[edk2-devel] [PATCH V2 2/8] OvmfPkg: Validate Cfv integrity in Tdx guest

Sat, 25 Jun 2022 20:06:17 -0700 

From: Min M Xu <[email protected]>

Validate Configurtion FV (CFV) in Tdx guest.

Cc: Erdem Aktas <[email protected]>
Cc: James Bottomley <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Tom Lendacky <[email protected]>
Signed-off-by: Min Xu <[email protected]>
---
 OvmfPkg/Sec/SecMain.c   | 8 ++++++++
 OvmfPkg/Sec/SecMain.inf | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 1167d22a68cc..f6c00b8dab96 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -768,6 +768,14 @@ SecCoreStartupWithStack (
     if (ProcessTdxHobList () != EFI_SUCCESS) {
       CpuDeadLoop ();
     }
+
+    //
+    // Config FV (Cfv) contains the configuration information and its integrity
+    // should be validated.
+    //
+    if (!TdxValidateCfv ((UINT8 *)(UINTN)FixedPcdGet32 (PcdCfvBase), 
FixedPcdGet32 (PcdCfvRawDataSize))) {
+      CpuDeadLoop ();
+    }
   }
 
  #endif
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 561a840f29c5..ae0094a15eda 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -84,6 +84,8 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
   gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90754): https://edk2.groups.io/g/devel/message/90754
Mute This Topic: https://groups.io/mt/91995189/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to