Make x86/efi/run check for AMDSEV envvar and set SEV/SEV-ES parameters
on the qemu cmdline.
AMDSEV can be set to `sev` or `sev-es`.
Signed-off-by: Varad Gautam <varad.gautam@xxxxxxxx>
---
x86/efi/README.md | 5 +++++
x86/efi/run | 16 ++++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/x86/efi/README.md b/x86/efi/README.md
index a39f509..1222b30 100644
--- a/x86/efi/README.md
+++ b/x86/efi/README.md
@@ -30,6 +30,11 @@ the env variable `EFI_UEFI`:
EFI_UEFI=/path/to/OVMF.fd ./x86/efi/run ./x86/msr.efi
+To run the tests under AMD SEV/SEV-ES, set env variable `AMDSEV=sev` or
+`AMDSEV=sev-es`. This adds the desired guest policy to qemu command line.
+
+ AMDSEV=sev-es EFI_UEFI=/path/to/OVMF.fd ./x86/efi/run ./x86/amd_sev.efi
+
## Code structure
### Code from GNU-EFI
diff --git a/x86/efi/run b/x86/efi/run
index ac368a5..b48f626 100755
--- a/x86/efi/run
+++ b/x86/efi/run
@@ -43,6 +43,21 @@ fi
mkdir -p "$EFI_CASE_DIR"
cp "$EFI_SRC/$EFI_CASE.efi" "$EFI_CASE_BINARY"
+amdsev_opts=
+if [ -n "$AMDSEV" ]; then
+ policy=
+ if [ "$AMDSEV" = "sev" ]; then
+ policy="0x1"
+ elif [ "$AMDSEV" = "sev-es" ]; then
+ policy="0x5"
+ else
+ echo "Cannot set AMDSEV policy. AMDSEV must be one of 'sev', 'sev-es'."
+ exit 2
+ fi
+
+ amdsev_opts="-object sev-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,policy=$policy -machine memory-encryption=sev0"
+fi
+
# Run test case with 256MiB QEMU memory. QEMU default memory size is 128MiB.
# After UEFI boot up and we call `LibMemoryMap()`, the largest consecutive
# memory region is ~42MiB. Although this is sufficient for many test cases to
@@ -61,4 +76,5 @@ cp "$EFI_SRC/$EFI_CASE.efi" "$EFI_CASE_BINARY"
-nographic \
-m 256 \
"$@" \
+ $amdsev_opts \
-smp "$EFI_SMP"
--
2.32.0
