-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table
Now that the secret area is protected by a boot time HOB, extract its location details into a configuration table referenced by gSevLaunchSecretGuid so the boot loader or OS can locate it before a call to ExitBootServices(). Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 Signed-off-by: James Bottomley <jejb@linux.ibm.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20201130202819.3910-7-jejb@linux.ibm.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com> [lersek@redhat.com: fix indentation of InstallConfigurationTable() args]
- Loading branch information
Showing
6 changed files
with
95 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/** @file | ||
SEV Secret configuration table constructor | ||
Copyright (C) 2020 James Bottomley, IBM Corporation. | ||
SPDX-License-Identifier: BSD-2-Clause-Patent | ||
**/ | ||
#include <PiDxe.h> | ||
#include <Library/UefiBootServicesTableLib.h> | ||
#include <Guid/SevLaunchSecret.h> | ||
|
||
STATIC SEV_LAUNCH_SECRET_LOCATION mSecretDxeTable = { | ||
FixedPcdGet32 (PcdSevLaunchSecretBase), | ||
FixedPcdGet32 (PcdSevLaunchSecretSize), | ||
}; | ||
|
||
EFI_STATUS | ||
EFIAPI | ||
InitializeSecretDxe( | ||
IN EFI_HANDLE ImageHandle, | ||
IN EFI_SYSTEM_TABLE *SystemTable | ||
) | ||
{ | ||
return gBS->InstallConfigurationTable ( | ||
&gSevLaunchSecretGuid, | ||
&mSecretDxeTable | ||
); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
## @file | ||
# Sev Secret configuration Table installer | ||
# | ||
# Copyright (C) 2020 James Bottomley, IBM Corporation. | ||
# | ||
# SPDX-License-Identifier: BSD-2-Clause-Patent | ||
# | ||
## | ||
|
||
[Defines] | ||
INF_VERSION = 0x00010005 | ||
BASE_NAME = SecretDxe | ||
FILE_GUID = 6e2b9619-8810-4e9d-a177-d432bb9abeda | ||
MODULE_TYPE = DXE_DRIVER | ||
VERSION_STRING = 1.0 | ||
ENTRY_POINT = InitializeSecretDxe | ||
|
||
[Sources] | ||
SecretDxe.c | ||
|
||
[Packages] | ||
OvmfPkg/OvmfPkg.dec | ||
MdePkg/MdePkg.dec | ||
|
||
[LibraryClasses] | ||
UefiBootServicesTableLib | ||
UefiDriverEntryPoint | ||
|
||
[Guids] | ||
gSevLaunchSecretGuid | ||
|
||
[FixedPcd] | ||
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase | ||
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize | ||
|
||
[Depex] | ||
TRUE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/** @file | ||
UEFI Configuration Table for exposing the SEV Launch Secret location to UEFI | ||
applications (boot loaders). | ||
Copyright (C) 2020 James Bottomley, IBM Corporation. | ||
SPDX-License-Identifier: BSD-2-Clause-Patent | ||
**/ | ||
|
||
#ifndef SEV_LAUNCH_SECRET_H_ | ||
#define SEV_LAUNCH_SECRET_H_ | ||
|
||
#include <Uefi/UefiBaseType.h> | ||
|
||
#define SEV_LAUNCH_SECRET_GUID \ | ||
{ 0xadf956ad, \ | ||
0xe98c, \ | ||
0x484c, \ | ||
{ 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \ | ||
} | ||
|
||
typedef struct { | ||
UINT32 Base; | ||
UINT32 Size; | ||
} SEV_LAUNCH_SECRET_LOCATION; | ||
|
||
extern EFI_GUID gSevLaunchSecretGuid; | ||
|
||
#endif // SEV_LAUNCH_SECRET_H_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters