From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>
Subject: [PATCH V2 08/10] OvmfPkg: Enable Tdx measurement in OvmfPkgX64
Date: Thu, 19 Jan 2023 11:28:20 +0800 [thread overview]
Message-ID: <20230119032822.1406-9-min.m.xu@intel.com> (raw)
In-Reply-To: <20230119032822.1406-1-min.m.xu@intel.com>
From: Min M Xu <min.m.xu@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
This patch enables Tdx measurement in OvmfPkgX64 with below changes:
1) TDX_ENABLE is introduced in OvmfPkgX64.dsc. This flag indicates
if Intel TDX is enabled in OvmfPkgX64. Its default value is FALSE.
2) Update SecMain.c with the functions provided by TdxHelperLib
3) Include TdTcg2Dxe in OvmfPkgX64 so that CC_MEASUREMENT_PROTOCOL
is installed in a Td-guest. TdTcg2Dxe is controlled by TDX_ENABLE
because it is only valid when Intel TDX is enabled.
3) OvmfTpmLibs.dsc.inc and OvmfTpmSecurityStub.dsc.inc are updated
because DxeTpm2MeasureBootLib.inf and DxeTpmMeasurementLib.inf
should be included to support CC_MEASUREMENT_PROTOCOL.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc | 10 +++++++++-
OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc | 8 ++++++++
OvmfPkg/OvmfPkgX64.dsc | 15 ++++++++++++++-
OvmfPkg/OvmfPkgX64.fdf | 7 +++++++
OvmfPkg/Sec/SecMain.c | 17 +++++++++++++++--
5 files changed, 53 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
index cd1a899d68f7..df228dc5e2ca 100644
--- a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+++ b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
@@ -10,9 +10,17 @@
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
!else
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
+!endif
+
+!if $(TPM2_ENABLE) == TRUE || $(TDX_ENABLE) == TRUE
+ #
+ # DxeTpmMeasurementLib supports measurement functions for both TPM and Confidential Computing.
+ # It should be controlled by TPM2_ENABLE and TDX_ENABLE.
+ #
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+!else
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
index e9ab2fca7bc7..a08e29720f5d 100644
--- a/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+++ b/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
@@ -6,5 +6,13 @@
!if $(TPM1_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
!endif
+!endif
+
+!if $(TPM2_ENABLE) == TRUE || $(TDX_ENABLE) == TRUE
+ #
+ # DxeTpm2MeasureBootLib provides security service of TPM2 measure boot and
+ # Confidential Computing (CC) measure boot. It should be controlled by
+ # TPM2_ENABLE and TDX_ENABLE
+ #
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3f970a79a08a..0bf16a4815b3 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -32,6 +32,7 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
+ DEFINE TDX_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
@@ -724,7 +725,8 @@
OvmfPkg/Sec/SecMain.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
- NULL|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+ NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
}
#
@@ -1100,6 +1102,17 @@
}
!endif
+ #
+ # Cc Measurement Protocol for Td guest
+ #
+!if $(TDX_ENABLE) == TRUE
+ SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ }
+!endif
+
#
# TPM support
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 8c02dfe11e37..0df986f7ebec 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -402,6 +402,13 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
+#
+# EFI_CC_MEASUREMENT_PROTOCOL
+#
+!if $(TDX_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
+!endif
+
#
# TPM support
#
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 1167d22a68cc..4bb3b641701e 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -29,7 +29,7 @@
#include <Library/CpuExceptionHandlerLib.h>
#include <Ppi/TemporaryRamSupport.h>
#include <Ppi/MpInitLibDep.h>
-#include <Library/PlatformInitLib.h>
+#include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
#include "AmdSev.h"
@@ -760,12 +760,25 @@ SecCoreStartupWithStack (
#if defined (TDX_GUEST_SUPPORTED)
if (CcProbe () == CcGuestTypeIntelTdx) {
+ //
+ // From the security perspective all the external input should be measured before
+ // it is consumed. TdHob and Configuration FV (Cfv) image are passed from VMM
+ // and should be measured here.
+ //
+ if (EFI_ERROR (TdxHelperMeasureTdHob ())) {
+ CpuDeadLoop ();
+ }
+
+ if (EFI_ERROR (TdxHelperMeasureCfvImage ())) {
+ CpuDeadLoop ();
+ }
+
//
// For Td guests, the memory map info is in TdHobLib. It should be processed
// first so that the memory is accepted. Otherwise access to the unaccepted
// memory will trigger tripple fault.
//
- if (ProcessTdxHobList () != EFI_SUCCESS) {
+ if (TdxHelperProcessTdHob () != EFI_SUCCESS) {
CpuDeadLoop ();
}
}
--
2.29.2.windows.2
next prev parent reply other threads:[~2023-01-19 3:29 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-19 3:28 [PATCH V2 00/10] Enable Tdx measurement in OvmfPkgX64 Min Xu
2023-01-19 3:28 ` [PATCH V2 01/10] OvmfPkg: Add Tdx measurement data structure in WorkArea Min Xu
2023-01-19 9:33 ` Gerd Hoffmann
2023-01-19 3:28 ` [PATCH V2 02/10] OvmfPkg/IntelTdx: Add TdxHelperLibNull Min Xu
2023-01-19 9:33 ` Gerd Hoffmann
2023-01-19 3:28 ` [PATCH V2 03/10] OvmfPkg/IntelTdx: Add SecTdxHelperLib Min Xu
2023-01-19 9:33 ` Gerd Hoffmann
2023-01-19 3:28 ` [PATCH V2 04/10] OvmfPkg/IntelTdx: Implement other helper functions in SecTdxHelperLib Min Xu
2023-01-19 9:54 ` Gerd Hoffmann
2023-01-19 23:44 ` Min Xu
2023-01-20 7:40 ` Min Xu
2023-01-20 8:10 ` Yao, Jiewen
2023-01-20 10:18 ` Gerd Hoffmann
2023-01-20 11:42 ` Min Xu
2023-01-20 13:50 ` Gerd Hoffmann
2023-01-21 0:02 ` Min Xu
2023-01-19 3:28 ` [PATCH V2 05/10] OvmfPkg/IntelTdx: Add PeiTdxHelperLib Min Xu
2023-01-19 9:54 ` Gerd Hoffmann
2023-01-19 3:28 ` [PATCH V2 06/10] OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurements Min Xu
2023-01-19 9:57 ` Gerd Hoffmann
2023-01-19 3:28 ` [PATCH V2 07/10] OvmfPkg/IntelTdx: Update tdx measurement in SEC phase Min Xu
2023-01-19 9:57 ` Gerd Hoffmann
2023-01-19 3:28 ` Min Xu [this message]
2023-01-19 3:28 ` [PATCH V2 09/10] OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement Min Xu
2023-01-19 9:58 ` Gerd Hoffmann
2023-01-19 3:28 ` [PATCH V2 10/10] OvmfPkg/PlatformInitLib: Delete the ProcessTdxHobList() Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230119032822.1406-9-min.m.xu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox