From nobody Sat May 18 20:15:39 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90209+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90209+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1654390986; cv=none; d=zohomail.com; s=zohoarc; b=BbG5Tic7Pc/L+4GGpeXyacX+g7awNUYTlTd9v22aZqGNdV2l92bLpeI8a5NYlJHGelg10Wt4E0XHNrNtJjkDQXbcXwpd9vwMMAd4tAFhHyrf7eENG9wjuJHAu+5P112Us85zypm5IznMw9n1JSgwXwNe9VBhAuwtimIFHPvu6NU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654390986; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=wZYOblcyLMOhfxzGHOVpqOWxdVGK4yVDCNiqLRZvGDA=; b=m1dkFbr5iWyw27Ll9bsHSvb8wrobSVW7J32JPIuSf/yB6dL2tWhZ1dII1g8Y+XsPbCQbqq5ZXi7Cbjn6/eICaVuQcdaMOj8U+p4D0CZzrvSOtc0z1jJSWdK+sStVxky6hwT/JzMPdztTu17/nM0WqUOly5yH6dz3z9SkyhusbB8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90209+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1654390986176432.51119366466867; Sat, 4 Jun 2022 18:03:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4ur2YY1788612xvQYZ8gYqRK; Sat, 04 Jun 2022 18:03:05 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.16251.1654390982054574984 for ; Sat, 04 Jun 2022 18:03:05 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10368"; a="276257318" X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="276257318" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:04 -0700 X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="608039323" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.120]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:01 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH 1/3] Security: Add SecTpmMeasurementLibTdx Date: Sun, 5 Jun 2022 09:02:46 +0800 Message-Id: <38899af2aee12706ec08b997ff086bf3c9f15686.1654390043.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: qHxsHyxGs2zt66q17nTKX9Vqx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1654390985; bh=c3UcutXl2jdcSU8yzfKVwVGLqXT8LV8QVpC+zjJHk+I=; h=Cc:Date:From:Reply-To:Subject:To; b=f1vjJobSVaC1oiNJKQoPZXJp1YQnMf0l4WspSzjAp/9BgvlwH/BWG0E/eZlEChyTWaO 7lXZUnX84S8AcxOMuxBiYT230KdgLNeYVGfavFF91c1BUlpSJylcM60UMsZ2U/rWqDpyt O1vWPY4fLJlgeRNl+yGYhGBprLOGU9uwgSw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1654390987260100007 Content-Type: text/plain; charset="utf-8" From: Min M Xu SecTpmMeasurementLitTdx is an instance of TpmMeasurementLib. It is designed to used in a Td guest. This lib measures and logs data, and extendx the measurement result into a specific RTMR. SecTpmMeasurementLibTdx is a refactored lib of OvmfPkg/Library/SecMeasurementLibTdx and it just copies GetMappedRtmrIndex/TdxMeasureAndLogData from that lib. At the end of this patch-set SecMeasurementLibTdx will be deleted. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Min Xu Reviewed-by: Jiewen Yao --- .../SecTpmMeasurementLibTdx.c | 176 ++++++++++++++++++ .../SecTpmMeasurementLibTdx.inf | 34 ++++ SecurityPkg/SecurityPkg.dsc | 2 + 3 files changed, 212 insertions(+) create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurem= entLibTdx.c create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurem= entLibTdx.inf diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibT= dx.c b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c new file mode 100644 index 000000000000..38887b172dc0 --- /dev/null +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c @@ -0,0 +1,176 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#pragma pack(1) + +typedef struct { + UINT32 Count; + TPMI_ALG_HASH HashAlg; + BYTE Sha384[SHA384_DIGEST_SIZE]; +} TDX_DIGEST_VALUE; + +#pragma pack() + +#define INVALID_PCR2MR_INDEX 0xFF + +/** + Get the mapped RTMR index based on the input PCRIndex. + RTMR[0] =3D> PCR[1,7] + RTMR[1] =3D> PCR[2,3,4,5] + RTMR[2] =3D> PCR[8~15] + RTMR[3] =3D> NA + Note: + PCR[0] is mapped to MRTD and should not appear here. + PCR[6] is reserved for OEM. It is not used. + + @param[in] PCRIndex The input PCR index + + @retval UINT8 The mapped RTMR index. +**/ +UINT8 +GetMappedRtmrIndex ( + IN UINT32 PCRIndex + ) +{ + UINT8 RtmrIndex; + + if ((PCRIndex =3D=3D 6) || (PCRIndex =3D=3D 0) || (PCRIndex > 15)) { + DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRInd= ex)); + ASSERT (FALSE); + return INVALID_PCR2MR_INDEX; + } + + RtmrIndex =3D 0; + if ((PCRIndex =3D=3D 1) || (PCRIndex =3D=3D 7)) { + RtmrIndex =3D 0; + } else if ((PCRIndex >=3D 2) && (PCRIndex < 6)) { + RtmrIndex =3D 1; + } else if ((PCRIndex >=3D 8) && (PCRIndex <=3D 15)) { + RtmrIndex =3D 2; + } + + return RtmrIndex; +} + +/** + Tpm measure and log data, and extend the measurement result into a speci= fic PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, = extended. + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogData ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen + ) +{ + EFI_STATUS Status; + UINT32 RtmrIndex; + VOID *EventHobData; + TCG_PCR_EVENT2 *TcgPcrEvent2; + UINT8 *DigestBuffer; + TDX_DIGEST_VALUE *TdxDigest; + TPML_DIGEST_VALUES DigestList; + UINT8 *Ptr; + + if (!TdIsEnabled ()) { + return EFI_UNSUPPORTED; + } + + RtmrIndex =3D GetMappedRtmrIndex (PcrIndex); + if (RtmrIndex =3D=3D INVALID_PCR2MR_INDEX) { + return EFI_INVALID_PARAMETER; + } + + DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType = 0x%x\n", PcrIndex, RtmrIndex, EventType)); + + Status =3D HashAndExtend ( + RtmrIndex, + (VOID *)HashData, + HashDataLen, + &DigestList + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status)); + return Status; + } + + // + // Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation + // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary + // which is limited to a SHA384 digest list + // + EventHobData =3D BuildGuidHob ( + &gCcEventEntryHobGuid, + sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2-= >EventType) + + sizeof (TDX_DIGEST_VALUE) + + sizeof (TcgPcrEvent2->EventSize) + LogLen + ); + + if (EventHobData =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Ptr =3D (UINT8 *)EventHobData; + // + // Initialize PcrEvent data now + // + RtmrIndex++; + CopyMem (Ptr, &RtmrIndex, sizeof (UINT32)); + Ptr +=3D sizeof (UINT32); + CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE)); + Ptr +=3D sizeof (TCG_EVENTTYPE); + + DigestBuffer =3D Ptr; + + TdxDigest =3D (TDX_DIGEST_VALUE *)DigestBuffer; + TdxDigest->Count =3D 1; + TdxDigest->HashAlg =3D TPM_ALG_SHA384; + CopyMem ( + TdxDigest->Sha384, + DigestList.digests[0].digest.sha384, + SHA384_DIGEST_SIZE + ); + + Ptr +=3D sizeof (TDX_DIGEST_VALUE); + + CopyMem (Ptr, &LogLen, sizeof (UINT32)); + Ptr +=3D sizeof (UINT32); + CopyMem (Ptr, EventLog, LogLen); + Ptr +=3D LogLen; + + Status =3D EFI_SUCCESS; + return Status; +} diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibT= dx.inf b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.i= nf new file mode 100644 index 000000000000..047d3aa80da6 --- /dev/null +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf @@ -0,0 +1,34 @@ +## @file +# Provides RTMR based measurement functions for Intel Tdx guest. +# +# This library provides TpmMeasureAndLogData() in a TDX guest to measure = and log data, and +# extend the measurement result into a specific RTMR. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecTpmMeasurementLibTdx + FILE_GUID =3D 1aeb641c-0324-47bd-b29d-e59671fc4106 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmMeasurementLib|SEC + +[Sources] + SecTpmMeasurementLibTdx.c + +[Packages] + CryptoPkg/CryptoPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gCcEventEntryHobGuid + +[LibraryClasses] + BaseLib + HashLib diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 0d8c997b2f40..d883747474e4 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -95,6 +95,7 @@ =20 [LibraryClasses.X64.SEC] HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf + TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasure= mentLibTdx.inf =20 [LibraryClasses.X64.DXE_DRIVER] HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf @@ -292,6 +293,7 @@ =20 [Components.X64] SecurityPkg/Library/HashLibTdx/HashLibTdx.inf + SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf =20 [Components.IA32, Components.X64] SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90209): https://edk2.groups.io/g/devel/message/90209 Mute This Topic: https://groups.io/mt/91551451/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 20:15:39 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90210+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90210+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1654390989; cv=none; d=zohomail.com; s=zohoarc; b=Wfo5EGR77LJYiJblvd8EWo3w2geHDmZjShK5o24i7Z1BqzxwxDqXSIOlvGUgf0Hf1hzdgkSRLEz1gmsGhgcp4KkSsTMgJSyj+vWuQQ/DUSsZ1WjXA6+bZ8IpdgKhIaKdFh6eQxyy5YyqmSF/uWFcitzGu3OfKUa5t1x3jXmp7q4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654390989; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=cmQtTkH1umQgtKU0CsUZIAE03SwhY+sWrX64sk24AUw=; b=P49PG4mwObkbP59qODf6fRSMlYHwFup1HWr6vcsWFmcgxJHbim1x4vF42vucgCV4I1bVTD0MKgvQEsUyPuCWyVZ15aBFy+nUC63DV+hBTejwcpfGFcvlzod8VKVjrmuWM8lgvzmxI7iKt0hk+wvWCJ9fsru8tN0j+FzXjTnltT0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90210+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1654390989562408.645923799411; Sat, 4 Jun 2022 18:03:09 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id rbroYY1788612xd6G4yoPY8E; Sat, 04 Jun 2022 18:03:09 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.16251.1654390982054574984 for ; Sat, 04 Jun 2022 18:03:08 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10368"; a="276257319" X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="276257319" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:07 -0700 X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="608039368" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.120]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:04 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH 2/3] OvmfPkg: Implement MeasureHobList/MeasureFvImage Date: Sun, 5 Jun 2022 09:02:47 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: ZewFo0U7iJVO4QkV6McEsWKdx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1654390989; bh=XGYWdvIZ628I6S5NOXVbhxewP5MYR0ZkFt25ntTXpJQ=; h=Cc:Date:From:Reply-To:Subject:To; b=RYwsAyuna4J9AXRMDsKEoF1++joefn1dZVHYqx2HBPNJg0jt+AVkobEqBWvJUJ24jyD dPTaUxFCGg8nuYtsUw5oExmgevxT+FhdkKCyulPc60tKhnwu/wiEkdyu0J24S1dg9V9BL f53hGQINrdUrhwWiQ2zo42gXNJBex2zOT2k= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1654390991288100004 Content-Type: text/plain; charset="utf-8" From: Min M Xu MeasureHobList and MeasureFvImage once were implemented in SecMeasurementTdxLib. The intention of this patch-set is to refactor SecMeasurementTdxLib to be an instance of TpmMeasurementLib. So these 2 functions (MeasureHobList/MeasureFvImage) are moved to PeilessStartupLib. This is because: 1. RTMR based trusted boot is implemented in Config-B (See below link) 2. PeilessStartupLib is designed for PEI-less boot and it is the right place to do the measurement for Hoblist and Config-FV. Config-B: https://edk2.groups.io/g/devel/message/76367 Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu Reviewed-by: Jiewen Yao --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 186 ++++++++++++++++++ .../PeilessStartupLib/PeilessStartup.c | 1 - .../PeilessStartupInternal.h | 36 ++++ .../PeilessStartupLib/PeilessStartupLib.inf | 2 +- 5 files changed, 224 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 43ab8bd089d9..a40f7228b98e 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -527,7 +527,7 @@ OvmfPkg/IntelTdx/Sec/SecMain.inf { NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf - SecMeasurementLib|OvmfPkg/Library/SecMeasurementLib/SecMeasurementLi= bTdx.inf + TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMea= surementLibTdx.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf diff --git a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c b/OvmfPkg/Library= /PeilessStartupLib/IntelTdx.c index d240d3b7719f..484fd21057c8 100644 --- a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c +++ b/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c @@ -9,8 +9,34 @@ #include #include #include +#include +#include +#include +#include +#include + #include "PeilessStartupInternal.h" =20 +#pragma pack(1) + +#define HANDOFF_TABLE_DESC "TdxTable" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} TDX_HANDOFF_TABLE_POINTERS2; + +#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} FV_HANDOFF_TABLE_POINTERS2; + +#pragma pack() + /** Check padding data all bit should be 1. =20 @@ -161,3 +187,163 @@ TdxValidateCfv ( =20 return TRUE; } + +/** + Measure the Hoblist passed from the VMM. + + @param[in] VmmHobList The Hoblist pass the firmware + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval Others Other errors as indicated +**/ +EFI_STATUS +EFIAPI +MeasureHobList ( + IN CONST VOID *VmmHobList + ) +{ + EFI_PEI_HOB_POINTERS Hob; + TDX_HANDOFF_TABLE_POINTERS2 HandoffTables; + EFI_STATUS Status; + + if (!TdIsEnabled ()) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + Hob.Raw =3D (UINT8 *)VmmHobList; + + // + // Parse the HOB list until end of list. + // + while (!END_OF_HOB_LIST (Hob)) { + Hob.Raw =3D GET_NEXT_HOB (Hob); + } + + // + // Init the log event for HOB measurement + // + + HandoffTables.TableDescriptionSize =3D sizeof (HandoffTables.TableDescri= ption); + CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (Han= doffTables.TableDescription)); + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenS= paceGuid); + HandoffTables.TableEntry[0].VendorTable =3D (VOID *)VmmHobList; + + Status =3D TpmMeasureAndLogData ( + 1, // PCRIndex + EV_EFI_HANDOFF_TABLES2, // EventType + (VOID *)&HandoffTables, // EventData + sizeof (HandoffTables), // EventSize + (UINT8 *)(UINTN)VmmHobList, // HashData + (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)VmmHobList) // HashDataLen + ); + + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + } + + return Status; +} + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +GetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + + if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) = > FvLength) { + return NULL; + } + + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Measure FV image. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + @param[in] PcrIndex Index of PCR + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureFvImage ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength, + IN UINT8 PcrIndex + ) +{ + EFI_STATUS Status; + FV_HANDOFF_TABLE_POINTERS2 FvBlob2; + VOID *FvName; + + // + // Init the log event for FV measurement + // + FvBlob2.BlobDescriptionSize =3D sizeof (FvBlob2.BlobDescription); + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2= .BlobDescription)); + FvName =3D GetFvName (FvBase, FvLength); + if (FvName !=3D NULL) { + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDes= cription), "Fv(%g)", FvName); + } + + FvBlob2.BlobBase =3D FvBase; + FvBlob2.BlobLength =3D FvLength; + + Status =3D TpmMeasureAndLogData ( + 1, // PCRIndex + EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType + (VOID *)&FvBlob2, // EventData + sizeof (FvBlob2), // EventSize + (UINT8 *)(UINTN)FvBase, // HashData + (UINTN)(FvLength) // HashDataLen + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x= %x\n", FvBase)); + ASSERT (FALSE); + } + + return Status; +} diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/L= ibrary/PeilessStartupLib/PeilessStartup.c