diff options
| author | Brijesh Singh <brijesh.singh@amd.com> | 2021-12-09 11:27:50 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-12-09 06:28:10 +0000 |
| commit | b95908e04317a2b1e3641845ba36f673d5aebada (patch) | |
| tree | a83fd3411fe1ed572c09caf09521f1f68da42cfc /UefiCpuPkg/Library/MpInitLib/MpLib.c | |
| parent | 504ae26b80b589eb48a17d42b8fb6ac48c4ebf7b (diff) | |
| download | edk2-b95908e04317a2b1e3641845ba36f673d5aebada.tar.gz edk2-b95908e04317a2b1e3641845ba36f673d5aebada.tar.bz2 edk2-b95908e04317a2b1e3641845ba36f673d5aebada.zip | |
UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV status
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Previous commit introduced a generic confidential computing PCD that can
determine whether AMD SEV-ES is enabled. Update the MpInitLib to drop the
PcdSevEsIsEnabled in favor of PcdConfidentialComputingAttr.
Cc: Michael Roth <michael.roth@amd.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Ray Ni <ray.ni@intel.com>
Suggested-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Diffstat (limited to 'UefiCpuPkg/Library/MpInitLib/MpLib.c')
| -rw-r--r-- | UefiCpuPkg/Library/MpInitLib/MpLib.c | 73 |
1 files changed, 70 insertions, 3 deletions
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c index 34555c0693..64fddb497e 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -295,7 +295,7 @@ GetApLoopMode ( ApLoopMode = ApInHltLoop;
}
- if (PcdGetBool (PcdSevEsIsEnabled)) {
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {
//
// For SEV-ES, force AP in Hlt-loop mode in order to use the GHCB
// protocol for starting APs
@@ -1055,7 +1055,7 @@ AllocateResetVector ( // The AP reset stack is only used by SEV-ES guests. Do not allocate it
// if SEV-ES is not enabled.
//
- if (PcdGetBool (PcdSevEsIsEnabled)) {
+ if (ConfidentialComputingGuestHas (CCAttrAmdSevEs)) {
//
// Stack location is based on ProcessorNumber, so use the total number
// of processors for calculating the total stack area.
@@ -1847,7 +1847,7 @@ MpInitLibInitialize ( CpuMpData->CpuData = (CPU_AP_DATA *)(CpuMpData + 1);
CpuMpData->CpuInfoInHob = (UINT64)(UINTN)(CpuMpData->CpuData + MaxLogicalProcessorNumber);
InitializeSpinLock (&CpuMpData->MpLock);
- CpuMpData->SevEsIsEnabled = PcdGetBool (PcdSevEsIsEnabled);
+ CpuMpData->SevEsIsEnabled = ConfidentialComputingGuestHas (CCAttrAmdSevEs);
CpuMpData->SevEsAPBuffer = (UINTN)-1;
CpuMpData->GhcbBase = PcdGet64 (PcdGhcbBase);
@@ -2755,3 +2755,70 @@ MpInitLibStartupAllCPUs ( NULL
);
}
+
+/**
+ The function check if the specified Attr is set.
+
+ @param[in] CurrentAttr The current attribute.
+ @param[in] Attr The attribute to check.
+
+ @retval TRUE The specified Attr is set.
+ @retval FALSE The specified Attr is not set.
+
+**/
+STATIC
+BOOLEAN
+AmdMemEncryptionAttrCheck (
+ IN UINT64 CurrentAttr,
+ IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
+ )
+{
+ switch (Attr) {
+ case CCAttrAmdSev:
+ //
+ // SEV is automatically enabled if SEV-ES or SEV-SNP is active.
+ //
+ return CurrentAttr >= CCAttrAmdSev;
+ case CCAttrAmdSevEs:
+ //
+ // SEV-ES is automatically enabled if SEV-SNP is active.
+ //
+ return CurrentAttr >= CCAttrAmdSevEs;
+ case CCAttrAmdSevSnp:
+ return CurrentAttr == CCAttrAmdSevSnp;
+ default:
+ return FALSE;
+ }
+}
+
+/**
+ Check if the specified confidential computing attribute is active.
+
+ @param[in] Attr The attribute to check.
+
+ @retval TRUE The specified Attr is active.
+ @retval FALSE The specified Attr is not active.
+
+**/
+BOOLEAN
+EFIAPI
+ConfidentialComputingGuestHas (
+ IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
+ )
+{
+ UINT64 CurrentAttr;
+
+ //
+ // Get the current CC attribute.
+ //
+ CurrentAttr = PcdGet64 (PcdConfidentialComputingGuestAttr);
+
+ //
+ // If attr is for the AMD group then call AMD specific checks.
+ //
+ if (((RShiftU64 (CurrentAttr, 8)) & 0xff) == 1) {
+ return AmdMemEncryptionAttrCheck (CurrentAttr, Attr);
+ }
+
+ return (CurrentAttr == Attr);
+}
|