OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs

Future changes will make use of CpuPageTableLib to handle splitting page table mappings during SEC phase. While it's not strictly required by hardware, CpuPageTableLib relies on non-leaf PTEs never having the encryption bit set, so go ahead change the page table setup code to satisfy this expectation. Suggested-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
2024-05-02 13:49:21 +02:00
parent 5f783827bb
commit fd290ab862
2 changed files with 14 additions and 11 deletions
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -162,11 +162,14 @@ SevClearPageEncMaskForGhcbPage:
    ;
    ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted.
    ; This requires the 2MB page for this range be broken down into 512 4KB
-    ; pages.  All will be marked encrypted, except for the GHCB.
+    ; pages.  All will be marked encrypted, except for the GHCB. Since the
+    ; original PMD entry is no longer a leaf entry, remove the encryption
+    ; bit when pointing to the PTE page.
    ;
    mov     ecx, (GHCB_BASE >> 21)
    mov     eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
    mov     [ecx * 8 + PT_ADDR (0x2000)], eax
+    mov     [ecx * 8 + PT_ADDR (0x2000) + 4], strict dword 0

    ;
    ; Page Table Entries (512 * 4KB entries => 2MB)