From nobody Mon Feb 9 11:32:37 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99113+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99113+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1674778297; cv=none; d=zohomail.com; s=zohoarc; b=HPay2pzs9Q10CxPOti8hTubqcbnae693Ek76DL2wF7zR+kiEN9LtTODmk8wNJspXYaUICS9JNcBOz9P9PRC7o14RahiWTPzpv+8R93q2dWXjn/BZ3lZYJWdkw+TdPHPyoom7Pixha9GG9TebKacxVhUvuMEKw7tYwfsWxPy3IRk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674778297; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=1oKujMI+GMW+BJcf+rfMnaTAZOcAxrAdkusAgf7xSgY=; b=LFFHLChVGuMI8PNrOp4cUr1GhzwtPjt7bjpz9E1e+D4Xc94xqhhoKvCWB7UgLBZWY9LIJhuMEd0a5Wop2qHQod9UzRtb4SqJZ5oC6GEBvfXyXrrabpnpEbEJHpbT1nyAwigQa/m5cV4CbaOBT/aXEdT5XkuywBWRundsXOC+a+w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99113+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674778297818845.4393280697852; Thu, 26 Jan 2023 16:11:37 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id cJ4CYY1788612x2aVuMhL5NY; Thu, 26 Jan 2023 16:11:37 -0800 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web11.91010.1674778280571183584 for ; Thu, 26 Jan 2023 16:11:36 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="314942371" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="314942371" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 16:11:36 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="695335717" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="695335717" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.254.209.180]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 16:11:33 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Gerd Hoffmann , Tom Lendacky , Michael Roth Subject: [edk2-devel] [PATCH V4 06/12] OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurement Date: Fri, 27 Jan 2023 08:11:00 +0800 Message-Id: <20230127001106.2038-7-min.m.xu@intel.com> In-Reply-To: <20230127001106.2038-1-min.m.xu@intel.com> References: <20230127001106.2038-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: 0teA6bOzZcjJJhvI3dqYmzA8x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674778297; bh=qY4fOzyvBgRoCPHeur5wvVKvVTyB05EKhnYBFaRImgU=; h=Cc:Date:From:Reply-To:Subject:To; b=fRwcmMk0Ba+EdKjEnR/40tsjptjQDziwt+d0jd3xmWNtS0aJ/3s4ZHzc9aPlOP3MWM7 89TYQlfeGCrVMf79uRdN9txMqxXTcsHXlbcNfVbwwC4OfSWl+qpGW1DQP1RrvPsqYlYaa eqaFWnJVBsatics0SYph3ISpv5J4bAeHXEo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674778299242100014 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4243 2 new functions are added in PeilessStartupLib/IntelTdx.c. - BuildTdxMeasurementGuidHob - InternalBuildGuidHobForTdxMeasurement These 2 functions build GuidHob for Tdx measurement. These 2 functions are to be moved to TdxHelperLib in the following patch. That is to make the code more reviewable. Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Gerd Hoffmann Cc: Tom Lendacky Cc: Michael Roth Signed-off-by: Min Xu --- OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 180 ++++++++++++++++++ .../PeilessStartupLib/PeilessStartupLib.inf | 2 + 2 files changed, 182 insertions(+) diff --git a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c b/OvmfPkg/Library= /PeilessStartupLib/IntelTdx.c index 4e8dca3d7712..8c2a031ee9c7 100644 --- a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c +++ b/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c @@ -13,6 +13,7 @@ #include #include #include +#include =20 #include "PeilessStartupInternal.h" =20 @@ -90,6 +91,89 @@ MeasureHobList ( return Status; } =20 +/** + * Build GuidHob for Tdx measurement. + * + * Tdx measurement includes the measurement of TdHob and CFV. They're meas= ured + * and extended to RTMR registers in SEC phase. Because at that moment the= Hob + * service are not available. So the values of the measurement are saved in + * workarea and will be built into GuidHob after the Hob service is ready. + * + * @param RtmrIndex RTMR index + * @param EventType Event type + * @param EventData Event data + * @param EventSize Size of event data + * @param HashValue Hash value + * @param HashSize Size of hash + * + * @retval EFI_SUCCESS Successfully build the GuidHobs + * @retval Others Other error as indicated + */ +STATIC +EFI_STATUS +BuildTdxMeasurementGuidHob ( + UINT32 RtmrIndex, + UINT32 EventType, + UINT8 *EventData, + UINT32 EventSize, + UINT8 *HashValue, + UINT32 HashSize + ) +{ + VOID *EventHobData; + UINT8 *Ptr; + TPML_DIGEST_VALUES *TdxDigest; + + if (HashSize !=3D SHA384_DIGEST_SIZE) { + return EFI_INVALID_PARAMETER; + } + + #define TDX_DIGEST_VALUE_LEN (sizeof (UINT32) + sizeof (TPMI_ALG_HASH) = + SHA384_DIGEST_SIZE) + + EventHobData =3D BuildGuidHob ( + &gCcEventEntryHobGuid, + sizeof (TCG_PCRINDEX) + sizeof (TCG_EVENTTYPE) + + TDX_DIGEST_VALUE_LEN + + sizeof (UINT32) + EventSize + ); + + if (EventHobData =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Ptr =3D (UINT8 *)EventHobData; + + // + // There are 2 types of measurement registers in TDX: MRTD and RTMR[0-3]. + // According to UEFI Spec 2.10 Section 38.4.1, RTMR[0-3] is mapped to Mr= Index[1-4]. + // So RtmrIndex must be increased by 1 before the event log is created. + // + RtmrIndex++; + CopyMem (Ptr, &RtmrIndex, sizeof (UINT32)); + Ptr +=3D sizeof (UINT32); + + CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE)); + Ptr +=3D sizeof (TCG_EVENTTYPE); + + TdxDigest =3D (TPML_DIGEST_VALUES *)Ptr; + TdxDigest->count =3D 1; + TdxDigest->digests[0].hashAlg =3D TPM_ALG_SHA384; + CopyMem ( + TdxDigest->digests[0].digest.sha384, + HashValue, + SHA384_DIGEST_SIZE + ); + Ptr +=3D TDX_DIGEST_VALUE_LEN; + + CopyMem (Ptr, &EventSize, sizeof (UINT32)); + Ptr +=3D sizeof (UINT32); + + CopyMem (Ptr, (VOID *)EventData, EventSize); + Ptr +=3D EventSize; + + return EFI_SUCCESS; +} + /** Get the FvName from the FV header. =20 @@ -136,6 +220,102 @@ GetFvName ( return &FvExtHeader->FvName; } =20 +/** + Build the GuidHob for tdx measurements which were done in SEC phase. + The measurement values are stored in WorkArea. + + @retval EFI_SUCCESS The GuidHob is built successfully + @retval Others Other errors as indicated +**/ +EFI_STATUS +InternalBuildGuidHobForTdxMeasurement ( + VOID + ) +{ + EFI_STATUS Status; + OVMF_WORK_AREA *WorkArea; + VOID *TdHobList; + TDX_HANDOFF_TABLE_POINTERS2 HandoffTables; + VOID *FvName; + CFV_HANDOFF_TABLE_POINTERS2 FvBlob2; + EFI_PHYSICAL_ADDRESS FvBase; + UINT64 FvLength; + UINT8 *HashValue; + + if (!TdIsEnabled ()) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + WorkArea =3D (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase); + if (WorkArea =3D=3D NULL) { + return EFI_ABORTED; + } + + Status =3D EFI_SUCCESS; + + // + // Build the GuidHob for TdHob measurement + // + TdHobList =3D (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase); + if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.Measurement= sBitmap & TDX_MEASUREMENT_TDHOB_BITMASK) { + HashValue =3D WorkArea->TdxWorkArea.SecTdxWor= kArea.TdxMeasurementsData.TdHobHashValue; + HandoffTables.TableDescriptionSize =3D sizeof (HandoffTables.TableDesc= ription); + CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (H= andoffTables.TableDescription)); + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgToke= nSpaceGuid); + HandoffTables.TableEntry[0].VendorTable =3D TdHobList; + + Status =3D BuildTdxMeasurementGuidHob ( + 0, // RtmrIndex + EV_EFI_HANDOFF_TABLES2, // EventType + (UINT8 *)(UINTN)&HandoffTables, // EventData + sizeof (HandoffTables), // EventSize + HashValue, // HashValue + SHA384_DIGEST_SIZE // HashSize + ); + } + + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + return Status; + } + + // + // Build the GuidHob for Cfv measurement + // + if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.Measurement= sBitmap & TDX_MEASUREMENT_CFVIMG_BITMASK) { + HashValue =3D WorkArea->TdxWorkArea.SecTdxWorkArea.T= dxMeasurementsData.CfvImgHashValue; + FvBase =3D (UINT64)PcdGet32 (PcdOvmfFlashNvStorag= eVariableBase); + FvLength =3D (UINT64)PcdGet32 (PcdCfvRawDataSize); + FvBlob2.BlobDescriptionSize =3D sizeof (FvBlob2.BlobDescription); + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlo= b2.BlobDescription)); + FvName =3D GetFvName (FvBase, FvLength); + if (FvName !=3D NULL) { + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobD= escription), "Fv(%g)", FvName); + } + + FvBlob2.BlobBase =3D FvBase; + FvBlob2.BlobLength =3D FvLength; + + Status =3D BuildTdxMeasurementGuidHob ( + 0, // RtmrIndex + EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType + (VOID *)&FvBlob2, // EventData + sizeof (FvBlob2), // EventSize + HashValue, // HashValue + SHA384_DIGEST_SIZE // HashSize + ); + } + + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + return Status; + } + + return EFI_SUCCESS; +} + /** Measure FV image. =20 diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/Ovmf= Pkg/Library/PeilessStartupLib/PeilessStartupLib.inf index 5c6eb1597bea..f9012ccd68d0 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -89,3 +89,5 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99113): https://edk2.groups.io/g/devel/message/99113 Mute This Topic: https://groups.io/mt/96556337/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-