| Message ID | 20210827031222.2778522-14-zixuanwang@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86_64 UEFI and AMD SEV/SEV-ES support | expand |
On 8/26/21 10:12 PM, Zixuan Wang wrote: > This commit provides initial start up code for KVM-Unit-Tests to run in > an SEV-ES guest VM. This start up code checks if SEV-ES feature is > supported and enabled for the guest. > > In this commit, KVM-Unit-Tests can pass the SEV-ES check and enter > setup_efi() function, but crashes in setup_gdt_tss(), which will be > fixed by follow-up commits. > > Signed-off-by: Zixuan Wang <zixuanwang@google.com> > --- > lib/x86/amd_sev.c | 24 ++++++++++++++++++++++++ > lib/x86/amd_sev.h | 7 +++++-- > 2 files changed, 29 insertions(+), 2 deletions(-) > > diff --git a/lib/x86/amd_sev.c b/lib/x86/amd_sev.c > index f5e3585..8d4df8c 100644 > --- a/lib/x86/amd_sev.c > +++ b/lib/x86/amd_sev.c > @@ -67,6 +67,30 @@ efi_status_t setup_amd_sev(void) > return EFI_SUCCESS; > } > > +bool amd_sev_es_enabled(void) > +{ > + static bool sev_es_enabled; > + static bool initialized = false; > + > + if (!initialized) { > + sev_es_enabled = false; > + initialized = true; > + > + if (!amd_sev_enabled()) { > + return sev_es_enabled; > + } > + > + /* Test if SEV-ES is enabled */ > + if (!(rdmsr(MSR_SEV_STATUS) & SEV_ES_ENABLED_MASK)) { > + return sev_es_enabled; > + } > + > + sev_es_enabled = true; Same comment here as previous for the amd_sev_enabled() function in regards to readability. Thanks, Tom > + } > + > + return sev_es_enabled; > +} > + > unsigned long long get_amd_sev_c_bit_mask(void) > { > if (amd_sev_enabled()) { > diff --git a/lib/x86/amd_sev.h b/lib/x86/amd_sev.h > index 2780560..b73a872 100644 > --- a/lib/x86/amd_sev.h > +++ b/lib/x86/amd_sev.h > @@ -32,12 +32,15 @@ > * AMD Programmer's Manual Volume 2 > * - Section "SEV_STATUS MSR" > */ > -#define MSR_SEV_STATUS 0xc0010131 > -#define SEV_ENABLED_MASK 0b1 > +#define MSR_SEV_STATUS 0xc0010131 > +#define SEV_ENABLED_MASK 0b1 > +#define SEV_ES_ENABLED_MASK 0b10 > > bool amd_sev_enabled(void); > efi_status_t setup_amd_sev(void); > > +bool amd_sev_es_enabled(void); > + > unsigned long long get_amd_sev_c_bit_mask(void); > unsigned long long get_amd_sev_addr_upperbound(void); > >
On Fri, Aug 27, 2021 at 7:56 AM Tom Lendacky <thomas.lendacky@amd.com> wrote: > > On 8/26/21 10:12 PM, Zixuan Wang wrote: > > +bool amd_sev_es_enabled(void) > > +{ > > + static bool sev_es_enabled; > > + static bool initialized = false; > > + > > + if (!initialized) { > > + sev_es_enabled = false; > > + initialized = true; > > + > > + if (!amd_sev_enabled()) { > > + return sev_es_enabled; > > + } > > + > > + /* Test if SEV-ES is enabled */ > > + if (!(rdmsr(MSR_SEV_STATUS) & SEV_ES_ENABLED_MASK)) { > > + return sev_es_enabled; > > + } > > + > > + sev_es_enabled = true; > > Same comment here as previous for the amd_sev_enabled() function in > regards to readability. > > Thanks, > Tom Got it, I will update it in the next version. Thank you for the suggestion! Best regards, Zixuan
diff --git a/lib/x86/amd_sev.c b/lib/x86/amd_sev.c index f5e3585..8d4df8c 100644 --- a/lib/x86/amd_sev.c +++ b/lib/x86/amd_sev.c @@ -67,6 +67,30 @@ efi_status_t setup_amd_sev(void) return EFI_SUCCESS; } +bool amd_sev_es_enabled(void) +{ + static bool sev_es_enabled; + static bool initialized = false; + + if (!initialized) { + sev_es_enabled = false; + initialized = true; + + if (!amd_sev_enabled()) { + return sev_es_enabled; + } + + /* Test if SEV-ES is enabled */ + if (!(rdmsr(MSR_SEV_STATUS) & SEV_ES_ENABLED_MASK)) { + return sev_es_enabled; + } + + sev_es_enabled = true; + } + + return sev_es_enabled; +} + unsigned long long get_amd_sev_c_bit_mask(void) { if (amd_sev_enabled()) { diff --git a/lib/x86/amd_sev.h b/lib/x86/amd_sev.h index 2780560..b73a872 100644 --- a/lib/x86/amd_sev.h +++ b/lib/x86/amd_sev.h @@ -32,12 +32,15 @@ * AMD Programmer's Manual Volume 2 * - Section "SEV_STATUS MSR" */ -#define MSR_SEV_STATUS 0xc0010131 -#define SEV_ENABLED_MASK 0b1 +#define MSR_SEV_STATUS 0xc0010131 +#define SEV_ENABLED_MASK 0b1 +#define SEV_ES_ENABLED_MASK 0b10 bool amd_sev_enabled(void); efi_status_t setup_amd_sev(void); +bool amd_sev_es_enabled(void); + unsigned long long get_amd_sev_c_bit_mask(void); unsigned long long get_amd_sev_addr_upperbound(void);
This commit provides initial start up code for KVM-Unit-Tests to run in an SEV-ES guest VM. This start up code checks if SEV-ES feature is supported and enabled for the guest. In this commit, KVM-Unit-Tests can pass the SEV-ES check and enter setup_efi() function, but crashes in setup_gdt_tss(), which will be fixed by follow-up commits. Signed-off-by: Zixuan Wang <zixuanwang@google.com> --- lib/x86/amd_sev.c | 24 ++++++++++++++++++++++++ lib/x86/amd_sev.h | 7 +++++-- 2 files changed, 29 insertions(+), 2 deletions(-)