From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web10.5195.1615271106670106018 for ; Mon, 08 Mar 2021 22:25:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=eLQMO9O9; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) IronPort-SDR: Ukmv9qtAywxUWV8b+uLDCadzHhhhfAG3epppmnCfuJN45Nzfy11U16H3c/nKFFTBLvBH23JvUG XWegxRcoHJHw== X-IronPort-AV: E=McAfee;i="6000,8403,9917"; a="184807470" X-IronPort-AV: E=Sophos;i="5.81,234,1610438400"; d="scan'208";a="184807470" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Mar 2021 22:25:05 -0800 IronPort-SDR: rJwMAD2y9WzLIzjZoQ5SLzA3bTWC4rFqtwa3Lq7bqlAdt7NW6tNetVRk8p2ePKduAsSHSSWQvB 8bKMK9xU5VXA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,234,1610438400"; d="scan'208";a="430645736" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga004.fm.intel.com with ESMTP; 08 Mar 2021 22:25:05 -0800 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 8 Mar 2021 22:25:05 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Mon, 8 Mar 2021 22:25:05 -0800 Received: from NAM04-SN1-obe.outbound.protection.outlook.com (104.47.44.57) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Mon, 8 Mar 2021 22:25:05 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jDIORnKOumC96qIOvXXHy2LI6NUUxUQDgtd+7w2AZP4CmL6MV2Ymmo0FHbD9j4PtVkso3QBDWXm+z1y2T31HIGEs35CoH5A0aoGY6DcXB9q0BpOZ9VUMeaQQ9+qCiDjsT9lRd38gMH1mKt0ISVbXSZ7n9He7cDZ30CigENwSJSpFb7N46IWaZoHDT7I/pBgPeTWIqyW4mJATdVdBe/RNeEbpoE/sD//eznVxTe/jkl8uB0kpCKlIamMr+Bz14wdjsSuCIHChzIbu29nBwgG3Dug42H8/egMSysqyC7PiwCN9qkJ7u8UNEr4curjJAD3KhdU5YwbBk8lBWOX8S4p4gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+9Hzgm93ULBG8+ZcydSzD5UNNqtcQtfW3cDkLamsHRg=; b=nXRRxiYafrTgfWlfPm6s5zlFlkmf+hEqH3gq48IccjS1cHMHHjYF9kQCTecGYePP8TvbJmTHZPoBcXDiuBPU2Yxkd01sK/eEeaz0FhDh6yI7j0FtthxLYk3LzaNd/BbdiC13PTpsSlmL1icLrE3hsdMoB0/My5VEQIfBl20Kg5p1BBXMNsjbcS26OZgtWiBh705Mzzm3kMT8jRHlIiM/cimdGSsMedcCHCzh7nzwxEGxmpUc22dFgKnD/bu8Ifg/Wrk1fe6Q11EBlJSCEBxSODKhy+9bl8P6cEEaHkK0tsY8i9lfR5IrgsYLsKrgIZBiyOaHDl2ymGj5Edry2lMSAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+9Hzgm93ULBG8+ZcydSzD5UNNqtcQtfW3cDkLamsHRg=; b=eLQMO9O9PTizRjJNBdAvlVPTqcRL57KlOjTf9ymQrKdcgX7zx4+bRwreL8J2BT1sXxwFw4QcTOvv6mVuUGoGsMetw36PkajD65K1blUnPeDA9KEwXieA/z6UlMWC6snhVP5Gz4sV3CyB+8DJul0OH8aoy7r/NCtpfo/PuSDpqzE= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BYAPR11MB2823.namprd11.prod.outlook.com (2603:10b6:a02:c1::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Tue, 9 Mar 2021 06:25:03 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3912.027; Tue, 9 Mar 2021 06:25:03 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "devel@edk2.groups.io" CC: Liming Gao , "Liu, Zhiguang" , "Reiland, Doug" Subject: Re: [PATCH V3 1/3] MdePkg: Add Tdx support lib Thread-Topic: [PATCH V3 1/3] MdePkg: Add Tdx support lib Thread-Index: AQHXFKtixem4muRQLEONRceY9Bucg6p7LnEQ Date: Tue, 9 Mar 2021 06:25:03 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.206] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3f5bfdbc-2769-4375-c31a-08d8e2c4132f x-ms-traffictypediagnostic: BYAPR11MB2823: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: E5QdL1wQKJxTli7/6sSaCy+8D/qUcx6rMiHQTw7vI2/pxfi2OGgyA9I8E7i1tItrmizRjnvV4EbAKBY2Nj7L9X88tt0a5L/mRrN06yljhJ7r2xfyb/tU/RJ2BNZ16J0tnMdxDJPvooAgLN9kJX5K4sqEnu40gFXA3Q2cj34VQ0erRjwAHDB8T2rl5zAy0Jz6MSX2rDM+Mo6wOksGjNwnATXtPi5+bgCASstHetNJcGMgJBtqX9iRztheI0Al23Uq20sWbPb3ydNKX9XL9Kx5/1mBOxhxn+3OJZKmEwmC/6OnO+ALEdFS/zIVikuf35LVBC7awIt8Mjp4kTR0BPuguPHf0z9rmp0vDq2by5e7TaUNKOcE883U5UBtcbhsB0AP7DaGlhhTRyF99UBVJpwwvinvco6FfBe9bmsVHo89JmhXX8ola9pjjM77Suh56XKIzi4iKfKD/cbxmp1z5YKFsrvSzBXjt7j6YMZd4UW+rANXroF5bJH5g+kUrDKCftmqKafZ9d8Pl7R15XeKVRlDtrAHbnK+KLLGszEBk3geRUEt6RToJmxReoIEAXPy6iH+nPAswklmPfUuqquIJZ+jkpXVi2x6szgDVL5E+Sb/JEQ= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(396003)(346002)(376002)(136003)(39860400002)(7696005)(53546011)(2906002)(55016002)(33656002)(478600001)(26005)(66556008)(5660300002)(6506007)(9686003)(54906003)(30864003)(966005)(71200400001)(52536014)(8936002)(110136005)(83380400001)(186003)(316002)(15188155005)(64756008)(107886003)(4326008)(16799955002)(66946007)(66446008)(8676002)(66476007)(76116006)(86362001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?CyzNuNyhaZEFo5TiK+V9+8NxyTMlIlB5DtJV753WjcWbFo6pkG5iD/YC9rhU?= =?us-ascii?Q?EmtcTQrLd0sRC/hhs+dQoFqXdg7GzzXnto52V+DrVvkeOdO0qUQ6RMqESYme?= =?us-ascii?Q?k/DrhqkBp9xXyyn70jmumJ7sCDJ18zeJtGsLwv8ToXcXz2chQ9pju0BBG0Jn?= =?us-ascii?Q?5SwmtziqtO1NzPQSKPY2PL4GDeZMdSq1X6tL9TCh2fJv+/GSUvuQv+Yyr5FQ?= =?us-ascii?Q?hamHLiqFljRJi6T2IJIsX/vMHEaN2WoxmBqXpQ0El77dfDLJE+y6ljDG5Ud+?= =?us-ascii?Q?Nccv2FJyNDGVySo4DGmZciruc3D0X9/gMavrF7XY4h6Kr8uLDXIUA0Rv4qqJ?= =?us-ascii?Q?Ydv6h/YwR3j0XLjI24lM5wWjQnG8hKxoM8GQY2BeR2nh2czvJaoDMZmuebTB?= =?us-ascii?Q?LBto8Y9qx/OsBN1wfq9oBiaeqgcRK1ZH6rK5xgT/HurstwWiNkhXmls99Gyb?= =?us-ascii?Q?Be8nLbfDw7jM+aaxL5Z+S9b0PGCBmuB5KHAHUpDA6EJXmg58ZMH/YrQgf2Cm?= =?us-ascii?Q?+jSXJrzZDk7iZKN5uiWGLEZQb9KljIYUleRxbLY2oNgyrjvxXwmhZXyeNJsP?= =?us-ascii?Q?WkQ4/gFjqFM4edAO5+AjY29Zc6ZFg/XEU6hax2rhL6wzQaVHA/vY6++tWar8?= =?us-ascii?Q?l7hzuZBfT3O6AtBuRXuyvhdsO9b0g3ltDsNGn+5MdqIAazxXoJ27L/cZSnlT?= =?us-ascii?Q?A9R2qzpWD0O014B1gzIjlDNUeaBp1gdmNiyqGxzMoDTqDLhWvMVuf6mcyRA2?= =?us-ascii?Q?ywuxDkSuUKQ0Klu7Zla/QshYr08N2Sv/PMYr02GRA2CGIFXAF+e9LsrgAXl8?= =?us-ascii?Q?EKJwrpTBbO3S8hoOKvwT4ch6W71C6UprJ7Hz8RJCk6nXvYF2yVCRp1Rp+kwu?= =?us-ascii?Q?3TEyrB+GWbQa0Lv2a21XFySMfn1uZM2+qAkSssUiFTE1d9ZN5mz0pPKZU63B?= =?us-ascii?Q?VSWyJpT1J6IVzb0ehQdxr5HE0CxKSLtKBebw26cdLerqOU+SZRrxSUYcdA+8?= =?us-ascii?Q?nXtV+hs44+QOcuWrR3+UGHrlKU6xdfkd4QMnh3yb/2JGuNfXrWdYzNW97P9X?= =?us-ascii?Q?WUB6z3SLWEzgHNHfTzuyrj/yBc0kdWKiwhOnvX211gE/dhWoJ9jsJ0G/+5o6?= =?us-ascii?Q?WUK4OfnHk/XF7BLafqviBSKdOv0UY0JNHPfo8SG2wcVbUhLxcmZCqa78Qmhh?= =?us-ascii?Q?nNT8E0sMYb6/ki5FE7D6pxJJ386SZpHsAQ3v926qBdhAc/tiX6PSbfAMRYYR?= =?us-ascii?Q?iwXFjm8JFaxzIgw3KgTQjiyB4hr2vzlxIqhp0egU/ty5fAeC2umB74X0GxxE?= =?us-ascii?Q?/lFd4Ko92hOw+0vl2/DsgJEs?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3f5bfdbc-2769-4375-c31a-08d8e2c4132f X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2021 06:25:03.5280 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Hm5ki8LeDYWBgVFcF3wqCAA6Bpy7IhkvYgIeLLHa8EHD23GTrGw+mUuVufmwqFftr2Xl5KhkndPsGakY+KCoew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2823 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Min Some recommendation: 1) Please separate 1 big patch to multiple smaller ones. 1 patch for TdxLib 1 patch for Tdx protocol. 1 patch for TDX event log ACPI table. 1 patch for TDX Library. 2) The ACPI definition from TDX protocol should be isolated to TdxAcpi.h #define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', 'L') 3) There is no description for TD protocol itself and TD event data ACPI ta= ble. Please add them. You may copy some content from the specification. 4) I think we are following TDX spec to provide TdxLib. I don't see the need to provide NULL version in MdePkg. We can put real Tdx= Lib to MdePkg. 5) If possible, please provide TDX spec link in the file header comment ses= sion. As such, the reviewer can check the spec easily. > -----Original Message----- > From: Xu, Min M > Sent: Tuesday, March 9, 2021 2:13 PM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Liming Gao > ; Liu, Zhiguang ; Yao, > Jiewen ; Reiland, Doug > Subject: [PATCH V3 1/3] MdePkg: Add Tdx support lib >=20 > Intel Trust Domain Extension (Intel TDX) refers to an Intel technology > that extends Virtual Machines Extensions (VMX) and Multi-Key Total > Memory Encryption (MKTME) with a new kind of virtual machine guest > called a Trust Domain (TD). >=20 > TdxLib is created with functions to perform the related Tdx operation. > This includes functions for: > - TdCall : to cause a VM exit to the Intel TDX module > - TdVmCall : it is a leaf function 0 for TDCALL > - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID > - TdReport : to retrieve TDREPORT_STRUCT > - TdAcceptPages : to accept pending private pages > - TdExtendRtmr : to extend one of the RTMR registers >=20 > The base function in this dirver will not do anything and will return > an error if a return value is required. It is expected that other > packages (like OvmfPkg) will create a version of the library to fully > support a TD guest. >=20 > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Jiewen Yao >=20 > Signed-off-by: Min Xu > Signed-off-by: Doug Reiland > --- > MdePkg/Include/IndustryStandard/Tdx.h | 201 ++++++++++++++++++++++++++ > MdePkg/Include/Library/TdxLib.h | 165 +++++++++++++++++++++ > MdePkg/Include/Protocol/Tdx.h | 29 ++++ > MdePkg/Library/TdxLib/TdxLibNull.c | 155 ++++++++++++++++++++ > MdePkg/Library/TdxLib/TdxLibNull.inf | 33 +++++ > 5 files changed, 583 insertions(+) > create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h > create mode 100644 MdePkg/Include/Library/TdxLib.h > create mode 100644 MdePkg/Include/Protocol/Tdx.h > create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c > create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf >=20 > diff --git a/MdePkg/Include/IndustryStandard/Tdx.h > b/MdePkg/Include/IndustryStandard/Tdx.h > new file mode 100644 > index 000000000000..dbcc31c26528 > --- /dev/null > +++ b/MdePkg/Include/IndustryStandard/Tdx.h > @@ -0,0 +1,201 @@ > +/** @file > + Intel Trust Domain Extension definitions > + > + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
> + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be found > at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef _TDX_H_ > +#define _TDX_H_ > + > +#define EXIT_REASON_EXTERNAL_INTERRUPT 1 > +#define EXIT_REASON_TRIPLE_FAULT 2 > + > +#define EXIT_REASON_PENDING_INTERRUPT 7 > +#define EXIT_REASON_NMI_WINDOW 8 > +#define EXIT_REASON_TASK_SWITCH 9 > +#define EXIT_REASON_CPUID 10 > +#define EXIT_REASON_HLT 12 > +#define EXIT_REASON_INVD 13 > +#define EXIT_REASON_INVLPG 14 > +#define EXIT_REASON_RDPMC 15 > +#define EXIT_REASON_RDTSC 16 > +#define EXIT_REASON_VMCALL 18 > +#define EXIT_REASON_VMCLEAR 19 > +#define EXIT_REASON_VMLAUNCH 20 > +#define EXIT_REASON_VMPTRLD 21 > +#define EXIT_REASON_VMPTRST 22 > +#define EXIT_REASON_VMREAD 23 > +#define EXIT_REASON_VMRESUME 24 > +#define EXIT_REASON_VMWRITE 25 > +#define EXIT_REASON_VMOFF 26 > +#define EXIT_REASON_VMON 27 > +#define EXIT_REASON_CR_ACCESS 28 > +#define EXIT_REASON_DR_ACCESS 29 > +#define EXIT_REASON_IO_INSTRUCTION 30 > +#define EXIT_REASON_MSR_READ 31 > +#define EXIT_REASON_MSR_WRITE 32 > +#define EXIT_REASON_INVALID_STATE 33 > +#define EXIT_REASON_MSR_LOAD_FAIL 34 > +#define EXIT_REASON_MWAIT_INSTRUCTION 36 > +#define EXIT_REASON_MONITOR_TRAP_FLAG 37 > +#define EXIT_REASON_MONITOR_INSTRUCTION 39 > +#define EXIT_REASON_PAUSE_INSTRUCTION 40 > +#define EXIT_REASON_MCE_DURING_VMENTRY 41 > +#define EXIT_REASON_TPR_BELOW_THRESHOLD 43 > +#define EXIT_REASON_APIC_ACCESS 44 > +#define EXIT_REASON_EOI_INDUCED 45 > +#define EXIT_REASON_GDTR_IDTR 46 > +#define EXIT_REASON_LDTR_TR 47 > +#define EXIT_REASON_EPT_VIOLATION 48 > +#define EXIT_REASON_EPT_MISCONFIG 49 > +#define EXIT_REASON_INVEPT 50 > +#define EXIT_REASON_RDTSCP 51 > +#define EXIT_REASON_PREEMPTION_TIMER 52 > +#define EXIT_REASON_INVVPID 53 > +#define EXIT_REASON_WBINVD 54 > +#define EXIT_REASON_XSETBV 55 > +#define EXIT_REASON_APIC_WRITE 56 > +#define EXIT_REASON_RDRAND 57 > +#define EXIT_REASON_INVPCID 58 > +#define EXIT_REASON_VMFUNC 59 > +#define EXIT_REASON_ENCLS 60 > +#define EXIT_REASON_RDSEED 61 > +#define EXIT_REASON_PML_FULL 62 > +#define EXIT_REASON_XSAVES 63 > +#define EXIT_REASON_XRSTORS 64 > + > +// TDCALL API Function Completion Status Codes > +#define TDX_EXIT_REASON_SUCCESS 0x0000000000000000 > +#define TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED > 0x00000B0A00000000 > +#define TDX_EXIT_REASON_OPERAND_INVALID 0xC000010000000000 > +#define TDX_EXIT_REASON_OPERAND_BUSY 0x8000020000000000 > + > +#define TDCALL_TDVMCALL 0 > +#define TDCALL_TDINFO 1 > +#define TDCALL_TDEXTENDRTMR 2 > +#define TDCALL_TDGETVEINFO 3 > +#define TDCALL_TDREPORT 4 > +#define TDCALL_TDSETCPUIDVE 5 > +#define TDCALL_TDACCEPTPAGE 6 > + > +#define TDVMCALL_CPUID 0x0000a > +#define TDVMCALL_HALT 0x0000c > +#define TDVMCALL_IO 0x0001e > +#define TDVMCALL_RDMSR 0x0001f > +#define TDVMCALL_WRMSR 0x00020 > +#define TDVMCALL_MMIO 0x00030 > +#define TDVMCALL_PCONFIG 0x00041 > + > +#define TDVMCALL_GET_TDVMCALL_INFO 0x10000 > +#define TDVMCALL_MAPGPA 0x10001 > +#define TDVMCALL_GET_QUOTE 0x10002 > +#define TDVMCALL_REPORT_FATAL_ERR 0x10003 > +#define TDVMCALL_SETUP_EVENT_NOTIFY 0x10004 > + > +#pragma pack(1) > +typedef struct { > + UINT64 Data[6]; > +} TDCALL_GENERIC_RETURN_DATA; > + > +typedef struct { > + UINT64 Gpaw; > + UINT64 Attributes; > + UINT32 MaxVcpus; > + UINT32 NumVcpus; > + UINT64 Resv[3]; > +} TDCALL_INFO_RETURN_DATA; > + > +typedef union { > + UINT64 Val; > + struct { > + UINT32 Size:3; > + UINT32 Direction:1; > + UINT32 String:1; > + UINT32 Rep:1; > + UINT32 Encoding:1; > + UINT32 Resv:9; > + UINT32 Port:16; > + UINT32 Resv2; > + } Io; > +} VMX_EXIT_QUALIFICATION; > + > +typedef struct { > + UINT32 ExitReason; > + UINT32 Resv; > + VMX_EXIT_QUALIFICATION ExitQualification; > + UINT64 GuestLA; > + UINT64 GuestPA; > + UINT32 ExitInstructionLength; > + UINT32 ExitInstructionInfo; > + UINT32 Resv1; > +} TDCALL_VEINFO_RETURN_DATA; > + > +typedef union { > + TDCALL_GENERIC_RETURN_DATA Generic; > + TDCALL_INFO_RETURN_DATA TdInfo; > + TDCALL_VEINFO_RETURN_DATA VeInfo; > +} TD_RETURN_DATA; > + > +/* data structure used in TDREPORT_STRUCT */ > +typedef struct{ > + UINT8 Type; > + UINT8 Subtype; > + UINT8 Version; > + UINT8 Rsvd; > +}TD_REPORT_TYPE; > + > +typedef struct{ > + TD_REPORT_TYPE ReportType; > + UINT8 Rsvd1[12]; > + UINT8 CpuSvn[16]; > + UINT8 TeeTcbInfoHash[48]; > + UINT8 TeeInfoHash[48]; > + UINT8 ReportData[64]; > + UINT8 Rsvd2[32]; > + UINT8 Mac[32]; > +}REPORTMACSTRUCT; > + > +typedef struct{ > + UINT8 Seam[2]; > + UINT8 Rsvd[14]; > +}TEE_TCB_SVN; > + > +typedef struct{ > + UINT8 Valid[8]; > + TEE_TCB_SVN TeeTcbSvn; > + UINT8 Mrseam[48]; > + UINT8 Mrsignerseam[48]; > + UINT8 Attributes[8]; > + UINT8 Rsvd[111]; > +}TEE_TCB_INFO; > + > +typedef struct{ > + UINT8 Attributes[8]; > + UINT8 Xfam[8]; > + UINT8 Mrtd[48]; > + UINT8 Mrconfigid[48]; > + UINT8 Mrowner[48]; > + UINT8 Mrownerconfig[48]; > + UINT8 Rtmrs[4][48]; > + UINT8 Rsvd[112]; > +}TDINFO; > + > +typedef struct{ > + REPORTMACSTRUCT ReportMacStruct; > + TEE_TCB_INFO TeeTcbInfo; > + UINT8 Rsvd[17]; > + TDINFO Tdinfo; > +}TDREPORT_STRUCT; > + > +#pragma pack() > + > +#endif > + > diff --git a/MdePkg/Include/Library/TdxLib.h b/MdePkg/Include/Library/Tdx= Lib.h > new file mode 100644 > index 000000000000..5e8634c6df79 > --- /dev/null > +++ b/MdePkg/Include/Library/TdxLib.h > @@ -0,0 +1,165 @@ > +/** @file > + TdxLib definitions > + > + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
> + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be found > at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef _TDX_LIB_H_ > +#define _TDX_LIB_H_ > + > +#include > +#include > +#include > +#include > + > +/** > + This function retrieve TDREPORT_STRUCT structure from TDX. > + The struct contains the measurements/configuration information of > + the guest TD that called the function, measurements/configuratio > + information of the TDX-SEAM module and a REPORTMACSTRUCT. > + The REPORTMACSTRUCT is integrity protected with a MAC and > + contains the hash of the measurements and configuration > + as well as additional REPORTDATA provided by the TD software. > + > + AdditionalData, a 64-byte value, is provided by the guest TD > + to be included in the TDREPORT > + > + @param[in,out] Report Holds the TEREPORT_STRUCT. > + @param[in] ReportSize Size of the report. It must be > + larger than 1024B. > + @param[in] AdditionalData Point to the additional data. > + @param[in] AdditionalDataSize Size of the additional data. > + If AdditionalData !=3D NULL, then > + this value must be 64B. > + > + @return EFI_SUCCESS > + @return EFI_INVALID_PARAMETER > + @return EFI_DEVICE_ERROR > + > +**/ > +EFI_STATUS > +EFIAPI > +TdReport( > + IN OUT UINT8 *Report, > + IN UINT32 ReportSize, > + IN UINT8 *AdditionalData, > + IN UINT32 AdditionalDataSize > +); > + > +/** > + This function accept a pending private page, and initialize the page t= o > + all-0 using the TD ephemeral private key. > + > + @param[in] StartAddress Guest physical address of the private pag= e > + to accept. > + @param[in] NumberOfPages Number of the pages to be accepted. > + > + @return EFI_SUCCESS > +**/ > +EFI_STATUS > +EFIAPI > +TdAcceptPages ( > + IN UINT64 StartAddress, > + IN UINT64 NumberOfPages > + ); > + > +/** > + This function extends one of the RTMR measurement register > + in TDCS with the provided extension data in memory. > + RTMR extending supports SHA384 which length is 48 bytes. > + > + @param[in] Data Point to the data to be extended > + @param[in] DataLen Length of the data. Must be 48 > + @param[in] Index RTMR index > + > + @return EFI_SUCCESS > + @return EFI_INVALID_PARAMETER > + @return EFI_DEVICE_ERROR > + > +**/ > +EFI_STATUS > +EFIAPI > +TdExtendRtmr( > + IN UINT32 *Data, > + IN UINT32 DataLen, > + IN UINT8 PcrIndex > + ); > + > +/** > + The TDCALL instruction causes a VM exit to the Intel TDX module. It i= s > + used to call guest-side Intel TDX functions, either local or a TD exit > + to the host VMM, as selected by Leaf. > + Leaf functions are described at + www/us/en/develop/articles/intel-trust-domain-extensions.html> > + > + @param[in] Leaf Leaf number of TDCALL instruction > + @param[in] Arg1 Arg1 > + @param[in] Arg2 Arg2 > + @param[in] Arg3 Arg3 > + @param[in,out] Results Returned result of the Leaf function > + > + @return EFI_SUCCESS > + @return Other See individual leaf functions > +**/ > +EFI_STATUS > +EFIAPI > +TdCall( > + IN UINT64 Leaf, > + IN UINT64 Arg1, > + IN UINT64 Arg2, > + IN UINT64 Arg3, > + IN OUT VOID *Results > + ); > + > +/** > + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from= the > + host VMM to pass/receive information. > + > + @param[in] Leaf Number of sub-functions > + @param[in] Arg1 Arg1 > + @param[in] Arg2 Arg2 > + @param[in] Arg3 Arg3 > + @param[in] Arg4 Arg4 > + @param[in,out] Results Returned result of the sub-function > + > + @return EFI_SUCCESS > + @return Other See individual sub-functions > + > +**/ > +EFI_STATUS > +EFIAPI > +TdVmCall ( > + IN UINT64 Leaf, > + IN UINT64 Arg1, > + IN UINT64 Arg2, > + IN UINT64 Arg3, > + IN UINT64 Arg4, > + IN OUT VOID *Results > + ); > + > +/** > + This function enable the TD guest to request the VMM to emulate CPUID > + operation, especially for non-architectural, CPUID leaves. > + > + @param[in] Eax Main leaf of the CPUID > + @param[in] Ecx Sub-leaf of the CPUID > + @param[out] Results Returned result of CPUID operation > + > + @return EFI_SUCCESS > +**/ > +EFI_STATUS > +EFIAPI > +TdVmCallCpuid ( > + IN UINT64 Eax, > + IN UINT64 Ecx, > + OUT VOID *Results > + ); > +#endif > diff --git a/MdePkg/Include/Protocol/Tdx.h b/MdePkg/Include/Protocol/Tdx.= h > new file mode 100644 > index 000000000000..b5e9b19c1276 > --- /dev/null > +++ b/MdePkg/Include/Protocol/Tdx.h > @@ -0,0 +1,29 @@ > +/** @file > + If TD-Guest firmware supports measurement and an event is created, TD- > Guest > + firmware is designed to report the event log with the same data struct= ure > + in TCG-Platform-Firmware-Profile specification with > + EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. > + > + The TD-Guest firmware supports measurement, the TD Guest Firmware is > designed > + to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID to > report > + event log and provides hash capability. > + > +Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > + > +#ifndef __EFI_TDX_H__ > +#define __EFI_TDX_H__ > + > +#include > + > +#define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', 'L') > + > +#define EFI_TD_PROTOCOL_GUID \ > + {0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xa= e, > 0x6b }} > +extern EFI_GUID gEfiTdProtocolGuid; > + > + > +#endif > diff --git a/MdePkg/Library/TdxLib/TdxLibNull.c > b/MdePkg/Library/TdxLib/TdxLibNull.c > new file mode 100644 > index 000000000000..8d759e4d33a4 > --- /dev/null > +++ b/MdePkg/Library/TdxLib/TdxLibNull.c > @@ -0,0 +1,155 @@ > +/** @file > + Null instance of TdxLib. > + > + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
> + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be found > at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > + > +#include > +#include > +#include > +#include > + > +/** > + This function retrieve TDREPORT_STRUCT structure from TDX. > + The struct contains the measurements/configuration information of > + the guest TD that called the function, measurements/configuratio > + information of the TDX-SEAM module and a REPORTMACSTRUCT. > + The REPORTMACSTRUCT is integrity protected with a MAC and > + contains the hash of the measurements and configuration > + as well as additional REPORTDATA provided by the TD software. > + > + AdditionalData, a 64-byte value, is provided by the guest TD > + to be included in the TDREPORT > + > + @param[in,out] Report Holds the TEREPORT_STRUCT. > + @param[in] ReportSize Size of the report. It must be > + larger than 1024B. > + @param[in] AdditionalData Point to the additional data. > + @param[in] AdditionalDataSize Size of the additional data. > + If AdditionalData !=3D NULL, then > + this value must be 64B. > + > + @return EFI_SUCCESS > + @return EFI_INVALID_PARAMETER > + @return EFI_DEVICE_ERROR > + > +**/ > +EFI_STATUS > +EFIAPI > +TdReport( > + IN OUT UINT8 *Report, > + IN UINT32 ReportSize, > + IN UINT8 *AdditionalData, > + IN UINT32 AdditionalDataSize > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + This function accept a pending private page, and initialize the page t= o > + all-0 using the TD ephemeral private key. > + > + @param[in] StartAddress Guest physical address of the private pag= e > + to accept. > + @param[in] NumberOfPages Number of the pages to be accepted. > + > + @return EFI_UNSUPPORTED > +**/ > +EFI_STATUS > +EFIAPI > +TdAcceptPages ( > + IN UINT64 StartAddress, > + IN UINT64 NumberOfPages > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + The TDCALL instruction causes a VM exit to the Intel TDX module. It i= s > + used to call guest-side Intel TDX functions, either local or a TD exit > + to the host VMM, as selected by Leaf. > + Leaf functions are described at + www/us/en/develop/articles/intel-trust-domain-extensions.html> > + > + @param[in] Leaf Leaf number of TDCALL instruction > + @param[in] Arg1 Arg1 > + @param[in] Arg2 Arg2 > + @param[in] Arg3 Arg3 > + @param[in,out] Results Returned result of the Leaf function > + > + @return EFI_SUCCESS > + @return Other See individual leaf functions > +**/ > +EFI_STATUS > +EFIAPI > +TdCall( > + IN UINT64 Leaf, > + IN UINT64 Arg1, > + IN UINT64 Arg2, > + IN UINT64 Arg3, > + IN OUT VOID *Results > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from= the > + host VMM to pass/receive information. > + > + @param[in] Leaf Number of sub-functions > + @param[in] Arg1 Arg1 > + @param[in] Arg2 Arg2 > + @param[in] Arg3 Arg3 > + @param[in] Arg4 Arg4 > + @param[in,out] Results Returned result of the sub-function > + > + @return EFI_SUCCESS > + @return Other See individual sub-functions > + > +**/ > +EFI_STATUS > +EFIAPI > +TdVmCall ( > + IN UINT64 Leaf, > + IN UINT64 Arg1, > + IN UINT64 Arg2, > + IN UINT64 Arg3, > + IN UINT64 Arg4, > + IN OUT VOID *Results > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + This function enable the TD guest to request the VMM to emulate CPUID > + operation, especially for non-architectural, CPUID leaves. > + > + @param[in] Eax Main leaf of the CPUID > + @param[in] Ecx Sub-leaf of the CPUID > + @param[in,out] Results Returned result of CPUID operation > + > + @return EFI_SUCCESS > +**/ > +EFI_STATUS > +EFIAPI > +TdVmCallCpuid ( > + IN UINT64 Eax, > + IN UINT64 Ecx, > + IN OUT VOID *Results > + ) > +{ > + return EFI_UNSUPPORTED; > +} > diff --git a/MdePkg/Library/TdxLib/TdxLibNull.inf > b/MdePkg/Library/TdxLib/TdxLibNull.inf > new file mode 100644 > index 000000000000..0d07595a8c3e > --- /dev/null > +++ b/MdePkg/Library/TdxLib/TdxLibNull.inf > @@ -0,0 +1,33 @@ > +## @file > +# Null Tdx library instance > +# > +# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
> +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the = BSD > License > +# which accompanies this distribution. The full text of the license may= be found > at > +# http://opensource.org/licenses/bsd-license.php. > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D TdxLibNull > + FILE_GUID =3D 05C5E621-FC66-4420-9C80-F0DE9E5B95F= F > + MODULE_TYPE =3D BASE > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D TdxLib > + > +# > +# The following information is for reference only and not required by th= e build > tools. > +# > +# VALID_ARCHITECTURES =3D X64 > +# > + > +[Sources] > + TdxLibNull.c > + > +[Packages] > + MdePkg/MdePkg.dec > -- > 2.29.2.windows.2