OvmfPkg/AmdSev: assign and reserve the Sev Secret area

Create a one page secret area in the MEMFD and reserve the area with a boot time HOB. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 Signed-off-by: James Bottomley <jejb@linux.ibm.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20201130202819.3910-6-jejb@linux.ibm.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com> [lersek@redhat.com: s/protect/reserve/g in the commit message, at Ard's and James's suggestion]
2020-11-30 12:28:18 -08:00 · 2020-11-30 12:28:18 -08:00 · bff2811c6d
parent 224752eced
commit bff2811c6d
4 changed files with 65 additions and 0 deletions
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@ -613,6 +613,7 @@
  OvmfPkg/PlatformPei/PlatformPei.inf
  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
  OvmfPkg/AmdSev/SecretPei/SecretPei.inf
 !if $(TPM_ENABLE) == TRUE
  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@ -59,6 +59,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmf
 0x00B000|0x001000
 gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize
 0x00C000|0x001000
 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
 0x010000|0x010000
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
@ -138,6 +141,7 @@ INF  OvmfPkg/PlatformPei/PlatformPei.inf
 INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 INF  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 INF  OvmfPkg/AmdSev/SecretPei/SecretPei.inf
 !if $(TPM_ENABLE) == TRUE
 INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
@ -0,0 +1,25 @@
 /** @file
  SEV Secret boot time HOB placement
  Copyright (C) 2020 James Bottomley, IBM Corporation.
  SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 #include <PiPei.h>
 #include <Library/HobLib.h>
 #include <Library/PcdLib.h>
 EFI_STATUS
 EFIAPI
 InitializeSecretPei (
  IN       EFI_PEI_FILE_HANDLE  FileHandle,
  IN CONST EFI_PEI_SERVICES     **PeiServices
  )
 {
  BuildMemoryAllocationHob (
    PcdGet32 (PcdSevLaunchSecretBase),
    PcdGet32 (PcdSevLaunchSecretSize),
    EfiBootServicesData
    );
  return EFI_SUCCESS;
 }
--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf
+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.inf
@ -0,0 +1,35 @@
 ## @file
 #  PEI support for SEV Secrets
 #
 #  Copyright (C) 2020 James Bottomley, IBM Corporation.
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
 [Defines]
  INF_VERSION                    = 0x00010005
  BASE_NAME                      = SecretPei
  FILE_GUID                      = 45260dde-0c3c-4b41-a226-ef3803fac7d4
  MODULE_TYPE                    = PEIM
  VERSION_STRING                 = 1.0
  ENTRY_POINT                    = InitializeSecretPei
 [Sources]
  SecretPei.c
 [Packages]
  OvmfPkg/OvmfPkg.dec
  MdePkg/MdePkg.dec
 [LibraryClasses]
  HobLib
  PeimEntryPoint
  PcdLib
 [FixedPcd]
  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
 [Depex]
  TRUE