From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.2226.1615251291604715253 for ; Mon, 08 Mar 2021 16:54:52 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: min.m.xu@intel.com) IronPort-SDR: gRkp6UDBK60UlJ8Kb/c1z0jjdNo62sDG2QovFyrDkgywuYrosf7IJIp9js9iCs1X/gYxdvXfuc nNr6FuT01BkQ== X-IronPort-AV: E=McAfee;i="6000,8403,9917"; a="167402275" X-IronPort-AV: E=Sophos;i="5.81,233,1610438400"; d="scan'208";a="167402275" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Mar 2021 16:54:50 -0800 IronPort-SDR: uLTX3hXLwPnebjZ+hzxO72uiCmB/FEUWButkB8OUrGGwEipHhVa2KCEJrpyFdODRAshwfkRbuS 2/rQiKkaL2uw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,233,1610438400"; d="scan'208";a="376308055" Received: from unknown (HELO shwdeSSSDDPDSW2.ccr.corp.intel.com) ([10.239.54.61]) by fmsmga007.fm.intel.com with ESMTP; 08 Mar 2021 16:54:48 -0800 From: min.m.xu@intel.com To: devel@edk2.groups.io Cc: Min Xu , Liming Gao , Zhiguang Liu , Jordan Justen , Laszlo Ersek , Jiewen Yao Subject: [PATCH 0/3] Add TdxLib support for Intel TDX Date: Tue, 9 Mar 2021 08:54:40 +0800 Message-Id: X-Mailer: git-send-email 2.30.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min Xu The patch series provides lib support for Intel Trust Domain Extensions (Intel TDX). Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal machines guest called a Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the confidentiality of TD memory contents and the TD's CPU state from other software, including the hosting Virtual-Machine Monitor (VMM), unless explicitly shared by the TD itself. The Intel TDX module uses the instruction-set architecture for Intel TDX and the MKTME engine in the SOC to help serve as an intermediary between the host VMM and the guest TD. TDCALL is the instruction which allows TD guest privileged software to make a call for service into an underlying TDX-module. TdxLib is created with functions to perform the related Tdx operation. This includes functions for: - TdCall : to cause a VM exit to the Intel TDX module - TdVmCall : it is a leaf function 0 for TDCALL - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID - TdReport : to retrieve TDREPORT_STRUCT - TdAcceptPages : to accept pending private pages - TdExtendRtmr : to extend one of the RTMR registers The base function in MdePkg will not do anything and will return an error if a return value is required. It is expected that other packages (like OvmfPkg) will create a version of the library to fully support a TD guest. We create an OVMF version of this library to begin the process of providing full support of TDX in OVMF. To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec - PcdUseTdxAcceptPage Indicate whether TdCall(AcceptPage) is used. - PcdUseTdxEmulation Indicate whether TdxEmulation is used. See CC: Liming Gao CC: Zhiguang Liu CC: Jordan Justen CC: Laszlo Ersek CC: Jiewen Yao Signed-off-by: Min Xu Min Xu (3): MdePkg: Add Tdx support lib OvmfPkg: Add PCDs for TdxLib OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF MdePkg/Include/IndustryStandard/Tdx.h | 201 +++++++++++++++++++++ MdePkg/Include/Library/TdxLib.h | 165 ++++++++++++++++++ MdePkg/Include/Protocol/Tdx.h | 22 +++ MdePkg/Library/TdxLib/TdxLibNull.c | 155 +++++++++++++++++ MdePkg/Library/TdxLib/TdxLibNull.inf | 33 ++++ OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++ OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++ OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++ OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++ OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++ OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++ OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 +++++++++++++++++++++++ OvmfPkg/OvmfPkg.dec | 6 + 13 files changed, 1261 insertions(+) create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h create mode 100644 MdePkg/Include/Library/TdxLib.h create mode 100644 MdePkg/Include/Protocol/Tdx.h create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm -- 2.29.2.windows.2