BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
When SEV-ES is enabled, then SEV is also enabled. Add support to the SEV initialization function to also check for SEV-ES being enabled, and if enabled, set the SEV-ES enabled PCD (PcdSevEsIsEnabled). Cc: Jordan Justen <jordan.l.jus...@intel.com> Cc: Laszlo Ersek <ler...@redhat.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Reviewed-by: Laszlo Ersek <ler...@redhat.com> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 26 ++++++++++++++++++++++++++ 5 files changed, 36 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 65d87d4482eb..95423942101f 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -586,6 +586,9 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set SEV-ES defaults + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + !if $(SMM_REQUIRE) == TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 683f8c578741..37bbf2073494 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -597,6 +597,9 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set SEV-ES defaults + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + !if $(SMM_REQUIRE) == TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 802caea63a8c..5248e6fd92a8 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -596,6 +596,9 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set SEV-ES defaults + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + !if $(SMM_REQUIRE) == TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index 19f2424981bc..c90b5f7ae200 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -101,6 +101,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e484f4b311fe..4dc5340caa7a 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -21,6 +21,27 @@ #include "Platform.h" +/** + + Initialize SEV-ES support if running as an SEV-ES guest. + + **/ +STATIC +VOID +AmdSevEsInitialize ( + VOID + ) +{ + RETURN_STATUS PcdStatus; + + if (!MemEncryptSevEsIsEnabled ()) { + return; + } + + PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); +} + /** Function checks if SEV support is available, if present then it sets @@ -103,4 +124,9 @@ AmdSevInitialize ( ); } } + + // + // Check and perform SEV-ES initialization if required. + // + AmdSevEsInitialize (); } -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57858): https://edk2.groups.io/g/devel/message/57858 Mute This Topic: https://groups.io/mt/73201928/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-