hv: refactor seed management

New component to maintain seed retrieval and derivation: seed. 1. Retrieve seed from bootloader in Hypervisor's boot stage. 2. Derive virtual seed for Guest/Trusty if need. Tracked-On: #2724 Signed-off-by: Qi Yadong <yadong.qi@intel.com> Reviewed-by: Zhu Bing <bing.zhu@intel.com>
2025-09-05 10:50:43 +00:00 · 2019-03-06 13:24:55 +08:00
parent 4d0419ed71
commit 95d1e40283
11 changed files with 572 additions and 131 deletions
--- a/hypervisor/include/arch/x86/guest/trusty.h
+++ b/hypervisor/include/arch/x86/guest/trusty.h
@@ -131,10 +131,9 @@ struct trusty_startup_param {
 };

 void switch_world(struct acrn_vcpu *vcpu, int32_t next_world);
-bool initialize_trusty(struct acrn_vcpu *vcpu, const struct trusty_boot_param *boot_param);
+bool initialize_trusty(struct acrn_vcpu *vcpu, struct trusty_boot_param *boot_param);
 void destroy_secure_world(struct acrn_vm *vm, bool need_clr_mem);
 void save_sworld_context(struct acrn_vcpu *vcpu);
 void restore_sworld_context(struct acrn_vcpu *vcpu);
-void trusty_set_dseed(const void *dseed, uint8_t dseed_num);

 #endif /* TRUSTY_H_ */
--- a/hypervisor/include/arch/x86/seed.h
+++ b/hypervisor/include/arch/x86/seed.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2019 Intel Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SEED_H_
+#define SEED_H_
+
+struct physical_seed {
+	struct seed_info seed_list[BOOTLOADER_SEED_MAX_ENTRIES];
+	uint32_t num_seeds;
+	uint32_t pad;
+};
+
+void init_seed(void);
+
+void append_seed_arg(char *cmd_dst, bool vm_is_sos);
+
+bool derive_virtual_seed(struct seed_info *seed_list, uint32_t *num_seeds,
+			 const uint8_t *salt, size_t salt_len, const uint8_t *info, size_t info_len);
+
+bool derive_attkb_enc_key(uint8_t *out_key);
+
+#endif /* SEED_H_ */