From fd290ab8628478c62c32c972fc16b86b6c3372ce Mon Sep 17 00:00:00 2001 From: Michael Roth Date: Thu, 2 May 2024 13:49:21 +0200 Subject: OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs Future changes will make use of CpuPageTableLib to handle splitting page table mappings during SEC phase. While it's not strictly required by hardware, CpuPageTableLib relies on non-leaf PTEs never having the encryption bit set, so go ahead change the page table setup code to satisfy this expectation. Suggested-by: Tom Lendacky Cc: Ard Biesheuvel Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Signed-off-by: Michael Roth Reviewed-by: Gerd Hoffmann --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 5 ++++- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 11 deletions(-) (limited to 'OvmfPkg/ResetVector') diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm index 23e4c5ebbe..827c874312 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -162,11 +162,14 @@ SevClearPageEncMaskForGhcbPage: ; ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted. ; This requires the 2MB page for this range be broken down into 512 4KB - ; pages. All will be marked encrypted, except for the GHCB. + ; pages. All will be marked encrypted, except for the GHCB. Since the + ; original PMD entry is no longer a leaf entry, remove the encryption + ; bit when pointing to the PTE page. ; mov ecx, (GHCB_BASE >> 21) mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR mov [ecx * 8 + PT_ADDR (0x2000)], eax + mov [ecx * 8 + PT_ADDR (0x2000) + 4], strict dword 0 ; ; Page Table Entries (512 * 4KB entries => 2MB) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm index 474d22dbfa..d913a39d46 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -67,7 +67,7 @@ BITS 32 ; ; Create page tables for 4-level paging ; -; Argument: upper 32 bits of the page table entries +; Argument: upper 32 bits of the leaf page table entries ; %macro CreatePageTables4Level 1 @@ -78,19 +78,19 @@ BITS 32 ; Top level Page Directory Pointers (1 * 512GB entry) ; mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (4)], %1 + mov dword[PT_ADDR (4)], 0 ; ; Next level Page Directory Pointers (4 * 1GB entries => 4GB) ; mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (0x1004)], %1 + mov dword[PT_ADDR (0x1004)], 0 mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (0x100C)], %1 + mov dword[PT_ADDR (0x100C)], 0 mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (0x1014)], %1 + mov dword[PT_ADDR (0x1014)], 0 mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (0x101C)], %1 + mov dword[PT_ADDR (0x101C)], 0 ; ; Page Table Entries (2048 * 2MB entries => 4GB) @@ -141,7 +141,7 @@ BITS 32 ; ; Create page tables for 5-level paging with gigabyte pages ; -; Argument: upper 32 bits of the page table entries +; Argument: upper 32 bits of the leaf page table entries ; ; We have 6 pages available for the early page tables, ; we use four of them: @@ -164,15 +164,15 @@ BITS 32 ; level 5 mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (4)], %1 + mov dword[PT_ADDR (4)], 0 ; level 4 mov dword[PT_ADDR (0x1000)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (0x1004)], %1 + mov dword[PT_ADDR (0x1004)], 0 ; level 3 (1x -> level 2, 3x 1GB) mov dword[PT_ADDR (0x3000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR - mov dword[PT_ADDR (0x3004)], %1 + mov dword[PT_ADDR (0x3004)], 0 mov dword[PT_ADDR (0x3008)], (1 << 30) + PAGE_PDE_LARGEPAGE_ATTR mov dword[PT_ADDR (0x300c)], %1 mov dword[PT_ADDR (0x3010)], (2 << 30) + PAGE_PDE_LARGEPAGE_ATTR -- cgit v1.2.3