From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mx.groups.io with SMTP id smtpd.web10.8312.1675382483365647238
 for <devel@edk2.groups.io>;
 Thu, 02 Feb 2023 16:01:23 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Joxlc8f2;
 spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jiewen.yao@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1675382483; x=1706918483;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=18ogsZvaEGPkNpm0J7NHvvfWcy++wmHPaFOnkm8t5xs=;
  b=Joxlc8f2aGpVOIWkxZ4KgjZdiZQYm2zZ414d8hL2Go4ahmMPi04zJyRN
   t5Q1ZqlEbL9Sz7gAcEMkgz7NoPDJe4tC5dXjsncPx5zc6Csayt7wQfiU1
   swBIfnRZTmb+r+vh5V/1HxmmmYa8qMupa/q4n0c2tJPVPn05caY7N26cQ
   E5nuNz7u5FcHlNDwCpjke4NHpJNQP00Yl7QU+oL6CEeyO3lhI/1zIc6Fe
   GFihFqABnTFijmKcYGfvRaSHm6sPx6++OZY6LrnXd9qWl1zkcytca4cjN
   1EQQOYubC7J2jJ3jQTuZ6JWF10NqzvWqeBVzSXUt4HOEtrzyNACiClbhp
   g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10609"; a="308948406"
X-IronPort-AV: E=Sophos;i="5.97,268,1669104000"; 
   d="scan'208";a="308948406"
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Feb 2023 16:01:22 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10609"; a="643088191"
X-IronPort-AV: E=Sophos;i="5.97,268,1669104000"; 
   d="scan'208";a="643088191"
Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81])
  by orsmga006.jf.intel.com with ESMTP; 02 Feb 2023 16:01:21 -0800
Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.16; Thu, 2 Feb 2023 16:01:21 -0800
Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.16 via Frontend Transport; Thu, 2 Feb 2023 16:01:21 -0800
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.177)
 by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.16; Thu, 2 Feb 2023 16:01:20 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=XipYM06D6+8XWOqbZfGGtzybF514W9MXe3otP+u5eBvBcFpu3iw4CG7SgmQ3lXD/5w+MwrdRapskGPHGt/kflTdDVgwitIa70DQqBVqN+kd6IrrnoxVSm9K/TylokMN2YTdUqgyJuMOvdV9VFPKapc6S4E7S5qoYEBJVKWHZmhF5TKacBhai7Gm0rcU1cn4Njo6Uwoydw4TK6cYG3Oii9+36H9aJL7uUBKl3PPY7NOKkX9XxRqaITitiznImo4qsYCbIbqzBX/mVKdonxdeFR/iZibiMdw3eMKIUK0N3M/2mUISv+8MBGyElVb8ckK7ZZVfRNFEUrg0Mryg1rai0ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=ZsTi3MlSqsO2moUdl5+VEl6zOsET4xciStYolcV75WA=;
 b=RyuyuvVclvOGm3jFDq4pAOTfZVuRVOVt5gpUlnNb5u8+9RtZ7GbKe6418iwjfoJDuh2aECumNtULiIX6PhiFmyJrsgGluaQk+sTmaHaPz2c8utYL7duszGFZfQjl3MhXJ4gO/uNmqjD/FdMPzPtNWHj4niDbHThq03yzp066P2tI6uyzHoLINB9UIXDPiFtmq5eP0t6kXJevbnpuVXOX+G2PBZxrpwu77xLSmtYVa4zVu90shjRGBzsoSwMo1duQ28PQBPobrJN5ZhbsZxaHii9nJ2adMhnmssbNYUegAw8sMQeAIbjq1F9nKdbwzlsg5b8B9s3+8SXEYfPyKF8LMg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by SJ2PR11MB7548.namprd11.prod.outlook.com (2603:10b6:a03:4cd::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.27; Fri, 3 Feb
 2023 00:01:16 +0000
Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::96f4:ad8:3fb9:b60d]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::96f4:ad8:3fb9:b60d%3]) with mapi id 15.20.6064.023; Fri, 3 Feb 2023
 00:01:16 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Xu, Min M" <min.m.xu@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Aktas, Erdem" <erdemaktas@google.com>, James Bottomley
	<jejb@linux.ibm.com>, Gerd Hoffmann <kraxel@redhat.com>, Tom Lendacky
	<thomas.lendacky@amd.com>, Michael Roth <michael.roth@amd.com>
Subject: Re: [PATCH V3 1/1] OvmfPkg/AcpiPlatformDxe: Measure ACPI table from QEMU in TDVF
Thread-Topic: [PATCH V3 1/1] OvmfPkg/AcpiPlatformDxe: Measure ACPI table from
 QEMU in TDVF
Thread-Index: AQHZNuU7xm2cd4mzXU6matTm4Ndszq68V2ng
Date: Fri, 3 Feb 2023 00:01:16 +0000
Message-ID: <MW4PR11MB587203DE4F5C6B420BE060968CD79@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <20230202090314.336-1-min.m.xu@intel.com>
In-Reply-To: <20230202090314.336-1-min.m.xu@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SJ2PR11MB7548:EE_
x-ms-office365-filtering-correlation-id: 84140d04-e385-4535-9184-08db0579c58f
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3Ppet8dxEQb8EVXo/lFOZjoFZZFds2WNPXfBjRby/yrrKJORVKkjB/mVpvCLrzCu/NbHDnGeMLQmdvxfZLa5VLVm3BSlqe384uutGX10mD1V/oqpIwM43qSnTFm+GBnqYrsn1TMv67NWoU+hj7sZ7j5smURZWOjqhEl4MW8AU1z8hxN3XhRCEMtbXi3uQC0FqO4ms0WXKMBt+JZMX6PO5sNNUyjSl7047uPuWy9TYK6agWFtCtNuv7fEQupqjtIOKBTmnELaaNpRkAm54GWWaQZkV7vKQQWRjCfLWeusvLukud1rE70gKHD5fvcxzkdt4jaB9qppAl93WUPRzKf0BHpY/jGwjBpBKIt/sORoBInIpPN7cC2tslwFB1mM/sNQ0dvDw/CuUkWvlx/d2naqy1mmD54+bfE3ezIXWeYDD08WRw/B9/QGBupNdKBwN5L0O5wRH9SJFZb/6wT+cNlCO8kQ4xapPQy+uMMY99nXJQnoY8BUM4n5kHsGL0ZaysR/DtwBzkfiCsk2UImi5HoCYc8ViwA5zmua7Ry9W13wTzzkPZ6ESCowahUspWfYhkEtrIHXj9WBvdTttzoMyK3OYgwjyl+tEd5wFYaemsgCO1AH8otobba/o+h1C7CeWT1LI8WdYRsPDP0k6LcZeT9GFsMq9TAFFPYrweVdoaagw27S5BijCRbtGMUOp2DC1s1t8gIB+wYQ8s/6py7eqHoSDHl3Z6l8ztJ/tt8V9mQkWy0=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(346002)(376002)(39860400002)(366004)(136003)(396003)(451199018)(316002)(54906003)(71200400001)(83380400001)(110136005)(19627235002)(33656002)(2906002)(38100700002)(122000001)(82960400001)(7696005)(6506007)(64756008)(53546011)(76116006)(66476007)(4326008)(8676002)(66446008)(66946007)(26005)(966005)(478600001)(66556008)(186003)(9686003)(38070700005)(52536014)(55016003)(41300700001)(86362001)(8936002)(5660300002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?s5V4rteChu/mXlGbEjsspv+MIwebjHG5cyzIGnvJZZN6dNiG3KrSeCvGLc3l?=
 =?us-ascii?Q?fpZ4amB9EEtFH3VrlDPj1557t0O7B8o7JTIYGcr54TW4LW2k3D/7AC4heb0i?=
 =?us-ascii?Q?GLGsXJiG52l7Gf2Q+80cgIxL+1REoIETiwmXqxLJSsiRIs6cg5MSMEqO/CKM?=
 =?us-ascii?Q?0ts9+v3Lqfo4pWa1CNeN3nc7gsvMjrAPQktN0lR8U7IjL6uH2zyPfPBaFgMk?=
 =?us-ascii?Q?RL+k8Wkkp90M2aF1rnZn2cFoMSPXiqOzpmg2mHeBfCR4sl045gMsfbnc5Ta2?=
 =?us-ascii?Q?iOBmXRkLJtOJDPWc+Mwos/u5PdWxC7BfAUWVJvM/92W3NC1rbZ9Sbkx8bUsQ?=
 =?us-ascii?Q?W+L38Qizx5CQ6stwStTOjIPxjb9mbiw+2Fh3fXg0We03s+WW17HxZfI2+HWf?=
 =?us-ascii?Q?S0VcfN/Sf7nCx8WUcTNRqr+15CyiOL/LuJ6JvllJC/ehZKV6iX/IQJd5AVqn?=
 =?us-ascii?Q?vGB1P8nC4O5VoQGXZdtHKCxrJ8Mh5/P3Aosh7UB5J3mvyuAlZ2KGM5fbWOEa?=
 =?us-ascii?Q?b0Vd1f16ZwYdURnmziohgOzRpFIkthBrSP5i25E5Ek+0/zTjGozarceGzkRY?=
 =?us-ascii?Q?vHC3i7YtUAbaafFz4LFaV5PNTfrWZYvX1PgUe7AzTEE3eLBx4P/Zd3HDtU9n?=
 =?us-ascii?Q?HX8ElrIn15ktbpOTrxU5JPMPJPmIMoUZUp2Ysk9ayUUKitAJY0AaldMvAaAd?=
 =?us-ascii?Q?sT84PgNn4u4OML1rrSDSBpAXGhe7hEqNEDXPgnylV2xJeJaanOgBgNSJKjnC?=
 =?us-ascii?Q?PD3QLEe3ImNeM2Eiwm/sgd2me6BMKjbGfifDzzCiKvxCB+O9XRz4jY+N+4S1?=
 =?us-ascii?Q?aGYwCTr2jTAt1//wesRBEpL4xJyhmVf1A6vWNY1DNiRWYMUR0PG5cc03wJi/?=
 =?us-ascii?Q?QeOe67itbJaFLqTZpZrXwrC7U/BWEaEMuiTFiViJx7g3RldJuJOm+8/WBbK1?=
 =?us-ascii?Q?tliESEN2JvCFzRnoy/unrxtlgWmOC0zkVbiZXksm+TdKwPSkuZNZqSf7gM+z?=
 =?us-ascii?Q?svayzEsdOmAPugBDQBPg4klAM/Fj4a3MBVOPt8sblZA+AP+VR3/uodBLdIVP?=
 =?us-ascii?Q?DvtIom/yzCn/7jHvmiFh1z5nRNwXOi/UdUn+wFEPBs42/jyyZEN7bSoGpuCg?=
 =?us-ascii?Q?KBNG+otnLK0oM14shpmFelbG1r12kwhOsJLFHjHe91MO9kmx37zRwEwGZ7DN?=
 =?us-ascii?Q?DDThUr9f5PoS37qF7J8IC4MJsTiCDTaPVYxBTCaN9iUfn2/CCZ9nNswCQQTo?=
 =?us-ascii?Q?yYQ8IHZ5MBV62Ll1eNpabH/4QR1C9iza1he1P5bK1BnRx3vgTpXcVyUhIO4s?=
 =?us-ascii?Q?y/Px39AlnRmG/imnRKVL6LYY2m4CLgzf3Fp5shItmuSruVoCpL+nwxmgNHdA?=
 =?us-ascii?Q?cWAG8Ub10U5GurAte9vP+iKC7B1JdA6nXMftMObcCK/ARUL1zM3FY43IxRIS?=
 =?us-ascii?Q?JjlRhIdPdIbDE8z5ywvgSDHF5EgdyzY7d1umTN89zxh4KVQe6xx8r08/vegM?=
 =?us-ascii?Q?kpnIeXOZIJTgk6O3ajz+FLrR9L0FygDNuGqsu0Lvc7tXN1nL2PCori58AZV1?=
 =?us-ascii?Q?0XFPZ9CIGP75mcqbi/GH/VIjjA9PwmGhitKBGWP4?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 84140d04-e385-4535-9184-08db0579c58f
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2023 00:01:16.6603
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AY1DN0xmp1nRDWasONC5RcZK3pTNMZE4gMXocsg5j+eKTwI1BkcjjQQC9ZNI9IJQJfe9oeGmF9OiqGgx3Kb8rA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR11MB7548
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Thursday, February 2, 2023 5:03 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Michael Roth
> <michael.roth@amd.com>
> Subject: [PATCH V3 1/1] OvmfPkg/AcpiPlatformDxe: Measure ACPI table from
> QEMU in TDVF
>=20
> From: Min M Xu <min.m.xu@intel.com>
>=20
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D4245
>=20
> QEMU provides the following three files for guest to install the ACPI
> tables:
>  - etc/acpi/rsdp
>  - etc/acpi/tables
>  - etc/table-loader
>=20
> "etc/acpi/rsdp" and "etc/acpi/tables" are similar, they are only kept
> separate because they have different allocation requirements in SeaBIOS.
>=20
> Both of these fw_cfg files contain preformatted ACPI payload.
> "etc/acpi/rsdp" contains only the RSDP table, while "etc/acpi/tables"
> contains all other tables, concatenated. To be noted, the tables in these
> two files have been filled in by qemu, but two kinds of fields are
> incomplete: pointers to other tables and checksums (which depend on the
> pointers).
>=20
> "/etc/table-loader" is a linker/loader which provides the commands to
> "patch" the tables in "etc/acpi/tables" and then install them. "Patch"
> means to fill the pointers and compute the checksum.
>=20
> From the security perspective these 3 files are the raw data downloaded
> from qemu. They should be measured and extended before they're consumed.
>=20
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  1 +
>  OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c     | 32 +++++++++++++++++++++
>  2 files changed, 33 insertions(+)
>=20
> diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> index 8939dde42549..3fd0483b50eb 100644
> --- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> +++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> @@ -46,6 +46,7 @@
>    UefiBootServicesTableLib
>    UefiDriverEntryPoint
>    HobLib
> +  TpmMeasurementLib
>=20
>  [Protocols]
>    gEfiAcpiTableProtocolGuid                     # PROTOCOL ALWAYS_CONSUM=
ED
> diff --git a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
> b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
> index f0d81d6fd73d..68abc34f2280 100644
> --- a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
> +++ b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
> @@ -10,6 +10,7 @@
>=20
>  #include <IndustryStandard/Acpi.h>            // EFI_ACPI_DESCRIPTION_HE=
ADER
>  #include <IndustryStandard/QemuLoader.h>      // QEMU_LOADER_FNAME_SIZE
> +#include <IndustryStandard/UefiTcgPlatform.h>
>  #include <Library/BaseLib.h>                  // AsciiStrCmp()
>  #include <Library/BaseMemoryLib.h>            // CopyMem()
>  #include <Library/DebugLib.h>                 // DEBUG()
> @@ -18,6 +19,7 @@
>  #include <Library/QemuFwCfgLib.h>             // QemuFwCfgFindFile()
>  #include <Library/QemuFwCfgS3Lib.h>           // QemuFwCfgS3Enabled()
>  #include <Library/UefiBootServicesTableLib.h> // gBS
> +#include <Library/TpmMeasurementLib.h>
>=20
>  #include "AcpiPlatform.h"
>=20
> @@ -415,6 +417,21 @@ ProcessCmdAllocate (
>      (UINT64)Blob->Size,
>      (UINT64)(UINTN)Blob->Base
>      ));
> +
> +  //
> +  // Measure the data which is downloaded from QEMU.
> +  // It has to be done before it is consumed. Because the data will
> +  // be updated in the following operations.
> +  //
> +  TpmMeasureAndLogData (
> +    1,
> +    EV_PLATFORM_CONFIG_FLAGS,
> +    EV_POSTCODE_INFO_ACPI_DATA,
> +    ACPI_DATA_LEN,
> +    (VOID *)(UINTN)Blob->Base,
> +    Blob->Size
> +    );
> +
>    return EFI_SUCCESS;
>=20
>  FreeBlob:
> @@ -1126,6 +1143,21 @@ InstallQemuFwCfgTables (
>    QemuFwCfgSelectItem (FwCfgItem);
>    QemuFwCfgReadBytes (FwCfgSize, LoaderStart);
>    RestorePciDecoding (OriginalPciAttributes, OriginalPciAttributesCount)=
;
> +
> +  //
> +  // Measure the "etc/table-loader" which is downloaded from QEMU.
> +  // It has to be done before it is consumed. Because it would be
> +  // updated in the following operations.
> +  //
> +  TpmMeasureAndLogData (
> +    1,
> +    EV_PLATFORM_CONFIG_FLAGS,
> +    EV_POSTCODE_INFO_ACPI_DATA,
> +    ACPI_DATA_LEN,
> +    (VOID *)(UINTN)LoaderStart,
> +    FwCfgSize
> +    );
> +
>    LoaderEnd =3D LoaderStart + FwCfgSize / sizeof *LoaderEntry;
>=20
>    AllocationsRestrictedTo32Bit =3D NULL;
> --
> 2.29.2.windows.2