diff options
Diffstat (limited to 'OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c')
| -rw-r--r-- | OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c index 63cfee9..31bafa9 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c @@ -13,7 +13,10 @@ #include <Library/BaseLib.h>
#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
#include <Library/QemuFwCfgLib.h>
+#include <PiPei.h>
+#include <WorkArea.h>
#include "QemuFwCfgLibInternal.h"
@@ -119,3 +122,93 @@ InternalQemuFwCfgDmaBytes ( ASSERT (FALSE);
CpuDeadLoop ();
}
+
+#ifdef TDX_PEI_LESS_BOOT
+
+/**
+ Check if the Ovmf work area is built as HobList before invoking Hob services.
+
+ @retval TRUE Ovmf work area is not NULL and it is built as HobList.
+ @retval FALSE Ovmf work area is NULL or it is not built as HobList.
+**/
+BOOLEAN
+InternalQemuFwCfgCheckOvmfWorkArea (
+ VOID
+ )
+{
+ TDX_WORK_AREA *TdxWorkArea;
+
+ // QemuFwCfgLib might be called in a very early stage
+ // (at that moment HobList may not be set). So an additional check
+ // to the HobList is needed.
+ TdxWorkArea = (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+ if ((TdxWorkArea == NULL) || (TdxWorkArea->SecTdxWorkArea.HobList == 0)) {
+ return FALSE;
+ } else {
+ return TRUE;
+ }
+}
+
+/**
+ Get the pointer to the QEMU_FW_CFG_WORK_AREA. This data is used as the
+ workarea to record the ongoing fw_cfg item and offset.
+ @retval QEMU_FW_CFG_WORK_AREA Pointer to the QEMU_FW_CFG_WORK_AREA
+ @retval NULL QEMU_FW_CFG_WORK_AREA doesn't exist
+**/
+QEMU_FW_CFG_WORK_AREA *
+InternalQemuFwCfgCacheGetWorkArea (
+ VOID
+ )
+{
+ EFI_HOB_GUID_TYPE *GuidHob;
+ EFI_HOB_PLATFORM_INFO *PlatformHobinfo;
+
+ if (InternalQemuFwCfgCheckOvmfWorkArea () == FALSE) {
+ return NULL;
+ }
+
+ GuidHob = GetFirstGuidHob (&gUefiOvmfPkgPlatformInfoGuid);
+ if (GuidHob == NULL) {
+ return NULL;
+ }
+
+ PlatformHobinfo = (EFI_HOB_PLATFORM_INFO *)(VOID *)GET_GUID_HOB_DATA (GuidHob);
+ return &(PlatformHobinfo->QemuFwCfgWorkArea);
+}
+
+/**
+ OVMF reads configuration data from QEMU via fw_cfg.
+ For Td-Guest VMM is out of TCB and the configuration data is untrusted.
+ From the security perpective the configuration data shall be measured
+ before it is consumed.
+ This function reads the fw_cfg items and cached them. In the meanwhile these
+ fw_cfg items are measured as well. This is to avoid changing the order when
+ reading the fw_cfg process, which depends on multiple factors(depex, order in
+ the Firmware volume).
+ @retval RETURN_SUCCESS - Successfully cache with measurement
+ @retval Others - As the error code indicates
+ */
+RETURN_STATUS
+EFIAPI
+QemuFwCfgInitCache (
+ IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob
+ )
+{
+ if (!QemuFwCfgIsAvailable ()) {
+ DEBUG ((DEBUG_ERROR, "%a: Qemu Fw_Cfg is not Available! \n", __func__));
+ return RETURN_UNSUPPORTED;
+ }
+
+ if (InternalQemuFwCfgCheckOvmfWorkArea () == FALSE) {
+ return RETURN_ABORTED;
+ }
+
+ if (EFI_ERROR (InternalQemuFwCfgInitCache (PlatformInfoHob))) {
+ return RETURN_ABORTED;
+ }
+
+ DEBUG ((DEBUG_INFO, "QemuFwCfgInitCache Pass!!!\n"));
+ return RETURN_SUCCESS;
+}
+
+#endif
|