Bug ID: 623
Summary: Provide platform library hooks (or notifiers) on MMIO
Product: Tianocore Feature Requests
AMD Family 17h processors provides support for Secure Encrypted Virtualization
(SEV) feature. The SEV feature allows the memory contents of a VM to be
transparently encrypted with a key unique to the guest VM.
More information about SEV feature can be found here , .
SEV guests have the concept of private and shared memory. Private memory is
encrypted with a guest-specific key, while shared memory may be encrypted with
a hypervsior key. The SEV guest can choose which pages it would like to be
private. The choice is done by editing standard CPU page table entries, using
the C-bit. OvmfPkg/Library/BaseMemcryptSevLib provides function to set or clear
the C-bit for a given memory range.
When SEV is enabled, by default all memory regions are marked as "private"
(i.e., C-bit set) but since MMIO regions are shared between the hypervisor and
guest, we need to mark them as "shared" (i.e., C-bit cleared) before any Dxe
driver accesses them. Ideally, we would like to clear the C-bit during the
page table creation time but the existing framework does not provide a platform
hooks to be called during Gcd MMIO add or remove operations.
A standalone driver (AmdSevDxe) which runs in APRIORI - iterates through the
Gcd Memory map and clears the C-bit from "mmio" and "non-existent"
By clearing the C-bit from "non-existent" region ensures that any future MMIO
adds will automatically be mapped with C-bit cleared. The driver is posted here
There was a good discussion about these issues on EDKII mailing list , and
several proposals were made. Here are the results from proposals we have tried:
a) iterate over all the HOBs in the DxeIpl PEIM and Clear the C bit for MMIO
regions that are known from the HOB list.
This approach worked for known MMIO regions but did not work for MMIOs added
later (e.g. PciHostBridgeDxe assignments from “non-existent” regions).
b) add a platform hook library into Gcd, the library provides functions which
can be called after the Gcd core is initialized. I have tried implementing it
Not sure if platform library hook is the right approach, we can discuss the
other possible approaches in this ticket.
You are receiving this mail because:
You are on the CC list for the bug.