TianoCore EDK2 master
Loading...
Searching...
No Matches
DxeMemEncryptSevLibInternal.c
Go to the documentation of this file.
1
11#include <Library/BaseLib.h>
12#include <Library/DebugLib.h>
13#include <Library/MemEncryptSevLib.h>
14#include <Library/PcdLib.h>
15#include <Register/Amd/Cpuid.h>
16#include <Register/Amd/Msr.h>
17#include <Register/Cpuid.h>
18#include <Uefi/UefiBaseType.h>
19#include <ConfidentialComputingGuestAttr.h>
20
21STATIC UINT64 mCurrentAttr = 0;
22STATIC BOOLEAN mCurrentAttrRead = FALSE;
23STATIC UINT64 mSevEncryptionMask = 0;
24STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
25
36STATIC
37BOOLEAN
38AmdMemEncryptionAttrCheck (
39 IN UINT64 CurrentAttr,
40 IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
41 )
42{
43 UINT64 CurrentLevel;
44
45 CurrentLevel = CurrentAttr & CCAttrTypeMask;
46
47 switch (Attr) {
48 case CCAttrAmdSev:
49 //
50 // SEV is automatically enabled if SEV-ES or SEV-SNP is active.
51 //
52 return CurrentLevel >= CCAttrAmdSev;
53 case CCAttrAmdSevEs:
54 //
55 // SEV-ES is automatically enabled if SEV-SNP is active.
56 //
57 return CurrentLevel >= CCAttrAmdSevEs;
58 case CCAttrAmdSevSnp:
59 return CurrentLevel == CCAttrAmdSevSnp;
60 case CCAttrFeatureAmdSevEsDebugVirtualization:
61 return !!(CurrentAttr & CCAttrFeatureAmdSevEsDebugVirtualization);
62 default:
63 return FALSE;
64 }
65}
66
76STATIC
77BOOLEAN
78EFIAPI
79ConfidentialComputingGuestHas (
80 IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
81 )
82{
83 //
84 // Get the current CC attribute.
85 //
86 // We avoid reading the PCD on every check because this routine could be indirectly
87 // called during the virtual pointer conversion. And its not safe to access the
88 // PCDs during the virtual pointer conversion.
89 //
90 if (!mCurrentAttrRead) {
91 mCurrentAttr = PcdGet64 (PcdConfidentialComputingGuestAttr);
92 mCurrentAttrRead = TRUE;
93 }
94
95 //
96 // If attr is for the AMD group then call AMD specific checks.
97 //
98 if (((RShiftU64 (mCurrentAttr, 8)) & 0xff) == 1) {
99 return AmdMemEncryptionAttrCheck (mCurrentAttr, Attr);
100 }
101
102 return (mCurrentAttr == Attr);
103}
104
111BOOLEAN
112EFIAPI
113MemEncryptSevSnpIsEnabled (
114 VOID
115 )
116{
117 return ConfidentialComputingGuestHas (CCAttrAmdSevSnp);
118}
119
126BOOLEAN
127EFIAPI
128MemEncryptSevEsIsEnabled (
129 VOID
130 )
131{
132 return ConfidentialComputingGuestHas (CCAttrAmdSevEs);
133}
134
141BOOLEAN
142EFIAPI
143MemEncryptSevIsEnabled (
144 VOID
145 )
146{
147 return ConfidentialComputingGuestHas (CCAttrAmdSev);
148}
149
155UINT64
156EFIAPI
157MemEncryptSevGetEncryptionMask (
158 VOID
159 )
160{
161 if (!mSevEncryptionMaskSaved) {
162 mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
163 mSevEncryptionMaskSaved = TRUE;
164 }
165
166 return mSevEncryptionMask;
167}
168
175BOOLEAN
176EFIAPI
177MemEncryptSevEsDebugVirtualizationIsEnabled (
178 VOID
179 )
180{
181 return ConfidentialComputingGuestHas (CCAttrFeatureAmdSevEsDebugVirtualization);
182}
RShiftU64
UINT64 EFIAPI RShiftU64(IN UINT64 Operand, IN UINTN Count)
Definition: RShiftU64.c:28
MemEncryptSevEsDebugVirtualizationIsEnabled
BOOLEAN EFIAPI MemEncryptSevEsDebugVirtualizationIsEnabled(VOID)
Definition: DxeMemEncryptSevLibInternal.c:177
ConfidentialComputingGuestHas
STATIC BOOLEAN EFIAPI ConfidentialComputingGuestHas(IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr)
Definition: DxeMemEncryptSevLibInternal.c:79
MemEncryptSevGetEncryptionMask
UINT64 EFIAPI MemEncryptSevGetEncryptionMask(VOID)
Definition: DxeMemEncryptSevLibInternal.c:157
MemEncryptSevSnpIsEnabled
BOOLEAN EFIAPI MemEncryptSevSnpIsEnabled(VOID)
Definition: DxeMemEncryptSevLibInternal.c:113
MemEncryptSevIsEnabled
BOOLEAN EFIAPI MemEncryptSevIsEnabled(VOID)
Definition: DxeMemEncryptSevLibInternal.c:143
AmdMemEncryptionAttrCheck
STATIC BOOLEAN AmdMemEncryptionAttrCheck(IN UINT64 CurrentAttr, IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr)
Definition: DxeMemEncryptSevLibInternal.c:38
MemEncryptSevEsIsEnabled
BOOLEAN EFIAPI MemEncryptSevEsIsEnabled(VOID)
Definition: DxeMemEncryptSevLibInternal.c:128
STATIC
#define STATIC
Definition: Base.h:264
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
IN
#define IN
Definition: Base.h:279
PcdGet64
#define PcdGet64(TokenName)
Definition: PcdLib.h:375