From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.191458.1673941232793135292 for ; Mon, 16 Jan 2023 23:40:33 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Bh6eZk3M; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673941232; x=1705477232; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=gKLg/j9O7+tq5j0gkvAShuDNpeZGvv0eal6s235aMyM=; b=Bh6eZk3M/3UarRoQ09F+MelXun0o8jAEmvt/aH/OE5zHUDeWZaSr6hNN dl0l/F6mmnRz3h6OOMS1KSJDT1gkLXtp+X1n9LradvAy2A53C8uH/kXBw wEIT6+T558EkzU2k4fn1SFhGxDpK6OoCHhD4xicue1NG4fnJSucHhEzZY A3w4EHQRj8y3b/cAnnxfNAc9LxOrrvXtX+wZT/w1Ok5zCqiahCPWg9aZf I1YJ9oPQ5mk37FcW3JF4IemNxZ+z8MJ51ZFDl2eQkV+ZF5Mq2P0ZR2PPA iOkbs6kO879QZLHO5bwok99A5JhrpIWFcrwNfMvQZJziCCdYJ0js5ssUX g==; X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="304320213" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="304320213" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 23:40:31 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="636771933" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="636771933" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.254.211.139]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 23:40:28 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Gerd Hoffmann , Tom Lendacky , Michael Roth Subject: [PATCH V1 0/7] Enable Tdx measurement in OvmfPkgX64 Date: Tue, 17 Jan 2023 15:40:09 +0800 Message-Id: <20230117074016.1056-1-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 Tdx measurement (RTMR based measurement) is enabled in OvmfPkg/IntelTdx. This patch-set enables the feature in OvmfPkgX64 as well. Patch #1: Introduce TDX_MEASUREMETNS_DATA in SEC_TDX_WORK_AREA. That is because the RTMR measurement of TdHob and Configuration FV (CFV) are executed in very early stage of boot process. At that time the memory service is not ready and the measurement values have to be stored in OvmfWorkArea. Patch #2: Introduce TdxHelperLib which provides helper functions for td-guest. Patch #3/4: These 2 patches are the changes for OvmfPkg/IntelTdx because of the introduction of TdxHelperLib. Patch #5/7: These 2 patches are the changes for OvmfPkg/OvmfPkgX64 to enable Tdx measurement. Patch #6: ProcessTdxHobList is moved to TdxHelperLib and is renamed as TdxHelperProcessTdHob(). So the duplicated codes are deleted in this patch. Code: https://github.com/mxu9/edk2/tree/TdxMeasurementInOvmfX64.v1 Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Gerd Hoffmann Cc: Tom Lendacky Cc: Michael Roth Signed-off-by: Min Xu Min M Xu (7): OvmfPkg: Add Tdx measurement data structure in WorkArea OvmfPkg/IntelTdx: Add TdxHelperLib OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurements OvmfPkg/IntelTdx: Update tdx measurement in SEC phase OvmfPkg: Enable Tdx measurement in OvmfPkgX64 OvmfPkg/PlatformInitLib: Delete the ProcessTdxHobList() OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +- OvmfPkg/CloudHv/CloudHvX64.dsc | 5 +- OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc | 10 +- .../Include/Dsc/OvmfTpmSecurityStub.dsc.inc | 8 + OvmfPkg/Include/Library/PlatformInitLib.h | 17 - OvmfPkg/Include/Library/TdxHelperLib.h | 70 ++ OvmfPkg/Include/WorkArea.h | 25 +- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 4 +- OvmfPkg/IntelTdx/Sec/SecMain.c | 17 +- OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c | 91 +++ .../IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf | 48 ++ .../TdxHelperLib/SecTdxHelper.c} | 338 ++++---- .../IntelTdx/TdxHelperLib/SecTdxHelperLib.inf | 53 ++ .../TdxHelperLib/TdxHelperLibNull.inf | 32 + OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c | 79 ++ .../IntelTdx/TdxHelperLib/TdxMeasurementHob.c | 266 ++++++ OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 196 ----- .../PeilessStartupLib/PeilessStartup.c | 16 +- .../PeilessStartupInternal.h | 36 - .../PeilessStartupLib/PeilessStartupLib.inf | 3 - OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 768 ------------------ .../Library/PlatformInitLib/IntelTdxNull.c | 20 - .../PlatformInitLib/PlatformInitLib.inf | 1 - OvmfPkg/Microvm/MicrovmX64.dsc | 5 +- OvmfPkg/OvmfPkg.dec | 4 + OvmfPkg/OvmfPkgX64.dsc | 20 +- OvmfPkg/OvmfPkgX64.fdf | 7 + OvmfPkg/PlatformPei/IntelTdx.c | 3 + OvmfPkg/Sec/SecMain.c | 17 +- 29 files changed, 944 insertions(+), 1220 deletions(-) create mode 100644 OvmfPkg/Include/Library/TdxHelperLib.h create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf copy OvmfPkg/{Library/PlatformInitLib/IntelTdx.c => IntelTdx/TdxHelperLib/SecTdxHelper.c} (79%) create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperLibNull.inf create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c delete mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c -- 2.29.2.windows.2