On 11/20/19 21:06, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Currently, the OVMF code relies on the hypervisor to enable the cache > support on the processor in order to improve the boot speed. However, > with SEV-ES, the hypervisor is not allowed to change the CR0 register > to enable caching. > > Update the OVMF Sec support to enable caching in order to improve the > boot speed when running as an SEV-ES guest. > > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> > --- > OvmfPkg/Sec/SecMain.c | 45 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 45 insertions(+) > > diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c > index db319030ee58..53c850134897 100644 > --- a/OvmfPkg/Sec/SecMain.c > +++ b/OvmfPkg/Sec/SecMain.c > @@ -25,6 +25,9 @@ > #include <Library/ExtractGuidedSectionLib.h> > #include <Library/LocalApicLib.h> > #include <Library/CpuExceptionHandlerLib.h> > +#include <Register/Cpuid.h> > +#include <Register/Amd/Cpuid.h> > +#include <Register/Amd/Fam17Msr.h> > > #include <Ppi/TemporaryRamSupport.h> > > @@ -713,6 +716,39 @@ FindAndReportEntryPoints ( > return; > } > > +STATIC > +BOOLEAN > +SevEsIsEnabled ( > + VOID > + ) > +{ > + UINT32 RegEax; > + CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax; > + MSR_SEV_STATUS_REGISTER Msr; > + > + // > + // Check if the memory encryption leaf exist > + // > + AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL); > + if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) { > + // > + // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported) > + // > + AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL); > + if (Eax.Bits.SevBit && Eax.Bits.SevEsBit) { > + // > + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) > + // > + Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); > + if (Msr.Bits.SevEsBit) { > + return TRUE; > + } > + } > + } > + > + return FALSE; > +} > + > VOID > EFIAPI > SecCoreStartupWithStack ( > @@ -755,6 +791,15 @@ SecCoreStartupWithStack ( > > ProcessLibraryConstructorList (NULL, NULL); > > + // > + // Under SEV-ES, the hypervisor can't modify CR0 and so can't enable > + // caching in order to speed up the boot. Enable caching early for > + // an SEV-ES guest. > + // > + if (SevEsIsEnabled()) { > + AsmEnableCache (); > + } > + > DEBUG ((EFI_D_INFO, > "SecCoreStartupWithStack(0x%x, 0x%x)\n", > (UINT32)(UINTN)BootFv, >
Reviewed-by: Laszlo Ersek <ler...@redhat.com> (If you agree with the suggestions I made for the previous patch in the series, then you may have to move the comment block added here inside the braces -- that's OK, it won't invalidate my R-b given here.) Thanks! Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#51053): https://edk2.groups.io/g/devel/message/51053 Mute This Topic: https://groups.io/mt/60973138/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
