OvmfPkg/IntelTdx: Add SecTdxHelperLib

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243

TdxHelperLib provides below helper functions for a td-guest.
 - TdxHelperProcessTdHob
 - TdxHelperMeasureTdHob
 - TdxHelperMeasureCfvImage
 - TdxHelperBuildGuidHobForTdxMeasurement

SecTdxHelperLib is the SEC instance of TdxHelperLib. It implements 4
functions for tdx in SEC phase:
 - TdxHelperProcessTdHob consumes TdHob to accept un-accepted memories.
   Before the TdHob is consumed, it is first validated.

 - TdxHelperMeasureTdHob measure/extend TdHob and store the measurement
   value in workarea.

 - TdxHelperMeasureCfvImage measure/extend the Configuration FV image and
   store the measurement value in workarea.

 - TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for tdx
   measurement.

This patch implements the stubs of the functions. The actual
implementations are in the following patches. Because they are moved from
other files.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
new file mode 100644 (file)
index 0000000..ef958b3
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
@@ -0,0 +1,78 @@
+/** @file\r
+  TdxHelper Functions which are used in SEC phase\r
+\r
+  Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include <PiPei.h>\r
+\r
+/**\r
+  In Tdx guest, some information need to be passed from host VMM to guest\r
+  firmware. For example, the memory resource, etc. These information are\r
+  prepared by host VMM and put in TdHob which is described in TdxMetadata.\r
+  TDVF processes the TdHob to accept memories.\r
+\r
+  @retval   EFI_SUCCESS   Successfully process the TdHob\r
+  @retval   Others        Other error as indicated\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TdxHelperProcessTdHob (\r
+  VOID\r
+  )\r
+{\r
+  return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+  In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains\r
+  the information of the memory resource. From the security perspective before\r
+  it is consumed, it should be measured and extended.\r
+ *\r
+ * @retval EFI_SUCCESS Successfully measure the TdHob\r
+ * @retval Others      Other error as indicated\r
+ */\r
+EFI_STATUS\r
+EFIAPI\r
+TdxHelperMeasureTdHob (\r
+  VOID\r
+  )\r
+{\r
+  return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ * In Tdx guest, Configuration FV (CFV) is treated as external input because it\r
+ * may contain the data provided by VMM. From the sucurity perspective Cfv image\r
+ * should be measured before it is consumed.\r
+ *\r
+ * @retval EFI_SUCCESS Successfully measure the CFV image\r
+ * @retval Others      Other error as indicated\r
+ */\r
+EFI_STATUS\r
+EFIAPI\r
+TdxHelperMeasureCfvImage (\r
+  VOID\r
+  )\r
+{\r
+  return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+  Build the GuidHob for tdx measurements which were done in SEC phase.\r
+  The measurement values are stored in WorkArea.\r
+\r
+  @retval EFI_SUCCESS  The GuidHob is built successfully\r
+  @retval Others       Other errors as indicated\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TdxHelperBuildGuidHobForTdxMeasurement (\r
+  VOID\r
+  )\r
+{\r
+  return EFI_UNSUPPORTED;\r
+}\r

diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
new file mode 100644 (file)
index 0000000..3c6b96f
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
@@ -0,0 +1,52 @@
+## @file\r
+#  TdxHelperLib SEC instance\r
+#\r
+#  This module provides Tdx helper functions in SEC phase.\r
+#  Copyright (c) 2021 - 2023, Intel Corporation. All rights reserved.<BR>\r
+#\r
+#  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 0x00010005\r
+  BASE_NAME                      = SecTdxHelperLib\r
+  FILE_GUID                      = ba69ac6b-0c59-4472-899d-b684590ec1e9\r
+  MODULE_TYPE                    = BASE\r
+  VERSION_STRING                 = 1.0\r
+  LIBRARY_CLASS                  = TdxHelperLib|SEC\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+#  VALID_ARCHITECTURES           = X64\r
+#\r
+\r
+[Sources]\r
+  SecTdxHelper.c\r
+\r
+[Packages]\r
+  CryptoPkg/CryptoPkg.dec\r
+  MdeModulePkg/MdeModulePkg.dec\r
+  MdePkg/MdePkg.dec\r
+  OvmfPkg/OvmfPkg.dec\r
+  SecurityPkg/SecurityPkg.dec\r
+\r
+[LibraryClasses]\r
+  BaseLib\r
+  BaseCryptLib\r
+  DebugLib\r
+  HobLib\r
+  PcdLib\r
+  TdxMailboxLib\r
+  TdxLib\r
+\r
+[FixedPcd]\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase\r
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize\r
+\r
+[Guids]\r
+  gCcEventEntryHobGuid\r