tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OmvfPkg/HashLibTdx: Add HashLibTdx 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

This library is the one of SecurityPkg/Library/HashLibTdx. It is
designed for Intel TDX enlightened OVMF. So moving it from SecurityPkg
to OvmfPkg. To prevent breaking the build, the moving is splitted into 2
patch. SecurityPkg/Library/HashLibTdx will be deleted in the next patch.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Min M Xu 2024-04-15 15:55:51 +08:00 committed by mergify[bot]
parent 71aaf7a308
commit 93ff80a218
2 changed files with 250 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

213
OvmfPkg/Library/HashLibTdx/HashLibTdx.c Normal file
View File

@ -0,0 +1,213 @@
/** @file
This library is HashLib for Tdx.
Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
#include <Library/HashLib.h>
#include <Library/TdxLib.h>
#include <Protocol/CcMeasurement.h>
EFI_GUID mSha384Guid = HASH_ALGORITHM_SHA384_GUID;
//
// Currently TDX supports SHA384.
//
HASH_INTERFACE mHashInterface = {
{ 0 }, NULL, NULL, NULL
};
UINTN mHashInterfaceCount = 0;
/**
Start hash sequence.
@param HashHandle Hash handle.
@retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
@retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
**/
EFI_STATUS
EFIAPI
HashStart (
OUT HASH_HANDLE *HashHandle
)
{
HASH_HANDLE HashCtx;
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
HashCtx = 0;
mHashInterface.HashInit (&HashCtx);
*HashHandle = HashCtx;
return EFI_SUCCESS;
}
/**
Update hash sequence data.
@param HashHandle Hash handle.
@param DataToHash Data to be hashed.
@param DataToHashLen Data size.
@retval EFI_SUCCESS Hash sequence updated.
**/
EFI_STATUS
EFIAPI
HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);
return EFI_SUCCESS;
}
/**
Hash sequence complete and extend to PCR.
@param HashHandle Hash handle.
@param PcrIndex PCR to be extended.
@param DataToHash Data to be hashed.
@param DataToHashLen Data size.
@param DigestList Digest list.
@retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
**/
EFI_STATUS
EFIAPI
HashCompleteAndExtend (
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
TPML_DIGEST_VALUES Digest;
EFI_STATUS Status;
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
ZeroMem (DigestList, sizeof (*DigestList));
mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);
mHashInterface.HashFinal (HashHandle, &Digest);
CopyMem (
&DigestList->digests[0],
&Digest.digests[0],
sizeof (Digest.digests[0])
);
DigestList->count++;
ASSERT (DigestList->count == 1 && DigestList->digests[0].hashAlg == TPM_ALG_SHA384);
Status = TdExtendRtmr (
(UINT32 *)DigestList->digests[0].digest.sha384,
SHA384_DIGEST_SIZE,
(UINT8)PcrIndex
);
ASSERT (!EFI_ERROR (Status));
return Status;
}
/**
Hash data and extend to RTMR.
@param PcrIndex PCR to be extended.
@param DataToHash Data to be hashed.
@param DataToHashLen Data size.
@param DigestList Digest list.
@retval EFI_SUCCESS Hash data and DigestList is returned.
**/
EFI_STATUS
EFIAPI
HashAndExtend (
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
HASH_HANDLE HashHandle;
EFI_STATUS Status;
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
ASSERT (TdIsEnabled ());
HashStart (&HashHandle);
HashUpdate (HashHandle, DataToHash, DataToHashLen);
Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);
return Status;
}
/**
This service register Hash.
@param HashInterface Hash interface
@retval EFI_SUCCESS This hash interface is registered successfully.
@retval EFI_UNSUPPORTED System does not support register this interface.
@retval EFI_ALREADY_STARTED System already register this interface.
**/
EFI_STATUS
EFIAPI
RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
)
{
//
// HashLibTdx is designed for Tdx guest. So if it is not Tdx guest,
// return EFI_UNSUPPORTED.
//
if (!TdIsEnabled ()) {
return EFI_UNSUPPORTED;
}
//
// Only SHA384 is allowed.
//
if (!CompareGuid (&mSha384Guid, &HashInterface->HashGuid)) {
return EFI_UNSUPPORTED;
}
if (mHashInterfaceCount != 0) {
ASSERT (FALSE);
return EFI_OUT_OF_RESOURCES;
}
CopyMem (&mHashInterface, HashInterface, sizeof (*HashInterface));
mHashInterfaceCount++;
return EFI_SUCCESS;
}

37
OvmfPkg/Library/HashLibTdx/HashLibTdx.inf Normal file
View File

@ -0,0 +1,37 @@
## @file
# Provides hash service by registered hash handler in Tdx.
#
# This library is HashLib for Tdx. Currently only SHA384 is supported.
#
# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = HashLibTdx
FILE_GUID = 77F6EA3E-1ABA-4467-A447-926E8CEB2D13
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = HashLib|SEC DXE_DRIVER
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = X64
#
[Sources]
HashLibTdx.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
PcdLib
TdxLib