When OVMF is built with SMM, SMMSaved State area (SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET) contains data which need to be accessed by both guest and hypervisor. Since the data need to be accessed by both hence we must map the SMMSaved State area as unencrypted (i.e C-bit cleared).
Cc: Jordan Justen <jordan.l.jus...@intel.com> Cc: Laszlo Ersek <ler...@redhat.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++++ OvmfPkg/AmdSevDxe/AmdSevDxe.c | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 41635a57a454..162ed98a2fbe 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -29,6 +29,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec [LibraryClasses] BaseLib @@ -41,3 +42,6 @@ [LibraryClasses] [Depex] TRUE + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index e472096320ea..5ec727456526 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -25,6 +25,8 @@ #include <Library/UefiBootServicesTableLib.h> #include <Library/DxeServicesTableLib.h> #include <Library/MemEncryptSevLib.h> +#include <Register/SmramSaveStateMap.h> +#include <Register/QemuSmramSaveStateMap.h> EFI_STATUS EFIAPI @@ -71,5 +73,22 @@ AmdSevDxeEntryPoint ( FreePool (AllDescMap); } + // + // When SMM is enabled, clear the C-bit from SMM Saved State Area + // + if (FeaturePcdGet (PcdSmmSmramRequire)) { + EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress; + + SmmSavedStateAreaAddress = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET; + + Status = MemEncryptSevClearPageEncMask ( + 0, + SmmSavedStateAreaAddress, + EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)), + FALSE + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } -- 2.14.3 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel