Now that the secret area is protected by a boot time HOB, extract its
location details into a configuration table referenced by
gSevLaunchSecretGuid so the boot loader or OS can locate it before a
call to ExitBootServices().
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <
20201130202819.3910-7-jejb@linux.ibm.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
[lersek@redhat.com: fix indentation of InstallConfigurationTable() args]
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+ OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf\r
OvmfPkg/AmdSev/Grub/Grub.inf\r
!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf\r
!endif\r
+INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf\r
INF OvmfPkg/AmdSev/Grub/Grub.inf\r
!if $(BUILD_SHELL) == TRUE\r
INF ShellPkg/Application/Shell/Shell.inf\r
--- /dev/null
+/** @file\r
+ SEV Secret configuration table constructor\r
+\r
+ Copyright (C) 2020 James Bottomley, IBM Corporation.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+**/\r
+#include <PiDxe.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Guid/SevLaunchSecret.h>\r
+\r
+STATIC SEV_LAUNCH_SECRET_LOCATION mSecretDxeTable = {\r
+ FixedPcdGet32 (PcdSevLaunchSecretBase),\r
+ FixedPcdGet32 (PcdSevLaunchSecretSize),\r
+};\r
+\r
+EFI_STATUS\r
+EFIAPI\r
+InitializeSecretDxe(\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ return gBS->InstallConfigurationTable (\r
+ &gSevLaunchSecretGuid,\r
+ &mSecretDxeTable\r
+ );\r
+}\r
--- /dev/null
+## @file\r
+# Sev Secret configuration Table installer\r
+#\r
+# Copyright (C) 2020 James Bottomley, IBM Corporation.\r
+#\r
+# SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = SecretDxe\r
+ FILE_GUID = 6e2b9619-8810-4e9d-a177-d432bb9abeda\r
+ MODULE_TYPE = DXE_DRIVER\r
+ VERSION_STRING = 1.0\r
+ ENTRY_POINT = InitializeSecretDxe\r
+\r
+[Sources]\r
+ SecretDxe.c\r
+\r
+[Packages]\r
+ OvmfPkg/OvmfPkg.dec\r
+ MdePkg/MdePkg.dec\r
+\r
+[LibraryClasses]\r
+ UefiBootServicesTableLib\r
+ UefiDriverEntryPoint\r
+\r
+[Guids]\r
+ gSevLaunchSecretGuid\r
+\r
+[FixedPcd]\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize\r
+\r
+[Depex]\r
+ TRUE\r
--- /dev/null
+ /** @file\r
+ UEFI Configuration Table for exposing the SEV Launch Secret location to UEFI\r
+ applications (boot loaders).\r
+\r
+ Copyright (C) 2020 James Bottomley, IBM Corporation.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+ **/\r
+\r
+#ifndef SEV_LAUNCH_SECRET_H_\r
+#define SEV_LAUNCH_SECRET_H_\r
+\r
+#include <Uefi/UefiBaseType.h>\r
+\r
+#define SEV_LAUNCH_SECRET_GUID \\r
+ { 0xadf956ad, \\r
+ 0xe98c, \\r
+ 0x484c, \\r
+ { 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \\r
+ }\r
+\r
+typedef struct {\r
+ UINT32 Base;\r
+ UINT32 Size;\r
+} SEV_LAUNCH_SECRET_LOCATION;\r
+\r
+extern EFI_GUID gSevLaunchSecretGuid;\r
+\r
+#endif // SEV_LAUNCH_SECRET_H_\r
gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}\r
gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}\r
gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}\r
+ gSevLaunchSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}\r
\r
[Ppis]\r
# PPI whose presence in the PPI database signals that the TPM base address\r