diff mbox series

[kvm-unit-tests,RFC,12/16] x86 AMD SEV-ES: Check SEV-ES status

Message ID 20210818000905.1111226-13-zixuanwang@google.com (mailing list archive)
State New, archived
Headers show
Series x86_64 UEFI and AMD SEV/SEV-ES support | expand

Commit Message

Zixuan Wang Aug. 18, 2021, 12:09 a.m. UTC 
This commit provides initial start up code for KVM-Unit-Tests to run in
an SEV-ES guest VM. This start up code checks if SEV-ES feature is
supported and enabled for the guest.

In this commit, KVM-Unit-Tests can pass the SEV-ES check and enter
setup_efi() function, but crashes in setup_gdt_tss(), which will be
fixed by follow-up commits.

Signed-off-by: Zixuan Wang <zixuanwang@google.com>
---
 lib/x86/amd_sev.c | 11 +++++++++++
 lib/x86/amd_sev.h |  9 +++++++--
 lib/x86/setup.c   | 16 ++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/lib/x86/amd_sev.c b/lib/x86/amd_sev.c
index 535f0e8..a31d352 100644
--- a/lib/x86/amd_sev.c
+++ b/lib/x86/amd_sev.c
@@ -44,6 +44,17 @@  EFI_STATUS setup_amd_sev(void)
 	return EFI_SUCCESS;
 }
 
+#ifdef CONFIG_AMD_SEV_ES
+EFI_STATUS setup_amd_sev_es(void){
+	/* Test if SEV-ES is enabled */
+	if (!(rdmsr(MSR_SEV_STATUS) & SEV_ES_ENABLED_MASK)) {
+		return EFI_UNSUPPORTED;
+	}
+
+	return EFI_SUCCESS;
+}
+#endif /* CONFIG_AMD_SEV_ES */
+
 unsigned long long get_amd_sev_c_bit_mask(void)
 {
 	return 1ull << amd_sev_c_bit_pos;
diff --git a/lib/x86/amd_sev.h b/lib/x86/amd_sev.h
index e1ef777..a2eccfc 100644
--- a/lib/x86/amd_sev.h
+++ b/lib/x86/amd_sev.h
@@ -32,10 +32,15 @@ 
 /* AMD Programmer's Manual Volume 2
  *   - Section "SEV_STATUS MSR"
  */
-#define MSR_SEV_STATUS   0xc0010131
-#define SEV_ENABLED_MASK 0b1
+#define MSR_SEV_STATUS      0xc0010131
+#define SEV_ENABLED_MASK    0b1
+#define SEV_ES_ENABLED_MASK 0b10
 
 EFI_STATUS setup_amd_sev(void);
+#ifdef CONFIG_AMD_SEV_ES
+EFI_STATUS setup_amd_sev_es(void);
+#endif /* CONFIG_AMD_SEV_ES */
+
 unsigned long long get_amd_sev_c_bit_mask(void);
 unsigned long long get_amd_sev_c_bit_pos(void);
 
diff --git a/lib/x86/setup.c b/lib/x86/setup.c
index aaa1cce..d29f415 100644
--- a/lib/x86/setup.c
+++ b/lib/x86/setup.c
@@ -231,6 +231,22 @@  EFI_STATUS setup_efi_pre_boot(UINTN *mapkey, efi_bootinfo_t *efi_bootinfo)
 		}
 		return status;
 	}
+
+#ifdef CONFIG_AMD_SEV_ES
+	status = setup_amd_sev_es();
+	if (EFI_ERROR(status)) {
+		printf("setup_amd_sev_es() failed: ");
+		switch (status) {
+		case EFI_UNSUPPORTED:
+			printf("SEV-ES is not supported\n");
+			break;
+		default:
+			printf("Unknown error\n");
+			break;
+		}
+		return status;
+	}
+#endif /* CONFIG_AMD_SEV_ES */
 #endif /* CONFIG_AMD_SEV */
 
 	return EFI_SUCCESS;