From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.21768.1639230317680094198 for ; Sat, 11 Dec 2021 05:45:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=intel header.b=X4TJZDcK; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639230317; x=1670766317; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=kYwjfjHebqDTEfAPATsu7Wd4SbOqjv3QnbNYXR3gxhc=; b=X4TJZDcKZRBgy7zSLkt/3txOk7STx+NL5DBtPymrAX23Vb/y56x/dRzO niPZwmAioyIgkwQa9Iq1GGKbS30kkfEFja2tzjwcEbBppsIYwaKeHKMmh 5XeTTrV3x/UUuydN/tFzl94nAlmD/Qgv88khTGJi/9fLaX/ZNuuGgTqXK mkBwHit5Pz7P8C7DD0kiWlaF0lIDEIq2iJISGt3P7bqKCztjJfl8kUg7s CbriJZqU4Thn8kqiT62/I4XWNHNGGD82TxxbdjuZ4SGvzyTUsGj0rlrWr wX5TPuv+v5olh39n00+TP+4gfkgtvImADvWV37hUNa3+irnq0xnl5+/vv g==; X-IronPort-AV: E=McAfee;i="6200,9189,10194"; a="238477047" X-IronPort-AV: E=Sophos;i="5.88,198,1635231600"; d="scan'208";a="238477047" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Dec 2021 05:45:16 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,198,1635231600"; d="scan'208";a="504317058" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by orsmga007.jf.intel.com with ESMTP; 11 Dec 2021 05:45:16 -0800 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Sat, 11 Dec 2021 05:45:15 -0800 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Sat, 11 Dec 2021 05:45:15 -0800 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Sat, 11 Dec 2021 05:45:15 -0800 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.47) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Sat, 11 Dec 2021 05:45:15 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hCmHoHcHgT18MTFlO1BBCSV1fyMJl1M2vwWFgY5tlgLxxyA1BXyDcpJZEJWUFBRsPMqa/78zn8nySlKGbBTdkQ0/VuFu8u6e71zSBmueS2uQh5xWkxQopvNImVIJFJEoZeIuREc5HhTbyFXtlNbsIPoPebVWPdPU/U56nHePPZNcpKMtExDvqdtGiF+U4Ev7HhD91oCMpe4q40ZOnyHV4SIIahsklafSVqBGiyiQsVYK5m9dzw9wSCN8Oo6vL0mEVK2JUPK0eXJ7ROEKO4fbOt1tNa8TXHV/fWS+YJ9Q13nFxj/P1y0boNwoUeIhZY09aD3FcyEjd6+iyM3KPL1nLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ulo04NtYde5md2RccZJZUvAdrWwEY6Yoy6YjIxe2gXw=; b=YfGcnxpl8ZmJLgkNeO/sh6H9a4ecNwxPPX8xmxd2Te0qdEbHqJWN+JLfk6paclvFcQHa3uFOi3orTjWPIocMLB/MAJQ3n91eWSpGK+AKxtQSM+827ATFvECimi/nwXaBLq7CQX6N0JYD99xnA37txpusTn23wbgCncacl9z+ZE0P0fSWYEgvV8CW5SUfu+h91ztGjWBBS9OXt/uvXtRQsPzwy7o5zXO7wo+2HhyriCnWXMJUiS1IMz2Yhghh4SfmScCUL1zZ3gyuYuVsrHrYbB0Mu22BcQVwjuKBtL/YtAaIDFV2ohKI4UvC6FuOC/CTSvfSGtpGZUAj9Do5+eBeig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ulo04NtYde5md2RccZJZUvAdrWwEY6Yoy6YjIxe2gXw=; b=fdVZZfq8R/hiTJ28wvqePix1/3kb25nRPHsm7xWBxMd/OjJCOpoDRBrf96lthJ37KNnjyj7Kw8D4iCH75m6+DC26Av7GtaecwG8JpC2+OzR5WBMcSLw1DIakhgfo8zSKSIyNCd7qOJqMIwH06E0FelEJFE6OJd18G/TxL+Dyiio= Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by MW3PR11MB4636.namprd11.prod.outlook.com (2603:10b6:303:5a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.15; Sat, 11 Dec 2021 13:45:13 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::447f:7fbc:72f5:fbae]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::447f:7fbc:72f5:fbae%5]) with mapi id 15.20.4778.012; Sat, 11 Dec 2021 13:45:13 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "devel@edk2.groups.io" CC: "Kinney, Michael D" , Liming Gao , "Liu, Zhiguang" , "Wang, Jian J" , "Lu, Ken" , Sami Mujawar , Gerd Hoffmann Subject: Re: [PATCH V7 0/3] Introduce CcMeasurementProtocol into EDK2 Thread-Topic: [PATCH V7 0/3] Introduce CcMeasurementProtocol into EDK2 Thread-Index: AQHX7pBD8by7hUTjl0OXDlwl6S2zoqwtTMLw Date: Sat, 11 Dec 2021 13:45:13 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.200.16 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d411d8ac-0afc-4394-7e69-08d9bcac750e x-ms-traffictypediagnostic: MW3PR11MB4636:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2733; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: e+Is/HdsFAfaB68VsFjJ2+34bK02YtIVYSK7sK5m95eIWgG5ay1OEMfbhN8n2ZiD4M5rpFZF33Tki/EecAYwjQFj61bRKdpqh3Yv7ilTrTz4Yp92wleqrVEt9fiPPZhHJXZp1/8x4o0+Tp6xPBW/NaR/zRJzJ82VfBqgQv4qPJ9yjQNgJYMlZhQ1avz4B1q2S3efIQQVS9Oj3MLVsIPEcHsogXx07B14V03KZXJxg3i112Irq1/ArJZrQATg/EEDHhZ8ZZoLdms3t/FubMcCxX6KV4OIuw+v4FDFahvIqOJrgnGLiWX4INO9c9JYtCyjuxxZcKRIv7uD/8GjZ1JI7ozHco6CqHT1O5kNlnUsl7xju+ukzfjT4ufb1BtwXO2QkLePP7IwnoadnmIJuNk1Lo1OodZAYJgTvWHlVeOwlmrMZOMzuTouNI7wmgAO5gxdxNhk3sUwJVvbAUFRIjoahxDC+CWe+foYBzH88Kkbghvcud0DtpGoFdaEl0PzT7r+MeW/H2YXM1Zw6Jwk2P7YY5Tgnn/xS68giTfyroDvjFI4oO1YbnAViESH8giPtaVyFlFLg26CTsl2NyZ3SvQFujzBy8ylF88CZJUVoxKrj0qvP5qbCHYS1IHy4FCSGkPqCY5vEdGqtf7Dmvx1Ap64IjrvUZzRU3OK0VXFpN9IkYqmKDcZPoL6ZIWte58Mj4j6zHAOBQ6tLT4y3HCkMXb3oj5DHeNKSAXY164/mVgg5Vs2kXe3q7zARAUyiZlqAincE5QnnP6kiWsQ3O+w/o6bzwsvU9ytABCwt1tVZ5qaZYZIS/0JHurwUIvqNKNp85TyGnA/wiiS7dRi1p/eN91WNg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(122000001)(86362001)(76116006)(316002)(64756008)(38070700005)(66556008)(5660300002)(52536014)(66946007)(38100700002)(66446008)(66476007)(33656002)(4326008)(82960400001)(55016003)(966005)(83380400001)(508600001)(71200400001)(9686003)(2906002)(110136005)(26005)(53546011)(186003)(6506007)(54906003)(19627235002)(8676002)(8936002)(7696005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?qTJpIkOtyosTdhVZWFb7xybOjNaNqRfhWrbVhlNw4AGoBNY5qCS5NbcnQVUk?= =?us-ascii?Q?DG74S7RF4g3+Qf7nrHQZAfIJuw0v3kPWsTR1dVaFRSppDG7Ezdd6KsXYMunS?= =?us-ascii?Q?sFXQeKC70ChJPkbtdyDUNkZn8bk1Zt1pw0bqVmnjmsuhIFeAqNevnZsAXbSw?= =?us-ascii?Q?/Mz0dPVgUjbicB7TdjCKg1Lr9pIqkl3UyPLPAK+rNdJOAs1kUICds0Xxgsgw?= =?us-ascii?Q?j+/zn1iH71grlfvPxtNX0LG5GiJy8yAQZHcK2nhHKsAJBEscjkTi2Mupakxo?= =?us-ascii?Q?LLgCwg89S+n3sfnvzxvIuyqdP9/U3oCGfzongaEI0+GYHjFs6ofSdiktbSuj?= =?us-ascii?Q?9JcxuGl1LgTLxi6TjNI69/5QnSbmmbhd11+bzQFliNjKf9KEpcgDVNndAwRr?= =?us-ascii?Q?leoWc5enpY4ZXpTncT9DLHC0qRyvvoeSyLcJcSRHnwAuA2nZOrT2pc6LyDIY?= =?us-ascii?Q?bfQAzioMZaJTcWr0Vmj4TKO2Xjuublc9+tColpKh+2i89YJdo2vo0xNl96PV?= =?us-ascii?Q?NTP2ManvjH240XR63Jq3aOqhMV+LFUo6qWSs4/EFXhtC5Ysvk0DFzRZhgbm0?= =?us-ascii?Q?xR2wXgJ8sl0IMtks01uZpF8lvgCZNPD/JpzFwjHTxqaVK8C0Od7bt+xjXOjY?= =?us-ascii?Q?O4RAmzEwFcWcaVwpLf8vkIXuxY5eg4QZloUr01IBCLUqbBB+/oegMJ3Cw4xX?= =?us-ascii?Q?OiEHiP1H3tkyGogNSm1jYhsdYqXyjbzYygm+vt0wEGO68/JIy+CjUl0+4sgo?= =?us-ascii?Q?Tungc5c/gNUwieSIcdmfrdJkT9kbCuaqItWXGD90OZgQTN/AWJXML133PrM7?= =?us-ascii?Q?oKSqfg2WKw5v5zlHPc2aFRP5Y8WziKKmy8prZE2DCfpe4ivxHzlvAHO9Rvef?= =?us-ascii?Q?l5a+yhRz006a8i6a9h71uFobi5S9ctzJdTpVOmFBoozAc7dPtKDFc1oZjgd/?= =?us-ascii?Q?GQKpJ6h3e4nyYKKNh4fWSXpqq4nxYYdYPbKbcMEid65x6M5soBxTFuTypaTd?= =?us-ascii?Q?Av21hZZFtIb5U2FLq2aZraNDOmGybZpGANwzA+a8zIdojH7Wt+tOUUhHO5a3?= =?us-ascii?Q?3HXaIPP8THYQnyrz3G5w7NcLoaeq3fiUh8+p+gMbr0qP1kNkDS9B24jEky9+?= =?us-ascii?Q?RNPY/jGC78knNEyFJGZY4j5xEMvXZqVdr9s45QRh45Lsrq2HWRDd3OAGAVGY?= =?us-ascii?Q?hfksilaqBnxkwgY6Opxc2XoCwzfIetFdLhoIcBtn6GympNejirzbJ8bOdL1H?= =?us-ascii?Q?8qsisui+MCpQfMp2XZHn4njpBnt5/PdRICCzhC0GCRs20xZfP/Qj81iEtPzz?= =?us-ascii?Q?2uexdGYZQCjGtgMeSbKIppqdRP/yILtv+i5atuYJYNOyVopwY9S4uKCdvarK?= =?us-ascii?Q?6nOFcSJAKruomE1GlbSbExCqfwdH5iEtOCI/DIFbMRyxvP0M2opetSM+VMfA?= =?us-ascii?Q?MQhtAw9EgGL5AaMvpRjvwokqTuLTrUrPLbsVkdgm/Ydv+J4u2F4M1CqPFPN7?= =?us-ascii?Q?QwrsfLfYG95tIgSB3mIwOeSPHsNwvLZO4gXB8XCILc/r9ypGDYEs/X8MOLgv?= =?us-ascii?Q?ic3Nr731d1BUi/xAlNzj1PzRdbGfPW62KWKJ93r3kS26lUDEo3URq9aQDUUG?= =?us-ascii?Q?k6nkFplrPGKZjCDv1cgmkPI=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d411d8ac-0afc-4394-7e69-08d9bcac750e X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2021 13:45:13.2807 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Bf0rKy8TgwKYH+twrZADz8jFsUohL/d17UMPO40BrwkXkMXalS6U03MkrafgMZB3d0QEw4CmcfLLkUj/hTN7cQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4636 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Series: Reviewed-by: Jiewen Yao > -----Original Message----- > From: Xu, Min M > Sent: Saturday, December 11, 2021 9:09 PM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Kinney, Michael D > ; Liming Gao ; Liu, > Zhiguang ; Yao, Jiewen ; > Wang, Jian J ; Lu, Ken ; Sami > Mujawar ; Gerd Hoffmann > Subject: [PATCH V7 0/3] Introduce CcMeasurementProtocol into EDK2 >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3625 >=20 > If Confidential Computing (Cc) firmware supports measurement and an > event is created, CC-Guest firmware is designed to report the event > log with the same data structure in TCG-Platform-Firmware-Profile > specification with EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. >=20 > The CC-Guest firmware supports measurement. It is designed to produce > EFI_CC_MEASUREMENT_PROTOCOL with new GUID > EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides > hash capability. >=20 > Patch #1: > Introduce the CC Measurement Protocol definition into MdePkg. >=20 > Patch #2: > Update DxeTpm2MeasureBootLib to support CC based measure boot. >=20 > Patch #3: > Update DxeTpmMeasurementLib to support CC based measurement. >=20 > Code is at https://github.com/mxu9/edk2/tree/td_protocol.v6 >=20 > This patch-set has been tested in Intel's internal hardware platform. > Both TD and TPM pass the tests. >=20 > v7 changes: > - Rebase the code base (commit: e81a81e5846e) and update patch-set with > uncrustify. >=20 > v6 changes: > - Add ASSERT (sizeof (EFI_CC_EVENT) =3D=3D sizeof (EFI_TCG2_EVENT)) chec= k. > - Update the CcMeasureAndLogData () to add CcProtocol pointer as the > input parameter. > - Tpm20MeasureAndLogData () / Tpm12MeasureAndLogDat () > / CcMeasureAndLogData () are made static according to Sami's > comments. >=20 > v5 changes: > - Add gEfiCcFinalEventsTableGuid in [Guids] section of MdePkg.dec > - DxeTpm2MeasureBootLib and DxeTpmMeasurementLib will first > call CC protocol to do the measure boot / measurement. If it is not > installed, TCG2 protocol will be located and called. > - CreateCcEventFromTcg2Event is removed. This is because CcEvent is > similar to Tcg2Event except the MrIndex and PcrIndex. So in the code > Tcg2Event will be first created and intialized. If > CcMeasurementProtocol is called to do the measure boot, then CcEvent > points to Tcg2Event and the MrIndex is adjusted. > - Some other minor changes. >=20 > v4 changes: > - Rename TeeMeasurementProtocol to CcMeasurementProtocol based > on the discussion in below links: > https://edk2.groups.io/g/devel/message/82876 > https://edk2.groups.io/g/devel/message/82999 > https://edk2.groups.io/g/devel/message/83000 > With this protocol, CC based measure boot is supported. > TD based measure boot is one of the CC based measure boot. > - The spec will be updated according to the changes later. > - TdProtocol.h is deleted. Its content is merged into CcMeasurement.h. > - Add gEfiCcFinalEventsTableGuid definition in MdePkg.dec > - Update the description in DxeTpm2MeasureBootLib.inf > and DxeTpmMeasurementLib.inf >=20 > v3 changes: > - Rename TdProtocol to TeeMeasurementProtocol which is a neutral name. > With this protocol, TEE based measure boot is supported. > TD based measure boot is one of the TEE based measure boot. > - The spec will be updated according to the changes later. > - Fix errors in DxeTpm2MeasureBootLib. >=20 > v2 changes: > - TD based measure boot is implemented in DxeTpm2MeasureBootLib. > This minimize the code changes. > - TD based measurement is added. It is implemented in > DxeTpmMeasurementLib. > - Fix the typo in comments. >=20 > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Ken Lu > Cc: Sami Mujawar > Cc: Gerd Hoffmann > Reviewed-by: Sami Mujawar > Tested-by: Min Xu > Signed-off-by: Min Xu >=20 > Min Xu (3): > MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware > SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib > SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib >=20 > MdePkg/Include/Protocol/CcMeasurement.h | 302 +++++++++++++++ > MdePkg/MdePkg.dec | 6 + > .../DxeTpm2MeasureBootLib.c | 343 ++++++++++++++---- > .../DxeTpm2MeasureBootLib.inf | 3 +- > .../DxeTpmMeasurementLib.c | 122 ++++++- > .../DxeTpmMeasurementLib.inf | 9 +- > 6 files changed, 686 insertions(+), 99 deletions(-) > create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h >=20 > -- > 2.29.2.windows.2