MdeModulePkg/Variable: Add TCG SPDM device measurement update

Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable. Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2025-04-08 17:05:09 +02:00 · 2024-04-18 17:28:13 +08:00 · 2024-04-18 17:28:13 +08:00 · d8e4c4b000
commit d8e4c4b000
parent 74db2ed3e5
4 changed files with 43 additions and 6 deletions
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@ -2172,6 +2172,11 @@
  # @Prompt TCG Platform Firmware Profile revision.
  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0x00010077

+  ## Specify whether to enable the state of SPDM device authentication and measurement.<BR><BR>
+  #  0: Platform Firmware not supports SPDM device authentication and measurement.
+  #  1: Platform Firmware supports SPDM device authentication and measurement.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthentication|0|UINT8|0x00010033
+
  ## Indicates if StatusCode is reported via Serial port.<BR><BR>
  #   TRUE  - Reports StatusCode via Serial port.<BR>
  #   FALSE - Does not report StatusCode via Serial port.<BR>
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

 #include <PiDxe.h>
 #include <Guid/ImageAuthentication.h>
+#include <Guid/DeviceAuthentication.h>
 #include <IndustryStandard/UefiTcgPlatform.h>

 #include <Library/UefiBootServicesTableLib.h>
@ -26,12 +27,13 @@ typedef struct {
 } VARIABLE_TYPE;

 VARIABLE_TYPE  mVariableType[] = {
-  { EFI_SECURE_BOOT_MODE_NAME,    &gEfiGlobalVariableGuid        },
-  { EFI_PLATFORM_KEY_NAME,        &gEfiGlobalVariableGuid        },
-  { EFI_KEY_EXCHANGE_KEY_NAME,    &gEfiGlobalVariableGuid        },
-  { EFI_IMAGE_SECURITY_DATABASE,  &gEfiImageSecurityDatabaseGuid },
-  { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid },
-  { EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid },
+  { EFI_SECURE_BOOT_MODE_NAME,    &gEfiGlobalVariableGuid          },
+  { EFI_PLATFORM_KEY_NAME,        &gEfiGlobalVariableGuid          },
+  { EFI_KEY_EXCHANGE_KEY_NAME,    &gEfiGlobalVariableGuid          },
+  { EFI_IMAGE_SECURITY_DATABASE,  &gEfiImageSecurityDatabaseGuid   },
+  { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid   },
+  { EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid   },
+  { EFI_DEVICE_SECURITY_DATABASE, &gEfiDeviceSignatureDatabaseGuid },
 };

 //
@ -123,6 +125,22 @@ MeasureVariable (
      );
  }

+  if (CompareGuid (VendorGuid, &gEfiDeviceSignatureDatabaseGuid)) {
+    DEBUG ((DEBUG_INFO, "VariableDxe: MeasureVariable (Pcr - %x, EventType - %x, ", PCR_INDEX_FOR_SIGNATURE_DB, (UINTN)EV_EFI_SPDM_DEVICE_POLICY));
+    DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));
+
+    Status = TpmMeasureAndLogData (
+               PCR_INDEX_FOR_SIGNATURE_DB,
+               EV_EFI_SPDM_DEVICE_POLICY,
+               VarLog,
+               VarLogSize,
+               VarLog,
+               VarLogSize
+               );
+    FreePool (VarLog);
+    return Status;
+  }
+
  DEBUG ((DEBUG_INFO, "VariableDxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_DRIVER_CONFIG));
  DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));

@ -228,6 +246,14 @@ SecureBootHook (
    return;
  }

+  if (CompareGuid (VendorGuid, &gEfiDeviceSignatureDatabaseGuid)) {
+    if ((PcdGet32 (PcdTcgPfpMeasurementRevision) < TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106) ||
+        (PcdGet8 (PcdEnableSpdmDeviceAuthentication) == 0))
+    {
+      return;
+    }
+  }
+
  //
  // We should NOT use Data and DataSize here,because it may include signature,
  // or is just partial with append attributes, or is deleted.
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@ -125,6 +125,7 @@
  ## SOMETIMES_CONSUMES   ## Variable:L"dbx"
  ## SOMETIMES_CONSUMES   ## Variable:L"dbt"
  gEfiImageSecurityDatabaseGuid
+  gEfiDeviceSignatureDatabaseGuid

 [Pcd]
  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize                 ## CONSUMES
@ -138,6 +139,8 @@
  gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe  ## CONSUMES
  gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable         ## SOMETIMES_CONSUMES
  gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved      ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision       ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthentication   ## PRODUCES AND CONSUMES

 [FeaturePcd]
  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics  ## CONSUMES # statistic the information of variable.
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
@ -80,6 +80,8 @@

 [Pcd]
  gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable     ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision                 ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthentication             ## PRODUCES AND CONSUMES

 [Guids]
  ## PRODUCES             ## GUID # Signature of Variable store header
@ -110,6 +112,7 @@

  gVarCheckPolicyLibMmiHandlerGuid
  gEfiEndOfDxeEventGroupGuid
+  gEfiDeviceSignatureDatabaseGuid

 [Depex]
  gEfiMmCommunication2ProtocolGuid