From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.2469.1645581519272827068 for ; Tue, 22 Feb 2022 17:58:39 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=LiIVBTNe; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645581519; x=1677117519; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=lfkbopBu1zhfS7WpvCt83PHRguLmkredozcdfdjGn4Y=; b=LiIVBTNe8UMJuhTmaOFGwy8LE5PIdIDqThwxyZadpmV1QK5KHihhwZYg s9kNeurkb/8vQV3oGh0H35FPAOqeVXdhUKNWK/JP6oLzWaQOV7aM4+Tsw SBhL0Se/8trMMBDl8Azny+igmPDMZ8xMgz572kCtHsyf35uAtN9waftJ6 7xLGinU6OeTnyEi9/J+NkIWuCeZpNMrW6atLUj1nPc8nRH/bYfwKMTSVE ZkLXfgYoOc5Y2bWuz+nLXkQH/14ocVZXL9ovwTsqGTK54s4bgnLTIwJbF mmeaL/9OKpt0sRpUjGj7xCeQOv9DDKKpMVEeSgB27ZGk+x4Oq9PEBx2Nh g==; X-IronPort-AV: E=McAfee;i="6200,9189,10266"; a="232483330" X-IronPort-AV: E=Sophos;i="5.88,389,1635231600"; d="scan'208";a="232483330" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2022 17:58:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,389,1635231600"; d="scan'208";a="532485612" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by orsmga007.jf.intel.com with ESMTP; 22 Feb 2022 17:58:37 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Tue, 22 Feb 2022 17:58:37 -0800 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Tue, 22 Feb 2022 17:58:36 -0800 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21 via Frontend Transport; Tue, 22 Feb 2022 17:58:36 -0800 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.46) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Tue, 22 Feb 2022 17:58:32 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qc/AwMKg3vUftmv50RNAnZl2DAhTjzKC/vTzW+1C+QQGqjAVOm7iOWhBl5aj0Ag5/KRNGKJG63gkvRr+QCAuXuI/z7h3mUy7dfsGJdQtShIRnmQlz4GHnBM3uhh6yQwC2NQf2P5EPXOuTrc038ioeTYDYE3FSufOwmPA89lsDzumK7br5hwiRGsfKmo/EOjvMSaMnTXiyCbmNuQiLKyV77nvXR0Z5hvWiAeGN10+i629Cjdly00tHqoiFZhpaJVhKCPIhnWg6G7N9l+pBXawcfB62qqljZqzZYy8grnEk3Yo6H3Wx3/31suOGs3xoYuknE004FH+8CZt/dlAR9ezdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=r0Vk5AcogkGIkbVFGdACvpmqe4PZ5cXm58CQEWqf/AI=; b=IYDgFO7Aq+Fvya5alfy7zGAd/lVWOTUi4eXhfv7hrEZBxMeRhlO0AQYaXDAzbKxx4/LqxMnCRGIIJH/LD4QwQPkjbUjf/I3zN2lP6O3iEkK6s8c3eGaOXnv1E9RjW8QRksrRI0nL7dznixc4dJ2dMwKFiinZx6AFMf0t1gO4uSrXoY6vC/H7TKFXcqdZuULWMXUUcXoF0TXmNFmIKL/oyvIHBC8VifPLRgaxm5x6oy/egVKIKAmpi42M/lRFyuW7C1lkD9dTai0zmP2E1RDh43hirZHUhCTfRJb7TpAQ0zr0s3a5QJB7anxrxet+go09UTsslQlUa/iMe94r4rXEHQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by MN2PR11MB3694.namprd11.prod.outlook.com (2603:10b6:208:f7::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.15; Wed, 23 Feb 2022 01:58:17 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::98f5:edb6:aee6:6886]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::98f5:edb6:aee6:6886%8]) with mapi id 15.20.4995.026; Wed, 23 Feb 2022 01:58:17 +0000 From: "Min Xu" To: "devel@edk2.groups.io" CC: "Kinney, Michael D" , "Gao, Liming" , "Liu, Zhiguang" , "Brijesh Singh" , "Aktas, Erdem" , "James Bottomley" , "Yao, Jiewen" , "Tom Lendacky" , Gerd Hoffmann Subject: Re: [PATCH V6 03/42] MdePkg: Add TdxLib to wrap Tdx operations Thread-Topic: [PATCH V6 03/42] MdePkg: Add TdxLib to wrap Tdx operations Thread-Index: AQHYJYfiH8yAxhZp2U6mtgVGpPbym6ygZnng Date: Wed, 23 Feb 2022 01:58:17 +0000 