From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web09.5952.1615278224228623429 for ; Tue, 09 Mar 2021 00:23:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=HS+/5wQH; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com) IronPort-SDR: xu+OvgE68es0qTXOSr46DXPnj02/ltUUubLjlKo/F8qoQHZWuteUHIVI0q3JBPgQURl+sfWRC9 KBSQScJOWOdQ== X-IronPort-AV: E=McAfee;i="6000,8403,9917"; a="273215640" X-IronPort-AV: E=Sophos;i="5.81,234,1610438400"; d="scan'208";a="273215640" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Mar 2021 00:23:42 -0800 IronPort-SDR: 2D4lB0J8lfkUJSevs3lnFTBqtCXskThEmBLhbebwD1YujmEYNlZIA33e8B+nsAZdOmnF/oJOgR ZqiJiAL3fC4A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,234,1610438400"; d="scan'208";a="369706377" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga003.jf.intel.com with ESMTP; 09 Mar 2021 00:23:40 -0800 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 9 Mar 2021 00:23:40 -0800 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 9 Mar 2021 00:23:40 -0800 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.104) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 9 Mar 2021 00:23:15 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I/daJRC7zl1Y9LZJOlAJa12gyT2Fz8gq4nmJS7mQG8TxEp6XY9/bZOtljYVi6TV5oAf9zIldLjROOHPpdBcEOJODHpst2XgSh5oQNdoR5bWfvxardEBtHuIjweW8nlCUJtAte+uHE6mukT/L/+lVcE4qOfKekdnNfwcrujtdlxE2AWdnFaqpaXzJyPMQaR4bv8x+eGr9KQDjyDY3UGdrNZuImZBqHfOO33fKJUr2uHvEWvlLjJctuvJw9h++wkEPFW1xEUD9rPEeFC8YQWsaZ4cxjl5kSk7D7eNnUT6fZvspxXu8/0wPAg99oK0/7BTRGE5DUVKYhDtSveP4GTJ7eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rX3bgzAn5d30BKgVGEAKvPB5LJacVb8SrEpF9P+g5vQ=; b=ZMtWxWoNZ24mhILhnrU9jXJ/TWMMJG95OUG+A7NRuSCjHYK/mEXo4g60hAxL7k9FR6c4FZxHKGHNTzhUqIWje1TwdkG281W1F0tHIPw2RC5hVG9C9V3y8YeEr2HBkIh5AcRKslRB2sxpdgFFqvM4R61ak7SWeqQcSFvZjQx4sqTDaE00F0rf/Iz36MmT2vICbPPlLQgfbv/H7g6XqimN4hX/LaUfdyEE2E90FoUHyQYN+PmQO8TwlfjCgzq3ACXatU2qeaidERNfMUkSgXKgm7uxPpiELRO0Hv3RfOFxTJ/gDHJip7QCKZGueAPkof5rauLyiaI6DONEy514aa6PFw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rX3bgzAn5d30BKgVGEAKvPB5LJacVb8SrEpF9P+g5vQ=; b=HS+/5wQHs8TYi0GmkMD3zt+fVEaDuGm8S43hjoDDRxXsRHBc+SM9IMmAPdKYfI6sN03wad9IdzB+Qwt37XsUCPXjGfPtSJi3q9KZeMtKK11E63QsUanmETegmwH8SWM7PW7BRnDjtskXziZvKb8KLs1VLps8zyExqDB5BI9PNN0= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB5205.namprd11.prod.outlook.com (2603:10b6:510:3d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.19; Tue, 9 Mar 2021 08:23:14 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::5dd:1fc:498c:93ae]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::5dd:1fc:498c:93ae%7]) with mapi id 15.20.3890.039; Tue, 9 Mar 2021 08:23:14 +0000 From: "Min Xu" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: Liming Gao , "Liu, Zhiguang" , "Reiland, Doug" Subject: Re: [PATCH V3 1/3] MdePkg: Add Tdx support lib Thread-Topic: [PATCH V3 1/3] MdePkg: Add Tdx support lib Thread-Index: AQHXFKtiraz+JdH8hk+20DcFBog/R6p7MImAgAAeN9A= Date: Tue, 9 Mar 2021 08:23:14 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.198] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d2c676e4-5a01-4355-36e2-08d8e2d495cc x-ms-traffictypediagnostic: PH0PR11MB5205: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pagMAgLUfc+Dsmd5NevOBd5YCQ8oYUvUSHi1Kk99MLvS9RV904uUCKlV1+KJzEi0bxsR7toR2GHd2NumM2ZI7zCiDOeSWLJDF/Eqm21UEkYJXdqhdDDV4b4qGg3Kho9Myqoia1zQ4xN42IWSvGHMi4YBCl/si/yovVdLOhDU/mUoNN6jNMGbM69nhj5V3HHl8Wh/GpoF4ODs1TrJ+cSHZjyQGl/IRI7zsox5G1ow0/Fhdz1j2Md2NqlUdiAMiE8UM8BAyNxNwIj7cTnmSwGxIjzVjeQyn9w1l8TMR+gHlOlMz0/K8/xoeWFHob3ApxTNKTvUMPyfwJ4bG44ZMBQDYZVIt8A0ZYyfsbUGdGvD0++SfQvg5WOPwMvESGc02TRvkFiL+p8VrcXMDao55GjpamqjXWhS4mo4S7zi0EvQS/lwc2i1rK5lAIWx7DXC1t+vuc4vV+Z7f/3dkBibkViDBSEMwGJikL/rp3DgZrcTV+tJvN5IE95cz4PDskhpcrFCd09AHLcCHm5HXGUEMO7FvxyPqGufWqhzhAIHnHIimIza0je73REhEL50Z2MaAU2j8Pi+U89/qh2T+Q52hz/iCCy/hoIAhdW0YEQveSA+koo= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(136003)(376002)(346002)(39860400002)(396003)(83380400001)(52536014)(9686003)(76116006)(26005)(110136005)(186003)(8936002)(54906003)(5660300002)(478600001)(33656002)(316002)(66446008)(107886003)(4326008)(8676002)(55016002)(64756008)(86362001)(71200400001)(2906002)(30864003)(53546011)(6506007)(16799955002)(966005)(15188155005)(66946007)(66476007)(66556008)(7696005)(579004)(559001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?8JohzN+BKWghiw6QFRN1NoWDZIn+xI8d3ZSk/4+j1H313o/J0BnkAQNAErGn?= =?us-ascii?Q?phikHkpL1QuN87zL6QkQi5X2BADUPTRWoE/+Dhq/lh7S06hhXryls5yXBb/r?= =?us-ascii?Q?U8kbnEYFcaZIlUIOf7mjoFKqiHB/ltJ/MwNZb7p9Bf6zvSJI6GfIxvPxWgSh?= =?us-ascii?Q?CrpQXzQN3vqY3RRNGVAGReKfL43x5E9bxCsIO2fVvBNCvUAIquFuoVVuA9Zu?= =?us-ascii?Q?4T7aQWPhWPeXywwGEUHryRG7k6ARfSaVGjXP8zU6vY1vGJ7dy1BS5pmoRX5L?= =?us-ascii?Q?7GfvxlZH+VYPUIcsv010S/9XBMGTiC+TQfaUbGW7nVSwe6vKdIAhBYDLU+Q1?= =?us-ascii?Q?oQ+0utoLp/m9xz1MI2W9wzEer7xfJXSlXnJH2PMdd8e0lmFK/PykzAtv4BcF?= =?us-ascii?Q?9JcicfpEv9em35u+oz1MvhQRGU5FWk2j7y2vpA38t4hka0mxShi//LeCnP5u?= =?us-ascii?Q?pHqgRYcvsGVmowDMeXdChnvQquVu/S3D/XM4Bu5GZDBjMn2ROroJ1Krzo4bI?= =?us-ascii?Q?WHDxhon6WJVU0tPsUSKf2NuR3WHZhTTZcyf/+mcuALfju9CDdKNjp5fRTRII?= =?us-ascii?Q?k/JCHgymuQ6iZtOBB9UZUFm/uC52VyJoc3FH51tpmFTlSH8u4cdmkFRnwLqL?= =?us-ascii?Q?ZzEDNF41MD60wZq1OFFI8nS9t9Q/RIebpm5TYwf4JLkiqO5cWhNvDZpd2m4C?= =?us-ascii?Q?OOq19HJnqXmBVkTmtZRAFx0vhFWziGJ6Cfx7YgIbwemO0biBR4dLUAtlxLW1?= =?us-ascii?Q?tKcJICBZ8pOrSu7tMBElugtXnqD8o3LdFoD5LEU285JGffwY808m0qWXyNSD?= =?us-ascii?Q?xX4rNbf57B7oUYetMgAZla27lRSIkss/hxdudQiI4UPpWoWo/I3mYgvItAjE?= =?us-ascii?Q?UNbKI8XW908zUh3pZOTM8qVsyOAVb8dx2MHTrSNI/FQp0L1s930Pe/+VI/af?= =?us-ascii?Q?1sI4zGOyHBi0PMiey9qEpDuqlgQZnU9GyVKA7SgGRXlqHf7+cLyBsLAQiA/N?= =?us-ascii?Q?qD0/dl48fKu564M7aLnOFKM7X/DZTAVjqwzhfM6cgTPaig9Uvybibpa9rGio?= =?us-ascii?Q?jnbjd+B3n52IJfpWl8Julmw466sYkjfNBj/8HU9t/bNhkx5J5/kRUGaw3ND4?= =?us-ascii?Q?f4Tvis+3yB46YGOu+pnFb0qMSu7qZoyrXihBcnwxjC46+APIjC0m5iz2D8bg?= =?us-ascii?Q?JuBExBJJrdtPlHlO0K9zzeLksQqpYe8QjakN6Q6NQIo1OGOmIG7KW+/+O3+n?= =?us-ascii?Q?NSgGBnsfSmZzsbTHuvQX1zDELBJntrsyWuNHfvXv7L8TpLQsB+XzypG8LLFY?= =?us-ascii?Q?IgEcrcTs1vU4GjyMjeFg5Xx4?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d2c676e4-5a01-4355-36e2-08d8e2d495cc X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2021 08:23:14.5962 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: oQX4Hyrua7AvBsR15UlZZkJ6H+bljloD1spFz+xpKgG/InmBjlJgs4v94QsC9WDSTcS7YEgxqdF13UA+SawG6w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5205 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Jiewen See comments inline. > -----Original Message----- > From: Yao, Jiewen > Sent: Tuesday, March 9, 2021 2:25 PM > To: Xu, Min M ; devel@edk2.groups.io > Cc: Liming Gao ; Liu, Zhiguang > ; Reiland, Doug > Subject: RE: [PATCH V3 1/3] MdePkg: Add Tdx support lib >=20 > Hi Min > Some recommendation: >=20 > 1) Please separate 1 big patch to multiple smaller ones. > 1 patch for TdxLib > 1 patch for Tdx protocol. > 1 patch for TDX event log ACPI table. > 1 patch for TDX Library. >=20 The big patch will be separated to smaller ones in next version. > 2) The ACPI definition from TDX protocol should be isolated to TdxAcpi.h >=20 > #define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', 