From nobody Mon Feb 9 01:48:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90210+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90210+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1654390989; cv=none; d=zohomail.com; s=zohoarc; b=Wfo5EGR77LJYiJblvd8EWo3w2geHDmZjShK5o24i7Z1BqzxwxDqXSIOlvGUgf0Hf1hzdgkSRLEz1gmsGhgcp4KkSsTMgJSyj+vWuQQ/DUSsZ1WjXA6+bZ8IpdgKhIaKdFh6eQxyy5YyqmSF/uWFcitzGu3OfKUa5t1x3jXmp7q4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654390989; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=cmQtTkH1umQgtKU0CsUZIAE03SwhY+sWrX64sk24AUw=; b=P49PG4mwObkbP59qODf6fRSMlYHwFup1HWr6vcsWFmcgxJHbim1x4vF42vucgCV4I1bVTD0MKgvQEsUyPuCWyVZ15aBFy+nUC63DV+hBTejwcpfGFcvlzod8VKVjrmuWM8lgvzmxI7iKt0hk+wvWCJ9fsru8tN0j+FzXjTnltT0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90210+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1654390989562408.645923799411; Sat, 4 Jun 2022 18:03:09 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id rbroYY1788612xd6G4yoPY8E; Sat, 04 Jun 2022 18:03:09 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.16251.1654390982054574984 for ; Sat, 04 Jun 2022 18:03:08 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10368"; a="276257319" X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="276257319" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:07 -0700 X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="608039368" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.120]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:04 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH 2/3] OvmfPkg: Implement MeasureHobList/MeasureFvImage Date: Sun, 5 Jun 2022 09:02:47 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: ZewFo0U7iJVO4QkV6McEsWKdx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1654390989; bh=XGYWdvIZ628I6S5NOXVbhxewP5MYR0ZkFt25ntTXpJQ=; h=Cc:Date:From:Reply-To:Subject:To; b=RYwsAyuna4J9AXRMDsKEoF1++joefn1dZVHYqx2HBPNJg0jt+AVkobEqBWvJUJ24jyD dPTaUxFCGg8nuYtsUw5oExmgevxT+FhdkKCyulPc60tKhnwu/wiEkdyu0J24S1dg9V9BL f53hGQINrdUrhwWiQ2zo42gXNJBex2zOT2k= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1654390991288100004 Content-Type: text/plain; charset="utf-8" From: Min M Xu MeasureHobList and MeasureFvImage once were implemented in SecMeasurementTdxLib. The intention of this patch-set is to refactor SecMeasurementTdxLib to be an instance of TpmMeasurementLib. So these 2 functions (MeasureHobList/MeasureFvImage) are moved to PeilessStartupLib. This is because: 1. RTMR based trusted boot is implemented in Config-B (See below link) 2. PeilessStartupLib is designed for PEI-less boot and it is the right place to do the measurement for Hoblist and Config-FV. Config-B: https://edk2.groups.io/g/devel/message/76367 Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 186 ++++++++++++++++++ .../PeilessStartupLib/PeilessStartup.c | 1 - .../PeilessStartupInternal.h | 36 ++++ .../PeilessStartupLib/PeilessStartupLib.inf | 2 +- 5 files changed, 224 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 43ab8bd089d9..a40f7228b98e 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -527,7 +527,7 @@ OvmfPkg/IntelTdx/Sec/SecMain.inf { NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf - SecMeasurementLib|OvmfPkg/Library/SecMeasurementLib/SecMeasurementLi= bTdx.inf + TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMea= surementLibTdx.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf diff --git a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c b/OvmfPkg/Library= /PeilessStartupLib/IntelTdx.c index d240d3b7719f..484fd21057c8 100644 --- a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c +++ b/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c @@ -9,8 +9,34 @@ #include #include #include +#include +#include +#include +#include +#include + #include "PeilessStartupInternal.h" =20 +#pragma pack(1) + +#define HANDOFF_TABLE_DESC "TdxTable" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} TDX_HANDOFF_TABLE_POINTERS2; + +#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} FV_HANDOFF_TABLE_POINTERS2; + +#pragma pack() + /** Check padding data all bit should be 1. =20 @@ -161,3 +187,163 @@ TdxValidateCfv ( =20 return TRUE; } + +/** + Measure the Hoblist passed from the VMM. + + @param[in] VmmHobList The Hoblist pass the firmware + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval Others Other errors as indicated +**/ +EFI_STATUS +EFIAPI +MeasureHobList ( + IN CONST VOID *VmmHobList + ) +{ + EFI_PEI_HOB_POINTERS Hob; + TDX_HANDOFF_TABLE_POINTERS2 HandoffTables; + EFI_STATUS Status; + + if (!TdIsEnabled ()) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + Hob.Raw =3D (UINT8 *)VmmHobList; + + // + // Parse the HOB list until end of list. + // + while (!END_OF_HOB_LIST (Hob)) { + Hob.Raw =3D GET_NEXT_HOB (Hob); + } + + // + // Init the log event for HOB measurement + // + + HandoffTables.TableDescriptionSize =3D sizeof (HandoffTables.TableDescri= ption); + CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (Han= doffTables.TableDescription)); + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenS= paceGuid); + HandoffTables.TableEntry[0].VendorTable =3D (VOID *)VmmHobList; + + Status =3D TpmMeasureAndLogData ( + 1, // PCRIndex + EV_EFI_HANDOFF_TABLES2, // EventType + (VOID *)&HandoffTables, // EventData + sizeof (HandoffTables), // EventSize + (UINT8 *)(UINTN)VmmHobList, // HashData + (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)VmmHobList) // HashDataLen + ); + + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + } + + return Status; +} + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +GetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + + if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) = > FvLength) { + return NULL; + } + + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Measure FV image. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + @param[in] PcrIndex Index of PCR + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureFvImage ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength, + IN UINT8 PcrIndex + ) +{ + EFI_STATUS Status; + FV_HANDOFF_TABLE_POINTERS2 FvBlob2; + VOID *FvName; + + // + // Init the log event for FV measurement + // + FvBlob2.BlobDescriptionSize =3D sizeof (FvBlob2.BlobDescription); + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2= .BlobDescription)); + FvName =3D GetFvName (FvBase, FvLength); + if (FvName !=3D NULL) { + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDes= cription), "Fv(%g)", FvName); + } + + FvBlob2.BlobBase =3D FvBase; + FvBlob2.BlobLength =3D FvLength; + + Status =3D TpmMeasureAndLogData ( + 1, // PCRIndex + EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType + (VOID *)&FvBlob2, // EventData + sizeof (FvBlob2), // EventSize + (UINT8 *)(UINTN)FvBase, // HashData + (UINTN)(FvLength) // HashDataLen + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x= %x\n", FvBase)); + ASSERT (FALSE); + } + + return Status; +} diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/L= ibrary/PeilessStartupLib/PeilessStartup.c index 54236b956c52..fdfefd00d732 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c @@ -20,7 +20,6 @@ #include #include #include -#include #include "PeilessStartupInternal.h" =20 #define GET_GPAW_INIT_STATE(INFO) ((UINT8) ((INFO) & 0x3f)) diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h b/O= vmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h index dd79b8a06b44..74b5f46552c2 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h @@ -69,4 +69,40 @@ TdxValidateCfv ( IN UINT32 TdxCfvSize ); =20 +/** + Measure the Hoblist passed from the VMM. + + @param[in] VmmHobList The Hoblist pass the firmware + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval Others Other errors as indicated +**/ +EFI_STATUS +EFIAPI +MeasureHobList ( + IN CONST VOID *VmmHobList + ); + +/** + Measure FV image. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + @param[in] PcrIndex Index of PCR + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureFvImage ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength, + IN UINT8 PcrIndex + ); + #endif diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/Ovmf= Pkg/Library/PeilessStartupLib/PeilessStartupLib.inf index c5d291f02bcd..def50b4b019e 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -58,7 +58,7 @@ QemuFwCfgLib PlatformInitLib HashLib - SecMeasurementLib + TpmMeasurementLib =20 [Guids] gEfiHobMemoryAllocModuleGuid --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90210): https://edk2.groups.io/g/devel/message/90210 Mute This Topic: https://groups.io/mt/91551452/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-