From nobody Mon Feb 9 02:12:19 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67343+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67343+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1605148128; cv=none; d=zohomail.com; s=zohoarc; b=MDDme7obrBEWMfUR2mc4pDiFwTYmFXyi8+R/SxDeiQHGSzo89Z3QQIJ5DlJ1EkuG8AxYM2rqRLVuN6XBaWS8HvWMfrZIKTziiMoJNp5/Jid4m5nifJjagwECAIriqAlwHvKrNdEFqL1QdhLyte4/0YZ00V7t03oFJx3MFUZwjko= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1605148128; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=gS4/4q/OM3RrCeX0/2Fj58Be2m5QOCuVaEtLhJ6wYFQ=; b=jRKz/mHNCinbzSJfBrjvsXQzK9mq+oDuNgsRHjgKh20oB3tsnsz9iAgalNT4XvTsHdnp1/rMKE0wPVzCl9dCsZD7X7dkVj/9CMtXlYEden+damK3UXEhPTMT14ITe3Alpvtqgi2WUJuL+PC4QUcMrPCK/6aC/laD2MJTt6OfLm8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67343+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1605148128412197.6187799510675; Wed, 11 Nov 2020 18:28:48 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id Z366YY1788612xNCfDaFjgvo; Wed, 11 Nov 2020 18:28:47 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.15821.1605140069990377592 for ; Wed, 11 Nov 2020 16:14:30 -0800 X-Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AC02fIi087346; Wed, 11 Nov 2020 19:14:28 -0500 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 34rf0yvwqc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Nov 2020 19:14:28 -0500 X-Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0AC02mSu088126; Wed, 11 Nov 2020 19:14:27 -0500 X-Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0b-001b2d01.pphosted.com with ESMTP id 34rf0yvwq4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Nov 2020 19:14:27 -0500 X-Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AC088S1028047; Thu, 12 Nov 2020 00:14:27 GMT X-Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma04wdc.us.ibm.com with ESMTP id 34q5nexct0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Nov 2020 00:14:27 +0000 X-Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AC0EOv84784744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 12 Nov 2020 00:14:24 GMT X-Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DDB2E7805F; Thu, 12 Nov 2020 00:14:23 +0000 (GMT) X-Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A43C77805C; Thu, 12 Nov 2020 00:14:21 +0000 (GMT) X-Received: from jarvis.int.hansenpartnership.com (unknown [9.85.162.106]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 12 Nov 2020 00:14:21 +0000 (GMT) From: James Bottomley To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" Subject: [edk2-devel] [PATCH 4/4] OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table Date: Wed, 11 Nov 2020 16:13:16 -0800 Message-Id: <20201112001316.11341-5-jejb@linux.ibm.com> In-Reply-To: <20201112001316.11341-1-jejb@linux.ibm.com> References: <20201112001316.11341-1-jejb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com X-Gm-Message-State: 9iKV5VuhNr6xOLmKlEs84rIJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1605148127; bh=5EGWqPr6ZWBXFO8Nrcj/PtVqZyJX07v1hlttaymsfno=; h=Cc:Date:From:Reply-To:Subject:To; b=YQ7HIecMyAVwQi8eZ5u0ZyXaJh3xTaps4WC/+vIyKdI87MTWPG3RAcdMLRnktqgwZIA lsAfOjPMavcODXy1HUX8DXSejsm9kbxb5avkbgL5gzS2/+nXYY/Q3AXAonhIgrHRi1zjf lGUlPHWcy4IF2PaUK4PFBX/4Ko5uCNKMfEA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" This is to allow the boot loader (grub) to pick up the secret area. The Configuration Table simply points to the base and size (in physical memory) and this area is covered by a Boot time HOB, meaning that the secret will be freed after ExitBootServices, by which time it should be consumed anyway. Signed-off-by: James Bottomley --- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 ++ OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++ .../SevLaunchSecret/SecretDxe/SecretDxe.inf | 38 +++++++++++++++ .../SevLaunchSecret/SecretPei/SecretPei.inf | 46 +++++++++++++++++++ .../SevLaunchSecret/SecretDxe/SecretDxe.c | 29 ++++++++++++ .../SevLaunchSecret/SecretPei/SecretPei.c | 26 +++++++++++ 6 files changed, 145 insertions(+) create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.inf create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.inf create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.c create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.c diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 7d3663150e..eb8cc9d60a 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -698,6 +698,7 @@ OvmfPkg/SmmAccess/SmmAccessPei.inf !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf + OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -1007,6 +1008,8 @@ } !endif =20 + OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.inf + # # TPM support # diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 1fd38b3fe2..65ee4d993b 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -146,6 +146,7 @@ INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf INF OvmfPkg/SmmAccess/SmmAccessPei.inf !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf +INF OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -290,6 +291,8 @@ INF ShellPkg/Application/Shell/Shell.inf =20 INF MdeModulePkg/Logo/LogoDxe.inf =20 +INF OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.inf + # # Network modules # diff --git a/OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.inf b/OvmfP= kg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.inf new file mode 100644 index 0000000000..085162e5c4 --- /dev/null +++ b/OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.inf @@ -0,0 +1,38 @@ +## @file +# Sev Secret configuration Table installer +# +# Copyright (C) 2020 James Bottomley, IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecretDxe + FILE_GUID =3D 6e2b9619-8810-4e9d-a177-d432bb9abeda + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeSecretDxe + +[Sources] + SecretDxe.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiLib + +[Guids] + gSevLaunchSecretGuid + +[FixedPcd] + gSevLaunchSecretGuid.PcdSevLaunchSecretBase + gSevLaunchSecretGuid.PcdSevLaunchSecretSize + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.inf b/OvmfP= kg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.inf new file mode 100644 index 0000000000..b154dcc74e --- /dev/null +++ b/OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.inf @@ -0,0 +1,46 @@ +## @file +# PEI support for SEV Secrets +# +# Copyright (C) 2020 James Bottomley, IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecretPei + FILE_GUID =3D 45260dde-0c3c-4b41-a226-ef3803fac7d4 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeSecretPei + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 EBC +# + +[Sources] + SecretPei.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + DebugLib + HobLib + PeiServicesLib + PeiServicesTablePointerLib + PeimEntryPoint + PcdLib + +[FixedPcd] + gSevLaunchSecretGuid.PcdSevLaunchSecretBase + gSevLaunchSecretGuid.PcdSevLaunchSecretSize + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.c b/OvmfPkg= /AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.c new file mode 100644 index 0000000000..b40bbe1eb9 --- /dev/null +++ b/OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.c @@ -0,0 +1,29 @@ +/** @file + SEV Secret configuration table constructor + + Copyright (C) 2020 James Bottomley, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include +#include + +struct { + UINT32 base; + UINT32 size; +} secretDxeTable =3D { + FixedPcdGet32(PcdSevLaunchSecretBase), + FixedPcdGet32(PcdSevLaunchSecretSize), +}; + +EFI_STATUS +EFIAPI +InitializeSecretDxe( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return gBS->InstallConfigurationTable (&gSevLaunchSecretGuid, + &secretDxeTable); +} diff --git a/OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.c b/OvmfPkg= /AmdSev/SevLaunchSecret/SecretPei/SecretPei.c new file mode 100644 index 0000000000..16b49792ad --- /dev/null +++ b/OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.c @@ -0,0 +1,26 @@ +/** @file + SEV Secret boot time HOB placement + + Copyright (C) 2020 James Bottomley, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include +#include +#include + +EFI_STATUS +EFIAPI +InitializeSecretPei ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + BuildMemoryAllocationHob ( + PcdGet32 (PcdSevLaunchSecretBase), + PcdGet32 (PcdSevLaunchSecretSize), + EfiBootServicesData); + + return EFI_SUCCESS; +} --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67343): https://edk2.groups.io/g/devel/message/67343 Mute This Topic: https://groups.io/mt/78198621/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-