From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id 5A3FD7803CE for ; Fri, 12 Apr 2024 14:34:23 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=eTZtzl6qNT7wtLMJ1mUpMypAfjN5OqV0F8sbK9o5L7E=; c=relaxed/simple; d=groups.io; h=Received-SPF:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:NoDisclaimer:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1712932462; v=1; b=Cygp69oYcyTq86jl64/i4I3g7LPdeBoifbkEqFoKRAwrCA1FXDmPbztSLYrqhiGa07/EA6TL exIqpXwtEapIMwt4VW2j6kIctjUKOeU3xtNu8kHqPCrvIuZtwWjWdUVV1K+KG1nPTqKTpwAdy/0 HKjah/sSxr5Pcze3wvYX7ZXzi3ygTvuy9RvTO+arHSAfL/bbMcACnfbJfqfG0yiQwFQOMVugDiv IUyi5X/xROX4jOn6jwx7zao4/e0yfMhdrn4tQos0qXlWfKC6MMDaxXUN8w2vUFjdw6i9aI4jbep fRfSrxhozeX/2Fhkypl7UrUwmxaxEKaQbX8CvKiekzcSA== X-Received: by 127.0.0.2 with SMTP id OF11YY7687511xnASkCjzaDI; Fri, 12 Apr 2024 07:34:22 -0700 X-Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.83]) by mx.groups.io with SMTP id smtpd.web11.47975.1712932450766337617 for ; Fri, 12 Apr 2024 07:34:11 -0700 X-Received: from AM6P193CA0140.EURP193.PROD.OUTLOOK.COM (2603:10a6:209:85::45) by AS4PR08MB8093.eurprd08.prod.outlook.com (2603:10a6:20b:588::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Fri, 12 Apr 2024 14:34:05 +0000 X-Received: from AM1PEPF000252DC.eurprd07.prod.outlook.com (2603:10a6:209:85:cafe::3a) by AM6P193CA0140.outlook.office365.com (2603:10a6:209:85::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.26 via Frontend Transport; Fri, 12 Apr 2024 14:34:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C X-Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM1PEPF000252DC.mail.protection.outlook.com (10.167.16.54) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7452.22 via Frontend Transport; Fri, 12 Apr 2024 14:34:05 +0000 X-Received: ("Tessian outbound 9fd7e4b543e6:v313"); Fri, 12 Apr 2024 14:34:05 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 66b9a93a6ad60a3c X-CR-MTA-TID: 64aa7808 X-Received: from 1d59241c9403.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id EC205710-A398-4881-A0E5-8E47F7B37615.1; Fri, 12 Apr 2024 14:33:53 +0000 X-Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 1d59241c9403.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 12 Apr 2024 14:33:53 +0000 X-Received: from DUZPR01CA0144.eurprd01.prod.exchangelabs.com (2603:10a6:10:4bd::26) by DU0PR08MB8786.eurprd08.prod.outlook.com (2603:10a6:10:473::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Fri, 12 Apr 2024 14:33:48 +0000 X-Received: from DU6PEPF00009523.eurprd02.prod.outlook.com (2603:10a6:10:4bd:cafe::9e) by DUZPR01CA0144.outlook.office365.com (2603:10a6:10:4bd::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.26 via Frontend Transport; Fri, 12 Apr 2024 14:33:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C X-Received: from nebula.arm.com (40.67.248.234) by DU6PEPF00009523.mail.protection.outlook.com (10.167.8.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Fri, 12 Apr 2024 14:33:48 +0000 X-Received: from AZ-NEU-EX02.Emea.Arm.com (10.251.26.5) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 12 Apr 2024 14:33:46 +0000 X-Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX02.Emea.Arm.com (10.251.26.