OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table

Now that the secret area is protected by a boot time HOB, extract its location details into a configuration table referenced by gSevLaunchSecretGuid so the boot loader or OS can locate it before a call to ExitBootServices(). Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 Signed-off-by: James Bottomley <jejb@linux.ibm.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20201130202819.3910-7-jejb@linux.ibm.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com> [lersek@redhat.com: fix indentation of InstallConfigurationTable() args]
2020-11-30 12:28:19 -08:00
parent bff2811c6d
commit 01726b6d23
6 changed files with 95 additions and 0 deletions
--- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
+++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
@@ -0,0 +1,27 @@
+/** @file
+  SEV Secret configuration table constructor
+
+  Copyright (C) 2020 James Bottomley, IBM Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <PiDxe.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Guid/SevLaunchSecret.h>
+
+STATIC SEV_LAUNCH_SECRET_LOCATION mSecretDxeTable = {
+  FixedPcdGet32 (PcdSevLaunchSecretBase),
+  FixedPcdGet32 (PcdSevLaunchSecretSize),
+};
+
+EFI_STATUS
+EFIAPI
+InitializeSecretDxe(
+  IN EFI_HANDLE           ImageHandle,
+  IN EFI_SYSTEM_TABLE     *SystemTable
+  )
+{
+  return gBS->InstallConfigurationTable (
+                &gSevLaunchSecretGuid,
+                &mSecretDxeTable
+                );
+}
--- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
+++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
@@ -0,0 +1,37 @@
+## @file
+#  Sev Secret configuration Table installer
+#
+#  Copyright (C) 2020 James Bottomley, IBM Corporation.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = SecretDxe
+  FILE_GUID                      = 6e2b9619-8810-4e9d-a177-d432bb9abeda
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = InitializeSecretDxe
+
+[Sources]
+  SecretDxe.c
+
+[Packages]
+  OvmfPkg/OvmfPkg.dec
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  UefiBootServicesTableLib
+  UefiDriverEntryPoint
+
+[Guids]
+  gSevLaunchSecretGuid
+
+[FixedPcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
+
+[Depex]
+  TRUE