From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>
Subject: [PATCH V5 10/13] OvmfPkg/IntelTdx: Add PeiTdxHelperLib
Date: Sat, 28 Jan 2023 21:58:39 +0800 [thread overview]
Message-ID: <20230128135842.980-11-min.m.xu@intel.com> (raw)
In-Reply-To: <20230128135842.980-1-min.m.xu@intel.com>
From: Min M Xu <min.m.xu@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
TdxHelperLib provides below helper functions for a td-guest.
- TdxHelperProcessTdHob
- TdxHelperMeasureTdHob
- TdxHelperMeasureCfvImage
- TdxHelperBuildGuidHobForTdxMeasurement
PeiTdxHelperLib is the PEI instance of TdxHelperLib. It implements 1
function for tdx in PEI phase. Other functions are not supported in
PEI phase.
- TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for tdx
measurement in PEI phase.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c | 91 +++++++++++++++++++
.../IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf | 48 ++++++++++
2 files changed, 139 insertions(+)
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c
new file mode 100644
index 000000000000..91ab53ed14ad
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c
@@ -0,0 +1,91 @@
+/** @file
+ TdxHelper Functions which are used in PEI phase
+
+ Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <PiPei.h>
+
+/**
+ Build the GuidHob for tdx measurements which were done in SEC phase.
+ The measurement values are stored in WorkArea.
+
+ @retval EFI_SUCCESS The GuidHob is built successfully
+ @retval Others Other errors as indicated
+**/
+EFI_STATUS
+InternalBuildGuidHobForTdxMeasurement (
+ VOID
+ );
+
+/**
+ In Tdx guest, some information need to be passed from host VMM to guest
+ firmware. For example, the memory resource, etc. These information are
+ prepared by host VMM and put in TdHob which is described in TdxMetadata.
+ TDVF processes the TdHob to accept memories.
+
+ @retval EFI_SUCCESS Successfully process the TdHob
+ @retval Others Other error as indicated
+**/
+EFI_STATUS
+EFIAPI
+TdxHelperProcessTdHob (
+ VOID
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
+ the information of the memory resource. From the security perspective before
+ it is consumed, it should be measured and extended.
+ *
+ * @retval EFI_SUCCESS Successfully measure the TdHob
+ * @retval Others Other error as indicated
+ */
+EFI_STATUS
+EFIAPI
+TdxHelperMeasureTdHob (
+ VOID
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ * In Tdx guest, Configuration FV (CFV) is treated as external input because it
+ * may contain the data provided by VMM. From the sucurity perspective Cfv image
+ * should be measured before it is consumed.
+ *
+ * @retval EFI_SUCCESS Successfully measure the CFV image
+ * @retval Others Other error as indicated
+ */
+EFI_STATUS
+EFIAPI
+TdxHelperMeasureCfvImage (
+ VOID
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Build the GuidHob for tdx measurements which were done in SEC phase.
+ The measurement values are stored in WorkArea.
+
+ @retval EFI_SUCCESS The GuidHob is built successfully
+ @retval Others Other errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+TdxHelperBuildGuidHobForTdxMeasurement (
+ VOID
+ )
+{
+ return InternalBuildGuidHobForTdxMeasurement ();
+}
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
new file mode 100644
index 000000000000..ad3b6c1da62b
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
@@ -0,0 +1,48 @@
+## @file
+# TdxHelperLib PEI instance
+#
+# This module provides Tdx helper functions in PEI phase.
+# Copyright (c) 2021 - 2023, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = PeiTdxHelperLib
+ FILE_GUID = 4d22289d-3bde-4501-a737-7719f3215065
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxHelperLib|PEIM
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = X64
+#
+
+[Sources]
+ PeiTdxHelper.c
+ TdxMeasurementHob.c
+
+[Packages]
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ HobLib
+ PcdLib
+
+[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
+
+[Guids]
+ gCcEventEntryHobGuid
--
2.29.2.windows.2
next prev parent reply other threads:[~2023-01-28 13:59 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-28 13:58 [PATCH V5 00/13] Enable Tdx measurement in OvmfPkgX64 Min Xu
2023-01-28 13:58 ` [PATCH V5 01/13] OvmfPkg: Add Tdx measurement data structure in WorkArea Min Xu
2023-01-28 13:58 ` [PATCH V5 02/13] OvmfPkg/IntelTdx: Add TdxHelperLibNull Min Xu
2023-01-28 13:58 ` [PATCH V5 03/13] OvmfPkg/IntelTdx: Add SecTdxHelperLib Min Xu
2023-02-02 12:54 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 04/13] OvmfPkg/PeilessStartupLib: Update the define of FV_HANDOFF_TABLE_POINTERS2 Min Xu
2023-02-02 12:56 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 05/13] OvmfPkg: Refactor MeasureHobList Min Xu
2023-02-02 13:09 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 06/13] OvmfPkg: Refactor MeaureFvImage Min Xu
2023-02-02 13:09 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 07/13] OvmfPkg: Refactor ProcessHobList Min Xu
2023-02-02 13:09 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 08/13] OvmfPkg/IntelTdx: Measure TdHob and Configuration FV in SecMain Min Xu
2023-01-28 13:58 ` [PATCH V5 09/13] OvmfPkg/PeilessStartupLib: Delete the duplicated tdx measurement Min Xu
2023-02-02 13:10 ` Gerd Hoffmann
2023-02-02 23:27 ` Min Xu
2023-01-28 13:58 ` Min Xu [this message]
2023-01-28 13:58 ` [PATCH V5 11/13] OvmfPkg/OvmfPkgX64: Measure TdHob and Configuration FV in SecMain Min Xu
2023-02-02 13:15 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 12/13] OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement Min Xu
2023-02-02 13:15 ` Gerd Hoffmann
2023-01-28 13:58 ` [PATCH V5 13/13] OvmfPkg: Support Tdx measurement in OvmfPkgX64 Min Xu
2023-02-02 13:15 ` Gerd Hoffmann
2023-02-03 2:25 ` [PATCH V5 00/13] Enable " Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230128135842.980-11-min.m.xu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox