dm: acpi: add PSDS table in ACPI table

Expose a new ACPI table PSDS to UOS.
This PSDS table show the security capability of the VM.
Only enable this table in UOS when PSDS presented in SOS.

Tracked-On: #888
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>

devicemodel/hw/platform/acpi/acpi.c

@@ -83,13 +83,15 @@
 #define FACS_OFFSET		0x3C0
 #define NHLT_OFFSET		0x400
 #define TPM2_OFFSET		0xC00
-#define DSDT_OFFSET		0xE40
+#define PSDS_OFFSET		0xE40		/* Reserve 0xC0 for PSD table */
+#define DSDT_OFFSET		0xF00
 
 #define	ASL_TEMPLATE	"dm.XXXXXXX"
 #define ASL_SUFFIX	".aml"
 #define ASL_COMPILER	"/usr/sbin/iasl"
 
 uint64_t audio_nhlt_len = 0;
+uint32_t csme_sec_cap = 0;
 
 static int basl_keep_temps;
 static int basl_verbose_iasl;
@@ -120,6 +122,7 @@ struct basl_fio {
 #define EFFLUSH(x) fflush(x)
 
 static bool acpi_table_is_valid(int num);
+static int psds_fd = -1;
 
 static int
 basl_fwrite_rsdp(FILE *fp, struct vmctx *ctx)
@@ -182,6 +185,9 @@ basl_fwrite_rsdt(FILE *fp, struct vmctx *ctx)
 		EFPRINTF(fp, "[0004]\t\tACPI Table Address %u : %08X\n", num++,
 		    basl_acpi_base + TPM2_OFFSET);
 
+	if (acpi_table_is_valid(PSDS_ENTRY_NO))
+		EFPRINTF(fp, "[0004]\t\tACPI Table Address %u : %08X\n", num++,
+		    basl_acpi_base + PSDS_OFFSET);
 	EFFLUSH(fp);
 
 	return 0;
@@ -224,6 +230,9 @@ basl_fwrite_xsdt(FILE *fp, struct vmctx *ctx)
 		EFPRINTF(fp, "[0004]\t\tACPI Table Address %u : 00000000%08X\n", num++,
 		    basl_acpi_base + TPM2_OFFSET);
 
+	if (acpi_table_is_valid(PSDS_ENTRY_NO))
+		EFPRINTF(fp, "[0004]\t\tACPI Table Address %u : 00000000%08X\n", num++,
+		    basl_acpi_base + PSDS_OFFSET);
 	EFFLUSH(fp);
 
 	return 0;
@@ -658,6 +667,98 @@ basl_fwrite_nhlt(FILE *fp, struct vmctx *ctx)
 	return 0;
 }
 
+/* read len bytes from file specified by fd from offset, and write to file specified by fp */
+static int
+copy_table_pos_len(int fd, int offset, int len, FILE *fp)
+{
+	int pos, i;
+	uint8_t data;
+
+	if ((fd < 0) || (fp == NULL))
+		return -1;
+
+	pos = lseek(fd, offset, SEEK_SET);
+	if (pos != offset)
+		return -1;
+
+	for (i = 0; i < len; i++) {
+		if (read(fd, &data, 1) != 1) {
+			fprintf(stderr, "%s: read fail! %s\n", __func__, strerror(errno));
+			return -1;
+		}
+		EFPRINTF(fp, "UINT8 : %02X\n", data);
+	}
+	return 0;
+}
+
+/* Intel Platform Security Discovery is designed specifically to allow other applications at
+ * runtime to know what hardware security capabilities are available on the platform.
+ * Format of the PSD structure:
+ * [0024] 36 byte common header
+ * [0004] PSD Version
+ * [0004] CSME Sec Capabilities
+ * [0002] SGX Capabilities
+ * [0004] FW Version Minor
+ * [0004] FW Version Major
+ * [0004] FW Version Build Number
+ * [0004] FW Version Hot Fix
+ * [0010] FW Vendor
+ * [0001] EOM State
+ * [0001] Secure Boot Enabled
+ * [0001] Measured Boot Enabled
+ * [0001] Hwrot Type
+ * [0001] fwHashIndex
+ * [0001] fwHashDataLen
+ * [xxxx] fwHashData (if fwHashDataLen != 0)
+ */
+static int
+basl_fwrite_psds(FILE *fp, struct vmctx *ctx)
+{
+	EFPRINTF(fp, "/*\n");
+	EFPRINTF(fp, " * dm PSDS template\n");
+	EFPRINTF(fp, " */\n");
+	EFPRINTF(fp, "[0004]\t\tSignature : \"PSDS\"\n");
+	EFPRINTF(fp, "[0004]\t\tTable Length : 00000000\n");
+	EFPRINTF(fp, "[0001]\t\tRevision : 00\n");
+	EFPRINTF(fp, "[0001]\t\tChecksum : 00\n");
+	EFPRINTF(fp, "[0006]\t\tOem ID : \"INTEL \"\n");
+	EFPRINTF(fp, "[0008]\t\tOem Table ID : \"EDK2    \"\n");
+	EFPRINTF(fp, "[0004]\t\tOem Revision : 00000001\n");
+	/* iasl will fill in the compiler ID/revision fields */
+	EFPRINTF(fp, "[0004]\t\tAsl Compiler ID : \"xxxx\"\n");
+	EFPRINTF(fp, "[0004]\t\tAsl Compiler Revision : 00000000\n");
+
+	/* passthru the following @36 - 4 bytes:
+	 * [0004]PSD Version
+	 */
+	if (copy_table_pos_len(psds_fd, 36, 4, fp) != 0) {
+		fprintf(stderr, "Failed to read psds table!\n");
+		return -1;
+	}
+
+	EFPRINTF(fp, "UINT32 : %08X\n", csme_sec_cap);		/* [0004]CSME Sec Capabilities */
+	EFPRINTF(fp, "UINT16 : 0000\n");			/* [0002]SGX Capabilities */
+
+	/* passthru the following @46 - 33 bytes:
+	 * [0010]FW Versions
+	 * [0010]FW Vendor
+	 * [0001]EOM State
+	 */
+	if (copy_table_pos_len(psds_fd, 46, 33, fp) !=0) {
+		fprintf(stderr, "Failed to read psds table!\n");
+		return -1;
+	}
+
+	EFPRINTF(fp, "UINT8 : 00\n");				/* [0001]Secure Boot Enabled */
+	EFPRINTF(fp, "UINT8 : 00\n");				/* [0001]Measured Boot Enabled */
+	EFPRINTF(fp, "UINT8 : 00\n");				/* [0001]Hwrot Type */
+	EFPRINTF(fp, "UINT8 : 00\n");				/* [0001]fwHashIndex */
+	EFPRINTF(fp, "UINT8 : 00\n");				/* [0001]fwHashDataLen */
+
+	EFFLUSH(fp);
+	return 0;
+}
+
 static int
 basl_fwrite_facs(FILE *fp, struct vmctx *ctx)
 {
@@ -1053,6 +1154,7 @@ static struct {
 	{ basl_fwrite_facs, FACS_OFFSET, true  },
 	{ basl_fwrite_nhlt, NHLT_OFFSET, false }, /*valid with audio ptdev*/
 	{ basl_fwrite_tpm2, TPM2_OFFSET, false },
+	{ basl_fwrite_psds, PSDS_OFFSET, false }, /*valid when psds present in sos */
 	{ basl_fwrite_dsdt, DSDT_OFFSET, true  }
 };
 
@@ -1110,6 +1212,11 @@ acpi_build(struct vmctx *ctx, int ncpu)
 	i = 0;
 	err = basl_make_templates();
 
+	/* Check PSDS in SOS, only present PSDS table to UOS when PSDS present in SOS */
+	psds_fd = open("/sys/firmware/acpi/tables/PSDS", O_RDONLY);
+	if (psds_fd >=0)
+		acpi_table_enable(PSDS_ENTRY_NO);
+
 	/*
 	 * Run through all the ASL files, compiling them and
 	 * copying them into guest memory
@@ -1126,5 +1233,8 @@ acpi_build(struct vmctx *ctx, int ncpu)
 		i++;
 	}
 
+	if (psds_fd >=0)
+		close(psds_fd);
+
 	return err;
 }

devicemodel/include/acpi.h

@@ -42,6 +42,7 @@
 
 /* All dynamic table entry no. */
 #define NHLT_ENTRY_NO		8
+#define PSDS_ENTRY_NO		10
 
 void acpi_table_enable(int num);
 uint32_t get_acpi_base(void);