServicesTableLib - + MemEncryptSevLib =20 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130815971147.4022071059053; Tue, 21 Mar 2017 14:13:35 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C052D803FB; Tue, 21 Mar 2017 14:13:34 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C98EF8036C for ; Tue, 21 Mar 2017 14:13:33 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id w81so7267628oig.1 for ; Tue, 21 Mar 2017 14:13:33 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id q4sm9356324otc.12.2017.03.21.14.13.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:32 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=oneTkcXtCSFdQNcp4NYQvWgSmQOUalUGXE3OsIVU4So=; b=vHoCJO1FZfcXTlaUTnlXh6BI3Z6qKjHL+0lh9SA+gHjN0uevpYNupWh9fR04MGWlyt gzwcuSiRVndWY8GrbfvnLxXHgh9hYM259Y/GtjO6Dhlu6zJ+fpKbsmO5hd4zY87ey8wd IC7CXTAOj3mIbUbUxTZXv5bXGNaVzb/tSQU2ti9K1xDCQg3D0wBjFaSSh8G0piuK0jVT ufUa5t8gjHIxeJ09+5XaUJs4vt73/chx9LhBr95lbSbTOIGd5ldRcCaGv+7xZd/8B2Ck 8xB4IcAP3oHLJQXDnfQ60BW1IXgcWgh/zbgIjoNHzt2/AkFh6EgqFnhx+o4g/a2s0ZR7 laQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=oneTkcXtCSFdQNcp4NYQvWgSmQOUalUGXE3OsIVU4So=; b=lmPiivxpZFEVfCDJLNLJp/7h6rpUnwYr1b9wbbFWbz6FZ8U4hgsNXWRGuF9q7SSysU +F2SKXTZLoXwYnnBVvSVG5KU3oVjSy4l332OY+nPOd6bAd+zPAlzyAWWtBbomomRSf3V BMnM2z+cCOjrinNJkAka6dISCFFLJDpNoHWqIlnmqW0vVP12CsuWSB+MDoGfGTXBAxWZ SeyZxlIG6ebxbJo9ofQRiZVqMK+3VWqTd8+py5TKBV+3c1M4pKMZEO7+dt2LnAkyofVe 8SZR8IG8UQSzxu64nuD+Xc78rhq/z2B7SJRSisqeF6vWizGVkXwVsKgYODBWnwvaWpjo Z3gg== X-Gm-Message-State: AFeK/H2CzHwe9wpW2ySXhbsHCn5dlTljb7+JpKTnPxFtgUjHk6AECIREQllE4vUl1XzL3A== X-Received: by 10.202.214.79 with SMTP id n76mr19753087oig.142.1490130813081; Tue, 21 Mar 2017 14:13:33 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:32 -0400 Message-ID: <149013081192.27235.13722863442539159018.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 08/10] OvmfPkg/QemuFwCfgLib: Provide Pei and Dxe specific library support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Current QemuFwCfgLib.inf is used in both Pei and Dxe phases. The patch adds Pei and Dxe inf file to provide a seperate QemuFwCfg library for Pei and Dxe phases. There is no code change in this patch other than rearranging the fi= les and updating inf files. The patch is precursor to add SEV support in QemuFwCfgLib, When SEV guest is enabled then in Pei phase we support IO operation but in Dxe phase we can support both IO and DMA operations. Signed-off-by: Brijesh Singh --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 0=20 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 6 +++--- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 0=20 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 6 +++--- OvmfPkg/OvmfPkgIa32.dsc | 4 +++- OvmfPkg/OvmfPkgIa32X64.dsc | 4 +++- OvmfPkg/OvmfPkgX64.dsc | 4 +++- 7 files changed, 15 insertions(+), 9 deletions(-) copy OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgPeiDxe.c =3D> QemuFwCfgDxe.c} = (100%) copy OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf =3D> QemuFwCfgDxeLib.i= nf} (83%) rename OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgPeiDxe.c =3D> QemuFwCfgPei.c= } (100%) rename OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf =3D> QemuFwCfgPeiLib= .inf} (83%) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c b/OvmfPkg/Libra= ry/QemuFwCfgLib/QemuFwCfgDxe.c similarity index 100% copy from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c copy to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/OvmfPkg/Librar= y/QemuFwCfgLib/QemuFwCfgDxeLib.inf similarity index 83% copy from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf copy to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf index 