diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 12c45b5b..83a1be09 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -87,7 +87,7 @@ jobs:
- name: Meta data check
run: |
- cargo run -p td-shim-tools --bin td-shim-checker --no-default-features --features=loader -- target/release/final.bin
+ cargo run -p td-shim-tools --bin td-shim-checker --no-default-features --features=loader,read_file -- target/release/final.bin
- name: Build debug image without payload
run: |
diff --git a/Cargo.toml b/Cargo.toml
index 52622029..31469800 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,6 +19,7 @@ members = [
"tests/test-td-paging",
"tests/test-td-payload",
"xtask",
+ "td-shim-interface",
]
# the profile used for debug build of `td-shim` and `td-payload`
diff --git a/Makefile b/Makefile
index 3f3320f5..6499c964 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@ else
export BUILD_TYPE_FLAG=
endif
-GENERIC_LIB_CRATES = td-layout td-logger td-uefi-pi td-loader cc-measurement
+GENERIC_LIB_CRATES = td-layout td-logger td-shim-interface td-loader cc-measurement
NIGHTLY_LIB_CRATES = td-exception td-paging tdx-tdcall
SHIM_CRATES = td-shim td-payload
TEST_CRATES = test-td-exception test-td-paging
diff --git a/sh_script/fuzzing.sh b/sh_script/fuzzing.sh
index 446e52bc..4af7586a 100644
--- a/sh_script/fuzzing.sh
+++ b/sh_script/fuzzing.sh
@@ -8,7 +8,7 @@ readonly script_name=${0##*/}
fuzz_folder=(
"td-loader"
- "td-uefi-pi"
+ "td-shim-interface/src"
"td-shim"
)
diff --git a/sh_script/rudra.sh b/sh_script/rudra.sh
index b10c8e5a..b88a5dfb 100644
--- a/sh_script/rudra.sh
+++ b/sh_script/rudra.sh
@@ -25,7 +25,7 @@ paths=(
"td-paging"
"td-payload"
"td-shim"
- "td-uefi-pi"
+ "td-shim-interface/src"
"td-shim-tools"
"tdx-tdcall"
)
diff --git a/td-layout/Cargo.toml b/td-layout/Cargo.toml
index 2e636bdc..1d525b0c 100644
--- a/td-layout/Cargo.toml
+++ b/td-layout/Cargo.toml
@@ -12,7 +12,7 @@ edition = "2018"
[dependencies]
scroll = { version = "0.10", default-features = false, features = ["derive"]}
log = "0.4.13"
-td-uefi-pi = { path = "../td-uefi-pi" }
+td-shim-interface = { path = "../td-shim-interface" }
[dev-dependencies]
memoffset = "0.6"
\ No newline at end of file
diff --git a/td-payload/Cargo.toml b/td-payload/Cargo.toml
index 75a759fe..4604e3ea 100644
--- a/td-payload/Cargo.toml
+++ b/td-payload/Cargo.toml
@@ -23,7 +23,7 @@ serde_json = { version = "1.0", default-features = false, features = ["alloc"] }
spin = "0.9"
td-logger = { path = "../td-logger" }
td-shim = { path = "../td-shim", default-features = false }
-td-uefi-pi = { path = "../td-uefi-pi" }
+td-shim-interface = { path = "../td-shim-interface" }
td-exception = { path = "../td-exception" }
td-paging = { path = "../td-paging" }
x86 = "0.47.0"
diff --git a/td-payload/src/acpi.rs b/td-payload/src/acpi.rs
index 6fbbf2f0..bd6fe523 100644
--- a/td-payload/src/acpi.rs
+++ b/td-payload/src/acpi.rs
@@ -6,7 +6,7 @@ use alloc::vec::Vec;
use scroll::Pread;
use spin::Once;
use td_shim::TD_ACPI_TABLE_HOB_GUID;
-use td_uefi_pi::{
+use td_shim_interface::td_uefi_pi::{
hob as hob_lib,
pi::hob::{GuidExtension, Header, HOB_TYPE_END_OF_HOB_LIST, HOB_TYPE_GUID_EXTENSION},
};
diff --git a/td-payload/src/bin/example/main.rs b/td-payload/src/bin/example/main.rs
index 50c19581..36dd2053 100644
--- a/td-payload/src/bin/example/main.rs
+++ b/td-payload/src/bin/example/main.rs
@@ -26,8 +26,8 @@ use td_payload as _;
use td_payload::println;
use td_shim::e820::{E820Entry, E820Type};
use td_shim::{TD_ACPI_TABLE_HOB_GUID, TD_E820_TABLE_HOB_GUID};
-use td_uefi_pi::hob;
-use td_uefi_pi::pi;
+use td_shim_interface::td_uefi_pi::hob;
+use td_shim_interface::td_uefi_pi::pi;
use zerocopy::FromBytes;
#[macro_use]
diff --git a/td-payload/src/hob.rs b/td-payload/src/hob.rs
index 170792b6..ab0917fc 100644
--- a/td-payload/src/hob.rs
+++ b/td-payload/src/hob.rs
@@ -5,7 +5,7 @@
use core::mem::size_of;
use scroll::Pread;
use spin::Once;
-use td_uefi_pi::{
+use td_shim_interface::td_uefi_pi::{
hob::check_hob_integrity,
pi::hob::{HandoffInfoTable, HOB_TYPE_HANDOFF},
};
diff --git a/td-payload/src/mm/mod.rs b/td-payload/src/mm/mod.rs
index c794a1b4..d2479ae5 100644
--- a/td-payload/src/mm/mod.rs
+++ b/td-payload/src/mm/mod.rs
@@ -11,7 +11,7 @@ use td_shim::{
e820::{E820Entry, E820Type},
TD_E820_TABLE_HOB_GUID,
};
-use td_uefi_pi::{
+use td_shim_interface::td_uefi_pi::{
hob as hob_lib,
pi::hob::{GuidExtension, Header, HOB_TYPE_END_OF_HOB_LIST, HOB_TYPE_GUID_EXTENSION},
};
diff --git a/td-payload/src/mm/shared.rs b/td-payload/src/mm/shared.rs
index ebec405f..7cea336e 100644
--- a/td-payload/src/mm/shared.rs
+++ b/td-payload/src/mm/shared.rs
@@ -11,6 +11,10 @@ use crate::arch::shared::decrypt;
static SHARED_MEMORY_ALLOCATOR: LockedHeap = LockedHeap::empty();
pub fn init_shared_memory(start: u64, size: usize) {
+ if size % SIZE_4K != 0 {
+ panic!("Failed to initialize shared memory: size needs to be aligned with 0x1000");
+ }
+
// Set the shared memory region to be shared
decrypt(start, size);
// Initialize the shared memory allocator
diff --git a/td-shim-interface/Cargo.toml b/td-shim-interface/Cargo.toml
new file mode 100644
index 00000000..4ed79924
--- /dev/null
+++ b/td-shim-interface/Cargo.toml
@@ -0,0 +1,18 @@
+[package]
+name = "td-shim-interface"
+version = "0.1.0"
+license = "BSD-2-Clause-Patent"
+description = "TD-shim metadata data structures and related functions. UEFI Platform Initializaiton data structures and accessors"
+
+edition = "2018"
+homepage = "https://github.com/confidential-containers/td-shim"
+repository = "https://github.com/confidential-containers/td-shim"
+readme = "README.md"
+keywords = ["td-shim", "TDX", "intel"]
+
+[dependencies]
+r-efi = "3.2.0"
+scroll = { version = "0.10", default-features = false, features = ["derive"] }
+zerocopy = { version = "0.7.31", features = ["derive"] }
+
+log = "0.4.13"
diff --git a/td-shim-interface/README.md b/td-shim-interface/README.md
new file mode 100644
index 00000000..6d72deed
--- /dev/null
+++ b/td-shim-interface/README.md
@@ -0,0 +1,35 @@
+[](https://app.fossa.com/projects/git%2Bgithub.com%2Fconfidential-containers%2Ftd-shim?ref=badge_shield)
+# TD-shim-interface - Confidential Containers Shim Firmware Interface
+
+## Documents
+
+* [TD-Shim specification](doc/tdshim_spec.md)
+
+* Introduction [PDF](doc/td-shim-introduction.pdf) and [conference talk](https://fosdem.org/2023/schedule/event/cc_online_rust/)
+
+## Introduction
+
+This td-shim-interface is to support user for creating data structures and functions required for td-shim, such as TdxMetadataDescriptor and TdxMetadataSection.
