UEFI payload implementation for Intel #71
Description
This task will implement support for performing DRTM between coreboot and its payload, in this case edk2. While the implementation of dynamic launch will be in coreboot, the payload must be able to handle unusual state after the hand-off. It also has to carefully manage the access to memory, as well as control when and how other cores are allowed to be started. Finally, the payload binary must contain information that would tell coreboot that it can be started through dynamic launch.
- MLE header in the binary (raw file, properly aligned, in the beginning of payload)
- APs brought online with
MONITOR(custom SMP protocol?)GETSEC[WAKEUP]isn't supported by any ACM from official Intel package
- IOMMU driver, including disabling existing protections (TPR, PMR)
- Early DMA protection (common with AMD, assuming compatible API for IOMMU driver)
- DRTM TPM event log (common with AMD, but different ways of locating it)
- UEFI extends SRTM PCRs as usual, but it has to preserve and expose DRTM log to OS
Form: PR to https://github.com/Dasharo/edk2
Proof: logs from booting up to bootloader