tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg: Update with TdxMeasurementLib 

Since the tdx measurement APIs are implemented by
TdxMeasurementLib, the duplicate code are removed.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
This commit is contained in:
Ceping Sun 2024-12-11 00:29:37 -05:00 committed by mergify[bot]
parent 6f73428d06
commit d51baa02a6
15 changed files with 39 additions and 553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
OvmfPkg/Include/Library/TdxHelperLib.h
View File

@ -11,12 +11,6 @@
#include <PiPei.h>
#define CC_MR_INDEX_0_MRTD 0
#define CC_MR_INDEX_1_RTMR0 1
#define CC_MR_INDEX_2_RTMR1 2
#define CC_MR_INDEX_3_RTMR2 3
#define CC_MR_INDEX_INVALID 4
/**
In Tdx guest, some information need to be passed from host VMM to guest
firmware. For example, the memory resource, etc. These information are
@ -73,71 +67,4 @@ TdxHelperBuildGuidHobForTdxMeasurement (
VOID
);
/**
According to UEFI Spec 2.10 Section 38.4.1:
The following table shows the TPM PCR index mapping and CC event log measurement
register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
Register and RTMR means Runtime Measurement Register
// TPM PCR Index | CC Measurement Register Index | TDX-measurement register
// ------------------------------------------------------------------------
// 0 | 0 | MRTD
// 1, 7 | 1 | RTMR[0]
// 2~6 | 2 | RTMR[1]
// 8~15 | 3 | RTMR[2]
@param[in] PCRIndex Index of the TPM PCR
@retval UINT32 Index of the CC Event Log Measurement Register Index
@retval CC_MR_INDEX_INVALID Invalid MR Index
**/
UINT32
EFIAPI
TdxHelperMapPcrToMrIndex (
IN UINT32 PCRIndex
);
/**
* Build GuidHob for Tdx CC measurement event.
*
* @param RtmrIndex RTMR index
* @param EventType Event type
* @param EventData Event data
* @param EventSize Size of event data
* @param HashValue Hash value
* @param HashSize Size of hash
*
* @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperBuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
);
/**
* Calculate the sha384 of input Data and extend it to RTMR register.
*
* @param RtmrIndex Index of the RTMR register
* @param DataToHash Data to be hashed
* @param DataToHashLen Length of the data
* @param Digest Hash value of the input data
* @param DigestLen Length of the hash value
*
* @retval EFI_SUCCESS Successfully hash and extend to RTMR
* @retval Others Other errors as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperHashAndExtendToRtmr (
IN UINT32 RtmrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT UINT8 *Digest,
IN UINTN DigestLen
);
#endif

3
OvmfPkg/IntelTdx/IntelTdxX64.dsc
View File

@ -239,6 +239,7 @@
PrePiLib|EmbeddedPkg/Library/PrePiLib/PrePiLib.inf
PeilessStartupLib|OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf
[LibraryClasses.common.DXE_CORE]
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
@ -313,7 +314,7 @@
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf
TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/DxeTdxMeasurementLib.inf
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf

94
OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelper.c
View File

@ -1,94 +0,0 @@
/** @file
TdxHelper Functions which are used in DXE phase
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Base.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/TdxHelperLib.h>
/**
* Build GuidHob for Tdx CC measurement event.
*/
EFI_STATUS
BuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
)
{
return EFI_UNSUPPORTED;
}
/**
In Tdx guest, some information need to be passed from host VMM to guest
firmware. For example, the memory resource, etc. These information are
prepared by host VMM and put in TdHob which is described in TdxMetadata.
TDVF processes the TdHob to accept memories.
@retval EFI_SUCCESS Successfully process the TdHob
@retval Others Other error as indicated
**/
EFI_STATUS
EFIAPI
TdxHelperProcessTdHob (
VOID
)
{
return EFI_UNSUPPORTED;
}
/**
In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
the information of the memory resource. From the security perspective before
it is consumed, it should be measured and extended.
*
* @retval EFI_SUCCESS Successfully measure the TdHob
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperMeasureTdHob (
VOID
)
{
return EFI_UNSUPPORTED;
}
/**
* In Tdx guest, Configuration FV (CFV) is treated as external input because it
* may contain the data provided by VMM. From the sucurity perspective Cfv image
* should be measured before it is consumed.
*
* @retval EFI_SUCCESS Successfully measure the CFV image
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperMeasureCfvImage (
VOID
)
{
return EFI_UNSUPPORTED;
}
/**
Build the GuidHob for tdx measurements which were done in SEC phase.
The measurement values are stored in WorkArea.
@retval EFI_SUCCESS The GuidHob is built successfully
@retval Others Other errors as indicated
**/
EFI_STATUS
EFIAPI
TdxHelperBuildGuidHobForTdxMeasurement (
VOID
)
{
return EFI_UNSUPPORTED;
}

41
OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf
View File

@ -1,41 +0,0 @@
## @file
# TdxHelperLib Dxe instance
#
# This module provides Tdx helper functions in DXE phase.
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = DxeTdxHelperLib
FILE_GUID = d9568aa2-ace6-11ef-8ef3-733e978530b2
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = TdxHelperLib|DXE_DRIVER DXE_RUNTIME_DRIVER
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = X64
#
[Sources]
DxeTdxHelper.c
TdxHelperCommon.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
DebugLib
HobLib
PcdLib
BaseCryptLib

3
OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
View File

@ -25,7 +25,6 @@
[Sources]
PeiTdxHelper.c
TdxMeasurementHob.c
TdxHelperCommon.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
@ -33,6 +32,7 @@
OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
BaseLib
@ -40,6 +40,7 @@
HobLib
PcdLib
BaseCryptLib
TdxMeasurementLib
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase

5
OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
View File

@ -23,6 +23,7 @@
#include <WorkArea.h>
#include <ConfidentialComputingGuestAttr.h>
#include <Library/TdxHelperLib.h>
#include <Library/TdxMeasurementLib.h>
#define ALIGNED_2MB_MASK 0x1fffff
#define MEGABYTE_SHIFT 20
@ -836,7 +837,7 @@ TdxHelperMeasureTdHob (
Hob.Raw = GET_NEXT_HOB (Hob);
}
Status = TdxHelperHashAndExtendToRtmr (
Status = TdxMeasurementHashAndExtendToRtmr (
0,
(UINT8 *)TdHob,
(UINTN)((UINT8 *)Hob.Raw - (UINT8 *)TdHob),
@ -881,7 +882,7 @@ TdxHelperMeasureCfvImage (
UINT8 Digest[SHA384_DIGEST_SIZE];
OVMF_WORK_AREA *WorkArea;
Status = TdxHelperHashAndExtendToRtmr (
Status = TdxMeasurementHashAndExtendToRtmr (
0,
(UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase),
(UINT64)PcdGet32 (PcdCfvRawDataSize),

3
OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
View File

@ -25,7 +25,6 @@
[Sources]
SecTdxHelper.c
TdxMeasurementHob.c
TdxHelperCommon.c
[Packages]
CryptoPkg/CryptoPkg.dec
@ -33,6 +32,7 @@
MdePkg/MdePkg.dec
OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
BaseLib
@ -42,6 +42,7 @@
PcdLib
TdxMailboxLib
TdxLib
TdxMeasurementLib
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase

156
OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperCommon.c
View File

@ -1,156 +0,0 @@
/** @file
TdxHelper Common Functions
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Ppi/CcMeasurement.h>
#include <Library/DebugLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/TdxLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/HobLib.h>
#include <Library/TdxHelperLib.h>
/**
According to UEFI Spec 2.10 Section 38.4.1:
The following table shows the TPM PCR index mapping and CC event log measurement
register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
Register and RTMR means Runtime Measurement Register
// TPM PCR Index | CC Measurement Register Index | TDX-measurement register
// ------------------------------------------------------------------------
// 0 | 0 | MRTD
// 1, 7 | 1 | RTMR[0]
// 2~6 | 2 | RTMR[1]
// 8~15 | 3 | RTMR[2]
@param[in] PCRIndex Index of the TPM PCR
@retval UINT32 Index of the CC Event Log Measurement Register Index
@retval CC_MR_INDEX_INVALID Invalid MR Index
**/
UINT32
EFIAPI
TdxHelperMapPcrToMrIndex (
IN UINT32 PCRIndex
)
{
UINT32 MrIndex;
if (PCRIndex > 15) {
ASSERT (FALSE);
return CC_MR_INDEX_INVALID;
}
MrIndex = 0;
if (PCRIndex == 0) {
MrIndex = CC_MR_INDEX_0_MRTD;
} else if ((PCRIndex == 1) || (PCRIndex == 7)) {
MrIndex = CC_MR_INDEX_1_RTMR0;
} else if ((PCRIndex >= 2) && (PCRIndex <= 6)) {
MrIndex = CC_MR_INDEX_2_RTMR1;
} else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {
MrIndex = CC_MR_INDEX_3_RTMR2;
}
return MrIndex;
}
/**
* Calculate the sha384 of input Data and extend it to RTMR register.
*
* @param RtmrIndex Index of the RTMR register
* @param DataToHash Data to be hashed
* @param DataToHashLen Length of the data
* @param Digest Hash value of the input data
* @param DigestLen Length of the hash value
*
* @retval EFI_SUCCESS Successfully hash and extend to RTMR
* @retval Others Other errors as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperHashAndExtendToRtmr (
IN UINT32 RtmrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT UINT8 *Digest,
IN UINTN DigestLen
)
{
EFI_STATUS Status;
if ((DataToHash == NULL) || (DataToHashLen == 0)) {
return EFI_INVALID_PARAMETER;
}
if ((Digest == NULL) || (DigestLen != SHA384_DIGEST_SIZE)) {
return EFI_INVALID_PARAMETER;
}
//
// Calculate the sha384 of the data
//
if (!Sha384HashAll (DataToHash, DataToHashLen, Digest)) {
return EFI_ABORTED;
}
//
// Extend to RTMR
//
Status = TdExtendRtmr (
(UINT32 *)Digest,
SHA384_DIGEST_SIZE,
(UINT8)RtmrIndex
);
ASSERT (!EFI_ERROR (Status));
return Status;
}
/**
* Build GuidHob for Tdx CC measurement event.
*/
EFI_STATUS
BuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
);
/**
* Build GuidHob for Tdx CC measurement event.
*
* @param RtmrIndex RTMR index
* @param EventType Event type
* @param EventData Event data
* @param EventSize Size of event data
* @param HashValue Hash value
* @param HashSize Size of hash
*
* @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperBuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
)
{
return BuildTdxMeasurementGuidHob (
RtmrIndex,
EventType,
EventData,
EventSize,
HashValue,
HashSize
);
}

76
OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c
View File

@ -78,79 +78,3 @@ TdxHelperBuildGuidHobForTdxMeasurement (
{
return EFI_UNSUPPORTED;
}
/**
According to UEFI Spec 2.10 Section 38.4.1:
The following table shows the TPM PCR index mapping and CC event log measurement
register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
Register and RTMR means Runtime Measurement Register
// TPM PCR Index | CC Measurement Register Index | TDX-measurement register
// ------------------------------------------------------------------------
// 0 | 0 | MRTD
// 1, 7 | 1 | RTMR[0]
// 2~6 | 2 | RTMR[1]
// 8~15 | 3 | RTMR[2]
@param[in] PCRIndex Index of the TPM PCR
@retval UINT32 Index of the CC Event Log Measurement Register Index
@retval CC_MR_INDEX_INVALID Invalid MR Index
**/
UINT32
EFIAPI
TdxHelperMapPcrToMrIndex (
IN UINT32 PCRIndex
)
{
return CC_MR_INDEX_INVALID;
}
/**
* Calculate the sha384 of input Data and extend it to RTMR register.
*
* @param RtmrIndex Index of the RTMR register
* @param DataToHash Data to be hashed
* @param DataToHashLen Length of the data
* @param Digest Hash value of the input data
* @param DigestLen Length of the hash value
*
* @retval EFI_SUCCESS Successfully hash and extend to RTMR
* @retval Others Other errors as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperHashAndExtendToRtmr (
IN UINT32 RtmrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT UINT8 *Digest,
IN UINTN DigestLen
)
{
return EFI_UNSUPPORTED;
}
/**
* Build GuidHob for Tdx CC measurement event.
*
* @param RtmrIndex RTMR index
* @param EventType Event type
* @param EventData Event data
* @param EventSize Size of event data
* @param HashValue Hash value
* @param HashSize Size of hash
*
* @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated
*/
EFI_STATUS
EFIAPI
TdxHelperBuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
)
{
return EFI_UNSUPPORTED;
}

87
OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c
View File

@ -17,6 +17,7 @@
#include <Library/PrintLib.h>
#include <Library/TcgEventLogRecordLib.h>
#include <WorkArea.h>
#include <Library/TdxMeasurementLib.h>
#pragma pack(1)
@ -33,88 +34,6 @@ typedef struct {
#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
typedef PLATFORM_FIRMWARE_BLOB2_STRUCT CFV_HANDOFF_TABLE_POINTERS2;
/**
* Build GuidHob for Tdx measurement.
*
* Tdx measurement includes the measurement of TdHob and CFV. They're measured
* and extended to RTMR registers in SEC phase. Because at that moment the Hob
* service are not available. So the values of the measurement are saved in
* workarea and will be built into GuidHob after the Hob service is ready.
*
* @param RtmrIndex RTMR index
* @param EventType Event type
* @param EventData Event data
* @param EventSize Size of event data
* @param HashValue Hash value
* @param HashSize Size of hash
*
* @retval EFI_SUCCESS Successfully build the GuidHobs
* @retval Others Other error as indicated
*/
EFI_STATUS
BuildTdxMeasurementGuidHob (
UINT32 RtmrIndex,
UINT32 EventType,
UINT8 *EventData,
UINT32 EventSize,
UINT8 *HashValue,
UINT32 HashSize
)
{
VOID *EventHobData;
UINT8 *Ptr;
TPML_DIGEST_VALUES *TdxDigest;
if (HashSize != SHA384_DIGEST_SIZE) {
return EFI_INVALID_PARAMETER;
}
#define TDX_DIGEST_VALUE_LEN (sizeof (UINT32) + sizeof (TPMI_ALG_HASH) + SHA384_DIGEST_SIZE)
EventHobData = BuildGuidHob (
&gCcEventEntryHobGuid,
sizeof (TCG_PCRINDEX) + sizeof (TCG_EVENTTYPE) +
TDX_DIGEST_VALUE_LEN +
sizeof (UINT32) + EventSize
);
if (EventHobData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Ptr = (UINT8 *)EventHobData;
//
// There are 2 types of measurement registers in TDX: MRTD and RTMR[0-3].
// According to UEFI Spec 2.10 Section 38.4.1, RTMR[0-3] is mapped to MrIndex[1-4].
// So RtmrIndex must be increased by 1 before the event log is created.
//
RtmrIndex++;
CopyMem (Ptr, &RtmrIndex, sizeof (UINT32));
Ptr += sizeof (UINT32);
CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE));
Ptr += sizeof (TCG_EVENTTYPE);
TdxDigest = (TPML_DIGEST_VALUES *)Ptr;
TdxDigest->count = 1;
TdxDigest->digests[0].hashAlg = TPM_ALG_SHA384;
CopyMem (
TdxDigest->digests[0].digest.sha384,
HashValue,
SHA384_DIGEST_SIZE
);
Ptr += TDX_DIGEST_VALUE_LEN;
CopyMem (Ptr, &EventSize, sizeof (UINT32));
Ptr += sizeof (UINT32);
CopyMem (Ptr, (VOID *)EventData, EventSize);
Ptr += EventSize;
return EFI_SUCCESS;
}
/**
Get the FvName from the FV header.
@ -207,7 +126,7 @@ InternalBuildGuidHobForTdxMeasurement (
CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
HandoffTables.TableEntry[0].VendorTable = TdHobList;
Status = BuildTdxMeasurementGuidHob (
Status = TdxMeasurementBuildGuidHob (
0, // RtmrIndex
EV_EFI_HANDOFF_TABLES2, // EventType
(UINT8 *)(UINTN)&HandoffTables, // EventData
@ -239,7 +158,7 @@ InternalBuildGuidHobForTdxMeasurement (
FvBlob2.BlobBase = FvBase;
FvBlob2.BlobLength = FvLength;
Status = BuildTdxMeasurementGuidHob (
Status = TdxMeasurementBuildGuidHob (
0, // RtmrIndex
EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
(VOID *)&FvBlob2, // EventData

4
OvmfPkg/OvmfPkgX64.dsc
View File

@ -297,6 +297,7 @@
CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf
[LibraryClasses.common.PEI_CORE]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@ -345,6 +346,7 @@
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf
TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
[LibraryClasses.common.DXE_CORE]
@ -433,7 +435,7 @@
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf
TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/DxeTdxMeasurementLib.inf
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf

28
OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
View File

@ -44,7 +44,7 @@
#include <Protocol/CcMeasurement.h>
#include <Guid/CcEventHob.h>
#include <Library/TdxLib.h>
#include <Library/TdxHelperLib.h>
#include <Library/TdxMeasurementLib.h>
#define PERF_ID_CC_TCG2_DXE 0x3130
@ -940,7 +940,7 @@ TdMapPcrToMrIndex (
return EFI_INVALID_PARAMETER;
}
*MrIndex = TdxHelperMapPcrToMrIndex (PCRIndex);
*MrIndex = TdxMeasurementMapPcrToMrIndex (PCRIndex);
return *MrIndex == CC_MR_INDEX_INVALID ? EFI_INVALID_PARAMETER : EFI_SUCCESS;
}
@ -1607,7 +1607,7 @@ MeasureHandoffTables (
Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum);
if (!EFI_ERROR (Status)) {
CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (1);
CcEvent.MrIndex = TdxMeasurementMapPcrToMrIndex (1);
CcEvent.EventType = EV_TABLE_OF_DEVICES;
CcEvent.EventSize = sizeof (HandoffTables);
@ -1829,7 +1829,7 @@ ReadAndMeasureBootVariable (
)
{
return ReadAndMeasureVariable (
TdxHelperMapPcrToMrIndex (1),
TdxMeasurementMapPcrToMrIndex (1),
EV_EFI_VARIABLE_BOOT,
VarName,
VendorGuid,
@ -1860,7 +1860,7 @@ ReadAndMeasureSecureVariable (
)
{
return ReadAndMeasureVariable (
TdxHelperMapPcrToMrIndex (7),
TdxMeasurementMapPcrToMrIndex (7),
EV_EFI_VARIABLE_DRIVER_CONFIG,
VarName,
VendorGuid,
@ -1968,7 +1968,7 @@ MeasureAllSecureVariables (
Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize);
if (!EFI_ERROR (Status)) {
Status = MeasureVariable (
TdxHelperMapPcrToMrIndex (7),
TdxMeasurementMapPcrToMrIndex (7),
EV_EFI_VARIABLE_DRIVER_CONFIG,
EFI_IMAGE_SECURITY_DATABASE2,
&gEfiImageSecurityDatabaseGuid,
@ -1998,7 +1998,7 @@ MeasureLaunchOfFirmwareDebugger (
{
CC_EVENT_HDR CcEvent;
CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (7);
CcEvent.MrIndex = TdxMeasurementMapPcrToMrIndex (7);
CcEvent.EventType = EV_EFI_ACTION;
CcEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
return TdxDxeHashLogExtendEvent (
@ -2057,7 +2057,7 @@ MeasureSecureBootPolicy (
// There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So
// the Authority measurement happen before ReadToBoot event.
//
Status = MeasureSeparatorEvent (TdxHelperMapPcrToMrIndex (7));
Status = MeasureSeparatorEvent (TdxMeasurementMapPcrToMrIndex (7));
DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent - %r\n", Status));
return;
}
@ -2102,7 +2102,7 @@ OnReadyToBoot (
// 1. This is the first boot attempt.
//
Status = TdMeasureAction (
TdxHelperMapPcrToMrIndex (4),
TdxMeasurementMapPcrToMrIndex (4),
EFI_CALLING_EFI_APPLICATION
);
if (EFI_ERROR (Status)) {
@ -2140,7 +2140,7 @@ OnReadyToBoot (
// 6. Not first attempt, meaning a return from last attempt
//
Status = TdMeasureAction (
TdxHelperMapPcrToMrIndex (4),
TdxMeasurementMapPcrToMrIndex (4),
EFI_RETURNING_FROM_EFI_APPLICATION
);
if (EFI_ERROR (Status)) {
@ -2152,7 +2152,7 @@ OnReadyToBoot (
// TCG PC Client PFP spec Section 2.4.4.5 Step 4
//
Status = TdMeasureAction (
TdxHelperMapPcrToMrIndex (4),
TdxMeasurementMapPcrToMrIndex (4),
EFI_CALLING_EFI_APPLICATION
);
if (EFI_ERROR (Status)) {
@ -2190,7 +2190,7 @@ OnExitBootServices (
// Measure invocation of ExitBootServices,
//
Status = TdMeasureAction (
TdxHelperMapPcrToMrIndex (5),
TdxMeasurementMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_INVOCATION
);
if (EFI_ERROR (Status)) {
@ -2201,7 +2201,7 @@ OnExitBootServices (
// Measure success of ExitBootServices
//
Status = TdMeasureAction (
TdxHelperMapPcrToMrIndex (5),
TdxMeasurementMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_SUCCEEDED
);
if (EFI_ERROR (Status)) {
@ -2231,7 +2231,7 @@ OnExitBootServicesFailed (
// Measure Failure of ExitBootServices,
//
Status = TdMeasureAction (
TdxHelperMapPcrToMrIndex (5),
TdxMeasurementMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_FAILED
);
if (EFI_ERROR (Status)) {

