BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
DxeTpmMeasurementLib supports TPM based measurement in DXE phase.
After CcMeasurementProtocol is introduced, CC based measurement needs
to be supported in DxeTpmMeasurementLib as well.
A platform should have only one RTS/RTR. Only one of (virtual)TPM1.2,
(virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL,
TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed.
In this library when do measurement only one of above 3 protocols will
be called.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
.../DxeTpmMeasurementLib.c | 120 +++++++++++++++---
.../DxeTpmMeasurementLib.inf | 9 +-
2 files changed, 107 insertions(+), 22 deletions(-)
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
index 061136ee7860..a626d0f6ec38 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@@ -1,5 +1,6 @@
/** @file
- This library is used by other modules to measure data to TPM.
+ This library is used by other modules to measure data to TPM and Confidential
+ Computing (CC) measure registers.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -19,8 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Acpi.h>
#include <IndustryStandard/Acpi.h>
-
-
+#include <Protocol/CcMeasurement.h>
/**
Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@@ -149,6 +149,72 @@ Tpm20MeasureAndLogData (
return Status;
}
+/**
+ Cc measure and log data, and extend the measurement result into a
+ specific CC MR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED CC guest not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+CcMeasureAndLogData (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ )
+{
+ EFI_STATUS Status;
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
+ EFI_CC_EVENT *EfiCcEvent;
+ EFI_CC_MR_INDEX MrIndex;
+
+ Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **) &CcProtocol);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ EfiCcEvent = (EFI_CC_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_CC_EVENT));
+ if(EfiCcEvent == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ EfiCcEvent->Size = (UINT32) LogLen + sizeof (EFI_CC_EVENT) - sizeof (EfiCcEvent->Event);
+ EfiCcEvent->Header.HeaderSize = sizeof (EFI_CC_EVENT_HEADER);
+ EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
+ EfiCcEvent->Header.MrIndex = MrIndex;
+ EfiCcEvent->Header.EventType = EventType;
+ CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);
+
+ Status = CcProtocol->HashLogExtendEvent (
+ CcProtocol,
+ 0,
+ (EFI_PHYSICAL_ADDRESS) (UINTN) HashData,
+ HashDataLen,
+ EfiCcEvent
+ );
+ FreePool (EfiCcEvent);
+
+ return Status;
+}
+
+
/**
Tpm measure and log data, and extend the measurement result into a specific PCR.
@@ -175,25 +241,15 @@ TpmMeasureAndLogData (
IN UINT64 HashDataLen
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
- //
- // Try to measure using Tpm20 protocol
- //
- Status = Tpm20MeasureAndLogData(
- PcrIndex,
- EventType,
- EventLog,
- LogLen,
- HashData,
- HashDataLen
- );
-
- if (EFI_ERROR (Status)) {
+ Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **) &CcProtocol);
+ if (!EFI_ERROR (Status)) {
//
- // Try to measure using Tpm1.2 protocol
+ // Try to measure using Cc measurement protocol
//
- Status = Tpm12MeasureAndLogData(
+ Status = CcMeasureAndLogData (
PcrIndex,
EventType,
EventLog,
@@ -201,6 +257,32 @@ TpmMeasureAndLogData (
HashData,
HashDataLen
);
+ } else {
+ //
+ // Try to measure using Tpm20 protocol
+ //
+ Status = Tpm20MeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ LogLen,
+ HashData,
+ HashDataLen
+ );
+
+ if (EFI_ERROR (Status)) {
+ //
+ // Try to measure using Tpm1.2 protocol
+ //
+ Status = Tpm12MeasureAndLogData(
+ PcrIndex,
+ EventType,
+ EventLog,
+ LogLen,
+ HashData,
+ HashDataLen
+ );
+ }
}
return Status;
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
index 7d41bc41f95d..3af3d4e33b25 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
@@ -1,5 +1,7 @@
## @file
-# Provides TPM measurement functions for TPM1.2 and TPM 2.0
+# Provides below measurement functions:
+# 1. TPM measurement functions for TPM1.2 and TPM 2.0
+# 2. Confidential Computing (CC) measurement functions
#
# This library provides TpmMeasureAndLogData() to measure and log data, and
# extend the measurement result into a specific PCR.
@@ -40,5 +42,6 @@
UefiBootServicesTableLib
[Protocols]
- gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
- gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiCcMeasurementProtocolGuid ## SOMETIMES_CONSUMES
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83420): https://edk2.groups.io/g/devel/message/83420
Mute This Topic: https://groups.io/mt/86881262/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi Min,
Thank you for the updated patch.
I have a minor suggestion marked inline as [SAMI]. Otherwise, these
changes look good to me.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Regards,
Sami Mujawar
On 07/11/2021 12:35 PM, Min Xu wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
>
> DxeTpmMeasurementLib supports TPM based measurement in DXE phase.
> After CcMeasurementProtocol is introduced, CC based measurement needs
> to be supported in DxeTpmMeasurementLib as well.
>
> A platform should have only one RTS/RTR. Only one of (virtual)TPM1.2,
> (virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL,
> TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed.
>
> In this library when do measurement only one of above 3 protocols will
> be called.
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
> .../DxeTpmMeasurementLib.c | 120 +++++++++++++++---
> .../DxeTpmMeasurementLib.inf | 9 +-
> 2 files changed, 107 insertions(+), 22 deletions(-)
>
> diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> index 061136ee7860..a626d0f6ec38 100644
> --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> @@ -1,5 +1,6 @@
> /** @file
> - This library is used by other modules to measure data to TPM.
> + This library is used by other modules to measure data to TPM and Confidential
> + Computing (CC) measure registers.
>
> Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -19,8 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #include <Guid/Acpi.h>
> #include <IndustryStandard/Acpi.h>
> -
> -
> +#include <Protocol/CcMeasurement.h>
>
> /**
> Tpm12 measure and log data, and extend the measurement result into a specific PCR.
> @@ -149,6 +149,72 @@ Tpm20MeasureAndLogData (
> return Status;
> }
>
> +/**
> + Cc measure and log data, and extend the measurement result into a
> + specific CC MR.
> +
> + @param[in] PcrIndex PCR Index.
> + @param[in] EventType Event type.
> + @param[in] EventLog Measurement event log.
> + @param[in] LogLen Event log length in bytes.
> + @param[in] HashData The start of the data buffer to be hashed, extended.
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
> +
> + @retval EFI_SUCCESS Operation completed successfully.
> + @retval EFI_UNSUPPORTED CC guest not available.
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
> +**/
> +EFI_STATUS
> +CcMeasureAndLogData (
> + IN UINT32 PcrIndex,
> + IN UINT32 EventType,
> + IN VOID *EventLog,
> + IN UINT32 LogLen,
> + IN VOID *HashData,
> + IN UINT64 HashDataLen
> + )
[SAMI] I think this function can be made static and the CcProtocol
pointer could be passed as the first argument.
Similarly, the other functions Tpm20MeasureAndLogData() and
Tpm12MeasureAndLogDat() could also be made static.
[/SAMI]
> +{
> + EFI_STATUS Status;
> + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
> + EFI_CC_EVENT *EfiCcEvent;
> + EFI_CC_MR_INDEX MrIndex;
> +
> + Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **) &CcProtocol);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + EfiCcEvent = (EFI_CC_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_CC_EVENT));
> + if(EfiCcEvent == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + EfiCcEvent->Size = (UINT32) LogLen + sizeof (EFI_CC_EVENT) - sizeof (EfiCcEvent->Event);
> + EfiCcEvent->Header.HeaderSize = sizeof (EFI_CC_EVENT_HEADER);
> + EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
> + EfiCcEvent->Header.MrIndex = MrIndex;
> + EfiCcEvent->Header.EventType = EventType;
> + CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);
> +
> + Status = CcProtocol->HashLogExtendEvent (
> + CcProtocol,
> + 0,
> + (EFI_PHYSICAL_ADDRESS) (UINTN) HashData,
> + HashDataLen,
> + EfiCcEvent
> + );
> + FreePool (EfiCcEvent);
> +
> + return Status;
> +}
> +
> +
> /**
> Tpm measure and log data, and extend the measurement result into a specific PCR.
>
> @@ -175,25 +241,15 @@ TpmMeasureAndLogData (
> IN UINT64 HashDataLen
> )
> {
> - EFI_STATUS Status;
> + EFI_STATUS Status;
> + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
>
> - //
> - // Try to measure using Tpm20 protocol
> - //
> - Status = Tpm20MeasureAndLogData(
> - PcrIndex,
> - EventType,
> - EventLog,
> - LogLen,
> - HashData,
> - HashDataLen
> - );
> -
> - if (EFI_ERROR (Status)) {
> + Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **) &CcProtocol);
> + if (!EFI_ERROR (Status)) {
> //
> - // Try to measure using Tpm1.2 protocol
> + // Try to measure using Cc measurement protocol
> //
> - Status = Tpm12MeasureAndLogData(
> + Status = CcMeasureAndLogData (
> PcrIndex,
> EventType,
> EventLog,
> @@ -201,6 +257,32 @@ TpmMeasureAndLogData (
> HashData,
> HashDataLen
> );
> + } else {
> + //
> + // Try to measure using Tpm20 protocol
> + //
> + Status = Tpm20MeasureAndLogData (
> + PcrIndex,
> + EventType,
> + EventLog,
> + LogLen,
> + HashData,
> + HashDataLen
> + );
> +
> + if (EFI_ERROR (Status)) {
> + //
> + // Try to measure using Tpm1.2 protocol
> + //
> + Status = Tpm12MeasureAndLogData(
> + PcrIndex,
> + EventType,
> + EventLog,
> + LogLen,
> + HashData,
> + HashDataLen
> + );
> + }
> }
>
> return Status;
> diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> index 7d41bc41f95d..3af3d4e33b25 100644
> --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> @@ -1,5 +1,7 @@
> ## @file
> -# Provides TPM measurement functions for TPM1.2 and TPM 2.0
> +# Provides below measurement functions:
> +# 1. TPM measurement functions for TPM1.2 and TPM 2.0
> +# 2. Confidential Computing (CC) measurement functions
> #
> # This library provides TpmMeasureAndLogData() to measure and log data, and
> # extend the measurement result into a specific PCR.
> @@ -40,5 +42,6 @@
> UefiBootServicesTableLib
>
> [Protocols]
> - gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
> - gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiCcMeasurementProtocolGuid ## SOMETIMES_CONSUMES
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83452): https://edk2.groups.io/g/devel/message/83452
Mute This Topic: https://groups.io/mt/86881262/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On November 8, 2021 10:18 PM, Sami Mujawar wrote: > Hi Min, > > Thank you for the updated patch. > > I have a minor suggestion marked inline as [SAMI]. Otherwise, these changes > look good to me. > > Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> > > > + @retval EFI_SUCCESS Operation completed successfully. > > + @retval EFI_UNSUPPORTED CC guest not available. > > + @retval EFI_OUT_OF_RESOURCES Out of memory. > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. > > +**/ > > +EFI_STATUS > > +CcMeasureAndLogData ( > > + IN UINT32 PcrIndex, > > + IN UINT32 EventType, > > + IN VOID *EventLog, > > + IN UINT32 LogLen, > > + IN VOID *HashData, > > + IN UINT64 HashDataLen > > + ) > [SAMI] I think this function can be made static and the CcProtocol pointer > could be passed as the first argument. > Similarly, the other functions Tpm20MeasureAndLogData() and > Tpm12MeasureAndLogDat() could also be made static. > [/SAMI] Ok. It will be updated in the next version. Thanks Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#83533): https://edk2.groups.io/g/devel/message/83533 Mute This Topic: https://groups.io/mt/86881262/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.