tdx-tdcall: add TDCALL_SYS_RD call

Used to read a TDX Module global-scope metadata field. Refer to section 'TDG.SYS.RD Leaf' of TDX Module v1.5 ABI spec. Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
confidential-containers · Mar 21, 2024 · 06084ca · 06084ca
1 parent 6262a40
commit 06084ca
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/tdx-tdcall/src/lib.rs b/tdx-tdcall/src/lib.rs
@@ -39,6 +39,7 @@ const TDCALL_TDEXTENDRTMR: u64 = 2;
 const TDCALL_TDGETVEINFO: u64 = 3;
 const TDCALL_TDREPORT: u64 = 4;
 const TDCALL_TDACCEPTPAGE: u64 = 6;
+const TDCALL_SYS_RD: u64 = 11;
 const TDCALL_SERVTD_RD: u64 = 18;
 const TDCALL_SERVTD_WR: u64 = 20;
 

diff --git a/tdx-tdcall/src/tdx.rs b/tdx-tdcall/src/tdx.rs
@@ -672,6 +672,25 @@ pub fn tdcall_servtd_wr(
     Ok(result)
 }
 
+/// Used to read a TDX Module global-scope metadata field.
+///
+/// Details can be found in TDX Module v1.5 ABI spec section 'TDG.SYS.RD Leaf'.
+pub fn tdcall_sys_rd(field_identifier: u64) -> core::result::Result<(u64, u64), TdCallError> {
+    let mut args = TdcallArgs {
+        rax: TDCALL_SYS_RD,
+        rdx: field_identifier,
+        ..Default::default()
+    };
+
+    let ret = td_call(&mut args);
+
+    if ret != TDCALL_STATUS_SUCCESS {
+        return Err(ret.into());
+    }
+
+    Ok((args.rdx, args.r8))
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;