On 8/21/19 9:31 AM, Laszlo Ersek wrote:
> On 08/19/19 23:35, Lendacky, Thomas wrote:
>> From: Tom Lendacky <thomas.lenda...@amd.com>
>>
>> Allocate memory for the GHCB pages during SEV initialization for use
>> during Pei and Dxe phases. Since the GHCB pages must be mapped as shared
>> pages, modify CreateIdentityMappingPageTables() so that pagetable entries
>> are created without the encryption bit set.
>>
>> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
>> ---
>> UefiCpuPkg/UefiCpuPkg.dec | 4 ++
>> OvmfPkg/OvmfPkgX64.dsc | 4 ++
>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 +
>> OvmfPkg/PlatformPei/PlatformPei.inf | 2 +
>> .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +++-
>> .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +-
>> .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +++-
>> .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 ++++++++++----
>> .../MemEncryptSevLibInternal.c | 1 -
>> .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 33 ++++++++--
>> OvmfPkg/PlatformPei/AmdSev.c | 64 +++++++++++++++++++
>> 11 files changed, 164 insertions(+), 23 deletions(-)
>
> Should be split to at least four patches (UefiCpuPkg, MdeModulePkg,
> OvmfPkg/BaseMemEncryptSevLib, OvmfPkg/PlatformPei).
>
> In addition, MdeModulePkg content must not depend on UefiCpuPkg content
> -- if modules under both packages need to consume a new PCD, then the
> PCD should be declared under MdeModulePkg. The rough dependency order is:
>
> - MdePkg (must be self-contained)
> - MdeModulePkg (may consume MdePkg)
> - UefiCpuPkg (may consume everything above, to my knowledge)
> - OvmfPkg (may consume everything above)
>
Ok, thanks for the guidance.
Ideally, I just would like to modify the newly created page tables after
the call to CreateIdentityMappingPageTables() in MdeModulePkg/Core/
DxeIplPeim/Ia32/DxeLoadFunc.c. Is there a preferred way to add a listener
or callback or notification service so that the main changes would be
limited to the OvmfPkg files and would that be acceptable?
Thanks,
Tom
> Thanks
> Laszlo
>
>>
>> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
>> index 6ddf0cd22466..4d5a2593cf13 100644
>> --- a/UefiCpuPkg/UefiCpuPkg.dec
>> +++ b/UefiCpuPkg/UefiCpuPkg.dec
>> @@ -323,5 +323,9 @@ [PcdsDynamic, PcdsDynamicEx]
>> # @ValidRange 0x80000001 | 0 - 1
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuProcTraceOutputScheme|0x0|UINT8|0x60000015
>>
>> + ## Contains the GHCB page allocation information.<BR><BR>
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0|UINT64|0x60000016
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0|UINT64|0x60000017
>> +
>> [UserExtensions.TianoCore."ExtraFiles"]
>> UefiCpuPkgExtra.uni
>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
>> index dda8dac18441..d6fc7cdf7da8 100644
>> --- a/OvmfPkg/OvmfPkgX64.dsc
>> +++ b/OvmfPkg/OvmfPkgX64.dsc
>> @@ -569,6 +569,10 @@ [PcdsDynamicDefault]
>> # Set memory encryption mask
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
>>
>> + # Set GHCB base address for SEV-ES
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0
>> +
>> !if $(SMM_REQUIRE) == TRUE
>> gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> index abc3217b0179..b994398633e3 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> @@ -52,6 +52,7 @@ [Sources.ARM, Sources.AARCH64]
>> [Packages]
>> MdePkg/MdePkg.dec
>> MdeModulePkg/MdeModulePkg.dec
>> + UefiCpuPkg/UefiCpuPkg.dec
>>
>> [Packages.ARM, Packages.AARCH64]
>> ArmPkg/ArmPkg.dec
>> @@ -110,6 +111,8 @@ [Pcd.IA32,Pcd.X64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##
>> CONSUMES
>> gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##
>> CONSUMES
>> gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##
>> CONSUMES
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase ##
>> CONSUMES
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize ##
>> CONSUMES
>>
>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>> SOMETIMES_CONSUMES
>> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
>> b/OvmfPkg/PlatformPei/PlatformPei.inf
>> index aed1f64b7c93..f53195e6dda5 100644
>> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
>> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
>> @@ -102,6 +102,8 @@ [Pcd]
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds
>> gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase
>> + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize
>>
>> [FixedPcd]
>> gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> index 2d0493f109e8..6b7c38a441d6 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> @@ -201,6 +201,8 @@ EnableExecuteDisableBit (
>> @param[in, out] PageEntry2M Pointer to 2M page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> VOID
>> @@ -208,7 +210,9 @@ Split2MPageTo4K (
>> IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry2M,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> );
>>
>> /**
>> @@ -217,6 +221,8 @@ Split2MPageTo4K (
>>
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> @return The address of 4 level page map.
