From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail04.groups.io (mail04.groups.io [45.79.224.9]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1A07BD811C3 for ; Mon, 15 Apr 2024 07:56:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=sR42LzR0lgm7v87xObPlUIIuLYBDJhDyIuUXHq/uQXg=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1713167792; v=1; b=dFHxJOPmL+WKWuxxrsTbp3ox9qifv1SDRBeVSX23Jvvx7DaRIcKKPAOlZzXVwdn4ni37Bf2D KaPQLCXESw64Z06+htf5prafXPvRkTWHnXqf1lCv5jhZ90jt9Rec1ylp81iPAU1M7QucB1frZ2t V+zxEHAJYX4Jn5yYi6Rloip85SdzSKd7uLfliZNiijmuDPrxJmQuGsCaV93nnR11YUpkj49sQNy x6wIWgotsjoQjIkIg1mq1d4vmCyUg8ES+CHA/ILjdJxgZAWjz64AqfQVJQJsOry0snXyxuF/UpC 7U3zLorkqJIhvDvuTh7qPeU1lr1coTwl4C9n1cK5Eh7Hg== X-Received: by 127.0.0.2 with SMTP id ykjLYY7687511xsUPZLuCRrR; Mon, 15 Apr 2024 00:56:32 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) by mx.groups.io with SMTP id smtpd.web10.15780.1713167792149095238 for ; Mon, 15 Apr 2024 00:56:32 -0700 X-CSE-ConnectionGUID: uCDC4Ml2RrSxCIXSGUbuMg== X-CSE-MsgGUID: RRmhulQnSfKZtguGBYF3fA== X-IronPort-AV: E=McAfee;i="6600,9927,11044"; a="8410929" X-IronPort-AV: E=Sophos;i="6.07,202,1708416000"; d="scan'208";a="8410929" X-Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Apr 2024 00:56:25 -0700 X-CSE-ConnectionGUID: GaaUCw4gQuGAc1eQRG0Y6Q== X-CSE-MsgGUID: IrVanbB8ScKpMkvF5m4xjg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,202,1708416000"; d="scan'208";a="26258243" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.124.224.178]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Apr 2024 00:56:23 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Ard Biesheuvel , Jiewen Yao , Gerd Hoffmann Subject: [edk2-devel] [PATCH V1 2/5] OmvfPkg/HashLibTdx: Add HashLibTdx Date: Mon, 15 Apr 2024 15:55:51 +0800 Message-ID: <20240415075555.499-3-min.m.xu@intel.com> In-Reply-To: <20240415075555.499-1-min.m.xu@intel.com> References: <20240415075555.499-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 15 Apr 2024 00:56:32 -0700 Resent-From: min.m.xu@intel.com Reply-To: devel@edk2.groups.io,min.m.xu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: k1GirQ7zF2tXnxxlNW1jhK7dx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=dFHxJOPm; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.9 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752 This library is the one of SecurityPkg/Library/HashLibTdx. It is designed for Intel TDX enlightened OVMF. So moving it from SecurityPkg to OvmfPkg. To prevent breaking the build, the moving is splitted into 2 patch. SecurityPkg/Library/HashLibTdx will be deleted in the next patch. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/Library/HashLibTdx/HashLibTdx.c | 213 ++++++++++++++++++++++ OvmfPkg/Library/HashLibTdx/HashLibTdx.inf | 37 ++++ 2 files changed, 250 insertions(+) create mode 100644 OvmfPkg/Library/HashLibTdx/HashLibTdx.c create mode 100644 OvmfPkg/Library/HashLibTdx/HashLibTdx.inf diff --git a/OvmfPkg/Library/HashLibTdx/HashLibTdx.c b/OvmfPkg/Library/HashLibTdx/HashLibTdx.c new file mode 100644 index 000000000000..3cebbc70d3ec --- /dev/null +++ b/OvmfPkg/Library/HashLibTdx/HashLibTdx.c @@ -0,0 +1,213 @@ +/** @file + This library is HashLib for Tdx. + +Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +EFI_GUID mSha384Guid = HASH_ALGORITHM_SHA384_GUID; + +// +// Currently TDX supports SHA384. +// +HASH_INTERFACE mHashInterface = { + { 0 }, NULL, NULL, NULL +}; + +UINTN mHashInterfaceCount = 0; + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +HashStart ( + OUT HASH_HANDLE *HashHandle + ) +{ + HASH_HANDLE HashCtx; + + if (mHashInterfaceCount == 0) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + HashCtx = 0; + mHashInterface.HashInit (&HashCtx); + + *HashHandle = HashCtx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + if (mHashInterfaceCount == 0) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashCompleteAndExtend ( + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + TPML_DIGEST_VALUES Digest; + EFI_STATUS Status; + + if (mHashInterfaceCount == 0) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + ZeroMem (DigestList, sizeof (*DigestList)); + + mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen); + mHashInterface.HashFinal (HashHandle, &Digest); + + CopyMem ( + &DigestList->digests[0], + &Digest.digests[0], + sizeof (Digest.digests[0]) + ); + DigestList->count++; + + ASSERT (DigestList->count == 1 && DigestList->digests[0].hashAlg == TPM_ALG_SHA384); + + Status = TdExtendRtmr ( + (UINT32 *)DigestList->digests[0].digest.sha384, + SHA384_DIGEST_SIZE, + (UINT8)PcrIndex + ); + + ASSERT (!EFI_ERROR (Status)); + return Status; +} + +/** + Hash data and extend to RTMR. + + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash data and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashAndExtend ( + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + HASH_HANDLE HashHandle; + EFI_STATUS Status; + + if (mHashInterfaceCount == 0) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + ASSERT (TdIsEnabled ()); + + HashStart (&HashHandle); + HashUpdate (HashHandle, DataToHash, DataToHashLen); + Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList); + + return Status; +} + +/** + This service register Hash. + + @param HashInterface Hash interface + + @retval EFI_SUCCESS This hash interface is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this interface. + @retval EFI_ALREADY_STARTED System already register this interface. +**/ +EFI_STATUS +EFIAPI +RegisterHashInterfaceLib ( + IN HASH_INTERFACE *HashInterface + ) +{ + // + // HashLibTdx is designed for Tdx guest. So if it is not Tdx guest, + // return EFI_UNSUPPORTED. + // + if (!TdIsEnabled ()) { + return EFI_UNSUPPORTED; + } + + // + // Only SHA384 is allowed. + // + if (!CompareGuid (&mSha384Guid, &HashInterface->HashGuid)) { + return EFI_UNSUPPORTED; + } + + if (mHashInterfaceCount != 0) { + ASSERT (FALSE); + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (&mHashInterface, HashInterface, sizeof (*HashInterface)); + mHashInterfaceCount++; + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/Library/HashLibTdx/HashLibTdx.inf b/OvmfPkg/Library/HashLibTdx/HashLibTdx.inf new file mode 100644 index 000000000000..946132124c85 --- /dev/null +++ b/OvmfPkg/Library/HashLibTdx/HashLibTdx.inf @@ -0,0 +1,37 @@ +## @file +# Provides hash service by registered hash handler in Tdx. +# +# This library is HashLib for Tdx. Currently only SHA384 is supported. +# +# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashLibTdx + FILE_GUID = 77F6EA3E-1ABA-4467-A447-926E8CEB2D13 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = HashLib|SEC DXE_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources] + HashLibTdx.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PcdLib + TdxLib -- 2.44.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117764): https://edk2.groups.io/g/devel/message/117764 Mute This Topic: https://groups.io/mt/105531964/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-