+Td-uefi-pi is used for UEFI Platform Initializaiton data structures and accessors.
+
+To import the data structure of metadata, TD HOB and related function, such as:
+```
+use td_shim_interface::{TD_ACPI_TABLE_HOB_GUID, TD_E820_TABLE_HOB_GUID, TD_PAYLOAD_INFO_HOB_GUID};
+use td_shim_interface::PayloadInfo;
+use td_shim_interface::acpi;
+use td_shim_interface::td_uefi_pi::{hob, pi, pi::guid}
+```
+
+This is a Shim Firmware to support [Intel TDX](https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html).
+
+The API specification is at [td-shim specification](doc/tdshim_spec.md).
+
+The secure boot specification for td-shim is at [secure boot specification](doc/secure_boot.md)
+
+The design is at [td-shim design](doc/design.md).
+
+The threat model analysis is at [td-shim threat model](doc/threat_model.md).
+
+
+## License
+[](https://app.fossa.com/projects/git%2Bgithub.com%2Fconfidential-containers%2Ftd-shim?ref=badge_large)
diff --git a/td-shim/src/acpi.rs b/td-shim-interface/src/acpi.rs
similarity index 100%
rename from td-shim/src/acpi.rs
rename to td-shim-interface/src/acpi.rs
diff --git a/td-uefi-pi/fuzz/Cargo.toml b/td-shim-interface/src/fuzz/Cargo.toml
similarity index 100%
rename from td-uefi-pi/fuzz/Cargo.toml
rename to td-shim-interface/src/fuzz/Cargo.toml
diff --git a/td-uefi-pi/fuzz/fuzz_targets/afl_cfv_parser.rs b/td-shim-interface/src/fuzz/fuzz_targets/afl_cfv_parser.rs
similarity index 100%
rename from td-uefi-pi/fuzz/fuzz_targets/afl_cfv_parser.rs
rename to td-shim-interface/src/fuzz/fuzz_targets/afl_cfv_parser.rs
diff --git a/td-uefi-pi/fuzz/fuzz_targets/afl_hob_parser.rs b/td-shim-interface/src/fuzz/fuzz_targets/afl_hob_parser.rs
similarity index 100%
rename from td-uefi-pi/fuzz/fuzz_targets/afl_hob_parser.rs
rename to td-shim-interface/src/fuzz/fuzz_targets/afl_hob_parser.rs
diff --git a/td-uefi-pi/fuzz/fuzz_targets/afl_payload_parser.rs b/td-shim-interface/src/fuzz/fuzz_targets/afl_payload_parser.rs
similarity index 100%
rename from td-uefi-pi/fuzz/fuzz_targets/afl_payload_parser.rs
rename to td-shim-interface/src/fuzz/fuzz_targets/afl_payload_parser.rs
diff --git a/td-uefi-pi/fuzz/fuzz_targets/cfv_parser.rs b/td-shim-interface/src/fuzz/fuzz_targets/cfv_parser.rs
similarity index 100%
rename from td-uefi-pi/fuzz/fuzz_targets/cfv_parser.rs
rename to td-shim-interface/src/fuzz/fuzz_targets/cfv_parser.rs
diff --git a/td-uefi-pi/fuzz/fuzz_targets/fuzzlib.rs b/td-shim-interface/src/fuzz/fuzz_targets/fuzzlib.rs
similarity index 97%
rename from td-uefi-pi/fuzz/fuzz_targets/fuzzlib.rs
rename to td-shim-interface/src/fuzz/fuzz_targets/fuzzlib.rs
index 7a21fd68..5e455be0 100644
--- a/td-uefi-pi/fuzz/fuzz_targets/fuzzlib.rs
+++ b/td-shim-interface/src/fuzz/fuzz_targets/fuzzlib.rs
@@ -6,7 +6,7 @@
use core::mem::size_of;
use r_efi::efi::Guid;
use std::vec::Vec;
-use td_uefi_pi::{fv, hob, pi};
+use td_shim_interface::td_uefi_pi::{fv, hob, pi};
const EFI_END_OF_HOB_LIST_OFFSET: usize = 48;
diff --git a/td-uefi-pi/fuzz/fuzz_targets/hob_parser.rs b/td-shim-interface/src/fuzz/fuzz_targets/hob_parser.rs
similarity index 100%
rename from td-uefi-pi/fuzz/fuzz_targets/hob_parser.rs
rename to td-shim-interface/src/fuzz/fuzz_targets/hob_parser.rs
diff --git a/td-uefi-pi/fuzz/fuzz_targets/payload_parser.rs b/td-shim-interface/src/fuzz/fuzz_targets/payload_parser.rs
similarity index 100%
rename from td-uefi-pi/fuzz/fuzz_targets/payload_parser.rs
rename to td-shim-interface/src/fuzz/fuzz_targets/payload_parser.rs
diff --git a/td-uefi-pi/fuzz/seeds/cfv_parser/cfv b/td-shim-interface/src/fuzz/seeds/cfv_parser/cfv
similarity index 100%
rename from td-uefi-pi/fuzz/seeds/cfv_parser/cfv
rename to td-shim-interface/src/fuzz/seeds/cfv_parser/cfv
diff --git a/td-uefi-pi/fuzz/seeds/hob_parser/hob_buffer b/td-shim-interface/src/fuzz/seeds/hob_parser/hob_buffer
similarity index 100%
rename from td-uefi-pi/fuzz/seeds/hob_parser/hob_buffer
rename to td-shim-interface/src/fuzz/seeds/hob_parser/hob_buffer
diff --git a/td-uefi-pi/fuzz/seeds/payload_parser/fv_buffer b/td-shim-interface/src/fuzz/seeds/payload_parser/fv_buffer
similarity index 100%
rename from td-uefi-pi/fuzz/seeds/payload_parser/fv_buffer
rename to td-shim-interface/src/fuzz/seeds/payload_parser/fv_buffer
diff --git a/td-shim-interface/src/lib.rs b/td-shim-interface/src/lib.rs
new file mode 100644
index 00000000..2e9fc13c
--- /dev/null
+++ b/td-shim-interface/src/lib.rs
@@ -0,0 +1,134 @@
+// Copyright (c) 2022 Alibaba Cloud
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+
+#![no_std]
+
+use scroll::{Pread, Pwrite};
+
+pub mod acpi;
+pub mod metadata;
+pub mod td_uefi_pi;
+
+use td_uefi_pi::pi::{self, guid};
+
+// This GUID is used for ACPI GUID Extension HOB
+// Please refer to:
+// https://github.com/confidential-containers/td-shim/blob/main/doc/tdshim_spec.md#acpi-guid-extension-hob
+pub const TD_ACPI_TABLE_HOB_GUID: guid::Guid = guid::Guid::from_fields(
+ 0x6a0c5870,
+ 0xd4ed,
+ 0x44f4,
+ [0xa1, 0x35, 0xdd, 0x23, 0x8b, 0x6f, 0xc, 0x8d],
+);
+
+// This GUID is used for TD Payload Info GUID Extension HOB
+// Please refer to:
+// https://github.com/confidential-containers/td-shim/blob/main/doc/tdshim_spec.md#td-payload-info-guid-extension-hob
+pub const TD_PAYLOAD_INFO_HOB_GUID: guid::Guid = guid::Guid::from_fields(
+ 0xb96fa412,
+ 0x461f,
+ 0x4be3,
+ [0x8c, 0xd, 0xad, 0x80, 0x5a, 0x49, 0x7a, 0xc0],
+);
+
+// This GUID is used for E820 Memory Map GUID Extension HOB
+// Please refer to:
+// https://github.com/confidential-containers/td-shim/blob/main/doc/tdshim_spec.md#e820-memory-map-guid-extension-hob
+pub const TD_E820_TABLE_HOB_GUID: pi::guid::Guid = pi::guid::Guid::from_fields(
+ 0x8f8072ea,
+ 0x3486,
+ 0x4b47,
+ [0x86, 0xa7, 0x23, 0x53, 0xb8, 0x8a, 0x87, 0x73],
+);
+
+#[repr(u32)]
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+pub enum TdPayloadInfoHobType {
+ /// Payload Binary is a PE/COFF or ELF executable image as payload.
+ ///
+ /// Entrypoint can be found by parsing the image header. This type image does not follow
+ /// Linux boot protocol. A payload HOB is used to pass data from TdShim to payload.
+ ExecutablePayload = 0,
+
+ /// Payload Binary is bzImage, follow Linux boot protocol.
+ ///
+ /// The first 512 bytes are boot_param. (zero page). The entrypoint is start address of loaded
+ /// 64bit Linux kernel plus 0x200
+ BzImage,
+
+ /// Payload Binary is VMM loaded vmLinux, follow Linux boot protocol.
+ ///
+ /// The entrypoint is defined at HOB_PAYLOAD_INFO_TABLE.Entrypoint.
+ RawVmLinux,
+
+ /// Unknown Image type
+ UnknownImage = u32::MAX,
+}
+
+impl From<&TdPayloadInfoHobType> for u32 {
+ fn from(v: &TdPayloadInfoHobType) -> Self {
+ *v as u32
+ }
+}
+
+impl From<u32> for TdPayloadInfoHobType {
+ fn from(v: u32) -> Self {
+ match v {
+ 0 => TdPayloadInfoHobType::ExecutablePayload,
+ 1 => TdPayloadInfoHobType::BzImage,
+ 2 => TdPayloadInfoHobType::RawVmLinux,
+ _ => TdPayloadInfoHobType::UnknownImage,
+ }
+ }
+}
+
+#[repr(C)]
+#[derive(Default, Clone, Copy, Pread, Pwrite)]
+pub struct PayloadInfo {
+ pub image_type: u32,
+ pub reserved: u32,
+ pub entry_point: u64,
+}
+
+/// Write three bytes from an integer value into the buffer.
+pub fn write_u24(data: u32, buf: &mut [u8; 3]) {
+ assert!(data <= 0xffffff);
+ buf[0] = (data & 0xFF) as u8;
+ buf[1] = ((data >> 8) & 0xFF) as u8;
+ buf[2] = ((data >> 16) & 0xFF) as u8;
+}
+
+// To protect against speculative attacks, place the LFENCE instruction after the range
+// check and branch, but before any code that consumes the checked value.
+pub fn speculation_barrier() {
+ unsafe { core::arch::asm!("lfence") }
+}
+
+#[cfg(test)]
+mod test {
+ use super::*;
+
+ #[test]
+ fn test_tdpayload_info_hob_type() {
+ assert_eq!(
+ TdPayloadInfoHobType::from(0),
+ TdPayloadInfoHobType::ExecutablePayload
+ );
+ assert_eq!(TdPayloadInfoHobType::from(1), TdPayloadInfoHobType::BzImage);
+ assert_eq!(
+ TdPayloadInfoHobType::from(2),
+ TdPayloadInfoHobType::RawVmLinux
+ );
+ assert_eq!(
+ TdPayloadInfoHobType::from(3),
+ TdPayloadInfoHobType::UnknownImage
+ );
+ }
+
+ #[test]
+ fn test_write_u24() {
+ let mut buf: [u8; 3] = [0; 3];
+ write_u24(0xffffff, &mut buf);
+ }
+}
diff --git a/td-shim/src/metadata.rs b/td-shim-interface/src/metadata.rs
similarity index 99%
rename from td-shim/src/metadata.rs
rename to td-shim-interface/src/metadata.rs
index 7a7fb34a..3b0bbabe 100644
--- a/td-shim/src/metadata.rs
+++ b/td-shim-interface/src/metadata.rs
@@ -4,10 +4,10 @@
extern crate alloc;
+use crate::td_uefi_pi::pi::guid::Guid;
use alloc::string::String;
use core::{ptr::slice_from_raw_parts, str::FromStr};
use scroll::{Pread, Pwrite};
-use td_uefi_pi::pi::guid::Guid;
/// TDX Metadata GUID defined in td-shim specification
pub const TDX_METADATA_GUID_STR: &str = "E9EAF9F3-168E-44D5-A8EB-7F4D8738F6AE";
diff --git a/td-uefi-pi/src/fv.rs b/td-shim-interface/src/td_uefi_pi/fv.rs
similarity index 100%
rename from td-uefi-pi/src/fv.rs
rename to td-shim-interface/src/td_uefi_pi/fv.rs
diff --git a/td-uefi-pi/src/hob.rs b/td-shim-interface/src/td_uefi_pi/hob.rs
similarity index 100%
rename from td-uefi-pi/src/hob.rs
rename to td-shim-interface/src/td_uefi_pi/hob.rs
diff --git a/td-uefi-pi/src/lib.rs b/td-shim-interface/src/td_uefi_pi/mod.rs
similarity index 99%
rename from td-uefi-pi/src/lib.rs
rename to td-shim-interface/src/td_uefi_pi/mod.rs
index 0aef5ef4..30c350ca 100644
--- a/td-uefi-pi/src/lib.rs
+++ b/td-shim-interface/src/td_uefi_pi/mod.rs
@@ -21,7 +21,6 @@
//!
