From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com [40.107.8.41]) by mx.groups.io with SMTP id smtpd.web08.9630.1634649895118386044 for ; Tue, 19 Oct 2021 06:24:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=2Z1Y7JvD; spf=pass (domain: arm.com, ip: 40.107.8.41, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AFvuGLbl0l3vOR5UqfnFoZWB1alsbWRCRDVMozCumt8=; b=2Z1Y7JvDw5FvD4Dg+8BmQudFjUiTrGvSOG8sj3bZBAEBvYozpLY3y2Fna/tj66C6tXrI6ZuAQaWAxdxBidjRVAAjvqVVlU3HAo+G4oEcSZfdwwQ2qnbR8tfwyzNbtkOYK65XEUAnB0M6JCjFx6DORHUX4f19hsaey79xKa1sK/E= Received: from AM6PR04CA0013.eurprd04.prod.outlook.com (2603:10a6:20b:92::26) by DB6PR0802MB2264.eurprd08.prod.outlook.com (2603:10a6:4:85::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.17; Tue, 19 Oct 2021 13:24:51 +0000 Received: from AM5EUR03FT004.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:92:cafe::87) by AM6PR04CA0013.outlook.office365.com (2603:10a6:20b:92::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.18 via Frontend Transport; Tue, 19 Oct 2021 13:24:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT004.mail.protection.outlook.com (10.152.16.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.15 via Frontend Transport; Tue, 19 Oct 2021 13:24:51 +0000 Received: ("Tessian outbound f1898412aff1:v103"); Tue, 19 Oct 2021 13:24:51 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: c49e777421c08057 X-CR-MTA-TID: 64aa7808 Received: from 0f4a1e1e9355.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C3824484-AADD-4D7C-9F48-702314FF2A71.1; Tue, 19 Oct 2021 13:24:36 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0f4a1e1e9355.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 19 Oct 2021 13:24:36 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SR4E9hcPkcArL6HUZLPX7gOgvP1YFrtj9uDLnLUEF0Yr6U9/ckFtnM4zQ7xT82M9B0JzgpxNQzR36ajVi8vDM7g6I9pjBCYnLePS1Km4+PJcXvtfFz3KMXCt0rntzv22ItpF4OmlfNnB/aR/JlQh+PQz9B5a4pCzDwfmk8sZNZ29lQAI7sgu+yYO+JqzT1znaiW6f5H46kvZgJkMYiqcARDuodl7G8vJsjyFAUiAgEWj1cI13FVMg0XZMWh9jiz7LL77hwXWIeA0BjYiFwpPKA6bx3ZjMmpY1gVRSpM5mz89433GA+G7wGoYWnyjMV5LzFUiifGCyU/sqCLKw1cO6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AFvuGLbl0l3vOR5UqfnFoZWB1alsbWRCRDVMozCumt8=; b=LHNwlQZUJWHQkXsBo644SLhgdppU08X30CTPeQRPTi5dp+gX+s6ACfbxeBiH8/2sVqkvYsS8DAXpmqJ4hAaIGGL6LcQji9eeZo7cIBnqu46/x8/lWW/enzBfgzfn+hdkE2wuhGgKdO7FyX8EQaOOnNa+CyyB8vXXlVPGSee5u11tTKa1go0lJ2BxlUJ95kNwSPekOMPDe1jPxp5/acKHRuyQB7MHifYupb547lQo6/T4FJGK2IwEArBlpBjkv1OVef/tYU51cxZACFCrDMbDwjwYlM8iJe0obxd5Tmky/Lew2UxEdEJQh83lz/VCAgFhDOPCHEHtXAzB1nFmJjqh9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AFvuGLbl0l3vOR5UqfnFoZWB1alsbWRCRDVMozCumt8=; b=2Z1Y7JvDw5FvD4Dg+8BmQudFjUiTrGvSOG8sj3bZBAEBvYozpLY3y2Fna/tj66C6tXrI6ZuAQaWAxdxBidjRVAAjvqVVlU3HAo+G4oEcSZfdwwQ2qnbR8tfwyzNbtkOYK65XEUAnB0M6JCjFx6DORHUX4f19hsaey79xKa1sK/E= Authentication-Results-Original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by AM6PR08MB4849.eurprd08.prod.outlook.com (2603:10a6:20b:c3::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.17; Tue, 