diff options
| author | Brijesh Singh via groups.io <brijesh.singh=amd.com@groups.io> | 2021-12-09 11:27:34 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-12-09 06:28:10 +0000 |
| commit | cca9cd3dd6bfb95ed59c398b8e578d8ffd3437f1 (patch) | |
| tree | 0119132e0ea207dbe4624d17c25a4921a792b305 /OvmfPkg/OvmfPkg.dec | |
| parent | 707c71a01b9d00e0e40db500edb288e6cecdc032 (diff) | |
| download | edk2-cca9cd3dd6bfb95ed59c398b8e578d8ffd3437f1.tar.gz edk2-cca9cd3dd6bfb95ed59c398b8e578d8ffd3437f1.tar.bz2 edk2-cca9cd3dd6bfb95ed59c398b8e578d8ffd3437f1.zip | |
OvmfPkg: reserve CPUID page
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.
Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Diffstat (limited to 'OvmfPkg/OvmfPkg.dec')
| -rw-r--r-- | OvmfPkg/OvmfPkg.dec | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index deb285fd62..bc14cf2ed4 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -357,6 +357,13 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x58
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x59
+ ## The base address and size of a CPUID Area that contains the hypervisor
+ # provided CPUID results. In the case of SEV-SNP, the CPUID results are
+ # filtered by the SEV-SNP firmware. If this is set in the .fdf, the
+ # platform is responsible to reserve this area from DXE phase overwrites.
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|0|UINT32|0x60
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize|0|UINT32|0x61
+
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
|