index 54236b956c52..fdfefd00d732 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c @@ -20,7 +20,6 @@ #include #include #include -#include #include "PeilessStartupInternal.h" =20 #define GET_GPAW_INIT_STATE(INFO) ((UINT8) ((INFO) & 0x3f)) diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h b/O= vmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h index dd79b8a06b44..74b5f46552c2 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h @@ -69,4 +69,40 @@ TdxValidateCfv ( IN UINT32 TdxCfvSize ); =20 +/** + Measure the Hoblist passed from the VMM. + + @param[in] VmmHobList The Hoblist pass the firmware + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval Others Other errors as indicated +**/ +EFI_STATUS +EFIAPI +MeasureHobList ( + IN CONST VOID *VmmHobList + ); + +/** + Measure FV image. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + @param[in] PcrIndex Index of PCR + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureFvImage ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength, + IN UINT8 PcrIndex + ); + #endif diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/Ovmf= Pkg/Library/PeilessStartupLib/PeilessStartupLib.inf index c5d291f02bcd..def50b4b019e 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -58,7 +58,7 @@ QemuFwCfgLib PlatformInitLib HashLib - SecMeasurementLib + TpmMeasurementLib =20 [Guids] gEfiHobMemoryAllocModuleGuid --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90210): https://edk2.groups.io/g/devel/message/90210 Mute This Topic: https://groups.io/mt/91551452/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 20:15:39 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90211+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90211+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1654390990; cv=none; d=zohomail.com; s=zohoarc; b=Cr9Z1XlyJananyFOCzUg+xldHquODp6zNca4eW0vwbRWoYCyeZjgC/+kc05Ghe9qA/jhMvE03FJtNhIBy8g83HGyPerQLkNllCyIWIU/39lfXRGXS1UIn1bV+F1L9v0Sf3Xdd6RlvBo82Ha2tTg7VUJaucWNBWz3HedfzBE/FdU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654390990; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=urVjsm6AqyvArnbEXiWBbSlfntmZIdLm50grZ3FaYu4=; b=EHv8DKy7lIbZGQBbFqFRP2hCfzKE69SSaWVM7ee9jijbQTdTFfTGn/Ne5bDSoGzT+VGK4OcPAg6glcmJZhPJoXI+Ua7E9HxG/WZKvZ2mjPiXMrVh930xgkQa2wEVxgrshY1eMK+Xaf1tk/0MXNpWfr1C3dPIFXka2y9Z7hS/J/Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90211+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1654390990765135.3600485566716; Sat, 4 Jun 2022 18:03:10 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1fAwYY1788612xgMKp5mYWOt; Sat, 04 Jun 2022 18:03:10 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.16251.1654390982054574984 for ; Sat, 04 Jun 2022 18:03:09 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10368"; a="276257341" X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="276257341" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:09 -0700 X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="608039388" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.120]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:07 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Gerd Hoffmann , Jiewen Yao Subject: [edk2-devel] [PATCH 3/3] OvmfPkg: Delete SecMeasurementLibTdx Date: Sun, 5 Jun 2022 09:02:48 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: OZBfzWRI1EellsXp4X9jEerGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1654390990; bh=fhXC1TgO1VP9NZHEcg4O4HrvXQ/gkaDDX5kKpyZImBc=; h=Cc:Date:From:Reply-To:Subject:To; b=NqHoPc/61KEu1ruLakHqZhM6/vN9GYkQXKN1So2cocsnUaWbU4KMBcQGDdn+9+a45wQ 9nYRTwYmuM84EBPVGuJyckr+YzlhtDbl2AOO8a/0rfX/1vSMniPYRv4Fk0hMH5XjQOnoj XC+pmW3xlJ7Bby9HgdRklmWNGAhVETC6SLE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1654390991259100003 Content-Type: text/plain; charset="utf-8" From: Min M Xu The feature of SecMeasurementLibTdx is replaced by SecTpmMeasurementLibTdx (which is in SecurityPkg). So SecMeasurementLibTdx is deleted. Cc: Gerd Hoffmann Cc: Jiewen Yao Signed-off-by: Min Xu Reviewed-by: Jiewen Yao --- OvmfPkg/Include/Library/SecMeasurementLib.h | 46 --- .../SecMeasurementLib/SecMeasurementLibTdx.c | 340 ------------------ .../SecMeasurementLibTdx.inf | 30 -- OvmfPkg/OvmfPkg.dec | 4 - 4 files changed, 420 deletions(-) delete mode 100644 OvmfPkg/Include/Library/SecMeasurementLib.h delete mode 100644 OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c delete mode 100644 OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.= inf diff --git a/OvmfPkg/Include/Library/SecMeasurementLib.h b/OvmfPkg/Include/= Library/SecMeasurementLib.h deleted file mode 100644 index ca7a7dc3a9b2..000000000000 --- a/OvmfPkg/Include/Library/SecMeasurementLib.h +++ /dev/null @@ -1,46 +0,0 @@ -/** @file - - Copyright (c) 2021, Intel Corporation. All rights reserved.
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef SEC_MEASUREMENT_LIB_H_ -#define SEC_MEASUREMENT_LIB_H_ - -/** - Measure the Hoblist passed from the VMM. - - @param[in] VmmHobList The Hoblist pass the firmware - - @retval EFI_SUCCESS Fv image is measured successfully - or it has been already measured. - @retval Others Other errors as indicated -**/ -EFI_STATUS -EFIAPI -MeasureHobList ( - IN CONST VOID *VmmHobList - ); - -/** - Measure FV image. - - @param[in] FvBase Base address of FV image. - @param[in] FvLength Length of FV image. - @param[in] PcrIndex Index of PCR - - @retval EFI_SUCCESS Fv image is measured successfully - or it has been already measured. - @retval Others Other errors as indicated -**/ -EFI_STATUS -EFIAPI -MeasureFvImage ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength, - IN UINT8 PcrIndex - ); - -#endif diff --git a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c b/Ovm= fPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c deleted file mode 100644 index 274fda1e563e..000000000000 --- a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c +++ /dev/null @@ -1,340 +0,0 @@ -/** @file -* -* Copyright (c) 2021, Intel Corporation. All rights reserved.
-* SPDX-License-Identifier: BSD-2-Clause-Patent -* -**/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#pragma pack(1) - -typedef struct { - UINT32 count; - TPMI_ALG_HASH hashAlg; - BYTE sha384[SHA384_DIGEST_SIZE]; -} TDX_DIGEST_VALUE; - -#define HANDOFF_TABLE_DESC "TdxTable" -typedef struct { - UINT8 TableDescriptionSize; - UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)]; - UINT64 NumberOfTables; - EFI_CONFIGURATION_TABLE TableEntry[1]; -} TDX_HANDOFF_TABLE_POINTERS2; - -#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" -typedef struct { - UINT8 BlobDescriptionSize; - UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)]; - EFI_PHYSICAL_ADDRESS BlobBase; - UINT64 BlobLength; -} FV_HANDOFF_TABLE_POINTERS2; - -#pragma pack() - -#define INVALID_PCR2MR_INDEX 0xFF - -/** - RTMR[0] =3D> PCR[1,7] - RTMR[1] =3D> PCR[2,3,4,5] - RTMR[2] =3D> PCR[8~15] - RTMR[3] =3D> NA - Note: - PCR[0] is mapped to MRTD and should not appear here. - PCR[6] is reserved for OEM. It is not used. -**/ -UINT8 -GetMappedRtmrIndex ( - UINT32 PCRIndex - ) -{ - UINT8 RtmrIndex; - - if ((PCRIndex =3D=3D 6) || (PCRIndex =3D=3D 0) || (PCRIndex > 15)) { - DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRInd= ex)); - ASSERT (FALSE); - return INVALID_PCR2MR_INDEX; - } - - RtmrIndex =3D 0; - if ((PCRIndex =3D=3D 1) || (PCRIndex =3D=3D 7)) { - RtmrIndex =3D 0; - } else if ((PCRIndex >=3D 2) && (PCRIndex < 6)) { - RtmrIndex =3D 1; - } else if ((PCRIndex >=3D 8) && (PCRIndex <=3D 15)) { - RtmrIndex =3D 2; - } - - return RtmrIndex; -} - -/** - Tpm measure and log data, and extend the measurement result into a speci= fic PCR. - - @param[in] PcrIndex PCR Index. - @param[in] EventType Event type. - @param[in] EventLog Measurement event log. - @param[in] LogLen Event log length in bytes. - @param[in] HashData The start of the data buffer to be hashed, = extended. - @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_UNSUPPORTED TPM device not available. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. -**/ -EFI_STATUS -EFIAPI -TdxMeasureAndLogData ( - IN UINT32 PcrIndex, - IN UINT32 EventType, - IN VOID *EventLog, - IN UINT32 LogLen, - IN VOID *HashData, - IN UINT64 HashDataLen - ) -{ - EFI_STATUS Status; - UINT32 RtmrIndex; - VOID *EventHobData; - TCG_PCR_EVENT2 *TcgPcrEvent2; - UINT8 *DigestBuffer; - TDX_DIGEST_VALUE *TdxDigest; - TPML_DIGEST_VALUES DigestList; - UINT8 *Ptr; - - RtmrIndex =3D GetMappedRtmrIndex (PcrIndex); - if (RtmrIndex =3D=3D INVALID_PCR2MR_INDEX) { - return EFI_INVALID_PARAMETER; - } - - DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType = 0x%x\n", PcrIndex, RtmrIndex, EventType)); - - Status =3D HashAndExtend ( - RtmrIndex, - (VOID *)HashData, - HashDataLen, - &DigestList - ); - - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status)); - return Status; - } - - // - // Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation - // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary - // which is limited to a SHA384 digest list - // - EventHobData =3D BuildGuidHob ( - &gCcEventEntryHobGuid, - sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2-= >EventType) + - sizeof (TDX_DIGEST_VALUE) + - sizeof (TcgPcrEvent2->EventSize) + LogLen - ); - - if (EventHobData =3D=3D NULL) { - return EFI_OUT_OF_RESOURCES; - } - - Ptr =3D (UINT8 *)EventHobData; - // - // Initialize PcrEvent data now - // - RtmrIndex++; - CopyMem (Ptr, &RtmrIndex, sizeof (UINT32)); - Ptr +=3D sizeof (UINT32); - CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE)); - Ptr +=3D sizeof (TCG_EVENTTYPE); - - DigestBuffer =3D Ptr; - - TdxDigest =3D (TDX_DIGEST_VALUE *)DigestBuffer; - TdxDigest->count =3D 1; - TdxDigest->hashAlg =3D TPM_ALG_SHA384; - CopyMem ( - TdxDigest->sha384, - DigestList.digests[0].digest.sha384, - SHA384_DIGEST_SIZE - ); - - Ptr +=3D sizeof (TDX_DIGEST_VALUE); - - CopyMem (Ptr, &LogLen, sizeof (UINT32)); - Ptr +=3D sizeof (UINT32); - CopyMem (Ptr, EventLog, LogLen); - Ptr +=3D LogLen; - - Status =3D EFI_SUCCESS; - return Status; -} - -/** - Measure the Hoblist passed from the VMM. - - @param[in] VmmHobList The Hoblist pass the firmware - - @retval EFI_SUCCESS Fv image is measured successfully - or it has been already measured. - @retval Others Other errors as indicated -**/ -EFI_STATUS -EFIAPI -MeasureHobList ( - IN CONST VOID *VmmHobList - ) -{ - EFI_PEI_HOB_POINTERS Hob; - TDX_HANDOFF_TABLE_POINTERS2 HandoffTables; - EFI_STATUS Status; - - if (!TdIsEnabled ()) { - ASSERT (FALSE); - return EFI_UNSUPPORTED; - } - - Hob.Raw =3D (UINT8 *)VmmHobList; - - // - // Parse the HOB list until end of list. - // - while (!END_OF_HOB_LIST (Hob)) { - Hob.Raw =3D GET_NEXT_HOB (Hob); - } - - // - // Init the log event for HOB measurement - // - - HandoffTables.TableDescriptionSize =3D sizeof (HandoffTables.TableDescri= ption); - CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (Han= doffTables.TableDescription)); - HandoffTables.NumberOfTables =3D 1; - CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenS= paceGuid); - HandoffTables.TableEntry[0].VendorTable =3D (VOID *)VmmHobList; - - Status =3D TdxMeasureAndLogData ( - 1, // PCRIndex - EV_EFI_HANDOFF_TABLES2, // EventType - (VOID *)&HandoffTables, // EventData - sizeof (HandoffTables), // EventSize - (UINT8 *)(UINTN)VmmHobList, // HashData - (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)VmmHobList) // HashDataLen - ); - - if (EFI_ERROR (Status)) { - ASSERT (FALSE); - } - - return Status; -} - -/** - Get the FvName from the FV header. - - Causion: The FV is untrusted input. - - @param[in] FvBase Base address of FV image. - @param[in] FvLength Length of FV image. - - @return FvName pointer - @retval NULL FvName is NOT found -**/ -VOID * -GetFvName ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength - ) -{ - EFI_FIRMWARE_VOLUME_HEADER *FvHeader; - EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; - - if (FvBase >=3D MAX_ADDRESS) { - return NULL; - } - - if (FvLength >=3D MAX_ADDRESS - FvBase) { - return NULL; - } - - if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { - return NULL; - } - - FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; - if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { - return NULL; - } - - if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) = > FvLength) { - return NULL; - } - - FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); - - return &FvExtHeader->FvName; -} - -/** - Measure FV image. - - @param[in] FvBase Base address of FV image. - @param[in] FvLength Length of FV image. - @param[in] PcrIndex Index of PCR - - @retval EFI_SUCCESS Fv image is measured successfully - or it has been already measured. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -EFIAPI -MeasureFvImage ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength, - IN UINT8 PcrIndex - ) -{ - EFI_STATUS Status; - FV_HANDOFF_TABLE_POINTERS2 FvBlob2; - VOID *FvName; - - // - // Init the log event for FV measurement - // - FvBlob2.BlobDescriptionSize =3D sizeof (FvBlob2.BlobDescription); - CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2= .BlobDescription)); - FvName =3D GetFvName (FvBase, FvLength); - if (FvName !=3D NULL) { - AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDes= cription), "Fv(%g)", FvName); - } - - FvBlob2.BlobBase =3D FvBase; - FvBlob2.BlobLength =3D FvLength; - - Status =3D TdxMeasureAndLogData ( - 1, // PCRIndex - EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType - (VOID *)&FvBlob2, // EventData - sizeof (FvBlob2), // EventSize - (UINT8 *)(UINTN)FvBase, // HashData - (UINTN)(FvLength) // HashDataLen - ); - - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x= %x\n", FvBase)); - ASSERT (FALSE); - } - - return Status; -} diff --git a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf b/O= vmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf deleted file mode 100644 index 6215df5af8fc..000000000000 --- a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf +++ /dev/null @@ -1,30 +0,0 @@ -#/** @file -# -# Copyright (c) 2021, Intel Corporation. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -#**/ - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D SecMeasurementLibTdx - FILE_GUID =3D 3e3fc69d-e834-40e9-96ed-e1e721f41883 - MODULE_TYPE =3D BASE - VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D SecMeasurementLib - -[Sources] - SecMeasurementLibTdx.c - -[Packages] - MdePkg/MdePkg.dec - OvmfPkg/OvmfPkg.dec - CryptoPkg/CryptoPkg.dec - SecurityPkg/SecurityPkg.dec - -[Guids] - gCcEventEntryHobGuid - gUefiOvmfPkgTokenSpaceGuid - -[LibraryClasses] - HashLib diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 5fe487f82d1a..7b114a5e63b2 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -125,10 +125,6 @@ # PeilessStartupLib|Include/Library/PeilessStartupLib.h =20 - ## @libraryclass SecMeasurementLib - # - SecMeasurementLib|Include/Library/SecMeasurementLib.h - [Guids] gUefiOvmfPkgTokenSpaceGuid =3D {0x93bb96af, 0xb9f2, 0x4eb8, {= 0x94, 0x62, 0xe0, 0xba, 0x74, 0x56, 0x42, 0x36}} gEfiXenInfoGuid =3D {0xd3b46f3b, 0xd441, 0x1244, {= 0x9a, 0x12, 0x0, 0x12, 0x27, 0x3f, 0xc1, 0x4d}} --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90211): https://edk2.groups.io/g/devel/message/90211 Mute This Topic: https://groups.io/mt/91551453/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-