tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 16:14:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg/TdxHelperLib: Refactor for new APIs

Browse Source 
Add below APIs to support the implementation for CC measurement.
- TdxHelperMapPcrToMrIndex
- TdxHelperHashAndExtendToRtmr
- TdxHelperBuildTdxMeasurementGuidHob

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
This commit is contained in:
Ceping Sun 2024-11-26 21:22:28 -05:00 committed by mergify[bot]
parent cc0ec8ebae
commit b6b1fdb073
9 changed files with 447 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
OvmfPkg/Include/Library/TdxHelperLib.h
View File

@ -11,6 +11,12 @@
#include <PiPei.h> #include <PiPei.h>
#define CC_MR_INDEX_0_MRTD 0
#define CC_MR_INDEX_1_RTMR0 1
#define CC_MR_INDEX_2_RTMR1 2
#define CC_MR_INDEX_3_RTMR2 3
#define CC_MR_INDEX_INVALID 4
/** /**
In Tdx guest, some information need to be passed from host VMM to guest In Tdx guest, some information need to be passed from host VMM to guest
firmware. For example, the memory resource, etc. These information are firmware. For example, the memory resource, etc. These information are
@ -67,4 +73,71 @@ TdxHelperBuildGuidHobForTdxMeasurement (
VOID VOID
); );
/**
According to UEFI Spec 2.10 Section 38.4.1:
The following table shows the TPM PCR index mapping and CC event log measurement
register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
Register and RTMR means Runtime Measurement Register
// TPM PCR Index | CC Measurement Register Index | TDX-measurement register
// ------------------------------------------------------------------------
// 0 | 0 | MRTD
// 1, 7 | 1 | RTMR[0]
// 2~6 | 2 | RTMR[1]
// 8~15 | 3 | RTMR[2]
@param[in] PCRIndex Index of the TPM PCR
@retval UINT32 Index of the CC Event Log Measurement Register Index
@retval CC_MR_INDEX_INVALID Invalid MR Index
**/
UINT32
EFIAPI
TdxHelperMapPcrToMrIndex (
IN UINT32 PCRIndex
);
/**
* Build GuidHob for Tdx CC measurement event.
*
* @param RtmrIndex RTMR index
* @param EventType Event type
* @param EventData Event data
* @param EventSize Size of event data
* @param HashValue Hash value
* @param HashSize Size of hash
*
* @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperBuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
);
/**
* Calculate the sha384 of input Data and extend it to RTMR register.
*
* @param RtmrIndex Index of the RTMR register
* @param DataToHash Data to be hashed
* @param DataToHashLen Length of the data
* @param Digest Hash value of the input data
* @param DigestLen Length of the hash value
*
* @retval EFI_SUCCESS Successfully hash and extend to RTMR
* @retval Others Other errors as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperHashAndExtendToRtmr (
IN UINT32 RtmrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT UINT8 *Digest,
IN UINTN DigestLen
);
#endif #endif

94
OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelper.c Normal file
View File

@ -0,0 +1,94 @@
/** @file
TdxHelper Functions which are used in DXE phase
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Base.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/TdxHelperLib.h>
/**
* Build GuidHob for Tdx CC measurement event.
*/
EFI_STATUS
BuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
)
{
return EFI_UNSUPPORTED;
}
/**
In Tdx guest, some information need to be passed from host VMM to guest
firmware. For example, the memory resource, etc. These information are
prepared by host VMM and put in TdHob which is described in TdxMetadata.
TDVF processes the TdHob to accept memories.
@retval EFI_SUCCESS Successfully process the TdHob
@retval Others Other error as indicated
**/
EFI_STATUS
EFIAPI
TdxHelperProcessTdHob (
VOID
)
{
return EFI_UNSUPPORTED;
}
/**
In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
the information of the memory resource. From the security perspective before
it is consumed, it should be measured and extended.
*
* @retval EFI_SUCCESS Successfully measure the TdHob
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperMeasureTdHob (
VOID
)
{
return EFI_UNSUPPORTED;
}
/**
* In Tdx guest, Configuration FV (CFV) is treated as external input because it
* may contain the data provided by VMM. From the sucurity perspective Cfv image
* should be measured before it is consumed.
*
* @retval EFI_SUCCESS Successfully measure the CFV image
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperMeasureCfvImage (
VOID
)
{
return EFI_UNSUPPORTED;
}
/**
Build the GuidHob for tdx measurements which were done in SEC phase.
The measurement values are stored in WorkArea.
@retval EFI_SUCCESS The GuidHob is built successfully
@retval Others Other errors as indicated
**/
EFI_STATUS
EFIAPI
TdxHelperBuildGuidHobForTdxMeasurement (
VOID
)
{
return EFI_UNSUPPORTED;
}

41
OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf Normal file
View File

@ -0,0 +1,41 @@
## @file
# TdxHelperLib Dxe instance
#
# This module provides Tdx helper functions in DXE phase.
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = DxeTdxHelperLib
FILE_GUID = d9568aa2-ace6-11ef-8ef3-733e978530b2
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = TdxHelperLib|DXE_DRIVER DXE_RUNTIME_DRIVER
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = X64
#
[Sources]
DxeTdxHelper.c
TdxHelperCommon.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
DebugLib
HobLib
PcdLib
BaseCryptLib

3
OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
View File

@ -25,18 +25,21 @@
[Sources] [Sources]
PeiTdxHelper.c PeiTdxHelper.c
TdxMeasurementHob.c TdxMeasurementHob.c
TdxHelperCommon.c
[Packages] [Packages]
MdeModulePkg/MdeModulePkg.dec MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec MdePkg/MdePkg.dec
OvmfPkg/OvmfPkg.dec OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses] [LibraryClasses]
BaseLib BaseLib
DebugLib DebugLib
HobLib HobLib
PcdLib PcdLib
BaseCryptLib
[FixedPcd] [FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase

56
OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
View File

@ -806,58 +806,6 @@ TdxHelperProcessTdHob (
return Status; return Status;
} }
/**
* Calculate the sha384 of input Data and extend it to RTMR register.
*
* @param RtmrIndex Index of the RTMR register
* @param DataToHash Data to be hashed
* @param DataToHashLen Length of the data
* @param Digest Hash value of the input data
* @param DigestLen Length of the hash value
*
* @retval EFI_SUCCESS Successfully hash and extend to RTMR
* @retval Others Other errors as indicated
*/
STATIC
EFI_STATUS
HashAndExtendToRtmr (
IN UINT32 RtmrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT UINT8 *Digest,
IN UINTN DigestLen
)
{
EFI_STATUS Status;
if ((DataToHash == NULL) || (DataToHashLen == 0)) {
return EFI_INVALID_PARAMETER;
}
if ((Digest == NULL) || (DigestLen != SHA384_DIGEST_SIZE)) {
return EFI_INVALID_PARAMETER;
}
//
// Calculate the sha384 of the data
//
if (!Sha384HashAll (DataToHash, DataToHashLen, Digest)) {
return EFI_ABORTED;
}
//
// Extend to RTMR
//
Status = TdExtendRtmr (
(UINT32 *)Digest,
SHA384_DIGEST_SIZE,
(UINT8)RtmrIndex
);
ASSERT (!EFI_ERROR (Status));
return Status;
}
/** /**
In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
the information of the memory resource. From the security perspective before the information of the memory resource. From the security perspective before
@ -888,7 +836,7 @@ TdxHelperMeasureTdHob (
Hob.Raw = GET_NEXT_HOB (Hob); Hob.Raw = GET_NEXT_HOB (Hob);
} }
Status = HashAndExtendToRtmr ( Status = TdxHelperHashAndExtendToRtmr (
0, 0,
(UINT8 *)TdHob, (UINT8 *)TdHob,
(UINTN)((UINT8 *)Hob.Raw - (UINT8 *)TdHob), (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)TdHob),
@ -933,7 +881,7 @@ TdxHelperMeasureCfvImage (
UINT8 Digest[SHA384_DIGEST_SIZE]; UINT8 Digest[SHA384_DIGEST_SIZE];
OVMF_WORK_AREA *WorkArea; OVMF_WORK_AREA *WorkArea;
Status = HashAndExtendToRtmr ( Status = TdxHelperHashAndExtendToRtmr (
0, 0,
(UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase), (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase),
(UINT64)PcdGet32 (PcdCfvRawDataSize), (UINT64)PcdGet32 (PcdCfvRawDataSize),

1
OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
View File

@ -25,6 +25,7 @@
[Sources] [Sources]
SecTdxHelper.c SecTdxHelper.c
TdxMeasurementHob.c TdxMeasurementHob.c
TdxHelperCommon.c
[Packages] [Packages]
CryptoPkg/CryptoPkg.dec CryptoPkg/CryptoPkg.dec

156
OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperCommon.c Normal file
View File

@ -0,0 +1,156 @@
/** @file
TdxHelper Common Functions
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Ppi/CcMeasurement.h>
#include <Library/DebugLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/TdxLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/HobLib.h>
#include <Library/TdxHelperLib.h>
/**
According to UEFI Spec 2.10 Section 38.4.1:
The following table shows the TPM PCR index mapping and CC event log measurement
register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
Register and RTMR means Runtime Measurement Register
// TPM PCR Index | CC Measurement Register Index | TDX-measurement register
// ------------------------------------------------------------------------
// 0 | 0 | MRTD
// 1, 7 | 1 | RTMR[0]
// 2~6 | 2 | RTMR[1]
// 8~15 | 3 | RTMR[2]
@param[in] PCRIndex Index of the TPM PCR
@retval UINT32 Index of the CC Event Log Measurement Register Index
@retval CC_MR_INDEX_INVALID Invalid MR Index
**/
UINT32
EFIAPI
TdxHelperMapPcrToMrIndex (
IN UINT32 PCRIndex
)
{
UINT32 MrIndex;
if (PCRIndex > 15) {
ASSERT (FALSE);
return CC_MR_INDEX_INVALID;
}
MrIndex = 0;
if (PCRIndex == 0) {
MrIndex = CC_MR_INDEX_0_MRTD;
} else if ((PCRIndex == 1) || (PCRIndex == 7)) {
MrIndex = CC_MR_INDEX_1_RTMR0;
} else if ((PCRIndex >= 2) && (PCRIndex <= 6)) {
MrIndex = CC_MR_INDEX_2_RTMR1;
} else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {
MrIndex = CC_MR_INDEX_3_RTMR2;
}
return MrIndex;
}
/**
* Calculate the sha384 of input Data and extend it to RTMR register.
*
* @param RtmrIndex Index of the RTMR register
* @param DataToHash Data to be hashed
* @param DataToHashLen Length of the data
* @param Digest Hash value of the input data
* @param DigestLen Length of the hash value
*
* @retval EFI_SUCCESS Successfully hash and extend to RTMR
* @retval Others Other errors as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperHashAndExtendToRtmr (
IN UINT32 RtmrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT UINT8 *Digest,
IN UINTN DigestLen
)
{
EFI_STATUS Status;
if ((DataToHash == NULL) || (DataToHashLen == 0)) {
return EFI_INVALID_PARAMETER;
}
if ((Digest == NULL) || (DigestLen != SHA384_DIGEST_SIZE)) {
return EFI_INVALID_PARAMETER;
}
//
// Calculate the sha384 of the data
//
if (!Sha384HashAll (DataToHash, DataToHashLen, Digest)) {
return EFI_ABORTED;
}
//
// Extend to RTMR
//
Status = TdExtendRtmr (
(UINT32 *)Digest,
SHA384_DIGEST_SIZE,
(UINT8)RtmrIndex
);
ASSERT (!EFI_ERROR (Status));
return Status;
}
/**
* Build GuidHob for Tdx CC measurement event.
*/
EFI_STATUS
BuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
);
/**
* Build GuidHob for Tdx CC measurement event.
*
* @param RtmrIndex RTMR index
* @param EventType Event type
* @param EventData Event data
* @param EventSize Size of event data
* @param HashValue Hash value
* @param HashSize Size of hash
*
* @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperBuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
)
{
return BuildTdxMeasurementGuidHob (
RtmrIndex,
EventType,
EventData,
EventSize,
HashValue,
HashSize
);
}

77
OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c
View File

@ -9,6 +9,7 @@
#include <Base.h> #include <Base.h>
#include <PiPei.h> #include <PiPei.h>
#include <Library/TdxHelperLib.h>
/** /**
In Tdx guest, some information need to be passed from host VMM to guest In Tdx guest, some information need to be passed from host VMM to guest
@ -77,3 +78,79 @@ TdxHelperBuildGuidHobForTdxMeasurement (
{ {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
/**
According to UEFI Spec 2.10 Section 38.4.1:
The following table shows the TPM PCR index mapping and CC event log measurement
register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
Register and RTMR means Runtime Measurement Register
// TPM PCR Index | CC Measurement Register Index | TDX-measurement register
// ------------------------------------------------------------------------
// 0 | 0 | MRTD
// 1, 7 | 1 | RTMR[0]
// 2~6 | 2 | RTMR[1]
// 8~15 | 3 | RTMR[2]
@param[in] PCRIndex Index of the TPM PCR
@retval UINT32 Index of the CC Event Log Measurement Register Index
@retval CC_MR_INDEX_INVALID Invalid MR Index
**/
UINT32
EFIAPI
TdxHelperMapPcrToMrIndex (
IN UINT32 PCRIndex
)
{
return CC_MR_INDEX_INVALID;
}
/**
* Calculate the sha384 of input Data and extend it to RTMR register.
*
* @param RtmrIndex Index of the RTMR register
* @param DataToHash Data to be hashed
* @param DataToHashLen Length of the data
* @param Digest Hash value of the input data
* @param DigestLen Length of the hash value
*
* @retval EFI_SUCCESS Successfully hash and extend to RTMR
* @retval Others Other errors as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperHashAndExtendToRtmr (
IN UINT32 RtmrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT UINT8 *Digest,
IN UINTN DigestLen
)
{
return EFI_UNSUPPORTED;
}
/**
* Build GuidHob for Tdx CC measurement event.
*
* @param RtmrIndex RTMR index
* @param EventType Event type
* @param EventData Event data
* @param EventSize Size of event data
* @param HashValue Hash value
* @param HashSize Size of hash
*
* @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperBuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
)
{
return EFI_UNSUPPORTED;
}

1
OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c
View File

@ -51,7 +51,6 @@ typedef PLATFORM_FIRMWARE_BLOB2_STRUCT CFV_HANDOFF_TABLE_POINTERS2;
* @retval EFI_SUCCESS Successfully build the GuidHobs * @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated * @retval Others Other error as indicated
*/ */
STATIC
EFI_STATUS EFI_STATUS
BuildTdxMeasurementGuidHob ( BuildTdxMeasurementGuidHob (
UINT32 RtmrIndex, UINT32 RtmrIndex,