'L') OK. TdxAcpi.h will be added in next version. =20 > 3) There is no description for TD protocol itself and TD event data ACPI = table. > Please add them. >=20 > You may copy some content from the specification. Description will be added in next version. > 4) I think we are following TDX spec to provide TdxLib. > I don't see the need to provide NULL version in MdePkg. We can put real > TdxLib to MdePkg. Agree. Will update in next version. > 5) If possible, please provide TDX spec link in the file header comment > session. > As such, the reviewer can check the spec easily. The TDX spec link will be added. =20 >=20 > > -----Original Message----- > > From: Xu, Min M > > Sent: Tuesday, March 9, 2021 2:13 PM > > To: devel@edk2.groups.io > > Cc: Xu, Min M ; Liming Gao > > ; Liu, Zhiguang ; > > Yao, Jiewen ; Reiland, Doug > > > > Subject: [PATCH V3 1/3] MdePkg: Add Tdx support lib > > > > Intel Trust Domain Extension (Intel TDX) refers to an Intel technology > > that extends Virtual Machines Extensions (VMX) and Multi-Key Total > > Memory Encryption (MKTME) with a new kind of virtual machine guest > > called a Trust Domain (TD). > > > > TdxLib is created with functions to perform the related Tdx operation. > > This includes functions for: > > - TdCall : to cause a VM exit to the Intel TDX module > > - TdVmCall : it is a leaf function 0 for TDCALL > > - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUI= D > > - TdReport : to retrieve TDREPORT_STRUCT > > - TdAcceptPages : to accept pending private pages > > - TdExtendRtmr : to extend one of the RTMR registers > > > > The base function in this dirver will not do anything and will return > > an error if a return value is required. It is expected that other > > packages (like OvmfPkg) will create a version of the library to fully > > support a TD guest. > > > > Cc: Liming Gao > > Cc: Zhiguang Liu > > Cc: Jiewen Yao > > > > Signed-off-by: Min Xu > > Signed-off-by: Doug Reiland > > --- > > MdePkg/Include/IndustryStandard/Tdx.h | 201 > ++++++++++++++++++++++++++ > > MdePkg/Include/Library/TdxLib.h | 165 +++++++++++++++++++++ > > MdePkg/Include/Protocol/Tdx.h | 29 ++++ > > MdePkg/Library/TdxLib/TdxLibNull.c | 155 ++++++++++++++++++++ > > MdePkg/Library/TdxLib/TdxLibNull.inf | 33 +++++ > > 5 files changed, 583 insertions(+) > > create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h > > create mode 100644 MdePkg/Include/Library/TdxLib.h create mode > > 100644 MdePkg/Include/Protocol/Tdx.h create mode 100644 > > MdePkg/Library/TdxLib/TdxLibNull.c > > create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf > > > > diff --git a/MdePkg/Include/IndustryStandard/Tdx.h > > b/MdePkg/Include/IndustryStandard/Tdx.h > > new file mode 100644 > > index 000000000000..dbcc31c26528 > > --- /dev/null > > +++ b/MdePkg/Include/IndustryStandard/Tdx.h > > @@ -0,0 +1,201 @@ > > +/** @file > > + Intel Trust Domain Extension definitions > > + > > + Copyright (c) 2020 - 2021, Intel Corporation. All rights > > + reserved.
This program and the accompanying materials are > > + licensed and made available under the terms and conditions of the > > + BSD > > License > > + which accompanies this distribution. The full text of the license > > + may be found > > at > > + http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > + BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER > > EXPRESS OR IMPLIED. > > + > > +**/ > > + > > +#ifndef _TDX_H_ > > +#define _TDX_H_ > > + > > +#define EXIT_REASON_EXTERNAL_INTERRUPT 1 > > +#define EXIT_REASON_TRIPLE_FAULT 2 > > + > > +#define EXIT_REASON_PENDING_INTERRUPT 7 > > +#define EXIT_REASON_NMI_WINDOW 8 > > +#define EXIT_REASON_TASK_SWITCH 9 > > +#define EXIT_REASON_CPUID 10 > > +#define EXIT_REASON_HLT 12 > > +#define EXIT_REASON_INVD 13 > > +#define EXIT_REASON_INVLPG 14 > > +#define EXIT_REASON_RDPMC 15 > > +#define EXIT_REASON_RDTSC 16 > > +#define EXIT_REASON_VMCALL 18 > > +#define EXIT_REASON_VMCLEAR 19 > > +#define EXIT_REASON_VMLAUNCH 20 > > +#define EXIT_REASON_VMPTRLD 21 > > +#define EXIT_REASON_VMPTRST 22 > > +#define EXIT_REASON_VMREAD 23 > > +#define EXIT_REASON_VMRESUME 24 > > +#define EXIT_REASON_VMWRITE 25 > > +#define EXIT_REASON_VMOFF 26 > > +#define EXIT_REASON_VMON 27 > > +#define EXIT_REASON_CR_ACCESS 28 > > +#define EXIT_REASON_DR_ACCESS 29 > > +#define EXIT_REASON_IO_INSTRUCTION 30 > > +#define EXIT_REASON_MSR_READ 31 > > +#define EXIT_REASON_MSR_WRITE 32 > > +#define EXIT_REASON_INVALID_STATE 33 > > +#define EXIT_REASON_MSR_LOAD_FAIL 34 > > +#define EXIT_REASON_MWAIT_INSTRUCTION 36 > > +#define EXIT_REASON_MONITOR_TRAP_FLAG 37 > > +#define EXIT_REASON_MONITOR_INSTRUCTION 39 > > +#define EXIT_REASON_PAUSE_INSTRUCTION 40 > > +#define EXIT_REASON_MCE_DURING_VMENTRY 41 #define > > +EXIT_REASON_TPR_BELOW_THRESHOLD 43 > > +#define EXIT_REASON_APIC_ACCESS 44 > > +#define EXIT_REASON_EOI_INDUCED 45 > > +#define EXIT_REASON_GDTR_IDTR 46 > > +#define EXIT_REASON_LDTR_TR 47 > > +#define EXIT_REASON_EPT_VIOLATION 48 > > +#define EXIT_REASON_EPT_MISCONFIG 49 > > +#define EXIT_REASON_INVEPT 50 > > +#define EXIT_REASON_RDTSCP 51 > > +#define EXIT_REASON_PREEMPTION_TIMER 52 > > +#define EXIT_REASON_INVVPID 53 > > +#define EXIT_REASON_WBINVD 54 > > +#define EXIT_REASON_XSETBV 55 > > +#define EXIT_REASON_APIC_WRITE 56 > > +#define EXIT_REASON_RDRAND 57 > > +#define EXIT_REASON_INVPCID 58 > > +#define EXIT_REASON_VMFUNC 59 > > +#define EXIT_REASON_ENCLS 60 > > +#define EXIT_REASON_RDSEED 61 > > +#define EXIT_REASON_PML_FULL 62 > > +#define EXIT_REASON_XSAVES 63 > > +#define EXIT_REASON_XRSTORS 64 > > + > > +// TDCALL API Function Completion Status Codes > > +#define TDX_EXIT_REASON_SUCCESS 0x0000000000000000 > > +#define TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED > > 0x00000B0A00000000 > > +#define TDX_EXIT_REASON_OPERAND_INVALID > 0xC000010000000000 > > +#define TDX_EXIT_REASON_OPERAND_BUSY > 0x8000020000000000 > > + > > +#define TDCALL_TDVMCALL 0 > > +#define TDCALL_TDINFO 1 > > +#define TDCALL_TDEXTENDRTMR 2 > > +#define TDCALL_TDGETVEINFO 3 > > +#define TDCALL_TDREPORT 4 > > +#define TDCALL_TDSETCPUIDVE 5 > > +#define TDCALL_TDACCEPTPAGE 6 > > + > > +#define TDVMCALL_CPUID 0x0000a > > +#define TDVMCALL_HALT 0x0000c > > +#define TDVMCALL_IO 0x0001e > > +#define TDVMCALL_RDMSR 0x0001f > > +#define TDVMCALL_WRMSR 0x00020 > > +#define TDVMCALL_MMIO 0x00030 > > +#define TDVMCALL_PCONFIG 0x00041 > > + > > +#define TDVMCALL_GET_TDVMCALL_INFO 0x10000 > > +#define TDVMCALL_MAPGPA 0x10001 > > +#define TDVMCALL_GET_QUOTE 0x10002 > > +#define TDVMCALL_REPORT_FATAL_ERR 0x10003 > > +#define TDVMCALL_SETUP_EVENT_NOTIFY 0x10004 > > + > > +#pragma pack(1) > > +typedef struct { > > + UINT64 Data[6]; > > +} TDCALL_GENERIC_RETURN_DATA; > > + > > +typedef struct { > > + UINT64 Gpaw; > > + UINT64 Attributes; > > + UINT32 MaxVcpus; > > + UINT32 NumVcpus; > > + UINT64 Resv[3]; > > +} TDCALL_INFO_RETURN_DATA; > > + > > +typedef union { > > + UINT64 Val; > > + struct { > > + UINT32 Size:3; > > + UINT32 Direction:1; > > + UINT32 String:1; > > + UINT32 Rep:1; > > + UINT32 Encoding:1; > > + UINT32 Resv:9; > > + UINT32 Port:16; > > + UINT32 Resv2; > > + } Io; > > +} VMX_EXIT_QUALIFICATION; > > + > > +typedef struct { > > + UINT32 ExitReason; > > + UINT32 Resv; > > + VMX_EXIT_QUALIFICATION ExitQualification; > > + UINT64 GuestLA; > > + UINT64 GuestPA; > > + UINT32 ExitInstructionLength; > > + UINT32 ExitInstructionInfo; > > + UINT32 Resv1; > > +} TDCALL_VEINFO_RETURN_DATA; > > + > > +typedef union { > > + TDCALL_GENERIC_RETURN_DATA Generic; > > + TDCALL_INFO_RETURN_DATA TdInfo; > > + TDCALL_VEINFO_RETURN_DATA VeInfo; > > +} TD_RETURN_DATA; > > + > > +/* data structure used in TDREPORT_STRUCT */ typedef struct{ > > + UINT8 Type; > > + UINT8 Subtype; > > + UINT8 Version; > > + UINT8 Rsvd; > > +}TD_REPORT_TYPE; > > + > > +typedef struct{ > > + TD_REPORT_TYPE ReportType; > > + UINT8 Rsvd1[12]; > > + UINT8 CpuSvn[16]; > > + UINT8 TeeTcbInfoHash[48]; > > + UINT8 TeeInfoHash[48]; > > + UINT8 ReportData[64]; > > + UINT8 Rsvd2[32]; > > + UINT8 Mac[32]; > > +}REPORTMACSTRUCT; > > + > > +typedef struct{ > > + UINT8 Seam[2]; > > + UINT8 Rsvd[14]; > > +}TEE_TCB_SVN; > > + > > +typedef struct{ > > + UINT8 Valid[8]; > > + TEE_TCB_SVN TeeTcbSvn; > > + UINT8 Mrseam[48]; > > + UINT8 Mrsignerseam[48]; > > + UINT8 Attributes[8]; > > + UINT8 Rsvd[111]; > > +}TEE_TCB_INFO; > > + > > +typedef struct{ > > + UINT8 Attributes[8]; > > + UINT8 Xfam[8]; > > + UINT8 Mrtd[48]; > > + UINT8 Mrconfigid[48]; > > + UINT8 Mrowner[48]; > > + UINT8 Mrownerconfig[48]; > > + UINT8 Rtmrs[4][48]; > > + UINT8 Rsvd[112]; > > +}TDINFO; > > + > > +typedef struct{ > > + REPORTMACSTRUCT ReportMacStruct; > > + TEE_TCB_INFO TeeTcbInfo; > > + UINT8 Rsvd[17]; > > + TDINFO Tdinfo; > > +}TDREPORT_STRUCT; > > + > > +#pragma pack() > > + > > +#endif > > + > > diff --git a/MdePkg/Include/Library/TdxLib.h > > b/MdePkg/Include/Library/TdxLib.h new file mode 100644 index > > 000000000000..5e8634c6df79 > > --- /dev/null > > +++ b/MdePkg/Include/Library/TdxLib.h > > @@ -0,0 +1,165 @@ > > +/** @file > > + TdxLib definitions > > + > > + Copyright (c) 2020 - 2021, Intel Corporation. All rights > > + reserved.
This program and the accompanying materials are > > + licensed and made available under the terms and conditions of the > > + BSD > > License > > + which accompanies this distribution. The full text of the license > > + may be found > > at > > + http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > + BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER > > EXPRESS OR IMPLIED. > > + > > +**/ > > + > > +#ifndef _TDX_LIB_H_ > > +#define _TDX_LIB_H_ > > + > > +#include > > +#include > > +#include > > +#include > > + > > +/** > > + This function retrieve TDREPORT_STRUCT structure from TDX. > > + The struct contains the measurements/configuration information of > > + the guest TD that called the function, measurements/configuratio > > + information of the TDX-SEAM module and a REPORTMACSTRUCT. > > + The REPORTMACSTRUCT is integrity protected with a MAC and > > + contains the hash of the measurements and configuration > > + as well as additional REPORTDATA provided by the TD software. > > + > > + AdditionalData, a 64-byte value, is provided by the guest TD to be > > + included in the TDREPORT > > + > > + @param[in,out] Report Holds the TEREPORT_STRUCT. > > + @param[in] ReportSize Size of the report. It must be > > + larger than 1024B. > > + @param[in] AdditionalData Point to the additional data. > > + @param[in] AdditionalDataSize Size of the additional data. > > + If AdditionalData !=3D NULL, then > > + this value must be 64B. > > + > > + @return EFI_SUCCESS > > + @return EFI_INVALID_PARAMETER > > + @return EFI_DEVICE_ERROR > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdReport( > > + IN OUT UINT8 *Report, > > + IN UINT32 ReportSize, > > + IN UINT8 *AdditionalData, > > + IN UINT32 AdditionalDataSize > > +); > > + > > +/** > > + This function accept a pending private page, and initialize the > > +page to > > + all-0 using the TD ephemeral private key. > > + > > + @param[in] StartAddress Guest physical address of the private p= age > > + to accept. > > + @param[in] NumberOfPages Number of the pages to be accepted. > > + > > + @return EFI_SUCCESS > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdAcceptPages ( > > + IN UINT64 StartAddress, > > + IN UINT64 NumberOfPages > > + ); > > + > > +/** > > + This function extends one of the RTMR measurement register > > + in TDCS with the provided extension data in memory. > > + RTMR extending supports SHA384 which length is 48 bytes. > > + > > + @param[in] Data Point to the data to be extended > > + @param[in] DataLen Length of the data. Must be 48 > > + @param[in] Index RTMR index > > + > > + @return EFI_SUCCESS > > + @return EFI_INVALID_PARAMETER > > + @return EFI_DEVICE_ERROR > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdExtendRtmr( > > + IN UINT32 *Data, > > + IN UINT32 DataLen, > > + IN UINT8 PcrIndex > > + ); > > + > > +/** > > + The TDCALL instruction causes a VM exit to the Intel TDX module. > > +It is > > + used to call guest-side Intel TDX functions, either local or a TD > > +exit > > + to the host VMM, as selected by Leaf. > > + Leaf functions are described at > > + > + www/us/en/develop/articles/intel-trust-domain-extensions.html> > > + > > + @param[in] Leaf Leaf number of TDCALL instruction > > + @param[in] Arg1 Arg1 > > + @param[in] Arg2 Arg2 > > + @param[in] Arg3 Arg3 > > + @param[in,out] Results Returned result of the Leaf function > > + > > + @return EFI_SUCCESS > > + @return Other See individual leaf functions > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdCall( > > + IN UINT64 Leaf, > > + IN UINT64 Arg1, > > + IN UINT64 Arg2, > > + IN UINT64 Arg3, > > + IN OUT VOID *Results > > + ); > > + > > +/** > > + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services > > +from the > > + host VMM to pass/receive information. > > + > > + @param[in] Leaf Number of sub-functions > > + @param[in] Arg1 Arg1 > > + @param[in] Arg2 Arg2 > > + @param[in] Arg3 Arg3 > > + @param[in] Arg4 Arg4 > > + @param[in,out] Results Returned result of the sub-function > > + > > + @return EFI_SUCCESS > > + @return Other See individual sub-functions > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdVmCall ( > > + IN UINT64 Leaf, > > + IN UINT64 Arg1, > > + IN UINT64 Arg2, > > + IN UINT64 Arg3, > > + IN UINT64 Arg4, > > + IN OUT VOID *Results > > + ); > > + > > +/** > > + This function enable the TD guest to request the VMM to emulate > > +CPUID > > + operation, especially for non-architectural, CPUID leaves. > > + > > + @param[in] Eax Main leaf of the CPUID > > + @param[in] Ecx Sub-leaf of the CPUID > > + @param[out] Results Returned result of CPUID operation > > + > > + @return EFI_SUCCESS > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdVmCallCpuid ( > > + IN UINT64 Eax, > > + IN UINT64 Ecx, > > + OUT VOID *Results > > + ); > > +#endif > > diff --git a/MdePkg/Include/Protocol/Tdx.h > > b/MdePkg/Include/Protocol/Tdx.h new file mode 100644 index > > 000000000000..b5e9b19c1276 > > --- /dev/null > > +++ b/MdePkg/Include/Protocol/Tdx.h > > @@ -0,0 +1,29 @@ > > +/** @file > > + If TD-Guest firmware supports measurement and an event is created, > > +TD- > > Guest > > + firmware is designed to report the event log with the same data > > + structure in TCG-Platform-Firmware-Profile specification with > > + EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. > > + > > + The TD-Guest firmware supports measurement, the TD Guest Firmware > > + is > > designed > > + to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID > to > > report > > + event log and provides hash capability. > > + > > +Copyright (c) 2020 - 2021, Intel Corporation. All rights > > +reserved.
> > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > + > > +#ifndef __EFI_TDX_H__ > > +#define __EFI_TDX_H__ > > + > > +#include > > + > > +#define EFI_TDX_EVENT_DATA_SIGNATURE SIGNATURE_32 ('T', 'D', 'E', > > +'L') > > + > > +#define EFI_TD_PROTOCOL_GUID \ > > + {0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, > > +0xae, > > 0x6b }} > > +extern EFI_GUID gEfiTdProtocolGuid; > > + > > + > > +#endif > > diff --git a/MdePkg/Library/TdxLib/TdxLibNull.c > > b/MdePkg/Library/TdxLib/TdxLibNull.c > > new file mode 100644 > > index 000000000000..8d759e4d33a4 > > --- /dev/null > > +++ b/MdePkg/Library/TdxLib/TdxLibNull.c > > @@ -0,0 +1,155 @@ > > +/** @file > > + Null instance of TdxLib. > > + > > + Copyright (c) 2020 - 2021, Intel Corporation. All rights > > + reserved.
This program and the accompanying materials are > > + licensed and made available under the terms and conditions of the > > + BSD > > License > > + which accompanies this distribution. The full text of the license > > + may be found > > at > > + http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > + BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER > > EXPRESS OR IMPLIED. > > + > > +**/ > > + > > + > > +#include > > +#include > > +#include > > +#include > > + > > +/** > > + This function retrieve TDREPORT_STRUCT structure from TDX. > > + The struct contains the measurements/configuration information of > > + the guest TD that called the function, measurements/configuratio > > + information of the TDX-SEAM module and a REPORTMACSTRUCT. > > + The REPORTMACSTRUCT is integrity protected with a MAC and > > + contains the hash of the measurements and configuration > > + as well as additional REPORTDATA provided by the TD software. > > + > > + AdditionalData, a 64-byte value, is provided by the guest TD to be > > + included in the TDREPORT > > + > > + @param[in,out] Report Holds the TEREPORT_STRUCT. > > + @param[in] ReportSize Size of the report. It must be > > + larger than 1024B. > > + @param[in] AdditionalData Point to the additional data. > > + @param[in] AdditionalDataSize Size of the additional data. > > + If AdditionalData !=3D NULL, then > > + this value must be 64B. > > + > > + @return EFI_SUCCESS > > + @return EFI_INVALID_PARAMETER > > + @return EFI_DEVICE_ERROR > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdReport( > > + IN OUT UINT8 *Report, > > + IN UINT32 ReportSize, > > + IN UINT8 *AdditionalData, > > + IN UINT32 AdditionalDataSize > > + ) > > +{ > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + This function accept a pending private page, and initialize the > > +page to > > + all-0 using the TD ephemeral private key. > > + > > + @param[in] StartAddress Guest physical address of the private p= age > > + to accept. > > + @param[in] NumberOfPages Number of the pages to be accepted. > > + > > + @return EFI_UNSUPPORTED > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdAcceptPages ( > > + IN UINT64 StartAddress, > > + IN UINT64 NumberOfPages > > + ) > > +{ > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + The TDCALL instruction causes a VM exit to the Intel TDX module. > > +It is > > + used to call guest-side Intel TDX functions, either local or a TD > > +exit > > + to the host VMM, as selected by Leaf. > > + Leaf functions are described at > > + > + www/us/en/develop/articles/intel-trust-domain-extensions.html> > > + > > + @param[in] Leaf Leaf number of TDCALL instruction > > + @param[in] Arg1 Arg1 > > + @param[in] Arg2 Arg2 > > + @param[in] Arg3 Arg3 > > + @param[in,out] Results Returned result of the Leaf function > > + > > + @return EFI_SUCCESS > > + @return Other See individual leaf functions > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdCall( > > + IN UINT64 Leaf, > > + IN UINT64 Arg1, > > + IN UINT64 Arg2, > > + IN UINT64 Arg3, > > + IN OUT VOID *Results > > + ) > > +{ > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + TDVMALL is a leaf function 0 for TDCALL. It helps invoke services > > +from the > > + host VMM to pass/receive information. > > + > > + @param[in] Leaf Number of sub-functions > > + @param[in] Arg1 Arg1 > > + @param[in] Arg2 Arg2 > > + @param[in] Arg3 Arg3 > > + @param[in] Arg4 Arg4 > > + @param[in,out] Results Returned result of the sub-function > > + > > + @return EFI_SUCCESS > > + @return Other See individual sub-functions > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdVmCall ( > > + IN UINT64 Leaf, > > + IN UINT64 Arg1, > > + IN UINT64 Arg2, > > + IN UINT64 Arg3, > > + IN UINT64 Arg4, > > + IN OUT VOID *Results > > + ) > > +{ > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + This function enable the TD guest to request the VMM to emulate > > +CPUID > > + operation, especially for non-architectural, CPUID leaves. > > + > > + @param[in] Eax Main leaf of the CPUID > > + @param[in] Ecx Sub-leaf of the CPUID > > + @param[in,out] Results Returned result of CPUID operation > > + > > + @return EFI_SUCCESS > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TdVmCallCpuid ( > > + IN UINT64 Eax, > > + IN UINT64 Ecx, > > + IN OUT VOID *Results > > + ) > > +{ > > + return EFI_UNSUPPORTED; > > +} > > diff --git a/MdePkg/Library/TdxLib/TdxLibNull.inf > > b/MdePkg/Library/TdxLib/TdxLibNull.inf > > new file mode 100644 > > index 000000000000..0d07595a8c3e > > --- /dev/null > > +++ b/MdePkg/Library/TdxLib/TdxLibNull.inf > > @@ -0,0 +1,33 @@ > > +## @file > > +# Null Tdx library instance > > +# > > +# Copyright (c) 2020 - 2021, Intel Corporation. All rights > > +reserved.
# This program and the accompanying materials # are > > +licensed and made available under the terms and conditions of the BSD > > License > > +# which accompanies this distribution. The full text of the license > > +may be found > > at > > +# http://opensource.org/licenses/bsd-license.php. > > +# > > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > BASIS, > > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > EXPRESS OR IMPLIED. > > +# > > +## > > + > > +[Defines] > > + INF_VERSION =3D 0x00010005 > > + BASE_NAME =3D TdxLibNull > > + FILE_GUID =3D 05C5E621-FC66-4420-9C80-F0DE9E5B9= 5FF > > + MODULE_TYPE =3D BASE > > + VERSION_STRING =3D 1.0 > > + LIBRARY_CLASS =3D TdxLib > > + > > +# > > +# The following information is for reference only and not required by > > +the build > > tools. > > +# > > +# VALID_ARCHITECTURES =3D X64 > > +# > > + > > +[Sources] > > + TdxLibNull.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > -- > > 2.29.2.windows.2