From 5f391c660667ec7c7c01551bc98e5c3921f4b3da Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Thu, 18 Apr 2024 17:28:11 +0800 Subject: [PATCH] MdePkg: Add TCG PFP 1.06 support. Add support for TCG PC Client Platform Firmware Profile Specification 1.06. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou Reviewed-by: Jiewen Yao --- MdePkg/Include/IndustryStandard/Spdm.h | 4 +- .../IndustryStandard/UefiTcgPlatform.h | 186 +++++++++++++++++- 2 files changed, 187 insertions(+), 3 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h index 7940caa95e..3d511b4768 100644 --- a/MdePkg/Include/IndustryStandard/Spdm.h +++ b/MdePkg/Include/IndustryStandard/Spdm.h @@ -1302,7 +1302,9 @@ typedef struct { #define SPDM_ST1_VALUE_US 100000 /// -/// id-DMTF 1.3.6.1.4.1.412 +/// id-DMTF 1.3.6.1.4.1.412. +/// These OID are defiend in ANNEX C (informative) OID reference section from the DMTF SPDM spec. +/// https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.2.2.pdf /// #define SPDM_OID_DMTF \ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C } diff --git a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h index e07840c9dd..61bd4e4667 100644 --- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h +++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h @@ -1,8 +1,8 @@ /** @file TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and - TCG PC Client Platform Firmware Profile Specification, Revision 1.05 + TCG PC Client Platform Firmware Profile Specification, Revision 1.06 - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -53,6 +53,18 @@ #define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0) #define EV_EFI_SPDM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 0xE1) #define EV_EFI_SPDM_FIRMWARE_CONFIG (EV_EFI_EVENT_BASE + 0xE2) +#define EV_EFI_SPDM_DEVICE_BLOB EV_EFI_SPDM_FIRMWARE_BLOB +#define EV_EFI_SPDM_DEVICE_CONFIG EV_EFI_SPDM_FIRMWARE_CONFIG +// +// The SPDM policy database for SPDM verification. +// It goes to PCR7 +// +#define EV_EFI_SPDM_DEVICE_POLICY (EV_EFI_EVENT_BASE + 0xE3) +// +// The SPDM policy authority for SPDM verification for the signature +// of GET_MEASUREMENT or CHALLENGE_AUTH. It goes to PCR7. +// +#define EV_EFI_SPDM_DEVICE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE4) #define EFI_CALLING_EFI_APPLICATION \ "Calling EFI Application from Boot Option" @@ -374,6 +386,7 @@ typedef struct { #define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2 0 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2 0 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105 105 +#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106 106 typedef struct { UINT8 signature[16]; @@ -492,4 +505,173 @@ typedef struct tdTCG_EfiStartupLocalityEvent { // #pragma pack () +// +// ====================================================================================================================== +// Event Type PCR Event Log Usage +// ====================================================================================================================== +// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device +// EV_EFI_SPDM_DEVICE_CONFIG 3 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device +// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_SUMMARY_HASH.TCB (subtype) SUMMARY_HASH from device + +// EV_EFI_SPDM_DEVICE_POLICY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_LIST Provisioned device public cert. +// EV_EFI_SPDM_DEVICE_AUTHORITY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_DATA CHALLENGE_AUTH signature verification +// ====================================================================================================================== +// + +#define PCR_INDEX_FOR_SIGNATURE_DB 7 + +#pragma pack(1) + +#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1 1 +#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2 2 +#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2 "SPDM Device Sec2" + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 AuthState; + UINT8 Reserved; + UINT32 Length; // Length in bytes for all following structures. + UINT32 DeviceType; + UINT32 SubHeaderType; + UINT32 SubHeaderLength; // Length in bytes of the sub header followed by. + UINT64 SubHeaderUID; // Universal identifier assigned by the event log creator. It can be used to bind two sub header structure together. + // UINT64 DevicePathLength; + // UINT8 DevicePath[DevicePathLength]; +} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2; + +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS 0 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH 1 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING 2 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG 3 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID 4 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM 0xFF + +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK 0 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN 1 + +typedef struct { + UINT16 SpdmVersion; + UINT8 SpdmMeasurementBlockCount; + UINT8 Reserved; + UINT32 SpdmMeasurementHashAlgo; + // SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK; + +typedef struct { + UINT16 SpdmVersion; + UINT8 SpdmSlotId; + UINT8 Reserved; + UINT32 SpdmHashAlgo; + // SPDM_CERT_CHAIN SpdmCertChain; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN; + +typedef struct { + UINT32 Type; + UINT32 Length; + UINT8 Value[1]; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT; + +typedef union { + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER; + +typedef union { + TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT Pci; + TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT Usb; +} TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT; + +typedef struct { + TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader; + TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext; +} TCG_DEVICE_SECURITY_EVENT_DATA2; + +#pragma pack() + +// +// EventType:EV_NO_ACTION +// ====================================================================================================================== +// NVIndex Name PCR/NvIndex Event Log Usage +// ====================================================================================================================== +// NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 NV_INDEX_INSTANCE_EVENT_LOG_STRUCT NV Extend Record for instance data (CertChain) +// NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT NV Extend Record for dynamic data (Nonce) + +// EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ExitPmAuth +// EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ReadyToBoot +// ====================================================================================================================== +// + +#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 +#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 +#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 +#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 + +#pragma pack(1) + +#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE "NvIndexInstance" +#define TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION 1 + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 Reserved[6]; + // TCG_DEVICE_SECURITY_EVENT_DATA2 Data; +} TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT; + +#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE "NvIndexDynamic " +#define TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION 1 + +#define TCG_SPDM_CHALLENGE_DESCRIPTION "SPDM CHALLENGE" +#define TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION "SPDM CHALLENGE_AUTH" +#define TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION "SPDM GET_MEASUREMENTS" +#define TCG_SPDM_MEASUREMENTS_DESCRIPTION "SPDM MEASUREMENTS" + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 Reserved[6]; + UINT64 Uid; + // UINT16 DescriptionSize; + // UINT8 Description[DescriptionSize]; + // UINT16 DataSize; + // UINT8 Data[DataSize]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_GET_MEASUREMENTS; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_MEASUREMENTS_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS; + +#pragma pack() + #endif