TianoCore EDK2 master
Loading...
Searching...
No Matches
Functions
AmdSev.c File Reference
#include <Library/BaseLib.h>
#include <Library/CpuLib.h>
#include <Library/CpuPageTableLib.h>
#include <Library/DebugLib.h>
#include <Library/LocalApicLib.h>
#include <Library/MemEncryptSevLib.h>
#include <Library/BaseMemoryLib.h>
#include <Register/Amd/Ghcb.h>
#include <Register/Amd/Msr.h>
#include "AmdSev.h"

Go to the source code of this file.

Functions

VOID SevEsProtocolFailure (IN UINT8 ReasonCode)
 
BOOLEAN SevSnpIsEnabled (VOID)
 
STATIC VOID SevSnpGhcbRegister (EFI_PHYSICAL_ADDRESS Address)
 
STATIC BOOLEAN HypervisorSnpFeatureCheck (VOID)
 
VOID SevEsProtocolCheck (VOID)
 
BOOLEAN IsSevGuest (VOID)
 
BOOLEAN SevEsIsEnabled (VOID)
 
VOID SecValidateSystemRam (VOID)
 
VOID SecMapApicBaseUnencrypted (VOID)
 

Detailed Description

File defines the Sec routines for the AMD SEV

Copyright (c) 2021, Advanced Micro Devices, Inc. All rights reserved.

SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file AmdSev.c.

Function Documentation

◆ HypervisorSnpFeatureCheck()

STATIC BOOLEAN HypervisorSnpFeatureCheck ( VOID  )

Verify that Hypervisor supports the SNP feature.

Definition at line 122 of file AmdSev.c.

◆ IsSevGuest()

BOOLEAN IsSevGuest ( VOID  )

Determine if the SEV is active.

During the early booting, GuestType is set in the work area. Verify that it is an SEV guest.

Return values
TRUESEV is enabled
FALSESEV is not enabled

Definition at line 240 of file AmdSev.c.

◆ SecMapApicBaseUnencrypted()

VOID SecMapApicBaseUnencrypted ( VOID  )

Map known MMIO regions unencrypted if SEV-ES is active.

During early booting, page table entries default to having the encryption bit set for SEV-ES/SEV-SNP guests. In cases where there is MMIO to an address, the encryption bit should be cleared. Clear it here for any known MMIO accesses during SEC, which is currently just the APIC base address.

Definition at line 318 of file AmdSev.c.

◆ SecValidateSystemRam()

VOID SecValidateSystemRam ( VOID  )

Validate System RAM used for decompressing the PEI and DXE firmware volumes when SEV-SNP is active. The PCDs SecValidatedStart and SecValidatedEnd are set in OvmfPkg/Include/Fdf/FvmainCompactScratchEnd.fdf.inc.

Definition at line 294 of file AmdSev.c.

◆ SevEsIsEnabled()

BOOLEAN SevEsIsEnabled ( VOID  )

Determine if SEV-ES is active.

During early booting, SEV-ES support code will set a flag to indicate that SEV-ES is enabled. Return the value of this flag as an indicator that SEV-ES is enabled.

Return values
TRUESEV-ES is enabled
FALSESEV-ES is not enabled

Definition at line 272 of file AmdSev.c.

◆ SevEsProtocolCheck()

VOID SevEsProtocolCheck ( VOID  )

Validate the SEV-ES/GHCB protocol level.

Verify that the level of SEV-ES/GHCB protocol supported by the hypervisor and the guest intersect. If they don't intersect, request termination.

Definition at line 159 of file AmdSev.c.

◆ SevEsProtocolFailure()

VOID SevEsProtocolFailure ( IN UINT8  ReasonCode)

Handle an SEV-ES/GHCB protocol check failure.

Notify the hypervisor using the VMGEXIT instruction that the SEV-ES guest wishes to be terminated.

Parameters
[in]ReasonCodeReason code to provide to the hypervisor for the termination request.

Definition at line 33 of file AmdSev.c.

◆ SevSnpGhcbRegister()

STATIC VOID SevSnpGhcbRegister ( EFI_PHYSICAL_ADDRESS  Address)

Register the GHCB GPA

Definition at line 89 of file AmdSev.c.

◆ SevSnpIsEnabled()

BOOLEAN SevSnpIsEnabled ( VOID  )

Determine if SEV-SNP is active.

Return values
TRUESEV-SNP is enabled
FALSESEV-SNP is not enabled

Definition at line 62 of file AmdSev.c.