REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.
There are 2 configurations for TDVF to upstream. See below link for
the definitions of the 2 configurations.
https://edk2.groups.io/g/devel/message/76367
This patch-set is to enable Config-A in OvmfPkg.
- Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
with existing SEV)
- Threat model: VMM is NOT out of TCB. (We don’t make things worse.)
- The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.
The final binary can run on SEV/TDX/normal OVMF
- No changes to existing OvmfPkgX64 image layout.
- No need to add additional security features if they do not exist today
- No need to remove features if they exist today.
- RTMR is not supported
- PEI phase is NOT skipped in either Td or Non-Td
Note:
To improve the review efficiency the whole TDVF upstream to EDK2 is
splitted into several waves. Wave-1 is focused on the changes in
OvmfPkg/ResetVector. It has been merged into master branch.
This patch-set is Wave-2 which is focused on the changes in SEC/PEI/DXE
phases. During the code review of Wave-2, there are some other
patch-series under review parallelly. These patch are submitted by SEV
but is also shared by TDX. After they're merged, Wave-2 will be rebased
on the latest code base.Thanks for your understanding.
Patch 01 - 19 are changes in SEC phase. Also some libraries in these
patches are workable in SEC/PEI/DXE.
Patch 12 is copied from SEV's patch which defines a new PCD
(PcdConfidentialComputingGuestAttr). Because SEV is also doing the
upstream and some of the code is shared between TDX and SEV.
Reviewer can skip this patch.
Patch 20 - 24 are changes for PEI phase.
Patch 25 - 29 are changes in DXE phase.
[TDX]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-whitepaper-final9-17.pdf
[TDX-Module]: https://software.intel.com/content/dam/develop/external/
us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf
[TDVF]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-virtual-firmware-design-guide-rev-1.pdf
[GCHI]: https://software.intel.com/content/dam/develop/external/us/en/
documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf
Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v3
v3 changes:
- LocalApicTimerDxe is split out to be a separate patch-series.
- VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib
is extended to handle #VE exception. (Patch 3-5)
- Split the Tdx support of base IoLib into 4 commits. (Patch 6-9)
- Alter of MADT table is updated. In previous version it was
created from scratch. Now it gets the installed table, copy
it to a larger buffer and append the ACPI_MADT_MPWK to it.
(Patch 25)
- Changes in BaseXApicX2ApicLib is refined based on the
feedbacks. (Add spec link of MSR access definition, rename
some funtion name, etc.) (Patch 11)
- Use PcdConfidentialComputingGuestAttr to probe TDX guest instead
of CPUID. But in some cases PcdConfidentialComputingGuestAttr
cannot be used because it has not been set yet.
- Some other minor changes.
v3 not-addressed comments:
- Some of the comments have not been addressed. This is because I
need more time to consider how to address these comments.
At the same time I want to submit a new version based on the above
changes so that community can review in a more efficient way.
(v2 is the version one month ago).
- Comments in MpInitLib have not been addressed yet. It will be
addressed in v4.
- BaseMemEncryptTdxLib should be merged with BaseMemEncryptSevLib.
It will be addressed in v4.
- Some comments may be missed. I will re-visit the review emails.
- Thanks much for your understanding.
v2 changes:
- Remove TdxProbeLib. It is to reduce the depencies of the lib.
- In v1 a new function (AllocatePagesWithMemoryType) is added in
PeiMemoryAllocationLib. This function is not necessary. It can
be replaced by PeiServicesAllocatePages.
- IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes
the functions of read/write of I/O port fifo. These functions
will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV
in run-time.
- DXE related patches are added. (Patch 22-28)
- Fix typo in commit/comment message, or some minor changes.
