SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625 DxeTpmMeasurementLib supports TPM based measurement in DXE phase. After CcMeasurementProtocol is introduced, CC based measurement needs to be supported in DxeTpmMeasurementLib as well. A platform should have only one RTS/RTR. Only one of (virtual)TPM1.2, (virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL, TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed. In this library when do measurement only one of above 3 protocols will be called. Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
2021-12-11 21:08:42 +08:00 · 2021-12-11 21:08:42 +08:00 · 8c06c53b58
parent a124cd4ef9
commit 8c06c53b58
2 changed files with 111 additions and 20 deletions
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@ -1,5 +1,6 @@
 /** @file
-  This library is used by other modules to measure data to TPM.
+  This library is used by other modules to measure data to TPM and Confidential
+  Computing (CC) measure registers.

 Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
@ -19,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

 #include <Guid/Acpi.h>
 #include <IndustryStandard/Acpi.h>
+#include <Protocol/CcMeasurement.h>

 /**
  Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@ -35,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
  @retval EFI_OUT_OF_RESOURCES  Out of memory.
  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
 **/
+STATIC
 EFI_STATUS
 Tpm12MeasureAndLogData (
  IN UINT32  PcrIndex,
@ -101,6 +104,7 @@ Tpm12MeasureAndLogData (
  @retval EFI_OUT_OF_RESOURCES  Out of memory.
  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
 **/
+STATIC
 EFI_STATUS
 Tpm20MeasureAndLogData (
  IN UINT32  PcrIndex,
@ -147,6 +151,73 @@ Tpm20MeasureAndLogData (
  return Status;
 }

+/**
+  Cc measure and log data, and extend the measurement result into a
+  specific CC MR.
+
+  @param[in]  CcProtocol       Instance of CC measurement protocol
+  @param[in]  PcrIndex         PCR Index.
+  @param[in]  EventType        Event type.
+  @param[in]  EventLog         Measurement event log.
+  @param[in]  LogLen           Event log length in bytes.
+  @param[in]  HashData         The start of the data buffer to be hashed, extended.
+  @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_UNSUPPORTED       CC guest not available.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+  @retval EFI_INVALID_PARAMETER The input parameter is invalid.
+**/
+STATIC
+EFI_STATUS
+CcMeasureAndLogData (
+  IN EFI_CC_MEASUREMENT_PROTOCOL  *CcProtocol,
+  IN UINT32                       PcrIndex,
+  IN UINT32                       EventType,
+  IN VOID                         *EventLog,
+  IN UINT32                       LogLen,
+  IN VOID                         *HashData,
+  IN UINT64                       HashDataLen
+  )
+{
+  EFI_STATUS       Status;
+  EFI_CC_EVENT     *EfiCcEvent;
+  EFI_CC_MR_INDEX  MrIndex;
+
+  if (CcProtocol == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  EfiCcEvent = (EFI_CC_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_CC_EVENT));
+  if (EfiCcEvent == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  EfiCcEvent->Size                 = (UINT32)LogLen + sizeof (EFI_CC_EVENT) - sizeof (EfiCcEvent->Event);
+  EfiCcEvent->Header.HeaderSize    = sizeof (EFI_CC_EVENT_HEADER);
+  EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
+  EfiCcEvent->Header.MrIndex       = MrIndex;
+  EfiCcEvent->Header.EventType     = EventType;
+  CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);
+
+  Status = CcProtocol->HashLogExtendEvent (
+                         CcProtocol,
+                         0,
+                         (EFI_PHYSICAL_ADDRESS)(UINTN)HashData,
+                         HashDataLen,
+                         EfiCcEvent
+                         );
+  FreePool (EfiCcEvent);
+
+  return Status;
+}
+
 /**
  Tpm measure and log data, and extend the measurement result into a specific PCR.

@ -173,25 +244,16 @@ TpmMeasureAndLogData (
  IN UINT64  HashDataLen
  )
 {
-  EFI_STATUS  Status;
+  EFI_STATUS                   Status;
+  EFI_CC_MEASUREMENT_PROTOCOL  *CcProtocol;

-  //
-  // Try to measure using Tpm20 protocol
-  //
-  Status = Tpm20MeasureAndLogData (
-             PcrIndex,
-             EventType,
-             EventLog,
-             LogLen,
-             HashData,
-             HashDataLen
-             );
-
-  if (EFI_ERROR (Status)) {
+  Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&CcProtocol);
+  if (!EFI_ERROR (Status)) {
    //
-    // Try to measure using Tpm1.2 protocol
+    // Try to measure using Cc measurement protocol
    //
-    Status = Tpm12MeasureAndLogData (
+    Status = CcMeasureAndLogData (
+               CcProtocol,
               PcrIndex,
               EventType,
               EventLog,
@ -199,6 +261,32 @@ TpmMeasureAndLogData (
               HashData,
               HashDataLen
               );
+  } else {
+    //
+    // Try to measure using Tpm20 protocol
+    //
+    Status = Tpm20MeasureAndLogData (
+               PcrIndex,
+               EventType,
+               EventLog,
+               LogLen,
+               HashData,
+               HashDataLen
+               );
+
+    if (EFI_ERROR (Status)) {
+      //
+      // Try to measure using Tpm1.2 protocol
+      //
+      Status = Tpm12MeasureAndLogData (
+                 PcrIndex,
+                 EventType,
+                 EventLog,
+                 LogLen,
+                 HashData,
+                 HashDataLen
+                 );
+    }
  }

  return Status;
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
@ -1,5 +1,7 @@
 ## @file
-#  Provides TPM measurement functions for TPM1.2 and TPM 2.0
+#  Provides below measurement functions:
+#    1. TPM measurement functions for TPM1.2 and TPM 2.0
+#    2. Confidential Computing (CC) measurement functions
 #
 #  This library provides TpmMeasureAndLogData() to measure and log data, and
 #  extend the measurement result into a specific PCR.
@ -40,5 +42,6 @@
  UefiBootServicesTableLib

 [Protocols]
-  gEfiTcgProtocolGuid           ## SOMETIMES_CONSUMES
-  gEfiTcg2ProtocolGuid          ## SOMETIMES_CONSUMES
+  gEfiTcgProtocolGuid               ## SOMETIMES_CONSUMES
+  gEfiTcg2ProtocolGuid              ## SOMETIMES_CONSUMES
+  gEfiCcMeasurementProtocolGuid     ## SOMETIMES_CONSUMES