From: Min Xu <min.m.xu@intel.com>
The patch series provides lib support for Intel Trust Domain Extensions
(Intel TDX).
Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.
The Intel TDX module uses the instruction-set architecture for Intel TDX
and the MKTME engine in the SOC to help serve as an intermediary between
the host VMM and the guest TD. TDCALL is the instruction which allows TD
guest privileged software to make a call for service into an underlying
TDX-module.
TdxLib is created with functions to perform the related Tdx operation.
This includes functions for:
- TdCall : to cause a VM exit to the Intel TDX module
- TdVmCall : it is a leaf function 0 for TDCALL
- TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
- TdReport : to retrieve TDREPORT_STRUCT
- TdAcceptPages : to accept pending private pages
- TdExtendRtmr : to extend one of the RTMR registers
The base function in MdePkg will not do anything and will return an error
if a return value is required. It is expected that other packages
(like OvmfPkg) will create a version of the library to fully support a TD
guest.
We create an OVMF version of this library to begin the process of providing
full support of TDX in OVMF.
To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
- PcdUseTdxAcceptPage
Indicate whether TdCall(AcceptPage) is used.
- PcdUseTdxEmulation
Indicate whether TdxEmulation is used.
See <https://software.intel.com/content/www/us/en/develop/articles/
intel-trust-domain-extensions.html>
CC: Liming Gao <gaoliming@byosoft.com.cn>
CC: Zhiguang Liu <zhiguang.liu@intel.com>
CC: Jordan Justen <jordan.l.justen@intel.com>
CC: Laszlo Ersek <lersek@redhat.com>
CC: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Min Xu (3):
MdePkg: Add Tdx support lib
OvmfPkg: Add PCDs for TdxLib
OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF
MdePkg/Include/IndustryStandard/Tdx.h | 201 +++++++++++++++++++++
MdePkg/Include/Library/TdxLib.h | 165 ++++++++++++++++++
MdePkg/Include/Protocol/Tdx.h | 22 +++
MdePkg/Library/TdxLib/TdxLibNull.c | 155 +++++++++++++++++
MdePkg/Library/TdxLib/TdxLibNull.inf | 33 ++++
OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++
OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++
OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++
OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++
OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++
OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++
OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 +++++++++++++++++++++++
OvmfPkg/OvmfPkg.dec | 6 +
13 files changed, 1261 insertions(+)
create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
create mode 100644 MdePkg/Include/Library/TdxLib.h
create mode 100644 MdePkg/Include/Protocol/Tdx.h
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf
create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c
create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c
create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c
create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf
create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#72547): https://edk2.groups.io/g/devel/message/72547
Mute This Topic: https://groups.io/mt/81191033/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-