BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a VMMCALL intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Don

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a RDTSCP intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a MONITOR/MONITORX intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc:

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a MWAIT/MWAITX intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eri

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a DR7 read or write intercept generates a #VC exception. The #VC handler must provide special support to the guest for this. On a

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Create a function that can be used to determine if the VM is running as an SEV-ES guest. Cc: Jordan Justen <jordan.l.justen@...> Cc: Laszl

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 When SEV-ES is enabled, then SEV is also enabled. Add support to the SEV initialization function to also check for SEV-ES being enabled, and if

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Allocate memory for the GHCB pages and the per-CPU variable pages during SEV initialization for use during Pei and Dxe phases. The GHCB page(s)

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A GHCB page is needed during the Sec phase, so this new page must be created. Since the #VC exception handler routines assume that a per-CPU var

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The SEV support will clear the C-bit from non-RAM areas. The early GDT lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT

Protect the memory used by an SEV-ES guest when S3 is supported. This includes the page table used to break down the 2MB page that contains the GHCB so that it can be marked un-encrypted, as well as t

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Create an SEV-ES workarea PCD. This PCD will be used for BSP communication during SEC and for AP startup during PEI and DXE phases, the latter i

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Reserve a fixed area of memory for SEV-ES use and set a fixed PCD, PcdSevEsWorkAreaBase, to this value. This area will be used by SEV-ES support

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 During BSP startup, the reset vector code will issue a CPUID instruction while in 32-bit mode. When running as an SEV-ES guest, this will trigge

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 An SEV-ES guest will generate a #VC exception when it encounters a non-automatic exit (NAE) event. It is expected that the #VC exception handler

#vc

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Currently, the OVMF code relies on the hypervisor to enable the cache support on the processor in order to improve the boot speed. However, with

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The flash detection routine will attempt to determine how the flash device behaves (e.g. ROM, RAM, Flash). But when SEV-ES is enabled and the fl

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A hypervisor is not allowed to update an SEV-ES guests register state, so when booting an SEV-ES guest AP, the hypervisor is not allowed to set

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 When starting APs in an SMP configuration, the AP needs to know if it is running as an SEV-ES guest in order to assign a GHCB page. Add a field

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A hypervisor is not allowed to update an SEV-ES guest's register state, so when booting an SEV-ES guest AP, the hypervisor is not allowed to set