diff options
| author | Alexey Kardashevskiy <aik@amd.com> | 2024-05-28 14:48:40 +1000 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-07-04 20:39:26 +0000 |
| commit | 28099661893327296e18b8f98a1e7c3e757c7d49 (patch) | |
| tree | 1c63f389e1ec416a3ea296ae2698f6ee7cbfb833 /OvmfPkg | |
| parent | 63a7152471111306184e4ac20a1ca705e6b75b6b (diff) | |
| download | edk2-28099661893327296e18b8f98a1e7c3e757c7d49.tar.gz edk2-28099661893327296e18b8f98a1e7c3e757c7d49.tar.bz2 edk2-28099661893327296e18b8f98a1e7c3e757c7d49.zip | |
OvmfPkg: Enable AMD SEV-ES DebugVirtualization
Write the feature bit into PcdConfidentialComputingGuestAttr
and enable DebugVirtualization in PEI, SEC, DXE.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v5:
* "rb" from Tom
v4:
* s/DebugSwap/DebugVirtualization/g
Diffstat (limited to 'OvmfPkg')
| -rw-r--r-- | OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 6 | ||||
| -rw-r--r-- | OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 6 | ||||
| -rw-r--r-- | OvmfPkg/PlatformPei/AmdSev.c | 13 |
3 files changed, 20 insertions, 5 deletions
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index 7d823ad639..f381b9255b 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -154,5 +154,9 @@ MemEncryptSevEsDebugVirtualizationIsEnabled ( VOID
)
{
- return FALSE;
+ MSR_SEV_STATUS_REGISTER Msr;
+
+ Msr.Uint32 = InternalMemEncryptSevStatus ();
+
+ return Msr.Bits.DebugVirtualization ? TRUE : FALSE;
}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 33a326ac15..946bed2ada 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -154,7 +154,11 @@ MemEncryptSevEsDebugVirtualizationIsEnabled ( VOID
)
{
- return FALSE;
+ MSR_SEV_STATUS_REGISTER Msr;
+
+ Msr.Uint32 = InternalMemEncryptSevStatus ();
+
+ return Msr.Bits.DebugVirtualization ? TRUE : FALSE;
}
/**
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 88ca14507f..8562787035 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -434,6 +434,7 @@ AmdSevInitialize ( )
{
UINT64 EncryptionMask;
+ UINT64 CCGuestAttr;
RETURN_STATUS PcdStatus;
//
@@ -517,13 +518,19 @@ AmdSevInitialize ( // technology is active.
//
if (MemEncryptSevSnpIsEnabled ()) {
- PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSevSnp);
+ CCGuestAttr = CCAttrAmdSevSnp;
} else if (MemEncryptSevEsIsEnabled ()) {
- PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSevEs);
+ CCGuestAttr = CCAttrAmdSevEs;
} else {
- PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSev);
+ CCGuestAttr = CCAttrAmdSev;
}
+ if (MemEncryptSevEsDebugVirtualizationIsEnabled ()) {
+ CCGuestAttr |= CCAttrFeatureAmdSevEsDebugVirtualization;
+ }
+
+ PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCGuestAttr);
+
ASSERT_RETURN_ERROR (PcdStatus);
}
|