OvmfPkg/TdTcg2Dxe: Fix the SeparatorEvent issue in RTMRs

According to the TCG EFI platform specification, the firmware must measure the EV_SEPARATOR event into PCRs 0-7. As PCR[1] and PCR[7] map to RTMR[0], and PCRs [2-6] map to RTMR[1], it is necessary to measure one EV_SEPARATOR event into RTMR[0] and another one into RTMR[1]. An issue is found in TdTcg2Dxe that 2 EV_SEPARATOR events are measured to RTMR[0] but no EV_SEPARATOR event is measured to RTMR[1]. This patch fixes the above issue. Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Qinkun Bao <qinkun@google.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
2024-08-06 02:01:55 -04:00 · 2024-08-06 02:01:55 -04:00 · efaf8931bb
parent ccda91c286
commit efaf8931bb
1 changed files with 9 additions and 3 deletions
--- a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
+++ b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
@ -2160,11 +2160,17 @@ OnReadyToBoot (

    //
    // 2. Draw a line between pre-boot env and entering post-boot env.
-    // PCR[7] (is RTMR[0]) is already done.
    //
-    Status = MeasureSeparatorEvent (1);
+    // According to UEFI Spec 2.10 Section 38.4.1 the mapping between MrIndex and Intel
+    // TDX Measurement Register is:
+    //    MrIndex 0   <--> MRTD
+    //    MrIndex 1-3 <--> RTMR[0-2]
+    // RTMR[0] (i.e. MrIndex 1) is already done. So SepartorEvent shall be extended to
+    // RTMR[1] (i.e. MrIndex 2) as well.
+    //
+    Status = MeasureSeparatorEvent (CC_MR_INDEX_2_RTMR1);
    if (EFI_ERROR (Status)) {
-      DEBUG ((DEBUG_ERROR, "Separator Event not Measured. Error!\n"));
+      DEBUG ((DEBUG_ERROR, "Separator Event not Measured to RTMR[1]. Error!\n"));
    }

    //