From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH 08/10] OvmfPkg: Update Sec to support Tdvf Config-B
Date: Tue, 14 Dec 2021 21:41:24 +0800 [thread overview]
Message-ID: <20211214134126.869-9-min.m.xu@intel.com> (raw)
In-Reply-To: <20211214134126.869-1-min.m.xu@intel.com>
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
Tdvf Config-B skip PEI phase to reduce attack surface. So instead of
jumping to SecStartupPhase2 (), TdxStartup () is called. This function
brings up Tdx guest from SEC phase to DXE phase.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/Sec/IntelTdx.c | 7 ++++++-
OvmfPkg/Sec/SecMain.c | 17 +++++++++++++++++
OvmfPkg/Sec/SecMain.inf | 2 ++
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Sec/IntelTdx.c b/OvmfPkg/Sec/IntelTdx.c
index d1d952e8d433..f9d44617b211 100644
--- a/OvmfPkg/Sec/IntelTdx.c
+++ b/OvmfPkg/Sec/IntelTdx.c
@@ -12,7 +12,7 @@
#include <Uefi/UefiBaseType.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
-#include <Library/HobLib.h>
+#include <Library/PrePiLib.h>
#include <Library/BaseMemoryLib.h>
#include <IndustryStandard/UefiTcgPlatform.h>
#include <Library/MemoryAllocationLib.h>
@@ -25,6 +25,11 @@
#define ALIGNED_2MB_MASK 0x1fffff
+#define GET_HOB_TYPE(Hob) ((Hob).Header->HobType)
+#define GET_HOB_LENGTH(Hob) ((Hob).Header->HobLength)
+#define GET_NEXT_HOB(Hob) ((Hob).Raw + GET_HOB_LENGTH (Hob))
+#define END_OF_HOB_LIST(Hob) (GET_HOB_TYPE (Hob) == EFI_HOB_TYPE_END_OF_HOB_LIST)
+
/**
Check TDX is enabled.
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index e2f3ede93901..c5dd066941fe 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -33,6 +33,10 @@
#include "IntelTdx.h"
#include "AmdSev.h"
+#ifdef INTEL_TDX_FULL_FEATURE
+ #include <Library/TdxStartupLib.h>
+#endif
+
#define SEC_IDT_ENTRY_COUNT 34
typedef struct _SEC_IDT_TABLE {
@@ -913,6 +917,19 @@ SecCoreStartupWithStack (
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ #ifdef INTEL_TDX_FULL_FEATURE
+ if (SecTdxIsEnabled ()) {
+ TdxStartup (&SecCoreData);
+
+ //
+ // Never arrived here
+ //
+ ASSERT (FALSE);
+ CpuDeadLoop ();
+ }
+
+ #endif
+
//
// Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready.
//
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 230ee5e465b9..05e49ab5ae81 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -38,6 +38,7 @@
MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
OvmfPkg/OvmfPkg.dec
+ EmbeddedPkg/EmbeddedPkg.dec
[LibraryClasses]
BaseLib
@@ -58,6 +59,7 @@
[LibraryClasses.X64]
TdxLib
+ TdxStartupLib
[Ppis]
gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED
--
2.29.2.windows.2
next prev parent reply other threads:[~2021-12-14 13:42 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-14 13:41 [PATCH 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
2021-12-14 13:41 ` [PATCH 01/10] OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B Min Xu
2021-12-15 9:32 ` Gerd Hoffmann
2021-12-14 13:41 ` [PATCH 02/10] EmbeddedPkg/PrePiLib: Update PrePiLib Min Xu
2021-12-14 14:00 ` [edk2-devel] " Ard Biesheuvel
2021-12-16 4:48 ` Min Xu
2021-12-14 13:41 ` [PATCH 03/10] EmbeddedPkg/MemoryAllocationLib: Add null stub for AllocateCopyPool Min Xu
2021-12-14 13:59 ` [edk2-devel] " Ard Biesheuvel
2021-12-16 3:08 ` Min Xu
2021-12-14 13:41 ` [PATCH 04/10] OvmfPkg: Add PrePiHobListPointerLibTdx Min Xu
2021-12-14 13:41 ` [PATCH 05/10] OvmfPkg: Add SecPlatformLibQemuTdx Min Xu
2021-12-15 9:48 ` Gerd Hoffmann
2022-01-07 6:29 ` Min Xu
2021-12-14 13:41 ` [PATCH 06/10] OvmfPkg: Add TdxStartupLib Min Xu
2021-12-15 10:09 ` Gerd Hoffmann
2021-12-16 11:56 ` Min Xu
2022-01-12 1:55 ` Min Xu
2021-12-14 13:41 ` [PATCH 07/10] OvmfPkg: Update TdxDxe to set TDX PCDs Min Xu
2021-12-14 13:41 ` Min Xu [this message]
2021-12-15 10:27 ` [PATCH 08/10] OvmfPkg: Update Sec to support Tdvf Config-B Gerd Hoffmann
2021-12-16 12:21 ` [edk2-devel] " Min Xu
2021-12-16 14:25 ` Gerd Hoffmann
2021-12-19 2:49 ` Min Xu
2021-12-20 12:11 ` Gerd Hoffmann
2021-12-24 3:02 ` Min Xu
2022-01-03 8:02 ` Gerd Hoffmann
2022-01-07 6:13 ` Min Xu
2022-01-10 7:55 ` Gerd Hoffmann
2022-01-11 2:24 ` Min Xu
2022-01-11 9:23 ` Gerd Hoffmann
2022-01-14 2:17 ` Min Xu
2022-01-14 8:32 ` Gerd Hoffmann
2022-01-16 0:55 ` Min Xu
2021-12-14 13:41 ` [PATCH 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob Min Xu
2021-12-14 13:41 ` [PATCH 10/10] OvmfPkg: Add Tdx libs to prevent building broken Min Xu
2021-12-15 10:41 ` [PATCH 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Gerd Hoffmann
2021-12-16 12:36 ` Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211214134126.869-9-min.m.xu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox