From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.107.20.79]) by mx.groups.io with SMTP id smtpd.web08.5795.1634722004203528063 for ; Wed, 20 Oct 2021 02:26:45 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=yb4xZcv8; spf=pass (domain: arm.com, ip: 40.107.20.79, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zIG0daiI78iKeAgPB1Xuo4aT3l9A53ls1qWiFQ8BwKc=; b=yb4xZcv8FLwC6gIkc+/X7bc5Fn5SgZPBLpyuQPim12JRAhh4tbqqYWbR7O3jobuGORf8vn+cDt4FDVcfwner78fq2YF+HYLycJkorYa1awGk2Ydt/Zyf0hguB7mChlQSCGNnQkIn2mk99Nt/bs0DA07XMcSdXuK+kGmdU0YwK2k= Received: from DB8P191CA0023.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::33) by DB9PR08MB6604.eurprd08.prod.outlook.com (2603:10a6:10:262::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.18; Wed, 20 Oct 2021 09:26:39 +0000 Received: from DB5EUR03FT020.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:130:cafe::78) by DB8P191CA0023.outlook.office365.com (2603:10a6:10:130::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16 via Frontend Transport; Wed, 20 Oct 2021 09:26:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT020.mail.protection.outlook.com (10.152.20.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.15 via Frontend Transport; Wed, 20 Oct 2021 09:26:39 +0000 Received: ("Tessian outbound a8bfe25d7364:v103"); Wed, 20 Oct 2021 09:26:39 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: c923e2689cc8c06b X-CR-MTA-TID: 64aa7808 Received: from f45329dabcb2.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 6CEEC7C4-7F64-4CAE-80A0-79E7575A8FE2.1; Wed, 20 Oct 2021 09:26:28 +0000 Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f45329dabcb2.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 20 Oct 2021 09:26:28 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eP+0frjdO7MLh1u3x1WU4hrWJaRNbu3SIWriYtpVLwdXtBTyTsDYrFfbLQ0Ie+NyVidZeWJGBX/VWtBeIBiXCLeb3q2eFTw+SvQ8Tljq1i74SgfC0cXJ4WnBzuiiCbRs4Th+9lK2Jt7oBun62pa1UX5Hr3soegm7mwMBPQq7d4UQRy8jXxmBzTQg6BSRIplosHIUfLuO9noFcEkCD1uemE+Cd3aohXyu8hGRGsFPUbAXIYeS6JXNTyh4LftLNRIlSJcUcMk2BL2c1u9HlI732WWeqCDx/jaiJBNK+NxYFumEwC0SkFepphPdxVzaKaDvPpqrmDJzwMIS6Hp2652fPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zIG0daiI78iKeAgPB1Xuo4aT3l9A53ls1qWiFQ8BwKc=; b=RZ30SwVSbG9GJL/rFKrEotMHgG+W/70m3B3ndYWyU3RVZFAvtysjiA3aEG5I5EtucV5hJudIJgINj1+tKlXIYqFWYhF0cgFWwO+n/s0e2QH6FvbkLJS+f1FxxFxBLCbimQSwu5wAs2ydSsJ0r4qP20hOx8gLssiAxOGn5pUXxW+Y9ckme4MBDmk5K4mqj+oMMGEdmjnbMLHCsmo27l5q/UkifcvH5yLvEYa8AYENx2jG2b7GccxnuckrDbEQUZd3gQwC550z5hnPxNfPIRiEdD/oFMaxwi8Uo29IvILHA0UALxwL3YxRvE62sms5zZDSWzz1CXrXRe+cpswa0/+DAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zIG0daiI78iKeAgPB1Xuo4aT3l9A53ls1qWiFQ8BwKc=; b=yb4xZcv8FLwC6gIkc+/X7bc5Fn5SgZPBLpyuQPim12JRAhh4tbqqYWbR7O3jobuGORf8vn+cDt4FDVcfwner78fq2YF+HYLycJkorYa1awGk2Ydt/Zyf0hguB7mChlQSCGNnQkIn2mk99Nt/bs0DA07XMcSdXuK+kGmdU0YwK2k= Authentication-Results-Original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by AS8PR08MB6904.eurprd08.prod.outlook.com (2603:10a6:20b:394::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16; Wed, 20 Oct 2021 09:26:26 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::54b5:239d:9896:ee65]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::54b5:239d:9896:ee65%4]) with mapi id 15.20.4608.018; Wed, 20 Oct 2021 09:26:26 +0000 Subject: Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Introduce TdProtocol for TD-Guest firmware To: devel@edk2.groups.io, jiewen.yao@intel.com, "Xu, Min M" CC: "Kinney, Michael D" , Liming Gao , "Liu, Zhiguang" , "Wang, Jian J" , "Lu, Ken" , nd , Joey Gouly References: <92fc7754-8ac4-40b5-14ee-1d2b12555ea7@arm.com> From: "Sami Mujawar" Message-ID: <290b8d37-5fa6-5fc6-f8e3-56a946388b7a@arm.com> Date: Wed, 20 Oct 2021 10:26:24 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1 In-Reply-To: X-ClientProxiedBy: LO4P123CA0495.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1ab::14) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 Received: from [10.1.196.43] (217.140.106.52) by LO4P123CA0495.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1ab::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16 via Frontend Transport; Wed, 20 Oct 2021 09:26:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 287018bb-ee9c-4ded-905a-08d993abb885 X-MS-TrafficTypeDiagnostic: AS8PR08MB6904:|DB9PR08MB6604: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:7219;OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: 0VZuA8MqYfKtXZiHnc0cdY16W4YO3sTPAP+QUidPng7aIkxXix1K0+fTIU2glPo9G3JiL6p2DMZ2ZgmFHdxjP7Kt6Di1bVNjWCYVjLH+lH/458OdTgiuuMdVLtLP/15H0b3NpOhpKV9pQhpsDJMGh9eLl5si8Kc6UKS+RwHBQKNUUOB7O3idi5Asw1C2jPdF2xPZd2ZsPuImQKTHOmmTPeDMjbBH7Om4YiK1RW6OjkAcB2lYbzyJg2LLbAOwe9L/CKQ4ucYLtlhvpxv3FALl5pvSIRJ3YSJg/9IYYksLgZHIG+wjO+oYNhndcZ72QgEagIp5rWpM0+4TyxcHUTuMtw6v9tGMAZRUYtL5ZRXKF6tG3N7Z6g4vfOdgnZB7+DvmvNEi+hfpSbhynxcL6k61OOXAOELA+k4FV6JQzOylJEdlKJzUlf+RgHl+SyWNDcVPnbEFChh3DA/B1Kptx3LxJfN6iTIWLFNoYYYS0TnWSZLpoemY5e5zvtQ+ueJXWM9b3lEFjzCpbiMR6ItJBo4bZgkJErLPqh6UY+p9Vi/WOVNRrp1U5n/Guvn/XNgL0cVrK7Ep7wHYqPnivAtDAU7TcjbO40gPTkDsF9d92e9lgzipGNYu1GO5QidTPsA1CK9kgWYqoHyLu68I7SE9Zuc+cnA0RAx1eWrutHf69vdJTNz3KhzK/serrDtsj8wJAN63Jh0hR5gtJ8QA4tpPmawKmAAX0ke4/ntOYvI7boAy98w6OdO1DjoQCneE+ZOt1Hb/yIE7twdNe7IIqAibyvrUJHNIpFM28G9uUA5+1ZTdH8tqr2A54mpXtSjb1Y5bVi5LEDuXwXJwlmHXRr/w+eqQStENbSRb6wTlCVujgElZKC3/KRasx55n/rVVqUm1ytd0BkNwZXsM/BemQnjUs6b1kQ== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(66556008)(508600001)(2906002)(44832011)(66476007)(186003)(86362001)(53546011)(66946007)(54906003)(6486002)(4326008)(52116002)(30864003)(36756003)(31696002)(2616005)(38350700002)(38100700002)(6916009)(31686004)(8936002)(316002)(16576012)(26005)(956004)(966005)(8676002)(83380400001)(5660300002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6904 Original-Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT020.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 2f012bb6-17f1-4cf3-d806-08d993abb0b7 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uXe7R5DTel6AufwoulIkAB8GtsjpxrcVuyFcP0ZgDJH7bH/9NUoXi1ZnCnHVTUeOGywI1eGv48yki7yBne9irOSmtYpXnyi6tvk1zJKCl1zBkQaAYlyYOTZfoa+3wjhJ0Ebk+oUjJ4VMwZ5sUg3PuEHZqqnd35d1eHtclkfd5RMlN8+bp+xryBQpWU/bqslob1xQ7KH9AKK4hDv+qrLIrlCYRgkcLeCh9ZpHKD4IC3LFLlpRk4hucrubzERqcCxpqJNyEOc8q5eU9V1XjYZp5rGWi7AxWzvsBkr78/V0PR7P6XUqtKL1c7CSiEaXo7Rfh2M+o5yHMIAmPJhS3oS8F9CxwE2oO9/mTPuvhQ3nG4pJLZLqTghXd7SjC9NmR8lZZ81BBO1UZ9vj16E5RkQ7SvJfNNqDUS5yDpT3KIi0Yj1X/jc6AS/7bNeUyA+cBUTwgFEXdKbonZm6V/gimVjY8Kd5u4v9WN1RqU87mGALHcoqx15jaBB47rTjOW0+8Rbct6Utf9+0mjUh3qlVkIvs4qDo+dxLGaBQK7BYjyGnyc48WFO5TrIdjJHYg3rblH2wM9p66YQYWG3NgZIKuuClUhHBh+7B2fIZZeyUHDr18jN/7oLq/5Y057NaSmHMQDho/Y6vqURjTpev32Pa14qt9J+Xw/RDJZVuDPUcJ8NWpKMn4FmA8Cf3ymbm6Wo8R666g3cMVe/El0Gm/pM0kJ98M/CF1YtkdDkzyO4NMlFApqaLy3x2IZgRk9qlgZbbENZYc7gB9D/MnPI7CaBBVhJeFuMEeTaW5NwDMKccHskIvaIEJIYZ1UUfiv+wMCK8HP5ghBaBRuReMX/dD6ufucoCzldHQADQMeyWPXjh6p1GbZc= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(6029001)(4636009)(46966006)(36840700001)(956004)(2906002)(2616005)(336012)(86362001)(6862004)(6486002)(36756003)(44832011)(70206006)(508600001)(53546011)(70586007)(31696002)(8676002)(31686004)(356005)(81166007)(186003)(8936002)(36860700001)(966005)(83380400001)(30864003)(4326008)(54906003)(16576012)(316002)(5660300002)(26005)(47076005)(82310400003)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2021 09:26:39.3887 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 287018bb-ee9c-4ded-905a-08d993abb885 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT020.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6604 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-GB Hi Jiewen, Please find my response inline marked [SAMI]. Regards, Sami Mujawar On 19/10/2021 03:40 PM, Yao, Jiewen via groups.io wrote: > Good feedback. Thank you very much, Sami. > > Response inline. > > I proposed some naming change. Please let us know if that is OK. > > Thank you > Yao, Jiewen > > > >> -----Original Message----- >> From: devel@edk2.groups.io On Behalf Of Sami >> Mujawar >> Sent: Tuesday, October 19, 2021 9:21 PM >> To: devel@edk2.groups.io; Xu, Min M >> Cc: Kinney, Michael D ; Liming Gao >> ; Liu, Zhiguang ; Yao, >> Jiewen ; Wang, Jian J ; Lu,= Ken >> ; nd ; Joey Gouly >> Subject: Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Introduce TdProtocol fo= r TD- >> Guest firmware >> >> Hi Min, Jiewen, >> >> Thank you for this patch. >> >> I think the protocol definition can be made architecturally neutral with >> a few modifications marked inline as [SAMI]. >> >> I am fine with renaming the protocol to either >> EFI_TEE_MEASUREMENT_PROTOCOL or EFI_CCAM_PROTOCOL. Similarly, some >> of >> the data structures, variables, etc. would need renaming as well. >> >> Please let me know if you have any queries. >> >> Regards, >> >> Sami Mujawar >> >> On 08/10/2021 06:21 AM, Min Xu via groups.io wrote: >>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3625 >>> >>> If TD-Guest firmware supports measurement and an event is created, >>> TD-Guest firmware is designed to report the event log with the same dat= a >>> structure in TCG-Platform-Firmware-Profile specification with >>> EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. >>> >>> The TD-Guest firmware supports measurement, the TD Guest Firmware is >>> designed to produce EFI_TD_PROTOCOL with new GUID >> EFI_TD_PROTOCOL_GUID >>> to report event log and provides hash capability. >>> >>> https://software.intel.com/content/dam/develop/external/us/en/documents= / >>> intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf >>> Section 4.3.2 includes the EFI_TD_PROTOCOL. >>> >>> Cc: Michael D Kinney >>> Cc: Liming Gao >>> Cc: Zhiguang Liu >>> Cc: Jiewen Yao >>> Cc: Jian J Wang >>> Cc: Ken Lu >>> Reviewed-by: Jiewen Yao >>> Signed-off-by: Min Xu >>> --- >>> MdePkg/Include/Protocol/TdProtocol.h | 305 >> +++++++++++++++++++++++++++ >>> MdePkg/MdePkg.dec | 3 + >>> 2 files changed, 308 insertions(+) >>> create mode 100644 MdePkg/Include/Protocol/TdProtocol.h >>> >>> diff --git a/MdePkg/Include/Protocol/TdProtocol.h >> b/MdePkg/Include/Protocol/TdProtocol.h >>> new file mode 100644 >>> index 000000000000..89b09928d33a >>> --- /dev/null >>> +++ b/MdePkg/Include/Protocol/TdProtocol.h >>> @@ -0,0 +1,305 @@ >>> +/** @file >>> + If TD-Guest firmware supports measurement and an event is created, T= D- >> Guest >>> + firmware is designed to report the event log with the same data stru= cture >>> + in TCG-Platform-Firmware-Profile specification with >>> + EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. >>> + >>> + The TD-Guest firmware supports measurement, the TD Guest Firmware is >> designed >>> + to produce EFI_TD_PROTOCOL with new GUID EFI_TD_PROTOCOL_GUID to >> report >>> + event log and provides hash capability. >>> + >>> +Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
>>> +SPDX-License-Identifier: BSD-2-Clause-Patent >>> + >>> +**/ >>> + >>> + >>> +#ifndef TD_PROTOCOL_H_ >>> +#define TD_PROTOCOL_H_ >>> + >>> +#include >>> +#include >>> +#include >> [SAMI] Maybe the Tpm20.h include is not required here. Can you check, >> please? > [Jiewen] Right. I don=E2=80=99t think we do need it in this definition. > I feel we just copy it from Tcg2Protocol.h. > >>> + >>> + >>> +#define EFI_TD_PROTOCOL_GUID \ >>> + { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, = 0xae, >> 0x6b }} >>> +extern EFI_GUID gEfiTdProtocolGuid; >>> + >>> +typedef struct _EFI_TD_PROTOCOL EFI_TD_PROTOCOL; >> [SAMI] I think this could be renamed to either >> EFI_TEE_MEASUREMENT_PROTOCOL or EFI_CCAM_PROTOCOL. Similarly, the >> usage >> of _TD_ would need to be replaced accordingly. > [Jiewen] Agree. > I propose "EFI_TD_PROTOCOL"->"EFI_TEE_MEASUREMENT_PROTOCOL" > Also "TD"->"TEE" [SAMI] Agree. >>> + >>> +typedef struct { >>> + UINT8 Major; >>> + UINT8 Minor; >>> +} EFI_TD_VERSION; >>> + >>> +typedef UINT32 EFI_TD_EVENT_LOG_BITMAP; >>> +typedef UINT32 EFI_TD_EVENT_LOG_FORMAT; >>> +typedef UINT32 EFI_TD_EVENT_ALGORITHM_BITMAP; >>> +typedef UINT32 EFI_TD_MR_INDEX; >>> + >>> +#define EFI_TD_EVENT_LOG_FORMAT_TCG_2 0x00000002 >>> +#define EFI_TD_BOOT_HASH_ALG_SHA384 0x00000004 >> [SAMI] It is good that the values for these macros match that of TCG2. I >> believe it should be possible to extend these to add macros for other >> algorithms in the future. > [Jiewen] Agree. If we change "TD"->"TEE", we can add other algo based upo= n real use case. > E.g. EFI_TEE_EVENT_LOG_..., EFI_TEE_MR_INDEX, EFI_TEE_BOOT_HASH_... [SAMI] Ack. >>> + >>> +// >>> +// This bit is shall be set when an event shall be extended but not lo= gged. >>> +// >>> +#define EFI_TD_FLAG_EXTEND_ONLY 0x0000000000000001 >>> +// >>> +// This bit shall be set when the intent is to measure a PE/COFF image= . >>> +// >>> +#define EFI_TD_FLAG_PE_COFF_IMAGE 0x0000000000000010 >>> + >>> +#define MR_INDEX_MRTD 0 >>> +#define MR_INDEX_RTMR0 1 >>> +#define MR_INDEX_RTMR1 2 >>> +#define MR_INDEX_RTMR2 3 >>> +#define MR_INDEX_RTMR3 4 >>> + >> [SAMI] I think these indexes could go to a TD specific include file Or >> the indexes could be defined generically. May be it would be good to >> introduce a PcdMaxMrIndex that is configurable for different >> architectures. This may be useful should any asserts/checks are needed >> in the code. > [Jiewen] Right. This is TD specific index. > We need rename it to TDX_MR_INDEX_*. > > I think we need add new fields in EFI_TD_BOOT_SERVICE_CAPABILITY. > > typedef UINT8 EFI_TEE_TYPE; // match https://github.com/tianocore/edk2/b= lob/master/OvmfPkg/Include/WorkArea.h, NONE =3D 0, AMD_SEV =3D 1, INTEL_TDX= =3D 2, we can add more here. > typedef UINT8 EFI_TEE_SUBTYPE; // TEE-type specific subtype. [SAMI] This is a good idea. If I understand correctly, there is this=20 going to be a new enum definition for the TEE architecture (with NONE=20 =3D0, AMD_SEV =3D 1, INTEL_TDX =3D 2, etc.), and the EFI_TEE_SUBTYPE values= =20 would probably be left to be defined by the respective architectures. > As such, the caller can know what event log / index it is using. > > E.g. If TeeType is TDX, then the INDEX matches the TDX RTMR. > If TeeType is Realm, then the INDEX matches something else. [SAMI] Agree. > I am not sure the usage of PcdMaxMrIndex. We SHALL NOT define PCD in a pr= otocol in general. > Would you please share your idea on how to use PcdMaxMrIndex? Then we can= have better solution. [SAMI] The TCG2 protocol definition file has MAX_PCR_INDEX. So, I=20 thought introducing a PCD for MaxMrIndex will provide flexibility for=20 defining the maximum number of measurement registers provided by=20 different architectures. At this point I don't see a usecase other than for validating that the=20 MaxMrIndex is not exceeded. So, we can drop PcdMaxMrIndex for now. [/SAMI] > >>> +// >>> +// This bit shall be set when the intent is to measure a PE/COFF image= . >>> +// >>> +#define PE_COFF_IMAGE 0x0000000000000010 >>> + >> [SAMI] I think this macro is not needed. > [Jiewen] This is to align with TCG2 protocol. I think we need to measurem= ent UEFI image. > Is there any concern to keep it? [SAMI] I thought EFI_TD_FLAG_PE_COFF_IMAGE above is for the same=20 purpose. So, thought this was duplicate. > > >>> +#pragma pack (1) >>> + >>> +#define EFI_TD_EVENT_HEADER_VERSION 1 >>> + >>> +typedef struct { >>> + // >>> + // Size of the event header itself (sizeof(EFI_TD_EVENT_HEADER)). >>> + // >>> + UINT32 HeaderSize; >>> + // >>> + // Header version. For this version of this specification, the value= shall be 1. >>> + // >>> + UINT16 HeaderVersion; >>> + // >>> + // Index of the MR that shall be extended. >>> + // >>> + EFI_TD_MR_INDEX MrIndex; >>> + // >>> + // Type of the event that shall be extended (and optionally logged). >>> + // >>> + UINT32 EventType; >>> +} EFI_TD_EVENT_HEADER; >>> + >>> +typedef struct { >>> + // >>> + // Total size of the event including the Size component, the header = and the >> Event data. >>> + // >>> + UINT32 Size; >>> + EFI_TD_EVENT_HEADER Header; >>> + UINT8 Event[1]; >>> +} EFI_TD_EVENT; >>> + >>> +#pragma pack() >>> + >>> + >>> +typedef struct { >>> + // >>> + // Allocated size of the structure >>> + // >>> + UINT8 Size; >>> + // >>> + // Version of the EFI_TD_BOOT_SERVICE_CAPABILITY structure itself. >>> + // For this version of the protocol, the Major version shall be set = to 1 >>> + // and the Minor version shall be set to 1. >>> + // >>> + EFI_TD_VERSION StructureVersion; >>> + // >>> + // Version of the EFI TD protocol. >>> + // For this version of the protocol, the Major version shall be set = to 1 >>> + // and the Minor version shall be set to 1. >>> + // >>> + EFI_TD_VERSION ProtocolVersion; >> [SAMI] Should the protocol version be 1.0 (Major.Minor), as this is the >> first introduction. Same for the StructureVersion field above. > [Jiewen] Copy/Past from TCG2. > Sure. We can start from 1.0 (not 1.1). > >>> + // >>> + // Supported hash algorithms >>> + // >>> + EFI_TD_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; >>> + // >>> + // Bitmap of supported event log formats >>> + // >>> + EFI_TD_EVENT_LOG_BITMAP SupportedEventLogs; >>> + >>> + // >>> + // False =3D TD not present >>> + // >>> + BOOLEAN TdPresentFlag; >> [SAMI] I believe this would need to be renamed to something like >> TeePresentFlag or CcaPresentFlag or a suitable alternative. > [Jiewen] Agree. I propose to remove TdPresentFlag. > Add "EFI_TEE_TYPE TeeType;" // 0 - None, 1 - SEV, 2 - TDX, ... [SAMI] Ack. > >>> +} EFI_TD_BOOT_SERVICE_CAPABILITY; >>> + >>> +/** >>> + The EFI_TD_PROTOCOL GetCapability function call provides protocol >>> + capability information and state information. >>> + >>> + @param[in] This Indicates the calling context >>> + @param[in, out] ProtocolCapability The caller allocates memory for a >> EFI_TD_BOOT_SERVICE_CAPABILITY >>> + structure and sets the size field= to the size of the >> structure allocated. >>> + The callee fills in the fields wi= th the EFI protocol >> capability information >>> + and the current EFI TD state info= rmation up to the >> number of fields which >>> + fit within the size of the struct= ure passed in. >>> + >>> + @retval EFI_SUCCESS Operation completed successfully. >>> + @retval EFI_DEVICE_ERROR The command was unsuccessful. >>> + The ProtocolCapability variable will = not be populated. >>> + @retval EFI_INVALID_PARAMETER One or more of the parameters are >> incorrect. >>> + The ProtocolCapability variable will = not be populated. >>> + @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is to= o >> small to hold the full response. >>> + It will be partially populated (requi= red Size field will be set). >>> +**/ >>> +typedef >>> +EFI_STATUS >>> +(EFIAPI *EFI_TD_GET_CAPABILITY) ( >>> + IN EFI_TD_PROTOCOL *This, >>> + IN OUT EFI_TD_BOOT_SERVICE_CAPABILITY *ProtocolCapability >>> + ); >>> + >>> +/** >>> + The EFI_TD_PROTOCOL Get Event Log function call allows a caller to >>> + retrieve the address of a given event log and its last entry. >>> + >>> + @param[in] This Indicates the calling context >>> + @param[in] EventLogFormat The type of the event log for which t= he >> information is requested. >>> + @param[out] EventLogLocation A pointer to the memory address of th= e >> event log. >>> + @param[out] EventLogLastEntry If the Event Log contains more than o= ne >> entry, this is a pointer to the >>> + address of the start of the last entr= y in the event log in >> memory. >>> + @param[out] EventLogTruncated If the Event Log is missing at least = one >> entry because an event would >>> + have exceeded the area allocated for = events, this value is >> set to TRUE. >>> + Otherwise, the value will be FALSE an= d the Event Log will >> be complete. >>> + >>> + @retval EFI_SUCCESS Operation completed successfully. >>> + @retval EFI_INVALID_PARAMETER One or more of the parameters are >> incorrect >>> + (e.g. asking for an event log whose f= ormat is not >> supported). >>> +**/ >>> +typedef >>> +EFI_STATUS >>> +(EFIAPI *EFI_TD_GET_EVENT_LOG) ( >>> + IN EFI_TD_PROTOCOL *This, >>> + IN EFI_TD_EVENT_LOG_FORMAT EventLogFormat, >>> + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, >>> + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, >>> + OUT BOOLEAN *EventLogTruncated >>> + ); >>> + >>> +/** >>> + The EFI_TD_PROTOCOL HashLogExtendEvent function call provides caller= s >> with >>> + an opportunity to extend and optionally log events without requiring >>> + knowledge of actual TD commands. >>> + The extend operation will occur even if this function cannot create = an event >>> + log entry (e.g. due to the event log being full). >>> + >>> + @param[in] This Indicates the calling context >>> + @param[in] Flags Bitmap providing additional informati= on. >>> + @param[in] DataToHash Physical address of the start of the = data >> buffer to be hashed. >>> + @param[in] DataToHashLen The length in bytes of the buffer ref= erenced >> by DataToHash. >>> + @param[in] EfiTdEvent Pointer to data buffer containing inf= ormation >> about the event. >>> + >>> + @retval EFI_SUCCESS Operation completed successfully. >>> + @retval EFI_DEVICE_ERROR The command was unsuccessful. >>> + @retval EFI_VOLUME_FULL The extend operation occurred, but th= e >> event could not be written to one or more event logs. >>> + @retval EFI_INVALID_PARAMETER One or more of the parameters are >> incorrect. >>> + @retval EFI_UNSUPPORTED The PE/COFF image type is not support= ed. >>> +**/ >>> +typedef >>> +EFI_STATUS >>> +(EFIAPI * EFI_TD_HASH_LOG_EXTEND_EVENT) ( >>> + IN EFI_TD_PROTOCOL *This, >>> + IN UINT64 Flags, >>> + IN EFI_PHYSICAL_ADDRESS DataToHash, >>> + IN UINT64 DataToHashLen, >>> + IN EFI_TD_EVENT *EfiTdEvent >>> + ); >>> + >>> +/** >>> + The EFI_TD_PROTOCOL MapPcrToMrIndex function call provides callers >>> + the info on TPM PCR<-> measurement register mapping information. >>> + >>> + In current version, we use below mapping: >>> + PCR0 -> MRTD (Index 0) >>> + PCR1 -> RTMR0 (Index 1) >>> + PCR2~6 -> RTMR1 (Index 2) >>> + PCR7 -> RTMR0 (Index 1) >>> + PCR8~15 -> RTMR2 (Index 3) >>> + >> [SAMI] I think different architecures may map the PCRs differently. I >> think the comment could be reworded to a more generic representation of >> the mapping. >> Also, I need to check the mailing list if there is a patch that adds the >> TD protocol implementaiton, and if it could be made generic as well. >> Maybe the protocol implementation would need to use an architecture >> specific library that provides the mapping function. >> [/SAMI] > [Jiewen] Agree. We should clear up the comment. > The caller shall be generic enough to use this API to get the mapping. > The caller shall NOT make any assumption. [SAMI] Ack. > > >>> + @param[in] This Indicates the calling context >>> + @param[in] PcrIndex TPM PCR index. >>> + @param[out] MrIndex Measurement register index. >>> + >>> + @retval EFI_SUCCESS The MR index is returned. >>> + @retval EFI_INVALID_PARAMETER The MrIndex is NULL. >>> + @retval EFI_UNSUPPORTED The PcrIndex is invalid. >>> +**/ >>> +typedef >>> +EFI_STATUS >>> +(EFIAPI * EFI_TD_MAP_PCR_TO_MR_INDEX) ( >>> + IN EFI_TD_PROTOCOL *This, >>> + IN TCG_PCRINDEX PcrIndex, >>> + OUT EFI_TD_MR_INDEX *MrIndex >>> + ); >>> + >>> +struct _EFI_TD_PROTOCOL { >>> + EFI_TD_GET_CAPABILITY GetCapability; >>> + EFI_TD_GET_EVENT_LOG GetEventLog; >>> + EFI_TD_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; >>> + EFI_TD_MAP_PCR_TO_MR_INDEX MapPcrToMrIndex; >>> +}; >>> + >>> + >>> +// >>> +// TD event log >>> +// >>> + >>> +#pragma pack(1) >>> + >>> +// >>> +// Crypto Agile Log Entry Format. >>> +// It is similar with TCG_PCR_EVENT2 except the field of MrIndex and >> PCRIndex. >>> +// >>> +typedef struct { >>> + EFI_TD_MR_INDEX MrIndex; >>> + UINT32 EventType; >>> + TPML_DIGEST_VALUES Digests; >>> + UINT32 EventSize; >>> + UINT8 Event[1]; >>> +} TD_EVENT; >>> + >>> +// >>> +// EFI TD Event Header >>> +// It is similar with TCG_PCR_EVENT2_HDR except the field of MrIndex a= nd >> PCRIndex >>> +// >>> +typedef struct { >>> + EFI_TD_MR_INDEX MrIndex; >>> + UINT32 EventType; >>> + TPML_DIGEST_VALUES Digests; >>> + UINT32 EventSize; >>> +} TD_EVENT_HDR; >>> + >>> +#pragma pack() >>> + >>> +// >>> +// Log entries after Get Event Log service >>> +// >>> + >>> + >>> +typedef struct { >>> + // >>> + // The version of this structure. It shall be set ot 1. >> [SAMI] It may be good to define a macro for the events table version, >> similar to EFI_TCG2_FINAL_EVENTS_TABLE_VERSION. > [Jiewen] Agree. > >>> + // >>> + UINT64 Version; >>> + // >>> + // Number of events recorded after invocation of GetEventLog API >>> + // >>> + UINT64 NumberOfEvents; >>> + // >>> + // List of events of type TD_EVENT. >>> + // >>> + //TD_EVENT Event[1]; >>> +} EFI_TD_FINAL_EVENTS_TABLE; >>> + >>> + >>> +#define EFI_TD_FINAL_EVENTS_TABLE_GUID \ >>> + {0xdd4a4648, 0x2de7, 0x4665, {0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0x= b4, >> 0x46}} >>> + >>> +extern EFI_GUID gEfiTdFinalEventsTableGuid; >>> + >>> +#endif >>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec >>> index 9cdc915ebae9..a31c44d3a689 100644 >>> --- a/MdePkg/MdePkg.dec >>> +++ b/MdePkg/MdePkg.dec >>> @@ -1011,6 +1011,9 @@ >>> ## Include/Protocol/PcdInfo.h >>> gGetPcdInfoProtocolGuid =3D { 0x5be40f57, 0xfa68, 0x4610, {= 0xbb, 0xbf, >> 0xe9, 0xc5, 0xfc, 0xda, 0xd3, 0x65 } } >>> + ## Include/Protocol/TdProtocol.h >>> + gEfiTdProtocolGuid =3D { 0x96751a3d, 0x72f4, 0x41a6, { 0= xa7, 0x94, >> 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }} >>> + >>> # >>> # Protocols defined in PI1.0. >>> # >> >> >> >> > > >=20 > >