summaryrefslogtreecommitdiffstats
path: root/OvmfPkg
diff options
context:
space:
mode:
authorMichael Roth <michael.roth@amd.com>2024-05-02 13:49:21 +0200
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-05-02 12:43:50 +0000
commitfd290ab8628478c62c32c972fc16b86b6c3372ce (patch)
tree0e736b7b572655e08a70187c1e18563fd5acc907 /OvmfPkg
parent5f783827bbaa1552edf4386bb71d8d8f471340f5 (diff)
downloadedk2-fd290ab8628478c62c32c972fc16b86b6c3372ce.tar.gz
edk2-fd290ab8628478c62c32c972fc16b86b6c3372ce.tar.bz2
edk2-fd290ab8628478c62c32c972fc16b86b6c3372ce.zip
OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs
Future changes will make use of CpuPageTableLib to handle splitting page table mappings during SEC phase. While it's not strictly required by hardware, CpuPageTableLib relies on non-leaf PTEs never having the encryption bit set, so go ahead change the page table setup code to satisfy this expectation. Suggested-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'OvmfPkg')
-rw-r--r--OvmfPkg/ResetVector/Ia32/AmdSev.asm5
-rw-r--r--OvmfPkg/ResetVector/Ia32/PageTables64.asm20
2 files changed, 14 insertions, 11 deletions
diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 23e4c5ebbe..827c874312 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -162,11 +162,14 @@ SevClearPageEncMaskForGhcbPage:
;
; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted.
; This requires the 2MB page for this range be broken down into 512 4KB
- ; pages. All will be marked encrypted, except for the GHCB.
+ ; pages. All will be marked encrypted, except for the GHCB. Since the
+ ; original PMD entry is no longer a leaf entry, remove the encryption
+ ; bit when pointing to the PTE page.
;
mov ecx, (GHCB_BASE >> 21)
mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
mov [ecx * 8 + PT_ADDR (0x2000)], eax
+ mov [ecx * 8 + PT_ADDR (0x2000) + 4], strict dword 0
;
; Page Table Entries (512 * 4KB entries => 2MB)
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 474d22dbfa..d913a39d46 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -67,7 +67,7 @@ BITS 32
;
; Create page tables for 4-level paging
;
-; Argument: upper 32 bits of the page table entries
+; Argument: upper 32 bits of the leaf page table entries
;
%macro CreatePageTables4Level 1
@@ -78,19 +78,19 @@ BITS 32
; Top level Page Directory Pointers (1 * 512GB entry)
;
mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (4)], %1
+ mov dword[PT_ADDR (4)], 0
;
; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
;
mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (0x1004)], %1
+ mov dword[PT_ADDR (0x1004)], 0
mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (0x100C)], %1
+ mov dword[PT_ADDR (0x100C)], 0
mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (0x1014)], %1
+ mov dword[PT_ADDR (0x1014)], 0
mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (0x101C)], %1
+ mov dword[PT_ADDR (0x101C)], 0
;
; Page Table Entries (2048 * 2MB entries => 4GB)
@@ -141,7 +141,7 @@ BITS 32
;
; Create page tables for 5-level paging with gigabyte pages
;
-; Argument: upper 32 bits of the page table entries
+; Argument: upper 32 bits of the leaf page table entries
;
; We have 6 pages available for the early page tables,
; we use four of them:
@@ -164,15 +164,15 @@ BITS 32
; level 5
mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (4)], %1
+ mov dword[PT_ADDR (4)], 0
; level 4
mov dword[PT_ADDR (0x1000)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (0x1004)], %1
+ mov dword[PT_ADDR (0x1004)], 0
; level 3 (1x -> level 2, 3x 1GB)
mov dword[PT_ADDR (0x3000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
- mov dword[PT_ADDR (0x3004)], %1
+ mov dword[PT_ADDR (0x3004)], 0
mov dword[PT_ADDR (0x3008)], (1 << 30) + PAGE_PDE_LARGEPAGE_ATTR
mov dword[PT_ADDR (0x300c)], %1
mov dword[PT_ADDR (0x3010)], (2 << 30) + PAGE_PDE_LARGEPAGE_ATTR