Message-ID: References: <2ee5360df110eec93947d6b541404274b60b42fa.1645261990.git.min.m.xu@intel.com> In-Reply-To: <2ee5360df110eec93947d6b541404274b60b42fa.1645261990.git.min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6df8fa3e-bf0e-4641-393e-08d9f66ff5d5 x-ms-traffictypediagnostic: MN2PR11MB3694:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vAGO3thEiQEJfWKdjVSptr6dVQKJPK6HzS0JHcLKVXFMmDzfo+d6Jhin962fcffNvW0SSwSIkgyfYJjEDSIjC5woinzT1Pcz+2w06a2+n/br9hebARFf0yogymcebUW4TWNnxD8OELIu9JQ09Woj+sB7PRKuE4npU5kMLHD9wuwzXbAj4bFyUASwdA0EnYYJ+u6K4Y2Ch535VzUrvG0eYEkCIdUOtiPEAbe54sbtKIW4wHjedSgRKrulQtvqMnjdXMmfd5rr0C8BkFNTx/81qp4yVfeqcBIuVxRATgxKw6W81/xEpteYcyhr+extf3ghBAaqLAmiTHWZuNOVPC2Y8Pf08PgjVG9T6I6dzhwSoDC45pw+5XC6QcSW4z36mg6Ha0U98jICLLQtYwjzUIO/OnG3UU+9x0OtT7/x8V2UKZAkoHHsIbUalreOi3QWEDiUg/XkG52MFhvqDjptjMp6zBymFq39BCP5K+90SS0pIhJ0g5izeu7EOcnqSm4mn766crNbGyTDzHodnIREJ+/t/eAd83EaN8koomk7t/YejRCT+W7/PqCvNoTq+xG+98cHRUKgU0hLP4Wl7I+0TFX8zxexWyevobK9A/SUHDG83s7MSKKBX6zZfitPK9ua/p9jPcvuKRh2qkYLIh9dkNTg9CxEYkLIFYU4Y3FDrVkYfK76LsgBwz/kRnzWwCQUAOlrZQCM4RsBLBRBvUcVSeokPt/3eglqqTaBwb0NS5uNcjcvL4g+7wZmoDS21Qruvwld/LUU0I6n7lAwl49uMWhbuv1m8FOvG9bTHdF9aLsVqnHqdGPepNjUR8sXH94e+2MWfXBvGhAW1wjyk5oeyMH66g== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(86362001)(66556008)(66446008)(38070700005)(82960400001)(38100700002)(66476007)(64756008)(122000001)(8676002)(5660300002)(6916009)(316002)(4326008)(54906003)(66946007)(76116006)(2906002)(55016003)(30864003)(52536014)(8936002)(71200400001)(26005)(33656002)(186003)(508600001)(966005)(83380400001)(9686003)(7696005)(6506007)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?5SdOMcvVybpJsiL5qBiDh+7xHUnj7BiJoqowuTayEhYRUUjiCQepwisD6OVP?= =?us-ascii?Q?LrWNRtocStV6qb3czWlaISUXmv302OwGaLRG/XlFCAm62R6vinclvUT0BsOr?= =?us-ascii?Q?CFAB0E3AlLp7ua0/QfjN9PKL2ix5h2SjMfedjJV+JbB7wg0xZtZJ9M591/HD?= =?us-ascii?Q?JDvsE5vKlG8ctDx8bccsyjs2qRzFgkaR+SZ3Q8YcZ0GIXO1V9PyPEQnaJDq3?= =?us-ascii?Q?jaBg5HqVs4vG2pTNIz4hQEGQkOHH+CGN+KJ0kwqT5ouU/5WdY1DMk0WT7m3D?= =?us-ascii?Q?U8Y5aHgeRwOtzu5o/DyQMsKl3X8mhl2JR7sVs8Mv0loxcSxNsv6k5Z1oS3Ek?= =?us-ascii?Q?UO/46eNrBAcPTznfPYalH5JXFSjNKM9g9LID2mKqa0iXl4i2f9SUcoBaasr4?= =?us-ascii?Q?/lm5065PjDMNmwpS5Z/KozZ3q31nO0Cf4STJT5Aa5rl/XQhHny8Y5MlAbIM9?= =?us-ascii?Q?sPMg0BqgRH7kos0lwSBBBDCO1RfU/D2wHTPx4bZftNPVz3pTB9kzHdkVFpcW?= =?us-ascii?Q?vKXG55lZnj2s0M17Nl0I4nCflAshk2X9oi0iXJUmNgJztov/njhKMh9xzg8b?= =?us-ascii?Q?eFTmsa45nilRIPXMx4zrkpdPcTUJsFlJMZlsGyTMInaJT1XOQuWJ1XK0Cayq?= =?us-ascii?Q?WfQh1jw64kczKOKyZVyDOOBXeEhcplikyL7m5ZlWIB0WcZZlr/9la0fthBVH?= =?us-ascii?Q?cTCvTPLswX3f3owt9+pH6BiPJSkrpGUXEPxppx+SuiUQbM6I/nAc0FFXxLRV?= =?us-ascii?Q?sBhjH3DnhcQ0uQ1B+D3icuJW92qu9n721GiVNrcAnNDuEFDtw/eiFA3dTWUo?= =?us-ascii?Q?c5QlXwpN2jH0ofjn9ZqcQ18SjOboAVQa/NUKJggVWpdALDDSBOOByUri8MwQ?= =?us-ascii?Q?9CcJWI7zScPHUc6Ytt9v0Q15k3DaVV+xGLbGoXzdGDjaEh5L8OQa9dGZNtRM?= =?us-ascii?Q?qlred3GRWokCFft5oqH0KVc9lW/Xae3UXtHPtxna/MkFAkfsuhL4jBIwfWB4?= =?us-ascii?Q?f+DFIlb1QbCryN0Buczcsz0oFtp7/UCKOMXhBFHyCWXJDuCV2K3NaK2PWVwT?= =?us-ascii?Q?4r1yPY+e1fJjm/wICZIyvLp6aN+s9ZSyUxK71vYZRVF3LvLmR4tSmPTWzWXZ?= =?us-ascii?Q?smhb/LEhn90EyZhH+uXiJtKNMHzp+l3aIHlS3jx1e64WPGwYPojwuJlDdx/N?= =?us-ascii?Q?X/99w6SExeVpleh6KHuKuIGCcWXlqubS/DzfcDPX6LwMrZGCYQMXl8cq61Ws?= =?us-ascii?Q?jjtNa92Af+May2w31iumkWF4fs/h5bgq2wo3GDC7d3n8SPm8iuY5MWCLEi0Q?= =?us-ascii?Q?uJgW7Z0D++4GRahokZJZDoxLhqRj//73v5JXSL9yR7SYVCXwGXjBitnKHg3G?= =?us-ascii?Q?I6O3C8w/f5xo9o7IYS562OD+iPGysjBjUkCpUmdkaAP2ttGa55kZ7Z1iaydZ?= =?us-ascii?Q?Y5aZ088/sQjB4G1QDV3T2PMhlL4YE9SfNeHPSJ3ecQvyAgzHHNH6gbRvbbBc?= =?us-ascii?Q?a5ut9fCMrckQN1s5sONVu5CyNCHcZYX1z0hkEJ6UJcj4ze00g1RnDu7jc3DV?= =?us-ascii?Q?83hxH/xpv7MxIeBSZfSY1Len7NBuMp4kAg7BI2Wu9lT+DhLRZZdiUrd6BF4B?= =?us-ascii?Q?CSrlhtSvR8Wc48jebBxZeNA=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6df8fa3e-bf0e-4641-393e-08d9f66ff5d5 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2022 01:58:17.4412 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: D+x+IqpyS47eZa0+dYfzYITRmiNcN9tLIY/o9QB4pT5WZz8SebX46cvlumPRanJO6gpNGd6zoYvjON0CZZvvvQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3694 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Michael & Liming & Zhiguang I am doing the TDVF upstreaming and this commit is in MdeModulePkg. You're = the maintainer/reviewer of MdeModulePkg.=20 Your comments to this patch is great helpful. The complete code is at: https://github.com/mxu9/edk2/tree/tdvf_wave2.v6 Thanks Min >=20 > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 >=20 > TdxLib is created with functions to perform the related Tdx operation. > This includes functions for: > - TdAcceptPages : Accept pending private pages and initialize the page= s > to all-0 using the TD ephemeral private key. > - TdExtendRtmr : Extend measurement to one of the RTMR registers. > - TdSharedPageMask: Get the Td guest shared page mask which indicates it > is a Shared or Private page. > - TdMaxVCpuNum : Get the maximum number of virtual CPUs. > - TdVCpuNum : Get the number of virtual CPUs. >=20 > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Gerd Hoffmann > Acked-by: Gerd Hoffmann > Signed-off-by: Min Xu > --- > MdePkg/Include/Library/TdxLib.h | 97 +++++++++++++++ > MdePkg/Library/TdxLib/AcceptPages.c | 180 > ++++++++++++++++++++++++++++ > MdePkg/Library/TdxLib/Rtmr.c | 83 +++++++++++++ > MdePkg/Library/TdxLib/TdInfo.c | 114 ++++++++++++++++++ > MdePkg/Library/TdxLib/TdxLib.inf | 37 ++++++ > MdePkg/Library/TdxLib/TdxLibNull.c | 107 +++++++++++++++++ > MdePkg/MdePkg.dec | 3 + > MdePkg/MdePkg.dsc | 1 + > 8 files changed, 622 insertions(+) > create mode 100644 MdePkg/Include/Library/TdxLib.h create mode 100644 > MdePkg/Library/TdxLib/AcceptPages.c > create mode 100644 MdePkg/Library/TdxLib/Rtmr.c create mode 100644 > MdePkg/Library/TdxLib/TdInfo.c create mode 100644 > MdePkg/Library/TdxLib/TdxLib.inf create mode 100644 > MdePkg/Library/TdxLib/TdxLibNull.c >=20 > diff --git a/MdePkg/Include/Library/TdxLib.h > b/MdePkg/Include/Library/TdxLib.h new file mode 100644 index > 000000000000..86539460c9f9 > --- /dev/null > +++ b/MdePkg/Include/Library/TdxLib.h > @@ -0,0 +1,97 @@ > +/** @file > + TdxLib definitions > + > + Copyright (c) 2020 - 2021, Intel Corporation. All rights > + reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef TDX_LIB_H_ > +#define TDX_LIB_H_ > + > +#include > +#include > +#include > +#include > + > +/** > + This function accepts a pending private page, and initialize the page > +to > + all-0 using the TD ephemeral private key. > + > + @param[in] StartAddress Guest physical address of the private pag= e > + to accept. [63:52] and [11:0] must be 0. > + @param[in] NumberOfPages Number of the pages to be accepted. > + @param[in] PageSize GPA page size. Accept 2M/4K page size. > + > + @return EFI_SUCCESS > +**/ > +EFI_STATUS > +EFIAPI > +TdAcceptPages ( > + IN UINT64 StartAddress, > + IN UINT64 NumberOfPages, > + IN UINT32 PageSize > + ); > + > +/** > + This function extends one of the RTMR measurement register > + in TDCS with the provided extension data in memory. > + RTMR extending supports SHA384 which length is 48 bytes. > + > + @param[in] Data Point to the data to be extended > + @param[in] DataLen Length of the data. Must be 48 > + @param[in] Index RTMR index > + > + @return EFI_SUCCESS > + @return EFI_INVALID_PARAMETER > + @return EFI_DEVICE_ERROR > + > +**/ > +EFI_STATUS > +EFIAPI > +TdExtendRtmr ( > + IN UINT32 *Data, > + IN UINT32 DataLen, > + IN UINT8 Index > + ); > + > +/** > + This function gets the Td guest shared page mask. > + > + The guest indicates if a page is shared using the Guest Physical > + Address > + (GPA) Shared (S) bit. If the GPA Width(GPAW) is 48, the S-bit is bit-4= 7. > + If the GPAW is 52, the S-bit is bit-51. > + > + @return Shared page bit mask > +**/ > +UINT64 > +EFIAPI > +TdSharedPageMask ( > + VOID > + ); > + > +/** > + This function gets the maximum number of Virtual CPUs that are usable > +for > + Td Guest. > + > + @return maximum Virtual CPUs number > +**/ > +UINT32 > +EFIAPI > +TdMaxVCpuNum ( > + VOID > + ); > + > +/** > + This function gets the number of Virtual CPUs that are usable for Td > + Guest. > + > + @return Virtual CPUs number > +**/ > +UINT32 > +EFIAPI > +TdVCpuNum ( > + VOID > + ); > + > +#endif > diff --git a/MdePkg/Library/TdxLib/AcceptPages.c > b/MdePkg/Library/TdxLib/AcceptPages.c > new file mode 100644 > index 000000000000..651d47a8d8a1 > --- /dev/null > +++ b/MdePkg/Library/TdxLib/AcceptPages.c > @@ -0,0 +1,180 @@ > +/** @file > + > + Unaccepted memory is a special type of private memory. In Td guest > + TDCALL [TDG.MEM.PAGE.ACCEPT] is invoked to accept the unaccepted > + memory before use it. > + > + Copyright (c) 2020 - 2021, Intel Corporation. All rights > + reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > + > +UINT64 mNumberOfDuplicatedAcceptedPages; > + > +#define TDX_ACCEPTPAGE_MAX_RETRIED 3 > + > +// PageSize is mapped to PageLevel like below: > +// 4KB - 0, 2MB - 1 > +UINT32 mTdxAcceptPageLevelMap[2] =3D { > + SIZE_4KB, > + SIZE_2MB > +}; > + > +#define INVALID_ACCEPT_PAGELEVEL > ARRAY_SIZE(mTdxAcceptPageLevelMap) > + > +/** > + This function gets the PageLevel according to the input page size. > + > + @param[in] PageSize Page size > + > + @return UINT32 The mapped page level > +**/ > +UINT32 > +GetGpaPageLevel ( > + UINT32 PageSize > + ) > +{ > + UINT32 Index; > + > + for (Index =3D 0; Index < ARRAY_SIZE (mTdxAcceptPageLevelMap); Index++= ) { > + if (mTdxAcceptPageLevelMap[Index] =3D=3D PageSize) { > + break; > + } > + } > + > + return Index; > +} > + > +/** > + This function accept a pending private page, and initialize the page > +to > + all-0 using the TD ephemeral private