From nobody Wed May 8 12:23:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89955+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89955+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1653285364; cv=none; d=zohomail.com; s=zohoarc; b=eFfyxQcJ9w62Suy2SRJcfwSd1nhRqGCSHl9v063OXeS2VqPyim9tFG/cCclsQWYZ1mRLGO43Ww/+uFpov+6UwdRx7c+UDXZkHUJrxfKjmdbRY5mbv5LN9DoNYa2Ihuil00Pb/Vb4Vov1vKBchOpTg6fLokA170wH0eO8o0pHcSc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1653285364; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=a7L8D+GiX7v5/JHIui5jp8ihyqPLDLzfoOoBNWMBeyk=; b=b5TAY+vQhWi9q2XgZTmNLE0dYtNnmy4P2ZPm29PLXk9wu/bcAp2gsoiVqt/k/JaxXV8fDaYn87K5BB+n9uWwCu7uvXrDpoY7cgqxGeUECjpqmI25eL2DrSIQ21gkuAY/f5d+TdcKG5yl6JMSI0O6cHqNohRh+7sjF3NBTDPJ8bs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89955+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1653285364546502.78841558918384; Sun, 22 May 2022 22:56:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Q4d2YY1788612xZmRU4mPLt2; Sun, 22 May 2022 22:56:04 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.24058.1653285360652591392 for ; Sun, 22 May 2022 22:56:03 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="272833036" X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="272833036" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:02 -0700 X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="600459704" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.148]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:55:59 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Sami Mujawar , Gerd Hoffmann Subject: [edk2-devel] [PATCH 1/4] OvmfPkg: Add library class BlobMeasurementLib with null implementation Date: Mon, 23 May 2022 13:55:39 +0800 Message-Id: <23b823d3e53725efb2f6b290973d905a7a020e34.1653284206.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: OPY32pS1eABnpWnpFUyPG50ix1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1653285364; bh=9TDHYgwiwQzZHOyr0xDwk9g4xmsUubk6TifBxLRvw5M=; h=Cc:Date:From:Reply-To:Subject:To; b=MO96j9M336iSN0e87NCN3M0OVS15wD+7j5cjCCxDJkn93dM6QgGysDtdpj+J2ttDe2i oODFzRLKHdE0X2FNjO3/oYJ5WYOnxDLg6CSZCKb+pH3PUOyMxyD2HJyJro7hUTmnSYvkb WQzlKKvUfyLA68Vbobq94NJ0LXIV9H11k2o= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1653285365065100004 Content-Type: text/plain; charset="utf-8" BlobMeasurementLib will be used to measure blobs fetching from QEMU's firmware config (fw_cfg) in platforms which implments EFI_CC_MEASUREMENT_PROTOCOL. The null implementation BlobMeasurementLibNull always return EFI_SUCCESS. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/Include/Library/BlobMeasurementLib.h | 38 +++++++++++++++++++ .../BlobMeasurementLibNull.c | 34 +++++++++++++++++ .../BlobMeasurementLibNull.inf | 24 ++++++++++++ OvmfPkg/OvmfPkg.dec | 3 ++ 4 files changed, 99 insertions(+) create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementL= ibNull.c create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementL= ibNull.inf diff --git a/OvmfPkg/Include/Library/BlobMeasurementLib.h b/OvmfPkg/Include= /Library/BlobMeasurementLib.h new file mode 100644 index 000000000000..e54a41c2c9c1 --- /dev/null +++ b/OvmfPkg/Include/Library/BlobMeasurementLib.h @@ -0,0 +1,38 @@ +/** @file + + Blob measurement library + + This library class allows measuring blobs from external sources, such as= QEMU's firmware config. + + Copyright (C) 2022, Intel Corporation. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef BLOB_MEASUREMENT_LIB_H_ +#define BLOB_MEASUREMENT_LIB_H_ + +#include +#include + +/** + Measure blob from an external source. + + @param[in] BlobName The name of the blob + @param[in] BlobNameSize Size of the blob name + @param[in] BlobBase The data of the blob + @param[in] BlobSize The size of the blob in bytes + + @retval EFI_SUCCESS The blob was measured successfully. + @retval Other errors +**/ +EFI_STATUS +EFIAPI +MeasureKernelBlob ( + IN CONST CHAR16 *BlobName, + IN UINT32 BlobNameSize, + IN CONST VOID *BlobBase, + IN UINT32 BlobSize + ); + +#endif diff --git a/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.= c b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c new file mode 100644 index 000000000000..e93e3cf164c0 --- /dev/null +++ b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c @@ -0,0 +1,34 @@ +/** @file + + Null implementation of the blob measurement library. + + Copyright (C) 2022, Intel Corporation. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include + +/** + Measure blob from an external source. + + @param[in] BlobName The name of the blob + @param[in] BlobNameSize Size of the blob name + @param[in] BlobBase The data of the blob + @param[in] BlobSize The size of the blob in bytes + + @retval EFI_SUCCESS The blob was measured successfully. + @retval Other errors +**/ +EFI_STATUS +EFIAPI +MeasureKernelBlob ( + IN CONST CHAR16 *BlobName, + IN UINT32 BlobNameSize, + IN CONST VOID *BlobBase, + IN UINT32 BlobSize + ) +{ + return EFI_SUCCESS; +} diff --git a/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.= inf b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf new file mode 100644 index 000000000000..5bf3710222c2 --- /dev/null +++ b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf @@ -0,0 +1,24 @@ +## @file +# +# Null implementation of the blob measurement library. +# +# Copyright (C) 2022, Intel Corporation. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BlobMeasurementLibNull + FILE_GUID =3D fad119ff-8627-4661-a35f-920a6eeb2866 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BlobMeasurementLib + +[Sources] + BlobMeasurementLibNull.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 8c2048051bea..da94e4c7aa89 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -26,6 +26,9 @@ ## @libraryclass Verify blobs read from the VMM BlobVerifierLib|Include/Library/BlobVerifierLib.h =20 + ## @libraryclass Measure blobs read from the VMM + BlobMeasurementLib|Include/Library/BlobMeasurementLib.h + ## @libraryclass Loads and boots a Linux kernel image # LoadLinuxLib|Include/Library/LoadLinuxLib.h --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89955): https://edk2.groups.io/g/devel/message/89955 Mute This Topic: https://groups.io/mt/91282947/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed May 8 12:23:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89956+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89956+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1653285366; cv=none; d=zohomail.com; s=zohoarc; b=FNRb1vRNmTgSM9jVgwfMzP2pzJJh2DeMgPtf76e8lxWT+U4HkorFcTRhKeElCQpWBMNy7oNDFuOt3MVZEPuOCZ6jD53drlZQRZBmblyzEojvBRUx4o+hL/Tj1GtEwB9NLg+g/iMASiOl5j/iCYaDGgFWqHTPMi9qb6QjSR8uefw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1653285366; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=8nu1LRtcOnCuKqQ3ZP0T/jUu//DZCIKVy/X0UYt+OrA=; b=KLjv/KlyV5p85quBxHQiT6B+dnZ63ILNEDAddW7P6twoaqxeQgmwqyQU1Nq/O2hAE4c6OWo1gT0envAAaPp4CwzeIAEyEpxlSMuqTqlqkXUgIr79lKOTzy8bemFUgdApKh7AcMZzf0SVt3Vk00eTRE+MfQvqOOtDm/WPURN1D3o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89956+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1653285366676865.1278778680269; Sun, 22 May 2022 22:56:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id DfiVYY1788612xC399ceOmT3; Sun, 22 May 2022 22:56:06 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.24058.1653285360652591392 for ; Sun, 22 May 2022 22:56:05 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="272833062" X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="272833062" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:05 -0700 X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="600459751" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.148]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:02 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Sami Mujawar , Gerd Hoffmann Subject: [edk2-devel] [PATCH 2/4] OvmfPkg: Add BlobMeasurementLibNull to dsc Date: Mon, 23 May 2022 13:55:40 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: FwpCglsuBSYv3Axx5eZChYLSx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1653285366; bh=YCqD07/Ql7sDrhSp4I9bbeHqAZcEDOWieoa0igVXyzI=; h=Cc:Date:From:Reply-To:Subject:To; b=utNFQf4K/3ObnzlK+f7g5WYFk+HqM8uIA9tp0JDS8w89AdalDgI8b1yP12ts9wG+gvz HVsDz/8F/aJie7nGBTYCwEop+Mgy9sKNgePYhPs7EvncJTNRrWJbqZ45HfXOjoZ5i+rb2 xHe5/UcL4NwmYuHkqOLheGxRhEHerLMympQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1653285366990100009 Content-Type: text/plain; charset="utf-8" This prepares the ground for calling MeasureKernelBlob() in QemuKernelLoaderFsDxe. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Min Xu --- ArmVirtPkg/ArmVirtQemu.dsc | 1 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.dsc | 2 ++ OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/Microvm/MicrovmX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfXen.dsc | 1 + 9 files changed, 10 insertions(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index aa0ce61630f7..5d7416c61e05 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -447,6 +447,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } =20 # diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 7f7d15d6eee3..c74c2630bd7a 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -382,6 +382,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } =20 # diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index bead9722eab8..5e62cff033e1 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -176,6 +176,7 @@ FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf BlobVerifierLib|OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibS= evHashes.inf MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf + BlobMeasurementLib|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasuremen= tLibNull.inf =20 !if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb= ug/PeCoffExtraActionLibDebug.inf @@ -678,6 +679,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashe= s.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 92664f319be2..a89413f2ffba 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -744,6 +744,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index f8fc977cb205..4c96a4a1dc3a 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -705,6 +705,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index c16a840fff16..40339d2812e9 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -780,6 +780,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index d3a80cb56892..144d2308bb0e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -794,6 +794,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 7b3d48aac430..9a027a89b417 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -859,6 +859,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 6ba4bd729ae7..b0410a33d6ac 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -603,6 +603,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.i= nf } OvmfPkg/XenIoPvhDxe/XenIoPvhDxe.inf OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89956): https://edk2.groups.io/g/devel/message/89956 Mute This Topic: https://groups.io/mt/91282948/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed May 8 12:23:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89957+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89957+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1653285370; cv=none; d=zohomail.com; s=zohoarc; b=ndO/Sf6grQJaSPx8bqgjpICNcGLfRu2GgC47hJ0uKiLiU3asSjY3c51YUyqbP9ihouS8KyJFHg9WGnDfSYhXHdDhjMxVkW2xxKpcPUL9xoulMTVZ2zrClvP9YIINnaqXQjv2A9KvZVT8H/+OuJn47LZ4yIQ18x6Pio2MxDAtpFo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1653285370; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=T/Q0WlsXef4bqAJkRu+iAOzCAz+tR03YI+Zu+YCpe80=; b=WE0UbfAgboHmqmYvff0HtZ0wGHQLgc67FX7fKNtFSL+9/DSdoYu6+sXkIWxFtWkeTEMg4Wj0I2fWwHDWJ+mt8IlQr9QroR0AvP1ut/ZCfpbjCh61zWIWX3FsPBf2W5Bc0UYLlDLvxVOSlUmz2cDIMR7Xx7Jr0QbXBroNBFXe4vQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89957+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1653285370580372.6703765161311; Sun, 22 May 2022 22:56:10 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 3wd5YY1788612xuAhSy58TDW; Sun, 22 May 2022 22:56:09 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.24058.1653285360652591392 for ; Sun, 22 May 2022 22:56:09 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="272833088" X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="272833088" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:08 -0700 X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="600459794" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.148]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:05 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Sami Mujawar , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH 3/4] OvmfPkg: Implement BlobMeasurementLibTdx Date: Mon, 23 May 2022 13:55:41 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: tRbkefSqRuNwG4Rk7rJ1RG6px1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1653285369; bh=amXnQwtohUuEtzkw7cQ5DfgUtRaoKV+wn0fm/gX3Uyk=; h=Cc:Date:From:Reply-To:Subject:To; b=K22pL0qfYwVczenJPttiE1UwhXrYttyFImsWcvPgRpUF0peOcpmQTzc2JvfMym6KHyD jsrz8pFKEz07kMeh/uuDTU/rrlET8Ih3efZ8wDyZ9S0918RyHkNlb6L6BfYWnG9FCUCLN mmyW6QXB/rhUtqvudjxcroE54BSsfcIOToU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1653285370970100001 Content-Type: text/plain; charset="utf-8" OvmfPkg/IntelTdx/BlobMeasurementLibTdx is implemented for measurement of Kernel blob. It calls EFI_CC_MEASUREMENT_PROTOCOL to do the measurement. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Sami Mujawar Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- .../BlobMeasurementLibTdx/BlobMeasurement.c | 87 +++++++++++++++++++ .../BlobMeasurementLibTdx.inf | 30 +++++++ 2 files changed, 117 insertions(+) create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementL= ibTdx.inf diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c b/Ovm= fPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c new file mode 100644 index 000000000000..33a2a3502109 --- /dev/null +++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c @@ -0,0 +1,87 @@ +/** @file + + Copyright (C) 2022, Intel Corporation. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +EFI_CC_MEASUREMENT_PROTOCOL *mCcProtocol =3D NULL; + +/** + Measure blob from an external source. + + @param[in] BlobName The name of the blob + @param[in] BlobNameSize Size of the blob name + @param[in] BlobBase The data of the blob + @param[in] BlobSize The size of the blob in bytes + + @retval EFI_SUCCESS The blob was measured successfully. + @retval Other errors +**/ +EFI_STATUS +EFIAPI +MeasureKernelBlob ( + IN CONST CHAR16 *BlobName, + IN UINT32 BlobNameSize, + IN CONST VOID *BlobBase, + IN UINT32 BlobSize + ) +{ + EFI_STATUS Status; + UINT32 MrIndex; + EFI_CC_EVENT *CcEvent; + + if ((BlobBase =3D=3D 0) || (BlobSize =3D=3D 0)) { + ASSERT (FALSE); + return EFI_INVALID_PARAMETER; + } + + if (mCcProtocol =3D=3D NULL) { + Status =3D gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, = (VOID **)&mCcProtocol); + if (EFI_ERROR (Status)) { + // + // EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed. + // + DEBUG ((DEBUG_ERROR, "%a: EFI_CC_MEASUREMENT_PROTOCOL protocol is no= t installed.\n", __FUNCTION__)); + return EFI_NOT_FOUND; + } + } + + Status =3D mCcProtocol->MapPcrToMrIndex (mCcProtocol, 4, &MrIndex); + if (EFI_ERROR (Status)) { + return EFI_INVALID_PARAMETER; + } + + CcEvent =3D AllocateZeroPool (BlobNameSize + sizeof (EFI_CC_EVENT) - siz= eof (CcEvent->Event)); + if (CcEvent =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CcEvent->Size =3D BlobNameSize + sizeof (EFI_CC_EVENT) -= sizeof (CcEvent->Event); + CcEvent->Header.EventType =3D EV_PLATFORM_CONFIG_FLAGS; + CcEvent->Header.MrIndex =3D MrIndex; + CcEvent->Header.HeaderSize =3D sizeof (EFI_TCG2_EVENT_HEADER); + CcEvent->Header.HeaderVersion =3D EFI_TCG2_EVENT_HEADER_VERSION; + CopyMem (&CcEvent->Event[0], BlobName, BlobNameSize); + + Status =3D mCcProtocol->HashLogExtendEvent ( + mCcProtocol, + 0, + (EFI_PHYSICAL_ADDRESS)(UINTN)BlobBase, + BlobSize, + CcEvent + ); + + FreePool (CcEvent); + + return Status; +} diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.i= nf b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf new file mode 100644 index 000000000000..880c60159c3d --- /dev/null +++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf @@ -0,0 +1,30 @@ +## @file +# +# Copyright (C) 2022, Intel Corporation. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BlobMeasurementLibTdx + FILE_GUID =3D ac1a8997-9d91-47c4-b18a-dbe0d1a94fde + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D BlobMeaurementLib + +[Sources] + BlobMeasurement.