a8

分支 (13)

标签 (15)

管理

管理

a8

a23

a23.1

a23.0

a8.8

a8.9

a8-sw

a8-poc

a8.5

master

a8.2

a8.4

a8-LoongArch

edk2-20220126gitbb1bba3d77-13.0.1.an8.4

edk2-20220126gitbb1bba3d77-13.0.1.an8.3

edk2-202402-5.an23

edk2-20220126gitbb1bba3d77-13.0.1.an8.2

edk2-202402-4.an23

edk2-20220126gitbb1bba3d77-13.0.1.an8

edk2-202402-3.an23

edk2-202402-2.an23

edk2-202402-1.an23

edk2-20220126gitbb1bba3d77-6.0.2.an8

edk2-20220126gitbb1bba3d77-5.an8

edk2-202302-6.an23

v8.8

edk2-20220126gitbb1bba3d77-4

edk2-20220126gitbb1bba3d77-3

edk2
/
0043-OvmfPkg-PlatformPei-Mark-SEC-GHC...

From 4f2273d02335039e85d8b47b1e43715e3db86c33 Mon Sep 17 00:00:00 2001
From: Ashish Kalra <ashish.kalra@amd.com>
Date: Thu, 19 Aug 2021 13:09:07 +0000
Subject: [PATCH 43/46] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted
 via hypercall

Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor's guest page encryption
state tracking.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Change-Id: Iedcde6367e12106e44e0cb1cc07a4ed386f67c19
---
 OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610..1d38056 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -52,6 +52,17 @@ AmdSevEsInitialize (
   PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
   ASSERT_RETURN_ERROR (PcdStatus);

+  //
+  // The SEC Ghcb setup during reset-vector needs to be marked as
+  // decrypted in the hypervisor's guest page encryption state
+  // tracking.
+  //
+  SetMemoryEncDecHypercall3 (
+    FixedPcdGet32 (PcdOvmfSecGhcbBase),
+    EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
+    FALSE
+    );
+
   //
   // Allocate GHCB and per-CPU variable pages.
   //   Since the pages must survive across the UEFI to OS transition
--
2.17.1