From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id D42E47803CC for ; Fri, 12 Apr 2024 14:33:51 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=9iUrzamhLMkQZiL1sD7Jl/O3e05o6vtD5K+gFyUmxto=; c=relaxed/simple; d=groups.io; h=Received-SPF:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:NoDisclaimer:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1712932430; v=1; b=lErRVMiJrJ3wtIyeytw7TQdv+ltFlCX8S5J2cyYKpU2w04Rr7/OVcuibZ61Ys8kIoHtsRvNj kpVNcEWfyZug/m5aGW7BKSYSUN2RWPLQwdGvczFjE7+smXOCV6nb//FP2NyOS43BYLF3HrrSncR GY1J1NzWwwAUU33lK1T2Izix9GI635GbmtecBX/6WJMujuvgU2/N6axAfpCnmVN44a7LItHmmND IeowkWQxCeqHEnEtXVZi/2AoX8UKPI7T8Uh8+IbcUV5G8NqYhS2P9QVmO1Ilv98JeRZj2HOw7Bx wW202h2nPUG3QmGGZAKoAixgQEVC4EubtqJDrsae5HRYw== X-Received: by 127.0.0.2 with SMTP id CfBJYY7687511x0OF2Xpwp3O; Fri, 12 Apr 2024 07:33:50 -0700 X-Received: from EUR03-VI1-obe.outbound.protection.outlook.com (EUR03-VI1-obe.outbound.protection.outlook.com [40.107.103.57]) by mx.groups.io with SMTP id smtpd.web10.48530.1712932429421136764 for ; Fri, 12 Apr 2024 07:33:50 -0700 X-Received: from AS4P250CA0022.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:5e3::12) by PAXPR08MB6399.eurprd08.prod.outlook.com (2603:10a6:102:158::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Fri, 12 Apr 2024 14:33:42 +0000 X-Received: from AMS1EPF00000043.eurprd04.prod.outlook.com (2603:10a6:20b:5e3:cafe::c9) by AS4P250CA0022.outlook.office365.com (2603:10a6:20b:5e3::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.18 via Frontend Transport; Fri, 12 Apr 2024 14:33:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C X-Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AMS1EPF00000043.mail.protection.outlook.com (10.167.16.40) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7452.22 via Frontend Transport; Fri, 12 Apr 2024 14:33:41 +0000 X-Received: ("Tessian outbound caed45120527:v313"); Fri, 12 Apr 2024 14:33:41 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: f43a815aa5b7fa7d X-CR-MTA-TID: 64aa7808 X-Received: from e4ebf87b0858.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E22664D8-2438-4545-B64E-BD64960F14E3.1; Fri, 12 Apr 2024 14:33:34 +0000 X-Received: from EUR02-AM0-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id e4ebf87b0858.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 12 Apr 2024 14:33:34 +0000 X-Received: from DB7PR03CA0098.eurprd03.prod.outlook.com (2603:10a6:10:72::39) by GV1PR08MB7849.eurprd08.prod.outlook.com (2603:10a6:150:5c::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Fri, 12 Apr 2024 14:33:32 +0000 X-Received: from DU2PEPF00028D02.eurprd03.prod.outlook.com (2603:10a6:10:72:cafe::44) by DB7PR03CA0098.outlook.office365.com (2603:10a6:10:72::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.26 via Frontend Transport; Fri, 12 Apr 2024 14:33:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C X-Received: from nebula.arm.com (40.67.248.234) by DU2PEPF00028D02.mail.protection.outlook.com (10.167.242.186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Fri, 12 Apr 2024 14:33:31 +0000 X-Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 12 Apr 2024 14:33:28 +0000 X-Received: from E114225.Arm.com (10.1.196.56) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Fri, 12 Apr 2024 14:33:28 +0000 From: "Sami Mujawar" To: CC: Sami Mujawar , , , , , , , , Subject: [edk2-devel] [PATCH v2 07/45] ArmVirtPkg: ArmCcaRsiLib: Add interfaces to get/extend REMs Date: Fri, 12 Apr 2024 15:32:44 +0100 Message-ID: <20240412143322.5244-8-sami.mujawar@arm.com> In-Reply-To: <20240412143322.5244-1-sami.mujawar@arm.com> References: <20240412143322.5244-1-sami.mujawar@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DU2PEPF00028D02:EE_|GV1PR08MB7849:EE_|AMS1EPF00000043:EE_|PAXPR08MB6399:EE_ X-MS-Office365-Filtering-Correlation-Id: b1465bc2-4b5e-44a8-8212-08dc5afd8cc9 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: sanKhClioRtA1I60kJnNL/tBzhJ2UUsuLyqy05omImFXcYofrGob3DtzWR26bG+0HIscfSaVIe3pFF3maZkeJgL34QucNB4X89QqQw66NZ1QpxytbmucesrkJ3SOxjf8bhMx/8K5zIA1JQSi5U5PZvqYGUIX4UsaXUe2GHHyFdWvMnLgPx/sJueVHF7C6VAf7WOIAuR1JUmn5CcYb3BQLSRuF7SiWgdjME6Aju+tKBbEEpB1AdztyuI71Fkjg283nL371B3VYy5oUWy7WdCMs+nKoyDboQXrKCvqIXB4FzPCA1Y91BAWpj2vrzECdDqREJEw/oFeYsZSFuTy4LZLUsBzy3Dh9h3HJUNF4C1ATAAovmgVIIt88AGTGHocV8Q4oe67CxRKkUTzC7bw7ohgu+YpQ6khFl/R3m+42YwtbYlfLiITm3DkziDtLEZmenLT0iNx+mIo7S452/3EnEeT/ht9vZGUijsBH6i2LC3TLsYXgKOzH5hrYJd2/9xmywxg5wQRi1B37ifiMQe+VPsaiqr468mu5dZ4Vv4TRRQHKv7Xp2rGUgFVh5USDTokvLNuM/F8e96OI7pglZQnGOVjhg51dbHW5YPZ95UlYEDyF3vPSfl7W3kCAQYeuaYitVD2s2wnoKVfxV2+ce1ARMgQ5qNBrkZwJguR0kDIqZpDpv9XHLviSOlL2bk3S1ZseTBzvqq0O0hiuHaF/0I5J/11RmRW3SlWcF+h49PDZ4ZFkvDGZRU9xQPDuj+o3hbQIdoz X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(36860700004)(82310400014);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR08MB7849 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AMS1EPF00000043.eurprd04.prod.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 3e5706a9-0aa7-42d0-b84a-08dc5afd870f X-Microsoft-Antispam-Message-Info: y6gQpxDF68bMTTt7V2hSDPaPYsELn3xaL0ji1zvwsMNjX50b8tFEzZSYLB1z7vfCHt1kGSCxOMnGyZ8nH9MLj7mMl/W85K8/aXoW471VyQdmw/IDsYqN09bxr0Pc5o28565yePNUnCfR/0J1lm0EgOwR0+EeNGJawVASrACNJROL8qoF0YG9ce42RoPn18vpOlDY3RS4DfbF0OnhxezG+Ryf/jW0d1RLEXIiSLdVNxKU5B83vzw3sabugiPry+c+42ipbUo7zgOUOqqB/fgYZjsmJKO114ZzeqGtxiSNS3jGvxRd/nJPDTzsPSp9iAVGSrOeSpYrfJD6n2G02ZFN2EPFWTCo0dpHhOlZhru5dH2pWOl204/++p1nMGyGLW0AayTfijL0XHag5N12KHeT7aWYWyypB5Mp0xy1VGK1uSU6lvfOSdMif3Y/nzye0LEXEjpaRV9o4j8mOvz7qdpLVUgckKw5YAprOuiufTFB6SQhXogZtom53ufVkptQmDNajzggLCdAdajHd6q90KHDumP5snUhYKGPQV88KCO3f831uOqXF8y0mt6emBw5EJorbC5yMqRj2sS9+f7Nmdua+VooZgiDtMeM7/obvdx5Jvim+pBHGFSnLwrLoopRqqLsBVcwTkM9rtkdmx/22kePidsKsinqWZbXgmi79gXex4NkfhBbdSVjVJpGwgGNAajzozQpemJ0a0m40wRrmT86Ekx4ZNcXGYzlJv83Yp2QpS9jMkNvX9l9LQXT9MODTzvp X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Apr 2024 14:33:41.4228 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b1465bc2-4b5e-44a8-8212-08dc5afd8cc9 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AMS1EPF00000043.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6399 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 12 Apr 2024 07:33:50 -0700 Resent-From: sami.mujawar@arm.com Reply-To: devel@edk2.groups.io,sami.mujawar@arm.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: WCjqOLVMemwRIp4asrFpLbQ6x7686176AA= Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=lErRVMiJ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arm.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io The Section A2.1.3 Realm attributes, RMM Specification, version A-bet0 introduces the concept of REMs as described below: DGRFCS - A Realm Extensible Measurement (REM) is a measurement value which can be extended during the lifetime of a Realm. IFMPYL - Attributes of a Realm include an array of measurement values. The first entry in this array is a RIM. The remaining entries in this array are REMs. The Realm Service Interface commands defined in section B4.3.7 RSI_MEASUREMENT_READ and B4.3.6 RSI_MEASUREMENT_EXTEND specify the interfaces to read and extend measurements to REMs. Therefore, update ArmCcaRsiLib to add interfaces to get and extend REMs. Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Gerd Hoffmann Signed-off-by: Sami Mujawar --- ArmVirtPkg/Include/Library/ArmCcaRsiLib.h | 53 ++++++++++++ ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsi.h | 2 + ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c | 91 ++++++++++++++++++++ 3 files changed, 146 insertions(+) diff --git a/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h b/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h index f88b07ee9806a51dd10add3a82bf5ce1115c0656..99a8175262331f4b0ddc098c3c62a20954b2b516 100644 --- a/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h +++ b/ArmVirtPkg/Include/Library/ArmCcaRsiLib.h @@ -7,6 +7,8 @@ - Rsi or RSI - Realm Service Interface - IPA - Intermediate Physical Address - RIPAS - Realm IPA state + - RIM - Realm Initial Measurement + - REM - Realm Extensible Measurement @par Reference(s): - Realm Management Monitor (RMM) Specification, version A-bet0 @@ -44,6 +46,21 @@ */ #define MIN_CHALLENGE_DATA_SIZE_BITS 256 +/* Maximum measurement data size in bytes. + See Section C1.11 RmmRealmMeasurement type, RMM Specification, version A-bet0 + The width of the RmmRealmMeasurement type is 512 bits. +*/ +#define MAX_MEASUREMENT_DATA_SIZE_BYTES 64 + +/* Minimum and Maximum indices for REMs + See Section A2.1.3 Realm attributes, RMM Specification, version A-bet0 + IFMPYL - Attributes of a Realm include an array of measurement values. The + first entry in this array is a RIM. The remaining entries in this array are + REMs. +*/ +#define MIN_REM_INDEX 1 +#define MAX_REM_INDEX 4 + /** An enum describing the RSI RIPAS. See Section A5.2.2 Realm IPA state, RMM Specification, version A-bet0 */ @@ -127,6 +144,42 @@ RsiSetIpaState ( IN RIPAS State ); +/** + Extends a measurement to a REM. + + @param [in] MeasurementIndex Index of the REM. + @param [in] Measurement Pointer to the measurement buffer. + @param [in] MeasurementSize Size of the measurement data. + + @retval RETURN_SUCCESS Success. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. +**/ +RETURN_STATUS +EFIAPI +RsiExtendMeasurement ( + IN UINTN MeasurementIndex, + IN CONST UINT8 *CONST Measurement, + IN UINTN MeasurementSize + ); + +/** + Read the measurement value from a REM. + + @param [in] MeasurementIndex Index of the REM. + @param [out] MeasurementBuffer Pointer to store the measurement data. + @param [in] MeasurementBufferSize Size of the measurement buffer. + + @retval RETURN_SUCCESS Success. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. +**/ +RETURN_STATUS +EFIAPI +RsiReadMeasurement ( + IN UINTN MeasurementIndex, + OUT UINT8 *CONST MeasurementBuffer, + IN UINTN MeasurementBufferSize + ); + /** Read the Realm Configuration. diff --git a/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsi.h b/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsi.h index 325234d06695befc840dcf37e951130dfe0550c3..6f0ee3061ade5a4a99b717a52d5a241e0e446270 100644 --- a/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsi.h +++ b/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsi.h @@ -22,6 +22,8 @@ #define FID_RSI_ATTESTATION_TOKEN_INIT 0xC4000194 #define FID_RSI_IPA_STATE_GET 0xC4000198 #define FID_RSI_IPA_STATE_SET 0xC4000197 +#define FID_RSI_MEASUREMENT_EXTEND 0xC4000193 +#define FID_RSI_MEASUREMENT_READ 0xC4000192 #define FID_RSI_REALM_CONFIG 0xC4000196 #define FID_RSI_VERSION 0xC4000190 diff --git a/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c b/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c index 3cc6be299e0a7bd12e5a91d17eb0b9393f57a907..eb9896668a267f2cdf30f36bd14697d56d2612ed 100644 --- a/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c +++ b/ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c @@ -8,6 +8,7 @@ - Rsi or RSI - Realm Service Interface - IPA - Intermediate Physical Address - RIPAS - Realm IPA state + - REM - Realm Extensible Measurement @par Reference(s): - Realm Management Monitor (RMM) Specification, version A-bet0 @@ -366,6 +367,96 @@ RsiSetIpaState ( return Status; } +/** + Extends a measurement to a REM. + + @param [in] MeasurementIndex Index of the REM. + @param [in] Measurement Pointer to the measurement buffer. + @param [in] MeasurementSize Size of the measurement data. + + @retval RETURN_SUCCESS Success. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. +**/ +RETURN_STATUS +EFIAPI +RsiExtendMeasurement ( + IN UINTN MeasurementIndex, + IN CONST UINT8 *CONST Measurement, + IN UINTN MeasurementSize + ) +{ + ARM_SMC_ARGS SmcCmd; + UINT64 *Data64; + + if ((MeasurementIndex < MIN_REM_INDEX) || + (MeasurementIndex > MAX_REM_INDEX) || + (Measurement == NULL) || + (MeasurementSize == 0) || + (MeasurementSize > MAX_MEASUREMENT_DATA_SIZE_BYTES)) + { + return RETURN_INVALID_PARAMETER; + } + + ZeroMem (&SmcCmd, sizeof (SmcCmd)); + + SmcCmd.Arg0 = FID_RSI_MEASUREMENT_EXTEND; + SmcCmd.Arg1 = MeasurementIndex; + SmcCmd.Arg2 = MeasurementSize; + + Data64 = &SmcCmd.Arg3; + CopyMem (Data64, Measurement, MeasurementSize); + + ArmCallSmc (&SmcCmd); + return RsiCmdStatusToEfiStatus (SmcCmd.Arg0); +} + +/** + Read the measurement value from a REM. + + @param [in] MeasurementIndex Index of the REM. + @param [out] MeasurementBuffer Pointer to store the measurement data. + @param [in] MeasurementBufferSize Size of the measurement buffer. + + @retval RETURN_SUCCESS Success. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. +**/ +RETURN_STATUS +EFIAPI +RsiReadMeasurement ( + IN UINTN MeasurementIndex, + OUT UINT8 *CONST MeasurementBuffer, + IN UINTN MeasurementBufferSize + ) +{ + RETURN_STATUS Status; + ARM_SMC_ARGS SmcCmd; + UINT64 *Data64; + + if ((MeasurementIndex < MIN_REM_INDEX) || + (MeasurementIndex > MAX_REM_INDEX) || + (MeasurementBuffer == NULL)) + { + return RETURN_INVALID_PARAMETER; + } + + if (MeasurementBufferSize < MAX_MEASUREMENT_DATA_SIZE_BYTES) { + return RETURN_BUFFER_TOO_SMALL; + } + + ZeroMem (&SmcCmd, sizeof (SmcCmd)); + SmcCmd.Arg0 = FID_RSI_MEASUREMENT_READ; + SmcCmd.Arg1 = MeasurementIndex; + + ArmCallSmc (&SmcCmd); + Status = RsiCmdStatusToEfiStatus (SmcCmd.Arg0); + if (!RETURN_ERROR (Status)) { + Data64 = &SmcCmd.Arg1; + CopyMem (MeasurementBuffer, Data64, MAX_MEASUREMENT_DATA_SIZE_BYTES); + } + + return Status; +} + /** Read the Realm Configuration. -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117676): https://edk2.groups.io/g/devel/message/117676 Mute This Topic: https://groups.io/mt/105483414/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-