From: Min M Xu <min.m...@intel.com>
Validate Configurtion FV (CFV) in Tdx guest.
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Min Xu <min.m...@intel.com>
---
OvmfPkg/Sec/SecMain.c | 8 ++++++++
OvmfPkg/Sec/SecMain.inf | 2 ++
2 files changed, 10 insertions(+)
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 1167d22a68cc..f6c00b8dab96 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -768,6 +768,14 @@ SecCoreStartupWithStack (
if (ProcessTdxHobList () != EFI_SUCCESS) {
CpuDeadLoop ();
}
+
+ //
+ // Config FV (Cfv) contains the configuration information and its integrity
+ // should be validated.
+ //
+ if (!TdxValidateCfv ((UINT8 *)(UINTN)FixedPcdGet32 (PcdCfvBase),
FixedPcdGet32 (PcdCfvRawDataSize))) {
+ CpuDeadLoop ();
+ }
}
#endif
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 561a840f29c5..ae0094a15eda 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -84,6 +84,8 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90754): https://edk2.groups.io/g/devel/message/90754
Mute This Topic: https://groups.io/mt/91995189/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
