From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138167519959.9570565244833; Tue, 25 Apr 2017 09:36:07 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0CA652193CF53; Tue, 25 Apr 2017 09:36:06 -0700 (PDT) Received: from mail-oi0-x243.google.com (mail-oi0-x243.google.com [IPv6:2607:f8b0:4003:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A5DCF2193CF44 for ; Tue, 25 Apr 2017 09:36:04 -0700 (PDT) Received: by mail-oi0-x243.google.com with SMTP id y11so35429427oie.1 for ; Tue, 25 Apr 2017 09:36:04 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:03 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=rvAieiT9bidD8f6UwLgWJhTKiBwmV1wnokRtXhgNxg4=; b=YD6kvJYfUUOTBwcPPDni4rCJH7ix9JOUzRUU7omUPRJ53iVcQby5K+B0VtxXfXb/h+ PXhGndQQ0R7NgOZUux+/41ffMQcDI42YUmmHB1y47lpNsyb8x9GO+VVHLSg5jRhM6+0I qUuEMr/KngaS9mBYj6ptDFDQUvbw7PbDt10aqUcmW5Uaoakg8IErgsKG/FWXkCAmdEC3 XGDEHTGRhikMFUqtB/zaOpCSvf5LpatDuEMT5hMQpM4FWJR7fLUI4smbm/DT2gfiZ1az /Qa2PDpLFSc+54V13GO/qW5sVgjAmhA3K2ZycY4r9smsFLMEE35hR7NFHYNCCyev1kXR uwZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=rvAieiT9bidD8f6UwLgWJhTKiBwmV1wnokRtXhgNxg4=; b=WOmr7mC+uFKnsrZO0S8qnWYAxmYrf8p5TwctMP4kcNGvZbQpFOw+2nMgKuzeTJYLc+ G4eyKCgc2v60P8AiFCzsbNg0DSC4QfnCscJCUhhmC4nmj4Fx2y8Mh77aDBv+K6cwP/Zg XIjh8vrfwur3dbHn97nUqm9CR5rLBwB8/L2RyHaIJUU0Ky0+HcwZO+UwZGfP9s1SSNsw xfIHzX6tyG3KiY/USm82gnFtmdYKntAxp82hAKEEydXmqJ5DKXHc77Ai5AgK05mfGRZT C4yoJJwvkxWttS7199RkS2Mk4J+XlHSTzJhXq2Ab9ICxsxnSrOIRG8gHo96/ArAkoSz1 lcug== X-Gm-Message-State: AN3rC/4798DozZC8X8TqAq9G9SCew52Tez1EzDRuyvQiX9/Ir9+skCsJ 5Z0oZKS6ksunXEPu/aU= X-Received: by 10.157.19.40 with SMTP id f37mr17200517ote.212.1493138163756; Tue, 25 Apr 2017 09:36:03 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:10 -0400 Message-Id: <1493138064-7816-2-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 01/15] UefiCpuPkg: Define AMD Memory Encryption specific CPUID and MSR X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The patch defines AMD's Memory Encryption Information CPUID leaf and SEV status MSR. The complete description for CPUID leaf is available in APM volume 2, Section 15.34. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- UefiCpuPkg/Include/Register/Amd/Cpuid.h | 162 ++++++++++++++++++++ UefiCpuPkg/Include/Register/Amd/Fam17Msr.h | 62 ++++++++ UefiCpuPkg/Include/Register/Amd/Msr.h | 29 ++++ 3 files changed, 253 insertions(+) diff --git a/UefiCpuPkg/Include/Register/Amd/Cpuid.h b/UefiCpuPkg/Include/R= egister/Amd/Cpuid.h new file mode 100644 index 000000000000..5cd42667dc46 --- /dev/null +++ b/UefiCpuPkg/Include/Register/Amd/Cpuid.h @@ -0,0 +1,162 @@ +/** @file + CPUID leaf definitions. + + Provides defines for CPUID leaf indexes. Data structures are provided f= or + registers returned by a CPUID leaf that contain one or more bit fields. + If a register returned is a single 32-bit value, then a data structure is + not provided for that register. + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ This program and the accompanying materials are licensed and made availa= ble + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + + @par Specification Reference: + AMD64 Architecture Programming Manaul volume 2, March 2017, Sections 15.= 34 + +**/ + +#ifndef __AMD_CPUID_H__ +#define __AMD_CPUID_H__ + +/** + + Memory Encryption Information + + @param EAX CPUID_MEMORY_ENCRYPTION_INFO (0x8000001F) + + @retval EAX Returns the memory encryption feature support status. + @retval EBX If memory encryption feature is present then return + the page table bit number used to enable memory encryption= support + and reducing of physical address space in bits. + @retval ECX Returns number of encrypted guest supported simultaneosuly. + @retval EDX Returns minimum SEV enabled and SEV disbled ASID.. + + Example usage + @code + UINT32 Eax; + UINT32 Ebx; + UINT32 Ecx; + UINT32 Edx; + + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax, &Ebx, &Ecx, &Edx); + @endcode +**/ + +#define CPUID_MEMORY_ENCRYPTION_INFO 0x8000001F + +/** + CPUID Memory Encryption support information EAX for CPUID leaf + #CPUID_MEMORY_ENCRYPTION_INFO. +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0] Secure Memory Encryption (Sme) Support + /// + UINT32 SmeBit:1; + + /// + /// [Bit 1] Secure Encrypted Virtualization (Sev) Support + /// + UINT32 SevBit:1; + + /// + /// [Bit 2] Page flush MSR support + /// + UINT32 PageFlushMsrBit:1; + + /// + /// [Bit 3] Encrypted state support + /// + UINT32 SevEsBit:1; + + /// + /// [Bit 4:31] Reserved + /// + UINT32 ReservedBits:28; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; +} CPUID_MEMORY_ENCRYPTION_INFO_EAX; + +/** + CPUID Memory Encryption support information EBX for CPUID leaf + #CPUID_MEMORY_ENCRYPTION_INFO. +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0:5] Page table bit number used to enable memory encryption + /// + UINT32 PtePosBits:6; + + /// + /// [Bit 6:11] Reduction of system physical address space bits when me= mory encryption is enabled + /// + UINT32 ReducedPhysBits:5; + + /// + /// [Bit 12:31] Reserved + /// + UINT32 ReservedBits:21; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; +} CPUID_MEMORY_ENCRYPTION_INFO_EBX; + +/** + CPUID Memory Encryption support information ECX for CPUID leaf + #CPUID_MEMORY_ENCRYPTION_INFO. +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0:31] Number of encrypted guest supported simultaneously + /// + UINT32 NumGuests; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; +} CPUID_MEMORY_ENCRYPTION_INFO_ECX; + +/** + CPUID Memory Encryption support information EDX for CPUID leaf + #CPUID_MEMORY_ENCRYPTION_INFO. +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0:31] Minimum SEV enabled, SEV-ES disabled ASID + /// + UINT32 MinAsid; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; +} CPUID_MEMORY_ENCRYPTION_INFO_EDX; + +#endif diff --git a/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h b/UefiCpuPkg/Includ= e/Register/Amd/Fam17Msr.h new file mode 100644 index 000000000000..2c5d9738fae8 --- /dev/null +++ b/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h @@ -0,0 +1,62 @@ +/** @file + MSR Definitions. + + Provides defines for Machine Specific Registers(MSR) indexes. Data struc= tures + are provided for MSRs that contain one or more bit fields. If the MSR v= alue + returned is a single 32-bit or 64-bit value, then a data structure is not + provided for that MSR. + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + + @par Specification Reference: + AMD64 Architecture Programming Manaul volume 2, March 2017, Sections 15.= 34 + +**/ + +#ifndef __FAM17_MSR_H +#define __FAM17_MSR_H + +/** + Secure Encrypted Virtualization (SEV) status register + +**/ +#define MSR_SEV_STATUS 0xc0010131 + +/** + MSR information returned for #MSR_SEV_STATUS +**/ +typedef union { + /// + /// Individual bit fields + /// + struct { + /// + /// [Bit 0] Secure Encrypted Virtualization (Sev) is enabled + /// + UINT32 SevBit:1; + + /// + /// [Bit 1] Secure Encrypted Virtualization Encrypted State (SevEs) is= enabled + /// + UINT32 SevEsBit:1; + + UINT32 Reserved:30; + } Bits; + /// + /// All bit fields as a 32-bit value + /// + UINT32 Uint32; + /// + /// All bit fields as a 64-bit value + /// + UINT64 Uint64; +} MSR_SEV_STATUS_REGISTER; + +#endif diff --git a/UefiCpuPkg/Include/Register/Amd/Msr.h b/UefiCpuPkg/Include/Reg= ister/Amd/Msr.h new file mode 100644 index 000000000000..bde830feb0c5 --- /dev/null +++ b/UefiCpuPkg/Include/Register/Amd/Msr.h @@ -0,0 +1,29 @@ +/** @file + MSR Definitions. + + Provides defines for Machine Specific Registers(MSR) indexes. Data struc= tures + are provided for MSRs that contain one or more bit fields. If the MSR v= alue + returned is a single 32-bit or 64-bit value, then a data structure is not + provided for that MSR. + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + + @par Specification Reference: + AMD64 Architecture Programming Manaul volume 2, March 2017, Sections 15.= 34 + +**/ + +#ifndef __AMD_MSR_H__ +#define __AMD_MSR_H__ + +#include +#include + +#endif --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138169416433.1945457550687; Tue, 25 Apr 2017 09:36:09 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 3DA732193CF57; Tue, 25 Apr 2017 09:36:08 -0700 (PDT) Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E8AFA2193CF57 for ; Tue, 25 Apr 2017 09:36:06 -0700 (PDT) Received: by mail-oi0-x242.google.com with SMTP id w12so7956859oiw.0 for ; Tue, 25 Apr 2017 09:36:06 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:05 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PSghcU9EBqO5Asdtp0+Fy9FGTJj0cLZD0Ni4QztfSQI=; b=N6G9hl9U8qAgSKU/Tt2Kaq3BCdLOIw8l91TXHZPIWwU2DsnTOOst1QOxh2owFdnao1 X1kx+rZhvvhhCfWp+Dn02SAoaTknUn+/5j0Rf3dAj6R+zkW07yV8cSJTr/0o1Vl9Zwan auNVNbklMuiGqWPDPVSHVqWRE6z7lEoOg7Niy6covVSLPsORK91uig9+P3muhabtifWP riDT1Z1eBysLE2Kvli3+x7rb2pmEfpDVYjc4C2JvFB2sGFL8pq5M9n/UkQMzLN1W+rAW EsOGe0ekZ9n23WGLfLYPTsVcyxEH/05RNAyETP5azYILSXLtrDXp6aAe9LcN5xZii2vF b2ZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PSghcU9EBqO5Asdtp0+Fy9FGTJj0cLZD0Ni4QztfSQI=; b=AK0+XQ5/ZvZDGaey4AnsYcBATRHBJIHKlPXiuG3EsEkQ6bVIastZuo9t8kbUvZSJTE NOrTXqfJCko0YBJIyXQawQO4UuhrElY0deuSMzoiu8MZSWydbU0N/7vXOUMSklOio/3O D8QBPuDHuYX5mduKixQpG+L4vvbHb/l8+N+2C4W7K89PF7XHFoPkkAlk+X3ymI/8LbFB NutLMVBlHuH0XfpxN/KDv+YzIZXMCfgkgXmw/jpmH0ux8YbswjjT8zVeLFh0uz4HfpYI SXUPlehROR+x1ObNH/Y1kH5Rolz0baG3/bvwmYR4d66Xces9GfYQpCBvS96X2GO+OUPn EXPQ== X-Gm-Message-State: AN3rC/7awEqm2UA4dNTLo9syRB57fx8zgpIW1T6OP60nBODVjMUmr0q3 pTHqt1Q4uErJGw== X-Received: by 10.202.62.196 with SMTP id l187mr17589041oia.132.1493138166281; Tue, 25 Apr 2017 09:36:06 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:11 -0400 Message-Id: <1493138064-7816-3-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 02/15] OvmfPkg/ResetVector: Set C-bit when building initial page table X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh SEV guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. The C-bit in PTE indicate whether the page is private or shared. The C-bit position for the PTE can be obtained from CPUID Fn8000_001F[EBX]. When SEV is active, the BIOS is encrypted by the Qemu launch sequence, we must set the C-bit when building the page table. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 70 +++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6201cad1f5dc..3d4b04844cdf 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -37,9 +37,60 @@ BITS 32 PAGE_READ_WRITE + \ PAGE_PRESENT) =20 +; Check if Secure Encrypted Virtualization (SEV) feature is enabled +; +; If SEV is enabled then EAX will be at least 32 +; If SEV is disabled then EAX will be zero. +; +CheckSevFeature: + ; CPUID will clobber EBX, ECX, EDX, save these registers + push ebx + push ecx + push edx + + ; Check if we have a valid (0x8000_001F) CPUID leaf + mov eax, 0x80000000 + cpuid + + ; This check should fail on Intel or Non SEV AMD CPUs and in future if + ; Intel CPUs supports this CPUID leaf then we are guranteed to have ex= act + ; same bit definition. + cmp eax, 0x8000001f + jl NoSev + + ; Check for memory encryption feature: + ; CPUID Fn8000_001F[EAX] - Bit 1 + ; + mov eax, 0x8000001f + cpuid + bt eax, 1 + jnc NoSev + + ; Check if memory encryption is enabled + ; MSR_0xC0010131 - Bit 0 (SEV enabled) + mov ecx, 0xc0010131 + rdmsr + bt eax, 0 + jnc NoSev + + ; Get pte bit position to enable memory encryption + ; CPUID Fn8000_001F[EBX] - Bits 5:0 + ; + mov eax, ebx + and eax, 0x3f + jmp SevExit + +NoSev: + xor eax, eax + +SevExit: + pop edx + pop ecx + pop ebx + OneTimeCallRet CheckSevFeature =20 ; -; Modified: EAX, ECX +; Modified: EAX, ECX, EDX ; SetCr3ForPageTables64: =20 @@ -60,18 +111,34 @@ clearPageTablesMemoryLoop: mov dword[ecx * 4 + PT_ADDR (0) - 4], eax loop clearPageTablesMemoryLoop =20 + OneTimeCall CheckSevFeature + xor edx, edx + test eax, eax + jz SevNotActive + + ; If SEV is enabled, Memory encryption bit is always above 31 + sub eax, 32 + bts edx, eax + +SevNotActive: + ; ; Top level Page Directory Pointers (1 * 512GB entry) ; mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (4)], edx =20 ; ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB) ; mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1004)], edx mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x100C)], edx mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1014)], edx mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x101C)], edx =20 ; ; Page Table Entries (2048 * 2MB entries =3D> 4GB) @@ -83,6 +150,7 @@ pageTableEntriesLoop: shl eax, 21 add eax, PAGE_2M_PDE_ATTR mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 ; --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138172443207.25933978516036; Tue, 25 Apr 2017 09:36:12 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 700CF2193CF5B; Tue, 25 Apr 2017 09:36:10 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5B8672193CF5B for ; Tue, 25 Apr 2017 09:36:09 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id a3so31962312oii.3 for ; Tue, 25 Apr 2017 09:36:09 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:07 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0EPjHYbDEg+bOTjvr6kZweHifJQMHPWnDn6p/476rnw=; b=j+AjOUh7K6PwYZmM6JSbXO8dgiV+dFIRWkHBRzxH9ndetk3DucERV5TYu6rNWfUoE3 WUgVuPvbKUNfQshqCU1TxexvMlcjJBaOPFJXKToh6Ozk8ZF/dyWMMe2tWv2l0AcpU0zJ ufxTHIZ7/T9fwCL6h1J3pYhAeIOeTQovAGQ6u9IzK8jXM0LmcZV0rhst6UcZ7uk2A30l dyVnDxohBuzDQXYFbsSybTA/LmmHLJp5ZzXboa5OLuk4Zsvq0B6xStOCI8640H1gKT/6 RPGn5tFP8WctJGJN/E+jCdJ0FxT5DCMsoIUjNRtGQerPp5n8IY2/IYWn0bpQAyDvjKVQ ICvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0EPjHYbDEg+bOTjvr6kZweHifJQMHPWnDn6p/476rnw=; b=SUvYKvO1xR1JBFQ9g99UNOum63ia6JaKBze6iuHk4mFAqWWEiQMggncbRVUfA2uhtq CxnIbCemfBiPKURWKTErgyJV8QIbEJk89xekbK49lDtdk4bImii2eUWINciYX7qG8pTj M8Di9dzdUrl9pMcTXIIxwcDH3zS0jHr2t0/v2tqCTAoCcFpGKbLCXCG/H2mG1q0YUot3 vz+zdolKzh2fviDTYReTVAFSOjEY8d2OtuOOO/wVn9G+KWyEdbPWcr5uGfZUMUB6nb7N l0Jn8whStYDR7sD0/arx1URSgxRWC/PNQBYkDl3HTVS0WjFee904R699YCcDXBBzsZt8 /iFA== X-Gm-Message-State: AN3rC/5wiJreK7+QOVy2h90ak6E/Q4NRpLpRjrabD/+xi9gF0BAYkHSR WMNb+RP+3/jYzg== X-Received: by 10.202.72.205 with SMTP id v196mr17618119oia.111.1493138168631; Tue, 25 Apr 2017 09:36:08 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:12 -0400 Message-Id: <1493138064-7816-4-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 03/15] OvmfPkg: Update dsc to use IoLib from BaseIoLibIntrinsicSev.inf X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled then we must unroll the rep String I/O instructions. The patch updates dsc file to use SEV version of IoLib inf. The main difference between BaseIoLibIntrinsic.inf and BaseIoLibIntrinsicSev.inf is, SEV version checks if its running under SEV enabled guest, If so then it unroll the String I/O (REP INS/OUTS) otherwise fallbacks to rep ins/outs. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 546cdf7832ce..7fc52052a5b8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -103,7 +103,7 @@ [LibraryClasses] PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf - IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 383c8d3f8b26..9e4fdc3cf88b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -108,7 +108,7 @@ [LibraryClasses] PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf - IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0b7533c7fd53..41ab7f84fb98 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -108,7 +108,7 @@ [LibraryClasses] PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf - IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138175497718.0746772561147; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A27DA2193CF62; Tue, 25 Apr 2017 09:36:13 -0700 (PDT) Received: from mail-oi0-x241.google.com (mail-oi0-x241.google.com [IPv6:2607:f8b0:4003:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 025DD2193CF63 for ; Tue, 25 Apr 2017 09:36:12 -0700 (PDT) Received: by mail-oi0-x241.google.com with SMTP id y11so35430522oie.1 for ; Tue, 25 Apr 2017 09:36:11 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:09 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nZTw4I+k8I11DOzDi5uBCTYHJ9zX2Y+8ccisfRL2HOk=; b=eucn6NvywkULkcwG0gSrcMUnejZDm7/DGhyMQJLGXjxjde0bb14MnBV0+UWAmK6Lni TVO+V1sXxCwwDMRBDQoVLQRzKJ/LX4pumttCtG38u+wo1s4pyaEuXKHisoDym3Li6Qq0 x+zMLEuiec+kuk0EYi7qXEmPKi/1DIxrLBVbI3EhNE0EHuNpPhk9B0bR9XVQ66B0vsya U8PPFRlMYwIJynzT5SwkMOi5N10DPUGR2RB74BuqTj984UfBsNBd/NaHEP+Hx5fb79M6 7wtXwCZtKyrJFhZAmll50BBTRuCGTjGIRE7vNjwDz6pjq/XAZi7PIYuIPL3ueRRrdL+Q YbPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nZTw4I+k8I11DOzDi5uBCTYHJ9zX2Y+8ccisfRL2HOk=; b=kUQOXgtdGyiQjIDHiB05c6yDgwE6C+tT8ioR+a7ZY/NPX6G3fJeS/TSNIbkuX31Lrx +rSeIb64+LZu3kI1MQiYpOuAB3mgYMCFJcbKIZ9xNBCmJsoh/SnijgVsX0erT54dO9ap heNc16a5hGoJTE5/UATLvSi1s4iJy8E7Nf/rFEggcgEH9e5oH9NqluKAIJEaAPFoMdPk lxJmnxTAquXSmwnoyeDw7G3Z6p+ZP7pqs9mqsK3KoWQPB3rq0sIx0gTsCOUp1I3jsx4j 8vCAadDepJMe6ta7QopTLj+TW8DPcXC4B7S+H7cbn23jzjQv1L6eOLNhJUnHrsrLcYTd 1+fw== X-Gm-Message-State: AN3rC/46Rra9ou9OmlFmpQQ1mCyQ/ge4js9ZCj6G6dUYUKExmbJIahUI nuyqrIxvdBC9WJNOASM= X-Received: by 10.202.171.199 with SMTP id u190mr16518984oie.72.1493138170312; Tue, 25 Apr 2017 09:36:10 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:13 -0400 Message-Id: <1493138064-7816-5-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 04/15] OvmfPkg/BaseMemcryptSevLib: Add SEV helper library X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Add Secure Encrypted Virtualization (SEV) helper library. The library provides the routines to: - set or clear memory encryption bit for a given memory region. - query whether SEV is enabled. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 50 +++ OvmfPkg/Include/Library/MemEncryptSevLib.h | 79 ++++ OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.h | 34 ++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 182 ++++= +++++ OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 124 ++++= ++ OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c | 43 ++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 123 ++++= ++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 412 ++++= ++++++++++++++++ 11 files changed, 1050 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 7fc52052a5b8..ea45d8f606ee 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -126,6 +126,7 @@ [LibraryClasses] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 9e4fdc3cf88b..dc38c60a70a7 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -131,6 +131,7 @@ [LibraryClasses] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 41ab7f84fb98..99df6d80a395 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -131,6 +131,7 @@ [LibraryClasses] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf = b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf new file mode 100644 index 000000000000..949c430af61b --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf @@ -0,0 +1,50 @@ +## @file +# Library provides the helper functions for SEV guest +# +# Copyright (c) 2017 Advanced Micro Devices. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the B= SD +# License which accompanies this distribution. The full text of the licen= se +# may be found at http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +# +# +## + +[Defines] + INF_VERSION =3D 1.25 + BASE_NAME =3D MemEncryptSevLib + FILE_GUID =3D c1594631-3888-4be4-949f-9c630dbc842b + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MemEncryptSevLib|PEIM DXE_DRIVER DXE_= RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[Sources.X64] + X64/MemEncryptSevLib.c + X64/VirtualMemory.c + MemEncryptSevLibInternal.c + +[Sources.IA32] + Ia32/MemEncryptSevLib.c + MemEncryptSevLibInternal.c + +[LibraryClasses] + BaseLib + CpuLib + CacheMaintenanceLib + DebugLib + MemoryAllocationLib diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h new file mode 100644 index 000000000000..ce3f5ad723cf --- /dev/null +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -0,0 +1,79 @@ +/** @file + + Define Secure Encrypted Virtualization (SEV) base library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials are licensed and made availa= ble + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#ifndef _MEM_ENCRYPT_SEV_LIB_H_ +#define _MEM_ENCRYPT_SEV_LIB_H_ + +#include + +/** + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE SEV is active + @retval FALSE SEV is not enabled + **/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ); + +/** + This function clears memory encryption bit for the memory region specifi= ed + by BaseAddress and Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the start= address + of a memory region. + @param[in] NumberOfPages The number of pages from start memory = region. + @param[in] Flush Flush the caches before clearing the b= it + (mostly TRUE except MMIO addresses) + + @retval RETURN_SUCCESS The attributes were cleared for the me= mory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing memory encryption attribute i= s not + supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumberOfPages, + IN BOOLEAN CacheFlush + ); + +/** + This function sets memory encryption bit for the memory region specified= by + BaseAddress and Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the start= address + of a memory region. + @param[in] NumberOfPages The number of pages from start memory = region. + @param[in] Flush Flush the caches before clearing the b= it + (mostly TRUE except MMIO addresses) + + @retval RETURN_SUCCESS The attributes were set for the memory= region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing memory encryption attribute i= s not + supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevSetPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumberOfPages, + IN BOOLEAN CacheFlush + ); +#endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.= h b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.h new file mode 100644 index 000000000000..17f67b47dbee --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.h @@ -0,0 +1,34 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the licen= se may + be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#ifndef _MEM_ENCRYPT_SEV_LIB_INTERNAL_H_ +#define _MEM_ENCRYPT_SEV_LIB_INTERNAL_H_ + +#include + +/** + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE SEV is active + @retval FALSE SEV is not enabled + **/ +BOOLEAN +EFIAPI +InternalMemEncryptSevIsEnabled ( + VOID + ); + +#endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h new file mode 100644 index 000000000000..faf3c6ab01fc --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h @@ -0,0 +1,182 @@ +/** @file + + Virtual Memory Management Services to set or clear the memory encryption= bit + +Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h + +**/ + +#ifndef __VIRTUAL_MEMORY__ +#define __VIRTUAL_MEMORY__ + +#include +#include +#include +#include +#include + +#include +#define SYS_CODE64_SEL 0x38 + +#pragma pack(1) + +// +// Page-Map Level-4 Offset (PML4) and +// Page-Directory-Pointer Offset (PDPE) entries 4K & 2MB +// + +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Reserved:1; // Reserved + UINT64 MustBeZero:2; // Must Be Zero + UINT64 Available:3; // Available for use by system softw= are + UINT64 PageTableBaseAddress:40; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // No Execute bit + } Bits; + UINT64 Uint64; +} PAGE_MAP_AND_DIRECTORY_POINTER; + +// +// Page Table Entry 4KB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by= processor on access to page + UINT64 PAT:1; // + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PageTableBaseAddress:40; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, 1 =3D No Code= Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_4K_ENTRY; + +// +// Page Table Entry 2MB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by= processor on access to page + UINT64 MustBe1:1; // Must be 1 + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PAT:1; // + UINT64 MustBeZero:8; // Must be zero; + UINT64 PageTableBaseAddress:31; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, 1 =3D No Code= Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_ENTRY; + +// +// Page Table Entry 1GB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, 1 = =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, 1=3DWri= te-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, 1 =3D Accesse= d (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by= processor on access to page + UINT64 MustBe1:1; // Must be 1 + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PAT:1; // + UINT64 MustBeZero:17; // Must be zero; + UINT64 PageTableBaseAddress:22; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, 1 =3D No Code= Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_1G_ENTRY; + +#pragma pack() + +#define IA32_PG_P BIT0 +#define IA32_PG_RW BIT1 + +#define PAGETABLE_ENTRY_MASK ((1UL << 9) - 1) +#define PML4_OFFSET(x) ( (x >> 39) & PAGETABLE_ENTRY_MASK) +#define PDP_OFFSET(x) ( (x >> 30) & PAGETABLE_ENTRY_MASK) +#define PDE_OFFSET(x) ( (x >> 21) & PAGETABLE_ENTRY_MASK) +#define PTE_OFFSET(x) ( (x >> 12) & PAGETABLE_ENTRY_MASK) +#define PAGING_1G_ADDRESS_MASK_64 0x000FFFFFC0000000ull + +/** + This function clears memory encryption bit for the memory region specifi= ed by PhysicalAddress + and length from the current page table context. + + @param[in] PhysicalAddress The physical address that is the sta= rt address of a memory region. + @param[in] Length The length of memory region + @param[in] Flush Flush the caches before applying the= encryption mask + + @retval RETURN_SUCCESS The attributes were cleared for the = memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Setting the memory encyrption attrib= ute is not supported +**/ +EFI_STATUS +EFIAPI +SetMemoryDecrypted ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINT64 Length, + IN BOOLEAN CacheFlush + ); + +/** + This function sets memory encryption bit for the memory region specified= by + PhysicalAddress and length from the current page table context. + + @param[in] PhysicalAddress The physical address that is the sta= rt address + of a memory region. + @param[in] Length The length of memory region + @param[in] Flush Flush the caches before applying the + encryption mask + + @retval RETURN_SUCCESS The attributes were cleared for the = memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Setting the memory encyrption attrib= ute is + not supported +**/ +EFI_STATUS +EFIAPI +SetMemoryEncrypted ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINT64 Length, + IN BOOLEAN CacheFlush + ); + +#endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c new file mode 100644 index 000000000000..d711538dfb71 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -0,0 +1,124 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the licen= se may + be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "Uefi.h" +#include +#include +#include +#include +#include +#include + +#include "MemEncryptSevLibInternal.h" + +/** + + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + **/ +BOOLEAN +EFIAPI +InternalMemEncryptSevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev is Enabled) + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + This function clears memory encryption bit for the memory region specifi= ed + by BaseAddress and Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the start= address + of a memory region. + @param[in] NumberOfPages The number of pages from start memory = region. + @param[in] Flush Flush the caches before clearing the b= it + (mostly TRUE except MMIO addresses) + + @retval RETURN_SUCCESS The attributes were cleared for the me= mory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing memory encryption attribute i= s not + supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumberOfPages, + IN BOOLEAN Flush + ) +{ + // + // Memory encryption bit is not accessible in 32-bit mode + // + return RETURN_UNSUPPORTED; +} + +/** + This function sets memory encryption bit for the memory region specified= by + BaseAddress and Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the start= address + of a memory region. + @param[in] NumberOfPages The number of pages from start memory = region. + @param[in] Flush Flush the caches before clearing the b= it + (mostly TRUE except MMIO addresses) + + @retval RETURN_SUCCESS The attributes were set for the memory= region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing memory encryption attribute i= s not + supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevSetPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumberOfPages, + IN BOOLEAN Flush + ) +{ + // + // Memory encryption bit is not accessible in 32-bit mode + // + return RETURN_UNSUPPORTED; +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.= c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c new file mode 100644 index 000000000000..43ecba7a28bb --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c @@ -0,0 +1,43 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the licen= se may + be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "MemEncryptSevLibInternal.h" + +STATIC BOOLEAN mSevStatus =3D FALSE; +STATIC BOOLEAN mSevStatusChecked =3D FALSE; + +/** + + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + **/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ) +{ + if (mSevStatusChecked) { + return mSevStatus; + } + + mSevStatus =3D InternalMemEncryptSevIsEnabled(); + mSevStatusChecked =3D TRUE; + + return mSevStatus; +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c b/= OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c new file mode 100644 index 000000000000..e0935705dc36 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c @@ -0,0 +1,123 @@ +/** @file + + Secure Encrypted Virtualization (SEV) library helper function + + Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the licen= se may + be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "Uefi.h" +#include +#include +#include +#include +#include +#include + +#include "VirtualMemory.h" +#include "MemEncryptSevLibInternal.h" + +/** + + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled + **/ +BOOLEAN +EFIAPI +InternalMemEncryptSevIsEnabled ( + VOID + ) +{ + UINT32 RegEax; + MSR_SEV_STATUS_REGISTER Msr; + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; + + // + // Check if memory encryption leaf exist + // + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) { + // + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); + + if (Eax.Bits.SevBit) { + // + // Check MSR_0xC0010131 Bit 0 (Sev Enabled) + // + Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); + if (Msr.Bits.SevBit) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + + This function clears memory encryption bit for the memory region specifi= ed by + BaseAddress and Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the sta= rt address + of a memory region. + @param[in] NumberOfPages The number of pages from start memor= y region. + @param[in] Flush Flush the caches before clearing the= bit + (mostly TRUE except MMIO addresses) + + @retval RETURN_SUCCESS The attributes were cleared for the = memory + region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encryption attri= bute is + not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN BOOLEAN Flush + ) +{ + return SetMemoryDecrypted (BaseAddress, EFI_PAGES_TO_SIZE(NumPages), Flu= sh); +} + +/** + + This function clears memory encryption bit for the memory region specifi= ed by + BaseAddress and Number of pages from the current page table context. + + @param[in] BaseAddress The physical address that is the sta= rt address + of a memory region. + @param[in] NumberOfPages The number of pages from start memor= y region. + @param[in] Flush Flush the caches before clearing the= bit + (mostly TRUE except MMIO addresses) + + @retval RETURN_SUCCESS The attributes were cleared for the = memory + region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encryption attri= bute is + not supported + **/ +RETURN_STATUS +EFIAPI +MemEncryptSevSetPageEncMask ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN BOOLEAN Flush + ) +{ + return SetMemoryEncrypted (BaseAddress, EFI_PAGES_TO_SIZE(NumPages), Flu= sh); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c new file mode 100644 index 000000000000..23235f4268e2 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c @@ -0,0 +1,412 @@ +/** @file + + Virtual Memory Management Services to set or clear the memory encryption= bit + +Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c + +**/ + +#include +#include +#include + +#include "VirtualMemory.h" + +STATIC BOOLEAN mAddressEncMaskChecked =3D FALSE; +STATIC UINT64 mAddressEncMask; + +typedef enum { + SetCBit, + ClearCBit +} MAP_RANGE_MODE; + +/** + Get the memory encryption mask + + @param[out] EncryptionMask contains the pte mask. + +**/ +STATIC +UINT64 +GetMemEncryptionAddressMask ( + VOID + ) +{ + UINT64 EncryptionMask; + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + + if (mAddressEncMaskChecked) { + return mAddressEncMask; + } + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + EncryptionMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); + + mAddressEncMask =3D EncryptionMask & PAGING_1G_ADDRESS_MASK_64; + mAddressEncMaskChecked =3D TRUE; + + return mAddressEncMask; +} + +/** + Split 2M page to 4K. + + @param[in] PhysicalAddress Start physical address the 2M page= covered. + @param[in, out] PageEntry2M Pointer to 2M page entry. + @param[in] StackBase Stack base address. + @param[in] StackSize Stack size. + +**/ +STATIC +VOID +Split2MPageTo4K ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN OUT UINT64 *PageEntry2M, + IN PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + PHYSICAL_ADDRESS PhysicalAddress4K; + UINTN IndexOfPageTableEntries; + PAGE_TABLE_4K_ENTRY *PageTableEntry, *PageTableEntry1; + UINT64 AddressEncMask; + + PageTableEntry =3D AllocatePages(1); + + PageTableEntry1 =3D PageTableEntry; + + AddressEncMask =3D GetMemEncryptionAddressMask (); + + ASSERT (PageTableEntry !=3D NULL); + ASSERT (*PageEntry2M & AddressEncMask); + + PhysicalAddress4K =3D PhysicalAddress; + for (IndexOfPageTableEntries =3D 0; IndexOfPageTableEntries < 512; Index= OfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=3D SIZE_4KB) { + // + // Fill in the Page Table entries + // + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncMask; + PageTableEntry->Bits.ReadWrite =3D 1; + PageTableEntry->Bits.Present =3D 1; + if ((PhysicalAddress4K >=3D StackBase) && (PhysicalAddress4K < StackBa= se + StackSize)) { + // + // Set Nx bit for stack. + // + PageTableEntry->Bits.Nx =3D 1; + } + } + + // + // Fill in 2M page entry. + // + *PageEntry2M =3D (UINT64) (UINTN) PageTableEntry1 | IA32_PG_P | IA32_PG_= RW | AddressEncMask; +} + +/** + Split 1G page to 2M. + + @param[in] PhysicalAddress Start physical address the 1G page= covered. + @param[in, out] PageEntry1G Pointer to 1G page entry. + @param[in] StackBase Stack base address. + @param[in] StackSize Stack size. + +**/ +STATIC +VOID +Split1GPageTo2M ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN OUT UINT64 *PageEntry1G, + IN PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + PHYSICAL_ADDRESS PhysicalAddress2M; + UINTN IndexOfPageDirectoryEntries; + PAGE_TABLE_ENTRY *PageDirectoryEntry; + UINT64 AddressEncMask; + + PageDirectoryEntry =3D AllocatePages(1); + + AddressEncMask =3D GetMemEncryptionAddressMask (); + ASSERT (PageDirectoryEntry !=3D NULL); + ASSERT (*PageEntry1G & GetMemEncryptionAddressMask ()); + // + // Fill in 1G page entry. + // + *PageEntry1G =3D (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_= PG_RW | AddressEncMask; + + PhysicalAddress2M =3D PhysicalAddress; + for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries < 51= 2; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += =3D SIZE_2MB) { + if ((PhysicalAddress2M < StackBase + StackSize) && ((PhysicalAddress2M= + SIZE_2MB) > StackBase)) { + // + // Need to split this 2M page that covers stack range. + // + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + } else { + // + // Fill in the Page Directory entries + // + PageDirectoryEntry->Uint64 =3D (UINT64) PhysicalAddress2M | AddressE= ncMask; + PageDirectoryEntry->Bits.ReadWrite =3D 1; + PageDirectoryEntry->Bits.Present =3D 1; + PageDirectoryEntry->Bits.MustBe1 =3D 1; + } + } +} + + +/** + Set or Clear the memory encryption bit + + @param[in] PagetablePoint Page table entry pointer (PTE). + @param[in] Mode Set or Clear encryption bit + +**/ +STATIC VOID +SetOrClearCBit( + IN OUT UINT64* PageTablePointer, + IN MAP_RANGE_MODE Mode + ) +{ + UINT64 AddressEncMask; + + AddressEncMask =3D GetMemEncryptionAddressMask (); + + if (Mode =3D=3D SetCBit) { + *PageTablePointer |=3D AddressEncMask; + } else { + *PageTablePointer &=3D ~AddressEncMask; + } + +} + +/** + This function either sets or clears memory encryption bit for the memory= region + specified by PhysicalAddress and length from the current page table cont= ext. + + The function iterates through the physicalAddress one page at a time, an= d set + or clears the memory encryption mask in the page table. If it encounters + that a given physical address range is part of large page then it attemp= ts to + change the attribute at one go (based on size), otherwise it splits the + large pages into smaller (e.g 2M page into 4K pages) and then try to set= or + clear the encryption bit on the smallest page size. + + @param[in] PhysicalAddress The physical address that is the sta= rt + address of a memory region. + @param[in] Length The length of memory region + @param[in] Mode Set or Clear mode + @param[in] Flush Flush the caches before applying the + encryption mask + + @retval RETURN_SUCCESS The attributes were cleared for the = memory + region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Setting the memory encyrption attrib= ute is + not supported +**/ + +STATIC +EFI_STATUS +EFIAPI +SetMemoryEncDec ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length, + IN MAP_RANGE_MODE Mode, + IN BOOLEAN CacheFlush + ) +{ + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; + PAGE_MAP_AND_DIRECTORY_POINTER *PageUpperDirectoryPointerEntry; + PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry; + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; + PAGE_TABLE_ENTRY *PageDirectory2MEntry; + PAGE_TABLE_4K_ENTRY *PageTableEntry; + UINT64 PgTableMask; + UINT64 AddressEncMask; + + // + // Check if we have a valid memory encryption mask + // + AddressEncMask =3D GetMemEncryptionAddressMask (); + if (!AddressEncMask) { + return RETURN_ACCESS_DENIED; + } + + PgTableMask =3D AddressEncMask | EFI_PAGE_MASK; + + if (Length =3D=3D 0) { + return EFI_INVALID_PARAMETER; + } + + // + // We are going to change the memory encryption attribute from C=3D0 -> = C=3D1 or + // vice versa Flush the caches to ensure that data is written into memor= y with + // correct C-bit + // + if (CacheFlush) { + WriteBackInvalidateDataCacheRange((VOID*) (UINTN)PhysicalAddress, Leng= th); + } + + while (Length) + { + PageMapLevel4Entry =3D (VOID*) (AsmReadCr3() & ~PgTableMask); + PageMapLevel4Entry +=3D PML4_OFFSET(PhysicalAddress); + if (!PageMapLevel4Entry->Bits.Present) { + DEBUG ((DEBUG_WARN, "ERROR bad PML4 for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + + PageDirectory1GEntry =3D (VOID*) ((PageMapLevel4Entry->Bits.PageTableB= aseAddress<<12) & ~PgTableMask); + PageDirectory1GEntry +=3D PDP_OFFSET(PhysicalAddress); + if (!PageDirectory1GEntry->Bits.Present) { + DEBUG ((DEBUG_WARN, "ERROR bad PDPE for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + + // + // If the MustBe1 bit is not 1, it's not actually a 1GB entry + // + if (PageDirectory1GEntry->Bits.MustBe1) { + // + // Valid 1GB page + // If we have at least 1GB to go, we can just update this entry + // + if (!