From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web11.36048.1674613475961755380
 for <devel@edk2.groups.io>;
 Tue, 24 Jan 2023 18:24:36 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=lOGmYcOx;
 spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674613475; x=1706149475;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=MdB30Sox+SsYnnyw1Nmb7IorVjtzteq37ekiCtln+6U=;
  b=lOGmYcOxqUwSpMSW0R1neYhEayWm6vDIf34wosLQWyCrSz/Lh4Eph5ab
   Xrf9KMmHV4VsRUNloKwkJieExNSK61HFAq0hDaerGBOXjevcR2RXOYM7/
   6js1ohM4fRl7lFfzhtYHPC0WUVn+UpyMbwMkakh5922NtVv/P62TdHVGw
   sy4lK+GzV5nQ/58eFXVa32JkLh5YN4/aRpd330QaP3Xg00beJWeGOrSW4
   UeNzl/RThW3LxnDSqIZfXXM2Nhr1DVTn67FTmOeftEZ4Uz3gVTHrjIZBe
   wSXvvjOz5ZWiBsZEtlj1OskgdG/EwA5wcTUtHpatcB6WnepvPQa6SWuz0
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10600"; a="306128763"
X-IronPort-AV: E=Sophos;i="5.97,244,1669104000"; 
   d="scan'208";a="306128763"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2023 18:24:35 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10600"; a="804844176"
X-IronPort-AV: E=Sophos;i="5.97,244,1669104000"; 
   d="scan'208";a="804844176"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.254.209.204])
  by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2023 18:24:33 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [PATCH V3 0/9] Enable Tdx measurement in OvmfPkgX64
Date: Wed, 25 Jan 2023 10:23:50 +0800
Message-Id: <20230125022359.1645-1-min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243

Tdx measurement (RTMR based measurement) is enabled in OvmfPkg/IntelTdx.
This patch-set enables the feature in OvmfPkgX64 as well.

Patch #1:
  Introduce TDX_MEASUREMETNS_DATA in SEC_TDX_WORK_AREA. That is because
  the RTMR measurement of TdHob and Configuration FV (CFV) are executed
  in very early stage of boot process. At that time the memory service is
  not ready and the measurement values have to be stored in OvmfWorkArea.

Patch #2:
  Introduce TdxHelperLibNull which is the NULL instance of TdxHelperLib.

Patch #3:
  Introduce SecTdxHelperLib which is the instance of TdxHelperLib for SEC
  Phase. In this patch TdxHelperBuildGuidHobForTdxMeasurement and
  TdxHelperProcessTdHob are not implemented. Their implementation are in
  patch #9 and patch #5. This is for the patch to be reviewed more
  friendly.

Patch #4:
  SecMain.c in IntelTdx is updated with the new functions provided
  by TdxHelperLib.

Patch #5:
  Implement TdxHelperBuildGuidHobForTdxMeasurement and update
  PeilessStartupLib accordingly.

Patch #7:
  This patch introduce PeiTdxHelperLib which is for PEI phase.

Patch #6/8:
  These 2 patches are the changes for OvmfPkg/OvmfPkgX64 to enable Tdx
  measurement.

Patch #9:
  This patch implements TdxHelperProcessTdHob which is moved from
  PlatformInitLib/IntelTdx.c. Its counterpart in PlatformInitLib is
  ProcessTdxHobList and the duplicated codes are deleted in this patch.

Code: https://github.com/mxu9/edk2/tree/TdxMeasurementInOvmfX64.v3

v3 changes:
 - Use the definition of PLATFORM_FIRMWARE_BLOB2_STRUCT in
   Library/TcgEventLogRecordLib.h.
 - Rename TDX_ENABLE as TDX_MEASUREMENT_ENABLE because this flag is
   introduced for Tdx-measurement.
 - Split the patch of SecTdxHelperLib into 2 separate patches (#3/#9).
   Patch#3 implements TdxHelperMeasureTdHob and TdxHelperMeasureCfvImage.
   Patch#9 implements TdxHelperProcessTdHob. This is to make the patches
   more reviewable. The duplicated codes of TdxHelperProcessTdHob are
   deleted in Patch#9 as well.
 - The implementation of TdxHelperBuildGuidHobForTdxMeasurement and update
   of PeilessStartupLib are in one patch (#5). Because the implmentation
   of TdxHelperBuildGuidHobForTdxMeasurement was once in PeilessStartupLib.

v2 changes:
 - Split the patch of TdxHelperLib into 4 separate patches. So that it is
   more reviewable.
 - Add commit message in Patch#1 to emphasize that the tdx-measurement in
   OvmfPkgX64 is supported in SEC phase.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min M Xu (9):
  OvmfPkg: Add Tdx measurement data structure in WorkArea
  OvmfPkg/IntelTdx: Add TdxHelperLibNull
  OvmfPkg/IntelTdx: Add SecTdxHelperLib
  OvmfPkg/IntelTdx: Update tdx measurement in SEC phase
  OvmfPkg/TdxHelperLib: Implement TdxHelperBuildGuidHobForTdxMeasurement
  OvmfPkg: Enable Tdx measurement in OvmfPkgX64
  OvmfPkg/IntelTdx: Add PeiTdxHelperLib
  OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement
  OvmfPkg/TdxHelperLib: Implement TdxHelperProcessTdHob

 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   5 +-
 OvmfPkg/CloudHv/CloudHvX64.dsc                |   5 +-
 OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc       |  10 +-
 .../Include/Dsc/OvmfTpmSecurityStub.dsc.inc   |   8 +
 OvmfPkg/Include/Library/PlatformInitLib.h     |  17 -
 OvmfPkg/Include/Library/TdxHelperLib.h        |  70 ++
 OvmfPkg/Include/WorkArea.h                    |  25 +-
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |   4 +-
 OvmfPkg/IntelTdx/Sec/SecMain.c                |  17 +-
 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c  |  91 +++
 .../IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf |  48 ++
 .../TdxHelperLib/SecTdxHelper.c}              | 312 +++----
 .../IntelTdx/TdxHelperLib/SecTdxHelperLib.inf |  53 ++
 .../TdxHelperLib/TdxHelperLibNull.inf         |  32 +
 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c |  79 ++
 .../IntelTdx/TdxHelperLib/TdxMeasurementHob.c | 262 ++++++
 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c  | 196 -----
 .../PeilessStartupLib/PeilessStartup.c        |  16 +-
 .../PeilessStartupInternal.h                  |  36 -
 .../PeilessStartupLib/PeilessStartupLib.inf   |   3 -
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c    | 768 ------------------
 .../Library/PlatformInitLib/IntelTdxNull.c    |  20 -
 .../PlatformInitLib/PlatformInitLib.inf       |   1 -
 OvmfPkg/Microvm/MicrovmX64.dsc                |   5 +-
 OvmfPkg/OvmfPkg.dec                           |   4 +
 OvmfPkg/OvmfPkgX64.dsc                        |  20 +-
 OvmfPkg/OvmfPkgX64.fdf                        |   7 +
 OvmfPkg/PlatformPei/IntelTdx.c                |   3 +
 OvmfPkg/Sec/SecMain.c                         |  17 +-
 29 files changed, 927 insertions(+), 1207 deletions(-)
 create mode 100644 OvmfPkg/Include/Library/TdxHelperLib.h
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
 copy OvmfPkg/{Library/PlatformInitLib/IntelTdx.c => IntelTdx/TdxHelperLib/SecTdxHelper.c} (79%)
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperLibNull.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c
 delete mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c

-- 
2.29.2.windows.2