19 Oct 2021 13:24:33 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::54b5:239d:9896:ee65]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::54b5:239d:9896:ee65%4]) with mapi id 15.20.4608.018; Tue, 19 Oct 2021 13:24:33 +0000 Subject: Re: [edk2-devel] [PATCH V2 3/3] SecurityPkg: Support TdProtocol in DxeTpmMeasurementLib To: devel@edk2.groups.io, min.m.xu@intel.com Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , nd , Joey Gouly References: <844e9fe333a90c76c923c541e8439716a2d949d5.1633661591.git.min.m.xu@intel.com> From: "Sami Mujawar" Message-ID: <31f9c948-43aa-d56d-2934-0d88ae94de75@arm.com> Date: Tue, 19 Oct 2021 14:24:43 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1 In-Reply-To: <844e9fe333a90c76c923c541e8439716a2d949d5.1633661591.git.min.m.xu@intel.com> X-ClientProxiedBy: LO4P123CA0383.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18f::10) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 Received: from [10.1.196.43] (217.140.106.52) by LO4P123CA0383.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16 via Frontend Transport; Tue, 19 Oct 2021 13:24:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ef4e103c-cfbb-41f3-d8a2-08d99303d4e1 X-MS-TrafficTypeDiagnostic: AM6PR08MB4849:|DB6PR0802MB2264: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:6108;OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: 6vAgjZvgXaVDnrjJCjDc2mx0/XAdnv8qWCowqFA7GelljwSua+mqFS4KzyXVD2jLMYS6mm2vJ0m/D77hBKJh9IFa6mP2gwtARq5IZP1sHn6GnDNBVaJYWaNFFw3vuEnXsjwOwz0OIUJddAPUsd/P1/4+AEC7NsBE2ivGExHgqEOlTNx4KkO96/Q6QcMGp5kp9awvr6fQ87mdmcBfrpC+qVM16UFgZgtow6arbsA5DU3xz1zT8m0ZaWZ8D/qaoPSZiPoVa7yWRwncAyrtbCHLvJR3jQFn7g5sDmrmh6rMoGRz00mnRN2WW4vp90Gz0YSpdu2Muk91qUvXje7/s3/hRPY+gYbxpe3mScw8C1+7vddWJrvi9ZyLDDGzv1OojK22VgDKQU5XY7KIg2BbUzoX6uUcOLe0sA2KYxwnJkHr7dKVpT4tvkZLSHLW2bvISOmtpj01JLk+gokW9zHNn1Nrdm0sRXhJtbwBMJ+Ng7ZIw23gBZCv9Li4xjKCPDGqlMt3JANN5u5uo5jxh3LWLVOt/Dy3ir/lygNvuHriqN7nofkWWHmaM9sygludij1MgvhL3VhnJ/5CQw0VM2hZcYkU77T+6Lq1Sab7qHnk+UXOWWDxoRxf9sDetgp0/4U5ZcyJZmPig5ksH/dFlARVppfSFbJk1s9AJZbuGJOz3w/pE93eOaoQ8UwxxZ7SehEt5f+ImNChUxzxAa9Grg6psaDaNcadjZfjn/mSMGTdqvU3g2V0PtQ5ler1y0QZ4ApwEShOTkwn4E/uHPHb8CxKZMQur+Rc6u/MY6utCT+UGNZ1O/q83RFaCmp9zKdKXlB5l3aBED4/nBYed1+KvoRO9hfa92CaviG2Trxg/68TeRKse8g= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(66556008)(966005)(53546011)(15650500001)(66946007)(44832011)(8676002)(86362001)(54906003)(83380400001)(956004)(6486002)(5660300002)(19627235002)(316002)(2616005)(4326008)(186003)(6666004)(8936002)(38350700002)(38100700002)(16576012)(26005)(2906002)(36756003)(31696002)(508600001)(66476007)(31686004)(52116002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4849 Original-Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT004.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 68a34878-0feb-47d7-66eb-08d99303ca35 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: J+kqicx2Z9d3iFJponNfO2zQ4Qi0n/Qrs9p55NY3TH1+ch1sWnG21ZboP71lowN6402pG0m8dvxn+atsfWcl04O+VPYvODxws3SZ2nz3PKg3PvhwFyL58eWzui96ySIIcidn8oYQcJ41CuqaP9rfg1i82L+ACgvoAd0qditbSmZOHXOsrdmL7WYE1oI3z2CKISb3LBuXTiKG4ojJ+dX1fLoJl7pFVZu/kmuADQkReg4reDNq8MnO19LkyG3YJxT8WGCvDxT3P9/LZr17+eSbm8lJ6CYtk/qnbp685E8sXq5afQTN6JGhmnvz9b4ouNfhw5l4q6jxOV0XLiSFcxmSappnhh3d+igJcNnRV3g5qEjRNPsyDZa9Xa+aoq1f1G79AFWACqYle2QxE61kGlOOX8aOzWE9WPfcthaMcStzwWiRtADHCbFxado9vyYM7nSQocJ9ZTtnVvjboHN8U2z+6CUCmqF4G9nXrGxsvuN2RFtQQ+9ZK740+O+b24sppgDykujwNGRDle88MtdJbLqztTODTYT1vg8L4WEKtVbo8TDXofxe9iVT9AM/+6elJ3VV0Zg2zn/5skbQrwOkdoTSTme2Kuqge0FdG6lQxC4bZKaSTnSeJJNDnG+4Kz2x7xsqkNQ96q+uZVlvYjOaQI8oeaX21a1pfzIfCqW0l2rkIK+TkKHD8cM8YCAtZdfScN9Q1UNRP7wtdeThXDGfMaicc6AdyHqbMRjYiZoZdEpakUzbyolq8WuhS4+wDN8bToSgQMKqIqTd1Bk95X6d0rBczC1Tt1ze7M3CRc0iY907/rq9SYfxXoSELMGx9ng0GYfI X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(6029001)(4636009)(36840700001)(46966006)(6666004)(36756003)(70586007)(8676002)(356005)(70206006)(31696002)(956004)(53546011)(2616005)(186003)(26005)(86362001)(6486002)(36860700001)(966005)(81166007)(8936002)(83380400001)(508600001)(336012)(47076005)(15650500001)(31686004)(19627235002)(82310400003)(2906002)(16576012)(316002)(54906003)(4326008)(44832011)(5660300002)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2021 13:24:51.4558 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ef4e103c-cfbb-41f3-d8a2-08d99303d4e1 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT004.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2264 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB Hi Min, Jiewen, I believe this patch would need updating based on the changes done to patch 1/3 to make the measurment protocol architecture neutral. Other than that the code changes in this patch look good to me. Regards, Sami Mujawar On 08/10/2021 06:21 AM, Min Xu via groups.io wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625 > > DxeTpmMeasurementLib supports TPM based measurement in DXE phase. > After Td protocol is introduced, TD based measurement needs to be > supported in DxeTpmMeasurementLib as well. > > In TpmMeasureAndLogData, TD based measurement will be first called. > If it failed, TPM based measurement will be called sequentially. > Currently there is an assumption that TD based measurement and > TPM based measurement won't be exist at the same time.If the > assumption is not true in the future, we will revisit here then. > > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Jiewen Yao > Cc: Jian J Wang > Signed-off-by: Min Xu > --- > .../DxeTpmMeasurementLib.c | 87 ++++++++++++++++++- > .../DxeTpmMeasurementLib.inf | 1 + > 2 files changed, 85 insertions(+), 3 deletions(-) > > diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c > index 061136ee7860..f8cd289ba62c 100644 > --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c > +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c > @@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include > #include > - > +#include > > > /** > @@ -149,6 +149,73 @@ Tpm20MeasureAndLogData ( > return Status; > } > > +/** > + Tdx measure and log data, and extend the measurement result into a > + specific TDX RTMR. > + > + @param[in] PcrIndex PCR Index. > + @param[in] EventType Event type. > + @param[in] EventLog Measurement event log. > + @param[in] LogLen Event log length in bytes. > + @param[in] HashData The start of the data buffer to be hashed, extended. > + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData > + > + @retval EFI_SUCCESS Operation completed successfully. > + @retval EFI_UNSUPPORTED Tdx device not available. > + @retval EFI_OUT_OF_RESOURCES Out of memory. > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. > +**/ > +EFI_STATUS > +EFIAPI > +TdxMeasureAndLogData ( > + IN UINT32 PcrIndex, > + IN UINT32 EventType, > + IN VOID *EventLog, > + IN UINT32 LogLen, > + IN VOID *HashData, > + IN UINT64 HashDataLen > + ) > +{ > + EFI_STATUS Status; > + EFI_TD_PROTOCOL *TdProtocol; > + EFI_TD_EVENT *TdEvent; > + UINT32 MrIndex; > + > + Status = gBS->LocateProtocol (&gEfiTdProtocolGuid, NULL, (VOID **) &TdProtocol); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + Status = TdProtocol->MapPcrToMrIndex (TdProtocol, PcrIndex, &MrIndex); > + if (EFI_ERROR (Status)) { > + return EFI_INVALID_PARAMETER; > + } > + > + TdEvent = (EFI_TD_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_TD_EVENT)); > + if(TdEvent == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + TdEvent->Size = (UINT32) LogLen + sizeof (EFI_TD_EVENT) - sizeof (TdEvent->Event); > + TdEvent->Header.HeaderSize = sizeof (EFI_TD_EVENT_HEADER); > + TdEvent->Header.HeaderVersion = EFI_TD_EVENT_HEADER_VERSION; > + TdEvent->Header.MrIndex = MrIndex; > + TdEvent->Header.EventType = EventType; > + CopyMem (&TdEvent->Event[0], EventLog, LogLen); > + > + Status = TdProtocol->HashLogExtendEvent ( > + TdProtocol, > + 0, > + (EFI_PHYSICAL_ADDRESS) (UINTN) HashData, > + HashDataLen, > + TdEvent > + ); > + FreePool (TdEvent); > + > + return Status; > +} > + > + > /** > Tpm measure and log data, and extend the measurement result into a specific PCR. > > @@ -178,9 +245,9 @@ TpmMeasureAndLogData ( > EFI_STATUS Status; > > // > - // Try to measure using Tpm20 protocol > + // Try to measure using Td protocol > // > - Status = Tpm20MeasureAndLogData( > + Status = TdxMeasureAndLogData ( > PcrIndex, > EventType, > EventLog, > @@ -189,6 +256,20 @@ TpmMeasureAndLogData ( > HashDataLen > ); > > + if (EFI_ERROR (Status)) { > + // > + // Try to measure using Tpm20 protocol > + // > + Status = Tpm20MeasureAndLogData( > + PcrIndex, > + EventType, > + EventLog, > + LogLen, > + HashData, > + HashDataLen > + ); > + } > + > if (EFI_ERROR (Status)) { > // > // Try to measure using Tpm1.2 protocol > diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > index 7d41bc41f95d..b919771d5a9e 100644 > --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > @@ -42,3 +42,4 @@ > [Protocols] > gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES > gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES > + gEfiTdProtocolGuid ## SOMETIMES_CONSUMES