UefiCpuPkg: Add AMD SEV-ES features support

CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since the previous commit.

Fix AmdMemEncryptionAttrCheck to check the level and feature
correctly and add DebugVirtualization support.

Since the actual feature flag is not set yet, this should cause
no behavioural change.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v5:
* "rb" from Tom

1 files changed, 9 insertions, 3 deletions

diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index 8fbcebdc03..1951922912 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -3196,19 +3196,25 @@ AmdMemEncryptionAttrCheck (
   IN  CONFIDENTIAL_COMPUTING_GUEST_ATTR  Attr

   )

 {

+  UINT64  CurrentLevel;

+

+  CurrentLevel = CurrentAttr & CCAttrTypeMask;

+

   switch (Attr) {

     case CCAttrAmdSev:

       //

       // SEV is automatically enabled if SEV-ES or SEV-SNP is active.

       //

-      return CurrentAttr >= CCAttrAmdSev;

+      return CurrentLevel >= CCAttrAmdSev;

     case CCAttrAmdSevEs:

       //

       // SEV-ES is automatically enabled if SEV-SNP is active.

       //

-      return CurrentAttr >= CCAttrAmdSevEs;

+      return CurrentLevel >= CCAttrAmdSevEs;

     case CCAttrAmdSevSnp:

-      return CurrentAttr == CCAttrAmdSevSnp;

+      return CurrentLevel == CCAttrAmdSevSnp;

+    case CCAttrFeatureAmdSevEsDebugVirtualization:

+      return !!(CurrentAttr & CCAttrFeatureAmdSevEsDebugVirtualization);

     default:

       return FALSE;

   }