(PhysicalAddress & (BIT30 - 1)) && Length >=3D BIT30) { + SetOrClearCBit(&PageDirectory1GEntry->Uint64, Mode); + DEBUG ((DEBUG_VERBOSE, "Updated 1GB entry for %lx\n", PhysicalAddr= ess)); + PhysicalAddress +=3D BIT30; + Length -=3D BIT30; + } else { + // + // We must split the page + // + DEBUG ((DEBUG_VERBOSE, "Spliting 1GB page\n")); + Split1GPageTo2M(((UINT64)PageDirectory1GEntry->Bits.PageTableBaseA= ddress)<<30, (UINT64*) PageDirectory1GEntry, 0, 0); + continue; + } + } else { + // + // Actually a PDP + // + PageUpperDirectoryPointerEntry =3D (PAGE_MAP_AND_DIRECTORY_POINTER*)= PageDirectory1GEntry; + PageDirectory2MEntry =3D (VOID*) ((PageUpperDirectoryPointerEntry->B= its.PageTableBaseAddress<<12) & ~PgTableMask); + PageDirectory2MEntry +=3D PDE_OFFSET(PhysicalAddress); + if (!PageDirectory2MEntry->Bits.Present) { + DEBUG ((DEBUG_WARN, "ERROR bad PDE for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + // + // If the MustBe1 bit is not a 1, it's not a 2MB entry + // + if (PageDirectory2MEntry->Bits.MustBe1) { + // + // Valid 2MB page + // If we have at least 2MB left to go, we can just update this ent= ry + // + if (!(PhysicalAddress & (BIT21-1)) && Length >=3D BIT21) { + SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); + DEBUG ((DEBUG_VERBOSE, "Updated 2MB entry for %lx\n", PhysicalAd= dress)); + PhysicalAddress +=3D BIT21; + Length -=3D BIT21; + } else { + // + // We must split up this page into 4K pages + // + DEBUG ((DEBUG_VERBOSE, "Spliting 2MB page at %lx\n", PhysicalAdd= ress)); + Split2MPageTo4K (((UINT64)PageDirectory2MEntry->Bits.PageTableBa= seAddress) << 21, (UINT64*) PageDirectory2MEntry, 0, 0); + continue; + } + } else { + PageDirectoryPointerEntry =3D (PAGE_MAP_AND_DIRECTORY_POINTER*) Pa= geDirectory2MEntry; + PageTableEntry =3D (VOID*) (PageDirectoryPointerEntry->Bits.PageTa= bleBaseAddress<<12 & ~PgTableMask); + PageTableEntry +=3D PTE_OFFSET(PhysicalAddress); + if (!PageTableEntry->Bits.Present) { + DEBUG ((DEBUG_WARN, "ERROR bad PTE for %lx\n", PhysicalAddress)); + return EFI_NO_MAPPING; + } + SetOrClearCBit (&PageTableEntry->Uint64, Mode); + DEBUG ((DEBUG_VERBOSE, "Updated 4KB entry for %lx\n", PhysicalAddr= ess)); + PhysicalAddress +=3D EFI_PAGE_SIZE; + Length -=3D EFI_PAGE_SIZE; + } + } + } + + // + // Flush TLB + // + CpuFlushTlb(); + + return EFI_SUCCESS; +} + +/** + This function clears memory encryption bit for the memory region specifi= ed by + PhysicalAddress and length from the current page table context. + + @param[in] PhysicalAddress The physical address that is the sta= rt + address of a memory region. + @param[in] Length The length of memory region + @param[in] Flush Flush the caches before applying the + encryption mask + + @retval RETURN_SUCCESS The attributes were cleared for the = memory + region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Setting the memory encyrption attrib= ute is + not supported +**/ +EFI_STATUS +EFIAPI +SetMemoryDecrypted ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length, + IN BOOLEAN CacheFlush + ) +{ + + DEBUG ((DEBUG_VERBOSE, "Clear C-bit Base %Lx Length %Lx flush %d\n", Phy= sicalAddress, Length, CacheFlush)); + return SetMemoryEncDec (PhysicalAddress, Length, ClearCBit, CacheFlush); +} + +/** + This function sets memory encryption bit for the memory region specified= by + PhysicalAddress and length from the current page table context. + + @param[in] PhysicalAddress The physical address that is the sta= rt address + of a memory region. + @param[in] Length The length of memory region + @param[in] Flush Flush the caches before applying the + encryption mask + + @retval RETURN_SUCCESS The attributes were cleared for the = memory + region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Setting the memory encyrption attrib= ute is + not supported +**/ +EFI_STATUS +EFIAPI +SetMemoryEncrypted ( + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length, + IN BOOLEAN CacheFlush + ) +{ + DEBUG ((DEBUG_VERBOSE, "Set C-bit Base %Lx Length %Lx flush %d\n", Physi= calAddress, Length, CacheFlush)); + return SetMemoryEncDec (PhysicalAddress, Length, SetCBit, CacheFlush); +} --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138179125997.5167698344228; Tue, 25 Apr 2017 09:36:19 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E33FB2193CF68; Tue, 25 Apr 2017 09:36:14 -0700 (PDT) Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B4B132193CF44 for ; Tue, 25 Apr 2017 09:36:12 -0700 (PDT) Received: by mail-oi0-x242.google.com with SMTP id a3so31962657oii.3 for ; Tue, 25 Apr 2017 09:36:12 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:11 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8ZjosuPj+kbLI8IAu31VoB5CKVo/aLUHmAg4Ed1vcXc=; b=kqAO2qnVuQNAARw5qpoOoq9cTJgVSLgMbnl7hpyd/jdYCx3L/kczRnZ/s0+UhkRtfI xxjyu+DE83fWzyVmP60/uuF6REW6LjMaqKdBaG4jmhDKzbY9A0mxGv1zYkoFfXSpz7xv 5Y0pAIo6sTPaxA4hrA/t7d29DotWKjt/zSoq5kPZKirNLjUVB37uSIC9XdhMiial+hRz 7Go9iZHPIjMk+NKYcqXJ/ZN2Gab7g+80vvVBJl7/NSNorP/nq1vLqX+Kd/QEP//SYQuZ /f3icuW/ZBfgsSNNxp+yCS6oaybhecq1DX3acsI3/E1qBGooxy+sPGH42MSP0nnNClBP naOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8ZjosuPj+kbLI8IAu31VoB5CKVo/aLUHmAg4Ed1vcXc=; b=ko5EJ/bc8lyM8E3gP+24KO391oAJm0ATdIqIocdUJZ/j6WY9l1XhhXh2Es6RsFdiOQ vm6ukk4LhuvHsOC5yLRzX3PiNdxeg0wBYGbHIKm28vjqPH0qT3PP+CUtCmf/WovUlrtU SZZkKAPHpA9cwYmSEmnWhwT2lzma8C13MZL3MrmdrZv1FOoz4rKcDaqStdj4uUe9Ttvz cCMXTkRmBI6r5Cp5p5IPWgGrM0rxEW5TRge1nep4Q4P4HltRqa7/I8j+zMvwN5WnSlW1 D5DUE9SR9bTgCozDNKg/LTnjZcMZFQIPKrF1IpqRdIf0w92moHlsFlcfH4fdl8MP0tSH hw/g== X-Gm-Message-State: AN3rC/7XMVteLT8uMc6PHE0tkC8EUpiQQUhM7VlH4KH575CepYalia1m aBTS/+P17zUQsQ== X-Received: by 10.202.95.3 with SMTP id t3mr2548910oib.74.1493138171917; Tue, 25 Apr 2017 09:36:11 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:14 -0400 Message-Id: <1493138064-7816-6-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 05/15] OvmfPkg/PlatformPei: Set memory encryption PCD when SEV is enabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Secure Encrypted Virtualization (SEV) guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. For data memory, SEV guest VMs can choose which pages they would like to be private. The choice is done using the standard CPU page tables using the C-bit. When building the initial page table we mark all the memory as private. The patch initializes the memory encryption PCD, the PCD is used by DxeCore when building the initial page table. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 3 + OvmfPkg/PlatformPei/PlatformPei.inf | 3 + OvmfPkg/PlatformPei/Platform.h | 5 ++ OvmfPkg/PlatformPei/AmdSev.c | 62 ++++++++++++++++++++ OvmfPkg/PlatformPei/Platform.c | 1 + 7 files changed, 80 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index ea45d8f606ee..04e7e0fe948f 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -507,6 +507,9 @@ [PcdsDynamicDefault] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index dc38c60a70a7..882dc8daacc8 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -515,6 +515,9 @@ [PcdsDynamicDefault] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 99df6d80a395..3cfd09a3f260 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -514,6 +514,9 @@ [PcdsDynamicDefault] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 =20 + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 53c6dd445a0e..a9a7a76c7325 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -29,6 +29,7 @@ [Defines] # =20 [Sources] + AmdSev.c Cmos.c FeatureControl.c Fv.c @@ -60,6 +61,7 @@ [LibraryClasses] QemuFwCfgLib QemuFwCfgS3Lib MtrrLib + MemEncryptSevLib PcdLib =20 [Pcd] @@ -94,6 +96,7 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h index 18f42c3f0ea8..a7729b9df44b 100644 --- a/OvmfPkg/PlatformPei/Platform.h +++ b/OvmfPkg/PlatformPei/Platform.h @@ -88,6 +88,11 @@ XenDetect ( VOID ); =20 +VOID +AmdSevInitialize ( + VOID + ); + extern BOOLEAN mXen; =20 VOID diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c new file mode 100644 index 000000000000..26f7c3fdbb13 --- /dev/null +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -0,0 +1,62 @@ +/**@file + Initialize Secure Encrypted Virtualization (SEV) support + + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the licen= se + may be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ +// +// The package level header files this module uses +// +#include + +#include +#include +#include +#include +#include + +/** + + Function checks if SEV support is available, if present then it sets + the dynamic PcdPteMemoryEncryptionAddressOrMask with memory encryption m= ask. + + **/ +VOID +EFIAPI +AmdSevInitialize ( + VOID + ) +{ + CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx; + UINT64 EncryptionMask; + RETURN_STATUS PcdStatus; + + // + // Check if SEV is enabled + // + if (!MemEncryptSevIsEnabled ()) { + return; + } + + // + // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position) + // + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL); + EncryptionMask =3D LShiftU64 (1, Ebx.Bits.PtePosBits); + + // + // Set Memory Encryption Mask PCD + // + PcdStatus =3D PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, Encryption= Mask); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask)); +} diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index 77a8a16c15b8..49e6c668015a 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -667,6 +667,7 @@ InitializePlatform ( NoexecDxeInitialization (); } =20 + AmdSevInitialize (); MiscInitialization (); InstallFeatureControlCallback (); =20 --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138182459827.2172004631722; Tue, 25 Apr 2017 09:36:22 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 256BF2193CF44; Tue, 25 Apr 2017 09:36:16 -0700 (PDT) Received: from mail-oi0-x241.google.com (mail-oi0-x241.google.com [IPv6:2607:f8b0:4003:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D6EDB2193CF66 for ; Tue, 25 Apr 2017 09:36:14 -0700 (PDT) Received: by mail-oi0-x241.google.com with SMTP id m34so28207627oik.2 for ; Tue, 25 Apr 2017 09:36:14 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:12 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KwRyTw0nv4O2O7XWys+fz5Mfu4v03fptsq+8EGGcGgI=; b=VgKfpvnP0u44wzvTAmBP1vhNqOUsMIVl7i65rY6L4nshjr0BTttjkp2lV+bxxa15Ya b3uoDKF2d1TboaNu5/QoRg7g1t+LFPxcXofZrKi+QVZcW3Bw0utQLm8V66BF6XFCDGyD 4oCTnz2GYqNU/A9f/sCzByRZGbuntsHUxxJ08hC1mFTIuLIpEy77JejDP4ZbALb4eC3I qelzlTqwgQW3nbBIaO799FPZxhbP+MxWNYWfwhMNDwqq43FR0We9G7jIvp7Ydd7UoAED WH0RX2Xg6q5l9enbOBSkhHXwNcA6ygH8IgEpzfIH62/GxRn74W55F33qZx1WdvLsrb+n Cv7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KwRyTw0nv4O2O7XWys+fz5Mfu4v03fptsq+8EGGcGgI=; b=kmUEHe6U5soKmwv5LiN9rFQ2nZqBHHGSgjKJajCat5qxoVcojOoglzItHJNiEF/fuw rw9ef6rYvUzl9QbSQa65iPfUDk6hYm3ph39VxHZStGrV79ZTIsWlUr6KTPeyYO9moe/o mMXO4yDxQo38aFu20RHvW8HDpetxypRJi1LwAdzKB0sXlet0AynlnPne0sZDgMqvM/oW FgsNUHyfugOvY9ELHYoRxJHMWIewwQOyAfLmkHtVsSMwlOcp1hybfv6meQK1MQHYKhed 4ySJU4TRuuP3M/LdFLcfP/veh3sDVm0fb5TgwTVq2dNSDn8U8xl+HdHZo4yI4s58fIkV g1pA== X-Gm-Message-State: AN3rC/7hizkjZ9Ny84tW0j4fXUIegvSw9Nt4uubACawijVlXPZbQBVr9 nz75BWK4m/L+tNhQUAU= X-Received: by 10.202.175.133 with SMTP id y127mr17528834oie.97.1493138173646; Tue, 25 Apr 2017 09:36:13 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:15 -0400 Message-Id: <1493138064-7816-7-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 06/15] OvmfPkg/DxeBmDmaLib: Import DxeBmDmaLib package X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Import DxeBmDmaLib package in OvmfPkg, we need to modify the package to include SEV support. The BmDmaLib is proposed by Leo Duran https://lists.01.org/pipermail/edk2-devel/2017-March/008109.html NOTE: This patch is still under discussion and have not been accepted upstream. Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 41 +++ OvmfPkg/Include/Library/BmDmaLib.h | 161 +++++++++ OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 351 ++++++++++++++++++++ 6 files changed, 556 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 04e7e0fe948f..0475e10e484a 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -91,7 +91,7 @@ [LibraryClasses] UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - BmDmaLib|MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf + BmDmaLib|OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 882dc8daacc8..408ab37e4a88 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -96,7 +96,7 @@ [LibraryClasses] UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - BmDmaLib|MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf + BmDmaLib|OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3cfd09a3f260..dd3674a5d6dc 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -96,7 +96,7 @@ [LibraryClasses] UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - BmDmaLib|MdeModulePkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf + BmDmaLib|OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/= DxeBmDmaLib/DxeBmDmaLib.inf new file mode 100644 index 000000000000..4ddb27d578bc --- /dev/null +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf @@ -0,0 +1,41 @@ +## @file +# +# DMA abstraction library APIs. Based on PCI IO protocol DMA abstractions. +# +# Copyright (c) 2008 - 2010, Apple Inc. All rights reserved.
+# Copyright (c) 2017, AMD Inc. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the B= SD License +# which accompanies this distribution. The full text of the license may = be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D DxeBmDmaLib + FILE_GUID =3D daa403e0-071d-44ef-95cf-7f2472e4a4d5 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BmDmaLib|DXE_DRIVER + +[Sources.common] + DxeBmDmaLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + DxeServicesTableLib + MemoryAllocationLib + UefiBootServicesTableLib + + diff --git a/OvmfPkg/Include/Library/BmDmaLib.h b/OvmfPkg/Include/Library/B= mDmaLib.h new file mode 100644 index 000000000000..070340c9cca8 --- /dev/null +++ b/OvmfPkg/Include/Library/BmDmaLib.h @@ -0,0 +1,161 @@ +/** @file + DMA abstraction library APIs. Based on PCI IO protocol DMA abstractions. + + Copyright (c) 2008 - 2010, Apple Inc. All rights reserved.
+ Copyright (c) 2017, AMD Inc. All rights reserved.
+ + DMA Bus Master Read Operation: + Call BmDmaMap() for DmaOperationBusMasterRead. + Program the DMA Bus Master with the DeviceAddress returned by BmDmaMap= (). + Start the DMA Bus Master. + Wait for DMA Bus Master to complete the read operation. + Call BmDmaUnmap(). + + DMA Bus Master Write Operation: + Call BmDmaMap() for DmaOperationBusMasterWrite. + Program the DMA Bus Master with the DeviceAddress returned by BmDmaMap= (). + Start the DMA Bus Master. + Wait for DMA Bus Master to complete the write operation. + Call BmDmaUnmap(). + + DMA Bus Master Common Buffer Operation: + Call BmDmaAllocateBuffer() to allocate a common buffer. + Call BmDmaMap() for DmaOperationBusMasterCommonBuffer. + Program the DMA Bus Master with the DeviceAddress returned by BmDmaMap= (). + The common buffer can now be accessed equally by the processor and the= DMA bus master. + Call BmDmaUnmap(). + Call BmDmaFreeBuffer(). + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + + Derived from: + EmbeddedPkg/Include/Library/DmaLib.h + +**/ + +#ifndef __BM_DMA_LIB_H__ +#define __BM_DMA_LIB_H__ + + +typedef enum { + /// + /// A read operation from system memory by a bus master. + /// + DmaOperationBusMasterRead, + /// + /// A write operation from system memory by a bus master. + /// + DmaOperationBusMasterWrite, + /// + /// Provides both read and write access to system memory by both the pro= cessor and a + /// bus master. The buffer is coherent from both the processor's and the= bus master's point of view. + /// + DmaOperationBusMasterCommonBuffer, + DmaOperationBusMasterMaximum +} BM_DMA_OPERATION; + + +/** + Provides the DMA controller-specific addresses needed to access system m= emory. + + Operation is relative to the DMA bus master. + + @param DmaAbove4GB Indicates capability of DMA operations abo= ve 4GB. + @param Operation Indicates if the bus master is going to re= ad or write to system memory. + @param HostAddress The system memory address to map to the DM= A controller. + @param NumberOfBytes On input the number of bytes to map. On ou= tput the number of bytes + that were mapped. + @param DeviceAddress The resulting map address for the bus mast= er controller to use to + access the hosts HostAddress. + @param Mapping A resulting value to pass to BmDmaUnmap(). + + @retval EFI_SUCCESS The range was mapped for the returned Numb= erOfBytes. + @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a comm= on buffer. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to = a lack of resources. + @retval EFI_DEVICE_ERROR The system hardware could not map the requ= ested address. + +**/ +EFI_STATUS +EFIAPI +BmDmaMap ( + IN BOOLEAN DmaAbove4GB, + IN BM_DMA_OPERATION Operation, + IN VOID *HostAddress, + IN OUT UINTN *NumberOfBytes, + OUT PHYSICAL_ADDRESS *DeviceAddress, + OUT VOID **Mapping + ); + + +/** + Completes the DmaOperationBusMasterRead/Write/CommonBuffer operation + and releases any corresponding resources. + + @param Mapping The mapping value returned from BmDmaMap(). + + @retval EFI_SUCCESS The range was unmapped. + @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem memory. + +**/ +EFI_STATUS +EFIAPI +BmDmaUnmap ( + IN VOID *Mapping + ); + + +/** + Allocates pages that are suitable for a BmDmaMap() of type DmaOperationB= usMasterCommonBuffer. + + @param DmaAbove4GB Indicates capability of DMA operations abo= ve 4GB. + @param MemoryType The type of memory to allocate: EfiBootSer= vicesData or + EfiRuntimeServicesData. + @param Pages The number of pages to allocate. + @param HostAddress A pointer to store the base system memory = address of the + allocated range. + + @retval EFI_SUCCESS The requested memory pages were allocated. + @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal = attribute bits are + MEMORY_WRITE_COMBINE and MEMORY_CACHED. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. + +**/ +EFI_STATUS +EFIAPI +BmDmaAllocateBuffer ( + IN BOOLEAN DmaAbove4GB, + IN EFI_MEMORY_TYPE MemoryType, + IN UINTN Pages, + OUT VOID **HostAddress + ); + + +/** + Frees memory that was allocated with BmDmaAllocateBuffer(). + + @param HostAddress The base system memory address of the allo= cated range. + @param Pages The number of pages to free. + + @retval EFI_SUCCESS The requested memory pages were freed. + @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress = and Pages + was not allocated with BmDmaAllocateBuffer= (). + +**/ +EFI_STATUS +EFIAPI +BmDmaFreeBuffer ( + IN VOID *HostAddress, + IN UINTN Pages + ); + + +#endif + diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/Dx= eBmDmaLib/DxeBmDmaLib.c new file mode 100644 index 000000000000..4a6a704f9aa5 --- /dev/null +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c @@ -0,0 +1,351 @@ +/** @file + DMA abstraction library APIs. Based on PCI IO protocol DMA abstractions. + + Copyright (c) 2008 - 2010, Apple Inc. All rights reserved.
+ Copyright (c) 2017, AMD Inc. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + + Derived from: + MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + + +#define FORCE_BELOW_4GB_TRUE TRUE +#define FORCE_BELOW_4GB_FALSE FALSE +#define NO_MAPPING (VOID *) (UINTN) -1 + + +typedef struct { + BM_DMA_OPERATION Operation; + UINTN NumberOfBytes; + UINTN NumberOfPages; + EFI_PHYSICAL_ADDRESS HostAddress; + EFI_PHYSICAL_ADDRESS MappedHostAddress; +} MAP_INFO; + + +EFI_STATUS +AllocateBounceBuffer ( + IN BOOLEAN ForceBelow4GB, + IN BM_DMA_OPERATION Operation, + IN EFI_PHYSICAL_ADDRESS HostAddress, + IN OUT UINTN *NumberOfBytes, + OUT PHYSICAL_ADDRESS *DeviceAddress, + OUT VOID **Mapping + ) +{ + EFI_STATUS Status; + MAP_INFO *MapInfo; + EFI_ALLOCATE_TYPE AllocateType; + + // + // Allocate a MAP_INFO structure to remember the mapping when Unmap() is + // called later. + // + MapInfo =3D AllocatePool (sizeof (MAP_INFO)); + if (MapInfo =3D=3D NULL) { + *NumberOfBytes =3D 0; + return EFI_OUT_OF_RESOURCES; + } + + // + // Initialize the MAP_INFO structure + // + MapInfo->Operation =3D Operation; + MapInfo->NumberOfBytes =3D *NumberOfBytes; + MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes); + MapInfo->HostAddress =3D HostAddress; + + if (ForceBelow4GB) { + // + // Limit allocations to memory below 4GB + // + AllocateType =3D AllocateMaxAddress; + MapInfo->MappedHostAddress =3D SIZE_4GB - 1; + } else { + AllocateType =3D AllocateAnyPages; + } + + // + // Allocate DMA bounce buffer + // + Status =3D gBS->AllocatePages ( + AllocateType, + EfiBootServicesData, + MapInfo->NumberOfPages, + &MapInfo->MappedHostAddress + ); + + if (EFI_ERROR (Status)) { + FreePool (MapInfo); + *NumberOfBytes =3D 0; + return Status; + } + + // + // If this is a read operation from the Bus Master's point of view, + // then copy the contents of the real buffer into the mapped buffer + // so the Bus Master can read the contents of the real buffer. + // + if (Operation =3D=3D DmaOperationBusMasterRead) { + CopyMem ( + (VOID *) (UINTN) MapInfo->MappedHostAddress, + (VOID *) (UINTN) MapInfo->HostAddress, + MapInfo->NumberOfBytes + ); + } + + // + // The DeviceAddress is the address of the mapped buffer + // + *DeviceAddress =3D MapInfo->MappedHostAddress; + + // + // Return a pointer to the MAP_INFO structure in Mapping + // + *Mapping =3D MapInfo; + + return EFI_SUCCESS; +} + + +/** + Provides the DMA controller-specific addresses needed to access system m= emory. + + Operation is relative to the DMA bus master. + + @param DmaAbove4GB Indicates capability of DMA operations abo= ve 4GB. + @param Operation Indicates if the bus master is going to re= ad or write to system memory. + @param HostAddress The system memory address to map to the DM= A controller. + @param NumberOfBytes On input the number of bytes to map. On ou= tput the number of bytes + that were mapped. + @param DeviceAddress The resulting map address for the bus mast= er controller to use to + access the hosts HostAddress. + @param Mapping A resulting value to pass to BmDmaUnmap(). + + @retval EFI_SUCCESS The range was mapped for the returned Numb= erOfBytes. + @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a comm= on buffer. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to = a lack of resources. + @retval EFI_DEVICE_ERROR The system hardware could not map the requ= ested address. + +**/ +EFI_STATUS +EFIAPI +BmDmaMap ( + IN BOOLEAN DmaAbove4GB, + IN BM_DMA_OPERATION Operation, + IN VOID *HostAddress, + IN OUT UINTN *NumberOfBytes, + OUT PHYSICAL_ADDRESS *DeviceAddress, + OUT VOID **Mapping + ) +{ + EFI_PHYSICAL_ADDRESS PhysicalAddress; + + // + // Check for invalid inputs + // + if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || + Mapping =3D=3D NULL || (UINT32) Operation >=3D DmaOperationBusMaster= Maximum) { + return EFI_INVALID_PARAMETER; + } + + PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; + if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <=3D SIZE_4GB) { + // + // If we CAN handle DMA above 4GB or the transfer is below 4GB, + // the DeviceAddress is simply the HostAddress + // + *DeviceAddress =3D PhysicalAddress; + *Mapping =3D NO_MAPPING; + + return EFI_SUCCESS; + } + + // + // If we cannot handle DMA above 4GB and any part of the DMA transfer + // being is above 4GB, then map the DMA transfer to a buffer below 4GB. + // + if (Operation =3D=3D DmaOperationBusMasterCommonBuffer) { + // + // Common Buffer operations cannot be remapped, so return an error. + // + return EFI_UNSUPPORTED; + } + + return AllocateBounceBuffer ( + FORCE_BELOW_4GB_TRUE, + Operation, + PhysicalAddress, + NumberOfBytes, + DeviceAddress, + Mapping + ); +} + + +/** + Completes the DmaOperationBusMasterRead/Write/CommonBuffer operation + and releases any corresponding resources. + + @param Mapping The mapping value returned from BmDmaMap(). + + @retval EFI_SUCCESS The range was unmapped. + @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem memory. + +**/ +EFI_STATUS +EFIAPI +BmDmaUnmap ( + IN VOID *Mapping + ) +{ + MAP_INFO *MapInfo; + + // + // Check for invalid inputs + // + if (Mapping =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // See if the Map() operation associated with this Unmap() required a ma= pping + // buffer. If a mapping buffer was not required, then this function simp= ly + // returns EFI_SUCCESS. + // + if (Mapping =3D=3D NO_MAPPING) { + return EFI_SUCCESS; + } + + // + // If this is a write operation from the Bus Master's point of view, + // then copy the contents of the mapped buffer into the real buffer + // so the processor can read the contents of the real buffer. + // + MapInfo =3D (MAP_INFO *)Mapping; + if (MapInfo->Operation =3D=3D DmaOperationBusMasterWrite) { + CopyMem ( + (VOID *) (UINTN) MapInfo->HostAddress, + (VOID *) (UINTN) MapInfo->MappedHostAddress, + MapInfo->NumberOfBytes + ); + } + + // + // Free the mapped buffer and the MAP_INFO structure. + // + gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); + FreePool (Mapping); + return EFI_SUCCESS; +} + + +/** + Allocates pages that are suitable for a BmDmaMap() of type DmaOperationB= usMasterCommonBuffer. + + @param DmaAbove4GB Indicates capability of DMA operations abo= ve 4GB. + @param MemoryType The type of memory to allocate: EfiBootSer= vicesData or + EfiRuntimeServicesData. + @param Pages The number of pages to allocate. + @param HostAddress A pointer to store the base system memory = address of the + allocated range. + + @retval EFI_SUCCESS The requested memory pages were allocated. + @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal = attribute bits are + MEMORY_WRITE_COMBINE and MEMORY_CACHED. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. + +**/ +EFI_STATUS +EFIAPI +BmDmaAllocateBuffer ( + IN BOOLEAN DmaAbove4GB, + IN EFI_MEMORY_TYPE MemoryType, + IN UINTN Pages, + OUT VOID **HostAddress + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS PhysicalAddress; + EFI_ALLOCATE_TYPE AllocateType; + + // + // Check for invalid inputs + // + if (HostAddress =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // The only valid memory types are EfiBootServicesData and + // EfiRuntimeServicesData + // + if (MemoryType !=3D EfiBootServicesData && + MemoryType !=3D EfiRuntimeServicesData) { + return EFI_INVALID_PARAMETER; + } + + if (DmaAbove4GB) { + AllocateType =3D AllocateAnyPages; + } else { + // + // Limit allocations to memory below 4GB + // + AllocateType =3D AllocateMaxAddress; + PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1); + } + Status =3D gBS->AllocatePages ( + AllocateType, + MemoryType, + Pages, + &PhysicalAddress + ); + if (!EFI_ERROR (Status)) { + *HostAddress =3D (VOID *) (UINTN) PhysicalAddress; + } + + return Status; +} + + +/** + Frees memory that was allocated with BmDmaAllocateBuffer(). + + @param HostAddress The base system memory address of the allo= cated range. + @param Pages The number of pages to free. + + @retval EFI_SUCCESS The requested memory pages were freed. + @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress = and Pages + was not allocated with BmDmaAllocateBuffer= (). + +**/ +EFI_STATUS +EFIAPI +BmDmaFreeBuffer ( + IN VOID *HostAddress, + IN UINTN Pages + ) +{ + return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); +} + --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138186183174.61699333228046; Tue, 25 Apr 2017 09:36:26 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 549E52193CF67; Tue, 25 Apr 2017 09:36:18 -0700 (PDT) Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CB6582193CF44 for ; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) Received: by mail-oi0-x242.google.com with SMTP id m34so28207792oik.2 for ; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:14 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lLMUDOZmYXM1ByWLL1bzWFXlpXMuwNkiJyHQmNXRaLU=; b=stJ69d+FEY8R+8wjflqNOQXoZmE1O92jaFDs/vU5oUGxXJT+n+4S1k+KzrDsB0VaIr nt8/PMYdk6SwvhKfRl0lbtB2o7fJZsdb5NupLlydBn/9tWkahzcw/1WJIgNq4WUCLuY5 6dJMFLRI22PEpyXI6Z+5IaUfkNoMaxWmKSZPh5zBW4hfan8Syc8bc343zmdCkj/GsJVs W23R+R1HBoatUEr4b2CC5GTccp0qKhktvQkFt6PXVmGJdvxvFatBAmQENPKBh+oeTZIR IX0z/1MMn8ZXqBc4sjEV2FDjvdPyhlpkVVS67QffN2wgNEwTKlmOkXRggtoe5EIYmlOC jCFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lLMUDOZmYXM1ByWLL1bzWFXlpXMuwNkiJyHQmNXRaLU=; b=fRgwBbjxzaxCjLL5B9yXh9rNaGWqesuZpL8XhgbgGMqbWk0doGZDXSRT/gfKBGNUoR aW0qlxA81F7U0PdIG7Te5GmrtXgyRubX0GcYTFnQ/CIjRshbhyubfZc19UVJQofIpISN dxqTLciJiuWNqvdE4r9lR3MKpnRHALG8zHp1zrzyeHPWQ4gd6MvRu1K6zkVdiMrZ8E54 LcFXyCUbV8aasWzm9G9tWHrwokeh6iA+sOPfatlaBVsO/k8Ig8bhHPLT+XI0n5KjdGv7 pfIk9gj11JCRM40qIv55qh4UuCk+steeCeBs+u2H38LNVeJB81eP4KveM3vqmWTwePa5 kqDg== X-Gm-Message-State: AN3rC/6QWRGl97lrt6k3VJ/ZFTJvVlFhhEB7CmRcYK7Jm3F1CeFIpQZp eyPtUPDTMXiWag== X-Received: by 10.202.86.13 with SMTP id k13mr14554947oib.39.1493138175118; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:16 -0400 Message-Id: <1493138064-7816-8-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 07/15] OvmfPkg/BmDmaLib: Add SEV support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, the DMA operations must be performed on a shared (i.e unencrypted) pages. The patch adds SEV specific hooks to use the bounce buffer when caller map/unmap host address to a DMA address and similarly clears/set memory encryption attribute when caller allocates or free the DMA pages. Signed-off-by: Brijesh Singh --- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 3 +- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 60 +++++++++++++++++++- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/= DxeBmDmaLib/DxeBmDmaLib.inf index 4ddb27d578bc..fb97caa79827 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf @@ -29,6 +29,7 @@ [Sources.common] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec =20 [LibraryClasses] BaseLib @@ -37,5 +38,5 @@ [LibraryClasses] DxeServicesTableLib MemoryAllocationLib UefiBootServicesTableLib - + MemEncryptSevLib =20 diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/Dx= eBmDmaLib/DxeBmDmaLib.c index 4a6a704f9aa5..7a79c7091004 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c @@ -25,6 +25,7 @@ #include #include #include +#include =20 =20 #define FORCE_BELOW_4GB_TRUE TRUE @@ -100,6 +101,15 @@ AllocateBounceBuffer ( } =20 // + // Clear C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, = MapInfo->NumberOfPages, TRUE); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. @@ -170,6 +180,23 @@ BmDmaMap ( =20 PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <=3D SIZE_4GB) { + + // + // When SEV is enabled the DMA operation must be performed on shared p= ages. We force to use the + // bounce buffer path which will take care of allocating shared Dma bu= ffers mapping + // + if (MemEncryptSevIsEnabled () && + (Operation =3D=3D DmaOperationBusMasterRead || Operation =3D=3D Dm= aOperationBusMasterWrite)) { + return AllocateBounceBuffer ( + FORCE_BELOW_4GB_FALSE, + Operation, + PhysicalAddress, + NumberOfBytes, + DeviceAddress, + Mapping + ); + } + // // If we CAN handle DMA above 4GB or the transfer is below 4GB, // the DeviceAddress is simply the HostAddress @@ -218,7 +245,8 @@ BmDmaUnmap ( IN VOID *Mapping ) { - MAP_INFO *MapInfo; + MAP_INFO *MapInfo; + EFI_STATUS Status; =20 // // Check for invalid inputs @@ -251,6 +279,17 @@ BmDmaUnmap ( } =20 // + // When SEV is enabled then Dma buffer allocate by bounce buffer have C-= bit cleared, + // restore the C-bit before we release the resources + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, Ma= pInfo->NumberOfPages, TRUE); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + + // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); @@ -322,8 +361,15 @@ BmDmaAllocateBuffer ( ); if (!EFI_ERROR (Status)) { *HostAddress =3D (VOID *) (UINTN) PhysicalAddress; + // + // Clear C-bit on Dma pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevClearPageEncMask (PhysicalAddress, Pages, TR= UE); + } } =20 + return Status; } =20 @@ -346,6 +392,18 @@ BmDmaFreeBuffer ( IN UINTN Pages ) { + EFI_STATUS Status; + + // + // Restore the C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages, TR= UE); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); } =20 --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138189134409.78361954820434; Tue, 25 Apr 2017 09:36:29 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 7E64B21DFA7AF; Tue, 25 Apr 2017 09:36:18 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6E24E2193CF67 for ; Tue, 25 Apr 2017 09:36:17 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id a3so31963290oii.3 for ; Tue, 25 Apr 2017 09:36:17 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:16 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=6RH7uwXGGZXhiJw9oX2jJ0WlLjfFMQcfSWPHQlO2/gE=; b=up0IlAR1ZQFWj9CypaogOD5sYr2exRyB0Po4502ZRp+q/wBdZbvurem/3JViO2A/Yt HUjka61edv7WBydULknOOgBCVFxzTgDg++yc9JvJdI7JX65XfnnwMvH5qhZaspDe3Ccu UTcnddmXNzQFPBRSOkxCZPwaS5FhPVUq8C4vnezDaSbDsVYhUMgQ3KV+u4yQCSfXUzOy NLtf7TPkSD8oDtdPkXqwDZLHTh2Ls7N37NzYg9P3tNJjn/CMpm3bZ/QkQcAk8Jg+QtUf spw2WuTZ/+uMkRnfIeK+bPf3eQxK8OEzzlhqyS0gXSWz/4kheyizsF/4yKSp3/94AkC9 B7Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6RH7uwXGGZXhiJw9oX2jJ0WlLjfFMQcfSWPHQlO2/gE=; b=diP9e9SlP9T2ScW6v+z+GhVPrOt1AjDO6DHkny3fy29chJ4++sqrMMPGzRPEjotn4q mUZhgxctuRkTcy30kvzA0doUnazzv+KmwOnafwCezQdvH1JXV7MlXPw6vJHGAA7bG0YJ s25fxacqyECa0X8RdFUoyYMJKlktb1IHnsCKsJVX7vuoTqa3azb9k0c7ccCvFDVdej7E o5Ck1TaokMnQUL529UbbTFcicMXt/pcwyysNdICcN1jG8B5pHmqczlppndqvME1CZ30c w0uGPQ5/nZD8p7egfclhCGMjbISiP53z1bEZkqjOVO2fAJG16YpTFoot37NsTzUO7DWI 17tg== X-Gm-Message-State: AN3rC/60UCr/g7z3UuT2MIMcOCJm2QRcX9c4Sl8ZSY6DbEt+V46pEPk0 17N/1lqcPHV82w== X-Received: by 10.202.170.200 with SMTP id t191mr15779812oie.10.1493138176646; Tue, 25 Apr 2017 09:36:16 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:17 -0400 Message-Id: <1493138064-7816-9-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 08/15] OvmfPkg/QemuFwCfgLib: Provide Pei and Dxe specific library X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Current QemuFwCfgLib.inf is used in both Pei and Dxe phases. Add Pei and Dxe inf file to provide a seperate QemuFwCfg library for Pei and Dxe phase. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32.dsc | 3= ++- OvmfPkg/OvmfPkgIa32X64.dsc | 3= ++- OvmfPkg/OvmfPkgX64.dsc | 3= ++- OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf =3D> QemuFwCfgDxeLib.inf} |= 6 +++--- OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf =3D> QemuFwCfgPeiLib.inf} |= 6 +++--- OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgPeiDxe.c =3D> QemuFwCfgDxe.c} |= 0 OvmfPkg/Library/QemuFwCfgLib/{QemuFwCfgPeiDxe.c =3D> QemuFwCfgPei.c} |= 0 7 files changed, 12 insertions(+), 9 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 0475e10e484a..64b13bea894e 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -123,7 +123,7 @@ [LibraryClasses] DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf - QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf @@ -240,6 +240,7 @@ [LibraryClasses.common.PEIM] CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE= xceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 408ab37e4a88..da7b8d398462 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -128,7 +128,7 @@ [LibraryClasses] DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf - QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf @@ -245,6 +245,7 @@ [LibraryClasses.common.PEIM] CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE= xceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index dd3674a5d6dc..8bf7cf8e75a6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -128,7 +128,7 @@ [LibraryClasses] DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf - QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf @@ -245,6 +245,7 @@ [LibraryClasses.common.PEIM] CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE= xceptionHandlerLib.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/OvmfPkg/Librar= y/QemuFwCfgLib/QemuFwCfgDxeLib.inf similarity index 83% copy from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf copy to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf index 689476032d39..346bb881ffc1 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf @@ -19,10 +19,10 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D QemuFwCfgLib - FILE_GUID =3D fdd53716-31e1-4acc-9007-8bd5d877c96f + FILE_GUID =3D 80474090-55e7-4c28-b25c-9f236ba41f28 MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D QemuFwCfgLib|PEIM DXE_DRIVER DXE_RUNT= IME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS =3D QemuFwCfgLib|DXE_DRIVER DXE_RUNTIME_D= RIVER DXE_SMM_DRIVER =20 CONSTRUCTOR =3D QemuFwCfgInitialize =20 @@ -35,7 +35,7 @@ [Defines] [Sources] QemuFwCfgLibInternal.h QemuFwCfgLib.c - QemuFwCfgPeiDxe.c + QemuFwCfgDxe.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/OvmfPkg/Librar= y/QemuFwCfgLib/QemuFwCfgPeiLib.inf similarity index 83% rename from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf rename to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf index 689476032d39..4f966a85088a 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf @@ -19,10 +19,10 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D QemuFwCfgLib - FILE_GUID =3D fdd53716-31e1-4acc-9007-8bd5d877c96f + FILE_GUID =3D ddd4f5f0-5304-42a8-9efa-d14bf11a3533 MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D QemuFwCfgLib|PEIM DXE_DRIVER DXE_RUNT= IME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS =3D QemuFwCfgLib|PEIM =20 CONSTRUCTOR =3D QemuFwCfgInitialize =20 @@ -35,7 +35,7 @@ [Defines] [Sources] QemuFwCfgLibInternal.h QemuFwCfgLib.c - QemuFwCfgPeiDxe.c + QemuFwCfgPei.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c b/OvmfPkg/Libra= ry/QemuFwCfgLib/QemuFwCfgDxe.c similarity index 100% copy from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c copy to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c b/OvmfPkg/Libra= ry/QemuFwCfgLib/QemuFwCfgPei.c similarity index 100% rename from OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiDxe.c rename to OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138192412388.4987692862903; Tue, 25 Apr 2017 09:36:32 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id AAE6E21951C86; Tue, 25 Apr 2017 09:36:20 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E70C521951C82 for ; Tue, 25 Apr 2017 09:36:18 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id w12so7958475oiw.0 for ; Tue, 25 Apr 2017 09:36:18 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:17 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=vbehmsLBsi0Y+GtUtFyX7bc7EfA+ZpyaWgDyREgHToU=; b=An/p8iCJWBs2Oz+whx2KYvCd5zpO3UkhAJhuDil2PT9dSgxIHkkTpq94hAp84K/F4R F2M/MpG/rvtUYOUiNmPWKtzPqajsnBFL+cyGQnmnRw2TyG8Y94t1UYqS0YlS/9FThypE F/rlr/M09ENY0rWnYUcsZoL84b56k/Z+DSSjI43IsB2LbBFmJhHC4davuJuhVGVVD2Qh lu+qaunQaL806JXRWFnxj/+EaBNaXw5IGSf/suYaxLdhBoxJ75hQzlQOVItfbfxs6fMt cwqIFj6QdJbDCQBAew0Mu/77hYlw8ja22Q9GHXfMIocSTo175SvhIK17L8O5SgS4RKIO Q6UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vbehmsLBsi0Y+GtUtFyX7bc7EfA+ZpyaWgDyREgHToU=; b=aaW4chVzQkl2Esk3Lz8mWMRDsPWCS/RdMEo1y2a/liQ/EuCHPh5Lq7lIDLAxPgIe9s zO/FQyw30gof1vAe3dPxQ5U17GR6xJU7FJ2BZjccdiJjhWFU4xS9FxBrTNGPkKU20hgU M1YPd2IZZkA10fZrXYXt5o7Hy/N8ynFJsPHO21PfkTVA/OB1AMqaE2jWWAtNS/Y+5H9r sig7E4/NLQtyEYtqbCQWTISV0rVChz0xQje0bJRcJz/WVqsZiNPpwRjkvwvsaaY/4vMP z7KxgGy18P4K2JRbrYbdebaP6znrLpLsl7Vxsih/B6KQCbBAHOEmhg3UuQAxN5gWPtF/ Oeyg== X-Gm-Message-State: AN3rC/6VqFy6P0WjM+RB7B88xcqJcWLsMY4OQFxoytmdu4sl0DUkP4Gv epKPSXE3evvrBg== X-Received: by 10.202.175.23 with SMTP id y23mr17869307oie.155.1493138178175; Tue, 25 Apr 2017 09:36:18 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:18 -0400 Message-Id: <1493138064-7816-10-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 09/15] OvmfPkg/QemuFwCfgLib: Prepare for SEV support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Add SEV specific internal functions which will be used while intergrating the SEV support into QemuFwCfgLib. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h | 36 +++++++++++++++++= +++ 1 file changed, 36 insertions(+) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h b/OvmfPkg/= Library/QemuFwCfgLib/QemuFwCfgLibInternal.h index 6e87c625102e..87573ff2fbe3 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h @@ -43,4 +43,40 @@ InternalQemuFwCfgDmaIsAvailable ( VOID ); =20 +/** + Returns a boolean indicating whether SEV support is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is disabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ); + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ); + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ); #endif --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138195386981.3205737010696; Tue, 25 Apr 2017 09:36:35 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D8DEA21951C8B; Tue, 25 Apr 2017 09:36:22 -0700 (PDT) Received: from mail-oi0-x241.google.com (mail-oi0-x241.google.com [IPv6:2607:f8b0:4003:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 54FF421951C84 for ; Tue, 25 Apr 2017 09:36:20 -0700 (PDT) Received: by mail-oi0-x241.google.com with SMTP id w12so7958660oiw.0 for ; Tue, 25 Apr 2017 09:36:20 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:19 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nIFJOt/eHHKKCgx/s9SD1ncW9c8NR53pGMzJXXoVg84=; b=WSbg/TFriEcgSArlwMZWqA4HY8n3Ro+RuF8Btm1yLDbwF9BbM8tF4uyfncTjEuHksg 98JKXQO/Kgk8tNnsxW7vLlOrxzECEixx7zosiqdcAftANY0y3mxnrC0wpZfXZFBuJuC6 XeR9yQurgS1ofn8RTgsHT7RB7tpAs5kSLn2Z4789DL9qmGTo9xzArdk3DM3XEP9gfnya RcXKX8pTnte8AupqllgfXROuB8xgdUtUatNq1XhtkQXeuUa4beNbo9Jf3Nw0o2N4jhQG b6IAOy7+j+5vdaxgKUEqG3JPBe/VlpITWT1qJkAP0kJCWKelsv4Fo42yJxBHefFc1FrH Gyjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nIFJOt/eHHKKCgx/s9SD1ncW9c8NR53pGMzJXXoVg84=; b=E+pFr+gP85XiACn1XaEPMLphhIMiGMpcDDu9EweoU0iQd0AjptIsqPWAIuBjlfZpjp T7LUsKc/z/MulLD9dtw/k4roEuIoo6ORuQ877x4+ei1sY68P28/9T+UkE+8O9r366Q1n dqaXua0V5u94nzDfX/E5tb82pt5qK3qCHaOqzYCI+Yq8RVER/bZA4LKQnXO/yL1TR7UX POoQ/So44pbx0/ehnQRF07xwwgKj2a+9dCQxFiDnsUEj4ORtckImfk5/OQn/JUQ4mjWK m3nsaO2dO/VQ7GXejfdRQVacWDDQdvOy2CWsqaEMz/tcTpw/rgeMjIrxl3z37N8WDmPt JtQw== X-Gm-Message-State: AN3rC/6pMYwjOz9be2OQDXXtE5WXqxMJ+73bGSLjO7Jmd0XGCo7l8qv9 M0m7i3Gzbr9Rgvh+5Gw= X-Received: by 10.202.196.70 with SMTP id u67mr17828245oif.190.1493138179512; Tue, 25 Apr 2017 09:36:19 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:19 -0400 Message-Id: <1493138064-7816-11-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 10/15] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for SEC phase X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf | 1 + OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c | 57 ++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf b/OvmfPkg/Lib= rary/QemuFwCfgLib/QemuFwCfgSecLib.inf index 7a96575d1851..b782ac6c0aa2 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf @@ -45,4 +45,5 @@ [LibraryClasses] DebugLib IoLib MemoryAllocationLib + MemEncryptSevLib =20 diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgSec.c index 465ccbe90dad..cd04cc814063 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c @@ -6,6 +6,7 @@ =20 Copyright (C) 2013, Red Hat, Inc. Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this @@ -18,6 +19,7 @@ =20 #include #include +#include =20 #include "QemuFwCfgLibInternal.h" =20 @@ -94,3 +96,58 @@ InternalQemuFwCfgDmaIsAvailable ( { return FALSE; } + +/** + + Returns a boolean indicating whether SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is disabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ) +{ + return MemEncryptSevIsEnabled (); +} + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138198923297.90466585432944; Tue, 25 Apr 2017 09:36:38 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 1805B21951C90; Tue, 25 Apr 2017 09:36:23 -0700 (PDT) Received: from mail-oi0-x241.google.com (mail-oi0-x241.google.com [IPv6:2607:f8b0:4003:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9DB2A21951C89 for ; Tue, 25 Apr 2017 09:36:21 -0700 (PDT) Received: by mail-oi0-x241.google.com with SMTP id m34so28208661oik.2 for ; Tue, 25 Apr 2017 09:36:21 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:20 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8yYLzRDrLmYdjlwRRXyxzq0PCt6MGq4XhnPE+jKZslY=; b=vXp85ZhTUEjpC5qSzghG2/gnXbRMGUC2mxeFS40tx85JUsmF4yuqzfE9hVL3ep60Cd hOcu74r9bQGYLh/1UHR77ZT22Y7FkLLZgNsnQACo8eI0JbgoN1zFRJLp4hkoJyqaJHWS IRKPkcn9IVS+zD8iLncZL83hSGLcvYOGPhfFFwI+NqOqS66Eyy3kbVnUIvqrYrmKnNX9 gc33K9H4CEifSYETH1v6KO58RdmC2uRq1v98sadrR2c4PyKUUQQPQfcN6UyFEpFKgdDw 1Fhjm+PQORPSETDurvGa1+ETkpi+q3PSLSSoGVHx7y32cC7/P4mlTVb257pmeuFpaptd N2ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8yYLzRDrLmYdjlwRRXyxzq0PCt6MGq4XhnPE+jKZslY=; b=RD+ZKAlueBRqORM2UF8f/ehsO+cLNOXJ9beOix6v9r/VDsYYBruuGQcMLncDCU9TEg 6ap9HjoitrGqoyeGdVhq4uq1yzkuYGAkhCF6JazDJs11utsbp7IfH/DshbY46R6UL6k+ m/je5n+Z3YUiZJD+ii2e8Gq4kgz1rVZncYC8jeb8SrT5XKQ7GXya0ClQEmqNvt2A/uXf ZmlpB3/z2ZPRICrGS8UqGw2J9VtYYHhZchFJ4YhteLQd1U17yky19ZGcpRi2Xp5bxA1U ItmVgZKv+EJ8Gls2QPTnvyp1NcEkxX+pexYTYnMKiY/Zb9h6sbwdWKq/7mCsGWFE3Fla 9z2Q== X-Gm-Message-State: AN3rC/4DULuIWtjrDZNuIEN9q7QUSgJ/TfS4UUX1hvf4zn0T+GcPkvqj qWjuWTCQhW/a/g== X-Received: by 10.157.54.2 with SMTP id w2mr18187297otb.104.1493138180956; Tue, 25 Apr 2017 09:36:20 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:20 -0400 Message-Id: <1493138064-7816-12-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 11/15] OvmfPkg/QemuFwCfgLib: Implement SEV internal functions for PEI phase X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The patch implements the SEV specific internal fucntion for PEI phase. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 1 + OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 72 +++++++++++++++++++- 2 files changed, 71 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf b/OvmfPkg/Lib= rary/QemuFwCfgLib/QemuFwCfgPeiLib.inf index 4f966a85088a..b97b475c7cad 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf @@ -47,4 +47,5 @@ [LibraryClasses] DebugLib IoLib MemoryAllocationLib + MemEncryptSevLib =20 diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgPei.c index ac05f4c347f3..1696512bccaf 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c @@ -4,6 +4,7 @@ =20 Copyright (C) 2013, Red Hat, Inc. Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this @@ -14,8 +15,10 @@ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ =20 +#include #include #include +#include =20 #include "QemuFwCfgLibInternal.h" =20 @@ -76,8 +79,18 @@ QemuFwCfgInitialize ( if ((Revision & FW_CFG_F_DMA) =3D=3D 0) { DEBUG ((DEBUG_INFO, "QemuFwCfg interface (IO Port) is supported.\n")); } else { - mQemuFwCfgDmaSupported =3D TRUE; - DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n")); + // + // If SEV is enabled then we do not support DMA operations in PEI phas= e. + // This is mainly because DMA in SEV guest requires using bounce buffer + // (which need to allocate dynamic memory and allocating a PAGE size'd + // buffer can be challenge in PEI phase) + // + if (InternalQemuFwCfgSevIsEnabled ()) { + DEBUG ((DEBUG_INFO, "SEV: QemuFwCfg fallback to IO Port interface.\n= ")); + } else { + mQemuFwCfgDmaSupported =3D TRUE; + DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n")); + } } return RETURN_SUCCESS; } @@ -114,3 +127,58 @@ InternalQemuFwCfgDmaIsAvailable ( { return mQemuFwCfgDmaSupported; } + +/** + + Returns a boolean indicating whether SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is disabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ) +{ + return MemEncryptSevIsEnabled (); +} + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ) +{ + // + // We should never reach here + // + ASSERT (FALSE); + CpuDeadLoop (); +} --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138201753202.3620376984329; Tue, 25 Apr 2017 09:36:41 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 4AF4721951C93; Tue, 25 Apr 2017 09:36:24 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 04D6021951C8D for ; Tue, 25 Apr 2017 09:36:23 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id m34so28208861oik.2 for ; Tue, 25 Apr 2017 09:36:22 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:21 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cVfEWmKIrhr6tpRJQaFmJhUfBIjwFAOKx0qakQeEmrs=; b=FMt+N4vSrwYAyvdlKST2QNRcR2XDsE6VUAuaLkT9CRQclXUrzOqrGTA2pfY9VgzAIO GYpqpk5nVcuBeQqyrNpgVQ1HLv4gQQla7EM35Qet6v8ImDoMvDK9KOJTMIFqeW6MVWvz qbxUjIDlA406z8cdw9SV5BsT8hEx2o7lSyOkaigcZcU9Pw709602cJgiW1TOJIWCUVYm HcWpYhjIXcQtqkwA4hUpzFgap8pUGreJNvvhMqL5tJasOG1U75PH31l1lwcmfEVNvtvz 2xYAtpc4r5F1n12Fvyz1MYZksejXSTN/SyJDRVxlKQLmXNWPjwvpNUevKZOx4Iuqz5ie ihDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cVfEWmKIrhr6tpRJQaFmJhUfBIjwFAOKx0qakQeEmrs=; b=NjyXmXBPu4vQTbBTX1Na0mzR53N3LPbWxlMnwHl12ON0o3CxtLYgCG7PhFwDFb711K W+9nqw/oc5Ppm7X/Hy6/FsbSRCxYb/SFkMKqVNbuTkYgxH82KHMOmxXqq/vUaM5SQLWL 6qevQy1jD8mE9tTgS9YqbaAHO8iVi032j+RGfUy+mKwPB+WGi7CFgSlZ/433P0C+cfXT 7y4t/4onnlUGnDtkDIxGBduLWBZI68V69LHdqUXaW3BYOpCikIuhxJz3BL/ZedB+IY8I Jkn9vxS9HFrJ7W3ClN3uOsv4m0ut51ss+My7tmRZF0HVuSrEoHV7rHIZeT1FBGy9hqRr Yk9A== X-Gm-Message-State: AN3rC/6L6nqwdyQ5eFOaFZq2Qgm7TPCiSfKIsQ6HRQ+nKubTs/8yJp4Y RVdTpAJOq6o2XQ== X-Received: by 10.157.13.46 with SMTP id 43mr19976113oti.5.1493138182307; Tue, 25 Apr 2017 09:36:22 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:21 -0400 Message-Id: <1493138064-7816-13-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 12/15] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for Dxe phase X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, the DMA must be performed on unencrypted pages. So when get asked to perfom FWCFG DMA read or write, we allocate a intermediate (bounce buffer) unencrypted buffer and use this buffer for DMA read or write. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 1 + OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 69 ++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf b/OvmfPkg/Lib= rary/QemuFwCfgLib/QemuFwCfgDxeLib.inf index 346bb881ffc1..8780e6bf797b 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf @@ -44,6 +44,7 @@ [Packages] [LibraryClasses] BaseLib BaseMemoryLib + BmDmaLib DebugLib IoLib MemoryAllocationLib diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgDxe.c index ac05f4c347f3..b738b6ebd527 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c @@ -4,6 +4,7 @@ =20 Copyright (C) 2013, Red Hat, Inc. Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this @@ -14,14 +15,34 @@ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ =20 +#include "Uefi.h" + +#include #include #include +#include +#include +#include =20 #include "QemuFwCfgLibInternal.h" =20 STATIC BOOLEAN mQemuFwCfgSupported =3D FALSE; STATIC BOOLEAN mQemuFwCfgDmaSupported; =20 +/** + + Returns a boolean indicating whether SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is disabled +**/ +BOOLEAN +InternalQemuFwCfgSevIsEnabled ( + VOID + ) +{ + return MemEncryptSevIsEnabled (); +} =20 /** Returns a boolean indicating if the firmware configuration interface @@ -114,3 +135,51 @@ InternalQemuFwCfgDmaIsAvailable ( { return mQemuFwCfgDmaSupported; } + +/** + Allocate a bounce buffer for SEV DMA. + + @param[in] NumPage Number of pages. + @param[out] Buffer Allocated DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaAllocateBuffer ( + IN UINT32 NumPages, + OUT VOID **Buffer + ) +{ + EFI_STATUS Status; + + // + // Allocate DMA bounce buffer + // + Status =3D BmDmaAllocateBuffer (TRUE, EfiBootServicesData, NumPages, Buf= fer); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "SEV: Failed to allocate bounce buffer %d pages\n= ", NumPages)); + ASSERT_EFI_ERROR (Status); + CpuDeadLoop (); + } + + DEBUG ((DEBUG_VERBOSE, "QemuFwCfgSevDma allocate buffer 0x%Lx Pages %d\n= ", (UINTN)Buffer, NumPages)); +} + +/** + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer + + @param[in] NumPage Number of pages. + @param[in] Buffer DMA Buffer pointer + +**/ +VOID +InternalQemuFwCfgSevDmaFreeBuffer ( + IN VOID *Buffer, + IN UINT32 NumPages + ) +{ + // + // Free the bounce buffer + // + DEBUG ((DEBUG_VERBOSE, "QemuFwCfgSevDma free buffer 0x%Lx Pages %d\n", (= UINTN)Buffer, NumPages)); + BmDmaFreeBuffer (Buffer, NumPages); +} --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138205334749.5715601672837; Tue, 25 Apr 2017 09:36:45 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 7891021951C95; Tue, 25 Apr 2017 09:36:26 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6EA5821951C95 for ; Tue, 25 Apr 2017 09:36:24 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id y11so35432245oie.1 for ; Tue, 25 Apr 2017 09:36:24 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:23 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=A4w8j6jdW9KFXn2QRSNSNg4ZXCTUe4iRynynOK7+2Rw=; b=Q+IAOY2hCEH54Lf94P7QHCf4CNUmRzxBu6o0nJmU+5jpV9JaXgIjfi5l0KVL5VmT9I P9OmQ00F4APnlYSD3jML3XReAsJRZNf/ymu8SIs8M1D25zqAH2TLLIZibEAHYMTyFycB EdvR8WfL7L2TWIPs99ZS/9ufl9MWQ5B+tsFNmtwCEnLzQ9jYj7aYtwcje1qPCeP+wKjq CtrAtl+QAOGCMZ5KBPXP7T3bR2EMbOx/rJG1dmpCK0xwquyXR1m0m/DmxDCy7LCnoxf3 ln24h3Xym5MqKEBuF82KTXS1+ih6C9AeLI8IX7sXTZT9dufQKN1ZqT5/0kwb7nobGJ4r L0rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=A4w8j6jdW9KFXn2QRSNSNg4ZXCTUe4iRynynOK7+2Rw=; b=QPW+nlq3TKh1hcFrBN0hfHX0QdvLoZgvsnkCyOsCQAGv7ZFTiTOynClzb2YWNmLBxF OKzE3eFNrhPP6rKR895Y/zMwAnCMEIHzlS7Ze3+lVe6o4zG+tQvR6LAP0+/2mTkqiQks CB6nTvN+jO7G07MIga69Lzw/6pl184DBgcWKG/rdPTc447SRbrZpmyojcKHxr97AgQkg ce1k7cvh1U3vb64Jy4XKbl3/r328vmcCSmu564rxIzU3a/vS+I3PmKAdt4SujrdUnAqK flXd4YehGkJNhS434WdawDhoss1JVb7hGpdJlIeIRmmyO1n91uj0MaR6uUr7S0jQEGne pJxQ== X-Gm-Message-State: AN3rC/5dWjcXLaDMuMMcMztEzwoMW8zzWsPvYxfkJV155eha9J36eJHf mrPcb6AhbCV1NL6cy8I= X-Received: by 10.157.36.137 with SMTP id z9mr2575886ota.112.1493138183665; Tue, 25 Apr 2017 09:36:23 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:22 -0400 Message-Id: <1493138064-7816-14-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 13/15] OvmfPkg/QemuFwCfgLib: Add option to dynamic alloc FW_CFG_DMA Access X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Update InternalQemuFwCfgDmaBytes() to work with DMA Access pointer. The change provides the flexibility to dynamically allocate the "Access" when SEV is enabled. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgLib.c index 1bf725d8b7ae..73a19772bee1 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c @@ -68,7 +68,8 @@ InternalQemuFwCfgDmaBytes ( IN UINT32 Control ) { - volatile FW_CFG_DMA_ACCESS Access; + volatile FW_CFG_DMA_ACCESS LocalAccess; + volatile FW_CFG_DMA_ACCESS *Access; UINT32 AccessHigh, AccessLow; UINT32 Status; =20 @@ -79,9 +80,11 @@ InternalQemuFwCfgDmaBytes ( return; } =20 - Access.Control =3D SwapBytes32 (Control); - Access.Length =3D SwapBytes32 (Size); - Access.Address =3D SwapBytes64 ((UINTN)Buffer); + Access =3D &LocalAccess; + + Access->Control =3D SwapBytes32 (Control); + Access->Length =3D SwapBytes32 (Size); + Access->Address =3D SwapBytes64 ((UINTN)Buffer); =20 // // Delimit the transfer from (a) modifications to Access, (b) in case of= a @@ -92,8 +95,8 @@ InternalQemuFwCfgDmaBytes ( // // Start the transfer. // - AccessHigh =3D (UINT32)RShiftU64 ((UINTN)&Access, 32); - AccessLow =3D (UINT32)(UINTN)&Access; + AccessHigh =3D (UINT32)RShiftU64 ((UINTN)Access, 32); + AccessLow =3D (UINT32)(UINTN)Access; IoWrite32 (FW_CFG_IO_DMA_ADDRESS, SwapBytes32 (AccessHigh)); IoWrite32 (FW_CFG_IO_DMA_ADDRESS + 4, SwapBytes32 (AccessLow)); =20 @@ -106,7 +109,7 @@ InternalQemuFwCfgDmaBytes ( // Wait for the transfer to complete. // do { - Status =3D SwapBytes32 (Access.Control); + Status =3D SwapBytes32 (Access->Control); ASSERT ((Status & FW_CFG_DMA_CTL_ERROR) =3D=3D 0); } while (Status !=3D 0); =20 --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138208924401.9209999481193; Tue, 25 Apr 2017 09:36:48 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A633D21951C9B; Tue, 25 Apr 2017 09:36:28 -0700 (PDT) Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B7C3621951C84 for ; Tue, 25 Apr 2017 09:36:25 -0700 (PDT) Received: by mail-oi0-x242.google.com with SMTP id w12so7959435oiw.0 for ; Tue, 25 Apr 2017 09:36:25 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:24 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=n4MX3EkGVgiz5wa2Zno4rLVZWKOt5L9fcAF2PD7wb2Y=; b=dD9Kycm38cGyd2eSC6IR3hISdLq8ANL0nY5mnbV+sYMlX9/tZ68Xtx/inmQC9YW55y 6xBwwNhRnIupFir1tQZeZbn5JHiOV/kVh3LFpQxMUVIC0YGBgLcRkjcLaCg94QV1Xbrn eT4b+9X4GhJWN7nuzwhEEx2K4O8Hq6wzrCghuF2tsdH4fyPDjlp8YNWjgpeRkiIyChq6 jGcxtWwLPYKJH23sa736Psme8upqy6tLs05fb3TLokArkGqNd92w2pPRvp1v/chEzpL+ 2W6xIYmC+I/hVJjj4kbWyOfI9mbqmVIt+Mi5ZzSd0nr4ZWUjUra7e/6YYy6hthkXXQ0m i0tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=n4MX3EkGVgiz5wa2Zno4rLVZWKOt5L9fcAF2PD7wb2Y=; b=bwpnQ34m1AyF6qTK45xX2a09H2yfIMk1EX9h+f80D3T9bE6PcuNpsAjmtgR4VA2Hzn PSJaDjrvG/hq7YHhnnbKhQ69dp4fnffbMcrDA9UBNMKj+GTjHC0h/1QyiFDVKg4hAg/H 9EiiDpRdrerSzTC3rK6mkxpR4OozTT7zp7e96biCCNEomTWfnMQKgKjCj4r63z0LJXS7 Y1EQotjX2znq6zrl3sKiYbp/vRWA23YjmeXeNDqMHRquwuVaEw8c2oFnx8bS+5sZcina HX0g1LF7EUQlvFn5WBaUqS9jn8oBUnh4HU9OiKQUnt8NjWBu7d7T3XV1rRVGv+aiHt+L P12g== X-Gm-Message-State: AN3rC/6aaKWs4sEuM9fcPg/LPz38nYzXjUOlJlbUWNApcwBbi5aj2osc LurTOyXNDqm5Zg== X-Received: by 10.157.15.210 with SMTP id m18mr2701570otd.210.1493138185099; Tue, 25 Apr 2017 09:36:25 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:23 -0400 Message-Id: <1493138064-7816-15-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 14/15] OvmfPkg/QemuFwCfgLib: Add SEV support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, use a bounce buffer to perform the DMA operation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c | 54 +++++++++++++++++++- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgLib.c index 73a19772bee1..86d8bf880e71 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c @@ -72,6 +72,8 @@ InternalQemuFwCfgDmaBytes ( volatile FW_CFG_DMA_ACCESS *Access; UINT32 AccessHigh, AccessLow; UINT32 Status; + UINT32 NumPages; + VOID *DmaBuffer, *BounceBuffer; =20 ASSERT (Control =3D=3D FW_CFG_DMA_CTL_WRITE || Control =3D=3D FW_CFG_DMA= _CTL_READ || Control =3D=3D FW_CFG_DMA_CTL_SKIP); @@ -80,11 +82,44 @@ InternalQemuFwCfgDmaBytes ( return; } =20 - Access =3D &LocalAccess; + // + // When SEV is enabled then allocate DMA bounce buffer + // + if (InternalQemuFwCfgSevIsEnabled ()) { + UINT32 TotalSize; + + TotalSize =3D sizeof (*Access); + // + // Control operation does not need buffer + // + if (Control !=3D FW_CFG_DMA_CTL_SKIP) { + TotalSize +=3D Size; + } + + // + // Allocate SEV DMA bounce buffer + // + NumPages =3D EFI_SIZE_TO_PAGES (TotalSize); + InternalQemuFwCfgSevDmaAllocateBuffer (NumPages, &BounceBuffer); + + Access =3D BounceBuffer; + DmaBuffer =3D BounceBuffer + sizeof (*Access); + + // + // Copy data from Host buffer into DMA buffer + // + if (Buffer && Control =3D=3D FW_CFG_DMA_CTL_WRITE) { + CopyMem (DmaBuffer, Buffer, Size); + } + } else { + Access =3D &LocalAccess; + DmaBuffer =3D Buffer; + BounceBuffer =3D NULL; + } =20 Access->Control =3D SwapBytes32 (Control); Access->Length =3D SwapBytes32 (Size); - Access->Address =3D SwapBytes64 ((UINTN)Buffer); + Access->Address =3D SwapBytes64 ((UINTN)DmaBuffer); =20 // // Delimit the transfer from (a) modifications to Access, (b) in case of= a @@ -117,6 +152,21 @@ InternalQemuFwCfgDmaBytes ( // After a read, the caller will want to use Buffer. // MemoryFence (); + + // + // If Bounce buffer was allocated then copy the data into host buffer and + // free the bounce buffer + // + if (BounceBuffer) { + // + // Copy data from DMA buffer into host buffer + // + if (Buffer && Control =3D=3D FW_CFG_DMA_CTL_READ) { + CopyMem (Buffer, DmaBuffer, Size); + } + + InternalQemuFwCfgSevDmaFreeBuffer (BounceBuffer, NumPages); + } } =20 =20 --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 08:33:04 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138212744706.3691713184213; Tue, 25 Apr 2017 09:36:52 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D5F3E21951C9F; Tue, 25 Apr 2017 09:36:28 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 437C221951C82 for ; Tue, 25 Apr 2017 09:36:27 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id a3so31964800oii.3 for ; Tue, 25 Apr 2017 09:36:27 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:26 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1CDrr2KdHRuJlk1aIvh6L5gFRgruW+yf7bDWSmlf8dI=; b=Zas/IjULJrS8uK1DRQm8If1ocs8djpNZu1Xr9diCKgfgH4HOsDXW00le3dxRpJdeGV ORNejhmK0jbzrW+JMv1t+x3jsiQ0c6+ij2Pk4nmJ39wlgDLqRWbqed23e+UMZBQrnSCW sjeMXUllae3OK+TML470Wly+DU5yM9Ze5CQREOntiFDum7oX5Psce+0Gj2cGD7mWvKw6 gwoor79o8SOL7oijusmuGfWCs1KHmByH2mfSINji7niueO2BR/9ogvVU8fQ4OCt669vf dXYCjlAg6U/ILhA+dF268K5qD/DnEMImPABNzMjygF0kowURtYeKzBn2iCk4ugIhCFBm g6Jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1CDrr2KdHRuJlk1aIvh6L5gFRgruW+yf7bDWSmlf8dI=; b=CW9rO82kgprO163KUEZTjyNdwnG5MB0lCE3b8HBkGxojHxn7Hq5dzi6xoXeuZfK2wD Kb8/T4GJq2vcLWWn/NUEebgKfXK8Rz4xjRLS4gCJl2ah0AwJX3DwILuBDW05CoH0rt+x zYDtV7i1ubIoWn97EnHe5OcV2k4iiOe1MNdeCwRCeOt69XW2znmI6pqB6cvF1RS3Z3tS Sw2czBvfu39O1GwSPU435DxLWIQgr1nfxJfP7OqPI8g687UtjIIDWR1Ibmoxzncyhml/ AZr8CgI3FxIE9Aq3qwNkaNwYLmOUObCkN1BRLi0v3UW96Ata15Xkj+Kyq8FNrIEBSq3v ubkw== X-Gm-Message-State: AN3rC/5KlNdIiQYWodCnFoA73v/cTPqJPFg7OxZ7fMEJfLSHG1vaCi1n AGBZdijVacdbJg== X-Received: by 10.157.14.171 with SMTP id 40mr16805005otj.193.1493138186520; Tue, 25 Apr 2017 09:36:26 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:24 -0400 Message-Id: <1493138064-7816-16-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 15/15] OvmfPkg/AmdSevDxe: Add AmdSevDxe driver X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, the MMIO memory range must be mapped as unencrypted (i.e C-bit cleared). The patch adds a DXE driver that runs early in boot and clears the memory encryption attribute from MMIO and NonExistent memory ranges. By clearing the C-bit from NonExistent memory space will gurantee that any MMIO adds done later (e.g PciHostBridge) will be mapped as unencrypted . Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 2 + OvmfPkg/OvmfPkgX64.fdf | 2 + OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 43 +++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.c | 67 ++++++++++++++++++++ 6 files changed, 116 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index da7b8d398462..311f152fca0a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -805,6 +805,7 @@ [Components.X64] !endif =20 OvmfPkg/PlatformDxe/Platform.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8bf7cf8e75a6..70f700373f20 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -803,6 +803,7 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 5233314139bc..12871860d001 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -190,6 +190,7 @@ [FV.DXEFV] APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf !if $(SMM_REQUIRE) =3D=3D FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf !endif @@ -351,6 +352,7 @@ [FV.DXEFV] INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf +INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 36150101e784..ae6e66a1c08d 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -190,6 +190,7 @@ [FV.DXEFV] APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf !if $(SMM_REQUIRE) =3D=3D FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf !endif @@ -351,6 +352,7 @@ [FV.DXEFV] INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf +INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf new file mode 100644 index 000000000000..633387f6d2c7 --- /dev/null +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -0,0 +1,43 @@ +#/** @file +# +# AmdSevDxe driver clears the C-bit from MMIO region +# +# Copyright (c) 2017, AMD Inc. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the B= SD +# License which accompanies this distribution. The full text of the lice= nse may +# be found at http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +# +#**/ + +[Defines] + INF_VERSION =3D 1.25 + BASE_NAME =3D AmdSevDxe + FILE_GUID =3D 2ec9da37-ee35-4de9-86c5-6d9a81dc38a7 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D AmdSevDxeEntryPoint + +[Sources] + AmdSevDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + DxeServicesTableLib + MemEncryptSevLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiLib + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c new file mode 100644 index 000000000000..4c863ff604dc --- /dev/null +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -0,0 +1,67 @@ +/** @file + + The driver runs early in DXE phase and clears C-bit from MMIO memory spa= ce. + + Copyright (c) 2017, AMD Inc. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the licen= se may + be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +EFI_STATUS +EFIAPI +AmdSevDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + EFI_STATUS Status; + + // + // Do nothing when SEV is not enabled + // + if (!MemEncryptSevIsEnabled ()) { + return EFI_SUCCESS; + } + + // + // Iterate through the GCD map and clear the C-bit from MMIO and NonExis= tent + // memory space. The NonExistent memory space will be used for mapping t= he MMIO + // space added later (eg PciRootBridge). By clearing both known NonExist= ent + // memory space can gurantee that any MMIO added later will have C-bit c= leared. + // + Status =3D gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap); + if (Status =3D=3D EFI_SUCCESS) { + for (Index =3D 0; Index < NumEntries; Index++) { + CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; + + Desc =3D &AllDescMap[Index]; + if (Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeMemoryMappedIo || + Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeNonExistent) { + Status =3D MemEncryptSevClearPageEncMask (Desc->BaseAddress, EFI_S= IZE_TO_PAGES(Desc->Length), FALSE); + ASSERT_EFI_ERROR(Status); + } + } + } + + return Status; +} --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel