tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
audk/OvmfPkg/Include/WorkArea.h
Tom Lendacky 2b330b57db OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.

Currently, the page state change logic directly uses the GHCB shared
buffer to build the page state change structures. However, this will be
in conflict with the use of the GHCB should an SVSM call be required.

Instead, use a separate buffer (an area in the workarea during SEC and
an allocated page during PEI/DXE) to hold the page state change request
and only update the GHCB shared buffer as needed.

Since the information is copied to, and operated on, in the GHCB shared
buffer this has the added benefit of not requiring to save the start and
end entries for use when validating the memory during the page state
change sequence.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2024-04-17 18:30:03 +00:00

114 lines
3.1 KiB
C
Raw Permalink Blame History

/** @file
Work Area structure definition
Copyright (c) 2021 - 2024, AMD Inc.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __OVMF_WORK_AREA_H__
#define __OVMF_WORK_AREA_H__
#include <ConfidentialComputingGuestAttr.h>
#include <IndustryStandard/Tpm20.h>
//
// Confidential computing work area header definition. Any change
// to the structure need to be kept in sync with the
// PcdOvmfConfidentialComputingWorkAreaHeader.
//
// PcdOvmfConfidentialComputingWorkAreaHeader ==
// sizeof (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER)
// PcdOvmfConfidentialComputingWorkAreaHeader defined in:
// OvmfPkg/OvmfPkg.dec
// OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc
typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER {
UINT8 GuestType;
UINT8 Reserved1[3];
} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER;
//
// Internal structure for holding SEV-ES information needed during SEC phase
// and valid only during SEC phase and early PEI during platform
// initialization.
//
// This structure is also used by assembler files:
// OvmfPkg/ResetVector/ResetVector.nasmb
// OvmfPkg/ResetVector/Ia32/PageTables64.asm
// OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
// any changes must stay in sync with its usage.
//
typedef struct _SEC_SEV_ES_WORK_AREA {
//
// Hold the SevStatus MSR value read by OvmfPkg/ResetVector/Ia32/AmdSev.c
//
UINT64 SevStatusMsrValue;
UINT64 RandomData;
UINT64 EncryptionMask;
//
// Indicator that the VC handler is called. It is used during the SevFeature
// detection in OvmfPkg/ResetVector/Ia32/AmdSev.c
//
UINT8 ReceivedVc;
UINT8 Reserved[7];
// Used by SEC to generate Page State Change requests. This should be
// sized less than an equal to the GHCB shared buffer area to allow a
// single call to the hypervisor.
//
UINT8 WorkBuffer[1024];
} SEC_SEV_ES_WORK_AREA;
//
// The SEV work area definition.
//
typedef struct _SEV_WORK_AREA {
CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header;
SEC_SEV_ES_WORK_AREA SevEsWorkArea;
} SEV_WORK_AREA;
//
// Start of TDX Specific WorkArea definition
//
#define TDX_MEASUREMENT_TDHOB_BITMASK 0x1
#define TDX_MEASUREMENT_CFVIMG_BITMASK 0x2
typedef struct _TDX_MEASUREMENTS_DATA {
UINT32 MeasurementsBitmap;
UINT8 TdHobHashValue[SHA384_DIGEST_SIZE];
UINT8 CfvImgHashValue[SHA384_DIGEST_SIZE];
} TDX_MEASUREMENTS_DATA;
//
// The TDX work area definition
//
typedef struct _SEC_TDX_WORK_AREA {
UINT32 PageTableReady;
UINT32 Gpaw;
UINT64 HobList;
TDX_MEASUREMENTS_DATA TdxMeasurementsData;
} SEC_TDX_WORK_AREA;
typedef struct _TDX_WORK_AREA {
CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header;
SEC_TDX_WORK_AREA SecTdxWorkArea;
} TDX_WORK_AREA;
//
// End of TDX Specific WorkArea definition
//
typedef union {
CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header;
SEV_WORK_AREA SevWorkArea;
TDX_WORK_AREA TdxWorkArea;
} OVMF_WORK_AREA;
#endif
Reference in New Issue View Git Blame Copy Permalink