From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web09.26612.1656212770864849318
 for <devel@edk2.groups.io>;
 Sat, 25 Jun 2022 20:06:14 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=QbEGAEwF;
 spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1656212774; x=1687748774;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=z9HFD1qvmu0i70xir0Kf+AkPxMLs/VIRwksruH6kByU=;
  b=QbEGAEwFWzcE/t/dRg7WQeWj6gAQ4X+BvzfJrJFhDAqIuwBJzNqvBENm
   dcQaR6PbGAO6L/n6b7199Xd8PxPhy/XHlTbN83XPJ7SjfcVU4z+Q5SII0
   LgV5AyVgpY/fsuooyerJshjfXfFG5fyCcT61coYMjS5LJuC3dsq95GTVx
   CuG+L4KE8hNWEgAdMmv3TvtMskXcDKIc80GeOJSsc4lVMtP35UZ06EuMC
   2APxtsT7bn9EiWlrPYbrNVg43x3Sq/xhhV7AA3U2ciO+IyVe9v3l3ahsD
   64l1ibDyqLis6pkjz5gWi8LrLGnCsUnC6CYhd517wlPxpQUyRTQEPoJsT
   Q==;
X-IronPort-AV: E=McAfee;i="6400,9594,10389"; a="367554810"
X-IronPort-AV: E=Sophos;i="5.92,223,1650956400"; 
   d="scan'208";a="367554810"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2022 20:06:14 -0700
X-IronPort-AV: E=Sophos;i="5.92,223,1650956400"; 
   d="scan'208";a="645862090"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.30.236])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2022 20:06:12 -0700
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH V2 2/8] OvmfPkg: Validate Cfv integrity in Tdx guest
Date: Sun, 26 Jun 2022 11:05:51 +0800
Message-Id: <9fbd08682821f8fc7f56f55383251182207b0965.1656210686.git.min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
In-Reply-To: <cover.1656210686.git.min.m.xu@intel.com>
References: <cover.1656210686.git.min.m.xu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Min M Xu <min.m.xu@intel.com>

Validate Configurtion FV (CFV) in Tdx guest.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Sec/SecMain.c   | 8 ++++++++
 OvmfPkg/Sec/SecMain.inf | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 1167d22a68cc..f6c00b8dab96 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -768,6 +768,14 @@ SecCoreStartupWithStack (
     if (ProcessTdxHobList () != EFI_SUCCESS) {
       CpuDeadLoop ();
     }
+
+    //
+    // Config FV (Cfv) contains the configuration information and its integrity
+    // should be validated.
+    //
+    if (!TdxValidateCfv ((UINT8 *)(UINTN)FixedPcdGet32 (PcdCfvBase), FixedPcdGet32 (PcdCfvRawDataSize))) {
+      CpuDeadLoop ();
+    }
   }
 
  #endif
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 561a840f29c5..ae0094a15eda 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -84,6 +84,8 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
   gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
-- 
2.29.2.windows.2