TianoCore EDK2 master
Loading...
Searching...
No Matches
Functions
AmdSev.h File Reference

Go to the source code of this file.

Functions

VOID SevEsProtocolFailure (IN UINT8 ReasonCode)
 
VOID SevEsProtocolCheck (VOID)
 
BOOLEAN IsSevGuest (VOID)
 
BOOLEAN SevEsIsEnabled (VOID)
 
VOID SecValidateSystemRam (VOID)
 
BOOLEAN SevSnpIsEnabled (VOID)
 
VOID SecMapApicBaseUnencrypted (VOID)
 

Detailed Description

File defines the Sec routines for the AMD SEV

Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved.

SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file AmdSev.h.

Function Documentation

◆ IsSevGuest()

BOOLEAN IsSevGuest ( VOID  )

Determine if the SEV is active.

During the early booting, GuestType is set in the work area. Verify that it is an SEV guest.

Return values
TRUESEV is enabled
FALSESEV is not enabled

Definition at line 240 of file AmdSev.c.

◆ SecMapApicBaseUnencrypted()

VOID SecMapApicBaseUnencrypted ( VOID  )

Map MMIO regions unencrypted if SEV-ES is active.

During early booting, page table entries default to having the encryption bit set for SEV-ES/SEV-SNP guests. In cases where there is MMIO to an address, the encryption bit should be cleared. Clear it here for any known MMIO accesses during SEC, which is currently just the APIC base address.

Map known MMIO regions unencrypted if SEV-ES is active.

During early booting, page table entries default to having the encryption bit set for SEV-ES/SEV-SNP guests. In cases where there is MMIO to an address, the encryption bit should be cleared. Clear it here for any known MMIO accesses during SEC, which is currently just the APIC base address.

Definition at line 318 of file AmdSev.c.

◆ SecValidateSystemRam()

VOID SecValidateSystemRam ( VOID  )

Validate System RAM used for decompressing the PEI and DXE firmware volumes when SEV-SNP is active. The PCDs SecValidatedStart and SecValidatedEnd are set in OvmfPkg/Include/Fdf/FvmainCompactScratchEnd.fdf.inc.

Definition at line 294 of file AmdSev.c.

◆ SevEsIsEnabled()

BOOLEAN SevEsIsEnabled ( VOID  )

Determine if SEV-ES is active.

During early booting, SEV-ES support code will set a flag to indicate that SEV-ES is enabled. Return the value of this flag as an indicator that SEV-ES is enabled.

Return values
TRUESEV-ES is enabled
FALSESEV-ES is not enabled

Definition at line 272 of file AmdSev.c.

◆ SevEsProtocolCheck()

VOID SevEsProtocolCheck ( VOID  )

Validate the SEV-ES/GHCB protocol level.

Verify that the level of SEV-ES/GHCB protocol supported by the hypervisor and the guest intersect. If they don't intersect, request termination.

Definition at line 159 of file AmdSev.c.

◆ SevEsProtocolFailure()

VOID SevEsProtocolFailure ( IN UINT8  ReasonCode)

Handle an SEV-ES/GHCB protocol check failure.

Notify the hypervisor using the VMGEXIT instruction that the SEV-ES guest wishes to be terminated.

Parameters
[in]ReasonCodeReason code to provide to the hypervisor for the termination request.

Handle an SEV-SNP/GHCB protocol check failure.

Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP guest wishes to be terminated.

Parameters
[in]ReasonCodeReason code to provide to the hypervisor for the termination request.

Definition at line 185 of file AmdSev.c.

◆ SevSnpIsEnabled()

BOOLEAN SevSnpIsEnabled ( VOID  )

Determine if SEV-SNP is active.

Return values
TRUESEV-SNP is enabled
FALSESEV-SNP is not enabled

Definition at line 62 of file AmdSev.c.