On 09/19/19 21:52, Lendacky, Thomas wrote: > From: Tom Lendacky <thomas.lenda...@amd.com> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Create a function that can be used to determine if the VM is running > as an SEV-ES guest. > > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> > --- > OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++ > .../MemEncryptSevLibInternal.c | 77 ++++++++++++------- > 2 files changed, 62 insertions(+), 27 deletions(-) > > diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h > b/OvmfPkg/Include/Library/MemEncryptSevLib.h > index 64dd6977b0f8..a50a0de9c870 100644 > --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h > +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h > @@ -13,6 +13,18 @@ > > #include <Base.h> > > +/** > + Returns a boolean to indicate whether SEV-ES is enabled > + > + @retval TRUE SEV-ES is enabled > + @retval FALSE SEV-ES is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsIsEnabled ( > + VOID > + ); > + > /** > Returns a boolean to indicate whether SEV is enabled > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > index 96a66e373f11..9c1d68e017fe 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c > @@ -20,19 +20,17 @@ > #include <Uefi/UefiBaseType.h> > > STATIC BOOLEAN mSevStatus = FALSE; > +STATIC BOOLEAN mSevEsStatus = FALSE; > STATIC BOOLEAN mSevStatusChecked = FALSE; > > /** > > - Returns a boolean to indicate whether SEV is enabled > - > - @retval TRUE SEV is enabled > - @retval FALSE SEV is not enabled > + Reads and sets the status of SEV features > **/ > STATIC > -BOOLEAN > +VOID > EFIAPI > -InternalMemEncryptSevIsEnabled ( > +InternalMemEncryptSevStatus ( > VOID > ) > { > @@ -56,32 +54,57 @@ InternalMemEncryptSevIsEnabled ( > // > Msr.Uint32 = AsmReadMsr32 (MSR_SEV_STATUS); > if (Msr.Bits.SevBit) { > - return TRUE; > + mSevStatus = TRUE; > + } > + > + if (Eax.Bits.SevEsBit) { > + // > + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) > + // > + if (Msr.Bits.SevEsBit) { > + mSevEsStatus = TRUE; > + } > } > } > } > > - return FALSE; > -} > - > -/** > - Returns a boolean to indicate whether SEV is enabled > - > - @retval TRUE SEV is enabled > - @retval FALSE SEV is not enabled > -**/ > -BOOLEAN > -EFIAPI > -MemEncryptSevIsEnabled ( > - VOID > - ) > -{ > - if (mSevStatusChecked) { > - return mSevStatus; > - } > - > - mSevStatus = InternalMemEncryptSevIsEnabled(); > mSevStatusChecked = TRUE; > +} > + > +/** > + Returns a boolean to indicate whether SEV-ES is enabled > + > + @retval TRUE SEV-ES is enabled > + @retval FALSE SEV-ES is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevEsIsEnabled ( > + VOID > + ) > +{ > + if (!mSevStatusChecked) { > + InternalMemEncryptSevStatus(); > + } > + > + return mSevEsStatus; > +} > + > +/** > + Returns a boolean to indicate whether SEV is enabled > + > + @retval TRUE SEV is enabled > + @retval FALSE SEV is not enabled > +**/ > +BOOLEAN > +EFIAPI > +MemEncryptSevIsEnabled ( > + VOID > + ) > +{ > + if (!mSevStatusChecked) { > + InternalMemEncryptSevStatus(); > + } > > return mSevStatus; > } >
Reviewed-by: Laszlo Ersek <ler...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#47937): https://edk2.groups.io/g/devel/message/47937 Mute This Topic: https://groups.io/mt/34203536/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
