From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) by mx.groups.io with SMTP id smtpd.web10.957.1664579197810957142 for ; Fri, 30 Sep 2022 16:06:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@google.com header.s=20210112 header.b=FGVUxMoc; spf=pass (domain: flex--dionnaglaze.bounces.google.com, ip: 209.85.216.73, mailfrom: 3fxy3ywskbwgjouttgmrgfkmuumrk.iusjkbkrkjqi.mxuavy.ou@flex--dionnaglaze.bounces.google.com) Received: by mail-pj1-f73.google.com with SMTP id il18-20020a17090b165200b002038e81ee7dso6482736pjb.4 for ; Fri, 30 Sep 2022 16:06:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=UapCn/1K5+XZLi5SnQBAg5tao5iHGfE6bplkqJAVAc4=; b=FGVUxMoczSy6MZES5T09fZAeiL5GSP3Kz4KAxaXE2cYS6XNH8Du8DxxVcycVRCtiHA 0En7ypWF3Mzh7Jw/uyYa261HupWsmfAjBgXaAxr597wqSFCCoggoQhvcVlLtXMiRrzH2 n1hg8Nxc/ge8F3mpoFIJwaD2floRC2utCfM+haPRS2dspQi2f0OnE8ECkriq48sEt6bd 2s23/JIVqmHwm+/+BTYUmGkP3N/mg6y8fdGC2RWMoYWQ86GouNiHFZVobhXraiY9fEIg y5xaNyxcxK4k+WBRwknjJYBGoLlmN+JjD9Yu24IvwssqLErRxZzW8v0r3wB1WgdAcdmE mdjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=UapCn/1K5+XZLi5SnQBAg5tao5iHGfE6bplkqJAVAc4=; b=Re8g/8V+Fc/GuFK2UhRoU8CTER02PiREBXOdtHksaQd/cFsjaZCjrF8uVAQ6rvxWTn 8S6P7JSCrCRiyO/rcjeY597ge0ZlUc4oZBpo3tB2P/l/2zHF2WlqEx5sdm7S1+GRYFOX dLbWCX4X4qruNuFBrWtufHW3pI1RrS6VrXMEbnT3eB7EhTLvHiH4wmhxKKhy7A5lSJmh v+D+1z64Vw4ShK6/kg6XTLADsbiAuOPpA7S78fzms9DiUjnW90nRhgQmhmXuRSq55XoR bi23s5Ond6bJOcnIUqzqzpZQAObXI06EJwgwsUN+l87A5500qDtPvJAJsAc0AvDRhA5+ O8rw== X-Gm-Message-State: ACrzQf3wb8QhFcm+MlaOWM2c79ZLJCFl1rKUN5+IWnbrImfKHKrYYYV4 w2arJbw6uHR8RwtKwFrvKtrkWwkF88QyWqFhyP67JQbG5laEQKelHpC2G3c7xr/QypZPcguH195 sLh2ZqSRbfSLacNzOBMtTy8QAkATn8Hj6XB0qy04kNMzcHmdx4opUN5gDkPUloWvtowET7lTz X-Google-Smtp-Source: AMsMyM4fHG5IaRysPtv4gESB/dvRLhj8ERtoDsV7gumZEviFls7JhwotQg994QolLuHe+BIqohNBuJSC2ztvCI9Ong== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:90b:3e89:b0:202:ab9f:6ee5 with SMTP id rj9-20020a17090b3e8900b00202ab9f6ee5mr633293pjb.112.1664579197194; Fri, 30 Sep 2022 16:06:37 -0700 (PDT) Date: Fri, 30 Sep 2022 23:06:24 +0000 In-Reply-To: <20220930230627.3371754-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220930230627.3371754-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.0.rc1.362.ged0d419d3c-goog Message-ID: <20220930230627.3371754-5-dionnaglaze@google.com> Subject: [PATCH v5 4/7] OvmfPkg: Introduce CocoDxe driver From: "Dionna Glaze" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Content-Type: text/plain; charset="UTF-8" This driver is meant as a join point for all Confidential Compute technologies to put shared behavior that doesn't belong anywhere else. The first behavior added here is to accept all unaccepted memory at ExitBootServices if the protocol is not disabled. This allows safe upgrades for OS loaders to affirm their support for the unaccepted memory type. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/CocoDxe/CocoDxe.c | 149 ++++++++++++++++++++ OvmfPkg/CocoDxe/CocoDxe.inf | 43 ++++++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + OvmfPkg/IntelTdx/IntelTdxX64.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfPkgX64.fdf | 1 + 10 files changed, 200 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 90e8a213ef..ad6b73ca4a 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -747,6 +747,7 @@ PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf } + OvmfPkg/CocoDxe/CocoDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf # diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 4658e1d30e..3717ec9094 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -302,6 +302,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/CocoDxe/CocoDxe.c b/OvmfPkg/CocoDxe/CocoDxe.c new file mode 100644 index 0000000000..dc37c292f4 --- /dev/null +++ b/OvmfPkg/CocoDxe/CocoDxe.c @@ -0,0 +1,149 @@ +/** @file + + Confidential Compute Dxe driver. This driver installs protocols that are + generic over confidential compute techonology. + + Copyright (c) 2022, Google LLC. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +STATIC EFI_HANDLE mCocoDxeHandle = NULL; + +STATIC +EFI_STATUS +AcceptAllUnacceptedMemory ( + IN EFI_MEMORY_ACCEPT_PROTOCOL *AcceptMemory + ) +{ + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + EFI_STATUS Status; + BOOLEAN AcceptedAny; + + DEBUG ((DEBUG_INFO, "Accepting all memory\n")); + AcceptedAny = FALSE; + /* + * Get a copy of the memory space map to iterate over while + * changing the map. + */ + Status = gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap); + if (EFI_ERROR (Status)) { + return Status; + } + for (Index = 0; Index < NumEntries; Index++) { + CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; + + Desc = &AllDescMap[Index]; + if (Desc->GcdMemoryType != EfiGcdMemoryTypeUnaccepted) { + continue; + } + + Status = AcceptMemory->AcceptMemory ( + AcceptMemory, + Desc->BaseAddress, + Desc->Length + ); + if (EFI_ERROR(Status)) { + goto done; + } + + Status = gDS->RemoveMemorySpace(Desc->BaseAddress, Desc->Length); + if (EFI_ERROR(Status)) { + goto done; + } + + Status = gDS->AddMemorySpace ( + EfiGcdMemoryTypeSystemMemory, + Desc->BaseAddress, + Desc->Length, + EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_RP + ); + if (EFI_ERROR(Status)) { + goto done; + } + + AcceptedAny = TRUE; + } + + // If any memory is accepted, cause ExitBootServices to fail with + // EFI_INVALID_PARAMETER in order to force the caller to refresh + // their view of the MemoryMap. + if (AcceptedAny) { + Status = EFI_INVALID_PARAMETER; + } + +done: + gBS->FreePool (AllDescMap); + return Status; +} + +EFI_STATUS +EFIAPI +ResolveUnacceptedMemory ( + IN EDKII_EXIT_BOOT_SERVICES_CALLBACK_PROTOCOL *This + ) +{ + EFI_MEMORY_ACCEPT_PROTOCOL *AcceptMemory; + EFI_STATUS Status; + + if (This->Disabled) { + return EFI_SUCCESS; + } + + Status = gBS->LocateProtocol (&gEfiMemoryAcceptProtocolGuid, NULL, + (VOID **)&AcceptMemory); + if (Status == EFI_NOT_FOUND) { + return EFI_SUCCESS; + } + ASSERT_EFI_ERROR (Status); + + return AcceptAllUnacceptedMemory(AcceptMemory); +} + +STATIC EDKII_EXIT_BOOT_SERVICES_CALLBACK_PROTOCOL mExitBootServicesCallbackProcotol = { + ResolveUnacceptedMemory, + FALSE, +}; + +EFI_STATUS +EFIAPI +CocoDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Do nothing when confidential compute technologies that require memory + // acceptance are not enabled. + // + if (!MemEncryptSevSnpIsEnabled () && + !MemEncryptTdxIsEnabled ()) { + return EFI_UNSUPPORTED; + } + + Status = gBS->InstallProtocolInterface (&mCocoDxeHandle, + &gEdkiiExitBootServicesCallbackProtocolGuid, + EFI_NATIVE_INTERFACE, + &mExitBootServicesCallbackProcotol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install EdkiiExitBootServicesCallbackProtocol failed.\n")); + } + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/CocoDxe/CocoDxe.inf b/OvmfPkg/CocoDxe/CocoDxe.inf new file mode 100644 index 0000000000..3ff2a6fade --- /dev/null +++ b/OvmfPkg/CocoDxe/CocoDxe.inf @@ -0,0 +1,43 @@ +#/** @file +# +# Driver installs shared protocols needed for confidential compute +# technologies. +# +# Copyright (c) 2022, Google LLC. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +#**/ + +[Defines] + INF_VERSION = 1.25 + BASE_NAME = CocoDxe + FILE_GUID = 08162f1e-5147-4d3e-b5a9-fa48c9808419 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = CocoDxeEntryPoint + +[Sources] + CocoDxe.c + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + DxeServicesTableLib + MemEncryptSevLib + MemEncryptTdxLib + MemoryAllocationLib + UefiDriverEntryPoint + +[Depex] + TRUE + +[Protocols] + gEdkiiExitBootServicesCallbackProtocolGuid + gEfiMemoryAcceptProtocolGuid diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index c0c1a15b09..8136d50eb2 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -753,6 +753,7 @@ OvmfPkg/IoMmuDxe/IoMmuDxe.inf OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/CocoDxe/CocoDxe.inf # # Variable driver stack (non-SMM) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index 6923eb8831..e612608c0c 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -269,6 +269,7 @@ INF ShellPkg/Application/Shell/Shell.inf INF MdeModulePkg/Logo/LogoDxe.inf INF OvmfPkg/TdxDxe/TdxDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf # # Usb Support diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index af566b953f..2cfb3fbc6b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -965,6 +965,7 @@ PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf } + OvmfPkg/CocoDxe/CocoDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf !if $(SMM_REQUIRE) == TRUE diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 80de4fa2c0..2ab7f3b95b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -343,6 +343,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf !if $(SMM_REQUIRE) == TRUE diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f39d9cd117..3ead476b61 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1036,6 +1036,7 @@ OvmfPkg/IoMmuDxe/IoMmuDxe.inf OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/CocoDxe/CocoDxe.inf !if $(SMM_REQUIRE) == TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index c0f5a1ef3c..5dd452f42b 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -370,6 +370,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf !if $(SMM_REQUIRE) == TRUE -- 2.38.0.rc1.362.ged0d419d3c-goog