From ac6fb26406c1bb088b3d7d8e7b3ecd81e1262a94 Mon Sep 17 00:00:00 2001 From: "Yang, Longlong" Date: Mon, 13 Nov 2023 09:14:36 -0500 Subject: [PATCH] introduce Td Info metadata section support. Signed-off-by: Yang, Longlong --- devtools/td-layout-config/src/image.rs | 10 +++++ td-shim-tools/src/metadata.rs | 5 ++- td-shim-tools/src/tee_info_hash.rs | 7 +--- td-shim/src/metadata.rs | 54 ++++++++++++++++++++++++-- 4 files changed, 66 insertions(+), 10 deletions(-) diff --git a/devtools/td-layout-config/src/image.rs b/devtools/td-layout-config/src/image.rs index ffb3d433..7696da27 100644 --- a/devtools/td-layout-config/src/image.rs +++ b/devtools/td-layout-config/src/image.rs @@ -14,6 +14,8 @@ struct ImageConfig { temp_heap: String, #[serde(rename = "Payload")] builtin_payload: Option, + #[serde(rename = "TdInfo")] + td_info: Option, #[serde(rename = "Metadata")] metadata: String, #[serde(rename = "Ipl")] @@ -65,6 +67,14 @@ pub fn parse_image(data: String) -> String { "Reserved", ); + if let Some(td_info_config) = image_config.td_info { + image_layout.reserve_high( + "TdInfo", + parse_int::parse::(&td_info_config).unwrap() as usize, + "Reserved", + ) + } + if let Some(payload_config) = image_config.builtin_payload { image_layout.reserve_high( "Payload", diff --git a/td-shim-tools/src/metadata.rs b/td-shim-tools/src/metadata.rs index 15fa450b..896960bc 100644 --- a/td-shim-tools/src/metadata.rs +++ b/td-shim-tools/src/metadata.rs @@ -11,8 +11,8 @@ use td_shim::metadata::{ TdxMetadataDescriptor, TDX_METADATA_GUID, TDX_METADATA_SECTION_TYPE_BFV, TDX_METADATA_SECTION_TYPE_CFV, TDX_METADATA_SECTION_TYPE_PAYLOAD, TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM, TDX_METADATA_SECTION_TYPE_PERM_MEM, - TDX_METADATA_SECTION_TYPE_TD_HOB, TDX_METADATA_SECTION_TYPE_TEMP_MEM, TDX_METADATA_SIGNATURE, - TDX_METADATA_VERSION, + TDX_METADATA_SECTION_TYPE_TD_HOB, TDX_METADATA_SECTION_TYPE_TD_INFO, + TDX_METADATA_SECTION_TYPE_TEMP_MEM, TDX_METADATA_SIGNATURE, TDX_METADATA_VERSION, }; use td_uefi_pi::pi::guid::Guid; @@ -75,6 +75,7 @@ where "PermMem" => Ok(TDX_METADATA_SECTION_TYPE_PERM_MEM), "Payload" => Ok(TDX_METADATA_SECTION_TYPE_PAYLOAD), "PayloadParam" => Ok(TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM), + "TdInfo" => Ok(TDX_METADATA_SECTION_TYPE_TD_INFO), _ => Err(D::Error::custom("Invalid metadata section type")), } } diff --git a/td-shim-tools/src/tee_info_hash.rs b/td-shim-tools/src/tee_info_hash.rs index 68e884de..fad6a45c 100644 --- a/td-shim-tools/src/tee_info_hash.rs +++ b/td-shim-tools/src/tee_info_hash.rs @@ -284,11 +284,8 @@ impl TdInfoStruct { panic!("Memory address must be 4K aligned!\n"); } - if sec.memory_data_size % PAGE_SIZE != 0 - || sec.memory_data_size == 0 - || sec.memory_data_size < sec.raw_data_size as u64 - { - panic!("Memory data size must be 4K aligned and not less than raw data size and non zero!\n"); + if sec.memory_data_size % PAGE_SIZE != 0 { + panic!("Memory data size must be 4K aligned!