key. > + > + Sometimes TDCALL [TDG.MEM.PAGE.ACCEPT] may return > + TDX_EXIT_REASON_PAGE_SIZE_MISMATCH. It indicates the input PageLevel > + is not workable. In this case we need to try to fallback to a smaller > + PageLevel if possible. > + > + @param[in] StartAddress Guest physical address of the private > + page to accept. [63:52] and [11:0] must = be 0. > + @param[in] NumberOfPages Number of the pages to be accepted. > + @param[in] PageSize GPA page size. Only accept 2M/4K size. > + > + @return EFI_SUCCESS Accept successfully > + @return others Indicate other errors > +**/ > +EFI_STATUS > +EFIAPI > +TdAcceptPages ( > + IN UINT64 StartAddress, > + IN UINT64 NumberOfPages, > + IN UINT32 PageSize > + ) > +{ > + EFI_STATUS Status; > + UINT64 Address; > + UINT64 TdxStatus; > + UINT64 Index; > + UINT32 GpaPageLevel; > + UINT32 PageSize2; > + UINTN Retried; > + > + Retried =3D 0; > + > + if ((StartAddress & ~0xFFFFFFFFFF000ULL) !=3D 0) { > + ASSERT (FALSE); > + DEBUG ((DEBUG_ERROR, "Accept page address(0x%llx) is not valid. [63:= 52] > and [11:0] must be 0\n", StartAddress)); > + return EFI_INVALID_PARAMETER; > + } > + > + Address =3D StartAddress; > + > + GpaPageLevel =3D GetGpaPageLevel (PageSize); if (GpaPageLevel =3D=3D > + INVALID_ACCEPT_PAGELEVEL) { > + ASSERT (FALSE); > + DEBUG ((DEBUG_ERROR, "Accept page size must be 4K/2M. Invalid page > size - 0x%llx\n", PageSize)); > + return EFI_INVALID_PARAMETER; > + } > + > + Status =3D EFI_SUCCESS; > + for (Index =3D 0; Index < NumberOfPages; Index++) { > + Retried =3D 0; > + > +DoAcceptPage: > + TdxStatus =3D TdCall (TDCALL_TDACCEPTPAGE, Address | GpaPageLevel, 0= , > 0, 0); > + if (TdxStatus !=3D TDX_EXIT_REASON_SUCCESS) { > + if ((TdxStatus & ~0xFFFFULL) =3D=3D > TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED) { > + // > + // Already accepted > + // > + mNumberOfDuplicatedAcceptedPages++; > + DEBUG ((DEBUG_WARN, "Page at Address (0x%llx) has already been > accepted. - %d\n", Address, mNumberOfDuplicatedAcceptedPages)); > + } else if ((TdxStatus & ~0xFFFFULL) =3D=3D > TDX_EXIT_REASON_PAGE_SIZE_MISMATCH) { > + // > + // GpaPageLevel is mismatch, fall back to a smaller GpaPageLevel= if > possible > + // > + DEBUG ((DEBUG_VERBOSE, "Address %llx cannot be accepted in > +PageLevel of %d\n", Address, GpaPageLevel)); > + > + if (GpaPageLevel =3D=3D 0) { > + // > + // Cannot fall back to smaller page level > + // > + DEBUG ((DEBUG_ERROR, "AcceptPage cannot fallback from > PageLevel %d\n", GpaPageLevel)); > + Status =3D EFI_INVALID_PARAMETER; > + break; > + } else { > + // > + // Fall back to a smaller page size > + // > + PageSize2 =3D mTdxAcceptPageLevelMap[GpaPageLevel - 1]; > + Status =3D TdAcceptPages (Address, 512, PageSize2); > + if (EFI_ERROR (Status)) { > + break; > + } > + } > + } else if ((TdxStatus & ~0xFFFFULL) =3D=3D > TDX_EXIT_REASON_OPERAND_BUSY) { > + // > + // Concurrent TDG.MEM.PAGE.ACCEPT is using the same Secure EPT > entry > + // So try it again. There is a max retried count. If Retried exc= eeds the > max count, > + // report the error and quit. > + // > + Retried +=3D 1; > + if (Retried > TDX_ACCEPTPAGE_MAX_RETRIED) { > + DEBUG (( > + DEBUG_ERROR, > + "Address %llx (%d) failed to be accepted because of OPERAND_= BUSY. > Retried %d time.\n", > + Address, > + Index, > + Retried > + )); > + Status =3D EFI_INVALID_PARAMETER; > + break; > + } else { > + goto DoAcceptPage; > + } > + } else { > + // > + // Other errors > + // > + DEBUG (( > + DEBUG_ERROR, > + "Address %llx (%d) failed to be accepted. Error =3D 0x%llx\n", > + Address, > + Index, > + TdxStatus > + )); > + Status =3D EFI_INVALID_PARAMETER; > + break; > + } > + } > + > + Address +=3D PageSize; > + } > + > + return Status; > +} > diff --git a/MdePkg/Library/TdxLib/Rtmr.c b/MdePkg/Library/TdxLib/Rtmr.c > new file mode 100644 index 000000000000..bdc91b3ebe6a > --- /dev/null > +++ b/MdePkg/Library/TdxLib/Rtmr.c > @@ -0,0 +1,83 @@ > +/** @file > + > + Extends one of the RTMR measurement registers in TDCS with the > + provided extension data in memory. > + > + Copyright (c) 2020 - 2021, Intel Corporation. All rights > + reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > +#include > + > +#define RTMR_COUNT 4 > +#define TD_EXTEND_BUFFER_LEN (64 + 48) > + > +UINT8 mExtendBuffer[TD_EXTEND_BUFFER_LEN]; > + > +/** > + This function extends one of the RTMR measurement register > + in TDCS with the provided extension data in memory. > + RTMR extending supports SHA384 which length is 48 bytes. > + > + @param[in] Data Point to the data to be extended > + @param[in] DataLen Length of the data. Must be 48 > + @param[in] Index RTMR index > + > + @return EFI_SUCCESS > + @return EFI_INVALID_PARAMETER > + @return EFI_DEVICE_ERROR > + > +**/ > +EFI_STATUS > +EFIAPI > +TdExtendRtmr ( > + IN UINT32 *Data, > + IN UINT32 DataLen, > + IN UINT8 Index > + ) > +{ > + EFI_STATUS Status; > + UINT64 TdCallStatus; > + UINT8 *ExtendBuffer; > + > + Status =3D EFI_SUCCESS; > + > + ASSERT (Data !=3D NULL); > + ASSERT (DataLen =3D=3D SHA384_DIGEST_SIZE); ASSERT (Index >=3D 0 && I= ndex > + < RTMR_COUNT); > + > + if ((Data =3D=3D NULL) || (DataLen !=3D SHA384_DIGEST_SIZE) || (Index = >=3D > RTMR_COUNT)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // TD.RTMR.EXTEND requires 64B-aligned guest physical address of // > + 48B-extension data. We use ALIGN_POINTER(Pointer, 64) to get // the > + 64B-aligned guest physical address. > + ExtendBuffer =3D ALIGN_POINTER (mExtendBuffer, 64); ASSERT > + (((UINTN)ExtendBuffer & 0x3f) =3D=3D 0); > + > + ZeroMem (ExtendBuffer, SHA384_DIGEST_SIZE); CopyMem (ExtendBuffer, > + Data, SHA384_DIGEST_SIZE); > + > + TdCallStatus =3D TdCall (TDCALL_TDEXTENDRTMR, > + (UINT64)(UINTN)ExtendBuffer, Index, 0, 0); > + > + if (TdCallStatus =3D=3D TDX_EXIT_REASON_SUCCESS) { > + Status =3D EFI_SUCCESS; > + } else if (TdCallStatus =3D=3D TDX_EXIT_REASON_OPERAND_INVALID) { > + Status =3D EFI_INVALID_PARAMETER; > + } else { > + Status =3D EFI_DEVICE_ERROR; > + } > + > + if (Status !=3D EFI_SUCCESS) { > + DEBUG ((DEBUG_ERROR, "Error returned from TdExtendRtmr call - > + 0x%lx\n", TdCallStatus)); } > + > + return Status; > +} > diff --git a/MdePkg/Library/TdxLib/TdInfo.c > b/MdePkg/Library/TdxLib/TdInfo.c new file mode 100644 index > 000000000000..a40a15116f30 > --- /dev/null > +++ b/MdePkg/Library/TdxLib/TdInfo.c > @@ -0,0 +1,114 @@ > +/** @file > + > + Fetch the Tdx info. > + > + Copyright (c) 2021, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > + > +UINT64 mTdSharedPageMask =3D 0; > +UINT32 mTdMaxVCpuNum =3D 0; > +UINT32 mTdVCpuNum =3D 0; > +BOOLEAN mTdDataReturned =3D FALSE; > + > +/** > + This function call TDCALL_TDINFO to get the TD_RETURN_DATA. > + If the TDCALL is successful, populate below variables: > + - mTdSharedPageMask > + - mTdMaxVCpunum > + - mTdVCpuNum > + - mTdDataReturned > + > + @return TRUE The TDCALL is successful and above variables are > populated. > + @return FALSE The TDCALL is failed. Above variables are not set. > +**/ > +BOOLEAN > +GetTdInfo ( > + VOID > + ) > +{ > + UINT64 Status; > + TD_RETURN_DATA TdReturnData; > + UINT8 Gpaw; > + > + Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); if (Status > + =3D=3D TDX_EXIT_REASON_SUCCESS) { > + Gpaw =3D (UINT8)(TdReturnData.TdInfo.Gpaw & 0x3f); > + mTdSharedPageMask =3D 1ULL << (Gpaw - 1); > + mTdMaxVCpuNum =3D TdReturnData.TdInfo.MaxVcpus; > + mTdVCpuNum =3D TdReturnData.TdInfo.NumVcpus; > + mTdDataReturned =3D TRUE; > + } else { > + DEBUG ((DEBUG_ERROR, "Failed call TDCALL_TDINFO. %llx\n", Status)); > + mTdDataReturned =3D FALSE; > + } > + > + return mTdDataReturned; > +} > + > +/** > + This function gets the Td guest shared page mask. > + > + The guest indicates if a page is shared using the Guest Physical > + Address > + (GPA) Shared (S) bit. If the GPA Width(GPAW) is 48, the S-bit is bit-4= 7. > + If the GPAW is 52, the S-bit is bit-51. > + > + @return Shared page bit mask > +**/ > +UINT64 > +EFIAPI > +TdSharedPageMask ( > + VOID > + ) > +{ > + if (mTdDataReturned) { > + return mTdSharedPageMask; > + } > + > + return GetTdInfo () ? mTdSharedPageMask : 0; } > + > +/** > + This function gets the maximum number of Virtual CPUs that are usable > +for > + Td Guest. > + > + @return maximum Virtual CPUs number > +**/ > +UINT32 > +EFIAPI > +TdMaxVCpuNum ( > + VOID > + ) > +{ > + if (mTdDataReturned) { > + return mTdMaxVCpuNum; > + } > + > + return GetTdInfo () ? mTdMaxVCpuNum : 0; } > + > +/** > + This function gets the number of Virtual CPUs that are usable for Td > + Guest. > + > + @return Virtual CPUs number > +**/ > +UINT32 > +EFIAPI > +TdVCpuNum ( > + VOID > + ) > +{ > + if (mTdDataReturned) { > + return mTdVCpuNum; > + } > + > + return GetTdInfo () ? mTdVCpuNum : 0; } > diff --git a/MdePkg/Library/TdxLib/TdxLib.inf > b/MdePkg/Library/TdxLib/TdxLib.inf > new file mode 100644 > index 000000000000..442e63d079da > --- /dev/null > +++ b/MdePkg/Library/TdxLib/TdxLib.inf > @@ -0,0 +1,37 @@ > +## @file > +# Tdx library > +# > +# Copyright (c) 2020 - 2021, Intel Corporation. All rights > +reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D TdxLib > + FILE_GUID =3D 032A8E0D-0C27-40C0-9CAA-23B731C1B22= 3 > + MODULE_TYPE =3D BASE > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D TdxLib > + > +# > +# The following information is for reference only and not required by th= e > build tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > + > +[Sources.IA32] > + TdxLibNull.c > + > +[Sources.X64] > + AcceptPages.c > + Rtmr.c > + TdInfo.c > + > +[Packages] > + MdePkg/MdePkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + DebugLib > diff --git a/MdePkg/Library/TdxLib/TdxLibNull.c > b/MdePkg/Library/TdxLib/TdxLibNull.c > new file mode 100644 > index 000000000000..83ab929b4a3b > --- /dev/null > +++ b/MdePkg/Library/TdxLib/TdxLibNull.c > @@ -0,0 +1,107 @@ > +/** @file > + > + Null stub of TdxLib > + > + Copyright (c) 2021, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > + > +/** > + This function accepts a pending private page, and initialize the page > +to > + all-0 using the TD ephemeral private key. > + > + @param[in] StartAddress Guest physical address of the private pag= e > + to accept. > + @param[in] NumberOfPages Number of the pages to be accepted. > + @param[in] PageSize GPA page size. Accept 1G/2M/4K page size. > + > + @return EFI_SUCCESS > +**/ > +EFI_STATUS > +EFIAPI > +TdAcceptPages ( > + IN UINT64 StartAddress, > + IN UINT64 NumberOfPages, > + IN UINT32 PageSize > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + This function extends one of the RTMR measurement register > + in TDCS with the provided extension data in memory. > + RTMR extending supports SHA384 which length is 48 bytes. > + > + @param[in] Data Point to the data to be extended > + @param[in] DataLen Length of the data. Must be 48 > + @param[in] Index RTMR index > + > + @return EFI_SUCCESS > + @return EFI_INVALID_PARAMETER > + @return EFI_DEVICE_ERROR > + > +**/ > +EFI_STATUS > +EFIAPI > +TdExtendRtmr ( > + IN UINT32 *Data, > + IN UINT32 DataLen, > + IN UINT8 Index > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + This function gets the Td guest shared page mask. > + > + The guest indicates if a page is shared using the Guest Physical > + Address > + (GPA) Shared (S) bit. If the GPA Width(GPAW) is 48, the S-bit is bit-4= 7. > + If the GPAW is 52, the S-bit is bit-51. > + > + @return Shared page bit mask > +**/ > +UINT64 > +EFIAPI > +TdSharedPageMask ( > + VOID > + ) > +{ > + return 0; > +} > + > +/** > + This function gets the maximum number of Virtual CPUs that are usable > +for > + Td Guest. > + > + @return maximum Virtual CPUs number > +**/ > +UINT32 > +EFIAPI > +TdMaxVCpuNum ( > + VOID > + ) > +{ > + return 0; > +} > + > +/** > + This function gets the number of Virtual CPUs that are usable for Td > + Guest. > + > + @return Virtual CPUs number > +**/ > +UINT32 > +EFIAPI > +TdVCpuNum ( > + VOID > + ) > +{ > + return 0; > +} > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index > 59b405928bf8..1934c9840423 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -296,6 +296,9 @@ > ## @libraryclass Provides services to log the SMI handler registrati= on. > SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h >=20 > + ## @libraryclass Provides function to support TDX processing. > + TdxLib|Include/Library/TdxLib.h > + > [Guids] > # > # GUID defined in UEFI2.1/UEFI2.0/EFI1.1 diff --git a/MdePkg/MdePkg.ds= c > b/MdePkg/MdePkg.dsc index a94959169b2f..d6a7af412be7 100644 > --- a/MdePkg/MdePkg.dsc > +++ b/MdePkg/MdePkg.dsc > @@ -175,6 +175,7 @@ > MdePkg/Library/SmiHandlerProfileLibNull/SmiHandlerProfileLibNull.inf > MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf > MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf > + MdePkg/Library/TdxLib/TdxLib.inf >=20 > [Components.EBC] > MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf > -- > 2.29.2.windows.2