public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "qinkun Bao via groups.io" <qinkun=google.com@groups.io>
To: devel@edk2.groups.io
Cc: linux-coco@lists.linux.dev, Erdem Aktas <erdemaktas@google.com>,
	 Jiewen Yao <jiewen.yao@intel.com>,
	Ard Biesheuvel <ardb@kernel.org>, Peter Gonda <pgonda@google.com>,
	 Dionna Glaze <dionnaglaze@google.com>,
	Qinkun Bao <qinkun@google.com>,
	 James Bottomley <jejb@linux.ibm.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	 Tom Lendacky <thomas.lendacky@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR.
Date: Thu, 21 Mar 2024 16:59:04 +0000	[thread overview]
Message-ID: <94521f20aa2872c1b8f018b7db31eca4a2b8222d.1711039409.git.qinkun@google.com> (raw)

From: Qinkun Bao <qinkun@google.com>

The UEFI v2.10 spec defines the protocol EFI_CC_MEASUREMENT_PROTOCOL
to enable (for example) RTMR-based boot measurement for TDX VMs.
With the current UEFI spec’s “should not” wording and EDK2
implementation, TPM measurement in TDVF is disabled when
RTMR measurement is enabled.

Mutual exclusion of the CC measurement protocol and TCG measurement
protocol breaks backwards compatibility, which makes adoption of RTMRs
challenging. A virtualized TPM device (vTPM) managed by the host VMM
makes boot measurements visible to the VMM operator, but this is an
oft-requested feature that users can choose to accept.

The TPM has been a standard for over a decade and many existing
applications rely on the TPM. Both inside and outside Google,
we have many users that require vTPM, including features that are
not easily available via RTMRs (e.g. sealing using keys that the
guest OS cannot access).

This patch adds a non-default build option to allow the coexistence
of both the CC measurement and TCG protocols. Not included is a
vendor-specific measured event in the CC event log that indicates
whether a vTPM is attached or not.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Qinkun Bao <qinkun@google.com>
---
 OvmfPkg/OvmfPkgX64.dsc                               |  9 ++++++++-
 .../DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c    | 12 +++++++++++-
 .../DxeTpmMeasurementLib/DxeTpmMeasurementLib.c      |  6 ++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 56c920168d..9bcee45047 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -32,7 +32,8 @@
   DEFINE SECURE_BOOT_ENABLE      = FALSE
   DEFINE SMM_REQUIRE             = FALSE
   DEFINE SOURCE_DEBUG_ENABLE     = FALSE
-  DEFINE CC_MEASUREMENT_ENABLE   = FALSE
+  DEFINE CC_MEASUREMENT_ENABLE   = TRUE
+  DEFINE CC_MEASUREMENT_AND_TCG2_COEXIST  = FASLE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
 
@@ -99,6 +100,11 @@
   INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable
 !endif
   RELEASE_*_*_GENFW_FLAGS = --zero
+!if $(CC_MEASUREMENT_ENABLE) == TRUE && $(CC_MEASUREMENT_AND_TCG2_COEXIST) == TRUE
+  MSFT:*_*_*_CC_FLAGS = /D CC_MEASUREMENT_AND_TCG2_COEXIST_FEATURE
+  INTEL:*_*_*_CC_FLAGS = /D CC_MEASUREMENT_AND_TCG2_COEXIST_FEATURE
+  GCC:*_*_*_CC_FLAGS = -D CC_MEASUREMENT_AND_TCG2_COEXIST_FEATURE
+!endif
 
   #
   # Disable deprecated APIs.
@@ -1045,6 +1051,7 @@
   }
 !endif
 
+
   #
   # TPM support
   #
diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
index 73719f3b96..4c9bc8ab4a 100644
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@@ -325,7 +325,12 @@ Tcg2MeasureGptTable (
     }
 
     DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Cc MeasureGptTable - %r\n", Status));
+#ifdef CC_MEASUREMENT_AND_TCG2_COEXIST_FEATURE
+  }
+  if (Tcg2Protocol != NULL) {
+#else
   } else if (Tcg2Protocol != NULL) {
+#endif
     //
     // If Tcg2Protocol is installed, then Measure GPT data with this protocol.
     //
@@ -493,7 +498,12 @@ Tcg2MeasurePeImage (
                            CcEvent
                            );
     DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Cc MeasurePeImage - %r\n", Status));
-  } else if (Tcg2Protocol != NULL) {
+#ifdef CC_MEASUREMENT_AND_TCG2_COEXIST_FEATURE
+   }
+   if (Tcg2Protocol != NULL) {
+#else
+   } else if (Tcg2Protocol != NULL) {
+#endif
     Status = Tcg2Protocol->HashLogExtendEvent (
                              Tcg2Protocol,
                              PE_COFF_IMAGE,
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
index 6f287b31fc..b1c6198b4b 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@@ -261,7 +261,11 @@ TpmMeasureAndLogData (
                HashData,
                HashDataLen
                );
+#ifdef CC_MEASUREMENT_AND_TCG2_COEXIST_FEATURE
+  }
+#else
   } else {
+#endif
     //
     // Try to measure using Tpm20 protocol
     //
@@ -287,7 +291,9 @@ TpmMeasureAndLogData (
                  HashDataLen
                  );
     }
+#ifndef CC_MEASUREMENT_AND_TCG2_COEXIST_FEATURE
   }
+#endif
 
   return Status;
 }
-- 
2.44.0.291.gc1ea87d7ee-goog



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117131): https://edk2.groups.io/g/devel/message/117131
Mute This Topic: https://groups.io/mt/105070442/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



             reply	other threads:[~2024-03-26 15:52 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-21 16:59 qinkun Bao via groups.io [this message]
2024-03-21 17:46 ` [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR Dionna Glaze via groups.io
2024-03-22  2:39   ` Yao, Jiewen
2024-03-22  8:52     ` Gerd Hoffmann
2024-03-22 14:56       ` Dionna Glaze via groups.io
2024-03-22 17:28         ` qinkun Bao via groups.io
2024-03-25 13:07         ` Mikko Ylinen
2024-03-25 15:28           ` Dionna Glaze via groups.io
2024-04-11  1:20             ` Yao, Jiewen
2024-04-11  6:23               ` qinkun Bao via groups.io
2024-04-11  6:52               ` Ard Biesheuvel
2024-04-11  8:07                 ` Gerd Hoffmann
2024-04-11  9:56                   ` Yao, Jiewen
2024-04-11 10:29                     ` Gerd Hoffmann
2024-04-11 10:33                       ` Ard Biesheuvel
2024-04-11 14:07                         ` Lendacky, Thomas via groups.io
2024-04-11 17:10                           ` Xiang, Qinglan
2024-04-13  9:36                 ` qinkun Bao via groups.io
2024-04-15 14:42                   ` Ard Biesheuvel
     [not found] ` <17C329C4A6D0CD18.8175@lists.confidentialcomputing.io>
     [not found]   ` <CAOjUGWcNedJ7iNjGCKL6qZeZo3aSt_8U5BN=9JUN2f2vjD+O4w@mail.gmail.com>
     [not found]     ` <CA+2DEOoc1Ckn2S-=57HiRsAd0W4YGRWVQQG-gOBR3Fc8nfX+Nw@mail.gmail.com>
2024-04-09 19:16       ` [edk2-devel] [linux-collab] [CCC][tac] " qinkun Bao via groups.io

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=94521f20aa2872c1b8f018b7db31eca4a2b8222d.1711039409.git.qinkun@google.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox