From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web09.5800.1635834300661396406 for ; Mon, 01 Nov 2021 23:25:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=jXHI/YmO; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10155"; a="294649308" X-IronPort-AV: E=Sophos;i="5.87,201,1631602800"; d="scan'208";a="294649308" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Nov 2021 23:24:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,201,1631602800"; d="scan'208";a="467570499" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga002.jf.intel.com with ESMTP; 01 Nov 2021 23:24:59 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 1 Nov 2021 23:24:59 -0700 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 1 Nov 2021 23:24:59 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 1 Nov 2021 23:24:59 -0700 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.171) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 1 Nov 2021 23:24:55 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FJZgJNPxTLznl9VZC5d1U1gvdnJdk0suQDv1c5jvsodOkMSVm5mFz6fL5rPLCymGPN1LJ4o4J7ys/Y1dSgoquf/NOlXf7y5BrRtWukFTyeJlZR6TXWUDrMh3EfrUYpKNR8niNn/4nc9JJk6SR2uXSp4PrLvhgLICIhdvq1ogSNYqd63qYGgLo5HDryFW+1S2pr0HRta/TPfYcvtDS+xn1qMcbsOLNTOnYWAJ0esSKlUrwrNputrBxEYOrIPVSShYMaS4CHBqm3gSiTZ9RkrA2hMn2K33OQ81mQN3/ks2ayUUFnq7L+u7V4uEZ3sBytyKu4uFbyPoZbPVoLj1stKvWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9rBDehEh/kElF6GmQEluOJ9Lz2BI2bm2BerGJKLjsRo=; b=YfMIADMd4e5OJerHJIhLb1v6RO3RdIc3NJKBqKVWz7phS38I7DQLCEIAw17Bj2UM5sjib4OfWDtXdY3KRY7jm35h3WnXiWh7Sn7vh8BGb8TLnEL/WcD2PeZF498gmmijDWNuG4CMcwSCzlsr/pAztTMSGwRLi8Cm88HVF5ZORrbVnhBxDYlAoy8WcaKgihzI12qWshwM5rscjM+95ITtq7rxXAn3Hhbpqf3eH9fyh1JaRV6od/vUjCG/Oq37I3lDrcN2Znn1amK0/acEupU9h6vDM7PSDGJGsGmDr/af2of/qpN3uiVCS73++xVInzbriCKcph/V07gR9PDYoQGMcg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9rBDehEh/kElF6GmQEluOJ9Lz2BI2bm2BerGJKLjsRo=; b=jXHI/YmO/T97ZFRhqN9DSDrERFFv9L7ZdExpeBzhtTIP5tggrAxhT8oaf4/LlILwgSA60C5O/qBcLUM1v9kBxMxNev11f+7grAHsrnGuP9k3bIfeUJhfDt1IahWZAncKt2ZeL1nrAN0LZ08z6FCdF0al+5hLI8wSwbKlqmfIdsk= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5046.namprd11.prod.outlook.com (2603:10b6:510:3b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.14; Tue, 2 Nov 2021 06:24:54 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::c5cb:e37a:9f3:8f80]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::c5cb:e37a:9f3:8f80%5]) with mapi id 15.20.4649.019; Tue, 2 Nov 2021 06:24:54 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "devel@edk2.groups.io" CC: "Kinney, Michael D" , Liming Gao , "Liu, Zhiguang" , "Wang, Jian J" , Sami Mujawar , "Gerd Hoffmann" Subject: Re: [PATCH V4 2/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib Thread-Topic: [PATCH V4 2/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib Thread-Index: AQHXz5SlT4BI8Kc+jUOyjIF68EsLa6vvxWVA Date: Tue, 2 Nov 2021 06:24:53 +0000 Message-ID: References: <17126378b5048506a508ef58a6610ada0b462bad.1635818903.git.min.m.xu@intel.com> In-Reply-To: <17126378b5048506a508ef58a6610ada0b462bad.1635818903.git.min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.200.16 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: deeaecb5-0bf3-43a4-504c-08d99dc97bd6 x-ms-traffictypediagnostic: PH0PR11MB5046: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:109; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: aBqvIhNdhiTpU+RWjmRFUPHtuEv+S70av8iQOYkMNHFc6CwAtCz9cdJqJMJvTF/UvZvhaoqN630EeCqz1Qza5BLoDWnf4YKePDZDxBg+BxLRADctlQqG5U4DumgDlSkm05aeDFQ871I2J+AL/QK7MTDveFU+fy4CsbcbHKjT+HX4L7UIk5Czxn7ZOQusyOHtVqbRRF+V4y5HNyqtgVYCj1MV8zKuE7n6kAvjI71W93efofRSrH3NFRNbDjJt9k8FU+d+xFqLbt0DlPhRVuCogBhjeR1KpqpXQJkWWf3xOzE5P7y+Ck9pdZ+u8MUiADxpEQqO64McBupNrcdN2JMyrv2yuhzllMLGh5JYK9yA+Euc8Ob/yQ5XFPCXkyMVY3GxSIn6zQUW68M0LuT+2h8FgVTHfi3MMk6Sq/Rwu135QQZD7utymiQzlIEqzMMXlOc1eUVHGR1+Uw19w+DS9qN4/Npe8EfkJ7t109uu3akfCA/a8BWjBhlmfrgtnaUX5SfUYfUNpZHifpp5apQtmpRFutEcV/bmVFVz9e+LHrliqIfPYYlt4hzrKlYtr3ntwJ6JM9O1Cxt7PW6cYhkfkrDLfU641DdXNkYES7VwAxjByVfBPhO3PAur5IDrRzeQi7bSRHcsxczcHsJWU5NTPZovMLE6zgkoExhdNkSclb9jRffnmsw7OWLzmHakRir4s/ji//XT1LQKs1Ct3WmrmyY1D+UUS5tdzh866gHn48qNcIAh6YRkD/7qHarDmu3ml4krVNCu5KV8JclrmbD5zehQ4YcaXNpZJin6uVpGBFIgOqc= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(316002)(66476007)(64756008)(66556008)(66446008)(52536014)(19627235002)(53546011)(6506007)(76116006)(71200400001)(26005)(966005)(508600001)(5660300002)(15650500001)(86362001)(54906003)(66946007)(4326008)(7696005)(110136005)(2906002)(33656002)(122000001)(38100700002)(30864003)(82960400001)(8676002)(9686003)(55016002)(38070700005)(83380400001)(186003)(8936002)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?EUZZforMAeRkRUrVYgX2vxAmUZsCzxfMs/oSo5dCOc69GGR+0O7mgKymQDSY?= =?us-ascii?Q?T6NwsbQkmX2zQ0oPEXvK9+EAe2/KKMv2X1hiOZVUPhmwIIncUGdd7AZabtx5?= =?us-ascii?Q?L8fBwdaJ9Uqo5dDebM6TlRu7+QSwFsHxBOQW0ahphzpS9zI/UayDAd2lZprr?= =?us-ascii?Q?X8K9yK13DYx5U1Va6b5rWsugPiCNSqCX7AGgLcBS7a9S6KR8si6XKpm0Z0a0?= =?us-ascii?Q?A5Aq1a82gfgGoSwNK/iUsPlwsyIjoP/2XA+Tqz9eNULF/UZoURv/yLD6ugPK?= =?us-ascii?Q?x1j1D9BxUKXaUrB+9BcMVNTPwdno2IpSC3Z6RQLC2O72lkFh/AU6aclbaIDn?= =?us-ascii?Q?/TveXI1Cmo0Q0OP3bamvUTjMW4pdHhISNp9SFuKOvreHTPqGZGvSK+9pvIEe?= =?us-ascii?Q?7A8XjB88gxeDtASGUsYMbClyZFNXj3xN9T2jeMTZ0QNcb/XYjTqrJX/P86PR?= =?us-ascii?Q?Qxoq2wE5ZhWoL10bihg6IenLzs16bYZcQY7m2V+GpLZc3Kt28c3uFR5xuk1K?= =?us-ascii?Q?D8Hs1y+T1/7EacYCGxFAJe3skW69ZSQB+NgXmQeEK50TNtoee450MvTskslD?= =?us-ascii?Q?dfnMNuq3Ed/awttauAGumZzh+AoZjffPb8Y9ufVlCci342OUGlBptzeDD0FB?= =?us-ascii?Q?mWSe7Rd9oeMWKuq9wBh4Xvfu5r++9GLmSwKedPngYlUTAZ9mTernZvCESg7A?= =?us-ascii?Q?CP8bDDmR1VRDaSAXl3Umi9IO6apJhnJG+bTwPiKoJEmM9LDDdlJX6WN3nce9?= =?us-ascii?Q?ZM6MgOWMqW9+cSkoHw2WUAWdrQzP42iyVl4RkSmMp9l91/xCNTVJ5ilDdbSL?= =?us-ascii?Q?PmwryPv8SD69+IyPi9AMa7U1YnY2rC5+mVahACbYtosgEGqlx2VDBSh7Y9/V?= =?us-ascii?Q?qmKKb3oMgNyrwK17dsvWBsVJwWtS9nkc7w8A3OMv/V0dTmXNSUejOA52jEfp?= =?us-ascii?Q?lbHNezpVEAdZVOQmVjDwrVxAwqHQB+zXzxss8O9nBr+3UTmk4uIgRQeHKWiW?= =?us-ascii?Q?GV0ijOSyGrc0Pdbx9VNAG7QuuSJY5CWRGE8R6q/s15XD9CAKnDTFLtI2CaPL?= =?us-ascii?Q?PG2Q2K0UrAGew5LcBprhM9ti4MhwyuG6QNRSSHZEgyGPqVJHxCWTBltUXWwE?= =?us-ascii?Q?Eh5WzgM5nv4eMBkg0aVumK5GCUvaweZXQMD9354qGNFQiRIqFJ3rNPMZjJVP?= =?us-ascii?Q?FQAFH/aNy0fKfemEgk0HxkF6SE1H9Rm7B1BIKP8GUHcc2b6mvGRwULHgBj4p?= =?us-ascii?Q?fQUxxEnQBxgsVXabU2HoC2+98fNw5EFD2FgDvUp/KQqsQZs9fAyEcJnh7+J5?= =?us-ascii?Q?zxgpw2wKxh+DGeTc7Ff76YknOK4yQnLwnVnTcmxW3hYfTWvGqwYtW+MuQsjb?= =?us-ascii?Q?KyR2XaNkYAwyd1xFwDPX5ZFOcoRvrmNRBys6zwz0juc3o1fa/knAwQak51Zr?= =?us-ascii?Q?jML32gb3vkTN/fwwHvgEQWqivKQmuHA7+gXiINbU2MJerF2fhRDcctOtA5+V?= =?us-ascii?Q?+L+8iie3xNiGBJ+lzS6AIkZFFovH1i7RirnWzY5GODgfMNfo3U+sDPaVu/8o?= =?us-ascii?Q?PB1giFJgAiqriff9o82/bN+ofTNAOv5oRiOGTPKZM1Q2jZtXomME317g8daq?= =?us-ascii?Q?5pXoJMGYrTirpsya3w9YQoA=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: deeaecb5-0bf3-43a4-504c-08d99dc97bd6 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2021 06:24:53.9304 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: aEk/T08mPYPf4EImeVK8edvPNpzxqUOqfgL7D+rhxyZosnPRmuoQ9NefStB7EH93vxXNKlkTk86PwR2ewtfAiw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5046 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable May I know which platform you have run the test? I think we need cover both TD and TPM in real platform. > -----Original Message----- > From: Xu, Min M > Sent: Tuesday, November 2, 2021 10:51 AM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Kinney, Michael D > ; Liming Gao ; Liu, > Zhiguang ; Yao, Jiewen ; > Wang, Jian J ; Sami Mujawar > ; Gerd Hoffmann > Subject: [PATCH V4 2/3] SecurityPkg: Support CcMeasurementProtocol in > DxeTpm2MeasureBootLib >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3625 >=20 > DxeTpm2MeasureBootLib supports TPM2 based measure boot. After > CcMeasurementProtocol is introduced, CC based measure boot needs to > be supported in DxeTpm2MeasureBootLib as well. >=20 > There are 2 major changes in this commit. >=20 > 1. MEASURE_BOOT_PROTOCOLS is defined to store the instances of TCG2 > protocol and TEE protocol. In the DxeTpm2MeasureBootHandler above 2 > measure boot protocol instances will be located. Then the located > protocol instances will be called to do the measure boot. >=20 > 2. CcEvent is similar to Tcg2Event except the MrIndex and PcrIndex. > CreateCcEventFromTcg2Event is used to create the CcEvent based on the > Tcg2Event. >=20 > Above 2 changes make the minimize changes to the existing code. >=20 > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Sami Mujawar > Cc: Gerd Hoffmann > Signed-off-by: Min Xu > --- > .../DxeTpm2MeasureBootLib.c | 366 ++++++++++++++---- > .../DxeTpm2MeasureBootLib.inf | 3 +- > 2 files changed, 299 insertions(+), 70 deletions(-) >=20 > diff --git > a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > index 92eac715800f..af889b6ed3ed 100644 > --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > +++ > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > @@ -1,5 +1,6 @@ > /** @file > - The library instance provides security service of TPM2 measure boot. > + The library instance provides security service of TPM2 measure boot an= d > + Confidential Computing (CC) measure boot. >=20 > Caution: This file requires additional review when modified. > This library will have external input - PE/COFF image and GPT partitio= n. > @@ -41,6 +42,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include > + > +typedef struct { > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol; > +} MEASURE_BOOT_PROTOCOLS; >=20 > // > // Flag to check GPT partition. It only need be measured once. > @@ -55,6 +62,62 @@ UINTN mTcg2ImageSize; > EFI_HANDLE mTcg2CacheMeasuredHandle =3D NULL; > MEASURED_HOB_DATA *mTcg2MeasuredHobData =3D NULL; >=20 > +/** > + Create CcEvent from Tcg2Event. > + > + CcEvent is similar to Tcg2Event except the MrIndex. > + > + @param CcProtocol Pointer to the located Cc Measurement protocol > instance. > + @param Tcg2Event Pointer to the Tcg2Event. > + @param EventSize Size of the Event. > + @param EfiCcEvent The created CcEvent > + > + @retval EFI_SUCCESS Successfully create the CcEvent > + @retval EFI_INVALID_PARAMETER The input parameter is invalid > + @retval EFI_UNSUPPORTED The input PCRIndex cannot be mapped to C= c > MR > + @retval EFI_OUT_OF_RESOURCES Out of resource > +**/ > +EFI_STATUS > +CreateCcEventFromTcg2Event ( > + IN EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol, > + IN EFI_TCG2_EVENT *Tcg2Event, > + IN UINT32 EventSize, > + IN OUT EFI_CC_EVENT **EfiCcEvent > + ) > +{ > + UINT32 MrIndex; > + EFI_STATUS Status; > + EFI_CC_EVENT *CcEvent; > + > + if (Tcg2Event =3D=3D NULL || CcProtocol =3D=3D NULL || EfiCcEvent =3D= =3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + *EfiCcEvent =3D NULL; > + > + Status =3D CcProtocol->MapPcrToMrIndex (CcProtocol, Tcg2Event- > >Header.PCRIndex, &MrIndex); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Cannot map PcrIndex(%d) to MrIndex\n", > Tcg2Event->Header.PCRIndex)); > + return Status; > + } > + > + CcEvent =3D (EFI_CC_EVENT *)AllocateZeroPool (Tcg2Event->Size); > + if (CcEvent =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + CcEvent->Size =3D Tcg2Event->Size; > + CcEvent->Header.HeaderSize =3D Tcg2Event->Header.HeaderSize; > + CcEvent->Header.HeaderVersion =3D Tcg2Event->Header.HeaderVersion; > + CcEvent->Header.MrIndex =3D MrIndex; > + CcEvent->Header.EventType =3D Tcg2Event->Header.EventType; > + CopyMem (CcEvent->Event, Tcg2Event->Event, EventSize); > + > + *EfiCcEvent =3D CcEvent; > + > + return EFI_SUCCESS; > +} > + > /** > Reads contents of a PE/COFF image in memory buffer. >=20 > @@ -109,7 +172,7 @@ DxeTpm2MeasureBootLibImageRead ( > Caution: This function may receive untrusted input. > The GPT partition table is external input, so this function should par= se partition > data carefully. >=20 > - @param Tcg2Protocol Pointer to the located TCG2 protocol in= stance. > + @param MeasureBootProtocols Pointer to the located MeasureBoot > protocol instances (i.e. TCG2/Td protocol). > @param GptHandle Handle that GPT partition was installed= . >=20 > @retval EFI_SUCCESS Successfully measure GPT table. > @@ -121,8 +184,8 @@ DxeTpm2MeasureBootLibImageRead ( > EFI_STATUS > EFIAPI > Tcg2MeasureGptTable ( > - IN EFI_TCG2_PROTOCOL *Tcg2Protocol, > - IN EFI_HANDLE GptHandle > + IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols, > + IN EFI_HANDLE GptHandle > ) > { > EFI_STATUS Status; > @@ -134,13 +197,29 @@ Tcg2MeasureGptTable ( > UINTN NumberOfPartition; > UINT32 Index; > EFI_TCG2_EVENT *Tcg2Event; > + EFI_CC_EVENT *CcEvent; > EFI_GPT_DATA *GptData; > UINT32 EventSize; > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol; >=20 > if (mTcg2MeasureGptCount > 0) { > return EFI_SUCCESS; > } >=20 > + PrimaryHeader =3D NULL; > + EntryPtr =3D NULL; > + CcEvent =3D NULL; > + Tcg2Event =3D NULL; > + > + Tcg2Protocol =3D MeasureBootProtocols->Tcg2Protocol; > + CcProtocol =3D MeasureBootProtocols->CcProtocol; > + > + if (Tcg2Protocol =3D=3D NULL && CcProtocol =3D=3D NULL) { > + ASSERT (FALSE); > + return EFI_UNSUPPORTED; > + } > + > Status =3D gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, > (VOID**)&BlockIo); > if (EFI_ERROR (Status)) { > return EFI_UNSUPPORTED; > @@ -149,6 +228,7 @@ Tcg2MeasureGptTable ( > if (EFI_ERROR (Status)) { > return EFI_UNSUPPORTED; > } > + > // > // Read the EFI Partition Table Header > // > @@ -156,6 +236,7 @@ Tcg2MeasureGptTable ( > if (PrimaryHeader =3D=3D NULL) { > return EFI_OUT_OF_RESOURCES; > } > + > Status =3D DiskIo->ReadDisk ( > DiskIo, > BlockIo->Media->MediaId, > @@ -164,10 +245,20 @@ Tcg2MeasureGptTable ( > (UINT8 *)PrimaryHeader > ); > if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n")); > + DEBUG ((DEBUG_ERROR, "Failed to Read Partition Table Header!