OvmfPkg/TdxDxe: setup TPM device instance for vTPM in TdxDxe

The TPM device instance is not set before DXE in peiless boot. Move the
work of setting the device instance and Tpm2HashMask PCDs to `TdxDxe` if
the `MeasurementType` is vTPM.

Signed-off-by: Jiaqi Gao <[email protected]>

Author: gaojiaqi7

OvmfPkg/IntelTdx/IntelTdxX64.dsc

@@ -210,6 +210,7 @@
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
 
 !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
 
 [LibraryClasses.common]
   AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
@@ -529,6 +530,8 @@
 
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 
+!include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
+
 ################################################################################
 #
 # Components Section - list of all EDK II Modules needed by this Platform.
@@ -727,7 +730,10 @@
   OvmfPkg/PlatformDxe/Platform.inf
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
-  OvmfPkg/TdxDxe/TdxDxe.inf
+  OvmfPkg/TdxDxe/TdxDxe.inf {
+    <LibraryClasses>
+      Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
+  }
 
   #
   # Variable driver stack (non-SMM)
@@ -751,3 +757,8 @@
       HashLib|OvmfPkg/Library/HashLibTdx/HashLibTdx.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   }
+  
+  #
+  # TPM support
+  #
+  !include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc

OvmfPkg/IntelTdx/IntelTdxX64.fdf

@@ -257,6 +257,11 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 #
 INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
 
+#
+# TPM support
+#
+!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
+
 ################################################################################
 
 [FV.NCCFV]

OvmfPkg/TdxDxe/TdxDxe.c

@@ -32,6 +32,9 @@
 #include <Library/TdxLib.h>
 #include <TdxAcpiTable.h>
 #include <Library/MemEncryptTdxLib.h>
+#include <WorkArea.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
 
 #define ALIGNED_2MB_MASK  0x1fffff
 EFI_HANDLE  mTdxDxeHandle = NULL;
@@ -301,6 +304,58 @@ SetMmioSharedBit (
   return EFI_SUCCESS;
 }
 
+#ifdef TDX_PEI_LESS_BOOT
+STATIC
+EFI_STATUS
+SetVtpmDeviceInstance (
+  VOID
+  )
+{
+  EFI_STATUS            Status;
+  OVMF_WORK_AREA        *WorkArea;
+  UINTN                 Size;
+  UINT32                TpmHashAlgorithmBitmap;
+  UINT32                TpmActivePcrBanks;
+
+  DEBUG ((DEBUG_INFO, ">>%a\n", __func__));
+
+  WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+  if (WorkArea == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (WorkArea->TdxWorkArea.SecTdxWorkArea.MeasurementType == TDX_MEASUREMENT_TYPE_VTPM)
+  {
+    // Set PcdTpmInstanceGuid
+    Size   = sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid);
+    Status = PcdSetPtrS (
+                PcdTpmInstanceGuid,
+                &Size,
+                &gEfiTpmDeviceInstanceTpm20DtpmGuid
+                );
+    ASSERT_EFI_ERROR (Status);
+    if (EFI_ERROR(Status)) {
+      DEBUG((DEBUG_ERROR, "Set PcdTpmInstanceGuid failed with %r\n", Status));
+    }
+
+    Status = Tpm2RequestUseTpm ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n"));
+      return Status;
+    }
+
+    // Determine the current TPM support and the Platform PCR mask.
+    Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks);
+    ASSERT_EFI_ERROR (Status);
+    // Set active pcr banks
+    Status = PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
+    ASSERT_RETURN_ERROR (Status);
+  }
+
+  return EFI_SUCCESS;
+}
+#endif
+
 EFI_STATUS
 EFIAPI
 TdxDxeEntryPoint (
@@ -339,9 +394,12 @@ TdxDxeEntryPoint (
   // need to set PCDs based on these information.
   //
   SetPcdSettings (PlatformInfo);
+  // In Pei-less boot, the `TpmInstance` Pcd shall be set if virtual TPM
+  // is detected.
+  SetVtpmDeviceInstance();
  #endif
 
-  if (!TdIsEnabled () || TdpIsEnabled ()) {
+  if (!TdIsEnabled () || TdpIsEnabled ()) {
     //
     // If it is Non-Td guest, we install gEfiMpInitLibMpDepProtocolGuid so that
     // MpInitLib will be used in CpuDxe driver.

OvmfPkg/TdxDxe/TdxDxe.inf

@@ -26,6 +26,7 @@
   MdePkg/MdePkg.dec
   UefiCpuPkg/UefiCpuPkg.dec
   OvmfPkg/OvmfPkg.dec
+  SecurityPkg/SecurityPkg.dec
 
 [LibraryClasses]
   BaseLib
@@ -39,12 +40,14 @@
   HobLib
   TdxMailboxLib
   MemEncryptTdxLib
+  Tpm2CommandLib
 
 [Depex]
   TRUE
 
 [Guids]
   gUefiOvmfPkgPlatformInfoGuid                      ## CONSUMES
+  gEfiTpmDeviceInstanceTpm20DtpmGuid                ## CONSUMES
 
 [Protocols]
   gQemuAcpiTableNotifyProtocolGuid                 ## CONSUMES
@@ -71,3 +74,6 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
   gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask