diff options
| author | Michael Roth <michael.roth@amd.com> | 2021-12-09 11:27:39 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-12-09 06:28:10 +0000 |
| commit | d2b998fbdca463ddcd8dc1407039a6e82578039f (patch) | |
| tree | 57fd647fd0ca828c6ba62bb8a8e9b401c88d9110 /OvmfPkg/OvmfXen.dsc | |
| parent | 7c3b2892ea4a2acc6d108d226d64bea86be20e02 (diff) | |
| download | edk2-d2b998fbdca463ddcd8dc1407039a6e82578039f.tar.gz edk2-d2b998fbdca463ddcd8dc1407039a6e82578039f.tar.bz2 edk2-d2b998fbdca463ddcd8dc1407039a6e82578039f.zip | |
OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values
SEV-SNP firmware allows a special guest page to be populated with
guest CPUID values so that they can be validated against supported
host features before being loaded into encrypted guest memory to be
used instead of hypervisor-provided values [1].
Add handling for this in the CPUID #VC handler and use it whenever
SEV-SNP is enabled. To do so, existing CPUID handling via VmgExit is
moved to a helper, GetCpuidHyp(), and a new helper that uses the CPUID
page to do the lookup, GetCpuidFw(), is used instead when SNP is
enabled. For cases where SNP CPUID lookups still rely on fetching
specific CPUID fields from hypervisor, GetCpuidHyp() is used there as
well.
[1]: SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Diffstat (limited to 'OvmfPkg/OvmfXen.dsc')
0 files changed, 0 insertions, 0 deletions