From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A3707941444 for ; Tue, 12 Mar 2024 07:58:15 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=53PPS5+3dKWOZq9S1DIxnoTWjaD9XfLf9NFKuUUnes0=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1710230293; v=1; b=PspeSDbkpo1NAMjKmwbDtfRm8tTHbeuDDo72Xf5j81QMI5dt9bd5Lz1CpszBPgDhk94JJWkx g0M8/QZyTIbS8lG0Bm/zuXdeaq5DZOUjrsmhQbt428MMyu11YF1884kmVf8x+MufjO2j5gGfT0E 8DfLSBqv9LNDu5yezKqoF4uJOYEeqYzQDaqQwV7XWMTKn2e4oHdD2AZuTOfKF5168OEOS/GQktT 3drlgKdrJEO4rQVlUlF1nhQb61CHkZVe4A9KUIFrS8JZGjDQj0g/Nyq2g8aphD1406/aKXnlZaH ylHtmWBtb4yGnVLEwtj1Uv4zQTIEvlw+K4YcyZMBnphxg== X-Received: by 127.0.0.2 with SMTP id fzEDYY7687511xvyUIkiBteN; Tue, 12 Mar 2024 00:58:13 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) by mx.groups.io with SMTP id smtpd.web11.3484.1710230293372915400 for ; Tue, 12 Mar 2024 00:58:13 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11010"; a="16067856" X-IronPort-AV: E=Sophos;i="6.07,118,1708416000"; d="scan'208";a="16067856" X-Received: from orviesa002.jf.intel.com ([10.64.159.142]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Mar 2024 00:58:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,118,1708416000"; d="scan'208";a="42373677" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orviesa002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 12 Mar 2024 00:57:56 -0700 X-Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 12 Mar 2024 00:57:55 -0700 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 12 Mar 2024 00:57:55 -0700 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Tue, 12 Mar 2024 00:57:55 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.101) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 12 Mar 2024 00:57:54 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by CH3PR11MB7202.namprd11.prod.outlook.com (2603:10b6:610:142::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.17; Tue, 12 Mar 2024 07:57:53 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::e598:df44:ae74:eda3]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::e598:df44:ae74:eda3%6]) with mapi id 15.20.7386.014; Tue, 12 Mar 2024 07:57:52 +0000 From: "Yao, Jiewen" To: "Sun, CepingX" , "devel@edk2.groups.io" CC: "Aktas, Erdem" , "Xu, Min M" , Gerd Hoffmann , "Reshetova, Elena" Subject: Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait Thread-Topic: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait Thread-Index: AQHadFI2prnLijEPnUe7BQXBWY8L37EzvRYg Date: Tue, 12 Mar 2024 07:57:52 +0000 Message-ID: References: <20240312235146.3777997-1-cepingx.sun@intel.com> In-Reply-To: <20240312235146.3777997-1-cepingx.sun@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|CH3PR11MB7202:EE_ x-ms-office365-filtering-correlation-id: 12ab32f9-1200-4ae6-9f9d-08dc426a1e9e x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: c21sh9WqYQ5AV4Fmeajam4cU/wh+hm1YI6jV3f8qx9vBQ6Ut+OkZafVyiLVb7obSbP8UKQ+jjz1dYVBY/68sEn3d7fTt1noZYV61kwcJ8YHtMR8f2DCBVCjLdidO6MH1s0Y+Pcu++qJBWbGIzBNPQlRqeJGscZSsrrwUD9abBLLQGXFct81mtokT8GSiQ6FSvCwVPOqeS3lUxjkg0GjJ/WkHKHy/OJe41BXqbNK+3JRx5JONfj2NtTWifZjRXlQ2naBTGqbJgkh27HhZBE03wYM/m0YTrqYvYWwMaSyG/e2zKSxTKtT47Sq7AruUHwqmR9SRj1oZIOEZPJLikCZ9ODcmMzW1D+koFqSRSeWWxCPfz/ddBmRnCL1GlbLqco704/IYLtSLKmiopZtJBczp/0SG/gimKtSqnd/QBEcD0FWCeSuQGuSnkDz7feZ1oDhkgh87ZCOIPtFOObV/WBYOImCOplfChYXLm8+GveRE1YyRDHU1ZDwF9LyQp05inqC3Mc40qp4e5Ft6m4tFpS+1pBLUUGXn2NXq9R9BhQiH6OPQ6GqfK6x8aZ7LeWnSfaJcuB48NOfJJTCDryLOrRd3psUNG6VjMxoCyADspfxDSXEdS7UQIzVAv/Q5LBkFDCc9xigXlV0YQZKLYIfoYpS6G9LL/IapkXnDCBULvvsOylZArtzt6j+K21nqEmFLFs3d x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GMlmDTcRxxmYWEISmez4ys0nfXkSnZFgweFQTQbGYIu023ZQH8vMCcSQNjdF?= =?us-ascii?Q?+ZJQPnxMU1b3aDxSm2o4dq2LlBEvE3wX+ovwP0UfWfcr8ywsKHt170q6KwyW?= =?us-ascii?Q?IEVNB0LRgWkzAM5PexPS2VslF72WeNAiFTu2dnS+VRZoQX2ntFy8TdJOd98u?= =?us-ascii?Q?e4Z19ScHXAkLUq7Mhgw18mdB5ULOryIw6KNgBqwZpICXxnuB4eVAvfheURvp?= =?us-ascii?Q?6Dafbr+AKTjMEavik2h1JmCgLViqvSByMlLgrquwmdpBCJQmX66tpNOHy/aL?= =?us-ascii?Q?FBBECGIgjFNi6ZmBM/jRqZJi2OmFDGcRXGQs2XtjPEYEOxpEF2GmVYNtQirJ?= =?us-ascii?Q?McEIU2EPzCiCRnvU5eH70I2T4fgTqeh2huEw5hfLYtvWUrI6I3R6zezziUx3?= =?us-ascii?Q?XSq4/6udLGcG5WYUOdDWgLF8r0w39GvI1M5MObN553j1L62H4oFKCLXoyJRv?= =?us-ascii?Q?5QsJp3DtxTCzlLYvILu1edqTCC8z3QFb2TyMB2zhgRrhsqGCyOlJq9KYWkYE?= =?us-ascii?Q?g+peXjrDlJwE30VpSO00yXarNGOVLZ7l99iHI/+rDQS4HfvtdeyF0GQFIeWl?= =?us-ascii?Q?mcB2sZQE8yd6M0G/llxn2nzMi1Pa2te/wQhDh40iyJ8elpq+2E81xs8cKJP7?= =?us-ascii?Q?ta8OsKrKKWxVQhdZHBbKyJsrM5ylZlHI3aqWFceQeksO/63U/6kUkYV9XUMl?= =?us-ascii?Q?qhMI4Y0OSI/z1CdmJ0vhJlSjKEQYWnsLJzkzNDeuH2nQ2BYT8xFgNxWU3zJt?= =?us-ascii?Q?Jut9CaXul8PVdyiYL3H8yGU5XzuQUQZH4ExBL9fdi97aQvX0J4QsZOWhOkx9?= =?us-ascii?Q?nmBTXsdWYobx3onH9d4phA8Lqv28nF3huPp+PDEVNpDA+7eh54m02Ya1Ulvy?= =?us-ascii?Q?tm1erAfFyYPNh2R+zhx1rQrfXeHnI1vZOTDW+NzGev+oqbp8wNv6r9pqpwtj?= =?us-ascii?Q?Smo3AS6WGsZpEXV586bpjMvGjMVFr5nr/oGzMMrFB+JJacHg0+/tnjBGwO3v?= =?us-ascii?Q?ZvwwCEK5Pn2icOGWHObX8eHiqffzcvDUphzXlycqHKSn+6jGPrqyhlpiXX+q?= =?us-ascii?Q?+Z7hVul2f6GEiU09KEoYvSo/yMDs2aRLYy8XFWhm/Xw1M4IWZ+eBg82aO1GR?= =?us-ascii?Q?4o2e1ABWqfCiFR8vVvITmvpncskLDHg3smvJzbhDuXQsog9C2CMl9vcT5GqV?= =?us-ascii?Q?BxxG+WSGFF2itGlSWivZyArnGbJ7sMDgCYI0VblIBmEug7jdzXCnpEb0OIBG?= =?us-ascii?Q?XPzjhkttEM6cgRkWRiBHCn2SjRE5I2pZoBzSjPYEIxsFCChXY2j958C9Ti8D?= =?us-ascii?Q?14Doz/D7tApWCQ+B5xNFCqPqDpnpqM2NEYGEUr8NPMKUowrP93NRQ9AsAmgH?= =?us-ascii?Q?f0o2NTkfJrPJnrpIZHyQMIyESkV+9DCAj9wiwb9HQYgOTGdOlLDALvPzoNMw?= =?us-ascii?Q?xDtCxYh7mZo5uhpFy3AqucuTktTaFA1DvXfjGO9fQyxqMUSZD6gxmUOPwo70?= =?us-ascii?Q?blxxdQs+6TIDKkXIpPmqqXBnzApns0gccWYUoTd/hdM9cri0eD35jDf7dCL1?= =?us-ascii?Q?hbVxX9JT461ju5P1RNKgGD7VaGYi2jRFEeq0dYkJ?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 12ab32f9-1200-4ae6-9f9d-08dc426a1e9e X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2024 07:57:52.7234 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: n43nrPb8PMGmGUBjcep/UfgkkDqnKBG5vNLmJ3l/rNkH2wE06qt2sGVzSlUB4+2CN2J2XykNjS9yXbtxdgi7JQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB7202 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 12 Mar 2024 00:58:13 -0700 Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: oX8aoZYZ6lOGvUnbBoX1RuQOx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=PspeSDbk; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Thanks for the patch. Is this the only missing configuration data? Or do you have more on the way? > -----Original Message----- > From: Sun, CepingX > Sent: Wednesday, March 13, 2024 7:52 AM > To: devel@edk2.groups.io > Cc: Sun, CepingX ; Aktas, Erdem > ; Yao, Jiewen ; Xu, Min M > ; Gerd Hoffmann ; Reshetova, Elena > > Subject: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot- > menu-wait >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4415 >=20 > Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide spec, > OVMF would uses FW_CFG_IO_SELECTOR(0x510) and FW_CFG_IO_DATA(0x511) > to get configuration data from QEMU. From the security perspective, > if TDVF uses this method, configuration data must be measured into > RTMR[0]. >=20 > Currently, the etc/boot-menu-wait is using in TDVF, it required to be > measured into RTMR[0]. >=20 > This is the first patch and will continue to be updated to measure > additional configuration data. >=20 > Refernce: > spec: https://cdrdv2.intel.com/v1/dl/getContent/733585 >=20 > Cc: Erdem Aktas > Cc: Jiewen Yao > Cc: Min Xu > Cc: Gerd Hoffmann > Cc: Elena Reshetova > Signed-off-by: Ceping Sun > --- > .../QemuBootOrderLib/QemuBootOrderLib.c | 21 ++++++++++++++++++- > .../QemuBootOrderLib/QemuBootOrderLib.inf | 1 + > 2 files changed, 21 insertions(+), 1 deletion(-) >=20 > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > index 2fe6ab30c032..63a290712002 100644 > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > @@ -20,6 +20,8 @@ > #include > #include > #include > +#include > +#include >=20 > #include "ExtraRootBusMap.h" >=20 > @@ -41,6 +43,9 @@ > #define REQUIRED_MMIO_OFW_NODES 1 > #define EXAMINED_OFW_NODES 6 >=20 > +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA "QEMU > BOOTMENU WAIT TIME" > +#define QEMU_BOOTMENU_WAIT_DATA_LEN > (sizeof(EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA) - 1) > + > /** > Simple character classification routines, corresponding to POSIX class= names > and ASCII encoding. > @@ -2418,5 +2423,19 @@ GetFrontPageTimeoutFromQemu ( > // seconds, round N up. > // > QemuFwCfgSelectItem (BootMenuWaitItem); > - return (UINT16)((QemuFwCfgRead16 () + 999) / 1000); > + Timeout =3D QemuFwCfgRead16 (); > + // > + // Measure the Timeout which is downloaded from QEMU. > + // It has to be done before it is consumed. > + // > + TpmMeasureAndLogData ( > + 1, > + EV_PLATFORM_CONFIG_FLAGS, > + EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA, > + QEMU_BOOTMENU_WAIT_DATA_LEN, > + (VOID *)(UINTN)&Timeout, > + BootMenuWaitSize > + ); > + > + return (UINT16)((Timeout + 999) / 1000); > } > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > index 6e320e3e8514..0231c9d5c5b8 100644 > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > @@ -45,6 +45,7 @@ > DevicePathLib > BaseMemoryLib > OrderedCollectionLib > + TpmMeasurementLib >=20 > [Guids] > gEfiGlobalVariableGuid > -- > 2.34.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116670): https://edk2.groups.io/g/devel/message/116670 Mute This Topic: https://groups.io/mt/104880546/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-