From nobody Sat Apr 27 21:33:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+97347+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97347+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1671002141; cv=none; d=zohomail.com; s=zohoarc; b=bGyMGaIZvp+u9G7xaBeJJP7qq2H+EYveCfhFAFGnRgMwH2wukMsBA+OXCrGKQjBf8SgQd1PrVCdBCInPwKwEP3ynX0UWI5cXS1N6foMUcqJh1+hs2j+21zSXu9tGlG2yp9E6pbf4AJJ6mpFIQkmEicAOz7b/A3VdApCIXuIhM8w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1671002141; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=LaVCyDp5zx7iKULycZZGIl11mH7hjBf2eKR7qozFFME=; b=jVqx4uCIuHjvSAaFzIQLzzAK9phVQetTrdNhNUjyEMPicV+LHRDkA8f0MZdMDLtAKj4a29hSMEb+8imhwrfu3bysLdwW0kgEBqszO9RN6t3EFZ0O12if5Ad2onlPNnc/FxOq0pfpe1CM1EK/YR3VzZPshThv6gjbMaatf2xTLTc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97347+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167100214136155.567199138384694; Tue, 13 Dec 2022 23:15:41 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id N8PiYY1788612x1ApYIKhTq7; Tue, 13 Dec 2022 23:15:41 -0800 X-Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.96891.1671002139984151067 for ; Tue, 13 Dec 2022 23:15:40 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="317029414" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="317029414" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:23 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="599134763" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="599134763" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.31.173]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:21 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Arti Gupta Subject: [edk2-devel] [PATCH V1 1/3] OvmfPkg/TdTcg2Dxe: Fix incorrect protocol and structure version Date: Wed, 14 Dec 2022 15:14:17 +0800 Message-Id: <20221214071419.1813-2-min.m.xu@intel.com> In-Reply-To: <20221214071419.1813-1-min.m.xu@intel.com> References: <20221214071419.1813-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: DgqWljUUDS2uftAJPOglyjRnx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1671002141; bh=LlxEX1PjvfW98WxNH3gaEgFGKMIoJSsar2zBhhbo7TU=; h=Cc:Date:From:Reply-To:Subject:To; b=ILT5d43pPQC+9t6iQrAH6yyLXQTwFWEuFVj8NvrAi8Gc5ZJ5Px3B5uosVmOPhjqm1IW paofCuNWXxuUjEV6ag2KVY9S1MoBf6K1boyszqK2Sqi307+cEa7G9VBujCBcAgAguy3lM Jl5UqtDonxr5GykHjPP9z58GGG48WdPgRdk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1671002142662100004 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4184 According to the Uefi spec 2.10 Section 38.2.2. EFI_CC_MEASUREMENT_PROTOCOL.GetCapability, the minor version of StructureVersion and ProtocolVersion should be 0. Cc: Erdem Aktas [ruleof2] Cc: James Bottomley [jejb] Cc: Jiewen Yao [jyao1] Cc: Tom Lendacky [tlendacky] Cc: Arti Gupta Reported-by: Arti Gupta Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c b/OvmfPkg/IntelTdx/TdTc= g2Dxe/TdTcg2Dxe.c index e9315ecda17b..a6b4f8e0aa6b 100644 --- a/OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c +++ b/OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c @@ -2411,9 +2411,9 @@ DriverEntry ( =20 mTdxDxeData.BsCap.Size =3D sizeof (EFI_CC_BOOT_SERVICE= _CAPABILITY); mTdxDxeData.BsCap.ProtocolVersion.Major =3D 1; - mTdxDxeData.BsCap.ProtocolVersion.Minor =3D 1; + mTdxDxeData.BsCap.ProtocolVersion.Minor =3D 0; mTdxDxeData.BsCap.StructureVersion.Major =3D 1; - mTdxDxeData.BsCap.StructureVersion.Minor =3D 1; + mTdxDxeData.BsCap.StructureVersion.Minor =3D 