/** @file
Define Secure Encrypted Virtualization (SEV) base library helper function
Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef _MEM_ENCRYPT_SEV_LIB_H_
#define _MEM_ENCRYPT_SEV_LIB_H_
#include
#include
//
// Define the maximum number of #VCs allowed (e.g. the level of nesting
// that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
// be sure to increase the size of
// gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
// in any FDF file using this PCD.
//
#define VMGEXIT_MAXIMUM_VC_COUNT 2
//
// Per-CPU data mapping structure
// Use UINT32 for cached indicators and compare to a specific value
// so that the hypervisor can't indicate a value is cached by just
// writing random data to that area.
//
typedef struct {
UINT32 Dr7Cached;
UINT64 Dr7;
UINTN VcCount;
VOID *GhcbBackupPages;
} SEV_ES_PER_CPU_DATA;
//
// Memory encryption address range states.
//
typedef enum {
MemEncryptSevAddressRangeUnencrypted,
MemEncryptSevAddressRangeEncrypted,
MemEncryptSevAddressRangeMixed,
MemEncryptSevAddressRangeError,
} MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;
/**
Returns a boolean to indicate whether SEV-SNP is enabled
@retval TRUE SEV-SNP is enabled
@retval FALSE SEV-SNP is not enabled
**/
BOOLEAN
EFIAPI
MemEncryptSevSnpIsEnabled (
VOID
);
/**
Returns a boolean to indicate whether SEV-ES is enabled.
@retval TRUE SEV-ES is enabled
@retval FALSE SEV-ES is not enabled
**/
BOOLEAN
EFIAPI
MemEncryptSevEsIsEnabled (
VOID
);
/**
Returns a boolean to indicate whether SEV is enabled
@retval TRUE SEV is enabled
@retval FALSE SEV is not enabled
**/
BOOLEAN
EFIAPI
MemEncryptSevIsEnabled (
VOID
);
/**
This function clears memory encryption bit for the memory region specified by
BaseAddress and NumPages from the current page table context.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
current CR3)
@param[in] BaseAddress The physical address that is the start
address of a memory region.
@param[in] NumPages The number of pages from start memory
region.
@retval RETURN_SUCCESS The attributes were cleared for the
memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
is not supported
**/
RETURN_STATUS
EFIAPI
MemEncryptSevClearPageEncMask (
IN PHYSICAL_ADDRESS Cr3BaseAddress,
IN PHYSICAL_ADDRESS BaseAddress,
IN UINTN NumPages
);
/**
This function sets memory encryption bit for the memory region specified by
BaseAddress and NumPages from the current page table context.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
current CR3)
@param[in] BaseAddress The physical address that is the start
address of a memory region.
@param[in] NumPages The number of pages from start memory
region.
@retval RETURN_SUCCESS The attributes were set for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encryption attribute
is not supported
**/
RETURN_STATUS
EFIAPI
MemEncryptSevSetPageEncMask (
IN PHYSICAL_ADDRESS Cr3BaseAddress,
IN PHYSICAL_ADDRESS BaseAddress,
IN UINTN NumPages
);
/**
Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
Save State Map.
@param[out] BaseAddress The base address of the lowest-address page that
covers the initial SMRAM Save State Map.
@param[out] NumberOfPages The number of pages in the page range that covers
the initial SMRAM Save State Map.
@retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set on
output.
@retval RETURN_UNSUPPORTED SMM is unavailable.
**/
RETURN_STATUS
EFIAPI
MemEncryptSevLocateInitialSmramSaveStateMapPages (
OUT UINTN *BaseAddress,
OUT UINTN *NumberOfPages
);
/**
Returns the SEV encryption mask.
@return The SEV pagetable encryption mask
**/
UINT64
EFIAPI
MemEncryptSevGetEncryptionMask (
VOID
);
/**
Returns the encryption state of the specified virtual address range.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
current CR3)
@param[in] BaseAddress Base address to check
@param[in] Length Length of virtual address range
@retval MemEncryptSevAddressRangeUnencrypted Address range is mapped
unencrypted
@retval MemEncryptSevAddressRangeEncrypted Address range is mapped
encrypted
@retval MemEncryptSevAddressRangeMixed Address range is mapped mixed
@retval MemEncryptSevAddressRangeError Address range is not mapped
**/
MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
EFIAPI
MemEncryptSevGetAddressRangeState (
IN PHYSICAL_ADDRESS Cr3BaseAddress,
IN PHYSICAL_ADDRESS BaseAddress,
IN UINTN Length
);
/**
This function clears memory encryption bit for the MMIO region specified by
BaseAddress and NumPages.
@param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
current CR3)
@param[in] BaseAddress The physical address that is the start
address of a MMIO region.
@param[in] NumPages The number of pages from start memory
region.
@retval RETURN_SUCCESS The attributes were cleared for the
memory region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Clearing the memory encryption attribute
is not supported
**/
RETURN_STATUS
EFIAPI
MemEncryptSevClearMmioPageEncMask (
IN PHYSICAL_ADDRESS Cr3BaseAddress,
IN PHYSICAL_ADDRESS BaseAddress,
IN UINTN NumPages
);
/**
Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@param[in] BaseAddress Base address
@param[in] NumPages Number of pages starting from the base address
**/
VOID
EFIAPI
MemEncryptSevSnpPreValidateSystemRam (
IN PHYSICAL_ADDRESS BaseAddress,
IN UINTN NumPages
);
#endif // _MEM_ENCRYPT_SEV_LIB_H_