Re: [edk2-devel] [PATCH ovmf v3 4/5] UefiCpuPkg: Add AMD SEV-ES features support
On 5/2/24 09:34, Alexey Kardashevskiy wrote:
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual feature flag is not set yet, this should cause
no behavioural change.
Cc: Gerd Hoffmann
Cc: Jiaxin Wu
Cc: Rahul Kumar
Cc: Ray Ni
Cc: Tom Lendacky
Signed-off-by: Alexey Kardashevskiy
Reviewed-by: Tom Lendacky
---
UefiCpuPkg/Library/MpInitLib/MpLib.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index d7244565029d..52fddfb7e571 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -3178,19 +3178,25 @@ AmdMemEncryptionAttrCheck (
IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
)
{
+ UINT64 CurrentLevel;
+
+ CurrentLevel = CurrentAttr & CCAttrTypeMask;
+
switch (Attr) {
case CCAttrAmdSev:
//
// SEV is automatically enabled if SEV-ES or SEV-SNP is active.
//
- return CurrentAttr >= CCAttrAmdSev;
+ return CurrentLevel >= CCAttrAmdSev;
case CCAttrAmdSevEs:
//
// SEV-ES is automatically enabled if SEV-SNP is active.
//
- return CurrentAttr >= CCAttrAmdSevEs;
+ return CurrentLevel >= CCAttrAmdSevEs;
case CCAttrAmdSevSnp:
- return CurrentAttr == CCAttrAmdSevSnp;
+ return CurrentLevel == CCAttrAmdSevSnp;
+case CCAttrFeatureAmdSevDebugSwap:
+ return !!(CurrentAttr & CCAttrFeatureAmdSevDebugSwap);
default:
return FALSE;
}
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119088): https://edk2.groups.io/g/devel/message/119088
Mute This Topic: https://groups.io/mt/105863831/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH ovmf v3 4/5] UefiCpuPkg: Add AMD SEV-ES features support
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual feature flag is not set yet, this should cause
no behavioural change.
Cc: Gerd Hoffmann
Cc: Jiaxin Wu
Cc: Rahul Kumar
Cc: Ray Ni
Cc: Tom Lendacky
Signed-off-by: Alexey Kardashevskiy
---
UefiCpuPkg/Library/MpInitLib/MpLib.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index d7244565029d..52fddfb7e571 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -3178,19 +3178,25 @@ AmdMemEncryptionAttrCheck (
IN CONFIDENTIAL_COMPUTING_GUEST_ATTR Attr
)
{
+ UINT64 CurrentLevel;
+
+ CurrentLevel = CurrentAttr & CCAttrTypeMask;
+
switch (Attr) {
case CCAttrAmdSev:
//
// SEV is automatically enabled if SEV-ES or SEV-SNP is active.
//
- return CurrentAttr >= CCAttrAmdSev;
+ return CurrentLevel >= CCAttrAmdSev;
case CCAttrAmdSevEs:
//
// SEV-ES is automatically enabled if SEV-SNP is active.
//
- return CurrentAttr >= CCAttrAmdSevEs;
+ return CurrentLevel >= CCAttrAmdSevEs;
case CCAttrAmdSevSnp:
- return CurrentAttr == CCAttrAmdSevSnp;
+ return CurrentLevel == CCAttrAmdSevSnp;
+case CCAttrFeatureAmdSevDebugSwap:
+ return !!(CurrentAttr & CCAttrFeatureAmdSevDebugSwap);
default:
return FALSE;
}
--
2.44.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118517): https://edk2.groups.io/g/devel/message/118517
Mute This Topic: https://groups.io/mt/105863831/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
