[edk2-devel] [PATCH V2 22/28] UefiCpuPkg: Define ConfidentialComputingGuestAttr (Temp)
Min Xu
min.m.xu at intel.com
Tue Oct 5 03:39:33 UTC 2021
Add a new ConfidentialComputingGuestAttr PCD that can be used to query
the memory encryption attribute. (This is AMD's patch)
Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
---
OvmfPkg/PlatformPei/IntelTdx.c | 8 ++----
OvmfPkg/PlatformPei/PlatformPei.inf | 2 +-
.../Include/ConfidentialComputingGuestAttr.h | 25 +++++++++++++++++++
UefiCpuPkg/UefiCpuPkg.dec | 4 +++
4 files changed, 32 insertions(+), 7 deletions(-)
create mode 100644 UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h
diff --git a/OvmfPkg/PlatformPei/IntelTdx.c b/OvmfPkg/PlatformPei/IntelTdx.c
index 684907179c10..5256740376b8 100644
--- a/OvmfPkg/PlatformPei/IntelTdx.c
+++ b/OvmfPkg/PlatformPei/IntelTdx.c
@@ -20,6 +20,7 @@
#include <Library/QemuFwCfgLib.h>
#include <Library/PeiServicesLib.h>
#include <WorkArea.h>
+#include <ConfidentialComputingGuestAttr.h>
#include "Platform.h"
/**
@@ -263,17 +264,12 @@ IntelTdxInitialize (
{
EFI_HOB_PLATFORM_INFO PlatformInfoHob;
RETURN_STATUS PcdStatus;
- UINT32 ConfidentialComputingCategory;
- CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *CcWorkAreaHeader;
if (!PlatformPeiIsTdxGuest ()) {
return;
}
- CcWorkAreaHeader = (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
- ConfidentialComputingCategory = *((UINT32 *)CcWorkAreaHeader);
-
- PcdStatus = PcdSet32S (PcdConfidentialComputingCategory, ConfidentialComputingCategory);
+ PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrIntelTdx);
ASSERT_RETURN_ERROR (PcdStatus);
PcdStatus = PcdSetBoolS (PcdIa32EferChangeAllowed, FALSE);
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index eec1bb3d9c38..91a35f77a81f 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -118,7 +118,7 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize
gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled
gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed
- gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingCategory
+ gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
[FixedPcd]
gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
diff --git a/UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h b/UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h
new file mode 100644
index 000000000000..495b0df0ac33
--- /dev/null
+++ b/UefiCpuPkg/Include/ConfidentialComputingGuestAttr.h
@@ -0,0 +1,25 @@
+/** @file
+Definitions for Confidential Computing Attribute
+
+Copyright (c) 2021 AMD Inc. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
+#define CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
+
+typedef enum {
+ /* The guest is running with memory encryption disabled. */
+ CCAttrNotEncrypted = 0,
+
+ /* The guest is running with AMD SEV memory encryption enabled. */
+ CCAttrAmdSev = 0x100,
+ CCAttrAmdSevEs = 0x101,
+ CCAttrAmdSevSnp = 0x102,
+
+ /* The guest is running with Intel TDX memory encryption enabled. */
+ CCAttrIntelTdx = 0x200,
+} CONFIDENTIAL_COMPUTING_GUEST_ATTR;
+
+#endif
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 439bfc86a112..f270bbb990f6 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -399,5 +399,9 @@
# @Prompt SEV-ES Status
gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|FALSE|BOOLEAN|0x60000016
+ ## This dynamic PCD indicates the memory encryption attribute of the guest.
+ # @Prompt Memory encryption attribute
+ gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0|UINT64|0x60000017
+
[UserExtensions.TianoCore."ExtraFiles"]
UefiCpuPkgExtra.uni
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81493): https://edk2.groups.io/g/devel/message/81493
Mute This Topic: https://groups.io/mt/86085762/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list