diff options
| author | James Bottomley <jejb@linux.ibm.com> | 2020-11-30 12:28:19 -0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-12-14 19:56:18 +0000 |
| commit | 01726b6d23d4c8a870dbd5b96c0b9e3caf38ef3c (patch) | |
| tree | db9d56da1c9805a48c82063ce9eb8f7745f87046 /OvmfPkg/AmdSev | |
| parent | bff2811c6d99c1e41a4cbb81b30cc4b5cb8e4f20 (diff) | |
| download | edk2-01726b6d23d4c8a870dbd5b96c0b9e3caf38ef3c.tar.gz edk2-01726b6d23d4c8a870dbd5b96c0b9e3caf38ef3c.tar.bz2 edk2-01726b6d23d4c8a870dbd5b96c0b9e3caf38ef3c.zip | |
OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table
Now that the secret area is protected by a boot time HOB, extract its
location details into a configuration table referenced by
gSevLaunchSecretGuid so the boot loader or OS can locate it before a
call to ExitBootServices().
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20201130202819.3910-7-jejb@linux.ibm.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
[lersek@redhat.com: fix indentation of InstallConfigurationTable() args]
Diffstat (limited to 'OvmfPkg/AmdSev')
| -rw-r--r-- | OvmfPkg/AmdSev/AmdSevX64.dsc | 1 | ||||
| -rw-r--r-- | OvmfPkg/AmdSev/AmdSevX64.fdf | 1 | ||||
| -rw-r--r-- | OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 27 | ||||
| -rw-r--r-- | OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf | 37 |
4 files changed, 66 insertions, 0 deletions
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index e9c522beda..bb7697eb32 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -778,6 +778,7 @@ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
!endif
+ OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
OvmfPkg/AmdSev/Grub/Grub.inf
!if $(BUILD_SHELL) == TRUE
ShellPkg/Application/Shell/Shell.inf {
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index b2656a1cf6..e8fd4b8c7b 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -269,6 +269,7 @@ INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif
+INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
INF OvmfPkg/AmdSev/Grub/Grub.inf
!if $(BUILD_SHELL) == TRUE
INF ShellPkg/Application/Shell/Shell.inf
diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c new file mode 100644 index 0000000000..5385a6aea2 --- /dev/null +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c @@ -0,0 +1,27 @@ +/** @file
+ SEV Secret configuration table constructor
+
+ Copyright (C) 2020 James Bottomley, IBM Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <PiDxe.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Guid/SevLaunchSecret.h>
+
+STATIC SEV_LAUNCH_SECRET_LOCATION mSecretDxeTable = {
+ FixedPcdGet32 (PcdSevLaunchSecretBase),
+ FixedPcdGet32 (PcdSevLaunchSecretSize),
+};
+
+EFI_STATUS
+EFIAPI
+InitializeSecretDxe(
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return gBS->InstallConfigurationTable (
+ &gSevLaunchSecretGuid,
+ &mSecretDxeTable
+ );
+}
diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf new file mode 100644 index 0000000000..62ab00a3d3 --- /dev/null +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf @@ -0,0 +1,37 @@ +## @file
+# Sev Secret configuration Table installer
+#
+# Copyright (C) 2020 James Bottomley, IBM Corporation.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SecretDxe
+ FILE_GUID = 6e2b9619-8810-4e9d-a177-d432bb9abeda
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = InitializeSecretDxe
+
+[Sources]
+ SecretDxe.c
+
+[Packages]
+ OvmfPkg/OvmfPkg.dec
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+
+[Guids]
+ gSevLaunchSecretGuid
+
+[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
+
+[Depex]
+ TRUE
|