//! Constants and data structures defined by [UEFI PI Spec] are hosted by [crate::pi], functions
//! to access them are hosted by [crate::fv] and [crate::hob].
-#![no_std]
pub mod fv;
pub mod hob;
diff --git a/td-uefi-pi/src/pi/boot_mode.rs b/td-shim-interface/src/td_uefi_pi/pi/boot_mode.rs
similarity index 100%
rename from td-uefi-pi/src/pi/boot_mode.rs
rename to td-shim-interface/src/td_uefi_pi/pi/boot_mode.rs
diff --git a/td-uefi-pi/src/pi/fv.rs b/td-shim-interface/src/td_uefi_pi/pi/fv.rs
similarity index 100%
rename from td-uefi-pi/src/pi/fv.rs
rename to td-shim-interface/src/td_uefi_pi/pi/fv.rs
diff --git a/td-uefi-pi/src/pi/guid.rs b/td-shim-interface/src/td_uefi_pi/pi/guid.rs
similarity index 100%
rename from td-uefi-pi/src/pi/guid.rs
rename to td-shim-interface/src/td_uefi_pi/pi/guid.rs
diff --git a/td-uefi-pi/src/pi/hob.rs b/td-shim-interface/src/td_uefi_pi/pi/hob.rs
similarity index 100%
rename from td-uefi-pi/src/pi/hob.rs
rename to td-shim-interface/src/td_uefi_pi/pi/hob.rs
diff --git a/td-uefi-pi/src/pi/mod.rs b/td-shim-interface/src/td_uefi_pi/pi/mod.rs
similarity index 100%
rename from td-uefi-pi/src/pi/mod.rs
rename to td-shim-interface/src/td_uefi_pi/pi/mod.rs
diff --git a/td-shim-tools/Cargo.toml b/td-shim-tools/Cargo.toml
index a4e7f572..1e246c70 100644
--- a/td-shim-tools/Cargo.toml
+++ b/td-shim-tools/Cargo.toml
@@ -21,7 +21,7 @@ required-features = ["signer"]
[[bin]]
name = "td-shim-checker"
-required-features = ["loader"]
+required-features = ["loader", "read_file"]
[[bin]]
name = "td-shim-strip-info"
@@ -42,7 +42,7 @@ regex = "1"
scroll = { version = "0.10", default-features = false, features = ["derive"]}
td-layout = { path = "../td-layout" }
td-shim = { path = "../td-shim", default-features = false }
-td-uefi-pi = { path = "../td-uefi-pi" }
+td-shim-interface = { path = "../td-shim-interface" }
cfg-if = "1.0"
anyhow = { version = "1.0.68", optional = true }
@@ -61,11 +61,12 @@ byteorder = { version = "1.4.3", optional = true }
parse_int = { version = "0.6.0", optional = true }
[features]
-default = ["enroller", "linker", "signer", "loader", "tee", "calculator"]
+default = ["enroller", "linker", "signer", "loader", "tee", "calculator", "read_file"]
enroller = ["clap", "der", "env_logger", "log", "ring", "td-shim/secure-boot"]
linker = ["clap", "env_logger", "log", "parse_int", "serde_json", "serde", "td-loader"]
signer = ["clap", "der", "env_logger", "log", "ring", "td-shim/secure-boot"]
loader = ["clap", "env_logger", "log"]
+read_file = ["clap", "env_logger", "log", "anyhow"]
tee = ["clap", "env_logger", "log", "serde_json", "serde", "hex", "sha2", "byteorder"]
calculator = ["clap", "hex", "parse_int", "sha2", "anyhow", "block-padding"]
exec-payload-section = []
diff --git a/td-shim-tools/src/bin/td-shim-checker/main.rs b/td-shim-tools/src/bin/td-shim-checker/main.rs
index 8046171e..efd57a64 100644
--- a/td-shim-tools/src/bin/td-shim-checker/main.rs
+++ b/td-shim-tools/src/bin/td-shim-checker/main.rs
@@ -10,8 +10,9 @@ use log::{error, LevelFilter};
use std::str::FromStr;
use std::vec::Vec;
use std::{env, io};
-use td_shim::metadata::{TdxMetadataDescriptor, TdxMetadataSection};
+use td_shim_interface::metadata::{TdxMetadataDescriptor, TdxMetadataSection};
use td_shim_tools::loader::TdShimLoader;
+use td_shim_tools::read_file::read_from_binary_file;
struct Config {
// Input file path to be read
@@ -101,7 +102,9 @@ fn main() -> io::Result<()> {
"Parse td-shim binary [{}] to get TdxMetadata ...",
config.input
);
- let tdx_metadata = TdShimLoader::parse(&config.input);
+
+ let tdx_file_buff = read_from_binary_file(&config.input).unwrap();
+ let tdx_metadata = TdShimLoader::parse(tdx_file_buff);
if tdx_metadata.is_none() {
println!(
"Failed to parse td-shim binary [{}] to get TdxMetadata",
diff --git a/td-shim-tools/src/bin/td-shim-enroll/main.rs b/td-shim-tools/src/bin/td-shim-enroll/main.rs
index 3b536a69..8f2a5d05 100644
--- a/td-shim-tools/src/bin/td-shim-enroll/main.rs
+++ b/td-shim-tools/src/bin/td-shim-enroll/main.rs
@@ -11,9 +11,9 @@ use std::path::PathBuf;
use std::str::FromStr;
use std::vec::Vec;
use std::{env, io, path::Path};
+use td_shim_interface::td_uefi_pi::pi::guid;
use td_shim_tools::enroller::{create_key_file, enroll_files, FirmwareRawFile};
use td_shim_tools::InputData;
-use td_uefi_pi::pi::guid;
const TDSHIM_SB_NAME: &str = "final.sb.bin";
struct Config {
diff --git a/td-shim-tools/src/enroller.rs b/td-shim-tools/src/enroller.rs
index 50605337..9af2eae7 100644
--- a/td-shim-tools/src/enroller.rs
+++ b/td-shim-tools/src/enroller.rs
@@ -18,7 +18,7 @@ use td_shim::secure_boot::{
PUBKEY_FILE_STRUCT_VERSION_V1, PUBKEY_HASH_ALGORITHM_SHA384,
};
use td_shim::write_u24;
-use td_uefi_pi::pi::fv::{
+use td_shim_interface::td_uefi_pi::pi::fv::{
FIRMWARE_FILE_SYSTEM3_GUID, FVH_REVISION, FVH_SIGNATURE, FV_FILETYPE_RAW,
};
@@ -298,7 +298,7 @@ mod test {
use std::str::FromStr;
use super::*;
- use td_uefi_pi::pi::guid;
+ use td_shim_interface::td_uefi_pi::pi::guid;
fn read_u24(data: &[u8]) -> u32 {
let mut num = data[0] as u32;
diff --git a/td-shim-tools/src/lib.rs b/td-shim-tools/src/lib.rs
index 9d42b0f4..bb0c5c64 100644
--- a/td-shim-tools/src/lib.rs
+++ b/td-shim-tools/src/lib.rs
@@ -27,6 +27,9 @@ pub mod signer;
#[cfg(feature = "loader")]
pub mod loader;
+#[cfg(feature = "read_file")]
+pub mod read_file;
+
#[cfg(feature = "tee")]
pub mod tee_info_hash;
diff --git a/td-shim-tools/src/linker.rs b/td-shim-tools/src/linker.rs
index 357e66e6..0b6a3b49 100644
--- a/td-shim-tools/src/linker.rs
+++ b/td-shim-tools/src/linker.rs
@@ -20,10 +20,10 @@ use td_shim::fv::{
FvFfsFileHeader, FvFfsSectionHeader, FvHeader, IplFvFfsHeader, IplFvFfsSectionHeader,
IplFvHeader,
};
-use td_shim::metadata::{TdxMetadataGuid, TdxMetadataPtr};
use td_shim::reset_vector::{ResetVectorHeader, ResetVectorParams};
use td_shim::write_u24;
-use td_uefi_pi::pi::fv::{
+use td_shim_interface::metadata::{TdxMetadataGuid, TdxMetadataPtr};
+use td_shim_interface::td_uefi_pi::pi::fv::{
FfsFileHeader, FVH_REVISION, FVH_SIGNATURE, FV_FILETYPE_DXE_CORE, FV_FILETYPE_SECURITY_CORE,
SECTION_PE32,
};
diff --git a/td-shim-tools/src/loader.rs b/td-shim-tools/src/loader.rs
index dca17dbb..8e9d7bc6 100644
--- a/td-shim-tools/src/loader.rs
+++ b/td-shim-tools/src/loader.rs
@@ -2,69 +2,32 @@
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
-use log::debug;
+use core::convert::TryInto;
use log::error;
use scroll::Pread;
-use std::fs;
-use std::io;
-use std::io::Read;
-use std::io::Seek;
-use td_shim::metadata::{
+use td_shim_interface::metadata::{
self, TdxMetadataDescriptor, TdxMetadataGuid, TdxMetadataSection, TDX_METADATA_DESCRIPTOR_LEN,
TDX_METADATA_GUID_LEN, TDX_METADATA_OFFSET, TDX_METADATA_SECTION_LEN,
};
pub struct TdShimLoader;
-fn read_from_file(file: &mut std::fs::File, pos: u64, buffer: &mut [u8]) -> io::Result<()> {
- debug!("Read at pos={0:X}, len={1:X}", pos, buffer.len());
- let _pos = std::io::SeekFrom::Start(pos);
- file.seek(_pos)?;
- file.read_exact(buffer)?;
- debug!("{:X?}", buffer);
- Ok(())
-}
-
impl TdShimLoader {
/// generate TdxMetadata elements tupple from input file
///
/// # Arguments
///
/// * `filename` - The td-shim binary which contains TdxMetadata
- pub fn parse(filename: &String) -> Option<(TdxMetadataDescriptor, Vec<TdxMetadataSection>)> {
- // first we open the input file and get its size
- let f = fs::File::open(filename);
- if f.is_err() {
- error!("Problem opening the file");
- return None;
- }
-
- let mut file = f.unwrap();
-
- let file_metadata = fs::metadata(filename);
- if file_metadata.is_err() {
- error!("Problem read file meatadata");
- return None;
- }
-
- let file_metadata = file_metadata.unwrap();
- let file_size = file_metadata.len();
-
+ pub fn parse(binary_file: Vec<u8>) -> Option<(TdxMetadataDescriptor, Vec<TdxMetadataSection>)> {
+ let file_size = binary_file.len();
// Then read 4 bytes at the pos of [file_len - 0x20]
// This is the offset of TdxMetadata
- let mut buffer: [u8; 4] = [0; 4];
- if read_from_file(
- &mut file,
- file_size - TDX_METADATA_OFFSET as u64,
- &mut buffer,
- )
- .is_err()
- {
- error!("Failed to read metadata offset");
- return None;
- }
-
- let mut metadata_offset = u32::from_le_bytes(buffer);
+ let metadata_offset_addr = file_size - TDX_METADATA_OFFSET as usize;
+ let buffer = &binary_file[metadata_offset_addr..metadata_offset_addr + 4];
+ let mut metadata_offset = ((buffer[3] as u32) << 24)
+ | ((buffer[2] as u32) << 16)
+ | ((buffer[1] as u32) << 8)
+ | (buffer[0] as u32);
if metadata_offset > file_size as u32 - TDX_METADATA_OFFSET - TDX_METADATA_DESCRIPTOR_LEN {
error!("The metadata offset is invalid. {}", metadata_offset);
error!("{:X?}", buffer);
@@ -73,12 +36,11 @@ impl TdShimLoader {
// Then read the guid
metadata_offset -= TDX_METADATA_GUID_LEN;
- let mut buffer: [u8; TDX_METADATA_GUID_LEN as usize] = [0; TDX_METADATA_GUID_LEN as usize];
- if read_from_file(&mut file, metadata_offset as u64, &mut buffer).is_err() {
- error!("Failed to read metadata guid from file");
- return None;
- }
- let metadata_guid = TdxMetadataGuid::from_bytes(&buffer);
+ let buffer = &binary_file
+ [metadata_offset as usize..(metadata_offset + TDX_METADATA_GUID_LEN) as usize]
+ .try_into()
+ .unwrap();
+ let metadata_guid = TdxMetadataGuid::from_bytes(buffer);
if metadata_guid.is_none() {
error!("Invalid TdxMetadataGuid");
error!("{:X?}", &buffer);
@@ -86,13 +48,9 @@ impl TdShimLoader {
}
// Then the descriptor
- let mut buffer: [u8; TDX_METADATA_DESCRIPTOR_LEN as usize] =
- [0; TDX_METADATA_DESCRIPTOR_LEN as usize];
metadata_offset += TDX_METADATA_GUID_LEN;
- if read_from_file(&mut file, metadata_offset as u64, &mut buffer).is_err() {
- error!("Failed to read metadata descriptor from file");
- return None;
- }
+ let buffer = &binary_file
+ [metadata_offset as usize..(metadata_offset + TDX_METADATA_DESCRIPTOR_LEN) as usize];
let metadata_descriptor: TdxMetadataDescriptor =
buffer.pread::<TdxMetadataDescriptor>(0).unwrap();
if !metadata_descriptor.is_valid() {
@@ -117,12 +75,8 @@ impl TdShimLoader {
metadata_offset += TDX_METADATA_DESCRIPTOR_LEN;
loop {
- let mut buffer: [u8; TDX_METADATA_SECTION_LEN as usize] =
- [0; TDX_METADATA_SECTION_LEN as usize];
- if read_from_file(&mut file, metadata_offset as u64, &mut buffer).is_err() {
- error!("Failed to read section[{}] from file", i);
- return None;
- }
+ let buffer = &binary_file
+ [metadata_offset as usize..(metadata_offset + TDX_METADATA_SECTION_LEN) as usize];
let section = buffer.pread::<TdxMetadataSection>(0).unwrap();
metadata_sections.push(section);
diff --git a/td-shim-tools/src/metadata.rs b/td-shim-tools/src/metadata.rs
index 896960bc..ab1c5ad5 100644
--- a/td-shim-tools/src/metadata.rs
+++ b/td-shim-tools/src/metadata.rs
@@ -7,14 +7,14 @@ use serde::{de, Deserialize};
use std::{mem::size_of, vec::Vec};
use td_layout::build_time::*;
use td_layout::runtime::*;
-use td_shim::metadata::{
+use td_shim_interface::metadata::{
TdxMetadataDescriptor, TDX_METADATA_GUID, TDX_METADATA_SECTION_TYPE_BFV,
TDX_METADATA_SECTION_TYPE_CFV, TDX_METADATA_SECTION_TYPE_PAYLOAD,
TDX_METADATA_SECTION_TYPE_PAYLOAD_PARAM, TDX_METADATA_SECTION_TYPE_PERM_MEM,
TDX_METADATA_SECTION_TYPE_TD_HOB, TDX_METADATA_SECTION_TYPE_TD_INFO,
TDX_METADATA_SECTION_TYPE_TEMP_MEM, TDX_METADATA_SIGNATURE, TDX_METADATA_VERSION,
};
-use td_uefi_pi::pi::guid::Guid;
+use td_shim_interface::td_uefi_pi::pi::guid::Guid;
use crate::linker::PayloadType;
@@ -101,7 +101,7 @@ impl MetadataSections {
}
fn basic_metadata_sections(payload_type: PayloadType) -> MetadataSections {
- use td_shim::metadata::TDX_METADATA_ATTRIBUTES_EXTENDMR;
+ use td_shim_interface::metadata::TDX_METADATA_ATTRIBUTES_EXTENDMR;
let mut metadata_sections = MetadataSections::new();
diff --git a/td-shim-tools/src/read_file.rs b/td-shim-tools/src/read_file.rs
new file mode 100644
index 00000000..09779ca6
--- /dev/null
+++ b/td-shim-tools/src/read_file.rs
@@ -0,0 +1,56 @@
+// Copyright (c) 2022 Intel Corporation
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+
+use anyhow::*;
+use log::debug;
+use std::fs;
+use std::io::Read;
+use std::io::Seek;
+use td_shim::metadata::TDX_METADATA_OFFSET;
+
+fn read_from_file(file: &mut std::fs::File, pos: u64, buffer: &mut [u8]) -> Result<()> {
+ debug!("Read at pos={0:X}, len={1:X}", pos, buffer.len());
+ let _pos = std::io::SeekFrom::Start(pos);
+ file.seek(_pos)?;
+ file.read_exact(buffer)?;
+ debug!("{:X?}", buffer);
+ Ok(())
+}
+
+pub fn read_from_binary_file(filename: &String) -> Result<Vec<u8>> {
+ let f = fs::File::open(filename);
+ if f.is_err() {
+ bail!("Problem opening the file");
+ }
+
+ let mut file = f.unwrap();
+
+ let file_metadata = fs::metadata(filename);
+ if file_metadata.is_err() {
+ bail!("Problem read file meatadata");
+ }
+
+ let file_metadata = file_metadata.unwrap();
+ let file_size = file_metadata.len();
+
+ // Then read 4 bytes at the pos of [file_len - 0x20]
+ // This is the offset of TdxMetadata
+ let mut metadata_buffer: Vec<u8> = vec![0; 4];
+ if read_from_file(
+ &mut file,
+ file_size - TDX_METADATA_OFFSET as u64,
+ &mut metadata_buffer,
+ )
+ .is_err()
+ {
+ bail!("Failed to read metadata offset");
+ }
+
+ // Read whole binary file and return binary string
+ let mut buffer: Vec<u8> = vec![0; file_size as usize];
+ if read_from_file(&mut file, 0, &mut buffer).is_err() {
+ bail!("Failed to read tdshim binary file");
+ }
+ Ok(buffer)
+}
diff --git a/td-shim-tools/src/tee_info_hash.rs b/td-shim-tools/src/tee_info_hash.rs
index ef4e11d0..3e7dabc5 100644
--- a/td-shim-tools/src/tee_info_hash.rs
+++ b/td-shim-tools/src/tee_info_hash.rs
@@ -14,7 +14,7 @@ use std::io::Read;
use std::io::Seek;
use std::io::SeekFrom;
use std::mem::size_of;
-use td_shim::metadata::*;
+use td_shim_interface::metadata::*;
use zeroize::Zeroize;
pub const SHA384_DIGEST_SIZE: usize = 0x30;
diff --git a/td-shim/Cargo.toml b/td-shim/Cargo.toml
index 5f3f429d..f31e2b80 100644
--- a/td-shim/Cargo.toml
+++ b/td-shim/Cargo.toml
@@ -23,7 +23,7 @@ lazy_static = { version = "1.4.0", features = ["spin_no_std"] }
r-efi = "3.2.0"
scroll = { version = "0.10", default-features = false, features = ["derive"] }
td-layout = { path = "../td-layout" }
-td-uefi-pi = { path = "../td-uefi-pi" }
+td-shim-interface = { path = "../td-shim-interface" }
cc-measurement = { path = "../cc-measurement" }
zerocopy = { version = "0.7.31", features = ["derive"] }
diff --git a/td-shim/src/bin/td-shim/acpi.rs b/td-shim/src/bin/td-shim/acpi.rs
index 980d5182..cab14141 100644
--- a/td-shim/src/bin/td-shim/acpi.rs
+++ b/td-shim/src/bin/td-shim/acpi.rs
@@ -5,7 +5,7 @@
extern crate alloc;
use alloc::vec::Vec;
-use td_shim::acpi::{calculate_checksum, Rsdp, Xsdt};
+use td_shim_interface::acpi::{calculate_checksum, Rsdp, Xsdt};
use super::*;
diff --git a/td-shim/src/bin/td-shim/main.rs b/td-shim/src/bin/td-shim/main.rs
index 3028f791..43ed88c1 100644
--- a/td-shim/src/bin/td-shim/main.rs
+++ b/td-shim/src/bin/td-shim/main.rs
@@ -30,13 +30,13 @@ use cc_measurement::{log::CcEventLogWriter, EV_EFI_HANDOFF_TABLES2, EV_PLATFORM_
use td_layout::build_time::{self, *};
use td_layout::memslice::{self, SliceType};
use td_layout::RuntimeMemoryLayout;
-use td_shim::acpi::{Ccel, GenericSdtHeader};
use td_shim::event_log::{log_hob_list, log_payload_binary, log_payload_parameter};
use td_shim::{
speculation_barrier, PayloadInfo, TdPayloadInfoHobType, TD_ACPI_TABLE_HOB_GUID,
TD_PAYLOAD_INFO_HOB_GUID,
