tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table 

Now that the secret area is protected by a boot time HOB, extract its
location details into a configuration table referenced by
gSevLaunchSecretGuid so the boot loader or OS can locate it before a
call to ExitBootServices().

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20201130202819.3910-7-jejb@linux.ibm.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
[lersek@redhat.com: fix indentation of InstallConfigurationTable() args]
This commit is contained in:
James Bottomley 2020-11-30 12:28:19 -08:00 committed by mergify[bot]
parent bff2811c6d
commit 01726b6d23
6 changed files with 95 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
OvmfPkg/AmdSev/AmdSevX64.dsc
View File

@ -778,6 +778,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
} }
!endif !endif
OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
OvmfPkg/AmdSev/Grub/Grub.inf OvmfPkg/AmdSev/Grub/Grub.inf
!if $(BUILD_SHELL) == TRUE !if $(BUILD_SHELL) == TRUE
ShellPkg/Application/Shell/Shell.inf { ShellPkg/Application/Shell/Shell.inf {

1
OvmfPkg/AmdSev/AmdSevX64.fdf
View File

@ -269,6 +269,7 @@ INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif !endif
INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
INF OvmfPkg/AmdSev/Grub/Grub.inf INF OvmfPkg/AmdSev/Grub/Grub.inf
!if $(BUILD_SHELL) == TRUE !if $(BUILD_SHELL) == TRUE
INF ShellPkg/Application/Shell/Shell.inf INF ShellPkg/Application/Shell/Shell.inf

27
OvmfPkg/AmdSev/SecretDxe/SecretDxe.c Normal file
View File

@ -0,0 +1,27 @@
/** @file
SEV Secret configuration table constructor
Copyright (C) 2020 James Bottomley, IBM Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiDxe.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Guid/SevLaunchSecret.h>
STATIC SEV_LAUNCH_SECRET_LOCATION mSecretDxeTable = {
FixedPcdGet32 (PcdSevLaunchSecretBase),
FixedPcdGet32 (PcdSevLaunchSecretSize),
};
EFI_STATUS
EFIAPI
InitializeSecretDxe(
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
return gBS->InstallConfigurationTable (
&gSevLaunchSecretGuid,
&mSecretDxeTable
);
}

37
OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf Normal file
View File

@ -0,0 +1,37 @@
## @file
# Sev Secret configuration Table installer
#
# Copyright (C) 2020 James Bottomley, IBM Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SecretDxe
FILE_GUID = 6e2b9619-8810-4e9d-a177-d432bb9abeda
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = InitializeSecretDxe
[Sources]
SecretDxe.c
[Packages]
OvmfPkg/OvmfPkg.dec
MdePkg/MdePkg.dec
[LibraryClasses]
UefiBootServicesTableLib
UefiDriverEntryPoint
[Guids]
gSevLaunchSecretGuid
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
[Depex]
TRUE

28
OvmfPkg/Include/Guid/SevLaunchSecret.h Normal file
View File

@ -0,0 +1,28 @@
/** @file
UEFI Configuration Table for exposing the SEV Launch Secret location to UEFI
applications (boot loaders).
Copyright (C) 2020 James Bottomley, IBM Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef SEV_LAUNCH_SECRET_H_
#define SEV_LAUNCH_SECRET_H_
#include <Uefi/UefiBaseType.h>
#define SEV_LAUNCH_SECRET_GUID \
{ 0xadf956ad, \
0xe98c, \
0x484c, \
{ 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \
}
typedef struct {
UINT32 Base;
UINT32 Size;
} SEV_LAUNCH_SECRET_LOCATION;
extern EFI_GUID gSevLaunchSecretGuid;
#endif // SEV_LAUNCH_SECRET_H_

1
OvmfPkg/OvmfPkg.dec
View File

@ -117,6 +117,7 @@
gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}} gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
gSevLaunchSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
[Ppis] [Ppis]
# PPI whose presence in the PPI database signals that the TPM base address # PPI whose presence in the PPI database signals that the TPM base address