diff --git a/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc b/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc index 6170c5993ce..965b29c68ed 100644 --- a/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc +++ b/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc @@ -36,6 +36,7 @@ DEFINE CODE_BLOCKS = 0xE0 DEFINE FVMAIN_SIZE = 0x000CC000 DEFINE SECFV_OFFSET = 0x000EC000 DEFINE SECFV_SIZE = 0x14000 +DEFINE SECFV_ADDRESS = 0xFFFEC000 !endif !if $(FD_SIZE_IN_KB) == 2048 @@ -48,6 +49,7 @@ DEFINE CODE_BLOCKS = 0x1E0 DEFINE FVMAIN_SIZE = 0x001AC000 DEFINE SECFV_OFFSET = 0x001CC000 DEFINE SECFV_SIZE = 0x34000 +DEFINE SECFV_ADDRESS = 0xFFFCC000 !endif !if $(FD_SIZE_IN_KB) == 4096 @@ -65,6 +67,7 @@ DEFINE CODE_BLOCKS = 0x37C DEFINE FVMAIN_SIZE = 0x00348000 DEFINE SECFV_OFFSET = 0x003CC000 DEFINE SECFV_SIZE = 0x34000 +DEFINE SECFV_ADDRESS = 0xFFFCC000 !endif SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress = $(FW_BASE_ADDRESS) @@ -97,6 +100,9 @@ SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase = $(CODE_BASE_ADDRESS) SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset = $(VARS_SIZE) SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize = $(CODE_SIZE) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvBase = $(SECFV_ADDRESS) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvRawDataSize = $(SECFV_SIZE) + !if $(SMM_REQUIRE) == TRUE SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h index e3b415db2ca..a767eb693f8 100644 --- a/OvmfPkg/Include/WorkArea.h +++ b/OvmfPkg/Include/WorkArea.h @@ -79,6 +79,10 @@ typedef struct _SEV_WORK_AREA { #define TDX_MEASUREMENT_TDHOB_BITMASK 0x1 #define TDX_MEASUREMENT_CFVIMG_BITMASK 0x2 +#define TDX_MEASUREMENT_TYPE_NONE 0x0 +#define TDX_MEASUREMENT_TYPE_CC 0x1 +#define TDX_MEASUREMENT_TYPE_VTPM 0x2 + typedef struct _TDX_MEASUREMENTS_DATA { UINT32 MeasurementsBitmap; UINT8 TdHobHashValue[SHA384_DIGEST_SIZE]; @@ -93,6 +97,7 @@ typedef struct _SEC_TDX_WORK_AREA { UINT32 Gpaw; UINT64 HobList; TDX_MEASUREMENTS_DATA TdxMeasurementsData; + UINT32 MeasurementType; } SEC_TDX_WORK_AREA; typedef struct _TDX_WORK_AREA { diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 0931ce061a1..54bca10bc90 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -210,6 +210,7 @@ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc [LibraryClasses.common] AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf @@ -529,6 +530,8 @@ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000 +!include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc + ################################################################################ # # Components Section - list of all EDK II Modules needed by this Platform. @@ -727,7 +730,10 @@ OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf - OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/TdxDxe/TdxDxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + } # # Variable driver stack (non-SMM) @@ -751,3 +757,8 @@ HashLib|OvmfPkg/Library/HashLibTdx/HashLibTdx.inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf } + + # + # TPM support + # + !include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index ce5d5420484..def4e103a80 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -257,6 +257,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf # INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf +# +# TPM support +# +!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc + ################################################################################ [FV.NCCFV] diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c index b6085eab442..912a03c6a60 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c +++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c @@ -23,6 +23,7 @@ #include #include #include +#include #define ALIGNED_2MB_MASK 0x1fffff #define MEGABYTE_SHIFT 20 @@ -43,6 +44,17 @@ InternalBuildGuidHobForTdxMeasurement ( VOID ); +/** + * Build the GUIDed HOB of the SVSM events + * + * @retval EFI_SUCCESS Successfully detect vTPM and build the events HOB + * @retval Others Other errors as indicated + */ +EFI_STATUS +BuildSvsmEventsHob ( + VOID + ); + /** This function will be called to accept pages. Only BSP accepts pages. @@ -972,6 +984,11 @@ TdxHelperBuildGuidHobForTdxMeasurement ( ) { #ifdef TDX_PEI_LESS_BOOT + EFI_STATUS Status; + Status = BuildSvsmEventsHob(); + if (EFI_ERROR (Status)) { + return Status; + } return InternalBuildGuidHobForTdxMeasurement (); #else return EFI_UNSUPPORTED; diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf index d17b84c01f2..493c43da06b 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf +++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf @@ -25,6 +25,7 @@ [Sources] SecTdxHelper.c TdxMeasurementHob.c + TdxVirtualTpmDetection.c [Packages] CryptoPkg/CryptoPkg.dec @@ -41,6 +42,7 @@ PcdLib TdxMailboxLib TdxLib + MemoryAllocationLib [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase @@ -51,3 +53,4 @@ [Guids] gCcEventEntryHobGuid + gTcgEvent2EntryHobGuid ## PRODUCES ## HOB diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/TdxVirtualTpmDetection.c b/OvmfPkg/IntelTdx/TdxHelperLib/TdxVirtualTpmDetection.c new file mode 100644 index 00000000000..1f02d81ddeb --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxHelperLib/TdxVirtualTpmDetection.c @@ -0,0 +1,329 @@ +/** @file + Set TPM device type + + In SecurityPkg, this module initializes the TPM device type based on a UEFI + variable and/or hardware detection. In OvmfPkg, the module only performs TPM + hardware detection. + + Copyright (c) 2015, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define TD_VMCALL_SERVICE_L1VTPM_GUID \ + {0x766cf580, 0x8dc3, 0x4cea, { 0xa9, 0x4e, 0xe5, 0x42, 0x4d, 0xa1, 0xda, 0x56 } } + +EFI_GUID mTdVmcallServiceL1vtpmGuid = TD_VMCALL_SERVICE_L1VTPM_GUID; + +#define TD_VMCALL_SERVICE_BLOCKING_ACTION 0 +#define L1_VTPM_COMMAND_DETECT 1 + +struct VMCALL_SERVICE_COMMAND_BUFFER { + EFI_GUID Guid; + UINT32 Length; + UINT32 Reserved; + UINT8 Data[0]; +}; + +struct VMCALL_SERVICE_RESPONSE_BUFFER { + EFI_GUID Guid; + UINT32 Length; + UINT32 Status; + UINT8 Data[0]; +}; + +struct L1VTPM_COMMAND { + UINT8 Version; + UINT8 Command; + UINT16 Reserved; +}; + +struct L1VTPM_RESPONSE { + UINT8 Version; + UINT8 Command; + UINT8 Status; + UINT8 Reserved; + UINT8 AdditionalData[]; +}; + +/** + * Build GuidHob for vRTM measurements. + * + * vRTM measurements include the measurement of vRTM version and TDVF image. + * They're measured and extended to PCR[0] before the TDVF is loaded. + * + * @param Event Event log + * @param EventSize Size of event log + * + * @retval EFI_SUCCESS Successfully build the GuidHobs + * @retval Others Other error as indicated + */ +EFI_STATUS +BuildVrtmMeasurementGuidHob ( + UINT8 *Event, + UINT32 EventSize + ) +{ + VOID *EventHobData; + + EventHobData = BuildGuidHob ( + &gTcgEvent2EntryHobGuid, + EventSize + ); + if (EventHobData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (EventHobData, Event, EventSize); + return EFI_SUCCESS; +} + +/** + * Set up the VMCALL service command buffer for L1VTPM. + * + * Used to detect the L1 vTPM existence and the l1 TPM event log. + * + * @param CommandBuffer Command buffer + * @param BufferSize Size of command buffer + * + */ +VOID +SetUpVmcallServiceL1vtpmCommandBuffer ( + UINT8 *CommandBuffer, + UINT32 BufferSize + ) +{ + struct VMCALL_SERVICE_COMMAND_BUFFER *ServiceCommand; + struct L1VTPM_COMMAND *L1VtpmCommand; + UINT32 Length; + + Length = sizeof(struct VMCALL_SERVICE_COMMAND_BUFFER) + sizeof(struct L1VTPM_COMMAND); + + // Set up service command header + ServiceCommand = (struct VMCALL_SERVICE_COMMAND_BUFFER *)CommandBuffer; + CopyMem((UINT8 *)&ServiceCommand->Guid, (UINT8 *)&mTdVmcallServiceL1vtpmGuid, sizeof(EFI_GUID)); + ServiceCommand->Length = Length; + ServiceCommand->Reserved = 0; + + // Set up service command data + L1VtpmCommand = (struct L1VTPM_COMMAND *)&ServiceCommand->Data; + L1VtpmCommand->Version = 0; + L1VtpmCommand->Command = L1_VTPM_COMMAND_DETECT; + L1VtpmCommand->Reserved = 0; +} + +/** + * Set up the VMCALL service response buffer for L1VTPM. + * + * Used to detect the L1 vTPM existence and the l1 TPM event log. + * + * @param ResponseBuffer Response buffer + * @param BufferSize Size of reponse buffer + * + */ +VOID +SetUpVmcallServiceL1vtpmResponseBuffer ( + UINT8 *ResponseBuffer, + UINT32 BufferSize + ) +{ + struct VMCALL_SERVICE_RESPONSE_BUFFER *ServiceResponse; + + // Set up service response header + ServiceResponse = (struct VMCALL_SERVICE_RESPONSE_BUFFER *) ResponseBuffer; + CopyMem((UINT8 *)&ServiceResponse->Guid, (UINT8 *)&mTdVmcallServiceL1vtpmGuid, sizeof(EFI_GUID)); + ServiceResponse->Length = BufferSize; +} + +/** + * Parse the VMCALL service response buffer of L1VTPM service. + * + * Used to detect the L1 vTPM existence and the l1 TPM event log. + * + * @param ResponseBuffer Response buffer + * @param BufferSize Size of reponse buffer + * @param ResponseData Pointer to the response data + * + * @retval EFI_SUCCESS Successfully build the GuidHobs + * @retval Others Other error as indicated + */ +EFI_STATUS +ParseVmcallServiceL1vtpmResponseBuffer ( + UINT8 *ResponseBuffer, + UINT32 *BufferSize, + UINT8 **ResponseData + ) +{ + struct VMCALL_SERVICE_RESPONSE_BUFFER *ServiceResponse; + struct L1VTPM_RESPONSE *VtpmResponse; + UINT32 HeaderLength = sizeof(struct VMCALL_SERVICE_RESPONSE_BUFFER) + + sizeof(struct L1VTPM_RESPONSE); + + if (*BufferSize < HeaderLength) { + return EFI_INVALID_PARAMETER; + } + + // Set up service response header + ServiceResponse = (struct VMCALL_SERVICE_RESPONSE_BUFFER *) ResponseBuffer; + if (!CompareGuid(&ServiceResponse->Guid, &mTdVmcallServiceL1vtpmGuid)) { + return EFI_INVALID_PARAMETER; + } + + if (*BufferSize < ServiceResponse->Length) { + return EFI_INVALID_PARAMETER; + } + + if (ServiceResponse->Status != 0) { + return EFI_UNSUPPORTED; + } + + VtpmResponse = (struct L1VTPM_RESPONSE *)&ServiceResponse->Data; + if (VtpmResponse->Command != L1_VTPM_COMMAND_DETECT) { + return EFI_INVALID_PARAMETER; + } + + if (VtpmResponse->Version != 0 || VtpmResponse->Status != 0) { + return EFI_UNSUPPORTED; + } + + *ResponseData = VtpmResponse->AdditionalData; + *BufferSize = ServiceResponse->Length - 24 - 4; + return EFI_SUCCESS; +} + +/** + In TD Partitioning L2 guest, the vTPM is virtualized by a trusted L1 VMM. The + L1 VMM initializes the vTPM and extends its version and L2 TDVF image into the + PCR[0]. This function gets the hashes of events and records it into event log. + * + * @param Events Events return from SVSM that have been extended into vTPM PCR[0] + * + * @retval EFI_SUCCESS Successfully measure the TdHob + * @retval Others Other error as indicated + */ +EFI_STATUS +EFIAPI +TdxDetectVirtualTpm ( + UINT8 *Events, + UINT32 *Size + ) +{ + EFI_STATUS Status; + UINT8 *CommandPage; + UINT8 *ResponsePage; + UINT8 *pHobList; + + CommandPage = AllocatePages(1); + if (CommandPage == NULL) { + return EFI_INVALID_PARAMETER; + } + + SetUpVmcallServiceL1vtpmCommandBuffer(CommandPage, EFI_PAGE_SIZE); + + ResponsePage = AllocatePages(1); + if (ResponsePage == NULL) { + return EFI_INVALID_PARAMETER; + } + + SetUpVmcallServiceL1vtpmResponseBuffer(ResponsePage, EFI_PAGE_SIZE); + + Status = TdVmCall ( + TDVMCALL_SERVICE, + (UINT64)CommandPage, + (UINT64)ResponsePage, + TD_VMCALL_SERVICE_BLOCKING_ACTION, // Blocking action + 0, // Timeout + 0 + ); + + if (EFI_ERROR (Status)) { + goto exit; + } + + *Size = EFI_PAGE_SIZE; + Status = ParseVmcallServiceL1vtpmResponseBuffer (ResponsePage, Size, &pHobList); + CopyMem (Events, pHobList, *Size); + +exit: + FreePages(CommandPage, 1); + FreePages(ResponsePage, 1); + return Status; +} + +/** + * Build the GUIDed HOB of the SVSM events + * + * @retval EFI_SUCCESS Successfully detect vTPM and build the events HOB + * @retval Others Other errors as indicated + */ +EFI_STATUS +BuildSvsmEventsHob ( + VOID + ) +{ + EFI_STATUS Status; + UINT8 *HobList; + UINT32 HobListSize; + UINT32 Offset = 0; + VOID *Event; + UINT32 EventSize; + VOID *EventHobData; + EFI_PEI_HOB_POINTERS Hob; + OVMF_WORK_AREA *WorkArea; + + HobList = AllocatePages(1); + if (HobList == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = TdxDetectVirtualTpm(HobList, &HobListSize); + if (EFI_ERROR (Status)) { + return Status; + } + + while ((Hob.Raw = GetNextGuidHob (&gTcgEvent2EntryHobGuid, HobList + Offset)) != NULL) { + Event = Hob.Raw + sizeof(EFI_HOB_GUID_TYPE); + EventSize = Hob.Guid->Header.HobLength - sizeof(EFI_HOB_GUID_TYPE); + EventHobData = BuildGuidHob ( + &gTcgEvent2EntryHobGuid, + EventSize + ); + if (EventHobData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (EventHobData, Event, EventSize); + + Offset += Hob.Guid->Header.HobLength; + if (Offset >= HobListSize) { + break; + } + } + + WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); + if (WorkArea == NULL) { + return EFI_ABORTED; + } + WorkArea->TdxWorkArea.SecTdxWorkArea.MeasurementType = TDX_MEASUREMENT_TYPE_VTPM; + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 51be9a59594..afed69d2413 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -316,6 +316,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset|0|UINT32|0x56 gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize|0|UINT32|0x57 + ## The base address and size of the SEC FV base and size. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvBase|0|UINT32|0x74 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvRawDataSize|0|UINT32|0x75 + ## The base address and size of the SEV-SNP Secrets Area that contains # the VM platform communication key used to send and recieve the # messages to the PSP. If this is set in the .fdf, the platform diff --git a/OvmfPkg/PlatformPei/Fv.c b/OvmfPkg/PlatformPei/Fv.c index fcf14c88faa..07b3a36a566 100644 --- a/OvmfPkg/PlatformPei/Fv.c +++ b/OvmfPkg/PlatformPei/Fv.c @@ -77,6 +77,17 @@ PeiFvInitialization ( ); } + // + // Let PEI measure the SEC FV + // + PeiServicesInstallFvInfoPpi ( + NULL, + (VOID *)(UINTN)PcdGet32 (PcdOvmfSecFvBase), + PcdGet32 (PcdOvmfSecFvRawDataSize), + NULL, + NULL + ); + // // Let PEI know about the DXE FV so it can find the DXE Core // diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index e036018eab3..05b18cf5aba 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -70,6 +70,8 @@ SmmRelocationLib [Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvRawDataSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c index f150d08cd68..88cd3413756 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.c +++ b/OvmfPkg/TdxDxe/TdxDxe.c @@ -32,6 +32,9 @@ #include #include #include +#include +#include +#include #define ALIGNED_2MB_MASK 0x1fffff EFI_HANDLE mTdxDxeHandle = NULL; @@ -301,6 +304,58 @@ SetMmioSharedBit ( return EFI_SUCCESS; } +#ifdef TDX_PEI_LESS_BOOT +STATIC +EFI_STATUS +SetVtpmDeviceInstance ( + VOID + ) +{ + EFI_STATUS Status; + OVMF_WORK_AREA *WorkArea; + UINTN Size; + UINT32 TpmHashAlgorithmBitmap; + UINT32 TpmActivePcrBanks; + + DEBUG ((DEBUG_INFO, ">>%a\n", __func__)); + + WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); + if (WorkArea == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (WorkArea->TdxWorkArea.SecTdxWorkArea.MeasurementType == TDX_MEASUREMENT_TYPE_VTPM) + { + // Set PcdTpmInstanceGuid + Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status = PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm20DtpmGuid + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "Set PcdTpmInstanceGuid failed with %r\n", Status)); + } + + Status = Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n")); + return Status; + } + + // Determine the current TPM support and the Platform PCR mask. + Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks); + ASSERT_EFI_ERROR (Status); + // Set active pcr banks + Status = PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); + ASSERT_RETURN_ERROR (Status); + } + + return EFI_SUCCESS; +} +#endif + EFI_STATUS EFIAPI TdxDxeEntryPoint ( @@ -339,9 +394,12 @@ TdxDxeEntryPoint ( // need to set PCDs based on these information. // SetPcdSettings (PlatformInfo); + // In Pei-less boot, the `TpmInstance` Pcd shall be set if virtual TPM + // is detected. + SetVtpmDeviceInstance(); #endif - if (!TdIsEnabled () || TdpIsEnabled ()) { + if (!TdIsEnabled () || TdpIsEnabled ()) { // // If it is Non-Td guest, we install gEfiMpInitLibMpDepProtocolGuid so that // MpInitLib will be used in CpuDxe driver. diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf index 9793562884c..00b35770a52 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.inf +++ b/OvmfPkg/TdxDxe/TdxDxe.inf @@ -26,6 +26,7 @@ MdePkg/MdePkg.dec UefiCpuPkg/UefiCpuPkg.dec OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec [LibraryClasses] BaseLib @@ -39,12 +40,14 @@ HobLib TdxMailboxLib MemEncryptTdxLib + Tpm2CommandLib [Depex] TRUE [Guids] gUefiOvmfPkgPlatformInfoGuid ## CONSUMES + gEfiTpmDeviceInstanceTpm20DtpmGuid ## CONSUMES [Protocols] gQemuAcpiTableNotifyProtocolGuid ## CONSUMES @@ -71,3 +74,6 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask