[edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV

Thu Apr 22 19:10:55 UTC 2021

On 4/22/21 3:39 AM, Laszlo Ersek wrote:
> On 04/22/21 09:34, Laszlo Ersek wrote:
> 
>> The new InternalTpmDecryptAddressRange() function should be called
>> from Tcg2ConfigPeimEntryPoint(), before the latter calls
>> InternalTpm12Detect(). Regarding error checking... if
>> InternalTpmDecryptAddressRange() fails, I think we can log an error
>> message, and hang with CpuDeadLoop().
> 

Unfortunately, this method doesn't work. The OVMF Tcg2ConfigPei.inf file
uses the SecurityPkg Tpm2DeviceLib library. The SecurityPkg Tpm2DeviceLib
library's constructor is called before the OVMF Tcg2ConfigPei constructor.
The Tpm2DeviceLib constructor performs MMIO to the TPM base address and
fails because the pages haven't been marked unencrypted yet by OVMF
Tcg2ConfigPei. Some debug output:

Loading PEIM at 0x0007F793000 EntryPoint=0x0007F794E4F Tcg2ConfigPei.efi
*** DEBUG: InternalTpm2DeviceLibDTpmCommonConstructor:55
*** DEBUG: Tpm2GetPtpInterface:425
*** DEBUG: Tpm2IsPtpPresence:51
MMIO using encrypted memory: FED40000
!!!! X64 Exception Type - 0D(#GP - General Protection)  CPU Apic ID - 00000000 !!!!

Thanks,
Tom

> Sorry, another point:
> 
> (6) where we determine that no TPM is available:
> 
>       //
>       // If no TPM2 was detected, we still need to install
>       // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon seeing
>       // the default (all-bits-zero) contents of PcdTpmInstanceGuid, thus we have
>       // to install the PPI in its place, in order to unblock any dependent
>       // PEIMs.
>       //
>       Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
> 
> we should re-encrypt the address range, as if nothing had happened.
> 
> For this, we'll likely need a similarly polymorphic function called
> InternalTpmEncryptAddressRange().
> 
> (
> 
> For some background on this particular branch of the code, please refer
> to commit 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone",
> 2018-03-09):
> 
>     - Check the QEMU hardware for TPM2 availability only
> 
>     - If found, set the dynamic PCD "PcdTpmInstanceGuid" to
>       &gEfiTpmDeviceInstanceTpm20DtpmGuid. This is what informs the rest of
>       the firmware about the TPM type.
> 
>     - Install the gEfiTpmDeviceSelectedGuid PPI. This action permits the
>       PEI_CORE to dispatch the Tcg2Pei module, which consumes the above PCD.
>       In effect, the gEfiTpmDeviceSelectedGuid PPI serializes the setting
>       and the consumption of the "TPM type" PCD.
> 
>     - If no TPM2 was found, install gPeiTpmInitializationDonePpiGuid.
>       (Normally this is performed by Tcg2Pei, but Tcg2Pei doesn't do it if
>       no TPM2 is available. So in that case our Tcg2ConfigPei must do it.)
> 
> )
> 
> Thanks
> Laszlo
> 

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74377): https://edk2.groups.io/g/devel/message/74377
Mute This Topic: https://groups.io/mt/82248382/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-