From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by mx.groups.io with SMTP id smtpd.web10.195225.1673960266972007793
 for <devel@edk2.groups.io>;
 Tue, 17 Jan 2023 04:57:47 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=IlIVudeU;
 spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673960266; x=1705496266;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=PcNgHNcB0Vz5sAF0o2AX+IXmGU84LQ5ZhZ/KZHeM0lo=;
  b=IlIVudeU0eBx2TzQTmOTW/lZtha2Zuh3x5UW7WLPopaUhae8kQ6f/Wcm
   mljpcXYofTwLYWPdPFr7geJw0koCjaqAMrgHyrclFoq8ppkM5j899LkFv
   V93p9bElOOCU6MYQwaJ1vKCzaX+N7bJlXibFrRsp/tJ2fBYlLM5ikwzrC
   KtDpJcoQ7xevPpLMs0o1SO3lPSimKHbYK1O9nLQZ5ZyUB2SuLNSvujV2c
   r2eVr9hDOufivvSdLH6qAx0RgQMHEVibhPoBKdK4tcRWDyRvOkMsAnzdp
   34fGb9zuQK/I+GykQepH2YNFq/vbnR9TZ0JdxzfvLdFAoZq//9JA6KUa1
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="389186910"
X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; 
   d="scan'208";a="389186910"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 04:57:46 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="988112266"
X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; 
   d="scan'208";a="988112266"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.254.211.139])
  by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 04:57:43 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [PATCH V2 1/1] OvmfPkg/AcpiPlatformDxe: Measure ACPI table from QEMU in TDVF
Date: Tue, 17 Jan 2023 20:57:32 +0800
Message-Id: <20230117125732.666-1-min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Min M Xu <min.m.xu@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=4245

The ACPI tables are downloaded from QEMU. From the security perspective
they should be measured and extended before installation. So that they
can be audited later.

The measurement leverages the TpmMeasurementLib which is available when
TPM or Confidential Computing measurement protocol is installed. But in
some cases none of the measurement protocol is installed. In this case
the measurement will be skipped.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  1 +
 OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c     | 26 +++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
index 8939dde42549..3fd0483b50eb 100644
--- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
@@ -46,6 +46,7 @@
   UefiBootServicesTableLib
   UefiDriverEntryPoint
   HobLib
+  TpmMeasurementLib
 
 [Protocols]
   gEfiAcpiTableProtocolGuid                     # PROTOCOL ALWAYS_CONSUMED
diff --git a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
index f0d81d6fd73d..a7f14f8e25f4 100644
--- a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
+++ b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
@@ -10,6 +10,7 @@
 
 #include <IndustryStandard/Acpi.h>            // EFI_ACPI_DESCRIPTION_HEADER
 #include <IndustryStandard/QemuLoader.h>      // QEMU_LOADER_FNAME_SIZE
+#include <IndustryStandard/UefiTcgPlatform.h>
 #include <Library/BaseLib.h>                  // AsciiStrCmp()
 #include <Library/BaseMemoryLib.h>            // CopyMem()
 #include <Library/DebugLib.h>                 // DEBUG()
@@ -18,6 +19,7 @@
 #include <Library/QemuFwCfgLib.h>             // QemuFwCfgFindFile()
 #include <Library/QemuFwCfgS3Lib.h>           // QemuFwCfgS3Enabled()
 #include <Library/UefiBootServicesTableLib.h> // gBS
+#include <Library/TpmMeasurementLib.h>
 
 #include "AcpiPlatform.h"
 
@@ -1032,6 +1034,30 @@ Process2ndPassCmdAddPointer (
     goto RollbackSeenPointer;
   }
 
+  //
+  // Measure the ACPI table downloaded from QEMU before it is installed.
+  //
+  Status = TpmMeasureAndLogData (
+             1,
+             EV_PLATFORM_CONFIG_FLAGS,
+             EV_POSTCODE_INFO_ACPI_DATA,
+             ACPI_DATA_LEN,
+             (VOID *)(UINTN)PointerValue,
+             TableSize
+             );
+  //
+  // TPM & Confidential Computing measurement protocol may not be installed.
+  // So EFI_NOT_FOUND is ignored.
+  //
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+    DEBUG ((
+      DEBUG_ERROR,
+      "Measure ACPI table failed! Status = %r\n",
+      Status
+      ));
+    goto RollbackSeenPointer;
+  }
+
   Status = AcpiProtocol->InstallAcpiTable (
                            AcpiProtocol,
                            (VOID *)(UINTN)PointerValue,
-- 
2.29.2.windows.2