4
OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
View File

@ -31,7 +31,7 @@
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
OvmfPkg/OvmfPkg.dec
UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
MemoryAllocationLib
@ -50,7 +50,7 @@
PeCoffLib
TpmMeasurementLib
TdxLib
TdxHelperLib
TdxMeasurementLib
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"

12
OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c
View File

@ -14,7 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseMemoryLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/HobLib.h>
#include <Library/TdxHelperLib.h>
#include <Library/TdxMeasurementLib.h>
/**
Do a hash operation on a data buffer, extend a specific RTMR with the hash result,
@ -47,7 +47,7 @@ TdxPeiHashLogExtendEvent (
EFI_STATUS Status;
UINT8 Digest[SHA384_DIGEST_SIZE];
Status = TdxHelperHashAndExtendToRtmr (
Status = TdxMeasurementHashAndExtendToRtmr (
MrIndex - 1,
HashData,
(UINTN)HashDataLen,
@ -56,11 +56,11 @@ TdxPeiHashLogExtendEvent (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a: HashAndExtendToRtmr failed with %r\n", __func__, Status));
DEBUG ((DEBUG_ERROR, "%a: TdxMeasurementHashAndExtendToRtmr failed with %r\n", __func__, Status));
return Status;
}
Status = TdxHelperBuildTdxMeasurementGuidHob (
Status = TdxMeasurementBuildGuidHob (
MrIndex - 1,
EventType,
EventData,
@ -70,7 +70,7 @@ TdxPeiHashLogExtendEvent (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a: BuildTdxMeasurementGuidHob failed with %r\n", __func__, Status));
DEBUG ((DEBUG_ERROR, "%a: TdxMeasurementBuildGuidHob failed with %r\n", __func__, Status));
}
return Status;
@ -150,7 +150,7 @@ TdMapPcrToMrIndex (
OUT UINT32 *MrIndex
)
{
*MrIndex = TdxHelperMapPcrToMrIndex (PCRIndex);
*MrIndex = TdxMeasurementMapPcrToMrIndex (PCRIndex);
return EFI_SUCCESS;
}

3
OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf
View File

@ -27,6 +27,7 @@
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
UefiCpuPkg/UefiCpuPkg.dec
OvmfPkg/OvmfPkg.dec
[LibraryClasses]
@ -38,7 +39,7 @@
PrintLib
TdxLib
BaseCryptLib
TdxHelperLib
TdxMeasurementLib
[Ppis]
gEdkiiCcPpiGuid