BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Reserve a fixed area of memory for SEV-ES use and set a fixed PCD, PcdSevEsWorkAreaBase, to this value. This area will be used by SEV-ES support

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 During BSP startup, the reset vector code will issue a CPUID instruction while in 32-bit mode. When running as an SEV-ES guest, this will trigge

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 An SEV-ES guest will generate a #VC exception when it encounters a non-automatic exit (NAE) event. It is expected that the #VC exception handler

#vc

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Currently, the OVMF code relies on the hypervisor to enable the cache support on the processor in order to improve the boot speed. However, with

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The flash detection routine will attempt to determine how the flash device behaves (e.g. ROM, RAM, Flash). But when SEV-ES is enabled and the fl

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A hypervisor is not allowed to update an SEV-ES guests register state, so when booting an SEV-ES guest AP, the hypervisor is not allowed to set

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 When starting APs in an SMP configuration, the AP needs to know if it is running as an SEV-ES guest in order to assign a GHCB page. Add a field

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Typically, an AP is booted using the INIT-SIPI-SIPI sequence. This sequence is intercepted by the hypervisor, which sets the AP's registers to t

My bad, I could have sworn I rebuilt after the rebase, but these IDs are in conflict. Follow-on 5.1 patch to follow. Thanks, Tom

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A GHCB page is needed during the Sec phase, so this new page must be created. Since the #VC exception handler routines assume that a per-CPU var

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A hypervisor is not allowed to update an SEV-ES guest's register state, so when booting an SEV-ES guest AP, the hypervisor is not allowed to set

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 After having transitioned from UEFI to the OS, the OS will need to boot the APs. For an SEV-ES guest, the APs will have been parked by UEFI usin

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Before UEFI transfers control to the OS, it must park the AP. This is done using the AsmRelocateApLoop function to transition into 32-bit non-pa

Sorry about that, missed that when I made this change. Correct. Will fix. Will change this. Thanks, Tom

#vc

Hmmm... I thought I had when I consolidated the library references, but obviously I didn't. I'll fix that up. Thanks, Tom

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Three new dynamic PCDs are needed to support SEV-ES under OVMF: - PcdSevEsIsEnabled: BOOLEAN value used to indicate if SEV-ES is enabled - PcdGh

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The GHCB is used by an SEV-ES guest for communicating between the guest and the hypervisor. Create the GHCB definition as defined by the GHCB pr

This patch series provides support for running EDK2/OVMF under SEV-ES. Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the SEV support to protect the guest register state from th

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 For SEV-ES, the GHCB page address is stored in the GHCB MSR register (0xc0010130). Define the register and the format used for register during G

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 GHCB pages must be mapped as shared pages, so modify the process of creating identity mapped pagetable entries so that GHCB entries are created