From: "Sami Mujawar" <sami.mujawar@arm.com>
To: devel@edk2.groups.io, min.m.xu@intel.com
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>, nd <nd@arm.com>,
Joey Gouly <Joey.Gouly@arm.com>
Subject: Re: [edk2-devel] [PATCH V2 3/3] SecurityPkg: Support TdProtocol in DxeTpmMeasurementLib
Date: Tue, 19 Oct 2021 14:24:43 +0100 [thread overview]
Message-ID: <31f9c948-43aa-d56d-2934-0d88ae94de75@arm.com> (raw)
In-Reply-To: <844e9fe333a90c76c923c541e8439716a2d949d5.1633661591.git.min.m.xu@intel.com>
Hi Min, Jiewen,
I believe this patch would need updating based on the changes done to
patch 1/3 to make the measurment protocol architecture neutral. Other
than that the code changes in this patch look good to me.
Regards,
Sami Mujawar
On 08/10/2021 06:21 AM, Min Xu via groups.io wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
>
> DxeTpmMeasurementLib supports TPM based measurement in DXE phase.
> After Td protocol is introduced, TD based measurement needs to be
> supported in DxeTpmMeasurementLib as well.
>
> In TpmMeasureAndLogData, TD based measurement will be first called.
> If it failed, TPM based measurement will be called sequentially.
> Currently there is an assumption that TD based measurement and
> TPM based measurement won't be exist at the same time.If the
> assumption is not true in the future, we will revisit here then.
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
> .../DxeTpmMeasurementLib.c | 87 ++++++++++++++++++-
> .../DxeTpmMeasurementLib.inf | 1 +
> 2 files changed, 85 insertions(+), 3 deletions(-)
>
> diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> index 061136ee7860..f8cd289ba62c 100644
> --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> @@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #include <Guid/Acpi.h>
> #include <IndustryStandard/Acpi.h>
> -
> +#include <Protocol/TdProtocol.h>
>
>
> /**
> @@ -149,6 +149,73 @@ Tpm20MeasureAndLogData (
> return Status;
> }
>
> +/**
> + Tdx measure and log data, and extend the measurement result into a
> + specific TDX RTMR.
> +
> + @param[in] PcrIndex PCR Index.
> + @param[in] EventType Event type.
> + @param[in] EventLog Measurement event log.
> + @param[in] LogLen Event log length in bytes.
> + @param[in] HashData The start of the data buffer to be hashed, extended.
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
> +
> + @retval EFI_SUCCESS Operation completed successfully.
> + @retval EFI_UNSUPPORTED Tdx device not available.
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TdxMeasureAndLogData (
> + IN UINT32 PcrIndex,
> + IN UINT32 EventType,
> + IN VOID *EventLog,
> + IN UINT32 LogLen,
> + IN VOID *HashData,
> + IN UINT64 HashDataLen
> + )
> +{
> + EFI_STATUS Status;
> + EFI_TD_PROTOCOL *TdProtocol;
> + EFI_TD_EVENT *TdEvent;
> + UINT32 MrIndex;
> +
> + Status = gBS->LocateProtocol (&gEfiTdProtocolGuid, NULL, (VOID **) &TdProtocol);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + Status = TdProtocol->MapPcrToMrIndex (TdProtocol, PcrIndex, &MrIndex);
> + if (EFI_ERROR (Status)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + TdEvent = (EFI_TD_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_TD_EVENT));
> + if(TdEvent == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + TdEvent->Size = (UINT32) LogLen + sizeof (EFI_TD_EVENT) - sizeof (TdEvent->Event);
> + TdEvent->Header.HeaderSize = sizeof (EFI_TD_EVENT_HEADER);
> + TdEvent->Header.HeaderVersion = EFI_TD_EVENT_HEADER_VERSION;
> + TdEvent->Header.MrIndex = MrIndex;
> + TdEvent->Header.EventType = EventType;
> + CopyMem (&TdEvent->Event[0], EventLog, LogLen);
> +
> + Status = TdProtocol->HashLogExtendEvent (
> + TdProtocol,
> + 0,
> + (EFI_PHYSICAL_ADDRESS) (UINTN) HashData,
> + HashDataLen,
> + TdEvent
> + );
> + FreePool (TdEvent);
> +
> + return Status;
> +}
> +
> +
> /**
> Tpm measure and log data, and extend the measurement result into a specific PCR.
>
> @@ -178,9 +245,9 @@ TpmMeasureAndLogData (
> EFI_STATUS Status;
>
> //
> - // Try to measure using Tpm20 protocol
> + // Try to measure using Td protocol
> //
> - Status = Tpm20MeasureAndLogData(
> + Status = TdxMeasureAndLogData (
> PcrIndex,
> EventType,
> EventLog,
> @@ -189,6 +256,20 @@ TpmMeasureAndLogData (
> HashDataLen
> );
>
> + if (EFI_ERROR (Status)) {
> + //
> + // Try to measure using Tpm20 protocol
> + //
> + Status = Tpm20MeasureAndLogData(
> + PcrIndex,
> + EventType,
> + EventLog,
> + LogLen,
> + HashData,
> + HashDataLen
> + );
> + }
> +
> if (EFI_ERROR (Status)) {
> //
> // Try to measure using Tpm1.2 protocol
> diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> index 7d41bc41f95d..b919771d5a9e 100644
> --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> @@ -42,3 +42,4 @@
> [Protocols]
> gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
> gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiTdProtocolGuid ## SOMETIMES_CONSUMES
next prev parent reply other threads:[~2021-10-19 13:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-08 5:21 [PATCH V2 0/3] Introduce TdProtocol into EDK2 Min Xu
2021-10-08 5:21 ` [PATCH V2 1/3] MdePkg: Introduce TdProtocol for TD-Guest firmware Min Xu
2021-10-11 1:37 ` 回复: " gaoliming
2021-10-19 13:21 ` [edk2-devel] " Sami Mujawar
2021-10-19 14:40 ` Yao, Jiewen
2021-10-20 9:26 ` Sami Mujawar
2021-10-08 5:21 ` [PATCH V2 2/3] SecurityPkg: Support TdProtocol in DxeTpm2MeasureBootLib Min Xu
2021-10-19 13:22 ` [edk2-devel] " Sami Mujawar
2021-10-27 5:19 ` Min Xu
2021-11-01 13:35 ` Sami Mujawar
2021-10-08 5:21 ` [PATCH V2 3/3] SecurityPkg: Support TdProtocol in DxeTpmMeasurementLib Min Xu
2021-10-19 13:24 ` Sami Mujawar [this message]
2021-10-12 15:26 ` [edk2-devel] [PATCH V2 0/3] Introduce TdProtocol into EDK2 Sami Mujawar
2021-10-14 5:41 ` Min Xu
2021-10-14 11:59 ` Yao, Jiewen
[not found] ` <16ADE3D948B3147A.7007@groups.io>
2021-10-14 13:43 ` Yao, Jiewen
2021-10-18 12:59 ` Sami Mujawar
2021-10-18 13:06 ` Yao, Jiewen
2021-10-19 9:51 ` Sami Mujawar
2021-10-19 13:06 ` Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=31f9c948-43aa-d56d-2934-0d88ae94de75@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox