[PATCH 0/4] Measure kernel blob

[PATCH 0/4] Measure kernel blob

[Min Xu]

Kernel blobs include the kernel image, initrd, command line. These are
external inputs from host VMM. In some platforms,such as Tdx environment,
Host VMM is treated as un-trusted. So these external inputs should be
measured.

This patch-set imports a new library class (BlobMeasurementLib). It is
designed to do the blob measurement, including the kernel blob
measurement. In the future, it will do other blob measurement, such as
measuring ACPI table which is also passed from host VMM.

The code is at: https://github.com/mxu9/edk2/tree/MeasureKernelBlob.v1

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min Xu (4):
  OvmfPkg: Add library class BlobMeasurementLib with null implementation
  OvmfPkg: Add BlobMeasurementLibNull to dsc
  OvmfPkg: Implement BlobMeasurementLibTdx
  OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg

 ArmVirtPkg/ArmVirtQemu.dsc                    |  1 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +
 OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
 OvmfPkg/Include/Library/BlobMeasurementLib.h  | 38 ++++++++
 .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87 +++++++++++++++++++
 .../BlobMeasurementLibTdx.inf                 | 30 +++++++
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
 .../BlobMeasurementLibNull.c                  | 34 ++++++++
 .../BlobMeasurementLibNull.inf                | 24 +++++
 OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
 OvmfPkg/OvmfPkg.dec                           |  3 +
 OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
 OvmfPkg/OvmfPkgX64.dsc                        |  1 +
 OvmfPkg/OvmfXen.dsc                           |  1 +
 .../QemuKernelLoaderFsDxe.c                   | 13 +++
 17 files changed, 240 insertions(+)
 create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
 create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
 create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf

-- 
2.29.2.windows.2

[PATCH 1/4] OvmfPkg: Add library class BlobMeasurementLib with null implementation

[Min Xu]

BlobMeasurementLib will be used to measure blobs fetching from QEMU's
firmware config (fw_cfg) in platforms which implments
EFI_CC_MEASUREMENT_PROTOCOL.

The null implementation BlobMeasurementLibNull always return EFI_SUCCESS.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Include/Library/BlobMeasurementLib.h  | 38 +++++++++++++++++++
 .../BlobMeasurementLibNull.c                  | 34 +++++++++++++++++
 .../BlobMeasurementLibNull.inf                | 24 ++++++++++++
 OvmfPkg/OvmfPkg.dec                           |  3 ++
 4 files changed, 99 insertions(+)
 create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h
 create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
 create mode 100644 OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf

diff --git a/OvmfPkg/Include/Library/BlobMeasurementLib.h b/OvmfPkg/Include/Library/BlobMeasurementLib.h
new file mode 100644
index 000000000000..e54a41c2c9c1
--- /dev/null
+++ b/OvmfPkg/Include/Library/BlobMeasurementLib.h
@@ -0,0 +1,38 @@
+/** @file
+
+  Blob measurement library
+
+  This library class allows measuring blobs from external sources, such as QEMU's firmware config.
+
+  Copyright (C) 2022, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef BLOB_MEASUREMENT_LIB_H_
+#define BLOB_MEASUREMENT_LIB_H_
+
+#include <Uefi/UefiBaseType.h>
+#include <Base.h>
+
+/**
+  Measure blob from an external source.
+
+  @param[in] BlobName           The name of the blob
+  @param[in] BlobNameSize       Size of the blob name
+  @param[in] BlobBase           The data of the blob
+  @param[in] BlobSize           The size of the blob in bytes
+
+  @retval EFI_SUCCESS           The blob was measured successfully.
+  @retval Other errors
+**/
+EFI_STATUS
+EFIAPI
+MeasureKernelBlob (
+  IN  CONST CHAR16  *BlobName,
+  IN  UINT32        BlobNameSize,
+  IN  CONST VOID    *BlobBase,
+  IN  UINT32        BlobSize
+  );
+
+#endif
diff --git a/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
new file mode 100644
index 000000000000..e93e3cf164c0
--- /dev/null
+++ b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
@@ -0,0 +1,34 @@
+/** @file
+
+  Null implementation of the blob measurement library.
+
+  Copyright (C) 2022, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BlobMeasurementLib.h>
+
+/**
+  Measure blob from an external source.
+
+  @param[in] BlobName           The name of the blob
+  @param[in] BlobNameSize       Size of the blob name
+  @param[in] BlobBase           The data of the blob
+  @param[in] BlobSize           The size of the blob in bytes
+
+  @retval EFI_SUCCESS           The blob was measured successfully.
+  @retval Other errors
+**/
+EFI_STATUS
+EFIAPI
+MeasureKernelBlob (
+  IN  CONST CHAR16  *BlobName,
+  IN  UINT32        BlobNameSize,
+  IN  CONST VOID    *BlobBase,
+  IN  UINT32        BlobSize
+  )
+{
+  return EFI_SUCCESS;
+}
diff --git a/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
new file mode 100644
index 000000000000..5bf3710222c2
--- /dev/null
+++ b/OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
@@ -0,0 +1,24 @@
+## @file
+#
+#  Null implementation of the blob measurement library.
+#
+#  Copyright (C) 2022, Intel Corporation. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BlobMeasurementLibNull
+  FILE_GUID                      = fad119ff-8627-4661-a35f-920a6eeb2866
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BlobMeasurementLib
+
+[Sources]
+  BlobMeasurementLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 8c2048051bea..da94e4c7aa89 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -26,6 +26,9 @@
   ##  @libraryclass  Verify blobs read from the VMM
   BlobVerifierLib|Include/Library/BlobVerifierLib.h
 
+  ##  @libraryclass  Measure blobs read from the VMM
+  BlobMeasurementLib|Include/Library/BlobMeasurementLib.h
+
   ##  @libraryclass  Loads and boots a Linux kernel image
   #
   LoadLinuxLib|Include/Library/LoadLinuxLib.h
-- 
2.29.2.windows.2

[PATCH 2/4] OvmfPkg: Add BlobMeasurementLibNull to dsc

[Min Xu]

This prepares the ground for calling MeasureKernelBlob() in
QemuKernelLoaderFsDxe.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 ArmVirtPkg/ArmVirtQemu.dsc       | 1 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 +
 OvmfPkg/AmdSev/AmdSevX64.dsc     | 2 ++
 OvmfPkg/CloudHv/CloudHvX64.dsc   | 1 +
 OvmfPkg/Microvm/MicrovmX64.dsc   | 1 +
 OvmfPkg/OvmfPkgIa32.dsc          | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc       | 1 +
 OvmfPkg/OvmfPkgX64.dsc           | 1 +
 OvmfPkg/OvmfXen.dsc              | 1 +
 9 files changed, 10 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index aa0ce61630f7..5d7416c61e05 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -447,6 +447,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
 
   #
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 7f7d15d6eee3..c74c2630bd7a 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -382,6 +382,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
 
   #
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index bead9722eab8..5e62cff033e1 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -176,6 +176,7 @@
   FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
   BlobVerifierLib|OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashes.inf
   MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
+  BlobMeasurementLib|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
 
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDebug/PeCoffExtraActionLibDebug.inf
@@ -678,6 +679,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashes.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 92664f319be2..a89413f2ffba 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -744,6 +744,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index f8fc977cb205..4c96a4a1dc3a 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -705,6 +705,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index c16a840fff16..40339d2812e9 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -780,6 +780,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d3a80cb56892..144d2308bb0e 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -794,6 +794,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 7b3d48aac430..9a027a89b417 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -859,6 +859,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 6ba4bd729ae7..b0410a33d6ac 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -603,6 +603,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
   }
   OvmfPkg/XenIoPvhDxe/XenIoPvhDxe.inf
   OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf
-- 
2.29.2.windows.2

[PATCH 3/4] OvmfPkg: Implement BlobMeasurementLibTdx

[Min Xu]

OvmfPkg/IntelTdx/BlobMeasurementLibTdx is implemented for measurement
of Kernel blob. It calls EFI_CC_MEASUREMENT_PROTOCOL to do the
measurement.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87 +++++++++++++++++++
 .../BlobMeasurementLibTdx.inf                 | 30 +++++++
 2 files changed, 117 insertions(+)
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf

diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
new file mode 100644
index 000000000000..33a2a3502109
--- /dev/null
+++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
@@ -0,0 +1,87 @@
+/** @file
+
+  Copyright (C) 2022, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <PiDxe.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Protocol/Tcg2Protocol.h>
+#include <Protocol/CcMeasurement.h>
+#include <Library/BlobVerifierLib.h>
+
+EFI_CC_MEASUREMENT_PROTOCOL  *mCcProtocol = NULL;
+
+/**
+  Measure blob from an external source.
+
+  @param[in] BlobName           The name of the blob
+  @param[in] BlobNameSize       Size of the blob name
+  @param[in] BlobBase           The data of the blob
+  @param[in] BlobSize           The size of the blob in bytes
+
+  @retval EFI_SUCCESS           The blob was measured successfully.
+  @retval Other errors
+**/
+EFI_STATUS
+EFIAPI
+MeasureKernelBlob (
+  IN  CONST CHAR16  *BlobName,
+  IN  UINT32        BlobNameSize,
+  IN  CONST VOID    *BlobBase,
+  IN  UINT32        BlobSize
+  )
+{
+  EFI_STATUS    Status;
+  UINT32        MrIndex;
+  EFI_CC_EVENT  *CcEvent;
+
+  if ((BlobBase == 0) || (BlobSize == 0)) {
+    ASSERT (FALSE);
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (mCcProtocol == NULL) {
+    Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&mCcProtocol);
+    if (EFI_ERROR (Status)) {
+      //
+      // EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.
+      //
+      DEBUG ((DEBUG_ERROR, "%a: EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.\n", __FUNCTION__));
+      return EFI_NOT_FOUND;
+    }
+  }
+
+  Status = mCcProtocol->MapPcrToMrIndex (mCcProtocol, 4, &MrIndex);
+  if (EFI_ERROR (Status)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  CcEvent = AllocateZeroPool (BlobNameSize + sizeof (EFI_CC_EVENT) - sizeof (CcEvent->Event));
+  if (CcEvent == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  CcEvent->Size                 = BlobNameSize + sizeof (EFI_CC_EVENT) - sizeof (CcEvent->Event);
+  CcEvent->Header.EventType     = EV_PLATFORM_CONFIG_FLAGS;
+  CcEvent->Header.MrIndex       = MrIndex;
+  CcEvent->Header.HeaderSize    = sizeof (EFI_TCG2_EVENT_HEADER);
+  CcEvent->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
+  CopyMem (&CcEvent->Event[0], BlobName, BlobNameSize);
+
+  Status = mCcProtocol->HashLogExtendEvent (
+                          mCcProtocol,
+                          0,
+                          (EFI_PHYSICAL_ADDRESS)(UINTN)BlobBase,
+                          BlobSize,
+                          CcEvent
+                          );
+
+  FreePool (CcEvent);
+
+  return Status;
+}
diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
new file mode 100644
index 000000000000..880c60159c3d
--- /dev/null
+++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
@@ -0,0 +1,30 @@
+## @file
+#
+#  Copyright (C) 2022, Intel Corporation. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BlobMeasurementLibTdx
+  FILE_GUID                      = ac1a8997-9d91-47c4-b18a-dbe0d1a94fde
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BlobMeaurementLib
+
+[Sources]
+  BlobMeasurement.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+
+[Protocols]
+  gEfiCcMeasurementProtocolGuid
-- 
2.29.2.windows.2

[PATCH 4/4] OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg

[Min Xu]

In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content
of the kernel/initrd/cmdline from the QEMU fw_cfg interface.  Insert a
call to MeasureKernelBlob after fetching to allow BlobMeasurementLib
implementations to add a measurement step for these blobs.

This will allow confidential computing OVMF builds to add measurement
mechanisms for these blobs that originate from an untrusted source
(QEMU).

In current platforms in OvmfPkg, only IntelTdx supports blob measurement.
So OvmfPkg/IntelTdx/IntelTdxX64.dsc is updated to use
OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf. Other
dsc are using the null implementation of BlobMeasurementLibNull.inf.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/IntelTdx/IntelTdxX64.dsc                    |  1 +
 .../QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c   | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 00bc1255bc4e..2887047316b6 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -611,6 +611,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index d4f3cd92255f..6720dae1d06c 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -18,6 +18,7 @@
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/BlobVerifierLib.h>
+#include <Library/BlobMeasurementLib.h>
 #include <Library/DebugLib.h>
 #include <Library/DevicePathLib.h>
 #include <Library/MemoryAllocationLib.h>
@@ -1074,6 +1075,18 @@ QemuKernelLoaderFsDxeEntrypoint (
       goto FreeBlobs;
     }
 
+    if ((CurrentBlob->Data > 0) && (CurrentBlob->Size > 0)) {
+      Status = MeasureKernelBlob (
+                 CurrentBlob->Name,
+                 sizeof (CurrentBlob->Name),
+                 CurrentBlob->Data,
+                 CurrentBlob->Size
+                 );
+      if (EFI_ERROR (Status)) {
+        goto FreeBlobs;
+      }
+    }
+
     mTotalBlobBytes += CurrentBlob->Size;
   }
 
-- 
2.29.2.windows.2

Re: [PATCH 3/4] OvmfPkg: Implement BlobMeasurementLibTdx

[Gerd Hoffmann]

> +EFI_STATUS
> +EFIAPI
> +MeasureKernelBlob (
> +  IN  CONST CHAR16  *BlobName,
> +  IN  UINT32        BlobNameSize,
> +  IN  CONST VOID    *BlobBase,
> +  IN  UINT32        BlobSize
> +  )
> +{
> +  EFI_STATUS    Status;
> +  UINT32        MrIndex;
> +  EFI_CC_EVENT  *CcEvent;
> +
> +  if ((BlobBase == 0) || (BlobSize == 0)) {
> +    ASSERT (FALSE);
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
> +  if (mCcProtocol == NULL) {
> +    Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&mCcProtocol);
> +    if (EFI_ERROR (Status)) {
> +      //
> +      // EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.
> +      //
> +      DEBUG ((DEBUG_ERROR, "%a: EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.\n", __FUNCTION__));
> +      return EFI_NOT_FOUND;
> +    }
> +  }

I think it makes sense to support measurement to both tdx and tpm here.

> +  Status = mCcProtocol->MapPcrToMrIndex (mCcProtocol, 4, &MrIndex);

Why PCR 4 for everything?

When grub measures to the tpm it uses PCR 8 (strings, i.e. configuration
and kernel command line) and PCR 9 (binaries, i.e. kernel + initrd).

take care,
  Gerd

Re: [PATCH 0/4] Measure kernel blob

[Yao, Jiewen]

Hi
I am not clear about the design. Some questions:

1. This should be generic feature for trusted boot. Not TDX specific. Right?

2. Why we need BlobMeasurementLib?
We already have TpmMeasurementLib. Why we cannot use it?

3. Why we need BlobMeasurementLibTdx?
Even if we really need BlobMeasurementLib, the flow should be: ->BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx

4. Why we need BlobMeasurementLibNull?
We already have TpmMeasurementLibNull. What is benefit to add one more NULL MeasurementLib?

Thank you
Yao Jiewen

> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Monday, May 23, 2022 1:56 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>;
> Ashish Kalra <ashish.kalra@amd.com>; Brijesh Singh <brijesh.singh@amd.com>;
> Aktas, Erdem <erdemaktas@google.com>; James Bottomley
> <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Sami Mujawar <sami.mujawar@arm.com>;
> Gerd Hoffmann <kraxel@redhat.com>
> Subject: [PATCH 0/4] Measure kernel blob
> 
> Kernel blobs include the kernel image, initrd, command line. These are
> external inputs from host VMM. In some platforms,such as Tdx environment,
> Host VMM is treated as un-trusted. So these external inputs should be
> measured.
> 
> This patch-set imports a new library class (BlobMeasurementLib). It is
> designed to do the blob measurement, including the kernel blob
> measurement. In the future, it will do other blob measurement, such as
> measuring ACPI table which is also passed from host VMM.
> 
> The code is at: https://github.com/mxu9/edk2/tree/MeasureKernelBlob.v1
> 
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ashish Kalra <ashish.kalra@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> 
> Min Xu (4):
>   OvmfPkg: Add library class BlobMeasurementLib with null implementation
>   OvmfPkg: Add BlobMeasurementLibNull to dsc
>   OvmfPkg: Implement BlobMeasurementLibTdx
>   OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg
> 
>  ArmVirtPkg/ArmVirtQemu.dsc                    |  1 +
>  ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +
>  OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
>  OvmfPkg/Include/Library/BlobMeasurementLib.h  | 38 ++++++++
>  .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87 +++++++++++++++++++
>  .../BlobMeasurementLibTdx.inf                 | 30 +++++++
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
>  .../BlobMeasurementLibNull.c                  | 34 ++++++++
>  .../BlobMeasurementLibNull.inf                | 24 +++++
>  OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
>  OvmfPkg/OvmfPkg.dec                           |  3 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
>  OvmfPkg/OvmfPkgX64.dsc                        |  1 +
>  OvmfPkg/OvmfXen.dsc                           |  1 +
>  .../QemuKernelLoaderFsDxe.c                   | 13 +++
>  17 files changed, 240 insertions(+)
>  create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h
>  create mode 100644
> OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
>  create mode 100644
> OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
>  create mode 100644
> OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
>  create mode 100644
> OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
> 
> --
> 2.29.2.windows.2

Re: [edk2-devel] [PATCH 0/4] Measure kernel blob

[Yao, Jiewen]

Fix Typo for 3:
->BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx
Should be: ->BlobMeasurementLib->TpmMeasurementLib->CcProtocol->Tdx

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Monday, May 23, 2022 5:30 PM
> To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Ashish Kalra <ashish.kalra@amd.com>; Brijesh
> Singh <brijesh.singh@amd.com>; Aktas, Erdem <erdemaktas@google.com>;
> James Bottomley <jejb@linux.ibm.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Sami Mujawar <sami.mujawar@arm.com>;
> Gerd Hoffmann <kraxel@redhat.com>
> Subject: Re: [edk2-devel] [PATCH 0/4] Measure kernel blob
> 
> Hi
> I am not clear about the design. Some questions:
> 
> 1. This should be generic feature for trusted boot. Not TDX specific. Right?
> 
> 2. Why we need BlobMeasurementLib?
> We already have TpmMeasurementLib. Why we cannot use it?
> 
> 3. Why we need BlobMeasurementLibTdx?
> Even if we really need BlobMeasurementLib, the flow should be: -
> >BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx
> 
> 4. Why we need BlobMeasurementLibNull?
> We already have TpmMeasurementLibNull. What is benefit to add one more
> NULL MeasurementLib?
> 
> Thank you
> Yao Jiewen
> 
> > -----Original Message-----
> > From: Xu, Min M <min.m.xu@intel.com>
> > Sent: Monday, May 23, 2022 1:56 PM
> > To: devel@edk2.groups.io
> > Cc: Xu, Min M <min.m.xu@intel.com>; Ard Biesheuvel
> > <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>;
> > Ashish Kalra <ashish.kalra@amd.com>; Brijesh Singh
> <brijesh.singh@amd.com>;
> > Aktas, Erdem <erdemaktas@google.com>; James Bottomley
> > <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom Lendacky
> > <thomas.lendacky@amd.com>; Sami Mujawar <sami.mujawar@arm.com>;
> > Gerd Hoffmann <kraxel@redhat.com>
> > Subject: [PATCH 0/4] Measure kernel blob
> >
> > Kernel blobs include the kernel image, initrd, command line. These are
> > external inputs from host VMM. In some platforms,such as Tdx environment,
> > Host VMM is treated as un-trusted. So these external inputs should be
> > measured.
> >
> > This patch-set imports a new library class (BlobMeasurementLib). It is
> > designed to do the blob measurement, including the kernel blob
> > measurement. In the future, it will do other blob measurement, such as
> > measuring ACPI table which is also passed from host VMM.
> >
> > The code is at: https://github.com/mxu9/edk2/tree/MeasureKernelBlob.v1
> >
> > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Ashish Kalra <ashish.kalra@amd.com>
> > Cc: Brijesh Singh <brijesh.singh@amd.com>
> > Cc: Erdem Aktas <erdemaktas@google.com>
> > Cc: James Bottomley <jejb@linux.ibm.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Sami Mujawar <sami.mujawar@arm.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Signed-off-by: Min Xu <min.m.xu@intel.com>
> >
> > Min Xu (4):
> >   OvmfPkg: Add library class BlobMeasurementLib with null implementation
> >   OvmfPkg: Add BlobMeasurementLibNull to dsc
> >   OvmfPkg: Implement BlobMeasurementLibTdx
> >   OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg
> >
> >  ArmVirtPkg/ArmVirtQemu.dsc                    |  1 +
> >  ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
> >  OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +
> >  OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
> >  OvmfPkg/Include/Library/BlobMeasurementLib.h  | 38 ++++++++
> >  .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87
> +++++++++++++++++++
> >  .../BlobMeasurementLibTdx.inf                 | 30 +++++++
> >  OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
> >  .../BlobMeasurementLibNull.c                  | 34 ++++++++
> >  .../BlobMeasurementLibNull.inf                | 24 +++++
> >  OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
> >  OvmfPkg/OvmfPkg.dec                           |  3 +
> >  OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
> >  OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
> >  OvmfPkg/OvmfPkgX64.dsc                        |  1 +
> >  OvmfPkg/OvmfXen.dsc                           |  1 +
> >  .../QemuKernelLoaderFsDxe.c                   | 13 +++
> >  17 files changed, 240 insertions(+)
> >  create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h
> >  create mode 100644
> > OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
> >  create mode 100644
> > OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
> >  create mode 100644
> > OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
> >  create mode 100644
> > OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
> >
> > --
> > 2.29.2.windows.2
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH 0/4] Measure kernel blob

[Ard Biesheuvel]

Same questions here. I don't think we should use the legacy Linux EFI
handover protocol for CC implementations, and the ordinary
LoadImage/StartImage based boot sequence already incorporates TPM
measurement, of which TDX and SEV/SNP are just a specialization.

So I don't understand why we need any of this in the first place.


On Mon, 23 May 2022 at 11:36, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Fix Typo for 3:
> ->BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx
> Should be: ->BlobMeasurementLib->TpmMeasurementLib->CcProtocol->Tdx
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> > Sent: Monday, May 23, 2022 5:30 PM
> > To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
> > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen, Jordan L
> > <jordan.l.justen@intel.com>; Ashish Kalra <ashish.kalra@amd.com>; Brijesh
> > Singh <brijesh.singh@amd.com>; Aktas, Erdem <erdemaktas@google.com>;
> > James Bottomley <jejb@linux.ibm.com>; Tom Lendacky
> > <thomas.lendacky@amd.com>; Sami Mujawar <sami.mujawar@arm.com>;
> > Gerd Hoffmann <kraxel@redhat.com>
> > Subject: Re: [edk2-devel] [PATCH 0/4] Measure kernel blob
> >
> > Hi
> > I am not clear about the design. Some questions:
> >
> > 1. This should be generic feature for trusted boot. Not TDX specific. Right?
> >
> > 2. Why we need BlobMeasurementLib?
> > We already have TpmMeasurementLib. Why we cannot use it?
> >
> > 3. Why we need BlobMeasurementLibTdx?
> > Even if we really need BlobMeasurementLib, the flow should be: -
> > >BlobMeasurementLib->TpmMeasurementLib->TpmMeasurementLibTdx
> >
> > 4. Why we need BlobMeasurementLibNull?
> > We already have TpmMeasurementLibNull. What is benefit to add one more
> > NULL MeasurementLib?
> >
> > Thank you
> > Yao Jiewen
> >
> > > -----Original Message-----
> > > From: Xu, Min M <min.m.xu@intel.com>
> > > Sent: Monday, May 23, 2022 1:56 PM
> > > To: devel@edk2.groups.io
> > > Cc: Xu, Min M <min.m.xu@intel.com>; Ard Biesheuvel
> > > <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>;
> > > Ashish Kalra <ashish.kalra@amd.com>; Brijesh Singh
> > <brijesh.singh@amd.com>;
> > > Aktas, Erdem <erdemaktas@google.com>; James Bottomley
> > > <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom Lendacky
> > > <thomas.lendacky@amd.com>; Sami Mujawar <sami.mujawar@arm.com>;
> > > Gerd Hoffmann <kraxel@redhat.com>
> > > Subject: [PATCH 0/4] Measure kernel blob
> > >
> > > Kernel blobs include the kernel image, initrd, command line. These are
> > > external inputs from host VMM. In some platforms,such as Tdx environment,
> > > Host VMM is treated as un-trusted. So these external inputs should be
> > > measured.
> > >
> > > This patch-set imports a new library class (BlobMeasurementLib). It is
> > > designed to do the blob measurement, including the kernel blob
> > > measurement. In the future, it will do other blob measurement, such as
> > > measuring ACPI table which is also passed from host VMM.
> > >
> > > The code is at: https://github.com/mxu9/edk2/tree/MeasureKernelBlob.v1
> > >
> > > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > > Cc: Ashish Kalra <ashish.kalra@amd.com>
> > > Cc: Brijesh Singh <brijesh.singh@amd.com>
> > > Cc: Erdem Aktas <erdemaktas@google.com>
> > > Cc: James Bottomley <jejb@linux.ibm.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > > Cc: Sami Mujawar <sami.mujawar@arm.com>
> > > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > > Signed-off-by: Min Xu <min.m.xu@intel.com>
> > >
> > > Min Xu (4):
> > >   OvmfPkg: Add library class BlobMeasurementLib with null implementation
> > >   OvmfPkg: Add BlobMeasurementLibNull to dsc
> > >   OvmfPkg: Implement BlobMeasurementLibTdx
> > >   OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg
> > >
> > >  ArmVirtPkg/ArmVirtQemu.dsc                    |  1 +
> > >  ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
> > >  OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +
> > >  OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
> > >  OvmfPkg/Include/Library/BlobMeasurementLib.h  | 38 ++++++++
> > >  .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87
> > +++++++++++++++++++
> > >  .../BlobMeasurementLibTdx.inf                 | 30 +++++++
> > >  OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
> > >  .../BlobMeasurementLibNull.c                  | 34 ++++++++
> > >  .../BlobMeasurementLibNull.inf                | 24 +++++
> > >  OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
> > >  OvmfPkg/OvmfPkg.dec                           |  3 +
> > >  OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
> > >  OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
> > >  OvmfPkg/OvmfPkgX64.dsc                        |  1 +
> > >  OvmfPkg/OvmfXen.dsc                           |  1 +
> > >  .../QemuKernelLoaderFsDxe.c                   | 13 +++
> > >  17 files changed, 240 insertions(+)
> > >  create mode 100644 OvmfPkg/Include/Library/BlobMeasurementLib.h
> > >  create mode 100644
> > > OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
> > >  create mode 100644
> > > OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
> > >  create mode 100644
> > > OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.c
> > >  create mode 100644
> > > OvmfPkg/Library/BlobMeasurementLibNull/BlobMeasurementLibNull.inf
> > >
> > > --
> > > 2.29.2.windows.2
> >
> >
> >
> > 
> >
>