Incorporate support for SEV-SNP enablement. Provide a simple activation
test to determine whether SEV-SNP is enabled or not.
SKIP this activation test if the guest is not an SEV-SNP guest.
Signed-off-by: Pavan Kumar Paluri <papaluri@xxxxxxx>
---
lib/x86/amd_sev.c | 16 ++++++++++++++++
lib/x86/amd_sev.h | 2 ++
lib/x86/setup.c | 6 +++---
x86/amd_sev.c | 11 +++++++++++
4 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/lib/x86/amd_sev.c b/lib/x86/amd_sev.c
index ff435c90eeea..8af772ec09b3 100644
--- a/lib/x86/amd_sev.c
+++ b/lib/x86/amd_sev.c
@@ -89,6 +89,22 @@ bool amd_sev_es_enabled(void)
return sev_es_enabled;
}
+bool amd_sev_snp_enabled(void)
+{
+ static bool sev_snp_enabled;
+ static bool initialized;
+
+ /* Test if SEV-SNP is enabled */
+ if (!initialized) {
+ if (amd_sev_es_enabled())
+ sev_snp_enabled = rdmsr(MSR_SEV_STATUS) &
+ SEV_SNP_ENABLED_MASK;
+ initialized = true;
+ }
+
+ return sev_snp_enabled;
+}
+
efi_status_t setup_vc_handler(void)
{
struct descriptor_table_ptr idtr;
diff --git a/lib/x86/amd_sev.h b/lib/x86/amd_sev.h
index b5715082284b..4c58e761c4af 100644
--- a/lib/x86/amd_sev.h
+++ b/lib/x86/amd_sev.h
@@ -122,6 +122,7 @@ struct es_em_ctxt {
#define MSR_SEV_STATUS 0xc0010131
#define SEV_ENABLED_MASK 0b1
#define SEV_ES_ENABLED_MASK 0b10
+#define SEV_SNP_ENABLED_MASK 0b100
bool amd_sev_enabled(void);
efi_status_t setup_amd_sev(void);
@@ -140,6 +141,7 @@ efi_status_t setup_amd_sev(void);
bool amd_sev_es_enabled(void);
efi_status_t setup_vc_handler(void);
+bool amd_sev_snp_enabled(void);
void setup_ghcb_pte(pgd_t *page_table);
void handle_sev_es_vc(struct ex_regs *regs);
diff --git a/lib/x86/setup.c b/lib/x86/setup.c
index d79a9f86eda4..023aa6951183 100644
--- a/lib/x86/setup.c
+++ b/lib/x86/setup.c
@@ -331,9 +331,9 @@ efi_status_t setup_efi(efi_bootinfo_t *efi_bootinfo)
phase = "AMD SEV";
status = setup_amd_sev();
- /* Continue if AMD SEV is not supported, but skip SEV-ES setup */
- if (status == EFI_SUCCESS) {
- phase = "AMD SEV-ES";
+ /* Continue if AMD SEV is not supported, but skip SEV-ES or SEV-SNP setup */
+ if (status == EFI_SUCCESS && amd_sev_es_enabled()) {
+ phase = amd_sev_snp_enabled() ? "AMD SEV-SNP" : "AMD SEV-ES";
status = setup_vc_handler();
}
diff --git a/x86/amd_sev.c b/x86/amd_sev.c
index 7757d4f85b7a..241e1472e333 100644
--- a/x86/amd_sev.c
+++ b/x86/amd_sev.c
@@ -69,6 +69,16 @@ static void test_sev_es_activation(void)
}
}
+static void test_sev_snp_activation(void)
+{
+ if (!(rdmsr(MSR_SEV_STATUS) & SEV_SNP_ENABLED_MASK)) {
+ report_skip("SEV-SNP is not enabled");
+ return;
+ }
+
+ report_info("SEV-SNP is enabled");
+}
+
static void test_stringio(void)
{
int st1_len = sizeof(st1) - 1;
@@ -92,6 +102,7 @@ int main(void)
rtn = test_sev_activation();
report(rtn == EXIT_SUCCESS, "SEV activation test.");
test_sev_es_activation();
+ test_sev_snp_activation();
test_stringio();
return report_summary();
}
--
2.34.1
