* [PATCH V3 0/3] Add TdxLib support for Intel TDX
@ 2021-03-09 6:12 Min Xu
2021-03-09 6:12 ` [PATCH V3 1/3] MdePkg: Add Tdx support lib Min Xu
` (3 more replies)
0 siblings, 4 replies; 14+ messages in thread
From: Min Xu @ 2021-03-09 6:12 UTC (permalink / raw)
To: devel
Cc: Min Xu, Liming Gao, Zhiguang Liu, Jordan Justen, Laszlo Ersek,
Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
The patch series provides lib support for Intel Trust Domain Extensions
(Intel TDX).
Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.
The Intel TDX module uses the instruction-set architecture for Intel TDX
and the MKTME engine in the SOC to help serve as an intermediary between
the host VMM and the guest TD. TDCALL is the instruction which allows TD
guest privileged software to make a call for service into an underlying
TDX-module.
TdxLib is created with functions to perform the related Tdx operation.
This includes functions for:
- TdCall : to cause a VM exit to the Intel TDX module
- TdVmCall : it is a leaf function 0 for TDCALL
- TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
- TdReport : to retrieve TDREPORT_STRUCT
- TdAcceptPages : to accept pending private pages
- TdExtendRtmr : to extend one of the RTMR registers
The base function in MdePkg will not do anything and will return an error
if a return value is required. It is expected that other packages
(like OvmfPkg) will create a version of the library to fully support a TD
guest.
We create an OVMF version of this library to begin the process of providing
full support of TDX in OVMF.
To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
- PcdUseTdxAcceptPage
Indicate whether TdCall(AcceptPage) is used.
- PcdUseTdxEmulation
Indicate whether TdxEmulation is used.
<https://software.intel.com/content/www/us/en/develop/articles/
intel-trust-domain-extensions.html>, defitions in TdxLib comes from:
[1] Intel TDX(R) Module 1.0 EAS
[2] Intel(R) TDX Guest-Hypervisor Communication Interface
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Min Xu (3):
MdePkg: Add Tdx support lib
OvmfPkg: Add PCDs for TdxLib
OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF
MdePkg/Include/IndustryStandard/Tdx.h | 201 +++++++++++++++++++++
MdePkg/Include/Library/TdxLib.h | 165 ++++++++++++++++++
MdePkg/Include/Protocol/Tdx.h | 29 ++++
MdePkg/Library/TdxLib/TdxLibNull.c | 155 +++++++++++++++++
MdePkg/Library/TdxLib/TdxLibNull.inf | 33 ++++
OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++
OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++
OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++
OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++
OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++
OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++
OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 +++++++++++++++++++++++
OvmfPkg/OvmfPkg.dec | 6 +
13 files changed, 1268 insertions(+)
create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
create mode 100644 MdePkg/Include/Library/TdxLib.h
create mode 100644 MdePkg/Include/Protocol/Tdx.h
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf
create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c
create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c
create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c
create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf
create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
--
2.29.2.windows.2
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH V3 1/3] MdePkg: Add Tdx support lib
2021-03-09 6:12 [PATCH V3 0/3] Add TdxLib support for Intel TDX Min Xu
@ 2021-03-09 6:12 ` Min Xu
2021-03-09 6:25 ` Yao, Jiewen
2021-03-09 6:12 ` [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib Min Xu
` (2 subsequent siblings)
3 siblings, 1 reply; 14+ messages in thread
From: Min Xu @ 2021-03-09 6:12 UTC (permalink / raw)
To: devel; +Cc: Min Xu, Liming Gao, Zhiguang Liu, Jiewen Yao, Doug Reiland
Intel Trust Domain Extension (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total
Memory Encryption (MKTME) with a new kind of virtual machine guest
called a Trust Domain (TD).
TdxLib is created with functions to perform the related Tdx operation.
This includes functions for:
- TdCall : to cause a VM exit to the Intel TDX module
- TdVmCall : it is a leaf function 0 for TDCALL
- TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
- TdReport : to retrieve TDREPORT_STRUCT
- TdAcceptPages : to accept pending private pages
- TdExtendRtmr : to extend one of the RTMR registers
The base function in this dirver will not do anything and will return
an error if a return value is required. It is expected that other
packages (like OvmfPkg) will create a version of the library to fully
support a TD guest.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Doug Reiland <doug.reiland@intel.com>
---
MdePkg/Include/IndustryStandard/Tdx.h | 201 ++++++++++++++++++++++++++
MdePkg/Include/Library/TdxLib.h | 165 +++++++++++++++++++++
MdePkg/Include/Protocol/Tdx.h | 29 ++++
MdePkg/Library/TdxLib/TdxLibNull.c | 155 ++++++++++++++++++++
MdePkg/Library/TdxLib/TdxLibNull.inf | 33 +++++
5 files changed, 583 insertions(+)
create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
create mode 100644 MdePkg/Include/Library/TdxLib.h
create mode 100644 MdePkg/Include/Protocol/Tdx.h
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf
diff --git a/MdePkg/Include/IndustryStandard/Tdx.h b/MdePkg/Include/IndustryStandard/Tdx.h
new file mode 100644
index 000000000000..dbcc31c26528
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/Tdx.h
@@ -0,0 +1,201 @@
+/** @file
+ Intel Trust Domain Extension definitions
+
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TDX_H_
+#define _TDX_H_
+
+#define EXIT_REASON_EXTERNAL_INTERRUPT 1
+#define EXIT_REASON_TRIPLE_FAULT 2
+
+#define EXIT_REASON_PENDING_INTERRUPT 7
+#define EXIT_REASON_NMI_WINDOW 8
+#define EXIT_REASON_TASK_SWITCH 9
+#define EXIT_REASON_CPUID 10
+#define EXIT_REASON_HLT 12
+#define EXIT_REASON_INVD 13
+#define EXIT_REASON_INVLPG 14
+#define EXIT_REASON_RDPMC 15
+#define EXIT_REASON_RDTSC 16
+#define EXIT_REASON_VMCALL 18
+#define EXIT_REASON_VMCLEAR 19
+#define EXIT_REASON_VMLAUNCH 20
+#define EXIT_REASON_VMPTRLD 21
+#define EXIT_REASON_VMPTRST 22
+#define EXIT_REASON_VMREAD 23
+#define EXIT_REASON_VMRESUME 24
+#define EXIT_REASON_VMWRITE 25
+#define EXIT_REASON_VMOFF 26
+#define EXIT_REASON_VMON 27
+#define EXIT_REASON_CR_ACCESS 28
+#define EXIT_REASON_DR_ACCESS 29
+#define EXIT_REASON_IO_INSTRUCTION 30
+#define EXIT_REASON_MSR_READ 31
+#define EXIT_REASON_MSR_WRITE 32
+#define EXIT_REASON_INVALID_STATE 33
+#define EXIT_REASON_MSR_LOAD_FAIL 34
+#define EXIT_REASON_MWAIT_INSTRUCTION 36
+#define EXIT_REASON_MONITOR_TRAP_FLAG 37
+#define EXIT_REASON_MONITOR_INSTRUCTION 39
+#define EXIT_REASON_PAUSE_INSTRUCTION 40
+#define EXIT_REASON_MCE_DURING_VMENTRY 41
+#define EXIT_REASON_TPR_BELOW_THRESHOLD 43
+#define EXIT_REASON_APIC_ACCESS 44
+#define EXIT_REASON_EOI_INDUCED 45
+#define EXIT_REASON_GDTR_IDTR 46
+#define EXIT_REASON_LDTR_TR 47
+#define EXIT_REASON_EPT_VIOLATION 48
+#define EXIT_REASON_EPT_MISCONFIG 49
+#define EXIT_REASON_INVEPT 50
+#define EXIT_REASON_RDTSCP 51
+#define EXIT_REASON_PREEMPTION_TIMER 52
+#define EXIT_REASON_INVVPID 53
+#define EXIT_REASON_WBINVD 54
+#define EXIT_REASON_XSETBV 55
+#define EXIT_REASON_APIC_WRITE 56
+#define EXIT_REASON_RDRAND 57
+#define EXIT_REASON_INVPCID 58
+#define EXIT_REASON_VMFUNC 59
+#define EXIT_REASON_ENCLS 60
+#define EXIT_REASON_RDSEED 61
+#define EXIT_REASON_PML_FULL 62
+#define EXIT_REASON_XSAVES 63
+#define EXIT_REASON_XRSTORS 64
+
+// TDCALL API Function Completion Status Codes
+#define TDX_EXIT_REASON_SUCCESS 0x0000000000000000
+#define TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED 0x00000B0A00000000
+#define TDX_EXIT_REASON_OPERAND_INVALID 0xC000010000000000
+#define TDX_EXIT_REASON_OPERAND_BUSY 0x8000020000000000
+
+#define TDCALL_TDVMCALL 0
+#define TDCALL_TDINFO 1
+#define TDCALL_TDEXTENDRTMR 2
+#define TDCALL_TDGETVEINFO 3
+#define TDCALL_TDREPORT 4
+#define TDCALL_TDSETCPUIDVE 5
+#define TDCALL_TDACCEPTPAGE 6
+
+#define TDVMCALL_CPUID 0x0000a
+#define TDVMCALL_HALT 0x0000c
+#define TDVMCALL_IO 0x0001e
+#define TDVMCALL_RDMSR 0x0001f
+#define TDVMCALL_WRMSR 0x00020
+#define TDVMCALL_MMIO 0x00030
+#define TDVMCALL_PCONFIG 0x00041
+
+#define TDVMCALL_GET_TDVMCALL_INFO 0x10000
+#define TDVMCALL_MAPGPA 0x10001
+#define TDVMCALL_GET_QUOTE 0x10002
+#define TDVMCALL_REPORT_FATAL_ERR 0x10003
+#define TDVMCALL_SETUP_EVENT_NOTIFY 0x10004
+
+#pragma pack(1)
+typedef struct {
+ UINT64 Data[6];
+} TDCALL_GENERIC_RETURN_DATA;
+
+typedef struct {
+ UINT64 Gpaw;
+ UINT64 Attributes;
+ UINT32 MaxVcpus;
+ UINT32 NumVcpus;
+ UINT64 Resv[3];
+} TDCALL_INFO_RETURN_DATA;
+
+typedef union {
+ UINT64 Val;
+ struct {
+ UINT32 Size:3;
+ UINT32 Direction:1;
+ UINT32 String:1;
+ UINT32 Rep:1;
+ UINT32 Encoding:1;
+ UINT32 Resv:9;
+ UINT32 Port:16;
+ UINT32 Resv2;
+ } Io;
+} VMX_EXIT_QUALIFICATION;
+
+typedef struct {
+ UINT32 ExitReason;
+ UINT32 Resv;
+ VMX_EXIT_QUALIFICATION ExitQualification;
+ UINT64 GuestLA;
+ UINT64 GuestPA;
+ UINT32 ExitInstructionLength;
+ UINT32 ExitInstructionInfo;
+ UINT32 Resv1;
+} TDCALL_VEINFO_RETURN_DATA;
+
+typedef union {
+ TDCALL_GENERIC_RETURN_DATA Generic;
+ TDCALL_INFO_RETURN_DATA TdInfo;
+ TDCALL_VEINFO_RETURN_DATA VeInfo;
+} TD_RETURN_DATA;
+
+/* data structure used in TDREPORT_STRUCT */
+typedef struct{
+ UINT8 Type;
+ UINT8 Subtype;
+ UINT8 Version;
+ UINT8 Rsvd;
+}TD_REPORT_TYPE;
+
+typedef struct{
+ TD_REPORT_TYPE ReportType;
+ UINT8 Rsvd1[12];
+ UINT8 CpuSvn[16];
+ UINT8 TeeTcbInfoHash[48];
+ UINT8 TeeInfoHash[48];
+ UINT8 ReportData[64];
+ UINT8 Rsvd2[32];
+ UINT8 Mac[32];
+}REPORTMACSTRUCT;
+
+typedef struct{
+ UINT8 Seam[2];
+ UINT8 Rsvd[14];
+}TEE_TCB_SVN;
+
+typedef struct{
+ UINT8 Valid[8];
+ TEE_TCB_SVN TeeTcbSvn;
+ UINT8 Mrseam[48];
+ UINT8 Mrsignerseam[48];
+ UINT8 Attributes[8];
+ UINT8 Rsvd[111];
+}TEE_TCB_INFO;
+
+typedef struct{
+ UINT8 Attributes[8];
+ UINT8 Xfam[8];
+ UINT8 Mrtd[48];
+ UINT8 Mrconfigid[48];
+ UINT8 Mrowner[48];
+ UINT8 Mrownerconfig[48];
+ UINT8 Rtmrs[4][48];
+ UINT8 Rsvd[112];
+}TDINFO;
+
+typedef struct{
+ REPORTMACSTRUCT ReportMacStruct;
+ TEE_TCB_INFO TeeTcbInfo;
+ UINT8 Rsvd[17];
+ TDINFO Tdinfo;
+}TDREPORT_STRUCT;
+
+#pragma pack()
+
+#endif
+
diff --git a/MdePkg/Include/Library/TdxLib.h b/MdePkg/Include/Library/TdxLib.h
new file mode 100644
index 000000000000..5e8634c6df79
--- /dev/null
+++ b/MdePkg/Include/Library/TdxLib.h
@@ -0,0 +1,165 @@
+/** @file
+ TdxLib definitions
+
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TDX_LIB_H_
+#define _TDX_LIB_H_
+
+#include <Library/BaseLib.h>
+#include <Uefi/UefiBaseType.h>
+#include <Library/DebugLib.h>
+#include <Protocol/DebugSupport.h>
+
+/**
+ This function retrieve TDREPORT_STRUCT structure from TDX.
+ The struct contains the measurements/configuration information of
+ the guest TD that called the function, measurements/configuratio
+ information of the TDX-SEAM module and a REPORTMACSTRUCT.
+ The REPORTMACSTRUCT is integrity protected with a MAC and
+ contains the hash of the measurements and configuration
+ as well as additional REPORTDATA provided by the TD software.
+
+ AdditionalData, a 64-byte value, is provided by the guest TD
+ to be included in the TDREPORT
+
+ @param[in,out] Report Holds the TEREPORT_STRUCT.
+ @param[in] ReportSize Size of the report. It must be
+ larger than 1024B.
+ @param[in] AdditionalData Point to the additional data.
+ @param[in] AdditionalDataSize Size of the additional data.
+ If AdditionalData != NULL, then
+ this value must be 64B.
+
+ @return EFI_SUCCESS
+ @return EFI_INVALID_PARAMETER
+ @return EFI_DEVICE_ERROR
+
+**/
+EFI_STATUS
+EFIAPI
+TdReport(
+ IN OUT UINT8 *Report,
+ IN UINT32 ReportSize,
+ IN UINT8 *AdditionalData,
+ IN UINT32 AdditionalDataSize
+);
+
+/**
+ This function accept a pending private page, and initialize the page to
+ all-0 using the TD ephemeral private key.
+
+ @param[in] StartAddress Guest physical address of the private page
+ to accept.
+ @param[in] NumberOfPages Number of the pages to be accepted.
+
+ @return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TdAcceptPages (
+ IN UINT64 StartAddress,
+ IN UINT64 NumberOfPages
+ );
+
+/**
+ This function extends one of the RTMR measurement register
+ in TDCS with the provided extension data in memory.
+ RTMR extending supports SHA384 which length is 48 bytes.
+
+ @param[in] Data Point to the data to be extended
+ @param[in] DataLen Length of the data. Must be 48
+ @param[in] Index RTMR index
+
+ @return EFI_SUCCESS
+ @return EFI_INVALID_PARAMETER
+ @return EFI_DEVICE_ERROR
+
+**/
+EFI_STATUS
+EFIAPI
+TdExtendRtmr(
+ IN UINT32 *Data,
+ IN UINT32 DataLen,
+ IN UINT8 PcrIndex
+ );
+
+/**
+ The TDCALL instruction causes a VM exit to the Intel TDX module. It is
+ used to call guest-side Intel TDX functions, either local or a TD exit
+ to the host VMM, as selected by Leaf.
+ Leaf functions are described at <https://software.intel.com/content/
+ www/us/en/develop/articles/intel-trust-domain-extensions.html>
+
+ @param[in] Leaf Leaf number of TDCALL instruction
+ @param[in] Arg1 Arg1
+ @param[in] Arg2 Arg2
+ @param[in] Arg3 Arg3
+ @param[in,out] Results Returned result of the Leaf function
+
+ @return EFI_SUCCESS
+ @return Other See individual leaf functions
+**/
+EFI_STATUS
+EFIAPI
+TdCall(
+ IN UINT64 Leaf,
+ IN UINT64 Arg1,
+ IN UINT64 Arg2,
+ IN UINT64 Arg3,
+ IN OUT VOID *Results
+ );
+
+/**
+ TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the
+ host VMM to pass/receive information.
+
+ @param[in] Leaf Number of sub-functions
+ @param[in] Arg1 Arg1
+ @param[in] Arg2 Arg2
+ @param[in] Arg3 Arg3
+ @param[in] Arg4 Arg4
+ @param[in,out] Results Returned result of the sub-function
+
+ @return EFI_SUCCESS
+ @return Other See individual sub-functions
+
+**/
+EFI_STATUS
+EFIAPI
+TdVmCall (
+ IN UINT64 Leaf,
+ IN UINT64 Arg1,
+ IN UINT64 Arg2,
+ IN UINT64 Arg3,
+ IN UINT64 Arg4,
+ IN OUT VOID *Results
+ );
+
+/**
+ This function enable the TD guest to request the VMM to emulate CPUID
+ operation, especially for non-architectural, CPUID leaves.
+
+ @param[in] Eax Main leaf of the CPUID
+ @param[in] Ecx Sub-leaf of the CPUID
+ @param[out] Results Returned result of CPUID operation
+
+ @return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TdVmCallCpuid (
+ IN UINT64 Eax,
+ IN UINT64 Ecx,
+ OUT VOID *Results
+ );
+#endif
diff --git a/MdePkg/Include/Protocol/Tdx.h b/MdePkg/Include/Protocol/Tdx.h
new file mode 100644
index 000000000000..b5e9b19c1276
--- /dev/null
+++ b/MdePkg/Include/Protocol/Tdx.h
@@ -0,0 +1,29 @@
+/** @file
+ If TD-Guest firmware supports measurement and an event is created, TD-Guest
+ firmware is designed to report the event log with the same data structure
+ in TCG-Platform-Firmware-Profile specification with
+ EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
+
+ The TD-Guest firmware supports measurement, the TD Guest Firmware is designed
+ to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID to report
+ event log and provides hash capability.
+
+Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#ifndef __EFI_TDX_H__
+#define __EFI_TDX_H__
+
+#include <Uefi/UefiBaseType.h>
+
+#define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', 'L')
+
+#define EFI_TD_PROTOCOL_GUID \
+ {0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }}
+extern EFI_GUID gEfiTdProtocolGuid;
+
+
+#endif
diff --git a/MdePkg/Library/TdxLib/TdxLibNull.c b/MdePkg/Library/TdxLib/TdxLibNull.c
new file mode 100644
index 000000000000..8d759e4d33a4
--- /dev/null
+++ b/MdePkg/Library/TdxLib/TdxLibNull.c
@@ -0,0 +1,155 @@
+/** @file
+ Null instance of TdxLib.
+
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <Library/TdxLib.h>
+
+/**
+ This function retrieve TDREPORT_STRUCT structure from TDX.
+ The struct contains the measurements/configuration information of
+ the guest TD that called the function, measurements/configuratio
+ information of the TDX-SEAM module and a REPORTMACSTRUCT.
+ The REPORTMACSTRUCT is integrity protected with a MAC and
+ contains the hash of the measurements and configuration
+ as well as additional REPORTDATA provided by the TD software.
+
+ AdditionalData, a 64-byte value, is provided by the guest TD
+ to be included in the TDREPORT
+
+ @param[in,out] Report Holds the TEREPORT_STRUCT.
+ @param[in] ReportSize Size of the report. It must be
+ larger than 1024B.
+ @param[in] AdditionalData Point to the additional data.
+ @param[in] AdditionalDataSize Size of the additional data.
+ If AdditionalData != NULL, then
+ this value must be 64B.
+
+ @return EFI_SUCCESS
+ @return EFI_INVALID_PARAMETER
+ @return EFI_DEVICE_ERROR
+
+**/
+EFI_STATUS
+EFIAPI
+TdReport(
+ IN OUT UINT8 *Report,
+ IN UINT32 ReportSize,
+ IN UINT8 *AdditionalData,
+ IN UINT32 AdditionalDataSize
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ This function accept a pending private page, and initialize the page to
+ all-0 using the TD ephemeral private key.
+
+ @param[in] StartAddress Guest physical address of the private page
+ to accept.
+ @param[in] NumberOfPages Number of the pages to be accepted.
+
+ @return EFI_UNSUPPORTED
+**/
+EFI_STATUS
+EFIAPI
+TdAcceptPages (
+ IN UINT64 StartAddress,
+ IN UINT64 NumberOfPages
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ The TDCALL instruction causes a VM exit to the Intel TDX module. It is
+ used to call guest-side Intel TDX functions, either local or a TD exit
+ to the host VMM, as selected by Leaf.
+ Leaf functions are described at <https://software.intel.com/content/
+ www/us/en/develop/articles/intel-trust-domain-extensions.html>
+
+ @param[in] Leaf Leaf number of TDCALL instruction
+ @param[in] Arg1 Arg1
+ @param[in] Arg2 Arg2
+ @param[in] Arg3 Arg3
+ @param[in,out] Results Returned result of the Leaf function
+
+ @return EFI_SUCCESS
+ @return Other See individual leaf functions
+**/
+EFI_STATUS
+EFIAPI
+TdCall(
+ IN UINT64 Leaf,
+ IN UINT64 Arg1,
+ IN UINT64 Arg2,
+ IN UINT64 Arg3,
+ IN OUT VOID *Results
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the
+ host VMM to pass/receive information.
+
+ @param[in] Leaf Number of sub-functions
+ @param[in] Arg1 Arg1
+ @param[in] Arg2 Arg2
+ @param[in] Arg3 Arg3
+ @param[in] Arg4 Arg4
+ @param[in,out] Results Returned result of the sub-function
+
+ @return EFI_SUCCESS
+ @return Other See individual sub-functions
+
+**/
+EFI_STATUS
+EFIAPI
+TdVmCall (
+ IN UINT64 Leaf,
+ IN UINT64 Arg1,
+ IN UINT64 Arg2,
+ IN UINT64 Arg3,
+ IN UINT64 Arg4,
+ IN OUT VOID *Results
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ This function enable the TD guest to request the VMM to emulate CPUID
+ operation, especially for non-architectural, CPUID leaves.
+
+ @param[in] Eax Main leaf of the CPUID
+ @param[in] Ecx Sub-leaf of the CPUID
+ @param[in,out] Results Returned result of CPUID operation
+
+ @return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TdVmCallCpuid (
+ IN UINT64 Eax,
+ IN UINT64 Ecx,
+ IN OUT VOID *Results
+ )
+{
+ return EFI_UNSUPPORTED;
+}
diff --git a/MdePkg/Library/TdxLib/TdxLibNull.inf b/MdePkg/Library/TdxLib/TdxLibNull.inf
new file mode 100644
index 000000000000..0d07595a8c3e
--- /dev/null
+++ b/MdePkg/Library/TdxLib/TdxLibNull.inf
@@ -0,0 +1,33 @@
+## @file
+# Null Tdx library instance
+#
+# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TdxLibNull
+ FILE_GUID = 05C5E621-FC66-4420-9C80-F0DE9E5B95FF
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = X64
+#
+
+[Sources]
+ TdxLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
--
2.29.2.windows.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib
2021-03-09 6:12 [PATCH V3 0/3] Add TdxLib support for Intel TDX Min Xu
2021-03-09 6:12 ` [PATCH V3 1/3] MdePkg: Add Tdx support lib Min Xu
@ 2021-03-09 6:12 ` Min Xu
2021-03-09 6:44 ` Yao, Jiewen
2021-03-09 6:12 ` [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF Min Xu
2021-03-09 12:57 ` [PATCH V3 0/3] Add TdxLib support for Intel TDX Laszlo Ersek
3 siblings, 1 reply; 14+ messages in thread
From: Min Xu @ 2021-03-09 6:12 UTC (permalink / raw)
To: devel; +Cc: Min Xu, Jordan Justen, Laszlo Ersek, Jiewen Yao, Doug Reiland
TdxLib for OvmfPkg depends on the below PCDs
- PcdUseTdxAcceptPage
Indicate whether TdCall(AcceptPage) is used.
- PcdUseTdxEmulation
Indicate whether TdxEmulation is used.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Doug Reiland <doug.reiland@intel.com>
---
OvmfPkg/OvmfPkg.dec | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 4348bb45c64a..68b3fd86d516 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -317,6 +317,12 @@
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43
+ ## Indicate whether TdCall(AcceptPage) is used.
+ gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxAcceptPage|TRUE|BOOLEAN|0x44
+ ## Indicate whether TdxEmulation is used.
+ gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxEmulation|0x1|UINT32|0x45
+
+
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
--
2.29.2.windows.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF
2021-03-09 6:12 [PATCH V3 0/3] Add TdxLib support for Intel TDX Min Xu
2021-03-09 6:12 ` [PATCH V3 1/3] MdePkg: Add Tdx support lib Min Xu
2021-03-09 6:12 ` [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib Min Xu
@ 2021-03-09 6:12 ` Min Xu
2021-03-09 6:46 ` Yao, Jiewen
2021-03-09 12:57 ` [PATCH V3 0/3] Add TdxLib support for Intel TDX Laszlo Ersek
3 siblings, 1 reply; 14+ messages in thread
From: Min Xu @ 2021-03-09 6:12 UTC (permalink / raw)
To: devel; +Cc: Min Xu, Jordan Justen, Laszlo Ersek, Jiewen Yao, Doug Reiland
The base TdxLib in MdePkg/Library provides a default limited interface.
As it does not provide full support, create an OVMF version of this library
to begin the process of providing full support of TDX in OVMF.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Doug Reiland <doug.reiland@intel.com>
---
OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++
OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++
OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++
OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++
OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++
OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++
OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 +++++++++++++++++++++++
7 files changed, 679 insertions(+)
create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c
create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c
create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c
create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf
create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
diff --git a/OvmfPkg/Library/TdxLib/AcceptPages.c b/OvmfPkg/Library/TdxLib/AcceptPages.c
new file mode 100644
index 000000000000..3848bb6a95a4
--- /dev/null
+++ b/OvmfPkg/Library/TdxLib/AcceptPages.c
@@ -0,0 +1,68 @@
+/** @file
+
+ There are 4 defined types in TD memory.
+ Unaccepted memory is a special type of private memory. The OVMF must
+ invoke TDCALL [TDG.MEM.PAGE.ACCEPT] the unaccepted memory before use it.
+
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <Library/TdxLib.h>
+#include <Library/BaseMemoryLib.h>
+
+UINT64 mNumberOfDuplicatedAcceptedPages;
+
+/**
+ This function accept a pending private page, and initialize the page to
+ all-0 using the TD ephemeral private key.
+
+ @param[in] StartAddress Guest physical address of the private
+ page to accept.
+ @param[in] NumberOfPages Number of the pages to be accepted.
+
+ @return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TdAcceptPages (
+ IN UINT64 StartAddress,
+ IN UINT64 NumberOfPages
+ )
+{
+ UINT64 Address;
+ UINT64 Status;
+ UINT64 Index;
+
+ //
+ // Determine if we need to accept pages before use
+ //
+ if (FixedPcdGetBool(PcdUseTdxAcceptPage) == FALSE) {
+ return EFI_SUCCESS;
+ }
+
+ Address = StartAddress;
+
+ for( Index = 0; Index < NumberOfPages; Index++) {
+ Status = TdCall(TDCALL_TDACCEPTPAGE,Address, 0, 0, 0);
+ if (Status != TDX_EXIT_REASON_SUCCESS) {
+ if ((Status & ~0xFFULL) == TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED) {
+ ++mNumberOfDuplicatedAcceptedPages;
+ DEBUG((DEBUG_VERBOSE, "Address %llx already accepted. Total number of already accepted pages %ld\n",
+ Address, mNumberOfDuplicatedAcceptedPages));
+ } else {
+ DEBUG((DEBUG_ERROR, "Address %llx failed to be accepted. Error = %ld\n",
+ Address, Status));
+ ASSERT(Status == TDX_EXIT_REASON_SUCCESS);
+ }
+ }
+ Address += EFI_PAGE_SIZE;
+ }
+ return EFI_SUCCESS;
+}
+
diff --git a/OvmfPkg/Library/TdxLib/Rtmr.c b/OvmfPkg/Library/TdxLib/Rtmr.c
new file mode 100644
index 000000000000..a4b36b6c4bef
--- /dev/null
+++ b/OvmfPkg/Library/TdxLib/Rtmr.c
@@ -0,0 +1,80 @@
+/** @file
+
+ Extends one of the RTMR measurement registers in TDCS with the provided
+ extension data in memory.
+
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/TdxLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <IndustryStandard/Tpm20.h>
+#include <IndustryStandard/Tdx.h>
+#include <Protocol/Tdx.h>
+
+#define RTMR_COUNT 4
+
+/**
+ This function extends one of the RTMR measurement register
+ in TDCS with the provided extension data in memory.
+ RTMR extending supports SHA384 which length is 48 bytes.
+
+ @param[in] Data Point to the data to be extended
+ @param[in] DataLen Length of the data. Must be 48
+ @param[in] Index RTMR index
+
+ @return EFI_SUCCESS
+ @return EFI_INVALID_PARAMETER
+ @return EFI_DEVICE_ERROR
+
+**/
+EFI_STATUS
+EFIAPI
+TdExtendRtmr(
+ IN UINT32 *Data,
+ IN UINT32 DataLen,
+ IN UINT8 Index
+ )
+{
+ EFI_STATUS Status;
+ UINT64 *Buffer;
+ UINT64 TdCallStatus;
+
+ Status = EFI_SUCCESS;
+
+ ASSERT(Index >= 0 && Index < RTMR_COUNT);
+ ASSERT(DataLen == SHA384_DIGEST_SIZE);
+
+ //
+ // Allocate 64B aligned mem to hold the sha384 hash value
+ //
+ Buffer = AllocateAlignedPages(EFI_SIZE_TO_PAGES(SHA384_DIGEST_SIZE), 64);
+ if(Data == NULL){
+ return EFI_OUT_OF_RESOURCES;
+ }
+ CopyMem(Buffer, Data, SHA384_DIGEST_SIZE);
+
+ TdCallStatus = TdCall(TDCALL_TDEXTENDRTMR, (UINT64)Buffer, Index, 0, 0);
+
+ if(TdCallStatus == TDX_EXIT_REASON_SUCCESS){
+ Status = EFI_SUCCESS;
+ }else if(TdCallStatus == TDX_EXIT_REASON_OPERAND_INVALID){
+ Status = EFI_INVALID_PARAMETER;
+ }else{
+ Status = EFI_DEVICE_ERROR;
+ }
+
+ if(Status != EFI_SUCCESS){
+ DEBUG((DEBUG_ERROR, "Error returned from TdExtendRtmr call - 0x%lx\n", TdCallStatus));
+ }
+
+ FreeAlignedPages(Buffer, EFI_SIZE_TO_PAGES(SHA384_DIGEST_SIZE));
+
+ return Status;
+}
diff --git a/OvmfPkg/Library/TdxLib/TdReport.c b/OvmfPkg/Library/TdxLib/TdReport.c
new file mode 100644
index 000000000000..ace213bcf467
--- /dev/null
+++ b/OvmfPkg/Library/TdxLib/TdReport.c
@@ -0,0 +1,102 @@
+/** @file
+
+ Retrieve TDREPORT_STRUCT structure from TDX
+
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <Library/TdxLib.h>
+
+#define REPORT_STRUCT_SIZE 1024
+#define ADDITIONAL_DATA_SIZE 64
+
+/**
+ This function retrieve TDREPORT_STRUCT structure from TDX.
+ The struct contains the measurements/configuration information of
+ the guest TD that called the function, measurements/configuratio
+ information of the TDX-SEAM module and a REPORTMACSTRUCT.
+ The REPORTMACSTRUCT is integrity protected with a MAC and
+ contains the hash of the measurements and configuration
+ as well as additional REPORTDATA provided by the TD software.
+
+ AdditionalData, a 64-byte value, is provided by the guest TD
+ to be included in the TDREPORT
+
+ @param[in,out] Report Holds the TEREPORT_STRUCT.
+ @param[in] ReportSize Size of the report. It must be
+ larger than 1024B.
+ @param[in] AdditionalData Point to the additional data.
+ @param[in] AdditionalDataSize Size of the additional data.
+ If AdditionalData != NULL, then
+ this value must be 64B.
+
+ @return EFI_SUCCESS
+ @return EFI_INVALID_PARAMETER
+ @return EFI_DEVICE_ERROR
+
+**/
+EFI_STATUS
+EFIAPI
+TdReport(
+ IN OUT UINT8 *Report,
+ IN UINT32 ReportSize,
+ IN UINT8 *AdditionalData,
+ IN UINT32 AdditionalDataSize
+ )
+
+{
+ EFI_STATUS Status;
+ UINT64 *Data;
+ UINT64 *Report_Struct;
+ UINT64 *Report_Data;
+ UINT64 TdCallStatus;
+
+ if(ReportSize < REPORT_STRUCT_SIZE){
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if(AdditionalData != NULL && AdditionalDataSize != ADDITIONAL_DATA_SIZE){
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Data = AllocatePages(EFI_SIZE_TO_PAGES(REPORT_STRUCT_SIZE + ADDITIONAL_DATA_SIZE));
+ if(Data == NULL){
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Report_Struct = Data;
+ Report_Data = Data + REPORT_STRUCT_SIZE;
+ if(AdditionalData != NULL){
+ CopyMem(Report_Data, AdditionalData, ADDITIONAL_DATA_SIZE);
+ }else{
+ ZeroMem(Report_Data, ADDITIONAL_DATA_SIZE);
+ }
+
+ TdCallStatus = TdCall(TDCALL_TDREPORT, (UINT64)Report_Struct, (UINT64)Report_Data, 0, 0);
+
+ if(TdCallStatus == TDX_EXIT_REASON_SUCCESS){
+ Status = EFI_SUCCESS;
+ }else if(TdCallStatus == TDX_EXIT_REASON_OPERAND_INVALID){
+ Status = EFI_INVALID_PARAMETER;
+ }else{
+ Status = EFI_DEVICE_ERROR;
+ }
+
+ if(Status != EFI_SUCCESS){
+ DEBUG((DEBUG_ERROR, "Error returned from TdReport call - 0x%lx\n", TdCallStatus));
+ }else{
+ CopyMem(Report, Data, REPORT_STRUCT_SIZE);
+ }
+
+ FreePages(Data, EFI_SIZE_TO_PAGES(REPORT_STRUCT_SIZE + ADDITIONAL_DATA_SIZE));
+
+ return Status;
+}
diff --git a/OvmfPkg/Library/TdxLib/TdxLib.inf b/OvmfPkg/Library/TdxLib/TdxLib.inf
new file mode 100644
index 000000000000..f642de9e3a5f
--- /dev/null
+++ b/OvmfPkg/Library/TdxLib/TdxLib.inf
@@ -0,0 +1,48 @@
+## @file
+# Tdx library
+#
+# Copyright (c) 2020- 2021, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TdxLib
+ FILE_GUID = 032A8E0D-0C27-40C0-9CAA-23B731C1B223
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxLib|PEI_CORE PEIM DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = X64
+#
+
+[Sources]
+ Rtmr.c
+ TdReport.c
+ AcceptPages.c
+ X64/Tdcall.nasm
+ X64/Tdvmcall.nasm
+
+[Packages]
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxAcceptPage
+ gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxEmulation
diff --git a/OvmfPkg/Library/TdxLib/TdxLibSec.inf b/OvmfPkg/Library/TdxLib/TdxLibSec.inf
new file mode 100644
index 000000000000..82ef4f08be8c
--- /dev/null
+++ b/OvmfPkg/Library/TdxLib/TdxLibSec.inf
@@ -0,0 +1,45 @@
+## @file
+# Tdx library for SEC phase.
+#
+# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TdxLibSec
+ FILE_GUID = 498E8E1E-5B11-41F3-9083-EEE3A32B009D
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxLib|SEC
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = X64
+#
+
+[Sources]
+ AcceptPages.c
+ X64/Tdcall.nasm
+ X64/Tdvmcall.nasm
+
+[Packages]
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxAcceptPage
+ gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxEmulation
diff --git a/OvmfPkg/Library/TdxLib/X64/Tdcall.nasm b/OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
new file mode 100644
index 000000000000..d0d55e2a9443
--- /dev/null
+++ b/OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
@@ -0,0 +1,125 @@
+;------------------------------------------------------------------------------
+;*
+;* Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+;* This program and the accompanying materials
+;* are licensed and made available under the terms and conditions of the BSD License
+;* which accompanies this distribution. The full text of the license may be found at
+;* http://opensource.org/licenses/bsd-license.php
+;*
+;* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+;* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+;*
+;*
+;------------------------------------------------------------------------------
+
+DEFAULT REL
+SECTION .text
+
+%macro tdcall 0
+%if (FixedPcdGet32 (PcdUseTdxEmulation) != 0)
+ vmcall
+%else
+ db 0x66,0x0f,0x01,0xcc
+%endif
+%endmacro
+
+%macro tdcall_push_regs 0
+ push rbp
+ mov rbp, rsp
+ push r15
+ push r14
+ push r13
+ push r12
+ push rbx
+ push rsi
+ push rdi
+%endmacro
+
+%macro tdcall_pop_regs 0
+ pop rdi
+ pop rsi
+ pop rbx
+ pop r12
+ pop r13
+ pop r14
+ pop r15
+ pop rbp
+%endmacro
+
+%define number_of_regs_pushed 8
+%define number_of_parameters 4
+
+; Keep these in sync for push_regs/pop_regs, code below uses them to find 5th or greater parameters
+%define first_variable_on_stack_offset (number_of_regs_pushed * 8) + (number_of_parameters * 8) + 8
+%define second_variable_on_stack_offset (first_variable_on_stack_offset) + 8
+
+%macro tdcall_regs_preamble 2
+ mov rax, %1
+
+ mov ecx, %2
+
+ ; R10 = 0 (standard TDVMCALL)
+
+ xor r10d, r10d
+
+ ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
+ ; secrets to the VMM.
