/** @file Secure Encrypted Virtualization (SEV) library helper function Copyright (c) 2020, AMD Incorporated. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include #include #include #include #include #include #include #include /** Read the workarea to determine whether SEV is enabled. If enabled, then return the SevEsWorkArea pointer. **/ STATIC SEC_SEV_ES_WORK_AREA * EFIAPI GetSevEsWorkArea ( VOID ) { OVMF_WORK_AREA *WorkArea; WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); // // If its not SEV guest then SevEsWorkArea is not valid. // if ((WorkArea == NULL) || (WorkArea->Header.GuestType != CcGuestTypeAmdSev)) { return NULL; } return (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAreaBase); } /** Read the SEV Status MSR value from the workarea **/ STATIC UINT32 EFIAPI InternalMemEncryptSevStatus ( VOID ) { SEC_SEV_ES_WORK_AREA *SevEsWorkArea; SevEsWorkArea = GetSevEsWorkArea (); if (SevEsWorkArea == NULL) { return 0; } return (UINT32)(UINTN)SevEsWorkArea->SevStatusMsrValue; } /** Returns a boolean to indicate whether SEV-SNP is enabled. @retval TRUE SEV-SNP is enabled @retval FALSE SEV-SNP is not enabled **/ BOOLEAN EFIAPI MemEncryptSevSnpIsEnabled ( VOID ) { MSR_SEV_STATUS_REGISTER Msr; Msr.Uint32 = InternalMemEncryptSevStatus (); return Msr.Bits.SevSnpBit ? TRUE : FALSE; } /** Returns a boolean to indicate whether SEV-ES is enabled. @retval TRUE SEV-ES is enabled @retval FALSE SEV-ES is not enabled **/ BOOLEAN EFIAPI MemEncryptSevEsIsEnabled ( VOID ) { MSR_SEV_STATUS_REGISTER Msr; Msr.Uint32 = InternalMemEncryptSevStatus (); return Msr.Bits.SevEsBit ? TRUE : FALSE; } /** Returns a boolean to indicate whether SEV is enabled. @retval TRUE SEV is enabled @retval FALSE SEV is not enabled **/ BOOLEAN EFIAPI MemEncryptSevIsEnabled ( VOID ) { MSR_SEV_STATUS_REGISTER Msr; Msr.Uint32 = InternalMemEncryptSevStatus (); return Msr.Bits.SevBit ? TRUE : FALSE; } /** Returns the SEV encryption mask. @return The SEV pagtable encryption mask **/ UINT64 EFIAPI MemEncryptSevGetEncryptionMask ( VOID ) { SEC_SEV_ES_WORK_AREA *SevEsWorkArea; SevEsWorkArea = GetSevEsWorkArea (); if (SevEsWorkArea == NULL) { return 0; } return SevEsWorkArea->EncryptionMask; }