>>
>> @@ -224,7 +230,9 @@ Split2MPageTo4K (
>> UINTN
>> CreateIdentityMappingPageTables (
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbkSize
>> );
>>
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> index 172d7cd1c60c..630a3503f6ba 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> @@ -123,7 +123,7 @@ Create4GPageTablesIa32Pae (
>> //
>> // Need to split this 2M page that covers stack range.
>> //
>> - Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry,
>> StackBase, StackSize);
>> + Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry,
>> StackBase, StackSize, 0, 0);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> @@ -278,7 +278,7 @@ HandOffToDxeCore (
>> //
>> // Create page table and save PageMapLevel4 to CR3
>> //
>> - PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE);
>> + PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE,
>> 0, 0);
>>
>> //
>> // End of PEI phase signal
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> index 2867610bff4d..77da20e5c5c5 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> @@ -35,6 +35,8 @@ HandOffToDxeCore (
>> UINT32 Index;
>> EFI_VECTOR_HANDOFF_INFO *VectorInfo;
>> EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
>> + VOID *GhcbBase;
>> + UINTN GhcbSize;
>>
>> if (IsNullDetectionEnabled ()) {
>> ClearFirst4KPage (HobList.Raw);
>> @@ -77,12 +79,19 @@ HandOffToDxeCore (
>> TopOfStack = (VOID *) ((UINTN) BaseOfStack + EFI_SIZE_TO_PAGES
>> (STACK_SIZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT);
>> TopOfStack = ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT);
>>
>> + //
>> + // Get the address and size of the GHCB pages
>> + //
>> + GhcbBase = (VOID *) PcdGet64 (PcdGhcbBase);
>> + GhcbSize = PcdGet64 (PcdGhcbSize);
>> +
>> PageTables = 0;
>> if (FeaturePcdGet (PcdDxeIplBuildPageTables)) {
>> //
>> // Create page table and save PageMapLevel4 to CR3
>> //
>> - PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS)
>> (UINTN) BaseOfStack, STACK_SIZE);
>> + PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS)
>> (UINTN) BaseOfStack, STACK_SIZE,
>> + (EFI_PHYSICAL_ADDRESS)
>> (UINTN) GhcbBase, GhcbSize);
>> } else {
>> //
>> // Set NX for stack feature also require PcdDxeIplBuildPageTables be
>> TRUE
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> index edc38e4525c4..b3c3c3276e6a 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> @@ -180,6 +180,8 @@ EnableExecuteDisableBit (
>> @param Size Size of the given physical memory.
>> @param StackBase Base address of stack.
>> @param StackSize Size of stack.
>> + @param GhcbBase Base address of GHCB pages.
>> + @param GhcbSize Size of GHCB area.
>>
>> @retval TRUE Page table should be split.
>> @retval FALSE Page table should not be split.
>> @@ -189,7 +191,9 @@ ToSplitPageTable (
>> IN EFI_PHYSICAL_ADDRESS Address,
>> IN UINTN Size,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> if (IsNullDetectionEnabled () && Address == 0) {
>> @@ -208,6 +212,12 @@ ToSplitPageTable (
>> }
>> }
>>
>> + if (GhcbBase) {
>> + if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase)) {
>> + return TRUE;
>> + }
>> + }
>> +
>> return FALSE;
>> }
>> /**
>> @@ -321,6 +331,8 @@ AllocatePageTableMemory (
>> @param[in, out] PageEntry2M Pointer to 2M page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> VOID
>> @@ -328,7 +340,9 @@ Split2MPageTo4K (
>> IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry2M,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> EFI_PHYSICAL_ADDRESS PhysicalAddress4K;
>> @@ -354,7 +368,12 @@ Split2MPageTo4K (
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + if (!GhcbBase
>> + || (PhysicalAddress4K < GhcbBase)
>> + || (PhysicalAddress4K >= GhcbBase + GhcbSize)) {
>> + PageTableEntry->Uint64 |= AddressEncMask;
>> + }
>> PageTableEntry->Bits.ReadWrite = 1;
>>
>> if ((IsNullDetectionEnabled () && PhysicalAddress4K == 0) ||
>> @@ -382,6 +401,8 @@ Split2MPageTo4K (
>> @param[in, out] PageEntry1G Pointer to 1G page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> VOID
>> @@ -389,7 +410,9 @@ Split1GPageTo2M (
>> IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry1G,
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> EFI_PHYSICAL_ADDRESS PhysicalAddress2M;
>> @@ -412,11 +435,11 @@ Split1GPageTo2M (
>>
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M +=
>> SIZE_2MB) {
>> - if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase,
>> StackSize)) {
>> + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase,
>> StackSize, GhcbBase, GhcbSize)) {
>> //
>> // Need to split this 2M page that covers NULL or stack range.
