hypervisor: Add support for handling SEV INFO request

As part of handling this request, hypervisor is expected to three things: 1. Maximum GHCB protocol version supported. 2. Minimum GHCB protocol version supported. 3. SEV-page table encryption bit number. If the guest cannot support the protocol range supplied by the hypervisor, it should terminate Signed-off-by: Muminul Islam <muislam@microsoft.com> Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2025-02-22 03:12:27 +00:00 · 2023-10-18 12:13:48 +00:00 · 2023-10-18 12:13:48 +00:00 · d68fec594e
commit d68fec594e
parent 6f4d82bd61
1 changed files with 23 additions and 0 deletions
--- a/hypervisor/src/mshv/mod.rs
+++ b/hypervisor/src/mshv/mod.rs
@ -693,6 +693,29 @@ impl cpu::Vcpu for MshvVcpu {
                            set_registers_64!(self.fd, reg_name_value)
                                .map_err(|e| cpu::HypervisorCpuError::SetRegister(e.into()))?;
                        }
+                        GHCB_INFO_SEV_INFO_REQUEST => {
+                            let sev_cpuid_function = 0x8000_001F;
+                            let cpu_leaf = self
+                                .fd
+                                .get_cpuid_values(sev_cpuid_function, 0, 0, 0)
+                                .unwrap();
+                            let ebx = cpu_leaf[1];
+                            // First 6-byte of EBX represents page table encryption bit number
+                            let pbit_encryption = (ebx & 0x3f) as u8;
+                            let mut ghcb_response = GHCB_INFO_SEV_INFO_RESPONSE as u64;
+
+                            // GHCBData[63:48] specifies the maximum GHCB protocol version supported
+                            ghcb_response |= (GHCB_PROTOCOL_VERSION_MAX as u64) << 48;
+                            // GHCBData[47:32] specifies the minimum GHCB protocol version supported
+                            ghcb_response |= (GHCB_PROTOCOL_VERSION_MIN as u64) << 32;
+                            // GHCBData[31:24] specifies the SEV page table encryption bit number.
+                            ghcb_response |= (pbit_encryption as u64) << 24;
+
+                            let arr_reg_name_value =
+                                [(hv_register_name_HV_X64_REGISTER_GHCB, ghcb_response)];
+                            set_registers_64!(self.fd, arr_reg_name_value)
+                                .map_err(|e| cpu::HypervisorCpuError::SetRegister(e.into()))?;
+                        }
                        _ => panic!("Unsupported VMGEXIT operation: {:0x}", ghcb_op),
                    }