\n"); } if sec.r#type >= TDX_METADATA_SECTION_TYPE_MAX { diff --git a/td-shim/src/metadata.rs b/td-shim/src/metadata.rs index fdf6aa3d..160e6353 100644 --- a/td-shim/src/metadata.rs +++ b/td-shim/src/metadata.rs @@ -45,8 +45,10 @@ pub const TDX_METADATA_SECTION_TYPE_PERM_MEM: u32 = 4; pub const TDX_METADATA_SECTION_TYPE_PAYLOAD: u32 = 5; /// Section type for kernel parameters. pub const TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM: u32 = 6; +/// Section type for td info. +pub const TDX_METADATA_SECTION_TYPE_TD_INFO: u32 = 7; /// Max Section type -pub const TDX_METADATA_SECTION_TYPE_MAX: u32 = 7; +pub const TDX_METADATA_SECTION_TYPE_MAX: u32 = 8; pub const TDX_METADATA_SECTION_TYPE_STRS: [&str; TDX_METADATA_SECTION_TYPE_MAX as usize] = [ "BFV", @@ -56,6 +58,7 @@ pub const TDX_METADATA_SECTION_TYPE_STRS: [&str; TDX_METADATA_SECTION_TYPE_MAX a "PermMem", "Payload", "PayloadParam", + "TdInfo", ]; /// Attribute flags for BFV. @@ -192,10 +195,15 @@ pub enum TdxMetadataError { pub fn validate_sections(sections: &[TdxMetadataSection]) -> Result<(), TdxMetadataError> { let mut bfv_cnt = 0; + let mut bfv_start = 0; + let mut bfv_end = 0; let mut hob_cnt = 0; let mut perm_mem_cnt = 0; let mut payload_cnt = 0; let mut payload_param_cnt = 0; + let mut td_info_cnt = 0; + let mut td_info_start = 0; + let mut td_info_end = 0; let check_data_memory_fields = |data_offset: u32, data_size: u32, memory_address: u64, memory_size: u64| -> bool { if data_size == 0 && data_offset != 0 { @@ -231,6 +239,9 @@ pub fn validate_sections(sections: &[TdxMetadataSection]) -> Result<(), TdxMetad section.memory_data_size, ) { return Err(TdxMetadataError::InvalidSection); + } else { + bfv_start = section.data_offset; + bfv_end = bfv_start + section.raw_data_size; } } @@ -371,6 +382,26 @@ pub fn validate_sections(sections: &[TdxMetadataSection]) -> Result<(), TdxMetad } } + TDX_METADATA_SECTION_TYPE_TD_INFO => { + // A TD-Shim may have zero or one TdInfo. If present, it shall be included in BFV section. + if td_info_cnt == i32::MAX { + return Err(TdxMetadataError::InvalidSection); + } + td_info_cnt += 1; + if td_info_cnt > 1 { + return Err(TdxMetadataError::InvalidSection); + } + if section.attributes != 0 { + return Err(TdxMetadataError::InvalidSection); + } + if section.raw_data_size == 0 { + return Err(TdxMetadataError::InvalidSection); + } else { + td_info_start = section.data_offset; + td_info_end = td_info_start + section.raw_data_size; + } + } + _ => { return Err(TdxMetadataError::InvalidSection); } @@ -391,6 +422,13 @@ pub fn validate_sections(sections: &[TdxMetadataSection]) -> Result<(), TdxMetad return Err(TdxMetadataError::InvalidSection); } + //TdInfo. If present, it shall be included in BFV section. + if td_info_cnt != 0 { + if td_info_start < bfv_start || td_info_start >= bfv_end || td_info_end > bfv_end { + return Err(TdxMetadataError::InvalidSection); + } + } + Ok(()) } @@ -479,8 +517,9 @@ mod tests { TdxMetadataSection::get_type_name(6).unwrap(), "PayloadParam" ); + assert_eq!(TdxMetadataSection::get_type_name(7).unwrap(), "TdInfo"); - assert!(TdxMetadataSection::get_type_name(7).is_none()) + assert!(TdxMetadataSection::get_type_name(8).is_none()); } #[test] @@ -490,7 +529,7 @@ mod tests { assert!(!validate_sections(§ions).is_ok()); // init sections include all types - let mut sections: [TdxMetadataSection; 6] = [TdxMetadataSection::default(); 6]; + let mut sections: [TdxMetadataSection; 7] = [TdxMetadataSection::default(); 7]; // BFV sections[0] = TdxMetadataSection { data_offset: 0, @@ -545,6 +584,15 @@ mod tests { attributes: 0, r#type: TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM, }; + // TdInfo + sections[6] = TdxMetadataSection { + data_offset: 0, + raw_data_size: 0x1000, + memory_address: 0, + memory_data_size: 0, + attributes: 0, + r#type: TDX_METADATA_SECTION_TYPE_TD_INFO, + }; assert!(validate_sections(§ions).is_ok());