Split the existing 4KB page reserved for SEV launch secrets into two
parts: first 3KB for SEV launch secrets and last 1KB for firmware
config hashes.
The area of the firmware config hashes will be attested (measured) by
the PSP and thus the untrusted VMM can't pass in different files from
what the guest owner allows.
Declare this in the Reset Vector table using GUID
7255371f-3a3b-4b04-927b-
1da6efa8d454 and a uint32_t table of a base
and size value (similar to the structure used to declare the launch
secret block).
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457
Co-developed-by: Dov Murik <dovmurik@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
0x00B000|0x001000\r
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize\r
\r
-0x00C000|0x001000\r
+0x00C000|0x000C00\r
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize\r
\r
+0x00CC00|0x000400\r
+gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize\r
+\r
0x00D000|0x001000\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize\r
\r
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42\r
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43\r
\r
+ ## The base address and size of a hash table confirming allowed\r
+ # parameters to be passed in via the Qemu firmware configuration\r
+ # device\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48\r
+\r
[PcdsDynamic, PcdsDynamicEx]\r
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10\r
;\r
guidedStructureStart:\r
\r
+; SEV Hash Table Block\r
;\r
+; This describes the guest ram area where the hypervisor should\r
+; install a table describing the hashes of certain firmware configuration\r
+; device files that would otherwise be passed in unchecked. The current\r
+; use is for the kernel, initrd and command line values, but others may be\r
+; added. The data format is:\r
+;\r
+; base physical address (32 bit word)\r
+; table length (32 bit word)\r
+;\r
+; GUID (SEV FW config hash block): 7255371f-3a3b-4b04-927b-1da6efa8d454\r
+;\r
+sevFwHashBlockStart:\r
+ DD SEV_FW_HASH_BLOCK_BASE\r
+ DD SEV_FW_HASH_BLOCK_SIZE\r
+ DW sevFwHashBlockEnd - sevFwHashBlockStart\r
+ DB 0x1f, 0x37, 0x55, 0x72, 0x3b, 0x3a, 0x04, 0x4b\r
+ DB 0x92, 0x7b, 0x1d, 0xa6, 0xef, 0xa8, 0xd4, 0x54\r
+sevFwHashBlockEnd:\r
+\r
; SEV Secret block\r
;\r
; This describes the guest ram area where the hypervisor should\r
[FixedPcd]\r
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase\r
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize\r
%define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase)\r
%define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase)\r
%define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize)\r
+ %define SEV_FW_HASH_BLOCK_BASE FixedPcdGet32 (PcdQemuHashTableBase)\r
+ %define SEV_FW_HASH_BLOCK_SIZE FixedPcdGet32 (PcdQemuHashTableSize)\r
%include "Ia16/ResetVectorVtf0.asm"\r
\r
projects / mirror_edk2.git / commitdiff