5 files changed, 34 insertions, 1 deletions

diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 9977b0f00a..0a89749700 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -59,9 +59,12 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmf
 0x00B000|0x001000

 gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize

 

-0x00C000|0x001000

+0x00C000|0x000C00

 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize

 

+0x00CC00|0x000400

+gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize

+

 0x00D000|0x001000

 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize

 

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index f82228d69c..2ab27f0c73 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -324,6 +324,12 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42

   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43

 

+  ## The base address and size of a hash table confirming allowed

+  #  parameters to be passed in via the Qemu firmware configuration

+  #  device

+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47

+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48

+

 [PcdsDynamic, PcdsDynamicEx]

   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2

   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10

diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
index 9c0b5853a4..7ec3c6e980 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -47,7 +47,27 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + 15) % 16)) DB 0
 ;

 guidedStructureStart:

 

+; SEV Hash Table Block

 ;

+; This describes the guest ram area where the hypervisor should

+; install a table describing the hashes of certain firmware configuration

+; device files that would otherwise be passed in unchecked.  The current

+; use is for the kernel, initrd and command line values, but others may be

+; added.  The data format is:

+;

+; base physical address (32 bit word)

+; table length (32 bit word)

+;

+; GUID (SEV FW config hash block): 7255371f-3a3b-4b04-927b-1da6efa8d454

+;

+sevFwHashBlockStart:

+    DD      SEV_FW_HASH_BLOCK_BASE

+    DD      SEV_FW_HASH_BLOCK_SIZE

+    DW      sevFwHashBlockEnd - sevFwHashBlockStart

+    DB      0x1f, 0x37, 0x55, 0x72, 0x3b, 0x3a, 0x04, 0x4b

+    DB      0x92, 0x7b, 0x1d, 0xa6, 0xef, 0xa8, 0xd4, 0x54

+sevFwHashBlockEnd:

+

 ; SEV Secret block

 ;

 ; This describes the guest ram area where the hypervisor should

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index dc38f68919..d028c92d8c 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -47,3 +47,5 @@
 [FixedPcd]

   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase

   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize

+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase

+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize

diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 8a3269cfc2..acec46a324 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -89,5 +89,7 @@
   %define SEV_ES_AP_RESET_IP  FixedPcdGet32 (PcdSevEsWorkAreaBase)

   %define SEV_LAUNCH_SECRET_BASE  FixedPcdGet32 (PcdSevLaunchSecretBase)

   %define SEV_LAUNCH_SECRET_SIZE  FixedPcdGet32 (PcdSevLaunchSecretSize)

+  %define SEV_FW_HASH_BLOCK_BASE  FixedPcdGet32 (PcdQemuHashTableBase)

+  %define SEV_FW_HASH_BLOCK_SIZE  FixedPcdGet32 (PcdQemuHashTableSize)

 %include "Ia16/ResetVectorVtf0.asm"