This commit provides initial start up code for KVM-Unit-Tests to run in
an SEV-ES guest VM. This start up code checks if SEV-ES feature is
supported and enabled for the guest.
In this commit, KVM-Unit-Tests can pass the SEV-ES check and enter
setup_efi() function, but crashes in setup_gdt_tss(), which will be
fixed by follow-up commits.
Signed-off-by: Zixuan Wang <zixuanwang@xxxxxxxxxx>
---
lib/x86/amd_sev.c | 24 ++++++++++++++++++++++++
lib/x86/amd_sev.h | 7 +++++--
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/lib/x86/amd_sev.c b/lib/x86/amd_sev.c
index f5e3585..8d4df8c 100644
--- a/lib/x86/amd_sev.c
+++ b/lib/x86/amd_sev.c
@@ -67,6 +67,30 @@ efi_status_t setup_amd_sev(void)
return EFI_SUCCESS;
}
+bool amd_sev_es_enabled(void)
+{
+ static bool sev_es_enabled;
+ static bool initialized = false;
+
+ if (!initialized) {
+ sev_es_enabled = false;
+ initialized = true;
+
+ if (!amd_sev_enabled()) {
+ return sev_es_enabled;
+ }
+
+ /* Test if SEV-ES is enabled */
+ if (!(rdmsr(MSR_SEV_STATUS) & SEV_ES_ENABLED_MASK)) {
+ return sev_es_enabled;
+ }
+
+ sev_es_enabled = true;
+ }
+
+ return sev_es_enabled;
+}
+
unsigned long long get_amd_sev_c_bit_mask(void)
{
if (amd_sev_enabled()) {
diff --git a/lib/x86/amd_sev.h b/lib/x86/amd_sev.h
index 2780560..b73a872 100644
--- a/lib/x86/amd_sev.h
+++ b/lib/x86/amd_sev.h
@@ -32,12 +32,15 @@
* AMD Programmer's Manual Volume 2
* - Section "SEV_STATUS MSR"
*/
-#define MSR_SEV_STATUS 0xc0010131
-#define SEV_ENABLED_MASK 0b1
+#define MSR_SEV_STATUS 0xc0010131
+#define SEV_ENABLED_MASK 0b1
+#define SEV_ES_ENABLED_MASK 0b10
bool amd_sev_enabled(void);
efi_status_t setup_amd_sev(void);
+bool amd_sev_es_enabled(void);
+
unsigned long long get_amd_sev_c_bit_mask(void);
unsigned long long get_amd_sev_addr_upperbound(void);
--
2.33.0.259.gc128427fd7-goog
