OvmfPkg/ResetVector: Define SNP metadata for kernel hashes

In order to allow the VMM (such as QEMU) to add a page with hashes of kernel/initrd/cmdline for measured direct boot on SNP, add it explicitly to the SNP metadata list report to the VMM. In such case, VMM should fill the page with the hashes content, or explicitly update it as a zero page (if kernel hashes are not used). Note that for SNP, the launch secret part of the page (lower 3KB) are not relevant and will remain zero. The last 1KB is used for the hashes. This should have no effect on OvmfPkgX64 targets (which don't define PcdSevLaunchSecretBase). Signed-off-by: Dov Murik <[email protected]> Acked-by: Tom Lendacky <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>
coreboot · Nov 28, 2023 · 9eec96b · 9eec96b
1 parent 6436d9b
commit 9eec96b
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -64,6 +64,15 @@
 %define SEV_SNP_SECRETS_SIZE          (FixedPcdGet32 (PcdOvmfSnpSecretsSize))
 %define CPUID_BASE                    (FixedPcdGet32 (PcdOvmfCpuidBase))
 %define CPUID_SIZE                    (FixedPcdGet32 (PcdOvmfCpuidSize))
+%if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0)
+  ; There's a reserved page for SEV secrets and hashes; the VMM will fill and
+  ; validate the page, or mark it as a zero page.
+  %define SEV_SNP_KERNEL_HASHES_BASE    (FixedPcdGet32 (PcdSevLaunchSecretBase))
+  %define SEV_SNP_KERNEL_HASHES_SIZE    (FixedPcdGet32 (PcdSevLaunchSecretSize) + FixedPcdGet32 (PcdQemuHashTableSize))
+%else
+  %define SEV_SNP_KERNEL_HASHES_BASE    0
+  %define SEV_SNP_KERNEL_HASHES_SIZE    0
+%endif
 %define SNP_SEC_MEM_BASE_DESC_1       (FixedPcdGet32 (PcdOvmfSecPageTablesBase))
 %define SNP_SEC_MEM_SIZE_DESC_1       (FixedPcdGet32 (PcdOvmfSecGhcbBase) - SNP_SEC_MEM_BASE_DESC_1)
 ;
@@ -75,7 +84,7 @@
 ;
 %define SNP_SEC_MEM_BASE_DESC_2       (GHCB_BASE + 0x1000)
 %define SNP_SEC_MEM_SIZE_DESC_2       (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_BASE_DESC_2)
-%define SNP_SEC_MEM_BASE_DESC_3       (CPUID_BASE + CPUID_SIZE)
+%define SNP_SEC_MEM_BASE_DESC_3       (CPUID_BASE + CPUID_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
 %define SNP_SEC_MEM_SIZE_DESC_3       (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
 
 %ifdef ARCH_X64

diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
@@ -26,6 +26,8 @@ BITS  64
 ;
 %define OVMF_SECTION_TYPE_CPUID           0x3
 
+; Kernel hashes section for measured direct boot
+%define OVMF_SECTION_TYPE_KERNEL_HASHES   0x10
 
 ALIGN 16
 
@@ -65,6 +67,15 @@ CpuidSec:
   DD  CPUID_SIZE
   DD  OVMF_SECTION_TYPE_CPUID
 
+%if (SEV_SNP_KERNEL_HASHES_BASE > 0)
+; Kernel hashes for measured direct boot, or zero page if
+; there are no kernel hashes / SEV secrets
+SevSnpKernelHashes:
+  DD  SEV_SNP_KERNEL_HASHES_BASE
+  DD  SEV_SNP_KERNEL_HASHES_SIZE
+  DD  OVMF_SECTION_TYPE_KERNEL_HASHES
+%endif
+
 ; Region need to be pre-validated by the hypervisor
 PreValidate3:
   DD  SNP_SEC_MEM_BASE_DESC_3