0; =20 // // Get supported PCR and current Active PCRs --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97347): https://edk2.groups.io/g/devel/message/97347 Mute This Topic: https://groups.io/mt/95662130/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 27 21:33:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+97348+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97348+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1671002141; cv=none; d=zohomail.com; s=zohoarc; b=faKigN56ABT40pEn7CYUpYTuKADuMkl2NTPFXRgIvyeeCGCbW+/rvkrFPCGNlFNI6tDGzpG6g8wZ3jlKqBs5b14oA0JZ/q48sPqrvWOrSJ373KPOZl4mW/8Xc0SiBIYDEf1iQex2Exa/ff2gaWY5hZHTEd1UqIN5px0vG8EbU/s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1671002141; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=omSVYA72ymCXM2LlV+/NHv27NEUuDfr4mPyUAKQfDp0=; b=cbETtQ6PbL8SGENuAVxNbwAOXMcQKkTclaW1tK7FcOctjR7CVy5myafR9A2WDQDI0U0MXuCp8yzNCEjgc4cGPi7S35zZhUAE+wrYNI4S2C26cHUHSVxgBATkSLBay7UENs0hU6Fe+Exly4hcLZMD+IhM2K42lII3jJAzm3YvmRQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97348+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1671002141871450.9886694800906; Tue, 13 Dec 2022 23:15:41 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id s04YYY1788612xkV5V1g2NLW; Tue, 13 Dec 2022 23:15:41 -0800 X-Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.96891.1671002139984151067 for ; Tue, 13 Dec 2022 23:15:41 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="317029423" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="317029423" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:25 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="599134774" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="599134774" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.31.173]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:23 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Arti Gupta Subject: [edk2-devel] [PATCH V1 2/3] OvmfPkg/TdTcg2Dxe: Fix the mapping error between PCR index and MR index Date: Wed, 14 Dec 2022 15:14:18 +0800 Message-Id: <20221214071419.1813-3-min.m.xu@intel.com> In-Reply-To: <20221214071419.1813-1-min.m.xu@intel.com> References: <20221214071419.1813-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: 6y44I0r7Y1NRx5SJMUE3awMcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1671002141; bh=HaXAFrBY70HNylaP3EvKdhgXI1DHYdSlASfasf9zCEw=; h=Cc:Date:From:Reply-To:Subject:To; b=b6RwLSBdBCigEVj3o2Z+9E/o6mAzHZl0j8Fob4dhmpmgDTAylHrrgYKQnyp2b+ESiVL ooFNU2evndKLu2oMzTVbICTROoXCGJoQl8V5rW3ohYILVvHlyRDbRKyLMZmhYdXPrZPBX Bg6YZuBhExzrJUenOcuhEOzq92o0U4uujGc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1671002142665100005 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4179 According to UEFI Spec 2.10 it is supposed to return the mapping from PCR index to CC MR index: // // In the current version, we use the below mapping for TDX: // // TPM PCR Index | CC Measurement Register Index | TDX-measurement register // ----------------------------------------------------------------------- // 0 | 0 | MRTD // 1, 7 | 1 | RTMR[0] // 2~6 | 2 | RTMR[1] // 8~15 | 3 | RTMR[2] In the current implementation TdMapPcrToMrIndex returns the index of RTMR, not the MR index. After fix the spec unconsistent, other related codes are updated accordingly. 1) The index of event log uses the input MrIndex. 2) MrIndex is decreated by 1 before it is sent for RTMR extending. Cc: Erdem Aktas [ruleof2] Cc: James Bottomley [jejb] Cc: Jiewen Yao [jyao1] Cc: Tom Lendacky [tlendacky] Cc: Arti Gupta Reported-by: Arti Gupta Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c | 89 +++++++++++++++++--------- 1 file changed, 60 insertions(+), 29 deletions(-) diff --git a/OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c b/OvmfPkg/IntelTdx/TdTc= g2Dxe/TdTcg2Dxe.c index a6b4f8e0aa6b..d19923b0c682 100644 --- a/OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c +++ b/OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c @@ -49,7 +49,11 @@ #define PERF_ID_CC_TCG2_DXE 0x3130 =20 #define CC_EVENT_LOG_AREA_COUNT_MAX 1 -#define INVALID_RTMR_INDEX 4 +#define CC_MR_INDEX_0_MRTD 0 +#define CC_MR_INDEX_1_RTMR0 1 +#define CC_MR_INDEX_2_RTMR1 2 +#define CC_MR_INDEX_3_RTMR2 3 +#define CC_MR_INDEX_INVALID 4 =20 typedef struct { CHAR16 *VariableName; @@ -240,7 +244,7 @@ EFI_HANDLE mImageHandle; =20 Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInf= o(). =20 - @param[in] MrIndex RTMR index + @param[in] RtmrIndex RTMR index @param[in] ImageAddress Start address of image buffer. @param[in] ImageSize Image size @param[out] DigestList Digest list of this image. @@ -251,7 +255,7 @@ EFI_HANDLE mImageHandle; **/ EFI_STATUS MeasurePeImageAndExtend ( - IN UINT32 MrIndex, + IN UINT32 RtmrIndex, IN EFI_PHYSICAL_ADDRESS ImageAddress, IN UINTN ImageSize, OUT TPML_DIGEST_VALUES *DigestList @@ -925,10 +929,22 @@ TcgCommLogEvent ( } =20 /** - RTMR[0] =3D> PCR[1,7] - RTMR[1] =3D> PCR[2,3,4,5] - RTMR[2] =3D> PCR[8~15] - RTMR[3] =3D> NA + According to UEFI Spec 2.10 Section 38.4.1: + The following table shows the TPM PCR index mapping and CC event log m= easurement + register index interpretation for Intel TDX, where MRTD means Trust Doma= in Measurement + Register and RTMR means Runtime Measurement Register + + // TPM PCR Index | CC Measurement Register Index | TDX-measurement reg= ister + // ------------------------------------------------------------------= ------ + // 0 | 0 | MRTD + // 1, 7 | 1 | RTMR[0] + // 2~6 | 2 | RTMR[1] + // 8~15 | 3 | RTMR[2] + + @param[in] PCRIndex Index of the TPM PCR + + @retval UINT32 Index of the CC Event Log Measurement Re= gister Index + @retval CC_MR_INDEX_INVALID Invalid MR Index **/ UINT32 EFIAPI @@ -938,18 +954,20 @@ MapPcrToMrIndex ( { UINT32 MrIndex; =20 - if ((PCRIndex > 16) || (PCRIndex =3D=3D 6) || (PCRIndex =3D=3D 0)) { + if (PCRIndex > 15) { ASSERT (FALSE); - return INVALID_RTMR_INDEX; + return CC_MR_INDEX_INVALID; } =20 MrIndex =3D 0; - if ((PCRIndex =3D=3D 1) || (PCRIndex =3D=3D 7)) { - MrIndex =3D 0; - } else if ((PCRIndex > 1) && (PCRIndex < 6)) { - MrIndex =3D 1; - } else if ((PCRIndex > 7) && (PCRIndex < 16)) { - MrIndex =3D 2; + if (PCRIndex =3D=3D 0) { + MrIndex =3D CC_MR_INDEX_0_MRTD; + } else if ((PCRIndex =3D=3D 1) || (PCRIndex =3D=3D 7)) { + MrIndex =3D CC_MR_INDEX_1_RTMR0; + } else if ((PCRIndex >=3D 2) && (PCRIndex <=3D 6)) { + MrIndex =3D CC_MR_INDEX_2_RTMR1; + } else if ((PCRIndex >=3D 8) && (PCRIndex <=3D 15)) { + MrIndex =3D CC_MR_INDEX_3_RTMR2; } =20 return MrIndex; @@ -967,13 +985,9 @@ TdMapPcrToMrIndex ( return EFI_INVALID_PARAMETER; } =20 - if ((PCRIndex > 16) || (PCRIndex =3D=3D 0) || (PCRIndex =3D=3D 6)) { - return EFI_INVALID_PARAMETER; - } - *MrIndex =3D MapPcrToMrIndex (PCRIndex); =20 - return *MrIndex =3D=3D INVALID_RTMR_INDEX ? EFI_INVALID_PARAMETER : EFI_= SUCCESS; + return *MrIndex =3D=3D CC_MR_INDEX_INVALID ? EFI_INVALID_PARAMETER : EFI= _SUCCESS; } =20 /** @@ -1197,12 +1211,7 @@ TdxDxeLogHashEvent ( LogFormat =3D EFI_CC_EVENT_LOG_FORMAT_TCG_2; =20 ZeroMem (&CcEvent, sizeof (CcEvent)); - // - // The index of event log is designed as below: - // 0 : MRTD - // 1-4: RTMR[0-3] - // - CcEvent.MrIndex =3D NewEventHdr->MrIndex + 1; + CcEvent.MrIndex =3D NewEventHdr->MrIndex; CcEvent.EventType =3D NewEventHdr->EventType; DigestBuffer =3D (UINT8 *)&CcEvent.Digests; EventSizePtr =3D CopyDigestListToBuffer (DigestBuffer, DigestList, = HASH_ALG_SHA384); @@ -1270,8 +1279,16 @@ TdxDxeHashLogExtendEvent ( return Status; } =20 + // + // According to UEFI Spec 2.10 Section 38.4.1 the mapping between MrInde= x and Intel + // TDX Measurement Register is: + // MrIndex 0 <--> MRTD + // MrIndex 1-3 <--> RTMR[0-2] + // Only the RMTR registers can be extended in TDVF by HashAndExtend. So = MrIndex will + // decreased by 1 before it is sent to HashAndExtend. + // Status =3D HashAndExtend ( - NewEventHdr->MrIndex, + NewEventHdr->MrIndex - 1, HashData, (UINTN)HashDataLen, &DigestList @@ -1335,7 +1352,13 @@ TdHashLogExtendEvent ( return EFI_INVALID_PARAMETER; } =20 - if (CcEvent->Header.MrIndex > 4) { + if (CcEvent->Header.MrIndex =3D=3D CC_MR_INDEX_0_MRTD) { + DEBUG ((DEBUG_ERROR, "%a: MRTD cannot be extended in TDVF.\n", __FUNCT= ION__)); + return EFI_INVALID_PARAMETER; + } + + if (CcEvent->Header.MrIndex >=3D CC_MR_INDEX_INVALID) { + DEBUG ((DEBUG_ERROR, "%a: MrIndex is invalid. (%d)\n", __FUNCTION__, C= cEvent->Header.MrIndex)); return EFI_INVALID_PARAMETER; } =20 @@ -1343,8 +1366,16 @@ TdHashLogExtendEvent ( NewEventHdr.EventType =3D CcEvent->Header.EventType; NewEventHdr.EventSize =3D CcEvent->Size - sizeof (UINT32) - CcEvent->Hea= der.HeaderSize; if ((Flags & EFI_CC_FLAG_PE_COFF_IMAGE) !=3D 0) { + // + // According to UEFI Spec 2.10 Section 38.4.1 the mapping between MrIn= dex and Intel + // TDX Measurement Register is: + // MrIndex 0 <--> MRTD + // MrIndex 1-3 <--> RTMR[0-2] + // Only the RMTR registers can be extended in TDVF by HashAndExtend. S= o MrIndex will + // decreased by 1 before it is sent to MeasurePeImageAndExtend. + // Status =3D MeasurePeImageAndExtend ( - NewEventHdr.MrIndex, + NewEventHdr.MrIndex - 1, DataToHash, (UINTN)DataToHashLen, &DigestList --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97348): https://edk2.groups.io/g/devel/message/97348 Mute This Topic: https://groups.io/mt/95662131/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 27 21:33:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+97349+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97349+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1671002143; cv=none; d=zohomail.com; s=zohoarc; b=LDBKFnyZPFEr8Q7IcPDvxnww2dE1DEgG4CP+Q+8tVBh1g6Gg30Uqf9PNdZxs5CKxfse7Ig/So8hS8wqCBY9lqC4ZVNtq4f1YDPVQA4twALlh9WXYHmxCKh8jTqXJu/FACEYP2qiETYqlOTme9pR6SS6LhOBAKmkDx3MZLwPXFFo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1671002143; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=g69iN2XTeNamdktO/CiNhL6jlRHZBUaJleLaLS5O3CE=; b=BNcShYJC9d17d1PRkNgdRRChAV37PjpSCjLmWq/oyiFVKhlJSJTuJKSrh6MgIvNiCorE3ZkVBLSW9wL8FnR1dx+r7kEuN3GLeqGCOsidNqIOMP3SEtiVm0Z9XXkSu4TlP7OZomcHE9bSvIAk0invIACnzdKHmLGTapdAxC/gRgE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97349+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1671002143685291.64971364921723; Tue, 13 Dec 2022 23:15:43 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id UYZaYY1788612xixpbJXtrXh; Tue, 13 Dec 2022 23:15:43 -0800 X-Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.96891.1671002139984151067 for ; Tue, 13 Dec 2022 23:15:43 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="317029435" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="317029435" X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:27 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="599134785" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="599134785" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.31.173]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:25 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Arti Gupta Subject: [edk2-devel] [PATCH V1 3/3] OvmfPkg/SecTpmMeasurementLib: Fix the mapping error of PCR and RTMR index Date: Wed, 14 Dec 2022 15:14:19 +0800 Message-Id: <20221214071419.1813-4-min.m.xu@intel.com> In-Reply-To: <20221214071419.1813-1-min.m.xu@intel.com> References: <20221214071419.1813-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: tQOoepZffVVxHpn2UoFhn2Mxx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1671002143; bh=pBV5q2XeQJHRl5nipetr4ATNr+wDmgua7Ou49MJJOtg=; h=Cc:Date:From:Reply-To:Subject:To; b=rotL/LuJByB+DXgcM0pp5IVgeYakWRf2b7ak3PkLOeBny2kV3H2G0WMzHoBFMArFXaw +6cyKq015GWPSEXRlGflXCKfojxsE74R8RBUEeJ1GUZQ3sv43PkrJ0yTMlwzex0ZAji2c B12nbMXrcNokHoC/HLMQhXz4exZ8s48lWPM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1671002144639100013 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4179 TDVF has the feature to do RTMR measurement in SEC phase. In the same time it builds a GUID hob which carries the hash value of the measurement so that in DXE phase a td event can be created based on this GUID Hob. There is a mapping error between TPM PCR index and RTMR index according to UEFI 2.10. That PCR6 is missing in the mapping. This patch fixes this issue. Cc: Erdem Aktas [ruleof2] Cc: James Bottomley [jejb] Cc: Jiewen Yao [jyao1] Cc: Tom Lendacky [tlendacky] Cc: Arti Gupta Signed-off-by: Min Xu Reported-by: Arti Gupta --- .../Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibT= dx.c b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c index 38887b172dc0..36bfa373fe0f 100644 --- a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c @@ -33,12 +33,11 @@ typedef struct { /** Get the mapped RTMR index based on the input PCRIndex. RTMR[0] =3D> PCR[1,7] - RTMR[1] =3D> PCR[2,3,4,5] + RTMR[1] =3D> PCR[2,3,4,5,6] RTMR[2] =3D> PCR[8~15] RTMR[3] =3D> NA Note: PCR[0] is mapped to MRTD and should not appear here. - PCR[6] is reserved for OEM. It is not used. =20 @param[in] PCRIndex The input PCR index =20 @@ -51,7 +50,7 @@ GetMappedRtmrIndex ( { UINT8 RtmrIndex; =20 - if ((PCRIndex =3D=3D 6) || (PCRIndex =3D=3D 0) || (PCRIndex > 15)) { + if ((PCRIndex =3D=3D 0) || (PCRIndex > 15)) { DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRInd= ex)); ASSERT (FALSE); return INVALID_PCR2MR_INDEX; @@ -60,7 +59,7 @@ GetMappedRtmrIndex ( RtmrIndex =3D 0; if ((PCRIndex =3D=3D 1) || (PCRIndex =3D=3D 7)) { RtmrIndex =3D 0; - } else if ((PCRIndex >=3D 2) && (PCRIndex < 6)) { + } else if ((PCRIndex >=3D 2) && (PCRIndex <=3D 6)) { RtmrIndex =3D 1; } else if ((PCRIndex >=3D 8) && (PCRIndex <=3D 15)) { RtmrIndex =3D 2; --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97349): https://edk2.groups.io/g/devel/message/97349 Mute This Topic: https://groups.io/mt/95662133/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-