diff mbox series

[kvm-unit-tests,v2,05/16] x86 AMD SEV-SNP: Enable SEV-SNP support

Message ID 20240718124932.114121-6-papaluri@amd.com (mailing list archive)
State New, archived
Headers show
Series Introduce SEV-SNP support | expand

Commit Message

Paluri, PavanKumar July 18, 2024, 12:49 p.m. UTC 
Incorporate support for SEV-SNP enablement. Provide a simple activation
test to determine whether SEV-SNP is enabled or not.

SKIP this activation test if the guest is not an SEV-SNP guest.

Besides, for SEV-SNP, the requirement is that SEV-ES and SEV be enabled.
In addition, setup_vc_handler() is common to both SEV-ES and SEV-SNP.
Therefore, call setup_vc_handler() only when SEV-ES is enabled.

Signed-off-by: Pavan Kumar Paluri <papaluri@amd.com>
---
 lib/x86/amd_sev.c | 15 +++++++++++++++
 lib/x86/amd_sev.h |  2 ++
 lib/x86/setup.c   | 13 ++++++++++---
 x86/amd_sev.c     | 13 +++++++++++++
 4 files changed, 40 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/lib/x86/amd_sev.c b/lib/x86/amd_sev.c
index ff435c90eeea..f84230eba2a4 100644
--- a/lib/x86/amd_sev.c
+++ b/lib/x86/amd_sev.c
@@ -89,6 +89,21 @@  bool amd_sev_es_enabled(void)
 	return sev_es_enabled;
 }
 
+bool amd_sev_snp_enabled(void)
+{
+	static bool sev_snp_enabled;
+	static bool initialized;
+
+	if (!initialized) {
+		if (amd_sev_es_enabled())
+			sev_snp_enabled = rdmsr(MSR_SEV_STATUS) &
+					  SEV_SNP_ENABLED_MASK;
+		initialized = true;
+	}
+
+	return sev_snp_enabled;
+}
+
 efi_status_t setup_vc_handler(void)
 {
 	struct descriptor_table_ptr idtr;
diff --git a/lib/x86/amd_sev.h b/lib/x86/amd_sev.h
index b5715082284b..4c58e761c4af 100644
--- a/lib/x86/amd_sev.h
+++ b/lib/x86/amd_sev.h
@@ -122,6 +122,7 @@  struct es_em_ctxt {
 #define MSR_SEV_STATUS      0xc0010131
 #define SEV_ENABLED_MASK    0b1
 #define SEV_ES_ENABLED_MASK 0b10
+#define SEV_SNP_ENABLED_MASK 0b100
 
 bool amd_sev_enabled(void);
 efi_status_t setup_amd_sev(void);
@@ -140,6 +141,7 @@  efi_status_t setup_amd_sev(void);
 
 bool amd_sev_es_enabled(void);
 efi_status_t setup_vc_handler(void);
+bool amd_sev_snp_enabled(void);
 void setup_ghcb_pte(pgd_t *page_table);
 void handle_sev_es_vc(struct ex_regs *regs);
 
diff --git a/lib/x86/setup.c b/lib/x86/setup.c
index d79a9f86eda4..561397af93d5 100644
--- a/lib/x86/setup.c
+++ b/lib/x86/setup.c
@@ -331,9 +331,16 @@  efi_status_t setup_efi(efi_bootinfo_t *efi_bootinfo)
 	phase = "AMD SEV";
 	status = setup_amd_sev();
 
-	/* Continue if AMD SEV is not supported, but skip SEV-ES setup */
-	if (status == EFI_SUCCESS) {
-		phase = "AMD SEV-ES";
+	/*
+	 * Continue if AMD SEV is not supported, but skip SEV-ES or
+	 * SEV-SNP setup.
+	 * setup_vc_handler() already checks whether SEV-ES is enabled
+	 * or not before it does anything. However, for an SEV-guest, a
+	 * function call to setup_vc_handler() can be avoided altogether
+	 * by incorporating amd_sev_es_enabled() check below.
+	 */
+	if (status == EFI_SUCCESS && amd_sev_es_enabled()) {
+		phase = amd_sev_snp_enabled() ? "AMD SEV-SNP" : "AMD SEV-ES";
 		status = setup_vc_handler();
 	}
 
diff --git a/x86/amd_sev.c b/x86/amd_sev.c
index 7757d4f85b7a..3e6e9129cfaa 100644
--- a/x86/amd_sev.c
+++ b/x86/amd_sev.c
@@ -69,6 +69,18 @@  static void test_sev_es_activation(void)
 	}
 }
 
+static void test_sev_snp_activation(void)
+{
+	report_info("TEST: SEV-SNP Activation test");
+
+	if (!(rdmsr(MSR_SEV_STATUS) & SEV_SNP_ENABLED_MASK)) {
+		report_skip("SEV-SNP is not enabled");
+		return;
+	}
+
+	report_info("SEV-SNP is enabled");
+}
+
 static void test_stringio(void)
 {
 	int st1_len = sizeof(st1) - 1;
@@ -92,6 +104,7 @@  int main(void)
 	rtn = test_sev_activation();
 	report(rtn == EXIT_SUCCESS, "SEV activation test.");
 	test_sev_es_activation();
+	test_sev_snp_activation();
 	test_stringio();
 	return report_summary();
 }