[edk2-devel] [PATCH V2 00/10] Enable Tdx measurement in OvmfPkgX64

Min Xu Wed, 18 Jan 2023 19:28:45 -0800

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243


Tdx measurement (RTMR based measurement) is enabled in OvmfPkg/IntelTdx.
This patch-set enables the feature in OvmfPkgX64 as well.

Patch #1:
  Introduce TDX_MEASUREMETNS_DATA in SEC_TDX_WORK_AREA. That is because
  the RTMR measurement of TdHob and Configuration FV (CFV) are executed
  in very early stage of boot process. At that time the memory service is
  not ready and the measurement values have to be stored in OvmfWorkArea.

Patch #2 - 5:
  Introduce TdxHelperLib which provides helper functions for td-guest.

Patch #6/7:
  These 2 patches are the changes for OvmfPkg/IntelTdx because of the
  introduction of TdxHelperLib.

Patch #8/9:
  These 2 patches are the changes for OvmfPkg/OvmfPkgX64 to enable Tdx
  measurement.

Patch #10:
  ProcessTdxHobList is moved to TdxHelperLib and is renamed as
  TdxHelperProcessTdHob(). So the duplicated codes are deleted in this
  patch.

Code: https://github.com/mxu9/edk2/tree/TdxMeasurementInOvmfX64.v2

v2 changes:
 - Split the patch of TdxHelperLib into 4 separate patches. So that it is
   more reviewable.
 - Add commit message in Patch#1 to emphasize that the tdx-measurement in
   OvmfPkgX64 is supported in SEC phase.

Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Michael Roth <michael.r...@amd.com>
Signed-off-by: Min Xu <min.m...@intel.com>

Min M Xu (10):
  OvmfPkg: Add Tdx measurement data structure in WorkArea
  OvmfPkg/IntelTdx: Add TdxHelperLibNull
  OvmfPkg/IntelTdx: Add SecTdxHelperLib
  OvmfPkg/IntelTdx: Implement other helper functions in SecTdxHelperLib
  OvmfPkg/IntelTdx: Add PeiTdxHelperLib
  OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurements
  OvmfPkg/IntelTdx: Update tdx measurement in SEC phase
  OvmfPkg: Enable Tdx measurement in OvmfPkgX64
  OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement
  OvmfPkg/PlatformInitLib: Delete the ProcessTdxHobList()

 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   5 +-
 OvmfPkg/CloudHv/CloudHvX64.dsc                |   5 +-
 OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc       |  10 +-
 .../Include/Dsc/OvmfTpmSecurityStub.dsc.inc   |   8 +
 OvmfPkg/Include/Library/PlatformInitLib.h     |  17 -
 OvmfPkg/Include/Library/TdxHelperLib.h        |  70 ++
 OvmfPkg/Include/WorkArea.h                    |  25 +-
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |   4 +-
 OvmfPkg/IntelTdx/Sec/SecMain.c                |  17 +-
 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c  |  91 +++
 .../IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf |  48 ++
 .../TdxHelperLib/SecTdxHelper.c}              | 312 +++----
 .../IntelTdx/TdxHelperLib/SecTdxHelperLib.inf |  53 ++
 .../TdxHelperLib/TdxHelperLibNull.inf         |  32 +
 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c |  79 ++
 .../IntelTdx/TdxHelperLib/TdxMeasurementHob.c | 266 ++++++
 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c  | 196 -----
 .../PeilessStartupLib/PeilessStartup.c        |  16 +-
 .../PeilessStartupInternal.h                  |  36 -
 .../PeilessStartupLib/PeilessStartupLib.inf   |   3 -
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c    | 768 ------------------
 .../Library/PlatformInitLib/IntelTdxNull.c    |  20 -
 .../PlatformInitLib/PlatformInitLib.inf       |   1 -
 OvmfPkg/Microvm/MicrovmX64.dsc                |   5 +-
 OvmfPkg/OvmfPkg.dec                           |   4 +
 OvmfPkg/OvmfPkgX64.dsc                        |  20 +-
 OvmfPkg/OvmfPkgX64.fdf                        |   7 +
 OvmfPkg/PlatformPei/IntelTdx.c                |   3 +
 OvmfPkg/Sec/SecMain.c                         |  17 +-
 29 files changed, 931 insertions(+), 1207 deletions(-)
 create mode 100644 OvmfPkg/Include/Library/TdxHelperLib.h
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelper.c
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
 copy OvmfPkg/{Library/PlatformInitLib/IntelTdx.c => 
IntelTdx/TdxHelperLib/SecTdxHelper.c} (79%)
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperLibNull.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c
 create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c
 delete mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c

-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98845): https://edk2.groups.io/g/devel/message/98845
Mute This Topic: https://groups.io/mt/96370892/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 00/10] Enable Tdx measurement in OvmfPkgX64

Reply via email to