MdePkg: Add TCG PFP 1.06 support.

Add support for TCG PC Client Platform Firmware Profile Specification 1.06. Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-18 17:28:11 +08:00 · 2024-04-18 17:28:11 +08:00 · 5f391c6606
parent 338fd26b8f
commit 5f391c6606
2 changed files with 187 additions and 3 deletions
--- a/MdePkg/Include/IndustryStandard/Spdm.h
+++ b/MdePkg/Include/IndustryStandard/Spdm.h
@ -1302,7 +1302,9 @@ typedef struct {
 #define SPDM_ST1_VALUE_US  100000

 ///
-/// id-DMTF 1.3.6.1.4.1.412
+/// id-DMTF 1.3.6.1.4.1.412.
+/// These OID are defiend in ANNEX C (informative) OID reference section from the DMTF SPDM spec.
+/// https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.2.2.pdf
 ///
 #define SPDM_OID_DMTF \
    {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C }
--- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
+++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
@ -1,8 +1,8 @@
 /** @file
  TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and
-  TCG PC Client Platform Firmware Profile Specification, Revision 1.05
+  TCG PC Client Platform Firmware Profile Specification, Revision 1.06

-  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR>
  SPDX-License-Identifier: BSD-2-Clause-Patent

 **/
@ -53,6 +53,18 @@
 #define EV_EFI_VARIABLE_AUTHORITY         (EV_EFI_EVENT_BASE + 0xE0)
 #define EV_EFI_SPDM_FIRMWARE_BLOB         (EV_EFI_EVENT_BASE + 0xE1)
 #define EV_EFI_SPDM_FIRMWARE_CONFIG       (EV_EFI_EVENT_BASE + 0xE2)
+#define EV_EFI_SPDM_DEVICE_BLOB           EV_EFI_SPDM_FIRMWARE_BLOB
+#define EV_EFI_SPDM_DEVICE_CONFIG         EV_EFI_SPDM_FIRMWARE_CONFIG
+//
+// The SPDM policy database for SPDM verification.
+// It goes to PCR7
+//
+#define EV_EFI_SPDM_DEVICE_POLICY  (EV_EFI_EVENT_BASE + 0xE3)
+//
+// The SPDM policy authority for SPDM verification for the signature
+// of GET_MEASUREMENT or CHALLENGE_AUTH. It goes to PCR7.
+//
+#define EV_EFI_SPDM_DEVICE_AUTHORITY  (EV_EFI_EVENT_BASE + 0xE4)

 #define EFI_CALLING_EFI_APPLICATION         \
  "Calling EFI Application from Boot Option"
@ -374,6 +386,7 @@ typedef struct {
 #define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2   0
 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2          0
 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105  105
+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106  106

 typedef struct {
  UINT8     signature[16];
@ -492,4 +505,173 @@ typedef struct tdTCG_EfiStartupLocalityEvent {
 //
 #pragma pack ()

+//
+// ======================================================================================================================
+// Event Type                    PCR  Event Log                                   Usage
+// ======================================================================================================================
+// EV_EFI_SPDM_DEVICE_BLOB       2    SPDM_MEASUREMENT_BLOCK (subtype)            MEASUREMENT from device
+// EV_EFI_SPDM_DEVICE_CONFIG     3    SPDM_MEASUREMENT_BLOCK (subtype)            MEASUREMENT from device
+// EV_EFI_SPDM_DEVICE_BLOB       2    SPDM_MEASUREMENT_SUMMARY_HASH.TCB (subtype) SUMMARY_HASH from device
+
+// EV_EFI_SPDM_DEVICE_POLICY     7    UEFI_VARIABLE_DATA with EFI_SIGNATURE_LIST  Provisioned device public cert.
+// EV_EFI_SPDM_DEVICE_AUTHORITY  7    UEFI_VARIABLE_DATA with EFI_SIGNATURE_DATA  CHALLENGE_AUTH signature verification
+// ======================================================================================================================
+//
+
+#define PCR_INDEX_FOR_SIGNATURE_DB  7
+
+#pragma pack(1)
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1    1
+#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2    2
+#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2  "SPDM Device Sec2"
+
+typedef struct {
+  UINT8     Signature[16];
+  UINT16    Version;
+  UINT8     AuthState;
+  UINT8     Reserved;
+  UINT32    Length;                      // Length in bytes for all following structures.
+  UINT32    DeviceType;
+  UINT32    SubHeaderType;
+  UINT32    SubHeaderLength;                      // Length in bytes of the sub header followed by.
+  UINT64    SubHeaderUID;                         // Universal identifier assigned by the event log creator. It can be used to bind two sub header structure together.
+  // UINT64                         DevicePathLength;
+  // UINT8                          DevicePath[DevicePathLength];
+} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2;
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS       0
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH       1
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING    2
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG   3
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID  4
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM       0xFF
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK  0
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN         1
+
+typedef struct {
+  UINT16    SpdmVersion;
+  UINT8     SpdmMeasurementBlockCount;
+  UINT8     Reserved;
+  UINT32    SpdmMeasurementHashAlgo;
+  // SPDM_MEASUREMENT_BLOCK         SpdmMeasurementBlock;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK;
+
+typedef struct {
+  UINT16    SpdmVersion;
+  UINT8     SpdmSlotId;
+  UINT8     Reserved;
+  UINT32    SpdmHashAlgo;
+  // SPDM_CERT_CHAIN                SpdmCertChain;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN;
+
+typedef struct {
+  UINT32    Type;
+  UINT32    Length;
+  UINT8     Value[1];
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT;
+
+typedef union {
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK    SpdmMeasurementBlock;
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN           SpdmCertChain;
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT           OemMeasurement;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER;
+
+typedef union {
+  TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT    Pci;
+  TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT    Usb;
+} TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT;
+
+typedef struct {
+  TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2           EventDataHeader;
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER        EventDataSubHeader;
+  TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT    DeviceContext;
+} TCG_DEVICE_SECURITY_EVENT_DATA2;
+
+#pragma pack()
+
+//
+// EventType:EV_NO_ACTION
+// ======================================================================================================================
+// NVIndex Name                                PCR/NvIndex  Event Log                            Usage
+// ======================================================================================================================
+// NV_EXTEND_INDEX_FOR_INSTANCE                0x01C40200   NV_INDEX_INSTANCE_EVENT_LOG_STRUCT   NV Extend Record for instance data (CertChain)
+// NV_EXTEND_INDEX_FOR_DYNAMIC                 0x01C40201   NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    NV Extend Record for dynamic data  (Nonce)
+
+// EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH   0x01C40202   EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT  Event Log Integrity for ExitPmAuth
+// EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT  0x01C40203   EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT  Event Log Integrity for ReadyToBoot
+// ======================================================================================================================
+//
+
+#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE                0x01C40200
+#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC                 0x01C40201
+#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH   0x01C40202
+#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT  0x01C40203
+
+#pragma pack(1)
+
+#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE      "NvIndexInstance"
+#define TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION  1
+
+typedef struct {
+  UINT8     Signature[16];
+  UINT16    Version;
+  UINT8     Reserved[6];
+  // TCG_DEVICE_SECURITY_EVENT_DATA2  Data;
+} TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT;
+
+#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE      "NvIndexDynamic "
+#define TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION  1
+
+#define TCG_SPDM_CHALLENGE_DESCRIPTION         "SPDM CHALLENGE"
+#define TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION    "SPDM CHALLENGE_AUTH"
+#define TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION  "SPDM GET_MEASUREMENTS"
+#define TCG_SPDM_MEASUREMENTS_DESCRIPTION      "SPDM MEASUREMENTS"
+
+typedef struct {
+  UINT8     Signature[16];
+  UINT16    Version;
+  UINT8     Reserved[6];
+  UINT64    Uid;
+  // UINT16                           DescriptionSize;
+  // UINT8                            Description[DescriptionSize];
+  // UINT16                           DataSize;
+  // UINT8                            Data[DataSize];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_GET_MEASUREMENTS;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_MEASUREMENTS_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS;
+
+#pragma pack()
+
 #endif