mirror of https://github.com/acidanthera/audk.git
OvmfPkg/IntelTdx: Add SecTdxHelperLib
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 TdxHelperLib provides below helper functions for a td-guest. - TdxHelperProcessTdHob - TdxHelperMeasureTdHob - TdxHelperMeasureCfvImage - TdxHelperBuildGuidHobForTdxMeasurement SecTdxHelperLib is the SEC instance of TdxHelperLib. It implements 4 functions for tdx in SEC phase: - TdxHelperProcessTdHob consumes TdHob to accept un-accepted memories. Before the TdHob is consumed, it is first validated. - TdxHelperMeasureTdHob measure/extend TdHob and store the measurement value in workarea. - TdxHelperMeasureCfvImage measure/extend the Configuration FV image and store the measurement value in workarea. - TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for tdx measurement. This patch implements the stubs of the functions. The actual implementations are in the following patches. Because they are moved from other files. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
This commit is contained in:
Min M Xu
mergify[bot]
parent
d3109e5f18
commit
d09c1d4b88
|
|
@ -0,0 +1,78 @@
|
||||||
|
/** @file
|
||||||
|
TdxHelper Functions which are used in SEC phase
|
||||||
|
|
||||||
|
Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
#include <PiPei.h>
|
||||||
|
|
||||||
|
/**
|
||||||
|
In Tdx guest, some information need to be passed from host VMM to guest
|
||||||
|
firmware. For example, the memory resource, etc. These information are
|
||||||
|
prepared by host VMM and put in TdHob which is described in TdxMetadata.
|
||||||
|
TDVF processes the TdHob to accept memories.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS Successfully process the TdHob
|
||||||
|
@retval Others Other error as indicated
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
TdxHelperProcessTdHob (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
|
||||||
|
the information of the memory resource. From the security perspective before
|
||||||
|
it is consumed, it should be measured and extended.
|
||||||
|
*
|
||||||
|
* @retval EFI_SUCCESS Successfully measure the TdHob
|
||||||
|
* @retval Others Other error as indicated
|
||||||
|
*/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
TdxHelperMeasureTdHob (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* In Tdx guest, Configuration FV (CFV) is treated as external input because it
|
||||||
|
* may contain the data provided by VMM. From the sucurity perspective Cfv image
|
||||||
|
* should be measured before it is consumed.
|
||||||
|
*
|
||||||
|
* @retval EFI_SUCCESS Successfully measure the CFV image
|
||||||
|
* @retval Others Other error as indicated
|
||||||
|
*/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
TdxHelperMeasureCfvImage (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
Build the GuidHob for tdx measurements which were done in SEC phase.
|
||||||
|
The measurement values are stored in WorkArea.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS The GuidHob is built successfully
|
||||||
|
@retval Others Other errors as indicated
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
TdxHelperBuildGuidHobForTdxMeasurement (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,52 @@
|
||||||
|
## @file
|
||||||
|
# TdxHelperLib SEC instance
|
||||||
|
#
|
||||||
|
# This module provides Tdx helper functions in SEC phase.
|
||||||
|
# Copyright (c) 2021 - 2023, Intel Corporation. All rights reserved.<BR>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#
|
||||||
|
##
|
||||||
|
|
||||||
|
[Defines]
|
||||||
|
INF_VERSION = 0x00010005
|
||||||
|
BASE_NAME = SecTdxHelperLib
|
||||||
|
FILE_GUID = ba69ac6b-0c59-4472-899d-b684590ec1e9
|
||||||
|
MODULE_TYPE = BASE
|
||||||
|
VERSION_STRING = 1.0
|
||||||
|
LIBRARY_CLASS = TdxHelperLib|SEC
|
||||||
|
|
||||||
|
#
|
||||||
|
# The following information is for reference only and not required by the build tools.
|
||||||
|
#
|
||||||
|
# VALID_ARCHITECTURES = X64
|
||||||
|
#
|
||||||
|
|
||||||
|
[Sources]
|
||||||
|
SecTdxHelper.c
|
||||||
|
|
||||||
|
[Packages]
|
||||||
|
CryptoPkg/CryptoPkg.dec
|
||||||
|
MdeModulePkg/MdeModulePkg.dec
|
||||||
|
MdePkg/MdePkg.dec
|
||||||
|
OvmfPkg/OvmfPkg.dec
|
||||||
|
SecurityPkg/SecurityPkg.dec
|
||||||
|
|
||||||
|
[LibraryClasses]
|
||||||
|
BaseLib
|
||||||
|
BaseCryptLib
|
||||||
|
DebugLib
|
||||||
|
HobLib
|
||||||
|
PcdLib
|
||||||
|
TdxMailboxLib
|
||||||
|
TdxLib
|
||||||
|
|
||||||
|
[FixedPcd]
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
|
||||||
|
|
||||||
|
[Guids]
|
||||||
|
gCcEventEntryHobGuid
|
||||||
Loading…
Reference in New Issue