6894760..346bb88 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf @@ -19,10 +19,10 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D QemuFwCfgLib - FILE_GUID =3D fdd53716-31e1-4acc-9007-8bd5d877c96f + FILE_GUID =3D 80474090-55e7-4c28-b25c-9f236ba41f28 MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D QemuFwCfgLib|PEIM DXE_DRIVER DXE_RUNT= IME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS =3D QemuFwCfgLib|DXE_DRIVER DXE_RUNTIME_D= RIVER DXE_SMM_DRIVER =20 CONSTRUCTOR =3D QemuFwCfgInitialize =20 @@ -35,7 +35,7 @@ [Sources] QemuFwCfgLibInternal.h QemuFwCfgLib.c - QemuFwCfgPeiDxe.c + QemuFwCfgDxe.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c b/OvmfPkg/Libra= ry/QemuFwCfgLib/QemuFwCfgPei.c similarity index 100% rename from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c rename to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/OvmfPkg/Librar= y/QemuFwCfgLib/QemuFwCfgPeiLib.inf similarity index 83% rename from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf rename to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf index 6894760..4f966a8 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf @@ -19,10 +19,10 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D QemuFwCfgLib - FILE_GUID =3D fdd53716-31e1-4acc-9007-8bd5d877c96f + FILE_GUID =3D ddd4f5f0-5304-42a8-9efa-d14bf11a3533 MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D QemuFwCfgLib|PEIM DXE_DRIVER DXE_RUNT= IME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS =3D QemuFwCfgLib|PEIM =20 CONSTRUCTOR =3D QemuFwCfgInitialize =20 @@ -35,7 +35,7 @@ [Sources] QemuFwCfgLibInternal.h QemuFwCfgLib.c - QemuFwCfgPeiDxe.c + QemuFwCfgPei.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 58d6c3d..3e94295 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -123,7 +123,7 @@ DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf - QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf @@ -216,6 +216,7 @@ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf !endif PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.PEIM] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf @@ -240,6 +241,7 @@ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE= xceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index ac2ef24..0b22229 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -128,7 +128,7 @@ DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf - QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf @@ -221,6 +221,7 @@ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf !endif PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.PEIM] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf @@ -245,6 +246,7 @@ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE= xceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 799f9e1..01f3803 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -128,7 +128,7 @@ DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf - QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf @@ -221,6 +221,7 @@ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf !endif PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.PEIM] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf @@ -245,6 +246,7 @@ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE= xceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130822080643.4525399007956; Tue, 21 Mar 2017 14:13:42 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id F0E8F803FC; Tue, 21 Mar 2017 14:13:40 -0700 (PDT) Received: from mail-ot0-x243.google.com (mail-ot0-x243.google.com [IPv6:2607:f8b0:4003:c0f::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DCFB6803FC for ; Tue, 21 Mar 2017 14:13:39 -0700 (PDT) Received: by mail-ot0-x243.google.com with SMTP id i1so23772470ota.3 for ; Tue, 21 Mar 2017 14:13:39 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id t69sm9158623ota.25.2017.03.21.14.13.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:38 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=tIgw/P6bsU+YyZ6eaBqinBwlUfy5ZrVli/6wByl7zOo=; b=dGdGyyCFzBP6AXA19n61VCrBmtUmUTXSTvCVlemnwgB07s8M99so9oW+8/PTQpkIF0 WCpm5jr26SoHqN6Yi0i8hfX47+9xbkR5sbl5v3+nQMKsrdTUjg0jzATdlZBQiP03WBFi SoQ+hVJ5bFtuckurCScgYz2sdTK5W69AjXQT4Gmb80W62aLNj5xrqXOv7/Z7tjJgFHCB A/wQaP1wFFWq34tVPQnvtxPjxe0gfnN49jO1iU9WS3eBVfEBYlOxWWw1eXrJi4ggrnQZ /jbxRhp1bJh0Il7Z+t0fQTDtjU0VRZ+0whP27EfkqJ7/Aix+qsmRbVF0xpJd4Wu8bKAo uPQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=tIgw/P6bsU+YyZ6eaBqinBwlUfy5ZrVli/6wByl7zOo=; b=niKg4/L5pnzMVlM8Ivo20ZNMk83yt8z4uwxTxvS3DtGLXVo+eSxXc7pu3NoRtkv5zX aIGPD2oJtSWeqG1ayXnJRH5eF6SDC3vtl+dQs3j+x3/ZhosishC9Cyal3RQhlxFGZp9j ASYLRxbo2nW96kDzPbLbYxKcnynnuHK8Fh93Cx8jhGcm7YyEfFaTz2NfkoG4k3RAVR4r tpe8W4JAOTRqf53/4DNGFqsxjnO8pEllAuoLYtOZSkEufZNq3d7FKmigTrt1O9a51uDs MqvuRPTJ86QIAWUXix5KIeR+Wq3RGrTZMiWh+V5St6UC9hjYkc+EPYYMs/heEpxvGro6 Qe4A== X-Gm-Message-State: AFeK/H1Nwh/0bDSrXcaAdFxrG9j84Jxujbqy0iutzlmG9PBye8dEHJaDIxjApxHixa0PPw== X-Received: by 10.157.11.20 with SMTP id a20mr21954989ota.8.1490130819065; Tue, 21 Mar 2017 14:13:39 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:38 -0400 Message-ID: <149013081810.27235.18159090697032608822.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 09/10] OvmfPkg/QemuFwCfgLib: Add Secure Encrypted Virtualization (SEV) support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The patch adds SEV support in QemuFwCfgLib. When SEV is enabled: * Pei phase support IO-style operations. This is mainly because we need to use a bounce buffer inorder to support DMA operation. Allocate a memory for bounce buffer can get painful in Pei phase hence if we detect FWCfg = DMA support then silently fallback to IO. * Dxe phase supports both IO and DMA style operations. --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 73 +++++++++++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 2=20 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c | 112 ++++++++++++++++= ++++ .../Library/QemuFwCfgLib/QemuFwCfgLibInternal.h | 38 +++++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 93 +++++++++++++++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 2=20 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c | 82 +++++++++++++++ 7 files changed, 402 insertions(+) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgDxe.c index ac05f4c..be8e945 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c @@ -4,6 +4,7 @@ =20 Copyright (C) 2013, Red Hat, Inc. Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this @@ -14,14 +15,34 @@ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ =20 +#include "Uefi.h" + +#include #include #include +#include +#include +#include =20 #include "QemuFwCfgLibInternal.h" =20 STATIC BOOLEAN mQemuFwCfgSupported =3D FALSE; STATIC BOOLEAN mQemuFwCfgDmaSupported; +STATIC BOOLEAN mQemuFwCfgSevIsEnabled =3D FALSE; + +/** + Returns a boolean indicating whether the SEV is enabled =20 + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ) +{ + return mQemuFwCfgSevIsEnabled; +} =20 /** Returns a boolean indicating if the firmware configuration interface @@ -79,6 +100,9 @@ QemuFwCfgInitialize ( mQemuFwCfgDmaSupported =3D TRUE; DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n")); } + + mQemuFwCfgSevIsEnabled =3D MemEncryptSevIsEnabled (); + return RETURN_SUCCESS; } =20 @@ -114,3 +138,52 @@ InternalQemuFwCfgDmaIsAvailable ( { return mQemuFwCfgDmaSupported; } + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ) +{ + EFI_STATUS Status; + + // + // Allocate DMA bounce buffer + // + Status =3D BmDmaAllocateBuffer (TRUE, EfiBootServicesData, NumPages, Buf= fer); + if (EFI_ERROR(Status)) { + DEBUG ((EFI_D_ERROR, "SEV: Failed to allocate bounce buffer %d pages\n= ", NumPages)); + ASSERT_EFI_ERROR (Status); + CpuDeadLoop (); + } + + DEBUG ((EFI_D_VERBOSE, "QemuFwCfgSevDma allocate buffer 0x%Lx Pages %d\n= ", (UINTN)Buffer, NumPages)); +} + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ) +{ + // + // Free the bounce buffer + // + DEBUG ((EFI_D_VERBOSE, "QemuFwCfgSevDma free buffer 0x%Lx Pages %d\n", (= UINTN)Buffer, NumPages)); + BmDmaFreeBuffer (Buffer, NumPages); +} + diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf b/OvmfPkg/Lib= rary/QemuFwCfgLib/QemuFwCfgDxeLib.inf index 346bb88..536887f 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf @@ -47,4 +47,6 @@ DebugLib IoLib MemoryAllocationLib + MemEncryptSevLib + BmDmaLib =20 diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgLib.c index 1bf725d..d2560a3 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c @@ -47,6 +47,111 @@ QemuFwCfgSelectItem ( =20 =20 /** + Transfer an array of bytes, or skip a number of bytes, using the SEV DMA= bounce + interface. The function is same as InternalQemuFwCfgDmaBytes with excpet= ion that + it uses bounce buffer + + @param[in] Size Size in bytes to transfer or skip. + + @param[in,out] HostBuffer Buffer to read data into or write data from. I= gnored, + and may be NULL, if Size is zero, or Control is + FW_CFG_DMA_CTL_SKIP. + + @param[in] Control One of the following: + FW_CFG_DMA_CTL_WRITE - write to fw_cfg from Buff= er. + FW_CFG_DMA_CTL_READ - read from fw_cfg into Buf= fer. + FW_CFG_DMA_CTL_SKIP - skip bytes in fw_cfg. +**/ +VOID +InternalQemuFwCfgSevDmaBytes ( + IN UINT32 Size, + IN OUT VOID *HostBuffer OPTIONAL, + IN UINT32 Control + ) +{ + volatile FW_CFG_DMA_ACCESS *Access; + UINT32 AccessHigh, AccessLow; + UINT32 Status; + UINT32 NumPages; + VOID *DmaBuffer, *Buffer; + + // + // Calculate number of pages we need to allocate for this operation + // + if (Control =3D=3D FW_CFG_DMA_CTL_SKIP) { + // + // Control data does not need the actual buffer + // + NumPages =3D EFI_SIZE_TO_PAGES (sizeof (*Access)); + } else { + NumPages =3D EFI_SIZE_TO_PAGES (sizeof (*Access) + Size); + } + + // + // Allocate DMA bounce buffer + // + InternalQemuFwCfgSevDmaAllocateBuffer (NumPages, &DmaBuffer); + + Access =3D (FW_CFG_DMA_ACCESS *)DmaBuffer; + Buffer =3D DmaBuffer + sizeof(*Access); + + Access->Control =3D SwapBytes32 (Control); + Access->Length =3D SwapBytes32 (Size); + Access->Address =3D SwapBytes64 ((UINTN)Buffer); + + // + // Copy data from Host buffer into DMA buffer + // + if (HostBuffer && (Control =3D=3D FW_CFG_DMA_CTL_WRITE)) { + CopyMem (Buffer, HostBuffer, Size); + } + + // + // Delimit the transfer from (a) modifications to Access, (b) in case of= a + // write, from writes to Buffer by the caller. + // + MemoryFence (); + + // + // Start the transfer. + // + AccessHigh =3D (UINT32)RShiftU64 ((UINTN)Access, 32); + AccessLow =3D (UINT32)(UINTN)Access; + IoWrite32 (FW_CFG_IO_DMA_ADDRESS, SwapBytes32 (AccessHigh)); + IoWrite32 (FW_CFG_IO_DMA_ADDRESS + 4, SwapBytes32 (AccessLow)); + + // + // Don't look at Access->Control before starting the transfer. + // + MemoryFence (); + + // + // Wait for the transfer to complete. + // + do { + Status =3D SwapBytes32 (Access->Control); + ASSERT ((Status & FW_CFG_DMA_CTL_ERROR) =3D=3D 0); + } while (Status !