OvmfPkg: create a SEV secret area in the AmdSev memfd

SEV needs an area to place an injected secret where OVMF can find it
and pass it up as a ConfigurationTable.  This patch implements the
area itself as an addition to the SEV enhanced reset vector table using
an additional guid (4c2eb361-7d9b-4cc3-8081-127c90d3d294).

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20201130202819.3910-5-jejb@linux.ibm.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
[lersek@redhat.com: fix typo in "ResetVectorVtf0.asm" comments]

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 3fbf7a0ee1a482354b84cc8c43aa942c8a02130a..7d27f8e160402dde1964a7299bd1c7bced23d634 100644 (file)
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -304,6 +304,12 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|0|UINT32|0x40\r
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize|0|UINT32|0x41\r
 \r
+  ## The base address and size of the SEV Launch Secret Area provisioned\r
+  #  after remote attestation.  If this is set in the .fdf, the platform\r
+  #  is responsible for protecting the area from DXE phase overwrites.\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43\r
+\r
 [PcdsDynamic, PcdsDynamicEx]\r
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2\r
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10\r

diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
index 9e0a74fddfc11e95d82e7aea4d7cf6dac8eac46c..9c0b5853a46fd4f78d54e5278881ab288d533521 100644 (file)
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -47,6 +47,25 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + 15) % 16)) DB 0
 ;\r
 guidedStructureStart:\r
 \r
+;\r
+; SEV Secret block\r
+;\r
+; This describes the guest ram area where the hypervisor should\r
+; inject the secret.  The data format is:\r
+;\r
+; base physical address (32 bit word)\r
+; table length (32 bit word)\r
+;\r
+; GUID (SEV secret block): 4c2eb361-7d9b-4cc3-8081-127c90d3d294\r
+;\r
+sevSecretBlockStart:\r
+    DD      SEV_LAUNCH_SECRET_BASE\r
+    DD      SEV_LAUNCH_SECRET_SIZE\r
+    DW      sevSecretBlockEnd - sevSecretBlockStart\r
+    DB      0x61, 0xB3, 0x2E, 0x4C, 0x9B, 0x7D, 0xC3, 0x4C\r
+    DB      0x80, 0x81, 0x12, 0x7C, 0x90, 0xD3, 0xD2, 0x94\r
+sevSecretBlockEnd:\r
+\r
 ;\r
 ; SEV-ES Processor Reset support\r
 ;\r

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index a53ae6c194aedee62a457bfe5a0bf8267fbb68ba..dc38f68919cd9b2bb51e4764d39849cdb0431898 100644 (file)
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -43,3 +43,7 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize\r
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase\r
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize\r
+\r
+[FixedPcd]\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize\r

diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 4913b379a993f0f8f5d96669ba305e200f567bd5..c5e0fe93abf44df9e0b1bb49f816db35fc918bf8 100644 (file)
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -83,5 +83,7 @@
 %include "Main.asm"\r
 \r
   %define SEV_ES_AP_RESET_IP  FixedPcdGet32 (PcdSevEsWorkAreaBase)\r
+  %define SEV_LAUNCH_SECRET_BASE  FixedPcdGet32 (PcdSevLaunchSecretBase)\r
+  %define SEV_LAUNCH_SECRET_SIZE  FixedPcdGet32 (PcdSevLaunchSecretSize)\r
 %include "Ia16/ResetVectorVtf0.asm"\r
 \r