mirror of https://github.com/acidanthera/audk.git
OvmfPkg/IntelTdx: Add PeiTdxHelperLib
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 TdxHelperLib provides below helper functions for a td-guest. - TdxHelperProcessTdHob - TdxHelperMeasureTdHob - TdxHelperMeasureCfvImage - TdxHelperBuildGuidHobForTdxMeasurement PeiTdxHelperLib is the PEI instance of TdxHelperLib. It implements 1 function for tdx in PEI phase. Other functions are not supported in PEI phase. - TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for tdx measurement in PEI phase. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
This commit is contained in:
Min M Xu
mergify[bot]
parent
019621d078
commit
d92db8a086
|
|
@ -0,0 +1,91 @@
|
|||
/** @file
|
||||
TdxHelper Functions which are used in PEI phase
|
||||
|
||||
Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include <Base.h>
|
||||
#include <PiPei.h>
|
||||
|
||||
/**
|
||||
Build the GuidHob for tdx measurements which were done in SEC phase.
|
||||
The measurement values are stored in WorkArea.
|
||||
|
||||
@retval EFI_SUCCESS The GuidHob is built successfully
|
||||
@retval Others Other errors as indicated
|
||||
**/
|
||||
EFI_STATUS
|
||||
InternalBuildGuidHobForTdxMeasurement (
|
||||
VOID
|
||||
);
|
||||
|
||||
/**
|
||||
In Tdx guest, some information need to be passed from host VMM to guest
|
||||
firmware. For example, the memory resource, etc. These information are
|
||||
prepared by host VMM and put in TdHob which is described in TdxMetadata.
|
||||
TDVF processes the TdHob to accept memories.
|
||||
|
||||
@retval EFI_SUCCESS Successfully process the TdHob
|
||||
@retval Others Other error as indicated
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TdxHelperProcessTdHob (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
return EFI_UNSUPPORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
|
||||
the information of the memory resource. From the security perspective before
|
||||
it is consumed, it should be measured and extended.
|
||||
*
|
||||
* @retval EFI_SUCCESS Successfully measure the TdHob
|
||||
* @retval Others Other error as indicated
|
||||
*/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TdxHelperMeasureTdHob (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
return EFI_UNSUPPORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
* In Tdx guest, Configuration FV (CFV) is treated as external input because it
|
||||
* may contain the data provided by VMM. From the sucurity perspective Cfv image
|
||||
* should be measured before it is consumed.
|
||||
*
|
||||
* @retval EFI_SUCCESS Successfully measure the CFV image
|
||||
* @retval Others Other error as indicated
|
||||
*/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TdxHelperMeasureCfvImage (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
return EFI_UNSUPPORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
Build the GuidHob for tdx measurements which were done in SEC phase.
|
||||
The measurement values are stored in WorkArea.
|
||||
|
||||
@retval EFI_SUCCESS The GuidHob is built successfully
|
||||
@retval Others Other errors as indicated
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TdxHelperBuildGuidHobForTdxMeasurement (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
return InternalBuildGuidHobForTdxMeasurement ();
|
||||
}
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
## @file
|
||||
# TdxHelperLib PEI instance
|
||||
#
|
||||
# This module provides Tdx helper functions in PEI phase.
|
||||
# Copyright (c) 2021 - 2023, Intel Corporation. All rights reserved.<BR>
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#
|
||||
##
|
||||
|
||||
[Defines]
|
||||
INF_VERSION = 0x00010005
|
||||
BASE_NAME = PeiTdxHelperLib
|
||||
FILE_GUID = 4d22289d-3bde-4501-a737-7719f3215065
|
||||
MODULE_TYPE = BASE
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = TdxHelperLib|PEIM
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
#
|
||||
# VALID_ARCHITECTURES = X64
|
||||
#
|
||||
|
||||
[Sources]
|
||||
PeiTdxHelper.c
|
||||
TdxMeasurementHob.c
|
||||
|
||||
[Packages]
|
||||
MdeModulePkg/MdeModulePkg.dec
|
||||
MdePkg/MdePkg.dec
|
||||
OvmfPkg/OvmfPkg.dec
|
||||
SecurityPkg/SecurityPkg.dec
|
||||
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
DebugLib
|
||||
HobLib
|
||||
PcdLib
|
||||
|
||||
[FixedPcd]
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
|
||||
|
||||
[Guids]
|
||||
gCcEventEntryHobGuid
|
||||
Loading…
Reference in New Issue