Re: [edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
Acked-by: Jiewen Yao
> -Original Message-
> From: Dionna Glaze
> Sent: Wednesday, November 9, 2022 12:46 AM
> To: devel@edk2.groups.io
> Cc: Dionna Glaze ; Gerd Hoffmann
> ; James Bottomley ; Yao,
> Jiewen ; Tom Lendacky
>
> Subject: [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in
> AmdSevDxe
>
> From: Sophia Wolf
>
> When a guest OS does not support unaccepted memory, the unaccepted
> memory must be accepted before returning a memory map to the caller.
>
> EfiMemoryAcceptProtocol is defined in MdePkg and is implemented /
> Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
>
> Cc: Gerd Hoffmann
> Cc: James Bottomley
> Cc: Jiewen Yao
> Cc: Tom Lendacky
>
> Reviewed-by: Tom Lendacky
> Signed-off-by: Dionna Glaze
> ---
> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 55
> ++--
> OvmfPkg/AmdSevDxe/AmdSevDxe.inf| 3 ++
>
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.
> c | 24 +++--
> 3 files changed, 74 insertions(+), 8 deletions(-)
>
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> index 662d3c4ccb..f7600c3c81 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> @@ -20,6 +20,7 @@
> #include
> #include
> #include
> +#include
>
> STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION
> mSnpBootDxeTable = {
>SIGNATURE_32 ('A','M', 'D', 'E'),
> @@ -31,6 +32,40 @@ STATIC
> CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
>FixedPcdGet32 (PcdOvmfCpuidSize),
> };
>
> +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL;
> +
> +#define IS_ALIGNED(x, y) x) & ((y) - 1)) == 0))
> +
> +STATIC
> +EFI_STATUS
> +EFIAPI
> +AmdSevMemoryAccept (
> + IN EDKII_MEMORY_ACCEPT_PROTOCOL *This,
> + IN EFI_PHYSICAL_ADDRESS StartAddress,
> + IN UINTN Size
> + )
> +{
> + //
> + // The StartAddress must be page-aligned, and the Size must be a
> positive
> + // multiple of SIZE_4KB. Use an assert instead of returning an erros since
> + // this is an EDK2-internal protocol.
> + //
> + ASSERT (IS_ALIGNED (StartAddress, SIZE_4KB));
> + ASSERT (IS_ALIGNED (Size, SIZE_4KB));
> + ASSERT (Size != 0);
> +
> + MemEncryptSevSnpPreValidateSystemRam (
> +StartAddress,
> +EFI_SIZE_TO_PAGES (Size)
> +);
> +
> + return EFI_SUCCESS;
> +}
> +
> +STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
> + AmdSevMemoryAccept
> +};
> +
> EFI_STATUS
> EFIAPI
> AmdSevDxeEntryPoint (
> @@ -147,11 +182,23 @@ AmdSevDxeEntryPoint (
> }
>}
>
> - //
> - // If its SEV-SNP active guest then install the
> CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
> - // It contains the location for both the Secrets and CPUID page.
> - //
>if (MemEncryptSevSnpIsEnabled ()) {
> +//
> +// Memory acceptance began being required in SEV-SNP, so install the
> +// memory accept protocol implementation for a SEV-SNP active guest.
> +//
> +Status = gBS->InstallProtocolInterface (
> +,
> +,
> +EFI_NATIVE_INTERFACE,
> +
> +);
> +ASSERT_EFI_ERROR (Status);
> +
> +//
> +// If its SEV-SNP active guest then install the
> CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
> +// It contains the location for both the Secrets and CPUID page.
> +//
> return gBS->InstallConfigurationTable (
>,
>
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> index 9acf860cf2..cd1b686c53 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> @@ -47,6 +47,9 @@
>gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
>gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
>
> +[Protocols]
> + gEdkiiMemoryAcceptProtocolGuid
> +
> [Guids]
>gConfidentialComputingSevSnpBlobGuid
>
> diff --git
> a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidat
> e.c
> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida
> te.c
> index d3a95e4913..cbcdd46f52 100644
> ---
> a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidat
> e.c
> +++
> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida
> te.c
> @@ -14,6 +14,7 @@
> #include
>
> #include "SnpPageStateChange.h"
> +#include "VirtualMemory.h"
>
> /**
>Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
> @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam (
>IN UINTN NumPages
>)
> {
> + EFI_STATUS Status;
> +
>if (!MemEncryptSevSnpIsEnabled ()) {
> return;
>}
>
> - //
> - // All the pre-validation must be completed in the PEI phase.
> - //
> - ASSERT (FALSE);
> + // DXE pre-validation may happen with the memory accept protocol.
> + // The protocol should only be called outside the
[edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
From: Sophia Wolf
When a guest OS does not support unaccepted memory, the unaccepted
memory must be accepted before returning a memory map to the caller.
EfiMemoryAcceptProtocol is defined in MdePkg and is implemented /
Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Reviewed-by: Tom Lendacky
Signed-off-by: Dionna Glaze
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 55
++--
OvmfPkg/AmdSevDxe/AmdSevDxe.inf| 3 ++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24
+++--
3 files changed, 74 insertions(+), 8 deletions(-)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 662d3c4ccb..f7600c3c81 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -20,6 +20,7 @@
#include
#include
#include
+#include
STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
SIGNATURE_32 ('A','M', 'D', 'E'),
@@ -31,6 +32,40 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION
mSnpBootDxeTable = {
FixedPcdGet32 (PcdOvmfCpuidSize),
};
+STATIC EFI_HANDLE mAmdSevDxeHandle = NULL;
+
+#define IS_ALIGNED(x, y) x) & ((y) - 1)) == 0))
+
+STATIC
+EFI_STATUS
+EFIAPI
+AmdSevMemoryAccept (
+ IN EDKII_MEMORY_ACCEPT_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS StartAddress,
+ IN UINTN Size
+ )
+{
+ //
+ // The StartAddress must be page-aligned, and the Size must be a positive
+ // multiple of SIZE_4KB. Use an assert instead of returning an erros since
+ // this is an EDK2-internal protocol.
+ //
+ ASSERT (IS_ALIGNED (StartAddress, SIZE_4KB));
+ ASSERT (IS_ALIGNED (Size, SIZE_4KB));
+ ASSERT (Size != 0);
+
+ MemEncryptSevSnpPreValidateSystemRam (
+StartAddress,
+EFI_SIZE_TO_PAGES (Size)
+);
+
+ return EFI_SUCCESS;
+}
+
+STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
+ AmdSevMemoryAccept
+};
+
EFI_STATUS
EFIAPI
AmdSevDxeEntryPoint (
@@ -147,11 +182,23 @@ AmdSevDxeEntryPoint (
}
}
- //
- // If its SEV-SNP active guest then install the
CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
- // It contains the location for both the Secrets and CPUID page.
- //
if (MemEncryptSevSnpIsEnabled ()) {
+//
+// Memory acceptance began being required in SEV-SNP, so install the
+// memory accept protocol implementation for a SEV-SNP active guest.
+//
+Status = gBS->InstallProtocolInterface (
+,
+,
+EFI_NATIVE_INTERFACE,
+
+);
+ASSERT_EFI_ERROR (Status);
+
+//
+// If its SEV-SNP active guest then install the
CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
+// It contains the location for both the Secrets and CPUID page.
+//
return gBS->InstallConfigurationTable (
,
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index 9acf860cf2..cd1b686c53 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -47,6 +47,9 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+[Protocols]
+ gEdkiiMemoryAcceptProtocolGuid
+
[Guids]
gConfidentialComputingSevSnpBlobGuid
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
index d3a95e4913..cbcdd46f52 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
@@ -14,6 +14,7 @@
#include
#include "SnpPageStateChange.h"
+#include "VirtualMemory.h"
/**
Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam (
IN UINTN NumPages
)
{
+ EFI_STATUS Status;
+
if (!MemEncryptSevSnpIsEnabled ()) {
return;
}
- //
- // All the pre-validation must be completed in the PEI phase.
- //
- ASSERT (FALSE);
+ // DXE pre-validation may happen with the memory accept protocol.
+ // The protocol should only be called outside the prevalidated ranges
+ // that the PEI stage code explicitly skips. Specifically, only memory
+ // ranges that are classified as unaccepted.
+ if (BaseAddress >= SIZE_4GB) {
+Status = InternalMemEncryptSevCreateIdentityMap1G (
+ 0,
+ BaseAddress,
+ EFI_PAGES_TO_SIZE (NumPages)
+ );
+if (EFI_ERROR (Status)) {
+ ASSERT (FALSE);
+ CpuDeadLoop ();
+}
+ }
+
+ InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
}
--
2.38.1.431.g37b22c650d-goog
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
Re: [edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
On 9/22/22 15:50, Dionna Glaze wrote:
From: Sophia Wolf
When a guest OS does not support unaccepted memory, the unaccepted
memory must be accepted before returning a memory map to the caller.
EfiMemoryAcceptProtocol is defined in MdePkg and is implementated /
Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Signed-off-by: Sophia Wolf
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++
OvmfPkg/Include/Library/MemEncryptSevLib.h| 14
.../Ia32/MemEncryptSevLib.c | 17 +
.../X64/DxeSnpSystemRamValidate.c | 35 +++
.../X64/PeiSnpSystemRamValidate.c | 17 +
.../X64/SecSnpSystemRamValidate.c | 18 ++
7 files changed, 131 insertions(+)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 662d3c4ccb..74b82a5814 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -20,6 +20,7 @@
#include
#include
#include
+#include
STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
SIGNATURE_32 ('A','M', 'D', 'E'),
@@ -31,6 +32,25 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION
mSnpBootDxeTable = {
FixedPcdGet32 (PcdOvmfCpuidSize),
};
+EFI_HANDLE mAmdSevDxeHandle = NULL;
Add STATIC this variable and the function below.
+
+EFI_STATUS
+EFIAPI
+AmdSevMemoryAccept (
+ IN EFI_MEMORY_ACCEPT_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS StartAddress,
+ IN UINTN Size
+)
+{
+ MemEncryptSnpAcceptPages (StartAddress, Size / SIZE_4KB);
Can't this instead just call MemEncryptSevSnpPreValidateSystemRam()? All
phases have this function, so it would just be changing the version that
is currently in
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
Also, this needs to follow the coding standards and should be:
MemEncryptSevSnpPreValidateSystemRam (
StartAddress,
EFI_SIZE_TO_PAGES (Size)
);
+
+ return EFI_SUCCESS;
+}
+
+EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
STATIC
+ AmdSevMemoryAccept
+};
+
EFI_STATUS
EFIAPI
AmdSevDxeEntryPoint (
@@ -147,6 +167,13 @@ AmdSevDxeEntryPoint (
}
}
+ Status = gBS->InstallProtocolInterface (,
+ , EFI_NATIVE_INTERFACE,
+ );
Status = gBS->InstallProtocolInterface (
,
,
EFI_NATIVE_INTERFACE,
);
(You'll need to this in all places in order to pass CI)
+ if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n"));
+ }
+
//
// If its SEV-SNP active guest then install the
CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
// It contains the location for both the Secrets and CPUID page.
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index 9acf860cf2..5abc32 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -47,6 +47,9 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+[Protocols]
+ gEfiMemoryAcceptProtocolGuid
+
[Guids]
gConfidentialComputingSevSnpBlobGuid
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index 4fa9c0d700..05ec10471d 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -228,4 +228,18 @@ MemEncryptSevSnpPreValidateSystemRam (
IN UINTN NumPages
);
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPagesNumber of pages starting from the base
address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ );
+
This becomes unnecessary if you use MemEncryptSevSnpPreValidateSystemRam()
instead, since this will only be called during DXE, right?
Thanks,
Tom
#endif // _MEM_ENCRYPT_SEV_LIB_H_
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
index f92299fc77..f0747d792e 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
@@ -153,3 +153,20 @@ MemEncryptSevSnpPreValidateSystemRam (
{
ASSERT (FALSE);
}
+
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPagesNumber of pages starting from the base
address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS
[edk2-devel] [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
From: Sophia Wolf
When a guest OS does not support unaccepted memory, the unaccepted
memory must be accepted before returning a memory map to the caller.
EfiMemoryAcceptProtocol is defined in MdePkg and is implementated /
Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Signed-off-by: Sophia Wolf
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++
OvmfPkg/Include/Library/MemEncryptSevLib.h| 14
.../Ia32/MemEncryptSevLib.c | 17 +
.../X64/DxeSnpSystemRamValidate.c | 35 +++
.../X64/PeiSnpSystemRamValidate.c | 17 +
.../X64/SecSnpSystemRamValidate.c | 18 ++
7 files changed, 131 insertions(+)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 662d3c4ccb..74b82a5814 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -20,6 +20,7 @@
#include
#include
#include
+#include
STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
SIGNATURE_32 ('A','M', 'D', 'E'),
@@ -31,6 +32,25 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION
mSnpBootDxeTable = {
FixedPcdGet32 (PcdOvmfCpuidSize),
};
+EFI_HANDLE mAmdSevDxeHandle = NULL;
+
+EFI_STATUS
+EFIAPI
+AmdSevMemoryAccept (
+ IN EFI_MEMORY_ACCEPT_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS StartAddress,
+ IN UINTN Size
+)
+{
+ MemEncryptSnpAcceptPages (StartAddress, Size / SIZE_4KB);
+
+ return EFI_SUCCESS;
+}
+
+EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
+ AmdSevMemoryAccept
+};
+
EFI_STATUS
EFIAPI
AmdSevDxeEntryPoint (
@@ -147,6 +167,13 @@ AmdSevDxeEntryPoint (
}
}
+ Status = gBS->InstallProtocolInterface (,
+ , EFI_NATIVE_INTERFACE,
+ );
+ if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n"));
+ }
+
//
// If its SEV-SNP active guest then install the
CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
// It contains the location for both the Secrets and CPUID page.
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index 9acf860cf2..5abc32 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -47,6 +47,9 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+[Protocols]
+ gEfiMemoryAcceptProtocolGuid
+
[Guids]
gConfidentialComputingSevSnpBlobGuid
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h
b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index 4fa9c0d700..05ec10471d 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -228,4 +228,18 @@ MemEncryptSevSnpPreValidateSystemRam (
IN UINTN NumPages
);
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPagesNumber of pages starting from the base
address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ );
+
#endif // _MEM_ENCRYPT_SEV_LIB_H_
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
index f92299fc77..f0747d792e 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
@@ -153,3 +153,20 @@ MemEncryptSevSnpPreValidateSystemRam (
{
ASSERT (FALSE);
}
+
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPagesNumber of pages starting from the base
address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ )
+{
+ ASSERT (FALSE);
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
index d3a95e4913..7693e0ca66 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
@@ -14,6 +14,7 @@
#include
#include "SnpPageStateChange.h"
+#include "VirtualMemory.h"
/**
Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@@ -38,3 +39,37 @@ MemEncryptSevSnpPreValidateSystemRam (
//
ASSERT (FALSE);
}
+
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPagesNumber of pages starting from the base
address
+
+**/
+VOID
+EFIAPI