\n")); > FreePool (PrimaryHeader); > return EFI_DEVICE_ERROR; > } > + > + // > + // PrimaryHeader->SizeOfPartitionEntry should not be zero > + // > + if (PrimaryHeader->SizeOfPartitionEntry =3D=3D 0) { > + DEBUG ((DEBUG_ERROR, "SizeOfPartitionEntry should not be zero!\n")); > + FreePool (PrimaryHeader); > + return EFI_BAD_BUFFER_SIZE; > + } > + > // > // Read the partition entry. > // > @@ -202,15 +293,14 @@ Tcg2MeasureGptTable ( > } >=20 > // > - // Prepare Data for Measurement > + // Prepare Data for Measurement (CcProtocol and Tcg2Protocol) > // > EventSize =3D (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partit= ions) > + NumberOfPartition * PrimaryHeader->SizeOfParti= tionEntry); > Tcg2Event =3D (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof > (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); > if (Tcg2Event =3D=3D NULL) { > - FreePool (PrimaryHeader); > - FreePool (EntryPtr); > - return EFI_OUT_OF_RESOURCES; > + Status =3D EFI_OUT_OF_RESOURCES; > + goto Exit; > } >=20 > Tcg2Event->Size =3D EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2E= vent- > >Event); > @@ -243,22 +333,57 @@ Tcg2MeasureGptTable ( > } >=20 > // > - // Measure the GPT data > + // Measure the GPT data by Tcg2Protocol > // > - Status =3D Tcg2Protocol->HashLogExtendEvent ( > - Tcg2Protocol, > - 0, > - (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, > - (UINT64) EventSize, > - Tcg2Event > - ); > - if (!EFI_ERROR (Status)) { > - mTcg2MeasureGptCount++; > - } > - > - FreePool (PrimaryHeader); > - FreePool (EntryPtr); > - FreePool (Tcg2Event); > + if (Tcg2Protocol !=3D NULL) { > + Status =3D Tcg2Protocol->HashLogExtendEvent ( > + Tcg2Protocol, > + 0, > + (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, > + (UINT64) EventSize, > + Tcg2Event > + ); > + if (!EFI_ERROR (Status)) { > + mTcg2MeasureGptCount++; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Tcg2 > MeasureGptTable - %r\n", Status)); > + > + } else if (CcProtocol !=3D NULL) { > + > + // > + // Measure the GPT data by TdProtocol > + // > + Status =3D CreateCcEventFromTcg2Event (CcProtocol, Tcg2Event, EventS= ize, > &CcEvent); > + if (EFI_ERROR (Status)) { > + goto Exit; > + } > + > + Status =3D CcProtocol->HashLogExtendEvent ( > + CcProtocol, > + 0, > + (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, > + (UINT64) EventSize, > + CcEvent > + ); > + if (!EFI_ERROR (Status)) { > + mTcg2MeasureGptCount++; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Cc > MeasureGptTable - %r\n", Status)); > + } > + > +Exit: > + if (PrimaryHeader !=3D NULL) { > + FreePool (PrimaryHeader); > + } > + if (EntryPtr !=3D NULL) { > + FreePool (EntryPtr); > + } > + if (Tcg2Event !=3D NULL) { > + FreePool (Tcg2Event); > + } > + if (CcEvent !=3D NULL) { > + FreePool (CcEvent); > + } >=20 > return Status; > } > @@ -271,12 +396,12 @@ Tcg2MeasureGptTable ( > PE/COFF image is external input, so this function will validate its da= ta structure > within this image buffer before use. >=20 > - @param[in] Tcg2Protocol Pointer to the located TCG2 protocol instanc= e. > - @param[in] ImageAddress Start address of image buffer. > - @param[in] ImageSize Image size > - @param[in] LinkTimeBase Address that the image is loaded into memory= . > - @param[in] ImageType Image subsystem type. > - @param[in] FilePath File path is corresponding to the input imag= e. > + @param[in] MeasureBootProtocols Pointer to the located MeasureBoot > protocol instances. > + @param[in] ImageAddress Start address of image buffer. > + @param[in] ImageSize Image size > + @param[in] LinkTimeBase Address that the image is loaded int= o memory. > + @param[in] ImageType Image subsystem type. > + @param[in] FilePath File path is corresponding to the in= put image. >=20 > @retval EFI_SUCCESS Successfully measure image. > @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. > @@ -287,7 +412,7 @@ Tcg2MeasureGptTable ( > EFI_STATUS > EFIAPI > Tcg2MeasurePeImage ( > - IN EFI_TCG2_PROTOCOL *Tcg2Protocol, > + IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols, > IN EFI_PHYSICAL_ADDRESS ImageAddress, > IN UINTN ImageSize, > IN UINTN LinkTimeBase, > @@ -300,9 +425,22 @@ Tcg2MeasurePeImage ( > EFI_IMAGE_LOAD_EVENT *ImageLoad; > UINT32 FilePathSize; > UINT32 EventSize; > + EFI_CC_EVENT *CcEvent; > + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol; > + EFI_TCG2_PROTOCOL *Tcg2Protocol; >=20 > Status =3D EFI_UNSUPPORTED; > ImageLoad =3D NULL; > + CcEvent =3D NULL; > + > + Tcg2Protocol =3D MeasureBootProtocols->Tcg2Protocol; > + CcProtocol =3D MeasureBootProtocols->CcProtocol; > + > + if (Tcg2Protocol =3D=3D NULL && CcProtocol =3D=3D NULL) { > + ASSERT (FALSE); > + return EFI_UNSUPPORTED; > + } > + > FilePathSize =3D (UINT32) GetDevicePathSize (FilePath); >=20 > // > @@ -334,7 +472,7 @@ Tcg2MeasurePeImage ( > break; > default: > DEBUG (( > - EFI_D_ERROR, > + DEBUG_ERROR, > "Tcg2MeasurePeImage: Unknown subsystem type %d", > ImageType > )); > @@ -352,28 +490,125 @@ Tcg2MeasurePeImage ( > // > // Log the PE data > // > - Status =3D Tcg2Protocol->HashLogExtendEvent ( > - Tcg2Protocol, > - PE_COFF_IMAGE, > - ImageAddress, > - ImageSize, > - Tcg2Event > - ); > - if (Status =3D=3D EFI_VOLUME_FULL) { > - // > - // Volume full here means the image is hashed and its result is exte= nded to > PCR. > - // But the event log can't be saved since log area is full. > - // Just return EFI_SUCCESS in order not to block the image load. > - // > - Status =3D EFI_SUCCESS; > + if (Tcg2Protocol !=3D NULL) { > + Status =3D Tcg2Protocol->HashLogExtendEvent ( > + Tcg2Protocol, > + PE_COFF_IMAGE, > + ImageAddress, > + ImageSize, > + Tcg2Event > + ); > + if (Status =3D=3D EFI_VOLUME_FULL) { > + // > + // Volume full here means the image is hashed and its result is ex= tended to > PCR. > + // But the event log can't be saved since log area is full. > + // Just return EFI_SUCCESS in order not to block the image load. > + // > + Status =3D EFI_SUCCESS; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Tcg2 > MeasurePeImage - %r\n", Status)); > + > + } else if (CcProtocol !=3D NULL) { > + > + Status =3D CreateCcEventFromTcg2Event (CcProtocol, Tcg2Event, EventS= ize, > &CcEvent); > + if (EFI_ERROR (Status)) { > + goto Finish; > + } > + > + Status =3D CcProtocol->HashLogExtendEvent ( > + CcProtocol, > + PE_COFF_IMAGE, > + ImageAddress, > + ImageSize, > + CcEvent > + ); > + if (Status =3D=3D EFI_VOLUME_FULL) { > + // > + // Volume full here means the image is hashed and its result is ex= tended to > PCR. > + // But the event log can't be saved since log area is full. > + // Just return EFI_SUCCESS in order not to block the image load. > + // > + Status =3D EFI_SUCCESS; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Cc > MeasurePeImage - %r\n", Status)); > } >=20 > Finish: > - FreePool (Tcg2Event); > + if (Tcg2Event !=3D NULL) { > + FreePool (Tcg2Event); > + } > + > + if (CcEvent !=3D NULL) { > + FreePool (CcEvent); > + } >=20 > return Status; > } >=20 > +/** > + Get the measure boot protocols. > + > + There are 2 measure boot, TCG2 protocol based and Cc measurement > protocol based. > + > + @param MeasureBootProtocols Pointer to the located measure boot > protocol instances. > + > + @retval EFI_SUCCESS Sucessfully locate the measure boot prot= ocol > instances (at least one instance). > + @retval EFI_UNSUPPORTED Measure boot is not supported. > +**/ > +EFI_STATUS > +EFIAPI > +GetMeasureBootProtocols ( > + MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols > + ) > +{ > + EFI_STATUS Status; > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol; > + EFI_TCG2_BOOT_SERVICE_CAPABILITY Tcg2ProtocolCapability; > + EFI_CC_BOOT_SERVICE_CAPABILITY CcProtocolCapability; > + > + CcProtocol =3D NULL; > + Status =3D gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, > (VOID **) &CcProtocol); > + if (EFI_ERROR (Status)) { > + // > + // Cc Measurement protocol is not installed. > + // > + DEBUG ((DEBUG_VERBOSE, "CcMeasurementProtocol is not installed. - > %r\n", Status)); > + } else { > + ZeroMem (&CcProtocolCapability, sizeof (CcProtocolCapability)); > + CcProtocolCapability.Size =3D sizeof (CcProtocolCapability); > + Status =3D CcProtocol->GetCapability (CcProtocol, &CcProtocolCapabil= ity); > + if (EFI_ERROR (Status) || CcProtocolCapability.CcType.Type =3D=3D > EFI_CC_TYPE_NONE) { > + DEBUG ((DEBUG_ERROR, " CcProtocol->GetCapability returns : %x, %r\= n", > CcProtocolCapability.CcType.Type, Status)); > + CcProtocol =3D NULL; > + } > + } > + > + Tcg2Protocol =3D NULL; > + Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) > &Tcg2Protocol); > + if (EFI_ERROR (Status)) { > + // > + // Tcg2 protocol is not installed. So, TPM2 is not present. > + // > + DEBUG ((DEBUG_VERBOSE, "Tcg2Protocol is not installed. - %r\n", Stat= us)); > + } else { > + Tcg2ProtocolCapability.Size =3D (UINT8) sizeof (Tcg2ProtocolCapabili= ty); > + Status =3D Tcg2Protocol->GetCapability (Tcg2Protocol, > &Tcg2ProtocolCapability); > + if (EFI_ERROR (Status) || (!Tcg2ProtocolCapability.TPMPresentFlag)) = { > + // > + // TPM device doesn't work or activate. > + // > + DEBUG ((DEBUG_ERROR, "TPMPresentFlag=3DFALSE %r\n", Status)); > + Tcg2Protocol =3D NULL; > + } > + } > + > + MeasureBootProtocols->Tcg2Protocol =3D Tcg2Protocol; > + MeasureBootProtocols->CcProtocol =3D CcProtocol; > + > + return (Tcg2Protocol =3D=3D NULL && CcProtocol =3D=3D NULL) ? EFI_UNSU= PPORTED: > EFI_SUCCESS; > +} > + > /** > The security handler is used to abstract platform-specific policy > from the DXE core response to an attempt to use a file that returns a > @@ -422,9 +657,8 @@ DxeTpm2MeasureBootHandler ( > IN BOOLEAN BootPolicy > ) > { > - EFI_TCG2_PROTOCOL *Tcg2Protocol; > + MEASURE_BOOT_PROTOCOLS MeasureBootProtocols; > EFI_STATUS Status; > - EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; > EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; > EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode; > EFI_HANDLE Handle; > @@ -435,28 +669,23 @@ DxeTpm2MeasureBootHandler ( > EFI_PHYSICAL_ADDRESS FvAddress; > UINT32 Index; >=20 > - Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) > &Tcg2Protocol); > + MeasureBootProtocols.Tcg2Protocol =3D NULL; > + MeasureBootProtocols.CcProtocol =3D NULL; > + > + Status =3D GetMeasureBootProtocols(&MeasureBootProtocols); > + > if (EFI_ERROR (Status)) { > // > - // Tcg2 protocol is not installed. So, TPM2 is not present. > + // None of Measured boot protocols (Tcg2, Cc) is installed. > // Don't do any measurement, and directly return EFI_SUCCESS. > // > - DEBUG ((EFI_D_VERBOSE, "DxeTpm2MeasureBootHandler - Tcg2 - %r\n", > Status)); > + DEBUG ((DEBUG_INFO, "None of Tcg2Protocol/CcMeasurementProtocol is > installed.\n")); > return EFI_SUCCESS; > } >=20 > - ProtocolCapability.Size =3D (UINT8) sizeof (ProtocolCapability); > - Status =3D Tcg2Protocol->GetCapability ( > - Tcg2Protocol, > - &ProtocolCapability > - ); > - if (EFI_ERROR (Status) || (!ProtocolCapability.TPMPresentFlag)) { > - // > - // TPM device doesn't work or activate. > - // > - DEBUG ((EFI_D_ERROR, "DxeTpm2MeasureBootHandler (%r) - > TPMPresentFlag - %x\n", Status, ProtocolCapability.TPMPresentFlag)); > - return EFI_SUCCESS; > - } > + DEBUG ((DEBUG_INFO, "Tcg2Protocol =3D %p, TdProtocol =3D %p\n", > + MeasureBootProtocols.Tcg2Protocol, > + MeasureBootProtocols.CcProtocol)); >=20 > // > // Copy File Device Path > @@ -502,8 +731,8 @@ DxeTpm2MeasureBootHandler ( > // > // Measure GPT disk. > // > - Status =3D Tcg2MeasureGptTable (Tcg2Protocol, Handle); > - DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - > Tcg2MeasureGptTable - %r\n", Status)); > + Status =3D Tcg2MeasureGptTable (&MeasureBootProtocols, Handl= e); > + > if (!EFI_ERROR (Status)) { > // > // GPT disk check done. > @@ -647,14 +876,13 @@ DxeTpm2MeasureBootHandler ( > // Measure PE image into TPM log. > // > Status =3D Tcg2MeasurePeImage ( > - Tcg2Protocol, > + &MeasureBootProtocols, > (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, > FileSize, > (UINTN) ImageContext.ImageAddress, > ImageContext.ImageType, > DevicePathNode > ); > - DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - > Tcg2MeasurePeImage - %r\n", Status)); > } >=20 > // > @@ -665,7 +893,7 @@ Finish: > FreePool (OrigDevicePathNode); > } >=20 > - DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - %r\n", Status)); > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - %r\n", Status)); >=20 > return Status; > } > diff --git > a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > index 2506abbe7c8b..6dca79a20c93 100644 > --- > a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > +++ > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > @@ -1,5 +1,5 @@ > ## @file > -# Provides security service for TPM 2.0 measured boot > +# Provides security service for TPM 2.0 measured boot and Confidential > Computing measure boot. > # > # Spec Compliance Info: > # "TCG PC Client Platform Firmware Profile Specification for TPM Fami= ly 2.0 > Level 00 Revision 1.03 v51" > @@ -61,6 +61,7 @@ >=20 > [Protocols] > gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES > + gEfiCcMeasurementProtocolGuid ## SOMETIMES_CONSUMES > gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES > gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES > gEfiDiskIoProtocolGuid ## SOMETIMES_CONSUMES > -- > 2.29.2.windows.2