From: Min M Xu <min.m.xu@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
TdxHelperLib provides below helper functions for a td-guest.
- TdxHelperProcessTdHob
- TdxHelperMeasureTdHob
- TdxHelperMeasureCfvImage
- TdxHelperBuildGuidHobForTdxMeasurement
SecTdxHelperLib is the SEC instance of TdxHelperLib. It implements 4
functions for tdx in SEC phase:
- TdxHelperProcessTdHob consumes TdHob to accept un-accepted memories.
Before the TdHob is consumed, it is first validated.
- TdxHelperMeasureTdHob measure/extend TdHob and store the measurement
value in workarea.
- TdxHelperMeasureCfvImage measure/extend the Configuration FV image and
store the measurement value in workarea.
- TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for tdx
measurement.
This patch implements TdxHelperMeasureTdHob and TdxHelperMeasureCfvImage.
TdxHelperProcessTdHob and TdxHelperBuildGuidHobForTdxMeasurement will be
implemented in the following patches. Because these 2 functions are to be
moved from other files, such as PlatformInitLib/IntelTdx.c.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c | 221 ++++++++++++++++++
.../IntelTdx/TdxHelperLib/SecTdxHelperLib.inf | 52 +++++
2 files changed, 273 insertions(+)
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
create mode 100644 OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
new file mode 100644
index 000000000000..2cb12bd9c7e1
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
@@ -0,0 +1,221 @@
+/** @file
+ TdxHelper Functions which are used in SEC phase
+
+ Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <IndustryStandard/IntelTdx.h>
+#include <IndustryStandard/Tpm20.h>
+#include <Library/TdxLib.h>
+#include <Pi/PrePiHob.h>
+#include <WorkArea.h>
+#include <ConfidentialComputingGuestAttr.h>
+#include <Library/TdxHelperLib.h>
+
+/**
+ In Tdx guest, some information need to be passed from host VMM to guest
+ firmware. For example, the memory resource, etc. These information are
+ prepared by host VMM and put in TdHob which is described in TdxMetadata.
+ TDVF processes the TdHob to accept memories.
+
+ @retval EFI_SUCCESS Successfully process the TdHob
+ @retval Others Other error as indicated
+**/
+EFI_STATUS
+EFIAPI
+TdxHelperProcessTdHob (
+ VOID
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+//
+// SHA512_CTX is defined in <openssl/sha.h> and its size is 216 bytes.
+// It can be built successfully with GCC5 compiler but failed with VS2019.
+// The error code showed in VS2019 is that "openssl/sha.h" cannot be found.
+// To overcome this error SHA512_CTX_SIZE is defined.
+//
+#define SHA512_CTX_SIZ 216
+
+/**
+ * Calculate the sha384 of input Data and extend it to RTMR register.
+ *
+ * @param RtmrIndex Index of the RTMR register
+ * @param DataToHash Data to be hashed
+ * @param DataToHashLen Length of the data
+ * @param Digest Hash value of the input data
+ * @param DigestLen Length of the hash value
+ *
+ * @retval EFI_SUCCESS Successfully hash and extend to RTMR
+ * @retval Others Other errors as indicated
+ */
+STATIC
+EFI_STATUS
+HashAndExtendToRtmr (
+ IN UINT32 RtmrIndex,
+ IN VOID *DataToHash,
+ IN UINTN DataToHashLen,
+ OUT UINT8 *Digest,
+ IN UINTN DigestLen
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Sha384Ctx[SHA512_CTX_SIZ];
+
+ if ((DataToHash == NULL) || (DataToHashLen == 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if ((Digest == NULL) || (DigestLen != SHA384_DIGEST_SIZE)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Calculate the sha384 of the data
+ //
+ Sha384Init (Sha384Ctx);
+ Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
+ Sha384Final (Sha384Ctx, Digest);
+
+ //
+ // Extend to RTMR
+ //
+ Status = TdExtendRtmr (
+ (UINT32 *)Digest,
+ SHA384_DIGEST_SIZE,
+ (UINT8)RtmrIndex
+ );
+
+ ASSERT (!EFI_ERROR (Status));
+ return Status;
+}
+
+/**
+ In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
+ the information of the memory resource. From the security perspective before
+ it is consumed, it should be measured and extended.
+ *
+ * @retval EFI_SUCCESS Successfully measure the TdHob
+ * @retval Others Other error as indicated
+ */
+EFI_STATUS
+EFIAPI
+TdxHelperMeasureTdHob (
+ VOID
+ )
+{
+ EFI_PEI_HOB_POINTERS Hob;
+ EFI_STATUS Status;
+ UINT8 Digest[SHA384_DIGEST_SIZE];
+ OVMF_WORK_AREA *WorkArea;
+ VOID *TdHob;
+
+ TdHob = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
+ Hob.Raw = (UINT8 *)TdHob;
+
+ //
+ // Walk thru the TdHob list until end of list.
+ //
+ while (!END_OF_HOB_LIST (Hob)) {
+ Hob.Raw = GET_NEXT_HOB (Hob);
+ }
+
+ Status = HashAndExtendToRtmr (
+ 0,
+ (UINT8 *)TdHob,
+ (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)TdHob),
+ Digest,
+ SHA384_DIGEST_SIZE
+ );
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // This function is called in SEC phase and at that moment the Hob service
+ // is not available. So the TdHob measurement value is stored in workarea.
+ //
+ WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+ if (WorkArea == NULL) {
+ return EFI_DEVICE_ERROR;
+ }
+
+ WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap |= TDX_MEASUREMENT_TDHOB_BITMASK;
+ CopyMem (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.TdHobHashValue, Digest, SHA384_DIGEST_SIZE);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ * In Tdx guest, Configuration FV (CFV) is treated as external input because it
+ * may contain the data provided by VMM. From the sucurity perspective Cfv image
+ * should be measured before it is consumed.
+ *
+ * @retval EFI_SUCCESS Successfully measure the CFV image
+ * @retval Others Other error as indicated
+ */
+EFI_STATUS
+EFIAPI
+TdxHelperMeasureCfvImage (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Digest[SHA384_DIGEST_SIZE];
+ OVMF_WORK_AREA *WorkArea;
+
+ Status = HashAndExtendToRtmr (
+ 0,
+ (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase),
+ (UINT64)PcdGet32 (PcdCfvRawDataSize),
+ Digest,
+ SHA384_DIGEST_SIZE
+ );
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // This function is called in SEC phase and at that moment the Hob service
+ // is not available. So CfvImage measurement value is stored in workarea.
+ //
+ WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+ if (WorkArea == NULL) {
+ return EFI_DEVICE_ERROR;
+ }
+
+ WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap |= TDX_MEASUREMENT_CFVIMG_BITMASK;
+ CopyMem (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.CfvImgHashValue, Digest, SHA384_DIGEST_SIZE);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Build the GuidHob for tdx measurements which were done in SEC phase.
+ The measurement values are stored in WorkArea.
+
+ @retval EFI_SUCCESS The GuidHob is built successfully
+ @retval Others Other errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+TdxHelperBuildGuidHobForTdxMeasurement (
+ VOID
+ )
+{
+ return EFI_UNSUPPORTED;
+}
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
new file mode 100644
index 000000000000..3c6b96f7759a
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
@@ -0,0 +1,52 @@
+## @file
+# TdxHelperLib SEC instance
+#
+# This module provides Tdx helper functions in SEC phase.
+# Copyright (c) 2021 - 2023, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SecTdxHelperLib
+ FILE_GUID = ba69ac6b-0c59-4472-899d-b684590ec1e9
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxHelperLib|SEC
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = X64
+#
+
+[Sources]
+ SecTdxHelper.c
+
+[Packages]
+ CryptoPkg/CryptoPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseCryptLib
+ DebugLib
+ HobLib
+ PcdLib
+ TdxMailboxLib
+ TdxLib
+
+[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
+
+[Guids]
+ gCcEventEntryHobGuid
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98994): https://edk2.groups.io/g/devel/message/98994
Mute This Topic: https://groups.io/mt/96513452/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-> +// > +// SHA512_CTX is defined in <openssl/sha.h> and its size is 216 bytes. > +// It can be built successfully with GCC5 compiler but failed with VS2019. > +// The error code showed in VS2019 is that "openssl/sha.h" cannot be found. > +// To overcome this error SHA512_CTX_SIZE is defined. > +// > +#define SHA512_CTX_SIZ 216 There is Sha384GetContextSize() take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99017): https://edk2.groups.io/g/devel/message/99017 Mute This Topic: https://groups.io/mt/96513452/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On January 25, 2023 8:16 PM, Gerd Hoffmann wrote: > > +// > > +// SHA512_CTX is defined in <openssl/sha.h> and its size is 216 bytes. > > +// It can be built successfully with GCC5 compiler but failed with VS2019. > > +// The error code showed in VS2019 is that "openssl/sha.h" cannot be found. > > +// To overcome this error SHA512_CTX_SIZE is defined. > > +// > > +#define SHA512_CTX_SIZ 216 > > There is Sha384GetContextSize() > HashAndExtendToRtmr is designed to be run in very early stage and at that stage Memory allocation service is not ready. So we have to declare an array with size of SHA512_CTX_SIZE(216). Variable-length automatic arrays are allowed in C99. https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html So if ovmf is built with GCC, then the code below works: UINT8 Sha384Ctx[Sha384GetContextSize ()]; But unfortunately it is not supported in VS series. (I test it with VS2017) Building ... tdvf2\EmbeddedPkg\Library\PrePiMemoryAllocationLib\PrePiMemoryAllocationLib.inf [X64] tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2057: expected constant expression tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2466: cannot allocate an array of constant size 0 tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2133: 'Sha384Ctx': unknown size So Sha384GetContextSize() cannot be used here. Thanks Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99057): https://edk2.groups.io/g/devel/message/99057 Mute This Topic: https://groups.io/mt/96513452/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hey I don't think it is a good idea to define a context size here, because that will assume the openssl implementation. Please don't do that. Could you please just use Sha384HashAll() API, if you don't like to allocate memory? Thank you Yao, Jiewen > -----Original Message----- > From: Xu, Min M <min.m.xu@intel.com> > Sent: Thursday, January 26, 2023 9:57 AM > To: devel@edk2.groups.io; kraxel@redhat.com > Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley > <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom Lendacky > <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com> > Subject: RE: [edk2-devel] [PATCH V3 3/9] OvmfPkg/IntelTdx: Add > SecTdxHelperLib > > On January 25, 2023 8:16 PM, Gerd Hoffmann wrote: > > > +// > > > +// SHA512_CTX is defined in <openssl/sha.h> and its size is 216 bytes. > > > +// It can be built successfully with GCC5 compiler but failed with VS2019. > > > +// The error code showed in VS2019 is that "openssl/sha.h" cannot be > found. > > > +// To overcome this error SHA512_CTX_SIZE is defined. > > > +// > > > +#define SHA512_CTX_SIZ 216 > > > > There is Sha384GetContextSize() > > > HashAndExtendToRtmr is designed to be run in very early stage and at that stage > Memory allocation service is not ready. So we have to declare an array with size > of SHA512_CTX_SIZE(216). > > Variable-length automatic arrays are allowed in C99. > https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html So if ovmf is built with > GCC, then the code below works: > UINT8 Sha384Ctx[Sha384GetContextSize ()]; > > But unfortunately it is not supported in VS series. (I test it with VS2017) > Building ... > tdvf2\EmbeddedPkg\Library\PrePiMemoryAllocationLib\PrePiMemoryAllocation > Lib.inf [X64] > tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2057: > expected constant expression > tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2466: > cannot allocate an array of constant size 0 > tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2133: > 'Sha384Ctx': unknown size > > So Sha384GetContextSize() cannot be used here. > > Thanks > Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99059): https://edk2.groups.io/g/devel/message/99059 Mute This Topic: https://groups.io/mt/96513452/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Ah, yes. We can call Sha384HashAll(). Thanks for reminder! > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Thursday, January 26, 2023 10:02 AM > To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io; > kraxel@redhat.com > Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley > <jejb@linux.ibm.com>; Tom Lendacky <thomas.lendacky@amd.com>; > Michael Roth <michael.roth@amd.com> > Subject: RE: [edk2-devel] [PATCH V3 3/9] OvmfPkg/IntelTdx: Add > SecTdxHelperLib > > Hey > I don't think it is a good idea to define a context size here, because that will > assume the openssl implementation. Please don't do that. > > Could you please just use Sha384HashAll() API, if you don't like to allocate > memory? > > Thank you > Yao, Jiewen > > > -----Original Message----- > > From: Xu, Min M <min.m.xu@intel.com> > > Sent: Thursday, January 26, 2023 9:57 AM > > To: devel@edk2.groups.io; kraxel@redhat.com > > Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley > > <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom > Lendacky > > <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com> > > Subject: RE: [edk2-devel] [PATCH V3 3/9] OvmfPkg/IntelTdx: Add > > SecTdxHelperLib > > > > On January 25, 2023 8:16 PM, Gerd Hoffmann wrote: > > > > +// > > > > +// SHA512_CTX is defined in <openssl/sha.h> and its size is 216 bytes. > > > > +// It can be built successfully with GCC5 compiler but failed with > VS2019. > > > > +// The error code showed in VS2019 is that "openssl/sha.h" cannot > > > > +be > > found. > > > > +// To overcome this error SHA512_CTX_SIZE is defined. > > > > +// > > > > +#define SHA512_CTX_SIZ 216 > > > > > > There is Sha384GetContextSize() > > > > > HashAndExtendToRtmr is designed to be run in very early stage and at > > that stage Memory allocation service is not ready. So we have to > > declare an array with size of SHA512_CTX_SIZE(216). > > > > Variable-length automatic arrays are allowed in C99. > > https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html So if ovmf is > > built with GCC, then the code below works: > > UINT8 Sha384Ctx[Sha384GetContextSize ()]; > > > > But unfortunately it is not supported in VS series. (I test it with > > VS2017) Building ... > > > tdvf2\EmbeddedPkg\Library\PrePiMemoryAllocationLib\PrePiMemoryAllocat > i > > on > > Lib.inf [X64] > > tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2057: > > expected constant expression > > tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2466: > > cannot allocate an array of constant size 0 > > tdvf2\OvmfPkg\IntelTdx\TdxHelperLib\SecTdxHelper.c(839): error C2133: > > 'Sha384Ctx': unknown size > > > > So Sha384GetContextSize() cannot be used here. > > > > Thanks > > Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99060): https://edk2.groups.io/g/devel/message/99060 Mute This Topic: https://groups.io/mt/96513452/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.