This protocol implementation disables the accept-all-memory behavior of the BeforeExitBootServices event this driver adds.
Cc: Gerd Hoffmann <kra...@redhat.com> Cc: James Bottomley <j...@linux.ibm.com> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Ard Biesheuvel <a...@kernel.org> Cc: "Min M. Xu" <min.m...@intel.com> Cc: Andrew Fish <af...@apple.com> Cc: "Michael D. Kinney" <michael.d.kin...@intel.com> Signed-off-by: Dionna Glaze <dionnagl...@google.com> --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 26 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 1 + 2 files changed, 27 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 5eec76fea2..e98867afac 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -21,6 +21,7 @@ #include <Guid/ConfidentialComputingSevSnpBlob.h> #include <Library/PcdLib.h> #include <Pi/PrePiDxeCis.h> +#include <Protocol/Bz3987SevMemoryAcceptance.h> #include <Protocol/MemoryAccept.h> STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { @@ -155,6 +156,21 @@ ResolveUnacceptedMemory ( ASSERT_EFI_ERROR (Status); } +STATIC +EFI_STATUS +EFIAPI +AllowUnacceptedMemory ( + IN BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL *This + ) +{ + mAcceptAllMemoryAtEBS = FALSE; + return EFI_SUCCESS; +} + +STATIC +BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL + mMemoryAcceptanceProtocol = { AllowUnacceptedMemory }; + STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { AmdSevMemoryAccept }; @@ -304,6 +320,16 @@ AmdSevDxeEntryPoint ( DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for EventBeforeExitBootServices failed.\n")); } + Status = gBS->InstallProtocolInterface ( + &mAmdSevDxeHandle, + &gBz3987SevMemoryAcceptanceProtocolGuid, + EFI_NATIVE_INTERFACE, + &mMemoryAcceptanceProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install Bz3987SevMemoryAcceptanceProtocol failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index 5b443d45bc..1e14e4e0ab 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -49,6 +49,7 @@ [Protocols] gEdkiiMemoryAcceptProtocolGuid + gBz3987SevMemoryAcceptanceProtocolGuid [Guids] gConfidentialComputingSevSnpBlobGuid -- 2.39.1.456.gfc5497dd1b-goog -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99052): https://edk2.groups.io/g/devel/message/99052 Mute This Topic: https://groups.io/mt/96534756/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-