From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.16251.1654390982054574984 for ; Sat, 04 Jun 2022 18:03:05 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Wk16Kx1c; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654390984; x=1685926984; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Wh0CwgYWZyaD9KTKfTy8AbWplVW8/4NRplSlAnbaKdI=; b=Wk16Kx1chrSDCwOUcdlPGXMLmzGlJzg6cMzOpB6fi547nFBjnSUsFbaS QznfdU7kpd7SKRhqnyOeVy33qlQ6jtO9vTmLm+HCwaxfqUsqaL21OmBfC Rlo5MkmjXsUI/gQluC79WohlaCuiE0gZSNN4rwQjSzIJLlgnAtsiScnfu ZYCvyUvk8NJ7oNfANKG/bXrdqR4XtFegJKqRw+xSEMmZpUXqA+sMSh+Op dBC3wL8b8aU8Uwk+KiNhr8GrERwkcOWmBA+Nobx3NFIWpxoesAGs6TQNd Uhyj/szbW+G5toJvAxcdS2vaxPBPbTi8LyFjzVVfwt4Z18yTcRCpaeri8 A==; X-IronPort-AV: E=McAfee;i="6400,9594,10368"; a="276257318" X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="276257318" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:04 -0700 X-IronPort-AV: E=Sophos;i="5.91,278,1647327600"; d="scan'208";a="608039323" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.120]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2022 18:03:01 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Jiewen Yao , Jian J Wang Subject: [PATCH 1/3] Security: Add SecTpmMeasurementLibTdx Date: Sun, 5 Jun 2022 09:02:46 +0800 Message-Id: <38899af2aee12706ec08b997ff086bf3c9f15686.1654390043.git.min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu SecTpmMeasurementLitTdx is an instance of TpmMeasurementLib. It is designed to used in a Td guest. This lib measures and logs data, and extendx the measurement result into a specific RTMR. SecTpmMeasurementLibTdx is a refactored lib of OvmfPkg/Library/SecMeasurementLibTdx and it just copies GetMappedRtmrIndex/TdxMeasureAndLogData from that lib. At the end of this patch-set SecMeasurementLibTdx will be deleted. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Min Xu --- .../SecTpmMeasurementLibTdx.c | 176 ++++++++++++++++++ .../SecTpmMeasurementLibTdx.inf | 34 ++++ SecurityPkg/SecurityPkg.dsc | 2 + 3 files changed, 212 insertions(+) create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c new file mode 100644 index 000000000000..38887b172dc0 --- /dev/null +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c @@ -0,0 +1,176 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#pragma pack(1) + +typedef struct { + UINT32 Count; + TPMI_ALG_HASH HashAlg; + BYTE Sha384[SHA384_DIGEST_SIZE]; +} TDX_DIGEST_VALUE; + +#pragma pack() + +#define INVALID_PCR2MR_INDEX 0xFF + +/** + Get the mapped RTMR index based on the input PCRIndex. + RTMR[0] => PCR[1,7] + RTMR[1] => PCR[2,3,4,5] + RTMR[2] => PCR[8~15] + RTMR[3] => NA + Note: + PCR[0] is mapped to MRTD and should not appear here. + PCR[6] is reserved for OEM. It is not used. + + @param[in] PCRIndex The input PCR index + + @retval UINT8 The mapped RTMR index. +**/ +UINT8 +GetMappedRtmrIndex ( + IN UINT32 PCRIndex + ) +{ + UINT8 RtmrIndex; + + if ((PCRIndex == 6) || (PCRIndex == 0) || (PCRIndex > 15)) { + DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRIndex)); + ASSERT (FALSE); + return INVALID_PCR2MR_INDEX; + } + + RtmrIndex = 0; + if ((PCRIndex == 1) || (PCRIndex == 7)) { + RtmrIndex = 0; + } else if ((PCRIndex >= 2) && (PCRIndex < 6)) { + RtmrIndex = 1; + } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) { + RtmrIndex = 2; + } + + return RtmrIndex; +} + +/** + Tpm measure and log data, and extend the measurement result into a specific PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, extended. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogData ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen + ) +{ + EFI_STATUS Status; + UINT32 RtmrIndex; + VOID *EventHobData; + TCG_PCR_EVENT2 *TcgPcrEvent2; + UINT8 *DigestBuffer; + TDX_DIGEST_VALUE *TdxDigest; + TPML_DIGEST_VALUES DigestList; + UINT8 *Ptr; + + if (!TdIsEnabled ()) { + return EFI_UNSUPPORTED; + } + + RtmrIndex = GetMappedRtmrIndex (PcrIndex); + if (RtmrIndex == INVALID_PCR2MR_INDEX) { + return EFI_INVALID_PARAMETER; + } + + DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType 0x%x\n", PcrIndex, RtmrIndex, EventType)); + + Status = HashAndExtend ( + RtmrIndex, + (VOID *)HashData, + HashDataLen, + &DigestList + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status)); + return Status; + } + + // + // Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation + // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary + // which is limited to a SHA384 digest list + // + EventHobData = BuildGuidHob ( + &gCcEventEntryHobGuid, + sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) + + sizeof (TDX_DIGEST_VALUE) + + sizeof (TcgPcrEvent2->EventSize) + LogLen + ); + + if (EventHobData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Ptr = (UINT8 *)EventHobData; + // + // Initialize PcrEvent data now + // + RtmrIndex++; + CopyMem (Ptr, &RtmrIndex, sizeof (UINT32)); + Ptr += sizeof (UINT32); + CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE)); + Ptr += sizeof (TCG_EVENTTYPE); + + DigestBuffer = Ptr; + + TdxDigest = (TDX_DIGEST_VALUE *)DigestBuffer; + TdxDigest->Count = 1; + TdxDigest->HashAlg = TPM_ALG_SHA384; + CopyMem ( + TdxDigest->Sha384, + DigestList.digests[0].digest.sha384, + SHA384_DIGEST_SIZE + ); + + Ptr += sizeof (TDX_DIGEST_VALUE); + + CopyMem (Ptr, &LogLen, sizeof (UINT32)); + Ptr += sizeof (UINT32); + CopyMem (Ptr, EventLog, LogLen); + Ptr += LogLen; + + Status = EFI_SUCCESS; + return Status; +} diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf new file mode 100644 index 000000000000..047d3aa80da6 --- /dev/null +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf @@ -0,0 +1,34 @@ +## @file +# Provides RTMR based measurement functions for Intel Tdx guest. +# +# This library provides TpmMeasureAndLogData() in a TDX guest to measure and log data, and +# extend the measurement result into a specific RTMR. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SecTpmMeasurementLibTdx + FILE_GUID = 1aeb641c-0324-47bd-b29d-e59671fc4106 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = TpmMeasurementLib|SEC + +[Sources] + SecTpmMeasurementLibTdx.c + +[Packages] + CryptoPkg/CryptoPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gCcEventEntryHobGuid + +[LibraryClasses] + BaseLib + HashLib diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 0d8c997b2f40..d883747474e4 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -95,6 +95,7 @@ [LibraryClasses.X64.SEC] HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf + TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf [LibraryClasses.X64.DXE_DRIVER] HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf @@ -292,6 +293,7 @@ [Components.X64] SecurityPkg/Library/HashLibTdx/HashLibTdx.inf + SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf [Components.IA32, Components.X64] SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -- 2.29.2.windows.2