From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Jiewen Yao <jiewen.yao@intel.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Mario Smarduch <mario.smarduch@amd.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Subject: [PATCH v3 2/2] OvmfPkg/ResetVector: Define SNP metadata for kernel hashes
Date: Thu, 2 Mar 2023 09:15:32 +0000 [thread overview]
Message-ID: <20230302091532.1985238-3-dovmurik@linux.ibm.com> (raw)
In-Reply-To: <20230302091532.1985238-1-dovmurik@linux.ibm.com>
In order to allow the VMM (such as QEMU) to add a page with hashes of
kernel/initrd/cmdline for measured direct boot on SNP, add it explicitly
to the SNP metadata list report to the VMM.
In such case, VMM should fill the page with the hashes content, or
explicitly update it as a zero page (if kernel hashes are not used).
Note that for SNP, the launch secret part of the page (lower 3KB) are
not relevant and will remain zero. The last 1KB is used for the hashes.
This should have no effect on OvmfPkgX64 targets (which don't define
PcdSevLaunchSecretBase).
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
OvmfPkg/ResetVector/ResetVector.nasmb | 11 ++++++++++-
OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 +++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 94fbb0a87b37..5832aaa8abf7 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -64,6 +64,15 @@
%define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
%define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase))
%define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize))
+%if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0)
+ ; There's a reserved page for SEV secrets and hashes; the VMM will fill and
+ ; validate the page, or mark it as a zero page.
+ %define SEV_SNP_KERNEL_HASHES_BASE (FixedPcdGet32 (PcdSevLaunchSecretBase))
+ %define SEV_SNP_KERNEL_HASHES_SIZE (FixedPcdGet32 (PcdSevLaunchSecretSize) + FixedPcdGet32 (PcdQemuHashTableSize))
+%else
+ %define SEV_SNP_KERNEL_HASHES_BASE 0
+ %define SEV_SNP_KERNEL_HASHES_SIZE 0
+%endif
%define SNP_SEC_MEM_BASE_DESC_1 (FixedPcdGet32 (PcdOvmfSecPageTablesBase))
%define SNP_SEC_MEM_SIZE_DESC_1 (FixedPcdGet32 (PcdOvmfSecGhcbBase) - SNP_SEC_MEM_BASE_DESC_1)
;
@@ -75,7 +84,7 @@
;
%define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000)
%define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE_DESC_2)
-%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE)
+%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
%define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
%ifdef ARCH_X64
diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
index d03fc6d45175..8aa77d870123 100644
--- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
+++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
@@ -26,6 +26,8 @@ BITS 64
;
%define OVMF_SECTION_TYPE_CPUID 0x3
+; Kernel hashes section for measured direct boot
+%define OVMF_SECTION_TYPE_KERNEL_HASHES 0x10
ALIGN 16
@@ -65,6 +67,15 @@ CpuidSec:
DD CPUID_SIZE
DD OVMF_SECTION_TYPE_CPUID
+%if (SEV_SNP_KERNEL_HASHES_BASE > 0)
+; Kernel hashes for measured direct boot, or zero page if
+; there are no kernel hashes / SEV secrets
+SevSnpKernelHashes:
+ DD SEV_SNP_KERNEL_HASHES_BASE
+ DD SEV_SNP_KERNEL_HASHES_SIZE
+ DD OVMF_SECTION_TYPE_KERNEL_HASHES
+%endif
+
; Region need to be pre-validated by the hypervisor
PreValidate3:
DD SNP_SEC_MEM_BASE_DESC_3
--
2.25.1
next prev parent reply other threads:[~2023-03-02 9:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-02 9:15 [PATCH v3 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP Dov Murik
2023-03-02 9:15 ` [PATCH v3 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf Dov Murik
2023-03-02 9:15 ` Dov Murik [this message]
2023-03-02 16:35 ` [PATCH v3 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP Lendacky, Thomas
2023-03-20 10:06 ` Gerd Hoffmann
2023-11-27 20:03 ` [edk2-devel] " Lendacky, Thomas via groups.io
2023-11-28 11:07 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230302091532.1985238-3-dovmurik@linux.ibm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox