Re: [edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
Acked-by: Jiewen Yao > -Original Message- > From: Dionna Glaze > Sent: Wednesday, November 9, 2022 12:46 AM > To: devel@edk2.groups.io > Cc: Dionna Glaze ; Gerd Hoffmann > ; James Bottomley ; Yao, > Jiewen ; Tom Lendacky > > Subject: [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in > AmdSevDxe > > From: Sophia Wolf > > When a guest OS does not support unaccepted memory, the unaccepted > memory must be accepted before returning a memory map to the caller. > > EfiMemoryAcceptProtocol is defined in MdePkg and is implemented / > Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. > > Cc: Gerd Hoffmann > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > > Reviewed-by: Tom Lendacky > Signed-off-by: Dionna Glaze > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 55 > ++-- > OvmfPkg/AmdSevDxe/AmdSevDxe.inf| 3 ++ > > OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate. > c | 24 +++-- > 3 files changed, 74 insertions(+), 8 deletions(-) > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > index 662d3c4ccb..f7600c3c81 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > @@ -20,6 +20,7 @@ > #include > #include > #include > +#include > > STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION > mSnpBootDxeTable = { >SIGNATURE_32 ('A','M', 'D', 'E'), > @@ -31,6 +32,40 @@ STATIC > CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { >FixedPcdGet32 (PcdOvmfCpuidSize), > }; > > +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL; > + > +#define IS_ALIGNED(x, y) x) & ((y) - 1)) == 0)) > + > +STATIC > +EFI_STATUS > +EFIAPI > +AmdSevMemoryAccept ( > + IN EDKII_MEMORY_ACCEPT_PROTOCOL *This, > + IN EFI_PHYSICAL_ADDRESS StartAddress, > + IN UINTN Size > + ) > +{ > + // > + // The StartAddress must be page-aligned, and the Size must be a > positive > + // multiple of SIZE_4KB. Use an assert instead of returning an erros since > + // this is an EDK2-internal protocol. > + // > + ASSERT (IS_ALIGNED (StartAddress, SIZE_4KB)); > + ASSERT (IS_ALIGNED (Size, SIZE_4KB)); > + ASSERT (Size != 0); > + > + MemEncryptSevSnpPreValidateSystemRam ( > +StartAddress, > +EFI_SIZE_TO_PAGES (Size) > +); > + > + return EFI_SUCCESS; > +} > + > +STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { > + AmdSevMemoryAccept > +}; > + > EFI_STATUS > EFIAPI > AmdSevDxeEntryPoint ( > @@ -147,11 +182,23 @@ AmdSevDxeEntryPoint ( > } >} > > - // > - // If its SEV-SNP active guest then install the > CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. > - // It contains the location for both the Secrets and CPUID page. > - // >if (MemEncryptSevSnpIsEnabled ()) { > +// > +// Memory acceptance began being required in SEV-SNP, so install the > +// memory accept protocol implementation for a SEV-SNP active guest. > +// > +Status = gBS->InstallProtocolInterface ( > +, > +, > +EFI_NATIVE_INTERFACE, > + > +); > +ASSERT_EFI_ERROR (Status); > + > +// > +// If its SEV-SNP active guest then install the > CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. > +// It contains the location for both the Secrets and CPUID page. > +// > return gBS->InstallConfigurationTable ( >, > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > index 9acf860cf2..cd1b686c53 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > @@ -47,6 +47,9 @@ >gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase >gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize > > +[Protocols] > + gEdkiiMemoryAcceptProtocolGuid > + > [Guids] >gConfidentialComputingSevSnpBlobGuid > > diff --git > a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidat > e.c > b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida > te.c > index d3a95e4913..cbcdd46f52 100644 > --- > a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidat > e.c > +++ > b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida > te.c > @@ -14,6 +14,7 @@ > #include > > #include "SnpPageStateChange.h" > +#include "VirtualMemory.h" > > /** >Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. > @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam ( >IN UINTN NumPages >) > { > + EFI_STATUS Status; > + >if (!MemEncryptSevSnpIsEnabled ()) { > return; >} > > - // > - // All the pre-validation must be completed in the PEI phase. > - // > - ASSERT (FALSE); > + // DXE pre-validation may happen with the memory accept protocol. > + // The protocol should only be called outside the
[edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
From: Sophia Wolf When a guest OS does not support unaccepted memory, the unaccepted memory must be accepted before returning a memory map to the caller. EfiMemoryAcceptProtocol is defined in MdePkg and is implemented / Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Reviewed-by: Tom Lendacky Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 55 ++-- OvmfPkg/AmdSevDxe/AmdSevDxe.inf| 3 ++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 +++-- 3 files changed, 74 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 662d3c4ccb..f7600c3c81 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -20,6 +20,7 @@ #include #include #include +#include STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { SIGNATURE_32 ('A','M', 'D', 'E'), @@ -31,6 +32,40 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { FixedPcdGet32 (PcdOvmfCpuidSize), }; +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL; + +#define IS_ALIGNED(x, y) x) & ((y) - 1)) == 0)) + +STATIC +EFI_STATUS +EFIAPI +AmdSevMemoryAccept ( + IN EDKII_MEMORY_ACCEPT_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS StartAddress, + IN UINTN Size + ) +{ + // + // The StartAddress must be page-aligned, and the Size must be a positive + // multiple of SIZE_4KB. Use an assert instead of returning an erros since + // this is an EDK2-internal protocol. + // + ASSERT (IS_ALIGNED (StartAddress, SIZE_4KB)); + ASSERT (IS_ALIGNED (Size, SIZE_4KB)); + ASSERT (Size != 0); + + MemEncryptSevSnpPreValidateSystemRam ( +StartAddress, +EFI_SIZE_TO_PAGES (Size) +); + + return EFI_SUCCESS; +} + +STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { + AmdSevMemoryAccept +}; + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -147,11 +182,23 @@ AmdSevDxeEntryPoint ( } } - // - // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. - // It contains the location for both the Secrets and CPUID page. - // if (MemEncryptSevSnpIsEnabled ()) { +// +// Memory acceptance began being required in SEV-SNP, so install the +// memory accept protocol implementation for a SEV-SNP active guest. +// +Status = gBS->InstallProtocolInterface ( +, +, +EFI_NATIVE_INTERFACE, + +); +ASSERT_EFI_ERROR (Status); + +// +// If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. +// It contains the location for both the Secrets and CPUID page. +// return gBS->InstallConfigurationTable ( , diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 9acf860cf2..cd1b686c53 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -47,6 +47,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize +[Protocols] + gEdkiiMemoryAcceptProtocolGuid + [Guids] gConfidentialComputingSevSnpBlobGuid diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c index d3a95e4913..cbcdd46f52 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -14,6 +14,7 @@ #include #include "SnpPageStateChange.h" +#include "VirtualMemory.h" /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + EFI_STATUS Status; + if (!MemEncryptSevSnpIsEnabled ()) { return; } - // - // All the pre-validation must be completed in the PEI phase. - // - ASSERT (FALSE); + // DXE pre-validation may happen with the memory accept protocol. + // The protocol should only be called outside the prevalidated ranges + // that the PEI stage code explicitly skips. Specifically, only memory + // ranges that are classified as unaccepted. + if (BaseAddress >= SIZE_4GB) { +Status = InternalMemEncryptSevCreateIdentityMap1G ( + 0, + BaseAddress, + EFI_PAGES_TO_SIZE (NumPages) + ); +if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); +} + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); } -- 2.38.1.431.g37b22c650d-goog -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group.
Re: [edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
On 9/22/22 15:50, Dionna Glaze wrote: From: Sophia Wolf When a guest OS does not support unaccepted memory, the unaccepted memory must be accepted before returning a memory map to the caller. EfiMemoryAcceptProtocol is defined in MdePkg and is implementated / Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Sophia Wolf --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++ OvmfPkg/Include/Library/MemEncryptSevLib.h| 14 .../Ia32/MemEncryptSevLib.c | 17 + .../X64/DxeSnpSystemRamValidate.c | 35 +++ .../X64/PeiSnpSystemRamValidate.c | 17 + .../X64/SecSnpSystemRamValidate.c | 18 ++ 7 files changed, 131 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 662d3c4ccb..74b82a5814 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -20,6 +20,7 @@ #include #include #include +#include STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { SIGNATURE_32 ('A','M', 'D', 'E'), @@ -31,6 +32,25 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { FixedPcdGet32 (PcdOvmfCpuidSize), }; +EFI_HANDLE mAmdSevDxeHandle = NULL; Add STATIC this variable and the function below. + +EFI_STATUS +EFIAPI +AmdSevMemoryAccept ( + IN EFI_MEMORY_ACCEPT_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS StartAddress, + IN UINTN Size +) +{ + MemEncryptSnpAcceptPages (StartAddress, Size / SIZE_4KB); Can't this instead just call MemEncryptSevSnpPreValidateSystemRam()? All phases have this function, so it would just be changing the version that is currently in OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c Also, this needs to follow the coding standards and should be: MemEncryptSevSnpPreValidateSystemRam ( StartAddress, EFI_SIZE_TO_PAGES (Size) ); + + return EFI_SUCCESS; +} + +EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { STATIC + AmdSevMemoryAccept +}; + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -147,6 +167,13 @@ AmdSevDxeEntryPoint ( } } + Status = gBS->InstallProtocolInterface (, + , EFI_NATIVE_INTERFACE, + ); Status = gBS->InstallProtocolInterface ( , , EFI_NATIVE_INTERFACE, ); (You'll need to this in all places in order to pass CI) + if (EFI_ERROR (Status)) { +DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 9acf860cf2..5abc32 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -47,6 +47,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize +[Protocols] + gEfiMemoryAcceptProtocolGuid + [Guids] gConfidentialComputingSevSnpBlobGuid diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index 4fa9c0d700..05ec10471d 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -228,4 +228,18 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ); +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPagesNumber of pages starting from the base address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ); + This becomes unnecessary if you use MemEncryptSevSnpPreValidateSystemRam() instead, since this will only be called during DXE, right? Thanks, Tom #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index f92299fc77..f0747d792e 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -153,3 +153,20 @@ MemEncryptSevSnpPreValidateSystemRam ( { ASSERT (FALSE); } + +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPagesNumber of pages starting from the base address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS
[edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
From: Sophia Wolf When a guest OS does not support unaccepted memory, the unaccepted memory must be accepted before returning a memory map to the caller. EfiMemoryAcceptProtocol is defined in MdePkg and is implementated / Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Sophia Wolf --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++ OvmfPkg/Include/Library/MemEncryptSevLib.h| 14 .../Ia32/MemEncryptSevLib.c | 17 + .../X64/DxeSnpSystemRamValidate.c | 35 +++ .../X64/PeiSnpSystemRamValidate.c | 17 + .../X64/SecSnpSystemRamValidate.c | 18 ++ 7 files changed, 131 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 662d3c4ccb..74b82a5814 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -20,6 +20,7 @@ #include #include #include +#include STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { SIGNATURE_32 ('A','M', 'D', 'E'), @@ -31,6 +32,25 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { FixedPcdGet32 (PcdOvmfCpuidSize), }; +EFI_HANDLE mAmdSevDxeHandle = NULL; + +EFI_STATUS +EFIAPI +AmdSevMemoryAccept ( + IN EFI_MEMORY_ACCEPT_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS StartAddress, + IN UINTN Size +) +{ + MemEncryptSnpAcceptPages (StartAddress, Size / SIZE_4KB); + + return EFI_SUCCESS; +} + +EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { + AmdSevMemoryAccept +}; + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -147,6 +167,13 @@ AmdSevDxeEntryPoint ( } } + Status = gBS->InstallProtocolInterface (, + , EFI_NATIVE_INTERFACE, + ); + if (EFI_ERROR (Status)) { +DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 9acf860cf2..5abc32 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -47,6 +47,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize +[Protocols] + gEfiMemoryAcceptProtocolGuid + [Guids] gConfidentialComputingSevSnpBlobGuid diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index 4fa9c0d700..05ec10471d 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -228,4 +228,18 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ); +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPagesNumber of pages starting from the base address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index f92299fc77..f0747d792e 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -153,3 +153,20 @@ MemEncryptSevSnpPreValidateSystemRam ( { ASSERT (FALSE); } + +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPagesNumber of pages starting from the base address + +**/ +VOID +EFIAPI +MemEncryptSnpAcceptPages ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c index d3a95e4913..7693e0ca66 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -14,6 +14,7 @@ #include #include "SnpPageStateChange.h" +#include "VirtualMemory.h" /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. @@ -38,3 +39,37 @@ MemEncryptSevSnpPreValidateSystemRam ( // ASSERT (FALSE); } + +/** + Accept pages system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPagesNumber of pages starting from the base address + +**/ +VOID +EFIAPI