From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>, Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>
Subject: [PATCH V4 00/12] Enable Tdx measurement in OvmfPkgX64
Date: Fri, 27 Jan 2023 08:10:54 +0800 [thread overview]
Message-ID: <20230127001106.2038-1-min.m.xu@intel.com> (raw)
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
Tdx measurement (RTMR based measurement) is enabled in OvmfPkg/IntelTdx.
This patch-set enables the feature in OvmfPkgX64 as well.
Patch #1:
Introduce TDX_MEASUREMETNS_DATA in SEC_TDX_WORK_AREA. That is because
the RTMR measurement of TdHob and Configuration FV (CFV) are executed
in very early stage of boot process. At that time the memory service is
not ready and the measurement values have to be stored in OvmfWorkArea.
Patch #2:
Introduce TdxHelperLibNull which is the NULL instance of TdxHelperLib.
Patch #3:
Introduce SecTdxHelperLib which is the instance of TdxHelperLib for SEC
Phase. In this patch TdxHelperBuildGuidHobForTdxMeasurement and
TdxHelperProcessTdHob are not implemented. Their implementation are in
patch #9 and patch #5. This is for the patch to be reviewed more
friendly.
Patch #4:
SecMain.c in IntelTdx is updated with the new functions provided
by TdxHelperLib.
Patch #5-8:
To make the code reviewable, the implementation of
TdxHelperBuildGuidHobForTdxMeasurement is split into 4 patches (5-8).
Patch #10:
This patch introduce PeiTdxHelperLib which is for PEI phase.
Patch #9/11:
These 2 patches are the changes for OvmfPkg/OvmfPkgX64 to enable Tdx
measurement.
Patch #12:
This patch implements TdxHelperProcessTdHob which is moved from
PlatformInitLib/IntelTdx.c. Its counterpart in PlatformInitLib is
ProcessTdxHobList and the duplicated codes are deleted in this patch.
Code: https://github.com/mxu9/edk2/tree/TdxMeasurementInOvmfX64.v4
v4 changes:
- To make the code reviewable, the implementation of
TdxHelperBuildGuidHobForTdxMeasurement is split into 4 patches (5-8).
- Call Sha384HashAll instead of the 3 Sha384XXX functions so that we
need to allocate memory in SEC phase.
v3 changes:
- Use the definition of PLATFORM_FIRMWARE_BLOB2_STRUCT in
Library/TcgEventLogRecordLib.h.
- Rename TDX_ENABLE as TDX_MEASUREMENT_ENABLE because this flag is
introduced for Tdx-measurement.
- Split the patch of SecTdxHelperLib into 2 separate patches (#3/#9).
Patch#3 implements TdxHelperMeasureTdHob and TdxHelperMeasureCfvImage.
Patch#9 implements TdxHelperProcessTdHob. This is to make the patches
more reviewable. The duplicated codes of TdxHelperProcessTdHob are
deleted in Patch#9 as well.
- The implementation of TdxHelperBuildGuidHobForTdxMeasurement and update
of PeilessStartupLib are in one patch (#5). Because the implmentation
of TdxHelperBuildGuidHobForTdxMeasurement was once in PeilessStartupLib.
v2 changes:
- Split the patch of TdxHelperLib into 4 separate patches. So that it is
more reviewable.
- Add commit message in Patch#1 to emphasize that the tdx-measurement in
OvmfPkgX64 is supported in SEC phase.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Min M Xu (12):
OvmfPkg: Add Tdx measurement data structure in WorkArea
OvmfPkg/IntelTdx: Add TdxHelperLibNull
OvmfPkg/IntelTdx: Add SecTdxHelperLib
OvmfPkg/IntelTdx: Update tdx measurement in SEC phase
OvmfPkg/PeilessStartupLib: Update the define of
FV_HANDOFF_TABLE_POINTERS2
OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurement
OvmfPkg/PeilessStartupLib: Call TdxHelperBuildGuidHobForTdxMeasurement
OvmfPkg/TdxHelperLib: Implement TdxHelperBuildGuidHobForTdxMeasurement
OvmfPkg: Enable Tdx measurement in OvmfPkgX64
OvmfPkg/IntelTdx: Add PeiTdxHelperLib
OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement
OvmfPkg/TdxHelperLib: Implement TdxHelperProcessTdHob
OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +-
OvmfPkg/CloudHv/CloudHvX64.dsc | 5 +-
OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc | 10 +-
.../Include/Dsc/OvmfTpmSecurityStub.dsc.inc | 8 +
OvmfPkg/Include/Library/PlatformInitLib.h | 17 -
OvmfPkg/Include/Library/TdxHelperLib.h | 70 ++
OvmfPkg/Include/WorkArea.h | 25 +-
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 4 +-
OvmfPkg/IntelTdx/Sec/SecMain.c | 17 +-
OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c | 91 +++
.../IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf | 48 ++
.../TdxHelperLib/SecTdxHelper.c} | 303 +++----
.../IntelTdx/TdxHelperLib/SecTdxHelperLib.inf | 53 ++
.../TdxHelperLib/TdxHelperLibNull.inf | 32 +
OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c | 79 ++
.../IntelTdx/TdxHelperLib/TdxMeasurementHob.c | 259 ++++++
OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 196 -----
.../PeilessStartupLib/PeilessStartup.c | 16 +-
.../PeilessStartupInternal.h | 36 -
.../PeilessStartupLib/PeilessStartupLib.inf | 6 -
OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 768 ------------------
.../Library/PlatformInitLib/IntelTdxNull.c | 20 -
.../PlatformInitLib/PlatformInitLib.inf | 1 -
OvmfPkg/Microvm/MicrovmX64.dsc | 5 +-
OvmfPkg/OvmfPkg.dec | 4 +
OvmfPkg/OvmfPkgX64.dsc | 20 +-
OvmfPkg/OvmfPkgX64.fdf | 7 +
OvmfPkg/PlatformPei/IntelTdx.c | 3 +
OvmfPkg/Sec/SecMain.c | 17 +-
29 files changed, 915 insertions(+), 1210 deletions(-)
create mode 100644 OvmfPkg/Include/Library/TdxHelperLib.h
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
copy OvmfPkg/{Library/PlatformInitLib/IntelTdx.c => IntelTdx/TdxHelperLib/SecTdxHelper.c} (80%)
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperLibNull.inf
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c
delete mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
--
2.29.2.windows.2
next reply other threads:[~2023-01-27 0:11 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-27 0:10 Min Xu [this message]
2023-01-27 0:10 ` [PATCH V4 01/12] OvmfPkg: Add Tdx measurement data structure in WorkArea Min Xu
2023-01-27 0:10 ` [PATCH V4 02/12] OvmfPkg/IntelTdx: Add TdxHelperLibNull Min Xu
2023-01-27 0:10 ` [PATCH V4 03/12] OvmfPkg/IntelTdx: Add SecTdxHelperLib Min Xu
2023-01-27 0:10 ` [PATCH V4 04/12] OvmfPkg/IntelTdx: Update tdx measurement in SEC phase Min Xu
2023-01-27 0:10 ` [PATCH V4 05/12] OvmfPkg/PeilessStartupLib: Update the define of FV_HANDOFF_TABLE_POINTERS2 Min Xu
2023-01-27 0:11 ` [PATCH V4 06/12] OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurement Min Xu
2023-01-27 7:54 ` Gerd Hoffmann
2023-01-27 11:30 ` Min Xu
2023-01-27 11:49 ` Gerd Hoffmann
2023-01-28 11:55 ` Min Xu
2023-01-27 0:11 ` [PATCH V4 07/12] OvmfPkg/PeilessStartupLib: Call TdxHelperBuildGuidHobForTdxMeasurement Min Xu
2023-01-27 0:11 ` [PATCH V4 08/12] OvmfPkg/TdxHelperLib: Implement TdxHelperBuildGuidHobForTdxMeasurement Min Xu
2023-01-27 0:11 ` [PATCH V4 09/12] OvmfPkg: Enable Tdx measurement in OvmfPkgX64 Min Xu
2023-01-27 0:11 ` [PATCH V4 10/12] OvmfPkg/IntelTdx: Add PeiTdxHelperLib Min Xu
2023-01-27 0:11 ` [PATCH V4 11/12] OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement Min Xu
2023-01-27 0:11 ` [PATCH V4 12/12] OvmfPkg/TdxHelperLib: Implement TdxHelperProcessTdHob Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230127001106.2038-1-min.m.xu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox