From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web10.157601.1673836933063589541 for ; Sun, 15 Jan 2023 18:42:13 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=PWCaS/2H; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673836933; x=1705372933; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=44cwkRXbKT2/+rgxO8BVbKgqStYD8wypKk0UZKTLECY=; b=PWCaS/2H1yPUzZbrHebf0YT0NZGNzCZZfqJYYoSXD7FE0YNNaCg3Njao oLco2wtHZMi6s5ifTPrFDcGYD4xkwI/SkzYn6YkW5MjNfyGIjTffT1wS3 vRcZhRimmeNP4pXgnlCxRTvZgMFFZZPhrlbTIsvLTWeE2bYwCdNO6JDbl 8a3WDyRLns2GKe7uWMKvsNCFh3Oovx1B9xy9Pqh5qiqdESdiggS0vuoZC T0S3vHqNkuWBxj7XZ2CH0mNIONO/OkjbgaDP2/USHU9LZHBz8BXevBsQy 5NJvkCRltcDyE7z4wvbAr4X1GPqpJnnvm1RKkFQapvev400eAg5PvPFFO g==; X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="324429223" X-IronPort-AV: E=Sophos;i="5.97,219,1669104000"; d="scan'208";a="324429223" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2023 18:42:12 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="727314787" X-IronPort-AV: E=Sophos;i="5.97,219,1669104000"; d="scan'208";a="727314787" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga004.fm.intel.com with ESMTP; 15 Jan 2023 18:42:12 -0800 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Sun, 15 Jan 2023 18:42:12 -0800 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Sun, 15 Jan 2023 18:42:11 -0800 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Sun, 15 Jan 2023 18:42:11 -0800 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.104) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Sun, 15 Jan 2023 18:42:11 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YR9uLG+AwGM+vYBnoSaxl+oqptjulz1XwZRZ9yG95iShmBcIdmVh+bYiI9UYQih79tgB4c2lNHHn6/5HRKzE5JNjFLZ7MxgoPwrOBPhJWcGKJy+qK4swYoGBNn9hST0gBGa8RbnIV8Lm2rvXiMVt+VlUQYlm0OjdBR2A9aOIBpNcB49gzTfpWUyUhWt7/R1a0zSRWGWmv1OuVycgUgBvmWldgPwqNMHjZ9E0fkQ85avrwmCOga8jJqh+oF32UIAmiXRxCyAvCfrthCJMGON+OrhZfIWmY8PxowM6xdFdUeuGAirh7fawrPisXQ89aAqZJG4iNrob5nGSJsMOk7oKvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pn9tqP+5ftRSpjFm0vOuzGTM2P7bhPG1NG/G4KaWvlk=; b=JJtz7CVJZhUV5Ww1En+RHWSYCrTsE4jfX2IhvnwaUFRYHNjhsP4797Sgu8+HDVLKBF+MNcpH7frUQjvVlG8RYRmX9BT+neOIlGYI4gRj82cYWlPE/dpZ4b5obfv/R81BR7CePs3zxIvbId4Y7ck+PxUFpSY/nRPRU/gFXaE5tsU0QdDazM92L+qpUwQckTZbccY86mdsQ1LAQmA9oxboiym49mCrjN5KHmpEWC12hFoa0RCh0BFnH89YrrdMg96/Efvvo4SRU3kUmOFNQA6NeGVRVW8DGIex8natsHFNqJDGWGyxE+yNfmuVbP3Yht7vgHY2VjZFlxDYgpVXhFyutQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by DM4PR11MB6358.namprd11.prod.outlook.com (2603:10b6:8:b7::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.23; Mon, 16 Jan 2023 02:42:04 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::5f56:1bdc:2eae:c041]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::5f56:1bdc:2eae:c041%7]) with mapi id 15.20.6002.013; Mon, 16 Jan 2023 02:42:04 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "devel@edk2.groups.io" CC: "Aktas, Erdem" , James Bottomley , Gerd Hoffmann , Tom Lendacky , Michael Roth Subject: Re: [PATCH V1 1/1] OvmfPkg/AcpiPlatformDxe: Measure ACPI table from QEMU in TDVF Thread-Topic: [PATCH V1 1/1] OvmfPkg/AcpiPlatformDxe: Measure ACPI table from QEMU in TDVF Thread-Index: AQHZKU3eGyGpegw6rEOjkv3NNLPyJ66gVKNA Date: Mon, 16 Jan 2023 02:42:03 +0000 Message-ID: References: <20230116015658.194-1-min.m.xu@intel.com> In-Reply-To: <20230116015658.194-1-min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|DM4PR11MB6358:EE_ x-ms-office365-filtering-correlation-id: 9047b68f-16c4-4982-40fb-08daf76b4067 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: IupdNZhRDYzyL+TKRDMOnk1aWaRP1rqboxTldt1ti//QEGsS56m6WR4r/ta4HCcXT7AigmDMI6iJaDXxNIsbPppM0472JQ3E8l9Mvlf1035LbhNyd04SS5Viurj+u4btIo5FGXVXMJoMMli00rN9AQMwbU9bgRc6tKjiF6H54wK1KEqcV27iJiDjXBZEUO2jdTzdr5MMj21Dy/hcUtOMaac5OqLkuj5kqEdZ+EDgqohrQ+pX9sYOFSZfEeNWt7+QsxUsSdBW/cb3sJPrECFOlN59X2p+O4E/N7f5IdZDN43ZvhGGIFbBAo6nBwwd+kPurNNWvOnNyQGuryoXe+N1nryVsF+fb16qFVqrnChOe44a/aJY/ojJoui5mWQgCgwzQ4raEStND55TJNifYToXo3p6jRkKR3F/5RRTMC97QxqknrR+1cOqviQrSdwzE6hh3O8ALFzi8x/4tj6RZ40bSKWMFhW2KaMukSttnOcD1fsr8AygtpmSgh8Zmn7XVhq4RdDDgpHtrf0lRwM78yMY1CmjcYjUmQBZsAyTslVpGYHU16MshOpV8/t09W0q6Rdpa4HrkBGZO6xWosL+Xq4ZeJTwC1cQUZiCPM+tlQo1qYxiHAu6vqV7YCIcDOF2N5740TUhtvE+FdAb8dePS+3Y9BV4q+DqRvGO2fZSx4J4aKC2k5ohvfIPXwpOB9QQn7YnXjl7aMqkP+fBiFalDOnrL42BGgnferEDGMcqiW3XO+W+8r1NAxv0gslVZakLE2JAT9lGNGHy80oWHcwczllluw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(136003)(39860400002)(366004)(346002)(396003)(376002)(451199015)(82960400001)(38100700002)(83380400001)(122000001)(33656002)(86362001)(38070700005)(2906002)(55016003)(5660300002)(8936002)(8676002)(4326008)(64756008)(66446008)(76116006)(66946007)(66556008)(66476007)(52536014)(41300700001)(9686003)(6506007)(186003)(26005)(53546011)(316002)(54906003)(110136005)(478600001)(7696005)(71200400001)(966005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?SYI2t9FqgM92/IvogwBz+ciC0oY/qoBjWGmT1kCHPdVi90XZ5FYusk3uXCzD?= =?us-ascii?Q?cWKy//eh+RQ3PNuhrcV/ai8Dof4I/VQPnwgkzhi9eMLU6zGU8fJ8QDnW0B+N?= =?us-ascii?Q?EXnmht21cb+nuRrE6Akb8VTijS0eKSRvNzwKItqXBTkJyijlBJKOrnJlwpU0?= =?us-ascii?Q?QYg3AhO31SijyIMMfDWmc0q9OApPXQOKY1tItGtGqi5hagPJPOaqvehC5ljV?= =?us-ascii?Q?pAU234cFaS0yKoZdgb5AiTqtQrwOYjyv0mbsaNXm+RB6JNYscffExUq8/qfY?= =?us-ascii?Q?C/Al9Y3OtsdqgbiZfX5q1w9Y0VeEZ19/bSQlMvCDyl+NTdGjLI8ozcfO5nOq?= =?us-ascii?Q?fcMA0owK1YXUOG63nKjrOJOkgzyVnK41tTUli9bMJ2ngZTU3rtJ+6n9sTb3a?= =?us-ascii?Q?TyyR7nWGcT320yTo3BVQeK7oNcm6lpVM9GjGQaWaiPXVvTWbi7I7BSomIxlv?= =?us-ascii?Q?etz/jRh9fxZeo2DKIZ14YAye2Ml1SKJ3PIKKcDYF1ryPyldLv5A/Pon1pZUV?= =?us-ascii?Q?kS88mIr9dOy0/8YaywxNyL6VR3scq3J8Kb4SXsPxsRSELXIupLTNaju/AqLb?= =?us-ascii?Q?i+KyfOcEo5MRRqm4APQnBou1hmExVFIOQlZ5J/jxCfYfbGRgerxIUnUSiUgD?= =?us-ascii?Q?cHfZ7GGy/x3+bUtnL0QXbEfr+DDw5QB6nXh6ZACC8is673xHR+4BBYrsV3n+?= =?us-ascii?Q?aZ6sLBuD95J6MHcHYvfEzviXSK91AVUOAHUVlKHFskKbB6Du7x21O3Yr9T1l?= =?us-ascii?Q?m4UkpXsgB+S92HNCJ6iVkgW3L51VMo6SG34RRTI2x90VaHuiDPGPw+HAai33?= =?us-ascii?Q?soCLL9yakv/sZCpgNfftvgIDaqs7f/gGXhrj6fzYIcHgBw5/ZBumDY7ZeCrN?= =?us-ascii?Q?oNm/8AOtTnwNGEjNuBSEh6OrSqvMvDISSy2RDAH4jTuMWCSFA1j6DgkgplNM?= =?us-ascii?Q?TjFe19h0sM3B8lgTREGlKLLqVFT29o5udtxn5dIpd49094W7N0KB/0LzPop7?= =?us-ascii?Q?cbUb0gYWIbwfJOR1UIgI3oNS8tAFOlO/UuCiF5LohDffzKNEGpiK/vXHsOdl?= =?us-ascii?Q?+eS73M+O5njvUPx9mD3Bd5s9L1U7jqpIBxmsLqDw3tESS5/4A2YHnWo77ONK?= =?us-ascii?Q?3pzsF+/d2CJaS1H7xH2nCt7USII+yJz89L9t279QgSTYgue04nnAypIZPReK?= =?us-ascii?Q?4o4DvrMjAtKg46XTcsv8kMIQCSJ2qPAobdvIWTbARkIznc6NZa7kXGmgMsLL?= =?us-ascii?Q?Xy9ucL64A0qCbSv4UbFZTcj+d5teE7fHcEEqBfK7gP4qCvu3J9BE6V4LZWbJ?= =?us-ascii?Q?3E8O6hth4RMHQ6XSciv1JnG6nhj4TrZhYLo6NEa8il6hWVvKZ+FX8+68Rpib?= =?us-ascii?Q?bg6UipJL3+GkX7CA64x1UBEOqOoGE6iQxhv2WVKkI6/nBWsceG0gJ3DRCTzJ?= =?us-ascii?Q?3OnNt+GcY7/F0kgsi+7XuvZtS7XcCpNTG1Dq1K6eyRfsEh5Sy/b3PQ8eOibp?= =?us-ascii?Q?BiBxwR+mvbr9Hq1PpBumnr+mzBDf4ytDf9S2Dgx2wM+s87RZLOI75uq+kCul?= =?us-ascii?Q?ki7f0y0hlPVp3kZp3l6JjaZgk0lM6hP/+pT08wi1?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9047b68f-16c4-4982-40fb-08daf76b4067 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2023 02:42:04.0104 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: n5uJyPx5DJLNg0vjrH6M0sNWbcC00zPFEJPA/Se6csGvJ7iMXu3OrFO2CCFCucM8KLdW3D0aD9OMEOLcgWHW9g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6358 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi I have two feedback: 1) What we need measure is the input from VMM *before* any modification and= *before* installation. Please don't use ACPI SDT protocol to get the table *after* modification. 2) Why not use TpmMeasureAndLogData() in https://github.com/tianocore/edk2/= blob/master/MdeModulePkg/Include/Library/TpmMeasurementLib.h ? Please don't use locate protocol. Thank you Yao, Jiewen > -----Original Message----- > From: Xu, Min M > Sent: Monday, January 16, 2023 9:57 AM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Aktas, Erdem > ; James Bottomley ; Yao, > Jiewen ; Gerd Hoffmann ; > Tom Lendacky ; Michael Roth > > Subject: [PATCH V1 1/1] OvmfPkg/AcpiPlatformDxe: Measure ACPI table from > QEMU in TDVF >=20 > From: Min M Xu >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D4245 >=20 > The ACPI tables are downloaded from QEMU. QEMU/VMM is treated as > un-trusted in a td-guest. From the security perspective they should > be measured and extended if possible. So that they can be audited > later. The measurement protocol may be not installed. In this case > it still returns EFI_SUCCESS. >=20 > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Gerd Hoffmann > Cc: Tom Lendacky > Cc: Michael Roth > Signed-off-by: Min Xu > --- > OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf | 2 + > OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c | 168 > ++++++++++++++++++++ > 2 files changed, 170 insertions(+) >=20 > diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf > b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf > index 8939dde42549..ae22bab38cf9 100644 > --- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf > +++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf > @@ -51,6 +51,8 @@ > gEfiAcpiTableProtocolGuid # PROTOCOL ALWAYS_CONSUM= ED > gEfiPciIoProtocolGuid # PROTOCOL SOMETIMES_CON= SUMED > gQemuAcpiTableNotifyProtocolGuid # PROTOCOL PRODUCES > + gEfiCcMeasurementProtocolGuid # PROTOCOL > SOMETIMES_CONSUMED > + gEfiAcpiSdtProtocolGuid # PROTOCOL > SOMETIMES_CONSUMED >=20 > [Guids] > gRootBridgesConnectedEventGroupGuid > diff --git a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c > b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c > index f0d81d6fd73d..f442850c2e00 100644 > --- a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c > +++ b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c > @@ -18,6 +18,8 @@ > #include // QemuFwCfgFindFile() > #include // QemuFwCfgS3Enabled() > #include // gBS > +#include > +#include >=20 > #include "AcpiPlatform.h" >=20 > @@ -812,12 +814,168 @@ UndoCmdWritePointer ( > )); > } >=20 > +/** > + Mesure firmware ACPI table with CcMeasurement Protocol > + > + @param[in] CcProtocol Pointer to the CcMeasurment Protocol > + @param[in] EventData Pointer to the event data. > + @param[in] EventSize Size of event data. > + @param[in] CfgDataBase Configuration data base address. > + @param[in] EventSize Size of configuration data . > + @retval EFI_NOT_FOUND Cannot locate protocol. > + @retval EFI_OUT_OF_RESOURCES Allocate zero pool failure. > + @return Status codes returned by > + mTcg2Protocol->HashLogExtendEvent. > +**/ > +STATIC > +EFI_STATUS > +EFIAPI > +CcMeasureAcpiTable ( > + IN EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol, > + IN CHAR8 *EventData, > + IN UINT32 EventSize, > + IN EFI_PHYSICAL_ADDRESS CfgDataBase, > + IN UINTN CfgDataLength > + ) > +{ > + EFI_STATUS Status; > + EFI_CC_EVENT *CcEvent; > + UINT32 MrIndex; > + > + if (CcProtocol =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + Status =3D CcProtocol->MapPcrToMrIndex (CcProtocol, 1, &MrIndex); > + if (EFI_ERROR (Status)) { > + return EFI_INVALID_PARAMETER; > + } > + > + CcEvent =3D AllocateZeroPool (EventSize + sizeof (EFI_CC_EVENT) - size= of > (CcEvent->Event)); > + if (CcEvent =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + CcEvent->Size =3D EventSize + sizeof (EFI_CC_EVENT) - = sizeof > (CcEvent->Event); > + CcEvent->Header.EventType =3D EV_PLATFORM_CONFIG_FLAGS; > + CcEvent->Header.MrIndex =3D MrIndex; > + CcEvent->Header.HeaderSize =3D sizeof (EFI_CC_EVENT_HEADER); > + CcEvent->Header.HeaderVersion =3D EFI_CC_EVENT_HEADER_VERSION; > + CopyMem (&CcEvent->Event[0], EventData, EventSize); > + > + Status =3D CcProtocol->HashLogExtendEvent ( > + CcProtocol, > + 0, > + CfgDataBase, > + CfgDataLength, > + CcEvent > + ); > + > + FreePool (CcEvent); > + > + return Status; > +} > + > // > // We'll be saving the keys of installed tables so that we can roll them= back > // in case of failure. 128 tables should be enough for anyone (TM). > // > #define INSTALLED_TABLES_MAX 128 >=20 > +/** > + * The ACPI tables are downloaded from QEMU. From the security > perspective these are > + * external inputs and should be measured and extended if possible. So t= hat > they can > + * be audited later. The measurement protocol may be not installed. In t= his > case it > + * still returns EFI_SUCCESS. > + * > + * @param InstalledKey Pointer to an array which contains the keys of th= e > installed ACPI tables > + * @param Length Length of the array > + * @retval EFI_SUCCESS Successfully measure the ACPI tables > + * @retval Others Other errors as indicated > + */ > +STATIC > +EFI_STATUS > +MeasureInstalledTablesFromQemu ( > + IN UINTN *InstalledKey, > + IN INT32 Length > + ) > +{ > + EFI_STATUS Status; > + UINTN Index1; > + INT32 Index2; > + EFI_ACPI_SDT_HEADER *Table; > + EFI_ACPI_TABLE_VERSION Version; > + UINTN TableKey; > + EFI_ACPI_SDT_PROTOCOL *AcpiSdtProtocol; > + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol =3D NULL; > + > + Status =3D gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, > (VOID **)&CcProtocol); > + if (EFI_ERROR (Status)) { > + // > + // CcMeasurement protocol is not installed. > + // > + return EFI_SUCCESS; > + } > + > + Status =3D gBS->LocateProtocol (&gEfiAcpiSdtProtocolGuid, NULL, (void > **)&AcpiSdtProtocol); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Unable to locate ACPI SDT protocol.\n")); > + return Status; > + } > + > + Index1 =3D 0; > + do { > + Status =3D AcpiSdtProtocol->GetAcpiTable (Index1, &Table, &Version, > &TableKey); > + if (EFI_ERROR (Status)) { > + if (Status =3D=3D EFI_NOT_FOUND) { > + // > + // There is no more ACPI tables found. So we return with EFI_SUC= CESS. > + // > + Status =3D EFI_SUCCESS; > + } > + > + break; > + } > + > + for (Index2 =3D 0; Index2 < Length; Index2++) { > + if (TableKey =3D=3D InstalledKey[Index2]) { > + break; > + } > + } > + > + if (Index2 < Length) { > + Status =3D CcMeasureAcpiTable ( > + CcProtocol, > + (CHAR8 *)&Table->Signature, > + sizeof (Table->Signature), > + (EFI_PHYSICAL_ADDRESS)(UINTN)Table, > + Table->Length > + ); > + if (EFI_ERROR (Status)) { > + DEBUG (( > + DEBUG_ERROR, > + "Measure ACPI table [%-4.4a] with Size =3D 0x%x failed! Status= =3D %r\n", > + (CONST CHAR8 *)&Table->Signature, > + Table->Length, > + Status > + )); > + break; > + } else { > + DEBUG (( > + DEBUG_INFO, > + "Measure ACPI table [%-4.4a] with Size =3D 0x%x\n", > + (CONST CHAR8 *)&Table->Signature, > + Table->Length > + )); > + } > + } > + > + Index1++; > + } while (TRUE); > + > + return Status; > +} > + > /** > Process a QEMU_LOADER_ADD_POINTER command in order to see if its > target byte > array is an ACPI table, and if so, install it. > @@ -1247,6 +1405,16 @@ InstallQemuFwCfgTables ( > } > } >=20 > + // > + // Measure the ACPI tables which are downloaded from QEMU > + // > + if (Installed > 0) { > + Status =3D MeasureInstalledTablesFromQemu (InstalledKey, Installed); > + if (EFI_ERROR (Status)) { > + goto UninstallAcpiTables; > + } > + } > + > // > // Install a protocol to notify that the ACPI table provided by Qemu i= s > // ready. > -- > 2.29.2.windows.2