[edk2-devel] [PATCH v2 3/3] OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encryption bitmap.

Lendacky, Thomas thomas.lendacky at amd.com
Thu Dec 3 22:55:13 UTC 2020 

On 12/3/20 4:27 PM, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra at amd.com>
> 
> Mark the SEC GHCB page that is mapped as unencrypted in
> ResetVector code in the hypervisor page encryption bitmap.
> 
> Cc: Jordan Justen <jordan.l.justen at intel.com>
> Cc: Laszlo Ersek <lersek at redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel at arm.com>
> 
> Signed-off-by: Ashish Kalra <ashish.kalra at amd.com>
> ---
>   OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
>   1 file changed, 10 insertions(+)
> 
> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
> index 4a515a4847..456d32be84 100644
> --- a/OvmfPkg/PlatformPei/AmdSev.c
> +++ b/OvmfPkg/PlatformPei/AmdSev.c
> @@ -15,6 +15,7 @@
>   #include <Library/HobLib.h>
>   #include <Library/MemEncryptSevLib.h>
>   #include <Library/MemoryAllocationLib.h>
> +#include <Library/MemEncryptHypercallLib.h>
>   #include <Library/PcdLib.h>
>   #include <PiPei.h>
>   #include <Register/Amd/Cpuid.h>
> @@ -77,6 +78,15 @@ AmdSevEsInitialize (
>   
>     ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount));
>   
> +  //
> +  // GHCB_BASE setup during reset-vector needs to be marked as
> +  // decrypted in the hypervisor page encryption bitmap.
> +  //
> +  SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
> +    EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
> +    FALSE
> +    );
> +

This seems like an odd place to add this. Why not near the top of the 
function just after setting the PcdSevEsIsEnabled PCD, rather than in the 
middle of setting up the new GHCB pages.

Thanks,
Tom

>     PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa);
>     ASSERT_RETURN_ERROR (PcdStatus);
>     PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount));
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68290): https://edk2.groups.io/g/devel/message/68290
Mute This Topic: https://groups.io/mt/78697488/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list