[v4] Add Intel TDX support in OvmfPkg/ResetVector

[edk2-devel] [PATCH V4 0/3] Add Intel TDX support in OvmfPkg/ResetVector
Posted by Min Xu 2 years, 8 months ago
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a 
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.

The patch-sets to support Intel TDX in OvmfPkg is split into several
waves. This is wave1 which adds Intel TDX support in OvmfPkg/ResetVector.
Note: TDX only works in X64.

According to the comments in https://edk2.groups.io/g/devel/message/78152
and https://edk2.groups.io/g/devel/message/78151, PageTables64.asm and
Flat32ToFlat64.asm are refined. SEV routines were moved to AmdSev.asm by
Brijesh Singh in https://edk2.groups.io/g/devel/message/78241. TDX
routines are in IntelTdx.asm.

Patch 1 add the PCDs of BFV/CFV. BFV is the code part of the image. CFV is
the configuration part. BFV is measured by VMM and CFV is measured by TDVF
itself.

Patch 2 update the checking logic of SevEsIsEnabled. It is because first 2
bytes of work area of SevEsWorkArea now are used not only by SEV, but also
by TDX and Legacy guest. (This is to avoid the waste of memory regioin in
MEMFD). The value of SevEsWorkArea->SevEsEnabled now is :
 0 if in Legacy guest
 1 if in SEV
 2 if in Tdx guest

Patch 3 includes below major changes to add Intel TDX in OVMF.
1) It redefine the work area of SEV_WORK_AREA to CC_WORK_AREA so that it
can be used by SEV/TDX/Legach guest to record their flags and specific
information.
2) A new file (X64/IntelTdxMetadata.asm) is added to describes the
information about the image for VMM use in TDX guest.
3) Ia32/IntelTdx.asm includes the TDX routines used in ResetVector.
4) Main.asm is newly added to replace the one in
UefiCpuPkg/ResetVector/Vtf0/Main.asm. It adds a new entry point (Main32)
because of Intel TDX.
5) Ia32/PageTables64.asm is updated to process the feature of Intel TDX
which support GPAW 48 and 52.
6) Ia16/ResetVectorVtf0.asm address the TDX feature that all CPUs "reset"
to run on 32-bit protected mode with flat descriptor (paging disabled).
7) ResetVector.nasmb is updated to include TDX related macros and files.

[TDX]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-whitepaper-final9-17.pdf

[TDVF]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-virtual-firmware-design-guide-rev-1.pdf

Code is at https://github.com/mxu9/edk2/tree/tdvf_wave1.v4

v4 changes:
 - Refine the PageTables64.asm and Flat32ToFlat64.asm to enable TDX.
 - Refine SEV_ES_WORK_AREA so that SEV/TDX/Legach guest all can use this
   memory region. https://edk2.groups.io/g/devel/message/78345 is the
   discussion.
 - AmdSev.asm is removed because Brijesh Singh has done it in
   https://edk2.groups.io/g/devel/message/78241.

v3 changes:
 - Refine PageTables64.asm and Flat32ToFlat64.asm based on the review
   comments in [ReviewComment-1] and [ReviewComment-2].
 - SEV codes are in AmdSev.asm
 - TDX codes are in IntelTdx.asm
 - Main.asm is created in OvmfPkg/ResetVector. The one in
   UefiCpuPkg/ResetVector/Vtf0 is not used.
 - Init32.asm/ReloadFlat32.asm in UefiCpuPkg/ResetVector/Vtf0/Ia32 are
   deleted. They're moved to OvmfPkg/ResetVector/Ia32.
 - InitTdx.asm is renamed to InteTdx.asm

v2 changes:
 - Move InitTdx.asm and ReloadFlat32.asm from UefiCpuPkg/ResetVector/Vtf0
   to OvmfPkg/ResetVector. Init32.asm is created which is a null stub of
   32-bit initialization. In Main32 just simply call Init32. It makes
   the Main.asm in UefiCpuPkg/ResetVector clean and clear.
 - Init32.asm/InitTdx.asm/ReloadFlat32.asm are created under
   OvmfPkg/ResetVector/Ia32.
 - Update some descriptions of the patch-sets.
 - Update the REF link in cover letter.
 - Add Ard Biesheuvel in Cc list.

v1: https://edk2.groups.io/g/devel/message/77675

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min Xu (3):
  OvmfPkg: Add Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb
  OvmfPkg/Sec: Update the check logic in SevEsIsEnabled
  OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf

 OvmfPkg/OvmfPkg.dec                          |  13 +
 OvmfPkg/OvmfPkgDefines.fdf.inc               |  10 +
 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm |  39 +++
 OvmfPkg/ResetVector/Ia32/AmdSev.asm          |   7 -
 OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm  |   9 +
 OvmfPkg/ResetVector/Ia32/IntelTdx.asm        | 265 +++++++++++++++++++
 OvmfPkg/ResetVector/Ia32/PageTables64.asm    | 113 +++++---
 OvmfPkg/ResetVector/Main.asm                 | 121 +++++++++
 OvmfPkg/ResetVector/ResetVector.inf          |  12 +-
 OvmfPkg/ResetVector/ResetVector.nasmb        |  48 +++-
 OvmfPkg/ResetVector/X64/IntelTdxMetadata.asm | 110 ++++++++
 OvmfPkg/Sec/SecMain.c                        |   2 +-
 12 files changed, 703 insertions(+), 46 deletions(-)
 create mode 100644 OvmfPkg/ResetVector/Ia32/IntelTdx.asm
 create mode 100644 OvmfPkg/ResetVector/Main.asm
 create mode 100644 OvmfPkg/ResetVector/X64/IntelTdxMetadata.asm

-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78575): https://edk2.groups.io/g/devel/message/78575
Mute This Topic: https://groups.io/mt/84631103/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-