[kvm-unit-tests RFC 12/16] x86 AMD SEV-ES: Check SEV-ES status

Zixuan Wang <zixuanwang@xxxxxxxxxx> · Wed, 18 Aug 2021 00:09:01 +0000

This commit provides initial start up code for KVM-Unit-Tests to run in
an SEV-ES guest VM. This start up code checks if SEV-ES feature is
supported and enabled for the guest.

In this commit, KVM-Unit-Tests can pass the SEV-ES check and enter
setup_efi() function, but crashes in setup_gdt_tss(), which will be
fixed by follow-up commits.

Signed-off-by: Zixuan Wang <zixuanwang@xxxxxxxxxx>
---
 lib/x86/amd_sev.c | 11 +++++++++++
 lib/x86/amd_sev.h |  9 +++++++--
 lib/x86/setup.c   | 16 ++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/lib/x86/amd_sev.c b/lib/x86/amd_sev.c
index 535f0e8..a31d352 100644
--- a/lib/x86/amd_sev.c
+++ b/lib/x86/amd_sev.c
@@ -44,6 +44,17 @@ EFI_STATUS setup_amd_sev(void)
 	return EFI_SUCCESS;
 }
 
+#ifdef CONFIG_AMD_SEV_ES
+EFI_STATUS setup_amd_sev_es(void){
+	/* Test if SEV-ES is enabled */
+	if (!(rdmsr(MSR_SEV_STATUS) & SEV_ES_ENABLED_MASK)) {
+		return EFI_UNSUPPORTED;
+	}
+
+	return EFI_SUCCESS;
+}
+#endif /* CONFIG_AMD_SEV_ES */
+
 unsigned long long get_amd_sev_c_bit_mask(void)
 {
 	return 1ull << amd_sev_c_bit_pos;
diff --git a/lib/x86/amd_sev.h b/lib/x86/amd_sev.h
index e1ef777..a2eccfc 100644
--- a/lib/x86/amd_sev.h
+++ b/lib/x86/amd_sev.h
@@ -32,10 +32,15 @@
 /* AMD Programmer's Manual Volume 2
  *   - Section "SEV_STATUS MSR"
  */
-#define MSR_SEV_STATUS   0xc0010131
-#define SEV_ENABLED_MASK 0b1
+#define MSR_SEV_STATUS      0xc0010131
+#define SEV_ENABLED_MASK    0b1
+#define SEV_ES_ENABLED_MASK 0b10
 
 EFI_STATUS setup_amd_sev(void);
+#ifdef CONFIG_AMD_SEV_ES
+EFI_STATUS setup_amd_sev_es(void);
+#endif /* CONFIG_AMD_SEV_ES */
+
 unsigned long long get_amd_sev_c_bit_mask(void);
 unsigned long long get_amd_sev_c_bit_pos(void);
 
diff --git a/lib/x86/setup.c b/lib/x86/setup.c
index aaa1cce..d29f415 100644
--- a/lib/x86/setup.c
+++ b/lib/x86/setup.c
@@ -231,6 +231,22 @@ EFI_STATUS setup_efi_pre_boot(UINTN *mapkey, efi_bootinfo_t *efi_bootinfo)
 		}
 		return status;
 	}
+
+#ifdef CONFIG_AMD_SEV_ES
+	status = setup_amd_sev_es();
+	if (EFI_ERROR(status)) {
+		printf("setup_amd_sev_es() failed: ");
+		switch (status) {
+		case EFI_UNSUPPORTED:
+			printf("SEV-ES is not supported\n");
+			break;
+		default:
+			printf("Unknown error\n");
+			break;
+		}
+		return status;
+	}
+#endif /* CONFIG_AMD_SEV_ES */
 #endif /* CONFIG_AMD_SEV */
 
 	return EFI_SUCCESS;
-- 
2.33.0.rc1.237.g0d66db33f3-goog







