diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index fc1332598e..8a50519ecf 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -313,6 +313,7 @@ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf + TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 1276c8f80e..dfaaab719b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -432,6 +432,7 @@ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf + TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c index 6d2de0e838..ab23caa4be 100644 --- a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c +++ b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c @@ -44,15 +44,11 @@ #include #include #include +#include #define PERF_ID_CC_TCG2_DXE 0x3130 #define CC_EVENT_LOG_AREA_COUNT_MAX 1 -#define CC_MR_INDEX_0_MRTD 0 -#define CC_MR_INDEX_1_RTMR0 1 -#define CC_MR_INDEX_2_RTMR1 2 -#define CC_MR_INDEX_3_RTMR2 3 -#define CC_MR_INDEX_INVALID 4 typedef struct { CHAR16 *VariableName; @@ -932,51 +928,6 @@ TcgCommLogEvent ( return EFI_SUCCESS; } -/** - According to UEFI Spec 2.10 Section 38.4.1: - The following table shows the TPM PCR index mapping and CC event log measurement - register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement - Register and RTMR means Runtime Measurement Register - - // TPM PCR Index | CC Measurement Register Index | TDX-measurement register - // ------------------------------------------------------------------------ - // 0 | 0 | MRTD - // 1, 7 | 1 | RTMR[0] - // 2~6 | 2 | RTMR[1] - // 8~15 | 3 | RTMR[2] - - @param[in] PCRIndex Index of the TPM PCR - - @retval UINT32 Index of the CC Event Log Measurement Register Index - @retval CC_MR_INDEX_INVALID Invalid MR Index -**/ -UINT32 -EFIAPI -MapPcrToMrIndex ( - IN UINT32 PCRIndex - ) -{ - UINT32 MrIndex; - - if (PCRIndex > 15) { - ASSERT (FALSE); - return CC_MR_INDEX_INVALID; - } - - MrIndex = 0; - if (PCRIndex == 0) { - MrIndex = CC_MR_INDEX_0_MRTD; - } else if ((PCRIndex == 1) || (PCRIndex == 7)) { - MrIndex = CC_MR_INDEX_1_RTMR0; - } else if ((PCRIndex >= 2) && (PCRIndex <= 6)) { - MrIndex = CC_MR_INDEX_2_RTMR1; - } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) { - MrIndex = CC_MR_INDEX_3_RTMR2; - } - - return MrIndex; -} - EFI_STATUS EFIAPI TdMapPcrToMrIndex ( @@ -989,7 +940,7 @@ TdMapPcrToMrIndex ( return EFI_INVALID_PARAMETER; } - *MrIndex = MapPcrToMrIndex (PCRIndex); + *MrIndex = TdxHelperMapPcrToMrIndex (PCRIndex); return *MrIndex == CC_MR_INDEX_INVALID ? EFI_INVALID_PARAMETER : EFI_SUCCESS; } @@ -1656,7 +1607,7 @@ MeasureHandoffTables ( Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum); if (!EFI_ERROR (Status)) { - CcEvent.MrIndex = MapPcrToMrIndex (1); + CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (1); CcEvent.EventType = EV_TABLE_OF_DEVICES; CcEvent.EventSize = sizeof (HandoffTables); @@ -1878,7 +1829,7 @@ ReadAndMeasureBootVariable ( ) { return ReadAndMeasureVariable ( - MapPcrToMrIndex (1), + TdxHelperMapPcrToMrIndex (1), EV_EFI_VARIABLE_BOOT, VarName, VendorGuid, @@ -1909,7 +1860,7 @@ ReadAndMeasureSecureVariable ( ) { return ReadAndMeasureVariable ( - MapPcrToMrIndex (7), + TdxHelperMapPcrToMrIndex (7), EV_EFI_VARIABLE_DRIVER_CONFIG, VarName, VendorGuid, @@ -2017,7 +1968,7 @@ MeasureAllSecureVariables ( Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize); if (!EFI_ERROR (Status)) { Status = MeasureVariable ( - MapPcrToMrIndex (7), + TdxHelperMapPcrToMrIndex (7), EV_EFI_VARIABLE_DRIVER_CONFIG, EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, @@ -2047,7 +1998,7 @@ MeasureLaunchOfFirmwareDebugger ( { CC_EVENT_HDR CcEvent; - CcEvent.MrIndex = MapPcrToMrIndex (7); + CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (7); CcEvent.EventType = EV_EFI_ACTION; CcEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1; return TdxDxeHashLogExtendEvent ( @@ -2106,7 +2057,7 @@ MeasureSecureBootPolicy ( // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So // the Authority measurement happen before ReadToBoot event. // - Status = MeasureSeparatorEvent (MapPcrToMrIndex (7)); + Status = MeasureSeparatorEvent (TdxHelperMapPcrToMrIndex (7)); DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent - %r\n", Status)); return; } @@ -2151,7 +2102,7 @@ OnReadyToBoot ( // 1. This is the first boot attempt. // Status = TdMeasureAction ( - MapPcrToMrIndex (4), + TdxHelperMapPcrToMrIndex (4), EFI_CALLING_EFI_APPLICATION ); if (EFI_ERROR (Status)) { @@ -2189,7 +2140,7 @@ OnReadyToBoot ( // 6. Not first attempt, meaning a return from last attempt // Status = TdMeasureAction ( - MapPcrToMrIndex (4), + TdxHelperMapPcrToMrIndex (4), EFI_RETURNING_FROM_EFI_APPLICATION ); if (EFI_ERROR (Status)) { @@ -2201,7 +2152,7 @@ OnReadyToBoot ( // TCG PC Client PFP spec Section 2.4.4.5 Step 4 // Status = TdMeasureAction ( - MapPcrToMrIndex (4), + TdxHelperMapPcrToMrIndex (4), EFI_CALLING_EFI_APPLICATION ); if (EFI_ERROR (Status)) { @@ -2239,7 +2190,7 @@ OnExitBootServices ( // Measure invocation of ExitBootServices, // Status = TdMeasureAction ( - MapPcrToMrIndex (5), + TdxHelperMapPcrToMrIndex (5), EFI_EXIT_BOOT_SERVICES_INVOCATION ); if (EFI_ERROR (Status)) { @@ -2250,7 +2201,7 @@ OnExitBootServices ( // Measure success of ExitBootServices // Status = TdMeasureAction ( - MapPcrToMrIndex (5), + TdxHelperMapPcrToMrIndex (5), EFI_EXIT_BOOT_SERVICES_SUCCEEDED ); if (EFI_ERROR (Status)) { @@ -2280,7 +2231,7 @@ OnExitBootServicesFailed ( // Measure Failure of ExitBootServices, // Status = TdMeasureAction ( - MapPcrToMrIndex (5), + TdxHelperMapPcrToMrIndex (5), EFI_EXIT_BOOT_SERVICES_FAILED ); if (EFI_ERROR (Status)) { diff --git a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf index 0f86c12fdd..5daaefda95 100644 --- a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf +++ b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf @@ -31,6 +31,7 @@ MdeModulePkg/MdeModulePkg.dec SecurityPkg/SecurityPkg.dec CryptoPkg/CryptoPkg.dec + OvmfPkg/OvmfPkg.dec [LibraryClasses] MemoryAllocationLib @@ -49,6 +50,7 @@ PeCoffLib TpmMeasurementLib TdxLib + TdxHelperLib [Guids] ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"