Re: [PATCH v6 06/29] OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase


Min Xu
 

On September 2, 2021 4:20 PM, Gerd Hoffmann wrote:
Hi,

During the guest creation time, the VMM encrypts the OVMF_CODE.fd
using the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In
addition to encrypting the content, the command also validates the
memory region.
This allows us to execute the code without going through the
validation sequence.
Hmm, tdx must handle this too.

+
+
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0
+ |UINT32|0x56
+
+
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|
U
+ INT32|0x57
So maybe we should drop the "Snp" from the name here ...

; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9
;
sevSnpBootBlockStart:
+ DD SNP_HV_VALIDATED_START
+ DD SNP_HV_VALIDATED_END
... and store the range which needs validation in another, not snp-specific
block?

Jiewen? Min?
We pack all the Tdx information into a blob (TdxMetadata). These tdx information
Includes the BFV(i.e. OVMF_CODE.fd), the CFV(i.e. OVMF_VARS.fd), TdMailbox, etc.
The offset to the TdxMetadata is in the GUIDed chain in ResetVectorVtf0.asm.
;
; GUID : e47a6535-984a-4798-865e-4685a7bf8ec2
;
tdxMetadataOffsetStart:
DD (OVMF_IMAGE_SIZE_IN_KB * 1024 - (fourGigabytes - TdxMetadataGuid - 16))
DW tdxMetadataOffsetEnd - tdxMetadataOffsetStart
DB 0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47
DB 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2
tdxMetadataOffsetEnd:

In the future new metadata can be added into the TdxMetadata without changes
in ResetVectorVtf0.asm.

Thanks!
Min

Join devel@edk2.groups.io to automatically receive all group messages.