};
-use td_uefi_pi::{fv, hob, pi};
+use td_shim_interface::acpi::{Ccel, GenericSdtHeader};
+use td_shim_interface::td_uefi_pi::{fv, hob, pi};
use crate::ipl::ExecutablePayloadType;
use crate::shim_info::{BootTimeDynamic, BootTimeStatic};
diff --git a/td-shim/src/bin/td-shim/memory.rs b/td-shim/src/bin/td-shim/memory.rs
index ed454500..2283b86d 100644
--- a/td-shim/src/bin/td-shim/memory.rs
+++ b/td-shim/src/bin/td-shim/memory.rs
@@ -8,8 +8,8 @@ use td_layout::memslice::SliceType;
use td_layout::{build_time::*, runtime::*, *};
use td_shim::e820::{E820Entry, E820Type};
use td_shim::{PayloadInfo, TdPayloadInfoHobType};
-use td_uefi_pi::hob;
-use td_uefi_pi::pi::hob::{
+use td_shim_interface::td_uefi_pi::hob;
+use td_shim_interface::td_uefi_pi::pi::hob::{
ResourceDescription, RESOURCE_MEMORY_RESERVED, RESOURCE_MEMORY_UNACCEPTED,
RESOURCE_SYSTEM_MEMORY,
};
@@ -284,7 +284,7 @@ impl<'a> Memory<'a> {
#[cfg(feature = "tdx")]
fn accept_memory_resources(resources: &mut Vec<ResourceDescription>) {
use td_layout::TD_PAYLOAD_PARTIAL_ACCEPT_MEMORY_SIZE;
- use td_uefi_pi::pi;
+ use td_shim_interface::td_uefi_pi::pi;
// The physical address must not exceed the shared mask (the last bit of GPAW).
let (index, max_phys_addr) = resources
diff --git a/td-shim/src/bin/td-shim/mp.rs b/td-shim/src/bin/td-shim/mp.rs
index c7a4fa52..f9465508 100644
--- a/td-shim/src/bin/td-shim/mp.rs
+++ b/td-shim/src/bin/td-shim/mp.rs
@@ -6,7 +6,7 @@ use core::convert::TryInto;
use core::mem::size_of;
use zerocopy::{AsBytes, FromBytes, FromZeroes};
-use td_shim::acpi::{self, GenericSdtHeader};
+use td_shim_interface::acpi::{self, GenericSdtHeader};
// 255 vCPUs needs 2278 bytes, refer to create_madt().
const MADT_MAX_SIZE: usize = 0xc00;
diff --git a/td-shim/src/bin/td-shim/payload_hob.rs b/td-shim/src/bin/td-shim/payload_hob.rs
index 24727fd0..7b474490 100644
--- a/td-shim/src/bin/td-shim/payload_hob.rs
+++ b/td-shim/src/bin/td-shim/payload_hob.rs
@@ -11,8 +11,8 @@ use td_layout::build_time::*;
use td_layout::runtime::*;
use td_shim::e820::E820Type;
use td_shim::{TD_ACPI_TABLE_HOB_GUID, TD_E820_TABLE_HOB_GUID};
-use td_uefi_pi::pi::hob::ResourceDescription;
-use td_uefi_pi::{hob, pi, pi::guid};
+use td_shim_interface::td_uefi_pi::pi::hob::ResourceDescription;
+use td_shim_interface::td_uefi_pi::{hob, pi, pi::guid};
#[derive(Debug)]
pub enum PayloadHobError {
diff --git a/td-shim/src/bin/td-shim/shim_info.rs b/td-shim/src/bin/td-shim/shim_info.rs
index 9f0deffe..30e10686 100644
--- a/td-shim/src/bin/td-shim/shim_info.rs
+++ b/td-shim/src/bin/td-shim/shim_info.rs
@@ -9,14 +9,14 @@ use log::error;
use scroll::{Pread, Pwrite};
use td_layout::build_time::{TD_SHIM_FIRMWARE_BASE, TD_SHIM_FIRMWARE_SIZE};
use td_layout::memslice;
-use td_shim::metadata::*;
use td_shim::speculation_barrier;
use td_shim::{
PayloadInfo, TdPayloadInfoHobType, TD_ACPI_TABLE_HOB_GUID, TD_PAYLOAD_INFO_HOB_GUID,
};
-use td_uefi_pi::pi::guid::Guid;
-use td_uefi_pi::pi::hob::*;
-use td_uefi_pi::{fv, hob, pi};
+use td_shim_interface::metadata::*;
+use td_shim_interface::td_uefi_pi::pi::guid::Guid;
+use td_shim_interface::td_uefi_pi::pi::hob::*;
+use td_shim_interface::td_uefi_pi::{fv, hob, pi};
pub struct BootTimeStatic {
sections: Vec<TdxMetadataSection>,
diff --git a/td-shim/src/fv.rs b/td-shim/src/fv.rs
index c0f960e2..dc2767f1 100644
--- a/td-shim/src/fv.rs
+++ b/td-shim/src/fv.rs
@@ -8,7 +8,7 @@ use core::ptr::slice_from_raw_parts;
use r_efi::efi::Guid;
use scroll::{Pread, Pwrite};
-use td_uefi_pi::pi::fv::{
+use td_shim_interface::td_uefi_pi::pi::fv::{
Checksum, CommonSectionHeader, FfsFileHeader, FirmwareVolumeExtHeader, FirmwareVolumeHeader,
FvBlockMap, FIRMWARE_FILE_SYSTEM2_GUID, FVH_SIGNATURE, FV_FILETYPE_FFS_PAD,
};
diff --git a/td-shim/src/lib.rs b/td-shim/src/lib.rs
index 03acda48..b2a2b141 100644
--- a/td-shim/src/lib.rs
+++ b/td-shim/src/lib.rs
@@ -6,13 +6,11 @@
use scroll::{Pread, Pwrite};
-use td_uefi_pi::pi::{self, guid};
+use td_shim_interface::td_uefi_pi::pi::{self, guid};
-pub mod acpi;
pub mod e820;
pub mod event_log;
pub mod fv;
-pub mod metadata;
pub mod reset_vector;
#[cfg(feature = "secure-boot")]
diff --git a/td-shim/src/reset_vector.rs b/td-shim/src/reset_vector.rs
index 4da0e187..328de5bf 100644
--- a/td-shim/src/reset_vector.rs
+++ b/td-shim/src/reset_vector.rs
@@ -8,7 +8,9 @@ use core::ptr::slice_from_raw_parts;
use r_efi::efi::Guid;
use scroll::{Pread, Pwrite};
use td_layout::build_time::TD_SHIM_RESET_VECTOR_SIZE;
-use td_uefi_pi::pi::fv::{CommonSectionHeader, FfsFileHeader, FV_FILETYPE_RAW, SECTION_RAW};
+use td_shim_interface::td_uefi_pi::pi::fv::{
+ CommonSectionHeader, FfsFileHeader, FV_FILETYPE_RAW, SECTION_RAW,
+};
use crate::write_u24;
diff --git a/td-shim/src/secure_boot.rs b/td-shim/src/secure_boot.rs
index 0587a73d..50db53e5 100644
--- a/td-shim/src/secure_boot.rs
+++ b/td-shim/src/secure_boot.rs
@@ -21,7 +21,7 @@ use ring::{
signature::{self, UnparsedPublicKey, VerificationAlgorithm},
};
use scroll::{Pread, Pwrite};
-use td_uefi_pi::{fv, pi};
+use td_shim_interface::td_uefi_pi::{fv, pi};
/// GUID for secure boot trust anchor in the Configuration Firmware Volume (CFV).
pub const CFV_FFS_HEADER_TRUST_ANCHOR_GUID: Guid = Guid::from_fields(
diff --git a/td-uefi-pi/Cargo.toml b/td-uefi-pi/Cargo.toml
deleted file mode 100644
index 0c9c1050..00000000
--- a/td-uefi-pi/Cargo.toml
+++ /dev/null
@@ -1,13 +0,0 @@
-[package]
-name = "td-uefi-pi"
-version = "0.1.0"
-description = "UEFI Platform Initializaiton data structures and accessors"
-repository = "https://github.com/confidential-containers/td-shim"
-homepage = "https://github.com/confidential-containers"
-license = "BSD-2-Clause-Patent"
-edition = "2018"
-
-[dependencies]
-log = "0.4.13"
-r-efi = "3.2.0"
-scroll = { version = "0.10", default-features = false, features = ["derive"] }
diff --git a/tests/test-td-payload/Cargo.toml b/tests/test-td-payload/Cargo.toml
index 31264841..1fa6cda8 100644
--- a/tests/test-td-payload/Cargo.toml
+++ b/tests/test-td-payload/Cargo.toml
@@ -13,7 +13,7 @@ r-efi = "3.2.0"
linked_list_allocator = "0.10.4"
log = "0.4.13"
cc-measurement = { path = "../../cc-measurement" }
-td-uefi-pi = { path = "../../td-uefi-pi" }
+td-shim-interface = { path = "../../td-shim-interface" }
tdx-tdcall = { path = "../../tdx-tdcall" , optional = true }
td-logger = { path = "../../td-logger" }
td-layout = { path = "../../td-layout" }
diff --git a/tests/test-td-payload/src/main.rs b/tests/test-td-payload/src/main.rs
index 10cb1313..e54305c6 100644
--- a/tests/test-td-payload/src/main.rs
+++ b/tests/test-td-payload/src/main.rs
@@ -52,7 +52,7 @@ use td_payload as _;
use td_payload::print;
use td_shim::e820::{E820Entry, E820Type};
use td_shim::{TD_ACPI_TABLE_HOB_GUID, TD_E820_TABLE_HOB_GUID};
-use td_uefi_pi::{fv, hob, pi};
+use td_shim_interface::td_uefi_pi::{fv, hob, pi};
use zerocopy::FromBytes;
const E820_TABLE_SIZE: usize = 128;
diff --git a/tests/test-td-payload/src/testacpi.rs b/tests/test-td-payload/src/testacpi.rs
index 00b0bfb2..0c688f97 100644
--- a/tests/test-td-payload/src/testacpi.rs
+++ b/tests/test-td-payload/src/testacpi.rs
@@ -12,9 +12,9 @@ use core::ffi::c_void;
use core::mem::size_of;
use serde::{Deserialize, Serialize};
use td_payload::hob::get_hob;
-use td_shim::acpi::GenericSdtHeader;
use td_shim::TD_ACPI_TABLE_HOB_GUID;
-use td_uefi_pi::hob;
+use td_shim_interface::acpi::GenericSdtHeader;
+use td_shim_interface::td_uefi_pi::hob;
use zerocopy::{AsBytes, FromBytes};
#[derive(Debug, Serialize, Deserialize)]
diff --git a/tests/test-td-payload/src/testmemmap.rs b/tests/test-td-payload/src/testmemmap.rs
index 3816b484..f7b10a51 100644
--- a/tests/test-td-payload/src/testmemmap.rs
+++ b/tests/test-td-payload/src/testmemmap.rs
@@ -15,7 +15,7 @@ use serde::{Deserialize, Serialize};
use td_payload::hob::get_hob;
use td_shim::e820::{self, E820Entry, E820Type};
use td_shim::TD_E820_TABLE_HOB_GUID;
-use td_uefi_pi::hob;
+use td_shim_interface::td_uefi_pi::hob;
use zerocopy::{AsBytes, FromBytes};
#[derive(Debug, Serialize, Deserialize)]
diff --git a/tests/test-td-payload/src/testtrustedboot.rs b/tests/test-td-payload/src/testtrustedboot.rs
index 9864eec9..072a6c8f 100644
--- a/tests/test-td-payload/src/testtrustedboot.rs
+++ b/tests/test-td-payload/src/testtrustedboot.rs
@@ -12,10 +12,10 @@ use core::{convert::TryInto, ffi::c_void, mem::size_of};
use ring::digest;
use scroll::Pread;
use td_payload::hob::get_hob;
-use td_shim::acpi::{Ccel, GenericSdtHeader};
use td_shim::event_log::CCEL_CC_TYPE_TDX;
use td_shim::TD_ACPI_TABLE_HOB_GUID;
-use td_uefi_pi::hob;
+use td_shim_interface::acpi::{Ccel, GenericSdtHeader};
+use td_shim_interface::td_uefi_pi::hob;
use tdx_tdcall::tdreport;
use zerocopy::{AsBytes, FromBytes};