From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 43E38D800FD for ; Tue, 12 Mar 2024 07:52:22 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=6sPMS6ZaAyVUNJ9I7oopR07kVRzgTGMkhwJp6AUq69o=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1710229940; v=1; b=Mx7+glJQu8+wIQUkzjxhcd/0giNOt+0fWBwDt+yP6qep3TuGmMpe8nJJ5fGH7ME4waPvEY04 HK3gTPWoLLdg5ZmKFHcq9xmzIeBGkPDOZP+PIc7a7NQaEufpioUjS3wwk8/spZIu3uYhfi1gkIc AuOwQ5lGygYnGuKkTkjqjNvgM2mWK23qTX521R9PctKu4perkzejFk58VhoffNfKuruGDZkW1c1 Dy/0CqiP9619lpWB6LX/Se9ubzKYghKvlJl2wlaiLlsXIj24ojxdZ5CzT2WySKZY6DLMocMi9BH zGZqYPuZmf4Tu4JrFxKLblLuBzg2f1FbsUHwxRnc3Su+w== X-Received: by 127.0.0.2 with SMTP id Hj9tYY7687511x0cSI5rWCeL; Tue, 12 Mar 2024 00:52:20 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21]) by mx.groups.io with SMTP id smtpd.web11.3421.1710229939953833339 for ; Tue, 12 Mar 2024 00:52:20 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11010"; a="4850809" X-IronPort-AV: E=Sophos;i="6.07,118,1708416000"; d="scan'208";a="4850809" X-Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Mar 2024 00:52:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,118,1708416000"; d="scan'208";a="11882791" X-Received: from tdvf-default-string.sh.intel.com ([10.239.49.7]) by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Mar 2024 00:52:12 -0700 From: "sunceping" To: devel@edk2.groups.io Cc: Ceping Sun , Erdem Aktas , Jiewen Yao , Min Xu , Gerd Hoffmann , Elena Reshetova Subject: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait Date: Wed, 13 Mar 2024 07:51:46 +0800 Message-Id: <20240312235146.3777997-1-cepingx.sun@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 12 Mar 2024 00:52:20 -0700 Reply-To: devel@edk2.groups.io,cepingx.sun@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 4eTho0yob7wg1WakPZXjs5dEx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Mx7+glJQ; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4415 Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide spec, OVMF would uses FW_CFG_IO_SELECTOR(0x510) and FW_CFG_IO_DATA(0x511) to get configuration data from QEMU. From the security perspective, if TDVF uses this method, configuration data must be measured into RTMR[0]. Currently, the etc/boot-menu-wait is using in TDVF, it required to be measured into RTMR[0]. This is the first patch and will continue to be updated to measure additional configuration data. Refernce: spec: https://cdrdv2.intel.com/v1/dl/getContent/733585 Cc: Erdem Aktas Cc: Jiewen Yao Cc: Min Xu Cc: Gerd Hoffmann Cc: Elena Reshetova Signed-off-by: Ceping Sun --- .../QemuBootOrderLib/QemuBootOrderLib.c | 21 ++++++++++++++++++- .../QemuBootOrderLib/QemuBootOrderLib.inf | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c index 2fe6ab30c032..63a290712002 100644 --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c @@ -20,6 +20,8 @@ #include #include #include +#include +#include #include "ExtraRootBusMap.h" @@ -41,6 +43,9 @@ #define REQUIRED_MMIO_OFW_NODES 1 #define EXAMINED_OFW_NODES 6 +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA "QEMU BOOTMENU WAIT TIME" +#define QEMU_BOOTMENU_WAIT_DATA_LEN (sizeof(EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA) - 1) + /** Simple character classification routines, corresponding to POSIX class names and ASCII encoding. @@ -2418,5 +2423,19 @@ GetFrontPageTimeoutFromQemu ( // seconds, round N up. // QemuFwCfgSelectItem (BootMenuWaitItem); - return (UINT16)((QemuFwCfgRead16 () + 999) / 1000); + Timeout = QemuFwCfgRead16 (); + // + // Measure the Timeout which is downloaded from QEMU. + // It has to be done before it is consumed. + // + TpmMeasureAndLogData ( + 1, + EV_PLATFORM_CONFIG_FLAGS, + EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA, + QEMU_BOOTMENU_WAIT_DATA_LEN, + (VOID *)(UINTN)&Timeout, + BootMenuWaitSize + ); + + return (UINT16)((Timeout + 999) / 1000); } diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf index 6e320e3e8514..0231c9d5c5b8 100644 --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf @@ -45,6 +45,7 @@ DevicePathLib BaseMemoryLib OrderedCollectionLib + TpmMeasurementLib [Guids] gEfiGlobalVariableGuid -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116669): https://edk2.groups.io/g/devel/message/116669 Mute This Topic: https://groups.io/mt/104880546/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-