BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. See the GHCB specification section 2.3.2 for more details. Cc: Min

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Create a function that can be used to determine if VM is running as an SEV-SNP guest. Cc: Min Xu <min.m.xu@...> Cc: Tom Lendacky

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Define the PCDs used by the MpInitLib while creating the AP when SEV-SNP is active in the guest VM. Cc: Rahul Kumar

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Virtual Machine Privilege Level (VMPL) is an optional feature in the SEV-SNP architecture, which allows a guest VM to divide its address

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The GHCB page is part of a pre-validated memory range specified through the SnpBootBlock GUID. When SEV-SNP is active, the GHCB page

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest requires that private memory (aka pages mapped encrypted) must be validated before being accessed. The validation process

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Introduce a new SEV-SNP boot-specific GUID block. The block is used to communicate the secrets and cpuid memory area reserved by the guest

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Platform features and capabilities are traditionally discovered via the CPUID instruction. Hypervisors typically trap and emulate the

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 During the SNP guest launch sequence, a special secrets page needs to be inserted by the VMM. The PSP will populate the page; it will contain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The upcoming SEV-SNP support will need to make a few additional guest termination requests depending on the failure type. Let's move the

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The upcoming SEV-SNP support will need to make a few additional MSR protocol based VMGEXIT's. Add a macro that wraps the common setup

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The PageTables64.asm was created to provide routines to set the CR3 register for 64-bit paging. During the SEV support, it grew to include

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware-based memory protections. SEV-SNP adds strong memory

This commit allows to initialize Secure Boot default key and databases from data embedded in firmware binary. Signed-off-by: Grzegorz Bernacki <gjb@...> Reviewed-by: Sunny Wang

The edk2 patch SecurityPkg: Create library for setting Secure Boot variables. removes generic functions from SecureBootConfigDxe and places them into SecureBootVariableLib. This patch adds

The edk2 patch SecurityPkg: Create library for setting Secure Boot variables. removes generic functions from SecureBootConfigDxe and places them into SecureBootVariableLib. This patch adds

The edk2 patch SecurityPkg: Create library for setting Secure Boot variables. removes generic functions from SecureBootConfigDxe and places them into SecureBootVariableLib. This patch adds

This commit add option which allows reset content of Secure Boot keys and databases to default variables. Signed-off-by: Grzegorz Bernacki <gjb@...> Reviewed-by: Sunny Wang

This commits adds modules related to initialization and usage of default Secure Boot key variables to SecurityPkg. Signed-off-by: Grzegorz Bernacki <gjb@...> Reviewed-by: Sunny Wang

This application allows user to force key enrollment from Secure Boot default variables. Signed-off-by: Grzegorz Bernacki <gjb@...> ---