Create a one page secret area in the MEMFD and reserve the area with a
boot time HOB.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <
20201130202819.3910-6-jejb@linux.ibm.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
[lersek@redhat.com: s/protect/reserve/g in the commit message, at Ard's
and James's suggestion]
OvmfPkg/PlatformPei/PlatformPei.inf\r
UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf\r
UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
+ OvmfPkg/AmdSev/SecretPei/SecretPei.inf\r
\r
!if $(TPM_ENABLE) == TRUE\r
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
0x00B000|0x001000\r
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize\r
\r
+0x00C000|0x001000\r
+gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize\r
+\r
0x010000|0x010000\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize\r
\r
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf\r
INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf\r
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
+INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf\r
\r
!if $(TPM_ENABLE) == TRUE\r
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
--- /dev/null
+/** @file\r
+ SEV Secret boot time HOB placement\r
+\r
+ Copyright (C) 2020 James Bottomley, IBM Corporation.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+**/\r
+#include <PiPei.h>\r
+#include <Library/HobLib.h>\r
+#include <Library/PcdLib.h>\r
+\r
+EFI_STATUS\r
+EFIAPI\r
+InitializeSecretPei (\r
+ IN EFI_PEI_FILE_HANDLE FileHandle,\r
+ IN CONST EFI_PEI_SERVICES **PeiServices\r
+ )\r
+{\r
+ BuildMemoryAllocationHob (\r
+ PcdGet32 (PcdSevLaunchSecretBase),\r
+ PcdGet32 (PcdSevLaunchSecretSize),\r
+ EfiBootServicesData\r
+ );\r
+\r
+ return EFI_SUCCESS;\r
+}\r
--- /dev/null
+## @file\r
+# PEI support for SEV Secrets\r
+#\r
+# Copyright (C) 2020 James Bottomley, IBM Corporation.\r
+#\r
+# SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = SecretPei\r
+ FILE_GUID = 45260dde-0c3c-4b41-a226-ef3803fac7d4\r
+ MODULE_TYPE = PEIM\r
+ VERSION_STRING = 1.0\r
+ ENTRY_POINT = InitializeSecretPei\r
+\r
+[Sources]\r
+ SecretPei.c\r
+\r
+[Packages]\r
+ OvmfPkg/OvmfPkg.dec\r
+ MdePkg/MdePkg.dec\r
+\r
+[LibraryClasses]\r
+ HobLib\r
+ PeimEntryPoint\r
+ PcdLib\r
+\r
+[FixedPcd]\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize\r
+\r
+[Depex]\r
+ TRUE\r