alioth/src/firmware/ovmf/ovmf_x86_64/tdx.rs - 4575b33

tdx.rs71.01%

// Copyright 2026 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
 
use std::cmp::min;
use std::io::Write;
 
use snafu::ResultExt;
use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
 
use crate::firmware::ovmf::x86_64::{GUID_SIZE, parse_data};
use crate::firmware::uefi::{
    HOB_HANDOFF_TABLE_VERSION, HobGenericHeader, HobHandoffInfoTable, HobResourceDesc,
    HobResourceType, HobType, ResourceAttr,
};
use crate::firmware::{Result, error};
use crate::mem::{MemRegionEntry, MemRegionType};
use crate::{bitflags, consts};
 
pub const GUID_TDX_METADATA_OFFSET: [u8; GUID_SIZE] = [
    0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47, 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2,
];
pub const TDVF_SIGNATURE: u32 = u32::from_le_bytes(*b"TDVF");
pub const TDVF_VERSION: u32 = 1;
 
#[repr(C)]
#[derive(Debug, Clone, Default, KnownLayout, Immutable, FromBytes, IntoBytes)]
pub struct TdvfMetadata {
    pub signature: u32,
    pub length: u32,
    pub version: u32,
    pub number_of_entries: u32,
}
 
consts! {
    #[derive(Default, KnownLayout, Immutable, FromBytes, IntoBytes)]
    pub struct TdvfSectionType(u32) {
        BFV = 0;
        CFV = 1;
        TD_HOB = 2;
        TEMP_MEM = 3;
    }
}
 
bitflags! {
    #[derive(Default, KnownLayout, Immutable, FromBytes, IntoBytes)]
    pub struct TdvfSectionAttr(u32) {
        MR_EXTEND = 1 << 0;
        PAGE_AUG = 1 << 1;
    }
}
 
#[repr(C)]
#[derive(Debug, Clone, Default, KnownLayout, Immutable, FromBytes, IntoBytes)]
pub struct TdvfSectionEntry {
    pub data_offset: u32,
    pub data_size: u32,
    pub address: u64,
    pub size: u64,
    pub r#type: TdvfSectionType,
    pub attributes: TdvfSectionAttr,
}
 
pub fn parse_entries(data: &[u8]) -> Result<&[TdvfSectionEntry]> {
    let Some(offset_r) = parse_data(data, &GUID_TDX_METADATA_OFFSET) else {
        return error::MissingMetadata {
            name: "TdvfMetadata",
        }
        .fail();
    };
    let Ok(offset_r) = u32::read_from_bytes(offset_r) else {
        return error::InvalidLayout.fail();
    };
    let offset = data.len() - offset_r as usize;
    let Ok((metadata, remain)) = TdvfMetadata::ref_from_prefix(&data[offset..]) else {
        return error::InvalidLayout.fail();
    };
    if metadata.signature != TDVF_SIGNATURE {
        return error::MissingTdvfSignature {
            got: metadata.signature,
        }
        .fail();
    }
    if metadata.version != TDVF_VERSION {
        return error::MissingTdvfVersion {
            got: metadata.version,
        }
        .fail();
    }
    let Ok((entries, _)) = <[TdvfSectionEntry]>::ref_from_prefix_with_elems(
        remain,
        metadata.number_of_entries as usize,
    ) else {
        return error::InvalidLayout.fail();
    };
    Ok(entries)
}
 
fn create_hob_mem_resources(3x
    entries: &[(u64, MemRegionEntry)],3x
    accepted: &[(u64, u64)],3x
    mut op: impl FnMut(HobResourceDesc) -> Result<()>,3x
) -> Result<()> {3x
    let tmpl = HobResourceDesc {3x
        hdr: HobGenericHeader {3x
            r#type: HobType::RESOURCE_DESCRIPTOR,3x
            length: size_of::<HobResourceDesc>() as u16,3x
            reserved: 0,3x
        },3x
        owner: [0; 16],3x
        attr: ResourceAttr::PRESENT | ResourceAttr::INIT | ResourceAttr::TESTED,3x
        ..Default::default()3x
    };3x
    let mut iter_e = entries.iter();3x
    let mut iter_a = accepted.iter();3x
    let mut section = iter_a.next().copied();3x
    let mut entry = iter_e.next().copied();3x
    loop {
        match (&mut entry, &mut section) {24x
            (None, None) => break,3x
            (None, Some((start, size))) => {
                log::error!(
                    "Section [{start:x}, {:x}) is not covered by system memory",
                    *start + *size
                );
                return error::UncoveredTdvfSection.fail();
            }
            (Some((_, e)), _) if e.type_ != MemRegionType::Ram => {21x
                entry = iter_e.next().copied();9x
                continue;9x
            }
            (Some((s, e)), None) => {3x
                op(HobResourceDesc {3x
                    r#type: HobResourceType::MEMORY_UNACCEPTED,3x
                    address: *s,3x
                    len: e.size,3x
                    ..tmpl.clone()3x
                })?;3x
                entry = iter_e.next().copied();3x
            }
            (Some((s, e)), Some((start, size))) => {9x
                if let Some(len) = min(*s, *start + *size).checked_sub(*start)9x
                    && len > 06x
                {
                    *size = len;
                    entry = None;
                    // Jump to branch (Some, None)
                    continue;
                }9x
                if let Some(len) = min(*s + e.size, *start).checked_sub(*s)9x
                    && len > 09x
                {
                    op(HobResourceDesc {3x
                        r#type: HobResourceType::MEMORY_UNACCEPTED,3x
                        address: *s,3x
                        len,3x
                        ..tmpl.clone()3x
                    })?;3x
                    *s += len;3x
                    e.size -= len;3x
                }6x
                if let Some(len) = min(*s + e.size, *start + *size).checked_sub(*start)9x
                    && len > 09x
                {
                    op(HobResourceDesc {9x
                        r#type: HobResourceType::SYSTEM_MEMORY,9x
                        address: *start,9x
                        len,9x
                        ..tmpl.clone()9x
                    })?;9x
                    *start += len;9x
                    *size -= len;9x
                    *s += len;9x
                    e.size -= len9x
                };
                if *size == 0 {9x
                    section = iter_a.next().copied();9x
                };9x
                if e.size == 0 {9x
                    entry = iter_e.next().copied();
                }9x
            }
        }
    }
    Ok(())3x
}3x
 
pub fn create_hob(3x
    buffer: &mut [u8],3x
    hob_phys: u64,3x
    entries: &mut [(u64, MemRegionEntry)],3x
    accepted: &mut [(u64, u64)],3x
) -> Result<()> {3x
    entries.sort_by_key(|(s, _)| *s);3x
    accepted.sort();3x
 
    let Ok((table, mut dst)) = HobHandoffInfoTable::mut_from_prefix(buffer) else {3x
        return error::InvalidLayout.fail();
    };
 
    let mut desc_size = 0;3x
    create_hob_mem_resources(entries, accepted, |d| {15x
        desc_size += size_of_val(&d);15x
        dst.write_all(d.as_bytes()).context(error::WriteHob)15x
    })?;15x
 
    let end = HobGenericHeader {3x
        r#type: HobType::END_OF_HOB_LIST,3x
        length: size_of::<HobGenericHeader>() as u16,3x
        reserved: 0,3x
    };3x
    dst.write_all(end.as_bytes()).context(error::WriteHob)?;3x
 
    *table = HobHandoffInfoTable {3x
        hdr: HobGenericHeader {3x
            r#type: HobType::HANDOFF,3x
            length: size_of::<HobHandoffInfoTable>() as u16,3x
            reserved: 0,3x
        },3x
        version: HOB_HANDOFF_TABLE_VERSION,3x
        end_of_hob_list: hob_phys + (size_of_val(table) + desc_size + size_of_val(&end)) as u64,3x
        ..Default::default()3x
    };3x
 
    Ok(())3x
}3x
 
#[cfg(test)]
#[path = "tdx_test.rs"]
mod tests;
 