From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web10.21317.1639228137939416724
 for <devel@edk2.groups.io>;
 Sat, 11 Dec 2021 05:09:05 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired" header.i=@intel.com header.s=intel header.b=mg6X2NNy;
 spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1639228144; x=1670764144;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=k403idkHtYpJEFtyD9Jqj27KDD4ZERtwr8HNWJDc5+I=;
  b=mg6X2NNynoQvADMDtEm8dyuvECkHoLkh0SkX9De3eVhJpzPeWOeAl0JB
   o9dG7EFnwvwk4YHRlMpHmKhmfbyJIWYLyWbi7TF7lPUAVsHbDiYoOACqV
   laHBQ7d5ewj3s0IhGVwn0IvWhJMOxEMcipART2TVZInlSl+fOuLiaIVsD
   INVskwC/de74s3P0jEE/kgaSCMR6iR5u6WHKVwzBSLLbZgJ5fSbRsL0Bb
   J73NuqtX5JIHVxcQHUk62UHKaFJpRzd+oQhX41/8+0juGgf8La83UN+1X
   VLtC1G1znUY+zkoIcU1dMCp9v7TgnUPVbcdTPUUzfATSzdn6O2oqiDhvM
   g==;
X-IronPort-AV: E=McAfee;i="6200,9189,10194"; a="324799261"
X-IronPort-AV: E=Sophos;i="5.88,198,1635231600"; 
   d="scan'208";a="324799261"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Dec 2021 05:09:04 -0800
X-IronPort-AV: E=Sophos;i="5.88,198,1635231600"; 
   d="scan'208";a="517141152"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.30.197])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Dec 2021 05:09:02 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH V7 3/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib
Date: Sat, 11 Dec 2021 21:08:42 +0800
Message-Id: <a621c4df2c0d032e639b617017448f26bf1bc3a4.1639225842.git.min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
In-Reply-To: <cover.1639225842.git.min.m.xu@intel.com>
References: <cover.1639225842.git.min.m.xu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625

DxeTpmMeasurementLib supports TPM based measurement in DXE phase.
After CcMeasurementProtocol is introduced, CC based measurement needs
to be supported in DxeTpmMeasurementLib as well.

A platform should have only one RTS/RTR. Only one of (virtual)TPM1.2,
(virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL,
TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed.

In this library when do measurement only one of above 3 protocols will
be called.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 .../DxeTpmMeasurementLib.c                    | 122 +++++++++++++++---
 .../DxeTpmMeasurementLib.inf                  |   9 +-
 2 files changed, 111 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
index d014ea4aec08..6f287b31fc77 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@@ -1,5 +1,6 @@
 /** @file
-  This library is used by other modules to measure data to TPM.
+  This library is used by other modules to measure data to TPM and Confidential
+  Computing (CC) measure registers.
 
 Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -19,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #include <Guid/Acpi.h>
 #include <IndustryStandard/Acpi.h>
+#include <Protocol/CcMeasurement.h>
 
 /**
   Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@@ -35,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
   @retval EFI_OUT_OF_RESOURCES  Out of memory.
   @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
 **/
+STATIC
 EFI_STATUS
 Tpm12MeasureAndLogData (
   IN UINT32  PcrIndex,
@@ -101,6 +104,7 @@ Tpm12MeasureAndLogData (
   @retval EFI_OUT_OF_RESOURCES  Out of memory.
   @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
 **/
+STATIC
 EFI_STATUS
 Tpm20MeasureAndLogData (
   IN UINT32  PcrIndex,
@@ -147,6 +151,73 @@ Tpm20MeasureAndLogData (
   return Status;
 }
 
+/**
+  Cc measure and log data, and extend the measurement result into a
+  specific CC MR.
+
+  @param[in]  CcProtocol       Instance of CC measurement protocol
+  @param[in]  PcrIndex         PCR Index.
+  @param[in]  EventType        Event type.
+  @param[in]  EventLog         Measurement event log.
+  @param[in]  LogLen           Event log length in bytes.
+  @param[in]  HashData         The start of the data buffer to be hashed, extended.
+  @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_UNSUPPORTED       CC guest not available.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+  @retval EFI_INVALID_PARAMETER The input parameter is invalid.
+**/
+STATIC
+EFI_STATUS
+CcMeasureAndLogData (
+  IN EFI_CC_MEASUREMENT_PROTOCOL  *CcProtocol,
+  IN UINT32                       PcrIndex,
+  IN UINT32                       EventType,
+  IN VOID                         *EventLog,
+  IN UINT32                       LogLen,
+  IN VOID                         *HashData,
+  IN UINT64                       HashDataLen
+  )
+{
+  EFI_STATUS       Status;
+  EFI_CC_EVENT     *EfiCcEvent;
+  EFI_CC_MR_INDEX  MrIndex;
+
+  if (CcProtocol == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  EfiCcEvent = (EFI_CC_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_CC_EVENT));
+  if (EfiCcEvent == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  EfiCcEvent->Size                 = (UINT32)LogLen + sizeof (EFI_CC_EVENT) - sizeof (EfiCcEvent->Event);
+  EfiCcEvent->Header.HeaderSize    = sizeof (EFI_CC_EVENT_HEADER);
+  EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
+  EfiCcEvent->Header.MrIndex       = MrIndex;
+  EfiCcEvent->Header.EventType     = EventType;
+  CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);
+
+  Status = CcProtocol->HashLogExtendEvent (
+                         CcProtocol,
+                         0,
+                         (EFI_PHYSICAL_ADDRESS)(UINTN)HashData,
+                         HashDataLen,
+                         EfiCcEvent
+                         );
+  FreePool (EfiCcEvent);
+
+  return Status;
+}
+
 /**
   Tpm measure and log data, and extend the measurement result into a specific PCR.
 
@@ -173,25 +244,16 @@ TpmMeasureAndLogData (
   IN UINT64  HashDataLen
   )
 {
-  EFI_STATUS  Status;
+  EFI_STATUS                   Status;
+  EFI_CC_MEASUREMENT_PROTOCOL  *CcProtocol;
 
-  //
-  // Try to measure using Tpm20 protocol
-  //
-  Status = Tpm20MeasureAndLogData (
-             PcrIndex,
-             EventType,
-             EventLog,
-             LogLen,
-             HashData,
-             HashDataLen
-             );
-
-  if (EFI_ERROR (Status)) {
+  Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&CcProtocol);
+  if (!EFI_ERROR (Status)) {
     //
-    // Try to measure using Tpm1.2 protocol
+    // Try to measure using Cc measurement protocol
     //
-    Status = Tpm12MeasureAndLogData (
+    Status = CcMeasureAndLogData (
+               CcProtocol,
                PcrIndex,
                EventType,
                EventLog,
@@ -199,6 +261,32 @@ TpmMeasureAndLogData (
                HashData,
                HashDataLen
                );
+  } else {
+    //
+    // Try to measure using Tpm20 protocol
+    //
+    Status = Tpm20MeasureAndLogData (
+               PcrIndex,
+               EventType,
+               EventLog,
+               LogLen,
+               HashData,
+               HashDataLen
+               );
+
+    if (EFI_ERROR (Status)) {
+      //
+      // Try to measure using Tpm1.2 protocol
+      //
+      Status = Tpm12MeasureAndLogData (
+                 PcrIndex,
+                 EventType,
+                 EventLog,
+                 LogLen,
+                 HashData,
+                 HashDataLen
+                 );
+    }
   }
 
   return Status;
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
index 7d41bc41f95d..3af3d4e33b25 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
@@ -1,5 +1,7 @@
 ## @file
-#  Provides TPM measurement functions for TPM1.2 and TPM 2.0
+#  Provides below measurement functions:
+#    1. TPM measurement functions for TPM1.2 and TPM 2.0
+#    2. Confidential Computing (CC) measurement functions
 #
 #  This library provides TpmMeasureAndLogData() to measure and log data, and
 #  extend the measurement result into a specific PCR.
@@ -40,5 +42,6 @@
   UefiBootServicesTableLib
 
 [Protocols]
-  gEfiTcgProtocolGuid           ## SOMETIMES_CONSUMES
-  gEfiTcg2ProtocolGuid          ## SOMETIMES_CONSUMES
+  gEfiTcgProtocolGuid               ## SOMETIMES_CONSUMES
+  gEfiTcg2ProtocolGuid              ## SOMETIMES_CONSUMES
+  gEfiCcMeasurementProtocolGuid     ## SOMETIMES_CONSUMES
-- 
2.29.2.windows.2