From f9afe530de0be52bead99dfb9f8d2c65281d38a6 Mon Sep 17 00:00:00 2001 From: Jiaqi Gao Date: Tue, 20 Aug 2024 04:56:23 -0400 Subject: [PATCH 1/4] OvmfPkg/WorkArea.h: add `MeasurementType` for TDX SEC workarea Introduce `MeasurementType` to indicate whether TDX measurement of vTPM measurement is used. Signed-off-by: Jiaqi Gao --- OvmfPkg/Include/WorkArea.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h index e3b415db2ca..a767eb693f8 100644 --- a/OvmfPkg/Include/WorkArea.h +++ b/OvmfPkg/Include/WorkArea.h @@ -79,6 +79,10 @@ typedef struct _SEV_WORK_AREA { #define TDX_MEASUREMENT_TDHOB_BITMASK 0x1 #define TDX_MEASUREMENT_CFVIMG_BITMASK 0x2 +#define TDX_MEASUREMENT_TYPE_NONE 0x0 +#define TDX_MEASUREMENT_TYPE_CC 0x1 +#define TDX_MEASUREMENT_TYPE_VTPM 0x2 + typedef struct _TDX_MEASUREMENTS_DATA { UINT32 MeasurementsBitmap; UINT8 TdHobHashValue[SHA384_DIGEST_SIZE]; @@ -93,6 +97,7 @@ typedef struct _SEC_TDX_WORK_AREA { UINT32 Gpaw; UINT64 HobList; TDX_MEASUREMENTS_DATA TdxMeasurementsData; + UINT32 MeasurementType; } SEC_TDX_WORK_AREA; typedef struct _TDX_WORK_AREA { From 141b20352259431edfdf7f481ad1af8603d53a3d Mon Sep 17 00:00:00 2001 From: Jiaqi Gao Date: Tue, 20 Aug 2024 05:04:47 -0400 Subject: [PATCH 2/4] OvmfPkg/IntelTdx: detect vTPM in SEC phase For boot without PEI, detect the vTPM in SEC phase and build the TCG event HOB for the RTM events. Signed-off-by: Jiaqi Gao --- OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c | 17 + .../IntelTdx/TdxHelperLib/SecTdxHelperLib.inf | 3 + .../TdxHelperLib/TdxVirtualTpmDetection.c | 329 ++++++++++++++++++ 3 files changed, 349 insertions(+) create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxVirtualTpmDetection.c diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c index b6085eab442..912a03c6a60 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c +++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c @@ -23,6 +23,7 @@ #include #include #include +#include #define ALIGNED_2MB_MASK 0x1fffff #define MEGABYTE_SHIFT 20 @@ -43,6 +44,17 @@ InternalBuildGuidHobForTdxMeasurement ( VOID ); +/** + * Build the GUIDed HOB of the SVSM events + * + * @retval EFI_SUCCESS Successfully detect vTPM and build the events HOB + * @retval Others Other errors as indicated + */ +EFI_STATUS +BuildSvsmEventsHob ( + VOID + ); + /** This function will be called to accept pages. Only BSP accepts pages. @@ -972,6 +984,11 @@ TdxHelperBuildGuidHobForTdxMeasurement ( ) { #ifdef TDX_PEI_LESS_BOOT + EFI_STATUS Status; + Status = BuildSvsmEventsHob(); + if (EFI_ERROR (Status)) { + return Status; + } return InternalBuildGuidHobForTdxMeasurement (); #else return EFI_UNSUPPORTED; diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf index d17b84c01f2..493c43da06b 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf +++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf @@ -25,6 +25,7 @@ [Sources] SecTdxHelper.c TdxMeasurementHob.c + TdxVirtualTpmDetection.c [Packages] CryptoPkg/CryptoPkg.dec @@ -41,6 +42,7 @@ PcdLib TdxMailboxLib TdxLib + MemoryAllocationLib [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase @@ -51,3 +53,4 @@ [Guids] gCcEventEntryHobGuid + gTcgEvent2EntryHobGuid ## PRODUCES ## HOB diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/TdxVirtualTpmDetection.c b/OvmfPkg/IntelTdx/TdxHelperLib/TdxVirtualTpmDetection.c new file mode 100644 index 00000000000..1f02d81ddeb --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxHelperLib/TdxVirtualTpmDetection.c @@ -0,0 +1,329 @@ +/** @file + Set TPM device type + + In SecurityPkg, this module initializes the TPM device type based on a UEFI + variable and/or hardware detection. In OvmfPkg, the module only performs TPM + hardware detection. + + Copyright (c) 2015, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define TD_VMCALL_SERVICE_L1VTPM_GUID \ + {0x766cf580, 0x8dc3, 0x4cea, { 0xa9, 0x4e, 0xe5, 