Min: This is a new feature. Please submit one BZ to catch it. Thanks Liming > -----邮件原件----- > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 > min.m...@intel.com > 发送时间: 2021年3月9日 8:55 > 收件人: devel@edk2.groups.io > 抄送: Min Xu <min.m...@intel.com>; Liming Gao > <gaolim...@byosoft.com.cn>; Zhiguang Liu <zhiguang....@intel.com>; Jordan > Justen <jordan.l.jus...@intel.com>; Laszlo Ersek <ler...@redhat.com>; > Jiewen Yao <jiewen....@intel.com> > 主题: [edk2-devel] [PATCH 0/3] Add TdxLib support for Intel TDX > > From: Min Xu <min.m...@intel.com> > > The patch series provides lib support for Intel Trust Domain Extensions > (Intel TDX). > > Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology > that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory > Encryption (MKTME) with a new kind of virutal machines guest called a > Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the > confidentiality of TD memory contents and the TD's CPU state from other > software, including the hosting Virtual-Machine Monitor (VMM), unless > explicitly shared by the TD itself. > > The Intel TDX module uses the instruction-set architecture for Intel TDX > and the MKTME engine in the SOC to help serve as an intermediary between > the host VMM and the guest TD. TDCALL is the instruction which allows TD > guest privileged software to make a call for service into an underlying > TDX-module. > > TdxLib is created with functions to perform the related Tdx operation. > This includes functions for: > - TdCall : to cause a VM exit to the Intel TDX module > - TdVmCall : it is a leaf function 0 for TDCALL > - TdVmCallCpuid : enable the TD guest to request VMM to emulate > CPUID > - TdReport : to retrieve TDREPORT_STRUCT > - TdAcceptPages : to accept pending private pages > - TdExtendRtmr : to extend one of the RTMR registers > > The base function in MdePkg will not do anything and will return an error > if a return value is required. It is expected that other packages > (like OvmfPkg) will create a version of the library to fully support a TD > guest. > > We create an OVMF version of this library to begin the process of providing > full support of TDX in OVMF. > > To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec > - PcdUseTdxAcceptPage > Indicate whether TdCall(AcceptPage) is used. > - PcdUseTdxEmulation > Indicate whether TdxEmulation is used. > > See <https://software.intel.com/content/www/us/en/develop/articles/ > intel-trust-domain-extensions.html> > > CC: Liming Gao <gaolim...@byosoft.com.cn> > CC: Zhiguang Liu <zhiguang....@intel.com> > CC: Jordan Justen <jordan.l.jus...@intel.com> > CC: Laszlo Ersek <ler...@redhat.com> > CC: Jiewen Yao <jiewen....@intel.com> > > Signed-off-by: Min Xu <min.m...@intel.com> > > Min Xu (3): > MdePkg: Add Tdx support lib > OvmfPkg: Add PCDs for TdxLib > OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF > > MdePkg/Include/IndustryStandard/Tdx.h | 201 > +++++++++++++++++++++ > MdePkg/Include/Library/TdxLib.h | 165 ++++++++++++++++++ > MdePkg/Include/Protocol/Tdx.h | 22 +++ > MdePkg/Library/TdxLib/TdxLibNull.c | 155 +++++++++++++++++ > MdePkg/Library/TdxLib/TdxLibNull.inf | 33 ++++ > OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++ > OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++ > OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++ > OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++ > OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++ > OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++ > OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 > +++++++++++++++++++++++ > OvmfPkg/OvmfPkg.dec | 6 + > 13 files changed, 1261 insertions(+) > create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h > create mode 100644 MdePkg/Include/Library/TdxLib.h > create mode 100644 MdePkg/Include/Protocol/Tdx.h > create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c > create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf > create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c > create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c > create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c > create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf > create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf > create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm > create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm > > -- > 2.29.2.windows.2 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#72554): https://edk2.groups.io/g/devel/message/72554 Mute This Topic: https://groups.io/mt/81191437/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-