From 28099661893327296e18b8f98a1e7c3e757c7d49 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Tue, 28 May 2024 14:48:40 +1000 Subject: OvmfPkg: Enable AMD SEV-ES DebugVirtualization Write the feature bit into PcdConfidentialComputingGuestAttr and enable DebugVirtualization in PEI, SEC, DXE. Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: Jiewen Yao Cc: Michael Roth Cc: Min Xu Reviewed-by: Tom Lendacky Signed-off-by: Alexey Kardashevskiy --- Changes: v5: * "rb" from Tom v4: * s/DebugSwap/DebugVirtualization/g --- .../BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 6 +++++- .../BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 6 +++++- OvmfPkg/PlatformPei/AmdSev.c | 13 ++++++++++--- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index 7d823ad..f381b92 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -154,5 +154,9 @@ MemEncryptSevEsDebugVirtualizationIsEnabled ( VOID ) { - return FALSE; + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 = InternalMemEncryptSevStatus (); + + return Msr.Bits.DebugVirtualization ? TRUE : FALSE; } diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 33a326a..946bed2 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -154,7 +154,11 @@ MemEncryptSevEsDebugVirtualizationIsEnabled ( VOID ) { - return FALSE; + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 = InternalMemEncryptSevStatus (); + + return Msr.Bits.DebugVirtualization ? TRUE : FALSE; } /** diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 88ca145..8562787 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -434,6 +434,7 @@ AmdSevInitialize ( ) { UINT64 EncryptionMask; + UINT64 CCGuestAttr; RETURN_STATUS PcdStatus; // @@ -517,13 +518,19 @@ AmdSevInitialize ( // technology is active. // if (MemEncryptSevSnpIsEnabled ()) { - PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSevSnp); + CCGuestAttr = CCAttrAmdSevSnp; } else if (MemEncryptSevEsIsEnabled ()) { - PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSevEs); + CCGuestAttr = CCAttrAmdSevEs; } else { - PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrAmdSev); + CCGuestAttr = CCAttrAmdSev; } + if (MemEncryptSevEsDebugVirtualizationIsEnabled ()) { + CCGuestAttr |= CCAttrFeatureAmdSevEsDebugVirtualization; + } + + PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCGuestAttr); + ASSERT_RETURN_ERROR (PcdStatus); } -- cgit v1.1