[mirror_edk2.git] / OvmfPkg / Library / PlatformInitLib / IntelTdx.c

/** @file\r
  Initialize Intel TDX support.\r
\r
  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Base.h>\r
#include <PiPei.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <IndustryStandard/Tdx.h>\r
#include <IndustryStandard/IntelTdx.h>\r
#include <Library/PeiServicesLib.h>\r
#include <Pi/PrePiHob.h>\r
#include <WorkArea.h>\r
#include <ConfidentialComputingGuestAttr.h>\r
\r
/**\r
 * Build ResourceDescriptorHob for the unaccepted memory region.\r
 * This memory region may be splitted into 2 parts because of lazy accept.\r
 *\r
 * @param Hob     Point to the EFI_HOB_RESOURCE_DESCRIPTOR\r
 * @return VOID\r
 */\r
VOID\r
BuildResourceDescriptorHobForUnacceptedMemory (\r
  IN EFI_HOB_RESOURCE_DESCRIPTOR  *Hob\r
  )\r
{\r
  EFI_PHYSICAL_ADDRESS         PhysicalStart;\r
  EFI_PHYSICAL_ADDRESS         PhysicalEnd;\r
  UINT64                       ResourceLength;\r
  EFI_RESOURCE_TYPE            ResourceType;\r
  EFI_RESOURCE_ATTRIBUTE_TYPE  ResourceAttribute;\r
  UINT64                       MaxAcceptedMemoryAddress;\r
\r
  ASSERT (Hob->ResourceType == BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED);\r
\r
  ResourceType      = BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED;\r
  ResourceAttribute = Hob->ResourceAttribute;\r
  PhysicalStart     = Hob->PhysicalStart;\r
  ResourceLength    = Hob->ResourceLength;\r
  PhysicalEnd       = PhysicalStart + ResourceLength;\r
\r
  //\r
  // In the first stage of lazy-accept, all the memory under 4G will be accepted.\r
  // The memory above 4G will not be accepted.\r
  //\r
  MaxAcceptedMemoryAddress = BASE_4GB;\r
\r
  if (PhysicalEnd <= MaxAcceptedMemoryAddress) {\r
    //\r
    // This memory region has been accepted.\r
    //\r
    ResourceType       = EFI_RESOURCE_SYSTEM_MEMORY;\r
    ResourceAttribute |= (EFI_RESOURCE_ATTRIBUTE_PRESENT | EFI_RESOURCE_ATTRIBUTE_INITIALIZED | EFI_RESOURCE_ATTRIBUTE_TESTED);\r
  } else if (PhysicalStart >= MaxAcceptedMemoryAddress) {\r
    //\r
    // This memory region hasn't been accepted.\r
    // So keep the ResourceType and ResourceAttribute unchange.\r
    //\r
  }\r
\r
  BuildResourceDescriptorHob (\r
    ResourceType,\r
    ResourceAttribute,\r
    PhysicalStart,\r
    ResourceLength\r
    );\r
}\r
\r
/**\r
  Transfer the incoming HobList for the TD to the final HobList for Dxe.\r
  The Hobs transferred in this function are ResourceDescriptor hob and\r
  MemoryAllocation hob.\r
\r
  @param[in] VmmHobList    The Hoblist pass the firmware\r
\r
**/\r
VOID\r
EFIAPI\r
TransferTdxHobList (\r
  VOID\r
  )\r
{\r
  EFI_PEI_HOB_POINTERS         Hob;\r
  EFI_RESOURCE_TYPE            ResourceType;\r
  EFI_RESOURCE_ATTRIBUTE_TYPE  ResourceAttribute;\r
  VOID                         *GuidedData;\r
\r
  //\r
  // PcdOvmfSecGhcbBase is used as the TD_HOB in Tdx guest.\r
  //\r
  Hob.Raw = (UINT8 *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);\r
  while (!END_OF_HOB_LIST (Hob)) {\r
    switch (Hob.Header->HobType) {\r
      case EFI_HOB_TYPE_RESOURCE_DESCRIPTOR:\r
        ResourceType      = Hob.ResourceDescriptor->ResourceType;\r
        ResourceAttribute = Hob.ResourceDescriptor->ResourceAttribute;\r
\r
        if (ResourceType == BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED) {\r
          BuildResourceDescriptorHobForUnacceptedMemory (Hob.ResourceDescriptor);\r
        } else {\r
          BuildResourceDescriptorHob (\r
            ResourceType,\r
            ResourceAttribute,\r
            Hob.ResourceDescriptor->PhysicalStart,\r
            Hob.ResourceDescriptor->ResourceLength\r
            );\r
        }\r
\r
        break;\r
      case EFI_HOB_TYPE_MEMORY_ALLOCATION:\r
        BuildMemoryAllocationHob (\r
          Hob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress,\r
          Hob.MemoryAllocation->AllocDescriptor.MemoryLength,\r
          Hob.MemoryAllocation->AllocDescriptor.MemoryType\r
          );\r
        break;\r
      case EFI_HOB_TYPE_GUID_EXTENSION:\r
        GuidedData = (VOID *)(&Hob.Guid->Name + 1);\r
        BuildGuidDataHob (&Hob.Guid->Name, GuidedData, Hob.Guid->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE));\r
        break;\r
    }\r
\r
    Hob.Raw = GET_NEXT_HOB (Hob);\r
  }\r
}\r
\r
/**\r
  In Tdx guest, the system memory is passed in TdHob by host VMM. So\r
  the major task of PlatformTdxPublishRamRegions is to walk thru the\r
  TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob\r
  to the hobs in DXE phase.\r
\r
  MemoryAllocationHob should also be created for Mailbox and Ovmf work area.\r
**/\r
VOID\r
EFIAPI\r
PlatformTdxPublishRamRegions (\r
  VOID\r
  )\r
{\r
  if (!TdIsEnabled ()) {\r
    return;\r
  }\r
\r
  TransferTdxHobList ();\r
\r
  //\r
  // The memory region defined by PcdOvmfSecGhcbBackupBase is pre-allocated by\r
  // host VMM and used as the td mailbox at the beginning of system boot.\r
  //\r
  BuildMemoryAllocationHob (\r
    FixedPcdGet32 (PcdOvmfSecGhcbBackupBase),\r
    FixedPcdGet32 (PcdOvmfSecGhcbBackupSize),\r
    EfiACPIMemoryNVS\r
    );\r
\r
  if (FixedPcdGet32 (PcdOvmfWorkAreaSize) != 0) {\r
    //\r
    // Reserve the work area.\r
    //\r
    // Since this memory range will be used by the Reset Vector on S3\r
    // resume, it must be reserved as ACPI NVS.\r
    //\r
    // If S3 is unsupported, then various drivers might still write to the\r
    // work area. We ought to prevent DXE from serving allocation requests\r
    // such that they would overlap the work area.\r
    //\r
    BuildMemoryAllocationHob (\r
      (EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase),\r
      (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaSize),\r
      EfiBootServicesData\r
      );\r
  }\r
}\r
Commit	Line	Data
b22ac35b MX	1	/** @file\r
	2	Initialize Intel TDX support.\r
	3	\r
	4	Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>\r
	5	\r
	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	7	\r
	8	**/\r
	9	\r
d1e41c62	10	#include <Base.h>\r
b22ac35b MX	11	#include <PiPei.h>\r
	12	#include <Library/BaseLib.h>\r
	13	#include <Library/DebugLib.h>\r
	14	#include <Library/HobLib.h>\r
	15	#include <Library/BaseMemoryLib.h>\r
	16	#include <Library/MemoryAllocationLib.h>\r
	17	#include <IndustryStandard/Tdx.h>\r
	18	#include <IndustryStandard/IntelTdx.h>\r
b22ac35b	19	#include <Library/PeiServicesLib.h>\r
9b648112	20	#include <Pi/PrePiHob.h>\r
b22ac35b MX	21	#include <WorkArea.h>\r
	22	#include <ConfidentialComputingGuestAttr.h>\r
	23	\r
d1e41c62 MX	24	/**\r
	25	* Build ResourceDescriptorHob for the unaccepted memory region.\r
	26	* This memory region may be splitted into 2 parts because of lazy accept.\r
	27	*\r
	28	* @param Hob Point to the EFI_HOB_RESOURCE_DESCRIPTOR\r
	29	* @return VOID\r
	30	*/\r
	31	VOID\r
	32	BuildResourceDescriptorHobForUnacceptedMemory (\r
	33	IN EFI_HOB_RESOURCE_DESCRIPTOR *Hob\r
	34	)\r
	35	{\r
	36	EFI_PHYSICAL_ADDRESS PhysicalStart;\r
	37	EFI_PHYSICAL_ADDRESS PhysicalEnd;\r
	38	UINT64 ResourceLength;\r
	39	EFI_RESOURCE_TYPE ResourceType;\r
	40	EFI_RESOURCE_ATTRIBUTE_TYPE ResourceAttribute;\r
	41	UINT64 MaxAcceptedMemoryAddress;\r
	42	\r
	43	ASSERT (Hob->ResourceType == BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED);\r
	44	\r
	45	ResourceType = BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED;\r
	46	ResourceAttribute = Hob->ResourceAttribute;\r
	47	PhysicalStart = Hob->PhysicalStart;\r
	48	ResourceLength = Hob->ResourceLength;\r
	49	PhysicalEnd = PhysicalStart + ResourceLength;\r
	50	\r
	51	//\r
	52	// In the first stage of lazy-accept, all the memory under 4G will be accepted.\r
	53	// The memory above 4G will not be accepted.\r
	54	//\r
	55	MaxAcceptedMemoryAddress = BASE_4GB;\r
	56	\r
	57	if (PhysicalEnd <= MaxAcceptedMemoryAddress) {\r
	58	//\r
	59	// This memory region has been accepted.\r
	60	//\r
	61	ResourceType = EFI_RESOURCE_SYSTEM_MEMORY;\r
	62	ResourceAttribute \|= (EFI_RESOURCE_ATTRIBUTE_PRESENT \| EFI_RESOURCE_ATTRIBUTE_INITIALIZED \| EFI_RESOURCE_ATTRIBUTE_TESTED);\r
	63	} else if (PhysicalStart >= MaxAcceptedMemoryAddress) {\r
	64	//\r
	65	// This memory region hasn't been accepted.\r
	66	// So keep the ResourceType and ResourceAttribute unchange.\r
	67	//\r
	68	}\r
	69	\r
	70	BuildResourceDescriptorHob (\r
	71	ResourceType,\r
	72	ResourceAttribute,\r
	73	PhysicalStart,\r
	74	ResourceLength\r
	75	);\r
	76	}\r
	77	\r
b22ac35b MX	78	/**\r
	79	Transfer the incoming HobList for the TD to the final HobList for Dxe.\r
	80	The Hobs transferred in this function are ResourceDescriptor hob and\r
	81	MemoryAllocation hob.\r
	82	\r
	83	@param[in] VmmHobList The Hoblist pass the firmware\r
	84	\r
	85	**/\r
	86	VOID\r
	87	EFIAPI\r
	88	TransferTdxHobList (\r
	89	VOID\r
	90	)\r
	91	{\r
	92	EFI_PEI_HOB_POINTERS Hob;\r
	93	EFI_RESOURCE_TYPE ResourceType;\r
	94	EFI_RESOURCE_ATTRIBUTE_TYPE ResourceAttribute;\r
57162cb6	95	VOID *GuidedData;\r
b22ac35b MX	96	\r
	97	//\r
	98	// PcdOvmfSecGhcbBase is used as the TD_HOB in Tdx guest.\r
	99	//\r
	100	Hob.Raw = (UINT8 *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);\r
	101	while (!END_OF_HOB_LIST (Hob)) {\r
	102	switch (Hob.Header->HobType) {\r
	103	case EFI_HOB_TYPE_RESOURCE_DESCRIPTOR:\r
	104	ResourceType = Hob.ResourceDescriptor->ResourceType;\r
	105	ResourceAttribute = Hob.ResourceDescriptor->ResourceAttribute;\r
	106	\r
9b648112	107	if (ResourceType == BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED) {\r
d1e41c62 MX	108	BuildResourceDescriptorHobForUnacceptedMemory (Hob.ResourceDescriptor);\r
	109	} else {\r
	110	BuildResourceDescriptorHob (\r
	111	ResourceType,\r
	112	ResourceAttribute,\r
	113	Hob.ResourceDescriptor->PhysicalStart,\r
	114	Hob.ResourceDescriptor->ResourceLength\r
	115	);\r
b22ac35b MX	116	}\r
b22ac35b MX	117	\r
b22ac35b MX	118	break;\r
	119	case EFI_HOB_TYPE_MEMORY_ALLOCATION:\r
	120	BuildMemoryAllocationHob (\r
	121	Hob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress,\r
	122	Hob.MemoryAllocation->AllocDescriptor.MemoryLength,\r
	123	Hob.MemoryAllocation->AllocDescriptor.MemoryType\r
	124	);\r
	125	break;\r
57162cb6 SB	126	case EFI_HOB_TYPE_GUID_EXTENSION:\r
	127	GuidedData = (VOID *)(&Hob.Guid->Name + 1);\r
	128	BuildGuidDataHob (&Hob.Guid->Name, GuidedData, Hob.Guid->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE));\r
	129	break;\r
b22ac35b MX	130	}\r
	131	\r
	132	Hob.Raw = GET_NEXT_HOB (Hob);\r
	133	}\r
	134	}\r
e23f8f52 MX	135	\r
	136	/**\r
	137	In Tdx guest, the system memory is passed in TdHob by host VMM. So\r
	138	the major task of PlatformTdxPublishRamRegions is to walk thru the\r
	139	TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob\r
	140	to the hobs in DXE phase.\r
	141	\r
	142	MemoryAllocationHob should also be created for Mailbox and Ovmf work area.\r
	143	**/\r
	144	VOID\r
	145	EFIAPI\r
	146	PlatformTdxPublishRamRegions (\r
	147	VOID\r
	148	)\r
	149	{\r
	150	if (!TdIsEnabled ()) {\r
	151	return;\r
	152	}\r
	153	\r
	154	TransferTdxHobList ();\r
	155	\r
	156	//\r
	157	// The memory region defined by PcdOvmfSecGhcbBackupBase is pre-allocated by\r
	158	// host VMM and used as the td mailbox at the beginning of system boot.\r
	159	//\r
	160	BuildMemoryAllocationHob (\r
	161	FixedPcdGet32 (PcdOvmfSecGhcbBackupBase),\r
	162	FixedPcdGet32 (PcdOvmfSecGhcbBackupSize),\r
	163	EfiACPIMemoryNVS\r
	164	);\r
	165	\r
	166	if (FixedPcdGet32 (PcdOvmfWorkAreaSize) != 0) {\r
	167	//\r
	168	// Reserve the work area.\r
	169	//\r
	170	// Since this memory range will be used by the Reset Vector on S3\r
	171	// resume, it must be reserved as ACPI NVS.\r
	172	//\r
	173	// If S3 is unsupported, then various drivers might still write to the\r
	174	// work area. We ought to prevent DXE from serving allocation requests\r
	175	// such that they would overlap the work area.\r
	176	//\r
	177	BuildMemoryAllocationHob (\r
	178	(EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase),\r
	179	(UINT64)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaSize),\r
	180	EfiBootServicesData\r
	181	);\r
	182	}\r
	183	}\r