=3D 0); + + // + // After a read, the caller will want to use Buffer. + // + MemoryFence (); + + // + // Copy data from DMA buffer into Host Buffer + // + if (HostBuffer && (Control =3D=3D FW_CFG_DMA_CTL_READ)) { + CopyMem (HostBuffer, Buffer, Size); + } + + // + // Free the DMA bounce buffer + // + InternalQemuFwCfgSevDmaFreeBuffer (DmaBuffer, NumPages); +} + +/** Transfer an array of bytes, or skip a number of bytes, using the DMA interface. =20 @@ -79,6 +184,13 @@ InternalQemuFwCfgDmaBytes ( return; } =20 + // + // When SEV is enabled then use SEV version of DmaReadWrite + // + if (InternalQemuFwCfgSevIsEnabled ()) { + return InternalQemuFwCfgSevDmaBytes (Size, Buffer, Control); + } + Access.Control =3D SwapBytes32 (Control); Access.Length =3D SwapBytes32 (Size); Access.Address =3D SwapBytes64 ((UINTN)Buffer); diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h b/OvmfPkg/= Library/QemuFwCfgLib/QemuFwCfgLibInternal.h index 6e87c62..8e2ff45 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h @@ -2,6 +2,7 @@ Internal interfaces specific to the QemuFwCfgLib instances in OvmfPkg. =20 Copyright (C) 2016, Red Hat, Inc. + Copyright (C) 2017, Advanced Micro Devices. =20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this @@ -43,4 +44,41 @@ InternalQemuFwCfgDmaIsAvailable ( VOID ); =20 +/** + Returns a boolean indicating whether the SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ); + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ); + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ); + #endif diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgPei.c index ac05f4c..3dc9270 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c @@ -4,6 +4,7 @@ =20 Copyright (C) 2013, Red Hat, Inc. Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this @@ -14,14 +15,55 @@ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ =20 +#include #include #include +#include +#include =20 #include "QemuFwCfgLibInternal.h" =20 STATIC BOOLEAN mQemuFwCfgSupported =3D FALSE; STATIC BOOLEAN mQemuFwCfgDmaSupported; =20 +/** + Returns a boolean indicating whether the SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + return FALSE; +} =20 /** Returns a boolean indicating if the firmware configuration interface @@ -79,6 +121,17 @@ QemuFwCfgInitialize ( mQemuFwCfgDmaSupported =3D TRUE; DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n")); } + + // + // When SEV is enabled then we do not support DMA interface. + // This is because we need to use bounce buffer to support DMA operation= in SEV guest. + // Allocating memory for bounce buffer can get painful in Pei phase + // + if (mQemuFwCfgDmaSupported && InternalQemuFwCfgSevIsEnabled ()) { + mQemuFwCfgDmaSupported =3D FALSE; + DEBUG ((DEBUG_INFO, "QemuFwCfg disabling DMA interface and defaulting = to IO Port.\n")); + } + return RETURN_SUCCESS; } =20 @@ -114,3 +167,43 @@ InternalQemuFwCfgDmaIsAvailable ( { return mQemuFwCfgDmaSupported; } + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf b/OvmfPkg/Lib= rary/QemuFwCfgLib/QemuFwCfgPeiLib.inf index 4f966a8..83cc0de 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf @@ -39,7 +39,9 @@ =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec =20 [LibraryClasses] BaseLib diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgSec.c index 465ccbe..70b0a47 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c @@ -16,8 +16,11 @@ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ =20 +#include #include #include +#include +#include =20 #include "QemuFwCfgLibInternal.h" =20 @@ -94,3 +97,82 @@ InternalQemuFwCfgDmaIsAvailable ( { return FALSE; } + +/** + Returns a boolean indicating whether the SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 1 04:51:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490130828322173.81364586686118; Tue, 21 Mar 2017 14:13:48 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 3044A80408; Tue, 21 Mar 2017 14:13:47 -0700 (PDT) Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E11D780408 for ; Tue, 21 Mar 2017 14:13:45 -0700 (PDT) Received: by mail-oi0-x242.google.com with SMTP id a94so7282093oic.0 for ; Tue, 21 Mar 2017 14:13:45 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id c35sm9227567otb.48.2017.03.21.14.13.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:44 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=FplWb6kLd1trYKcGjsiAEfE1kQEOGjaTujOAwxRaIeM=; b=QQ17THbj9Ei8fN6W6DLYhUOfEzrwgBdZXCuzVBMQmsaThsm1JOa0++Flt/AmyOcuql MgzCS9n3MuR2Sc+G52q5wUZiI+IAqIItWVHZ86BG+MnkQElj+Z94SpEzlmjg5RoBmGaI kJmE5WBFBj3inrX+ErqtR9Dj7dEHGpasl48kPSmETMf6RLSQF2jikIfOZ7ektOWCzry/ ORTUX5kU9wfKTPYPBOrGkX297a5NpTegE7AAJmzOZ9am6wkImYmEvu70uYH91X9J5LsB cVeIWRHGt8ou6eHL4Xubne9Jgi9/j0zy9NETt9WhztpqezveGvYlpgVuQqHRFofbI1dk u1mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=FplWb6kLd1trYKcGjsiAEfE1kQEOGjaTujOAwxRaIeM=; b=AwSJ/q1NkmljCW7N9NzFdDTWjet2pGqFwajYQFSPcR6muJr7T6M589p0xZurJJ97ZA CfUruuVIV7Zhp5hOxTDpY6y0Yo10ufNB8un+7/8yPEcm0wudltCtJgKDCUEqDI1nmFAY rNw1mPzlRc1vnVZ8UmQT3SLXrCBFaM9VAbxg4EyeL7QkSAy5HXbalVELc4aghRdT7hfE ZZZR7sjF07yWNUBzAdZcDGMsD/QrOUevMTMjYhYWWJ8aI7WW5p8AAXA5VnX1uE/B43JX vFWojuho0cugg+6+oYdc4n6pucKs6zvwkkWBU0qUu5owRxnOJBDUq5jivnbQkfFIgJKi OLrw== X-Gm-Message-State: AFeK/H1WZjdKpGF05i1fzYWUHB19WqRL1ss6+coumF8DT56eqSFfZZg1wQkgQ6ZNPX2G1A== X-Received: by 10.202.190.67 with SMTP id o64mr17958716oif.0.1490130825263; Tue, 21 Mar 2017 14:13:45 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Date: Tue, 21 Mar 2017 17:13:44 -0400 Message-ID: <149013082409.27235.9271750185308365336.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 10/10] OvmfPkg/QemuVideoDxe: Clear the C-bit from framebuffer region when SEV is enabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the framebuffer memory region is shared between the guest and hypervi= sor hence we must clear the memory encryption bit from this memory region when = SEV is enabled. Signed-off-by: Brijesh Singh --- OvmfPkg/QemuVideoDxe/Gop.c | 15 +++++++++++++++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf | 1 + 2 files changed, 16 insertions(+) diff --git a/OvmfPkg/QemuVideoDxe/Gop.c b/OvmfPkg/QemuVideoDxe/Gop.c index 359e921..96661d1 100644 --- a/OvmfPkg/QemuVideoDxe/Gop.c +++ b/OvmfPkg/QemuVideoDxe/Gop.c @@ -13,6 +13,8 @@ =20 **/ =20 +#include + #include "Qemu.h" =20 STATIC @@ -65,6 +67,19 @@ QemuVideoCompleteModeData ( (VOID**) &FrameBufDesc ); =20 + // + // Framebuffer memory region is shared between hypervisor and guest, + // Clear the memory encryption mask when SEV is active. + // + if (MemEncryptSevIsEnabled ()) { + EFI_STATUS Status; + + Status =3D MemEncryptSevClearPageEncMask (FrameBufDesc->AddrRangeMin, = EFI_SIZE_TO_PAGES (FrameBufDesc->AddrLen)); + if (EFI_ERROR(Status)) { + DEBUG ((EFI_D_WARN, "Failed to clear memory encryption mask 0x%#Lx+0= x%x\n", FrameBufDesc->AddrRangeMin, FrameBufDesc->AddrLen)); + } + } + Mode->FrameBufferBase =3D FrameBufDesc->AddrRangeMin; Mode->FrameBufferSize =3D Info->HorizontalResolution * Info->VerticalRes= olution; Mode->FrameBufferSize =3D Mode->FrameBufferSize * ((ModeData->ColorDepth= + 7) / 8); diff --git a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf b/OvmfPkg/QemuVideoDxe/Q= emuVideoDxe.inf index affb6ff..83ea86c 100644 --- a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +++ b/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf @@ -60,6 +60,7 @@ UefiBootServicesTableLib UefiDriverEntryPoint UefiLib + MemEncryptSevLib =20 [Protocols] gEfiDriverSupportedEfiVersionProtocolGuid # PROTOCOL ALWAYS_PRODUCED _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel