tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-31 01:24:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg/TdTcg2Dxe: Update with TdxHelperLib

Browse Source 
Since TdxHelperLib has the API(TdxHelperMapPcrToMrIndex)
to map PCR to MR index, the duplicate codes are removed.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
This commit is contained in:
Ceping Sun 2024-11-26 21:57:19 -05:00 committed by mergify[bot]
parent b6b1fdb073
commit bdf3c917e3
4 changed files with 18 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
OvmfPkg/IntelTdx/IntelTdxX64.dsc
View File

@ -313,6 +313,7 @@
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf
[LibraryClasses.common.UEFI_APPLICATION] [LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf

1
OvmfPkg/OvmfPkgX64.dsc
View File

@ -432,6 +432,7 @@
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf
[LibraryClasses.common.UEFI_APPLICATION] [LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf

77
OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
View File

@ -44,15 +44,11 @@
#include <Protocol/CcMeasurement.h> #include <Protocol/CcMeasurement.h>
#include <Guid/CcEventHob.h> #include <Guid/CcEventHob.h>
#include <Library/TdxLib.h> #include <Library/TdxLib.h>
#include <Library/TdxHelperLib.h>
#define PERF_ID_CC_TCG2_DXE 0x3130 #define PERF_ID_CC_TCG2_DXE 0x3130
#define CC_EVENT_LOG_AREA_COUNT_MAX 1 #define CC_EVENT_LOG_AREA_COUNT_MAX 1
#define CC_MR_INDEX_0_MRTD 0
#define CC_MR_INDEX_1_RTMR0 1
#define CC_MR_INDEX_2_RTMR1 2
#define CC_MR_INDEX_3_RTMR2 3
#define CC_MR_INDEX_INVALID 4
typedef struct { typedef struct {
CHAR16 *VariableName; CHAR16 *VariableName;
@ -932,51 +928,6 @@ TcgCommLogEvent (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/**
According to UEFI Spec 2.10 Section 38.4.1:
The following table shows the TPM PCR index mapping and CC event log measurement
register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
Register and RTMR means Runtime Measurement Register
// TPM PCR Index | CC Measurement Register Index | TDX-measurement register
// ------------------------------------------------------------------------
// 0 | 0 | MRTD
// 1, 7 | 1 | RTMR[0]
// 2~6 | 2 | RTMR[1]
// 8~15 | 3 | RTMR[2]
@param[in] PCRIndex Index of the TPM PCR
@retval UINT32 Index of the CC Event Log Measurement Register Index
@retval CC_MR_INDEX_INVALID Invalid MR Index
**/
UINT32
EFIAPI
MapPcrToMrIndex (
IN UINT32 PCRIndex
)
{
UINT32 MrIndex;
if (PCRIndex > 15) {
ASSERT (FALSE);
return CC_MR_INDEX_INVALID;
}
MrIndex = 0;
if (PCRIndex == 0) {
MrIndex = CC_MR_INDEX_0_MRTD;
} else if ((PCRIndex == 1) || (PCRIndex == 7)) {
MrIndex = CC_MR_INDEX_1_RTMR0;
} else if ((PCRIndex >= 2) && (PCRIndex <= 6)) {
MrIndex = CC_MR_INDEX_2_RTMR1;
} else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {
MrIndex = CC_MR_INDEX_3_RTMR2;
}
return MrIndex;
}
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
TdMapPcrToMrIndex ( TdMapPcrToMrIndex (
@ -989,7 +940,7 @@ TdMapPcrToMrIndex (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
*MrIndex = MapPcrToMrIndex (PCRIndex); *MrIndex = TdxHelperMapPcrToMrIndex (PCRIndex);
return *MrIndex == CC_MR_INDEX_INVALID ? EFI_INVALID_PARAMETER : EFI_SUCCESS; return *MrIndex == CC_MR_INDEX_INVALID ? EFI_INVALID_PARAMETER : EFI_SUCCESS;
} }
@ -1656,7 +1607,7 @@ MeasureHandoffTables (
Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum); Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum);
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
CcEvent.MrIndex = MapPcrToMrIndex (1); CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (1);
CcEvent.EventType = EV_TABLE_OF_DEVICES; CcEvent.EventType = EV_TABLE_OF_DEVICES;
CcEvent.EventSize = sizeof (HandoffTables); CcEvent.EventSize = sizeof (HandoffTables);
@ -1878,7 +1829,7 @@ ReadAndMeasureBootVariable (
) )
{ {
return ReadAndMeasureVariable ( return ReadAndMeasureVariable (
MapPcrToMrIndex (1), TdxHelperMapPcrToMrIndex (1),
EV_EFI_VARIABLE_BOOT, EV_EFI_VARIABLE_BOOT,
VarName, VarName,
VendorGuid, VendorGuid,
@ -1909,7 +1860,7 @@ ReadAndMeasureSecureVariable (
) )
{ {
return ReadAndMeasureVariable ( return ReadAndMeasureVariable (
MapPcrToMrIndex (7), TdxHelperMapPcrToMrIndex (7),
EV_EFI_VARIABLE_DRIVER_CONFIG, EV_EFI_VARIABLE_DRIVER_CONFIG,
VarName, VarName,
VendorGuid, VendorGuid,
@ -2017,7 +1968,7 @@ MeasureAllSecureVariables (
Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize); Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize);
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
Status = MeasureVariable ( Status = MeasureVariable (
MapPcrToMrIndex (7), TdxHelperMapPcrToMrIndex (7),
EV_EFI_VARIABLE_DRIVER_CONFIG, EV_EFI_VARIABLE_DRIVER_CONFIG,
EFI_IMAGE_SECURITY_DATABASE2, EFI_IMAGE_SECURITY_DATABASE2,
&gEfiImageSecurityDatabaseGuid, &gEfiImageSecurityDatabaseGuid,
@ -2047,7 +1998,7 @@ MeasureLaunchOfFirmwareDebugger (
{ {
CC_EVENT_HDR CcEvent; CC_EVENT_HDR CcEvent;
CcEvent.MrIndex = MapPcrToMrIndex (7); CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (7);
CcEvent.EventType = EV_EFI_ACTION; CcEvent.EventType = EV_EFI_ACTION;
CcEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1; CcEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
return TdxDxeHashLogExtendEvent ( return TdxDxeHashLogExtendEvent (
@ -2106,7 +2057,7 @@ MeasureSecureBootPolicy (
// There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So
// the Authority measurement happen before ReadToBoot event. // the Authority measurement happen before ReadToBoot event.
// //
Status = MeasureSeparatorEvent (MapPcrToMrIndex (7)); Status = MeasureSeparatorEvent (TdxHelperMapPcrToMrIndex (7));
DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent - %r\n", Status)); DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent - %r\n", Status));
return; return;
} }
@ -2151,7 +2102,7 @@ OnReadyToBoot (
// 1. This is the first boot attempt. // 1. This is the first boot attempt.
// //
Status = TdMeasureAction ( Status = TdMeasureAction (
MapPcrToMrIndex (4), TdxHelperMapPcrToMrIndex (4),
EFI_CALLING_EFI_APPLICATION EFI_CALLING_EFI_APPLICATION
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -2189,7 +2140,7 @@ OnReadyToBoot (
// 6. Not first attempt, meaning a return from last attempt // 6. Not first attempt, meaning a return from last attempt
// //
Status = TdMeasureAction ( Status = TdMeasureAction (
MapPcrToMrIndex (4), TdxHelperMapPcrToMrIndex (4),
EFI_RETURNING_FROM_EFI_APPLICATION EFI_RETURNING_FROM_EFI_APPLICATION
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -2201,7 +2152,7 @@ OnReadyToBoot (
// TCG PC Client PFP spec Section 2.4.4.5 Step 4 // TCG PC Client PFP spec Section 2.4.4.5 Step 4
// //
Status = TdMeasureAction ( Status = TdMeasureAction (
MapPcrToMrIndex (4), TdxHelperMapPcrToMrIndex (4),
EFI_CALLING_EFI_APPLICATION EFI_CALLING_EFI_APPLICATION
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -2239,7 +2190,7 @@ OnExitBootServices (
// Measure invocation of ExitBootServices, // Measure invocation of ExitBootServices,
// //
Status = TdMeasureAction ( Status = TdMeasureAction (
MapPcrToMrIndex (5), TdxHelperMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_INVOCATION EFI_EXIT_BOOT_SERVICES_INVOCATION
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -2250,7 +2201,7 @@ OnExitBootServices (
// Measure success of ExitBootServices // Measure success of ExitBootServices
// //
Status = TdMeasureAction ( Status = TdMeasureAction (
MapPcrToMrIndex (5), TdxHelperMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_SUCCEEDED EFI_EXIT_BOOT_SERVICES_SUCCEEDED
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -2280,7 +2231,7 @@ OnExitBootServicesFailed (
// Measure Failure of ExitBootServices, // Measure Failure of ExitBootServices,
// //
Status = TdMeasureAction ( Status = TdMeasureAction (
MapPcrToMrIndex (5), TdxHelperMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_FAILED EFI_EXIT_BOOT_SERVICES_FAILED
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {

2
OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
View File

@ -31,6 +31,7 @@
MdeModulePkg/MdeModulePkg.dec MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec CryptoPkg/CryptoPkg.dec
OvmfPkg/OvmfPkg.dec
[LibraryClasses] [LibraryClasses]
MemoryAllocationLib MemoryAllocationLib
@ -49,6 +50,7 @@
PeCoffLib PeCoffLib
TpmMeasurementLib TpmMeasurementLib
TdxLib TdxLib
TdxHelperLib
[Guids] [Guids]
## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"