OvmfPkg/BaseMemcryptSevLib: Add SEV helper library
Add Secure Encrypted Virtualization (SEV) helper library. The library provides the routines to: - set or clear memory encryption bit for a given memory region. - query whether SEV is enabled. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Jordan Justen <jordan.l.justen@intel.com>
This commit is contained in:
committed by
Jordan Justen
parent
97353a9c91
commit
a1f2261425
@@ -0,0 +1,90 @@
|
||||
/** @file
|
||||
|
||||
Secure Encrypted Virtualization (SEV) library helper function
|
||||
|
||||
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
|
||||
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD
|
||||
License which accompanies this distribution. The full text of the license may
|
||||
be found at http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Register/Cpuid.h>
|
||||
#include <Register/Amd/Cpuid.h>
|
||||
#include <Register/Amd/Msr.h>
|
||||
#include <Library/MemEncryptSevLib.h>
|
||||
|
||||
STATIC BOOLEAN mSevStatus = FALSE;
|
||||
STATIC BOOLEAN mSevStatusChecked = FALSE;
|
||||
|
||||
/**
|
||||
|
||||
Returns a boolean to indicate whether SEV is enabled
|
||||
|
||||
@retval TRUE SEV is enabled
|
||||
@retval FALSE SEV is not enabled
|
||||
**/
|
||||
STATIC
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
InternalMemEncryptSevIsEnabled (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
UINT32 RegEax;
|
||||
MSR_SEV_STATUS_REGISTER Msr;
|
||||
CPUID_MEMORY_ENCRYPTION_INFO_EAX Eax;
|
||||
|
||||
//
|
||||
// Check if memory encryption leaf exist
|
||||
//
|
||||
AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
|
||||
if (RegEax >= CPUID_MEMORY_ENCRYPTION_INFO) {
|
||||
//
|
||||
// CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
|
||||
//
|
||||
AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NULL);
|
||||
|
||||
if (Eax.Bits.SevBit) {
|
||||
//
|
||||
// Check MSR_0xC0010131 Bit 0 (Sev Enabled)
|
||||
//
|
||||
Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS);
|
||||
if (Msr.Bits.SevBit) {
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Returns a boolean to indicate whether SEV is enabled
|
||||
|
||||
@retval TRUE SEV is enabled
|
||||
@retval FALSE SEV is not enabled
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
MemEncryptSevIsEnabled (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
if (mSevStatusChecked) {
|
||||
return mSevStatus;
|
||||
}
|
||||
|
||||
mSevStatus = InternalMemEncryptSevIsEnabled();
|
||||
mSevStatusChecked = TRUE;
|
||||
|
||||
return mSevStatus;
|
||||
}
|
Reference in New Issue
Block a user