OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table

author Brijesh Singh <brijesh.singh@amd.com>

Thu, 9 Dec 2021 03:27:59 +0000 (11:27 +0800)

committer mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Thu, 9 Dec 2021 06:28:10 +0000 (06:28 +0000)
author Brijesh Singh <brijesh.singh@amd.com>
Thu, 9 Dec 2021 03:27:59 +0000 (11:27 +0800)
committer mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Thu, 9 Dec 2021 06:28:10 +0000 (06:28 +0000)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c

index be26dde71f9def6c85d427bb6d1b3dfc7a53fbb1..662d3c4ccb0f0dec2149d3ed67b168a27e809973 100644 (file)
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -17,8 +17,20 @@
  #include <Library/DxeServicesTableLib.h>\r
  #include <Library/MemEncryptSevLib.h>\r
  #include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Guid/ConfidentialComputingSevSnpBlob.h>\r
  #include <Library/PcdLib.h>\r
  \r
+STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {\r
+  SIGNATURE_32 ('A',                                    'M', 'D', 'E'),\r
+  1,\r
+  0,\r
+  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfSnpSecretsBase),\r
+  FixedPcdGet32 (PcdOvmfSnpSecretsSize),\r
+  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfCpuidBase),\r
+  FixedPcdGet32 (PcdOvmfCpuidSize),\r
+};\r
+\r
  EFI_STATUS\r
  EFIAPI\r
  AmdSevDxeEntryPoint (\r
@@ -135,5 +147,16 @@ AmdSevDxeEntryPoint (
      }\r
    }\r
  \r
+  //\r
+  // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.\r
+  // It contains the location for both the Secrets and CPUID page.\r
+  //\r
+  if (MemEncryptSevSnpIsEnabled ()) {\r
+    return gBS->InstallConfigurationTable (\r
+                  &gConfidentialComputingSevSnpBlobGuid,\r
+                  &mSnpBootDxeTable\r
+                  );\r
+  }\r
+\r
    return EFI_SUCCESS;\r
  }\r
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf

index 0676fcc5b6a47c7b9c4aac72adf66b1e1a7a6da8..9acf860cf25ef8d8ed74f03ffc2fc8d9ebbc9563 100644 (file)
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -42,6 +42,13 @@
  \r
  [FixedPcd]\r
    gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize\r
+\r
+[Guids]\r
+  gConfidentialComputingSevSnpBlobGuid\r
  \r
  [Pcd]\r
    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId\r
diff --git a/OvmfPkg/Include/Guid/ConfidentialComputingSevSnpBlob.h b/OvmfPkg/Include/Guid/ConfidentialComputingSevSnpBlob.h

new file mode 100644 (file)

index 0000000..b328310
--- /dev/null
+++ b/OvmfPkg/Include/Guid/ConfidentialComputingSevSnpBlob.h
@@ -0,0 +1,33 @@
+/** @file\r
+   UEFI Configuration Table for exposing the SEV-SNP launch blob.\r
+\r
+   Copyright (c) 2021, Advanced Micro Devices Inc. All right reserved.\r
+\r
+   SPDX-License-Identifier: BSD-2-Clause-Patent\r
+ **/\r
+\r
+#ifndef CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB_H_\r
+#define CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB_H_\r
+\r
+#include <Uefi/UefiBaseType.h>\r
+\r
+#define CONFIDENTIAL_COMPUTING_SNP_BLOB_GUID            \\r
+  { 0x067b1f5f,                                         \\r
+    0xcf26,                                             \\r
+    0x44c5,                                             \\r
+    { 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42 }, \\r
+  }\r
+\r
+typedef struct {\r
+  UINT32    Header;\r
+  UINT16    Version;\r
+  UINT16    Reserved1;\r
+  UINT64    SecretsPhysicalAddress;\r
+  UINT32    SecretsSize;\r
+  UINT64    CpuidPhysicalAddress;\r
+  UINT32    CpuidLSize;\r
+} CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION;\r
+\r
+extern EFI_GUID  gConfidentialComputingSevSnpBlobGuid;\r
+\r
+#endif\r
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec

index c22b846cd66390a221165bf5ad64746588c22cba..769bef0ffa12d04afebdd095a95c11888932e6e2 100644 (file)
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -124,6 +124,7 @@
    gQemuKernelLoaderFsMediaGuid          = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}\r
    gGrubFileGuid                         = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}\r
    gConfidentialComputingSecretGuid      = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}\r
+  gConfidentialComputingSevSnpBlobGuid  = {0x067b1f5f, 0xcf26, 0x44c5, {0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}\r
  \r
  [Ppis]\r
    # PPI whose presence in the PPI database signals that the TPM base address\r
author	Brijesh Singh <brijesh.singh@amd.com>
	Thu, 9 Dec 2021 03:27:59 +0000 (11:27 +0800)
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
	Thu, 9 Dec 2021 06:28:10 +0000 (06:28 +0000)
OvmfPkg/AmdSevDxe/AmdSevDxe.c		patch \| blob \| blame \| history
OvmfPkg/AmdSevDxe/AmdSevDxe.inf		patch \| blob \| blame \| history
OvmfPkg/Include/Guid/ConfidentialComputingSevSnpBlob.h	[new file with mode: 0644]	patch \| blob
OvmfPkg/OvmfPkg.dec		patch \| blob \| blame \| history