sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5a67a2efa7f0542f5afc7eb70f75bc8f6a6c4d24
system76-edk2/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm
Tom Lendacky 5a67a2efa7 OvmfPkg: Create a calling area used to communicate with the SVSM 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

An SVSM requires a calling area page whose address (CAA) is used by the
SVSM to communicate and process the SVSM request.

Add a pre-defined page area to the OvmfPkg and AmdSev packages and define
corresponding PCDs used to communicate the location and size of the area.
Keep the AmdSev package in sync with the OvmfPkg and adjust the AmdSev
launch and hash area memory locations.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
2024-04-17 20:04:41 +00:00

95 lines
2.7 KiB
NASM
Raw Blame History

;-----------------------------------------------------------------------------
; @file
; OVMF metadata for the AMD SEV confidential computing guests
;
; Copyright (c) 2021 - 2024, AMD Inc. All rights reserved.<BR>
;
; SPDX-License-Identifier: BSD-2-Clause-Patent
;-----------------------------------------------------------------------------
BITS 64
%define OVMF_SEV_METADATA_VERSION 1
; The section must be accepted or validated by the VMM before the boot
%define OVMF_SECTION_TYPE_SNP_SEC_MEM 0x1
; AMD SEV-SNP specific sections
%define OVMF_SECTION_TYPE_SNP_SECRETS 0x2
;
; The section contains the hypervisor pre-populated CPUID values.
; In the case of SEV-SNP, the CPUID values are filtered and measured by
; the SEV-SNP firmware.
; The CPUID format is documented in SEV-SNP firmware spec 0.9 section 7.1
; (CPUID function structure).
;
%define OVMF_SECTION_TYPE_CPUID 0x3
; The SVSM Calling Area Address (CAA)
%define OVMF_SECTION_TYPE_SVSM_CAA 0x4
; Kernel hashes section for measured direct boot
%define OVMF_SECTION_TYPE_KERNEL_HASHES 0x10
ALIGN 16
TIMES (15 - ((OvmfSevGuidedStructureEnd - OvmfSevGuidedStructureStart + 15) % 16)) DB 0
OvmfSevGuidedStructureStart:
;
; OvmfSev metadata descriptor
;
OvmfSevMetadataGuid:
_DescriptorSev:
DB 'A','S','E','V' ; Signature
DD OvmfSevGuidedStructureEnd - _DescriptorSev ; Length
DD OVMF_SEV_METADATA_VERSION ; Version
DD (OvmfSevGuidedStructureEnd - _DescriptorSev - 16) / 12 ; Number of sections
; Region need to be pre-validated by the hypervisor
PreValidate1:
DD SNP_SEC_MEM_BASE_DESC_1
DD SNP_SEC_MEM_SIZE_DESC_1
DD OVMF_SECTION_TYPE_SNP_SEC_MEM
PreValidate2:
DD SNP_SEC_MEM_BASE_DESC_2
DD SNP_SEC_MEM_SIZE_DESC_2
DD OVMF_SECTION_TYPE_SNP_SEC_MEM
; SEV-SNP Secrets page
SevSnpSecrets:
DD SEV_SNP_SECRETS_BASE
DD SEV_SNP_SECRETS_SIZE
DD OVMF_SECTION_TYPE_SNP_SECRETS
; CPUID values
CpuidSec:
DD CPUID_BASE
DD CPUID_SIZE
DD OVMF_SECTION_TYPE_CPUID
; SVSM CAA page
SvsmCaa:
DD SVSM_CAA_BASE
DD SVSM_CAA_SIZE
DD OVMF_SECTION_TYPE_SVSM_CAA
%if (SEV_SNP_KERNEL_HASHES_BASE > 0)
; Kernel hashes for measured direct boot, or zero page if
; there are no kernel hashes / SEV secrets
SevSnpKernelHashes:
DD SEV_SNP_KERNEL_HASHES_BASE
DD SEV_SNP_KERNEL_HASHES_SIZE
DD OVMF_SECTION_TYPE_KERNEL_HASHES
%endif
; Region need to be pre-validated by the hypervisor
PreValidate3:
DD SNP_SEC_MEM_BASE_DESC_3
DD SNP_SEC_MEM_SIZE_DESC_3
DD OVMF_SECTION_TYPE_SNP_SEC_MEM
OvmfSevGuidedStructureEnd:
ALIGN 16
Reference in New Issue View Git Blame Copy Permalink