0x42, 0x4d, 0xa1, 0xda, 0x56 } } + +EFI_GUID mTdVmcallServiceL1vtpmGuid = TD_VMCALL_SERVICE_L1VTPM_GUID; + +#define TD_VMCALL_SERVICE_BLOCKING_ACTION 0 +#define L1_VTPM_COMMAND_DETECT 1 + +struct VMCALL_SERVICE_COMMAND_BUFFER { + EFI_GUID Guid; + UINT32 Length; + UINT32 Reserved; + UINT8 Data[0]; +}; + +struct VMCALL_SERVICE_RESPONSE_BUFFER { + EFI_GUID Guid; + UINT32 Length; + UINT32 Status; + UINT8 Data[0]; +}; + +struct L1VTPM_COMMAND { + UINT8 Version; + UINT8 Command; + UINT16 Reserved; +}; + +struct L1VTPM_RESPONSE { + UINT8 Version; + UINT8 Command; + UINT8 Status; + UINT8 Reserved; + UINT8 AdditionalData[]; +}; + +/** + * Build GuidHob for vRTM measurements. + * + * vRTM measurements include the measurement of vRTM version and TDVF image. + * They're measured and extended to PCR[0] before the TDVF is loaded. + * + * @param Event Event log + * @param EventSize Size of event log + * + * @retval EFI_SUCCESS Successfully build the GuidHobs + * @retval Others Other error as indicated + */ +EFI_STATUS +BuildVrtmMeasurementGuidHob ( + UINT8 *Event, + UINT32 EventSize + ) +{ + VOID *EventHobData; + + EventHobData = BuildGuidHob ( + &gTcgEvent2EntryHobGuid, + EventSize + ); + if (EventHobData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (EventHobData, Event, EventSize); + return EFI_SUCCESS; +} + +/** + * Set up the VMCALL service command buffer for L1VTPM. + * + * Used to detect the L1 vTPM existence and the l1 TPM event log. + * + * @param CommandBuffer Command buffer + * @param BufferSize Size of command buffer + * + */ +VOID +SetUpVmcallServiceL1vtpmCommandBuffer ( + UINT8 *CommandBuffer, + UINT32 BufferSize + ) +{ + struct VMCALL_SERVICE_COMMAND_BUFFER *ServiceCommand; + struct L1VTPM_COMMAND *L1VtpmCommand; + UINT32 Length; + + Length = sizeof(struct VMCALL_SERVICE_COMMAND_BUFFER) + sizeof(struct L1VTPM_COMMAND); + + // Set up service command header + ServiceCommand = (struct VMCALL_SERVICE_COMMAND_BUFFER *)CommandBuffer; + CopyMem((UINT8 *)&ServiceCommand->Guid, (UINT8 *)&mTdVmcallServiceL1vtpmGuid, sizeof(EFI_GUID)); + ServiceCommand->Length = Length; + ServiceCommand->Reserved = 0; + + // Set up service command data + L1VtpmCommand = (struct L1VTPM_COMMAND *)&ServiceCommand->Data; + L1VtpmCommand->Version = 0; + L1VtpmCommand->Command = L1_VTPM_COMMAND_DETECT; + L1VtpmCommand->Reserved = 0; +} + +/** + * Set up the VMCALL service response buffer for L1VTPM. + * + * Used to detect the L1 vTPM existence and the l1 TPM event log. + * + * @param ResponseBuffer Response buffer + * @param BufferSize Size of reponse buffer + * + */ +VOID +SetUpVmcallServiceL1vtpmResponseBuffer ( + UINT8 *ResponseBuffer, + UINT32 BufferSize + ) +{ + struct VMCALL_SERVICE_RESPONSE_BUFFER *ServiceResponse; + + // Set up service response header + ServiceResponse = (struct VMCALL_SERVICE_RESPONSE_BUFFER *) ResponseBuffer; + CopyMem((UINT8 *)&ServiceResponse->Guid, (UINT8 *)&mTdVmcallServiceL1vtpmGuid, sizeof(EFI_GUID)); + ServiceResponse->Length = BufferSize; +} + +/** + * Parse the VMCALL service response buffer of L1VTPM service. + * + * Used to detect the L1 vTPM existence and the l1 TPM event log. + * + * @param ResponseBuffer Response buffer + * @param BufferSize Size of reponse buffer + * @param ResponseData Pointer to the response data + * + * @retval EFI_SUCCESS Successfully build the GuidHobs + * @retval Others Other error as indicated + */ +EFI_STATUS +ParseVmcallServiceL1vtpmResponseBuffer ( + UINT8 *ResponseBuffer, + UINT32 *BufferSize, + UINT8 **ResponseData + ) +{ + struct VMCALL_SERVICE_RESPONSE_BUFFER *ServiceResponse; + struct L1VTPM_RESPONSE *VtpmResponse; + UINT32 HeaderLength = sizeof(struct VMCALL_SERVICE_RESPONSE_BUFFER) + + sizeof(struct L1VTPM_RESPONSE); + + if (*BufferSize < HeaderLength) { + return EFI_INVALID_PARAMETER; + } + + // Set up service response header + ServiceResponse = (struct VMCALL_SERVICE_RESPONSE_BUFFER *) ResponseBuffer; + if (!CompareGuid(&ServiceResponse->Guid, &mTdVmcallServiceL1vtpmGuid)) { + return EFI_INVALID_PARAMETER; + } + + if (*BufferSize < ServiceResponse->Length) { + return EFI_INVALID_PARAMETER; + } + + if (ServiceResponse->Status != 0) { + return EFI_UNSUPPORTED; + } + + VtpmResponse = (struct L1VTPM_RESPONSE *)&ServiceResponse->Data; + if (VtpmResponse->Command != L1_VTPM_COMMAND_DETECT) { + return EFI_INVALID_PARAMETER; + } + + if (VtpmResponse->Version != 0 || VtpmResponse->Status != 0) { + return EFI_UNSUPPORTED; + } + + *ResponseData = VtpmResponse->AdditionalData; + *BufferSize = ServiceResponse->Length - 24 - 4; + return EFI_SUCCESS; +} + +/** + In TD Partitioning L2 guest, the vTPM is virtualized by a trusted L1 VMM. The + L1 VMM initializes the vTPM and extends its version and L2 TDVF image into the + PCR[0]. This function gets the hashes of events and records it into event log. + * + * @param Events Events return from SVSM that have been extended into vTPM PCR[0] + * + * @retval EFI_SUCCESS Successfully measure the TdHob + * @retval Others Other error as indicated + */ +EFI_STATUS +EFIAPI +TdxDetectVirtualTpm ( + UINT8 *Events, + UINT32 *Size + ) +{ + EFI_STATUS Status; + UINT8 *CommandPage; + UINT8 *ResponsePage; + UINT8 *pHobList; + + CommandPage = AllocatePages(1); + if (CommandPage == NULL) { + return EFI_INVALID_PARAMETER; + } + + SetUpVmcallServiceL1vtpmCommandBuffer(CommandPage, EFI_PAGE_SIZE); + + ResponsePage = AllocatePages(1); + if (ResponsePage == NULL) { + return EFI_INVALID_PARAMETER; + } + + SetUpVmcallServiceL1vtpmResponseBuffer(ResponsePage, EFI_PAGE_SIZE); + + Status = TdVmCall ( + TDVMCALL_SERVICE, + (UINT64)CommandPage, + (UINT64)ResponsePage, + TD_VMCALL_SERVICE_BLOCKING_ACTION, // Blocking action + 0, // Timeout + 0 + ); + + if (EFI_ERROR (Status)) { + goto exit; + } + + *Size = EFI_PAGE_SIZE; + Status = ParseVmcallServiceL1vtpmResponseBuffer (ResponsePage, Size, &pHobList); + CopyMem (Events, pHobList, *Size); + +exit: + FreePages(CommandPage, 1); + FreePages(ResponsePage, 1); + return Status; +} + +/** + * Build the GUIDed HOB of the SVSM events + * + * @retval EFI_SUCCESS Successfully detect vTPM and build the events HOB + * @retval Others Other errors as indicated + */ +EFI_STATUS +BuildSvsmEventsHob ( + VOID + ) +{ + EFI_STATUS Status; + UINT8 *HobList; + UINT32 HobListSize; + UINT32 Offset = 0; + VOID *Event; + UINT32 EventSize; + VOID *EventHobData; + EFI_PEI_HOB_POINTERS Hob; + OVMF_WORK_AREA *WorkArea; + + HobList = AllocatePages(1); + if (HobList == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = TdxDetectVirtualTpm(HobList, &HobListSize); + if (EFI_ERROR (Status)) { + return Status; + } + + while ((Hob.Raw = GetNextGuidHob (&gTcgEvent2EntryHobGuid, HobList + Offset)) != NULL) { + Event = Hob.Raw + sizeof(EFI_HOB_GUID_TYPE); + EventSize = Hob.Guid->Header.HobLength - sizeof(EFI_HOB_GUID_TYPE); + EventHobData = BuildGuidHob ( + &gTcgEvent2EntryHobGuid, + EventSize + ); + if (EventHobData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (EventHobData, Event, EventSize); + + Offset += Hob.Guid->Header.HobLength; + if (Offset >= HobListSize) { + break; + } + } + + WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); + if (WorkArea == NULL) { + return EFI_ABORTED; + } + WorkArea->TdxWorkArea.SecTdxWorkArea.MeasurementType = TDX_MEASUREMENT_TYPE_VTPM; + + return EFI_SUCCESS; +} From 422340cf267b192d07f3aba58c43ff2b0c5e5d3c Mon Sep 17 00:00:00 2001 From: Jiaqi Gao Date: Tue, 20 Aug 2024 05:07:37 -0400 Subject: [PATCH 3/4] OvmfPkg/TdxDxe: setup TPM device instance for vTPM in TdxDxe The TPM device instance is not set before DXE in peiless boot. Move the work of setting the device instance and Tpm2HashMask PCDs to `TdxDxe` if the `MeasurementType` is vTPM. Signed-off-by: Jiaqi Gao --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 13 ++++++- OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 +++ OvmfPkg/TdxDxe/TdxDxe.c | 60 +++++++++++++++++++++++++++++++- OvmfPkg/TdxDxe/TdxDxe.inf | 6 ++++ 4 files changed, 82 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 0931ce061a1..54bca10bc90 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -210,6 +210,7 @@ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc [LibraryClasses.common] AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf @@ -529,6 +530,8 @@ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000 +!include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc + ################################################################################ # # Components Section - list of all EDK II Modules needed by this Platform. @@ -727,7 +730,10 @@ OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf - OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/TdxDxe/TdxDxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + } # # Variable driver stack (non-SMM) @@ -751,3 +757,8 @@ HashLib|OvmfPkg/Library/HashLibTdx/HashLibTdx.inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf } + + # + # TPM support + # + !include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index ce5d5420484..def4e103a80 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -257,6 +257,11 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf # INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf +# +# TPM support +# +!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc + ################################################################################ [FV.NCCFV] diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c index f150d08cd68..88cd3413756 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.c +++ b/OvmfPkg/TdxDxe/TdxDxe.c @@ -32,6 +32,9 @@ #include #include #include +#include +#include +#include #define ALIGNED_2MB_MASK 0x1fffff EFI_HANDLE mTdxDxeHandle = NULL; @@ -301,6 +304,58 @@ SetMmioSharedBit ( return EFI_SUCCESS; } +#ifdef TDX_PEI_LESS_BOOT +STATIC +EFI_STATUS +SetVtpmDeviceInstance ( + VOID + ) +{ + EFI_STATUS Status; + OVMF_WORK_AREA *WorkArea; + UINTN Size; + UINT32 TpmHashAlgorithmBitmap; + UINT32 TpmActivePcrBanks; + + DEBUG ((DEBUG_INFO, ">>%a\n", __func__)); + + WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); + if (WorkArea == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (WorkArea->TdxWorkArea.SecTdxWorkArea.MeasurementType == TDX_MEASUREMENT_TYPE_VTPM) + { + // Set PcdTpmInstanceGuid + Size = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status = PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm20DtpmGuid + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "Set PcdTpmInstanceGuid failed with %r\n", Status)); + } + + Status = Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n")); + return Status; + } + + // Determine the current TPM support and the Platform PCR mask. + Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks); + ASSERT_EFI_ERROR (Status); + // Set active pcr banks + Status = PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); + ASSERT_RETURN_ERROR (Status); + } + + return EFI_SUCCESS; +} +#endif + EFI_STATUS EFIAPI TdxDxeEntryPoint ( @@ -339,9 +394,12 @@ TdxDxeEntryPoint ( // need to set PCDs based on these information. // SetPcdSettings (PlatformInfo); + // In Pei-less boot, the `TpmInstance` Pcd shall be set if virtual TPM + // is detected. + SetVtpmDeviceInstance(); #endif - if (!TdIsEnabled () || TdpIsEnabled ()) { + if (!TdIsEnabled () || TdpIsEnabled ()) { // // If it is Non-Td guest, we install gEfiMpInitLibMpDepProtocolGuid so that // MpInitLib will be used in CpuDxe driver. diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf index 9793562884c..00b35770a52 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.inf +++ b/OvmfPkg/TdxDxe/TdxDxe.inf @@ -26,6 +26,7 @@ MdePkg/MdePkg.dec UefiCpuPkg/UefiCpuPkg.dec OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec [LibraryClasses] BaseLib @@ -39,12 +40,14 @@ HobLib TdxMailboxLib MemEncryptTdxLib + Tpm2CommandLib [Depex] TRUE [Guids] gUefiOvmfPkgPlatformInfoGuid ## CONSUMES + gEfiTpmDeviceInstanceTpm20DtpmGuid ## CONSUMES [Protocols] gQemuAcpiTableNotifyProtocolGuid ## CONSUMES @@ -71,3 +74,6 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask From 568926eed108122099196552530f6ad19be37b21 Mon Sep 17 00:00:00 2001 From: Jiaqi Gao Date: Thu, 29 Aug 2024 09:16:26 -0400 Subject: [PATCH 4/4] OvmfPkg: measure SEC FV by installing SEC FV info Define two PCDs to store the base and size of the SEC FV in the ROM space. Install the SEC FV info PPI to let `Tcg2Pei` measure the SEC. Signed-off-by: Jiaqi Gao --- OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc | 6 ++++++ OvmfPkg/OvmfPkg.dec | 4 ++++ OvmfPkg/PlatformPei/Fv.c | 11 +++++++++++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ 4 files changed, 23 insertions(+) diff --git a/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc b/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc index 6170c5993ce..965b29c68ed 100644 --- a/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc +++ b/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc @@ -36,6 +36,7 @@ DEFINE CODE_BLOCKS = 0xE0 DEFINE FVMAIN_SIZE = 0x000CC000 DEFINE SECFV_OFFSET = 0x000EC000 DEFINE SECFV_SIZE = 0x14000 +DEFINE SECFV_ADDRESS = 0xFFFEC000 !endif !if $(FD_SIZE_IN_KB) == 2048 @@ -48,6 +49,7 @@ DEFINE CODE_BLOCKS = 0x1E0 DEFINE FVMAIN_SIZE = 0x001AC000 DEFINE SECFV_OFFSET = 0x001CC000 DEFINE SECFV_SIZE = 0x34000 +DEFINE SECFV_ADDRESS = 0xFFFCC000 !endif !if $(FD_SIZE_IN_KB) == 4096 @@ -65,6 +67,7 @@ DEFINE CODE_BLOCKS = 0x37C DEFINE FVMAIN_SIZE = 0x00348000 DEFINE SECFV_OFFSET = 0x003CC000 DEFINE SECFV_SIZE = 0x34000 +DEFINE SECFV_ADDRESS = 0xFFFCC000 !endif SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress = $(FW_BASE_ADDRESS) @@ -97,6 +100,9 @@ SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase = $(CODE_BASE_ADDRESS) SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset = $(VARS_SIZE) SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize = $(CODE_SIZE) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvBase = $(SECFV_ADDRESS) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvRawDataSize = $(SECFV_SIZE) + !if $(SMM_REQUIRE) == TRUE SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 51be9a59594..afed69d2413 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -316,6 +316,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset|0|UINT32|0x56 gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize|0|UINT32|0x57 + ## The base address and size of the SEC FV base and size. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvBase|0|UINT32|0x74 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvRawDataSize|0|UINT32|0x75 + ## The base address and size of the SEV-SNP Secrets Area that contains # the VM platform communication key used to send and recieve the # messages to the PSP. If this is set in the .fdf, the platform diff --git a/OvmfPkg/PlatformPei/Fv.c b/OvmfPkg/PlatformPei/Fv.c index fcf14c88faa..07b3a36a566 100644 --- a/OvmfPkg/PlatformPei/Fv.c +++ b/OvmfPkg/PlatformPei/Fv.c @@ -77,6 +77,17 @@ PeiFvInitialization ( ); } + // + // Let PEI measure the SEC FV + // + PeiServicesInstallFvInfoPpi ( + NULL, + (VOID *)(UINTN)PcdGet32 (PcdOvmfSecFvBase), + PcdGet32 (PcdOvmfSecFvRawDataSize), + NULL, + NULL + ); + // // Let PEI know about the DXE FV so it can find the DXE Core // diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index e036018eab3..05b18cf5aba 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -70,6 +70,8 @@ SmmRelocationLib [Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvRawDataSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase