Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: fa74200c92693add490b18615c2821ba72a2d58d
https://github.com/tianocore/edk2/commit/fa74200c92693add490b18615c2821ba72a2d58d
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M MdePkg/Include/Register/Amd/Svsm.h
Log Message:
-----------
MdePkg/AmdSev: Add SVSM protocol call numbers
Add protocol and call numbers as defined in the "Secure VM Service
Module for SEV-SNP Guests" Publication # 58019 Revision: 1.00
https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: 458198aa49c39fa61ab735c0fb3cd22d1f6fdee7
https://github.com/tianocore/edk2/commit/458198aa49c39fa61ab735c0fb3cd22d1f6fdee7
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
Log Message:
-----------
OvmfPkg/AmdSvmLib: Use named protocol and call constants
Make use of the named protocol and call constants for SVSM
communication.
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: 87d4cdd09e4d9432c150a3a029dcad7da38bcffa
https://github.com/tianocore/edk2/commit/87d4cdd09e4d9432c150a3a029dcad7da38bcffa
Author: Claudio Carvalho <cclau...@linux.ibm.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M UefiCpuPkg/Include/Library/AmdSvsmLib.h
M UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.c
Log Message:
-----------
UefiCpuPkg/AmdSvsmLib: Stub the SVSM vTPM protocol for non-VMPL0 guests
We need to stub the SVSM vTPM protocol in the UefiCpuPkg in order to
support a SEV-SNP guest running under a SVSM at VMPL1 or lower.
Cc: Ray Ni <ray...@intel.com>
Cc: Rahul Kumar <rahul1.ku...@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Jiaxin Wu <jiaxin...@intel.com>
Co-authored-by: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: Claudio Carvalho <cclau...@linux.ibm.com>
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: 70f806ec23fb1c376afe33f2f054819a03e21641
https://github.com/tianocore/edk2/commit/70f806ec23fb1c376afe33f2f054819a03e21641
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M MdePkg/Include/Register/Amd/Svsm.h
Log Message:
-----------
MdePkg/AmdSev: Add SVSM protocol vTPM call numbers
Add call numbers for the SVSM vTPM protocol, as defined in the "Secure
VM Service Module for SEV-SNP Guests" Publication # 58019 Revision: 1.00
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: 40b4e190d37dca895f46d816eca154d07c761ae7
https://github.com/tianocore/edk2/commit/40b4e190d37dca895f46d816eca154d07c761ae7
Author: Claudio Carvalho <cclau...@linux.ibm.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
Log Message:
-----------
OvmfPkg/AmdSvsmLib: Add the SVSM vTPM protocol
As described in the SVSM specification, guest components can call to the
SVSM vTPM through the vTPM protocol (protocol-id 2).
The SVSM vTPM protocol follows the Microsoft TPM Simulator interface
(MSSIM) and supports two services:
- SVSM_VTPM_QUERY (call-id 0): query MSSIM commands and vTPM features
supported.
- SVSM_VTPM_CMD (call-id 1): send a MSSIM command to be run by the vTPM
and get the result.
This patch adds support for SVSM_VTPM_QUERY and SVSM_VTPM_CMD to invoke
a SVSM when the guest is running at VMPL0.
Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Co-authored-by: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: Claudio Carvalho <cclau...@linux.ibm.com>
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: 87f454532a612066c3caacd240782fc40f31c152
https://github.com/tianocore/edk2/commit/87f454532a612066c3caacd240782fc40f31c152
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
Log Message:
-----------
SecurityPkg/Tpm2DeviceLibDTpm: Improve spelling/grammar of comments
Fix some spelling/grammar mistakes in the documentation comments.
Suggested-by: Dionna Glaze <dionnagl...@google.com>
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: edf5e365c104fb86623b6359ac53d79777d521bf
https://github.com/tianocore/edk2/commit/edf5e365c104fb86623b6359ac53d79777d521bf
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.h
Log Message:
-----------
SecurityPkg/Tpm2DeviceLibDTpm: Add header file for Tpm2Ptp.c
A some of functions implemented in Tpm2Ptp.c are forward declared in a
couple of places. To clean this up, introduce a header that contains
these declarations in a central place and use it instead.
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: e868ece3c7d12be79f46da64b7c841d0486ac621
https://github.com/tianocore/edk2/commit/e868ece3c7d12be79f46da64b7c841d0486ac621
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmSvsm.c
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmSvsm.inf
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpmSvsm.c
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpmSvsm.inf
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.h
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2PtpSvsmShim.c
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2PtpSvsmShim.h
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Svsm.c
A SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Svsm.h
M SecurityPkg/SecurityPkg.ci.yaml
M SecurityPkg/SecurityPkg.dec
M SecurityPkg/SecurityPkg.dsc
Log Message:
-----------
SecurityPkg/Tpm2DeviceLibDTpm: Add TPM2 lib supporting SVSM vTPM
SEV-SNP provides a feature known as VM Privilege Level (VMPL), which
allows for services to be run in the guest at different privilege
levels. By running at VMPL0 (most privileged VM level), the SVSM can be
used to provide privileged services, e.g. a virtual TPM, for the guest
rather than trust such services from the hypervisor.
This patch adds a DTpm driver to communicate with a virtual TPM running
in the SVSM. The driver follows the vTPM protocol documented in the SVSM
specification.
SVSM vTPM functionality is available as new device and instance
libraries, which can be consumed optionally, keeping changes to the
regular TPM implementation minimal.
Cc: Jiewen Yao <jiewen....@intel.com>
Co-authored-by: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: Claudio Carvalho <cclau...@linux.ibm.com>
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: 06b2f9dc4385ccf5ca4b86deb14832daa373629f
https://github.com/tianocore/edk2/commit/06b2f9dc4385ccf5ca4b86deb14832daa373629f
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc
M OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
Log Message:
-----------
OvmfPkg: Use Tpm2Device lib with SVSM vTPM support
Switch over to Tpm2InstanceLibDTpmSvsm as the Tpm2 implementation to
support vTPMs provided by an SVSM.
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Commit: 9bceb16000056f31119c79014788bc99d5cfdc3d
https://github.com/tianocore/edk2/commit/9bceb16000056f31119c79014788bc99d5cfdc3d
Author: Oliver Steffen <ostef...@redhat.com>
Date: 2025-03-16 (Sun, 16 Mar 2025)
Changed paths:
M Maintainers.txt
Log Message:
-----------
Maintainers.txt: Add reviewer for SVSM vTPM related modules
Add reviewers for the TPM2 code under SecurityPkg/
related to SVSM vTPM.
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Compare: https://github.com/tianocore/edk2/compare/e095a3c59b24...9bceb1600005
To unsubscribe from these emails, change your notification settings at
https://github.com/tianocore/edk2/settings/notifications
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
