blob: dffd2ceb9656e3d6a3a5e35dbc23f3da440171f3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
/** @file
File defines the Sec routines for the AMD SEV
Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef _AMD_SEV_SEC_INTERNAL_H__
#define _AMD_SEV_SEC_INTERNAL_H__
/**
Handle an SEV-ES/GHCB protocol check failure.
Notify the hypervisor using the VMGEXIT instruction that the SEV-ES guest
wishes to be terminated.
@param[in] ReasonCode Reason code to provide to the hypervisor for the
termination request.
**/
VOID
SevEsProtocolFailure (
IN UINT8 ReasonCode
);
/**
Validate the SEV-ES/GHCB protocol level.
Verify that the level of SEV-ES/GHCB protocol supported by the hypervisor
and the guest intersect. If they don't intersect, request termination.
**/
VOID
SevEsProtocolCheck (
VOID
);
/**
Determine if the SEV is active.
During the early booting, GuestType is set in the work area. Verify that it
is an SEV guest.
@retval TRUE SEV is enabled
@retval FALSE SEV is not enabled
**/
BOOLEAN
IsSevGuest (
VOID
);
/**
Determine if SEV-ES is active.
During early booting, SEV-ES support code will set a flag to indicate that
SEV-ES is enabled. Return the value of this flag as an indicator that SEV-ES
is enabled.
@retval TRUE SEV-ES is enabled
@retval FALSE SEV-ES is not enabled
**/
BOOLEAN
SevEsIsEnabled (
VOID
);
/**
Validate System RAM used for decompressing the PEI and DXE firmware volumes
when SEV-SNP is active. The PCDs SecValidatedStart and SecValidatedEnd are
set in OvmfPkg/FvmainCompactScratchEnd.fdf.inc.
**/
VOID
SecValidateSystemRam (
VOID
);
/**
Determine if SEV-SNP is active.
@retval TRUE SEV-SNP is enabled
@retval FALSE SEV-SNP is not enabled
**/
BOOLEAN
SevSnpIsEnabled (
VOID
);
#endif
|
