confidential-containers · jyao1 · Feb 5, 2025 · Jan 29, 2025
diff --git a/devtools/td-layout-config/src/image.rs b/devtools/td-layout-config/src/image.rs
@@ -20,6 +20,8 @@ struct ImageConfig {
     builtin_payload: Option<String>,
     #[serde(rename = "TdInfo")]
     td_info: Option<String>,
+    #[serde(rename = "TdParams")]
+    td_params: Option<String>,
     #[serde(rename = "Metadata")]
     metadata: String,
     #[serde(rename = "Ipl")]
@@ -79,6 +81,14 @@ pub fn parse_image(data: String) -> String {
         )
     }
 
+    if let Some(td_params_config) = image_config.td_params {
+        image_layout.reserve_high(
+            "TdParams",
+            parse_int::parse::<u32>(&td_params_config).unwrap() as usize,
+            "Reserved",
+        )
+    }
+
     if let Some(payload_config) = image_config.builtin_payload {
         image_layout.reserve_high(
             "Payload",

diff --git a/doc/tdshim_spec.md b/doc/tdshim_spec.md
@@ -177,7 +177,8 @@ The TD Shim metadata can be located at (TD Shim end – 0x20) byte. It is a
 | 5              | Payload      | Private Memory    | PAGE.ADD + MR.EXTEND(o) | RTMR.EXTEND(o) | MRTD (or) RTMR[1] |
 | 6              | PayloadParam | Private Memory    | PAGE.ADD                | RTMR.EXTEND    | RTMR[1]           |
 | 7              | TD_INFO      | Private Memory    | N/A                     | N/A            | N/A               |
-| 8 ~ 0xFFFFFFFF | Reserved     | N/A               | N/A                     | N/A            | N/A               |
+| 8              | TD_PARAMS    | Private Memory    | N/A                     | N/A            | N/A               |
+| 9 ~ 0xFFFFFFFF | Reserved     | N/A               | N/A                     | N/A            | N/A               |
 
 Rules for the TDVF_SECTION:
  * A TD-Shim shall include at least one BFV and the reset vector shall be inside
@@ -199,8 +200,10 @@ Rules for the TDVF_SECTION:
    must be zero.
  * A TD-Shim may have zero or one PayloadParam.  PayloadParam is present only if
    the Payload is present.
- * A TDVF may have zero or one TD_INFO section. If present, it shall be included
+ * A TD-Shim may have zero or one TD_INFO section. If present, it shall be included
    in BFV section. MemoryAddress and MemoryDataSize shall be zero. See Table 1.1-5.
+ * A TD-Shim may have zero or one TD_PARAMS section. If present, it shall be included
+   in BFV section. MemoryAddress and MemoryDataSize shall be zero.
 
 **Table 1.1-5 TD_INFO definition**
 

diff --git a/td-shim-interface/src/metadata.rs b/td-shim-interface/src/metadata.rs
@@ -47,8 +47,10 @@ pub const TDX_METADATA_SECTION_TYPE_PAYLOAD: u32 = 5;
 pub const TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM: u32 = 6;
 /// Section type for td info.
 pub const TDX_METADATA_SECTION_TYPE_TD_INFO: u32 = 7;
+/// Section type for TD Params.
+pub const TDX_METADATA_SECTION_TYPE_TD_PARAMS: u32 = 8;
 /// Max Section type
-pub const TDX_METADATA_SECTION_TYPE_MAX: u32 = 8;
+pub const TDX_METADATA_SECTION_TYPE_MAX: u32 = 9;
 
 pub const TDX_METADATA_SECTION_TYPE_STRS: [&str; TDX_METADATA_SECTION_TYPE_MAX as usize] = [
     "BFV",
@@ -59,6 +61,7 @@ pub const TDX_METADATA_SECTION_TYPE_STRS: [&str; TDX_METADATA_SECTION_TYPE_MAX a
     "Payload",
     "PayloadParam",
     "TdInfo",
+    "TdParams",
 ];
 
 /// Attribute flags for BFV.
@@ -204,6 +207,9 @@ pub fn validate_sections(sections: &[TdxMetadataSection]) -> Result<(), TdxMetad
     let mut td_info_cnt = 0;
     let mut td_info_start = 0;
     let mut td_info_end = 0;
+    let mut td_params_cnt = 0;
+    let mut td_params_start = 0;
+    let mut td_params_end = 0;
     let check_data_memory_fields =
         |data_offset: u32, data_size: u32, memory_address: u64, memory_size: u64| -> bool {
             if data_size == 0 && data_offset != 0 {
@@ -407,6 +413,31 @@ pub fn validate_sections(sections: &[TdxMetadataSection]) -> Result<(), TdxMetad
                 }
             }
 
+            TDX_METADATA_SECTION_TYPE_TD_PARAMS => {
+                // A TD-Shim may have zero or one TdParams. If present, it shall be included in BFV section.
+                if td_params_cnt == i32::MAX {
+                    return Err(TdxMetadataError::InvalidSection);
+                }
+                td_params_cnt += 1;
+                if td_params_cnt > 1 {
+                    return Err(TdxMetadataError::InvalidSection);
+                }
+                if section.attributes != 0 {
+                    return Err(TdxMetadataError::InvalidSection);
+                }
+                if section.raw_data_size == 0 {
+                    return Err(TdxMetadataError::InvalidSection);
+                } else {
+                    td_params_start = section.data_offset;
+                    td_params_end = td_params_start + section.raw_data_size;
+                }
+
+                // MemoryAddress and MemoryDataSize shall be zero.
+                if section.memory_address != 0 || section.memory_data_size != 0 {
+                    return Err(TdxMetadataError::InvalidSection);
+                }
+            }
+
             _ => {
                 return Err(TdxMetadataError::InvalidSection);
             }
@@ -427,13 +458,20 @@ pub fn validate_sections(sections: &[TdxMetadataSection]) -> Result<(), TdxMetad
         return Err(TdxMetadataError::InvalidSection);
     }
 
-    //TdInfo. If present, it shall be included in BFV section.
+    // TdInfo. If present, it shall be included in BFV section.
     if td_info_cnt != 0
         && (td_info_start < bfv_start || td_info_start >= bfv_end || td_info_end > bfv_end)
     {
         return Err(TdxMetadataError::InvalidSection);
     }
 
+    // TdParams. If present, it shall be included in BFV section.
+    if td_params_cnt != 0
+        && (td_params_start < bfv_start || td_params_start >= bfv_end || td_params_end > bfv_end)
+    {
+        return Err(TdxMetadataError::InvalidSection);
+    }
+
     Ok(())
 }
 
@@ -523,8 +561,9 @@ mod tests {
             "PayloadParam"
         );
         assert_eq!(TdxMetadataSection::get_type_name(7).unwrap(), "TdInfo");
+        assert_eq!(TdxMetadataSection::get_type_name(8).unwrap(), "TdParams");
 
-        assert!(TdxMetadataSection::get_type_name(8).is_none());
+        assert!(TdxMetadataSection::get_type_name(9).is_none());
     }
 
     #[test]

diff --git a/td-shim-tools/src/metadata.rs b/td-shim-tools/src/metadata.rs
@@ -12,7 +12,8 @@ use td_shim_interface::metadata::{
     TDX_METADATA_SECTION_TYPE_CFV, TDX_METADATA_SECTION_TYPE_PAYLOAD,
     TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM, TDX_METADATA_SECTION_TYPE_PERM_MEM,
     TDX_METADATA_SECTION_TYPE_TD_HOB, TDX_METADATA_SECTION_TYPE_TD_INFO,
-    TDX_METADATA_SECTION_TYPE_TEMP_MEM, TDX_METADATA_SIGNATURE, TDX_METADATA_VERSION,
+    TDX_METADATA_SECTION_TYPE_TD_PARAMS, TDX_METADATA_SECTION_TYPE_TEMP_MEM,
+    TDX_METADATA_SIGNATURE, TDX_METADATA_VERSION,
 };
 use td_shim_interface::td_uefi_pi::pi::guid::Guid;
 
@@ -76,6 +77,7 @@ where
         "Payload" => Ok(TDX_METADATA_SECTION_TYPE_PAYLOAD),
         "PayloadParam" => Ok(TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM),
         "TdInfo" => Ok(TDX_METADATA_SECTION_TYPE_TD_INFO),
+        "TdParams" => Ok(TDX_METADATA_SECTION_TYPE_TD_PARAMS),
         _ => Err(D::Error::custom("Invalid metadata section type")),
     }
 }

diff --git a/td-shim/src/bin/td-shim/shim_info.rs b/td-shim/src/bin/td-shim/shim_info.rs
@@ -259,8 +259,8 @@ impl<'a> BootTimeDynamic<'a> {
 
                     memory.push(resource)
                 }
-                TDX_METADATA_SECTION_TYPE_TD_INFO => {
-                    // for TD_INFO type, the MemoryDataSize is zero, should not make it
+                TDX_METADATA_SECTION_TYPE_TD_INFO | TDX_METADATA_SECTION_TYPE_TD_PARAMS => {
+                    // for TD_INFO and TD_PARAMS type, the MemoryDataSize is zero, should not make it
                     // into a ResourceDescription!
                     continue;
                 }
@@ -278,10 +278,10 @@ mod tests {
 
     #[test]
     fn test_parse_metadata() {
-        // Ensure the TD_INFO section is not parsed into a ResourceDescription.
+        // Ensure the TD_INFO and TD_PARAMS section is not parsed into a ResourceDescription.
 
         // init sections include all types
-        let mut sections: [TdxMetadataSection; 7] = [TdxMetadataSection::default(); 7];
+        let mut sections: [TdxMetadataSection; 8] = [TdxMetadataSection::default(); 8];
         // BFV
         sections[0] = TdxMetadataSection {
             data_offset: 0,
@@ -345,6 +345,15 @@ mod tests {
             attributes: 0,
             r#type: TDX_METADATA_SECTION_TYPE_TD_INFO,
         };
+        // TdParams
+        sections[7] = TdxMetadataSection {
+            data_offset: 0,
+            raw_data_size: 0x400,
+            memory_address: 0,
+            memory_data_size: 0,
+            attributes: 0,
+            r#type: TDX_METADATA_SECTION_TYPE_TD_PARAMS,
+        };
 
         let res = BootTimeDynamic::parse_metadata(&sections);