From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Xu, Min M" <min.m.xu@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
"Liu, Zhiguang" <zhiguang.liu@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
Sami Mujawar <sami.mujawar@arm.com>,
"Gerd Hoffmann" <kraxel@redhat.com>
Subject: Re: [PATCH V4 3/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib
Date: Tue, 2 Nov 2021 06:24:58 +0000 [thread overview]
Message-ID: <PH0PR11MB4885FBAED69019817BCAD7588C8B9@PH0PR11MB4885.namprd11.prod.outlook.com> (raw)
In-Reply-To: <44a80d4605e02dcf5fed85c5669aedbff3a283a1.1635818903.git.min.m.xu@intel.com>
May I know which platform you have run the test?
I think we need cover both TD and TPM in real platform.
> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Tuesday, November 2, 2021 10:51 AM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Sami Mujawar
> <sami.mujawar@arm.com>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: [PATCH V4 3/3] SecurityPkg: Support CcMeasurementProtocol in
> DxeTpmMeasurementLib
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
>
> DxeTpmMeasurementLib supports TPM based measurement in DXE phase.
> After CcMeasurementProtocol is introduced, CC based measurement needs
> to be supported in DxeTpmMeasurementLib as well.
>
> In TpmMeasureAndLogData, CC based measurement will be first called.
> If it failed, TPM based measurement will be called sequentially.
> Currently there is an assumption that CC based measurement and
> TPM based measurement won't be exist at the same time.If the
> assumption is not true in the future, we will revisit here then.
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
> .../DxeTpmMeasurementLib.c | 91 ++++++++++++++++++-
> .../DxeTpmMeasurementLib.inf | 9 +-
> 2 files changed, 92 insertions(+), 8 deletions(-)
>
> diff --git
> a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> index 061136ee7860..2ddb9033a0d5 100644
> --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
> @@ -1,5 +1,6 @@
> /** @file
> - This library is used by other modules to measure data to TPM.
> + This library is used by other modules to measure data to TPM and Confidential
> + Computing (CC) measure registers.
>
> Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -19,8 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #include <Guid/Acpi.h>
> #include <IndustryStandard/Acpi.h>
> -
> -
> +#include <Protocol/CcMeasurement.h>
>
> /**
> Tpm12 measure and log data, and extend the measurement result into a
> specific PCR.
> @@ -149,6 +149,73 @@ Tpm20MeasureAndLogData (
> return Status;
> }
>
> +/**
> + Cc measure and log data, and extend the measurement result into a
> + specific CC MR.
> +
> + @param[in] PcrIndex PCR Index.
> + @param[in] EventType Event type.
> + @param[in] EventLog Measurement event log.
> + @param[in] LogLen Event log length in bytes.
> + @param[in] HashData The start of the data buffer to be hashed,
> extended.
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData
> +
> + @retval EFI_SUCCESS Operation completed successfully.
> + @retval EFI_UNSUPPORTED Tdx device not available.
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +CcMeasureAndLogData (
> + IN UINT32 PcrIndex,
> + IN UINT32 EventType,
> + IN VOID *EventLog,
> + IN UINT32 LogLen,
> + IN VOID *HashData,
> + IN UINT64 HashDataLen
> + )
> +{
> + EFI_STATUS Status;
> + EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
> + EFI_CC_EVENT *EfiCcEvent;
> + UINT32 MrIndex;
> +
> + Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL,
> (VOID **) &CcProtocol);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);
> + if (EFI_ERROR (Status)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + EfiCcEvent = (EFI_CC_EVENT *) AllocateZeroPool (LogLen + sizeof
> (EFI_CC_EVENT));
> + if(EfiCcEvent == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + EfiCcEvent->Size = (UINT32) LogLen + sizeof (EFI_CC_EVENT) - sizeof
> (EfiCcEvent->Event);
> + EfiCcEvent->Header.HeaderSize = sizeof (EFI_CC_EVENT_HEADER);
> + EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
> + EfiCcEvent->Header.MrIndex = MrIndex;
> + EfiCcEvent->Header.EventType = EventType;
> + CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);
> +
> + Status = CcProtocol->HashLogExtendEvent (
> + CcProtocol,
> + 0,
> + (EFI_PHYSICAL_ADDRESS) (UINTN) HashData,
> + HashDataLen,
> + EfiCcEvent
> + );
> + FreePool (EfiCcEvent);
> +
> + return Status;
> +}
> +
> +
> /**
> Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> @@ -178,9 +245,9 @@ TpmMeasureAndLogData (
> EFI_STATUS Status;
>
> //
> - // Try to measure using Tpm20 protocol
> + // Try to measure using Cc measurement protocol
> //
> - Status = Tpm20MeasureAndLogData(
> + Status = CcMeasureAndLogData (
> PcrIndex,
> EventType,
> EventLog,
> @@ -189,6 +256,20 @@ TpmMeasureAndLogData (
> HashDataLen
> );
>
> + if (EFI_ERROR (Status)) {
> + //
> + // Try to measure using Tpm20 protocol
> + //
> + Status = Tpm20MeasureAndLogData(
> + PcrIndex,
> + EventType,
> + EventLog,
> + LogLen,
> + HashData,
> + HashDataLen
> + );
> + }
> +
> if (EFI_ERROR (Status)) {
> //
> // Try to measure using Tpm1.2 protocol
> diff --git
> a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> index 7d41bc41f95d..3af3d4e33b25 100644
> --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> +++
> b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> @@ -1,5 +1,7 @@
> ## @file
> -# Provides TPM measurement functions for TPM1.2 and TPM 2.0
> +# Provides below measurement functions:
> +# 1. TPM measurement functions for TPM1.2 and TPM 2.0
> +# 2. Confidential Computing (CC) measurement functions
> #
> # This library provides TpmMeasureAndLogData() to measure and log data, and
> # extend the measurement result into a specific PCR.
> @@ -40,5 +42,6 @@
> UefiBootServicesTableLib
>
> [Protocols]
> - gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
> - gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiCcMeasurementProtocolGuid ## SOMETIMES_CONSUMES
> --
> 2.29.2.windows.2
next prev parent reply other threads:[~2021-11-02 6:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-02 2:50 [PATCH V4 0/3] Introduce CcMeasurementProtocol into EDK2 Min Xu
2021-11-02 2:50 ` [PATCH V4 1/3] MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware Min Xu
2021-11-02 6:24 ` Yao, Jiewen
2021-11-02 9:41 ` Sami Mujawar
2021-11-04 5:51 ` 回复: " gaoliming
2021-11-04 12:35 ` [edk2-devel] " Min Xu
2021-11-05 5:20 ` 回复: " gaoliming
2021-11-05 6:22 ` Min Xu
2021-11-02 2:50 ` [PATCH V4 2/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib Min Xu
2021-11-02 6:24 ` Yao, Jiewen
2021-11-03 2:59 ` Min Xu
2021-11-02 9:43 ` Sami Mujawar
2021-11-05 2:12 ` [edk2-devel] " Min Xu
2021-11-02 2:50 ` [PATCH V4 3/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib Min Xu
2021-11-02 6:24 ` Yao, Jiewen [this message]
2021-11-03 3:01 ` Min Xu
2021-11-02 9:45 ` Sami Mujawar
2021-11-04 8:20 ` Gerd Hoffmann
2021-11-04 13:35 ` [edk2-devel] " Min Xu
2021-11-04 13:49 ` Min Xu
2021-11-04 14:18 ` Sami Mujawar
2021-11-04 14:25 ` Yao, Jiewen
2021-11-05 2:15 ` Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB4885FBAED69019817BCAD7588C8B9@PH0PR11MB4885.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox