1 /** @file
2 
3   Define Secure Encrypted Virtualization (SEV) base library helper function
4 
5   Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
6 
7   SPDX-License-Identifier: BSD-2-Clause-Patent
8 
9 **/
10 
11 #ifndef _MEM_ENCRYPT_SEV_LIB_H_
12 #define _MEM_ENCRYPT_SEV_LIB_H_
13 
14 #include <Base.h>
15 
16 //
17 // Define the maximum number of #VCs allowed (e.g. the level of nesting
18 // that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
19 // be sure to increase the size of
20 //   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
21 // in any FDF file using this PCD.
22 //
23 #define VMGEXIT_MAXIMUM_VC_COUNT   2
24 
25 //
26 // Per-CPU data mapping structure
27 //   Use UINT32 for cached indicators and compare to a specific value
28 //   so that the hypervisor can't indicate a value is cached by just
29 //   writing random data to that area.
30 //
31 typedef struct {
32   UINT32  Dr7Cached;
33   UINT64  Dr7;
34 
35   UINTN   VcCount;
36   VOID    *GhcbBackupPages;
37 } SEV_ES_PER_CPU_DATA;
38 
39 //
40 // Internal structure for holding SEV-ES information needed during SEC phase
store_result(MYSQL * mysql,int (* callback)(int,char **,void *),void * closure)41 // and valid only during SEC phase and early PEI during platform
42 // initialization.
43 //
44 // This structure is also used by assembler files:
45 //   OvmfPkg/ResetVector/ResetVector.nasmb
46 //   OvmfPkg/ResetVector/Ia32/PageTables64.asm
47 //   OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
48 // any changes must stay in sync with its usage.
49 //
50 typedef struct _SEC_SEV_ES_WORK_AREA {
51   UINT8    SevEsEnabled;
52   UINT8    Reserved1[7];
53 
54   UINT64   RandomData;
55 
56   UINT64   EncryptionMask;
57 } SEC_SEV_ES_WORK_AREA;
58 
59 //
60 // Memory encryption address range states.
61 //
62 typedef enum {
63   MemEncryptSevAddressRangeUnencrypted,
sdb_mysql_open(char * url)64   MemEncryptSevAddressRangeEncrypted,
65   MemEncryptSevAddressRangeMixed,
66   MemEncryptSevAddressRangeError,
67 } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE;
68 
69 /**
70   Returns a boolean to indicate whether SEV-ES is enabled.
71 
72   @retval TRUE           SEV-ES is enabled
73   @retval FALSE          SEV-ES is not enabled
74 **/
75 BOOLEAN
76 EFIAPI
77 MemEncryptSevEsIsEnabled (
78   VOID
79   );
80 
81 /**
82   Returns a boolean to indicate whether SEV is enabled
83 
84   @retval TRUE           SEV is enabled
85   @retval FALSE          SEV is not enabled
86 **/
87 BOOLEAN
sdb_mysql_close(void * db)88 EFIAPI
89 MemEncryptSevIsEnabled (
90   VOID
91   );
92 
93 /**
94   This function clears memory encryption bit for the memory region specified by
95   BaseAddress and NumPages from the current page table context.
96 
97   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
mysql_driver(void * pdb,char * d,char * q,int (* callback)(int,char **,void *),void * closure)98                                       current CR3)
99   @param[in]  BaseAddress             The physical address that is the start
100                                       address of a memory region.
101   @param[in]  NumPages                The number of pages from start memory
102                                       region.
103   @param[in]  Flush                   Flush the caches before clearing the bit
104                                       (mostly TRUE except MMIO addresses)
105 
106   @retval RETURN_SUCCESS              The attributes were cleared for the
107                                       memory region.
108   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
109   @retval RETURN_UNSUPPORTED          Clearing the memory encryption attribute
110                                       is not supported
111 **/
112 RETURN_STATUS
113 EFIAPI
114 MemEncryptSevClearPageEncMask (
115   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
116   IN PHYSICAL_ADDRESS         BaseAddress,
117   IN UINTN                    NumPages,
118   IN BOOLEAN                  Flush
119   );
120 
121 /**
122   This function sets memory encryption bit for the memory region specified by
123   BaseAddress and NumPages from the current page table context.
124 
125   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
126                                       current CR3)
sdb_init_mysql(void)127   @param[in]  BaseAddress             The physical address that is the start
128                                       address of a memory region.
129   @param[in]  NumPages                The number of pages from start memory
130                                       region.
131   @param[in]  Flush                   Flush the caches before setting the bit
132                                       (mostly TRUE except MMIO addresses)
133 
134   @retval RETURN_SUCCESS              The attributes were set for the memory
135                                       region.
136   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
137   @retval RETURN_UNSUPPORTED          Setting the memory encryption attribute
138                                       is not supported
139 **/
140 RETURN_STATUS
141 EFIAPI
142 MemEncryptSevSetPageEncMask (
143   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
144   IN PHYSICAL_ADDRESS         BaseAddress,
145   IN UINTN                    NumPages,
146   IN BOOLEAN                  Flush
147   );
148 
149 
150 /**
151   Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
152   Save State Map.
153 
154   @param[out] BaseAddress     The base address of the lowest-address page that
155                               covers the initial SMRAM Save State Map.
156 
157   @param[out] NumberOfPages   The number of pages in the page range that covers
158                               the initial SMRAM Save State Map.
159 
160   @retval RETURN_SUCCESS      BaseAddress and NumberOfPages have been set on
161                               output.
162 
163   @retval RETURN_UNSUPPORTED  SMM is unavailable.
164 **/
165 RETURN_STATUS
166 EFIAPI
167 MemEncryptSevLocateInitialSmramSaveStateMapPages (
168   OUT UINTN *BaseAddress,
169   OUT UINTN *NumberOfPages
170   );
171 
172 /**
173   Returns the SEV encryption mask.
174 
175   @return  The SEV pagetable encryption mask
176 **/
177 UINT64
178 EFIAPI
179 MemEncryptSevGetEncryptionMask (
180   VOID
181   );
182 
183 /**
184   Returns the encryption state of the specified virtual address range.
185 
186   @param[in]  Cr3BaseAddress          Cr3 Base Address (if zero then use
187                                       current CR3)
188   @param[in]  BaseAddress             Base address to check
189   @param[in]  Length                  Length of virtual address range
190 
191   @retval MemEncryptSevAddressRangeUnencrypted  Address range is mapped
192                                                 unencrypted
193   @retval MemEncryptSevAddressRangeEncrypted    Address range is mapped
194                                                 encrypted
195   @retval MemEncryptSevAddressRangeMixed        Address range is mapped mixed
196   @retval MemEncryptSevAddressRangeError        Address range is not mapped
197 **/
198 MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE
199 EFIAPI
200 MemEncryptSevGetAddressRangeState (
201   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
202   IN PHYSICAL_ADDRESS         BaseAddress,
203   IN UINTN                    Length
204   );
205 
206 #endif // _MEM_ENCRYPT_SEV_LIB_H_
207