MdePkg/Include/Protocol/CcMeasurement.h | 305 +++++++++++++++++ MdePkg/MdePkg.dec | 6 + .../DxeTpm2MeasureBootLib.c | 314 ++++++++++++++---- .../DxeTpm2MeasureBootLib.inf | 3 +- .../DxeTpmMeasurementLib.c | 125 +++++-- .../DxeTpmMeasurementLib.inf | 9 +- 6 files changed, 675 insertions(+), 87 deletions(-) create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625 If Confidential Computing (Cc) firmware supports measurement and an event is created, CC-Guest firmware is designed to report the event log with the same data structure in TCG-Platform-Firmware-Profile specification with EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. The CC-Guest firmware supports measurement. It is designed to produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides hash capability. Patch #1: Introduce the CC Measurement Protocol definition into MdePkg. Patch #2: Update DxeTpm2MeasureBootLib to support CC based measure boot. Patch #3: Update DxeTpmMeasurementLib to support CC based measurement. Code is at https://github.com/mxu9/edk2/tree/td_protocol.v6 This patch-set has been tested in Intel's internal hardware platform. Both TD and TPM pass the tests. v6 changes: - Add ASSERT (sizeof (EFI_CC_EVENT) == sizeof (EFI_TCG2_EVENT)) check. - Update the CcMeasureAndLogData () to add CcProtocol pointer as the input parameter. - Tpm20MeasureAndLogData () / Tpm12MeasureAndLogDat () / CcMeasureAndLogData () are made static according to Sami's comments. v5 changes: - Add gEfiCcFinalEventsTableGuid in [Guids] section of MdePkg.dec - DxeTpm2MeasureBootLib and DxeTpmMeasurementLib will first call CC protocol to do the measure boot / measurement. If it is not installed, TCG2 protocol will be located and called. - CreateCcEventFromTcg2Event is removed. This is because CcEvent is similar to Tcg2Event except the MrIndex and PcrIndex. So in the code Tcg2Event will be first created and intialized. If CcMeasurementProtocol is called to do the measure boot, then CcEvent points to Tcg2Event and the MrIndex is adjusted. - Some other minor changes. v4 changes: - Rename TeeMeasurementProtocol to CcMeasurementProtocol based on the discussion in below links: https://edk2.groups.io/g/devel/message/82876 https://edk2.groups.io/g/devel/message/82999 https://edk2.groups.io/g/devel/message/83000 With this protocol, CC based measure boot is supported. TD based measure boot is one of the CC based measure boot. - The spec will be updated according to the changes later. - TdProtocol.h is deleted. Its content is merged into CcMeasurement.h. - Add gEfiCcFinalEventsTableGuid definition in MdePkg.dec - Update the description in DxeTpm2MeasureBootLib.inf and DxeTpmMeasurementLib.inf v3 changes: - Rename TdProtocol to TeeMeasurementProtocol which is a neutral name. With this protocol, TEE based measure boot is supported. TD based measure boot is one of the TEE based measure boot. - The spec will be updated according to the changes later. - Fix errors in DxeTpm2MeasureBootLib. v2 changes: - TD based measure boot is implemented in DxeTpm2MeasureBootLib. This minimize the code changes. - TD based measurement is added. It is implemented in DxeTpmMeasurementLib. - Fix the typo in comments. Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Ken Lu <ken.lu@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Min Xu <min.m.xu@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Min Xu (3): MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib MdePkg/Include/Protocol/CcMeasurement.h | 305 +++++++++++++++++ MdePkg/MdePkg.dec | 6 + .../DxeTpm2MeasureBootLib.c | 314 ++++++++++++++---- .../DxeTpm2MeasureBootLib.inf | 3 +- .../DxeTpmMeasurementLib.c | 125 +++++-- .../DxeTpmMeasurementLib.inf | 9 +- 6 files changed, 675 insertions(+), 87 deletions(-) create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h -- 2.29.2.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#83608): https://edk2.groups.io/g/devel/message/83608 Mute This Topic: https://groups.io/mt/86971514/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Min,
Thank you for all the updates. This patch series looks good to me.
Regards,
Sami Mujawar
On 11/11/2021, 00:23, "Min Xu" <min.m.xu@intel.com> wrote:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
If Confidential Computing (Cc) firmware supports measurement and an
event is created, CC-Guest firmware is designed to report the event
log with the same data structure in TCG-Platform-Firmware-Profile
specification with EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
The CC-Guest firmware supports measurement. It is designed to produce
EFI_CC_MEASUREMENT_PROTOCOL with new GUID
EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides
hash capability.
Patch #1:
Introduce the CC Measurement Protocol definition into MdePkg.
Patch #2:
Update DxeTpm2MeasureBootLib to support CC based measure boot.
Patch #3:
Update DxeTpmMeasurementLib to support CC based measurement.
Code is at https://github.com/mxu9/edk2/tree/td_protocol.v6
This patch-set has been tested in Intel's internal hardware platform.
Both TD and TPM pass the tests.
v6 changes:
- Add ASSERT (sizeof (EFI_CC_EVENT) == sizeof (EFI_TCG2_EVENT)) check.
- Update the CcMeasureAndLogData () to add CcProtocol pointer as the
input parameter.
- Tpm20MeasureAndLogData () / Tpm12MeasureAndLogDat ()
/ CcMeasureAndLogData () are made static according to Sami's
comments.
v5 changes:
- Add gEfiCcFinalEventsTableGuid in [Guids] section of MdePkg.dec
- DxeTpm2MeasureBootLib and DxeTpmMeasurementLib will first
call CC protocol to do the measure boot / measurement. If it is not
installed, TCG2 protocol will be located and called.
- CreateCcEventFromTcg2Event is removed. This is because CcEvent is
similar to Tcg2Event except the MrIndex and PcrIndex. So in the code
Tcg2Event will be first created and intialized. If
CcMeasurementProtocol is called to do the measure boot, then CcEvent
points to Tcg2Event and the MrIndex is adjusted.
- Some other minor changes.
v4 changes:
- Rename TeeMeasurementProtocol to CcMeasurementProtocol based
on the discussion in below links:
https://edk2.groups.io/g/devel/message/82876
https://edk2.groups.io/g/devel/message/82999
https://edk2.groups.io/g/devel/message/83000
With this protocol, CC based measure boot is supported.
TD based measure boot is one of the CC based measure boot.
- The spec will be updated according to the changes later.
- TdProtocol.h is deleted. Its content is merged into CcMeasurement.h.
- Add gEfiCcFinalEventsTableGuid definition in MdePkg.dec
- Update the description in DxeTpm2MeasureBootLib.inf
and DxeTpmMeasurementLib.inf
v3 changes:
- Rename TdProtocol to TeeMeasurementProtocol which is a neutral name.
With this protocol, TEE based measure boot is supported.
TD based measure boot is one of the TEE based measure boot.
- The spec will be updated according to the changes later.
- Fix errors in DxeTpm2MeasureBootLib.
v2 changes:
- TD based measure boot is implemented in DxeTpm2MeasureBootLib.
This minimize the code changes.
- TD based measurement is added. It is implemented in
DxeTpmMeasurementLib.
- Fix the typo in comments.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ken Lu <ken.lu@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Min Xu (3):
MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware
SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib
SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib
MdePkg/Include/Protocol/CcMeasurement.h | 305 +++++++++++++++++
MdePkg/MdePkg.dec | 6 +
.../DxeTpm2MeasureBootLib.c | 314 ++++++++++++++----
.../DxeTpm2MeasureBootLib.inf | 3 +-
.../DxeTpmMeasurementLib.c | 125 +++++--
.../DxeTpmMeasurementLib.inf | 9 +-
6 files changed, 675 insertions(+), 87 deletions(-)
create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83687): https://edk2.groups.io/g/devel/message/83687
Mute This Topic: https://groups.io/mt/86971514/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.