| 1 | /** @file
|
|---|
| 2 | Map TPM MMIO range unencrypted when SEV-ES is active.
|
|---|
| 3 | Install gOvmfTpmMmioAccessiblePpiGuid unconditionally.
|
|---|
| 4 |
|
|---|
| 5 | Copyright (C) 2021, Advanced Micro Devices, Inc.
|
|---|
| 6 |
|
|---|
| 7 | SPDX-License-Identifier: BSD-2-Clause-Patent
|
|---|
| 8 | **/
|
|---|
| 9 |
|
|---|
| 10 | #include <PiPei.h>
|
|---|
| 11 |
|
|---|
| 12 | #include <Library/DebugLib.h>
|
|---|
| 13 | #include <Library/MemEncryptSevLib.h>
|
|---|
| 14 | #include <Library/PcdLib.h>
|
|---|
| 15 | #include <Library/PeiServicesLib.h>
|
|---|
| 16 |
|
|---|
| 17 | STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmMmioRangeAccessible = {
|
|---|
| 18 | EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
|
|---|
| 19 | &gOvmfTpmMmioAccessiblePpiGuid,
|
|---|
| 20 | NULL
|
|---|
| 21 | };
|
|---|
| 22 |
|
|---|
| 23 | /**
|
|---|
| 24 | The entry point for TPM MMIO range mapping driver.
|
|---|
| 25 |
|
|---|
| 26 | @param[in] FileHandle Handle of the file being invoked.
|
|---|
| 27 | @param[in] PeiServices Describes the list of possible PEI Services.
|
|---|
| 28 |
|
|---|
| 29 | @retval EFI_ABORTED No need to keep this PEIM resident
|
|---|
| 30 | **/
|
|---|
| 31 | EFI_STATUS
|
|---|
| 32 | EFIAPI
|
|---|
| 33 | TpmMmioSevDecryptPeimEntryPoint (
|
|---|
| 34 | IN EFI_PEI_FILE_HANDLE FileHandle,
|
|---|
| 35 | IN CONST EFI_PEI_SERVICES **PeiServices
|
|---|
| 36 | )
|
|---|
| 37 | {
|
|---|
| 38 | RETURN_STATUS DecryptStatus;
|
|---|
| 39 | EFI_STATUS Status;
|
|---|
| 40 |
|
|---|
| 41 | DEBUG ((DEBUG_INFO, "%a\n", __func__));
|
|---|
| 42 |
|
|---|
| 43 | //
|
|---|
| 44 | // If SEV is active, MMIO succeeds against an encrypted physical address
|
|---|
| 45 | // because the nested page fault (NPF) that occurs on access does not
|
|---|
| 46 | // include the encryption bit in the guest physical address provided to the
|
|---|
| 47 | // hypervisor.
|
|---|
| 48 | //
|
|---|
| 49 | // If SEV-ES is active, MMIO would succeed against an encrypted physical
|
|---|
| 50 | // address because the #VC handler uses the virtual address (which is an
|
|---|
| 51 | // identity mapped physical address without the encryption bit) as the guest
|
|---|
| 52 | // physical address of the MMIO target in the VMGEXIT.
|
|---|
| 53 | //
|
|---|
| 54 | // However, if SEV-ES is active, before performing the actual MMIO, an
|
|---|
| 55 | // additional MMIO mitigation check is performed in the #VC handler to ensure
|
|---|
| 56 | // that MMIO is being done to/from an unencrypted address. To prevent guest
|
|---|
| 57 | // termination in this scenario, mark the range unencrypted ahead of access.
|
|---|
| 58 | //
|
|---|
| 59 | if (MemEncryptSevEsIsEnabled ()) {
|
|---|
| 60 | DEBUG ((
|
|---|
| 61 | DEBUG_INFO,
|
|---|
| 62 | "%a: mapping TPM MMIO address range unencrypted\n",
|
|---|
| 63 | __func__
|
|---|
| 64 | ));
|
|---|
| 65 |
|
|---|
| 66 | DecryptStatus = MemEncryptSevClearMmioPageEncMask (
|
|---|
| 67 | 0,
|
|---|
| 68 | FixedPcdGet64 (PcdTpmBaseAddress),
|
|---|
| 69 | EFI_SIZE_TO_PAGES ((UINTN)0x5000)
|
|---|
| 70 | );
|
|---|
| 71 |
|
|---|
| 72 | if (RETURN_ERROR (DecryptStatus)) {
|
|---|
| 73 | DEBUG ((
|
|---|
| 74 | DEBUG_ERROR,
|
|---|
| 75 | "%a: failed to map TPM MMIO address range unencrypted\n",
|
|---|
| 76 | __func__
|
|---|
| 77 | ));
|
|---|
| 78 | ASSERT_RETURN_ERROR (DecryptStatus);
|
|---|
| 79 | }
|
|---|
| 80 | }
|
|---|
| 81 |
|
|---|
| 82 | //
|
|---|
| 83 | // MMIO range available
|
|---|
| 84 | //
|
|---|
| 85 | Status = PeiServicesInstallPpi (&mTpmMmioRangeAccessible);
|
|---|
| 86 | ASSERT_EFI_ERROR (Status);
|
|---|
| 87 |
|
|---|
| 88 | return EFI_ABORTED;
|
|---|
| 89 | }
|
|---|
