OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c

   1 /** @file
   2
   3   Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
   4
   5   SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7 **/
   8
   9 #include <PiPei.h>
  10 #include <Library/BaseLib.h>
  11 #include <Library/BaseMemoryLib.h>
  12 #include <Library/MemoryAllocationLib.h>
  13 #include <Library/DebugLib.h>
  14 #include <Protocol/DebugSupport.h>
  15 #include <Library/TdxLib.h>
  16 #include <IndustryStandard/Tdx.h>
  17 #include <Library/PrePiLib.h>
  18 #include <Library/PeilessStartupLib.h>
  19 #include <Library/PlatformInitLib.h>
  20 #include <ConfidentialComputingGuestAttr.h>
  21 #include <Guid/MemoryTypeInformation.h>
  22 #include <OvmfPlatforms.h>
  23 #include "PeilessStartupInternal.h"
  24
  25 #define GET_GPAW_INIT_STATE(INFO)  ((UINT8) ((INFO) & 0x3f))
  26
  27 EFI_MEMORY_TYPE_INFORMATION  mDefaultMemoryTypeInformation[] = {
  28   { EfiACPIMemoryNVS,       0x004 },
  29   { EfiACPIReclaimMemory,   0x008 },
  30   { EfiReservedMemoryType,  0x004 },
  31   { EfiRuntimeServicesData, 0x024 },
  32   { EfiRuntimeServicesCode, 0x030 },
  33   { EfiBootServicesCode,    0x180 },
  34   { EfiBootServicesData,    0xF00 },
  35   { EfiMaxMemoryType,       0x000 }
  36 };
  37
  38 EFI_STATUS
  39 EFIAPI
  40 InitializePlatform (
  41   EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
  42   )
  43 {
  44   UINT32  LowerMemorySize;
  45
  46   DEBUG ((DEBUG_INFO, "InitializePlatform in Pei-less boot\n"));
  47   PlatformDebugDumpCmos ();
  48
  49   PlatformInfoHob->DefaultMaxCpuNumber = 64;
  50   PlatformInfoHob->PcdPciMmio64Size    = 0x800000000;
  51
  52   PlatformInfoHob->HostBridgeDevId = PciRead16 (OVMF_HOSTBRIDGE_DID);
  53   DEBUG ((DEBUG_INFO, "HostBridgeDeviceId = 0x%x\n", PlatformInfoHob->HostBridgeDevId));
  54
  55   PlatformAddressWidthInitialization (PlatformInfoHob);
  56   DEBUG ((
  57     DEBUG_INFO,
  58     "PhysMemAddressWidth=0x%x, Pci64Base=0x%llx, Pci64Size=0x%llx\n",
  59     PlatformInfoHob->PhysMemAddressWidth,
  60     PlatformInfoHob->PcdPciMmio64Base,
  61     PlatformInfoHob->PcdPciMmio64Size
  62     ));
  63
  64   PlatformMaxCpuCountInitialization (PlatformInfoHob);
  65   DEBUG ((
  66     DEBUG_INFO,
  67     "MaxCpuCount=%d, BootCpuCount=%d\n",
  68     PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber,
  69     PlatformInfoHob->PcdCpuBootLogicalProcessorNumber
  70     ));
  71
  72   LowerMemorySize = PlatformGetSystemMemorySizeBelow4gb (PlatformInfoHob);
  73   PlatformQemuUc32BaseInitialization (PlatformInfoHob);
  74   DEBUG ((
  75     DEBUG_INFO,
  76     "Uc32Base = 0x%x, Uc32Size = 0x%x, LowerMemorySize = 0x%x\n",
  77     PlatformInfoHob->Uc32Base,
  78     PlatformInfoHob->Uc32Size,
  79     LowerMemorySize
  80     ));
  81
  82   if (TdIsEnabled ()) {
  83     PlatformTdxPublishRamRegions ();
  84   } else {
  85     PlatformQemuInitializeRam (PlatformInfoHob);
  86     PlatformQemuInitializeRamForS3 (PlatformInfoHob);
  87   }
  88
  89   //
  90   // Create Memory Type Information HOB
  91   //
  92   BuildGuidDataHob (
  93     &gEfiMemoryTypeInformationGuid,
  94     mDefaultMemoryTypeInformation,
  95     sizeof (mDefaultMemoryTypeInformation)
  96     );
  97
  98   PlatformMemMapInitialization (PlatformInfoHob);
  99
 100   PlatformNoexecDxeInitialization (PlatformInfoHob);
 101
 102   if (TdIsEnabled ()) {
 103     PlatformInfoHob->PcdConfidentialComputingGuestAttr = CCAttrIntelTdx;
 104     PlatformInfoHob->PcdTdxSharedBitMask               = TdSharedPageMask ();
 105     PlatformInfoHob->PcdSetNxForStack                  = TRUE;
 106   }
 107
 108   PlatformMiscInitialization (PlatformInfoHob);
 109
 110   return EFI_SUCCESS;
 111 }
 112
 113 /**
 114  * This function brings up the Tdx guest from SEC phase to DXE phase.
 115  * PEI phase is skipped because most of the components in PEI phase
 116  * is not needed for Tdx guest, for example, MP Services, TPM etc.
 117  * In this way, the attack surfaces are reduced as much as possible.
 118  *
 119  * @param Context   The pointer to the SecCoreData
 120  * @return VOID     This function never returns
 121  */
 122 VOID
 123 EFIAPI
 124 PeilessStartup (
 125   IN VOID  *Context
 126   )
 127 {
 128   EFI_SEC_PEI_HAND_OFF        *SecCoreData;
 129   EFI_FIRMWARE_VOLUME_HEADER  *BootFv;
 130   EFI_STATUS                  Status;
 131   EFI_HOB_PLATFORM_INFO       PlatformInfoHob;
 132   UINT32                      DxeCodeBase;
 133   UINT32                      DxeCodeSize;
 134   TD_RETURN_DATA              TdReturnData;
 135   VOID                        *VmmHobList;
 136   UINT8                       *CfvBase;
 137
 138   Status      = EFI_SUCCESS;
 139   BootFv      = NULL;
 140   VmmHobList  = NULL;
 141   SecCoreData = (EFI_SEC_PEI_HAND_OFF *)Context;
 142   CfvBase     = (UINT8 *)(UINTN)FixedPcdGet32 (PcdCfvBase);
 143
 144   ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob));
 145
 146   if (TdIsEnabled ()) {
 147     VmmHobList = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
 148     Status     = TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData);
 149     ASSERT (Status == EFI_SUCCESS);
 150
 151     DEBUG ((
 152       DEBUG_INFO,
 153       "Tdx started with(Hob: 0x%x, Gpaw: 0x%x, Cpus: %d)\n",
 154       (UINT32)(UINTN)VmmHobList,
 155       GET_GPAW_INIT_STATE (TdReturnData.TdInfo.Gpaw),
 156       TdReturnData.TdInfo.NumVcpus
 157       ));
 158
 159     Status = ConstructFwHobList (VmmHobList);
 160   } else {
 161     DEBUG ((DEBUG_INFO, "Ovmf started\n"));
 162     Status = ConstructSecHobList ();
 163   }
 164
 165   if (EFI_ERROR (Status)) {
 166     ASSERT (FALSE);
 167     CpuDeadLoop ();
 168   }
 169
 170   DEBUG ((DEBUG_INFO, "HobList: %p\n", GetHobList ()));
 171
 172   if (TdIsEnabled ()) {
 173     //
 174     // Measure HobList
 175     //
 176     Status = MeasureHobList (VmmHobList);
 177     if (EFI_ERROR (Status)) {
 178       ASSERT (FALSE);
 179       CpuDeadLoop ();
 180     }
 181
 182     //
 183     // Validate Tdx CFV
 184     //
 185     if (!TdxValidateCfv (CfvBase, FixedPcdGet32 (PcdCfvRawDataSize))) {
 186       ASSERT (FALSE);
 187       CpuDeadLoop ();
 188     }
 189
 190     //
 191     // Measure Tdx CFV
 192     //
 193     Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)CfvBase, FixedPcdGet32 (PcdCfvRawDataSize), 1);
 194     if (EFI_ERROR (Status)) {
 195       ASSERT (FALSE);
 196       CpuDeadLoop ();
 197     }
 198   }
 199
 200   //
 201   // Initialize the Platform
 202   //
 203   Status = InitializePlatform (&PlatformInfoHob);
 204   if (EFI_ERROR (Status)) {
 205     ASSERT (FALSE);
 206     CpuDeadLoop ();
 207   }
 208
 209   BuildGuidDataHob (&gUefiOvmfPkgPlatformInfoGuid, &PlatformInfoHob, sizeof (EFI_HOB_PLATFORM_INFO));
 210
 211   //
 212   // SecFV
 213   //
 214   BootFv = (EFI_FIRMWARE_VOLUME_HEADER *)SecCoreData->BootFirmwareVolumeBase;
 215   BuildFvHob ((UINTN)BootFv, BootFv->FvLength);
 216
 217   //
 218   // DxeFV
 219   //
 220   DxeCodeBase = PcdGet32 (PcdBfvBase);
 221   DxeCodeSize = PcdGet32 (PcdBfvRawDataSize) - (UINT32)BootFv->FvLength;
 222   BuildFvHob (DxeCodeBase, DxeCodeSize);
 223
 224   DEBUG ((DEBUG_INFO, "SecFv : %p, 0x%x\n", BootFv, BootFv->FvLength));
 225   DEBUG ((DEBUG_INFO, "DxeFv : %x, 0x%x\n", DxeCodeBase, DxeCodeSize));
 226
 227   BuildStackHob ((UINTN)SecCoreData->StackBase, SecCoreData->StackSize <<= 1);
 228
 229   BuildResourceDescriptorHob (
 230     EFI_RESOURCE_SYSTEM_MEMORY,
 231     EFI_RESOURCE_ATTRIBUTE_PRESENT |
 232     EFI_RESOURCE_ATTRIBUTE_INITIALIZED |
 233     EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |
 234     EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |
 235     EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |
 236     EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE |
 237     EFI_RESOURCE_ATTRIBUTE_TESTED,
 238     (UINT64)SecCoreData->TemporaryRamBase,
 239     (UINT64)SecCoreData->TemporaryRamSize
 240     );
 241
 242   //
 243   // Load the DXE Core and transfer control to it.
 244   // Only DxeFV is in the compressed section.
 245   //
 246   Status = DxeLoadCore (1);
 247
 248   //
 249   // Never arrive here.
 250   //
 251   ASSERT (FALSE);
 252   CpuDeadLoop ();
 253 }