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + MemoryAllocationLib + +[Protocols] + gEfiCcMeasurementProtocolGuid --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89957): https://edk2.groups.io/g/devel/message/89957 Mute This Topic: https://groups.io/mt/91282949/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed May 8 12:23:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89958+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89958+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1653285378; cv=none; d=zohomail.com; s=zohoarc; b=OFAs39qQr49cDoH/3xGgq4ne7vMQ+tiGK7SFfKfx2g8UtXrfuZeMzuRzoniCRGWEFObV40Gisn0fGcgasCw3SWih8kJEk1q5t3UBXT69Th30EfQQD7CJkRD4PYVYB5wHziB8msGymMWWkdssAYkeC3KaWgWXL2ZD5x+XKSlgJWQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1653285378; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hX8w8U+jRqXY/mDMW+rwSRvsKIqjgYEJw6HTSLPVdvE=; b=XOkqu77z829bzhRmhq4g7P8YiuUmQzy1+yFNXLbs2lIX30ZohmRPbPEs2SR7Sx44r7BYggmd8Wlvja9fbUmQq2F6R3EDU6AHCH93WZpzR62DcxRa5g8w9EUTaK96v8y2fE7zglTyuhjsNH3PW4c6SawZ1kYKZi8OXshfo2Wp5+k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89958+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1653285378820396.24180245922093; Sun, 22 May 2022 22:56:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wvv5YY1788612x8uPJYU4Kp1; Sun, 22 May 2022 22:56:13 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.24058.1653285360652591392 for ; Sun, 22 May 2022 22:56:12 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="272833121" X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="272833121" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:11 -0700 X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="600459821" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.148]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:09 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Sami Mujawar , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH 4/4] OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg Date: Mon, 23 May 2022 13:55:42 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: BsynnCXNnsmo7QHzHxHEOiAYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1653285373; bh=rKqtZG8mtwf9cfPuK7tNEJQLbJQUDAbvXhevl/9gn/4=; h=Cc:Date:From:Reply-To:Subject:To; b=N7bzLcW5UDVv9nDNBl+w9niAYxl1mTzvMI2o1m+92srutONiRh098WJWc4ADPGXWWzB W31axW0jCh3rgPosK13ncXFORSE8Pr/Oe5BBh3xF+vOERWJwGJWCkHrxLmoTOzaaWhTcZ RWwlk89bhf5ZWyealG/nQBgKFVd9Wur1DGc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1653285379103100001 Content-Type: text/plain; charset="utf-8" In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a call to MeasureKernelBlob after fetching to allow BlobMeasurementLib implementations to add a measurement step for these blobs. This will allow confidential computing OVMF builds to add measurement mechanisms for these blobs that originate from an untrusted source (QEMU). In current platforms in OvmfPkg, only IntelTdx supports blob measurement. So OvmfPkg/IntelTdx/IntelTdxX64.dsc is updated to use OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf. Other dsc are using the null implementation of BlobMeasurementLibNull.inf. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Sami Mujawar Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + .../QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 00bc1255bc4e..2887047316b6 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -611,6 +611,7 @@ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + NULL|OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf } OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf OvmfPkg/Virtio10Dxe/Virtio10.inf diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPk= g/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c index d4f3cd92255f..6720dae1d06c 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -1074,6 +1075,18 @@ QemuKernelLoaderFsDxeEntrypoint ( goto FreeBlobs; } =20 + if ((CurrentBlob->Data > 0) && (CurrentBlob->Size > 0)) { + Status =3D MeasureKernelBlob ( + CurrentBlob->Name, + sizeof (CurrentBlob->Name), + CurrentBlob->Data, + CurrentBlob->Size + ); + if (EFI_ERROR (Status)) { + goto FreeBlobs; + } + } + mTotalBlobBytes +=3D CurrentBlob->Size; } =20 --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89958): https://edk2.groups.io/g/devel/message/89958 Mute This Topic: https://groups.io/mt/91282950/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-