+
+ xor ebx, ebx
+ xor esi, esi
+ xor edi, edi
+
+ xor edx, edx
+ xor ebp, ebp
+ xor r8d, r8d
+ xor r9d, r9d
+%endmacro
+
+%macro tdcall_regs_postamble 0
+ xor ebx, ebx
+ xor esi, esi
+ xor edi, edi
+
+ xor ecx, ecx
+ xor edx, edx
+ xor r8d, r8d
+ xor r9d, r9d
+ xor r10d, r10d
+ xor r11d, r11d
+%endmacro
+
+; TdCall (
+; UINT64 Leaf, // Rcx
+; UINT64 P1, // Rdx
+; UINT64 P2, // R8
+; UINT64 P3, // R9
+; UINT64 Results, // rsp + 0x28
+; )
+global ASM_PFX(TdCall)
+ASM_PFX(TdCall):
+ tdcall_push_regs
+
+ mov rax, rcx
+ mov rcx, rdx
+ mov rdx, r8
+ mov r8, r9
+
+ tdcall
+
+ ; exit if tdcall reports failure.
+ test rax, rax
+ jnz .exit
+
+ ; test if caller wanted results
+ mov r12, [rsp + first_variable_on_stack_offset ]
+ test r12, r12
+ jz .exit
+ mov [r12 + 0 ], rcx
+ mov [r12 + 8 ], rdx
+ mov [r12 + 16], r8
+ mov [r12 + 24], r9
+ mov [r12 + 32], r10
+ mov [r12 + 40], r11
+.exit:
+ tdcall_pop_regs
+ ret
diff --git a/OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm b/OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
new file mode 100644
index 000000000000..e1da9b4fbdd6
--- /dev/null
+++ b/OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
@@ -0,0 +1,211 @@
+;------------------------------------------------------------------------------
+;*
+;* Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+;* This program and the accompanying materials
+;* are licensed and made available under the terms and conditions of the BSD License
+;* which accompanies this distribution. The full text of the license may be found at
+;* http://opensource.org/licenses/bsd-license.php
+;*
+;* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+;* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+;*
+;*
+;------------------------------------------------------------------------------
+
+DEFAULT REL
+SECTION .text
+
+%define TDVMCALL_EXPOSE_REGS_MASK 0xffec
+%define TDVMCALL 0x0
+%define EXIT_REASON_CPUID 0xa
+
+%macro tdcall 0
+%if (FixedPcdGet32 (PcdUseTdxEmulation) != 0)
+ vmcall
+%else
+ db 0x66,0x0f,0x01,0xcc
+%endif
+%endmacro
+
+%macro tdcall_push_regs 0
+ push rbp
+ mov rbp, rsp
+ push r15
+ push r14
+ push r13
+ push r12
+ push rbx
+ push rsi
+ push rdi
+%endmacro
+
+%macro tdcall_pop_regs 0
+ pop rdi
+ pop rsi
+ pop rbx
+ pop r12
+ pop r13
+ pop r14
+ pop r15
+ pop rbp
+%endmacro
+
+%define number_of_regs_pushed 8
+%define number_of_parameters 4
+
+; Keep these in sync for push_regs/pop_regs, code below uses them to find 5th or greater parameters
+%define first_variable_on_stack_offset (number_of_regs_pushed * 8) + (number_of_parameters * 8) + 8
+%define second_variable_on_stack_offset (first_variable_on_stack_offset) + 8
+
+%macro tdcall_regs_preamble 2
+ mov rax, %1
+
+ mov ecx, %2
+
+ ; R10 = 0 (standard TDVMCALL)
+
+ xor r10d, r10d
+
+ ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
+ ; secrets to the VMM.
+
+ xor ebx, ebx
+ xor esi, esi
+ xor edi, edi
+
+ xor edx, edx
+ xor ebp, ebp
+ xor r8d, r8d
+ xor r9d, r9d
+%endmacro
+
+%macro tdcall_regs_postamble 0
+ xor ebx, ebx
+ xor esi, esi
+ xor edi, edi
+
+ xor ecx, ecx
+ xor edx, edx
+ xor r8d, r8d
+ xor r9d, r9d
+ xor r10d, r10d
+ xor r11d, r11d
+%endmacro
+
+;------------------------------------------------------------------------------
+; 0 => RAX = TDCALL leaf
+; M => RCX = TDVMCALL register behavior
+; 1 => R10 = standard vs. vendor
+; RDI => R11 = TDVMCALL function / nr
+; RSI = R12 = p1
+; RDX => R13 = p2
+; RCX => R14 = p3
+; R8 => R15 = p4
+
+; UINT64
+; EFIAPI
+; TdVmCall (
+; UINT64 Leaf, // Rcx
+; UINT64 P1, // Rdx
+; UINT64 P2, // R8
+; UINT64 P3, // R9
+; UINT64 P4, // rsp + 0x28
+; UINT64 *Val // rsp + 0x30
+; )
+global ASM_PFX(TdVmCall)
+ASM_PFX(TdVmCall):
+ tdcall_push_regs
+
+ mov r11, rcx
+ mov r12, rdx
+ mov r13, r8
+ mov r14, r9
+ mov r15, [rsp + first_variable_on_stack_offset ]
+
+ tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
+
+ tdcall
+
+ ; ignore return dataif TDCALL reports failure.
+ test rax, rax
+ jnz .no_return_data
+
+ ; Propagate TDVMCALL success/failure to return value.
+ mov rax, r10
+
+ ; Retrieve the Val pointer.
+ mov r9, [rsp + second_variable_on_stack_offset ]
+ test r9, r9
+ jz .no_return_data
+
+ ; On success, propagate TDVMCALL output value to output param
+ test rax, rax
+ jnz .no_return_data
+ mov [r9], r11
+.no_return_data:
+ tdcall_regs_postamble
+
+ tdcall_pop_regs
+
+ ret
+
+;------------------------------------------------------------------------------
+; 0 => RAX = TDCALL leaf
+; M => RCX = TDVMCALL register behavior
+; 1 => R10 = standard vs. vendor
+; RDI => R11 = TDVMCALL function / nr
+; RSI = R12 = p1
+; RDX => R13 = p2
+; RCX => R14 = p3
+; R8 => R15 = p4
+
+; UINT64
+; EFIAPI
+; TdVmCallCpuid (
+; UINT64 EaxIn, // Rcx
+; UINT64 EcxIn, // Rdx
+; UINT64 *Results // R8
+; )
+global ASM_PFX(TdVmCallCpuid)
+ASM_PFX(TdVmCallCpuid):
+ tdcall_push_regs
+
+ mov r11, EXIT_REASON_CPUID
+ mov r12, rcx
+ mov r13, rdx
+
+ tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
+
+ ; Save *results pointers
+ push r8
+
+ tdcall
+
+ ; Panic if TDCALL reports failure.
+ test rax, rax
+ jnz .no_return_data
+
+ ; Propagate TDVMCALL success/failure to return value.
+ mov rax, r10
+ test rax, rax
+ jnz .no_return_data
+
+ ; Retrieve *Results
+ pop r8
+ test r8, r8
+ jnz .no_return_data
+ ; Caller pass in buffer so store results r12-r15 contains eax-edx
+ mov [r8 + 0], r12
+ mov [r8 + 8], r13
+ mov [r8 + 16], r14
+ mov [r8 + 24], r15
+
+.no_return_data:
+ tdcall_regs_postamble
+
+ tdcall_pop_regs
+
+ ret
+
+.panic:
+ ud2
--
2.29.2.windows.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH V3 1/3] MdePkg: Add Tdx support lib
2021-03-09 6:12 ` [PATCH V3 1/3] MdePkg: Add Tdx support lib Min Xu
@ 2021-03-09 6:25 ` Yao, Jiewen
2021-03-09 8:23 ` Min Xu
0 siblings, 1 reply; 14+ messages in thread
From: Yao, Jiewen @ 2021-03-09 6:25 UTC (permalink / raw)
To: Xu, Min M, devel@edk2.groups.io; +Cc: Liming Gao, Liu, Zhiguang, Reiland, Doug
Hi Min
Some recommendation:
1) Please separate 1 big patch to multiple smaller ones.
1 patch for TdxLib
1 patch for Tdx protocol.
1 patch for TDX event log ACPI table.
1 patch for TDX Library.
2) The ACPI definition from TDX protocol should be isolated to TdxAcpi.h
#define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', 'L')
3) There is no description for TD protocol itself and TD event data ACPI table. Please add them.
You may copy some content from the specification.
4) I think we are following TDX spec to provide TdxLib.
I don't see the need to provide NULL version in MdePkg. We can put real TdxLib to MdePkg.
5) If possible, please provide TDX spec link in the file header comment session.
As such, the reviewer can check the spec easily.
> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Tuesday, March 9, 2021 2:13 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Reiland, Doug <doug.reiland@intel.com>
> Subject: [PATCH V3 1/3] MdePkg: Add Tdx support lib
>
> Intel Trust Domain Extension (Intel TDX) refers to an Intel technology
> that extends Virtual Machines Extensions (VMX) and Multi-Key Total
> Memory Encryption (MKTME) with a new kind of virtual machine guest
> called a Trust Domain (TD).
>
> TdxLib is created with functions to perform the related Tdx operation.
> This includes functions for:
> - TdCall : to cause a VM exit to the Intel TDX module
> - TdVmCall : it is a leaf function 0 for TDCALL
> - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
> - TdReport : to retrieve TDREPORT_STRUCT
> - TdAcceptPages : to accept pending private pages
> - TdExtendRtmr : to extend one of the RTMR registers
>
> The base function in this dirver will not do anything and will return
> an error if a return value is required. It is expected that other
> packages (like OvmfPkg) will create a version of the library to fully
> support a TD guest.
>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> Signed-off-by: Doug Reiland <doug.reiland@intel.com>
> ---
> MdePkg/Include/IndustryStandard/Tdx.h | 201 ++++++++++++++++++++++++++
> MdePkg/Include/Library/TdxLib.h | 165 +++++++++++++++++++++
> MdePkg/Include/Protocol/Tdx.h | 29 ++++
> MdePkg/Library/TdxLib/TdxLibNull.c | 155 ++++++++++++++++++++
> MdePkg/Library/TdxLib/TdxLibNull.inf | 33 +++++
> 5 files changed, 583 insertions(+)
> create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
> create mode 100644 MdePkg/Include/Library/TdxLib.h
> create mode 100644 MdePkg/Include/Protocol/Tdx.h
> create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
> create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf
>
> diff --git a/MdePkg/Include/IndustryStandard/Tdx.h
> b/MdePkg/Include/IndustryStandard/Tdx.h
> new file mode 100644
> index 000000000000..dbcc31c26528
> --- /dev/null
> +++ b/MdePkg/Include/IndustryStandard/Tdx.h
> @@ -0,0 +1,201 @@
> +/** @file
> + Intel Trust Domain Extension definitions
> +
> + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be found
> at
> + http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef _TDX_H_
> +#define _TDX_H_
> +
> +#define EXIT_REASON_EXTERNAL_INTERRUPT 1
> +#define EXIT_REASON_TRIPLE_FAULT 2
> +
> +#define EXIT_REASON_PENDING_INTERRUPT 7
> +#define EXIT_REASON_NMI_WINDOW 8
> +#define EXIT_REASON_TASK_SWITCH 9
> +#define EXIT_REASON_CPUID 10
> +#define EXIT_REASON_HLT 12
> +#define EXIT_REASON_INVD 13
> +#define EXIT_REASON_INVLPG 14
> +#define EXIT_REASON_RDPMC 15
> +#define EXIT_REASON_RDTSC 16
> +#define EXIT_REASON_VMCALL 18
> +#define EXIT_REASON_VMCLEAR 19
> +#define EXIT_REASON_VMLAUNCH 20
> +#define EXIT_REASON_VMPTRLD 21
> +#define EXIT_REASON_VMPTRST 22
> +#define EXIT_REASON_VMREAD 23
> +#define EXIT_REASON_VMRESUME 24
> +#define EXIT_REASON_VMWRITE 25
> +#define EXIT_REASON_VMOFF 26
> +#define EXIT_REASON_VMON 27
> +#define EXIT_REASON_CR_ACCESS 28
> +#define EXIT_REASON_DR_ACCESS 29
> +#define EXIT_REASON_IO_INSTRUCTION 30
> +#define EXIT_REASON_MSR_READ 31
> +#define EXIT_REASON_MSR_WRITE 32
> +#define EXIT_REASON_INVALID_STATE 33
> +#define EXIT_REASON_MSR_LOAD_FAIL 34
> +#define EXIT_REASON_MWAIT_INSTRUCTION 36
> +#define EXIT_REASON_MONITOR_TRAP_FLAG 37
> +#define EXIT_REASON_MONITOR_INSTRUCTION 39
> +#define EXIT_REASON_PAUSE_INSTRUCTION 40
> +#define EXIT_REASON_MCE_DURING_VMENTRY 41
> +#define EXIT_REASON_TPR_BELOW_THRESHOLD 43
> +#define EXIT_REASON_APIC_ACCESS 44
> +#define EXIT_REASON_EOI_INDUCED 45
> +#define EXIT_REASON_GDTR_IDTR 46
> +#define EXIT_REASON_LDTR_TR 47
> +#define EXIT_REASON_EPT_VIOLATION 48
> +#define EXIT_REASON_EPT_MISCONFIG 49
> +#define EXIT_REASON_INVEPT 50
> +#define EXIT_REASON_RDTSCP 51
> +#define EXIT_REASON_PREEMPTION_TIMER 52
> +#define EXIT_REASON_INVVPID 53
> +#define EXIT_REASON_WBINVD 54
> +#define EXIT_REASON_XSETBV 55
> +#define EXIT_REASON_APIC_WRITE 56
> +#define EXIT_REASON_RDRAND 57
> +#define EXIT_REASON_INVPCID 58
> +#define EXIT_REASON_VMFUNC 59
> +#define EXIT_REASON_ENCLS 60
> +#define EXIT_REASON_RDSEED 61
> +#define EXIT_REASON_PML_FULL 62
> +#define EXIT_REASON_XSAVES 63
> +#define EXIT_REASON_XRSTORS 64
> +
> +// TDCALL API Function Completion Status Codes
> +#define TDX_EXIT_REASON_SUCCESS 0x0000000000000000
> +#define TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED
> 0x00000B0A00000000
> +#define TDX_EXIT_REASON_OPERAND_INVALID 0xC000010000000000
> +#define TDX_EXIT_REASON_OPERAND_BUSY 0x8000020000000000
> +
> +#define TDCALL_TDVMCALL 0
> +#define TDCALL_TDINFO 1
> +#define TDCALL_TDEXTENDRTMR 2
> +#define TDCALL_TDGETVEINFO 3
> +#define TDCALL_TDREPORT 4
> +#define TDCALL_TDSETCPUIDVE 5
> +#define TDCALL_TDACCEPTPAGE 6
> +
> +#define TDVMCALL_CPUID 0x0000a
> +#define TDVMCALL_HALT 0x0000c
> +#define TDVMCALL_IO 0x0001e
> +#define TDVMCALL_RDMSR 0x0001f
> +#define TDVMCALL_WRMSR 0x00020
> +#define TDVMCALL_MMIO 0x00030
> +#define TDVMCALL_PCONFIG 0x00041
> +
> +#define TDVMCALL_GET_TDVMCALL_INFO 0x10000
> +#define TDVMCALL_MAPGPA 0x10001
> +#define TDVMCALL_GET_QUOTE 0x10002
> +#define TDVMCALL_REPORT_FATAL_ERR 0x10003
> +#define TDVMCALL_SETUP_EVENT_NOTIFY 0x10004
> +
> +#pragma pack(1)
> +typedef struct {
> + UINT64 Data[6];
> +} TDCALL_GENERIC_RETURN_DATA;
> +
> +typedef struct {
> + UINT64 Gpaw;
> + UINT64 Attributes;
> + UINT32 MaxVcpus;
> + UINT32 NumVcpus;
> + UINT64 Resv[3];
> +} TDCALL_INFO_RETURN_DATA;
> +
> +typedef union {
> + UINT64 Val;
> + struct {
> + UINT32 Size:3;
> + UINT32 Direction:1;
> + UINT32 String:1;
> + UINT32 Rep:1;
> + UINT32 Encoding:1;
> + UINT32 Resv:9;
> + UINT32 Port:16;
> + UINT32 Resv2;
> + } Io;
> +} VMX_EXIT_QUALIFICATION;
> +
> +typedef struct {
> + UINT32 ExitReason;
> + UINT32 Resv;
> + VMX_EXIT_QUALIFICATION ExitQualification;
> + UINT64 GuestLA;
> + UINT64 GuestPA;
> + UINT32 ExitInstructionLength;
> + UINT32 ExitInstructionInfo;
> + UINT32 Resv1;
> +} TDCALL_VEINFO_RETURN_DATA;
> +
> +typedef union {
> + TDCALL_GENERIC_RETURN_DATA Generic;
> + TDCALL_INFO_RETURN_DATA TdInfo;
> + TDCALL_VEINFO_RETURN_DATA VeInfo;
> +} TD_RETURN_DATA;
> +
> +/* data structure used in TDREPORT_STRUCT */
> +typedef struct{
> + UINT8 Type;
> + UINT8 Subtype;
> + UINT8 Version;
> + UINT8 Rsvd;
> +}TD_REPORT_TYPE;
> +
> +typedef struct{
> + TD_REPORT_TYPE ReportType;
> + UINT8 Rsvd1[12];
> + UINT8 CpuSvn[16];
> + UINT8 TeeTcbInfoHash[48];
> + UINT8 TeeInfoHash[48];
> + UINT8 ReportData[64];
> + UINT8 Rsvd2[32];
> + UINT8 Mac[32];
> +}REPORTMACSTRUCT;
> +
> +typedef struct{
> + UINT8 Seam[2];
> + UINT8 Rsvd[14];
> +}TEE_TCB_SVN;
> +
> +typedef struct{
> + UINT8 Valid[8];
> + TEE_TCB_SVN TeeTcbSvn;
> + UINT8 Mrseam[48];
> + UINT8 Mrsignerseam[48];
> + UINT8 Attributes[8];
> + UINT8 Rsvd[111];
> +}TEE_TCB_INFO;
> +
> +typedef struct{
> + UINT8 Attributes[8];
> + UINT8 Xfam[8];
> + UINT8 Mrtd[48];
> + UINT8 Mrconfigid[48];
> + UINT8 Mrowner[48];
> + UINT8 Mrownerconfig[48];
> + UINT8 Rtmrs[4][48];
> + UINT8 Rsvd[112];
> +}TDINFO;
> +
> +typedef struct{
> + REPORTMACSTRUCT ReportMacStruct;
> + TEE_TCB_INFO TeeTcbInfo;
> + UINT8 Rsvd[17];
> + TDINFO Tdinfo;
> +}TDREPORT_STRUCT;
> +
> +#pragma pack()
> +
> +#endif
> +
> diff --git a/MdePkg/Include/Library/TdxLib.h b/MdePkg/Include/Library/TdxLib.h
> new file mode 100644
> index 000000000000..5e8634c6df79
> --- /dev/null
> +++ b/MdePkg/Include/Library/TdxLib.h
> @@ -0,0 +1,165 @@
> +/** @file
> + TdxLib definitions
> +
> + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be found
> at
> + http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef _TDX_LIB_H_
> +#define _TDX_LIB_H_
> +
> +#include <Library/BaseLib.h>
> +#include <Uefi/UefiBaseType.h>
> +#include <Library/DebugLib.h>
> +#include <Protocol/DebugSupport.h>
> +
> +/**
> + This function retrieve TDREPORT_STRUCT structure from TDX.
> + The struct contains the measurements/configuration information of
> + the guest TD that called the function, measurements/configuratio
> + information of the TDX-SEAM module and a REPORTMACSTRUCT.
> + The REPORTMACSTRUCT is integrity protected with a MAC and
> + contains the hash of the measurements and configuration
> + as well as additional REPORTDATA provided by the TD software.
> +
> + AdditionalData, a 64-byte value, is provided by the guest TD
> + to be included in the TDREPORT
> +
> + @param[in,out] Report Holds the TEREPORT_STRUCT.
> + @param[in] ReportSize Size of the report. It must be
> + larger than 1024B.
> + @param[in] AdditionalData Point to the additional data.
> + @param[in] AdditionalDataSize Size of the additional data.
> + If AdditionalData != NULL, then
> + this value must be 64B.
> +
> + @return EFI_SUCCESS
> + @return EFI_INVALID_PARAMETER
> + @return EFI_DEVICE_ERROR
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdReport(
> + IN OUT UINT8 *Report,
> + IN UINT32 ReportSize,
> + IN UINT8 *AdditionalData,
> + IN UINT32 AdditionalDataSize
> +);
> +
> +/**
> + This function accept a pending private page, and initialize the page to
> + all-0 using the TD ephemeral private key.
> +
> + @param[in] StartAddress Guest physical address of the private page
> + to accept.
> + @param[in] NumberOfPages Number of the pages to be accepted.
> +
> + @return EFI_SUCCESS
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdAcceptPages (
> + IN UINT64 StartAddress,
> + IN UINT64 NumberOfPages
> + );
> +
> +/**
> + This function extends one of the RTMR measurement register
> + in TDCS with the provided extension data in memory.
> + RTMR extending supports SHA384 which length is 48 bytes.
> +
> + @param[in] Data Point to the data to be extended
> + @param[in] DataLen Length of the data. Must be 48
> + @param[in] Index RTMR index
> +
> + @return EFI_SUCCESS
> + @return EFI_INVALID_PARAMETER
> + @return EFI_DEVICE_ERROR
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdExtendRtmr(
> + IN UINT32 *Data,
> + IN UINT32 DataLen,
> + IN UINT8 PcrIndex
> + );
> +
> +/**
> + The TDCALL instruction causes a VM exit to the Intel TDX module. It is
> + used to call guest-side Intel TDX functions, either local or a TD exit
> + to the host VMM, as selected by Leaf.
> + Leaf functions are described at <https://software.intel.com/content/
> + www/us/en/develop/articles/intel-trust-domain-extensions.html>
> +
> + @param[in] Leaf Leaf number of TDCALL instruction
> + @param[in] Arg1 Arg1
> + @param[in] Arg2 Arg2
> + @param[in] Arg3 Arg3
> + @param[in,out] Results Returned result of the Leaf function
> +
> + @return EFI_SUCCESS
> + @return Other See individual leaf functions
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdCall(
> + IN UINT64 Leaf,
> + IN UINT64 Arg1,
> + IN UINT64 Arg2,
> + IN UINT64 Arg3,
> + IN OUT VOID *Results
> + );
> +
> +/**
> + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the
> + host VMM to pass/receive information.
> +
> + @param[in] Leaf Number of sub-functions
> + @param[in] Arg1 Arg1
> + @param[in] Arg2 Arg2
> + @param[in] Arg3 Arg3
> + @param[in] Arg4 Arg4
> + @param[in,out] Results Returned result of the sub-function
> +
> + @return EFI_SUCCESS
> + @return Other See individual sub-functions
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdVmCall (
> + IN UINT64 Leaf,
> + IN UINT64 Arg1,
> + IN UINT64 Arg2,
> + IN UINT64 Arg3,
> + IN UINT64 Arg4,
> + IN OUT VOID *Results
> + );
> +
> +/**
> + This function enable the TD guest to request the VMM to emulate CPUID
> + operation, especially for non-architectural, CPUID leaves.
> +
> + @param[in] Eax Main leaf of the CPUID
> + @param[in] Ecx Sub-leaf of the CPUID
> + @param[out] Results Returned result of CPUID operation
> +
> + @return EFI_SUCCESS
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdVmCallCpuid (
> + IN UINT64 Eax,
> + IN UINT64 Ecx,
> + OUT VOID *Results
> + );
> +#endif
> diff --git a/MdePkg/Include/Protocol/Tdx.h b/MdePkg/Include/Protocol/Tdx.h
> new file mode 100644
> index 000000000000..b5e9b19c1276
> --- /dev/null
> +++ b/MdePkg/Include/Protocol/Tdx.h
> @@ -0,0 +1,29 @@
> +/** @file
> + If TD-Guest firmware supports measurement and an event is created, TD-
> Guest
> + firmware is designed to report the event log with the same data structure
> + in TCG-Platform-Firmware-Profile specification with
> + EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
> +
> + The TD-Guest firmware supports measurement, the TD Guest Firmware is
> designed
> + to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID to
> report
> + event log and provides hash capability.
> +
> +Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +
> +#ifndef __EFI_TDX_H__
> +#define __EFI_TDX_H__
> +
> +#include <Uefi/UefiBaseType.h>
> +
> +#define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', 'L')
> +
> +#define EFI_TD_PROTOCOL_GUID \
> + {0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae,
> 0x6b }}
> +extern EFI_GUID gEfiTdProtocolGuid;
> +
> +
> +#endif
> diff --git a/MdePkg/Library/TdxLib/TdxLibNull.c
> b/MdePkg/Library/TdxLib/TdxLibNull.c
> new file mode 100644
> index 000000000000..8d759e4d33a4
> --- /dev/null
> +++ b/MdePkg/Library/TdxLib/TdxLibNull.c
> @@ -0,0 +1,155 @@
> +/** @file
> + Null instance of TdxLib.
> +
> + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be found
> at
> + http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <IndustryStandard/Tdx.h>
> +#include <Library/TdxLib.h>
> +
> +/**
> + This function retrieve TDREPORT_STRUCT structure from TDX.
> + The struct contains the measurements/configuration information of
> + the guest TD that called the function, measurements/configuratio
> + information of the TDX-SEAM module and a REPORTMACSTRUCT.
> + The REPORTMACSTRUCT is integrity protected with a MAC and
> + contains the hash of the measurements and configuration
> + as well as additional REPORTDATA provided by the TD software.
> +
> + AdditionalData, a 64-byte value, is provided by the guest TD
> + to be included in the TDREPORT
> +
> + @param[in,out] Report Holds the TEREPORT_STRUCT.
> + @param[in] ReportSize Size of the report. It must be
> + larger than 1024B.
> + @param[in] AdditionalData Point to the additional data.
> + @param[in] AdditionalDataSize Size of the additional data.
> + If AdditionalData != NULL, then
> + this value must be 64B.
> +
> + @return EFI_SUCCESS
> + @return EFI_INVALID_PARAMETER
> + @return EFI_DEVICE_ERROR
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdReport(
> + IN OUT UINT8 *Report,
> + IN UINT32 ReportSize,
> + IN UINT8 *AdditionalData,
> + IN UINT32 AdditionalDataSize
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + This function accept a pending private page, and initialize the page to
> + all-0 using the TD ephemeral private key.
> +
> + @param[in] StartAddress Guest physical address of the private page
> + to accept.
> + @param[in] NumberOfPages Number of the pages to be accepted.
> +
> + @return EFI_UNSUPPORTED
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdAcceptPages (
> + IN UINT64 StartAddress,
> + IN UINT64 NumberOfPages
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + The TDCALL instruction causes a VM exit to the Intel TDX module. It is
> + used to call guest-side Intel TDX functions, either local or a TD exit
> + to the host VMM, as selected by Leaf.
> + Leaf functions are described at <https://software.intel.com/content/
> + www/us/en/develop/articles/intel-trust-domain-extensions.html>
> +
> + @param[in] Leaf Leaf number of TDCALL instruction
> + @param[in] Arg1 Arg1
> + @param[in] Arg2 Arg2
> + @param[in] Arg3 Arg3
> + @param[in,out] Results Returned result of the Leaf function
> +
> + @return EFI_SUCCESS
> + @return Other See individual leaf functions
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdCall(
> + IN UINT64 Leaf,
> + IN UINT64 Arg1,
> + IN UINT64 Arg2,
> + IN UINT64 Arg3,
> + IN OUT VOID *Results
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the
> + host VMM to pass/receive information.
> +
> + @param[in] Leaf Number of sub-functions
> + @param[in] Arg1 Arg1
> + @param[in] Arg2 Arg2
> + @param[in] Arg3 Arg3
> + @param[in] Arg4 Arg4
> + @param[in,out] Results Returned result of the sub-function
> +
> + @return EFI_SUCCESS
> + @return Other See individual sub-functions
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdVmCall (
> + IN UINT64 Leaf,
> + IN UINT64 Arg1,
> + IN UINT64 Arg2,
> + IN UINT64 Arg3,
> + IN UINT64 Arg4,
> + IN OUT VOID *Results
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + This function enable the TD guest to request the VMM to emulate CPUID
> + operation, especially for non-architectural, CPUID leaves.
> +
> + @param[in] Eax Main leaf of the CPUID
> + @param[in] Ecx Sub-leaf of the CPUID
> + @param[in,out] Results Returned result of CPUID operation
> +
> + @return EFI_SUCCESS
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdVmCallCpuid (
> + IN UINT64 Eax,
> + IN UINT64 Ecx,
> + IN OUT VOID *Results
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> diff --git a/MdePkg/Library/TdxLib/TdxLibNull.inf
> b/MdePkg/Library/TdxLib/TdxLibNull.inf
> new file mode 100644
> index 000000000000..0d07595a8c3e
> --- /dev/null
> +++ b/MdePkg/Library/TdxLib/TdxLibNull.inf
> @@ -0,0 +1,33 @@
> +## @file
> +# Null Tdx library instance
> +#
> +# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the BSD
> License
> +# which accompanies this distribution. The full text of the license may be found
> at
> +# http://opensource.org/licenses/bsd-license.php.
> +#
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = TdxLibNull
> + FILE_GUID = 05C5E621-FC66-4420-9C80-F0DE9E5B95FF
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = TdxLib
> +
> +#
> +# The following information is for reference only and not required by the build
> tools.
> +#
> +# VALID_ARCHITECTURES = X64
> +#
> +
> +[Sources]
> + TdxLibNull.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> --
> 2.29.2.windows.2
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib
2021-03-09 6:12 ` [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib Min Xu
@ 2021-03-09 6:44 ` Yao, Jiewen
2021-03-09 8:27 ` Min Xu
0 siblings, 1 reply; 14+ messages in thread
From: Yao, Jiewen @ 2021-03-09 6:44 UTC (permalink / raw)
To: Xu, Min M, devel@edk2.groups.io
Cc: Justen, Jordan L, Laszlo Ersek, Reiland, Doug
Hi
May I understand why we need this : PcdUseTdxAcceptPage ?
I think accepting page is always required.
For PcdUseTdxEmulation, This is only for pre-production.
For real production, I don't think we need this one, right?
> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Tuesday, March 9, 2021 2:13 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Reiland, Doug <doug.reiland@intel.com>
> Subject: [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib
>
> TdxLib for OvmfPkg depends on the below PCDs
> - PcdUseTdxAcceptPage
> Indicate whether TdCall(AcceptPage) is used.
> - PcdUseTdxEmulation
> Indicate whether TdxEmulation is used.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> Signed-off-by: Doug Reiland <doug.reiland@intel.com>
> ---
> OvmfPkg/OvmfPkg.dec | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
> index 4348bb45c64a..68b3fd86d516 100644
> --- a/OvmfPkg/OvmfPkg.dec
> +++ b/OvmfPkg/OvmfPkg.dec
> @@ -317,6 +317,12 @@
> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42
> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43
>
> + ## Indicate whether TdCall(AcceptPage) is used.
> + gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxAcceptPage|TRUE|BOOLEAN|0x44
> + ## Indicate whether TdxEmulation is used.
> + gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxEmulation|0x1|UINT32|0x45
> +
> +
> [PcdsDynamic, PcdsDynamicEx]
> gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
>
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN
> |0x10
> --
> 2.29.2.windows.2
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF
2021-03-09 6:12 ` [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF Min Xu
@ 2021-03-09 6:46 ` Yao, Jiewen
0 siblings, 0 replies; 14+ messages in thread
From: Yao, Jiewen @ 2021-03-09 6:46 UTC (permalink / raw)
To: Xu, Min M, devel@edk2.groups.io
Cc: Justen, Jordan L, Laszlo Ersek, Reiland, Doug
Hi
Would you please try to merge TdxLib and TdxLibSec?
I am not sure if we really need two instance.
Also, can we remove MemoryAllocationLib ?
If it is just used to allocate aligned memory, can we allocate aligned memory in stack instead of heap ?
> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Tuesday, March 9, 2021 2:13 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Reiland, Doug <doug.reiland@intel.com>
> Subject: [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and
> DXE on OVMF
>
> The base TdxLib in MdePkg/Library provides a default limited interface.
> As it does not provide full support, create an OVMF version of this library
> to begin the process of providing full support of TDX in OVMF.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> Signed-off-by: Doug Reiland <doug.reiland@intel.com>
> ---
> OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++
> OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++
> OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++
> OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++
> OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++
> OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++
> OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 +++++++++++++++++++++++
> 7 files changed, 679 insertions(+)
> create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c
> create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c
> create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c
> create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf
> create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf
> create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
> create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
>
> diff --git a/OvmfPkg/Library/TdxLib/AcceptPages.c
> b/OvmfPkg/Library/TdxLib/AcceptPages.c
> new file mode 100644
> index 000000000000..3848bb6a95a4
> --- /dev/null
> +++ b/OvmfPkg/Library/TdxLib/AcceptPages.c
> @@ -0,0 +1,68 @@
> +/** @file
> +
> + There are 4 defined types in TD memory.
> + Unaccepted memory is a special type of private memory. The OVMF must
> + invoke TDCALL [TDG.MEM.PAGE.ACCEPT] the unaccepted memory before use
> it.
> +
> + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <IndustryStandard/Tdx.h>
> +#include <Library/TdxLib.h>
> +#include <Library/BaseMemoryLib.h>
> +
> +UINT64 mNumberOfDuplicatedAcceptedPages;
> +
> +/**
> + This function accept a pending private page, and initialize the page to
> + all-0 using the TD ephemeral private key.
> +
> + @param[in] StartAddress Guest physical address of the private
> + page to accept.
> + @param[in] NumberOfPages Number of the pages to be accepted.
> +
> + @return EFI_SUCCESS
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdAcceptPages (
> + IN UINT64 StartAddress,
> + IN UINT64 NumberOfPages
> + )
> +{
> + UINT64 Address;
> + UINT64 Status;
> + UINT64 Index;
> +
> + //
> + // Determine if we need to accept pages before use
> + //
> + if (FixedPcdGetBool(PcdUseTdxAcceptPage) == FALSE) {
> + return EFI_SUCCESS;
> + }
> +
> + Address = StartAddress;
> +
> + for( Index = 0; Index < NumberOfPages; Index++) {
> + Status = TdCall(TDCALL_TDACCEPTPAGE,Address, 0, 0, 0);
> + if (Status != TDX_EXIT_REASON_SUCCESS) {
> + if ((Status & ~0xFFULL) == TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED)
> {
> + ++mNumberOfDuplicatedAcceptedPages;
> + DEBUG((DEBUG_VERBOSE, "Address %llx already accepted. Total number
> of already accepted pages %ld\n",
> + Address, mNumberOfDuplicatedAcceptedPages));
> + } else {
> + DEBUG((DEBUG_ERROR, "Address %llx failed to be accepted. Error
> = %ld\n",
> + Address, Status));
> + ASSERT(Status == TDX_EXIT_REASON_SUCCESS);
> + }
> + }
> + Address += EFI_PAGE_SIZE;
> + }
> + return EFI_SUCCESS;
> +}
> +
> diff --git a/OvmfPkg/Library/TdxLib/Rtmr.c b/OvmfPkg/Library/TdxLib/Rtmr.c
> new file mode 100644
> index 000000000000..a4b36b6c4bef
> --- /dev/null
> +++ b/OvmfPkg/Library/TdxLib/Rtmr.c
> @@ -0,0 +1,80 @@
> +/** @file
> +
> + Extends one of the RTMR measurement registers in TDCS with the provided
> + extension data in memory.
> +
> + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/TdxLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <IndustryStandard/Tpm20.h>
> +#include <IndustryStandard/Tdx.h>
> +#include <Protocol/Tdx.h>
> +
> +#define RTMR_COUNT 4
> +
> +/**
> + This function extends one of the RTMR measurement register
> + in TDCS with the provided extension data in memory.
> + RTMR extending supports SHA384 which length is 48 bytes.
> +
> + @param[in] Data Point to the data to be extended
> + @param[in] DataLen Length of the data. Must be 48
> + @param[in] Index RTMR index
> +
> + @return EFI_SUCCESS
> + @return EFI_INVALID_PARAMETER
> + @return EFI_DEVICE_ERROR
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdExtendRtmr(
> + IN UINT32 *Data,
> + IN UINT32 DataLen,
> + IN UINT8 Index
> + )
> +{
> + EFI_STATUS Status;
> + UINT64 *Buffer;
> + UINT64 TdCallStatus;
> +
> + Status = EFI_SUCCESS;
> +
> + ASSERT(Index >= 0 && Index < RTMR_COUNT);
> + ASSERT(DataLen == SHA384_DIGEST_SIZE);
> +
> + //
> + // Allocate 64B aligned mem to hold the sha384 hash value
> + //
> + Buffer = AllocateAlignedPages(EFI_SIZE_TO_PAGES(SHA384_DIGEST_SIZE), 64);
> + if(Data == NULL){
> + return EFI_OUT_OF_RESOURCES;
> + }
> + CopyMem(Buffer, Data, SHA384_DIGEST_SIZE);
> +
> + TdCallStatus = TdCall(TDCALL_TDEXTENDRTMR, (UINT64)Buffer, Index, 0, 0);
> +
> + if(TdCallStatus == TDX_EXIT_REASON_SUCCESS){
> + Status = EFI_SUCCESS;
> + }else if(TdCallStatus == TDX_EXIT_REASON_OPERAND_INVALID){
> + Status = EFI_INVALID_PARAMETER;
> + }else{
> + Status = EFI_DEVICE_ERROR;
> + }
> +
> + if(Status != EFI_SUCCESS){
> + DEBUG((DEBUG_ERROR, "Error returned from TdExtendRtmr call - 0x%lx\n",
> TdCallStatus));
> + }
> +
> + FreeAlignedPages(Buffer, EFI_SIZE_TO_PAGES(SHA384_DIGEST_SIZE));
> +
> + return Status;
> +}
> diff --git a/OvmfPkg/Library/TdxLib/TdReport.c
> b/OvmfPkg/Library/TdxLib/TdReport.c
> new file mode 100644
> index 000000000000..ace213bcf467
> --- /dev/null
> +++ b/OvmfPkg/Library/TdxLib/TdReport.c
> @@ -0,0 +1,102 @@
> +/** @file
> +
> + Retrieve TDREPORT_STRUCT structure from TDX
> +
> + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <IndustryStandard/Tdx.h>
> +#include <Library/TdxLib.h>
> +
> +#define REPORT_STRUCT_SIZE 1024
> +#define ADDITIONAL_DATA_SIZE 64
> +
> +/**
> + This function retrieve TDREPORT_STRUCT structure from TDX.
> + The struct contains the measurements/configuration information of
> + the guest TD that called the function, measurements/configuratio
> + information of the TDX-SEAM module and a REPORTMACSTRUCT.
> + The REPORTMACSTRUCT is integrity protected with a MAC and
> + contains the hash of the measurements and configuration
> + as well as additional REPORTDATA provided by the TD software.
> +
> + AdditionalData, a 64-byte value, is provided by the guest TD
> + to be included in the TDREPORT
> +
> + @param[in,out] Report Holds the TEREPORT_STRUCT.
> + @param[in] ReportSize Size of the report. It must be
> + larger than 1024B.
> + @param[in] AdditionalData Point to the additional data.
> + @param[in] AdditionalDataSize Size of the additional data.
> + If AdditionalData != NULL, then
> + this value must be 64B.
> +
> + @return EFI_SUCCESS
> + @return EFI_INVALID_PARAMETER
> + @return EFI_DEVICE_ERROR
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdReport(
> + IN OUT UINT8 *Report,
> + IN UINT32 ReportSize,
> + IN UINT8 *AdditionalData,
> + IN UINT32 AdditionalDataSize
> + )
> +
> +{
> + EFI_STATUS Status;
> + UINT64 *Data;
> + UINT64 *Report_Struct;
> + UINT64 *Report_Data;
> + UINT64 TdCallStatus;
> +
> + if(ReportSize < REPORT_STRUCT_SIZE){
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if(AdditionalData != NULL && AdditionalDataSize != ADDITIONAL_DATA_SIZE){
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Data = AllocatePages(EFI_SIZE_TO_PAGES(REPORT_STRUCT_SIZE +
> ADDITIONAL_DATA_SIZE));
> + if(Data == NULL){
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + Report_Struct = Data;
> + Report_Data = Data + REPORT_STRUCT_SIZE;
> + if(AdditionalData != NULL){
> + CopyMem(Report_Data, AdditionalData, ADDITIONAL_DATA_SIZE);
> + }else{
> + ZeroMem(Report_Data, ADDITIONAL_DATA_SIZE);
> + }
> +
> + TdCallStatus = TdCall(TDCALL_TDREPORT, (UINT64)Report_Struct,
> (UINT64)Report_Data, 0, 0);
> +
> + if(TdCallStatus == TDX_EXIT_REASON_SUCCESS){
> + Status = EFI_SUCCESS;
> + }else if(TdCallStatus == TDX_EXIT_REASON_OPERAND_INVALID){
> + Status = EFI_INVALID_PARAMETER;
> + }else{
> + Status = EFI_DEVICE_ERROR;
> + }
> +
> + if(Status != EFI_SUCCESS){
> + DEBUG((DEBUG_ERROR, "Error returned from TdReport call - 0x%lx\n",
> TdCallStatus));
> + }else{
> + CopyMem(Report, Data, REPORT_STRUCT_SIZE);
> + }
> +
> + FreePages(Data, EFI_SIZE_TO_PAGES(REPORT_STRUCT_SIZE +
> ADDITIONAL_DATA_SIZE));
> +
> + return Status;
> +}
> diff --git a/OvmfPkg/Library/TdxLib/TdxLib.inf
> b/OvmfPkg/Library/TdxLib/TdxLib.inf
> new file mode 100644
> index 000000000000..f642de9e3a5f
> --- /dev/null
> +++ b/OvmfPkg/Library/TdxLib/TdxLib.inf
> @@ -0,0 +1,48 @@
> +## @file
> +# Tdx library
> +#
> +# Copyright (c) 2020- 2021, Intel Corporation. All rights reserved.<BR>
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the BSD
> License
> +# which accompanies this distribution. The full text of the license may be found
> at
> +# http://opensource.org/licenses/bsd-license.php.
> +#
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = TdxLib
> + FILE_GUID = 032A8E0D-0C27-40C0-9CAA-23B731C1B223
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = TdxLib|PEI_CORE PEIM DXE_CORE DXE_DRIVER
> DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION
> +
> +#
> +# The following information is for reference only and not required by the build
> tools.
> +#
> +# VALID_ARCHITECTURES = X64
> +#
> +
> +[Sources]
> + Rtmr.c
> + TdReport.c
> + AcceptPages.c
> + X64/Tdcall.nasm
> + X64/Tdvmcall.nasm
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + OvmfPkg/OvmfPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + DebugLib
> + MemoryAllocationLib
> +
> +[Pcd]
> + gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxAcceptPage
> + gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxEmulation
> diff --git a/OvmfPkg/Library/TdxLib/TdxLibSec.inf
> b/OvmfPkg/Library/TdxLib/TdxLibSec.inf
> new file mode 100644
> index 000000000000..82ef4f08be8c
> --- /dev/null
> +++ b/OvmfPkg/Library/TdxLib/TdxLibSec.inf
> @@ -0,0 +1,45 @@
> +## @file
> +# Tdx library for SEC phase.
> +#
> +# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the BSD
> License
> +# which accompanies this distribution. The full text of the license may be found
> at
> +# http://opensource.org/licenses/bsd-license.php.
> +#
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = TdxLibSec
> + FILE_GUID = 498E8E1E-5B11-41F3-9083-EEE3A32B009D
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = TdxLib|SEC
> +
> +#
> +# The following information is for reference only and not required by the build
> tools.
> +#
> +# VALID_ARCHITECTURES = X64
> +#
> +
> +[Sources]
> + AcceptPages.c
> + X64/Tdcall.nasm
> + X64/Tdvmcall.nasm
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + OvmfPkg/OvmfPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + DebugLib
> +
> +[Pcd]
> + gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxAcceptPage
> + gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxEmulation
> diff --git a/OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
> b/OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
> new file mode 100644
> index 000000000000..d0d55e2a9443
> --- /dev/null
> +++ b/OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
> @@ -0,0 +1,125 @@
> +;------------------------------------------------------------------------------
> +;*
> +;* Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +;* This program and the accompanying materials
> +;* are licensed and made available under the terms and conditions of the BSD
> License
> +;* which accompanies this distribution. The full text of the license may be
> found at
> +;* http://opensource.org/licenses/bsd-license.php
> +;*
> +;* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +;* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +;*
> +;*
> +;------------------------------------------------------------------------------
> +
> +DEFAULT REL
> +SECTION .text
> +
> +%macro tdcall 0
> +%if (FixedPcdGet32 (PcdUseTdxEmulation) != 0)
> + vmcall
> +%else
> + db 0x66,0x0f,0x01,0xcc
> +%endif
> +%endmacro
> +
> +%macro tdcall_push_regs 0
> + push rbp
> + mov rbp, rsp
> + push r15
> + push r14
> + push r13
> + push r12
> + push rbx
> + push rsi
> + push rdi
> +%endmacro
> +
> +%macro tdcall_pop_regs 0
> + pop rdi
> + pop rsi
> + pop rbx
> + pop r12
> + pop r13
> + pop r14
> + pop r15
> + pop rbp
> +%endmacro
> +
> +%define number_of_regs_pushed 8
> +%define number_of_parameters 4
> +
> +; Keep these in sync for push_regs/pop_regs, code below uses them to find 5th
> or greater parameters
> +%define first_variable_on_stack_offset (number_of_regs_pushed * 8) +
> (number_of_parameters * 8) + 8
> +%define second_variable_on_stack_offset (first_variable_on_stack_offset) + 8
> +
> +%macro tdcall_regs_preamble 2
> + mov rax, %1
> +
> + mov ecx, %2
> +
> + ; R10 = 0 (standard TDVMCALL)
> +
> + xor r10d, r10d
> +
> + ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
> + ; secrets to the VMM.
> +
> + xor ebx, ebx
> + xor esi, esi
> + xor edi, edi
> +
> + xor edx, edx
> + xor ebp, ebp
> + xor r8d, r8d
> + xor r9d, r9d
> +%endmacro
> +
> +%macro tdcall_regs_postamble 0
> + xor ebx, ebx
> + xor esi, esi
> + xor edi, edi
> +
> + xor ecx, ecx
> + xor edx, edx
> + xor r8d, r8d
> + xor r9d, r9d
> + xor r10d, r10d
> + xor r11d, r11d
> +%endmacro
> +
> +; TdCall (
> +; UINT64 Leaf, // Rcx
> +; UINT64 P1, // Rdx
> +; UINT64 P2, // R8
> +; UINT64 P3, // R9
> +; UINT64 Results, // rsp + 0x28
> +; )
> +global ASM_PFX(TdCall)
> +ASM_PFX(TdCall):
> + tdcall_push_regs
> +
> + mov rax, rcx
> + mov rcx, rdx
> + mov rdx, r8
> + mov r8, r9
> +
> + tdcall
> +
> + ; exit if tdcall reports failure.
> + test rax, rax
> + jnz .exit
> +
> + ; test if caller wanted results
> + mov r12, [rsp + first_variable_on_stack_offset ]
> + test r12, r12
> + jz .exit
> + mov [r12 + 0 ], rcx
> + mov [r12 + 8 ], rdx
> + mov [r12 + 16], r8
> + mov [r12 + 24], r9
> + mov [r12 + 32], r10
> + mov [r12 + 40], r11
> +.exit:
> + tdcall_pop_regs
> + ret
> diff --git a/OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
> b/OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
> new file mode 100644
> index 000000000000..e1da9b4fbdd6
> --- /dev/null
> +++ b/OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
> @@ -0,0 +1,211 @@
> +;------------------------------------------------------------------------------
> +;*
> +;* Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +;* This program and the accompanying materials
> +;* are licensed and made available under the terms and conditions of the BSD
> License
> +;* which accompanies this distribution. The full text of the license may be
> found at
> +;* http://opensource.org/licenses/bsd-license.php
> +;*
> +;* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +;* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +;*
> +;*
> +;------------------------------------------------------------------------------
> +
> +DEFAULT REL
> +SECTION .text
> +
> +%define TDVMCALL_EXPOSE_REGS_MASK 0xffec
> +%define TDVMCALL 0x0
> +%define EXIT_REASON_CPUID 0xa
> +
> +%macro tdcall 0
> +%if (FixedPcdGet32 (PcdUseTdxEmulation) != 0)
> + vmcall
> +%else
> + db 0x66,0x0f,0x01,0xcc
> +%endif
> +%endmacro
> +
> +%macro tdcall_push_regs 0
> + push rbp
> + mov rbp, rsp
> + push r15
> + push r14
> + push r13
> + push r12
> + push rbx
> + push rsi
> + push rdi
> +%endmacro
> +
> +%macro tdcall_pop_regs 0
> + pop rdi
> + pop rsi
> + pop rbx
> + pop r12
> + pop r13
> + pop r14
> + pop r15
> + pop rbp
> +%endmacro
> +
> +%define number_of_regs_pushed 8
> +%define number_of_parameters 4
> +
> +; Keep these in sync for push_regs/pop_regs, code below uses them to find 5th
> or greater parameters
> +%define first_variable_on_stack_offset (number_of_regs_pushed * 8) +
> (number_of_parameters * 8) + 8
> +%define second_variable_on_stack_offset (first_variable_on_stack_offset) + 8
> +
> +%macro tdcall_regs_preamble 2
> + mov rax, %1
> +
> + mov ecx, %2
> +
> + ; R10 = 0 (standard TDVMCALL)
> +
> + xor r10d, r10d
> +
> + ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
> + ; secrets to the VMM.
> +
> + xor ebx, ebx
> + xor esi, esi
> + xor edi, edi
> +
> + xor edx, edx
> + xor ebp, ebp
> + xor r8d, r8d
> + xor r9d, r9d
> +%endmacro
> +
> +%macro tdcall_regs_postamble 0
> + xor ebx, ebx
> + xor esi, esi
> + xor edi, edi
> +
> + xor ecx, ecx
> + xor edx, edx
> + xor r8d, r8d
> + xor r9d, r9d
> + xor r10d, r10d
> + xor r11d, r11d
> +%endmacro
> +
> +;------------------------------------------------------------------------------
> +; 0 => RAX = TDCALL leaf
> +; M => RCX = TDVMCALL register behavior
> +; 1 => R10 = standard vs. vendor
> +; RDI => R11 = TDVMCALL function / nr
> +; RSI = R12 = p1
> +; RDX => R13 = p2
> +; RCX => R14 = p3
> +; R8 => R15 = p4
> +
> +; UINT64
> +; EFIAPI
> +; TdVmCall (
> +; UINT64 Leaf, // Rcx
> +; UINT64 P1, // Rdx
> +; UINT64 P2, // R8
> +; UINT64 P3, // R9
> +; UINT64 P4, // rsp + 0x28
> +; UINT64 *Val // rsp + 0x30
> +; )
> +global ASM_PFX(TdVmCall)
> +ASM_PFX(TdVmCall):
> + tdcall_push_regs
> +
> + mov r11, rcx
> + mov r12, rdx
> + mov r13, r8
> + mov r14, r9
> + mov r15, [rsp + first_variable_on_stack_offset ]
> +
> + tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
> +
> + tdcall
> +
> + ; ignore return dataif TDCALL reports failure.
> + test rax, rax
> + jnz .no_return_data
> +
> + ; Propagate TDVMCALL success/failure to return value.
> + mov rax, r10
> +
> + ; Retrieve the Val pointer.
> + mov r9, [rsp + second_variable_on_stack_offset ]
> + test r9, r9
> + jz .no_return_data
> +
> + ; On success, propagate TDVMCALL output value to output param
> + test rax, rax
> + jnz .no_return_data
> + mov [r9], r11
> +.no_return_data:
> + tdcall_regs_postamble
> +
> + tdcall_pop_regs
> +
> + ret
> +
> +;------------------------------------------------------------------------------
> +; 0 => RAX = TDCALL leaf
> +; M => RCX = TDVMCALL register behavior
> +; 1 => R10 = standard vs. vendor
> +; RDI => R11 = TDVMCALL function / nr
> +; RSI = R12 = p1
> +; RDX => R13 = p2
> +; RCX => R14 = p3
> +; R8 => R15 = p4
> +
> +; UINT64
> +; EFIAPI
> +; TdVmCallCpuid (
> +; UINT64 EaxIn, // Rcx
> +; UINT64 EcxIn, // Rdx
> +; UINT64 *Results // R8
> +; )
> +global ASM_PFX(TdVmCallCpuid)
> +ASM_PFX(TdVmCallCpuid):
> + tdcall_push_regs
> +
> + mov r11, EXIT_REASON_CPUID
> + mov r12, rcx
> + mov r13, rdx
> +
> + tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
> +
> + ; Save *results pointers
> + push r8
> +
> + tdcall
> +
> + ; Panic if TDCALL reports failure.
> + test rax, rax
> + jnz .no_return_data
> +
> + ; Propagate TDVMCALL success/failure to return value.
> + mov rax, r10
> + test rax, rax
> + jnz .no_return_data
> +
> + ; Retrieve *Results
> + pop r8
> + test r8, r8
> + jnz .no_return_data
> + ; Caller pass in buffer so store results r12-r15 contains eax-edx
> + mov [r8 + 0], r12
> + mov [r8 + 8], r13
> + mov [r8 + 16], r14
> + mov [r8 + 24], r15
> +
> +.no_return_data:
> + tdcall_regs_postamble
> +
> + tdcall_pop_regs
> +
> + ret
> +
> +.panic:
> + ud2
> --
> 2.29.2.windows.2
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 1/3] MdePkg: Add Tdx support lib
2021-03-09 6:25 ` Yao, Jiewen
@ 2021-03-09 8:23 ` Min Xu
0 siblings, 0 replies; 14+ messages in thread
From: Min Xu @ 2021-03-09 8:23 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Liming Gao, Liu, Zhiguang, Reiland, Doug
Hi, Jiewen
See comments inline.
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Tuesday, March 9, 2021 2:25 PM
> To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
> Cc: Liming Gao <gaoliming@byosoft.com.cn>; Liu, Zhiguang
> <zhiguang.liu@intel.com>; Reiland, Doug <doug.reiland@intel.com>
> Subject: RE: [PATCH V3 1/3] MdePkg: Add Tdx support lib
>
> Hi Min
> Some recommendation:
>
> 1) Please separate 1 big patch to multiple smaller ones.
> 1 patch for TdxLib
> 1 patch for Tdx protocol.
> 1 patch for TDX event log ACPI table.
> 1 patch for TDX Library.
>
The big patch will be separated to smaller ones in next version.
> 2) The ACPI definition from TDX protocol should be isolated to TdxAcpi.h
>
> #define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', 'L')
OK. TdxAcpi.h will be added in next version.
> 3) There is no description for TD protocol itself and TD event data ACPI table.
> Please add them.
>
> You may copy some content from the specification.
Description will be added in next version.
> 4) I think we are following TDX spec to provide TdxLib.
> I don't see the need to provide NULL version in MdePkg. We can put real
> TdxLib to MdePkg.
Agree. Will update in next version.
> 5) If possible, please provide TDX spec link in the file header comment
> session.
> As such, the reviewer can check the spec easily.
The TDX spec link will be added.
>
> > -----Original Message-----
> > From: Xu, Min M <min.m.xu@intel.com>
> > Sent: Tuesday, March 9, 2021 2:13 PM
> > To: devel@edk2.groups.io
> > Cc: Xu, Min M <min.m.xu@intel.com>; Liming Gao
> > <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> > Yao, Jiewen <jiewen.yao@intel.com>; Reiland, Doug
> > <doug.reiland@intel.com>
> > Subject: [PATCH V3 1/3] MdePkg: Add Tdx support lib
> >
> > Intel Trust Domain Extension (Intel TDX) refers to an Intel technology
> > that extends Virtual Machines Extensions (VMX) and Multi-Key Total
> > Memory Encryption (MKTME) with a new kind of virtual machine guest
> > called a Trust Domain (TD).
> >
> > TdxLib is created with functions to perform the related Tdx operation.
> > This includes functions for:
> > - TdCall : to cause a VM exit to the Intel TDX module
> > - TdVmCall : it is a leaf function 0 for TDCALL
> > - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
> > - TdReport : to retrieve TDREPORT_STRUCT
> > - TdAcceptPages : to accept pending private pages
> > - TdExtendRtmr : to extend one of the RTMR registers
> >
> > The base function in this dirver will not do anything and will return
> > an error if a return value is required. It is expected that other
> > packages (like OvmfPkg) will create a version of the library to fully
> > support a TD guest.
> >
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> >
> > Signed-off-by: Min Xu <min.m.xu@intel.com>
> > Signed-off-by: Doug Reiland <doug.reiland@intel.com>
> > ---
> > MdePkg/Include/IndustryStandard/Tdx.h | 201
> ++++++++++++++++++++++++++
> > MdePkg/Include/Library/TdxLib.h | 165 +++++++++++++++++++++
> > MdePkg/Include/Protocol/Tdx.h | 29 ++++
> > MdePkg/Library/TdxLib/TdxLibNull.c | 155 ++++++++++++++++++++
> > MdePkg/Library/TdxLib/TdxLibNull.inf | 33 +++++
> > 5 files changed, 583 insertions(+)
> > create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
> > create mode 100644 MdePkg/Include/Library/TdxLib.h create mode
> > 100644 MdePkg/Include/Protocol/Tdx.h create mode 100644
> > MdePkg/Library/TdxLib/TdxLibNull.c
> > create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf
> >
> > diff --git a/MdePkg/Include/IndustryStandard/Tdx.h
> > b/MdePkg/Include/IndustryStandard/Tdx.h
> > new file mode 100644
> > index 000000000000..dbcc31c26528
> > --- /dev/null
> > +++ b/MdePkg/Include/IndustryStandard/Tdx.h
> > @@ -0,0 +1,201 @@
> > +/** @file
> > + Intel Trust Domain Extension definitions
> > +
> > + Copyright (c) 2020 - 2021, Intel Corporation. All rights
> > + reserved.<BR> This program and the accompanying materials are
> > + licensed and made available under the terms and conditions of the
> > + BSD
> > License
> > + which accompanies this distribution. The full text of the license
> > + may be found
> > at
> > + http://opensource.org/licenses/bsd-license.php
> > +
> > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > + BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER
> > EXPRESS OR IMPLIED.
> > +
> > +**/
> > +
> > +#ifndef _TDX_H_
> > +#define _TDX_H_
> > +
> > +#define EXIT_REASON_EXTERNAL_INTERRUPT 1
> > +#define EXIT_REASON_TRIPLE_FAULT 2
> > +
> > +#define EXIT_REASON_PENDING_INTERRUPT 7
> > +#define EXIT_REASON_NMI_WINDOW 8
> > +#define EXIT_REASON_TASK_SWITCH 9
> > +#define EXIT_REASON_CPUID 10
> > +#define EXIT_REASON_HLT 12
> > +#define EXIT_REASON_INVD 13
> > +#define EXIT_REASON_INVLPG 14
> > +#define EXIT_REASON_RDPMC 15
> > +#define EXIT_REASON_RDTSC 16
> > +#define EXIT_REASON_VMCALL 18
> > +#define EXIT_REASON_VMCLEAR 19
> > +#define EXIT_REASON_VMLAUNCH 20
> > +#define EXIT_REASON_VMPTRLD 21
> > +#define EXIT_REASON_VMPTRST 22
> > +#define EXIT_REASON_VMREAD 23
> > +#define EXIT_REASON_VMRESUME 24
> > +#define EXIT_REASON_VMWRITE 25
> > +#define EXIT_REASON_VMOFF 26
> > +#define EXIT_REASON_VMON 27
> > +#define EXIT_REASON_CR_ACCESS 28
> > +#define EXIT_REASON_DR_ACCESS 29
> > +#define EXIT_REASON_IO_INSTRUCTION 30
> > +#define EXIT_REASON_MSR_READ 31
> > +#define EXIT_REASON_MSR_WRITE 32
> > +#define EXIT_REASON_INVALID_STATE 33
> > +#define EXIT_REASON_MSR_LOAD_FAIL 34
> > +#define EXIT_REASON_MWAIT_INSTRUCTION 36
> > +#define EXIT_REASON_MONITOR_TRAP_FLAG 37
> > +#define EXIT_REASON_MONITOR_INSTRUCTION 39
> > +#define EXIT_REASON_PAUSE_INSTRUCTION 40
> > +#define EXIT_REASON_MCE_DURING_VMENTRY 41 #define
> > +EXIT_REASON_TPR_BELOW_THRESHOLD 43
> > +#define EXIT_REASON_APIC_ACCESS 44
> > +#define EXIT_REASON_EOI_INDUCED 45
> > +#define EXIT_REASON_GDTR_IDTR 46
> > +#define EXIT_REASON_LDTR_TR 47
> > +#define EXIT_REASON_EPT_VIOLATION 48
> > +#define EXIT_REASON_EPT_MISCONFIG 49
> > +#define EXIT_REASON_INVEPT 50
> > +#define EXIT_REASON_RDTSCP 51
> > +#define EXIT_REASON_PREEMPTION_TIMER 52
> > +#define EXIT_REASON_INVVPID 53
> > +#define EXIT_REASON_WBINVD 54
> > +#define EXIT_REASON_XSETBV 55
> > +#define EXIT_REASON_APIC_WRITE 56
> > +#define EXIT_REASON_RDRAND 57
> > +#define EXIT_REASON_INVPCID 58
> > +#define EXIT_REASON_VMFUNC 59
> > +#define EXIT_REASON_ENCLS 60
> > +#define EXIT_REASON_RDSEED 61
> > +#define EXIT_REASON_PML_FULL 62
> > +#define EXIT_REASON_XSAVES 63
> > +#define EXIT_REASON_XRSTORS 64
> > +
> > +// TDCALL API Function Completion Status Codes
> > +#define TDX_EXIT_REASON_SUCCESS 0x0000000000000000
> > +#define TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED
> > 0x00000B0A00000000
> > +#define TDX_EXIT_REASON_OPERAND_INVALID
> 0xC000010000000000
> > +#define TDX_EXIT_REASON_OPERAND_BUSY
> 0x8000020000000000
> > +
> > +#define TDCALL_TDVMCALL 0
> > +#define TDCALL_TDINFO 1
> > +#define TDCALL_TDEXTENDRTMR 2
> > +#define TDCALL_TDGETVEINFO 3
> > +#define TDCALL_TDREPORT 4
> > +#define TDCALL_TDSETCPUIDVE 5
> > +#define TDCALL_TDACCEPTPAGE 6
> > +
> > +#define TDVMCALL_CPUID 0x0000a
> > +#define TDVMCALL_HALT 0x0000c
> > +#define TDVMCALL_IO 0x0001e
> > +#define TDVMCALL_RDMSR 0x0001f
> > +#define TDVMCALL_WRMSR 0x00020
> > +#define TDVMCALL_MMIO 0x00030
> > +#define TDVMCALL_PCONFIG 0x00041
> > +
> > +#define TDVMCALL_GET_TDVMCALL_INFO 0x10000
> > +#define TDVMCALL_MAPGPA 0x10001
> > +#define TDVMCALL_GET_QUOTE 0x10002
> > +#define TDVMCALL_REPORT_FATAL_ERR 0x10003
> > +#define TDVMCALL_SETUP_EVENT_NOTIFY 0x10004
> > +
> > +#pragma pack(1)
> > +typedef struct {
> > + UINT64 Data[6];
> > +} TDCALL_GENERIC_RETURN_DATA;
> > +
> > +typedef struct {
> > + UINT64 Gpaw;
> > + UINT64 Attributes;
> > + UINT32 MaxVcpus;
> > + UINT32 NumVcpus;
> > + UINT64 Resv[3];
> > +} TDCALL_INFO_RETURN_DATA;
> > +
> > +typedef union {
> > + UINT64 Val;
> > + struct {
> > + UINT32 Size:3;
> > + UINT32 Direction:1;
> > + UINT32 String:1;
> > + UINT32 Rep:1;
> > + UINT32 Encoding:1;
> > + UINT32 Resv:9;
> > + UINT32 Port:16;
> > + UINT32 Resv2;
> > + } Io;
> > +} VMX_EXIT_QUALIFICATION;
> > +
> > +typedef struct {
> > + UINT32 ExitReason;
> > + UINT32 Resv;
> > + VMX_EXIT_QUALIFICATION ExitQualification;
> > + UINT64 GuestLA;
> > + UINT64 GuestPA;
> > + UINT32 ExitInstructionLength;
> > + UINT32 ExitInstructionInfo;
> > + UINT32 Resv1;
> > +} TDCALL_VEINFO_RETURN_DATA;
> > +
> > +typedef union {
> > + TDCALL_GENERIC_RETURN_DATA Generic;
> > + TDCALL_INFO_RETURN_DATA TdInfo;
> > + TDCALL_VEINFO_RETURN_DATA VeInfo;
> > +} TD_RETURN_DATA;
> > +
> > +/* data structure used in TDREPORT_STRUCT */ typedef struct{
> > + UINT8 Type;
> > + UINT8 Subtype;
> > + UINT8 Version;
> > + UINT8 Rsvd;
> > +}TD_REPORT_TYPE;
> > +
> > +typedef struct{
> > + TD_REPORT_TYPE ReportType;
> > + UINT8 Rsvd1[12];
> > + UINT8 CpuSvn[16];
> > + UINT8 TeeTcbInfoHash[48];
> > + UINT8 TeeInfoHash[48];
> > + UINT8 ReportData[64];
> > + UINT8 Rsvd2[32];
> > + UINT8 Mac[32];
> > +}REPORTMACSTRUCT;
> > +
> > +typedef struct{
> > + UINT8 Seam[2];
> > + UINT8 Rsvd[14];
> > +}TEE_TCB_SVN;
> > +
> > +typedef struct{
> > + UINT8 Valid[8];
> > + TEE_TCB_SVN TeeTcbSvn;
> > + UINT8 Mrseam[48];
> > + UINT8 Mrsignerseam[48];
> > + UINT8 Attributes[8];
> > + UINT8 Rsvd[111];
> > +}TEE_TCB_INFO;
> > +
> > +typedef struct{
> > + UINT8 Attributes[8];
> > + UINT8 Xfam[8];
> > + UINT8 Mrtd[48];
> > + UINT8 Mrconfigid[48];
> > + UINT8 Mrowner[48];
> > + UINT8 Mrownerconfig[48];
> > + UINT8 Rtmrs[4][48];
> > + UINT8 Rsvd[112];
> > +}TDINFO;
> > +
> > +typedef struct{
> > + REPORTMACSTRUCT ReportMacStruct;
> > + TEE_TCB_INFO TeeTcbInfo;
> > + UINT8 Rsvd[17];
> > + TDINFO Tdinfo;
> > +}TDREPORT_STRUCT;
> > +
> > +#pragma pack()
> > +
> > +#endif
> > +
> > diff --git a/MdePkg/Include/Library/TdxLib.h
> > b/MdePkg/Include/Library/TdxLib.h new file mode 100644 index
> > 000000000000..5e8634c6df79
> > --- /dev/null
> > +++ b/MdePkg/Include/Library/TdxLib.h
> > @@ -0,0 +1,165 @@
> > +/** @file
> > + TdxLib definitions
> > +
> > + Copyright (c) 2020 - 2021, Intel Corporation. All rights
> > + reserved.<BR> This program and the accompanying materials are
> > + licensed and made available under the terms and conditions of the
> > + BSD
> > License
> > + which accompanies this distribution. The full text of the license
> > + may be found
> > at
> > + http://opensource.org/licenses/bsd-license.php
> > +
> > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > + BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER
> > EXPRESS OR IMPLIED.
> > +
> > +**/
> > +
> > +#ifndef _TDX_LIB_H_
> > +#define _TDX_LIB_H_
> > +
> > +#include <Library/BaseLib.h>
> > +#include <Uefi/UefiBaseType.h>
> > +#include <Library/DebugLib.h>
> > +#include <Protocol/DebugSupport.h>
> > +
> > +/**
> > + This function retrieve TDREPORT_STRUCT structure from TDX.
> > + The struct contains the measurements/configuration information of
> > + the guest TD that called the function, measurements/configuratio
> > + information of the TDX-SEAM module and a REPORTMACSTRUCT.
> > + The REPORTMACSTRUCT is integrity protected with a MAC and
> > + contains the hash of the measurements and configuration
> > + as well as additional REPORTDATA provided by the TD software.
> > +
> > + AdditionalData, a 64-byte value, is provided by the guest TD to be
> > + included in the TDREPORT
> > +
> > + @param[in,out] Report Holds the TEREPORT_STRUCT.
> > + @param[in] ReportSize Size of the report. It must be
> > + larger than 1024B.
> > + @param[in] AdditionalData Point to the additional data.
> > + @param[in] AdditionalDataSize Size of the additional data.
> > + If AdditionalData != NULL, then
> > + this value must be 64B.
> > +
> > + @return EFI_SUCCESS
> > + @return EFI_INVALID_PARAMETER
> > + @return EFI_DEVICE_ERROR
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdReport(
> > + IN OUT UINT8 *Report,
> > + IN UINT32 ReportSize,
> > + IN UINT8 *AdditionalData,
> > + IN UINT32 AdditionalDataSize
> > +);
> > +
> > +/**
> > + This function accept a pending private page, and initialize the
> > +page to
> > + all-0 using the TD ephemeral private key.
> > +
> > + @param[in] StartAddress Guest physical address of the private page
> > + to accept.
> > + @param[in] NumberOfPages Number of the pages to be accepted.
> > +
> > + @return EFI_SUCCESS
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdAcceptPages (
> > + IN UINT64 StartAddress,
> > + IN UINT64 NumberOfPages
> > + );
> > +
> > +/**
> > + This function extends one of the RTMR measurement register
> > + in TDCS with the provided extension data in memory.
> > + RTMR extending supports SHA384 which length is 48 bytes.
> > +
> > + @param[in] Data Point to the data to be extended
> > + @param[in] DataLen Length of the data. Must be 48
> > + @param[in] Index RTMR index
> > +
> > + @return EFI_SUCCESS
> > + @return EFI_INVALID_PARAMETER
> > + @return EFI_DEVICE_ERROR
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdExtendRtmr(
> > + IN UINT32 *Data,
> > + IN UINT32 DataLen,
> > + IN UINT8 PcrIndex
> > + );
> > +
> > +/**
> > + The TDCALL instruction causes a VM exit to the Intel TDX module.
> > +It is
> > + used to call guest-side Intel TDX functions, either local or a TD
> > +exit
> > + to the host VMM, as selected by Leaf.
> > + Leaf functions are described at
> > +<https://software.intel.com/content/
> > + www/us/en/develop/articles/intel-trust-domain-extensions.html>
> > +
> > + @param[in] Leaf Leaf number of TDCALL instruction
> > + @param[in] Arg1 Arg1
> > + @param[in] Arg2 Arg2
> > + @param[in] Arg3 Arg3
> > + @param[in,out] Results Returned result of the Leaf function
> > +
> > + @return EFI_SUCCESS
> > + @return Other See individual leaf functions
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdCall(
> > + IN UINT64 Leaf,
> > + IN UINT64 Arg1,
> > + IN UINT64 Arg2,
> > + IN UINT64 Arg3,
> > + IN OUT VOID *Results
> > + );
> > +
> > +/**
> > + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services
> > +from the
> > + host VMM to pass/receive information.
> > +
> > + @param[in] Leaf Number of sub-functions
> > + @param[in] Arg1 Arg1
> > + @param[in] Arg2 Arg2
> > + @param[in] Arg3 Arg3
> > + @param[in] Arg4 Arg4
> > + @param[in,out] Results Returned result of the sub-function
> > +
> > + @return EFI_SUCCESS
> > + @return Other See individual sub-functions
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdVmCall (
> > + IN UINT64 Leaf,
> > + IN UINT64 Arg1,
> > + IN UINT64 Arg2,
> > + IN UINT64 Arg3,
> > + IN UINT64 Arg4,
> > + IN OUT VOID *Results
> > + );
> > +
> > +/**
> > + This function enable the TD guest to request the VMM to emulate
> > +CPUID
> > + operation, especially for non-architectural, CPUID leaves.
> > +
> > + @param[in] Eax Main leaf of the CPUID
> > + @param[in] Ecx Sub-leaf of the CPUID
> > + @param[out] Results Returned result of CPUID operation
> > +
> > + @return EFI_SUCCESS
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdVmCallCpuid (
> > + IN UINT64 Eax,
> > + IN UINT64 Ecx,
> > + OUT VOID *Results
> > + );
> > +#endif
> > diff --git a/MdePkg/Include/Protocol/Tdx.h
> > b/MdePkg/Include/Protocol/Tdx.h new file mode 100644 index
> > 000000000000..b5e9b19c1276
> > --- /dev/null
> > +++ b/MdePkg/Include/Protocol/Tdx.h
> > @@ -0,0 +1,29 @@
> > +/** @file
> > + If TD-Guest firmware supports measurement and an event is created,
> > +TD-
> > Guest
> > + firmware is designed to report the event log with the same data
> > + structure in TCG-Platform-Firmware-Profile specification with
> > + EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
> > +
> > + The TD-Guest firmware supports measurement, the TD Guest Firmware
> > + is
> > designed
> > + to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID
> to
> > report
> > + event log and provides hash capability.
> > +
> > +Copyright (c) 2020 - 2021, Intel Corporation. All rights
> > +reserved.<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +
> > +#ifndef __EFI_TDX_H__
> > +#define __EFI_TDX_H__
> > +
> > +#include <Uefi/UefiBaseType.h>
> > +
> > +#define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E',
> > +'L')
> > +
> > +#define EFI_TD_PROTOCOL_GUID \
> > + {0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67,
> > +0xae,
> > 0x6b }}
> > +extern EFI_GUID gEfiTdProtocolGuid;
> > +
> > +
> > +#endif
> > diff --git a/MdePkg/Library/TdxLib/TdxLibNull.c
> > b/MdePkg/Library/TdxLib/TdxLibNull.c
> > new file mode 100644
> > index 000000000000..8d759e4d33a4
> > --- /dev/null
> > +++ b/MdePkg/Library/TdxLib/TdxLibNull.c
> > @@ -0,0 +1,155 @@
> > +/** @file
> > + Null instance of TdxLib.
