IntelFsp2WrapperPkg/FspiWrapperPeim : Support FSP-I measurement

Add code to support FSP-I binary measurement. Signed-off-by: Hongbin1 Zhang <hongbin1.zhang@intel.com> Cc: Chasel Chiu <chasel.chiu@intel.com> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com> Cc: Chen Gang C <gang.c.chen@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Ted Kuo <ted.kuo@intel.com> Cc: Ashraf Ali S <ashraf.ali.s@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
author: Hongbin1 Zhang <hongbin1.zhang@intel.com> 2024-10-11 19:07:41 +0800
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2024-12-20 06:29:58 +0000
commit: 1d1e0474d76b70617065c103fe5d781e3bf31dfc (patch)
tree: 0413b84bf865a97a80b7071cc93b1007e70b3f42
parent: df1726a65ef2f7f9793bbad4d18596ac7dbf0749 (diff)
download: edk2-1d1e0474d76b70617065c103fe5d781e3bf31dfc.tar.gz
3 files changed, 96 insertions, 0 deletions
diff --git a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c
index f76f824938..211dd26060 100644
--- a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c
@@ -26,6 +26,9 @@
 #include <Library/FspWrapperApiLib.h>
 #include <Library/FspWrapperHobProcessLib.h>
 #include <Library/FspWrapperApiTestLib.h>
+#include <Library/FspMeasurementLib.h>
+#include <Ppi/Tcg.h>
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
 
 /**
   Call FspSmmInit API.
@@ -135,6 +138,30 @@ FspiWrapperInitDispatchMode (
   VOID
   )
 {
+  EFI_STATUS                                             Status;
+  EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI  *MeasurementExcludedFvPpi;
+  EFI_PEI_PPI_DESCRIPTOR                                 *MeasurementExcludedPpiList;
+
+  MeasurementExcludedFvPpi = AllocatePool (sizeof (*MeasurementExcludedFvPpi));
+  if (MeasurementExcludedFvPpi != NULL) {
+    MeasurementExcludedFvPpi->Count          = 1;
+    MeasurementExcludedFvPpi->Fv[0].FvBase   = PcdGet32 (PcdFspiBaseAddress);
+    MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)PcdGet32 (PcdFspiBaseAddress))->FvLength;
+  } else {
+    ASSERT (MeasurementExcludedFvPpi != NULL);
+  }
+
+  MeasurementExcludedPpiList = AllocatePool (sizeof (*MeasurementExcludedPpiList));
+  if (MeasurementExcludedPpiList != NULL) {
+    MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+    MeasurementExcludedPpiList->Guid  = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
+    MeasurementExcludedPpiList->Ppi   = MeasurementExcludedFvPpi;
+
+    Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
+    ASSERT_EFI_ERROR (Status);
+  } else {
+    ASSERT (MeasurementExcludedPpiList != NULL);
+  }
 
   //
   // FSP-I Wrapper running in Dispatch mode and reports FSP-I FV to PEI dispatcher.
@@ -151,6 +178,66 @@ FspiWrapperInitDispatchMode (
 }
 
 /**
+  This function is called after TCG installed PPI.
+
+  @param[in] PeiServices    Pointer to PEI Services Table.
+  @param[in] NotifyDesc     Pointer to the descriptor for the Notification event that
+                            caused this function to execute.
+  @param[in] Ppi            Pointer to the PPI data associated with this function.
+
+  @retval EFI_STATUS        Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+  IN EFI_PEI_SERVICES           **PeiServices,
+  IN EFI_PEI_NOTIFY_DESCRIPTOR  *NotifyDesc,
+  IN VOID                       *Ppi
+  );
+
+EFI_PEI_NOTIFY_DESCRIPTOR  mTcgPpiNotifyDesc = {
+  (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+  &gEdkiiTcgPpiGuid,
+  TcgPpiNotify
+};
+
+/**
+  This function is called after TCG installed PPI.
+
+  @param[in] PeiServices    Pointer to PEI Services Table.
+  @param[in] NotifyDesc     Pointer to the descriptor for the Notification event that
+                            caused this function to execute.
+  @param[in] Ppi            Pointer to the PPI data associated with this function.
+
+  @retval EFI_STATUS        Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+  IN EFI_PEI_SERVICES           **PeiServices,
+  IN EFI_PEI_NOTIFY_DESCRIPTOR  *NotifyDesc,
+  IN VOID                       *Ppi
+  )
+{
+  UINT32  FspMeasureMask;
+
+  DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPI\n"));
+
+  FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+
+  if ((FspMeasureMask & FSP_MEASURE_FSPI) != 0) {
+    MeasureFspFirmwareBlob (
+      0,
+      "FSPI",
+      PcdGet32 (PcdFspiBaseAddress),
+      (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)PcdGet32 (PcdFspiBaseAddress))->FvLength
+      );
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
   This is the entrypoint of PEIM.
 
   @param[in] FileHandle  Handle of the file being invoked.
@@ -169,6 +256,9 @@ FspiWrapperPeimEntryPoint (
 
   DEBUG ((DEBUG_INFO, "FspiWrapperPeimEntryPoint\n"));
 
+  Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
+  ASSERT_EFI_ERROR (Status);
+
   if (PcdGet8 (PcdFspModeSelection) == 1) {
     Status = FspiWrapperInitApiMode ();
   } else {
diff --git a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf
index 346e500b64..e03434ccca 100644
--- a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf
@@ -40,19 +40,24 @@
   PerformanceLib
   FspWrapperApiLib
   FspWrapperApiTestLib
+  FspMeasurementLib
 
 [Packages]
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
   IntelFsp2Pkg/IntelFsp2Pkg.dec
+  SecurityPkg/SecurityPkg.dec
   IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
 
 [Ppis]
+  gEdkiiTcgPpiGuid                                       ## NOTIFY
+  gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid    ## PRODUCES
 
 [Pcd]
   gIntelFsp2WrapperTokenSpaceGuid.PcdFspiBaseAddress       ## CONSUMES
   gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection      ## CONSUMES
   gIntelFsp2WrapperTokenSpaceGuid.PcdFspiUpdDataAddress    ## CONSUMES
+  gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig  ## CONSUMES
 
 [Guids]
   gFspHobGuid                           ## CONSUMES ## HOB
diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
index db599cc1f8..7b303dab3e 100644
--- a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
+++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
@@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define FSP_MEASURE_FSPT    BIT1
 #define FSP_MEASURE_FSPM    BIT2
 #define FSP_MEASURE_FSPS    BIT3
+#define FSP_MEASURE_FSPI    BIT4
 #define FSP_MEASURE_FSPUPD  BIT31
 
 /**
author	Hongbin1 Zhang <hongbin1.zhang@intel.com>	2024-10-11 19:07:41 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-12-20 06:29:58 +0000
commit	1d1e0474d76b70617065c103fe5d781e3bf31dfc (patch)
tree	0413b84bf865a97a80b7071cc93b1007e70b3f42
parent	df1726a65ef2f7f9793bbad4d18596ac7dbf0749 (diff)
download	edk2-1d1e0474d76b70617065c103fe5d781e3bf31dfc.tar.gz