- Rebase the edk2 code base. (4cc1458dbe00)
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Brijesh Singh via groups.io (1):
UefiCpuPkg: Define ConfidentialComputingGuestAttr
Min Xu (28):
MdePkg: Add Tdx.h
MdePkg: Add TdxLib to wrap Tdx operations
UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception
OvmfPkg: Extend VmgExitLib to handle #VE exception
UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception
MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic
MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic
MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic
MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic
UefiPayloadPkg: PreparePrepare UefiPayloadPkg to use TdxLib
UefiCpuPkg: Support TDX in BaseXApicX2ApicLib
MdePkg: Add macro to check SEV/TDX guest
UefiCpuPkg: Enable Tdx support in MpInitLib
OvmfPkg: Update SecEntry.nasm to support Tdx
OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard
OvmfPkg: Add TdxMailboxLib
MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h
OvmfPkg: Enable Tdx in SecMain.c
OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation
MdeModulePkg: EFER should not be changed in TDX
MdeModulePkg: Set shared bit in Mmio region for Tdx guest
UefiCpuPkg: Update AddressEncMask in CpuPageTable
OvmfPkg: Update PlatformPei to support TDX
OvmfPkg: Update AcpiPlatformDxe to alter MADT table
OvmfPkg: Add TdxDxe driver
OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library
OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
OvmfPkg: Update IoMmuDxe to support TDX
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 +
.../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 2 +-
.../Core/DxeIplPeim/X64/DxeIplTdVmcall.nasm | 146 +++
.../Core/DxeIplPeim/X64/VirtualMemory.c | 331 +++++-
.../Core/DxeIplPeim/X64/VirtualMemory.h | 66 +-
MdeModulePkg/MdeModulePkg.dec | 11 +
.../Include/ConfidentialComputingGuestAttr.h | 28 +
MdePkg/Include/IndustryStandard/Tdx.h | 203 ++++
MdePkg/Include/Library/TdxLib.h | 167 ++++
MdePkg/Include/Pi/PiHob.h | 8 +
.../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf | 2 +
.../BaseIoLibIntrinsicSev.inf | 7 +-
MdePkg/Library/BaseIoLibIntrinsic/IoLib.c | 82 +-
MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++
MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c | 49 +-
.../BaseIoLibIntrinsic/IoLibInternalTdx.c | 704 +++++++++++++
.../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 499 ++++++++++
MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c | 73 +-
MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h | 166 ++++
MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h | 411 ++++++++
.../BaseIoLibIntrinsic/X64/IoFifoSev.nasm | 34 +-
MdePkg/Library/TdxLib/AcceptPages.c | 137 +++
MdePkg/Library/TdxLib/Rtmr.c | 83 ++
MdePkg/Library/TdxLib/TdInfo.c | 103 ++
MdePkg/Library/TdxLib/TdxLib.inf | 39 +
MdePkg/Library/TdxLib/TdxLibNull.c | 192 ++++
MdePkg/Library/TdxLib/X64/Tdcall.nasm | 85 ++
MdePkg/Library/TdxLib/X64/Tdvmcall.nasm | 207 ++++
MdePkg/MdePkg.dec | 7 +
MdePkg/MdePkg.dsc | 1 +
OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c | 12 +-
.../QemuFwCfgAcpiPlatformDxe.inf | 1 +
OvmfPkg/Include/IndustryStandard/IntelTdx.h | 76 ++
OvmfPkg/Include/Library/MemEncryptTdxLib.h | 81 ++
OvmfPkg/Include/Library/TdxMailboxLib.h | 75 ++
.../Include/Protocol/QemuAcpiTableNotify.h | 29 +
OvmfPkg/Include/TdxCommondefs.inc | 51 +
OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 104 +-
OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 6 +-
OvmfPkg/IoMmuDxe/IoMmuDxe.c | 6 +-
OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 5 +
.../BaseMemEncryptTdxLib.inf | 44 +
.../BaseMemEncryptTdxLibNull.inf | 35 +
.../BaseMemoryEncryptionNull.c | 90 ++
.../BaseMemEncryptTdxLib/MemoryEncryption.c | 938 ++++++++++++++++++
.../BaseMemEncryptTdxLib/VirtualMemory.h | 181 ++++
OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 9 +-
.../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 1 +
.../QemuFwCfgLib/QemuFwCfgLibInternal.h | 11 +
OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 32 +
.../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 2 +
OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c | 138 +++
.../Library/TdxMailboxLib/TdxMailboxLib.inf | 52 +
.../Library/TdxMailboxLib/TdxMailboxNull.c | 86 ++
OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 3 +-
.../Library/VmgExitLib/VmTdExitVeHandler.c | 515 ++++++++++
OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 4 +
OvmfPkg/OvmfPkg.dec | 22 +
OvmfPkg/OvmfPkgIa32.dsc | 3 +
OvmfPkg/OvmfPkgIa32X64.dsc | 3 +
OvmfPkg/OvmfPkgX64.dsc | 12 +
OvmfPkg/OvmfPkgX64.fdf | 3 +
OvmfPkg/PlatformPei/FeatureControl.c | 8 +-
OvmfPkg/PlatformPei/IntelTdx.c | 290 ++++++
OvmfPkg/PlatformPei/IntelTdxNull.c | 49 +
OvmfPkg/PlatformPei/MemDetect.c | 57 +-
OvmfPkg/PlatformPei/Platform.c | 1 +
OvmfPkg/PlatformPei/Platform.h | 28 +
OvmfPkg/PlatformPei/PlatformPei.inf | 14 +
OvmfPkg/PlatformPei/X64/ApRunLoop.nasm | 83 ++
OvmfPkg/Sec/IntelTdx.c | 597 +++++++++++
OvmfPkg/Sec/IntelTdx.h | 33 +
OvmfPkg/Sec/SecMain.c | 60 +-
OvmfPkg/Sec/SecMain.inf | 7 +
OvmfPkg/Sec/X64/SecEntry.nasm | 314 ++++++
OvmfPkg/TdxDxe/TdxAcpiTable.c | 112 +++
OvmfPkg/TdxDxe/TdxAcpiTable.h | 38 +
OvmfPkg/TdxDxe/TdxDxe.c | 207 ++++
OvmfPkg/TdxDxe/TdxDxe.inf | 62 ++
UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 +
UefiCpuPkg/CpuDxe/CpuPageTable.c | 4 +
UefiCpuPkg/Include/Library/VmgExitLib.h | 27 +
.../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 219 +++-
.../BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf | 1 +
.../PeiDxeSmmCpuException.c | 17 +
.../SecPeiCpuException.c | 18 +
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 5 +
UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 15 +-
UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h | 107 ++
UefiCpuPkg/Library/MpInitLib/MpLib.c | 27 +
UefiCpuPkg/Library/MpInitLib/MpLibTdx.c | 126 +++
UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c | 117 +++
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 5 +
.../Library/MpInitLib/X64/IntelTdcall.nasm | 120 +++
.../Library/VmgExitLibNull/VmTdExitNull.c | 38 +
.../Library/VmgExitLibNull/VmgExitLibNull.inf | 1 +
UefiCpuPkg/UefiCpuPkg.dsc | 1 +
UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
98 files changed, 9367 insertions(+), 135 deletions(-)
create mode 100644 MdeModulePkg/Core/DxeIplPeim/X64/DxeIplTdVmcall.nasm
create mode 100644 MdePkg/Include/ConfidentialComputingGuestAttr.h
create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
create mode 100644 MdePkg/Include/Library/TdxLib.h
create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c
create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h
create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h
create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c
create mode 100644 MdePkg/Library/TdxLib/Rtmr.c
create mode 100644 MdePkg/Library/TdxLib/TdInfo.c
create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
create mode 100644 MdePkg/Library/TdxLib/X64/Tdcall.nasm
create mode 100644 MdePkg/Library/TdxLib/X64/Tdvmcall.nasm
create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h
create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h
create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h
create mode 100644 OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h
create mode 100644 OvmfPkg/Include/TdxCommondefs.inc
create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h
create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c
create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c
create mode 100644 OvmfPkg/PlatformPei/IntelTdxNull.c
create mode 100644 OvmfPkg/PlatformPei/X64/ApRunLoop.nasm
create mode 100644 OvmfPkg/Sec/IntelTdx.c
create mode 100644 OvmfPkg/Sec/IntelTdx.h
create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.c
create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.h
create mode 100644 OvmfPkg/TdxDxe/TdxDxe.c
create mode 100644 OvmfPkg/TdxDxe/TdxDxe.inf
create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c
create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c
create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/IntelTdcall.nasm
create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82987): https://edk2.groups.io/g/devel/message/82987
Mute This Topic: https://groups.io/mt/86739960/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-