From: Ashish Kalra <ashish.ka...@amd.com> Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor's guest page encryption state tracking.
Cc: Jordan Justen <jordan.l.jus...@intel.com> Cc: Ard Biesheuvel <ard.biesheu...@arm.com> Signed-off-by: Ashish Kalra <ashish.ka...@amd.com> --- OvmfPkg/PlatformPei/AmdSev.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 385562b44c..cd96fc23bd 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -223,6 +223,17 @@ AmdSevEsInitialize ( PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + // + // The SEC Ghcb setup during reset-vector needs to be marked as + // decrypted in the hypervisor's guest page encryption state + // tracking. + // + SetMemoryEncDecHypercall3 ( + FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES (FixedPcdGet32 (PcdOvmfSecGhcbSize)), + FALSE + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88440): https://edk2.groups.io/g/devel/message/88440 Mute This Topic: https://groups.io/mt/90271239/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
