File ovmf-OvmfPkg-AmdSvsmLib-Add-the-SVSM-vTPM-protocol.patch of Package ovmf-edk2-stable202502
From 40b4e190d37dca895f46d816eca154d07c761ae7 Mon Sep 17 00:00:00 2001
From: Claudio Carvalho <cclaudio@linux.ibm.com>
Date: Mon, 10 Jun 2024 22:29:57 +0300
Subject: [PATCH] OvmfPkg/AmdSvsmLib: Add the SVSM vTPM protocol
As described in the SVSM specification, guest components can call to the
SVSM vTPM through the vTPM protocol (protocol-id 2).
The SVSM vTPM protocol follows the Microsoft TPM Simulator interface
(MSSIM) and supports two services:
- SVSM_VTPM_QUERY (call-id 0): query MSSIM commands and vTPM features
supported.
- SVSM_VTPM_CMD (call-id 1): send a MSSIM command to be run by the vTPM
and get the result.
This patch adds support for SVSM_VTPM_QUERY and SVSM_VTPM_CMD to invoke
a SVSM when the guest is running at VMPL0.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Co-authored-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 95 +++++++++++++++++++++++++
1 file changed, 95 insertions(+)
diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
index dfaccdc9e9..e286ac0bc0 100644
--- a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
+++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
@@ -498,3 +498,98 @@ AmdSvsmSnpVmsaRmpAdjust (
return AmdSvsmIsSvsmPresent () ? SvsmVmsaRmpAdjust (Vmsa, ApicId, SetVmsa)
: BaseVmsaRmpAdjust (Vmsa, SetVmsa);
}
+
+/**
+ Perform a SVSM_VTPM_QUERY operation
+
+ Query the support provided by the SVSM vTPM.
+
+ @param[out] PlatformCommands It will contain a bitmap indicating the
+ supported vTPM platform commands.
+ @param[out] Features It will contain a bitmap indicating the
+ supported vTPM features.
+
+ @retval TRUE The query was processed.
+ @retval FALSE The query was not processed.
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmVtpmQuery (
+ OUT UINT64 *PlatformCommands,
+ OUT UINT64 *Features
+ )
+{
+ SVSM_CALL_DATA SvsmCallData;
+ SVSM_FUNCTION Function;
+ UINTN Ret;
+
+ if (!PlatformCommands && !Features) {
+ return FALSE;
+ }
+
+ if (!AmdSvsmIsSvsmPresent ()) {
+ return FALSE;
+ }
+
+ Function.Id.Protocol = SVSM_PROTOCOL_VTPM;
+ Function.Id.CallId = SVSM_VTPM_QUERY;
+
+ SvsmCallData.Caa = (SVSM_CAA *)AmdSvsmSnpGetCaa ();
+ SvsmCallData.RaxIn = Function.Uint64;
+
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+ if (Ret != 0) {
+ return FALSE;
+ }
+
+ if (PlatformCommands) {
+ *PlatformCommands = SvsmCallData.RcxOut;
+ }
+
+ if (Features) {
+ *Features = SvsmCallData.RdxOut;
+ }
+
+ return TRUE;
+}
+
+/**
+ Perform a SVSM_VTPM_CMD operation
+
+ Send the specified vTPM platform command to the SVSM vTPM.
+
+ @param[in, out] Buffer It should contain the vTPM platform command
+ request. The respective response will be returned
+ in the same Buffer, but not all commands specify a
+ response.
+
+ @retval TRUE The command was processed.
+ @retval FALSE The command was not processed.
+
+**/
+BOOLEAN
+EFIAPI
+AmdSvsmVtpmCmd (
+ IN OUT UINT8 *Buffer
+ )
+{
+ SVSM_CALL_DATA SvsmCallData;
+ SVSM_FUNCTION Function;
+ UINTN Ret;
+
+ if (!AmdSvsmIsSvsmPresent ()) {
+ return FALSE;
+ }
+
+ Function.Id.Protocol = SVSM_PROTOCOL_VTPM;
+ Function.Id.CallId = SVSM_VTPM_CMD;
+
+ SvsmCallData.Caa = (SVSM_CAA *)AmdSvsmSnpGetCaa ();
+ SvsmCallData.RaxIn = Function.Uint64;
+ SvsmCallData.RcxIn = (UINT64)(UINTN)Buffer;
+
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+
+ return (Ret == 0) ? TRUE : FALSE;
+}
--
2.43.0
