From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com []) by mx.groups.io with SMTP id smtpd.web12.3824.1615259850916862319 for ; Mon, 08 Mar 2021 19:17:32 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: min.m.xu@intel.com) IronPort-SDR: O5JiF+6IDGZIZQoXPECod1AViFrLXzzXwI+SOuJ8rlResFoNq1CVgLJ2YrPL+stv7QdFDx0Y9o MyXZx19CCCvQ== X-IronPort-AV: E=McAfee;i="6000,8403,9917"; a="184786126" X-IronPort-AV: E=Sophos;i="5.81,234,1610438400"; d="scan'208";a="184786126" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Mar 2021 19:17:31 -0800 IronPort-SDR: 0I97Ix6kJ/vF488SfPJXDVJ/lq/mJuw2umWWIxiQ7npR2Fq3emEIQN/bnizrVn/gOtqP7qj8XC kcVIWG/QsHng== X-IronPort-AV: E=Sophos;i="5.81,234,1610438400"; d="scan'208";a="409555363" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.4.42]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Mar 2021 19:17:29 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Liming Gao , Zhiguang Liu , Jiewen Yao , Doug Reiland Subject: [PATCH V2 1/3] MdePkg: Add Tdx support lib Date: Tue, 9 Mar 2021 11:16:56 +0800 Message-Id: <3becb5a42c39003b9306338b41ca16f73f191701.1615257614.git.min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Intel Trust Domain Extension (Intel TDX) refers to an Intel technology that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) with a new kind of virtual machine guest called a Trust Domain (TD). TdxLib is created with functions to perform the related Tdx operation. This includes functions for: - TdCall : to cause a VM exit to the Intel TDX module - TdVmCall : it is a leaf function 0 for TDCALL - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID - TdReport : to retrieve TDREPORT_STRUCT - TdAcceptPages : to accept pending private pages - TdExtendRtmr : to extend one of the RTMR registers The base function in this dirver will not do anything and will return an error if a return value is required. It is expected that other packages (like OvmfPkg) will create a version of the library to fully support a TD guest. Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Min Xu Signed-off-by: Doug Reiland --- MdePkg/Include/IndustryStandard/Tdx.h | 201 ++++++++++++++++++++++++++ MdePkg/Include/Library/TdxLib.h | 165 +++++++++++++++++++++ MdePkg/Include/Protocol/Tdx.h | 22 +++ MdePkg/Library/TdxLib/TdxLibNull.c | 155 ++++++++++++++++++++ MdePkg/Library/TdxLib/TdxLibNull.inf | 33 +++++ 5 files changed, 576 insertions(+) create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h create mode 100644 MdePkg/Include/Library/TdxLib.h create mode 100644 MdePkg/Include/Protocol/Tdx.h create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf diff --git a/MdePkg/Include/IndustryStandard/Tdx.h b/MdePkg/Include/IndustryStandard/Tdx.h new file mode 100644 index 000000000000..dbcc31c26528 --- /dev/null +++ b/MdePkg/Include/IndustryStandard/Tdx.h @@ -0,0 +1,201 @@ +/** @file + Intel Trust Domain Extension definitions + + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _TDX_H_ +#define _TDX_H_ + +#define EXIT_REASON_EXTERNAL_INTERRUPT 1 +#define EXIT_REASON_TRIPLE_FAULT 2 + +#define EXIT_REASON_PENDING_INTERRUPT 7 +#define EXIT_REASON_NMI_WINDOW 8 +#define EXIT_REASON_TASK_SWITCH 9 +#define EXIT_REASON_CPUID 10 +#define EXIT_REASON_HLT 12 +#define EXIT_REASON_INVD 13 +#define EXIT_REASON_INVLPG 14 +#define EXIT_REASON_RDPMC 15 +#define EXIT_REASON_RDTSC 16 +#define EXIT_REASON_VMCALL 18 +#define EXIT_REASON_VMCLEAR 19 +#define EXIT_REASON_VMLAUNCH 20 +#define EXIT_REASON_VMPTRLD 21 +#define EXIT_REASON_VMPTRST 22 +#define EXIT_REASON_VMREAD 23 +#define EXIT_REASON_VMRESUME 24 +#define EXIT_REASON_VMWRITE 25 +#define EXIT_REASON_VMOFF 26 +#define EXIT_REASON_VMON 27 +#define EXIT_REASON_CR_ACCESS 28 +#define EXIT_REASON_DR_ACCESS 29 +#define EXIT_REASON_IO_INSTRUCTION 30 +#define EXIT_REASON_MSR_READ 31 +#define EXIT_REASON_MSR_WRITE 32 +#define EXIT_REASON_INVALID_STATE 33 +#define EXIT_REASON_MSR_LOAD_FAIL 34 +#define EXIT_REASON_MWAIT_INSTRUCTION 36 +#define EXIT_REASON_MONITOR_TRAP_FLAG 37 +#define EXIT_REASON_MONITOR_INSTRUCTION 39 +#define EXIT_REASON_PAUSE_INSTRUCTION 40 +#define EXIT_REASON_MCE_DURING_VMENTRY 41 +#define EXIT_REASON_TPR_BELOW_THRESHOLD 43 +#define EXIT_REASON_APIC_ACCESS 44 +#define EXIT_REASON_EOI_INDUCED 45 +#define EXIT_REASON_GDTR_IDTR 46 +#define EXIT_REASON_LDTR_TR 47 +#define EXIT_REASON_EPT_VIOLATION 48 +#define EXIT_REASON_EPT_MISCONFIG 49 +#define EXIT_REASON_INVEPT 50 +#define EXIT_REASON_RDTSCP 51 +#define EXIT_REASON_PREEMPTION_TIMER 52 +#define EXIT_REASON_INVVPID 53 +#define EXIT_REASON_WBINVD 54 +#define EXIT_REASON_XSETBV 55 +#define EXIT_REASON_APIC_WRITE 56 +#define EXIT_REASON_RDRAND 57 +#define EXIT_REASON_INVPCID 58 +#define EXIT_REASON_VMFUNC 59 +#define EXIT_REASON_ENCLS 60 +#define EXIT_REASON_RDSEED 61 +#define EXIT_REASON_PML_FULL 62 +#define EXIT_REASON_XSAVES 63 +#define EXIT_REASON_XRSTORS 64 + +// TDCALL API Function Completion Status Codes +#define TDX_EXIT_REASON_SUCCESS 0x0000000000000000 +#define TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED 0x00000B0A00000000 +#define TDX_EXIT_REASON_OPERAND_INVALID 0xC000010000000000 +#define TDX_EXIT_REASON_OPERAND_BUSY 0x8000020000000000 + +#define TDCALL_TDVMCALL 0 +#define TDCALL_TDINFO 1 +#define TDCALL_TDEXTENDRTMR 2 +#define TDCALL_TDGETVEINFO 3 +#define TDCALL_TDREPORT 4 +#define TDCALL_TDSETCPUIDVE 5 +#define TDCALL_TDACCEPTPAGE 6 + +#define TDVMCALL_CPUID 0x0000a +#define TDVMCALL_HALT 0x0000c +#define TDVMCALL_IO 0x0001e +#define TDVMCALL_RDMSR 0x0001f +#define TDVMCALL_WRMSR 0x00020 +#define TDVMCALL_MMIO 0x00030 +#define TDVMCALL_PCONFIG 0x00041 + +#define TDVMCALL_GET_TDVMCALL_INFO 0x10000 +#define TDVMCALL_MAPGPA 0x10001 +#define TDVMCALL_GET_QUOTE 0x10002 +#define TDVMCALL_REPORT_FATAL_ERR 0x10003 +#define TDVMCALL_SETUP_EVENT_NOTIFY 0x10004 + +#pragma pack(1) +typedef struct { + UINT64 Data[6]; +} TDCALL_GENERIC_RETURN_DATA; + +typedef struct { + UINT64 Gpaw; + UINT64 Attributes; + UINT32 MaxVcpus; + UINT32 NumVcpus; + UINT64 Resv[3]; +} TDCALL_INFO_RETURN_DATA; + +typedef union { + UINT64 Val; + struct { + UINT32 Size:3; + UINT32 Direction:1; + UINT32 String:1; + UINT32 Rep:1; + UINT32 Encoding:1; + UINT32 Resv:9; + UINT32 Port:16; + UINT32 Resv2; + } Io; +} VMX_EXIT_QUALIFICATION; + +typedef struct { + UINT32 ExitReason; + UINT32 Resv; + VMX_EXIT_QUALIFICATION ExitQualification; + UINT64 GuestLA; + UINT64 GuestPA; + UINT32 ExitInstructionLength; + UINT32 ExitInstructionInfo; + UINT32 Resv1; +} TDCALL_VEINFO_RETURN_DATA; + +typedef union { + TDCALL_GENERIC_RETURN_DATA Generic; + TDCALL_INFO_RETURN_DATA TdInfo; + TDCALL_VEINFO_RETURN_DATA VeInfo; +} TD_RETURN_DATA; + +/* data structure used in TDREPORT_STRUCT */ +typedef struct{ + UINT8 Type; + UINT8 Subtype; + UINT8 Version; + UINT8 Rsvd; +}TD_REPORT_TYPE; + +typedef struct{ + TD_REPORT_TYPE ReportType; + UINT8 Rsvd1[12]; + UINT8 CpuSvn[16]; + UINT8 TeeTcbInfoHash[48]; + UINT8 TeeInfoHash[48]; + UINT8 ReportData[64]; + UINT8 Rsvd2[32]; + UINT8 Mac[32]; +}REPORTMACSTRUCT; + +typedef struct{ + UINT8 Seam[2]; + UINT8 Rsvd[14]; +}TEE_TCB_SVN; + +typedef struct{ + UINT8 Valid[8]; + TEE_TCB_SVN TeeTcbSvn; + UINT8 Mrseam[48]; + UINT8 Mrsignerseam[48]; + UINT8 Attributes[8]; + UINT8 Rsvd[111]; +}TEE_TCB_INFO; + +typedef struct{ + UINT8 Attributes[8]; + UINT8 Xfam[8]; + UINT8 Mrtd[48]; + UINT8 Mrconfigid[48]; + UINT8 Mrowner[48]; + UINT8 Mrownerconfig[48]; + UINT8 Rtmrs[4][48]; + UINT8 Rsvd[112]; +}TDINFO; + +typedef struct{ + REPORTMACSTRUCT ReportMacStruct; + TEE_TCB_INFO TeeTcbInfo; + UINT8 Rsvd[17]; + TDINFO Tdinfo; +}TDREPORT_STRUCT; + +#pragma pack() + +#endif + diff --git a/MdePkg/Include/Library/TdxLib.h b/MdePkg/Include/Library/TdxLib.h new file mode 100644 index 000000000000..5e8634c6df79 --- /dev/null +++ b/MdePkg/Include/Library/TdxLib.h @@ -0,0 +1,165 @@ +/** @file + TdxLib definitions + + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _TDX_LIB_H_ +#define _TDX_LIB_H_ + +#include +#include +#include +#include + +/** + This function retrieve TDREPORT_STRUCT structure from TDX. + The struct contains the measurements/configuration information of + the guest TD that called the function, measurements/configuratio + information of the TDX-SEAM module and a REPORTMACSTRUCT. + The REPORTMACSTRUCT is integrity protected with a MAC and + contains the hash of the measurements and configuration + as well as additional REPORTDATA provided by the TD software. + + AdditionalData, a 64-byte value, is provided by the guest TD + to be included in the TDREPORT + + @param[in,out] Report Holds the TEREPORT_STRUCT. + @param[in] ReportSize Size of the report. It must be + larger than 1024B. + @param[in] AdditionalData Point to the additional data. + @param[in] AdditionalDataSize Size of the additional data. + If AdditionalData != NULL, then + this value must be 64B. + + @return EFI_SUCCESS + @return EFI_INVALID_PARAMETER + @return EFI_DEVICE_ERROR + +**/ +EFI_STATUS +EFIAPI +TdReport( + IN OUT UINT8 *Report, + IN UINT32 ReportSize, + IN UINT8 *AdditionalData, + IN UINT32 AdditionalDataSize +); + +/** + This function accept a pending private page, and initialize the page to + all-0 using the TD ephemeral private key. + + @param[in] StartAddress Guest physical address of the private page + to accept. + @param[in] NumberOfPages Number of the pages to be accepted. + + @return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TdAcceptPages ( + IN UINT64 StartAddress, + IN UINT64 NumberOfPages + ); + +/** + This function extends one of the RTMR measurement register + in TDCS with the provided extension data in memory. + RTMR extending supports SHA384 which length is 48 bytes. + + @param[in] Data Point to the data to be extended + @param[in] DataLen Length of the data. Must be 48 + @param[in] Index RTMR index + + @return EFI_SUCCESS + @return EFI_INVALID_PARAMETER + @return EFI_DEVICE_ERROR + +**/ +EFI_STATUS +EFIAPI +TdExtendRtmr( + IN UINT32 *Data, + IN UINT32 DataLen, + IN UINT8 PcrIndex + ); + +/** + The TDCALL instruction causes a VM exit to the Intel TDX module. It is + used to call guest-side Intel TDX functions, either local or a TD exit + to the host VMM, as selected by Leaf. + Leaf functions are described at + + @param[in] Leaf Leaf number of TDCALL instruction + @param[in] Arg1 Arg1 + @param[in] Arg2 Arg2 + @param[in] Arg3 Arg3 + @param[in,out] Results Returned result of the Leaf function + + @return EFI_SUCCESS + @return Other See individual leaf functions +**/ +EFI_STATUS +EFIAPI +TdCall( + IN UINT64 Leaf, + IN UINT64 Arg1, + IN UINT64 Arg2, + IN UINT64 Arg3, + IN OUT VOID *Results + ); + +/** + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the + host VMM to pass/receive information. + + @param[in] Leaf Number of sub-functions + @param[in] Arg1 Arg1 + @param[in] Arg2 Arg2 + @param[in] Arg3 Arg3 + @param[in] Arg4 Arg4 + @param[in,out] Results Returned result of the sub-function + + @return EFI_SUCCESS + @return Other See individual sub-functions + +**/ +EFI_STATUS +EFIAPI +TdVmCall ( + IN UINT64 Leaf, + IN UINT64 Arg1, + IN UINT64 Arg2, + IN UINT64 Arg3, + IN UINT64 Arg4, + IN OUT VOID *Results + ); + +/** + This function enable the TD guest to request the VMM to emulate CPUID + operation, especially for non-architectural, CPUID leaves. + + @param[in] Eax Main leaf of the CPUID + @param[in] Ecx Sub-leaf of the CPUID + @param[out] Results Returned result of CPUID operation + + @return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TdVmCallCpuid ( + IN UINT64 Eax, + IN UINT64 Ecx, + OUT VOID *Results + ); +#endif diff --git a/MdePkg/Include/Protocol/Tdx.h b/MdePkg/Include/Protocol/Tdx.h new file mode 100644 index 000000000000..d3e1eae13559 --- /dev/null +++ b/MdePkg/Include/Protocol/Tdx.h @@ -0,0 +1,22 @@ +/** @file + Tcg for Intel TDX definitions. + +Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#ifndef __TCG_TDX_H__ +#define __TCG_TDX_H__ + +#include + +#define TCG_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'X', 'S') + +#define TD_TCG2_PROTOCOL_GUID \ + {0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }} +extern EFI_GUID gTdTcg2ProtocolGuid; + + +#endif diff --git a/MdePkg/Library/TdxLib/TdxLibNull.c b/MdePkg/Library/TdxLib/TdxLibNull.c new file mode 100644 index 000000000000..8d759e4d33a4 --- /dev/null +++ b/MdePkg/Library/TdxLib/TdxLibNull.c @@ -0,0 +1,155 @@ +/** @file + Null instance of TdxLib. + + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + + +#include +#include +#include +#include + +/** + This function retrieve TDREPORT_STRUCT structure from TDX. + The struct contains the measurements/configuration information of + the guest TD that called the function, measurements/configuratio + information of the TDX-SEAM module and a REPORTMACSTRUCT. + The REPORTMACSTRUCT is integrity protected with a MAC and + contains the hash of the measurements and configuration + as well as additional REPORTDATA provided by the TD software. + + AdditionalData, a 64-byte value, is provided by the guest TD + to be included in the TDREPORT + + @param[in,out] Report Holds the TEREPORT_STRUCT. + @param[in] ReportSize Size of the report. It must be + larger than 1024B. + @param[in] AdditionalData Point to the additional data. + @param[in] AdditionalDataSize Size of the additional data. + If AdditionalData != NULL, then + this value must be 64B. + + @return EFI_SUCCESS + @return EFI_INVALID_PARAMETER + @return EFI_DEVICE_ERROR + +**/ +EFI_STATUS +EFIAPI +TdReport( + IN OUT UINT8 *Report, + IN UINT32 ReportSize, + IN UINT8 *AdditionalData, + IN UINT32 AdditionalDataSize + ) +{ + return EFI_UNSUPPORTED; +} + +/** + This function accept a pending private page, and initialize the page to + all-0 using the TD ephemeral private key. + + @param[in] StartAddress Guest physical address of the private page + to accept. + @param[in] NumberOfPages Number of the pages to be accepted. + + @return EFI_UNSUPPORTED +**/ +EFI_STATUS +EFIAPI +TdAcceptPages ( + IN UINT64 StartAddress, + IN UINT64 NumberOfPages + ) +{ + return EFI_UNSUPPORTED; +} + +/** + The TDCALL instruction causes a VM exit to the Intel TDX module. It is + used to call guest-side Intel TDX functions, either local or a TD exit + to the host VMM, as selected by Leaf. + Leaf functions are described at + + @param[in] Leaf Leaf number of TDCALL instruction + @param[in] Arg1 Arg1 + @param[in] Arg2 Arg2 + @param[in] Arg3 Arg3 + @param[in,out] Results Returned result of the Leaf function + + @return EFI_SUCCESS + @return Other See individual leaf functions +**/ +EFI_STATUS +EFIAPI +TdCall( + IN UINT64 Leaf, + IN UINT64 Arg1, + IN UINT64 Arg2, + IN UINT64 Arg3, + IN OUT VOID *Results + ) +{ + return EFI_UNSUPPORTED; +} + +/** + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the + host VMM to pass/receive information. + + @param[in] Leaf Number of sub-functions + @param[in] Arg1 Arg1 + @param[in] Arg2 Arg2 + @param[in] Arg3 Arg3 + @param[in] Arg4 Arg4 + @param[in,out] Results Returned result of the sub-function + + @return EFI_SUCCESS + @return Other See individual sub-functions + +**/ +EFI_STATUS +EFIAPI +TdVmCall ( + IN UINT64 Leaf, + IN UINT64 Arg1, + IN UINT64 Arg2, + IN UINT64 Arg3, + IN UINT64 Arg4, + IN OUT VOID *Results + ) +{ + return EFI_UNSUPPORTED; +} + +/** + This function enable the TD guest to request the VMM to emulate CPUID + operation, especially for non-architectural, CPUID leaves. + + @param[in] Eax Main leaf of the CPUID + @param[in] Ecx Sub-leaf of the CPUID + @param[in,out] Results Returned result of CPUID operation + + @return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TdVmCallCpuid ( + IN UINT64 Eax, + IN UINT64 Ecx, + IN OUT VOID *Results + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/MdePkg/Library/TdxLib/TdxLibNull.inf b/MdePkg/Library/TdxLib/TdxLibNull.inf new file mode 100644 index 000000000000..0d07595a8c3e --- /dev/null +++ b/MdePkg/Library/TdxLib/TdxLibNull.inf @@ -0,0 +1,33 @@ +## @file +# Null Tdx library instance +# +# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TdxLibNull + FILE_GUID = 05C5E621-FC66-4420-9C80-F0DE9E5B95FF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = TdxLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources] + TdxLibNull.c + +[Packages] + MdePkg/MdePkg.dec -- 2.29.2.windows.2