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 12 Apr 2024 14:33:46 +0000 X-Received: from E114225.Arm.com (10.1.196.56) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Fri, 12 Apr 2024 14:33:45 +0000 From: "Sami Mujawar" To: CC: Sami Mujawar , , , , , , , Subject: [edk2-devel] [PATCH v2 42/45] ArmVirtPkg: RMM 1.0-eac5 - Attestation token API updates Date: Fri, 12 Apr 2024 15:33:19 +0100 Message-ID: <20240412143322.5244-43-sami.mujawar@arm.com> In-Reply-To: <20240412143322.5244-1-sami.mujawar@arm.com> References: <20240412143322.5244-1-sami.mujawar@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DU6PEPF00009523:EE_|DU0PR08MB8786:EE_|AM1PEPF000252DC:EE_|AS4PR08MB8093:EE_ X-MS-Office365-Filtering-Correlation-Id: bf528901-01aa-4a29-9809-08dc5afd9b17 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: ohmwDO8QdKiY9XEpfTTjI/2O+zp2mO3kFxvLSrKsprte1u6Wbib5184pN8nc/D7M+C0IIwEyZ4/NDZgahnn78Pbtd5C4WMUygkJgZQD3FrK4+O+gL4WrndK0sMrxtTyefJsVuHpxU9+mTU+AXAXIMymKnS6E2Im9WGmBpIMftoKfy+HwFxy+GILhaMGwUCgrXwz6WAX0ofiqwkHPaNEGTWUvthYLnT8lbpZjlc0Avx9VhGmyAPZbJ72aJUfs4SKUw7mfj3FLSsNzCmmcsC2h/sH+jMHXc2NorYBFkzG8ceAaLLdplgIt3A1PCVemYNmlPw8FdU6o6R1XkdC5zvKJXEbAysrJseOAAJ2EO33W+slI7KdgmW2yvdttXpjIt3gf9iTC4y0ZJCPAEsHt2oFJ4t6gMLCDzlZj91oNsX7MnhDuk4RnWIR895YjrZl69dMma3H4rqzfLEKvTHCB8cM/+9H/uO7E4jYCCcUI4Rj+J5M6X31rlHL/6bL8kW+jxprUeT96gYhPItgQ+a2JpTgeCbWLRFQFS14saITQ3dAuFjZF4k1GAq5Bk1shi+JKzmQ3uHZjQ4Bcern1yUhcGqWUYUT7879njgpQ3KObDijRltRoWPLbvdbEyH71XMShUBUnb7T4z1cc/qLcdbwS/jd8VGqTDiHOBVHC27AH1dmTXoAJVLKAviZOs4LarmZcgEYtyuCB+17xJRRfd6Fu71+S+v+lQ7rLHRJMv292jMlOrdKYXzcIHa7Vsa0oEUW+d3RU X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(82310400014)(1800799015)(376005);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB8786 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM1PEPF000252DC.eurprd07.prod.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 337e3cc7-ac68-4eb5-3f4a-08dc5afd90ff X-Microsoft-Antispam-Message-Info: jDp0Tqbp4bggEZDo/E48deZaaZSoZiYMMqljAL9Bj3ksT6tLn7404gwho0JZw8Jm8ogt3XMT4Vmw/nDXVXyvam55Nm35jEGn64eIwohaFHh3Sv10VWIzjCaSC/5MsmVhyaNnoHXn3bIZ0ZbWVRP5qX4vqQy7ZZiHZYvs1m4gGIfW2WTWGLVgF+ejtuWCuPIrF5Lje3MK4ulIo0+9HbwTS2elwx6UJYPR/5MCF54LmBFHypAMqN4hqz6DzEp9fI5ncsqKXNAMLbEyz0lFyaVcPR5wthYmdg95372w5s+3qMz0g+hgv5M31ruM/0A0ezdc9z8pBsGRhBWYqetMQB8rpnENmWro8CoyxyLV14PcVzcgU5T3tLjyxf9jKBDIxYHRv/ZCplKFecqAi1CIphIOdhSWd5/BxybL89INC/PKA/0hVzWHuTxbcK1pQIUoe2pa4rKY3kKtf1YExE7XItSDs9ctw9wyKaYhH18oyfyc1gaGuabPfqTYc7d42F9ztYBF0qaPs6MKEJhmdWFtWypuhIQ82q+tAE6Xr5tp5tRPAHkKOPBSzq+6wjXAQZJHOHKCw/C212JzeqFbwyzHbDd0WiWLCLnkX/hYqVclRM4aJDOC4Pr3m3RiHK3zrZ6fL1NwyW7dFqK7Tq7PIzaVSto2KlBWT8xdrAhQz0h2T4yRtWPpufTh0BkiBhijmuLV2QMz7Z6g8X75WTUrQaEz1jja/CN/biHNusNs3gGvMNAk4J3u+ZVJPTMPjPAFkmeAnrMw X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Apr 2024 14:34:05.4070 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bf528901-01aa-4a29-9809-08dc5afd9b17 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM1PEPF000252DC.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR08MB8093 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 12 Apr 2024 07:34:11 -0700 Resent-From: sami.mujawar@arm.com Reply-To: devel@edk2.groups.io,sami.mujawar@arm.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: HJsLka7cPyBqOzdIyAbHiO5Cx7686176AA= Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Cygp69oY; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arm.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io The RMM 1.0-eac3 specification removed the restriction that attestation token size must not exceed 4KB. Further it also extended the RSI_ATTESTATION_TOKEN_CONTINUE command so as to return up to a granule worth of the attestation token data. The RMM 1.0-eac5 specification simplified the attestation token interfaces such that, the RSI_ATTESTATION_TOKEN_INIT command returns the upper bound of the attestation token size. This eliminates the need for relocation of token data buffers during attestation token retrieval. Therefore, implement the attestation token API updates from RMM 1.0-eac3 through to RMM 1.0-eac5 specification. Note: The RsiGetAttestationToken() API has been modified such that ArmCcaRsiLib allocates memory for the returned attestation token buffer. The caller is therefore required to call RsiFreeAttestationToken() to free the memory that was allocated for the attestation token buffer. Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Gerd Hoffmann Signed-off-by: Sami Mujawar --- ArmVirtPkg/Include/Library/ArmCcaRsiLib.h | 31 ++-- ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c | 160 +++++++++++++++----- 2 files changed, 146 insertions(+), 45 deletions(-) diff --git a/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h b/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h index 8c1c0d5bc19d14fa640464c8d0d44e3ef522ba79..b768f3498314a2ea61762af65bf2668d463909a6 100644 --- a/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h +++ b/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h @@ -11,7 +11,7 @@ - REM - Realm Extensible Measurement @par Reference(s): - - Realm Management Monitor (RMM) Specification, version 1.0-eac4 + - Realm Management Monitor (RMM) Specification, version 1.0-eac5 (https://developer.arm.com/documentation/den0137/) **/ @@ -33,11 +33,6 @@ */ #define RIPAS_TYPE_MASK 0xFF -/* Maximum attestation token size - RBXKKY The size of an attestation token is no larger than 4KB. -*/ -#define MAX_ATTESTATION_TOKEN_SIZE SIZE_4KB - /* Maximum challenge data size in bits. */ #define MAX_CHALLENGE_DATA_SIZE_BITS 512 @@ -185,9 +180,10 @@ typedef struct HostCallArgs { @param [in] ChallengeDataSizeBits Size of the challenge data in bits. @param [out] TokenBuffer Pointer to a buffer to store the retrieved attestation token. - @param [in, out] TokenBufferSize Size of the token buffer on input and - number of bytes stored in token buffer - on return. + @param [out] TokenBufferSize Length of token data returned. + + Note: The TokenBuffer allocated must be freed by the caller + using RsiFreeAttestationToken(). @retval RETURN_SUCCESS Success. @retval RETURN_INVALID_PARAMETER A parameter is invalid. @@ -202,8 +198,21 @@ EFIAPI RsiGetAttestationToken ( IN CONST UINT8 *CONST ChallengeData, IN UINT64 ChallengeDataSizeBits, - OUT UINT8 *CONST TokenBuffer, - IN OUT UINT64 *CONST TokenBufferSize + OUT UINT8 **CONST TokenBuffer, + OUT UINT64 *CONST TokenBufferSize + ); + +/** + Free the attestation token buffer. + + @param [in] TokenBuffer Pointer to the retrieved + attestation token. + @param [in] TokenBufferSize Size of the token buffer. +**/ +VOID +RsiFreeAttestationToken ( + IN UINT8 *CONST TokenBuffer, + IN UINT64 CONST TokenBufferSize ); /** diff --git a/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c b/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c index edd2e11f786d11191f13dd9b087cdeec4127b375..b861b2e79d5d659a0eb16206d329a0cb039eda0d 100644 --- a/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c +++ b/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c @@ -11,7 +11,7 @@ - REM - Realm Extensible Measurement @par Reference(s): - - Realm Management Monitor (RMM) Specification, version 1.0-eac4 + - Realm Management Monitor (RMM) Specification, version 1.0-eac5 (https://developer.arm.com/documentation/den0137/) **/ @@ -22,6 +22,7 @@ #include #include #include +#include #include "ArmCcaRsi.h" /** @@ -88,6 +89,8 @@ AddrIsGranuleAligned ( @param [out] TokenBuffer Pointer to a buffer to store the retrieved attestation token. + @param [in] Offset Offset within Token buffer granule + to start of buffer in bytes. @param [in,out] TokenSize On input size of the token buffer, and on output size of the token returned if operation is successful, @@ -106,6 +109,7 @@ RETURN_STATUS EFIAPI RsiAttestationTokenContinue ( OUT UINT8 *CONST TokenBuffer, + IN UINT64 CONST Offset, IN OUT UINT64 *CONST TokenSize ) { @@ -116,6 +120,10 @@ RsiAttestationTokenContinue ( SmcCmd.Arg0 = FID_RSI_ATTESTATION_TOKEN_CONTINUE; // Set the IPA of the Granule to which the token will be written. SmcCmd.Arg1 = (UINTN)TokenBuffer; + // Set the Offset within Granule to start of buffer in bytes + SmcCmd.Arg2 = (UINTN)Offset; + // Set the size of the buffer in bytes + SmcCmd.Arg3 = (UINTN)*TokenSize; ArmCallSmc (&SmcCmd); Status = RsiCmdStatusToEfiStatus (SmcCmd.Arg0); @@ -137,8 +145,8 @@ RsiAttestationTokenContinue ( @param [in] ChallengeData Pointer to the challenge data to be included in the attestation token. @param [in] ChallengeDataSizeBits Size of the challenge data in bits. - @param [in] TokenBuffer Pointer to a buffer to store the - retrieved attestation token. + @param [out] MaxTokenSize Pointer to an integer to retrieve + the maximum attestation token size. @retval RETURN_SUCCESS Success. @retval RETURN_INVALID_PARAMETER A parameter is invalid. @@ -149,14 +157,15 @@ EFIAPI RsiAttestationTokenInit ( IN CONST UINT8 *CONST ChallengeData, IN UINT64 ChallengeDataSizeBits, - IN UINT8 *CONST TokenBuffer + OUT UINT64 *CONST MaxTokenSize ) { - ARM_SMC_ARGS SmcCmd; - UINT8 *Buffer8; - CONST UINT8 *Data8; - UINT64 Count; - UINT8 TailBits; + RETURN_STATUS Status; + ARM_SMC_ARGS SmcCmd; + UINT8 *Buffer8; + CONST UINT8 *Data8; + UINT64 Count; + UINT8 TailBits; /* See A7.2.2 Attestation token generation, RMM Specification, version A-bet0 IWTKDD - If the size of the challenge provided by the relying party is less @@ -168,11 +177,8 @@ RsiAttestationTokenInit ( */ ZeroMem (&SmcCmd, sizeof (SmcCmd)); SmcCmd.Arg0 = FID_RSI_ATTESTATION_TOKEN_INIT; - // Set the IPA of the Granule to which the token will be written. - SmcCmd.Arg1 = (UINTN)TokenBuffer; - // Copy challenge data. - Buffer8 = (UINT8 *)&SmcCmd.Arg2; + Buffer8 = (UINT8 *)&SmcCmd.Arg1; Data8 = ChallengeData; // First copy whole bytes @@ -194,7 +200,38 @@ RsiAttestationTokenInit ( } ArmCallSmc (&SmcCmd); - return RsiCmdStatusToEfiStatus (SmcCmd.Arg0); + Status = RsiCmdStatusToEfiStatus (SmcCmd.Arg0); + if (RETURN_ERROR (Status)) { + // Set the max token size to zero + *MaxTokenSize = 0; + } else { + *MaxTokenSize = SmcCmd.Arg1; + } + + return Status; +} + +/** + Free the attestation token buffer. + + @param [in] TokenBuffer Pointer to the retrieved + attestation token. + @param [in] TokenBufferSize Size of the token buffer. +**/ +VOID +RsiFreeAttestationToken ( + IN UINT8 *CONST TokenBuffer, + IN UINT64 CONST TokenBufferSize + ) +{ + if (TokenBuffer != NULL) { + if (TokenBufferSize > 0) { + // Scrub the token buffer + ZeroMem (TokenBuffer, TokenBufferSize); + } + + FreePool (TokenBuffer); + } } /** @@ -205,9 +242,10 @@ RsiAttestationTokenInit ( @param [in] ChallengeDataSizeBits Size of the challenge data in bits. @param [out] TokenBuffer Pointer to a buffer to store the retrieved attestation token. - @param [in, out] TokenBufferSize Size of the token buffer on input and - number of bytes stored in token buffer - on return. + @param [out] TokenBufferSize Length of token data returned. + + Note: The TokenBuffer allocated must be freed by the caller + using RsiFreeAttestationToken(). @retval RETURN_SUCCESS Success. @retval RETURN_INVALID_PARAMETER A parameter is invalid. @@ -222,11 +260,17 @@ EFIAPI RsiGetAttestationToken ( IN CONST UINT8 *CONST ChallengeData, IN UINT64 ChallengeDataSizeBits, - OUT UINT8 *CONST TokenBuffer, - IN OUT UINT64 *CONST TokenBufferSize + OUT UINT8 **CONST TokenBuffer, + OUT UINT64 *CONST TokenBufferSize ) { RETURN_STATUS Status; + UINT8 *Granule; + UINT64 GranuleSize; + UINT64 Offset; + UINT8 *Token; + UINT64 TokenSize; + UINT64 MaxTokenSize; if ((TokenBuffer == NULL) || (TokenBufferSize == NULL) || @@ -235,16 +279,6 @@ RsiGetAttestationToken ( return RETURN_INVALID_PARAMETER; } - if (*TokenBufferSize < MAX_ATTESTATION_TOKEN_SIZE) { - *TokenBufferSize = MAX_ATTESTATION_TOKEN_SIZE; - return RETURN_BAD_BUFFER_SIZE; - } - - if (!AddrIsGranuleAligned ((UINT64 *)TokenBuffer)) { - DEBUG ((DEBUG_ERROR, "ERROR : Token buffer not granule aligned\n")); - return RETURN_INVALID_PARAMETER; - } - if (ChallengeDataSizeBits > MAX_CHALLENGE_DATA_SIZE_BITS) { return RETURN_INVALID_PARAMETER; } @@ -260,18 +294,76 @@ RsiGetAttestationToken ( Status = RsiAttestationTokenInit ( ChallengeData, ChallengeDataSizeBits, - TokenBuffer + &MaxTokenSize ); if (RETURN_ERROR (Status)) { ASSERT (0); return Status; } - /* Loop until the token is ready or there is an error. - */ + // Allocate a granule to retrieve the attestation token chunk. + Granule = (UINT8 *)AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (REALM_GRANULE_SIZE), + REALM_GRANULE_SIZE + ); + if (Granule == NULL) { + ASSERT (0); + return RETURN_OUT_OF_RESOURCES; + } + + // Alloate a buffer to store the retrieved attestation token. + Token = AllocateZeroPool (MaxTokenSize); + if (Token == NULL) { + ASSERT (0); + Status = RETURN_OUT_OF_RESOURCES; + goto exit_handler; + } + + TokenSize = 0; do { - Status = RsiAttestationTokenContinue (TokenBuffer, TokenBufferSize); - } while (Status == RETURN_NOT_READY); + // Retrieve one Granule of data per loop iteration + ZeroMem (Granule, REALM_GRANULE_SIZE); + Offset = 0; + do { + // Retrieve sub-Granule chunk of data per loop iteration + GranuleSize = REALM_GRANULE_SIZE - Offset; + Status = RsiAttestationTokenContinue ( + Granule, + Offset, + &GranuleSize + ); + Offset += GranuleSize; + } while ((Status == RETURN_NOT_READY) && (Offset < REALM_GRANULE_SIZE)); + + if (RETURN_ERROR (Status) && (Status != RETURN_NOT_READY)) { + ASSERT (0); + goto exit_handler1; + } + + // "Offset" bytes of data are now ready for consumption from "Granule" + // Copy the new token data from the Granule. + CopyMem (&Token[TokenSize], Granule, Offset); + TokenSize += Offset; + } while ((Status == RETURN_NOT_READY) && (TokenSize < MaxTokenSize)); + + *TokenBuffer = Token; + *TokenBufferSize = TokenSize; + goto exit_handler; + +exit_handler1: + if (Token != NULL) { + // Scrub the old Token + ZeroMem (Token, TokenSize); + FreePool (Token); + } + + *TokenBuffer = NULL; + *TokenBufferSize = 0; + +exit_handler: + // Scrub the Granule buffer + ZeroMem (Granule, REALM_GRANULE_SIZE); + FreePages (Granule, EFI_SIZE_TO_PAGES (REALM_GRANULE_SIZE)); return Status; } -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117706): https://edk2.groups.io/g/devel/message/117706 Mute This Topic: https://groups.io/mt/105483450/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-