When boot a TDX VM, parse firmware as TDVF. Only enable this on the case
that firmware is provided as flash, since it's the correct interface to
specify firmware for uefi guest.
- When unified firmware is provided, there is only one pflsh, pflash[0];
- When split images (CODE.fd and VARs.fd) are provided, metadata is
located in CODE.fd, which means pflash[0].
So parse TDVF on plash[0].
Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
---
hw/i386/pc_sysfw.c | 21 ++++++++++++++-------
target/i386/kvm/tdx-stub.c | 5 +++++
target/i386/kvm/tdx.c | 4 ++++
target/i386/kvm/tdx.h | 4 ++++
4 files changed, 27 insertions(+), 7 deletions(-)
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 03c84b5aaa32..bdec29fd9519 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -200,15 +200,16 @@ static void pc_system_flash_map(PCMachineState *pcms,
if (i == 0) {
pc_isa_bios_init(rom_memory, flash_mem, size);
+ flash_ptr = memory_region_get_ram_ptr(flash_mem);
+ flash_size = memory_region_size(flash_mem);
+ /*
+ * OVMF places a GUIDed structures in the flash, so
+ * search for them
+ */
+ pc_system_parse_ovmf_flash(flash_ptr, flash_size);
+
/* Encrypt the pflash boot ROM */
if (sev_enabled()) {
- flash_ptr = memory_region_get_ram_ptr(flash_mem);
- flash_size = memory_region_size(flash_mem);
- /*
- * OVMF places a GUIDed structures in the flash, so
- * search for them
- */
- pc_system_parse_ovmf_flash(flash_ptr, flash_size);
ret = sev_es_save_reset_vector(flash_ptr, flash_size);
if (ret) {
@@ -217,6 +218,12 @@ static void pc_system_flash_map(PCMachineState *pcms,
}
sev_encrypt_flash(flash_ptr, flash_size, &error_fatal);
+ } else if (is_tdx_vm()) {
+ ret = tdx_parse_tdvf(flash_ptr, flash_size);
+ if (ret) {
+ error_report("failed to parse TDVF in pflash for TDX VM");
+ exit(1);
+ }
}
}
}
diff --git a/target/i386/kvm/tdx-stub.c b/target/i386/kvm/tdx-stub.c
index 2871de9d7b56..395a59721266 100644
--- a/target/i386/kvm/tdx-stub.c
+++ b/target/i386/kvm/tdx-stub.c
@@ -12,3 +12,8 @@ int tdx_pre_create_vcpu(CPUState *cpu)
{
return -EINVAL;
}
+
+int tdx_parse_tdvf(void *flash_ptr, int size)
+{
+ return -EINVAL;
+}
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 1bb8211e74e6..7f34b14dc504 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -260,6 +260,10 @@ out:
qemu_mutex_unlock(&tdx_guest->lock);
return r;
}
+int tdx_parse_tdvf(void *flash_ptr, int size)
+{
+ return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size);
+}
static bool tdx_guest_get_sept_ve_disable(Object *obj, Error **errp)
{
diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
index 46a24ee8c7cc..12bcf25bb95b 100644
--- a/target/i386/kvm/tdx.h
+++ b/target/i386/kvm/tdx.h
@@ -6,6 +6,7 @@
#endif
#include "exec/confidential-guest-support.h"
+#include "hw/i386/tdvf.h"
#define TYPE_TDX_GUEST "tdx-guest"
#define TDX_GUEST(obj) OBJECT_CHECK(TdxGuest, (obj), TYPE_TDX_GUEST)
@@ -21,6 +22,8 @@ typedef struct TdxGuest {
bool initialized;
uint64_t attributes; /* TD attributes */
+
+ TdxFirmware tdvf;
} TdxGuest;
#ifdef CONFIG_TDX
@@ -33,5 +36,6 @@ int tdx_kvm_init(MachineState *ms, Error **errp);
void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg,
uint32_t *ret);
int tdx_pre_create_vcpu(CPUState *cpu);
+int tdx_parse_tdvf(void *flash_ptr, int size);
#endif /* QEMU_I386_TDX_H */
--
2.27.0
