diff options
Diffstat (limited to 'OvmfPkg')
| -rw-r--r-- | OvmfPkg/Include/Library/TdxHelperLib.h | 73 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelper.c | 94 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf | 41 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf | 3 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c | 5 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf | 3 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperCommon.c | 156 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c | 76 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c | 87 | ||||
| -rw-r--r-- | OvmfPkg/OvmfPkgX64.dsc | 4 | ||||
| -rw-r--r-- | OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 28 | ||||
| -rw-r--r-- | OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf | 4 | ||||
| -rw-r--r-- | OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c | 12 | ||||
| -rw-r--r-- | OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf | 3 |
15 files changed, 39 insertions, 553 deletions
diff --git a/OvmfPkg/Include/Library/TdxHelperLib.h b/OvmfPkg/Include/Library/TdxHelperLib.h index 39c2997e08..199aade42f 100644 --- a/OvmfPkg/Include/Library/TdxHelperLib.h +++ b/OvmfPkg/Include/Library/TdxHelperLib.h @@ -11,12 +11,6 @@ #include <PiPei.h>
-#define CC_MR_INDEX_0_MRTD 0
-#define CC_MR_INDEX_1_RTMR0 1
-#define CC_MR_INDEX_2_RTMR1 2
-#define CC_MR_INDEX_3_RTMR2 3
-#define CC_MR_INDEX_INVALID 4
-
/**
In Tdx guest, some information need to be passed from host VMM to guest
firmware. For example, the memory resource, etc. These information are
@@ -73,71 +67,4 @@ TdxHelperBuildGuidHobForTdxMeasurement ( VOID
);
-/**
- According to UEFI Spec 2.10 Section 38.4.1:
- The following table shows the TPM PCR index mapping and CC event log measurement
- register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
- Register and RTMR means Runtime Measurement Register
- // TPM PCR Index | CC Measurement Register Index | TDX-measurement register
- // ------------------------------------------------------------------------
- // 0 | 0 | MRTD
- // 1, 7 | 1 | RTMR[0]
- // 2~6 | 2 | RTMR[1]
- // 8~15 | 3 | RTMR[2]
- @param[in] PCRIndex Index of the TPM PCR
- @retval UINT32 Index of the CC Event Log Measurement Register Index
- @retval CC_MR_INDEX_INVALID Invalid MR Index
-**/
-UINT32
-EFIAPI
-TdxHelperMapPcrToMrIndex (
- IN UINT32 PCRIndex
- );
-
-/**
- * Build GuidHob for Tdx CC measurement event.
- *
- * @param RtmrIndex RTMR index
- * @param EventType Event type
- * @param EventData Event data
- * @param EventSize Size of event data
- * @param HashValue Hash value
- * @param HashSize Size of hash
- *
- * @retval EFI_SUCCESS Successfully build the GuidHobs
- * @retval Others Other error as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperBuildTdxMeasurementGuidHob (
- UINT32 RtmrIndex,
- UINT32 EventType,
- UINT8 *EventData,
- UINT32 EventSize,
- UINT8 *HashValue,
- UINT32 HashSize
- );
-
-/**
- * Calculate the sha384 of input Data and extend it to RTMR register.
- *
- * @param RtmrIndex Index of the RTMR register
- * @param DataToHash Data to be hashed
- * @param DataToHashLen Length of the data
- * @param Digest Hash value of the input data
- * @param DigestLen Length of the hash value
- *
- * @retval EFI_SUCCESS Successfully hash and extend to RTMR
- * @retval Others Other errors as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperHashAndExtendToRtmr (
- IN UINT32 RtmrIndex,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen,
- OUT UINT8 *Digest,
- IN UINTN DigestLen
- );
-
#endif
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 8a50519ecf..6d3e0a5f1c 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -239,6 +239,7 @@ PrePiLib|EmbeddedPkg/Library/PrePiLib/PrePiLib.inf
PeilessStartupLib|OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
+ TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf
[LibraryClasses.common.DXE_CORE]
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
@@ -313,7 +314,7 @@ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
- TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf
+ TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/DxeTdxMeasurementLib.inf
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelper.c deleted file mode 100644 index 3437132488..0000000000 --- a/OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelper.c +++ /dev/null @@ -1,94 +0,0 @@ -/** @file
- TdxHelper Functions which are used in DXE phase
-
-Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-**/
-#include <Base.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/TdxHelperLib.h>
-
-/**
- * Build GuidHob for Tdx CC measurement event.
- */
-EFI_STATUS
-BuildTdxMeasurementGuidHob (
- UINT32 RtmrIndex,
- UINT32 EventType,
- UINT8 *EventData,
- UINT32 EventSize,
- UINT8 *HashValue,
- UINT32 HashSize
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- In Tdx guest, some information need to be passed from host VMM to guest
- firmware. For example, the memory resource, etc. These information are
- prepared by host VMM and put in TdHob which is described in TdxMetadata.
- TDVF processes the TdHob to accept memories.
-
- @retval EFI_SUCCESS Successfully process the TdHob
- @retval Others Other error as indicated
-**/
-EFI_STATUS
-EFIAPI
-TdxHelperProcessTdHob (
- VOID
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
- the information of the memory resource. From the security perspective before
- it is consumed, it should be measured and extended.
- *
- * @retval EFI_SUCCESS Successfully measure the TdHob
- * @retval Others Other error as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperMeasureTdHob (
- VOID
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- * In Tdx guest, Configuration FV (CFV) is treated as external input because it
- * may contain the data provided by VMM. From the sucurity perspective Cfv image
- * should be measured before it is consumed.
- *
- * @retval EFI_SUCCESS Successfully measure the CFV image
- * @retval Others Other error as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperMeasureCfvImage (
- VOID
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Build the GuidHob for tdx measurements which were done in SEC phase.
- The measurement values are stored in WorkArea.
-
- @retval EFI_SUCCESS The GuidHob is built successfully
- @retval Others Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-TdxHelperBuildGuidHobForTdxMeasurement (
- VOID
- )
-{
- return EFI_UNSUPPORTED;
-}
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf deleted file mode 100644 index 36be2e4761..0000000000 --- a/OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf +++ /dev/null @@ -1,41 +0,0 @@ -## @file
-# TdxHelperLib Dxe instance
-#
-# This module provides Tdx helper functions in DXE phase.
-# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
-#
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = DxeTdxHelperLib
- FILE_GUID = d9568aa2-ace6-11ef-8ef3-733e978530b2
- MODULE_TYPE = BASE
- VERSION_STRING = 1.0
- LIBRARY_CLASS = TdxHelperLib|DXE_DRIVER DXE_RUNTIME_DRIVER
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = X64
-#
-
-[Sources]
- DxeTdxHelper.c
- TdxHelperCommon.c
-
-[Packages]
- MdeModulePkg/MdeModulePkg.dec
- MdePkg/MdePkg.dec
- OvmfPkg/OvmfPkg.dec
- SecurityPkg/SecurityPkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[LibraryClasses]
- BaseLib
- DebugLib
- HobLib
- PcdLib
- BaseCryptLib
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf index e929626bc5..ce86a50426 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf +++ b/OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf @@ -25,7 +25,6 @@ [Sources]
PeiTdxHelper.c
TdxMeasurementHob.c
- TdxHelperCommon.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
@@ -33,6 +32,7 @@ OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
BaseLib
@@ -40,6 +40,7 @@ HobLib
PcdLib
BaseCryptLib
+ TdxMeasurementLib
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c index 6f8daef4cb..67fc8fe7f2 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c +++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c @@ -23,6 +23,7 @@ #include <WorkArea.h>
#include <ConfidentialComputingGuestAttr.h>
#include <Library/TdxHelperLib.h>
+#include <Library/TdxMeasurementLib.h>
#define ALIGNED_2MB_MASK 0x1fffff
#define MEGABYTE_SHIFT 20
@@ -836,7 +837,7 @@ TdxHelperMeasureTdHob ( Hob.Raw = GET_NEXT_HOB (Hob);
}
- Status = TdxHelperHashAndExtendToRtmr (
+ Status = TdxMeasurementHashAndExtendToRtmr (
0,
(UINT8 *)TdHob,
(UINTN)((UINT8 *)Hob.Raw - (UINT8 *)TdHob),
@@ -881,7 +882,7 @@ TdxHelperMeasureCfvImage ( UINT8 Digest[SHA384_DIGEST_SIZE];
OVMF_WORK_AREA *WorkArea;
- Status = TdxHelperHashAndExtendToRtmr (
+ Status = TdxMeasurementHashAndExtendToRtmr (
0,
(UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase),
(UINT64)PcdGet32 (PcdCfvRawDataSize),
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf index b536eb4ec9..5fbcaabfa0 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf +++ b/OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf @@ -25,7 +25,6 @@ [Sources]
SecTdxHelper.c
TdxMeasurementHob.c
- TdxHelperCommon.c
[Packages]
CryptoPkg/CryptoPkg.dec
@@ -33,6 +32,7 @@ MdePkg/MdePkg.dec
OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
BaseLib
@@ -42,6 +42,7 @@ PcdLib
TdxMailboxLib
TdxLib
+ TdxMeasurementLib
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperCommon.c b/OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperCommon.c deleted file mode 100644 index e52ba7bcae..0000000000 --- a/OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperCommon.c +++ /dev/null @@ -1,156 +0,0 @@ -/** @file
- TdxHelper Common Functions
-
-Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-**/
-
-#include <PiPei.h>
-#include <Ppi/CcMeasurement.h>
-#include <Library/DebugLib.h>
-#include <Library/PeiServicesLib.h>
-#include <Library/TdxLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/BaseCryptLib.h>
-#include <Library/HobLib.h>
-#include <Library/TdxHelperLib.h>
-
-/**
- According to UEFI Spec 2.10 Section 38.4.1:
- The following table shows the TPM PCR index mapping and CC event log measurement
- register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
- Register and RTMR means Runtime Measurement Register
- // TPM PCR Index | CC Measurement Register Index | TDX-measurement register
- // ------------------------------------------------------------------------
- // 0 | 0 | MRTD
- // 1, 7 | 1 | RTMR[0]
- // 2~6 | 2 | RTMR[1]
- // 8~15 | 3 | RTMR[2]
- @param[in] PCRIndex Index of the TPM PCR
- @retval UINT32 Index of the CC Event Log Measurement Register Index
- @retval CC_MR_INDEX_INVALID Invalid MR Index
-**/
-UINT32
-EFIAPI
-TdxHelperMapPcrToMrIndex (
- IN UINT32 PCRIndex
- )
-{
- UINT32 MrIndex;
-
- if (PCRIndex > 15) {
- ASSERT (FALSE);
- return CC_MR_INDEX_INVALID;
- }
-
- MrIndex = 0;
- if (PCRIndex == 0) {
- MrIndex = CC_MR_INDEX_0_MRTD;
- } else if ((PCRIndex == 1) || (PCRIndex == 7)) {
- MrIndex = CC_MR_INDEX_1_RTMR0;
- } else if ((PCRIndex >= 2) && (PCRIndex <= 6)) {
- MrIndex = CC_MR_INDEX_2_RTMR1;
- } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {
- MrIndex = CC_MR_INDEX_3_RTMR2;
- }
-
- return MrIndex;
-}
-
-/**
- * Calculate the sha384 of input Data and extend it to RTMR register.
- *
- * @param RtmrIndex Index of the RTMR register
- * @param DataToHash Data to be hashed
- * @param DataToHashLen Length of the data
- * @param Digest Hash value of the input data
- * @param DigestLen Length of the hash value
- *
- * @retval EFI_SUCCESS Successfully hash and extend to RTMR
- * @retval Others Other errors as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperHashAndExtendToRtmr (
- IN UINT32 RtmrIndex,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen,
- OUT UINT8 *Digest,
- IN UINTN DigestLen
- )
-{
- EFI_STATUS Status;
-
- if ((DataToHash == NULL) || (DataToHashLen == 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if ((Digest == NULL) || (DigestLen != SHA384_DIGEST_SIZE)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Calculate the sha384 of the data
- //
- if (!Sha384HashAll (DataToHash, DataToHashLen, Digest)) {
- return EFI_ABORTED;
- }
-
- //
- // Extend to RTMR
- //
- Status = TdExtendRtmr (
- (UINT32 *)Digest,
- SHA384_DIGEST_SIZE,
- (UINT8)RtmrIndex
- );
- ASSERT (!EFI_ERROR (Status));
- return Status;
-}
-
-/**
- * Build GuidHob for Tdx CC measurement event.
- */
-EFI_STATUS
-BuildTdxMeasurementGuidHob (
- UINT32 RtmrIndex,
- UINT32 EventType,
- UINT8 *EventData,
- UINT32 EventSize,
- UINT8 *HashValue,
- UINT32 HashSize
- );
-
-/**
- * Build GuidHob for Tdx CC measurement event.
- *
- * @param RtmrIndex RTMR index
- * @param EventType Event type
- * @param EventData Event data
- * @param EventSize Size of event data
- * @param HashValue Hash value
- * @param HashSize Size of hash
- *
- * @retval EFI_SUCCESS Successfully build the GuidHobs
- * @retval Others Other error as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperBuildTdxMeasurementGuidHob (
- UINT32 RtmrIndex,
- UINT32 EventType,
- UINT8 *EventData,
- UINT32 EventSize,
- UINT8 *HashValue,
- UINT32 HashSize
- )
-{
- return BuildTdxMeasurementGuidHob (
- RtmrIndex,
- EventType,
- EventData,
- EventSize,
- HashValue,
- HashSize
- );
-}
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c b/OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c index ecadca0783..7c3aa2d145 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c +++ b/OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperNull.c @@ -78,79 +78,3 @@ TdxHelperBuildGuidHobForTdxMeasurement ( {
return EFI_UNSUPPORTED;
}
-
-/**
- According to UEFI Spec 2.10 Section 38.4.1:
- The following table shows the TPM PCR index mapping and CC event log measurement
- register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement
- Register and RTMR means Runtime Measurement Register
- // TPM PCR Index | CC Measurement Register Index | TDX-measurement register
- // ------------------------------------------------------------------------
- // 0 | 0 | MRTD
- // 1, 7 | 1 | RTMR[0]
- // 2~6 | 2 | RTMR[1]
- // 8~15 | 3 | RTMR[2]
- @param[in] PCRIndex Index of the TPM PCR
- @retval UINT32 Index of the CC Event Log Measurement Register Index
- @retval CC_MR_INDEX_INVALID Invalid MR Index
-**/
-UINT32
-EFIAPI
-TdxHelperMapPcrToMrIndex (
- IN UINT32 PCRIndex
- )
-{
- return CC_MR_INDEX_INVALID;
-}
-
-/**
- * Calculate the sha384 of input Data and extend it to RTMR register.
- *
- * @param RtmrIndex Index of the RTMR register
- * @param DataToHash Data to be hashed
- * @param DataToHashLen Length of the data
- * @param Digest Hash value of the input data
- * @param DigestLen Length of the hash value
- *
- * @retval EFI_SUCCESS Successfully hash and extend to RTMR
- * @retval Others Other errors as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperHashAndExtendToRtmr (
- IN UINT32 RtmrIndex,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen,
- OUT UINT8 *Digest,
- IN UINTN DigestLen
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- * Build GuidHob for Tdx CC measurement event.
- *
- * @param RtmrIndex RTMR index
- * @param EventType Event type
- * @param EventData Event data
- * @param EventSize Size of event data
- * @param HashValue Hash value
- * @param HashSize Size of hash
- *
- * @retval EFI_SUCCESS Successfully build the GuidHobs
- * @retval Others Other error as indicated
- */
-EFI_STATUS
-EFIAPI
-TdxHelperBuildTdxMeasurementGuidHob (
- UINT32 RtmrIndex,
- UINT32 EventType,
- UINT8 *EventData,
- UINT32 EventSize,
- UINT8 *HashValue,
- UINT32 HashSize
- )
-{
- return EFI_UNSUPPORTED;
-}
diff --git a/OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c b/OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c index 42c51a191f..9a2220be71 100644 --- a/OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c +++ b/OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c @@ -17,6 +17,7 @@ #include <Library/PrintLib.h>
#include <Library/TcgEventLogRecordLib.h>
#include <WorkArea.h>
+#include <Library/TdxMeasurementLib.h>
#pragma pack(1)
@@ -34,88 +35,6 @@ typedef struct { typedef PLATFORM_FIRMWARE_BLOB2_STRUCT CFV_HANDOFF_TABLE_POINTERS2;
/**
- * Build GuidHob for Tdx measurement.
- *
- * Tdx measurement includes the measurement of TdHob and CFV. They're measured
- * and extended to RTMR registers in SEC phase. Because at that moment the Hob
- * service are not available. So the values of the measurement are saved in
- * workarea and will be built into GuidHob after the Hob service is ready.
- *
- * @param RtmrIndex RTMR index
- * @param EventType Event type
- * @param EventData Event data
- * @param EventSize Size of event data
- * @param HashValue Hash value
- * @param HashSize Size of hash
- *
- * @retval EFI_SUCCESS Successfully build the GuidHobs
- * @retval Others Other error as indicated
- */
-EFI_STATUS
-BuildTdxMeasurementGuidHob (
- UINT32 RtmrIndex,
- UINT32 EventType,
- UINT8 *EventData,
- UINT32 EventSize,
- UINT8 *HashValue,
- UINT32 HashSize
- )
-{
- VOID *EventHobData;
- UINT8 *Ptr;
- TPML_DIGEST_VALUES *TdxDigest;
-
- if (HashSize != SHA384_DIGEST_SIZE) {
- return EFI_INVALID_PARAMETER;
- }
-
- #define TDX_DIGEST_VALUE_LEN (sizeof (UINT32) + sizeof (TPMI_ALG_HASH) + SHA384_DIGEST_SIZE)
-
- EventHobData = BuildGuidHob (
- &gCcEventEntryHobGuid,
- sizeof (TCG_PCRINDEX) + sizeof (TCG_EVENTTYPE) +
- TDX_DIGEST_VALUE_LEN +
- sizeof (UINT32) + EventSize
- );
-
- if (EventHobData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- Ptr = (UINT8 *)EventHobData;
-
- //
- // There are 2 types of measurement registers in TDX: MRTD and RTMR[0-3].
- // According to UEFI Spec 2.10 Section 38.4.1, RTMR[0-3] is mapped to MrIndex[1-4].
- // So RtmrIndex must be increased by 1 before the event log is created.
- //
- RtmrIndex++;
- CopyMem (Ptr, &RtmrIndex, sizeof (UINT32));
- Ptr += sizeof (UINT32);
-
- CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE));
- Ptr += sizeof (TCG_EVENTTYPE);
-
- TdxDigest = (TPML_DIGEST_VALUES *)Ptr;
- TdxDigest->count = 1;
- TdxDigest->digests[0].hashAlg = TPM_ALG_SHA384;
- CopyMem (
- TdxDigest->digests[0].digest.sha384,
- HashValue,
- SHA384_DIGEST_SIZE
- );
- Ptr += TDX_DIGEST_VALUE_LEN;
-
- CopyMem (Ptr, &EventSize, sizeof (UINT32));
- Ptr += sizeof (UINT32);
-
- CopyMem (Ptr, (VOID *)EventData, EventSize);
- Ptr += EventSize;
-
- return EFI_SUCCESS;
-}
-
-/**
Get the FvName from the FV header.
Causion: The FV is untrusted input.
@@ -207,7 +126,7 @@ InternalBuildGuidHobForTdxMeasurement ( CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
HandoffTables.TableEntry[0].VendorTable = TdHobList;
- Status = BuildTdxMeasurementGuidHob (
+ Status = TdxMeasurementBuildGuidHob (
0, // RtmrIndex
EV_EFI_HANDOFF_TABLES2, // EventType
(UINT8 *)(UINTN)&HandoffTables, // EventData
@@ -239,7 +158,7 @@ InternalBuildGuidHobForTdxMeasurement ( FvBlob2.BlobBase = FvBase;
FvBlob2.BlobLength = FvLength;
- Status = BuildTdxMeasurementGuidHob (
+ Status = TdxMeasurementBuildGuidHob (
0, // RtmrIndex
EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
(VOID *)&FvBlob2, // EventData
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8678e62c22..437fbd5776 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -297,6 +297,7 @@ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
+ TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf
[LibraryClasses.common.PEI_CORE]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@@ -345,6 +346,7 @@ MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf
TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
[LibraryClasses.common.DXE_CORE]
@@ -433,7 +435,7 @@ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
- TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/DxeTdxHelperLib.inf
+ TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/DxeTdxMeasurementLib.inf
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
diff --git a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c index ab23caa4be..5287cda4d0 100644 --- a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c +++ b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c @@ -44,7 +44,7 @@ #include <Protocol/CcMeasurement.h>
#include <Guid/CcEventHob.h>
#include <Library/TdxLib.h>
-#include <Library/TdxHelperLib.h>
+#include <Library/TdxMeasurementLib.h>
#define PERF_ID_CC_TCG2_DXE 0x3130
@@ -940,7 +940,7 @@ TdMapPcrToMrIndex ( return EFI_INVALID_PARAMETER;
}
- *MrIndex = TdxHelperMapPcrToMrIndex (PCRIndex);
+ *MrIndex = TdxMeasurementMapPcrToMrIndex (PCRIndex);
return *MrIndex == CC_MR_INDEX_INVALID ? EFI_INVALID_PARAMETER : EFI_SUCCESS;
}
@@ -1607,7 +1607,7 @@ MeasureHandoffTables ( Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum);
if (!EFI_ERROR (Status)) {
- CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (1);
+ CcEvent.MrIndex = TdxMeasurementMapPcrToMrIndex (1);
CcEvent.EventType = EV_TABLE_OF_DEVICES;
CcEvent.EventSize = sizeof (HandoffTables);
@@ -1829,7 +1829,7 @@ ReadAndMeasureBootVariable ( )
{
return ReadAndMeasureVariable (
- TdxHelperMapPcrToMrIndex (1),
+ TdxMeasurementMapPcrToMrIndex (1),
EV_EFI_VARIABLE_BOOT,
VarName,
VendorGuid,
@@ -1860,7 +1860,7 @@ ReadAndMeasureSecureVariable ( )
{
return ReadAndMeasureVariable (
- TdxHelperMapPcrToMrIndex (7),
+ TdxMeasurementMapPcrToMrIndex (7),
EV_EFI_VARIABLE_DRIVER_CONFIG,
VarName,
VendorGuid,
@@ -1968,7 +1968,7 @@ MeasureAllSecureVariables ( Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize);
if (!EFI_ERROR (Status)) {
Status = MeasureVariable (
- TdxHelperMapPcrToMrIndex (7),
+ TdxMeasurementMapPcrToMrIndex (7),
EV_EFI_VARIABLE_DRIVER_CONFIG,
EFI_IMAGE_SECURITY_DATABASE2,
&gEfiImageSecurityDatabaseGuid,
@@ -1998,7 +1998,7 @@ MeasureLaunchOfFirmwareDebugger ( {
CC_EVENT_HDR CcEvent;
- CcEvent.MrIndex = TdxHelperMapPcrToMrIndex (7);
+ CcEvent.MrIndex = TdxMeasurementMapPcrToMrIndex (7);
CcEvent.EventType = EV_EFI_ACTION;
CcEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
return TdxDxeHashLogExtendEvent (
@@ -2057,7 +2057,7 @@ MeasureSecureBootPolicy ( // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So
// the Authority measurement happen before ReadToBoot event.
//
- Status = MeasureSeparatorEvent (TdxHelperMapPcrToMrIndex (7));
+ Status = MeasureSeparatorEvent (TdxMeasurementMapPcrToMrIndex (7));
DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent - %r\n", Status));
return;
}
@@ -2102,7 +2102,7 @@ OnReadyToBoot ( // 1. This is the first boot attempt.
//
Status = TdMeasureAction (
- TdxHelperMapPcrToMrIndex (4),
+ TdxMeasurementMapPcrToMrIndex (4),
EFI_CALLING_EFI_APPLICATION
);
if (EFI_ERROR (Status)) {
@@ -2140,7 +2140,7 @@ OnReadyToBoot ( // 6. Not first attempt, meaning a return from last attempt
//
Status = TdMeasureAction (
- TdxHelperMapPcrToMrIndex (4),
+ TdxMeasurementMapPcrToMrIndex (4),
EFI_RETURNING_FROM_EFI_APPLICATION
);
if (EFI_ERROR (Status)) {
@@ -2152,7 +2152,7 @@ OnReadyToBoot ( // TCG PC Client PFP spec Section 2.4.4.5 Step 4
//
Status = TdMeasureAction (
- TdxHelperMapPcrToMrIndex (4),
+ TdxMeasurementMapPcrToMrIndex (4),
EFI_CALLING_EFI_APPLICATION
);
if (EFI_ERROR (Status)) {
@@ -2190,7 +2190,7 @@ OnExitBootServices ( // Measure invocation of ExitBootServices,
//
Status = TdMeasureAction (
- TdxHelperMapPcrToMrIndex (5),
+ TdxMeasurementMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_INVOCATION
);
if (EFI_ERROR (Status)) {
@@ -2201,7 +2201,7 @@ OnExitBootServices ( // Measure success of ExitBootServices
//
Status = TdMeasureAction (
- TdxHelperMapPcrToMrIndex (5),
+ TdxMeasurementMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_SUCCEEDED
);
if (EFI_ERROR (Status)) {
@@ -2231,7 +2231,7 @@ OnExitBootServicesFailed ( // Measure Failure of ExitBootServices,
//
Status = TdMeasureAction (
- TdxHelperMapPcrToMrIndex (5),
+ TdxMeasurementMapPcrToMrIndex (5),
EFI_EXIT_BOOT_SERVICES_FAILED
);
if (EFI_ERROR (Status)) {
diff --git a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf index 5daaefda95..0c2d116cc7 100644 --- a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf +++ b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf @@ -31,7 +31,7 @@ MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
- OvmfPkg/OvmfPkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
MemoryAllocationLib
@@ -50,7 +50,7 @@ PeCoffLib
TpmMeasurementLib
TdxLib
- TdxHelperLib
+ TdxMeasurementLib
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
diff --git a/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c b/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c index 1c1168c9fa..8f26528440 100644 --- a/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c +++ b/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c @@ -14,7 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <Library/BaseMemoryLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/HobLib.h>
-#include <Library/TdxHelperLib.h>
+#include <Library/TdxMeasurementLib.h>
/**
Do a hash operation on a data buffer, extend a specific RTMR with the hash result,
@@ -47,7 +47,7 @@ TdxPeiHashLogExtendEvent ( EFI_STATUS Status;
UINT8 Digest[SHA384_DIGEST_SIZE];
- Status = TdxHelperHashAndExtendToRtmr (
+ Status = TdxMeasurementHashAndExtendToRtmr (
MrIndex - 1,
HashData,
(UINTN)HashDataLen,
@@ -56,11 +56,11 @@ TdxPeiHashLogExtendEvent ( );
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "%a: HashAndExtendToRtmr failed with %r\n", __func__, Status));
+ DEBUG ((DEBUG_ERROR, "%a: TdxMeasurementHashAndExtendToRtmr failed with %r\n", __func__, Status));
return Status;
}
- Status = TdxHelperBuildTdxMeasurementGuidHob (
+ Status = TdxMeasurementBuildGuidHob (
MrIndex - 1,
EventType,
EventData,
@@ -70,7 +70,7 @@ TdxPeiHashLogExtendEvent ( );
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "%a: BuildTdxMeasurementGuidHob failed with %r\n", __func__, Status));
+ DEBUG ((DEBUG_ERROR, "%a: TdxMeasurementBuildGuidHob failed with %r\n", __func__, Status));
}
return Status;
@@ -150,7 +150,7 @@ TdMapPcrToMrIndex ( OUT UINT32 *MrIndex
)
{
- *MrIndex = TdxHelperMapPcrToMrIndex (PCRIndex);
+ *MrIndex = TdxMeasurementMapPcrToMrIndex (PCRIndex);
return EFI_SUCCESS;
}
diff --git a/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf b/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf index f7e3723b2f..9d16692db4 100644 --- a/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf +++ b/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf @@ -27,6 +27,7 @@ MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
OvmfPkg/OvmfPkg.dec
[LibraryClasses]
@@ -38,7 +39,7 @@ PrintLib
TdxLib
BaseCryptLib
- TdxHelperLib
+ TdxMeasurementLib
[Ppis]
gEdkiiCcPpiGuid
|