[edk2-devel] [PATCH v9 32/46] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled

Lendacky, Thomas thomas.lendacky at amd.com
Fri Jun 5 13:27:23 UTC 2020 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

The SEV support will clear the C-bit from non-RAM areas.  The early GDT
lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT
will be read as un-encrypted even though it is encrypted. This will result
in a failure to be able to handle the exception.

Move the GDT into RAM so it can be accessed without error when running as
an SEV-ES guest.

Cc: Jordan Justen <jordan.l.justen at intel.com>
Cc: Laszlo Ersek <lersek at redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel at arm.com>
Reviewed-by: Laszlo Ersek <lersek at redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 4fd4534cabea..a2b38c591236 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -39,6 +39,8 @@ AmdSevEsInitialize (
   PHYSICAL_ADDRESS  GhcbBasePa;

   UINTN             GhcbPageCount, PageCount;

   RETURN_STATUS     PcdStatus, DecryptStatus;

+  IA32_DESCRIPTOR   Gdtr;

+  VOID              *Gdt;

 

   if (!MemEncryptSevEsIsEnabled ()) {

     return;

@@ -83,6 +85,22 @@ AmdSevEsInitialize (
     (UINT64)GhcbPageCount, GhcbBase));

 

   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);

+

+  //

+  // The SEV support will clear the C-bit from non-RAM areas.  The early GDT

+  // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT

+  // will be read as un-encrypted even though it was created before the C-bit

+  // was cleared (encrypted). This will result in a failure to be able to

+  // handle the exception.

+  //

+  AsmReadGdtr (&Gdtr);

+

+  Gdt = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN) Gdtr.Limit + 1));

+  ASSERT (Gdt != NULL);

+

+  CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1);

+  Gdtr.Base = (UINTN) Gdt;

+  AsmWriteGdtr (&Gdtr);

 }

 

 /**

-- 
2.27.0


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#60802): https://edk2.groups.io/g/devel/message/60802
Mute This Topic: https://groups.io/mt/74692452/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list