When boot a TDX VM, parse firmware as TDVF. Only enable this on the case that firmware is provided as flash, since it's the correct interface to specify firmware for uefi guest. - When unified firmware is provided, there is only one pflsh, pflash[0]; - When split images (CODE.fd and VARs.fd) are provided, metadata is located in CODE.fd, which means pflash[0]. So parse TDVF on plash[0]. Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx> --- hw/i386/pc_sysfw.c | 21 ++++++++++++++------- target/i386/kvm/tdx-stub.c | 5 +++++ target/i386/kvm/tdx.c | 4 ++++ target/i386/kvm/tdx.h | 4 ++++ 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 03c84b5aaa32..bdec29fd9519 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -200,15 +200,16 @@ static void pc_system_flash_map(PCMachineState *pcms, if (i == 0) { pc_isa_bios_init(rom_memory, flash_mem, size); + flash_ptr = memory_region_get_ram_ptr(flash_mem); + flash_size = memory_region_size(flash_mem); + /* + * OVMF places a GUIDed structures in the flash, so + * search for them + */ + pc_system_parse_ovmf_flash(flash_ptr, flash_size); + /* Encrypt the pflash boot ROM */ if (sev_enabled()) { - flash_ptr = memory_region_get_ram_ptr(flash_mem); - flash_size = memory_region_size(flash_mem); - /* - * OVMF places a GUIDed structures in the flash, so - * search for them - */ - pc_system_parse_ovmf_flash(flash_ptr, flash_size); ret = sev_es_save_reset_vector(flash_ptr, flash_size); if (ret) { @@ -217,6 +218,12 @@ static void pc_system_flash_map(PCMachineState *pcms, } sev_encrypt_flash(flash_ptr, flash_size, &error_fatal); + } else if (is_tdx_vm()) { + ret = tdx_parse_tdvf(flash_ptr, flash_size); + if (ret) { + error_report("failed to parse TDVF in pflash for TDX VM"); + exit(1); + } } } } diff --git a/target/i386/kvm/tdx-stub.c b/target/i386/kvm/tdx-stub.c index 2871de9d7b56..395a59721266 100644 --- a/target/i386/kvm/tdx-stub.c +++ b/target/i386/kvm/tdx-stub.c @@ -12,3 +12,8 @@ int tdx_pre_create_vcpu(CPUState *cpu) { return -EINVAL; } + +int tdx_parse_tdvf(void *flash_ptr, int size) +{ + return -EINVAL; +} diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 1bb8211e74e6..7f34b14dc504 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -260,6 +260,10 @@ out: qemu_mutex_unlock(&tdx_guest->lock); return r; } +int tdx_parse_tdvf(void *flash_ptr, int size) +{ + return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size); +} static bool tdx_guest_get_sept_ve_disable(Object *obj, Error **errp) { diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index 46a24ee8c7cc..12bcf25bb95b 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -6,6 +6,7 @@ #endif #include "exec/confidential-guest-support.h" +#include "hw/i386/tdvf.h" #define TYPE_TDX_GUEST "tdx-guest" #define TDX_GUEST(obj) OBJECT_CHECK(TdxGuest, (obj), TYPE_TDX_GUEST) @@ -21,6 +22,8 @@ typedef struct TdxGuest { bool initialized; uint64_t attributes; /* TD attributes */ + + TdxFirmware tdvf; } TdxGuest; #ifdef CONFIG_TDX @@ -33,5 +36,6 @@ int tdx_kvm_init(MachineState *ms, Error **errp); void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg, uint32_t *ret); int tdx_pre_create_vcpu(CPUState *cpu); +int tdx_parse_tdvf(void *flash_ptr, int size); #endif /* QEMU_I386_TDX_H */ -- 2.27.0