diff options
| author | Claudio Carvalho <cclaudio@linux.ibm.com> | 2024-06-10 22:29:57 +0300 |
|---|---|---|
| committer | Ard Biesheuvel <workofard@gmail.com> | 2025-03-16 20:21:44 +0100 |
| commit | 40b4e190d37dca895f46d816eca154d07c761ae7 (patch) | |
| tree | 68fe86e32bd49824d4a58b006534ece14daf2ad2 | |
| parent | 70f806ec23fb1c376afe33f2f054819a03e21641 (diff) | |
| download | edk2-40b4e190d37dca895f46d816eca154d07c761ae7.zip edk2-40b4e190d37dca895f46d816eca154d07c761ae7.tar.gz edk2-40b4e190d37dca895f46d816eca154d07c761ae7.tar.bz2 | |
OvmfPkg/AmdSvsmLib: Add the SVSM vTPM protocol
As described in the SVSM specification, guest components can call to the
SVSM vTPM through the vTPM protocol (protocol-id 2).
The SVSM vTPM protocol follows the Microsoft TPM Simulator interface
(MSSIM) and supports two services:
- SVSM_VTPM_QUERY (call-id 0): query MSSIM commands and vTPM features
supported.
- SVSM_VTPM_CMD (call-id 1): send a MSSIM command to be run by the vTPM
and get the result.
This patch adds support for SVSM_VTPM_QUERY and SVSM_VTPM_CMD to invoke
a SVSM when the guest is running at VMPL0.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Co-authored-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
| -rw-r--r-- | OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c index dfaccdc..e286ac0 100644 --- a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c +++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c @@ -498,3 +498,98 @@ AmdSvsmSnpVmsaRmpAdjust ( return AmdSvsmIsSvsmPresent () ? SvsmVmsaRmpAdjust (Vmsa, ApicId, SetVmsa)
: BaseVmsaRmpAdjust (Vmsa, SetVmsa);
}
+
+/**
+ Perform a SVSM_VTPM_QUERY operation
+
+ Query the support provided by the SVSM vTPM.
+
+ @param[out] PlatformCommands It will contain a bitmap indicating the
+ supported vTPM platform commands.
+ @param[out] Features It will contain a bitmap indicating the
+ supported vTPM features.
+
+ @retval TRUE The query was processed.
+ @retval FALSE The query was not processed.
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmVtpmQuery (
+ OUT UINT64 *PlatformCommands,
+ OUT UINT64 *Features
+ )
+{
+ SVSM_CALL_DATA SvsmCallData;
+ SVSM_FUNCTION Function;
+ UINTN Ret;
+
+ if (!PlatformCommands && !Features) {
+ return FALSE;
+ }
+
+ if (!AmdSvsmIsSvsmPresent ()) {
+ return FALSE;
+ }
+
+ Function.Id.Protocol = SVSM_PROTOCOL_VTPM;
+ Function.Id.CallId = SVSM_VTPM_QUERY;
+
+ SvsmCallData.Caa = (SVSM_CAA *)AmdSvsmSnpGetCaa ();
+ SvsmCallData.RaxIn = Function.Uint64;
+
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+ if (Ret != 0) {
+ return FALSE;
+ }
+
+ if (PlatformCommands) {
+ *PlatformCommands = SvsmCallData.RcxOut;
+ }
+
+ if (Features) {
+ *Features = SvsmCallData.RdxOut;
+ }
+
+ return TRUE;
+}
+
+/**
+ Perform a SVSM_VTPM_CMD operation
+
+ Send the specified vTPM platform command to the SVSM vTPM.
+
+ @param[in, out] Buffer It should contain the vTPM platform command
+ request. The respective response will be returned
+ in the same Buffer, but not all commands specify a
+ response.
+
+ @retval TRUE The command was processed.
+ @retval FALSE The command was not processed.
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmVtpmCmd (
+ IN OUT UINT8 *Buffer
+ )
+{
+ SVSM_CALL_DATA SvsmCallData;
+ SVSM_FUNCTION Function;
+ UINTN Ret;
+
+ if (!AmdSvsmIsSvsmPresent ()) {
+ return FALSE;
+ }
+
+ Function.Id.Protocol = SVSM_PROTOCOL_VTPM;
+ Function.Id.CallId = SVSM_VTPM_CMD;
+
+ SvsmCallData.Caa = (SVSM_CAA *)AmdSvsmSnpGetCaa ();
+ SvsmCallData.RaxIn = Function.Uint64;
+ SvsmCallData.RcxIn = (UINT64)(UINTN)Buffer;
+
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+
+ return (Ret == 0) ? TRUE : FALSE;
+}
|