diff options
| author | Tom Lendacky <thomas.lendacky@amd.com> | 2020-08-12 15:21:39 -0500 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-08-17 02:46:39 +0000 |
| commit | 0afa1d08f185e5d609caf49b5fa92401ce29cd13 (patch) | |
| tree | 5554adadd0f8171de622dcd26642b36615fbf90b /OvmfPkg | |
| parent | fefcf90c33147b734dc70d48daf6bf14a03b20ad (diff) | |
| download | edk2-0afa1d08f185e5d609caf49b5fa92401ce29cd13.tar.gz edk2-0afa1d08f185e5d609caf49b5fa92401ce29cd13.tar.bz2 edk2-0afa1d08f185e5d609caf49b5fa92401ce29cd13.zip | |
OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Create a function that can be used to determine if the VM is running
as an SEV-ES guest.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'OvmfPkg')
| -rw-r--r-- | OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 | ||||
| -rw-r--r-- | OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c | 49 |
2 files changed, 47 insertions, 14 deletions
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index 64dd6977b0..fc70b01143 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -14,6 +14,18 @@ #include <Base.h>
/**
+ Returns a boolean to indicate whether SEV-ES is enabled.
+
+ @retval TRUE SEV-ES is enabled
+ @retval FALSE SEV-ES is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevEsIsEnabled (
+ VOID
+ );
+
+/**
Returns a boolean to indicate whether SEV is enabled
@retval TRUE SEV is enabled
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c index 96a66e373f..02b8eb225d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c @@ -20,19 +20,17 @@ #include <Uefi/UefiBaseType.h>
STATIC BOOLEAN mSevStatus = FALSE;
+STATIC BOOLEAN mSevEsStatus = FALSE;
STATIC BOOLEAN mSevStatusChecked = FALSE;
/**
+ Reads and sets the status of SEV features.
- Returns a boolean to indicate whether SEV is enabled
-
- @retval TRUE SEV is enabled
- @retval FALSE SEV is not enabled
**/
STATIC
-BOOLEAN
+VOID
EFIAPI
-InternalMemEncryptSevIsEnabled (
+InternalMemEncryptSevStatus (
VOID
)
{
@@ -56,16 +54,42 @@ InternalMemEncryptSevIsEnabled ( //
Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
if (Msr.Bits.SevBit) {
- return TRUE;
+ mSevStatus = TRUE;
+ }
+
+ //
+ // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
+ //
+ if (Msr.Bits.SevEsBit) {
+ mSevEsStatus = TRUE;
}
}
}
- return FALSE;
+ mSevStatusChecked = TRUE;
}
/**
- Returns a boolean to indicate whether SEV is enabled
+ Returns a boolean to indicate whether SEV-ES is enabled.
+
+ @retval TRUE SEV-ES is enabled
+ @retval FALSE SEV-ES is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevEsIsEnabled (
+ VOID
+ )
+{
+ if (!mSevStatusChecked) {
+ InternalMemEncryptSevStatus ();
+ }
+
+ return mSevEsStatus;
+}
+
+/**
+ Returns a boolean to indicate whether SEV is enabled.
@retval TRUE SEV is enabled
@retval FALSE SEV is not enabled
@@ -76,13 +100,10 @@ MemEncryptSevIsEnabled ( VOID
)
{
- if (mSevStatusChecked) {
- return mSevStatus;
+ if (!mSevStatusChecked) {
+ InternalMemEncryptSevStatus ();
}
- mSevStatus = InternalMemEncryptSevIsEnabled();
- mSevStatusChecked = TRUE;
-
return mSevStatus;
}
|