tianocore · gaojiaqi7 · Aug 20, 2024 · Aug 20, 2024 · Aug 20, 2024 · Aug 29, 2024
diff --git a/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc b/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc
@@ -36,6 +36,7 @@ DEFINE CODE_BLOCKS       = 0xE0
 DEFINE FVMAIN_SIZE       = 0x000CC000
 DEFINE SECFV_OFFSET      = 0x000EC000
 DEFINE SECFV_SIZE        = 0x14000
+DEFINE SECFV_ADDRESS     = 0xFFFEC000
 !endif
 
 !if $(FD_SIZE_IN_KB) == 2048
@@ -48,6 +49,7 @@ DEFINE CODE_BLOCKS       = 0x1E0
 DEFINE FVMAIN_SIZE       = 0x001AC000
 DEFINE SECFV_OFFSET      = 0x001CC000
 DEFINE SECFV_SIZE        = 0x34000
+DEFINE SECFV_ADDRESS     = 0xFFFCC000
 !endif
 
 !if $(FD_SIZE_IN_KB) == 4096
@@ -65,6 +67,7 @@ DEFINE CODE_BLOCKS       = 0x37C
 DEFINE FVMAIN_SIZE       = 0x00348000
 DEFINE SECFV_OFFSET      = 0x003CC000
 DEFINE SECFV_SIZE        = 0x34000
+DEFINE SECFV_ADDRESS     = 0xFFFCC000
 !endif
 
 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress     = $(FW_BASE_ADDRESS)
@@ -97,6 +100,9 @@ SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase           = $(CODE_BASE_ADDRESS)
 SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset  = $(VARS_SIZE)
 SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize    = $(CODE_SIZE)
 
+SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvBase         = $(SECFV_ADDRESS)
+SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecFvRawDataSize  = $(SECFV_SIZE)
+
 !if $(SMM_REQUIRE) == TRUE
 SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
 SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase

diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
@@ -79,6 +79,10 @@ typedef struct _SEV_WORK_AREA {
 #define TDX_MEASUREMENT_TDHOB_BITMASK   0x1
 #define TDX_MEASUREMENT_CFVIMG_BITMASK  0x2
 
+#define TDX_MEASUREMENT_TYPE_NONE       0x0
+#define TDX_MEASUREMENT_TYPE_CC         0x1
+#define TDX_MEASUREMENT_TYPE_VTPM       0x2
+
 typedef struct _TDX_MEASUREMENTS_DATA {
   UINT32    MeasurementsBitmap;
   UINT8     TdHobHashValue[SHA384_DIGEST_SIZE];
@@ -93,6 +97,7 @@ typedef struct _SEC_TDX_WORK_AREA {
   UINT32                   Gpaw;
   UINT64                   HobList;
   TDX_MEASUREMENTS_DATA    TdxMeasurementsData;
+  UINT32                   MeasurementType;
 } SEC_TDX_WORK_AREA;
 
 typedef struct _TDX_WORK_AREA {

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -210,6 +210,7 @@
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
 
 !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
 
 [LibraryClasses.common]
   AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
@@ -529,6 +530,8 @@
 
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 
+!include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
+
 ################################################################################
 #
 # Components Section - list of all EDK II Modules needed by this Platform.
@@ -727,7 +730,10 @@
   OvmfPkg/PlatformDxe/Platform.inf
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
-  OvmfPkg/TdxDxe/TdxDxe.inf
+  OvmfPkg/TdxDxe/TdxDxe.inf {
+    <LibraryClasses>
+      Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
+  }
 
   #
   # Variable driver stack (non-SMM)
@@ -751,3 +757,8 @@
       HashLib|OvmfPkg/Library/HashLibTdx/HashLibTdx.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   }
+
+  #
+  # TPM support
+  #
+  !include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -257,6 +257,11 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 #
 INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
 
+#
+# TPM support
+#
+!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
+
 ################################################################################
 
 [FV.NCCFV]

diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
@@ -23,6 +23,7 @@
 #include <WorkArea.h>
 #include <ConfidentialComputingGuestAttr.h>
 #include <Library/TdxHelperLib.h>
+#include <Library/MemoryAllocationLib.h>
 
 #define ALIGNED_2MB_MASK  0x1fffff
 #define MEGABYTE_SHIFT    20
@@ -43,6 +44,17 @@ InternalBuildGuidHobForTdxMeasurement (
   VOID
   );
 
+/**
+ * Build the GUIDed HOB of the SVSM events
+ *
+ * @retval EFI_SUCCESS    Successfully detect vTPM and build the events HOB
+ * @retval Others         Other errors as indicated
+ */
+EFI_STATUS
+BuildSvsmEventsHob (
+  VOID
+  );
+
 /**
   This function will be called to accept pages. Only BSP accepts pages.
 
@@ -972,6 +984,11 @@ TdxHelperBuildGuidHobForTdxMeasurement (
   )
 {
  #ifdef TDX_PEI_LESS_BOOT
+  EFI_STATUS  Status;
+  Status = BuildSvsmEventsHob();
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
   return InternalBuildGuidHobForTdxMeasurement ();
  #else
   return EFI_UNSUPPORTED;

diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
@@ -25,6 +25,7 @@
 [Sources]
   SecTdxHelper.c
   TdxMeasurementHob.c
+  TdxVirtualTpmDetection.c
 
 [Packages]
   CryptoPkg/CryptoPkg.dec
@@ -41,6 +42,7 @@
   PcdLib
   TdxMailboxLib
   TdxLib
+  MemoryAllocationLib
 
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
@@ -51,3 +53,4 @@
 
 [Guids]
   gCcEventEntryHobGuid
+  gTcgEvent2EntryHobGuid              ## PRODUCES  ## HOB