From nobody Thu Nov 14 07:14:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+98403+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98403+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1673568887; cv=none; d=zohomail.com; s=zohoarc; b=XTPLZ2PGVMgZXMzVCZwVrRi0SJd59NDHaNiiNjCFmSWNi/orK4sIreuVaJMsPLnztJP3ol48g8oe26b1kNunNXXfCUrgjt40gnQFwsCasAF83vkzJuJifuq3H7XOmLrbLZmylcaKE2MZDtFe2/pOzRhyzWpBxbz12kwIF98QvyM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673568887; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=+LEuHDkDLRBauv+RbgW9ab+FcREQAoH1VYAayG3lqas=; b=a3thqMWsqH52WnBgKdIzi0Wa38w46lcTIV7+UGEiKfPM3qsVyFsDdJtspVSFo/P9FpaWrE5Ot662dSaF5YpIJ3UZHXaYPEsMD4+gXBija+Rgg1M138dPnrnmHEIgY7VRXkZ1h+iw6DEH9ptnYWkPzWEUiwuC0QwjhPhG/zA9+R4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98403+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1673568887122363.63290568350646; Thu, 12 Jan 2023 16:14:47 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id zHsOYY1788612xCJNYL0D02X; Thu, 12 Jan 2023 16:14:46 -0800 X-Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) by mx.groups.io with SMTP id smtpd.web11.73499.1673568886321517598 for ; Thu, 12 Jan 2023 16:14:46 -0800 X-Received: by mail-pg1-f202.google.com with SMTP id e11-20020a63d94b000000b0048988ed9a6cso8878378pgj.1 for ; Thu, 12 Jan 2023 16:14:46 -0800 (PST) X-Gm-Message-State: 0A9PCIGM2AEca5puEzMjfBaZx1787277AA= X-Google-Smtp-Source: AMrXdXsX8CTZYZFYai2UdQfx6Gn2qk7cUi1WddIc0/oKWX2Z8BvzcPMF1ozhhK8UfJJ9PmwrnTqct+Uddc+s03P04Q== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:aa7:8051:0:b0:582:e939:183d with SMTP id y17-20020aa78051000000b00582e939183dmr3391582pfm.63.1673568885394; Thu, 12 Jan 2023 16:14:45 -0800 (PST) Date: Fri, 13 Jan 2023 00:14:16 +0000 In-Reply-To: <20230113001419.2519031-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230113001419.2519031-1-dionnaglaze@google.com> Message-ID: <20230113001419.2519031-2-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v9 1/4] OvmfPkg: Introduce CocoDxe driver From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1673568886; bh=47Zzd8m8FO0xwvj8hpbTkpxpI9PJfR/6O27AgNcy22M=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=d19NGZPVKjxoeVid6Q58RQTTThawU189wXcLMbbnrEt2zHoawijGy+Rkab0VKHu60n1 lfEPSLl8P3PQ6Hcx3LTVgVe66QUh8prG909ZN0a/JvlQD/xV2nXoEuskO3jkRsC182Bii rKOyoikT+dj781WSsVpB38DEeg1aLXEhuHI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1673568887520100004 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This driver is meant as a join point for all Confidential Compute technologies to put shared behavior that doesn't belong anywhere else. The first behavior added here is to accept all unaccepted memory at ExitBootServices if the behavior is not disabled. This allows safe upgrades for OS loaders to affirm their support for the unaccepted memory type. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/CocoDxe/CocoDxe.c | 147 +++++++++++++++++++++++++++++++ OvmfPkg/CocoDxe/CocoDxe.inf | 45 ++++++++++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + OvmfPkg/IntelTdx/IntelTdxX64.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfPkgX64.fdf | 1 + 10 files changed, 200 insertions(+) create mode 100644 OvmfPkg/CocoDxe/CocoDxe.c create mode 100644 OvmfPkg/CocoDxe/CocoDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 36100f5fdc..5e5e9887bb 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -749,6 +749,7 @@ PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf } + OvmfPkg/CocoDxe/CocoDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 # diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 5fb3b5d276..ae64693c28 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -302,6 +302,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 =20 diff --git a/OvmfPkg/CocoDxe/CocoDxe.c b/OvmfPkg/CocoDxe/CocoDxe.c new file mode 100644 index 0000000000..da16af32a3 --- /dev/null +++ b/OvmfPkg/CocoDxe/CocoDxe.c @@ -0,0 +1,147 @@ +/** @file + + Confidential Compute Dxe driver. This driver installs protocols that are + generic over confidential compute techonology. + + Copyright (c) 2022, Google LLC. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +STATIC BOOLEAN mAcceptAllMemoryAtEBS =3D TRUE; + +STATIC EFI_EVENT mAcceptAllMemoryEvent =3D NULL; + +STATIC +EFI_STATUS +AcceptAllMemory ( + IN EDKII_MEMORY_ACCEPT_PROTOCOL *AcceptMemory + ) +{ + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "Accepting all memory\n")); + + /* + * Get a copy of the memory space map to iterate over while + * changing the map. + */ + Status =3D gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap); + if (EFI_ERROR (Status)) { + return Status; + } + + for (Index =3D 0; Index < NumEntries; Index++) { + CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; + + Desc =3D &AllDescMap[Index]; + if (Desc->GcdMemoryType !=3D EFI_GCD_MEMORY_TYPE_UNACCEPTED) { + continue; + } + + Status =3D AcceptMemory->AcceptMemory ( + AcceptMemory, + Desc->BaseAddress, + Desc->Length + ); + if (EFI_ERROR (Status)) { + break; + } + + Status =3D gDS->RemoveMemorySpace (Desc->BaseAddress, Desc->Length); + if (EFI_ERROR (Status)) { + break; + } + + Status =3D gDS->AddMemorySpace ( + EfiGcdMemoryTypeSystemMemory, + Desc->BaseAddress, + Desc->Length, + EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO = | EFI_MEMORY_RP + ); + if (EFI_ERROR (Status)) { + break; + } + } + + gBS->FreePool (AllDescMap); + return Status; +} + +VOID +EFIAPI +ResolveUnacceptedMemory ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EDKII_MEMORY_ACCEPT_PROTOCOL *AcceptMemory; + EFI_STATUS Status; + + if (!mAcceptAllMemoryAtEBS) { + return; + } + + Status =3D gBS->LocateProtocol ( + &gEdkiiMemoryAcceptProtocolGuid, + NULL, + (VOID **)&AcceptMemory + ); + if (Status =3D=3D EFI_NOT_FOUND) { + return; + } + + ASSERT_EFI_ERROR (Status); + + Status =3D AcceptAllMemory (AcceptMemory); + ASSERT_EFI_ERROR (Status); +} + +EFI_STATUS +EFIAPI +CocoDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Do nothing when confidential compute technologies that require memory + // acceptance are not enabled. + // + if (!MemEncryptSevSnpIsEnabled () && + !MemEncryptTdxIsEnabled ()) + { + return EFI_UNSUPPORTED; + } + + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + ResolveUnacceptedMemory, + NULL, + &gEfiEventBeforeExitBootServicesGuid, + &mAcceptAllMemoryEvent + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for EventBe= foreExitBootServices failed.\n")); + } + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/CocoDxe/CocoDxe.inf b/OvmfPkg/CocoDxe/CocoDxe.inf new file mode 100644 index 0000000000..8d4452e94d --- /dev/null +++ b/OvmfPkg/CocoDxe/CocoDxe.inf @@ -0,0 +1,45 @@ +#/** @file +# +# Driver installs shared protocols needed for confidential compute +# technologies. +# +# Copyright (c) 2022, Google LLC. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +#**/ + +[Defines] + INF_VERSION =3D 1.25 + BASE_NAME =3D CocoDxe + FILE_GUID =3D 08162f1e-5147-4d3e-b5a9-fa48c9808419 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D CocoDxeEntryPoint + +[Sources] + CocoDxe.c + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + DxeServicesTableLib + MemEncryptSevLib + MemEncryptTdxLib + MemoryAllocationLib + UefiDriverEntryPoint + +[Depex] + TRUE + +[Guids] + gEfiEventBeforeExitBootServicesGuid + +[Protocols] + gEdkiiMemoryAcceptProtocolGuid diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 81511e3556..c3e64d97c0 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -754,6 +754,7 @@ OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/CocoDxe/CocoDxe.inf =20 # # Variable driver stack (non-SMM) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX6= 4.fdf index a57bbcee89..f5765b50eb 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -269,6 +269,7 @@ INF ShellPkg/Application/Shell/Shell.inf INF MdeModulePkg/Logo/LogoDxe.inf =20 INF OvmfPkg/TdxDxe/TdxDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf =20 # # Usb Support diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index a9d422bd91..8e4d31bcea 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -966,6 +966,7 @@ PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf } + OvmfPkg/CocoDxe/CocoDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 4c5bd0dbc3..7d75140fe3 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -343,6 +343,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8401d73900..a728610c86 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1037,6 +1037,7 @@ OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/CocoDxe/CocoDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 8c02dfe11e..9e0aee225c 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -370,6 +370,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf +INF OvmfPkg/CocoDxe/CocoDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE --=20 2.39.0.314.g84b9a713c41-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98403): https://edk2.groups.io/g/devel/message/98403 Mute This Topic: https://groups.io/mt/96236147/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-