>> //
>> - Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry,
>> StackBase, StackSize);
>> + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry,
>> StackBase, StackSize, GhcbBase, GhcbSize);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> @@ -615,6 +638,8 @@ EnablePageTableProtection (
>>
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB base address.
>> + @param[in] GhcbSize GHCB size.
>>
>> @return The address of 4 level page map.
>>
>> @@ -622,7 +647,9 @@ EnablePageTableProtection (
>> UINTN
>> CreateIdentityMappingPageTables (
>> IN EFI_PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN EFI_PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> UINT32 RegEax;
>> @@ -734,8 +761,8 @@ CreateIdentityMappingPageTables (
>> PageDirectory1GEntry = (VOID *) PageDirectoryPointerEntry;
>>
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries <
>> 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress +=
>> SIZE_1GB) {
>> - if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize))
>> {
>> - Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry,
>> StackBase, StackSize);
>> + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize,
>> GhcbBase, GhcbSize)) {
>> + Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry,
>> StackBase, StackSize, GhcbBase, GhcbSize);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> @@ -763,11 +790,11 @@ CreateIdentityMappingPageTables (
>> PageDirectoryPointerEntry->Bits.Present = 1;
>>
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries <
>> 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress +=
>> SIZE_2MB) {
>> - if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase,
>> StackSize)) {
>> + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase,
>> StackSize, GhcbBase, GhcbSize)) {
>> //
>> // Need to split this 2M page that covers NULL or stack range.
>> //
>> - Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry,
>> StackBase, StackSize);
>> + Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry,
>> StackBase, StackSize, GhcbBase, GhcbSize);
>> } else {
>> //
>> // Fill in the Page Directory entries
>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
>> index 9c1d68e017fe..1dce01dd7546 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
>> @@ -109,7 +109,6 @@ MemEncryptSevIsEnabled (
>> return mSevStatus;
>> }
>>
>> -
>> /**
>> Locate the page range that covers the initial (pre-SMBASE-relocation)
>> SMRAM
>> Save State Map.
>> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
>> index 5e110c84ff81..3a4f223f8a86 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
>> @@ -183,6 +183,8 @@ AllocatePageTableMemory (
>> @param[in, out] PageEntry2M Pointer to 2M page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> STATIC
>> @@ -191,7 +193,9 @@ Split2MPageTo4K (
>> IN PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry2M,
>> IN PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> PHYSICAL_ADDRESS PhysicalAddress4K;
>> @@ -217,7 +221,12 @@ Split2MPageTo4K (
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + if (!GhcbBase
>> + || (PhysicalAddress4K < GhcbBase)
>> + || (PhysicalAddress4K >= GhcbBase + GhcbSize)) {
>> + PageTableEntry->Uint64 |= AddressEncMask;
>> + }
>> PageTableEntry->Bits.ReadWrite = 1;
>> PageTableEntry->Bits.Present = 1;
>> if ((PhysicalAddress4K >= StackBase) &&
>> @@ -417,6 +426,8 @@ EnablePageTableProtection (
>> @param[in, out] PageEntry1G Pointer to 1G page entry.
>> @param[in] StackBase Stack base address.
>> @param[in] StackSize Stack size.
>> + @param[in] GhcbBase GHCB page area base address.
>> + @param[in] GhcbSize GHCB page area size.
>>
>> **/
>> STATIC
>> @@ -425,7 +436,9 @@ Split1GPageTo2M (
>> IN PHYSICAL_ADDRESS PhysicalAddress,
>> IN OUT UINT64 *PageEntry1G,
>> IN PHYSICAL_ADDRESS StackBase,
>> - IN UINTN StackSize
>> + IN UINTN StackSize,
>> + IN PHYSICAL_ADDRESS GhcbBase,
>> + IN UINTN GhcbSize
>> )
>> {
>> PHYSICAL_ADDRESS PhysicalAddress2M;
>> @@ -450,8 +463,10 @@ Split1GPageTo2M (
>> (IndexOfPageDirectoryEntries++,
>> PageDirectoryEntry++,
>> PhysicalAddress2M += SIZE_2MB)) {
>> - if ((PhysicalAddress2M < StackBase + StackSize) &&
>> - ((PhysicalAddress2M + SIZE_2MB) > StackBase)) {
>> + if (((PhysicalAddress2M < StackBase + StackSize) &&
>> + ((PhysicalAddress2M + SIZE_2MB) > StackBase)) ||
>> + ((PhysicalAddress2M < GhcbBase + GhcbSize) &&
>> + ((PhysicalAddress2M + SIZE_2MB) > GhcbBase))) {
>> //
>> // Need to split this 2M page that covers stack range.
>> //
>> @@ -459,7 +474,9 @@ Split1GPageTo2M (
>> PhysicalAddress2M,
>> (UINT64 *)PageDirectoryEntry,
>> StackBase,
>> - StackSize
>> + StackSize,
>> + GhcbBase,
>> + GhcbSize
>> );
>> } else {
>> //
>> @@ -714,6 +731,8 @@ SetMemoryEncDec (
>> (UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30,
>> (UINT64 *)PageDirectory1GEntry,
>> 0,
>> + 0,
>> + 0,
>> 0
>> );
>> continue;
>> @@ -768,6 +787,8 @@ SetMemoryEncDec (
>> (UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21,
>> (UINT64 *)PageDirectory2MEntry,
>> 0,
>> + 0,
>> + 0,
>> 0
>> );
>> continue;
>> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
>> index 2ae8126ccf8a..84896d4681f9 100644
>> --- a/OvmfPkg/PlatformPei/AmdSev.c
>> +++ b/OvmfPkg/PlatformPei/AmdSev.c
>> @@ -16,9 +16,68 @@
>> #include <PiPei.h>
>> #include <Register/Amd/Cpuid.h>
>> #include <Register/Cpuid.h>
>> +#include <Register/Amd/Msr.h>
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/MemoryAllocationLib.h>
>>
>> #include "Platform.h"
>>
>> +/**
>> +
>> + Initialize SEV-ES support if running an SEV-ES guest.
>> +
>> + **/
>> +STATIC
>> +VOID
>> +AmdSevEsInitialize (
>> + VOID
>> + )
>> +{
>> + VOID *GhcbBase;
>> + PHYSICAL_ADDRESS GhcbBasePa;
>> + UINTN GhcbPageCount;
>> + RETURN_STATUS DecryptStatus, PcdStatus;
>> +
>> + if (!MemEncryptSevEsIsEnabled ()) {
>> + return;
>> + }
>> +
>> + GhcbPageCount = mMaxCpuCount;
>> +
>> + //
>> + // Allocate GHCB pages.
>> + //
>> + GhcbBase = AllocatePages (GhcbPageCount);
>> + ASSERT (GhcbBase);
>> +
>> + GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN) GhcbBase;
>> +
>> + DecryptStatus = MemEncryptSevClearPageEncMask (
>> + 0,
>> + GhcbBasePa,
>> + GhcbPageCount,
>> + TRUE
>> + );
>> + ASSERT_RETURN_ERROR (DecryptStatus);
>> +
>> + BuildMemoryAllocationHob (
>> + GhcbBasePa,
>> + EFI_PAGES_TO_SIZE (GhcbPageCount),
>> + EfiBootServicesData
>> + );
>> +
>> + SetMem (GhcbBase, GhcbPageCount * SIZE_4KB, 0);
>> +
>> + PcdStatus = PcdSet64S (PcdGhcbBase, (UINT64)GhcbBasePa);
>> + ASSERT_RETURN_ERROR (PcdStatus);
>> + PcdStatus = PcdSet64S (PcdGhcbSize, (UINT64)EFI_PAGES_TO_SIZE
>> (GhcbPageCount));
>> + ASSERT_RETURN_ERROR (PcdStatus);
>> +
>> + DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting
>> at 0x%lx\n", GhcbPageCount, GhcbBase));
>> +
>> + AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa);
>> +}
>> +
>> /**
>>
>> Function checks if SEV support is available, if present then it sets
>> @@ -89,4 +148,9 @@ AmdSevInitialize (
>> EfiBootServicesData // MemoryType
>> );
>> }
>> +
>> + //
>> + // Check and perform SEV-ES initialization if required.
>> + //
>> + AmdSevEsInitialize ();
>> }
>>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#46181): https://edk2.groups.io/g/devel/message/46181
Mute This Topic: https://groups.io/mt/32966270/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