> > +
> > + Copyright (c) 2020 - 2021, Intel Corporation. All rights
> > + reserved.<BR> This program and the accompanying materials are
> > + licensed and made available under the terms and conditions of the
> > + BSD
> > License
> > + which accompanies this distribution. The full text of the license
> > + may be found
> > at
> > + http://opensource.org/licenses/bsd-license.php
> > +
> > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > + BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER
> > EXPRESS OR IMPLIED.
> > +
> > +**/
> > +
> > +
> > +#include <Library/BaseLib.h>
> > +#include <Library/DebugLib.h>
> > +#include <IndustryStandard/Tdx.h>
> > +#include <Library/TdxLib.h>
> > +
> > +/**
> > + This function retrieve TDREPORT_STRUCT structure from TDX.
> > + The struct contains the measurements/configuration information of
> > + the guest TD that called the function, measurements/configuratio
> > + information of the TDX-SEAM module and a REPORTMACSTRUCT.
> > + The REPORTMACSTRUCT is integrity protected with a MAC and
> > + contains the hash of the measurements and configuration
> > + as well as additional REPORTDATA provided by the TD software.
> > +
> > + AdditionalData, a 64-byte value, is provided by the guest TD to be
> > + included in the TDREPORT
> > +
> > + @param[in,out] Report Holds the TEREPORT_STRUCT.
> > + @param[in] ReportSize Size of the report. It must be
> > + larger than 1024B.
> > + @param[in] AdditionalData Point to the additional data.
> > + @param[in] AdditionalDataSize Size of the additional data.
> > + If AdditionalData != NULL, then
> > + this value must be 64B.
> > +
> > + @return EFI_SUCCESS
> > + @return EFI_INVALID_PARAMETER
> > + @return EFI_DEVICE_ERROR
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdReport(
> > + IN OUT UINT8 *Report,
> > + IN UINT32 ReportSize,
> > + IN UINT8 *AdditionalData,
> > + IN UINT32 AdditionalDataSize
> > + )
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + This function accept a pending private page, and initialize the
> > +page to
> > + all-0 using the TD ephemeral private key.
> > +
> > + @param[in] StartAddress Guest physical address of the private page
> > + to accept.
> > + @param[in] NumberOfPages Number of the pages to be accepted.
> > +
> > + @return EFI_UNSUPPORTED
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdAcceptPages (
> > + IN UINT64 StartAddress,
> > + IN UINT64 NumberOfPages
> > + )
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + The TDCALL instruction causes a VM exit to the Intel TDX module.
> > +It is
> > + used to call guest-side Intel TDX functions, either local or a TD
> > +exit
> > + to the host VMM, as selected by Leaf.
> > + Leaf functions are described at
> > +<https://software.intel.com/content/
> > + www/us/en/develop/articles/intel-trust-domain-extensions.html>
> > +
> > + @param[in] Leaf Leaf number of TDCALL instruction
> > + @param[in] Arg1 Arg1
> > + @param[in] Arg2 Arg2
> > + @param[in] Arg3 Arg3
> > + @param[in,out] Results Returned result of the Leaf function
> > +
> > + @return EFI_SUCCESS
> > + @return Other See individual leaf functions
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdCall(
> > + IN UINT64 Leaf,
> > + IN UINT64 Arg1,
> > + IN UINT64 Arg2,
> > + IN UINT64 Arg3,
> > + IN OUT VOID *Results
> > + )
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services
> > +from the
> > + host VMM to pass/receive information.
> > +
> > + @param[in] Leaf Number of sub-functions
> > + @param[in] Arg1 Arg1
> > + @param[in] Arg2 Arg2
> > + @param[in] Arg3 Arg3
> > + @param[in] Arg4 Arg4
> > + @param[in,out] Results Returned result of the sub-function
> > +
> > + @return EFI_SUCCESS
> > + @return Other See individual sub-functions
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdVmCall (
> > + IN UINT64 Leaf,
> > + IN UINT64 Arg1,
> > + IN UINT64 Arg2,
> > + IN UINT64 Arg3,
> > + IN UINT64 Arg4,
> > + IN OUT VOID *Results
> > + )
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + This function enable the TD guest to request the VMM to emulate
> > +CPUID
> > + operation, especially for non-architectural, CPUID leaves.
> > +
> > + @param[in] Eax Main leaf of the CPUID
> > + @param[in] Ecx Sub-leaf of the CPUID
> > + @param[in,out] Results Returned result of CPUID operation
> > +
> > + @return EFI_SUCCESS
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TdVmCallCpuid (
> > + IN UINT64 Eax,
> > + IN UINT64 Ecx,
> > + IN OUT VOID *Results
> > + )
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > diff --git a/MdePkg/Library/TdxLib/TdxLibNull.inf
> > b/MdePkg/Library/TdxLib/TdxLibNull.inf
> > new file mode 100644
> > index 000000000000..0d07595a8c3e
> > --- /dev/null
> > +++ b/MdePkg/Library/TdxLib/TdxLibNull.inf
> > @@ -0,0 +1,33 @@
> > +## @file
> > +# Null Tdx library instance
> > +#
> > +# Copyright (c) 2020 - 2021, Intel Corporation. All rights
> > +reserved.<BR> # This program and the accompanying materials # are
> > +licensed and made available under the terms and conditions of the BSD
> > License
> > +# which accompanies this distribution. The full text of the license
> > +may be found
> > at
> > +# http://opensource.org/licenses/bsd-license.php.
> > +#
> > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > BASIS,
> > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> > EXPRESS OR IMPLIED.
> > +#
> > +##
> > +
> > +[Defines]
> > + INF_VERSION = 0x00010005
> > + BASE_NAME = TdxLibNull
> > + FILE_GUID = 05C5E621-FC66-4420-9C80-F0DE9E5B95FF
> > + MODULE_TYPE = BASE
> > + VERSION_STRING = 1.0
> > + LIBRARY_CLASS = TdxLib
> > +
> > +#
> > +# The following information is for reference only and not required by
> > +the build
> > tools.
> > +#
> > +# VALID_ARCHITECTURES = X64
> > +#
> > +
> > +[Sources]
> > + TdxLibNull.c
> > +
> > +[Packages]
> > + MdePkg/MdePkg.dec
> > --
> > 2.29.2.windows.2
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib
2021-03-09 6:44 ` Yao, Jiewen
@ 2021-03-09 8:27 ` Min Xu
0 siblings, 0 replies; 14+ messages in thread
From: Min Xu @ 2021-03-09 8:27 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Justen, Jordan L, Laszlo Ersek, Reiland, Doug
Hi, Jiewen
See comments inline.
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Tuesday, March 9, 2021 2:44 PM
> To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Reiland, Doug <doug.reiland@intel.com>
> Subject: RE: [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib
>
> Hi
> May I understand why we need this : PcdUseTdxAcceptPage ?
> I think accepting page is always required.
This PCD is for test purpose in early development. It doesn't make sense
any more. It will be removed in next version.
>
> For PcdUseTdxEmulation, This is only for pre-production.
> For real production, I don't think we need this one, right?
This PCD is for test in SDV environment which emulate the Tdcall by calling
vmcall. It will be removed in next version.
>
> > -----Original Message-----
> > From: Xu, Min M <min.m.xu@intel.com>
> > Sent: Tuesday, March 9, 2021 2:13 PM
> > To: devel@edk2.groups.io
> > Cc: Xu, Min M <min.m.xu@intel.com>; Justen, Jordan L
> > <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Yao,
> > Jiewen <jiewen.yao@intel.com>; Reiland, Doug <doug.reiland@intel.com>
> > Subject: [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib
> >
> > TdxLib for OvmfPkg depends on the below PCDs
> > - PcdUseTdxAcceptPage
> > Indicate whether TdCall(AcceptPage) is used.
> > - PcdUseTdxEmulation
> > Indicate whether TdxEmulation is used.
> >
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> >
> > Signed-off-by: Min Xu <min.m.xu@intel.com>
> > Signed-off-by: Doug Reiland <doug.reiland@intel.com>
> > ---
> > OvmfPkg/OvmfPkg.dec | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index
> > 4348bb45c64a..68b3fd86d516 100644
> > --- a/OvmfPkg/OvmfPkg.dec
> > +++ b/OvmfPkg/OvmfPkg.dec
> > @@ -317,6 +317,12 @@
> >
> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42
> >
> gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43
> >
> > + ## Indicate whether TdCall(AcceptPage) is used.
> > +
> gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxAcceptPage|TRUE|BOOLEAN|0x44
> > + ## Indicate whether TdxEmulation is used.
> > + gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxEmulation|0x1|UINT32|0x45
> > +
> > +
> > [PcdsDynamic, PcdsDynamicEx]
> > gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
> >
> >
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLE
> AN
> > |0x10
> > --
> > 2.29.2.windows.2
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX
2021-03-09 6:12 [PATCH V3 0/3] Add TdxLib support for Intel TDX Min Xu
` (2 preceding siblings ...)
2021-03-09 6:12 ` [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF Min Xu
@ 2021-03-09 12:57 ` Laszlo Ersek
2021-03-09 13:06 ` Laszlo Ersek
3 siblings, 1 reply; 14+ messages in thread
From: Laszlo Ersek @ 2021-03-09 12:57 UTC (permalink / raw)
To: Min Xu, devel
Cc: Liming Gao, Zhiguang Liu, Jordan Justen, Jiewen Yao, Tom Lendacky,
Brijesh Singh, James Bottomley, Tobin Feldman-Fitzthum, Dov Murik,
Dr. David Alan Gilbert
On 03/09/21 07:12, Min Xu wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
>
> The patch series provides lib support for Intel Trust Domain Extensions
> (Intel TDX).
>
> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
> Encryption (MKTME) with a new kind of virutal machines guest called a
> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
> confidentiality of TD memory contents and the TD's CPU state from other
> software, including the hosting Virtual-Machine Monitor (VMM), unless
> explicitly shared by the TD itself.
>
> The Intel TDX module uses the instruction-set architecture for Intel TDX
> and the MKTME engine in the SOC to help serve as an intermediary between
> the host VMM and the guest TD. TDCALL is the instruction which allows TD
> guest privileged software to make a call for service into an underlying
> TDX-module.
>
> TdxLib is created with functions to perform the related Tdx operation.
> This includes functions for:
> - TdCall : to cause a VM exit to the Intel TDX module
> - TdVmCall : it is a leaf function 0 for TDCALL
> - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
> - TdReport : to retrieve TDREPORT_STRUCT
> - TdAcceptPages : to accept pending private pages
> - TdExtendRtmr : to extend one of the RTMR registers
>
> The base function in MdePkg will not do anything and will return an error
> if a return value is required. It is expected that other packages
> (like OvmfPkg) will create a version of the library to fully support a TD
> guest.
>
> We create an OVMF version of this library to begin the process of providing
> full support of TDX in OVMF.
>
> To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
> - PcdUseTdxAcceptPage
> Indicate whether TdCall(AcceptPage) is used.
> - PcdUseTdxEmulation
> Indicate whether TdxEmulation is used.
(1) per Jiewen's feedback, please drop these PCDs -- importantly, please
drop DB-encoded instructions in assembly source code
(2) It's not really helpful to post three versions of a patch set over
the course of a few hours. I don't suggest posting more frequently than
once per day, unless agreed otherwise.
(3) Please add a new section to Maintainers.txt for TDX content in
OvmfPkg. At least two Intel developers should be listed there as
Reviewers. I'd like to permanently delegate TDX reviews to Intel
contributors.
See also the "OvmfPkg: SEV-related modules" section in "Maintainers.txt".
(4) The patches contain numerous style issues:
- overlong lines,
- incomplete "@retval" comments,
- Library #include directives mixed with non-library #include directives,
- variables that should be STATIC but are not declared like that,
- whitespace errors: missing space character between function designator
(or macro name) and opening paren
- more whitespace errors: missing space characters around "if" and
"else" keywords
(5) Some of the source files have outdated license blocks (e.g.,
open-coding the 2-clause BSDL and stating a copyright year of 2020,
rather than stating 2021 and using "SPDX-License-Identifier:
BSD-2-Clause-Patent")
Please go over the patches with a fine-toothed comb and refresh them.
(6) It would be nice if SEV-related patch sets and TDX-related patch
sets were cross-CC'd between AMD and Intel contributors. (With the
intent being code reuse, and perhaps "design reuse".)
Maybe we should have an additional "confidential computing" reviewers
section in "Maintainers.txt", covering both SEV and TDX modules. This
would allow for a wider set of CC's, without obscuring who should review
TDX vs. who should review SEV. I think this unified section should list
a number of IBM developers too.
Thanks,
Laszlo
>
> <https://software.intel.com/content/www/us/en/develop/articles/
> intel-trust-domain-extensions.html>, defitions in TdxLib comes from:
> [1] Intel TDX(R) Module 1.0 EAS
> [2] Intel(R) TDX Guest-Hypervisor Communication Interface
>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
>
> Min Xu (3):
> MdePkg: Add Tdx support lib
> OvmfPkg: Add PCDs for TdxLib
> OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF
>
> MdePkg/Include/IndustryStandard/Tdx.h | 201 +++++++++++++++++++++
> MdePkg/Include/Library/TdxLib.h | 165 ++++++++++++++++++
> MdePkg/Include/Protocol/Tdx.h | 29 ++++
> MdePkg/Library/TdxLib/TdxLibNull.c | 155 +++++++++++++++++
> MdePkg/Library/TdxLib/TdxLibNull.inf | 33 ++++
> OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++
> OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++
> OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++
> OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++
> OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++
> OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++
> OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 +++++++++++++++++++++++
> OvmfPkg/OvmfPkg.dec | 6 +
> 13 files changed, 1268 insertions(+)
> create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
> create mode 100644 MdePkg/Include/Library/TdxLib.h
> create mode 100644 MdePkg/Include/Protocol/Tdx.h
> create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
> create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf
> create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c
> create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c
> create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c
> create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf
> create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf
> create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
> create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX
2021-03-09 12:57 ` [PATCH V3 0/3] Add TdxLib support for Intel TDX Laszlo Ersek
@ 2021-03-09 13:06 ` Laszlo Ersek
2021-03-09 14:38 ` [edk2-devel] " Laszlo Ersek
2021-03-10 0:25 ` Yao, Jiewen
0 siblings, 2 replies; 14+ messages in thread
From: Laszlo Ersek @ 2021-03-09 13:06 UTC (permalink / raw)
To: Min Xu, devel
Cc: Liming Gao, Zhiguang Liu, Jordan Justen, Jiewen Yao, Tom Lendacky,
Brijesh Singh, James Bottomley, Tobin Feldman-Fitzthum, Dov Murik,
Dr. David Alan Gilbert
On 03/09/21 13:57, Laszlo Ersek wrote:
> On 03/09/21 07:12, Min Xu wrote:
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
>>
>> The patch series provides lib support for Intel Trust Domain Extensions
>> (Intel TDX).
>>
>> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
>> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
>> Encryption (MKTME) with a new kind of virutal machines guest called a
>> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
>> confidentiality of TD memory contents and the TD's CPU state from other
>> software, including the hosting Virtual-Machine Monitor (VMM), unless
>> explicitly shared by the TD itself.
>>
>> The Intel TDX module uses the instruction-set architecture for Intel TDX
>> and the MKTME engine in the SOC to help serve as an intermediary between
>> the host VMM and the guest TD. TDCALL is the instruction which allows TD
>> guest privileged software to make a call for service into an underlying
>> TDX-module.
>>
>> TdxLib is created with functions to perform the related Tdx operation.
>> This includes functions for:
>> - TdCall : to cause a VM exit to the Intel TDX module
>> - TdVmCall : it is a leaf function 0 for TDCALL
>> - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
>> - TdReport : to retrieve TDREPORT_STRUCT
>> - TdAcceptPages : to accept pending private pages
>> - TdExtendRtmr : to extend one of the RTMR registers
>>
>> The base function in MdePkg will not do anything and will return an error
>> if a return value is required. It is expected that other packages
>> (like OvmfPkg) will create a version of the library to fully support a TD
>> guest.
>>
>> We create an OVMF version of this library to begin the process of providing
>> full support of TDX in OVMF.
>>
>> To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
>> - PcdUseTdxAcceptPage
>> Indicate whether TdCall(AcceptPage) is used.
>> - PcdUseTdxEmulation
>> Indicate whether TdxEmulation is used.
>
> (1) per Jiewen's feedback, please drop these PCDs -- importantly, please
> drop DB-encoded instructions in assembly source code
>
> (2) It's not really helpful to post three versions of a patch set over
> the course of a few hours. I don't suggest posting more frequently than
> once per day, unless agreed otherwise.
>
> (3) Please add a new section to Maintainers.txt for TDX content in
> OvmfPkg. At least two Intel developers should be listed there as
> Reviewers. I'd like to permanently delegate TDX reviews to Intel
> contributors.
>
> See also the "OvmfPkg: SEV-related modules" section in "Maintainers.txt".
>
> (4) The patches contain numerous style issues:
>
> - overlong lines,
>
> - incomplete "@retval" comments,
>
> - Library #include directives mixed with non-library #include directives,
>
> - variables that should be STATIC but are not declared like that,
>
> - whitespace errors: missing space character between function designator
> (or macro name) and opening paren
>
> - more whitespace errors: missing space characters around "if" and
> "else" keywords
>
> (5) Some of the source files have outdated license blocks (e.g.,
> open-coding the 2-clause BSDL and stating a copyright year of 2020,
> rather than stating 2021 and using "SPDX-License-Identifier:
> BSD-2-Clause-Patent")
>
> Please go over the patches with a fine-toothed comb and refresh them.
>
> (6) It would be nice if SEV-related patch sets and TDX-related patch
> sets were cross-CC'd between AMD and Intel contributors. (With the
> intent being code reuse, and perhaps "design reuse".)
>
> Maybe we should have an additional "confidential computing" reviewers
> section in "Maintainers.txt", covering both SEV and TDX modules. This
> would allow for a wider set of CC's, without obscuring who should review
> TDX vs. who should review SEV. I think this unified section should list
> a number of IBM developers too.
(7) Some more admin stuff:
(7a) every patch in this series should carry the following line in the
commit message:
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
(7b) whenever you post a new version of the patch set, please add a new
comment to <https://bugzilla.tianocore.org/show_bug.cgi?id=3249>,
linking the just-posted version (the cover letter email) from the
mailing list archive.
This is important in case we want to review the evolution of the patch
series later. It's more difficult to find relevant email threads later
than to link each posting immediately in the bugzilla ticket.
Thanks
Laszlo
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [edk2-devel] [PATCH V3 0/3] Add TdxLib support for Intel TDX
2021-03-09 13:06 ` Laszlo Ersek
@ 2021-03-09 14:38 ` Laszlo Ersek
2021-03-10 0:25 ` Yao, Jiewen
1 sibling, 0 replies; 14+ messages in thread
From: Laszlo Ersek @ 2021-03-09 14:38 UTC (permalink / raw)
To: Min Xu, devel
Cc: Liming Gao, Zhiguang Liu, Jordan Justen, Jiewen Yao, Tom Lendacky,
Brijesh Singh, James Bottomley, Tobin Feldman-Fitzthum, Dov Murik,
Dr. David Alan Gilbert
On 03/09/21 14:06, Laszlo Ersek wrote:
> On 03/09/21 13:57, Laszlo Ersek wrote:
>> On 03/09/21 07:12, Min Xu wrote:
>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
>>>
>>> The patch series provides lib support for Intel Trust Domain Extensions
>>> (Intel TDX).
>>>
>>> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
>>> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
>>> Encryption (MKTME) with a new kind of virutal machines guest called a
>>> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
>>> confidentiality of TD memory contents and the TD's CPU state from other
>>> software, including the hosting Virtual-Machine Monitor (VMM), unless
>>> explicitly shared by the TD itself.
>>>
>>> The Intel TDX module uses the instruction-set architecture for Intel TDX
>>> and the MKTME engine in the SOC to help serve as an intermediary between
>>> the host VMM and the guest TD. TDCALL is the instruction which allows TD
>>> guest privileged software to make a call for service into an underlying
>>> TDX-module.
>>>
>>> TdxLib is created with functions to perform the related Tdx operation.
>>> This includes functions for:
>>> - TdCall : to cause a VM exit to the Intel TDX module
>>> - TdVmCall : it is a leaf function 0 for TDCALL
>>> - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
>>> - TdReport : to retrieve TDREPORT_STRUCT
>>> - TdAcceptPages : to accept pending private pages
>>> - TdExtendRtmr : to extend one of the RTMR registers
>>>
>>> The base function in MdePkg will not do anything and will return an error
>>> if a return value is required. It is expected that other packages
>>> (like OvmfPkg) will create a version of the library to fully support a TD
>>> guest.
>>>
>>> We create an OVMF version of this library to begin the process of providing
>>> full support of TDX in OVMF.
>>>
>>> To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
>>> - PcdUseTdxAcceptPage
>>> Indicate whether TdCall(AcceptPage) is used.
>>> - PcdUseTdxEmulation
>>> Indicate whether TdxEmulation is used.
>>
>> (1) per Jiewen's feedback, please drop these PCDs -- importantly, please
>> drop DB-encoded instructions in assembly source code
>>
>> (2) It's not really helpful to post three versions of a patch set over
>> the course of a few hours. I don't suggest posting more frequently than
>> once per day, unless agreed otherwise.
>>
>> (3) Please add a new section to Maintainers.txt for TDX content in
>> OvmfPkg. At least two Intel developers should be listed there as
>> Reviewers. I'd like to permanently delegate TDX reviews to Intel
>> contributors.
>>
>> See also the "OvmfPkg: SEV-related modules" section in "Maintainers.txt".
>>
>> (4) The patches contain numerous style issues:
>>
>> - overlong lines,
>>
>> - incomplete "@retval" comments,
>>
>> - Library #include directives mixed with non-library #include directives,
>>
>> - variables that should be STATIC but are not declared like that,
>>
>> - whitespace errors: missing space character between function designator
>> (or macro name) and opening paren
>>
>> - more whitespace errors: missing space characters around "if" and
>> "else" keywords
>>
>> (5) Some of the source files have outdated license blocks (e.g.,
>> open-coding the 2-clause BSDL and stating a copyright year of 2020,
>> rather than stating 2021 and using "SPDX-License-Identifier:
>> BSD-2-Clause-Patent")
>>
>> Please go over the patches with a fine-toothed comb and refresh them.
>>
>> (6) It would be nice if SEV-related patch sets and TDX-related patch
>> sets were cross-CC'd between AMD and Intel contributors. (With the
>> intent being code reuse, and perhaps "design reuse".)
>>
>> Maybe we should have an additional "confidential computing" reviewers
>> section in "Maintainers.txt", covering both SEV and TDX modules. This
>> would allow for a wider set of CC's, without obscuring who should review
>> TDX vs. who should review SEV. I think this unified section should list
>> a number of IBM developers too.
>
> (7) Some more admin stuff:
>
> (7a) every patch in this series should carry the following line in the
> commit message:
>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
>
> (7b) whenever you post a new version of the patch set, please add a new
> comment to <https://bugzilla.tianocore.org/show_bug.cgi?id=3249>,
> linking the just-posted version (the cover letter email) from the
> mailing list archive.
>
> This is important in case we want to review the evolution of the patch
> series later. It's more difficult to find relevant email threads later
> than to link each posting immediately in the bugzilla ticket.
(8) As-is, the patch set does not enable the new library instance under
OvmfPkg to be built, at all. That's wrong; we shouldn't add a new lib
instance that can't even be build-tested -- the CI on github.com won't
cover the new code.
Therefore -- at least until there is an actual driver module that
consumes the new lib instance --, please add the lib instance to the
appropriate [Components] section(s) in the main OvmfPkg DSC files (IA32,
IA32X64, X64). These lines can be backed out later (when a UEFI
executable will depend on the lib instance).
(9) Before you submit a patch set to the list for review, please subject
it to CI, by opening a pull request.
Please see the details in steps 7 and 8 at
<https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Development-Process>.
The only difference that's relevant here is that you shouldn't (and
can't) set the "push" label -- the goal is not to merge the set, but to
unleash CI on it.
Thanks
Laszlo
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX
2021-03-09 13:06 ` Laszlo Ersek
2021-03-09 14:38 ` [edk2-devel] " Laszlo Ersek
@ 2021-03-10 0:25 ` Yao, Jiewen
2021-03-10 1:07 ` Brijesh Singh
1 sibling, 1 reply; 14+ messages in thread
From: Yao, Jiewen @ 2021-03-10 0:25 UTC (permalink / raw)
To: Laszlo Ersek, Xu, Min M, devel@edk2.groups.io
Cc: Liming Gao, Liu, Zhiguang, Justen, Jordan L, Tom Lendacky,
Brijesh Singh, James Bottomley, Tobin Feldman-Fitzthum, Dov Murik,
Dr. David Alan Gilbert
Very good suggestion. Thanks Laszlo.
For 3), Min Xu and I will be the reviewer for Intel TDX change for OVMF.
For 6), agree. Although there is some architecture difference, e.g, AMD using PSP - a co-processor while Intel using TDX module - a new CPU execution mode, we should align as much as possible between Intel TDX and AMD SEV, especially for pure software architecture.
I will be the Intel reviewer for confidential computing topic.
Welcome AMD/IBM/... having a representative too.
Min and I will sync and submit the patch for maintainer.txt
Thank you
Yao Jiewen
> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Tuesday, March 9, 2021 9:06 PM
> To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
> Cc: Liming Gao <gaoliming@byosoft.com.cn>; Liu, Zhiguang
> <zhiguang.liu@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>;
> Brijesh Singh <brijesh.singh@amd.com>; James Bottomley
> <jejb@linux.ibm.com>; Tobin Feldman-Fitzthum <tobin@ibm.com>; Dov Murik
> <Dov.Murik1@il.ibm.com>; Dr. David Alan Gilbert <dgilbert@redhat.com>
> Subject: Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX
>
> On 03/09/21 13:57, Laszlo Ersek wrote:
> > On 03/09/21 07:12, Min Xu wrote:
> >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
> >>
> >> The patch series provides lib support for Intel Trust Domain Extensions
> >> (Intel TDX).
> >>
> >> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
> >> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
> >> Encryption (MKTME) with a new kind of virutal machines guest called a
> >> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
> >> confidentiality of TD memory contents and the TD's CPU state from other
> >> software, including the hosting Virtual-Machine Monitor (VMM), unless
> >> explicitly shared by the TD itself.
> >>
> >> The Intel TDX module uses the instruction-set architecture for Intel TDX
> >> and the MKTME engine in the SOC to help serve as an intermediary between
> >> the host VMM and the guest TD. TDCALL is the instruction which allows TD
> >> guest privileged software to make a call for service into an underlying
> >> TDX-module.
> >>
> >> TdxLib is created with functions to perform the related Tdx operation.
> >> This includes functions for:
> >> - TdCall : to cause a VM exit to the Intel TDX module
> >> - TdVmCall : it is a leaf function 0 for TDCALL
> >> - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
> >> - TdReport : to retrieve TDREPORT_STRUCT
> >> - TdAcceptPages : to accept pending private pages
> >> - TdExtendRtmr : to extend one of the RTMR registers
> >>
> >> The base function in MdePkg will not do anything and will return an error
> >> if a return value is required. It is expected that other packages
> >> (like OvmfPkg) will create a version of the library to fully support a TD
> >> guest.
> >>
> >> We create an OVMF version of this library to begin the process of providing
> >> full support of TDX in OVMF.
> >>
> >> To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
> >> - PcdUseTdxAcceptPage
> >> Indicate whether TdCall(AcceptPage) is used.
> >> - PcdUseTdxEmulation
> >> Indicate whether TdxEmulation is used.
> >
> > (1) per Jiewen's feedback, please drop these PCDs -- importantly, please
> > drop DB-encoded instructions in assembly source code
> >
> > (2) It's not really helpful to post three versions of a patch set over
> > the course of a few hours. I don't suggest posting more frequently than
> > once per day, unless agreed otherwise.
> >
> > (3) Please add a new section to Maintainers.txt for TDX content in
> > OvmfPkg. At least two Intel developers should be listed there as
> > Reviewers. I'd like to permanently delegate TDX reviews to Intel
> > contributors.
> >
> > See also the "OvmfPkg: SEV-related modules" section in "Maintainers.txt".
> >
> > (4) The patches contain numerous style issues:
> >
> > - overlong lines,
> >
> > - incomplete "@retval" comments,
> >
> > - Library #include directives mixed with non-library #include directives,
> >
> > - variables that should be STATIC but are not declared like that,
> >
> > - whitespace errors: missing space character between function designator
> > (or macro name) and opening paren
> >
> > - more whitespace errors: missing space characters around "if" and
> > "else" keywords
> >
> > (5) Some of the source files have outdated license blocks (e.g.,
> > open-coding the 2-clause BSDL and stating a copyright year of 2020,
> > rather than stating 2021 and using "SPDX-License-Identifier:
> > BSD-2-Clause-Patent")
> >
> > Please go over the patches with a fine-toothed comb and refresh them.
> >
> > (6) It would be nice if SEV-related patch sets and TDX-related patch
> > sets were cross-CC'd between AMD and Intel contributors. (With the
> > intent being code reuse, and perhaps "design reuse".)
> >
> > Maybe we should have an additional "confidential computing" reviewers
> > section in "Maintainers.txt", covering both SEV and TDX modules. This
> > would allow for a wider set of CC's, without obscuring who should review
> > TDX vs. who should review SEV. I think this unified section should list
> > a number of IBM developers too.
>
> (7) Some more admin stuff:
>
> (7a) every patch in this series should carry the following line in the
> commit message:
>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
>
> (7b) whenever you post a new version of the patch set, please add a new
> comment to <https://bugzilla.tianocore.org/show_bug.cgi?id=3249>,
> linking the just-posted version (the cover letter email) from the
> mailing list archive.
>
> This is important in case we want to review the evolution of the patch
> series later. It's more difficult to find relevant email threads later
> than to link each posting immediately in the bugzilla ticket.
>
> Thanks
> Laszlo
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX
2021-03-10 0:25 ` Yao, Jiewen
@ 2021-03-10 1:07 ` Brijesh Singh
0 siblings, 0 replies; 14+ messages in thread
From: Brijesh Singh @ 2021-03-10 1:07 UTC (permalink / raw)
To: Yao, Jiewen, Laszlo Ersek, Xu, Min M, devel@edk2.groups.io
Cc: brijesh.singh, Liming Gao, Liu, Zhiguang, Justen, Jordan L,
Tom Lendacky, James Bottomley, Tobin Feldman-Fitzthum, Dov Murik,
Dr. David Alan Gilbert
Thanks Laszlo for copying me. From AMD, I will be soon start submitting
the SNP support in the OMVF. I look forward collaborating with Yao and
Min on software architecture.
On 3/9/21 6:25 PM, Yao, Jiewen wrote:
> Very good suggestion. Thanks Laszlo.
>
> For 3), Min Xu and I will be the reviewer for Intel TDX change for OVMF.
>
> For 6), agree. Although there is some architecture difference, e.g, AMD using PSP - a co-processor while Intel using TDX module - a new CPU execution mode, we should align as much as possible between Intel TDX and AMD SEV, especially for pure software architecture.
> I will be the Intel reviewer for confidential computing topic.
> Welcome AMD/IBM/... having a representative too.
>
> Min and I will sync and submit the patch for maintainer.txt
>
>
> Thank you
> Yao Jiewen
>
>
>> -----Original Message-----
>> From: Laszlo Ersek <lersek@redhat.com>
>> Sent: Tuesday, March 9, 2021 9:06 PM
>> To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>; Liu, Zhiguang
>> <zhiguang.liu@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Yao,
>> Jiewen <jiewen.yao@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>;
>> Brijesh Singh <brijesh.singh@amd.com>; James Bottomley
>> <jejb@linux.ibm.com>; Tobin Feldman-Fitzthum <tobin@ibm.com>; Dov Murik
>> <Dov.Murik1@il.ibm.com>; Dr. David Alan Gilbert <dgilbert@redhat.com>
>> Subject: Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX
>>
>> On 03/09/21 13:57, Laszlo Ersek wrote:
>>> On 03/09/21 07:12, Min Xu wrote:
>>>> REF: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3249&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cd28ff222c8714f55263008d8e35af722%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637509327122407224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lvpMxaXmLtXn8cn%2BLx2MMU9blA0kJrEyQe5IbOW4YJg%3D&reserved=0
>>>>
>>>> The patch series provides lib support for Intel Trust Domain Extensions
>>>> (Intel TDX).
>>>>
>>>> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
>>>> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
>>>> Encryption (MKTME) with a new kind of virutal machines guest called a
>>>> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
>>>> confidentiality of TD memory contents and the TD's CPU state from other
>>>> software, including the hosting Virtual-Machine Monitor (VMM), unless
>>>> explicitly shared by the TD itself.
>>>>
>>>> The Intel TDX module uses the instruction-set architecture for Intel TDX
>>>> and the MKTME engine in the SOC to help serve as an intermediary between
>>>> the host VMM and the guest TD. TDCALL is the instruction which allows TD
>>>> guest privileged software to make a call for service into an underlying
>>>> TDX-module.
>>>>
>>>> TdxLib is created with functions to perform the related Tdx operation.
>>>> This includes functions for:
>>>> - TdCall : to cause a VM exit to the Intel TDX module
>>>> - TdVmCall : it is a leaf function 0 for TDCALL
>>>> - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
>>>> - TdReport : to retrieve TDREPORT_STRUCT
>>>> - TdAcceptPages : to accept pending private pages
>>>> - TdExtendRtmr : to extend one of the RTMR registers
>>>>
>>>> The base function in MdePkg will not do anything and will return an error
>>>> if a return value is required. It is expected that other packages
>>>> (like OvmfPkg) will create a version of the library to fully support a TD
>>>> guest.
>>>>
>>>> We create an OVMF version of this library to begin the process of providing
>>>> full support of TDX in OVMF.
>>>>
>>>> To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
>>>> - PcdUseTdxAcceptPage
>>>> Indicate whether TdCall(AcceptPage) is used.
>>>> - PcdUseTdxEmulation
>>>> Indicate whether TdxEmulation is used.
>>> (1) per Jiewen's feedback, please drop these PCDs -- importantly, please
>>> drop DB-encoded instructions in assembly source code
>>>
>>> (2) It's not really helpful to post three versions of a patch set over
>>> the course of a few hours. I don't suggest posting more frequently than
>>> once per day, unless agreed otherwise.
>>>
>>> (3) Please add a new section to Maintainers.txt for TDX content in
>>> OvmfPkg. At least two Intel developers should be listed there as
>>> Reviewers. I'd like to permanently delegate TDX reviews to Intel
>>> contributors.
>>>
>>> See also the "OvmfPkg: SEV-related modules" section in "Maintainers.txt".
>>>
>>> (4) The patches contain numerous style issues:
>>>
>>> - overlong lines,
>>>
>>> - incomplete "@retval" comments,
>>>
>>> - Library #include directives mixed with non-library #include directives,
>>>
>>> - variables that should be STATIC but are not declared like that,
>>>
>>> - whitespace errors: missing space character between function designator
>>> (or macro name) and opening paren
>>>
>>> - more whitespace errors: missing space characters around "if" and
>>> "else" keywords
>>>
>>> (5) Some of the source files have outdated license blocks (e.g.,
>>> open-coding the 2-clause BSDL and stating a copyright year of 2020,
>>> rather than stating 2021 and using "SPDX-License-Identifier:
>>> BSD-2-Clause-Patent")
>>>
>>> Please go over the patches with a fine-toothed comb and refresh them.
>>>
>>> (6) It would be nice if SEV-related patch sets and TDX-related patch
>>> sets were cross-CC'd between AMD and Intel contributors. (With the
>>> intent being code reuse, and perhaps "design reuse".)
>>>
>>> Maybe we should have an additional "confidential computing" reviewers
>>> section in "Maintainers.txt", covering both SEV and TDX modules. This
>>> would allow for a wider set of CC's, without obscuring who should review
>>> TDX vs. who should review SEV. I think this unified section should list
>>> a number of IBM developers too.
>> (7) Some more admin stuff:
>>
>> (7a) every patch in this series should carry the following line in the
>> commit message:
>>
>> Ref: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3249&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cd28ff222c8714f55263008d8e35af722%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637509327122407224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lvpMxaXmLtXn8cn%2BLx2MMU9blA0kJrEyQe5IbOW4YJg%3D&reserved=0
>>
>> (7b) whenever you post a new version of the patch set, please add a new
>> comment to <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3249&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cd28ff222c8714f55263008d8e35af722%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637509327122407224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lvpMxaXmLtXn8cn%2BLx2MMU9blA0kJrEyQe5IbOW4YJg%3D&reserved=0>,
>> linking the just-posted version (the cover letter email) from the
>> mailing list archive.
>>
>> This is important in case we want to review the evolution of the patch
>> series later. It's more difficult to find relevant email threads later
>> than to link each posting immediately in the bugzilla ticket.
>>
>> Thanks
>> Laszlo
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2021-03-10 1:08 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-09 6:12 [PATCH V3 0/3] Add TdxLib support for Intel TDX Min Xu
2021-03-09 6:12 ` [PATCH V3 1/3] MdePkg: Add Tdx support lib Min Xu
2021-03-09 6:25 ` Yao, Jiewen
2021-03-09 8:23 ` Min Xu
2021-03-09 6:12 ` [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib Min Xu
2021-03-09 6:44 ` Yao, Jiewen
2021-03-09 8:27 ` Min Xu
2021-03-09 6:12 ` [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF Min Xu
2021-03-09 6:46 ` Yao, Jiewen
2021-03-09 12:57 ` [PATCH V3 0/3] Add TdxLib support for Intel TDX Laszlo Ersek
2021-03-09 13:06 ` Laszlo Ersek
2021-03-09 14:38 ` [edk2-devel] " Laszlo Ersek
2021-03-10 0:25 ` Yao, Jiewen
2021-03-10 1:07 ` Brijesh Singh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox