From nobody Mon Feb 9 12:26:19 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99217+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99217+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1674914356; cv=none; d=zohomail.com; s=zohoarc; b=OJOZzFi+GV98alEbLGDzNR6qXN3ibTrEfaILLrPzAt2zKcJMHWJlacSPU5skLH0/1SZpNdXPMJd/mrJ6OzeLKdDviFjisz3z/JXkYc0ZvOG+BvnwvoSF6FVYoeStEOa2WcNgepdRpT80KoxxbVtylp6y+KNW3O9kI9GzSoq4vY0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674914356; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=E6JTwx1vMhfN1MhWHkYzbPfhf9gKp3tm5/3SUpYjjQo=; b=LyOZxWTsi2fQePjkt5I9SBzrA+rtoYAuirvGUyqpQkvBlqQkX02Q1AxGtjM+5Zi0+L0eCF73x6DxVNf0f7KqYGiUbSkpBqXUEtEqZyWKsSlaccSaavjAgoR1Q0uNKywADV0KcEuzhB8LjTRElzrNIQksyAKVolHk1KXFD3BiOBc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99217+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674914356152999.0818646317538; Sat, 28 Jan 2023 05:59:16 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id qZANYY1788612xPxy9icQrP4; Sat, 28 Jan 2023 05:59:15 -0800 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.13668.1674914336767550554 for ; Sat, 28 Jan 2023 05:59:15 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10604"; a="389670730" X-IronPort-AV: E=Sophos;i="5.97,254,1669104000"; d="scan'208";a="389670730" X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jan 2023 05:59:14 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10604"; a="787512601" X-IronPort-AV: E=Sophos;i="5.97,254,1669104000"; d="scan'208";a="787512601" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.31.196]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jan 2023 05:59:12 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Gerd Hoffmann , Tom Lendacky , Michael Roth Subject: [edk2-devel] [PATCH V5 07/13] OvmfPkg: Refactor ProcessHobList Date: Sat, 28 Jan 2023 21:58:36 +0800 Message-Id: <20230128135842.980-8-min.m.xu@intel.com> In-Reply-To: <20230128135842.980-1-min.m.xu@intel.com> References: <20230128135842.980-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: rzK4UrqlSgDt668jl2PL6c7Yx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674914355; bh=hhBFhBRlQgjWQSOFqpwPrLqaViTDsuNefaZuNeTcfaQ=; h=Cc:Date:From:Reply-To:Subject:To; b=e8PAG5nZe4HBEQqkuI5p8zC9XgjbX0BObfL9AAnnjvn9/SzoO3BY36srjSZG/nKDg4s 58+vv2xAEpLHfpzWQcD0HNEmiEE29tql0DRPckcJA1eZPMUB8imUePtpxdlX+L9YD4USp mD/zhexYGkB07e82uGTgiWvyfyHuGKD8jR4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674914357025100006 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4243 ProcessHobList once was implemented in PlatformInitLib and it walks thru TdHob list and accept un-accepted memories. This patch moves the codes to SecTdxHelperLib and rename ProcessHobList as TdxHelperProcessTdHob After TdxHelperProcessTdHob is introduced, below changes are applied: - Call TdxHelperProcessTdHob instead of ProcessHobList in SecMain.c (in both OvmfPkgX64/Sec and IntelTdx/Sec). - Delete the duplicated codes in PlatformInitLib Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Gerd Hoffmann Cc: Tom Lendacky Cc: Michael Roth Signed-off-by: Min Xu Acked-by: Gerd Hoffmann --- OvmfPkg/Include/Library/PlatformInitLib.h | 17 - OvmfPkg/IntelTdx/Sec/SecMain.c | 4 +- OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c | 754 ++++++++++++++++- OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 768 ------------------ .../Library/PlatformInitLib/IntelTdxNull.c | 20 - .../PlatformInitLib/PlatformInitLib.inf | 1 - OvmfPkg/OvmfPkgX64.dsc | 3 +- OvmfPkg/Sec/SecMain.c | 4 +- 8 files changed, 759 insertions(+), 812 deletions(-) diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h b/OvmfPkg/Include/Li= brary/PlatformInitLib.h index 051b31191194..57b18b94d9b8 100644 --- a/OvmfPkg/Include/Library/PlatformInitLib.h +++ b/OvmfPkg/Include/Library/PlatformInitLib.h @@ -210,23 +210,6 @@ PlatformMaxCpuCountInitialization ( IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob ); =20 -/** - In Tdx guest, some information need to be passed from host VMM to guest - firmware. For example, the memory resource, etc. These information are - prepared by host VMM and put in HobList which is described in TdxMetadat= a. - - Information in HobList is treated as external input. From the security - perspective before it is consumed, it should be validated. - - @retval EFI_SUCCESS Successfully process the hoblist - @retval Others Other error as indicated -**/ -EFI_STATUS -EFIAPI -ProcessTdxHobList ( - VOID - ); - /** In Tdx guest, the system memory is passed in TdHob by host VMM. So the major task of PlatformTdxPublishRamRegions is to walk thru the diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c index ab01ec9ab19c..41bd5c66ba29 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.c +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -24,7 +24,7 @@ #include #include #include -#include +#include #include #include =20 @@ -67,7 +67,7 @@ SecCoreStartupWithStack ( // first so that the memory is accepted. Otherwise access to the unacc= epted // memory will trigger tripple fault. // - if (ProcessTdxHobList () !=3D EFI_SUCCESS) { + if (TdxHelperProcessTdHob () !=3D EFI_SUCCESS) { CpuDeadLoop (); } } diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c b/OvmfPkg/IntelTd= x/TdxHelperLib/SecTdxHelper.c index 1929093f9110..3372cee2f720 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c +++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c @@ -17,11 +17,20 @@ #include #include #include +#include +#include #include #include #include #include =20 +#define ALIGNED_2MB_MASK 0x1fffff +#define MEGABYTE_SHIFT 20 + +#define ACCEPT_CHUNK_SIZE SIZE_32MB +#define AP_STACK_SIZE SIZE_16KB +#define APS_STACK_SIZE(CpusNum) (ALIGN_VALUE(CpusNum*AP_STACK_SIZE, SIZE_= 2MB)) + /** Build the GuidHob for tdx measurements which were done in SEC phase. The measurement values are stored in WorkArea. @@ -34,6 +43,720 @@ InternalBuildGuidHobForTdxMeasurement ( VOID ); =20 +/** + This function will be called to accept pages. Only BSP accepts pages. + + TDCALL(ACCEPT_PAGE) supports the accept page size of 4k and 2M. To + simplify the implementation, the Memory to be accpeted is splitted + into 3 parts: + ----------------- <-- StartAddress1 (not 2M aligned) + | part 1 | Length1 < 2M + |---------------| <-- StartAddress2 (2M aligned) + | | Length2 =3D Integer multiples of 2M + | part 2 | + | | + |---------------| <-- StartAddress3 + | part 3 | Length3 < 2M + |---------------| + + @param[in] PhysicalAddress Start physical adress + @param[in] PhysicalEnd End physical address + + @retval EFI_SUCCESS Accept memory successfully + @retval Others Other errors as indicated +**/ +STATIC +EFI_STATUS +EFIAPI +BspAcceptMemoryResourceRange ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN EFI_PHYSICAL_ADDRESS PhysicalEnd + ) +{ + EFI_STATUS Status; + UINT32 AcceptPageSize; + UINT64 StartAddress1; + UINT64 StartAddress2; + UINT64 StartAddress3; + UINT64 TotalLength; + UINT64 Length1; + UINT64 Length2; + UINT64 Length3; + UINT64 Pages; + + AcceptPageSize =3D FixedPcdGet32 (PcdTdxAcceptPageSize); + TotalLength =3D PhysicalEnd - PhysicalAddress; + StartAddress1 =3D 0; + StartAddress2 =3D 0; + StartAddress3 =3D 0; + Length1 =3D 0; + Length2 =3D 0; + Length3 =3D 0; + + if (TotalLength =3D=3D 0) { + return EFI_SUCCESS; + } + + if (ALIGN_VALUE (PhysicalAddress, SIZE_2MB) !=3D PhysicalAddress) { + StartAddress1 =3D PhysicalAddress; + Length1 =3D ALIGN_VALUE (PhysicalAddress, SIZE_2MB) - PhysicalAd= dress; + if (Length1 >=3D TotalLength) { + Length1 =3D TotalLength; + } + + PhysicalAddress +=3D Length1; + TotalLength -=3D Length1; + } + + if (TotalLength > SIZE_2MB) { + StartAddress2 =3D PhysicalAddress; + Length2 =3D TotalLength & ~(UINT64)ALIGNED_2MB_MASK; + PhysicalAddress +=3D Length2; + TotalLength -=3D Length2; + } + + if (TotalLength) { + StartAddress3 =3D PhysicalAddress; + Length3 =3D TotalLength; + } + + Status =3D EFI_SUCCESS; + if (Length1 > 0) { + Pages =3D Length1 / SIZE_4KB; + Status =3D TdAcceptPages (StartAddress1, Pages, SIZE_4KB); + if (EFI_ERROR (Status)) { + return Status; + } + } + + if (Length2 > 0) { + Pages =3D Length2 / AcceptPageSize; + Status =3D TdAcceptPages (StartAddress2, Pages, AcceptPageSize); + if (EFI_ERROR (Status)) { + return Status; + } + } + + if (Length3 > 0) { + Pages =3D Length3 / SIZE_4KB; + Status =3D TdAcceptPages (StartAddress3, Pages, SIZE_4KB); + ASSERT (!EFI_ERROR (Status)); + if (EFI_ERROR (Status)) { + return Status; + } + } + + return Status; +} + +/** + * This function is called by BSP and APs to accept memory. + * Note: + * The input PhysicalStart/PhysicalEnd indicates the whole memory region + * to be accepted. BSP or AP only accepts one piece in the whole memory re= gion. + * + * @param CpuIndex vCPU index + * @param CpusNum Total vCPU number of a Tdx guest + * @param PhysicalStart Start address of a memory region which is to be = accepted + * @param PhysicalEnd End address of a memory region which is to be ac= cepted + * + * @retval EFI_SUCCESS Successfully accept the memory + * @retval Other Other errors as indicated + */ +STATIC +EFI_STATUS +EFIAPI +BspApAcceptMemoryResourceRange ( + UINT32 CpuIndex, + UINT32 CpusNum, + EFI_PHYSICAL_ADDRESS PhysicalStart, + EFI_PHYSICAL_ADDRESS PhysicalEnd + ) +{ + UINT64 Status; + UINT64 Pages; + UINT64 Stride; + UINT64 AcceptPageSize; + EFI_PHYSICAL_ADDRESS PhysicalAddress; + + AcceptPageSize =3D (UINT64)(UINTN)FixedPcdGet32 (PcdTdxAcceptPageSize); + + Status =3D EFI_SUCCESS; + Stride =3D (UINTN)CpusNum * ACCEPT_CHUNK_SIZE; + PhysicalAddress =3D PhysicalStart + ACCEPT_CHUNK_SIZE * (UINTN)CpuIndex; + + while (!EFI_ERROR (Status) && PhysicalAddress < PhysicalEnd) { + Pages =3D MIN (ACCEPT_CHUNK_SIZE, PhysicalEnd - PhysicalAddress) / Ac= ceptPageSize; + Status =3D TdAcceptPages (PhysicalAddress, Pages, (UINT32)(UINTN)Accep= tPageSize); + ASSERT (!EFI_ERROR (Status)); + PhysicalAddress +=3D Stride; + } + + return EFI_SUCCESS; +} + +/** + * This function is called by APs to accept memory. + * + * @param CpuIndex vCPU index of an AP + * @param PhysicalStart Start address of a memory region which is to be = accepted + * @param PhysicalEnd End address of a memory region which is to be ac= cepted + * + * @retval EFI_SUCCESS Successfully accept the memory + * @retval Others Other errors as indicated + */ +STATIC +EFI_STATUS +EFIAPI +ApAcceptMemoryResourceRange ( + UINT32 CpuIndex, + EFI_PHYSICAL_ADDRESS PhysicalStart, + EFI_PHYSICAL_ADDRESS PhysicalEnd + ) +{ + UINT64 Status; + TD_RETURN_DATA TdReturnData; + + Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); + if (Status !=3D TDX_EXIT_REASON_SUCCESS) { + ASSERT (FALSE); + return EFI_ABORTED; + } + + if ((CpuIndex =3D=3D 0) || (CpuIndex >=3D TdReturnData.TdInfo.NumVcpus))= { + ASSERT (FALSE); + return EFI_ABORTED; + } + + return BspApAcceptMemoryResourceRange (CpuIndex, TdReturnData.TdInfo.Num= Vcpus, PhysicalStart, PhysicalEnd); +} + +/** + * This function is called by BSP. It coordinates BSP/APs to accept memory= together. + * + * @param PhysicalStart Start address of a memory region which is to b= e accepted + * @param PhysicalEnd End address of a memory region which is to be = accepted + * @param APsStackAddress APs stack address + * @param CpusNum Total vCPU number of the Tdx guest + * + * @retval EFI_SUCCESS Successfully accept the memory + * @retval Others Other errors as indicated + */ +STATIC +EFI_STATUS +EFIAPI +MpAcceptMemoryResourceRange ( + IN EFI_PHYSICAL_ADDRESS PhysicalStart, + IN EFI_PHYSICAL_ADDRESS PhysicalEnd, + IN OUT EFI_PHYSICAL_ADDRESS APsStackAddress, + IN UINT32 CpusNum + ) +{ + UINT64 Length; + EFI_STATUS Status; + + Length =3D PhysicalEnd - PhysicalStart; + + DEBUG ((DEBUG_INFO, "MpAccept : 0x%llx - 0x%llx (0x%llx)\n", PhysicalSta= rt, PhysicalEnd, Length)); + + if (Length =3D=3D 0) { + return EFI_SUCCESS; + } + + // + // The start address is not 2M aligned. BSP first accept the part which = is not 2M aligned. + // + if (ALIGN_VALUE (PhysicalStart, SIZE_2MB) !=3D PhysicalStart) { + Length =3D MIN (ALIGN_VALUE (PhysicalStart, SIZE_2MB) - PhysicalStart,= Length); + Status =3D BspAcceptMemoryResourceRange (PhysicalStart, PhysicalStart = + Length); + ASSERT (Status =3D=3D EFI_SUCCESS); + + PhysicalStart +=3D Length; + Length =3D PhysicalEnd - PhysicalStart; + } + + if (Length =3D=3D 0) { + return EFI_SUCCESS; + } + + // + // BSP will accept the memory by itself if the memory is not big enough = compared with a chunk. + // + if (Length <=3D ACCEPT_CHUNK_SIZE) { + return BspAcceptMemoryResourceRange (PhysicalStart, PhysicalEnd); + } + + // + // Now APs are asked to accept the memory together. + // + MpSerializeStart (); + + MpSendWakeupCommand ( + MpProtectedModeWakeupCommandAcceptPages, + (UINT64)(UINTN)ApAcceptMemoryResourceRange, + PhysicalStart, + PhysicalEnd, + APsStackAddress, + AP_STACK_SIZE + ); + + // + // Now BSP does its job. + // + BspApAcceptMemoryResourceRange (0, CpusNum, PhysicalStart, PhysicalEnd); + + MpSerializeEnd (); + + return EFI_SUCCESS; +} + +/** + BSP accept a small piece of memory which will be used as APs stack. + + @param[in] VmmHobList The Hoblist pass the firmware + @param[in] APsStackSize APs stack size + @param[out] PhysicalAddressEnd The physical end address of accepted m= emory in phase-1 + + @retval EFI_SUCCESS Process the HobList successfully + @retval Others Other errors as indicated +**/ +STATIC +EFI_STATUS +EFIAPI +AcceptMemoryForAPsStack ( + IN CONST VOID *VmmHobList, + IN UINT32 APsStackSize, + OUT EFI_PHYSICAL_ADDRESS *PhysicalAddressEnd + ) +{ + EFI_STATUS Status; + EFI_PEI_HOB_POINTERS Hob; + EFI_PHYSICAL_ADDRESS PhysicalEnd; + EFI_PHYSICAL_ADDRESS PhysicalStart; + UINT64 ResourceLength; + BOOLEAN MemoryRegionFound; + + ASSERT (VmmHobList !=3D NULL); + + Status =3D EFI_SUCCESS; + Hob.Raw =3D (UINT8 *)VmmHobList; + MemoryRegionFound =3D FALSE; + + DEBUG ((DEBUG_INFO, "AcceptMemoryForAPsStack with APsStackSize=3D0x%x\n"= , APsStackSize)); + + // + // Parse the HOB list until end of list or matching type is found. + // + while (!END_OF_HOB_LIST (Hob) && !MemoryRegionFound) { + if (Hob.Header->HobType =3D=3D EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) { + DEBUG ((DEBUG_INFO, "\nResourceType: 0x%x\n", Hob.ResourceDescriptor= ->ResourceType)); + + if (Hob.ResourceDescriptor->ResourceType =3D=3D BZ3937_EFI_RESOURCE_= MEMORY_UNACCEPTED) { + ResourceLength =3D Hob.ResourceDescriptor->ResourceLength; + PhysicalStart =3D Hob.ResourceDescriptor->PhysicalStart; + PhysicalEnd =3D PhysicalStart + ResourceLength; + + DEBUG ((DEBUG_INFO, "ResourceAttribute: 0x%x\n", Hob.ResourceDescr= iptor->ResourceAttribute)); + DEBUG ((DEBUG_INFO, "PhysicalStart: 0x%llx\n", PhysicalStart)); + DEBUG ((DEBUG_INFO, "ResourceLength: 0x%llx\n", ResourceLength)); + DEBUG ((DEBUG_INFO, "Owner: %g\n\n", &Hob.ResourceDescriptor->Owne= r)); + + if (ResourceLength >=3D APsStackSize) { + MemoryRegionFound =3D TRUE; + if (ResourceLength > ACCEPT_CHUNK_SIZE) { + PhysicalEnd =3D Hob.ResourceDescriptor->PhysicalStart + APsSta= ckSize; + } + } + + Status =3D BspAcceptMemoryResourceRange ( + Hob.ResourceDescriptor->PhysicalStart, + PhysicalEnd + ); + if (EFI_ERROR (Status)) { + break; + } + } + } + + Hob.Raw =3D GET_NEXT_HOB (Hob); + } + + ASSERT (MemoryRegionFound); + *PhysicalAddressEnd =3D PhysicalEnd; + + return Status; +} + +/** + BSP and APs work togeter to accept memory which is under the address of = 4G. + + @param[in] VmmHobList The Hoblist pass the firmware + @param[in] CpusNum Number of vCPUs + @param[in] APsStackStartAddres Start address of APs stack + @param[in] PhysicalAddressStart Start physical address which to be accep= ted + + @retval EFI_SUCCESS Process the HobList successfully + @retval Others Other errors as indicated +**/ +STATIC +EFI_STATUS +EFIAPI +AcceptMemory ( + IN CONST VOID *VmmHobList, + IN UINT32 CpusNum, + IN EFI_PHYSICAL_ADDRESS APsStackStartAddress, + IN EFI_PHYSICAL_ADDRESS PhysicalAddressStart + ) +{ + EFI_STATUS Status; + EFI_PEI_HOB_POINTERS Hob; + EFI_PHYSICAL_ADDRESS PhysicalStart; + EFI_PHYSICAL_ADDRESS PhysicalEnd; + EFI_PHYSICAL_ADDRESS AcceptMemoryEndAddress; + + Status =3D EFI_SUCCESS; + AcceptMemoryEndAddress =3D BASE_4GB; + + ASSERT (VmmHobList !=3D NULL); + Hob.Raw =3D (UINT8 *)VmmHobList; + + DEBUG ((DEBUG_INFO, "AcceptMemory under address of 4G\n")); + + // + // Parse the HOB list until end of list or matching type is found. + // + while (!END_OF_HOB_LIST (Hob)) { + if (Hob.Header->HobType =3D=3D EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) { + if (Hob.ResourceDescriptor->ResourceType =3D=3D BZ3937_EFI_RESOURCE_= MEMORY_UNACCEPTED) { + PhysicalStart =3D Hob.ResourceDescriptor->PhysicalStart; + PhysicalEnd =3D PhysicalStart + Hob.ResourceDescriptor->Resource= Length; + + if (PhysicalEnd <=3D PhysicalAddressStart) { + // this memory region has been accepted. Skipped it. + Hob.Raw =3D GET_NEXT_HOB (Hob); + continue; + } + + if (PhysicalStart >=3D AcceptMemoryEndAddress) { + // this memory region is not to be accepted. And we're done. + break; + } + + if (PhysicalStart >=3D PhysicalAddressStart) { + // this memory region has not been acceted. + } else if ((PhysicalStart < PhysicalAddressStart) && (PhysicalEnd = > PhysicalAddressStart)) { + // part of the memory region has been accepted. + PhysicalStart =3D PhysicalAddressStart; + } + + // then compare the PhysicalEnd with AcceptMemoryEndAddress + if (PhysicalEnd >=3D AcceptMemoryEndAddress) { + PhysicalEnd =3D AcceptMemoryEndAddress; + } + + DEBUG ((DEBUG_INFO, "ResourceAttribute: 0x%x\n", Hob.ResourceDescr= iptor->ResourceAttribute)); + DEBUG ((DEBUG_INFO, "PhysicalStart: 0x%llx\n", Hob.ResourceDescrip= tor->PhysicalStart)); + DEBUG ((DEBUG_INFO, "ResourceLength: 0x%llx\n", Hob.ResourceDescri= ptor->ResourceLength)); + DEBUG ((DEBUG_INFO, "Owner: %g\n\n", &Hob.ResourceDescriptor->Owne= r)); + + // Now we're ready to accept memory [PhysicalStart, PhysicalEnd) + if (CpusNum =3D=3D 1) { + Status =3D BspAcceptMemoryResourceRange (PhysicalStart, Physical= End); + } else { + Status =3D MpAcceptMemoryResourceRange ( + PhysicalStart, + PhysicalEnd, + APsStackStartAddress, + CpusNum + ); + } + + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + break; + } + + if (PhysicalEnd =3D=3D AcceptMemoryEndAddress) { + break; + } + } + } + + Hob.Raw =3D GET_NEXT_HOB (Hob); + } + + return Status; +} + +/** + Check the value whether in the valid list. + + @param[in] Value A value + @param[in] ValidList A pointer to valid list + @param[in] ValidListLength Length of valid list + + @retval TRUE The value is in valid list. + @retval FALSE The value is not in valid list. + +**/ +STATIC +BOOLEAN +EFIAPI +IsInValidList ( + IN UINT32 Value, + IN UINT32 *ValidList, + IN UINT32 ValidListLength + ) +{ + UINT32 index; + + if (ValidList =3D=3D NULL) { + return FALSE; + } + + for (index =3D 0; index < ValidListLength; index++) { + if (ValidList[index] =3D=3D Value) { + return TRUE; + } + } + + return FALSE; +} + +/** + Check the integrity of VMM Hob List. + + @param[in] VmmHobList A pointer to Hob List + + @retval TRUE The Hob List is valid. + @retval FALSE The Hob List is invalid. + +**/ +STATIC +BOOLEAN +EFIAPI +ValidateHobList ( + IN CONST VOID *VmmHobList + ) +{ + EFI_PEI_HOB_POINTERS Hob; + UINT32 EFI_BOOT_MODE_LIST[] =3D { + BOOT_WITH_FULL_CONFIGURATION, + BOOT_WITH_MINIMAL_CONFIGURATION, + BOOT_ASSUMING_NO_CONFIGURATION_CHANGES, + BOOT_WITH_FULL_CONFIGURATION_PLUS_DIAGNOSTICS, + BOOT_WITH_DEFAULT_SETTINGS, + BOOT_ON_S4_RESUME, + BOOT_ON_S5_RESUME, + BOOT_WITH_MFG_MODE_SETTINGS, + BOOT_ON_S2_RESUME, + BOOT_ON_S3_RESUME, + BOOT_ON_FLASH_UPDATE, + BOOT_IN_RECOVERY_MODE + }; + + UINT32 EFI_RESOURCE_TYPE_LIST[] =3D { + EFI_RESOURCE_SYSTEM_MEMORY, + EFI_RESOURCE_MEMORY_MAPPED_IO, + EFI_RESOURCE_IO, + EFI_RESOURCE_FIRMWARE_DEVICE, + EFI_RESOURCE_MEMORY_MAPPED_IO_PORT, + EFI_RESOURCE_MEMORY_RESERVED, + EFI_RESOURCE_IO_RESERVED, + BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED + }; + + if (VmmHobList =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "HOB: HOB data pointer is NULL\n")); + return FALSE; + } + + Hob.Raw =3D (UINT8 *)VmmHobList; + + // + // Parse the HOB list until end of list or matching type is found. + // + while (!END_OF_HOB_LIST (Hob)) { + if (Hob.Header->Reserved !=3D (UINT32)0) { + DEBUG ((DEBUG_ERROR, "HOB: Hob header Reserved filed should be zero\= n")); + return FALSE; + } + + if (Hob.Header->HobLength =3D=3D 0) { + DEBUG ((DEBUG_ERROR, "HOB: Hob header LEANGTH should not be zero\n")= ); + return FALSE; + } + + switch (Hob.Header->HobType) { + case EFI_HOB_TYPE_HANDOFF: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_HANDOFF_INFO_TABLE)= ) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_HANDOFF)); + return FALSE; + } + + if (IsInValidList (Hob.HandoffInformationTable->BootMode, EFI_BOOT= _MODE_LIST, ARRAY_SIZE (EFI_BOOT_MODE_LIST)) =3D=3D FALSE) { + DEBUG ((DEBUG_ERROR, "HOB: Unknow HandoffInformationTable BootMo= de type. Type: 0x%08x\n", Hob.HandoffInformationTable->BootMode)); + return FALSE; + } + + if ((Hob.HandoffInformationTable->EfiFreeMemoryTop % 4096) !=3D 0)= { + DEBUG ((DEBUG_ERROR, "HOB: HandoffInformationTable EfiFreeMemory= Top address must be 4-KB aligned to meet page restrictions of UEFI.\ + Address: 0x%016lx\n", Hob.HandoffInformatio= nTable->EfiFreeMemoryTop)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_RESOURCE_DESCRIPTOR: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_RESOURCE_DESCRIPTOR= )) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_RESOURCE_DESCRIPTOR)); + return FALSE; + } + + if (IsInValidList (Hob.ResourceDescriptor->ResourceType, EFI_RESOU= RCE_TYPE_LIST, ARRAY_SIZE (EFI_RESOURCE_TYPE_LIST)) =3D=3D FALSE) { + DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceTyp= e type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceType)); + return FALSE; + } + + if ((Hob.ResourceDescriptor->ResourceAttribute & (~(EFI_RESOURCE_A= TTRIBUTE_PRESENT | + EFI_RESOURCE_A= TTRIBUTE_INITIALIZED | + EFI_RESOURCE_A= TTRIBUTE_TESTED | + EFI_RESOURCE_A= TTRIBUTE_READ_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_WRITE_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_EXECUTION_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_PERSISTENT | + EFI_RESOURCE_A= TTRIBUTE_SINGLE_BIT_ECC | + EFI_RESOURCE_A= TTRIBUTE_MULTIPLE_BIT_ECC | + EFI_RESOURCE_A= TTRIBUTE_ECC_RESERVED_1 | + EFI_RESOURCE_A= TTRIBUTE_ECC_RESERVED_2 | + EFI_RESOURCE_A= TTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_COMBINEABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_THROUGH_CACHEABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_BACK_CACHEABLE | + EFI_RESOURCE_A= TTRIBUTE_16_BIT_IO | + EFI_RESOURCE_A= TTRIBUTE_32_BIT_IO | + EFI_RESOURCE_A= TTRIBUTE_64_BIT_IO | + EFI_RESOURCE_A= TTRIBUTE_UNCACHED_EXPORTED | + EFI_RESOURCE_A= TTRIBUTE_READ_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_EXECUTION_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_PERSISTABLE | + EFI_RESOURCE_A= TTRIBUTE_READ_ONLY_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_READ_ONLY_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_MORE_RELIABLE))) !=3D 0) + { + DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceAtt= ribute type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceAttribute)); + return FALSE; + } + + break; + + // EFI_HOB_GUID_TYPE is variable length data, so skip check + case EFI_HOB_TYPE_GUID_EXTENSION: + break; + + case EFI_HOB_TYPE_FV: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_FV2: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME2)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV2)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_FV3: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME3)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV3)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_CPU: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_CPU)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_CPU)); + return FALSE; + } + + for (UINT32 index =3D 0; index < 6; index++) { + if (Hob.Cpu->Reserved[index] !=3D 0) { + DEBUG ((DEBUG_ERROR, "HOB: Cpu Reserved field will always be s= et to zero.\n")); + return FALSE; + } + } + + break; + + default: + DEBUG ((DEBUG_ERROR, "HOB: Hob type is not know. Type: 0x%04x\n", = Hob.Header->HobType)); + return FALSE; + } + + // Get next HOB + Hob.Raw =3D (UINT8 *)(Hob.Raw + Hob.Header->HobLength); + } + + return TRUE; +} + +/** + Processing the incoming HobList for the TDX + + Firmware must parse list, and accept the pages of memory before their ca= n be + use by the guest. + + @param[in] VmmHobList The Hoblist pass the firmware + + @retval EFI_SUCCESS Process the HobList successfully + @retval Others Other errors as indicated + +**/ +STATIC +EFI_STATUS +EFIAPI +ProcessHobList ( + IN CONST VOID *VmmHobList + ) +{ + EFI_STATUS Status; + UINT32 CpusNum; + EFI_PHYSICAL_ADDRESS PhysicalEnd; + EFI_PHYSICAL_ADDRESS APsStackStartAddress; + + CpusNum =3D GetCpusNum (); + + // + // If there are mutli-vCPU in a TDX guest, accept memory is split into 2= phases. + // Phase-1 accepts a small piece of memory by BSP. This piece of memory + // is used to setup AP's stack. + // After that phase-2 accepts a big piece of memory by BSP/APs. + // + // TDVF supports 4K and 2M accept-page-size. The memory which can be acc= peted + // in 2M accept-page-size must be 2M aligned and multiple 2M. So we align + // APsStackSize to 2M size aligned. + // + if (CpusNum > 1) { + Status =3D AcceptMemoryForAPsStack (VmmHobList, APS_STACK_SIZE (CpusNu= m), &PhysicalEnd); + ASSERT (Status =3D=3D EFI_SUCCESS); + APsStackStartAddress =3D PhysicalEnd - APS_STACK_SIZE (CpusNum); + } else { + PhysicalEnd =3D 0; + APsStackStartAddress =3D 0; + } + + Status =3D AcceptMemory (VmmHobList, CpusNum, APsStackStartAddress, Phys= icalEnd); + ASSERT (Status =3D=3D EFI_SUCCESS); + + return Status; +} + /** In Tdx guest, some information need to be passed from host VMM to guest firmware. For example, the memory resource, etc. These information are @@ -49,7 +772,36 @@ TdxHelperProcessTdHob ( VOID ) { - return EFI_UNSUPPORTED; + EFI_STATUS Status; + VOID *TdHob; + TD_RETURN_DATA TdReturnData; + + TdHob =3D (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase); + Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG (( + DEBUG_INFO, + "Intel Tdx Started with (GPAW: %d, Cpus: %d)\n", + TdReturnData.TdInfo.Gpaw, + TdReturnData.TdInfo.NumVcpus + )); + + // + // Validate HobList + // + if (ValidateHobList (TdHob) =3D=3D FALSE) { + return EFI_INVALID_PARAMETER; + } + + // + // Process Hoblist to accept memory + // + Status =3D ProcessHobList (TdHob); + + return Status; } =20 /** diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c b/OvmfPkg/Library/P= latformInitLib/IntelTdx.c index 6cb63139cba0..ada8592ddd5a 100644 --- a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c +++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c @@ -16,779 +16,11 @@ #include #include #include -#include -#include #include -#include -#include -#include #include #include #include =20 -#define ALIGNED_2MB_MASK 0x1fffff -#define MEGABYTE_SHIFT 20 - -#define ACCEPT_CHUNK_SIZE SIZE_32MB -#define AP_STACK_SIZE SIZE_16KB -#define APS_STACK_SIZE(CpusNum) (ALIGN_VALUE(CpusNum*AP_STACK_SIZE, SIZE_= 2MB)) - -/** - This function will be called to accept pages. Only BSP accepts pages. - - TDCALL(ACCEPT_PAGE) supports the accept page size of 4k and 2M. To - simplify the implementation, the Memory to be accpeted is splitted - into 3 parts: - ----------------- <-- StartAddress1 (not 2M aligned) - | part 1 | Length1 < 2M - |---------------| <-- StartAddress2 (2M aligned) - | | Length2 =3D Integer multiples of 2M - | part 2 | - | | - |---------------| <-- StartAddress3 - | part 3 | Length3 < 2M - |---------------| - - @param[in] PhysicalAddress Start physical adress - @param[in] PhysicalEnd End physical address - - @retval EFI_SUCCESS Accept memory successfully - @retval Others Other errors as indicated -**/ -EFI_STATUS -EFIAPI -BspAcceptMemoryResourceRange ( - IN EFI_PHYSICAL_ADDRESS PhysicalAddress, - IN EFI_PHYSICAL_ADDRESS PhysicalEnd - ) -{ - EFI_STATUS Status; - UINT32 AcceptPageSize; - UINT64 StartAddress1; - UINT64 StartAddress2; - UINT64 StartAddress3; - UINT64 TotalLength; - UINT64 Length1; - UINT64 Length2; - UINT64 Length3; - UINT64 Pages; - - AcceptPageSize =3D FixedPcdGet32 (PcdTdxAcceptPageSize); - TotalLength =3D PhysicalEnd - PhysicalAddress; - StartAddress1 =3D 0; - StartAddress2 =3D 0; - StartAddress3 =3D 0; - Length1 =3D 0; - Length2 =3D 0; - Length3 =3D 0; - - if (TotalLength =3D=3D 0) { - return EFI_SUCCESS; - } - - if (ALIGN_VALUE (PhysicalAddress, SIZE_2MB) !=3D PhysicalAddress) { - StartAddress1 =3D PhysicalAddress; - Length1 =3D ALIGN_VALUE (PhysicalAddress, SIZE_2MB) - PhysicalAd= dress; - if (Length1 >=3D TotalLength) { - Length1 =3D TotalLength; - } - - PhysicalAddress +=3D Length1; - TotalLength -=3D Length1; - } - - if (TotalLength > SIZE_2MB) { - StartAddress2 =3D PhysicalAddress; - Length2 =3D TotalLength & ~(UINT64)ALIGNED_2MB_MASK; - PhysicalAddress +=3D Length2; - TotalLength -=3D Length2; - } - - if (TotalLength) { - StartAddress3 =3D PhysicalAddress; - Length3 =3D TotalLength; - } - - Status =3D EFI_SUCCESS; - if (Length1 > 0) { - Pages =3D Length1 / SIZE_4KB; - Status =3D TdAcceptPages (StartAddress1, Pages, SIZE_4KB); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Length2 > 0) { - Pages =3D Length2 / AcceptPageSize; - Status =3D TdAcceptPages (StartAddress2, Pages, AcceptPageSize); - if (EFI_ERROR (Status)) { - return Status; - } - } - - if (Length3 > 0) { - Pages =3D Length3 / SIZE_4KB; - Status =3D TdAcceptPages (StartAddress3, Pages, SIZE_4KB); - ASSERT (!EFI_ERROR (Status)); - if (EFI_ERROR (Status)) { - return Status; - } - } - - return Status; -} - -/** - * This function is called by BSP and APs to accept memory. - * Note: - * The input PhysicalStart/PhysicalEnd indicates the whole memory region - * to be accepted. BSP or AP only accepts one piece in the whole memory re= gion. - * - * @param CpuIndex vCPU index - * @param CpusNum Total vCPU number of a Tdx guest - * @param PhysicalStart Start address of a memory region which is to be = accepted - * @param PhysicalEnd End address of a memory region which is to be ac= cepted - * - * @retval EFI_SUCCESS Successfully accept the memory - * @retval Other Other errors as indicated - */ -STATIC -EFI_STATUS -EFIAPI -BspApAcceptMemoryResourceRange ( - UINT32 CpuIndex, - UINT32 CpusNum, - EFI_PHYSICAL_ADDRESS PhysicalStart, - EFI_PHYSICAL_ADDRESS PhysicalEnd - ) -{ - UINT64 Status; - UINT64 Pages; - UINT64 Stride; - UINT64 AcceptPageSize; - EFI_PHYSICAL_ADDRESS PhysicalAddress; - - AcceptPageSize =3D (UINT64)(UINTN)FixedPcdGet32 (PcdTdxAcceptPageSize); - - Status =3D EFI_SUCCESS; - Stride =3D (UINTN)CpusNum * ACCEPT_CHUNK_SIZE; - PhysicalAddress =3D PhysicalStart + ACCEPT_CHUNK_SIZE * (UINTN)CpuIndex; - - while (!EFI_ERROR (Status) && PhysicalAddress < PhysicalEnd) { - Pages =3D MIN (ACCEPT_CHUNK_SIZE, PhysicalEnd - PhysicalAddress) / Ac= ceptPageSize; - Status =3D TdAcceptPages (PhysicalAddress, Pages, (UINT32)(UINTN)Accep= tPageSize); - ASSERT (!EFI_ERROR (Status)); - PhysicalAddress +=3D Stride; - } - - return EFI_SUCCESS; -} - -/** - * This function is called by APs to accept memory. - * - * @param CpuIndex vCPU index of an AP - * @param PhysicalStart Start address of a memory region which is to be = accepted - * @param PhysicalEnd End address of a memory region which is to be ac= cepted - * - * @retval EFI_SUCCESS Successfully accept the memory - * @retval Others Other errors as indicated - */ -STATIC -EFI_STATUS -EFIAPI -ApAcceptMemoryResourceRange ( - UINT32 CpuIndex, - EFI_PHYSICAL_ADDRESS PhysicalStart, - EFI_PHYSICAL_ADDRESS PhysicalEnd - ) -{ - UINT64 Status; - TD_RETURN_DATA TdReturnData; - - Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); - if (Status !=3D TDX_EXIT_REASON_SUCCESS) { - ASSERT (FALSE); - return EFI_ABORTED; - } - - if ((CpuIndex =3D=3D 0) || (CpuIndex >=3D TdReturnData.TdInfo.NumVcpus))= { - ASSERT (FALSE); - return EFI_ABORTED; - } - - return BspApAcceptMemoryResourceRange (CpuIndex, TdReturnData.TdInfo.Num= Vcpus, PhysicalStart, PhysicalEnd); -} - -/** - * This function is called by BSP. It coordinates BSP/APs to accept memory= together. - * - * @param PhysicalStart Start address of a memory region which is to b= e accepted - * @param PhysicalEnd End address of a memory region which is to be = accepted - * @param APsStackAddress APs stack address - * @param CpusNum Total vCPU number of the Tdx guest - * - * @retval EFI_SUCCESS Successfully accept the memory - * @retval Others Other errors as indicated - */ -EFI_STATUS -EFIAPI -MpAcceptMemoryResourceRange ( - IN EFI_PHYSICAL_ADDRESS PhysicalStart, - IN EFI_PHYSICAL_ADDRESS PhysicalEnd, - IN OUT EFI_PHYSICAL_ADDRESS APsStackAddress, - IN UINT32 CpusNum - ) -{ - UINT64 Length; - EFI_STATUS Status; - - Length =3D PhysicalEnd - PhysicalStart; - - DEBUG ((DEBUG_INFO, "MpAccept : 0x%llx - 0x%llx (0x%llx)\n", PhysicalSta= rt, PhysicalEnd, Length)); - - if (Length =3D=3D 0) { - return EFI_SUCCESS; - } - - // - // The start address is not 2M aligned. BSP first accept the part which = is not 2M aligned. - // - if (ALIGN_VALUE (PhysicalStart, SIZE_2MB) !=3D PhysicalStart) { - Length =3D MIN (ALIGN_VALUE (PhysicalStart, SIZE_2MB) - PhysicalStart,= Length); - Status =3D BspAcceptMemoryResourceRange (PhysicalStart, PhysicalStart = + Length); - ASSERT (Status =3D=3D EFI_SUCCESS); - - PhysicalStart +=3D Length; - Length =3D PhysicalEnd - PhysicalStart; - } - - if (Length =3D=3D 0) { - return EFI_SUCCESS; - } - - // - // BSP will accept the memory by itself if the memory is not big enough = compared with a chunk. - // - if (Length <=3D ACCEPT_CHUNK_SIZE) { - return BspAcceptMemoryResourceRange (PhysicalStart, PhysicalEnd); - } - - // - // Now APs are asked to accept the memory together. - // - MpSerializeStart (); - - MpSendWakeupCommand ( - MpProtectedModeWakeupCommandAcceptPages, - (UINT64)(UINTN)ApAcceptMemoryResourceRange, - PhysicalStart, - PhysicalEnd, - APsStackAddress, - AP_STACK_SIZE - ); - - // - // Now BSP does its job. - // - BspApAcceptMemoryResourceRange (0, CpusNum, PhysicalStart, PhysicalEnd); - - MpSerializeEnd (); - - return EFI_SUCCESS; -} - -/** - BSP accept a small piece of memory which will be used as APs stack. - - @param[in] VmmHobList The Hoblist pass the firmware - @param[in] APsStackSize APs stack size - @param[out] PhysicalAddressEnd The physical end address of accepted m= emory in phase-1 - - @retval EFI_SUCCESS Process the HobList successfully - @retval Others Other errors as indicated -**/ -EFI_STATUS -EFIAPI -AcceptMemoryForAPsStack ( - IN CONST VOID *VmmHobList, - IN UINT32 APsStackSize, - OUT EFI_PHYSICAL_ADDRESS *PhysicalAddressEnd - ) -{ - EFI_STATUS Status; - EFI_PEI_HOB_POINTERS Hob; - EFI_PHYSICAL_ADDRESS PhysicalEnd; - EFI_PHYSICAL_ADDRESS PhysicalStart; - UINT64 ResourceLength; - BOOLEAN MemoryRegionFound; - - ASSERT (VmmHobList !=3D NULL); - - Status =3D EFI_SUCCESS; - Hob.Raw =3D (UINT8 *)VmmHobList; - MemoryRegionFound =3D FALSE; - - DEBUG ((DEBUG_INFO, "AcceptMemoryForAPsStack with APsStackSize=3D0x%x\n"= , APsStackSize)); - - // - // Parse the HOB list until end of list or matching type is found. - // - while (!END_OF_HOB_LIST (Hob) && !MemoryRegionFound) { - if (Hob.Header->HobType =3D=3D EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) { - DEBUG ((DEBUG_INFO, "\nResourceType: 0x%x\n", Hob.ResourceDescriptor= ->ResourceType)); - - if (Hob.ResourceDescriptor->ResourceType =3D=3D BZ3937_EFI_RESOURCE_= MEMORY_UNACCEPTED) { - ResourceLength =3D Hob.ResourceDescriptor->ResourceLength; - PhysicalStart =3D Hob.ResourceDescriptor->PhysicalStart; - PhysicalEnd =3D PhysicalStart + ResourceLength; - - DEBUG ((DEBUG_INFO, "ResourceAttribute: 0x%x\n", Hob.ResourceDescr= iptor->ResourceAttribute)); - DEBUG ((DEBUG_INFO, "PhysicalStart: 0x%llx\n", PhysicalStart)); - DEBUG ((DEBUG_INFO, "ResourceLength: 0x%llx\n", ResourceLength)); - DEBUG ((DEBUG_INFO, "Owner: %g\n\n", &Hob.ResourceDescriptor->Owne= r)); - - if (ResourceLength >=3D APsStackSize) { - MemoryRegionFound =3D TRUE; - if (ResourceLength > ACCEPT_CHUNK_SIZE) { - PhysicalEnd =3D Hob.ResourceDescriptor->PhysicalStart + APsSta= ckSize; - } - } - - Status =3D BspAcceptMemoryResourceRange ( - Hob.ResourceDescriptor->PhysicalStart, - PhysicalEnd - ); - if (EFI_ERROR (Status)) { - break; - } - } - } - - Hob.Raw =3D GET_NEXT_HOB (Hob); - } - - ASSERT (MemoryRegionFound); - *PhysicalAddressEnd =3D PhysicalEnd; - - return Status; -} - -/** - BSP and APs work togeter to accept memory which is under the address of = 4G. - - @param[in] VmmHobList The Hoblist pass the firmware - @param[in] CpusNum Number of vCPUs - @param[in] APsStackStartAddres Start address of APs stack - @param[in] PhysicalAddressStart Start physical address which to be accep= ted - - @retval EFI_SUCCESS Process the HobList successfully - @retval Others Other errors as indicated -**/ -EFI_STATUS -EFIAPI -AcceptMemory ( - IN CONST VOID *VmmHobList, - IN UINT32 CpusNum, - IN EFI_PHYSICAL_ADDRESS APsStackStartAddress, - IN EFI_PHYSICAL_ADDRESS PhysicalAddressStart - ) -{ - EFI_STATUS Status; - EFI_PEI_HOB_POINTERS Hob; - EFI_PHYSICAL_ADDRESS PhysicalStart; - EFI_PHYSICAL_ADDRESS PhysicalEnd; - EFI_PHYSICAL_ADDRESS AcceptMemoryEndAddress; - - Status =3D EFI_SUCCESS; - AcceptMemoryEndAddress =3D BASE_4GB; - - ASSERT (VmmHobList !=3D NULL); - Hob.Raw =3D (UINT8 *)VmmHobList; - - DEBUG ((DEBUG_INFO, "AcceptMemory under address of 4G\n")); - - // - // Parse the HOB list until end of list or matching type is found. - // - while (!END_OF_HOB_LIST (Hob)) { - if (Hob.Header->HobType =3D=3D EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) { - if (Hob.ResourceDescriptor->ResourceType =3D=3D BZ3937_EFI_RESOURCE_= MEMORY_UNACCEPTED) { - PhysicalStart =3D Hob.ResourceDescriptor->PhysicalStart; - PhysicalEnd =3D PhysicalStart + Hob.ResourceDescriptor->Resource= Length; - - if (PhysicalEnd <=3D PhysicalAddressStart) { - // this memory region has been accepted. Skipped it. - Hob.Raw =3D GET_NEXT_HOB (Hob); - continue; - } - - if (PhysicalStart >=3D AcceptMemoryEndAddress) { - // this memory region is not to be accepted. And we're done. - break; - } - - if (PhysicalStart >=3D PhysicalAddressStart) { - // this memory region has not been acceted. - } else if ((PhysicalStart < PhysicalAddressStart) && (PhysicalEnd = > PhysicalAddressStart)) { - // part of the memory region has been accepted. - PhysicalStart =3D PhysicalAddressStart; - } - - // then compare the PhysicalEnd with AcceptMemoryEndAddress - if (PhysicalEnd >=3D AcceptMemoryEndAddress) { - PhysicalEnd =3D AcceptMemoryEndAddress; - } - - DEBUG ((DEBUG_INFO, "ResourceAttribute: 0x%x\n", Hob.ResourceDescr= iptor->ResourceAttribute)); - DEBUG ((DEBUG_INFO, "PhysicalStart: 0x%llx\n", Hob.ResourceDescrip= tor->PhysicalStart)); - DEBUG ((DEBUG_INFO, "ResourceLength: 0x%llx\n", Hob.ResourceDescri= ptor->ResourceLength)); - DEBUG ((DEBUG_INFO, "Owner: %g\n\n", &Hob.ResourceDescriptor->Owne= r)); - - // Now we're ready to accept memory [PhysicalStart, PhysicalEnd) - if (CpusNum =3D=3D 1) { - Status =3D BspAcceptMemoryResourceRange (PhysicalStart, Physical= End); - } else { - Status =3D MpAcceptMemoryResourceRange ( - PhysicalStart, - PhysicalEnd, - APsStackStartAddress, - CpusNum - ); - } - - if (EFI_ERROR (Status)) { - ASSERT (FALSE); - break; - } - - if (PhysicalEnd =3D=3D AcceptMemoryEndAddress) { - break; - } - } - } - - Hob.Raw =3D GET_NEXT_HOB (Hob); - } - - return Status; -} - -/** - Check the value whether in the valid list. - - @param[in] Value A value - @param[in] ValidList A pointer to valid list - @param[in] ValidListLength Length of valid list - - @retval TRUE The value is in valid list. - @retval FALSE The value is not in valid list. - -**/ -BOOLEAN -EFIAPI -IsInValidList ( - IN UINT32 Value, - IN UINT32 *ValidList, - IN UINT32 ValidListLength - ) -{ - UINT32 index; - - if (ValidList =3D=3D NULL) { - return FALSE; - } - - for (index =3D 0; index < ValidListLength; index++) { - if (ValidList[index] =3D=3D Value) { - return TRUE; - } - } - - return FALSE; -} - -/** - Check the integrity of VMM Hob List. - - @param[in] VmmHobList A pointer to Hob List - - @retval TRUE The Hob List is valid. - @retval FALSE The Hob List is invalid. - -**/ -BOOLEAN -EFIAPI -ValidateHobList ( - IN CONST VOID *VmmHobList - ) -{ - EFI_PEI_HOB_POINTERS Hob; - UINT32 EFI_BOOT_MODE_LIST[] =3D { - BOOT_WITH_FULL_CONFIGURATION, - BOOT_WITH_MINIMAL_CONFIGURATION, - BOOT_ASSUMING_NO_CONFIGURATION_CHANGES, - BOOT_WITH_FULL_CONFIGURATION_PLUS_DIAGNOSTICS, - BOOT_WITH_DEFAULT_SETTINGS, - BOOT_ON_S4_RESUME, - BOOT_ON_S5_RESUME, - BOOT_WITH_MFG_MODE_SETTINGS, - BOOT_ON_S2_RESUME, - BOOT_ON_S3_RESUME, - BOOT_ON_FLASH_UPDATE, - BOOT_IN_RECOVERY_MODE - }; - - UINT32 EFI_RESOURCE_TYPE_LIST[] =3D { - EFI_RESOURCE_SYSTEM_MEMORY, - EFI_RESOURCE_MEMORY_MAPPED_IO, - EFI_RESOURCE_IO, - EFI_RESOURCE_FIRMWARE_DEVICE, - EFI_RESOURCE_MEMORY_MAPPED_IO_PORT, - EFI_RESOURCE_MEMORY_RESERVED, - EFI_RESOURCE_IO_RESERVED, - BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED - }; - - if (VmmHobList =3D=3D NULL) { - DEBUG ((DEBUG_ERROR, "HOB: HOB data pointer is NULL\n")); - return FALSE; - } - - Hob.Raw =3D (UINT8 *)VmmHobList; - - // - // Parse the HOB list until end of list or matching type is found. - // - while (!END_OF_HOB_LIST (Hob)) { - if (Hob.Header->Reserved !=3D (UINT32)0) { - DEBUG ((DEBUG_ERROR, "HOB: Hob header Reserved filed should be zero\= n")); - return FALSE; - } - - if (Hob.Header->HobLength =3D=3D 0) { - DEBUG ((DEBUG_ERROR, "HOB: Hob header LEANGTH should not be zero\n")= ); - return FALSE; - } - - switch (Hob.Header->HobType) { - case EFI_HOB_TYPE_HANDOFF: - if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_HANDOFF_INFO_TABLE)= ) { - DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_HANDOFF)); - return FALSE; - } - - if (IsInValidList (Hob.HandoffInformationTable->BootMode, EFI_BOOT= _MODE_LIST, ARRAY_SIZE (EFI_BOOT_MODE_LIST)) =3D=3D FALSE) { - DEBUG ((DEBUG_ERROR, "HOB: Unknow HandoffInformationTable BootMo= de type. Type: 0x%08x\n", Hob.HandoffInformationTable->BootMode)); - return FALSE; - } - - if ((Hob.HandoffInformationTable->EfiFreeMemoryTop % 4096) !=3D 0)= { - DEBUG ((DEBUG_ERROR, "HOB: HandoffInformationTable EfiFreeMemory= Top address must be 4-KB aligned to meet page restrictions of UEFI.\ - Address: 0x%016lx\n", Hob.HandoffInformatio= nTable->EfiFreeMemoryTop)); - return FALSE; - } - - break; - - case EFI_HOB_TYPE_RESOURCE_DESCRIPTOR: - if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_RESOURCE_DESCRIPTOR= )) { - DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_RESOURCE_DESCRIPTOR)); - return FALSE; - } - - if (IsInValidList (Hob.ResourceDescriptor->ResourceType, EFI_RESOU= RCE_TYPE_LIST, ARRAY_SIZE (EFI_RESOURCE_TYPE_LIST)) =3D=3D FALSE) { - DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceTyp= e type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceType)); - return FALSE; - } - - if ((Hob.ResourceDescriptor->ResourceAttribute & (~(EFI_RESOURCE_A= TTRIBUTE_PRESENT | - EFI_RESOURCE_A= TTRIBUTE_INITIALIZED | - EFI_RESOURCE_A= TTRIBUTE_TESTED | - EFI_RESOURCE_A= TTRIBUTE_READ_PROTECTED | - EFI_RESOURCE_A= TTRIBUTE_WRITE_PROTECTED | - EFI_RESOURCE_A= TTRIBUTE_EXECUTION_PROTECTED | - EFI_RESOURCE_A= TTRIBUTE_PERSISTENT | - EFI_RESOURCE_A= TTRIBUTE_SINGLE_BIT_ECC | - EFI_RESOURCE_A= TTRIBUTE_MULTIPLE_BIT_ECC | - EFI_RESOURCE_A= TTRIBUTE_ECC_RESERVED_1 | - EFI_RESOURCE_A= TTRIBUTE_ECC_RESERVED_2 | - EFI_RESOURCE_A= TTRIBUTE_UNCACHEABLE | - EFI_RESOURCE_A= TTRIBUTE_WRITE_COMBINEABLE | - EFI_RESOURCE_A= TTRIBUTE_WRITE_THROUGH_CACHEABLE | - EFI_RESOURCE_A= TTRIBUTE_WRITE_BACK_CACHEABLE | - EFI_RESOURCE_A= TTRIBUTE_16_BIT_IO | - EFI_RESOURCE_A= TTRIBUTE_32_BIT_IO | - EFI_RESOURCE_A= TTRIBUTE_64_BIT_IO | - EFI_RESOURCE_A= TTRIBUTE_UNCACHED_EXPORTED | - EFI_RESOURCE_A= TTRIBUTE_READ_PROTECTABLE | - EFI_RESOURCE_A= TTRIBUTE_WRITE_PROTECTABLE | - EFI_RESOURCE_A= TTRIBUTE_EXECUTION_PROTECTABLE | - EFI_RESOURCE_A= TTRIBUTE_PERSISTABLE | - EFI_RESOURCE_A= TTRIBUTE_READ_ONLY_PROTECTED | - EFI_RESOURCE_A= TTRIBUTE_READ_ONLY_PROTECTABLE | - EFI_RESOURCE_A= TTRIBUTE_MORE_RELIABLE))) !=3D 0) - { - DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceAtt= ribute type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceAttribute)); - return FALSE; - } - - break; - - // EFI_HOB_GUID_TYPE is variable length data, so skip check - case EFI_HOB_TYPE_GUID_EXTENSION: - break; - - case EFI_HOB_TYPE_FV: - if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME)) { - DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV)); - return FALSE; - } - - break; - - case EFI_HOB_TYPE_FV2: - if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME2)) { - DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV2)); - return FALSE; - } - - break; - - case EFI_HOB_TYPE_FV3: - if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME3)) { - DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV3)); - return FALSE; - } - - break; - - case EFI_HOB_TYPE_CPU: - if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_CPU)) { - DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_CPU)); - return FALSE; - } - - for (UINT32 index =3D 0; index < 6; index++) { - if (Hob.Cpu->Reserved[index] !=3D 0) { - DEBUG ((DEBUG_ERROR, "HOB: Cpu Reserved field will always be s= et to zero.\n")); - return FALSE; - } - } - - break; - - default: - DEBUG ((DEBUG_ERROR, "HOB: Hob type is not know. Type: 0x%04x\n", = Hob.Header->HobType)); - return FALSE; - } - - // Get next HOB - Hob.Raw =3D (UINT8 *)(Hob.Raw + Hob.Header->HobLength); - } - - return TRUE; -} - -/** - Processing the incoming HobList for the TDX - - Firmware must parse list, and accept the pages of memory before their ca= n be - use by the guest. - - @param[in] VmmHobList The Hoblist pass the firmware - - @retval EFI_SUCCESS Process the HobList successfully - @retval Others Other errors as indicated - -**/ -EFI_STATUS -EFIAPI -ProcessHobList ( - IN CONST VOID *VmmHobList - ) -{ - EFI_STATUS Status; - UINT32 CpusNum; - EFI_PHYSICAL_ADDRESS PhysicalEnd; - EFI_PHYSICAL_ADDRESS APsStackStartAddress; - - CpusNum =3D GetCpusNum (); - - // - // If there are mutli-vCPU in a TDX guest, accept memory is split into 2= phases. - // Phase-1 accepts a small piece of memory by BSP. This piece of memory - // is used to setup AP's stack. - // After that phase-2 accepts a big piece of memory by BSP/APs. - // - // TDVF supports 4K and 2M accept-page-size. The memory which can be acc= peted - // in 2M accept-page-size must be 2M aligned and multiple 2M. So we align - // APsStackSize to 2M size aligned. - // - if (CpusNum > 1) { - Status =3D AcceptMemoryForAPsStack (VmmHobList, APS_STACK_SIZE (CpusNu= m), &PhysicalEnd); - ASSERT (Status =3D=3D EFI_SUCCESS); - APsStackStartAddress =3D PhysicalEnd - APS_STACK_SIZE (CpusNum); - } else { - PhysicalEnd =3D 0; - APsStackStartAddress =3D 0; - } - - Status =3D AcceptMemory (VmmHobList, CpusNum, APsStackStartAddress, Phys= icalEnd); - ASSERT (Status =3D=3D EFI_SUCCESS); - - return Status; -} - -/** - In Tdx guest, some information need to be passed from host VMM to guest - firmware. For example, the memory resource, etc. These information are - prepared by host VMM and put in HobList which is described in TdxMetadat= a. - - Information in HobList is treated as external input. From the security - perspective before it is consumed, it should be validated. - - @retval EFI_SUCCESS Successfully process the hoblist - @retval Others Other error as indicated -**/ -EFI_STATUS -EFIAPI -ProcessTdxHobList ( - VOID - ) -{ - EFI_STATUS Status; - VOID *TdHob; - TD_RETURN_DATA TdReturnData; - - TdHob =3D (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase); - Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); - if (EFI_ERROR (Status)) { - return Status; - } - - DEBUG (( - DEBUG_INFO, - "Intel Tdx Started with (GPAW: %d, Cpus: %d)\n", - TdReturnData.TdInfo.Gpaw, - TdReturnData.TdInfo.NumVcpus - )); - - // - // Validate HobList - // - if (ValidateHobList (TdHob) =3D=3D FALSE) { - return EFI_INVALID_PARAMETER; - } - - // - // Process Hoblist to accept memory - // - Status =3D ProcessHobList (TdHob); - - return Status; -} - /** * Build ResourceDescriptorHob for the unaccepted memory region. * This memory region may be splitted into 2 parts because of lazy accept. diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c b/OvmfPkg/Libra= ry/PlatformInitLib/IntelTdxNull.c index 3ebe582af8de..7a7c2fb1f6f5 100644 --- a/OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c +++ b/OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c @@ -9,26 +9,6 @@ =20 #include =20 -/** - In Tdx guest, some information need to be passed from host VMM to guest - firmware. For example, the memory resource, etc. These information are - prepared by host VMM and put in HobList which is described in TdxMetadat= a. - - Information in HobList is treated as external input. From the security - perspective before it is consumed, it should be validated. - - @retval EFI_SUCCESS Successfully process the hoblist - @retval Others Other error as indicated -**/ -EFI_STATUS -EFIAPI -ProcessTdxHobList ( - VOID - ) -{ - return EFI_UNSUPPORTED; -} - /** In Tdx guest, the system memory is passed in TdHob by host VMM. So the major task of PlatformTdxPublishRamRegions is to walk thru the diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/= Library/PlatformInitLib/PlatformInitLib.inf index 140216979a54..86a82ad3e084 100644 --- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf @@ -52,7 +52,6 @@ PcdLib PciLib PeiHardwareInfoLib - TdxMailboxLib =20 [LibraryClasses.X64] TdxLib diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3f970a79a08a..d87013a4422c 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -724,7 +724,8 @@ OvmfPkg/Sec/SecMain.inf { NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf - NULL|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf + NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf } =20 # diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 1167d22a68cc..a27dc9406b70 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -29,7 +29,7 @@ #include #include #include -#include +#include #include #include "AmdSev.h" =20 @@ -765,7 +765,7 @@ SecCoreStartupWithStack ( // first so that the memory is accepted. Otherwise access to the unacc= epted // memory will trigger tripple fault. // - if (ProcessTdxHobList () !=3D EFI_SUCCESS) { + if (TdxHelperProcessTdHob () !=3D EFI_SUCCESS) { CpuDeadLoop (); } } --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99217): https://edk2.groups.io/g/devel/message/99217 Mute This Topic: https://groups.io/mt/96587220/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-