From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by mx.groups.io with SMTP id smtpd.web11.73.1635473174983599525 for ; Thu, 28 Oct 2021 19:06:15 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.242, mailfrom: gaoliming@byosoft.com.cn) Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Fri, 29 Oct 2021 10:06:06 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming" To: , Cc: "'Michael D Kinney'" , "'Zhiguang Liu'" , "'Jiewen Yao'" , "'Jian J Wang'" , "'Ken Lu'" , "'Sami Mujawar'" References: In-Reply-To: Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIFYzIDEvM10gTWRlUGtnOiBJbnRyb2R1Y2UgVGVlTWVhc3VyZW1lbnRQcm90b2NvbCBmb3IgVEVFIEd1ZXN0IGZpcm13YXJl?= Date: Fri, 29 Oct 2021 10:06:10 +0800 Message-ID: <00af01d7cc69$8b16d240$a14476c0$@byosoft.com.cn> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGhUUL2eRyTmr4qZMxtcTN+xX80RQGsQpCUrEjNvvA= Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn Min: I add my comments below.=20 > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: devel@edk2.groups.io =B4=FA=B1= =ED Min Xu > =B7=A2=CB=CD=CA=B1=BC=E4: 2021=C4=EA10=D4=C228=C8=D5 12:59 > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > =B3=AD=CB=CD: Min Xu ; Michael D Kinney > ; Liming Gao ; > Zhiguang Liu ; Jiewen Yao ; > Jian J Wang ; Ken Lu ; Sami > Mujawar > =D6=F7=CC=E2: [edk2-devel] [PATCH V3 1/3] MdePkg: Introduce > TeeMeasurementProtocol for TEE Guest firmware >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3625 >=20 > If TEE Guest firmware supports measurement and an event is created, > TEE Guest firmware is designed to report the event log with the same data > structure in TCG-Platform-Firmware-Profile specification with > EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. >=20 > The TEE Guest firmware supports measurement. It is > designed to produce EFI_TEE_MEASUREMENT_PROTOCOL with new GUID > EFI_TEE_MEASUREMENT_PROTOCOL_GUID to report event log and provides > hash capability. >=20 > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Ken Lu > Cc: Sami Mujawar > Signed-off-by: Min Xu > --- > MdePkg/Include/Protocol/TdProtocol.h | 36 +++ > MdePkg/Include/Protocol/TeeMeasurement.h | 296 > +++++++++++++++++++++++ > MdePkg/MdePkg.dec | 3 + > 3 files changed, 335 insertions(+) > create mode 100644 MdePkg/Include/Protocol/TdProtocol.h > create mode 100644 MdePkg/Include/Protocol/TeeMeasurement.h >=20 > diff --git a/MdePkg/Include/Protocol/TdProtocol.h > b/MdePkg/Include/Protocol/TdProtocol.h > new file mode 100644 > index 000000000000..8d938b00f3c0 > --- /dev/null > +++ b/MdePkg/Include/Protocol/TdProtocol.h > @@ -0,0 +1,36 @@ > +/** @file > + TDX specific definitions for EFI_TEE_MEASUREMENT_PROTOCOL > + > +Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef TD_PROTOCOL_H_ > +#define TD_PROTOCOL_H_ > + > +#define TDX_MR_INDEX_MRTD 0 > +#define TDX_MR_INDEX_RTMR0 1 > +#define TDX_MR_INDEX_RTMR1 2 > +#define TDX_MR_INDEX_RTMR2 3 > +#define TDX_MR_INDEX_RTMR3 4 > + > +/** > + In current version, we use below mapping: > + PCR0 -> MRTD (Index 0) > + PCR1 -> RTMR0 (Index 1) > + PCR2~6 -> RTMR1 (Index 2) > + PCR7 -> RTMR0 (Index 1) > + PCR8~15 -> RTMR2 (Index 3) > + > +typedef > +EFI_STATUS > +(EFIAPI * EFI_TEE_MAP_PCR_TO_MR_INDEX) ( > + IN EFI_TEE_MEASUREMENT_PROTOCOL *This, > + IN TCG_PCRINDEX PcrIndex, > + OUT EFI_TEE_MR_INDEX *MrIndex > + ); > + > +**/ > + > +#endif Why adds MdePkg/Include/Protocol/TdProtocol.h? Can combine it into MdePkg/Include/Protocol/TeeMeasurement.h? > diff --git a/MdePkg/Include/Protocol/TeeMeasurement.h > b/MdePkg/Include/Protocol/TeeMeasurement.h > new file mode 100644 > index 000000000000..3f3c71e3dba0 > --- /dev/null > +++ b/MdePkg/Include/Protocol/TeeMeasurement.h > @@ -0,0 +1,296 @@ > +/** @file > + If TEE Guest firmware supports measurement and an event is created, > + TEE Guest firmware is designed to report the event log with the same > + data structure in TCG-Platform-Firmware-Profile specification with > + EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. > + > + The TEE Guest firmware supports measurement, the TEE Guest Firmware > is > + designed to produce EFI_TEE_MEASUREMENT_PROTOCOL with new > GUID > + EFI_TEE_MEASUREMENT_PROTOCOL_GUID to report event log and > provides hash > + capability. > + > +Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef TEE_MEASUREMENT_PROTOCOL_H_ > +#define TEE_MEASUREMENT_PROTOCOL_H_ > + > +#include Uefi/UefiBaseType.h is not required to be included. Module header file has includes it.=20 > +#include > + > +#define EFI_TEE_MEASUREMENT_PROTOCOL_GUID \ > + { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, > 0x6b }} > +extern EFI_GUID gEfiTeeMeasurementProtocolGuid; > + > +typedef struct _EFI_TEE_MEASUREMENT_PROTOCOL > EFI_TEE_MEASUREMENT_PROTOCOL; > + > +typedef struct { > + UINT8 Major; > + UINT8 Minor; > +} EFI_TEE_VERSION; > + > +// > +// EFI_TEE Type/SubType definition > +// > +#define EFI_TEE_TYPE_NONE 0 > +#define EFI_TEE_TYPE_SEV 1 > +#define EFI_TEE_TYPE_TDX 2 > + > +typedef struct { > + UINT8 Type; > + UINT8 SubType; > +} EFI_TEE_TYPE; > + > +typedef UINT32 EFI_TEE_EVENT_LOG_BITMAP; > +typedef UINT32 EFI_TEE_EVENT_LOG_FORMAT; > +typedef UINT32 > EFI_TEE_EVENT_ALGORITHM_BITMAP; > +typedef UINT32 EFI_TEE_MR_INDEX; > + > +#define EFI_TEE_EVENT_LOG_FORMAT_TCG_2 0x00000002 > +#define EFI_TEE_BOOT_HASH_ALG_SHA384 0x00000004 > + > +// > +// This bit is shall be set when an event shall be extended but not logged. > +// > +#define EFI_TEE_FLAG_EXTEND_ONLY 0x0000000000000001 > +// > +// This bit shall be set when the intent is to measure a PE/COFF image. > +// > +#define EFI_TEE_FLAG_PE_COFF_IMAGE 0x0000000000000010 > + > +#pragma pack (1) > + > +#define EFI_TEE_EVENT_HEADER_VERSION 1 > + > +typedef struct { > + // > + // Size of the event header itself (sizeof(EFI_TEE_EVENT_HEADER)). > + // > + UINT32 HeaderSize; > + // > + // Header version. For this version of this specification, the value shall be > 1. > + // > + UINT16 HeaderVersion; > + // > + // Index of the MR (measurement register) that shall be extended. > + // > + EFI_TEE_MR_INDEX MrIndex; > + // > + // Type of the event that shall be extended (and optionally logged). > + // > + UINT32 EventType; > +} EFI_TEE_EVENT_HEADER; > + > +typedef struct { > + // > + // Total size of the event including the Size component, the header an= d the > Event data. > + // > + UINT32 Size; > + EFI_TEE_EVENT_HEADER Header; > + UINT8 Event[1]; > +} EFI_TEE_EVENT; > + > +#pragma pack() > + > + > +typedef struct { > + // > + // Allocated size of the structure > + // > + UINT8 Size; > + // > + // Version of the EFI_TEE_BOOT_SERVICE_CAPABILITY structure itself. > + // For this version of the protocol, the Major version shall be set to 1 > + // and the Minor version shall be set to 0. > + // > + EFI_TEE_VERSION StructureVersion; > + // > + // Version of the EFI TEE Measurement protocol. > + // For this version of the protocol, the Major version shall be set to 1 > + // and the Minor version shall be set to 0. > + // > + EFI_TEE_VERSION ProtocolVersion; > + // > + // Supported hash algorithms > + // > + EFI_TEE_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; > + // > + // Bitmap of supported event log formats > + // > + EFI_TEE_EVENT_LOG_BITMAP SupportedEventLogs; > + > + // > + // Indicates the TEE type > + // > + EFI_TEE_TYPE TeeType; > +} EFI_TEE_BOOT_SERVICE_CAPABILITY; > + > +/** > + The EFI_TEE_MEASUREMENT_PROTOCOL GetCapability function call > provides protocol > + capability information and state information. > + > + @param[in] This Indicates the calling context > + @param[in, out] ProtocolCapability The caller allocates memory for a > EFI_TEE_BOOT_SERVICE_CAPABILITY > + structure and sets the size > field to the size of the structure allocated. > + The callee fills in the fields > with the EFI TEE BOOT Service capability > + information and the current > TEE information. > + > + @retval EFI_SUCCESS Operation completed successfully. > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > + The ProtocolCapability variable will > not be populated. > + @retval EFI_INVALID_PARAMETER One or more of the parameters are > incorrect. > + The ProtocolCapability variable will > not be populated. > + @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is > too small to hold the full response. > + It will be partially populated > (required Size field will be set). > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TEE_GET_CAPABILITY) ( > + IN EFI_TEE_MEASUREMENT_PROTOCOL *This, > + IN OUT EFI_TEE_BOOT_SERVICE_CAPABILITY *ProtocolCapability > + ); > + > +/** > + The EFI_TEE_MEASUREMENT_PROTOCOL Get Event Log function call > allows a caller to > + retrieve the address of a given event log and its last entry. > + > + @param[in] This Indicates the calling context > + @param[in] EventLogFormat The type of the event log for which > the information is requested. > + @param[out] EventLogLocation A pointer to the memory address of > the event log. > + @param[out] EventLogLastEntry If the Event Log contains more than > one entry, this is a pointer to the > + address of the start of the last > entry in the event log in memory. > + @param[out] EventLogTruncated If the Event Log is missing at least on= e > entry because an event would > + have exceeded the area allocated > for events, this value is set to TRUE. > + Otherwise, the value will be FALSE > and the Event Log will be complete. > + > + @retval EFI_SUCCESS Operation completed successfully. > + @retval EFI_INVALID_PARAMETER One or more of the parameters are > incorrect > + (e.g. asking for an event log whose > format is not supported). > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TEE_GET_EVENT_LOG) ( > + IN EFI_TEE_MEASUREMENT_PROTOCOL *This, > + IN EFI_TEE_EVENT_LOG_FORMAT EventLogFormat, > + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, > + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, > + OUT BOOLEAN *EventLogTruncated > + ); > + > +/** > + The EFI_TEE_MEASUREMENT_PROTOCOL HashLogExtendEvent function > call provides > + callers with an opportunity to extend and optionally log events withou= t > requiring > + knowledge of actual TEE commands. > + The extend operation will occur even if this function cannot create an > event > + log entry (e.g. due to the event log being full). > + > + @param[in] This Indicates the calling context > + @param[in] Flags Bitmap providing additional > information. > + @param[in] DataToHash Physical address of the start of the > data buffer to be hashed. > + @param[in] DataToHashLen The length in bytes of the buffer > referenced by DataToHash. > + @param[in] EfiTeeEvent Pointer to data buffer containing > information about the event. > + > + @retval EFI_SUCCESS Operation completed successfully. > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > + @retval EFI_VOLUME_FULL The extend operation occurred, but > the event could not be written to one or more event logs. > + @retval EFI_INVALID_PARAMETER One or more of the parameters are > incorrect. > + @retval EFI_UNSUPPORTED The PE/COFF image type is not > supported. > +**/ > +typedef > +EFI_STATUS > +(EFIAPI * EFI_TEE_HASH_LOG_EXTEND_EVENT) ( > + IN EFI_TEE_MEASUREMENT_PROTOCOL *This, > + IN UINT64 Flags, > + IN EFI_PHYSICAL_ADDRESS DataToHash, > + IN UINT64 DataToHashLen, > + IN EFI_TEE_EVENT *EfiTeeEvent > + ); > + > +/** > + The EFI_TEE_MEASUREMENT_PROTOCOL MapPcrToMrIndex function call > provides callers > + the info on TPM PCR <-> TEE MR mapping information. > + > + @param[in] This Indicates the calling context > + @param[in] PcrIndex TPM PCR index. > + @param[out] MrIndex TEE MR index. > + > + @retval EFI_SUCCESS The MrIndex is returned. > + @retval EFI_INVALID_PARAMETER The MrIndex is NULL. > + @retval EFI_UNSUPPORTED The PcrIndex is invalid. > +**/ > +typedef > +EFI_STATUS > +(EFIAPI * EFI_TEE_MAP_PCR_TO_MR_INDEX) ( > + IN EFI_TEE_MEASUREMENT_PROTOCOL *This, > + IN TCG_PCRINDEX PcrIndex, > + OUT EFI_TEE_MR_INDEX *MrIndex > + ); > + > +struct _EFI_TEE_MEASUREMENT_PROTOCOL { > + EFI_TEE_GET_CAPABILITY GetCapability; > + EFI_TEE_GET_EVENT_LOG GetEventLog; > + EFI_TEE_HASH_LOG_EXTEND_EVENT > HashLogExtendEvent; > + EFI_TEE_MAP_PCR_TO_MR_INDEX > MapPcrToMrIndex; > +}; > + > +// > +// TEE event log > +// > + > +#pragma pack(1) > + > +// > +// Crypto Agile Log Entry Format. > +// It is similar with TCG_PCR_EVENT2 except the field of MrIndex and > PCRIndex. > +// > +typedef struct { > + EFI_TEE_MR_INDEX MrIndex; > + UINT32 EventType; > + TPML_DIGEST_VALUES Digests; > + UINT32 EventSize; > + UINT8 Event[1]; > +} TEE_EVENT; > + > +// > +// EFI TEE Event Header > +// It is similar with TCG_PCR_EVENT2_HDR except the field of MrIndex and > PCRIndex > +// > +typedef struct { > + EFI_TEE_MR_INDEX MrIndex; > + UINT32 EventType; > + TPML_DIGEST_VALUES Digests; > + UINT32 EventSize; > +} TEE_EVENT_HDR; > + > +#pragma pack() > + > +// > +// Log entries after Get Event Log service > +// > + > +#define EFI_TEE_FINAL_EVENTS_TABLE_VERSION 1 > + > +typedef struct { > + // > + // The version of this structure. It shall be set to 1. > + // > + UINT64 Version; > + // > + // Number of events recorded after invocation of GetEventLog API > + // > + UINT64 NumberOfEvents; > + // > + // List of events of type TEE_EVENT. > + // > + //TEE_EVENT Event[1]; > +} EFI_TEE_FINAL_EVENTS_TABLE; > + > + > +#define EFI_TEE_FINAL_EVENTS_TABLE_GUID \ > + {0xdd4a4648, 0x2de7, 0x4665, {0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4= , > 0x46}} > + > +extern EFI_GUID gEfiTeeFinalEventsTableGuid; > + > +#endif > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec > index 8b18415b107a..cfb3fa3adc83 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -1011,6 +1011,9 @@ > ## Include/Protocol/PcdInfo.h > gGetPcdInfoProtocolGuid =3D { 0x5be40f57, 0xfa68, 0x4610, { 0xb= b, > 0xbf, 0xe9, 0xc5, 0xfc, 0xda, 0xd3, 0x65 } } >=20 > + ## Include/Protocol/TeeMeasurement.h > + gEfiTeeMeasurementProtocolGuid =3D { 0x96751a3d, 0x72f4, 0x41a6, { 0xa= 7, > 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }} > + gEfiTeeFinalEventsTableGuid is not declared in MdePkg.dec. Then, how does the module consume it? Thanks Liming > # > # Protocols defined in PI1.0. > # > -- > 2.29.2.windows.2 >=20 >=20 >=20 >=20 >=20