OvmfPkg: Add AMD SEV-ES DebugVirtualization feature support

The SEV-ES DebugVirtualization feature enables type B swapping of
debug registers on #VMEXIT and makes #DB and DR7 intercepts
unnecessary and unwanted.

When DebugVirtualization is enabled, this stops booting if
interaction from the HV.

Add new API to PEI, SEC, DXE.

This does not change the existing behaviour yet.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v5:
* "rb" from Tom

v4:
* s/DebugSwap/DebugVirtualization/

1 files changed, 12 insertions, 0 deletions

diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index 4fa9c0d700..c5653539d8 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -167,6 +167,18 @@ MemEncryptSevGetEncryptionMask (
   );

 

 /**

+  Returns a boolean to indicate whether DebugVirtualization is enabled.

+

+  @retval TRUE           DebugVirtualization is enabled

+  @retval FALSE          DebugVirtualization is not enabled

+**/

+BOOLEAN

+EFIAPI

+MemEncryptSevEsDebugVirtualizationIsEnabled (

+  VOID

+  );

+

+/**

   Returns the encryption state of the specified virtual address range.

 

   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use