Yu Pu
cd81e8e030
OvmfPkg: Remove UefiCpuLib from module INFs.
...
Because UefiCpuPkg/UefiCpuLib is merged to MdePkg/CpuLib, remove the
dependency of UefiCpuLib.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Jordan Justen <jordan.l.justen@intel.com >
Acked-by: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Yu Pu <yu.pu@intel.com >
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com >
2023-03-10 08:23:56 +00:00
Zhiguang Liu
bf0c14a562
OvmfPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
...
There are two libraries: MdePkg/CpuLib and UefiCpuPkg/UefiCpuLib and
UefiCpuPkg/UefiCpuLib will be merged to MdePkg/CpuLib. To avoid build
failure, add CpuLib dependency to all modules that depend on UefiCpuLib.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Jordan Justen <jordan.l.justen@intel.com >
Acked-by: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com >
2023-03-10 08:23:56 +00:00
Min M Xu
019621d078
OvmfPkg/IntelTdx: Measure TdHob and Configuration FV in SecMain
...
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
TdHob and Configuration FV (Cfv) are external inputs from VMM. From the
security perspective, they should be measured before they're consumed.
This patch measures TdHob and Cfv and stores the measurement values in
WorkArea.
After TdHob and Configuration FV (Cfv) are measured in SecMain, the
same measurements in PeilessStartupLib are deleted.
Cc: Erdem Aktas <erdemaktas@google.com >
Cc: James Bottomley <jejb@linux.ibm.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Cc: Michael Roth <michael.roth@amd.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Min Xu <min.m.xu@intel.com >
Acked-by: Gerd Hoffmann <kraxel@redhat.com >
2023-02-04 03:38:15 +00:00
Min M Xu
c0984d1ff2
OvmfPkg: Refactor ProcessHobList
...
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
ProcessHobList once was implemented in PlatformInitLib and it walks thru
TdHob list and accept un-accepted memories.
This patch moves the codes to SecTdxHelperLib and rename ProcessHobList
as TdxHelperProcessTdHob
After TdxHelperProcessTdHob is introduced, below changes are applied:
- Call TdxHelperProcessTdHob instead of ProcessHobList in SecMain.c
(in both OvmfPkgX64/Sec and IntelTdx/Sec).
- Delete the duplicated codes in PlatformInitLib
Cc: Erdem Aktas <erdemaktas@google.com >
Cc: James Bottomley <jejb@linux.ibm.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Cc: Michael Roth <michael.roth@amd.com >
Acked-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Min Xu <min.m.xu@intel.com >
2023-02-04 03:38:15 +00:00
Min Xu
76fda1def3
OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled
...
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902
TdIsEnabled() uses the CPUID instruction. At this point, exception
handling is not established and a CPUID instruction will generate
a #VC and cause the booting guest to crash.
CcProbe() checks Ovmf work area to return the guest type. So call
of CcProbe() instead of TdIsEnabled() to fix the above issue.
Cc: James Bottomley <jejb@linux.ibm.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Brijesh Singh <brijesh.singh@amd.com >
Cc: Erdem Aktas <erdemaktas@google.com >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com >
Signed-off-by: Min Xu <min.m.xu@intel.com >
2022-04-19 01:26:08 +00:00
Min Xu
1f29de4d20
OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest
...
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
OvmfPkg/IntelTdx/Sec is a simplied version of OvmfPkg/Sec. There
are below differences between these 2 Sec
- IntelTdx/Sec only supports Legacy guest and Tdx guest in X64.
- IntelTdx/Sec calls PeilessStartup () to jump from SEC to DXE directly.
- IntelTdx/Sec uses MemoryAllocationLib / HobLib / PrePiLib in
EmbeddedPkg.
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Brijesh Singh <brijesh.singh@amd.com >
Cc: Erdem Aktas <erdemaktas@google.com >
Cc: James Bottomley <jejb@linux.ibm.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Acked-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Min Xu <min.m.xu@intel.com >
2022-04-02 10:09:47 +00:00