代码拉取完成,页面将自动刷新
From f5f8d6cc32d3cd4c53b980be1256994376670aa0 Mon Sep 17 00:00:00 2001
From: Xin Jiang <jiangxin@hygon.cn>
Date: Wed, 10 Jan 2024 17:34:57 +0800
Subject: [PATCH 19/20] OvmfPkg/BaseMemEncryptLib: Save memory encrypt status
in reserved memory
The MMIO routine of VC handler will get memory encrypt status to
validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
interrupt while interrupt must be disabled during VC.
During DXE stage, VC routine as below:
CcExitHandleVc->MemEncryptSevGetAddressRangeState->
MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)
Unfortunately, PcdGet64() will enable interrupt in VC context.
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
---
OvmfPkg/AmdSev/AmdSevX64.fdf | 5 ++++-
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 ++++-
.../Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 4 ++++
.../BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 9 ++-------
OvmfPkg/OvmfPkg.dec | 4 ++++
OvmfPkg/OvmfPkgX64.fdf | 5 ++++-
OvmfPkg/PlatformPei/AmdSev.c | 2 ++
OvmfPkg/PlatformPei/Csv.c | 6 ++++++
OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
9 files changed, 32 insertions(+), 10 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index a704cae..86b9bc1 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -80,7 +80,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
0x012000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
-0x013000|0x00D000
+0x013000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+
+0x014000|0x00C000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
0x020000|0x0E0000
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index c3e759f..d31a93d 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -100,7 +100,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
0x011000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
-0x012000|0x00E000
+0x012000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+
+0x013000|0x00D000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
0x100000|0x700000
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index 4d32fae..6f2f69d 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -61,3 +61,7 @@
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
+
+[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
index d80ebe2..a9d4323 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
@@ -22,8 +22,6 @@
STATIC UINT64 mCurrentAttr = 0;
STATIC BOOLEAN mCurrentAttrRead = FALSE;
-STATIC UINT64 mSevEncryptionMask = 0;
-STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
STATIC BOOLEAN mSevLiveMigrationStatus = FALSE;
STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE;
@@ -193,10 +191,7 @@ MemEncryptSevGetEncryptionMask (
VOID
)
{
- if (!mSevEncryptionMaskSaved) {
- mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
- mSevEncryptionMaskSaved = TRUE;
- }
+ UINT64 *MemEncryptStatus = (UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase);
- return mSevEncryptionMask;
+ return *MemEncryptStatus;
}
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 3be7a42..374cab9 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -352,6 +352,10 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|0|UINT32|0x72
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize|0|UINT32|0x73
+ ## the base address of memory encryption status.
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|0|UINT32|0x74
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize|0|UINT32|0x75
+
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 6c8c8cc..9f12926 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -100,7 +100,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
0x011000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
-0x012000|0x00E000
+0x012000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+
+0x013000|0x00D000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
0x020000|0x0E0000
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 553e841..7c4ef89 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -379,6 +379,8 @@ AmdSevInitialize (
PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);
ASSERT_RETURN_ERROR (PcdStatus);
+ *(UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase) = EncryptionMask;
+
DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
//
diff --git a/OvmfPkg/PlatformPei/Csv.c b/OvmfPkg/PlatformPei/Csv.c
index a52112d..fe8c059 100644
--- a/OvmfPkg/PlatformPei/Csv.c
+++ b/OvmfPkg/PlatformPei/Csv.c
@@ -33,6 +33,12 @@ CsvInitializeMemInfo (
UINT64 LowerMemorySize;
UINT64 UpperMemorySize;
+ BuildMemoryAllocationHob (
+ (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusBase),
+ (UINT64)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusSize),
+ EfiReservedMemoryType
+ );
+
if (!CsvIsEnabled ()) {
return ;
}
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 47b0a40..b5fbbd4 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -138,6 +138,8 @@
gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
--
2.41.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手